As previous IT investments proved their worth in 2020, the pandemic is prompting agencies to accelerate their modernization efforts
Everything changed when the COVID-19 crisis hit in early 2020 — including agencies' IT modernization plans. Although certain initiatives immediately proved their worth, allowing for remote work at a previously unimaginable scale, others had to be accelerated or rethought entirely. Stakeholder attitudes sometimes changed overnight, and new budget needs quickly became apparent.
In early October, FCW gathered a group of CIOs and other IT leaders to discuss how the past several months have altered their approach to IT modernization. The discussion was on the record but not for individual attribution (see sidebar for the list of participants), and the quotes have been edited for length and clarity. Here's what the group had to say.
'Someday' is suddenly here
Almost every participant described the pandemic as a catalyst for his or her agency. "It has accelerated our roadmap," one said. Although the technical tools were already in place, workplace habits had not yet caught up — until COVID-19 forced the change. "The pandemic took us to a place in the course of 30 to 60 days where I thought we would probably be in two to three years.… A lot of the cultural and policy changes really accelerated."
CIO, Department of Energy
Executive Director on detail to Border Enforcement and Management Systems Directorate, Office of Information and Technology, U.S. Customs and Border Protection
CIO, U.S. Patent and Trademark Office
Vice President of Global Government and Head of Corporate Compliance, Zscaler
CIO, Nuclear Regulatory Commission
Director of Pre-Sales Engineering, U.S. Public Sector, Zscaler
Deputy CIO for Information Enterprise, Department of Defense
Deputy Federal CIO, Office of Management and Budget
CIO, Consumer Financial Protection Bureau
CIO, Federal Communications Commission
Acting CIO, Internal Revenue Service
CIO, Export-Import Bank of the United States
CIO, Department of Agriculture
CIO, Directorate of Defense Trade Controls, Department of State
Note: FCW Editor-in-Chief Troy K. Schneider led the roundtable discussion. The Oct. 8 gathering was underwritten by Zscaler, but the substance of the discussion and the recap on these pages are strictly editorial products. Neither Zscaler nor any of the roundtable participants had input beyond their Oct. 8 comments.
One executive noted how new systems came online in the nick of time. Before mid-February, the official's agency was "not able to do any sort of telework, and afterward, we were able to do all telework,…the sole exception being the need to access any classified networks."
Across the group, there were stories of pulling forward modernization efforts that were planned for two, three or even five years out. Even more dramatic were the changes in culture, the participants said. As one official put it, "What are the policies and procedures that an agency has that recognize the ability to work in the world that exists today?"
Another told of joining her agency a few months before the pandemic hit and hearing her new colleagues talk about "someday" changing the way they oversee private-sector institutions so "we don't have to go into a [firm's office] and sit in the conference room for two weeks."
Now, the official said, she's thinking: "'Oh, that someday happened really fast.'"
Adapting to new mission requirements
At the same time, many agencies added significant new mission responsibilities as they responded to the public health and economic crises. Some had to spin up contact-tracing systems for their employees, while others managed massive new programs mandated by the Coronavirus Aid, Relief and Economic Security (CARES) Act.
One participant said: "I think two things were happening at the same time" — the pivot to telework and the COVID response. Because agencies' ongoing modernization efforts had already put the foundational technology in place for telework, the CIOs "could focus their teams on the COVID response and what they needed."
The data-gathering and data-sharing aspects of the pandemic response have posed particular challenges for several agencies, but those shortcomings could serve as a boost for broader data strategies, participants said.
Several officials also reported a new willingness across their organizations to rethink previously sacrosanct business processes. "We had a lot of interesting conversations with people saying, 'Hey, because of COVID, we think we can do this thing virtually,'" one participant said. "And there was a lot of, 'Wait, why weren't you doing that virtually before?' We were flying folks all over the world to do some things that are inherently on-network activities."
"The interesting question will be how much of that reverts to tradition" when widespread travel becomes practical again," he added.
