Breathing life into stagnant CIO authorities must begin with consistency

The White House’s latest attempt to give agency chief information officers a bigger seat at the table is filled with many similar desires and hopes as many of the previous efforts over the last 22 years.

One of the main goals of President Donald Trump’s executive order from May 15 was to breathe life into stagnant CIO authorities.

“Structure dictates behavior and behavior dictates results,” said a senior administration official back in May. “The organizational structure is 20 years out of date in this area. As we looked at this problem over the last year and in consultation with experts in and out of government, we asked how do we do structural reforms to make sure the organization is governed in a modern way? We are fixing this governance problem in all agencies because too often CIOs have been relegated to the back office. This is a significant organizational change coming from the presidential level.”

Ann Dunkin, former EPA CIO

But was the EO really needed? Are there enough laws — such as the Federal IT Acquisition Reform Act (FITARA) — policies and requirements on the books already that give CIOs enough authority to meet their oversight and operational responsibilities?

Federal News Radio put those questions to a group of former agency CIOs and IT executives who have more than 50 years of experience in the federal IT community among them. Their responses were edited for length and clarity:

What are some things in the EO that you would’ve wanted when you were an agency CIO?

Ann Dunkin, former Environmental Protection Agency CIO: I would have liked more authority to merge or reorganize agency IT functions to promote agencywide consolidation of the agency’s IT infrastructure, taking into account any recommendations of the relevant agency CIO. The individual IT organizations within EPA that don’t report to the CIO represent a signification percentage of the total IT in the agency.  Some of that makes a great deal of sense, but some of it doesn’t, either because there would be efficiency gains or security improvements through consolidation, or simply because a group was a bit out of its depth in the IT functions it was responsible for. As EPA CIO I really had no way to change that. Now, this new authority doesn’t really do any good if it doesn’t get any easier to execute a reorganization to shift those functions and  if department leadership doesn’t pay attention to the requirement.

Pete Tseronis, former CTO for the Department of Energy

Dan Chenok, former Information Policy and Technology branch chief at the Office of Management and Budget: The EO largely reinforces authorities that CIOs have had under prior law, but that were inconsistently applied. The focus on consistent application of CIO authority in the range of areas that impact IT performance, including investment strategy, cybersecurity, and hire authority promises to raise that performance across agencies. It would help drive governmentwide improvements in the use of IT. Also, the clear statement of CIO governance roles, combined with the focus on sensible IT consolidation, can streamline and strengthen CIO-led decision-making in each agency.

Pete Tseronis, former Department of Energy chief technology officer: While a good bit of the order reiterates what has been stated in past administration iterations, such as visibility into and control of IT investment, a few elements appear to have underscored the CIO significance and leadership. Specifically, setting the knowledge and skill standards for IT personnel and hiring authority. The Federal CIO maintains a position that requires both strategic and tactical proficiency.

Executive Order 13800 highlights the importance of IT personnel aptitude. The CIO must be in a position to lean on his or her softer skills to recruit, manage, and guide an array of individuals to implement the complexities of a digital transformation involving disparate tools, risks, and business models. Streamlining personnel recruitment so that agency CIOs can develop a state-of-the-art federal IT workforce is vitally important.

Do you think this EO was needed? Why or why not?

Charlie Armstrong, former Customs and Border Protection CIO: The need for the EO is debatable. It does clearly define the reporting relationship to the agency head. The challenge always comes down to money and prioritization. In the case of component agencies, they have a mission to get done. Component agency heads have to rack and stack investments not just with IT but with all the elements it takes to run the agency — personnel, vehicles, weapons, aircraft, real estate, etc. Consolidating, cloud migration, [digital] services, wide-area network modernization are all means to lowering costs and improving service. Securing information is an absolute need to protect information and ensure public confidence. It is a journey, not a short trip.

Jonathan Alboum, former USDA CIO

Jonathan Alboum, former Agriculture Department CIO: I believe the EO was needed in the sense that IT governance topics are really critical as we embark on IT modernization and digital transformation initiatives across government. In our rush to transform, it’s easy to overlook fundamental communication and change management requirements that are the real critical success factors for these efforts. By re-articulating that the CIO is the person ultimately responsible for all IT initiatives, it forces the organization to channel all of this work through a central office.

While there is a risk is that this can become a bottle neck, I believe that it is outweighed by the opportunity to promote enterprise approaches and data sharing across government. There’s tremendous opportunity to reap value in the data in our federal systems, but there also needs to be more awareness into the visibility of that data, as data volumes are expected to grow rapidly, exacerbating current challenges. Without the strategy and planning that will result from the CIO being positioned as the “senior technical advisor,” agencies will face a lack of data visibility, increased risk, and complicated cloud migration paths that frequently result in vendor lock-in.

