NIST SP 800-137

Matt McLaughlin

Driving down costs while meeting users’ needs is one of the major challenges of federal IT. Commerce Department CIO Simon Szykman is finding a variety of ways to meet this challenge.

Szykman took over the department’s CIO position in May 2010, after having served for three years as the CIO of the National Institute of Standards and Technology within Commerce.

During his years in federal IT, which began as a member of the technical staff at NIST, Szykman also worked for the National Coordination Office for Networking and IT Research and Development, the White House Office of Science and Technology Policy and the Homeland Security Department.

Szykman spoke with FedTech managing editor Matt McLaughlin about how Commerce is meeting its numerous IT challenges.

FEDTECH: Commerce last year said it hoped to save around $50 million in IT spending. What have been the results of that effort?

SZYKMAN: So far the results have been quite positive. That $50 million target was established by our chief financial officer for administrative savings, so it was broader than just IT. It included a variety of other savings approaches. But within the context of IT, we are on track for several of the initiatives that we have put in place.

We have established a single contract for purchasing PCs, and we are ­improving our utilization and the effectiveness of our mobile phone management for both the devices and the plans that we have in place. We also have an initiative focusing on print management and efficiencies. We are projecting savings for those initiatives of about $11 million by the end of the fiscal year.

We also have additional savings that weren’t counted in that total, resulting from data center consolidation, of about $1.7 million this year. And we have a variety of additional initiatives that we’re currently looking at, more in the planning stage, for purchasing certain types of software and hardware here at the department.

FEDTECH: How is Commerce dealing with the different possibilities and demands that mobile computing brings?

SZYKMAN: We’re currently still in early stages of planning our departmentwide mobility strategy, and we are heavily focused on developing a strategy that is in fact departmentwide. It’s a relatively new type of technology, and we found ourselves facing a pretty much open field in terms of the options available to us for implementing mobility.

Because this is a new capability, new technologies, we want to avoid building silos in different organizations with different acquisition approaches, different device platforms, different mobile device management services. We have a department working group that’s focused on considering customer needs, requirements and participation from all of our bureaus and helping to formulate a single strategy for the department to move forward with.

FEDTECH: Bring-your-own-device is another big challenge that other agencies are facing. Does the Commerce Department have a strategy for dealing with BYOD?

SZYKMAN: At this point, we don’t have a strategy. I view the Commerce Department as being definitely interested but probably not one of the leaders in BYOD. I think we’re probably going to wait and see what emerges in the way of governmentwide policies, see what other agencies are doing and learn from that before we move quickly into that area.

I think BYOD is one of those areas where some of the major challenges are not technology challenges but really administrative, legal and policy challenges having to do with records management, compliance with the Freedom of Information Act and the ability of the government to impose policy and security measures on personally owned devices. So a lot of the issues that need to be addressed are things that go beyond just the technology itself.

FEDTECH: What progress has Commerce made on the Federal Data Center Consolidation Initiative?

SZYKMAN: We were definitely in the top couple of plans in a recent Government Accountability Office report that assessed federal agency data center consolidation plans.

We’re actually a little bit ahead of schedule in terms of the data center closures that we had projected. Certainly, we’re still only part way down the road, because it was a five-year plan. And we’re also finding as we dig further into our own infrastructure — assessing at a greater level of detail our own inventory and also dealing with some of the changes in data center definitions coming out of the Office of Management and Budget — that we have more in the way of an inventory than we had originally captured in our first iteration of a plan. So we are also currently updating our plan in order to reflect a better understanding of what our inventory looks like today.

FEDTECH: What security challenges does Commerce face, and how is the department overcoming them?

SZYKMAN: We’ve been working to improve our vulnerability management, patch management, configuration management — the types of controls that are well understood as being essential to a strong security posture.

One of the first priorities I had when I came into this position was to develop a strategic plan for cybersecurity for the department. As a result of the planning that we’ve done — both the technical planning and budget planning — we are conducting an acquisition to put in place a departmentwide continuous monitoring system for cybersecurity. Although we’ve had continuous monitoring at the system level and the bureau level before now, this is going to be the first time that we’re putting in place a departmentwide operational security capability that spans the entire Department of Commerce. We believe that is going to significantly enhance our ability to manage security across the department, our ability to implement security controls and also the visibility that my office has regarding the departmentwide security posture.

FEDTECH: What progress has the department made in meeting the federal cloud computing mandate?

SZYKMAN: We are on track for doing all of the cloud migrations that we had committed to in response to OMB’s cloud migration strategy. We’re looking at cloud really at a variety of different levels. We have some internally focused cloud deployments that are supporting things like service desk management for a help desk ticketing system. One of our other bureaus has already deployed a cloud-based system to support its internal project management activities and its enterprise architecture program.

We also have some larger, more commodity-­type enterprise services that have moved to the cloud. The National Oceanic and Atmospheric Administration, our largest bureau, has moved its e-mail, collaboration and messaging infrastructure out into the cloud. NOAA is supporting its entire bureau population with a cloud-based deployment for e-mail, calendaring and collaboration services. When that contract was put in place, it was one of the largest cloud-based e-mail deployments in the federal government.