67.4 F
Washington D.C.
Tuesday, October 3, 2023

GTSC’s FITGov Summit 2023: Governance and Risk – How Much Is ‘Just Right’?

With the GovCon community focused heavily on technological innovations, the second panel at GTSC's FITGov 2023 Summit shifted focus to important organizational innovations.

Ask whether governance facilitates or stifles innovation, and officials will say “it depends.” But ask whether we can innovate governance, and the answer is, “We need to. And we are.”

The second panel at the Government Technology and Services Coalition’s FITGov 2023 Summit in Tysons, Va., on Wednesday tackled the question of governance and risk. GTSC acquired the FITGov Summit in 2022 and refocused the summit’s mission to bring government the resources and information needed to govern advanced technology before it governs us.

Former Cybersecurity and Infrastructure Security Agency National Risk Management Center Director Bob Kolasky, now a senior vice president at Exiger, moderated the panel and opened with a key observation: “It’s rare to have all the information we’d like to analyze risks. We can bring analytics to bear but a key question remains: How do we innovate mission execution to manage the risks of technologies we deploy?”

Former Office of Personnel Management Innovation Labs Director Stephanie Wade replied that “constraints are the mother of innovation.”

If we “harness constraints we can make government work better and faster through innovation, especially when we can bring it from the commercial back to government,” said Wade, founder and CEO of Ascendant and former leader of innovation at Bloomberg. The important question is, “How and to what end?”

Protiviti Managing Director for Technology, Media, and Telecommunications Christine Halvorsen, a FITGov Summit Board Member and former deputy assistant director in the FBI’s Counterterrorism Division, described what it was like to be a user of the Bureau’s technology, with a squad sharing a single computer. Working from a garage following the 9/11 attacks, “I didn’t have the tools and sometimes had to create them,” she said.

Halvorsen noted that “innovation is happening in pockets, and it’s phenomenal.”

“But how do we spread it?” she continued. “SES in charge of technology think they can’t innovate because ‘If I make a mistake I’ll be in front of Congress.'” But the “fear of making mistakes is as risky as making a mistake.”

Department of Homeland Security Deputy Assistant Secretary for Strategic Initiatives Joel Meyer described the department’s many efforts to innovate mission execution while managing technology risks. The Homeland Security Advisory Council’s Homeland Security Technology and Innovation Network Subcommittee Final Report released on March 16 identifies 17 offices across the department with an innovation function, and makes recommendations for prioritizing technology innovation projects, leveraging best practices, measuring innovation progress, and streamlining acquisition processes for mission-supporting technologies. Meyer also noted that the third Quadrennial Homeland Security Review released in April addresses innovation throughout, and contains a section on emerging technologies.

“Our mission is ever-evolving, and innovation is key,” U.S. Customs and Border Protection Management and Governance Directorate Executive Director Carlene Ileto said.

As the largest law enforcement agency in the country, CBP must “constantly think ahead” as threats change and increase, she noted. CBP uses many technologies from gathering and processing data for better decision making to thermal imaging that detects border crossings so agents can respond quickly and safely. “Mission first, people always,” explained Ileto, emphasizing that innovation supports both.

Pendulum CEO Mark Listes, former chief of staff at the Defense Department’s National Security Innovation Network, said that the innovation “problem” isn’t new, but that basic threats increase day by day. Citing gaps in analysis, access, and intelligence as examples, Listes added that “the only way to deliver national security is to innovate, because innovation is how we do our job better.” He also noted that widespread access to current natural language processing and machine learning models offer “ways to deploy technology at scale,” and make new capabilities “part of everyone’s job without them being everyone’s job.”

Kolasky asked the panel how government should address the following risks without stifling innovation:

  1. Not knowing the best way to buy innovation
  2. Harm to privacy, civil rights, and civil liberties
  3. Moving too fast to bring solutions to execution
  4. The risk of new companies and technologies being fronts for bad guys

Meyer replied that DHS address these kinds of challenges through “a number of policies set up to govern everything from priorities to acquisitions,” plus through committees and councils he sits on – a joint requirements council, an innovation R&D council, non-traditional performers, the Silicon Valley Innovation Program, and the acquisition review board. “Do these facilitate or stifle innovation? It varies,” he said. “What we need to do is identify strategic objectives and see if processes deliver on them.”

