Q&A: CSRA CEO On New IT In Government, Security Breaches And The Election Impact On Federal IT Spending

The View From The CSRA Corner Office

CSRA came into being a little over six months ago after government solution provider SRA merged with the government services portion of CSC. The deal created a $5.5 billion, 19,000-employee federal government solution provider behemoth.

Recently, CRN sat down with CSRA President and CEO Larry Prior to discuss how he sees the future of federal government IT security, how a potential Clinton or Trump Administration would affect the U.S. federal government IT market, and what role cloud computing will play.

Prior said the government's infrastructure is in a major state of disrepair and fixing it should be a national priority. But he's optimistic we will see a watershed change in federal government IT investment during the next presidential administration.

Not surprisingly, CSRA is looking forward to that shift. Here's an edited version of the interview with Prior.

Recently, CSRA inked relationships with Amazon Web Services, Docker and Racemi. How are relationships like those helping CSRA service government clients?

CSRA knows the mission and the domain of government really, really well and we do enterprise IT as well as anyone. So when you couple those two, we think that we are a pretty good platform to help bring new technology – from the West Coast [startups] especially - to our customers. And we have traditional strategic partners like Oracle and Cisco, and we also team with SAP and Brocade.

We think for many of our government customers, they definitely want a private [cloud] - within their four walls – option. And they want to think about how they can carefully, thoughtfully, move workloads either to a private cloud … or start taking out some work packages to…the public domain.

[We] team with Racemi to walk through the infrastructure of a customer and really help them understand what [they] can do for service provisioning and the whole plan for migration. Docker has revolutionized how [customers] think about using their containers to work across those different environments in a very purposeful but effective way.

So those are ways that we will look to next-gen smaller companies.

What types of technology in particular are you looking for in smaller, high-tech vendors?

I would start with anything around Apache Hadoop. [When] you think of unstructured data, there is a world of wonderful young companies taking advantage of that and bringing it to the commercial world. I think unstructured data is a great place where we could add value to government.

Second, who is in the Amazon ecosystem? And who is in the [Microsoft] Azure ecosystem? And how do we enable them to help government think about moving workloads [to the cloud]?

We really think for government to move to next-gen [IT], a great way for them to do it is with SaaS [Software-as-a-Service] providers. When I went to the West Coast [recently], I spent some time with Salesforce [and] with ServiceNow. And we work closely with both of them.

How will CSRA leverage these next-generation companies and their technologies in the government space?

Our advantage is that we love government and there is nothing about the bureaucracy, nothing around the rules or regulations or compliance that scares us. We grew up with it, we know it, and we can help these [startup IT] companies navigate it. As well as we know the mission, we have the passion for it.

We know that a lot of these apps are going to perform really well in [government] environments and the mission now is how do we get government customers comfortable?

We have talked about the crumbling Federal IT infrastructure before. How big do you believe this problem is?

If you look at the investment that needs to be made in the infrastructure of the nation in the next administration, I would argue that the IT infrastructure has as much repair work needed as the bridges of America.

And repairing the IT infrastructure is probably more important to us [than fixing bridges] as we compete in a global economy.

So as we move to fix that infrastructure, what does the future of federal government cybersecurity look like?

It has got to be more prevalent and embedded in everything we do in IT.

In government today there are these Islands of incredible excellence - when you think of the incredible skills of the intelligence community, [for example]. And then you will see agencies with different levels of security outsource centers. But then you are missing the overall investment in improving and modernizing legacy IT.

What needs to be fixed?

We haven't modernized, upgraded or patched [to get] us to a basic level.

If there is any silver lining to all of the drama around the [security] breech at the OPM [Office of Personnel Management] and now the Democratic National Committee, [there is] a recognition that you have to go back to basics and the discipline and training around avoiding phishing, and the discipline around modernizing that core infrastructure from the circuits, to the network, to the OS on up. I think that is fundamentally important for government.

You mentioned the OPM and DNC breaches. Who's attention has been brought to this security problem through those incidents? And will it motivate people to move on it?

Absolutely. But it [attracted] attention from both bad guys and good guys. Every time there is yet another breech across government, I think there is a large exclamation point that we need an investment in IT equivalent to what we did with Y2K.

The driver is, I think, greater defense in depth. Both signature- and behavioral-based, from your switching fabric, to your servers, the endpoints, and to be very active in the defense and the hygiene of that network.

I think there is an agreement on the need to improve that infrastructure. I think they are still trying to sort out the source of the funds and the discipline around it. The president's budget, under the leadership of the nation's CIO, is pitching a $3 billion industrial fund. And I think you have a couple of bills [in Congress].

What do you think will happen with government IT infrastructure in the next administration?

You are going to see in this next administration a watershed change in [IT] improvement and investment.

We think that the larger tectonic move is the cloud. It enables all sorts of improvements across any enterprise, and you have seen the adoption rate and the dramatic changes within the commercial environment. That is tectonic and is moving toward government.

And when you couple those tectonic shifts with the drama around cyber[security] breeches, I think [that] regardless of who is living in the Whitehouse, there is a recognition around the need [for] IT that is transformative for business, society and nations.

What effect do you think either a Clinton or Trump Administration would have on the government IT market?

I think that a President Trump would do a little more investment in DHS (Department of Homeland Security] and I think a President Clinton would have a bit more investment around her stated goal of improving the nation's infrastructure.

But remember, any move is thoughtful and slow when it comes to government. It comes with natural checks and balances. And don't underestimate the time dimension that the budget being presented by president Obama. It will be presented to a new Congress right around the time that the new president swears in and their fingerprints on their first budget doesn't really start until a year from now.

As you mentioned, the federal government fiscal year is coming to an end. What do you see happening for businesses like yours?

I'm still expecting it will be a fairly standard playbook, where we will have a very busy last quarter of the government year. We are focused more on new awards. I think budgets [have been] more ratably spent over the last few years, so the 'budget flush' at the end of the year has been more muted. But what you really need to look at is the book-to-bill business ratios and I think they will be robust.

What about the federal IT budget?

I still expect the continuing [budget] resolution as we move into the next fiscal year. I believe that Congress will be disciplined enough to do a [short-term budget] and then put together an omnibus budget before Christmas. But I am an optimist.

I would also keep an eye out for reprograming and if there is a supplemental [budget] of some sort driven by national security [or] the need for overseas contingency funds, but matched by security concerns on the federal civilian side.

What were your thoughts when you first heard about the hacking tools Shadow Brokers released last month?

I've been watching and reading a lot of the discussion on that. I think it is a challenge and you have this inherent tension between security and privacy. Civil liberties is the larger issue, [whether] it's encryptions or how you think of patches and zero-day [vulnerabilities], we as a society need to come to grips with what the right balance is.

What you are seeing is what looks like a nation-state release of materials. You always expect nation-states to do that. But when it starts to come into civil society and has this larger impact, it is something we have to talk about and debate.

I think smart people need to come together in a quiet and collaborative way to figure that out.

What actions is CSRA taking in response?

I think every CIO in every company in America is looking on a daily basis at what can they do to improve their security within their enterprise.

But it's a challenge. There are a lot of hostile players, classic criminals and some [hackers] with political causes.

So it is a new, dynamic world and there aren't good rules of the road. So we, like other companies, are making the investment, making timely, incremental improvements and collaborating with the government and across the industry.