The new year brings an ongoing challenge for federal agencies: How to get past their legacy information technology? There’s only one way to modernize, and that’s the old fashioned way – with more emphasis on people, skills, and using acquisition with a little more flair. Dave Powner lays it all out in a fresh statement for the incoming administration. He’s director of strategic engagements and partnerships at the Mitre Corporation and joined Federal Drive with Tom Temin to discuss.
Insight by Carahsoft: Learn how the FedRAMP PMO and its partners believe the end result of many of ongoing initiatives is a better, faster and cheaper cloud security program by downloading this exclusive ebook.
Tom Temin: Dave, good to have you back.
Dave Powner: Great to be back on, thanks.
Tom Temin: And before we get into the detailed advice and so forth for the Biden team that is coming in, I want to talk about one issue with the FITARA scorecards, the Federal Information Technology acquisition Reform Act. And Congress is talking about putting agency embrace of the EIS governmentwide vehicle from General Services Administration, enterprise infrastructure solutions as part of the FITARA scorecard, and let’s talk about that a minute. What’s your take on how those two connect in some way?
Dave Powner: Yeah. Well, Tom, we were very encouraged to see EIS added to the scorecard. In fact, we testified that the previous scorecard in the last hearing in August, and we had some recommendations that there are some areas on the scorecard that we’ve seen the results. And I think a good example is software licensing, all agencies got A’s, right. And so what the committee decided to do this time is they dropped the software licensing area off and added EIS. And EIS is very important because that actually provides the modern network infrastructure for us to modernize. It’s really the foundation upon which you build where your IT sits. So we were encouraged to see some areas dropped off and other areas focused on, and we actually want to see as the scorecard moves on even more areas that we’re going to focus on, like for instance, legacy modernization and the IT workforce. Some of those big areas that even though we’ve made progress in many of the areas on the scorecard, there’s things we could do in the upcoming administration to build upon that even further.
Tom Temin: But just to play devil’s advocate, it would be possible to upgrade an infrastructure without using EIS, but EIS seems to be maybe the most readily available way to do it.
Dave Powner: Yes, clearly. There’s a contract there in place that’s easy to access. And I think that the big takeaway here, Tom is when you look at the addition of EIS on the scorecard, actually, one third of the agencies got As. So you have eight agencies that received As and the EIS category. So it’s not like we’re not focusing on it entirely. Typically, when a new area is added on the scorecard, you don’t see as many A’s. And so I think that’s very encouraging that you have these other two thirds of the agencies that they need to kind of jump on the train and get that modern infrastructure in place.
Tom Temin: And one of the metrics that kind of gave rise to FITARA and the whole scorecard idea, and this came to its flowering during the Obama administration. And that is the amount of their IT dollars that agencies continue to spend on maintenance of legacy systems. And that number seems to be almost like a universal constant. It never goes down no matter what they do.
Dave Powner: Yes, exactly. So when you look at that split of the funding, that has historically been an issue, we haven’t really reversed the trend. But more importantly, Tom, when you look at that legacy spend, there’s some legacy that’s very discouraging when you look at it because it’s old, it’s difficult to maintain, and it’s difficult to secure also. And really, that needs to be the focus. When you look at the upcoming administration, we talk about it modernization all the time, right. And I know, Jason Miller had a good line the other day saying that’s important to build off of previous administrations. We’ve had all these great things that we build off of going back to the Trump administration, the Obama administration, and even prior to that. Now it’s really time to look at legacy modernization and tackle the hard stuff. We really need to actually get good plans in place, these things aren’t going to happen overnight, we really need to tackle these legacy modernization initiatives.
Tom Temin: And I’ll probably get in trouble for saying this, but in many ways, the incoming Biden administration really is bringing in a lot of the people that we saw just four years ago, that frying pan hasn’t really cooled off much before it’s being put back on the burner. So are you hopeful that a team that has knowledge of all of this that’s still pretty fresh might be able to rev up those efforts?
Dave Powner: Yeah. So Tom, a couple things. One is I think you really need to look at building off of the success of the prior administration. So I think having some of that experience is very important. I think when you look at the CIO topic, we’ve discussed this many times, you and I over the years, right. A new CIO comes in, so what does the new CIO need to do? I think a big part of having folks with the right experience to really work those executive relationships. You need to get in line with the business owners, make sure you modernize our legacy. You need to get in line with the CFO to make sure we have the budgets to modernize. Need to get in line with the CHCOs to make sure we have the right workforce. plans in place to tackle some of the gaps we have. And now we have the Chief Data Officers, which was a big push in the Trump administration. How do CIOs work effectively with Chief Data Officers and CTOs? So I think a big thing with the incoming administration is to use that experience, but really try to get all these executives and chiefs in line and in place. Let’s not have solid relationships two years into the administration, let’s get out of the gate quickly get those chiefs aligned and really get after it.
