FCC's CIO started young

By government IT standards, David Bray is a bit of a prodigy.

While plenty of teens make cash writing code or doing network management, the new CIO at the Federal Communications Commission obtained his first security clearance before he turned 18, to work on civilian applications for small military satellites for the Institute for Defense Analyses. His first federal gig was at 15, as a part-time network engineer for a Department of Energy lab in Newport News, Va.

Now, at 36, he's in charge of IT for the FCC, supervising a staff of about 35 full-time employees and 200 contractors in a challenging technology environment.

Even though the agency has only about 1,750 workers, the CIO staff is small measured against the overall agency head count. The FCC has seven internal bureaus, each with a chief and its own subdivisions, as well as 11 offices with their own operations. There are regional, field, and resident agent offices scattered across the country. To support this operation, the FCC sports 200 different IT systems, a circumstance Bray describes as "perplexing."

His charge is to put IT on a modular footing, so instead of 200 systems, individual workflows can be established for bureaus and offices that share common components or solutions for user authentication, network printing or other ordinary functions. As a first step, he has embedded what he calls "intrapreneurs" across the agency to assess the needs of bureaus and offices.

Another task is turning the FCC into a modern, mobile workplace.

From his two months on the job, Bray has learned that employees are clamoring for more teleworking opportunities. The FCC had a limited virtual private network capacity, but recently began beta testing virtual desktop with the goal of bringing it to all the bureaus and offices in the spring. Additionally, Bray wants to explore a bring-your-own-device policy for mobile, with the FCC licensing software for use on personal devices and building a network that allows employees to use phone and data services at work and not incur costs from their personal carrier.

"Really what I'm trying to do is make it so that people are free to work and compute wherever they want," Bray said.

The FCC is in charge of licensing spectrum, approving electronic gadgets, implementing telecommunications policy and making rules that govern a large swathe of the technology industry. But the agency doesn't have a reputation as a technology leader in government. "About 40 percent of our systems are more than 10 years old. That keeps me up at night," Bray said. He's also interested in creating a true "data mart" for the trove of unstructured, untagged information stored in legacy databases and in large downloadable files.

As he looks to put FCC on a more agile footing, he's hoping to build a reputation for the agency as a creative problem solver and frugal spender in the midst of sequestration. "There's a resounding sense among the IT team that the FCC should be a beacon for the rest of government," he said.

As daunting as his portfolio appears, Bray's challenges at the FCC sound a bit pedestrian compared with his earlier work.

 On Sept. 11, 2001, Bray had been scheduled to deliver a briefing at the Central Intelligence Agency on the government's capacity to respond to a bioterrorism event. That briefing was canceled, and Bray spent the next three weeks working 20-hour days with his team at the Centers for Disease Control to expand his look into bioterror response. In October, he delivered his briefing as the anthrax attacks against media and government officials were unfolding. He still keeps a letter from the CIA, thanking him for his "timely briefing."  

Bray deployed to Afghanistan in 2009 with the International Assistance Security Force, and published a series of papers on the challenges of distributing and collecting information in a war zone with an active anti-government insurgency at work.

He also worked as an executive for the intelligence community's Information Sharing Environment, where he worked to develop strategies for shared information management across classified and unclassified networks.

More recently, he worked as the executive director of a bipartisan government commission charged with reviewing research and development in the intelligence community. The group's report, which was released in unclassified form on Nov. 5, found that increasingly U.S. rivals and adversaries had access to the same high technology computing tools, including cryptography, network protection and data analytics.

In the area of network protection and cybersecurity, there may be some overlap between Bray's work for the intelligence community and what he is trying to accomplish at the FCC.

FCC Chairman Tom Wheeler has been a presidential advisor on cybersecurity, and takes a long historical view on the nature of distributed networks and the role of the FCC. In his first blog post at chairman, Wheeler wrote, "as networks change, those charged with the responsibility of overseeing those networks must also evolve," and noted that, "to maintain the historic compact between networks and users – a change in technology may occasion a review of the rules, but it does not change the rights of users or the responsibilities of networks."

Bray sees the possibility of the FCC taking part in the growing conversation on information security and cybersecurity. While private institutions and individuals are responsible for what goes on behind their own firewalls, Bray said "the case could be made that on the public infrastructure, it's a quality of service issue to be assured that your communications are both secure and private."