recommended reading

18F Wants to Change the Rules, Not Break Them, Leader Says


The tech group 18F took some heat Tuesday when a General Administration Services inspector general audit found it skirting compliance rules and security procedures, but the department’s leader says the Obama-era tech unit is still committed to hacking bureaucracy.

“Our job is transforming technology in government, and our job is to push against policies and regulations that are in the way of government being effective and delivering good services,” Technology Transformation Service Commissioner Rob Cook told Nextgov Wednesday. “We’ve realized we need to do that, and we’re emphasizing changing what the compliance is rather than going around it.”

Cook said 18F was alerted to the aforementioned IG report in the summer and has spent the past six months “addressing most everything” in it. Those issues included failing to get chief information officer approval on $24.8 million worth of contracts and foregoing approval on 100 of 116 software tools the tech unit used.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Echoing sentiments from 18F’s staff, Cook said the IG audit centered around “compliance of regulations,” not security vulnerabilities, and that he was not aware “any data, [personally identifiable information] or otherwise, that has been lost.”

In other words, hacking bureaucracy also means fighting to curb policies that stifle innovation. Cook said he appreciated the IG’s role and the audit’s key findings, but added 18F is committed to “changing the rules so they can accommodate a modern world.”

For example, Cook said one solution could be “keeping the intent” of potentially outdated security policies without the laborious and seemingly unnecessary box-checking exercises.

“It is 18F being 18F, but we’re new and we’re getting better at that,” Cook said. “How do we push up against it in a way that is effective in getting things changed but also plays by the rules? It doesn’t make sense for us to play by a different set of rules. We’ve gotta encounter rules and fix them for everyone.”

That might lead to, for example, pushing up against rules that make it more difficult to import modern software-as-a-service offerings, Cook said.

This isn’t the first batch of scrutiny for 18F. Last year, the IG was critical of its IG security practices, and the Government Accountability Office called 18F out for its financials, as the unit was bringing in far less revenue than it spent.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.