Protection of sensitive data, outdated IT systems and a workforce that struggles to attract and retain top tech talent are some of the key IT challenges facing the federal government, according to a recent government report.
The report, issued last month by the Council of the Inspectors General on Integrity and Efficiency, is an “an amalgamation of 61 top management and performance challenges reports written by the offices of the various inspector generals at agencies across the federal government in 2017,” as FedScoop notes.
IT security and management is one of the seven most frequently reported management challenges, along with performance and accountability, human capital, financial management, procurement, facilities and grants.
The Trump administration is striving to address the challenges laid out in the report through its executive order on cybersecurity, IT modernization report and attendant agency actions and the president’s management agenda, which emphasizes modernization, cybersecurity and building a modern IT workforce.
CIGIE is an independent entity established within the executive branch to address integrity, economy and effectiveness issues that transcend individual agencies, and aid in the establishment of a professional, well-trained and highly skilled workforce in the Offices of Inspectors General.
IT Security, Outdated Systems Are Key Challenges
The IT management challenges the report identifies include protection of federal IT systems from intrusion or compromise by external or internal entities and the planning and acquisition for replacing or upgrading IT infrastructure.
“This is a long-standing, serious, and ubiquitous challenge for federal agencies across the government, because agencies depend on reliable and secure IT systems to perform their mission-critical functions,” the report notes. “The security and management of government IT systems remain challenges due to significant impediments faced by federal agencies, including resource constraints and a shortage of cybersecurity professionals.”
Agencies face challenges in ensuring information systems are secure and sensitive data is protected in the face of cyberattacks and insider threats, the report notes.
For example, the Social Security Administration’s inspector general reported deficiencies in the agency’s ability to protect the confidentiality, integrity and availability of the SSA’s information systems and data, the report says. The SSA’s OIG recommended the agency “make protecting its network and information system a top priority and dedicate the resources needed to ensure the appropriate design and operating effectiveness of information security controls and prevent unauthorized access to sensitive information.”
The White House’s IT modernization report focuses on consolidating and improving the acquisition of network services so that agencies’ management of security services are consolidated where possible and managed to high standards. Specifically, the report focuses on the need to modernize high-risk, high-value assets — IT assets that are essential for agencies to serve the American people and whose security posture is most vulnerable.
The CIGIE report notes that in the event a federal IT system is compromised — whether by cyberattack, environmental anomaly or some other incident — it is imperative that vital IT systems “are available in a timely fashion to support the continuity of operations of federal agencies.” As such, it is imperative for agencies to prepare for the worst by having a developed-and-tested contingency plan to ensure continuity of operations.
Despite this risk, some OIGs have noted deficiencies with agency IT contingency planning. The Interior Department OIG, for example, has highlighted agency data backup issues, which could potentially leave DOI without access to important data should a computer fail or a system be compromised. Agencies need adequate disaster recovery plans and backups of their data, either in off-site data centers or in the cloud.
Unsurprisingly, IT modernization was also cited as a key challenge for agencies. The CIGIE report notes that outdated or obsolete IT systems can potentially “reduce system reliability and affect an agency’s ability to fulfill its mission,” and many OIGs found that their agencies were using legacy IT systems to perform core functions and responsibilities.
For example, the Treasury Inspector General for Tax Administration stated that the IRS has a large and increasing amount of aged hardware, some of which is three to four times older than industry standards.
The Trump administration has made IT modernization a central pillar of its technology policy and has stood up “Centers of Excellence” within the General Services Administration to help agencies modernize around five key areas: cloud adoption, IT infrastructure optimization, customer experience, service delivery analytics and contact centers. GSA is working with the Agriculture Department as its first “lighthouse” agency and will use lessons learned at USDA to inform how the CoEs will work with other agencies.
Legacy IT systems are not just costly to maintain, they can also increase security risks, the report notes. The Justice Department’s OIG reported that the DOJ’s Justice Security Operations Center, which provides 24/7 monitoring of the agency’s internet gateways and incident response management, is “hampered by its aging infrastructure, some of which is past its end of useful life and is no longer supported.”
Agencies need to upgrade network infrastructure to enhance security, which many likely will do under the GSA’s $50 billion Enterprise Infrastructure Solutions contract. EIS requires agencies to transition away from the Networx contracting vehicle by the spring of 2020.
Finally, the report notes that many agencies face challenges in attracting and retaining a highly skilled cybersecurity workforce, which compounds these issues. The president’s management agenda sets a goal of building a modern IT workforce by recruiting, reskilling and retaining professionals “able to help drive modernization with up-to-date technology.”