During the COVID-19 pandemic, Federal IT operations are providing a resilient fabric that enables accelerated delivery of vital services to citizens during an unprecedented public health crisis. As government IT operations reach their new steady-state and map the path to further modernization, MeriTalk is surfacing the untold stories – and lessons – of those efforts. In the latest installment of CIO Crossroads, we examine the Labor Department’s performance eight weeks into the fray.
Labor’s Lessons: Modernize Early and Often – CIO Q&A
There’s no hard-and-fast rule book for how to go above and beyond during a national crisis. But after speaking with Labor Department CIO Gundeep Ahluwalia, it’s clear that the agency’s pandemic response is a marathon, not a sprint, and that having the foresight to make significant investments in cloud and infrastructure modernization had a huge mission impact.
Labor oversees Federal administration of myriad workforce areas – unemployment insurance benefits, occupational health, wage and hour standards, and economic statistics. Its role plugs the agency squarely into the currently fractured employment landscape, and into the path to eventual recovery.
Labor was able to quickly shift to 95 percent telework by investing in the cloud (recently migrating 23 mission applications), doubling its VPN capacity, and partnering with industry to get pre-imaged laptops to employees working at home.
That agility translated to rapid mission impact during the pandemic response. Labor rushed technical assistance to numerous states whose unemployment claim systems are overwhelmed. It went electronic with systems that approve 100,000 foreign labor applications for seasonal workers – keeping store shelves stocked and helping prevent a labor shortage that would further devastate the economy. The agency’s prior investments in cloud and infrastructure modernization allowed it to easily handle immense surges in website traffic – including a 300 percent increase in page views on family medical leave, a 340 percent increase on disaster assistance, and a 20 times increase in traffic for benefits information – to continue providing service to citizens in need without blinking an eye.
Please join us for an in-depth conversation with Ahluwalia as he explains Labor’s greatest IT lesson: modernize as quickly as possible to get ready for the unexpected.
MeriTalk: What are your largest priorities and successes during the COVID-19 pandemic? What are you proudest of, and what have been the biggest surprises?
Ahluwalia: We are currently at about 95 percent telework, and a lot of that success stems from infrastructure improvements that we’ve been able to make in the last two years. We moved 23 of our mission applications into the cloud. We created a new VPN environment that has more than doubled capacity – even at 95 percent telework, we were at only 35 percent of VPN capacity.
We have authorized 20,000-plus laptops for the entire department, and they all run Windows 10. In doing so, we set up 12 distribution centers across the country, and all of these have a spare pool of six to 10 percent.
We were the first to set up a direct VPN connection with Dell and imaging infrastructure at Dell’s factory. So now our computers are coming pre-imaged from Dell, which helped us on-board 42 wage and hour investigators over the last week – they received their pre-imaged computer at home.
We invested in [Microsoft] OneDrive and moved off all local storage so everyone could still get their files when working offsite. For us, our Windows 10 laptop upgrade was a productivity play, not an infrastructure play. In addition to OneDrive, we implemented a digital signature, Cisco Jabber, and Skype – all of which helped greatly when COVID-19 happened.
That was a proud moment for us as a team, where we saw around the bend. We were prepared for the pandemic and able to get 95 percent of people working outside the office. This has been a marathon, not a sprint.
MeriTalk: How about successes on the mission side?
Ahluwalia: One example is the Foreign Labor Application Gateway. Previously, we had to print labor certifications on currency-like paper, and then send them to employers who applied to the Department of Homeland Security (DHS) for permission to contract foreign labor. We went to the Federal CIO Council and the Technology Modernization Fund for funding, and in January we went completely electronic with the certificates. The old process would not have survived pandemic conditions well.
Another is the Employment Benefits Security Administration – which protects all of your 401k and health plans. We had a unified communications capability deployed across the country, so now the agency’s benefit advisors can provide help as easily as they did when they were in the office.
Another very important one is state unemployment insurance. The U.S. Digital Service, my fellow CIOs, and the vendor community – including IBM and Microsoft – have come together to help. Secretary of Labor Eugene Scalia, the White House, and I put together the response team and have been able to help many of the states deal with a much higher volume of unemployment claims.
And then on the regular mission delivery side, we’ve been able to keep up with all of our mission objectives despite the COVID-19 pandemic.
MeriTalk: Can you share metrics about the increase in unemployment claims?
Ahluwalia: To start, unemployment insurance page views – where citizens could find information on how to file for it – shot up 30,000 percent on a year-over-year basis for the two-month period beginning March 1 and ending April 30.
