More effective oversight. Maybe.
- By Adam Mazmanian
- Feb 20, 2015
A November 2013 hearing on HealthCare.gov was a prime example of the finger-pointing and fuzzy accountability that can surround IT oversight. FITARA supporters say the new law will create more clarity. (Pictured: HHS CIO Frank Baitman and former U.S. CTO Todd Park.)
We can thank the HealthCare.gov debacle of 2013 for a new law that concentrates IT spending, planning and hiring in the hands of department-level CIOs. A few advocates on both sides of the aisle in Congress had been pushing for updates to the decades-old Clinger-Cohen Act, but it took the public failure of a key piece of government technology to generate a widespread interest in the bill. It narrowly failed in 2013 and squeaked through in the closing days of the 2014 session as a section of the defense authorization bill.
The Federal IT Acquisition Reform Act -- known as FITARA, although its lead sponsors prefer the moniker Issa-Connolly -- is designed to give top CIOs authority over IT, and it enshrines a few executive branch technology initiatives, such as data center consolidation and strategic sourcing, into law.
But CIOs aren't the only group empowered by the legislation. The law also has the potential to change the way Congress performs oversight by giving members new tools to make their work more efficient and effective. From that perspective, the law helps Congress get answers.
"Most importantly, FITARA requires single-point accountability," said Rep. Darrell Issa (R-Calif.), the law's top backer. "The CIO under the act has the responsibility to be responsible. We believe that prevents a situation of finger-pointing. CIOs know their responsibility and that they will be held accountable."
That promises to be an improvement over the chaos that seemed to reign in the wake of HealthCare.gov's launch. Issa's committee obtained and released email messages showing that the top tech officials at the Department of Health and Human Services had no visibility into the single biggest application-development project on their watch.
"In the case of HealthCare.gov, you had four people who were theoretically in charge, all of whom said they lacked the authority to shut it down," Issa said.
Dave McClure, former associate administrator of the General Services Administration's Office of Citizen Services and Innovative Technologies and a former auditor specializing in IT issues at the Government Accountability Office, sees a big opportunity for improved accountability.
"The CIO is going to be the key spokesperson for a Cabinet department on where they are with their IT strategy, IT security and IT spending," he said. "In the past, that's been bifurcated across CIOs, and it's been hard for a departmentwide CIO to answer questions in full compliance because they don't own or control funding, contracting and strategy for the entire entity. That changes a lot under FITARA."
Implementation will be the key to improving governance. Issa and co-sponsor Rep. Gerry Connolly (D-Va.) have pledged to make sure the law's provisions are instituted through guidance from the Office of Management and Budget to the civilian agencies that fall under the FITARA umbrella.
Making implementation work
The law originated in the House Oversight and Government Reform Committee. Issa's memorable tenure as chairman of the panel recently ended, and he has moved on to lead the Judiciary Committee's Courts, Intellectual Property and the Internet Subcommittee. Connolly remains on the oversight committee and will serve as ranking member of the Government Operations Subcommittee, where he plans to keep a hand in IT issues and FITARA implementation in particular.
Connolly told FCW that he will track efforts by OMB and the CIO Council to develop guidance for agencies on FITARA and oversee implementation on an agency-by-agency basis. He wants to make sure that "every agency head is held accountable for establishing ownership over concrete, detailed FITARA implementation plans and policies for his or her given agency."
"I think we have a real opportunity for some very substantive hearings, and I certainly intend to push early on for rigorous oversight hearings on this subject," Connolly said.
He was also blunt about how the oversight panel can use the requirements of the law to spur action. "It sets new metrics that allow us to measure how they're doing. We can push on the personnel piece in terms of CIOs," he said. Given the new range of IT planning, personnel and budget authorities embedded in the CIO role under FITARA, he added that some agencies might "decide that new leadership is required."
Issa and Connolly could do a great deal for FITARA just by sticking around. The Clinger-Cohen Act was implemented without input from its sponsors because soon after its enactment Rep. Bill Clinger (R-Pa.) retired from Congress and Sen. William Cohen (R-Maine) was tapped to serve as secretary of Defense by President Bill Clinton.
"Anytime Congress passes a major management statute, there's an interest especially from the authorizing committee in the first year or two years to see how the statute is being implemented," said Dan Chenok, chair of the Industry Advisory Council and executive director of the IBM Center for the Business of Government. "Most likely Congress will continue to be interested in these issues for the next year to two years and maybe longer."
Paul Brubaker, who helped write the Clinger-Cohen Act as a Senate staffer and later served in leadership roles at the Defense Department, said he is concerned that FITARA implementation could suffer from a brain drain caused by Issa's departure from the committee and the changeover of majority staff under its new chairman, Rep. Jason Chaffetz (R-Utah).
