IT in ’08: Finish what you started

Agency IT managers shouldn’t be surprised if, over the next year, they hear Karen Evans quote “The A-Team’s” Hannibal, who liked to say, “I love it when a plan comes together.”

Evans, the Office of Management and Budget’s administrator for IT and e-government, has put forth a plan for the administration’s technology vision that focuses on finishing ongoing initiatives rather than launching new projects.

With a specific focus on cybersecurity, President Bush’s IT budget request sent to Congress earlier this month sets out no new initiatives, but emphasizes the need to obtain results from technology spending.

“It is time to drive utilization to the 25 E-Government and nine Line of Business initiatives,” Evans said in a IT budget briefing with reporters. “We need to realize the potential and focus on internal efficiencies and services to the citizen.”

The administration’s expectations center on improving agency IT security, but also continuing to moving forward on long-standing initiatives such as improving project and program management, increasing spending on mission functions by moving more agencies to shared-services providers under human resources, financial management and Homeland Security Presidential Directive-12, and limiting spending to develop, modernize or enhance systems.

Many of these objectives have been in place since 2002.

Agencies have made progress, Evans said, pointing to the example of 44 systems that duplicated eight e-government and two Line of Business initiatives that agencies shut down between 2005 and early 2007.

But Evans also acknowledged that there is quite a bit of work yet to be done. Take, for instance, the number of business cases on OMB’s Management Watch List, which has increased to 346, worth $14.4 billion—a 32 percent uptick over last year. Last year, OMB placed 263 investments, worth $10 billion, on the list.

“A lot of the increase had to do with how agencies came in with their business cases,” Evans said. “It is our greater focus on things like project management and performance measures. We are scrutinizing their cybersecurity plans and analysts are seeing if the investments are good ones.”

Of the 263 investments from 2007, agencies did not fix 84 of them, which means OMB placed them on the High-Risk List. The High-Risk list includes 476 projects, worth $9.1 billion. The departments of Treasury and Homeland Security have the most business cases on the Management Watch List, 61 and 52, respectively, while DHS has 76 on the High-Risk List, followed by the Veterans Affairs Department with 45 projects.

While many believe some IT projects and investments will remain risky no matter how well agencies mitigate concerns, OMB expects agency capital planning and investment control processes to improve and match up better with their enterprise architectures.

One way this will happen is for agencies to develop segment architectures for specific mission-critical functions. “Segment architectures will help agencies clearly demonstrate how you are using your EA to achieve results,” Evans said. “Agencies need to look for integration and develop a transition plan for things like IP Version 6 or telework and continuity of operations.”

A major area of concern continues to be cybersecurity. While IT security always has been a high priority, the 2008 budget request augments its importance. OMB named five shared-services providers for two of the four areas under the Information Security Line of Business effort (see chart).

And Evans said a third area, situational awareness, will work closely with the IT Infrastructure Line of Business effort and the General Services Administration’s Networx governmentwide acquisition contract this year.

“The situational awareness team may go to the Internet service providers to figure out the best way to protect the infrastructure,” Evans said. “Agencies have limited resources to be aware of intrusions and how often they get to look at logs from firewalls. Maybe small agencies would not maintain their access points.”

Officials said GSA also would develop enterprise software licenses under the SmartBuy program for data at rest and remote access software. Neil Condon, director of the federal sector for Guidance Software Inc. of Pasadena, Calif., said the goal for the government to keep up with the evolving target.

Dan Chenok, a former OMB official and now a vice president with SRA International Inc. of Fairfax, Va., noted that OMB has more data about systems than ever before and that is why the focus on security seems to have risen. For instance, OMB said 88 percent of all agency systems have been certified and accredited—the government’s highest percentage ever—up from 85 percent last year and 47 percent in 2002. But the number of agency C&A and remediation processes approved by the agency’s inspector general dropped to 18 from 19.

“The goal is to move agencies out of just complying with regulations and to achieve results,” Evans said.

And, to quote another member of the A-Team, Evans just might pity the fool who doesn’t show results.

The changing face of the IT budget