Call last week “the week of IT modernization.” First, the Modernizing Government Technology Act became law. Then, the White House released the final version of the IT Modernization Strategy.
Finally, on Thursday, the White House’s Office of American Innovation rolled out its Centers of Excellence (CoE) initiative with the Agriculture Department being the test case.
In all, as one federal employee tweeted, it was a good week to be a federal IT nerd.
During the first year of the Trump administration, the federal IT community waited for direction. Still, without a federal chief information officer, the well-intentioned lieutenants moved the government forward, sticking to a similar path they had been on for the last eight years.
Insight by Carahsoft: Learn from IT experts as they outline the significant impacts cloud and 5G have on implementing zero trust architecture in this exclusive executive briefing.
But now with the IT Modernization Strategy and more details about the Centers of Excellence, there is specific direction coming to agency CIOs and the federal contractor community.
“I see the strategy maturing. I think it’s good work and there was a lot of good feedback that was taken into account,” said Tony Scott, the former federal CIO and now a senior data privacy and cybersecurity adviser for Squire Patton Boggs. “I think the issue is how do we get going and operationalize it all now.”
As it goes in most organizations, the planning is the easy part and the implementation will be tough. But this is one of those times when all stars seemed aligned to make the details less devilish.
“A lot of things are coming together. It’s not just about migrating to cloud. It’s not just about cyber. It’s not just about modernization. It’s not just about shared services. I think this requires a comprehensive approach in the way you go after things,” said PV Puvvada, Unisys federal president and the newly elected chairman of the board of directors for the Professional Services Council. “What is very good about the current environment is you have the regulatory side, you have the agency side as well as the congressional side all behind a broader theme of, ‘you need to look at modernization from a bigger picture.'”
Let’s start with the MGT Act as the first piece to the puzzle.
Rob Klopp, the former Social Security Administration CIO, said even though the most important part of the law hasn’t been allocated yet — the central fund, a $228 million request the White House remains optimistic Congress will come through with — agencies can take advantage of the working capital funds.
Experts say saving money to put into the working capital fund is not a realistic approach, but there is plenty of money to deposit into that bank account, if you know where to find it.
“At SSA, we had an innovative program where at the end of the year, if there were funds that were not spent, which there always were — and it’s a normal outcome of the planning process and not bad planning because you have to budget for worst-case scenarios, and things don’t always come in at that worst case, so there is money leftover or things naturally get pushed off. It’s normal to have money left over — we took all of that extra money and used it to fund a year’s worth of IT consulting or other technology needs,” Klopp said. “We then reduced the amount of money allocated to IT because we knew at the end of the year, we would forward the leftover to that fund.”
Karen Evans, the former e-government administrator under the George W. Bush administration and a former Energy Department CIO, said the MGT Act may actually benefit from the continuing resolutions that agencies almost always are funded under.
Evans said because new initiatives usually can’t be started under a CR, when the agency finally gets its funding, they don’t have to rush to spend it all and attempt to spend it smartly in a shortened, say six month, time frame. Instead, she said agencies could spend what they need and then reprogram the rest into the working capital fund.
“If the CIO is tracking their IT funds like they should be, then they should be able to find it. They have to justify and declare it under the MGT Act, but that’s good for transparency to Congress, and if they get approval, then technically it can’t get scooped up by OMB during the year-end review of spending,” said Evans, who now is the national director of the U.S. Cyber Challenge and a partner at the management consulting service KE&T Partners.
OMB has been working on guidance and running test cases through the review board that the MGT Act requires the General Services Administration to stand up.
“We’ve conditioned the whole organization to live in a world where there are CRs and partial-year budgets, so the natural behavior in response to that is to over-budget. I think, in addition, you will have some projects you thought you would do that, in the end, you decide not to do or do in a different way, and as we shift from doing a lot of siloed projects to shared services, that is another opportunity where it might have cost 10x to do something, but we might find that we are thinking about how we do that project in a different way and it could be done for 5x. So there are multiple sources of funding for the working capital funds.”
