While the federal IT and acquisition communities still are “patiently” waiting for President Donald Trump to name key players at the Office of Management and Budget, the General Services Administration and the Office of Personnel Management, Republican lawmakers gave us a little bit of insight into their plans for 2017.
The House Oversight and Government Reform Committee and the House Homeland Security Committee both released oversight plans in the last few weeks, giving agency IT and acquisition executives and contractors insights into their plans.
While details are still murky from the committees, there is plenty to chew on.
Let’s start with never-ending challenge of cybersecurity. Both committees have pledged more and stricter oversight.
Insight by Infor: This exclusive e-book highlights how the military services and defense agencies are rethinking their approach to managing their supply chains and how data is driving those decisions.
Rep. John Ratcliffe (R-Texas), chairman of the Homeland Security Cybersecurity and Infrastructure Protection Subcommittee, said one major goal for him is ensuring agencies are using the EINSTEIN and continuous diagnostics and mitigation (CDM) program to their fullest extents.
“We saw that with the OPM breach and others how legacy systems contributed to those breaches,” Ratcliffe said in an interview with Federal News Radio. “One of ways we’ve tried to focus on that is by introducing a number of bills to learn from our counterparts in the private sector so we can leverage emerging technologies and catch up with a lot of what is happening outside of government and learn from that.”
Ratcliffe said he’s talked with Rep. Will Hurd (R-Texas), chairman of the Oversight and Government Reform Subcommittee on IT, about the importance of modernizing federal IT. He said he’s supportive of an approach to getting rid of legacy IT in agencies, but has not yet signed on to support the Modernizing Government Technology Act.
In the meantime, Ratcliffe wants to ensure the Homeland Security Department’s tools — EINSTEIN 3A and CDM — are as effective as they can be for agencies.
He said it’s good to see there is progress, as reported by former DHS Secretary Jeh Johnson in January, that E3A has been deployed at 45 agencies, representing 93 percent of the civilian workforce.
“As we talk with technology and other folks on the outside in the private sector, there still are a lot of criticisms about whether or not EINSTEIN and CDM are keeping up with the rest of the innovative technologies out there,” Ratcliffe said. “I continue to believe it’s a platform from which we can build on. But I think there is a path for us to improve on that front.”
Members of the Oversight and Government Reform Committee also will look at policy, regulations and practice around federal cyber.
“The committee’s oversight of IT management and cybersecurity will include an emphasis on the [committee’s minority staff] report’s recommendations, specifically, a zero-trust cybersecurity posture, the role of the chief information officer in IT security, and the transition of background investigations to the new National Background Investigations Bureau and IT security responsibility for background investigation data to the Department of Defense,” the committee’s oversight plan stated.
What’s interesting is how committee members are more focused on legacy IT systems more broadly than just as a way to improve federal cybersecurity.
For example, the committee promises to review agency modernization efforts, particularly around outdated and unsupported systems and software. Former federal CIO Tony Scott said in June the government’s bill for outdated or unsupported hardware could run as high as $7.5 billion by 2019.
The fact is these legacy software and hardware devices are more of a cyber problem than a modernization challenge.
But it’s not clear that the committee recognizes this.
“In addition, the committee will consider legislative options to incentivize agencies to modernize IT by allowing agencies to reinvest savings realized through modernization,” the strategy stated. “The committee will also continue to assess the progress of federal IT investments and shine light on underperforming programs and assets.”
Lawmakers continue to highlight the modernization efforts outside of the cyber imperative through both the oversight of IT reform efforts as well as struggling IT projects.
“The committee will closely monitor the executive branch’s efforts to stop IT projects that are not on target, streamline those that are wasteful, and work to ensure that inefficient legacy systems are decommissioned,” the strategy stated. “The committee will conduct IT acquisition oversight and specifically monitor agencies’ implementation of the Federal Information Technology Acquisition Reform Act (FITARA). The act provides an important tool to help agencies manage and acquire IT. As part of this oversight effort, the committee will continue to issue FITARA Scorecards approximately every six months to assess agencies’ implementation of the law. The scorecard measures performance of FITARA-related activities, such as agencies efforts to assess risk in IT investments, IT budget savings, use of incremental development in software acquisition and consolidation of data centers.”
What may be the committee’s most important work that will receive little attention outside of a small community is the seven provisions of the E-Government Act of 2002 that will or have expired.
The most interesting one is OMB’s Office of E-Government and IT, which is where the federal CIO sits.
Additionally, the E-Government Fund has expired, but that may matter less since OMB has for the last few years tried to merge it or fold it into the IT Oversight and Reform (ITOR) fund. But for whatever reason, the E-Government Fund remains a standalone account, so this is a perfect opportunity for Congress to weigh in on all these assorted funds.
The other provisions from the E-Gov Act the committee says it plans to reauthorize include:
Additionally, the committee will look at three FITARA provisions that are set to expire in the next two years around data center consolidations, risk management and portfolio reviews. Two other interesting sections in the committee’s oversight plan is government contracting.
The committee says it will focus on waste, fraud and abuse, while also looking for opportunities for reforms.
“[T]he committee will conduct oversight that includes a focus on contract management and identify areas where the government has not effectively optimized commercial best practices,” the plan stated. “The committee will also monitor the administration’s use of civil and criminal remedies to address wrongdoing and will promote transparency at the point of contract award and throughout the life cycle of federal contracts to prevent waste, fraud, abuse, and mismanagement.”
The acquisition reform objectives will focus on: