When it comes to federal IT acquisition, the workforce is too small, the hurdles are numerous, and modernization is slow — yet there is something government knows how to do well.
“Given the constraints the current workforce has to work under, they’re doing an exceptional job of keeping antiquated systems functioning on really critical mission areas,” said Trey Hodgkins, senior vice president for the public sector at the Information Technology Industry Council. “We target our nuclear systems with decade-old mainframes, we keep the Social Security systems and IRS systems running on decades-old mainframes, and with what they have to work with, they’re probably doing [what] I would consider exceptional keeping those old systems functional.”
That’s not to say government can’t still improve its IT acquisition, and that was the focus of a House IT subcommittee hearing — the first for the 115th Congress — at which Hodgkins and fellow industry experts listed priorities for lawmakers and the new administration.
What it boils down to is organization, accountability, and collaboration with industry.
Insight by Carahsoft: This exclusive e-book demonstrates just how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers.
Richard Spires, CEO and director at Learning Tree International, Inc., said one of the first things government needs to do to get a handle on its acquisition is first know what it’s got.
“Much of what agencies acquire is commodity IT, purchasing that involves little acquisition risk, yet many agencies do not manage their inventory of hardware and software assets well, resulting in both overbuying and not effectively leveraging agency buying power,” Spires said. Congress should “include commodity IT purchase metrics in the FITARA scorecard. The agency CIO with the authorities of FITARA should develop a comprehensive and accurate inventory of all agency commodity hardware and software assets, and optimize buying based on agency needs.”
Hodgkins, in his recommendations to members of the subcommittees on IT and government operations, echoed the need for an inventory of IT hardware and software, because having an account can help with “determining where vulnerabilities may exist to prioritize investments in cyber protections, and deciding what needs modernization and how best to achieve it.”
“Congress should use oversight to enforce existing inventory requirements and establish new requirements where there may be gaps,” he added in his testimony.
Oversight and enforcement within agencies was another recommendation that received support from multiple sources.
David Powner, director of IT management issues for the Government Accountability Office, shared with lawmakers that only eight of the 24 large agency CIOs said they have the authority to stop a project that’s not going well.
“In the latest FITARA self-assessment, more than half of the 24 CIOs reported they do not have complete authority over IT acquisitions,” Powner said. “This includes large departments like DHS, Energy, HHS, Transportation, and VA. FITARA has clearly raised the profiles of some CIOs and improved their authorities, but many are still not viewed as part of the executive team. We need to keep making progress on CIO authorities and this will only change significantly if CIOs have the support from secretaries and deputy secretaries, and solid relationships with CFOs and chief acquisition officers, otherwise agencies will continue to make modest progress on their authorities.”
Powner said a way to address this is for the Office of Management and Budget to get involved and follow up on FITARA self-assessments, “to ensure CIOs’ progress on authorities is continuing.”
“OMB needs to bring back TechStat reviews on IT acquisitions, to ensure that agency executives can answer to the White House on our nation’s most important IT acquisitions,” Powner said. “OMB needs to provide for Congress the list of the top IT acquisitions for the nation and their current status. Recent history tells us when OMB is involved with this oversight, progress occurs.”
Venkatapathi “PV” Puvvada, president of Unisys Federal Systems and a member of the Professional Services Council, also highlighted in his testimony the need to support CIOs.
“We encourage both Congress and OMB to provide support to agency CIOs with investments in skills, processes, and capabilities, and we encourage agency management to provide sponsorship for collaboration within and across departments,” Puvvada said.
Puvvada also said CIOs and IT staff should be informed about “strategic business decisions, which may impact the IT organization and budget,” connect with other agency experts to understand future mission and operation, and they should “understand and participate in decisions for software and hardware in use that are not directly under their responsibilities.”
Lawmakers also heard that government needs to be more open to working with industry when it comes to IT acquisition.
Deidre “Dee” Lee, chairwoman at the Section 809 Panel — which is charged with reviewing acquisition regulations for the Defense Department — said some companies, especially small ones, are afraid to do business with the government because they worry an honest mistake could mean a damaged reputation or criminal charges.
“For many, the benefits of doing business with government are not sufficient to offset the associated risks,” Lee said. “We also disincentivize government and industry people by discouraging measured risk and innovation.”
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Hodgkins said the unique compliance requirements government puts on vendors “distorts what they can sell and how they can deliver it.”
“For commercial companies that might supply their products, subcontract their services, or sell directly to the government customer, such compliance requirements are often prohibitive,” Hodgkins said. “Congress should address these compliance burdens and requirements to remove those that do not improve the acquisition outcome or drive better value for the taxpayer. In other words, Congress should help make the government a better customer.”
Other recommendations included moving to cloud-based services and infrastructure, focusing on end-user experience, enhancing the IT workforce and career paths, and reintroducing the Modernizing Government Technology Act.
“Failure to modernize IT means that we’ll continue to spend more on outdated IT and our federal IT will be subject to security vulnerabilities,” said Rep. Jody Hice (R-Ga.) “Large federal government IT investment can take years to execute, while the private sector rewards speed and innovation. The failure to deliver innovation in a timely manner cannot continue. The failure to encourage innovation puts our country at risk in a variety of ways and particularly so in securing our federal IT systems.”
Subcommittee Democrats highlighted in their testimony how the federal hiring freeze could hurt IT modernization and attempts to improve acquisition.
“When even the private sector reports facing a critical challenge in hiring qualified IT and cyber security professionals, it is difficult to see how a hiring freeze would do anything, but make the current situation our government faces worse, not better,” said Rep. Gerry Connolly (D-Va.).
Connolly, as well as Rep. Robin Kelly (D-Ill.) and Rep. Will Hurd (R-Texas) also sent a letter March 28 to OMB, asking for a status update on guidance that is supposed to help agencies strengthen cybersecurity when dealing with federal acquisitions.