Exclusive

Federal CIO exit interview: Defining moments turned into forcing functions

President Barack Obama has been called the first technology president. His administration put a major focus on open data, on digital services and on serving the citizen in a different way.

But the Obama administration may just be remembered for something other than the bells and whistles of these high-profile efforts.

In the end, the failure of the launch of HealthCare.gov and the data breach suffered by the Office of Personnel Management are both the defining moments and the forcing functions desperately needed to change the federal IT.

Tony Scott, the federal chief information officer, said the government is better off than it was eight years ago when it comes to technology and serving the citizens.

Scott, whose last day at OMB will be Jan. 17, said whether it is around cloud or cybersecurity or digital services, the government has taken important steps on the path toward better citizen services and back-office efficiencies.

“On the issue of cyber, this is not unique to the federal government. I have plenty of CIO friends who work in banking, in retail, media and entertainment, automotive and other industries and when I get together for a drink with my CIO buddies, guess what the number one topic is? I’ll give you one guess. If you say, what are you spending more time on now than you spent last year? I’ll give you one guess — it is cyber,” Scott said in an exclusive interview with Federal News Radio’s Ask the CIO program. “It is a board room discussion. It’s a discussion that is going on in every institution, I think, in the world right now. There is just no avoiding. How do you solve some of these things? There is a great debate to be had. But commonly, one of the things we all subscribe to is modernizing and staying modern is one of the keys to long term addressing that.”

OMB
Federal Chief Information Officer Tony Scott will leave on Jan. 17. (AP Photo/Susan Walsh)

This is why Scott said the update of Circular A-130 and the Federal IT Acquisition Reform Act (FITARA) are among the most important efforts and part of the administration’s enduring legacy.

“What we tried to do there was shift from an older model to one of more risk-based assessment rather than checklist, and also one of making sure federal CIOs are focused on implementing FITARA the right way, on creating visibility and transparency and continuous upgrade as a set of core principles around how federal IT is managed,” Scott said.

OMB issued the revised A-130 in July, addressing a wide range of policy updates in information governance, acquisitions, records management, open data, workforce, security and privacy.

Scott said many of the other efforts around cybersecurity, such as the cyber sprint in 2015 after the OPM breach became public and the strategies and plans that followed, as well as the Federal Information Security Management Act updates and a host of other culture changes, were brought into A-130.

“In terms of long last effect, probably four or five years from now, maybe not everybody will recognize the sprint, but they’ll recognize the long-term impacts of some of these other things we learned from and incorporated,” he said.

FITARA is  team effort

“Broadly, [FITARA] is going pretty well. The real test will be as administrations change and people turn over, will you sustain the progress that’s been made?” he said. “One of the big lessons learned though, some thought of this as just CIO authorities, whether it’s hiring or budget, but as we have gotten into implementation, almost every agency has realized this has to be a team effort between the CFOs, the chief human resource officers, the undersecretary for management and a bunch of different players can serve as enablers of the intent of FITARA.”

Technology advice for new administration


Dave Wennergren, the executive vice president and chief operating officer for the Professional Services Council, highlighted some of the federal IT and acquisition areas that the incoming administration of President-elect Donald Trump should consider focusing on:

  • Improving “speed to outcome” for federal IT solutions; demanding that agencies take advantage of current flexibilities in the Federal Acquisition Regulations to do more consumption-based buying, managed services and performance-based contracting.
  • Mandating IT modernization, specifying specific agency outcomes, measuring progress and prioritizing on consumption-based buying, managed services, and performance-based acquisition.
  • Improving access to commercial innovation.
  • Continuing to make progress—across the nation—on cybersecurity, quickly finishing on-going efforts to turn the focus towards issues like continuous monitoring, risk management, secure information sharing and trusted computing from untrusted devices.
  • Taking advantage of big data/data analytics/business intelligence.
  • Moving toward a more mobile infrastructure,  and taking advantage of the Internet of Things (IoT).
  • Business process optimization.

Scott signed off on the final FITARA implementation guidance in June 2015, and agency progress toward implementation has been slow, but steady.

Frank Baitman, a former CIO at the Department of Health and Human Services and now an advisory fellow with Cisco Systems, said the Obama administration’s IT legacy is mixed. On one hand, the launch of healthcare.gov highlighted long-standing issues with federal IT and procurement that have yet to be solved.

But it also led to different thinking and the rise of digital service organizations such as 18F at the General Services Administration and the U.S. Digital Service within OMB.

“Collaboration between the administration and Congress to craft the Federal IT Acquisition Reform Act made it clear that IT was fully under the domain of department CIOs — and, as in private industry, they should be responsible and accountable for its outcomes,” Baitman said in an email to Federal News Radio. “If the federal government succeeds at improving the value it derives from its $90 billion IT investment, it will be in large measure due to the hard work that the CIO community and Tony undertook to build relationships and trust within the Executive Branch.”

