Three department IT leaders share their top asks from the new Congress and yet-to-be-appointed federal CIO.
Agency chief information officers want the new Congress and incoming IT leadership’s support, mainly through consistent, multiyear funding and to spend less time on cumbersome compliance work.
With a new administration comes new leaders and, often, a shift in priorities. But the Biden administration has yet to appoint permanent federal IT leaders at the top—namely the federal CIO, which is currently filled by Deputy Federal CIO Maria Roat in an acting capacity. As department-level CIOs wait to see who will set the political priorities for modernization efforts, IT leaders from the departments of Commerce, Education and Labor shared their wishlists for the coming year.
“Of course, budget is a tremendously important part of this discussion,” Commerce CIO Andre Mendes said Tuesday during a Government Executive Media Group event on The New Agenda. “Unfortunately, in the IT arena, we have a constant stream of new requirements. Some of them regulatory, some of them legislative, some of them created by the environment—let’s say, for example, SolarWinds and everything that comes out of it, all of the issues associated with that in supply chain. We need to ensure we are making smart investments, not only on the ongoing modernization of the entire federal infrastructure but also on all of the up and coming issues.”
That becomes more difficult when Congress defaults to continuing resolutions instead of passing a full fiscal year budget on time.
“In terms of what I would want: consistent funding would be nice,” said Education CIO Jason Gray. “Not have to deal with the CR … because that is a disservice. How do you plan strategically over multiple years if you literally are constantly having to catch up because you can’t start anything new, you have to continue what you’re doing.”
This becomes even more difficult when Congress and the Office of Management and Budget stack unfunded mandates on top of unreliable funding, Mendes said.
Mendes said the combination of CRs and unfunded mandates forces many CIOs to focus on compliance—“cybersecurity, regulatory compliance, so on and so forth”—while shirking modernization.
“You sometimes end up moving money away from modernization that would actually have long-term benefits from a financial standpoint but that you effectively can’t afford in the face of unfunded mandates,” Mendes said. “The benefits of modern technology are enormous. But if you cannot leverage them because you’re spending 60% of your money on legacy platforms, you’re effectively cheating the department, the agency, the taxpayer—not willingly, but effectively—out of a better set of services and even more modern services, better services.”
“It’s always challenging to deal with unfunded mandates that might come down from DHS or OMB or others,” Rick Kryger, Labor Department deputy CIO for operations, agreed. “Those are things we have to comply with. But there are things agencies need to do better themselves. I think the shared services initiative we’ve implemented at the Department of Labor is about getting more efficient—to free up those dollars, eliminate duplication, streamline commodity services—get more efficient to free up those dollars to put into modernization.”
Those efforts can fall apart without proper funding. Kryger said the lack of multiyear and colorless funding does as much harm as continuous CRs.
“We’ve gained some flexibility at the Department of Labor using expired unobligated funds—funds from the previous year that goes into a modernization fund that we can use the next year to help projects,” he said.
When CIO shops can’t find multiyear funding to cover new mandates and ongoing projects, it comes at a cost to the mission, he said.
“We’re effectively having to assess costs back onto the core mission components of the agency,” Kryger said. “When we do that and, let’s say, assess costs back and [the Occupational Safety and Health Administration, or OSHA] is picking up that cost, when we assess that money that means there’s fewer inspectors they have to go out into the field and identify safety violations. So, there’s downstream impact by just assessing costs onto business functions.”
Gray also noted another problem with the deluge of mandates, whether funded or not: time.
“Time is one of the things … having been at the department almost five years, I look at as a department where we’re at, so much progress has been made,” he said. “But having the time and the resources and the support to do that are absolutely essential to being successful.”
Gray pointed to the Federal Information Security Management Act, or FISMA, reports agencies have to file with OMB each year.
“I really would hope there are some revisits in terms of, again, from a timing standpoint,” he said. “Our FISMA audit will finish in October; will publish in November. We’ll have our corrective actions that are due by the end of December. Then, by the first week of February, hey, it’s time to begin again. I’ve had, literally, a month-ish. We’re working on a lot of things already. But every single year?”