Federal chief information officers are cautiously optimistic about the Office of Management and Budget’s IT Modernization Fund proposal.
About 33 percent of those CIOs and deputy CIOs who responded to Federal News Radio’s exclusive 2016 survey say the $3.1 billion revolving fund would make some difference in moving agencies off legacy IT systems.
But the optimism is far from widespread. About 17 percent also said it would make little or no difference in getting the operations and maintenance spending monkey off their backs.
Three respondents doubted they would ever see any of the money, and one said they are unsure if their agency could even pay back the funds if they received some.
Insight by LookingGlass: Federal technology experts provide insight into how agencies are approaching cybersecurity in the new virtual climate in this exclusive executive briefing.
Others were more optimistic about the fund’s potential.
“This is a potential game-changer, as it would allow for the acceleration of good ideas where the immediate budget or appetite for risk (from the program side) are not there,” wrote one respondent.
Federal News Radio surveyed 197 federal CIOs, deputy CIOs and other senior-level IT executives over a two-week period in August. We received a 15 percent response rate with 48 percent of the respondents coming from a cabinet level agency and 41 percent coming from small agencies.
About 83 percent of the respondents were career CIOs and 17 percent were political appointees, and 90 percent identified themselves as CIOs.
This was Federal News Radio’s fifth annual survey of federal CIOs and deputy CIOs, and while cybersecurity remains a top priority, all the talk and focus on legacy systems modernization over the past year is having an effect.
CIOs say moving out of the O&M cycle is their second biggest priority behind cybersecurity.
This isn’t surprising, as federal CIO Tony Scott has spent much of the last year talking about this systemic problem. OMB submitted a proposal to Congress in the fiscal 2017 budget request for a one-time influx of money to give agencies the boost they need to break the cycle of supporting old IT systems year-after-year.
Earlier this summer, lawmakers introduced an alternative idea, called the MOVE-IT Act, which would let agencies retain savings from closing down data centers and turning off other legacy systems.
About 45 percent of the CIOs said a combination of those two approaches would work best for the government. This survey took place before Rep. Will Hurd (R-Texas) introduced his Modernizing Government Technology Act, which combines both the White House’s ITMF and his MOVE-IT Act.
“A large investment fund for big projects run by OMB and local funds to support smaller investments,” wrote one respondent.
Another said, “You could start with the Recovery Fund model — OMB would hold the purse strings and make funds available and the agencies would manage the spending of the funds, and have to report out on their use.”
While still another CIO offered this idea: “Tiered approach where OMB sets guidelines and rough investment amounts by agency for lower-cost (<$5 million) projects while keeping the higher dollar projects centralized. OMB can then audit the agencies’ approach for the small amount.”
Most of the other respondents were split over whether a centralized fund managed by OMB or a decentralized one managed by agencies was the best approach.
One CIO wrote, “OMB has little understanding of the practicalities of IT in an agency to put the control there.”
No matter what comes from the two IT modernization proposals, CIOs said they continue to struggle to break the O&M cycle.
About 38 percent of the respondents say they spent more than 50 percent of their IT budget on legacy IT systems.
Additionally, 69 percent agreed with the statement that their agency struggles to stop spending on operations and maintenance of older systems, which is about the same percentage as the 2015 survey.
“We rarely retire or decommission systems, so we spend a great deal of time, energy and resources keeping the lights on. The hard truth is when we look at the cost vs return, it is hard to justify continuing the investment … yet we’re often simply told it must stay on,” one CIO wrote.
Another said, “It’s hard to secure new funding for development, modernization and enhancement projects. The funds are locked up in legacy systems and owners are in disparate programs. They must be convinced to change what they’re doing and they often work in smaller stovepipes that don’t know or accept there’s a problem.”
Other respondents said their agency has been able to shift money through consolidation of purchasing or simply by “starving legacy systems to support modernization.”
Related to the legacy system discussion is the implementation of the Federal IT Acquisition Reform Act (FITARA). About a year into the law’s implementation, CIOs said they are making clear headway with their new authorities as 62 percent said their CXO colleagues — CFO, chief acquisition officer, chief human capital officer — understand and accept their increased roles.
But at the same time, 45 percent of the CIOs rated FITARA’s impact as a 3 on a scale of 1 to 5. Interestingly, 25 percent of the respondents said they weren’t sure of FITARA’s impact.
Now of all the requirements under FITARA, CIOs ranked the new authorities over their agency’s IT budget and over acquisition and planning as having the potential to be most impactful as well as most challenging to implement.
And not surprisingly, CIOs were less than pleased with the Government Accountability Office’s FITARA scorecard. About 66 percent of the respondents said GAO’s scorecard doesn’t accurately measure their agency’s progress toward implementing the law.
“The information is typically six months behind. Need a better method to capture real time data,” said one respondent.
Another said, “It’s horrible. Reflective of old way of thinking and is just a political tool for congressional grandstanding. Doesn’t address level of difficulty or whether or not funding was available to do the things needed.”
A third CIO said, “It’s not yet clear that this scorecard is going to be anything other than a compliance hammer. If that’s the case, it’s not of great value.”
What was of great value, according to the CIOs, was the OMB’s cyber sprint.
A year after OMB forced agencies to close network and system vulnerabilities, 96 percent of the CIOs who responded said their agency’s cybersecurity is better than it was a year ago.
“Increased tools, although totally mismanaged by DHS. Agencies can’t possibly install all the tools without additional funding. Agency heads are not making funds available to support the effort,” said one CIO.
Several others echoed similar thoughts about why their cybersecurity has improved: better tools, more investment.
“Increased attention to regularly measured and visible metrics. We’ve also instituted regular internal and external penetration testing to directly measure how we are protecting the systems,” wrote one CIO.
CIOs also said the lasting impact of the cyber sprint is continued executive attention. Two-thirds said their agency’s senior officials continue to focus on cybersecurity challenges a year after the cyber sprint.
Overall, federal CIOs and deputy CIOs seem to be more confident in the state of federal IT.
Several praised federal CIO Scott for his leadership.
“Federal CIO is correct in assessments regarding legacy IT; FITARA was long needed and overdue; GAO and government oversight committee on FITARA is helpful,” said one CIO.
Another encouraged others to take the bull by the horns, “We have transformed our agency in five years and leapfrogged just about everybody. It can be done. Stop the excuses and get it done.”
But others were less positive.
“The community is still too focused on the ‘inside baseball’ discussion. We’re talking data centers, and FITARA, and all these things that do not mean anything to our mission leaders. Unless we can translate and continue to talk in BUSINESS and MISSION terms, the value of these efforts will be lost on this administration’s or the next administration’s leaders,” a CIO wrote.
Another said, “The environment is tough at many levels, and the most significant thing that’s needed is leadership and management attention to the most critical issues at all levels of the organization. What we pay attention to gets better.”
To download the full results of Federal News Radio’s 2016 CIO survey, register here.