The money discussion has changed (for now)
The group was divided on how the scrambles of 2020 would affect future modernization budgets. On the one hand, money flowed relatively freely thanks to dedicated CARES Act funding and the reprogramming flexibility that the law gave some agencies. "I think the influx of funding helped the CIOs get the bureaucracy and the noise out of the way to execute what they knew they needed to do already," one participant said. Several commented on their ability to "move projects to the left."
Officials whose agencies have IT working capital funds or other sources of multi-year funding said they were taking full advantage of those tools and stressed the need for such flexibility across government. "Congress needs to get out of their own way" and write such funds into appropriations bills, one participant said.
But some agencies experienced IT budget cuts just as the pandemic was ramping up, and several participants said they were concerned about the bills that would come due in 2021 and 2022.
One official said top executives in his department had sent letters to the Office of the CIO praising the new collaboration tools and other services, saying, "'You can't take this stuff away.' And then we attach the bill to it, and it is becoming a much more real conversation again."
IT modernization is no longer seen as "an overhead cost," another executive said. "It is now absolutely just accepted that we are foundational to the mission." But he and others said it was too early to tell if that acceptance would translate into budget.
The stubborn legacy systems
One area that prompted particular budget concerns was the legacy systems that agencies have not yet modernized — specifically because their bespoke nature makes it difficult and costly to do so.
"There are still older systems that are lagging, and there needs to be some kind of infusion of cash to really tackle some of that," one CIO said. "And those are the ones that I think in the long run that will continue to hurt us over the next several years." She called those systems "albatrosses" and noted that some are high-value assets that can't simply be replaced with a commercial product. Those long modernization efforts will require not only multi-year funding, but sustained attention and nurture "beyond political cycles and funding cycles."
Another participant, however, said the past several months had challenged some assumptions about essential legacy systems at his agency. "It's been interesting watching the winners and losers in our portfolio when you shift work like this," he said. "We actually took a lot of pressure off our bespoke infrastructure, the actual physical network, because so many activities moved out to the cloud." The number of employees who truly needed secure access to the on-premises systems "was actually a very small minority."
Another noted that IT's newfound "mission-essential" status does not often extend to the expense of shutting down old systems. "I'm challenged with that," she said. "Once we bring in new capabilities, [we need] the investment to go shut down the existing system because they're not typically just turn it off and you're done with it."
Another challenge that's on the horizon is the technical debt some agencies have incurred in their scramble to provide employees with the needed tools. Although there are cybersecurity risks that can be reduced further, the larger concern is managing user expectations.
"I erred on the side of giving people too much — too many choices, too many platforms," one CIO said. "It made them effective, but I'm not looking forward to taking some of that back and getting down to a consolidated strategy that I can manage."
Rethinking the roadmap
For all the anecdotes of agencies modernizing business process that should have been revisited years ago, several participants said they are seeing signs of truly forward-looking change. "People were talking about what we are going to do when things go back to normal," one official said, referring to pre-pandemic operations. But now, the emphasis is on embracing and building on the changes of recent months: "This is normal. This is it."
Another had doubts that the culture changes will stick, noting that leaders in his department were generally back in the office full-time. "It's one thing to say telework is allowable. It's another thing for [an organization's leader] to telework two days a week. One of those gives you permission. The other one starts to instill it as a cultural value or a way of doing business. Fingers crossed that we'll see more of those kinds of cultural signals come in. It's that kind of stuff that is going to help these business processes not just be accommodations to the pandemic, but actually steps forward in the way that we work."
There was general agreement that the government's commitment to digital transformation — having been stressed across at least two successive administrations — was here to stay, regardless of the outcome of an election that was still a month away when the roundtable discussion took place.
"I don't think it matters," one official said of the political leadership question. "I think if we continue to do our jobs and provide value, we'll continue to have the momentum."
Another agreed, saying: "The stuff happening above the department level for us is much less important than the extent to which we're successful in explaining to our leadership how our modernization directly supports the mission."
One CIO said a far greater concern was that this year's IT modernization efforts would not fully account for the human strains the COVID-19 crisis has caused. "If the technology can do it, but we burn out the people," he said, "it ain't going to work."