Subscribe to our daily newsletter.
Subscribe

A ‘blueprint’ for government IT reform

Reforming the way government manages its information technology has spanned several administrations, but the Partnership for Public Service thinks it has a plan on how to finally get it done.

The better governance nonprofit partnered with Accenture to unveil a blueprint Wednesday on how federal agencies could better makeover their IT efforts.

“I think the message here is the world is changing, agencies’ missions are changing and the technology that agencies are using to accomplish the mission are probably changing faster than all of this stuff,” Eric Keller, senior manager for research and evaluation at the partnership, said at an event focused on the blueprint’s release.

“One of the theories we came into this work with was that new technology sometimes requires a new approach to leadership,” he said.

The research centered on five strategies to help smooth agencies’ paths to IT modernization:

To illustrate how the blueprint can work, a panel of CIOs who have pursued digital transformation in their offices highlighted some of the ways they put the plans in action.

Make it all about the end user

Acting Department of Veterans Affairs CIO Scott Blackburn said that after the agency had to regain veterans’ trust in the wake of its waitlist scandal, it centered its innovation efforts on designing systems to serve both veterans and frontline employees more easily.

“When we are doing this, we really need to ground ourselves in the end user and getting the entire management team focused on that goal,” he said. “Our transformation, like all others, it revolves around people, revolves around processes and revolves around technology. And all three of those play an incredible part, and I think people is the most important.”

Leading with one voice

When tasked with applying the Federal Information Technology Acquisition Reform Act to the Department of Interior, CIO Sylvia Burns said the agency involved its executive leadership by forming a FITARA implementation committee that allowed stakeholders to understand their expectations and how they could collaborate on their governance efforts.

The result, she said, was a unified approach that developed from tying in leadership and stakeholders to get a full view of the agency and how to manage the project from the top down.

“Quite honestly, through that process, I feel like we got strong,” she said. “It started with [the belief] that we have to be together in the department first. If we are going to face the bureaus and ask them to do this, we can’t not have our act together.”

Keep working the basics

Risk is a key component of innovation, but Washington, D.C., while innovation-hungry, is the proverbial poster child of risk-aversion.

To overcome this dissonance, Department of Justice CIO Joseph Klimavicz said that agencies have to harken back to the mission when evaluating new IT projects and make sure to keep the trains running while working on innovation.

“My thinking is that the missions really don’t change when we change administrations,” he said. “As we move through, priorities shift and you need to be sensitive to that. If you want to get funding for your projects, you need to know where the priorities are. But the mission doesn’t really change.

“It’s great to be a change agent, but if you don’t keep the lights on or your core customers happy, you don’t get to be a change agent. You have to be really good at the basics to be able focus on change,” Klimavicz said.

MGT Act moves to NDAA floor vote, but sequester challenge remains

The House and Senate have agreed on a $700 billion fiscal 2018 National Defense Authorization Act, and the Modernizing Government Technology Act made the cut as an amendment.

A spokeswoman from the Senate Armed Services Committee confirmed to FedScoop that the conference-approved proposal includes the MGT Act as an amendment as it appeared in the Senate’s version of the defense authorization bill.

The NDAA must now pass the floors of the House and Senate, and receive the signature of President Donald Trump to become law.

The MGT Act — first introduced in the House by Rep. Will Hurd, R-Texas, followed by a corresponding version in the Senate from Sens. Jerry Moran, R-Kansas, and Tom Udall, D-N.M. — proposes again to allow agencies to put money saved through IT efficiencies into working capital funds, which can be accessed for up to three years, to fund efforts to modernize their technology. It also would create a centralized fund agencies can tap into for modernization.

While its inclusion in the post-conference NDAA appears to move the information technology funding legislation to the brink of passage, there is a law that may provide yet another hurdle to the bill: the Budget Control Act.

The 2011 law requires defense spending to be capped at $603 billion in fiscal 2018 and that it won’t be raised without also raising the cap on non-defense spending. That means that while the House and Senate may have emerged from conferences with an agreement on NDAA, they still have to pass it and find a way to meet the requirements of the BCA.

