CIO Briefing

Who's to Blame When IT Systems Fail?

William Duke

When it comes to government technology, assigning responsibility can be tricky. 

Take the new email system the General Services Administration launched in 2011. GSA Chief Information Officer Casey Coleman appeared to be on the hook for that one. Click on any GSA project on the Federal IT Dashboard, a website that tracks government spending, and Coleman’s picture is right next to a table of performance metrics. The buck stops here, that photo seems to say. Don't like how your email is performing? Give Coleman a call.

The real story is more complicated. First, the vast majority of GSA's 17,000 employees don't work for Coleman, so for the system to have any chance of succeeding she needed buy-in from leaders of GSA's Public Buildings Service, Federal Acquisition Service and various smaller divisions.

And Coleman—like all government technology chiefs, with the exception of the Veterans Affairs Department’s acting CIO, Stephen Warren—doesn’t actually control her agency’s information technology budget. She wields a lot of influence, but if a project goes off the rails she needs authorization from other agency leaders to rework or kill the contract.

Then there were the contracting officers who managed the vendor competition for GSA’s new email system, the security experts who made demands of it and Unisys Corp., the company that set up and maintains the Google-based calendar, email and collaboration suite. 

The story gets even more complicated when you look outside GSA. This was the first agencywide transition to cloud-based email, meaning all the messages, contacts and calendars are stored in off-site servers that GSA staffers access through the Internet. Agencies across government were planning to adopt cloud email systems or were already in the process, so the federal CIO’s office inside the Office of Management and Budget took a keen interest in the project, looking both for best practices and for roadblocks. 

GSA reports to OMB several times a year on its adherence to technology mandates, and U.S. CIO Steven VanRoekel leads extensive review sessions of agencies’ IT portfolios—especially their troubled projects. 

Then there’s Congress and its auditing arm, the Government Accountability Office, looking to uncover any evidence of inefficiency or incompetence in federal IT spending. And there are the American people demanding good government at a reasonable cost. That’s what all those emails are about after all, making sure citizens aren’t paying too much for federal employees’ office supplies or for extra Saturday janitorial service at a federal building in Fargo. 

The problem is that having all these cooks in the kitchen sometimes leads to crossed wires, inefficiency and obfuscation rather than smart IT investments. And it’s often tough to get a handle on who is to blame.

This inefficiency has serious consequences. The U.S. government is the world’s largest single buyer of information technology, spending about $80 billion on IT products and services each year. Auditors have estimated better management and oversight of these purchases could save the government $10 billion over five years. That’s $3 billion more than the entire annual funding for the National Science Foundation in 2012. 

Just as important, better management could streamline the acquisition process so agencies are less likely to buy technology that’s outdated or doesn’t do what it’s supposed to.

Rep. Gerry Connolly, D-Va., grilled VanRoekel about this when he testified before a House panel on government operations in July. Connolly, who represents perhaps the most technology contractor-dense district in the nation, asked why Defense Department CIO Teri Takai doesn’t list any of her investments as “high risk” on the IT Dashboard. Many of those investments are a year or more past due and millions or billions of dollars over their original budgets. One system to deliver soldier health data online has even become grist for political comedy on The Daily Show because it still can’t connect with its partner system at the Veterans Affairs Department, despite years of trying. 

VanRoekel told lawmakers that some Defense projects were undoubtedly at great risk, but that Takai wasn’t trying to cover up problems. She doesn’t control the budgets for those projects, he explained, and bases her reviews on assessments from deep inside the military services and other Defense agencies. So who should Connolly haul before his subcommittee and bawl out for the poor project performance? The answer isn’t clear.

Connolly is co-sponsoring legislation that would simplify the convoluted federal IT process with House Oversight and Government Reform Committee Chairman Darrell Issa, R-Calif. The Federal IT Acquisition Reform Act, or FITARA, would make CIOs presidential appointees and give them full authority over their agencies’ IT budgets. The bill also would create centers of excellence to deal with certain categories of complicated technology purchases and put the force of law behind Obama administration initiatives to cut the number of federal data centers and move more storage to computer clouds. 

Existing statutes would exempt the Defense Department from the portions of FITARA dealing with CIO authority, but not from other elements of the bill. Connolly has argued that the Pentagon actually would be most affected by FITARA because it’s the largest user of bulk buying contracts developed by GSA.

