Ending State’s bifurcation cyber offices needs to be near top of next CIO’s to-do list

When it came to reforming information technology management, the State Department found itself near the bottom with 15 other agencies back in 2015. State earned a “D” on the first Federal IT Acquisition Reform Act or FITARA scorecard.

Two years later, State was one of four agencies to improve their rating when the most recent grades came out in November.

Frontis Wiggins was the State Department’s chief information officer until he retired on Dec. 8.

Frontis Wiggins, who recently retired after 32 years in the State Department, including the last 18 months as the agency’s chief information officer, said FITARA is helping State transform how it talks about and implements technology.

Through this approach, State improved its score to a “C-“ in the last scorecard in November.

“We created a FITARA primer. We put out documentation. We held briefings. We held discussions without budget representatives and other corporate partners out there so they understood what the impact would be,” Wiggins said during an exit interview on Ask the CIO. “Then we all pulled together and did an IT inventory and started to look at duplicative licensing and other things.”

He said the end result of these efforts is a more cohesive approach to IT management.

“Suddenly, we had a lot of interest from other corporate system owners. They wanted to be part of the discussion and wanted to make sure they put their procurements through the capital improvement process,” he said. “It’s really been a huge success because not only did [my office] focus on this, but we educated folks and had them realize it was in their best interest to work together with the CIO’s office to improve the governance of IT.”

Wiggins said the progress made on FITARA is an example of just how far State has come over the last 18 months.

“We built a foundation for a number of things that can now launch off that, especially with the redesign effort the secretary is undertaking,” he said. “We will have the empirical data from the surveys and other things we’ve done, so fact-based and data-based decisions are there. I’m hugely confident that IT in the department will continue to grow and continue to improve because of a lot of the work we’ve put in place.”

Wiggins said he will be joining the private sector but declined to say which company.

At the top of the next CIO’s to-do list is the continued integration of cybersecurity oversight between the Information Resources Management (IRM) office the Diplomatic Security Bureau.

Wiggins said he worked to close the bifurcation of cyber that developed over the last 25 years.

“The way we’ve really tried to approach this as a collegial fashion is we wrote the cybersecurity framework in conjunction with Diplomatic Security. We created the cybersecurity steering committee in conjunction with Diplomatic Security,” he said. “We’ve been talking about the roles and responsibilities and how that would actually work. We have risk management framework related to cybersecurity that we partnered with Diplomatic Security on. The cybersecurity coordination center is partnered with Diplomatic Security foreign affairs to create the joint systems operating center.”

While a lot of these efforts are improving the coordination of the two offices, Wiggins said the relationship remains complex and there is plenty of work to bring both of these cyber organizations closer.

“If I were going to say something to the next CIO, one of the things I would prefer and it would be more efficient is if all cybersecurity responsibility was rolled up into a single authority and my preference would be, and I’m biased, under the CIO’s office instead of the split between diplomatic security and IRM,” he said.

State first defined the relationship between IRM and Diplomatic Security back in the mid-1990s when Colin Powell was secretary of State.

“That was almost pre-internet days and you base your relationship on the present, not the past,” he said. “I think that needs to be dusted off and you have to have the political capital do that and I think the secretary has an opportunity to do that through the IT redesign.”

Wiggins said the historical inertia is one of the major reasons why changing the setup is so difficult.
Under State’s IT redesign — which Wiggins said he could share little about — Secretary Rex Tillerson earlier this year set up a steering committee to oversee working groups, including one focused on the IT redesign.

Tillerson said in November at the Wilson Center that the redesign efforts are employee led.

“The reason we call it a redesign is most of these have to do with work processes internally and work processes with inter-agencies that we should be able to improve the way people get their work done. Some of it is tools and enablement, so things like — we have a really antiquated IT system. I was shocked when I went down to spend an afternoon with the A Bureau, and I said, ‘What’s the one thing I could do?’ And they said, ‘Get us into the cloud.’ And I looked at them. I said, ‘“What do you mean? We’re not in the cloud?’ And they said, ‘No, no. We’re still on all these servers.’ Well, that’s a big cyber risk, first. But it really made it very cumbersome for people, and when I started using my own computer I started realizing just how cumbersome it was,” Tillerson said. “So a lot of the projects that have been identified out of the redesign are process redesigns and some enablement for people, and it’s all directed at allowing the people of the State Department to get their work done more effectively, more efficiently, and have a much more satisfying career.”

Wiggins said the next CIO’s to-do list will include the continued move to the cloud as well as the continued improvements around cybersecurity, data center consolidation and enable mobility for the workforce so they are not tied to the desktop.

“The last thing the CIO should work on, and this maybe the most important, is creating a customer relationship office or customer requirements office. We talked about doing this and were preparing to launch it, but it was put on hold with the IT redesign,” he said. “That’s the lynchpin because it always gets back to the customer’s requirements and having a single point of contact and office to walk them through an alternative analysis and other things that also will make them willing partners so you reduce the shadow IT because they have a single trusted source to come to.”