The year is drawing to a close and official Washington is getting ready to shut down for the holidays. The end of the year will also mark the first 11 months of the Trump administration, which has set out to leave its mark on federal IT.
With that in mind, it’s worth taking stock of how much has changed — and how much remains to be done in 2018 and beyond. Any new administration wants to set its own priorities and tone and that has certainly been true of the Trump administration when it comes to government IT.
Much of the conversation has been dominated by the administration’s cybersecurity executive order, which President Donald Trump signed in May after months of anticipation. However, there has also been a renewed effort to spur IT modernization, both inside the administration and in Congress, a push for more shared services and changes in IT leadership roles.
Here is a look back at some of the key trends in federal IT from this past year:
1. Risk-Based Cybersecurity Gets Elevated
The executive order on cybersecurity has driven much of federal cyber policy this year. The order refocuses cybersecurity around three main areas: protecting federal networks; protecting critical infrastructure; and securing the nation through deterrence, international cooperation and growing the cybersecurity workforce.
At its heart, the order forces agency leaders to identify their cybersecurity risks and build defenses around them. Only by identifying and acknowledging risks can proper cybersecurity defenses be mounted, Rob Joyce, the White House’s cybersecurity coordinator, has argued. Under the Trump administration, the idea is that agency heads can no longer pass off responsibility for cybersecurity to their subordinates.
The order leverages many of the constructs for cybersecurity that are already in place. Under the order, each agency head is required to use the Framework for Improving Critical Infrastructure Cybersecurity developed by the National Institute of Standards and Technology (NIST), or any successor document, to manage his or her agency’s cybersecurity risk.
Agencies have also had to develop risk management reports that document the risk mitigation and acceptance choices made by each agency head, including the strategic, operational and budgetary considerations that informed those choices, and any accepted risk, including from unmitigated vulnerabilities.
Practically, there have been changes on the ground. Over the summer, the Department of Homeland Security and General Services Administration released the first new task order, called DEFEND (Dynamic and Evolving Federal Enterprise Network Defense), under the Alliant governmentwide acquisition contract. DEFEND replaces blanket purchase agreements (BPAs) that expire in August 2018. GSA argues that DEFEND will allow agencies to more quickly deploy cybersecurity technology as the IT and threats evolve, and allow DHS and GSA to issue requests for service for discrete kinds of cybersecurity work, including cloud, access management, mobile and more.
DHS has also told agencies they must apply widely-accepted security standards for email and web traffic, which Jeanette Manfra, assistant secretary for the office of cybersecurity and communications at DHS, says is a “tangible” sign that DHS is using industry-based standards to improve federal cybersecurity.
2. IT Modernization Gains Real Momentum
At the end of 2016, the push in Congress for federal IT modernization had stalled. However, Rep. Will Hurd, one of the driving forces behind the Modernizing Government Technology Act, was not about to give up.
Hurd reintroduced the legislation in the House in April and it passed in May. The effort also got support from the administration, with the president’s fiscal 2018 budget request, like the Obama administration’s final one, suggesting the creation of a Technology Modernization Fund (TMF) to replace and retire antiquated IT. The administration’s budget request includes $228 million for a fund that agencies could use to move to more modern infrastructure, such as using the cloud and shared services. The money would be repaid in future years from the savings garnered by using the more efficient technology.
The bill languished in the Senate over the summer but in mid-November the Senate passed the bill as part of the 2018 National Defense Authorization Act days after the House did the same, clearing the way for it to become law once Trump signs off. The bill would, as FedScoop reports, “put money saved through IT efficiencies into working capital funds, which can be accessed for up to three years, to fund efforts to modernize their technology. It also would create a centralized fund that agencies can tap into for modernization.”
While that work has been going on in Congress, the White House has also gotten in on the act. On Aug. 30, it issued a report that spells out its plan to modernize federal IT systems. The report heavily emphasizes the importance of cloud and shared IT services. The report was issued by the American Technology Council (ATC), which Trump established in May to “coordinate the vision, strategy and direction” for the federal government's use of IT and the delivery of digital services. The report was open to public comments, some of which praised its approach and others that questioned some of its conclusions. The White House is working on a final report.
3. Shared Services Find Strong Support
Shared services got a major boost in the cybersecurity order, with Trump declaring that agency leaders “shall show preference in their procurement for shared IT services, to the extent permitted by law, including email, cloud and cybersecurity services.”
Shared services consolidate common government operations such as IT management, finance, human resources and other functions into centralized service providers. Multiple agencies can take advantage of the services, reducing costs and boosting efficiencies as the government leverages its massive collective buying power.
The administration has also emphasized the importance of shared services both in the ATC IT modernization report and a memo from the Office of Management and Budget earlier this year directing agencies to come up with “agency reform plans” to streamline their operations. The memo states that an example of a “crosscutting reform” might be “areas where market or technology changes allow a service to be delivered more efficiently, such as by a shared service provider.”
Beth Angerman, executive director of the Unified Shared Services Management office at GSA, indicated over the summer that shared services will factor into those plans and help eliminate redundancies at agencies. “I can say with confidence that sharing services and technology that support mission is a very active topic of conversation today,” Angerman said at the Agency Reform Summit, FedScoop reports.
4. IT Leadership Roles in Flux
With any change in administration, it’s expected that there will be changes in agency IT leadership roles, as politically-appointed CIOs depart. However, there has been a high level of flux in IT leadership this year.
Some CIOs have resigned, others have been reassigned within agencies, and some agencies have brought in new IT leaders to replace those who left.
FCW’s Insider blog (one of FedTech’s 30 Must-Read Federal IT Blogs of 2017) has kept track of all of the change. There is still no permanent federal CIO (Margie Graves has been serving as acting CIO following the departure of Tony Scott) or permanent federal CTO.
The Government Accountability Office has warned that the changes and vacancies in federal IT leadership positions could make IT reform more difficult.
There has clearly been a lot going on in federal IT this year, but there needs to be leaders in place to carry out all of the initiatives.