Congress has until Dec. 8 to come to a budget resolution to fund the government until Sept. 30 of next year, which now appears to coincide with the proposed passage of the NDAA.

HUD not DATA Act compliant, underreported billions of dollars, report says

The Department of Housing and Urban Development has fallen short of the Digital Accountability and Transparency Act’s required reporting deadline, an inspector general found.

IG officials said the agency’s chief financial officer failed to implement the data standards required by the Office of Management and Budget and the Department of Treasury, causing HUD to underreport billions in obligations and outlays, and submit incomplete and inaccurate data in its second quarter spending reports.

“Our review of HUD’s seven required files supporting the second quarter of fiscal year 2017 found widespread errors, inconsistencies, omissions and false values, which were reported to USASpending.gov,” the report said.

The DATA Act required federal agencies to submit standardized spending information by May 2017 in an effort to improve transparency. OMB and Treasury developed 57 data definition standards to assist agencies in standardizing spending data.

But investigators found that HUD didn’t allocate enough funding toward DATA Act implementation efforts, including carrying out necessary information system upgrades to ensure that spending information from HUD, the Federal Housing Administration and the Government National Mortgage Association — also known as Ginnie Mae — fit the DATA Act Information Model Schema.

“To subsequently allocate limited funding to system upgrades, HUD leveraged resources from a preexisting agreement with an independent contractor, which were insufficient to complete implementation,” the report said. “The agency continued to remain dependent on financial systems with differing technologies and data elements, which contributed to the issues noted.”

The report also notes the CFO provided limited staff and resources to implementation efforts, which further delayed HUD’s DATA Act transition.

But despite the Treasury Department providing a DATA Act Playbook on how to conduct implementation and the IG offering HUD eight recommendations on how to meet the May deadline, agency officials disregarded the recommendations and “inaccurately represented” their progress to the House of Representatives in a December 2016 hearing.

A lack of agency guidance on implementation and weak internal controls on DATA Act reporting further complicated efforts, leading to information inconsistencies.

“FHA contributed to a total absolute value of $17.3 billion in obligations incurred and $16.6 billion in outlays, and Ginnie Mae contributed to a total of $558.3 million in obligations incurred and $215.8 million in outlays, which were excluded from DATA Act reporting and not reported on USASpending.gov,” the report said. “Additionally, $4.2 billion in apportionments was not reported to USASpending.gov.”

The IG offered five new recommendations on how HUD could achieve DATA Act compliance:

HUD officials offered responses to nine comments made within the report, but did not comment on the additional recommendations.

Agencies hit road bumps with incremental software development

Federal agencies still have some work ahead in properly implementing incremental IT development practices, a new Government Accountability Office report finds.

Incremental development has a number of acknowledged benefits, mostly surrounding how it allows agencies to incorporate user feedback, keep a project in line on schedule and budget, and abandon or pivot if necessary without too many sunk costs. Conversely, GAO argues, waterfall development practices “too often result in failed projects that incur cost overruns and schedule slippages, while contributing little to mission- related outcomes.”

By way of example, the report cites the Farm Service Agency’s Modernize and Innovate the Delivery of Agricultural Systems program, which was ended in July 2014 “after investing about 10 years and at least $423 million, while only delivering about 20 percent of the functionality that was originally planned.”

More incremental development is needed, GAO says, to avoid such embarrassing cost overruns.

But agencies still face some challenges getting the ball rolling — challenges associated with “inefficient governance processes; procurement delays; and organizational changes associated with transitioning from a traditional software methodology that takes years to deliver a product, to incremental development, which delivers products in shorter time frames,” the report states.

On top of this, there is the issue of chief information officer certification of “adequate” incremental development practices.

Only four of 24 federal agencies have a clear policy that the CIO can use to certify that a given IT investment adequately uses incremental development. Of the remaining 20, 11 have vague policies and nine don’t have any policy at all.

