Is the OMB policy guidance adequate to direct where and how to spend Federal government IT money as the pressures for the reduction in budgets keep rising.
OMB reports IT FY2011 spending for the Federal government as $79 billion. However that number does not include spending for 58 independent executive and judicial agencies. In the case of DoD, which accounts for close to half of Federal IT spending, the payroll costs of the uniformed and civilian payroll are excluded.
The DoD IT budget also excludes costs included in operational systems such as command and control applications that are embedded in weapons. Whereas in the past embedded systems were separate from general support applications, in the coming era of cyber warfare all systems must be viewed as interoperable components. Providing security protection for all DoD systems has become an over-riding requirement.
With current DoD IT spending estimated as over $40 billion, or 7% of the total, the DoD exceeds IT spending for even the largest commercial firm by a large multiple. A comparable ratio for large commercial firms is under 3%. Therefore the top-level policy guidance to steer such a massive expenditure is of critical importance. It is not only the total amount that matters but also its quality in supporting national security missions.
The DoD IT costs are listed in over 2,000 investment projects. As compared with commercial practice this is a high number because commercial enterprises are able to spend more on operating costs and less on new investments. Commercial firms spend money on a steady stream of continuous upgrades to systems that are already in place. There is no need to make new long-term investments because systems depend on a steadily upgradeable architecture. The Federal Government does not have an upgradeable architecture. DoD, its largest component, is notorious by reliance on a fractured systems environment that is not easily upgradeable, is not integrated and it no interoperable.
For instance, DoD has 1,536 separate development programs for improving the management of information technologies. Consequently, it finds itself continuously re-inventing and re-building improved structures, which are nevertheless conceived as independent ventures.
The Office of Management and Budget in the Office of the President OMB plays a key role in overseeing how federal agencies manage their IT investments. The source for this oversight is data about an agency’s investment portfolio (Exhibits 53) and about capital assets planning (Exhibits 300). Additional web based “dashboards” summarize information about diverse projects.
OMB does not provide architectural or operational oversight over IT spending for ongoing operations but focuses only on a limited number of large development programs. OMB and federal agencies have concentrated on duplicate IT investments. Most of these efforts have not yet demonstrated cost reductions. In the absence of an overall enterprise plan it is not possible to disentangle conflicting initiatives.
The limited progress in managing Federal IT for greater efficiency can be traced to a lack of a coherent Federal Enterprise Architecture (FEA). When originally proposed in 1999, the FEA was intended to provide federal agencies with a common architecture, which would allow the coordination of common business processes and which would facilitate consistent system investments. No progress was made.
As part of the fiscal year 2004 budget cycle, OMB required agencies to align proposed IT investments to new FEA reference models to guide the initial process improvements. Agencies then set up organizations to deliver agency-wide enterprise architectures, which would define IT investments. In FY 2011 the OMB Chief Architect reported that changes to IT investments are still in the planning stage.
At present the actual progress in aligning IT spending according to an enterprise blueprint does as yet not show progress according to the most recent GAO Report to the Congress (GAO-11-826).
So far the policy directions for the Federal IT spending have focused primarily on the closure of data centers. While the consolidation is proceeding, verifiable net cost reductions are not available because this effort concentrates on the savings in the number of servers through virtualization, where the net savings have long paybacks.
OMB has also announced a “Trusted Internet Connection” initiative to improve security by reducing and consolidating external network connections. However, none of the 23 participating agencies have as yet met all of this initiative’s requirements.
A major new program from OMB is the FedRAMP project, which is to provide continuous security monitoring of cloud computing systems for multiagency use. This project is currently behind schedule, and has not yet defined all performance metrics.
The FedSpace project, which is to provide federal employees and contractors with collaboration tools for cross-agency knowledge sharing, is also behind schedule and has not defined its performance metrics.
The policy guidance for directing the missions of IT must rise to the challenges that are now emerging, especially with regard to security assurance of all systems. Ultimately, policy is directed by Congress and then transmitted via the OMB as a redirection how funds should be spent. There is no question that we must start receiving more guidance because what we have received so far is not adequate.