Agency progress to modernize IT systems languishes as new MGT Act headed to White House

With the Senate today passing the Defense Authorization bill with the Modernizing Government Technology (MGT) Act included, the next piece of the IT reform effort is headed to the White House for President Donald Trump’s signature.

The MGT Act builds on the Federal IT Acquisition Reform Act (FITARA) to give agency chief information officers access to much-needed money to move off legacy IT systems.

“Our federal agencies will finally have the motivation to catch up with the 21st century and embrace emerging technologies so that we can leave behind these antiquated legacy IT systems that have plagued our government for decades,” said Rep. Will Hurd (R-Texas), chairman of the Oversight and Government Reform Committee subcommittee on IT and a primary author of the MGT Act. “Instead, we can look forward to providing more efficient, transparent services for the American people and safeguard our systems from cyberattacks.”

The MGT Act establishes working capital funds at each agency to give chief information officers a way to accumulate savings from moving off legacy IT systems and use that money for future modernization efforts. The law states the money is available for three years.

“Passing the landmark MGT Act will modernize our federal IT infrastructure and position federal agencies to expeditiously upgrade their systems — with strong built-in oversight by Congress — to continuously evolve and protect against cybersecurity threats at home and around the globe,” said Sen. Jerry Moran (R-Kan.) in a statement. Moran co-sponsored the MGT Act in the Senate with Sen. Tom Udall (D-N.M.). “In addition, nearly 75 percent of the $80 billion we are spending annually on federal IT systems is going toward maintaining and operating legacy IT rather than making lasting improvements. These improved efficiencies will end that practice and ultimately save billions of taxpayer dollars by reducing long-term spending. I’m pleased my colleagues on both sides of the aisle agree that IT investment reforms are an important step toward a more efficient, effective and secure government.”

The passage of the NDAA with the MGT Act as a provision comes on the heels of the fifth FITARA scorecard from Hurd’s subcommittee.

Source: House Oversight and Government Reform Committee.

Overall progress on implementing FITARA has continued its trend of stagnation. Only three agencies saw their scores increase, while 15 saw their grades stay the same and six saw a decrease in their marks.

“The biggest change that we’ve seen on this scorecard from the previous four iterations is we’ve added a new category. It’s looking at the MEGABYTE Act. The MEGABYTE Act was an act passed last year that made sure that you were keeping track of all the software licenses you have in your agency,” Hurd said, in an interview with Federal News Radio. “This inclusion has had an overall negative impact on agency grades.”

But Hurd said it’s hard to go from a “D” to a “F” just based on your MEGABYTE score so there are other issues that need to be addressed as well.

“We should be seeing better movement on data center optimization than what we have,” he said. “This is something we will be looking at at future hearings.”

And the FITARA scorecard only will become more rigorous as Hurd said he will add MGT Act compliance next.

“We will be keeping track of whether agencies are utilizing their working capital funds that they have been given through MGT,” he said. “The goal is to ultimately transition this from just a FITARA scorecard to a digital hygiene scorecard.”

Hurd said like with the MEGABYTE Act and the reporting structure of CIOs — whether they report directly to the agency secretary or deputy secretary — adding the use of working capital funds will give the committee and other agencies a more holistic view of the IT reform effort.

“The goal of all of this is are you implementing FITARA to strengthen the CIO’s roles so that you have one person responsible for defending your digital infrastructure as well as having the flexibility to look at and improve citizen facing services,” he said.

Hurd also knows that responsibility of modernizing and securing agency systems and networks ultimately has to rest across the entire C-suite of executive positions.

This is why he brought in chief financial officers and agency chief operating officers along with CIOs to discuss why agencies continue to struggle to modernize IT systems nearly three years after FITARA became law at the subcommittee’s hearing Nov. 15.

At the hearing, the subcommittee heard from U.S. Agency for International Development (USAID), the only agency earning an “A” grade; the Energy Department, one of the three agencies that saw their grade drop, from a “C+” to a “D-“; and the Small Business Administration, one of the three agencies that saw their grades improve, from a “D-” to a” C-.”

“So, progress is being made — just not as quick as it should be and needs to be — legacy IT is a continuing fiscal and cybersecurity risk to our nation. Though 17 agencies received an ‘F’ on this new metric for the FITARA Scorecard 5.0, it is worth noting that each of these agencies has efforts underway to create and use an inventory of software licenses,” Hurd said at the hearing.

At the hearing, Energy Department CIO Max Everett told the committee that changes are coming to how the agency manages and oversees its technology.

“Following the secretary and deputy secretary’s leadership, my counterparts—the [chief human capital officer], the senior procurement executive, and the acting chief financial officer—and I meet regularly and closely coordinate on the effective use of FITARA authority at DoE. Building on the coordination between my office and that of the CFO, which resulted in the issuance of joint IT budget guidance for FY 2018, this year we again issued IT budget guidance and hosted an [Office of Management and Budget] briefing for DoE’s Capital Planning and Investment Control officers on the new Technology Business Management approach,” he said in his written testimony. “[T]he department will issue guidance on hiring of CIOs and 2210s to ensure that my office is directly involved in hiring and performance assessments for those CIOs. [W]ith respect to procurements, the senior procurement executive, in coordination with my office, will be issuing guidance that will strengthen existing guidance relating to my approval of IT purchases.”

Maria Roat, the SBA CIO, told the committee that since 2016 she has been working closely with the CFO to modernize the agency.

“Actions taken by the CIO, in partnership with the CFO, over the last 12 months are transforming SBA from an agency with unstable technology and infrastructure, stovepipes, duplication and significant gaps, no cybersecurity strategy or operational control, to a more proactive and innovative services organization responsive to the business technology needs of SBA program offices,” she said. “SBA’s governance model continues to mature. The CIO and CFO co-chair the SBA Investment Review Board that met six times in FY17. Every major investment was reviewed at least once and resulted in tangible program improvements.”

As for those agencies not making enough progress, such as the Defense Department, with three “Ds” and two “Fs” on FITARA, Hurd promised to bring them in to testify.

“DoD, sometimes, suffers from hubris,” he said. “We have some of the same concerns with them that we have with everyone. In this day and age, not knowing all the licenses that you have across the enterprise is just unacceptable. There are tools that tell you that. It’s a cost issue. It’s a security issue. This is cybersecurity 101. You need to know what’s on your network.”