The Risky Business of Federal IT | Citizens Against Government Waste

The Risky Business of Federal IT

The WasteWatcher

Information technology (IT) has consistently been a top priority for Citizens Against Government Waste (CAGW) since it was founded in 1984 following the release of the Grace Commission report.  The commission found that the federal government’s computer systems were outdated and incompatible, and much more needed to be done to upgrade and improve the efficiency of federal IT.

That is still true today, as more than 75 percent of the $80 billion spent annually on federal IT is being used for the operation and maintenance of legacy systems, some of which were built in the 1960s.  The Government Accountability Office (GAO) reported in May, 2016, that these expenditures “increased over the past 7 years, which has resulted in a $7.3 billion decline from fiscal years 2010 to 2017 in development, modernization, and enhancement activities.”

One reason for the plethora of ancient IT systems is the consistent failure of modernization efforts throughout federal agencies.  One of the more recent examples is the General Services Administration’s (GSA) 18F office, which was established in March 2014 to collaborate with other federal agencies to help correct technical problems, build IT products, and improve government services through technology.   18F was supposed to bill these agencies for its services.  On October 24, 2016, the GSA Office of Inspector General (OIG) issued a report detailing several problems with 18F, including a cumulative net loss of $31.66 million through the third quarter of fiscal year 2016.

Among the drivers for the losses was an increase in staff from 33 at its launch to 201 by March 24, 2016, with 119 staff, or 59.2 percent, hired at a GS-15 level pay grade.  There is apparently a blatant disregard for these results, as the 18F director of operations stated, “to be frank, there are some of us that don’t give a rip about the losses.” 

This attitude is exemplified by the OIG’s finding that less than half of the staff time was spent working on billable projects.  Non-billable activities included outreach promotion of 18F projects and accomplishments, using 13,989 hours (valued at an estimated $2.34 million); the creation of flash cards to define 18F’s agile development approach, using 1,413 hours (valued at approximately $235,950); 18F branding, which used 727 staffing hours (valued at approximately $140,104); and the development of “Tock,” an internal timekeeping system, using 245 staffing hours (valued at an estimated $43,971).

On February 21, 2017, the OIG released an evaluation of 18F’s security compliance.  The OIG reported that 18F staff had integrated the messaging and collaboration application “Slack” into their GSA Google Drives, creating a security vulnerability that was not discovered until March 2016.   In addition, while most federal agency cloud services must undergo strict compliance reviews to obtain authorization to operate through GSA’s FedRAMP process, 18F circumvented the GSA rules by creating and using its own security assessment and authorization process.

In response to the February 2017 OIG report, GSA Technology Transformation Service Commissioner Rob Cook stated that “most, if not all, of the six recommendations GSA’s inspector general made in the recent critical report on the digital services organization were implemented.”  He claimed that the report covered problems that occurred more than a year prior to its release.  His comments must be taken with a huge grain of salt.

For the second consecutive time, the 2017 GAO High Risk Series report included the management of IT acquisitions and operations.  GAO found that “agencies still need to improve their capacity to successfully manage IT investments by fully implementing the CIO authorities described in FITARA and ensuring that program staff have the necessary knowledge and skills to acquire IT.  Further work is needed to establish plans to modernize or replace obsolete IT investments.”  For these and many other reasons, CAGW included IT modernization in Critical Waste Issues for the 115th Congress.  

Given the history of broken promises and poor results with federal IT projects, the proper way to “fix” 18F is to scrap the program and issue a request for proposal so a private sector company can step in and provide these services more efficiently and at a lower cost, presuming they are needed.  Only then can IT become less of a risky proposition for taxpayers.