Oversight of incremental development is an important piece of Federal IT Acquisition Reform Act of 2016 (FITARA), which builds on an Office of Management and Budget guidance from 2000 that requires that agencies endeavor to make IT investment in iterative, incremental pieces (as opposed to traditional waterfall development) as a way to avoid costly project failures. According to the GAO report, FITARA requires that agencies “develop policies and processes which ensure CIO certification” that incremental development is being used and “report the status of CIO certification.”

Accordingly, GAO found that at the 24 agencies investigated, 62 percent of major IT investments made in fiscal year 2017 were certified by the CIO as utilizing proper incremental development. The remaining investments were not certified, agencies said, for any number of reasons. In some cases this was an error, while in other cases agencies said that the required certification was “not applicable” to the given IT investment.

However, GAO found that according to OMB’s guidance on the subject, several of these “not applicable” responses were incorrect. That is, agencies should have responded with a “yes” or “no” answer to whether the CIO had certified the investment project at hand as one that utilizes incremental development.

The issue, GAO argues, is that many agencies lack clear policies on CIO certification of incremental development. The data on use of incremental development across the federal government is valuable, GAO says, and so it’s important that it is reported correctly. “It is critical that agencies take action to put in place appropriate incremental certification polices to ensure CIOs exercise the proper authority and oversight over major IT investments,” the report states.

The GAO report offers 19 recommendations to 17 agencies, requesting that executive leadership make sure the office of the CIO implements a clear certification policy.

“Agency CIO certification of the use of adequate incremental development for major IT investments is critical to ensuring that agencies are making the best effort possible to create IT systems that add value while reducing the risks associated with low-value and wasteful investments,” the report concludes.

Lawmakers blast Trump’s proposed cuts to DHS tech directorate

Despite the Trump administration’s advocating for more innovation and technology advances in government, proposed budget cuts to the Department of Homeland Security’s Science and Technology Directorate have the potential to hamstring those efforts, stakeholders say.

Members of the House Homeland Security Committee are none too happy about it, lambasting the administration’s proposed cuts to biodefense, R&D, acquisition and university research programs in a subcommittee hearing Tuesday.

The proposed cuts threatened the existence of a number of homeland defense programs, including the National Urban Security Technology Laboratory, an evaluation and testing program for emerging technology for first responders.

“I was very concerned that the president’s fiscal year 2018 budget request proposed its closure, in addition to the closure of two other DHS labs that focus on chemical and biological threats,” said Rep. Dan Donovan, R-N.Y, chair of the Emergency Preparedness, Response and Communications Subcommittee. “Now is not the time to be cutting federal resources to counter chemical and biological threats and support for our first responders.”

Donovan noted that funding for NUSTL and two other labs was restored during the House appropriations process, but S&T still requires more support in both funding and leadership, two areas the administration has seen deficiencies of late. The cuts, however, could be reintroduced as part of a budget resolution, which Congress must reach before Dec. 8.

Former DHS Under Secretary of Science and Technology Reginald Brothers — who ran the S&T Directorate from 2014 until January — testified that inconsistent funding, coupled with fiscal bureaucracy, have negatively impacted an office that provides next-generation technology development at DHS.

“From personal experience, I know that one of the most disruptive forces for technology and innovation organizations is uncertain and unstable funding,” he said. “This challenge is magnified at DHS because the threat environment can change on a frequent basis, which can call for rapid change across our R&D investment portfolio to meet an immediate or near-term threat.”

Part of the challenge stems from the financial reporting structures, which Brothers said inhibits the S&T director from shifting funding to counter an emerging threat or achieving agility similar to the Defense Advanced Research Projects Agency, or DARPA.

“S&T has to report very specifically in terms of the kinds of spends it does,” he said. “One of the challenges, having served at DARPA and DOD, is with the way that S&T has to report early commitments and obligations of funding — it makes it difficult when things happen.”

The panel also testified that the administration’s lack of an appointed leader at S&T hampers its ability to pursue innovation strategies for fostering developing technology.