Simon Szykman, former Commerce Department CIO: I think the EO is important in that there are things that might not happen without it. But at the same time, while it is important, the EO in and of itself – despite its title – is not enough to ensure enhancement of the effectiveness of CIOs. [Section 4(c)] is merely a restatement of one of the provisions of FITARA, which was passed around three-and-a-half years ago. And of course the words don’t matter unless they are implemented. If these things have not happened three-and-a-half years after being legally required by statute, will an executive order make a difference? Maybe or maybe not, but if so, it’s not going happen as a result of signing an EO; it’s going to happen because of action on the part of agency heads, and the White House and OMB holding agencies accountable.

Similarly, for Sections 5(a) and 5(b), it would have been great to have been empowered to do those things when I was a CIO, but an executive order on its own does not empower today’s CIO’s with any more authority than I had.  It takes the agency head executing the provisions of the EO to empower CIOs to achieve the desired outcomes. I think there are some agencies where we already saw things moving in this direction prior to the EO (e.g., USDA), but in other agencies, if the agency head is ambivalent toward the importance of these trends, change may be slow or minimal.

Simon Szykman, former Commerce Department CIO

Dunkin: I’m of two minds about that. On the one hand, as I noted above, the EO should be unnecessary. Most of the items included in the EO were included in [the Clinger-Cohn  Act] or FITARA. On the other hand, the previous efforts failed to generate the desired results. Don’t get me wrong, most agency and department CIOs are trying very hard to comply. However, antibodies in their own organizations, along with funding issues and misaligned incentives or inappropriate measures make compliance with some requirements difficult.  So, if an EO can create different outcomes, then by all means, it’s necessary.  That will require putting some teeth into enforcing the requirements. I suspect that they will get tested very quickly and that all agencies and departments will be watching to see if the White House is serious or if they can just continue to pick and choose when to comply.

What advice would you give to current CIOs when it comes to fulfilling the spirit and intent of laws and policies focused on CIO authorities?

Alboum: To support the success of FITARA and the agency as a whole, the CIO must create a culture of collaboration across the enterprise and learn to lead through influence, rather than direct control. They must create an environment that leverages the interdependent nature of what can seem like distinct component contributors across the agency’s various IT organizations. These groups are closer to the products and services they deliver to the public. They know their customers’ needs best. The CIO must be respectful of differences within these organizations, while also driving the agency’s IT community to adopt a common identity and enterprise approaches to IT. The best way to do this is to stay focused on your agency’s mission. The only reason IT exists and the spirit of all of these requirements is to ensure that IT is used effectively to drive positive program results. I encourage all CIOs to get out of the office and see their missions in action.

Charlie Armstrong retired as the CBP CIO in February 2016.

Armstrong: CIOs need to explain the value of investment and how it improves mission delivery and the risk of mission failure when investments are not made. The CIO should never forget they are at the table to support the mission. CIOs who put directives or policies in place to make IT more efficient without consideration for the mission will diminish the role of the CIO, not enhance it.

Tseronis: As technology continues is ubiquitous progression within the federal government, dependence on collaborative relationships with industry is so important to attain the vision of a secure, state-of-the-art, shared panorama of technology resources/services. Do not expect your leadership to tell you what to do. Do not wait for legislation to direct you what to do. Instead, leverage your authoritative role as the CIO to own, develop, and mature the supporting infrastructure that our nation’s federal workforce, agencies, and constituents depend on seven days a week, and twice on Sunday.

Dan Chenok
Dan Chenok, former Information Policy and Technology branch chief at the Office of Management and Budget

Szykman: Empowerment won’t happen by itself, nor can CIOs assert greater authority merely by pointing to an EO on a website. The empowerment will come from agency heads throwing their support and authority behind the CIO on all agency matters concerning IT management, governance, spending, etc.  My advice would be to work closely with the agency head, or deputy in cases where the deputy serves in a chief management officer or chief operations officer role and is more involved in internal matters than the agency head. Build support for implementing FITARA and the EO, providing a business case for a change agenda. Even with the support from the agency head, it’s preferable to have change management be a team effort rather than an internal struggle over turf.

Without the broader support, CIOs may find themselves facing resistance to change from organizations that are entrenched in existing ways of doing things. Consequently, I would also recommend building relationships with senior leadership across the agency, component/bureau leadership and heads of major mission programs, and an accompanying communications strategy to gain support from affected organizations.

Chenok: Since the Clinger-Cohen Act first codified the position of a federal agency CIO in 1996, successful CIOs have leveraged law and policy to build coalitions with government and industry partners that drive collective progress in federal IT management. Rather than viewing law and policy requirements as a compliance activity, strong CIOs can use law and policy tools — including the recent EO — to lead mission improvement, efficient operations, and effective agency adoption of new technologies such cloud and artificial intelligence.

Read more of Reporter’s Notebook