While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The fate of legislation to address the modernization of legacy IT systems across the government is up in the air, but IT leaders at the Office of Personnel Management and the IRS have indicated recently that there are many ways to make progress.
The Modernizing Government Technology Act (MGT Act) seems stalled in the Senate; it may have even been killed thanks to a Dec. 1 report from the Congressional Budget Office (CBO) that pegged the cost of the bill at $9 billion from 2017 to 2021. Yet IT leaders have already been laying out different priorities to upgrade IT systems.
For OPM CIO David DeVries, modernizing IT is inherently tied to preserving and protecting personally identifiable information, unsurprising for an agency that suffered one of the biggest data breaches in history in 2014. Meanwhile, Terry Milholland, the CIO and chief technology officer at the IRS until his departure five months ago, found that moving to a new programming language — and tackling the most difficult issues first — helped IRS upgrade its systems.
Every agency has different IT priorities, because every agency has a different mission and varying collections of legacy hardware, software and networks. So it’s unsurprising that federal IT leaders at different agencies would have different viewpoints on what is most important when it comes to technology modernization.
DeVries said that federal agencies’ missions revolve largely around information sharing and production — and the corresponding methods used to accomplish both. He noted at FCW’s Nov. 29 Big Issues conference in Washington that OPM is focused on hiring, payroll, retirement, life insurance and even posthumous records for family members, according to Federal News Radio.
“That’s more than records management, that is information management, dissemination, security, protection and all that kind of stuff,” DeVries said. “This is about people; people are what make things happen and this effects the people that are federal employees, they used to be federal employees, they will be federal employees, they will be political employees, they are contractors.”
Devries said that a key “conundrum” on legacy IT is that it’s unclear how extensive it is or how much money goes to pay for certain systems, because one system could have multiple parts and multiple owners.
“I’m just a broker of information, so when you say you have to update the legacy, you just now backed me into a corner,” DeVries said.
Updating legacy technology is also difficult to achieve, he said, because doing so requires defining requirements, requests for proposals and a potentially long procurement process. All of that might lead to the purchase of a new system that will be outdated by the time it is finally deployed.
He urged government to think of IT not as a cost center but as a key component of business. “I can’t keep looking at my systems and saying ‘I’m going to replace this system with something that looks modern, because it’s the data in and the data out,’ ” he said.
Milholland, who spent seven years at the IRS before leaving in July, told Federal News Radio that the IRS’ drive for modernization helped it respond to an incident in 2015, when criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on about 220,000 taxpayer accounts through IRS’ “Get Transcript” application.
At the time, he said, having standardized programming languages and IT architecture helped it deploy cybersecurity defense and fix problems more easily than in the past.
Milholland said modernizing the IRS’ IT systems to stay on top of cybersecurity challenges and new legislative mandates has been based on three factors.
The first was using a new programming language, JAVA, which allowed the IRS to purchase open-source products off-the-shelf and avoid the need to deploy customized solutions.
Secondly, Milholland told Federal News Radio, the agency implemented conversation programs and tackled the “thorniest problems first.” The IRS is now converting the rest of its “ancient legacy systems to JAVA.”
Finally, the IRS is working to become more data-centric instead of focusing on specific IRS forms. “My agreement was let’s talk data,” he said. “What is the data you actually need to make a decision? What data does the taxpayer need? That changes the equation. That changes the way we do design, the way we do development, the way that we manage, and that has a long staying course,” he said.
“Over a three-year window with budgets being what they are, that is the heart and soul of completing the journey of modernizing the legacy systems,” Milholland added.
The critical effort now is to convince Congress to appropriate enough money to keep the efforts going. “We know how to do it,” he said. “It’s a matter of staying the course to get off of this. As the staff ages, they will be leaving the IRS so we have to get into a state where the [old] language is done [being used].”
The future of the MGT Act is uncertain and may die as the 114th Congress winds down at year’s end. The Senate is unlikely to take action, especially following the CBO report.
“The MGT Act, which passed the House of Representatives in September, authorizes agencies to reprogram funds, with the approval of congressional appropriators, to modernize legacy IT systems. The bill also authorizes a governmentwide revolving fund for high-priority modernization efforts, with agencies paying back advances on IT upgrades through their cost savings. That latter part of the bill was originally floated by the Obama administration as a $3 billion fund as part of a larger cybersecurity package.”
Rep. Will Hurd (R-Texas), the bill’s author, told FedScoop that the legislation will be “difficult to move, and so even though we had the support, this is something that has to be worked through so that it doesn’t create heartburn.” He is hopeful the next Congress can take up the bill. Hurd and allies like Rep. Gerry Connolly (D-Va.) disagreed with the CBO’s methodology, arguing that it did not take into account expected savings on IT costs.
“The legislation isn't going to get done this year because we ran out of time, but the need to modernize IT infrastructure doesn’t go away,” Mike Hettinger, a former senior Capitol Hill staffer and current legislative strategist/lobbyist working on IT modernization, told FCW.