Major reforms needed to effectively manage federal IT

Wednesday - 11/20/2013, 3:44pm EST

Karen Evans (left), national director, US Cyber Challenge
Julie Anderson (right), managing director, Civitas Group

Commentary by Karen S. Evans
& Julie M. Anderson

As the federal government strives to improve technology asset utilization and cybersecurity to enable mission fulfillment in an era of budget constraints, what is "old" is becoming "new" again.

Despite significant financial investments in data management, systems and infrastructure over the past 20 years, the federal government still lacks an overarching architecture that would govern and unify data standards, systems interoperability and infrastructure acquisition across all agencies.

Numerous efforts, such as the Clinger-Cohen Act of 1996, E-Government Act of 2002, Shared Services initiative, Cloud First policy, and Cross-Agency Priority goals, are all intended to improve the way the federal government manages information technology and associated resources.

Within the IT security domain, numerous policy directives and record-breaking investments in cybersecurity have been aimed at clarifying the government's needs and fully funding those requirements to protect sensitive data, systems and infrastructure. Importantly, the federal CIO Council initiative on Federal Enterprise Architecture was launched in 1999, but work should continue to assure evolving technology and new initiatives are included.

Even so, agencies, private industry and individual users are still in need of an enterprise architecture framework that dictates clear standards, investments, policies and procedures, and management practices across all departmental functions.

Instead, these previous efforts combined have created a patchwork approach that has produced overlapping, conflicting or unclear requirements, cybersecurity gaps and undesirable incentives. Together, they have also promoted a disjointed culture and ineffective practices within government IT management, as demonstrated by the checklist mentality that has arisen when complying with various statutory requirements such as the Federal Information Security Management Act.

In contrast, a newly developed, strategic and comprehensive framework would spur the development of an environment conducive to better decision making about investments, risks and innovation. Establishing such an enterprise architecture framework model is more important now than ever as the government tries to integrate new and unprecedented technologies such as cloud computing, mobile devices and big data — all of which add complexity to standards, processes and potential risk.

A recent GAO report defined an enterprise architecture as one that "provides a clear and comprehensive picture of an entity, whether [that entity] is an organization (e.g., a federal department or agency) or functional or mission area that cuts across more than one organization (e.g., financial management)."

Unfortunately, efforts to form a unified architecture are currently hampered by disparate policymaking responsibilities across organizations such as OMB, GSA, NIST, DHS for civilian cybersecurity, and DoD for military cybersecurity. These entities each receive appropriations from different congressional committees, making coordination and alignment even more vexing. Finally, each agency maintains decentralized procurement authority to fulfill its own technology needs, creating structural barriers to standardize acquisition strategies.

Fortunately, some opportunities to re-energize the effort to create governmentwide enterprise architecture exist within cross-agency coordination councils.

In particular, the Federal CIO Council Portfolio Management Committee goals include promoting agencywide best practices in the areas of governance and management processes, optimization of commodity IT resources such as data centers, cloud computing and purchasing contracts, the use of IT shared services platforms, and enterprise architecture.

As the work of this committee moves forward in 2014, we recommend they pursue creating an overall roadmap for federal agencies that would incorporate all technology-related initiatives of the current administration and address duplicative or outdated policies and frameworks to incorporate their current priorities.

This comprehensive and strategic approach would better illustrate what agencies can expect as they transition to their target architecture to be shared among all federal organizations and better assist in their investment strategies. An overarching roadmap would also aid private industry, allowing them to better provide meaningful, effective and efficient solutions for their government customers.

Updating and implementing the governmentwide enterprise architecture framework could qualify as a thankless task among competing political priorities. Even more, bridging the gap between the numerous differences in government IT will not be without its challenges. But doing so will create innumerable benefits to government and ultimately, its constituents and the private sector companies that serve its technology needs.


Karen S. Evans is serving as the national director for the US Cyber Challenge (USCC). She is also an independent consultant in the areas of leadership, management and the strategic use of information technology. She retired after nearly 28 years of federal government service with responsibilities ranging from a GS-2 to presidential appointee as the administrator for e-government and information technology at the Office of Management and Budget within the Executive Office of the President.

Julie M. Anderson is a managing director at Civitas Group. Previously, she served as the acting assistant secretary and deputy assistant secretary for policy and planning at the Department of Veterans Affairs in the Obama Administration. Prior to her federal service she was an associate partner at IBM Global Business Services.