Blockchain, automation and learning to love your legacy systems

blockchain (NicoElNino/ 

Jose Arrieta is in love with the data layer.

In his role as the Department of Health and Human Services associate deputy assistant secretary for acquisition, Arrieta oversees the acquisition function across the highly decentralized agency. Like many government systems, HHS' are often siloed and expensive to integrate, so the business processes are rife with manual tasks. And since the time and money required to modernize the systems wholesale are prohibitive, the inefficiencies persist. 

Arrieta, however, believes that a robust, well-structured and immutable data layer offers a way out -- allowing HHS and other agencies to automate and improve their business processes while running on top of the legacy systems. Specifically, he thinks blockchain can power that middleware for a wide range of government operations.

"Modernization historically has been about getting all the user’s requirements, and then designing a new system that’s going to replace the 10 systems that were currently in place," Arrieta said at an April 11 FCW event on automation and cybersecurity. "I believe that there’s a unique opportunity now to actually layer your existing systems with a high-powered middleware. … you can let your existing operating environment deliver services and you can build micro-services off of your data layer to modernize your business systems at the same time."

In his previous job at the General Services Administration, Arrieta piloted just such a solution for the IT Schedule 70 FASt Lane process, and "we were conservatively looking at lowering our OpEx costs by 80-90 percent," he said. He sees similar opportunities at HHS and elsewhere.

The key, Arrieta argued, is to have a data layer that comes with "CIA" -- confidentiality, integrity and accessibility. A blockchain distributed ledger checks all three boxes.

Agencies can "build microservices directly off of that data layer to drive business outcomes," he said. "And you can test those microservices at a very low cost …. all while you’re leaving your existing environment in place." That can allow agencies to modernize processes now, he said, "and then you can slowly move off of your existing IT architecture" as the resources to do so are available.

Such an approach also creates "a new layer of security around your data layer,' Arrieta added. And because the data integrity is improved, robotic process automation and machine learning can become much more accurate and effective.

Developing that data layer is not easy, Arrieta stressed -- both deciding what to include and extracting it from existing systems are significant challenges. He recommended starting small, with a specific process "that you actually own" -- and offered up basic access controls as an example.

"A user needs access," he said "So what does the individual receiving that request do?" Common steps would be checking the user's security clearance, verifying that he or she has taking the required training and signed the rules of engagement for that system, and then issuing a username and password.

"What if I automated that entire process?" Arrieta asked. "And what does that do with the time that my federal employee now has?"

KPMG Principal Tony Hubbard, who also spoke at the April 11 event, agreed that access control was "a perfect example where automation can really lend itself to support an effort." He also urged agencies to look at their Risk Management Framework efforts and the challenges of "taking systems to the accreditation stage. "

"It’s very cumbersome, with a lot of manual processes," Hubbard said. "For those of us who work in the cybersecurity field, there’s probably no better example than RMF that can be automated."

Such use cases are a far cry from the enterprisewide, nine-figure modernization efforts that often draw the spotlight in government, but Hubbard and Arrieta both stressed the importance of starting small and building on early successes.

"These are little changes," Arrieta said. "But the ripple effect that they have on your agency is huge."

This article originally appeared in FCW's sibling publication GCN.

About the Author

Troy K. Schneider is editor-in-chief of FCW and GCN, as well as General Manager of Public Sector 360.

Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of, Schneider also helped launch the political site in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times,, Slate, Politico, National Journal, Governing, and many of the other titles listed above.

Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.

Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected