The pandemic isn’t the only thing pushing CIOs to modernize IT
The coronavirus pandemic had conspicuous effects on federal agencies — including the shift to remote work and related improvements to cybersecurity — but it’s not the only thing driving IT modernization, chief information officers say.
Trade association the Professional Services Council and one of its members, Attain, surveyed 11 federal CIOs or their deputies and one chief information security officer — finding that workforce gaps and existing technology debt are also driving them to modernize.
Modernization priorities still vary, though, among agencies depending on their IT maturity. And in cases where legacy systems are still a problem, budget constraints aren’t the only thing stopping CIOs from modernizing.
“This report shows that an agency’s culture, its mission, and its needs, and how the federal government attracts and retains the right people with the right skills, including the appropriate use of contractors, is just as important as putting money down on a problem, and that these factors were present before the start of the pandemic,” read PSC’s findings.
CIOs frequently cited resistance to change as a nontechnical obstacle to modernization, as well as agency size, with larger agencies having less manageable IT footprints.
Some CIOs successfully used their Federal Information Technology Acquisition Reform Act (FITARA) and Modernizing Government Technology (MGT) Act authorities to transition to remote work ahead of the pandemic. Others had to use them on the fly in early 2020.
The cybersecurity outlook
The survey was taken before the public disclosure of the SolarWinds Orion breach, which is still under investigation. In general though, cybersecurity at agencies is no longer a secondary concern, said Simon Szykman, the report’s author and former Department of Commerce CIO.
“Cybersecurity has unquestionably improved in recent years,” Szykman said. “Of course everyone knows the adversaries are evolving; the threats are becoming more sophisticated.”
The average FITARA scorecard cyber grade has improved more than a full letter in two years as CIOs have shifted from simply compliance to situational awareness and zero-trust security architectures have become “practical,” he added.
But some parts of cyber spending also have become harder to track with the advent of DevSecOps, which bakes security into the software development process, Szykman said.
CIOs seek more consistent federal hiring practices heading into 2021 to attract skilled workers familiar with emerging technologies for automation and decision-making support, according to the report.
The current ratio of government to contractor IT staff varies between agencies and boils down to CIO preference more than anything.
“Typically it didn’t seem to matter what that balance was,” Szykman said. “Generally, if you had an agency that was majority government, they thought things were working pretty well.” And the same was true of majority contractor operations, he added.
CIOs were “generally positive” about the Office of Management and Budget‘s increased emphasis on Best-in-Class vehicles for acquisition, although some think the contracts are “too commoditized,” fail to directly support their agency’s mission and have pacing issues, Szykman said.
Views on the President’s Management Agenda (PMA) were more mixed, with some CIOs saying the IT scope was too “generic” to all agencies and their investments and, thus, “limited” in its impact, he said. CIOs also felt PMA metrics needed improvement.
Similarly CIOs had mixed feelings about technology business management (TBM), some implementing multiple dashboards while others hadn’t made it a priority yet, according to the report. CIOs’ primary criticism of TBM was that it’s good at documenting IT costs but not at balancing them by also capturing the value of IT for comparison.
This story was featured in FedScoop Special Report: Zero Trust: Evolving Government Cybersecurity - A FedScoop Special Report