Most of the state claims systems weren’t designed to handle dramatically heavier traffic – one system was designed for 200 claims a week but got 1,500 claims in a half hour during the pandemic. Some systems had desktops and were not designed for remote work, and call centers had similar issues. And some rely on mainframes and COBOL language. We’ve been able to help many of the states with either consulting or partnering with vendors or the U.S. Digital Service. Code for America came up with a front-end claims-capture concept.
For longer-term health, we are trying to work with Congress and OMB to figure out how to deal with the barrage of claims, ensure payment integrity, and make sure states get the resources they need to modernize their systems.
Our Bureau of Labor Statistics (BLS) unemployment claims website has seen about 10 times the normal traffic on the last unemployment release. Fortunately, our websites are resilient. Most are cloud-based, which helped us deal with a 300 percent increase in traffic related to family medical leave. These are proud cloud infrastructure moments.
We’ve received six to seven million emails per week. There is an elevated cyber threat during this time, and we’ve been blocking almost 80 percent of incoming email traffic, which provides a high level of protection, and we’ve been able to do it without a problem.
MeriTalk: Can you tell us about any other website traffic spikes?
Ahluwalia: Since March, we have seen 55.5 million sessions across our DOL.gov domain – that’s an 89 percent spike over the same time last year. The Families First Coronavirus Response Act page on DOL.gov received 30,000 sessions on the first day the page went live, April 1.
Benefits.gov has seen about 20 times the normal page views. Disasterassistance.gov has seen a 340 percent jump. The Occupational Safety and Health Administration has seen a 65 percent increase in page views because of all the guidance they have been providing in the Federal space.
MeriTalk: Have you been deploying new systems during the pandemic?
Ahluwalia: One of the things that we had piloted but not rolled out on a large scale was Microsoft Teams. We had Cisco Jabber, we had Skype, we had all of those capabilities, but the one area where we were feeling challenged was in external collaboration. We have a lot of adjudicative judges, and they were having a hard time interacting with the courts to get hearings and appeals. Since we were already running a pilot, we quickly rolled out Microsoft Teams to 20,000 folks across the nation, as well as contractors.
On the infrastructure side, once we implemented all these capabilities and went to 100 percent VPN, we realized that VPN reliability is dependent on internet service provider performance. So making all of these things go through VPN was not the best practice, and it was about this time that DHS and OMB came out with dual-tunneling recommendations. All of the Office 365-type traffic is already secured and it’s encrypted, so sending it through the VPN is just clogging the pipes. Dual tunneling allowed us to move what didn’t need to go through the VPN to a different path, so the mission applications that needed to go through the VPN were more responsive.
MeriTalk: Can you tell us a little bit more about the cybersecurity threat?
Ahluwalia: The weakest links are always email and the people sitting behind computers. We’ve invested significantly over the last two years in training and educating our people. Since COVID, we have created a new email series called Telework Smart. We get a lot of questions like, “What happens if I print a claim that has personally identifiable information on it? How do I destroy it properly?” We’ve been investing in responding to these questions.
We also invested in Microsoft’s Advanced Threat Protection. We put in email security appliances from Cisco. Our staff continuously tunes these things because the malicious folks are always changing their tactics, but we also want to make sure that the right emails are delivered.
Our new chief information security officer came in about a-year-and-a-half ago, and he’s invested significantly in our plan of action and mitigations. We are well on our way to reducing our vulnerabilities over the last year by half. That is also reflected in our IT audits and FISMA reports. Last year, IT conducted an audit called the financial statement audit, and we got the best score ever as a department.
MeriTalk: How has CDM played into your cybersecurity posture during this time? And can you make some comments about payment integrity?
Ahluwalia: CDM has been an integral part of our toolset. We have the Advanced Threat Protection. Then, all the things that come with CDM – CyberArk, SailPoint – all of that infrastructure has helped us be more responsive. One example: when we went to a maximum telework posture, we stopped our patching for a week or so. We were able to quickly get all of our systems patched and get into a different patching rhythm. Instead of patching over the weekend with large volumes of patches, we started doing it in a different manner. And, some of the CDM tools allowed us to do that.
As for payment integrity, we’ve been investing for a long time. It’s a multi-pronged approach.
We found a cloud-based capability where we can throw in a lot of data sets to do quick analysis and recognition. The second prong is working with states. Ultimately, your best defense around program integrity is when Maryland, New Jersey, or Oregon gets an application and is about to cut a check. We have collaborated with the states and the National Association for State Workforce Agencies (NASWA), to allow states to do a lot of checks against social security data and lists of deceased persons.
