Agencies backsliding on FITARA

Has agencies' progress on IT management, empowering CIOs and modernizing aging tech stagnated?

"We have taken some steps backwards on progress in these areas towards the end of the prior administration and with the recent change in administrations," said Dave Powner, who leads IT oversight at the Government Accountability Office.

Testifying before the House Oversight Subcommittee on Information Technology on March 28, Powner pointed to the still-limited management authorities, limited partnering with industry and IT workforce deficiencies as recurring themes of failed IT projects.

Powner said that while the Federal Information Technology Acquisition Reform Act "has raised the profiles" of some agency CIOs, "many are still not viewed as part of the executive team."

"More than half of the 24 CIOs reported they do not have authority over IT acquisitions," he said, adding that "about one-third of the CIOs told us… they did not have the authority to stop any project that's not going well."

Powner said the Office of Management and Budget needs to follow up to make sure CIOs have the authority they need.

Subcommittee Chairman Rep. Will Hurd (R-Texas) said the desire to make sure CIOs have adequate responsibility -- and accountability -- over IT projects is "very clear coming out of the White House."

President Donald Trump said soon after taking office that he "would hold my cabinet secretaries and agency heads ... totally accountable for the cyber security of their organizations." But ranking Member Rep. Robin Kelly (D-Ill.) said Trump's hiring freeze and "continued delay in filling key IT positions," including the naming of a permanent federal CIO, is negatively impacting agencies' IT capabilities.

Powner also said that agencies still tend to engage in lengthy, massive projects. Powner said the shift toward relying on an incremental approach is "key" to improving delivery.

He testified about 60 percent of agency IT projects rely on incremental development, and added this figure is "unacceptable" and "is not improving since previous years." Part of the reason for this stagnation is that "only three of 24 agencies" have a policy requiring CIOs to certify the use of incremental development, a requirement of FITARA.

Powner said OMB "needs to formalize this process" to make sure agencies follow through.

"Recent history tells us that when OMB is involved in this oversight, progress occurs," he said, adding that "Congress needs to push OMB on this critical role."

Powner also said agencies need to lean on private-sector expertise by following the lead of innovation groups 18F and the U.S. Digital Service, as well as opting for proven commercial products over building in-house IT solutions.

Hurd said the cumbersome acquisition process doesn't just make life harder in government -- it may also dissuade the private sector from wanting to deal with the federal red tape.

Part of the acquisition challenge, added former Department Homeland Security CIO Richard Spires, is that some agencies don't exactly know their IT needs because "many agencies do not manage inventory of software assets very well."

Spires also said agencies "are not going to replace tens of millions of lines of Cobol code anytime soon ... but what we can do is modernize the infrastructure that stuff runs on, and move much more to the cloud."

Spires, who is now CEO of Learning Tree International, said prioritizing on infrastructure upgrades over legacy application overhaul would help cut costs, simplify agency business practices, consolidate data and improve cybersecurity.

Powner added that Congress should extend the data center consolidation provision of FITARA, which is set to end in 2018, "at least several years," because about two-thirds of agencies are "self-reporting that they're going to be nowhere near that" 2018 goal.

Powner also noted that agencies are struggling to address their tech workforce needs. He suggested that agencies' plans for developing their cyber and IT workforce could be the subject of more-focused oversight by GAO and the committee.