A version of the bill was tacked onto the National Defense Authorization Act that passed the House in June. It’s not clear yet whether the IT buying overhaul will win approval in the Senate. 

FITARA has drawn advocates and skeptics. Supporters say the bill would bring much needed uniformity to the way technology is bought and managed throughout the federal government, not to mention accountability for failures. 

Some critics, however, say the bill favors a top-down management style that could result in IT buying decisions at higher levels by people who know less about what’s needed. Others argue the bill papers over the competing interests of various government divisions with a one-size-fits-all approach that would cause more conflict than comity. 

But both sides acknowledge one thing: They’ve been through this debate before. 

IT Reform All Over Again

The 1996 Clinger-Cohen Act was designed to respond to similar shortfalls in accountability. Before the legislation was introduced, a congressional report titled “Computer Chaos” described antiquated systems, “poor management, inadequate planning and an acquisition process that is too cumbersome to competitively purchase computer technology before it is obsolete.”

Clinger-Cohen created federal CIOs and established an interagency CIO Council to sort out best practices for the government’s trickier IT problems. The law also required agencies to establish performance goals for their IT systems and adopt best practices from the private sector. In many ways, Clinger-Cohen brought the government into the age of large-scale deployment of IT to improve government performance, along with President Clinton’s National Partnership for Reinventing Government. 

Some say, however, that Clinger-Cohen was never properly implemented. It’s this 17-year-old dispute that, in many ways, is at the heart of the debate over FITARA today. 

According to the critics, Clinger-Cohen was, if not a perfect fix to the problem of mismanaged government IT, at least a very good start. The trouble began, they say, when the law went to the Office of Management and Budget and federal agencies for implementation. 

Agencies watered down the legislation’s vision of a strong CIO with broad authority over IT systems, they say, and OMB failed to impose uniform standards for what a CIO ought to be and do. The position has been viewed in some cases as a sinecure for administration favorites without real technical expertise who lack the power to crack down on technology fiefdoms or to insist agencies take a unified approach to buying and implementing major software systems. 

Paul Brubaker helped design Clinger- Cohen when he was staff director for then-Sen. William Cohen, R-Maine. On the legislation’s 10-year anniversary in 2006, he told CIO magazine that the law had been “totally bastardized to fit political agendas” during the Clinton and Bush administrations, adding that government IT faced “the same basic problems we did 10 years ago.”

For some major IT operations there hasn’t been much progress in the seven years since.

The “Computer Chaos” report opened by detailing three “antiquated and inefficient computer systems” that “cost the government billions.” First, there were details of “outdated Internal Revenue Service computer systems” that have “contributed to a $70 billion backlog in uncollected taxes and unreliable financial records.” Flash forward 16 years to 2012 when a Treasury Department auditor found that IRS’ efforts to modernize its systems posed a major risk and left taxpayer information vulnerable to hackers. 

Then there was the account of an outdated air traffic control system that was “failing at an increasing rate.” Seventeen years later, the Federal Aviation Administration’s next generation air traffic control system is facing delays that could stretch up to a decade, according to internal auditors.

The list closed with the Defense Department’s stew of outdated accounting systems so poorly integrated that it was impossible for the Government Accountability Office to audit the Pentagon’s books. It still can’t. The Pentagon’s goal now is to be auditable by 2017. 

Brubaker, who now heads the Defense Department’s planning and performance management office, didn’t respond to an interview request for this article. 

What Went Wrong

For some critics of Clinger-Cohen’s implementation, FITARA represents a do-over, an opportunity to put right what went wrong 17 years ago. Doing that, however, means sorting out just what went wrong. 

One major factor, former Commerce Department CIO Alan Balutis says, is that some at OMB never bought into Clinger-Cohen’s reforms and resented congressional meddling in what were essentially executive branch issues. Balutis is now a director for Cisco’s Internet Business Solutions Group.

This was exacerbated, he says, by the fact that the bill’s eponymous sponsors both left Congress shortly after it was enacted. Rep. William Clinger, R-Pa., retired, and Cohen left to become President Clinton’s third secretary of Defense. 

In 2006, retired Air Force lieutenant colonel and IT policy consultant Wes Andrues wrote a five-part series for Government Executive detailing how Clinger-Cohen had failed to meet expectations. Most notably, Andrues wrote, a “sense of Congress” addendum that the bill should reduce governmentwide IT spending by 5 percent while, at the same time, increasing efficiency never came to pass. In reality, nonintelligence IT costs rose about 7 percent annually throughout the Bush administration. Those costs have essentially flattened out but not decreased since President Obama took office.

