FCWPerspectives Creating space
for innovation
Centralization can be stifling, but silos aren’t sustainable. So now what?
“Innovation” is an overused buzzword that obscures the messy reality of making change happen. True innovation requires the right people, the proper mix of technologies and a critical grasp of customers’ needs and expectations. For agencies, the many layers
of federal governance and regulation add another degree of difficulty.
FCW recently gathered
a group of IT leaders from across government to talk
about the obstacles they’re encountering and how they’ve addressed them. The discussion was on the record but not
for individual attribution
(see Page 42 for a full list of participants), and the quotes have been edited for length and clarity. Here’s what the group had to say.
Procurement is no longer the obstacle — security is
The Federal Acquisition Regulation’s restrictions, both real and perceived, have long been a friction point for dig- ital reinvention efforts, but most par- ticipants said the contracting process is not holding them back.
“It used to be the in-vogue com- plaint was, ‘Oh, it’s all procurement’s fault,’” one executive said. “But actu- ally, procurement has gotten much better. What our agency is grappling with is the IT monstrosity that came out of” the Federal Information Secu- rity Management Act.
“FISMA came out because we were doing these things wrong in govern- ment,” he acknowledged. “But now we’ve created this very burdensome process that is not well-aligned to where cloud architecture is going,” and agencies must find new ways to navigate that process. “Obviously, we can’t bend security principles, [but without a new architecture,] you’re waiting two years to deploy. That’s not innovation. That’s not acceptable in this day and age.”
Another participant echoed that concern and pointed to a kickoff call he’d had earlier that day with a new procurement team.
“It was a beautiful model,” that executive said. “The acquisition and innovation advocate for the compo- nent was on the line. We had the attorney, the contracting officer, the program officer, even a user. And
somebody from the CIO shop. So we were all talking about what the goals and objectives were, and one of the very first questions was, ‘Who is involved in the [authority to operate]? What does that process look like?’ Because inevitably what we’re seeing is that’s what’s needed to be able to deploy technology.”
A third participant, who brought a range of cybersecurity experience to the table, agreed that this was a com- mon problem and noted that too many teams still approach security as a final layer rather than an integral part of their projects.
The problem is not FISMA or the Risk Management Framework, he said. “It’s how the framework is imple- mented. [It] was always designed to be a life cycle-based process, [but] one of the things that it turned into was a paperwork exercise that may or may not have anything to do with good security.”
“It all starts with a good set of secu- rity and privacy requirements,” anoth- er participant said. “You can forget about FISMA” if those requirements are clear from the beginning.
Centralization: Impediment to innovation?
For some of the participants, a more insidious obstacle is the push to cen- tralize and standardize IT.
“I think agencies that will struggle with modernization are those with centralized IT shops,” one said. “Agen-
40
January/February 2019
FCW.COM