Blockchain, automation and learning to love your legacy systems

blockchain (NicoElNino/ 

Jose Arrieta is in love with the data layer.

In his role as the Department of Health and Human Services associate deputy assistant secretary for acquisition, Arrieta oversees the acquisition function across the highly decentralized agency. Like many government systems, HHS' are often siloed and expensive to integrate, so the business processes are rife with manual tasks. And since the time and money required to modernize the systems wholesale are prohibitive, the inefficiencies persist. 

Arrieta, however, believes that a robust, well-structured and immutable data layer offers a way out -- allowing HHS and other agencies to automate and improve their business processes while running on top of the legacy systems. Specifically, he thinks blockchain can power that middleware for a wide range of government operations.

"Modernization historically has been about getting all the user’s requirements, and then designing a new system that’s going to replace the 10 systems that were currently in place," Arrieta said at an April 11 FCW event on automation and cybersecurity. "I believe that there’s a unique opportunity now to actually layer your existing systems with a high-powered middleware. … you can let your existing operating environment deliver services and you can build micro-services off of your data layer to modernize your business systems at the same time."

In his previous job at the General Services Administration, Arrieta piloted just such a solution for the IT Schedule 70 FASt Lane process, and "we were conservatively looking at lowering our OpEx costs by 80-90 percent," he said. He sees similar opportunities at HHS and elsewhere.

The key, Arrieta argued, is to have a data layer that comes with "CIA" -- confidentiality, integrity and accessibility. A blockchain distributed ledger checks all three boxes.

Agencies can "build microservices directly off of that data layer to drive business outcomes," he said. "And you can test those microservices at a very low cost …. all while you’re leaving your existing environment in place." That can allow agencies to modernize processes now, he said, "and then you can slowly move off of your existing IT architecture" as the resources to do so are available.

Such an approach also creates "a new layer of security around your data layer,' Arrieta added. And because the data integrity is improved, robotic process automation and machine learning can become much more accurate and effective.

Developing that data layer is not easy, Arrieta stressed -- both deciding what to include and extracting it from existing systems are significant challenges. He recommended starting small, with a specific process "that you actually own" -- and offered up basic access controls as an example.

"A user needs access," he said "So what does the individual receiving that request do?" Common steps would be checking the user's security clearance, verifying that he or she has taking the required training and signed the rules of engagement for that system, and then issuing a username and password.

"What if I automated that entire process?" Arrieta asked. "And what does that do with the time that my federal employee now has?"

KPMG Principal Tony Hubbard, who also spoke at the April 11 event, agreed that access control was "a perfect example where automation can really lend itself to support an effort." He also urged agencies to look at their Risk Management Framework efforts and the challenges of "taking systems to the accreditation stage. "

"It’s very cumbersome, with a lot of manual processes," Hubbard said. "For those of us who work in the cybersecurity field, there’s probably no better example than RMF that can be automated."

Such use cases are a far cry from the enterprisewide, nine-figure modernization efforts that often draw the spotlight in government, but Hubbard and Arrieta both stressed the importance of starting small and building on early successes.

"These are little changes," Arrieta said. "But the ripple effect that they have on your agency is huge."

This article originally appeared in FCW's sibling publication GCN.

About the Author

Troy K. Schneider is editor-in-chief of FCW and GCN, as well as General Manager of Public Sector 360.

Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of, Schneider also helped launch the political site in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times,, Slate, Politico, National Journal, Governing, and many of the other titles listed above.

Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.

Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.


  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

  • Workforce
    online collaboration (elenabsl/

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

Stay Connected