There was a lot of “cultural momentum” to make Clinger-Cohen a success, Andrues told Government Executive recently. But in the end there wasn’t enough to change how the govern-ment operates.

One problem, he says, is that even in the 1990s, IT was so integrated into how government employees did their jobs that yielding authority over those software and hardware systems to someone else seemed like a huge imposition and one that would likely decrease efficiency rather than raise it. In the end, it was often easier to make IT purchases by going around CIO offices rather than through them, he says.

The integration of IT into everything government does has only increased since then, Andrues says.

Seeking a Balance

There is another view, however, that sees the Clinger-Cohen implementation not as flawed but as, perhaps, the best that can be expected of legislation in such a complex arena. 

Federal agencies have a variety of legacy IT systems, missions and priorities, so imposing Clinger-Cohen as a one-size-fits-all solution might have produced more harm than good, says Daniel Chenok, a former branch chief at OMB and now executive director at IBM’s Center for the Business of Government. 

“Any management statute should be introduced in the context of an agency’s history, its budget and statutory authorities,” he says. “So it’s highly unlikely you’ll have an immediate, perfectly consistent application of a new management framework in every agency. That’s not just true for Clinger-Cohen, but for any management statute.”

While he’s not opposed to reforming how the government manages IT, Chenok warns that proper management requires a careful balancing of interests and expectations—between CIOs and other managers within an agency, between agencies and OMB, and between the executive branch and Congress. 

“It’s just hard to legislate good management,” he says. “The role of a statute—and this is a little political science-y—is to create a framework and expectations from Congress. Congress wants to make sure its understanding of best practices is reflected in statutes and the administration wants flexibility to order itself and to manage as it sees fit. Where that middle ground is evolves over time and won’t ever be totally settled on either side of the ledger. It’s always an evolving picture, not a perfect end state.”

A Long Road

Connolly cites ingrained resistance inside agencies and a lack of congressional oversight by Clinger-Cohen’s sponsors as stumbling blocks for the law, two things he hopes to avoid with FITARA. 

“The bottom line is that, as with any bill I work on, I do not believe the job is finished once the president signs the measure into law,” he says. “If anything, I view enactment as merely the beginning of the most labor-intensive, and perhaps most important, part of the legislative process—exercising diligent oversight to ensure the law is implemented in accordance with congressional intent.”

Connolly played down a prevalent view in the government IT community that OMB opposes FITARA and would try to weaken it during the implementation phase. That perception is largely based on noncommittal answers VanRoekel gave during testimony before the House Oversight and Government Reform Committee and its various subcommittees, including a comment about CIO budget authority being less important than CIOs having “a seat at the table” when major management and policy issues are up for discussion. 

Connolly warned during a July 25 hearing of the House Oversight Subcommittee on Government Operations that the Obama administration would “have problems on both sides of the aisle” if it didn’t get behind the reform act. Connolly is the subcommittee’s ranking Democrat. 

In a mid-August email to Government Executive, Connolly said he believed VanRoekel and OMB were largely supportive of IT reform and that VanRoekel had made clear in private that he wanted to establish a stronger, more cooperative relationship with congressional overseers. That should bode well for FITARA if it becomes law. 

Even with good relations between OMB and Congress, FITARA could still face roadblocks, Balutis says. Notably, the famously tense relationship between co-sponsors Issa and Connolly could unravel, making congressional oversight less effective. The Oversight Committee might also be distracted by some new scandal or the administration that takes office in 2016 could be less cooperative with the legislation or have its own ideas about IT reform.

Despite those cautionary notes, Balutis is optimistic about the bill’s chances. 

“In a second term, presidents and key officials begin to think about an administration’s legacy and about things they can accomplish on the president’s watch as opposed to initiatives that won’t come to fruition for years and years,” he says, citing a July 8 speech during which President Obama said that smarter and more user-friendly technology would be at the heart of his second-term management agenda.  

“You saw that at the tail end of the Bush administration, and I suspect the same things will be happening in the Obama administration,” Balutis says. “This would fit that framework.”

Threatwatch Alert

Cyber espionage / Network intrusion / Stolen credentials / Software vulnerability

Army Network Breached by Gamers Targeting Apache Helicopter Simulator

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// 6:11 PM ET
X CLOSE Don't show again

Like us on Facebook