3 takeaways from FITARA 13

The 13th Federal IT Acquisition Reform Act (FITARA) scorecard hearing offered some ideas for future ways to measure agency IT modernization progress.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

What seemed like a never-ending debate over the definition of data centers between the House Oversight and Reform Subcommittee on Government Operations and the Office of Management and Budget was primed for round nine at the 13th Federal IT Acquisition Reform Act (FITARA) hearing on Jan. 20.

But instead of another round about discussion between the Government Accountability Office, subcommittee lawmakers and the administration, the squabble never happened.

Instead, observers got a bit of a pleasant surprise—and let me speak for all of us who have watched this circumlocution since 2013—as the GAO and the subcommittee are ready to retire the data center consolidation and optimization category under the FITARA scorecard. Every agency received an “A” grade for the first time ever under this long-argued over category.

Rep. Gerry Connolly (D-Va.), the chairman of the subcommittee, the co-author of FITARA and the one member who is most upset about the eight-year debate over the definition of data centers, readily admitted the fight isn’t over.

Rep. Gerry Connolly (D-Va.) AP Photo/Cliff Owen

“I want to congratulate agencies for getting all ‘As’ in this category. But that is not to be construed as a ‘mission accomplished’ moment by any means,” he said at the hearing. “Given the subcommittee’s oversight history on federal data center consolidation, we approach this accomplishment with a bit of a jaundice eye.”

While Connolly and other subcommittee members may continue to push the Office of Management and Budget for a definition of a data center that supports their point of view, the fact is FITARA 14 will include new metrics and data center consolidation and optimization likely will not be one of them.

And the fact that the subcommittee and GAO are updating the scorecard metrics is one of the three big takeaways from the FITARA 13 hearing.

Jump starting agency efforts

The subcommittee’s plans to revamp the FITARA scorecard isn’t just about “retiring” the data center category. Connolly said agency progress across the board has stagnated.

“From November 2015 through December 2021, agencies receiving C or higher grades increased from 29 to 100 percent and for the most recent scorecard, 50 percent of agencies received an A or B,” he said. “To continue driving progress, the scorecard needs to evolve to reflect the changing nature of IT services and to guarantee we are accurately assessing the modernization and IT management practices of federal agencies. The goal here is to incentivize progress, not to get a gold star on our foreheads.”

The question now, of course, is how to make the scorecard more valuable?

This has long been a challenge with the FITARA scorecard. GAO made changes in 2020, removing the software licensing category and adding the Enterprise Infrastructure Solutions (EIS) category.

Even before that change, industry experts were calling for changes as far back as 2016.

“The early stages of FITARA, no question, these metrics were relevant. It was forward looking, and it dealt with efficiencies and savings within our agencies. But with all the agencies now receiving an A, on this current scorecard, I think it’s a fair question as to whether indeed, we’ve reached a point of diminishing returns. And we need to legitimately consider where do we go from here?” said Rep. Jody Hice (R-Ga.), ranking member of the subcommittee. “I believe it’s time to take a hard look at how FITARA can evolve from this point. During [Jan.11] Federal Information Security Management Act (FISMA) hearing, I specifically asked the GAO witness whether the current FISMA metrics give an accurate picture of the agency’s security posture, and the clear answer was no. So I think again, that’s an indication that we need to evolve and go to the next step.”

Mark Forman, the former administrator for e-government and IT at OMB, offered his usual sage advice through a post on LinkedIn about FITARA.

Forman, who now is the executive vice president for Dynamic Integrated Services, emphasized that while the process could benefit from more of an outcome approach, there’s a bigger issue at hand.

“The underlying accountability issue has always been that the program and financial people do not respect and follow the authorities of the CIO, and the scorecard confirms that chronic issue,” he wrote. “While Congress fragmented IT management planning among CIOs, CDOs, CISOs and CFOs in various laws including the Evidence Act, Congress continues to leave be the language in 44 USC 3506(a)(4) that says program offices are responsible for applications and the IT surrounding those information resources. In fairness, it does require collaboration with the CIO, but that rarely happens. So, two key questions underlie these FITARA scores: first, why doesn’t Congress have agency heads testify for the agencies that get C or less; and does Congress need to eliminate/modify the 3506(a)(4) language?”

The subcommittee received a host of ideas from current and former federal officials.

Several witnesses put the cyber metric near the top of the list as needing to be revamped.

Carol Harris, director of information technology and cybersecurity at the GAO, said the subcommittee should use the Biden administration’s May 2021 cyber executive order as the basis. She also suggested adding IT supply chain risk management as another category under the new cyber metric.

“We’ve done work for you very recently to take a look at that pulse check across the federal government. We have work that that that can support either evolving the metric to expand into supply chain as well as expanding to take a look at more enterprisewide cyber initiatives,” she said.

Ann Dunkin, the Energy Department CIO, said the FISMA metrics are not an accurate reflection of DoE’s performance. She said there’s a lot of consolidation metrics and they are pass/fail, meaning they don’t reflect the true progress an agency is making to secure their networks and data.

Suzette Kent, the former federal CIO, piled on to Dunkin’s idea, saying the cyber metrics aren’t using real-time data and don’t bring value to agency’s ability to dynamically address cyber challenges.

Suzette Kent is the former federal CIO.

Beyond cyber, the witnesses also agreed that measuring how agencies are addressing the hiring and training of the workforce also would be beneficial, as well as IT budget and planning.

Kent said adding a customer experience or service metric, including borrowing measures from industry, would serve agencies well.

