Just stop for a moment and think about the last 12 months in the federal technology community and all that has happened.
The excitement over IT modernization hit a crescendo with the Centers of Excellence effort coming together at the departments of Agriculture and Housing and Urban Development. The Technology Modernization Fund is among the most watched initiatives in a long time despite the limited short-term impact it can have on agency modernization efforts.
Insight by Carahsoft: During this webinar executives from the Internal Revenue Service, Treasury Department, Securities Exchange Commission, Department of Defense, Microsoft and Saviynt will discuss how their agencies are modernizing identity management through an agile, data-focused approach.
The Federal IT Acquisition Reform Act furthered IT reform progress not just because of continued harassment of agency chief information officers, but, for once, Congress and the Government Accountability Office may have just chosen the right metrics and right authorities to motivate real change.
And then there is cybersecurity. The never-ending story of breaches and data loss—see NASA as the latest example—that came fast and furious over the last decade seems to have slowed.
The Office of Management and Budget revised four major cyber policies—Trusted Internet Connections (draft), high valued assets (final), identity management (draft) and cloud smart (draft)—and revoked dozens of others that no longer mattered. And maybe most importantly, OMB now has the first ever governmentwide picture of cyber risk, and a plan to mitigate many of those challenges.
The National Institute of Standards and Technology just this put the proverbial cherry on top of 2018 by releasing version two of the Risk Management Framework, Special Publication 800-37, today. The update has seven major goals, including promoting the development of trustworthy secure software and integrating security-related supply chain risk management concepts into the framework.
In Federal Chief Information Officer Suzette Kent’s victory lap earlier this month, she said 2018 was a year of policy sprints because modern technology needs modern policies.
Kent’s goal was, in part, to lay a foundation for 2019 and beyond. But 2018 was more than just a matter of putting down the building blocks. It was continuing the long-journey to change the way agencies buy, oversee, manage and use technology.
To gain a better understanding of why 2018 was among the most significant year for the federal IT community in the last 20, I asked a group of experts for their opinions. Here are the answers, edited for clarity and length, from:
Rich Beutel, managing principal for Cyrrus Analytics LLC
Alan Chvotkin, executive vice president and counsel for the Professional Services Council
Mike Hettinger, managing principal of the Hettinger Strategy Group
Trey Hodgkins, senior vice president, public sector for the Information Technology Alliance for Public Sector (ITAPS)
Dave McClure, director CIO advisory at Accenture Federal Services
Dave Powner, director of strategic engagement and partnerships for Mitre
Hettinger: I can do it in a single word: modernization.
Beutel: Building the policy foundations for IT modernization.
McClure: The real steps being taken towards technology modernization in 2018 are paving the way for a truly sustainable digital government.
Hodgkins: 2018 provided the highest level of prioritization for federal IT to date, but the effort is still nascent and we have to stay focused.
Powner: IT remained center stage as IT modernization is highlighted as a strategic priority and a key driver of transformation in the President’s Management Agenda. In addition, in many ways, 2018 was characterized as the “year of the dawn of supply chain security” with several key legislative elements being passed and landmark moves by the Department of Defense, the Homeland Security Department, and other government agencies to address Kaspersky Labs security concerns.
Chvotkin: 2018 provided a treasure trove of federal technology opportunities; some of them were seized on (with a few even completed), while too many of them were missed or under-achieved.
McClure: Despite attention and assumptions, cloud computing adoption is still relatively sluggish; according to our State of Federal IT report, 54 percent of federal IT leaders report that less than a quarter of their infrastructure is cloud-based.
Hodgkins: That security, whether cyber or national, for information technology is still not as central an element of decision-making as the importance the topic is given would seem to merit.
Chvotkin: Oracle’s successful protest of an other transaction authority (OTA) agreement, when the mythology was that an OTA is “protest proof.”
The national attention to DoD’s JEDI cloud initiative–from the press coverage to the Hill engagement to the industry’s reactions.
How much talk there has been about the challenges of cybersecurity and the importance of technology modernization, but how little has been accomplished to date.
Beutel: The continuing failures of large, customized government IT systems deployments. How many IT disasters do we need before we conclude that the current process is deeply flawed?
Powner: This past year, I was surprised by the amount of progress agencies made approaching IT acquisitions with incremental and agile approaches, and the widespread recognition of the threats China and Russia present to our IT systems.
Hettinger: I’m not sure anything necessarily surprised me about federal IT in 2018. Most of what we have seen play out was to be expected.
