As the US and the world moves into the second year of fighting the COVID-19 pandemic, the application of information technology to solving health issues has never been more important. The data about where cases are appearing and the current distribution numbers for vaccines have been translated into many dashboards that are providing a window into the current state of the battle. IT has also been a critical factor in user centered design for interacting with doctors, getting appointments for treatments or vaccines and arranging telehealth appointments for standard healthcare.
With aging IT infrastructure, outdated job classification system and a greying government workforce, agency executive and human capital officers face a trifecta of challenges in the years ahead. Soaring demand for cybersecurity experts and data scientists are just two examples of the newer professional specialists that the government is struggling to hire. With the rise of vaccinated workers, questions have arisen about the reopening of federal offices across the country and whether a hybrid workweek would be appropriate.
The Continuous Diagnostic and Mitigation (CDM) program has matured and broadened its offerings and full deployment of agency dashboards is on the horizon. In the last year, however, ominous high profile breaches in commercial and critical infrastructure networks have highlighted the continued importance of strong cybersecurity across federal networks.
For government cybersecurity executives, the mission to detect and eliminate intrusions on their expanding digital networks has always been a fluid exercise. As the pandemic pushed agencies to remote work, they leaned on cloud computing, mobile and remote access capabilities, and the attack surface expanded as a result. Determined nation-state and criminal adversaries, armed with increasingly sophisticated techniques, have increased the stakes. A government-wide breach in 2020 put new emphasis on supply chain threats, illustrating that perimeter defenses are no longer enough as adversaries exploit less-visible vulnerabilities. Tying down protections for government acquisition processes and infrastructure, and rethinking security tools, services and processes are crucial to counter these threats.
Digital transformation is a holistic re-imagining of how companies, governments and organizations use technology, people and processes to deliver services or perform their mission. The federal sector has been pursuing digital transformation for years through various avenues, including IT modernization, in an effort to replace inefficient, creaky legacy systems with more powerful, agile, interoperable and efficient technologies. These new systems are the foundation for transformative services and processes that break through agency silos and encourage closer collaboration across operations. That quest accelerated in the last year as agencies such as the Small Business Administration, the Internal Revenue Service and the U.S. Post Office rapidly developed and deployed new public-facing web services and resources to support pandemic remote work and relief efforts.
Emerging technologies have always offered the promise of better, faster, cheaper processing and problem solving, but they also bring a host of challenges with them, from security and operational issues to privacy concerns. The past year has also shown that necessity remains the mother of invention, as agencies moved to adapt technology to remote workplace models, as well as roll out new services and capabilities demanded by the pandemic.
As the Department of Defense (DoD) continues to roll out its Cybersecurity Maturity Model Certification (CMMC) program, both government acquisition professionals and the contracting community are working to understand and implement the certification requirements. A change to Defense acquisition rules last November kicked off new requirements for self-certification on security, strategy plans and reporting milestones. The General Services Administration also began including CMMC certification as a requirement in upcoming contracts, and DoD indicated it would offer CMMC reciprocity to FedRAMP authorized cloud providers to help mitigate the costs of new assessments.
As the global pandemic continues and countries wait for a vaccine, estimates about when federal employees will return to their offices in force vary. Many organizations have discovered the advantages of telework and now plan on expanding its use. Although some jobs require on-site personnel, OPM said that 42% of federal employees are classified as eligible for telework, but only 22% actually participated pre-COVID-19. Now agencies are looking at the lessons from the past year and are preparing plans to address challenges such as technology equality, effective management, metrics to measure employee effectiveness and fostering collaboration in a distributed work world.