Scott said one way OMB is ensuring the spirit and intent of FITARA is understood is by making it a part of the President’s Management Council meetings, where other CXOs besides CIOs talk about implementation successes and challenges, and by incorporating it into agency reviews, such as PortoflioStat.

“I’m sure everyone would not be surprised that we’ve talked about it at the CIO Council a lot. But the fact that CFO Council or the CHCO Council or the procurement people are talking about it in their meetings, I think is a good sign of the pervasive nature of this and the impact it could have,” Scott said. “Generally speaking we’ve progressed pretty far in those conversations. At first there were folks throughout the community, including frankly some CIOs, who didn’t have a full understanding of what FITARA was attempting to do. But both governmentwide and as we’ve had the conversations in each agency, by and large people have come around. We are getting far fewer questions that sound like resistance or reasons not to do it, and more and more questions are around how to best do various things.”

Dave Wennergren, a former Defense Department deputy CIO and now the chief operating officer and executive vice president for the Professional Services Council (PSC), said one of the keys to Scott’s success was understanding the importance of having at the OMB-level a focus on a meaningful set of strategic initiatives and build coalitions with agencies to actually get work done.

Obama changed the tone of IT

Trey Hodgkins, the senior vice president for public sector for the IT Alliance for Public Sector (ITAP) said FITARA, A-130 and a host of other efforts from the Obama administration changed the discussion of technology throughout government.

“The administration moved IT from a back-office function to one that is in the central office and mission areas. IT went from being seen as an enabler to a constituent services tool,” Hodgkins said. “Their approach to technology and its role in the government’s mission was a different perspective. Timing was part of it, but the Obama folks brought a different culture or mentality about technology and its use and its ubiquitous nature. Also, technology changed so much over the last eight years, and technology’s role in society has also leap-frogged during Obama administration.”

Dave Wennergren, a former Defense Department deputy CIO and now the chief operating officer and executive vice president for the Professional Services Council (PSC), said the Obama administration deserves a lot of credit for improving federal cybersecurity and recognizing the power of portfolio management that engages the entire leadership team at an agency.

He said among the highlights over the last eight years is the “push for IT modernization and the recognition of the powerful role that ‘capabilities-as-a-service,’ like cloud, play in accelerating the retirement of legacy infrastructure and systems — to include Cloud First, Federal Data Center Consolidation Initiative and the more recent Data Center Optimization Initiative.”

Wennergren said the Obama administration fell short in several initiatives as well, including making open data truly useful and empowering digital services on a larger scale.

“Digital efforts could have focused less on small-scale web development efforts and more on creating a savvy cadre of digital buyers to work the major programs that comprise the over $80 billion federal IT budget,” he said. “Innovation at federal agencies is far more hampered by how agencies ask for IT solutions than by who they’re asking. Innovative companies and solutions exist all over this great country, not just in the ‘tech corridors’ where agencies have set up ‘innovation shops’ — if we use the flexibilities in the FAR to encourage both new entrants and well-established companies to bring innovative new ideas and approaches.”

Cyber efforts still too disconnected

Hodgkins added that while the administration’s progress around cybersecurity was substantial in some regards, it still is too disconnected from a policy and implementation perspective.

“It is a message we’ve given the administration multiple times and something I think they wished they could have done better because there is no central cyber authority,” he said. “I do not put this at Tony’s feet. There was a lot of effort on cyber, but it remains disconnected. DoD is doing stuff as are DHS, NIST and many others. From a corporate perspective, there is a lot of disconnections and a lot of disharmony between different initiatives.”

Wennergren, Hodgkins and others say the IT modernization effort that stalled in Congress also was disappointing. OMB recognized early on in the administration that the funding model for technology is broken, but never got enough momentum to change it, with the one exception being the Homeland Security Department’s Continuous Diagnostics and Mitigation (CDM) program.

Scott said he was more disappointed by the Congressional Budget Office’s scoring of the Modernizing Government Technology bill than the inability of Congress to get the bill passed at the end of last session.

“I’m pleased with the support we got in Congress. I’m disappointed that we ran out of time,” Scott said. “Probably the one thing that was frustrating to me was probably the Congressional Budget Office (CBO) score we got. There are plenty of examples people like to talk about $9 billion turning into zero, where money that was spent and didn’t get anywhere. This was a case of zero turning into $9 billion. I’d love to figure out how to do that. We have some work to do with CBO and others to develop a full understanding of what the real cost would be. A bill that had no dollars in it turning into $9 billion mystified me a little bit.”

Scott said he has no immediate plans for the future, but does want to stay involved in the federal IT community.

“I want to say focused on some of these really large issues we’ve begun to tackle the last couple of years. Figuring out what the best way to do that is part of what I’ll be thinking about as I’m sitting on the beach drinking an umbrella drink or whatever,” he said. “I will probably not work in a regular CIO role. I feel like I’ve done that. I’m not ready to make any strong prognostications yet on that front.”