Powner: While CIOs have increased their stature, in general, federal CIOs are not viewed consistently as a strategic partner by department and agency business units.
The degree to which the government continues to lose critical technology and information because it accepts inherent IT risks from vendors and contractors.
Chvotkin: There were too many missed opportunities for technology successes, with policies launched but not implemented, senior technology leaders departing in record numbers and agencies slow to seize the opportunity for modernization.
The under-implementation and slow uptake on MGT Act implementation, including particularly agency working capital funds and TMF funding.
The difficulty in attracting and retaining agency CIOs and other senior technology officials to federal service.
Hettinger: I expected big things for the TMF in 2018—lots of projects funded, Congress fully embracing the concept. We haven’t really seen that yet.
McClure: While advance automation and real-time analytics have proven themselves as game changers within commercial enterprises, government agencies haven’t move fast enough in seizing these opportunities to improve operations, management and performance.
Hodgkins: Despite passage of the MGT Act, we still don’t have a clear path to funding for the necessary modernization of information technology in the federal government.
Beutel: The continuing delays in hiring critical IT thought leaders and senior agency talent.
Beutel: Agencies acknowledged the value of commercial cloud technologies.
Agencies begin consideration of non-traditional acquisition approaches.
Agencies embrace the need to adopt emerging technologies, such as artificial intelligence and machine learning.
Hodgkins: The Centers of Excellence manifested the new focus the federal government intends to bring to information technology and is on the way to establishing a replicable, scalable model for agencies and departments to tap into for their modernization needs.
FITARA Implementation affords an unprecedented level of authority to CIOs for IT decisions within their agencies and departments and brings a new level of alignment in IT prioritization and decision-making.
The President’s Management Agenda because it is a clear blueprint for evolving a number of critical elements of government operation, realigning resources and framing how government assets can benefit taxpayers and constituents.
Hettinger: The ongoing focus on modernization, coupled with the shift in focus to delivering a better customer experience as seen through the CoEs at USDA and eventually HUD, as well as the ongoing back and forth between Congress and the administration on funding and utilizing the technology modernization fund, which continues through today. How that plays out will set the stage for 2019 and beyond.
OMB and the focus on government reorganization, moving OPM functions to GSA, the release of the PMA, the Federal Data Strategy — OMB has been very busy this year which has created a lot of buzz.
Cybersecurity and the government’s continued focus and struggle with cybersecurity from the executive order through changes to the continuous diagnostics and mitigation (CDM) program. Maybe the changes at DHS and the creation of Cybersecurity and Infrastructure Security Agency will begin to make a difference.
McClure: Passage of the Modernizing Government Technology Act — makes IT modernization a C-suite priority by offering significant incentives tied to improved business outcomes.
Cybersecurity evolves — growing interest in and expected adoption of zero trust models and software-defined networks to provide a more resilient and adaptive security posture.
Customer experience design becomes a strategic priority — agencies like the Veterans Affairs Department recognize that it is fundamental to successful mission delivery.
Powner: Cybersecurity issues remain one of our nation’s top national security risks. Breaches are as prevalent as ever and more often than not adversaries’ capabilities are advancing at a quicker pace than defensive capabilities. There is marked recognition that our national security systems and critical infrastructure are compromised through several DoD/IG and GAO reports and complementary new legislative actions. Aggressive new defense authorization bill language to help secure defense weapon systems along with new Committee on Foreign Investment in the United States (CFIUS) and Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) authorities.
CIOs continue to gain more authority. Agencies changes, Congressional push, and the administration’s CIO executive order all helped here.
FITARA has laid the groundwork for more meaningful modernization. Major improvements have occurred, now this needs to be leveraged to have more mission enhancements.
Chvotkin: Enactment of a two-year Congressional budget deal and resulting appropriations for fiscal 2018 and 2019 that provided more fiscal certainty for (most) agencies and their industry partners — at significantly increased funding levels.
Initial implementation of the Modernizing Government Technology (MGT) Act and creating the Technology Modernization Fund that provides a new mechanism for IT modernization (even if implementation has been too slow and funding levels are not as significant as hoped for).
The extent of White House and OMB engagement across a wide range of actions — including the President’s Management Agenda and Federal CIO Executive Order, the work of the White House’s Office of American Innovation, the visibility and engagement of the Federal CIO and MGT initiation, and governmentwide and agency-specific cybersecurity policies and workforce development.