"Oversight is only as good as the knowledge of both the members and the underlying staffers," Brubaker, who is now director of AirWatch's U.S. federal government business, told FCW. "Members don't have the time to dive deep into these issues for the most part -- into the nuances and operational aspects of the CIO role. Agencies know that, and they'll take advantage of it."
Issa acknowledged that there might be a lack of institutional knowledge on the Oversight and Government Reform Committee but said many of his former staffers have found new posts on authorizing committees in the House and Senate where they can bring their expertise to bear on IT issues.
And FITARA isn't just a tool for the governmentwide oversight committees. The authorizing committees for individual departments will now have an accountability mechanism for IT projects that fall under their jurisdiction.
The new faces of IT oversight
Chaffetz, who was not interviewed for this article, is reviving the IT Subcommittee that was shelved by Issa, who preferred to handle IT issues at the full committee level. Rep. Will Hurd, a GOP freshman from Texas, has been tapped as chairman. Although committee sources say the Government Operations Subcommittee will take the lead in terms of staff resources and personnel, the IT Subcommittee will play a big role in overseeing federal technology.
Hurd served for nine years as an undercover officer in the CIA in the Middle East, South Asia and elsewhere. He also has a background in IT, including a degree in computer science from Texas A&M University and a stint at cybersecurity firm FusionX. Hurd resists the tag of "IT vendor" because he mostly worked on penetration testing for companies. Still, he's a rare technologist in a Congress that is made up largely of lawyers, businesspeople and career politicians.
Hurd downplayed his technical chops in an interview with FCW, saying, "I may be able to bang out some Fortran 77 code right now." But more important, he said, he could "understand and articulate technical issues -- a skill set that is lacking here in Washington, and I'm looking forward to playing a part and using that background."
As a new member, he's still getting up to speed on the folkways of Congress and working through a pile of GAO and inspector general reports on IT topics that he might want his subcommittee to explore. He's also familiarizing himself with the impressive raft of IT-related legislation, including FITARA, enacted at the tail end of the 113th Congress.
Hurd plans to cut a wide swath across tech issues, including federal cloud implementation, procurement, data breaches and cybersecurity in general. And because his district contains 825 miles of the U.S./Mexico border, Hurd takes a special interest in how technology can be used to make border protection smarter and more effective.
"My role in Oversight and Government Reform is to shine the flashlight on some of these issues and work with the authorizing committees -- Homeland Security, Armed Services, Judiciary -- as well as with Appropriations to help propose solutions," he said.
Connolly hopes to serve on Hurd's subcommittee but said he plans to focus his efforts on the Government Operations Subcommittee. Highlighting IT issues can be helpful, Connolly said, "but the risk is that we stovepipe it."
A lead Democrat for the IT subcommittee had not been named when this issue went to press.
FITARA's sponsors are bullish on the prospects for improvement. "There's $20 billion to be had here," Connolly said. "Issa-Connolly can effectuate very substantial savings." More than just saving money, he added, it can focus government technologists on achieving the best outcomes.
Connolly said he hopes the law will "foster a change in attitude [about] how we approach the transformative power of technology. Too often technology is treated as just a commodity. We are hoping these reforms will be a catalyst to get government to address the underutilization of technology in the public sector."
Brubaker, however, is concerned that the concepts embedded in the legislation won't find their way into federal practice. "Many agencies did not embrace the concepts in Clinger-Cohen," he said, but instead took cover in over-prescriptive guidance from OMB. Often there was resistance from leadership at the secretary and deputy secretary level.
Can FITARA surmount similar obstacles? "My guess is that it will make some incremental improvements, but achieving Information Age outcomes in this construct is not going to happen," Brubaker said.
McClure, who is now chief strategist at the Veris Group, agreed that leadership buy-in is essential for the timely implementation of FITARA, especially "the support the CIO gets from the non-IT executives within the agency." Often, he added, "the CIO's success is dependent on productive working relationships with the [chief financial officer] and the leaders of the mission-delivery arms of the agency."
Furthermore, lawmakers hoping to use the statute to improve oversight face built-in obstacles. Congress is outstaffed and outspent by the federal bureaucracy it is charged with overseeing, and it faces the perennial problem of attracting and retaining talented subject-matter specialists at the derisory rates typically offered for legislative staff work.
Nevertheless, Issa and Connolly could prove to be the best advocates for the law's success. "The biggest stakeholders are still here," Connolly said. "Darrell's around. I'm around. And I am tenacious."
"This is one of those legacy things," Issa said, "and Gerry Connolly and I will keep our eyes on it and take special interest and work together to see that it's fully implemented."