The third approach is to work with NASWA and academic organizations that have built capacity to bring these different data sets together, and we will continue to do that.
MeriTalk: What were the first few days of the crisis like, and what is the new normal today?
Ahluwalia: We knew we had built the systems and tested them, but we’ve never tested them at this scale. We’ve had snow days where 2,000 – 3,000 people in a local area are teleworking. That’s a very different experience than saying, ‘Okay, starting tomorrow, 16,000 people are going to telework.’ But since we had planned and had invested, those first few days presented an adjustment, but were doable.
We had to set up some reports that would come out every day. How many teleconferences did we do today, how many video conferences, what was the quality? How many help desk tickets are we getting? These are all reports that were not geared for daily delivery. We had a dashboard, and we could generate them. Now it’s a rhythm every morning.
So, those were the type of adjustments that we had to make. And now, it has settled down. In fact, we have switched gears a bit to focus on the opening. How do we bring people back safely? And what would that new normal look like?
Most people feared that there may be a dip in productivity, but for us it was exactly the opposite. In fact, I’ve seen a bit higher productivity. I’m pretty proud of the organization.
MeriTalk: What are the two most important lessons learned through this experience?
Ahluwalia: One big lesson is you need to continue running like it’s a marathon. When I say this is a marathon, I mean IT modernization, investment in infrastructure, application modernization, cybersecurity. If you run into a COVID-19-like situation, when you have not been investing in these things, you will have a much harder time than the Department of Labor.
The second lesson, which I’m proud of, is investing in our workforce. I keep reminding the staff,
‘We come here not for IT. We come here to protect the American workforce. We come here to protect people’s 401ks. We come here to create apprenticeship opportunities for people.’ If you do not keep investing in your workforce and processes, you will be unable to support them, not only in COVID-19-type situations, but during any unusual time. And, I think it has been a very fulfilling experience for us.
MeriTalk: What two or three modernization investments have proven most beneficial during this crisis?
Ahluwalia: Getting 100,000 temporary seasonal workers into the country every six months is a task that the American economy depends on. Had we not invested in that application, and not eliminated the entire paper-based process, we would be hurting the entire economy. In today’s scenario, that’s one that I’m particularly proud of. It is also close to my heart because one of the programs in there is the H-1B visa program.
The other area is the infrastructure that we have been able to create, which can sustain the entire ecosystem, whether it’s unified communications, our cloud environment, new laptops and distribution centers, or digital signing capabilities. I can’t tell you how many emails I have that tell me that five years ago, at least 40 percent of our staff would not be able to work in today’s scenario.
And, I’ll touch on one other investment – our website. We are modernizing all our websites to be in the cloud, on a Drupal-based platform. That came in handy with the doubling of overall average traffic and, in certain cases, 10 times the traffic. That kind of resilience was only there because of the investment we made.
MeriTalk: It takes a team to make things happen. Is there anyone in your agency or across the Federal ecosystem that you’d like to recognize?
Ahluwalia: There are three pillars that I rely on heavily – our two deputy CIOs, Lou Charlier and Rick Kryger, and our Chief Information Security Officer, Paul Blahusch.
I have a soft spot for the operations teams because they keep all the lights on, all the computers and everything going. And then the leadership, our Assistant Secretary for Administration and Management, Bryan Slater, and our Deputy Secretary. They have all been such great champions of IT, and they have always supported us as an organization.
Pat Pizzella, Deputy Secretary, was the acting CIO, when he was here in the Bush administration, so it makes my job a little bit easier. He knows what my problems are, so I get a tremendous amount of support from a leadership perspective.
I would be totally remiss if I didn’t mention the external parties, all the vendors. It takes a village. All our vendors – and I hate the word contractors, I like to use the word partners – they have been true partners and have allowed us to function seamlessly.
And, last but not the least, is the partnership with Suzette Kent and the CIO Council. Suzette was so quick to get on the phone and get the White House involved to get all these partners lined up.
MeriTalk: We’re all looking forward to that day when life returns to the new normal. What do you think we’ll still be doing, and what will change?
Ahluwalia: This situation has allowed some of the old guard to understand how telework has improved and the productivity that it generates. I do think that this crisis, as bad as it is, will have a positive effect on IT. I think people will understand why they need to invest not only in the commodities of IT, but embrace artificial intelligence, blockchain, robotic process automation, and IVR technology.
There are some cultural norms that will break, as well. For example, digital signature is a big one.
Click here for more Federal success stories from the COVID-19 pandemic.