“There’s outstanding professionals there in the department that are keeping things moving, but, again, it’s the uncertainty,” said Gerald Parker, associate dean for Global One Health at Texas A&M University. Parker testified on the effectiveness of the directorate’s biological threat research.

“I think Dr. Brothers did a whole lot to steady the ship, so to speak, as S&T and culture is greatly improved. People are happy to come to work, are working hard and we don’t want to lose that momentum,” he said.

The committee concurred, with members promising more support for the office.

“We have to get the administration, regardless of what administration it is, to take this seriously and put in place a budget that is consistent and would allow S&T to do the work and types of things it needs to do,” said ranking member Rep. Donald Payne, D-N.J.

Officials at the Office of Management and Budget were unavailable for comment at press time.

IG slams OPM cybersecurity for continued deficiencies years after breaches

The Office of Personnel Management has yet again received less than favorable marks on its annual cybersecurity audit in the wake of massive breaches at the agency fewer than three years ago.

OPM’s inspector general released its Federal Information Security Management compliance report for fiscal 2017 Monday, concluding that while OPM has “made improvements” in its Security Assessment and Authorization program, there is still a “significant deficiency in OPM’s information security management structure.”

This latest report comes on the heels of another from the IG this summer that found “significant problems” in OPM’s now-improved security assessment and authorization methodology. OPM was the victim of a series of breaches revealed in 2015 that compromised the information of more than 20 million Americans.

In total, OPM received a score of 2 from the IG out of a possible 5 for its cybersecurity maturity level.

“OPM is not making substantial progress in implementing our FISMA recommendations from prior audits,” the IG said. “While resource limitations certainly impact the effectiveness of OPM’s cybersecurity program, the staff currently in place is not fulfilling its responsibilities that are outlined in OPM policies and required by FISMA.”

The IG found glaring deficiencies, in particular, in OPM’s continuous monitoring, saying though it had established policies and procedures, “the organization has not completed the implementation and enforcement of the policies.”

“OPM also continues to struggle with conducting a security controls assessment on all of its information systems,” the report states. “This has been an ongoing weakness at OPM for over a decade.”

With the impact of 2015’s breaches still lingering for the agency, the IG came down on OPM quite hard and at times was condescending in the audit.

“The annual FISMA reporting metrics are publicly available documents, and are made available to OPM and the OIG at the same time, and are generally covering the same topics every year,” the IG writes. “It would seem obvious that the OCIO should anticipate the required documentation and interview requests and stage the information in a readily accessible location. This audit is essentially an ‘open book test,’ but, inexplicably, OPM continues to struggle in providing timely documentation and appears to be generally unprepared to respond to routine audit requests.”

The IG also made sure to point out that although OPM may lack the full resources it needs, like many agencies, for an optimal cybersecurity program, that’s not the problem in this case. “The staff currently in place is not fulfilling its responsibilities outlined in OPM policy and required by FISMA. We continue to find issues with the quality of the work that is completed, and routinely detect instances where work was completed that did not adhere to OPM policy.”

Since the breaches, cybersecurity has become a top-level issue at OPM. Former Director Beth Cobert touted the progress the agency made under tenure around things like two-factor authentication on every network, progress encrypting data and piloting many of the Department of Homeland Security’s continuous monitoring tools as she left government earlier this year. And Jeff Pon, President Donald Trump’s nominee to head OPM, vowed recently that if confirmed to the position, he would make the agency’s cybersecurity one of his top priorities.

Beyond USAJobs: CIO Council hiring event brings IT applicants, hiring managers face-to-face

A hiring fair is a hiring fair is a hiring fair — except for maybe when it’s your first hiring fair. Then it’s an event.

Monday, the Federal CIO Council held day one of its inaugural federal tech and cyber hiring and recruitment event at the Silver Spring Civic Building near D.C. There, representatives from more than 30 federal agencies chatted with and accepted resumes from the first wave of the 2,500 event registrants — by 1 p.m. 1,200 had cleared check in, acting U.S. CIO Margie Graves said.