Kevin Cummins, the vice president of technology for the Professional Services Council and a former senior legislative assistant for Sen. Tom Udall (D-N.M.), who helped draft the MGT Act, said the approval from Congress will be important because lawmakers are inherently skeptical to give agencies more authorities.
So if there is a path for agencies to get money to modernize their legacy systems, the IT Modernization Strategy gives CIOs a starting place.
Klopp, who now is CEO of the Klopp Technology Group, and is working to lead the digital transformation effort in California’s Medicare and Medicaid system, said the strategy is powerful in a lot of dimensions.
“There is a lot of emphasis on network and securing the perimeter, and that is critically important. However, the bigger and better agencies that get good report cards on their cyber posture get those better reports because they have already secured their perimeter. So the directives around the network are important for lots of agencies who are behind and less important for those who were ahead,” Klopp said. “The push toward the cloud is critically important. The one thing that the strategy doesn’t address is the systems that need to be modernized are systems that run on legacy hardware platforms and those systems are not capable of being deployed in the cloud. So all of the discussion around driving agencies to move apps to the cloud is important and agencies need to be doing that.”
He added the strategy is silent on business process change and that’s the one area where agencies need the most help.
Scott said the strategy’s decision to call out the use of application programming languages (APIs), scalable cloud services and shared services will address some of these business process modernization needs.
“The piece that we struggled with is the Trusted Internet Connections (TIC) initiative. That is a model that has to mature and get solved,” Scott said. “It’s an old construct that is applied to modern-day cloud that doesn’t work. It causes performance, cost and latency issues, so the call to double down and sort that out is important. There has been a lot of good work that has happened, but the definitive solution has not been figured out yet.”
The one overarching issue that experts say was missing from the IT Modernization Strategy was around the workforce.
Unisys’ Puvvada said his company sees the need for better program and project management on the government side.
Klopp said at SSA, federal employees or contractors with modern software development skills are in short supply.
“It requires a modern thinking in how you do agile, how you get releases out fast and fail fast,” Puvvada said. “You have to have this idea of you can integrate everything and manage the scope in such as a way that you don’t have to get all your requirements done up front.”
Klopp said, for this reason, he pushed SSA to move to the cloud first and then modernize second, because once in the cloud, the agency can then take advantage of these agile or dev/ops methodologies.
It’s that workforce challenge where the Centers of Excellence become the third leg of the IT modernization stool.
The White House’s Office of American Innovation, OMB and GSA are setting up CoEs made up of federal employees, industry experts and research organizations, such as federally-funded research and development centers, to bring the necessary cloud, customer design and analytics skills to these modernization efforts.
PSC’s Cummins said the decision to start with the Agriculture Department and test out these concepts makes a lot of sense.
“There is an emphasis on customer service user interface and that’s important,” he said. “USDA is an interesting testbed because they have a lot of different programs they run that interfaces with citizens.”
Scott hit many of the same notes as Cummings about the CoEs. He said it starts to encourage cross-agency thinking and sharing of APIs and best practices.
Klopp said the CoEs are addressing many of the same challenges he faced at SSA.
But the one missing piece is what happens between the cloud user experience and design.
“The core of what a modern software product looks like is those who are writing the code that solve for the business problem,” Klopp said. “I’m not exactly sure how to characterize that middle chunk, maybe it’s a CoE of modern development architecture and tools. It would be a great addition. Agencies need people to write code that is optimized to run in the cloud. There is a lot of anecdotal evidence of CIOs who move to the cloud and they are not seeing savings and the reason is they didn’t have software that was optimized for the cloud. It takes a different approach in thinking that would be well served.”
Overall, industry, government and former federal experts say the administration and Congress have put the pieces in place to push the IT modernization effort forward.
“It’s all about execution now. We’ve had plans and tools and a lot of excuses for non-performance before and they have been removed,” Evans said. “It’s the people and culture challenge that has to be overcome. Now CIOs have the right tools and if they have the right skill sets to execute, this will be successful.”