IT workforce, budget among top modernization challenges for OPM

Information technology will remain a top management challenge for the Office of Personnel Management during fiscal 2023, according to the agency's Office of Ins...

Although the Office of Personnel Management has made some progress toward modernizing information technology, it will remain a top management challenge for the agency during fiscal 2023.

That’s according to the agency’s Office of Inspector General, which listed IT modernization, along with financial integrity and strategic human capital management, as the top three challenges for OPM over the coming year.

Specifically for IT modernization, “many challenges remain, including obsolete mission-critical applications, outdated infrastructure and processes and an ineffective technology business model. OPM’s IT program has also been hampered by inadequate funding and resources for many years,” an Oct. 13 IG report said.

Cybersecurity at OPM came front and center after a 2015 data breach at the agency compromised the personal information of more than 20 million people. OPM is now offering $700, or the actual amount of the claim, whichever is greater and up to a maximum of $10,000, to eligible claimants, as part of a $63 million settlement from the data breach.

Along with the data breach, a failed merger of OPM and the General Services Administration during the Trump administration led many federal IT professionals to leave the agency.

Amid these challenges, current OPM leaders in the Office of the Chief Information Officer (OCIO) are particularly focused on recruiting a qualified IT workforce, as well as promoting enterprise solutions and securing the necessary funding to do so.

“The senior leadership team has been supportive of remote work as a recruitment and retention tool for OCIO to better compete with private sector employers,” the IG report said.

So far, there have been some improvements, especially in communications with the IG office, such as “improved timeliness during audits, a renewed focus on closing recommendations, and creating an audit liaison function within OCIO to facilitate OIG inquiries,” the report said. But there’s still a ways to go, to be able to reach the agency’s ultimate modernization goals.

The OCIO team is working on several lofty priorities for OPM, including moving the federal government to more secure cloud services, as well as improving the ability to detect malicious cyber activity on federal networks. Melvin Brown, OPM’s deputy chief information officer, said he plans to “maximize” cloud-based programs at OPM by 2025.

“We’ve got probably about 10% of our assets that are now moving to the cloud,” Brown said during an Oct. 20 Cognilytica event. “We’re continuing to evolve and mature this process over time.”

OPM also received $9.9 million last September from the Technology Modernization Fund to go toward its zero trust networking cybersecurity initiative. And TMF just lent OPM an additional $6 million to update both technology and content for OPM.gov, which receives about 22 million annual visitors. But ultimately, the agency will need dedicated funding for IT modernization to fully accomplish its goals, the IG report said.

Some of those goals are already underway, including several projects aiming to modernize retirement processing for federal employees. Brown said OPM is trying to make the process a little easier for those trying to retire from the federal government.

“We are looking at chat bots to support our retirees,” Brown said. “We’re actually looking at rolling that out sometime this year. We’re building a database of frequently asked questions and working with our retirement services team. We’re looking to deploy that capability to support our community going forward.”

Along with the upcoming chat bot, a feature that uses artificial intelligence to help users to get their retirement questions answered, OCIO is also trying to make progress toward speeding up the often mired federal retirement process.

“We’re starting to automate some things on the back end, and we’re working with our retirement services partners to automate and streamline the application for the retirement process, so that we can work to get people through the pipeline faster,” Brown said.

As OPM works to automate more processes, it’s also trying to build out its cybersecurity. One way to do that is by adding multifactor authentication to verify all users that try to access the agency’s systems.

“They can ring the doorbell, but if they don’t have the right credentials, they can’t get in your house,” Brown said. “Once you allow them in your house, they’re limited to where they can go based on access levels. We’ve been able to automate that now in a way that is evolving and is helping us to make decisions and to enforce our rules, now that we’re in the cloud.”

Multifactor authentication is also a requirement under the Biden administration’s executive order on improving the nation’s security, as well as standards from the National Institute of Standards and Technology. But many agencies have made limited progress in adding the multi-layered security system across all of their enterprises.

The COVID-19 pandemic also propelled forward much of the IT modernization that would have otherwise been much slower to progress at OPM.

“It forced us to automate a lot of manual, in-office processes in a way that we probably wouldn’t have done before,” Brown said. “I’m almost embarrassed that in this day and time, people were still walking a folder around to get signatures. So we automated that process, such that now, it’s all done online. The last two to three years have made us more digital than we probably would have been. And it forced modernization in a way that probably wouldn’t have happened.”

And modernizing the systems alone isn’t enough to make significant progress on the management challenge. Much of the progress that OPM can make also falls to how well it can train its employees on the importance and use of cybersecurity.

“Of the four pillars of technology — people, process, technology and learning — learning is always undervalued,” Brown said. “Giving people the soft skills are just as important as them getting the hard skills for how to make decisions … Making sure you’re educating people on the changes is also a skill that I think is much, much needed as we begin to modernize and transform and take advantage of these new skill sets.”

 

 

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    cyber

    Agencies propose new federal cyber workforce pay model to OPM to address short-staffing

    Read more
    Amelia Brust/Federal News Network

    Federal payroll website for over 170 agencies gets a cybersecurity update

    Read more