“As citizens expect better services and as cybersecurity threats increase, we know that we have the imperative to modernize,” Graves said during a press conference. “And to do that, of course, we need engineers, data scientists, developers, cyber specialists, executives in this realm, and we need them at the helm of the federal government.”

Graves told gathered reporters that event attendees are coming from across the country — with 40 different states represented. She said organizers hope the event will entice top talent, perhaps even some erstwhile private sector employees lured by mission. “There’s truly no greater feeling than being able to impact the lives of American citizens,” Graves said.

Out on the expo hall floor, attendees’ driving motivations seemed to be less aspirational and more practical. Sam Apa, who will graduate in May with a degree in informatics, told FedScoop he wants a job in the federal government because his mom is a public servant and she recommended it. “The best of the best work there,” he said, noting that he’s be most interested in a job with the CIA or National Security Agency.

Another attendee, who asked to be identified only as Karen, already works at a federal agency but said she has found “no promotion potential” in her current role. So she showed up at the Civic Building at 10:30 a.m. Monday and waited in a line for an hour just to see what other opportunities could be available to her.

While organizers advertised that there are 500 openings agencies are looking to fill over the course of this event, these jobs are far from evenly distributed. Not all agencies present are in a position to make near-term offers, despite how much they might need the help.

Over at the U.S. Agency for International Development table, representatives were collecting resumes but had little else to offer. The agency is under a hiring freeze, a representative explained, and yes, it’s a little frustrating. USAID hopes to be granted special authority to hire for cyber roles in the coming months though, he said, so being present at the event isn’t a waste of time. Seeing resumes come in “gives us a sense of what the market is like,” he said.

The Department of Health and Human Services, by contrast, had rented space in a nearby hotel Monday to conduct interviews for the “hundreds” of IT and cyber roles the agency has available. HHS CIO Beth Killoran told reporters during the press conference that the agency had already made some initial hiring offers. How quickly this translates from initial offers to employees in seats can run the gamut though, she added. Depending on what kind of clearance is needed, and whether or not the person in question has worked in the federal government before, the background check that precedes any final offer can take days to weeks.

“Obviously we’d like to have some of those positions in their seats before Christmas,” Killoran said. “It could be my early Christmas present.”

Not all attendees, it seemed, were clear on exactly which agencies would be hiring, which agencies would be interviewing and which would simply be present. For attendee MD, his lack of clarity on who exactly was hiring and for what roles was a source of frustration. He expected more interviews, he said. “This is a waste of time for me,” he said, gesturing at the USAJobs.gov flyers on one table. “I can get all this on the internet.”

At the Food and Drug Administraiton table, Raymond Simmons told FedScoop that the FDA is not one of HHS’ offices doing direct hiring at the event. Still, he sees value in the hiring fair exercise, even when it doesn’t lead to a direct job offer.

“It’s a plus to get 2,500 people in one place,” he said. “There’s a value to face-to-face.”

Exactly what this value translates into is something the Federal CIO Council and partners at the offices of Management and Budget and Personnel Management will be assessing once it all wraps up Tuesday.

Graves said the organizers will look for return on investment measured as the number of actual hires that come out of the event, agency feedback and more when deciding whether to expand this exercise beyond the pilot phase.

A detailed follow-up report will be compiled and made available, Graves said, though it is not yet clear when this will be.

Virtualization the way of the future for Pentagon, DISA director says

Software is in and hardware is out at the Pentagon.

The Defense Department is making a greater push to software-based virtualization for its networks and data centers, Lt. Gen. Alan Lynn, director of the Defense Information Systems Agency, shared at DISA’s Forecast to Industry event Monday.

Software-defined networking — which Lynn described as “instead of having hardware … it’s building a huge network just with software” — not only costs less for a capital investment, but it’s also a more agile technology.

“It’s easier to defend a network if you can build multiple, equal networks that are identical in a row,” he said. “And then if you have an attack on one of the networks, you can fold that network and move your users over to the next network.”

In doing so, Lynn said DOD will be able to hop from network to identical virtual network constantly, much like modern radios can jump to better frequencies.

