There’s an urgent need to modernize federal agencies’ technology. At least two-thirds — and in some cases more — of the federal IT budget in recent years has gone toward the operations and maintenance of outdated legacy systems that are often older than some of the personnel in charge of their upkeep.
Consequently, agency mission efficiency and effectiveness are frequently hamstrung as the IT infrastructure of yesterday can’t meet the needs of the government of today. Furthermore, securing those old, interdependent, interconnected and often custom systems becomes increasingly difficult as threats grow in sophistication, but the comparable latest cyber defenses don’t always mesh with the antiquated IT.
As former U.S. CIO Tony Scott often said, it’s like trying to “install air bags in a 1965 Ford Mustang” — the systems just weren’t designed with modern security in mind.
This month, FedScoop gathered leading federal CIOs and IT officials at its headquarters in the heart of Washington, D.C., for a candid talk about the progress around federal systems modernization, the challenges agencies still face and the keys to success as the government plots its path forward in becoming a more digital, secure, efficient and effective operation.
To inspire an open and honest talk, the meeting was not-for-attribution, but FedScoop did collect the five broader steps with supporting commentary that agencies, and the federal government as a whole, should take in the name of modernization. Surprisingly, the conversation was almost entirely absent talk about the need for more budget or an IT modernization fund.
Here’s what they had to say:
1. Culture change is paramount
A lagging culture is the biggest challenge to modernization progress in the federal government.
“A cultural shift and policy shift are the things that get in my way of doing anything,” one CIO said.
Agencies are too averse to the risks of a major modernization, willing to make big changes only when there is an emergency.
“The most traction we see is when there is a fire, when there is a sense of urgency from external circumstances … when we had the OPM breach or the IRS GetTranscript [breach], HealthCare.gov, then all the sudden it was ‘what do we need to do?’ After the fire is out, though, [comes] the hard work of trying to get in there to see how did we get to that point and how do we prevent it from happening, and that is actually the toughest. Why do we need to get to the point where there is this flaming fire before we get there?” someone said.
That culture must change, the CIOs and IT leaders agreed, before modernization can take course.
Generally, an interagency sharing of best practices and successes could help quell those fears and facilitate the change. The Office of Management and Budget, with its “power to convene,” could start the push.
“If OMB can give the air cover to a number of agencies that would be willing to tackle that problem and then go together, there’s some safety in numbers. You can probably change the culture a lot faster,” a CIO said, speaking generically about the White House office’s ability to effect change.
2. Address interconnected complexities
“We are an interconnected government, both internal and also with our external stakeholders, and those connections aren’t always known,” a CIO said. Therefore modernizing a system inside one agency comes with connected baggage at other agencies.
Another CIO advised that to kickoff the modernization process, CIOs should “peel back the onion.”
“Start peeling off what I consider to be shared services, software-as-a-service, things you can move to the cloud, and eventually … you get down to that core, and there will have to be refactoring at that point. But you’re left with the little small kernel of stuff that’s really hard. I just want to make sure that we’re getting down to really what we have to fix and get the rest of the stuff off the table.”
3. Top talent is necessary
You can’t expect legacy systems to modernize themselves. The federal government faces a constant struggle to recruit and retain top talent capable of such an overhaul.
In many cases, agencies might have a few qualified IT personnel with the necessary skills, but they need more people with such training. CIOs and IT leaders at the meeting tossed around the idea of creating a more rotational workforce in which personnel spend time on all parts of mission delivery.
Such a “matrix organization,” as it’s called, “really allows some people new leadership opportunities to manage in a different way and be a leader in a mission they’re passionate about … they get exposure, they learn something new, and they feel like they’re part of a change.”
One CIO said, “I used a rotational program and I got all of my infrastructure elites from that program.”
Other organizations, like the U.S. Digital Service, use the “tour of duty” model to bring technologists into the federal government for short a period — anywhere from a few months to two or three years — ” to get up-to-date talent at all times … we want to make sure we have the most up-to-date skills coming in.”
It’s also the idea behind the often-referenced but not yet executed Cyber Corps.
“We want to rotate people into the government to do a tour of duty, just like you would in ROTC, then you rotate back out to the private sector, and all of these people come back to spend two to three weeks a year making sure they’re connected in case the red flag ever goes up, a major power grid attack or something like that,” an IT official said.
4. Partner externally
Just because it’s federal systems in need of modernization doesn’t mean that the federal government should go it alone.
“Because of that talent management piece, if we don’t have that partnership, we may end up having major gaps in skills,” a CIO said.
The gathered CIOs and IT officials discussed how academia, industry, nonprofits, and state and local governments can help overcome many of the challenges associated with federal modernization.
For instance, what jobs should federal IT shops outsource to contractors?
“It might benefit the government by having some of the more highly trained positions internally … the grunt work is the perfect thing to be outsourced. We shouldn’t even be in the business” of operations and maintenance, one person said.
Working with agencies at the state and local level can also give the federal government another place to attract a talented workforce.
“They are very in tune with demographic trends and where the talent is coming from…if you add that 80 percent of our workforce is not in the Beltway, it’s outside all across the country, the state workforce system…are the people that already have partnerships with universities and they feed them into the state workforce,” someone said.
5. Modernize across your portfolio
Agencies too often look at modernization on a one-off basis, system by system or piece by piece, looking for the easy and quick fix.
“Technical debt is the problem fundamentally,” a CTO said.
IT shops must approach modernization from “the portfolio view of assets — crossing agency boundaries to look at the entire delivery system of a customer service and making sure that every one of those systems that’s in that chain is appropriately modernized as a suite as opposed to these one-offs in an agency. We always let ourselves be driven by organization rather than by customer delivery,” a CIO said.
According to another, “Some people want to do one small part of that, and I’m like: ‘Stop, you need to do the whole thing.You throw the whole [modernization] out there, make them responsible for it. That’s where the real value is. And you incentivize it in such a way that when they continue to modernize it, it increases efficiencies, which is profits to them, and increases effectiveness, which is a benefit to us. Everybody wins.”