From an operational perspective, Ileto added that it’s critical to “focus on what it is you are truly delivering.”

“Another rule, another guidance, another standard, another policy – we need them in place to deliver appropriately,” she said, adding that at the same time we can’t lose sight of what we’re delivering and why.

Halvorsen was asked if it was appropriate for government officials to take personal risks in technology implementation. “Government is in a weird position with new technology,” she observed. “We want to use it but have to defend against it.”

“Execs are fearful because they don’t understand the technologies,” Halvorsen added. “So if you believe in something you make that personal sacrifice. Man in the arena. You have to get dirty.”

Kolasky asked how culture fits in, and Wade replied that “in my experience that starts at the top.”

“Government organizations have innovation sparks in the junior and middle levels, but it never works if it’s not supported at the top,” she said. “But co-created from top and bottom, not dictated.” Wade added, “Innovation can reduce risks but that takes governance. In government, we have to balance making and breaking things. How? Not with governance from on high, but governance with.”

Kolasky asked about the risks of selling into the government, and Listes noted that “the biggest risk is time – time to procurement and time to understanding.”

“That means the clarity of a problem to be solved, the resources needed, etc.,” Listes continued. “Early-stage startups need clarity and transparency of risks because the cost of being wrong can be big. Security clearances are a thing, and that’s an example.”

Kolasky added, “Everyone finds a way when the need is big enough, and top-down coverage makes a need big, fast.”

“There’s a big tail to making that business decision,” Halvorsen said. “How much will it cost you? Is it worth it? Is market share there?” She added that organizational culture is also a factor. “You could roll out the greatest solution ever but if you do not change the structure behind what that solution fixes your adoption will go slow and not grow.”

Meyer stressed that “we don’t want strategy to be a doorstop – we want it to guide decisions of the department.”

“This is how you define success,” he said. “Is the department doing things differently, doing new things, because of the strategy? Publishing the strategy isn’t the thing. Actions are.”

As an example, Meyer noted that a new health authority had been created to deal with emerging infectious diseases coming across the border, and that a new sixth mission – fighting human trafficking and child exploitation – was added in the Quadrennial Homeland Security Review. The idea is to “manifest a strategy document in operations.”

“We see the strategy as a permission structure to turn personal risk into mission risk, if done right,” Meyer said.

With the GovCon community focused heavily on technological innovations, the second panel at GTSC’s FITGov 2023 Summit shifted focus to important organizational innovations. Governance-with. Top-down and bottom-up innovation. Converting individual risk into organizational risk.

There might be no single way to say how much governance and risk is “just right.” But panelists’ experience highlighted the kinds of conversations government can use to answer the question and position itself to govern advanced technology, not be governed by it.

Stay tuned for more coverage of the FITGov Summit 2023 here at HSToday

GTSC’s FITGov Summit 2023: Governing Advanced Technology Before It Governs Us

GTSC’s FITGov Summit 2023: Procurement Pros Know the Recipe to Advance IT Innovations

GTSC’s FITGov Summit 2023: Asking the Right Questions to Improve Governance of Innovation

GTSC’s FITGov Summit 2023: Best Practices from Current Models to Govern Centers of Excellence

Lou Kerestesy
Lou Kerestesy has spent 40 years helping people getting on the same page to meet their mission. Lou began his career working for local government in Portage County, Ohio, and then USEPA in Washington, DC. He’s owned a technology company, been an exec in a management consulting firm and energy management company, and been an independent consultant to government and industry. In various roles Lou has led strategic planning, program evaluation, change management, continuous improvement, corporate culture, designed and delivered services, managed corporate finances, and wrote (many) proposals. Today, Lou coaches leaders and teams in collaboration, communication, and conflict resolution techniques to get on the same page, quickly. Lou has a liberal arts undergraduate degree from Kent State University, and an MS in Conflict Analysis and Resolution from George Mason University.

Related Articles

Latest Articles