Advice for the next administration

Irrespective of who is in the White House, many of us who have served in the federal government in an IT function or support the federal government’s IT as contractors have an overriding objective: to help make the federal government more effective and efficient via the use of IT. This objective is bipartisan, and Congress last year showed leadership in support of federal IT with the passage of the Federal IT Acquisition Reform Act (FITARA).

As we move toward the start of the Trump administration, we are at a seminal moment that, if handled correctly, can accelerate the adoption of new technologies and techniques that can provide significant improvements. Handled incorrectly, we will continue to languish, with many agencies struggling just to maintain the legacy systems they currently run, unable to consider transformational change via the use of new technology and systems.

How federal IT goes over the next four years will be largely dependent on the direction and leadership set by the White House, supported by Congress and embodied in a few key positions -- namely the director of the Office of Management and Budget, OMB's deputy director for management, the federal CIO and the newly created federal CISO post. The levers and tools are there, with FITARA being a way to effectively empower agency CIOs to collaboratively drive such change within each of their agencies.

My advice is straightforward, recommending the next administration’s IT agenda focus on three major initiatives. Any other initiatives should be undertaken only if they support one or more of these three pillars:

1. Drive to eliminate system duplication. Almost all agencies feel hamstrung, spending upwards of 80 percent of their IT dollars on operating and maintaining legacy systems. It is not that all legacy systems need replacing, but with such a large percentage of the budget spent on legacy, it is exceedingly difficult to drive any significant modernization efforts. I really doubt that in this political environment there will be more money forthcoming (look at the fate of the proposed $3.1 billion IT modernization fund), so agencies need to generate real savings within their own IT spend in order to fund modernization. One need look no further than the annual Government Accountability Office report on duplication to understand the extent of opportunities for eliminating system duplication. (The 2016 report notes work that I was involved with at the Department of Homeland Security, in which we conducted an inventory of human resources systems and applications -- 422 is the current count.) Most large agencies have significant duplication, which if aggressively tackled, could result in very significant cost savings. The challenge has not been the technology, but the leadership (and authority) to break down barriers, consolidate and eliminate systems.

 

2. Get serious about program, project and acquisition management. I am constantly amazed (and disappointed) at the state of our government’s ability to actually deliver IT systems. While we train program managers and demand certifications, I have found time and again that agencies struggle to field skilled and experienced project or program management teams with the ability to plan, develop and implement sophisticated IT systems. Government must recognize that a program management office is much more than just the PM or the contract officer; it requires a broad and diverse sets of skills. The next administration must drive a change in culture, in which agencies are expected to develop the talent and establish project and program management disciplines, develop their staff in needed PM disciplines, get proper help when they have troubled programs, etc.

 

3. Continue and enhance the focus on cyber security. The Office of Personnel Management data breach was a wake-up call, resulting in the governmentwide cyber sprint and the establishment of the Cybersecurity National Action Plan. While these are positive developments, we still have a long way to go to properly secure the sensitive data our government holds, particularly data related to citizens and government employees. Multifactor authentication that ensures we know who is accessing data and encryption that protects sensitive data stores are now standard off-the-shelf technologies, yet many agencies are still struggling to get basic protections and monitoring in place. While the Continuous Diagnostics and Mitigation program is directionally good for agencies, it has taken years to make even the most basic inventory and prevention services available. We are moving much too slowly to address the ever-evolving threat.

OMB can work with agencies to ensure these three initiatives work synergistically to support improving federal government IT. As an example, for human resources systems, OMB can demand that agencies inventory and develop a consolidation plan over a two-year period that:

• Eliminates duplication of standard HR systems.
• Leverages existing software-as-a-service-based HR offerings, possibly in an existing shared services model.
• Deploys on commercial cloud offerings compliant with the Federal Risk and Authorization Management Program.

By starting with consolidation of IT infrastructure and standard back-office systems (like HR), agencies can more rapidly generate savings they can them plow back into consolidation and modernization efforts on mission systems. Further, I believe that for most agencies, moving to modern cloud-based infrastructure is actually more secure than the legacy data centers many agencies continue to operate. It does not matter where the servers live, but rather what access controls and monitoring are used in the operation of those services.

Having been in federal IT in two different agencies, I recognize that there will be significant resistance to the approach outlined above, both within agencies and from the existing vendor community. Existing agency users will argue they risk losing functionality that is unique to supporting their particular bureau or department. In the short run, they are correct, but if we are ever to break out of the status quo, organizations must recognize that moving to consolidated, modern platforms will ultimately bring them additional capabilities at a lower price. It will take a few years, but for standard back-office systems and with solid program and acquisition management, these benefits can certainly be realized in the first term of a Trump administration.

For the vendor community, companies that support legacy systems likely to be eliminated will fight such change. That is completely understandable and expected. But agency leadership should be steadfast -- focusing on improving its program management and acquisition management capabilities to run modernization programs and related procurements that are fair and defendable and to rapidly consolidate and eliminate systems. Only through this approach do agencies have a chance to eliminate the albatross of legacy systems that consume ever more of their resources to operate and maintain.