recommended reading

Three Things Federal CIOs Say About CIO Authority


Government chief information officers looking to exercise authority wisely can be easily undone -- by senior leaders who don’t understand the value of improved technology, by contracting rules that diminish that value or for a host of other reasons, officials said on Thursday.

The Association for Federal Information Resources Management asked a panel of federal CIOs and other top technology officials to reflect on how the CIO role has changed since it was officially instituted by the 1996 Clinger-Cohen Act and where the role stands today.

Here’s what they said:

CIOs can wield more or less power; It all depends on agency leadership.

“I think the CIO matters as much or as little as the deputy secretary and the secretary and the [chief financial officer] think the CIO matters,” Commerce Department CIO Simone Szykman said. “The actual strength of empowerment in Clinger-Cohen is somewhat limited. So the ability of the CIO to develop a vision and execute that vision comes down largely to the support we get from higher up in the agency leadership.”

But that authority won’t last if CIOs don’t make the most of it.

Karen Evans, national director of the U.S. Cyber Challenge and former e-government administrator during the Bush administration, described attending top agency leadership meetings as Energy Department CIO earlier in her career.

“If I go into that first meeting and it’s death by PowerPoint or I go in and I say here are all the things you can’t do and, by the way, I want control of every budget dollar [for IT] that is in this department, do you think I’m going to be invited back?” Evans asked. “When you get that one shot you’ve got to figure out a way to use it that brings everyone along with you to accomplish the goal.”

But even great ideas and strong support from on top can be undone by inefficiencies.

“The reality is you can’t lead what you don’t have,” said Paul Brubaker, director of planning and performance management at the Defense Department. He noted that long delays in personnel hiring can make technology management inefficient, sometimes delaying hires by two months or more.

“It’s just an insane way to run an organization, let alone a government,” he said.

Federal Communications Commission CIO David Bray described how acquisition requirements can often make it difficult to buy even simple goods and services. When the FCC tried to buy a $99 iOS developer’s license, for example, he was told that language in Apple’s terms and conditions meant the agency would have to go through the much more onerous process of developing a purchase order for the service.

“You can have the backing and you can even have the budget but you still have to work through procurement and you’ve still got to work through [human resources],” Bray said. “It’s fascinating that procurement -- and I don’t necessarily think it should be underneath the CIO -- but oftentimes that is the stopgap.” 

Ethics requirements and presumed ethics requirements around CIO contact with vendors can also make the role extremely complicated Brubaker said, as can the fear of angering overseers and regulators.

He spoke specifically about agency paranoia following the General Services Administration’s much-publicized 2012 conference spending scandal.

“I’m telling you, we’re spending more money on reporting around conferences than we wasted in Las Vegas,” he said. “It’s unbelievably nonsensical how we’re chilling innovation, how we’re chilling free exchange, how we’re chilling what I would call intellectual curiosity,” he said. “And what we’re creating are these echo chambers…It’s a culture of fear, not just risk aversion but fear.”

Want to know what kind of tech executive you are? Take Nextgov's Challenge: Federal Tech

(Image via Ohmega1982/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.