Testimony of Stephen W T O’Keeffe Founder MeriTalk before the U S House of Representatives Committee on Oversight and Reform Subcommittee on Government Operations Hearing Titled Federal IT Modernization – How the Coronavirus Exposed Outdated Systems Chairman Connolly and distinguished members of the subcommittee thank you for the opportunity to speak today – and Chairman Connolly thank you for your constant leadership on Federal IT and the government workforce I acknowledge your role as Congress’ number-one champion on these issues – I point to FITARA MGT FedRAMP et al My name is Steve O’Keeffe founder of MeriTalk the leading government IT publication research and conference company My perspective is powered by MeriTalk’s recent interviews with CIOs from across the Federal government on their frontline pandemic and IT modernization experience as part of MeriTalk’s CIO Crossroads program And we look forward to working with you Chairman Connolly to recognize Federal IT executives’ outstanding efforts and accomplishment during the pandemic in the CIO Crossroads Awards program in September I’d first like to take this opportunity to congratulate Suzette Kent and the Federal CIOs on their dedication and accomplishments over these four extraordinary months Ms Kent reported 90 percent telework numbers across the Federal government That said agencies have definitely been hamstrung by outdated tech as they’ve stretched to support the mission in this challenging time for our country The pandemic has underlined the requirement for the Federal government to double down on the IT modernization priority Déjà vu All Over Again IT Modernization Malaise It is not without a certain irony that as I prepared for this testimony I looked for a previous example of testimony I had given to provide a model for this document I found testimony that I delivered 10 years ago in a hearing on the Senate side to Senators Carper and Coburn The subject of that hearing The requirement for the Federal government to press ahead with all speed on IT modernization At that time we focused on the first Federal CIO Vivek Kundra’s 25-Point Plan to modernize Federal IT We lamented the failing 80 20 rule – where the lion’s share of our $90 billion or perhaps $140 billion annual IT budget gets programmed to support geriatric legacy systems inhibiting our government’s capability to invest in the future Regrettably that 80 20 investment failure paradigm persists today In that hearing I noted that the 25-Point plan was too complex to yield real results – seems those comments proved prescient According to a June 2019 GAO report https www gao gov assets 700 699616 pdf six of the 10 most endangered Federal IT systems are more than 30 years old Nearly half of them run on hardware that’s at least a decade old Think of how your personal technology has changed in that same decade When I last testified on IT Modernization a decade ago the iPhone was edgy and new – and all Feds carried Blackberrys or flip phones Thirty years ago Tim Berners-Lee had just invented the World Wide Web – and everybody outside CERN University thought the web meant spiderman Pandemic Pushes Modernization – Champions CIOs FITARA Front and Center U S Department of State Principal Deputy CIO Michael Mestrovich tells us that “In the span of three months we probably advanced the state of IT modernization to a degree that normally would have taken up to four or five years There was a clear necessity to do business in a different way ” Army CIO Lt Gen Bruce Crawford tells us that “the word ‘telework’ will soon be a thing of the past It will just be work because of this acceptance of the virtual space ” The pandemic has handed agency mission owners a sobering lesson in the primacy of IT in enabling Federal agencies’ mission success Simply put without scalable IT that enabled telework agencies wouldn’t have been available at America’s bed side But as the pandemic stressed systems it demonstrated the shortcomings of agencies’ aging infrastructure and applications On-prem and legacy systems simply couldn’t flex and evolve to support new mission requirements We saw this as SBA struggled to process PPP in the early days of the crisis – and we salute Maria Roat then SBA CIO and now Deputy Federal CIO and Guy Cavallo SBA Deputy CIO who worked around the clock to retool SBA in order to keep American businesses on their feet SBA used the pandemic as a way to radically modernize cutting hard to the cloud and finally turning off legacy systems that were impossible to kill in normal times Make no mistake it was the efforts of dedicated public servants and the cloud that saved SBA As the pandemic put IT modernization in the spotlight it elevated the role of the CIO and made the case for concentrating IT powers in the office of the CIO Where mission owners traditionally bypassed the CIOs office they quickly fell into line recognizing that a misstep on an IT project could catapult them into the headlines – and not in a good way Winston Churchill famously said “never let a good crisis go to waste ” Now that CIOs have the ball and cabinet secretaries have new religion about IT modernization this should be FITARA’s and MGT’s finest hour We need to learn from the pandemic listen to CIOs harness these laws adapt them and put them to work as we recapitalize our Federal IT systems Complexity is the Enemy While now is the time for FITARA and MGT to shine these light house laws and Federal CIOs are mired in a pea-soup fog of complexity – and we need action to clear the path for IT modernization success First off let’s consider complexity in the Federal IT landscape Federal IT has its own language – and it’s a veritable alphabet pea soup There’s FITARA MGT TMF FedRAMP DCOI CoEs and CAP Goals…and as you appreciate soup is just the appetizer In Cybersecurity alone we have CDM TIC FISMA Einstein and now DHS gives us QSMO It would take Einstein just to decode it all Clearly I’m no Einstein because with 30 years of Federal IT experience – including a year working with DHS’ cyber group – I cannot decipher how these programs fit and work together Some suggestions here How about we rethink the whole naming convention for our cyber initiatives – give them names that describe their function and have them fit together into a family that articulates a clear narrative We could publish some intelligible metrics that clearly articulate the dollars that America’s investing – and the outcomes we’re realizing from those taxpayer dollars And let’s plug those metrics into the FITARA management backplane – the IT Dashboard More later In addition to complexity Fed IT investments and outcomes are riddled with non sequiturs The GSA Center of Excellence – that’s CoE for folks scoring at home – program