Hitting the gas at Energy
CIO Ann Dunkin talks FITARA, modernization and the challenge of managing IT in an environment driven by high-performance technology.
Ann Dunkin has one of the coolest CIO gigs in government. Her job as the top tech official at the Department of Energy takes her to National Laboratories, nuclear security facilities, grid operations, supercomputing centers and more.
Dunkin is a seasoned public-sector tech official, with stints as CIO at the Environmental Protection Agency during the Obama administration and CIO of Santa Clara County, California. She's also worked in industry at HP and Dell. She recently marked three years of service at DOE and spoke with Nextgov/FCW about portfolio management, sustainability, supercomputing and the evolution of FITARA — the legislative framework that gives federal agency CIOs a seat at the table when it comes to IT budgeting.
This interview has been edited for length and clarity.
Nextgov/FCW: I wanted to talk about the Federal Information Technology Acquisition Reform Act, because you've seen it in action for a long time. How has the legislation changed the way agencies buy and deploy IT?
Ann Dunkin: I think FITARA changed the conversation differently in different departments. In the smaller ones, I think it really generated a very direct line of sight for the CIO for everything at a department. So if you've got, say, $100 million of IT spending, the CIO really got their arms around that.
It’s very different at a huge federal organization like Energy … with the National Labs and other sites which are several multiples larger than headquarters. And these are primarily government-owned, contractor-run. So there's a lot of complexity.
Overall, what I'd say is FITARA has certainly given CIOs more insight into what's going on at their departments. … I think it has probably been more successful than any of the previous efforts in changing the conversation.
Unfortunately, like many things in the government, the ability to say no is the strongest thing you've got. It's not what anyone really wants to be doing — saying, no. We want to find different ways to say yes, but ultimately, that power to say no is what drives this conversation.
Nextgov/FCW: When FITARA launched, there was a carve-out for Energy to allow the National Labs to do their own thing — to not give the agency CIO authority over high-performance computing investments. My understanding is that's kind of been wound down over the years, but there's this bigger conversation at Energy and elsewhere in government about where does HPC begin and where does IT end.
Dunkin: That DOE carve-out was in one of the defense authorization acts. I don't even think it was at the beginning, but it did show up I think [for] one year. But of course, something that lasted one year has ripples for a while.
I have oversight of high-performance computing, and … one of my predecessors reached an agreement with [the Office of Management and Budget] to just separate that out to show it as a separate item, which I think makes a ton of sense. It's about a billion dollars in DOE. And, you know, that program is run primarily by [the Advanced Scientific Computing Research program], which is an office within the Office of Science, but we collaborate really closely together.
So I'm not going to tell you that I could come in and say, this is how you're going to do supercomputing. I wouldn't and I don't think I could, but I'm certainly engaged in that program [to] understand what they're doing and work with them to try and ensure we're able to optimize the program.
We have two types of HPC. We have capability HPC [where] we're creating HPC, we're defining what that is, we're making it better. And then there's capacity, and that's the commodity HPC. Essentially, we're using it just to do stuff. And we can do that on premise, we can do it in the cloud, we can do it in a combination. And that looks a lot more like IT than that capability-building. If we were going to put our thumb on the scale, we would put it more on the capacity, but honestly, our supercomputing [assets] are super-well run. So I'm lucky that I can just work with them and it's all good.
Nextgov/FCW: A sustainability rule just went into effect covering federal acquisition. How is it going to affect your work, and how do you think tech leaders should incorporate sustainability into their modernization plans?
Dunkin: Rules are useful. … For example, in cybersecurity, I don't have to argue with people about whether we should do something when there's a rule that says we do this.
Sustainable procurement runs in that same space, right? I don't have to argue with a vendor or within the organization that this is the right thing to do. We've got a rule in place ensuring that the hardware you buy is recyclable and reusable. There's data centers, so how do we reduce the energy utilized by our data centers? We also look to make sure that our cloud providers are using best practices.
The bottom line is, I don't personally see those requirements for sustainability as a constraint to us. I think it just helped drive us in the direction we want to go: reducing the overall IT footprint in terms of getting rid of duplicative systems. So, from the contracting standpoint, those rules just help us ensure that our cloud providers [and] our hardware providers [and] our service providers are playing by those same rules.
Nextgov/FCW: What modernization projects are you working on?
Dunkin: The biggest thing in terms of modernization that we've undertaken is modernizing our HR systems. We're moving to Workday. We've launched that, and we're collaborating closely with other folks around the government. There are a few folks who've done it. The Federal Reserve has done it. Some of our labs have done it. And so we're getting lessons learned from other people.
We're finishing our Windows 11 migration, which is kind of a boring modernization, but an important one.
The biggest public-facing infrastructure where there is legacy modernization going on now is at the Energy Information Administration. Their CIO is modernizing those systems [and] moving to the cloud. It's a great candidate for the cloud because EIA publishes statistics, so they tend to get hit [with traffic] when the statistics file, and then the traffic goes away for a while.
A lot of modernization across the enterprise has been focused on getting out of legacy data centers and refactoring applications for the cloud. We've done some of that with finance, for example, but we don't have that huge infrastructure of public-facing applications. A lot of our internal applications are either grant systems — which do have some public interaction — or internal productivity systems or research systems. Most of those reside at the labs. There's always lots of ongoing modernization at the labs, plants and sites.
Much of our modernization efforts are deeply linked to hardware systems. We have large operational technology systems at the four federal Power Marketing Administrations that we use to manage the grid. We have large research implementations like the high-performance computers, and obviously the high-performance computing systems are constantly being refreshed.
We'd have a sequence if you watch across DOE: [The HPC] Frontier came on board at Oak Ridge. And next you'll see the new supercomputer at Argonne very soon, and then you'll see El Capitan out at Berkeley. So it's a very different challenge because we don't have this massive portfolio of legacy applications. But we definitely have our HR systems [and] our finance systems at headquarters that we're working through right now.
Nextgov/FCW: Cyber executive orders pose a management challenge — they come down to you as unfunded mandates on top of your regular work. How do you handle them?
Dunkin: It's like, be careful what you wish for. The rules are super helpful, but they're unfunded mandates. We absolutely have to focus on risk.
When I came to the government 10 years ago, we were really, really compliance-focused. We recognized a number of years ago that we need to focus on risk and the fact that we can't possibly meet all the compliance requirements to an organization. It's not just about funding. It's just simply about technology investments. So, you know, if you look at the [National Ignition Facility] out at Lawrence Livermore — which is a multimillion- if not multibillion-dollar investment in fusion energy — we're not going to say, well, let's replace that all with IPv6-compliant sensors. We're just not going to do that. The same thing goes with our older reactors or things like that. They're things we simply can't do because it would be a waste of money. So we're going to put other compensating controls around those.
There are some things we can't do because we don't have the money. We struggle with logging because it's very expensive and we don't have enough money allocated. And then there are some things that are sort of in the middle where there are technologies we should upgrade, but we don't have the money to do them, or we don't have the people to do it. So we really have to focus on prioritizing those mandates, looking at what's going to mitigate the most risk and making progress to meet the requirements at the same time.
Nextgov/FCW: Your job takes you into some more advanced technical areas as compared to other CIOs.
Dunkin: I get to go out to the labs and the plants and the sites and see amazing stuff, because I need to understand it to support it. We're supporting really exciting research, and that just makes the job so much more interesting. This is just a super mission. We're advancing the country and the world every day.
NEXT STORY: TMF names new director