The General Services Administration’s Enterprise Infrastructure Solutions (EIS) program is facing the same fate as its predecessor—delays in transition will cost the government millions of dollars and push IT modernization further back on the priority list.
The difference between the failure of Networx and the potential problems EIS is facing, however, is the recognition by some lawmakers that it’s not entirely GSA’s fault.
The House Oversight and Reform Subcommittee on Government Operations wants to hold agency chief information officers and other leadership accountable for not moving fast enough to take advantage of the new contract.
“We learned a tremendous amount of lessons and, in fact, I credit GSA for incorporating those lessons learned from the Networx transition into their guidance and disseminating those lessons to the agencies,” said Carol Harris, director of IT acquisition management issues at the Government Accountability Office, during a subcommittee hearing on March 4. “Now the onus is on the agencies to get their house in order and move quickly to ensure that they are moving onto EIS as quickly as possible.”
Insight by Carahsoft: Learn from IT experts as they outline the significant impacts cloud and 5G have on implementing zero trust architecture in this exclusive executive briefing.
Rep. Jackie Speier (D-Calif.) said there doesn’t seem to be enough “sticks” to make sure agencies meet GSA’s EIS goals.
“I think we need to look at holding these agencies accountable in ways to get their attention and it doesn’t seem like we’ve done that yet,” she said.
Harris agreed that having agencies testify before lawmakers on their EIS progress would be one way to hold them more accountable.
The challenge for GSA, however, is how can it put the proper penalties and incentives in place to get agencies to move more quickly with their transitions?
The problem is GSA has limited to no authority to “punish” agencies for non-compliance. That’s usually the role of the Office of Management and Budget or lawmakers. Federal Chief Information Officer Suzette Kent, or anyone else from OMB, did not testify at the hearing.
Rep. Mark Meadows (R-N.C.), ranking member of the subcommittee, said he wanted the names of three agencies that were well behind in their transition activities and three that were showing some progress.
“This is one of those things where we really have to put the pressure and meet with the appropriations committee because I’m tired of talking about it,” he said. “I want you to give me the three worst offenders for missing the milestones. Who is responsible? What is the agency? And then maybe three who are making an attempt to get this done.”
Agencies face a March 31 deadline to make awards under EIS and then make the full transition to EIS by May 2023.
Harris said of the agencies GAO looked at, most are in trouble.
She said auditors reviewed the progress of 19 agencies over the last year, 14 did not meet the March 31, 2019 deadline to release their EIS solicitations, and 18 didn’t meet the September deadline either.
“We asked officials from the 14 selected agencies that did not release all of their planned EIS solicitations by March 31, to identify the key factors that contributed to their agencies’ delays in releasing these solicitations. In response, agency officials cited numerous key factors for the delays, including the complexity of their telecommunications requirements, changes to the agency’s or GSA’s contracting strategy, and insufficient staff availability,” GAO states in its testimony. “We asked officials from the 18 agencies that did not issue all of their EIS task orders by Sept. 30, 2019, to identify the key factors that contributed to their agencies’ delays in issuing these task orders. In response, agency officials cited 19 key factors that led to the delays. Nine of the identified factors were the same factors that officials cited for their agencies’ delays in releasing EIS solicitations, including the complexity of requirements and having insufficient staff available.”
Part of the reason for the delays does rest on GSA’s processes. The agency awarded 10 vendors a spot on the $50 billion telecommunications contract in August 2017, but it took until December 2019 for all, now nine vendors—CenturyLink acquired Level-3—to receive cybersecurity certifications for their business systems.
At the same time, agencies have had the March 31, 2019 date as well as the March 31, 2020 date on their calendars for a long time and preparations have been slow going.
Harris said GAO identified five management practices to help with the transition and of the five agencies auditors reviewed, none have fully implemented all of them. These include creating an inventory, documenting the process to keep inventories up-to-date and evaluating cost and benefits of moving to new technology.
“All five had developed telecom asset and service inventories, but none were complete,” she said. “Some agencies also planned to implement certain practices after they issued their EIS task orders. The timing of the current telecom transition has been known when the contracts were first approved a decade ago and limited time remains to complete the transition before the current contracts expire. Further, inadequate project planning was a key factor that contributed to the delays during the prior transition to Networx.”
Those delays cost the government $395 million more than it expected and the transition took 33 months longer than planned.
Bill Zielinski, GSA’s assistant commissioner of the Office of Information Technology Category, said the agency is concerned that agencies need to take the steps necessary to meet the final May 2023 deadline.
Harris said based on the current trajectory, a high number of agencies will not meet the deadline.
“If these 11 agencies [out of the 19 GAO looked at] are waiting essentially to the last minute to move on to EIS, that will be a problem. If there are service disruptions or things they are not anticipating, that will most likely push that May 2023 deadline to the right,” she said.