is designed to help agencies improve IT performance and accelerate modernization However the agencies engaged in the CoEs 2 consistently perform poorly on their FITARA Scorecard – so are the CoEs actually delivering any value and if so how do we measure it Floating in this alphabet soup CIOs spend too much time running from pillar to post managing compliance – time and budget that should be repurposed on modernization To be clear I’m not suggesting a reduction in oversight – but rather a new approach and new metrics for success One final note on complexity No conversation about Federal IT modernization would be complete without a tip of the Fedora to FedRAMP The program has made great strides – but we need to clarify what’s law ratify reciprocity provide real transparency on pricing and establish a transaction marketplace that empowers agencies to accelerate their IT modernization journey with secure cloud solutions How about a connection between FedRAMP and DoD IL cloud cyber certifications Moreover on transparency Federal agencies should publish their TCO models and application catalogues – to identify redundancy and enable enhanced public-private collaboration The taxpayer wins in the sunlight FITARA 2 0 – Direct Connect to MGT Act Let me start by saying that as we approach the 10 0 FITARA scorecard later this month the legislation has proved a big success However we’re on the verge of the iPhone 12 – and when you launched FITARA in 2015 the latest model was the iPhone 6 It’s time for a FITARA upgrade – IT modernization if you will Some thoughts How about we make the FITARA Scorecard real time – plugging the scoring criteria into the IT Dashboard – I referenced the FITARA backplane earlier And let’s double down on requiring agencies to religiously update their information on the IT Dashboard This would also serve to provide absolute transparency to Federal agencies about what’s being measured in FITARA – a heads up for agencies on any changes before they impact their grades It would resolve the back and forth between the CIO Council and the Hill on the fairness of the FITARA process – and with it install FITARA as the central platform in a radically simplified Federal IT governance landscape And speaking of evolution and rationalization how about we retire some of the traditional FITARA categories – claim victory – and move on to focus on some new outcome-focused metrics For example number of digital services number of cyber incidents number of personnel with IT certifications and so on We also need to consider the relationship between FITARA and MGT and the associated TMF budgets – we’ll get into actual funding for TMF later How about hardwiring MGT TMF funding to the FITARA Scorecard Dashboard – where agencies that get below a C in their scorecard don’t qualify for TMF dollars As you well appreciate the TMF was part and parcel of the first draft of the FITARA legislation – it only makes sense to reconnect the two MGT TMF and Eliminating Appropriations Roadblocks Originally as part of FITARA the TMF was funded at $3 billion The revolving capital fund has never been capitalized with more than $25 million – and for most years it’s been completely no funded To make modernization work appropriators need to fully and consistently fund TMF However it can’t stop at simply funding Not only has there not been sufficient funding for TMF – the TMF review board has not been able to award all of that money 3 Why I hear the audience ask Because the majority of agencies won’t even apply for the funds in light of the requirement to pay back those loans That means that IT modernization doesn’t pass go We propose that agencies be relieved of the requirement to pay back TMF loans if they spend those monies to enable telework and modernize their IT infrastructures and applications And their performance with TMF investments should be mapped directly to the FITARA Scorecard – and transparent on the IT Dashboard To avoid the frustration of talking to ourselves but having no impact on funding and the rules we need to bring appropriators into the conversation We will never have a better opportunity to get them to see the value of IT and commit the dollars The time to act is now – back to Winston Churchill quote above Who CARES Watch Out for IT Sprawl and FITARA End Run And speaking of appropriations no conversation on IT modernization would be complete without considering CARES and other emergency stimulus appropriations Even as we have this conversation we see new warning signs that point to further IT sprawl ahead and a weakening of CIO authority CARES and other pandemic relief bills provide funding for a series of agencies – much of which has and will be used to fund IT modernization While this funding is welcome in many cases it cuts an end run around the CIO’s office and FITARA America needs relief now but working around the CIO’s office will perpetuate sprawl waste and even more shadow IT The Next Federal CIO Pick While I recognize that it’s not within your control to select the next Federal CIO I would be remiss if I didn’t make a plea for the next Administration to select a Federal CIO that understands government Ms Suzette Kent and Mr Tony Scott have acquitted themselves very very well However bringing in somebody from outside government creates a massive learning curve – we have our own language and culture in government tech This means that a newcomer’s first year will be occupied with finding the bathrooms – precious time in a three-to-four-year term I sincerely hope we pick somebody that knows government tech – we have a lot of very well qualified candidates CIO CrossRoads The events of the last four months have led us to a once-in-a-lifetime opportunity to re-imagine and modernize Federal IT…for the better of all Getting there will take collective will and a commitment to real and lasting change on multiple fronts To start we need to ➢ Cut through the complexity – both at the program and compliance level ➢ Measure what matters with FITARA 2 0 – create a direct connection to MGT ➢ Fully fund TMF connect it to FITARA eliminate appropriations roadblocks ➢ Avoid future IT sprawl and erosion of CIO authority ➢ Choose leaders wisely – Federal IT experience matters Last time I testified on IT modernization I was 43 At this cadence I’ll be 63 next time I sit in front of you on this topic Like the Federal government’s IT systems – none of us is getting any younger 2020 has shown us the best and worst of times when it comes to Federal IT Our experience with COVID-19 is a beacon for what can be done when there’s clear direction and undeniable urgency We should all applaud our Federal CIOs and IT workforce – now everybody across the Federal government knows their value Carpe diem 4