Several witnesses also promoted the idea of a different cadence for the issuance of the scorecard. Harris said for some metrics, such as IT modernization, a once-a-year review would serve agencies better, while for others automating the collection of data would mean checking in more often.

David Powner, the former GAO director of IT issues and now executive director of MITRE’S Center for Data-Driven Policy and director of strategic engagement and partnerships, offered the subcommittee the most important factor in changing the FITARA scorecard.

“It is critical that the updates to the scorecard are coordinated with the federal CIO and OMB since they have been and will be the source of most of the data used in the grading process,” he said.

EIS not a priority?

The March 2022 deadline for agencies to move at least 90% of their telecom inventory off expiring contracts and moved to new Enterprise Infrastructure Solutions (EIS) contracts is coming fast, and the scorecard showed 15 out of 24 agencies are not looking good.

The subcommittee asked several witnesses the simple question: why is EIS so difficult?

Unfortunately for the subcommittee, the question is much simpler than the answer.

GAO’s Harris said agencies are not prioritizing the transition to EIS.

That, however, may not be a truly fair assessment, and her comparison to the software licensing category, which GAO and the subcommittee retired in 2021,  isn’t necessarily apples-to-apples in terms of how agencies prioritize the initiative. Software licensing was a data collection and rationalization effort. EIS transition is a total network overhaul.

Spires, the former IRS and DHS CIO, may have come closer to why EIS, and really all telecommunications transitions over the last 30 years, struggle.

Richard Spires
Richard Spires is a former CIO at DHS and IRS.

“I think many agencies struggle because of the workforce issues that we face within federal IT. Many of the OCIO organizations do not have all of the talent that they need to effectively manage their IT, and that is one of the key issues that we face in federal IT. And it manifests itself in many ways and one of those is in this example [of EIS transition],” he said. “It is a significant undertaking to migrate from one major networking contract to another. It takes a lot of work behind the scenes within these agencies to make that happen and I think many agencies struggle with that, while they’re also dealing with the day-to-day operations and trying to modernize some applications and all the cybersecurity issues. I think workforce issues are all really behind a lot of where we see struggles with these. And that’s concerning.”

Guy Cavallo, the CIO at the Office of Personnel Management, told the committee his agency just awarded a contract under EIS last April and has been actively moving network circuits and telephone circuits to the new contract.

“I fully expect that we will meet GSA’s deadline. I needed to bring in additional resources. I have them on board now and we are actively moving now, and I’m confident that we’re going to meet the deadline,” he said.

Dunkin said DoE also awarded contracts under EIS for data and voice and is making progress toward meeting GSA’s September 2022 goal of fully disconnecting from the Networx contract.

“We will be leveraging GSA’s expertise, as well as that of our transition management vendor, to implement risk mitigation strategies and to accelerate our transition,” she said.

The question that no one asked is what is OMB, OPM and GSA doing to fill those talent gaps and what are some short term solutions because hiring and training experienced telecommunications expertise is not possible in the next nine months.

It may also make sense for the subcommittee hold a specific EIS hearing with GSA, OMB and a few agencies that are furthest behind, otherwise the initiative will continue to struggle.

All about the people

And speaking of people, OPM and Energy both highlighted significant steps to close those technology skillset gaps.

Cavallo, who has been the OPM CIO for about a year, said he reduced the OCIO’s vacancy rate by about 20% since the beginning of fiscal 2021.

“We not only have brought on new, talented staff, but we are also investing in our existing staff, including providing unlimited access to online technical training courses and, specifically, investing in training courses related to cloud technologies, agile development and cybersecurity,” Cavallo said. “Our goal is to build a comprehensive workforce that is trained and certified in today’s skills to help OPM take advantage of the latest advancements in technology and cybersecurity to better meet 21st century customer expectations.”

Over at Energy, Dunkin said the new Omni internship program will begin to address the skillset challenges her agency faces.

Ann Dunkin is the CIO at the Energy Department.

“This summer we will have 200 students from overburden and underserved communities coming out to our DoE sites and plants across the nation in cohorts. We’re paying these students, the government often offers unpaid internships, these are paid internships. And second of all, we’re providing the support to get them to our often remote locations. So we’re ensuring they have transportation, we’re ensuring they have housing, and we’re making sure that they’re part of a cohort so they will carry their experience on and then we’re going to bring those same students back to other parts of the department each summer, so they get a whole view of DoE,” she said. “Hopefully, we’ll turn those into federal employees going forward.”

Dunkin added DoE also will continue to use hiring flexibilities like direct hiring authorities to bring in new people with needed skillsets more quickly.

The need to address workforce issues was a common theme during the hearing, but there were few solutions discussed.

Connolly introduced legislation called the NextGenFeds Act in December to establish a comprehensive Federal Internship and Fellowship Center within the Office of Personnel Management to administer, manage, and promote all federal internship and fellowship programs. OPM, meanwhile, finalized a new policy that allows agencies to strategically recruit certain students to positions in the competitive service on a term or temporary basis. It finalized another policy that allows agencies to rehire former federal employees at a higher grade level than when they left government.

But all of that doesn’t address the needs of today and it’s more about the needs of the future to bring in employees who under 30 years old.

And that brings us back around to the challenges of today agencies face with the EIS transition, with cybersecurity, with project and program management and many other disciplines.

“We have an opportunity to signal priority and investment in our most precious resource in all of federal IT, the people. The metrics must ensure that priority is given to skills development and work,” Kent said. “Workforce performance should be included [in future FITARA scorecards] because as we’re evolving the technology ecosystem, we cannot under invest in our federal workforce.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories