CIO Perspective

Advice for the next administration

Shutterstock image.

Irrespective of who is in the White House, many of us who have served in the federal government in an IT function or support the federal government’s IT as contractors have an overriding objective: to help make the federal government more effective and efficient via the use of IT. This objective is bipartisan, and Congress last year showed leadership in support of federal IT with the passage of the Federal IT Acquisition Reform Act (FITARA).

As we move toward the start of the Trump administration, we are at a seminal moment that, if handled correctly, can accelerate the adoption of new technologies and techniques that can provide significant improvements. Handled incorrectly, we will continue to languish, with many agencies struggling just to maintain the legacy systems they currently run, unable to consider transformational change via the use of new technology and systems.

How federal IT goes over the next four years will be largely dependent on the direction and leadership set by the White House, supported by Congress and embodied in a few key positions -- namely the director of the Office of Management and Budget, OMB's deputy director for management, the federal CIO and the newly created federal CISO post. The levers and tools are there, with FITARA being a way to effectively empower agency CIOs to collaboratively drive such change within each of their agencies.

My advice is straightforward, recommending the next administration’s IT agenda focus on three major initiatives. Any other initiatives should be undertaken only if they support one or more of these three pillars:

  1. Drive to eliminate system duplication. Almost all agencies feel hamstrung, spending upwards of 80 percent of their IT dollars on operating and maintaining legacy systems. It is not that all legacy systems need replacing, but with such a large percentage of the budget spent on legacy, it is exceedingly difficult to drive any significant modernization efforts. I really doubt that in this political environment there will be more money forthcoming (look at the fate of the proposed $3.1 billion IT modernization fund), so agencies need to generate real savings within their own IT spend in order to fund modernization. One need look no further than the annual Government Accountability Office report on duplication to understand the extent of opportunities for eliminating system duplication. (The 2016 report notes work that I was involved with at the Department of Homeland Security, in which we conducted an inventory of human resources systems and applications -- 422 is the current count.) Most large agencies have significant duplication, which if aggressively tackled, could result in very significant cost savings. The challenge has not been the technology, but the leadership (and authority) to break down barriers, consolidate and eliminate systems.
  2.  

  3. Get serious about program, project and acquisition management. I am constantly amazed (and disappointed) at the state of our government’s ability to actually deliver IT systems. While we train program managers and demand certifications, I have found time and again that agencies struggle to field skilled and experienced project or program management teams with the ability to plan, develop and implement sophisticated IT systems. Government must recognize that a program management office is much more than just the PM or the contract officer; it requires a broad and diverse sets of skills. The next administration must drive a change in culture, in which agencies are expected to develop the talent and establish project and program management disciplines, develop their staff in needed PM disciplines, get proper help when they have troubled programs, etc.
  4.  

  5. Continue and enhance the focus on cyber security. The Office of Personnel Management data breach was a wake-up call, resulting in the governmentwide cyber sprint and the establishment of the Cybersecurity National Action Plan. While these are positive developments, we still have a long way to go to properly secure the sensitive data our government holds, particularly data related to citizens and government employees. Multifactor authentication that ensures we know who is accessing data and encryption that protects sensitive data stores are now standard off-the-shelf technologies, yet many agencies are still struggling to get basic protections and monitoring in place. While the Continuous Diagnostics and Mitigation program is directionally good for agencies, it has taken years to make even the most basic inventory and prevention services available. We are moving much too slowly to address the ever-evolving threat.

OMB can work with agencies to ensure these three initiatives work synergistically to support improving federal government IT. As an example, for human resources systems, OMB can demand that agencies inventory and develop a consolidation plan over a two-year period that:

  • Eliminates duplication of standard HR systems.
  • Leverages existing software-as-a-service-based HR offerings, possibly in an existing shared services model.
  • Deploys on commercial cloud offerings compliant with the Federal Risk and Authorization Management Program.

By starting with consolidation of IT infrastructure and standard back-office systems (like HR), agencies can more rapidly generate savings they can them plow back into consolidation and modernization efforts on mission systems. Further, I believe that for most agencies, moving to modern cloud-based infrastructure is actually more secure than the legacy data centers many agencies continue to operate. It does not matter where the servers live, but rather what access controls and monitoring are used in the operation of those services.

Having been in federal IT in two different agencies, I recognize that there will be significant resistance to the approach outlined above, both within agencies and from the existing vendor community. Existing agency users will argue they risk losing functionality that is unique to supporting their particular bureau or department. In the short run, they are correct, but if we are ever to break out of the status quo, organizations must recognize that moving to consolidated, modern platforms will ultimately bring them additional capabilities at a lower price. It will take a few years, but for standard back-office systems and with solid program and acquisition management, these benefits can certainly be realized in the first term of a Trump administration.

For the vendor community, companies that support legacy systems likely to be eliminated will fight such change. That is completely understandable and expected. But agency leadership should be steadfast -- focusing on improving its program management and acquisition management capabilities to run modernization programs and related procurements that are fair and defendable and to rapidly consolidate and eliminate systems. Only through this approach do agencies have a chance to eliminate the albatross of legacy systems that consume ever more of their resources to operate and maintain.

About the Author

Richard A. Spires has been in the IT field for more than 30 years, with eight years in federal government service. He served as the lead for the Business Systems Modernization program at the IRS, then served as CIO and deputy commissioner for operations support, before moving to the Department of Homeland Security to serve as CIO of that agency. He is now CEO of Learning Tree.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

Reader comments

Wed, Jan 25, 2017

I have one concern about eliminating redundancy of IT systems and that is security. Everyone talks about eliminating redundancy of IT systems but they never discuss the hidden cost of having everything on one system, which enables much more serious compromise should the data be stolen or destroyed. We should not be naive to the fact that cyber-warfare is a serious threat where redundancy provides some protection!

Thu, Dec 15, 2016 Michael Collins Ohio

I read the article on advice-next-administration... I believe this is all good but misses several more fundamental points. First, you must reveal the architecture that you have, the description of the system ... ; if you do not reveal it you cannot manage it and it will manage you... Duh. Second, you must persist this description ... ; I do not mean with modeling tools like System Architect, architecting has been hijacked by the modeling community and no one but them understands them or can use them. All of the persistence discussion surrounds repositories. All of the repositories are useless and revolve around storing the artifacts created by modelers. Third, and equally important, you must determine the methods and mechanisms for reuse. Everything that I have read about reuse stops with the use of the word and does not address how this is to be done, and the implementations have required bloated teams of modelers creating more models. I am an architect but these three concepts or ideas: reveal, persist, and reuse are missing in the dialogue. Once you have these addressed you can then discuss ontologies of data, standardization of process, and security of systems and data. Now you can address delivering the services this country needs.

Thu, Dec 15, 2016 Paul

I currently work within the government IT (DHS) and I have worked in the private sector. Within the government mission requirements need to dictate duplication of systems and if cloud based systems are appropriate. But currently the push to the cloud and email as a service by vendors and Congress may leave agencies with COG requirements with no capabilities or fallback operating sites. While in the private sector our systems consisted of External facing( WWW) , Administrative(9-5 M-F) and Production 24/7 365). Each with there own operational requirements, the idea of putting PII information on an external facing site is inexcusable and allowing External or Administrative to directly access or effect Production is not allowed. From my view I see the majority of the Cyber issues come from using the INTERNET as your primary method of connectivity, rather than spending the money to have private networks. Which was the primary method before the INTERNET.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group