Tom Temin: Because new dogs do like to put their own mark on the bushes, you might say, not referring to any particular administration, but to shrubbery. Perhaps maybe the best thing for the incoming CIO crew, whoever they are, is to maybe get to know the standing workforce, the career people, and figure out what’s a more practical course of action, rather than trying to put a whole new stamp on everything. Because a lot of initiatives, as you say, are already in place.
Dave Powner: I think that’s a great suggestion. And I think what you really want to do is you want to take a good hard look at that workforce working with CHCOs and make sure you understand where you have strengths, weaknesses, what you need to fill, where you need to supplement that with contractor help. When I look back over the years and I look at some of the more successful CIOs, they actually took on the workforce challenges right out of the gate. They didn’t realize two years into it that hey I got some challenges here. Tackle those things right out of the gate with CHCOs and the chiefs, I think that’s, again, I’m continuing to harp on that, but I think we really need to get the executives and the chiefs aligned.
Tom Temin: And we saw during the last few years that Congress is still reluctant to fund the Technology Modernization Fund in any way close to what administrations have wanted. And so agencies have the ongoing challenge of figuring out how to repurpose the money they have and channel it to modernizing without having a TMF to draw on. And even when there was a TMF, the uptake wasn’t all that big anyhow.
Dave Powner: Yeah, that’s true. So Tom, when you look at the TMF, I think it’s a really minor piece of the solution. And one of the recommendations that we made in our papers, we rolled out our Center for Data Driven Policy, is that you really need to look at the modernization needs that agencies have and have those budgets reflective of the true needs. Historically, we’ve seen this kind of flattening, it’s kind of flat, or a slight tweak up, if you really want to modernize these complex legacy applications, you’re gonna have to really go fight for increased budgets. And so again, that’s where I think CIOs working with CFOs. And again, I think the federal CIO plays a role here too. Instead of agencies being reluctant to go to OMB, they need to partner with the federal CIO and have them be supportive with our authorization and appropriations committees on the Hill and not rely on that central fund. The bottom line is that central fund isn’t going to cut it, the way it’s being funded, there’s no way, so you need to take it in your own hands, develop the budgets with the CFO, get OMB support, and get up on the Hill and work it.
Tom Temin: And of course, agencies do have the discretion to create their own revolving funds, if they want to make the effort.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Dave Powner: Absolutely. The working capital funds. And when you look at going back to the scorecard, there’s a lot of work still on the working capital funds, right. That was put in place, that was a big push from Will Hurd when he was in Congress, establishing working capital fund, along with the central MGT fund. But if you look at the agencies across the board, there’s still a lot of work to establish those working capital funds to make sure that when we do have savings, we can plow that back into modernization.
Tom Temin: And getting back to the FITARA scorecards, of course cybersecurity is a big component in those, and that’s always an issue. And just before Christmas, the government had kind of a cataclysmic event in cybersecurity. What needs to change do you think going ahead into 2021, 22, 23 as a result of this cataclysmic event?
Dave Powner: So a couple things, Tom, we look at the incoming administration. If you look historically at the President’s management agenda, it kind of hints it cyber, it’s kind of in there, but not directly. I think cyber and supply chain risk management should be a focus of the President’s management agenda. We’ve heard about this National Cyber Director that might be put in place in the White House. So if you have a focus on the President’s management agenda, National Cyber Director. There’s also a very important council that was put in place, the Federal Acquisition Security Council. That was put in place. There was a piece of legislation in December 2018, the Federal Acquisition Supply Chain Security Act put in place the FASC, right. So the FAS is to be shared by the Federal CISO. That group with the Federal CISO and perhaps even a combination with this National Cyber Director, the FASC could be a really a great coordinating mechanism for agencies to look at vendor and product trustworthiness. Can we trust our vendors and our products? And this is going to be a big thing going forward with the FASC. I don’t think that group gets enough attention right now, but I think that’s a mechanism that could really play a huge role going forward. And we also are going to be issuing a paper on this trustworthiness and supply chain risk management, and putting in place a framework to really tackle this on a going forward basis.
Tom Temin: Yeah, my question was going to be the CMMC program, now pretty much underway at the Defense Department. That could be modified by the Biden team, but it seems like it’s here to stay. Is there a bridge between that and the FASC panel, and somehow making this a governmentwide sort of effort?
Dave Powner: Absolutely. Tom, I think when you start looking at the CMMC, and you start looking at what else we do from a supply chain perspective, in conjunction with the CMMC, I think that’s going to be very important going forward. And again, I think that FASC, that interagency group, you got the right agencies aligned there, you got the Federal CISO who’s going to be chairing that group, that’s a place to really make some headway.
Tom Temin: I guess, the fact of Solarwinds and what it caused, what could be better evidence, the need for supply chain attention than that?
Dave Powner: Absolutely. It kind of aligned unfortunately, with what happened, but you need to take advantage of some of these situations. And when you look at this group that was put in place, it’s a perfect mechanism to help you address the challenge here.
Tom Temin: Dave Powner is director of strategic engagements and partnerships at the MITRE Corporation, and we should point out former GAO, so you’ve been dealing with this stuff a long time. Thanks so much for joining me.
Dave Powner: Thank you Tom.