“You can’t have a persistent attack if the network isn’t persistent, if it’s constantly moving,” he said.

The Joint Service Provider — a relatively new, consolidated arm of DISA that provides IT specifically within the National Capital Region — issued a request for information in October hoping to “improve how JSP can successfully implement a Software Defined Network (SDN) solution and modernize the DoD network,” FedScoop reported.

On the data center side, virtualization allows the Pentagon to “spin up a capability whenever we need it,” Lynn explained — again leading to cost savings and added speed.

The true power of these capabilities comes from their combination, he said, pointing to the particular example of multinational information sharing with the U.S.’s allies.

“We do not fight our nation’s wars by ourselves,” said Lynn, a FedScoop 50 award winner for 2017. “We always have a coalition partner. … We think we have an opportunity combining these requirements together to provide an all new type of international network for whoever comes to the fight.”

Typically, the sharing of such networks causes problems to arise around the various allies demanding total control over their networks. With virtualization, that’s possible, the DISA director explained.

“With software-defined networking, they have that opportunity. They can actually hold on to, control their portion of that network,” Lynn said. “And then we connect those networks with this larger network — think of it as it as kind of a universal bus that everybody connects into.”

No matter the ally or location, “we’ll be able to connect them through the virtual data center using software-defined networks and connect all the different forces to do constant sharing with whatever nation shows up for the fight,” he said. “And they can decide what they want to share and what they don’t want to share.”

Help the VA build a digital, interactive memorial for veterans

A visit to one of the 135 national cemeteries can be a powerful way to memorialize veterans. But an in-person trip isn’t always possible, so the Department of Veterans Affairs is looking to leverage technology to move some aspects of the experience online.

As part of its mission to “memorialize veterans in perpetuity,” the VA’s National Cemetery Administration currently maintains a web portal called the Nationwide Gravesite Locator, which allows visitors to find burial information for sites across the country. But the portal isn’t particularly modern, so the NCA has turned to Challenge.gov with a plan for crowdsourcing ideas for an online memorial.

“NCA seeks to expand its interactive digital capabilities to better engage the public (rather than simply informing it),” the challenge statement reads. For example, NCA would like visitors to be able to leave comments, pictures and more attached to the burial profiles. Ideally, the NCA would like a memorial that encourages users to visit “on a habitual basis.”

Participants are tasked with proposing a creative, engaging online memorial feature or integration that can “invoke powerful emotions that resonate with The Department of Veterans Affairs mission to virtualize memorialization in a meaningful way.” The challenge runs through Nov. 30, and winners will be announced in December. One top winner will be awarded $5,000, while five finalists will get $1,000 each.

The challenge coincides with November’s National Veterans and Military Families month focus.

“This online memorial space will allow visitors to honor, cherish, share, and pay their respects and permit researchers, amateurs, students, and professionals to share information about Veterans,” the challenge states.

State Department’s IRM looking for small biz IT data center operations

The State Department extended a sources sought request on Nov. 3 for information technology solutions at its Bureau of Information Resource Management.

The request calls for input from industry about how it could provide a suite of IT services for the data centers of the bureau, which manages the State Department’s technology operations.

The request calls on respondents to incorporate small and disadvantaged businesses or joint ventures in their response.

“IRM requires the contractor to provide enterprise-level domestic data center service offerings, and administrative support services including a software-defined infrastructure, Data Center Information Management (DCIM), cloud and overseas virtual infrastructure (VI) support,” the request said.

The IRM currently oversees four data centers that provide infrastructure-as-a-service operational support 300 State Department sites and 275 missions worldwide.

Agency officials are looking for respondents to provide best practices solutions on how the State Department can “harmonize, and enhance its mission-delivery capability” in its IT service areas with following objectives:

Deputy Secretary of State John J. Sullivan told the House Foreign Affairs Committee in September that the State Department was moving forward with IT modernization plans, including cloud migration, sometime in the future.

The request is a set-aside for small businesses and has a response deadline of Nov. 13 at 7 a.m. EST.