Tech leaders from six prominent government agencies offered suggestions Tuesday for how they want to see the FITARA Scorecard categories improve, particularly when it comes to cybersecurity metrics.
Rep. Gerry Connolly, D-Va., released the 16th iteration of the FITARA scorecard for agencies in an unusual forum on Tuesday, hosting a roundtable discussion with agency representatives rather than via an official subcommittee hearing.
“We could not allow a lapse in the scorecard,” said Rep. Connolly – who is ranking member of the Subcommittee on Cybersecurity, IT and Government Innovation in the House Oversight and Accountability Committee – of the Sept. 26 roundtable discussion held without Republicans.
The scorecard – issued twice per year – dates back to 2015. Agencies are graded on their progress toward a range of IT modernization and improvement standards by the Government Accountability Office (GAO).
Featured at the Sept. 26 roundtable event were representatives from GAO, the General Services Administration, Social Security Administration (SSA), and the Departments of State, Veterans Affairs (VA) and Commerce (DoC).
The agency tech leaders offered suggestions for improvements – particularly in how agencies are graded for cybersecurity. This week’s scorecard leveraged a composite scoring of both cyber data from the Office of Management and Budget and data from agency inspectors general.
“I have a lot of cybersecurity scores … I think some consistency across these public [cybersecurity] metrics would be very helpful,” said State Department Chief Information Officer (CIO) Kelly Fletcher, with officials from both the VA and SSA agreeing.
Fletcher noted that her agency got a “D” grade on cybersecurity on FITARA Scorecard 16.0, but on other public metrics State has a “B” grade.
“I do think FITARA has really fundamentally changed how department leadership sees IT and cybersecurity,” she added.
The majority of agencies received a “C” or a “D” score for cybersecurity, with only the Nuclear Regulatory Commission receiving an “A.”
During the roundtable, Rep. Connolly and the agency IT leaders discussed the efficacy of the scorecard in pushing progress at agencies, as well as the exact metrics agencies are measured against and how they are evaluated.
GAO’s IT and cybersecurity director Carol Harris highlighted that the FITARA Scorecard effort has yielded $25.5 billion in savings.
Additionally, Harris said there have been “dramatic improvements” in the grades for whether or not CIOs report directly to agency leadership, attributing that progress to “that constant drumbeat from the scorecard.”
“We created a scorecard as part of the implementation of FITARA so that we could use it as an implement to incentivize the update and the modernization of IT in Federal agencies and frankly to empower decision-makers – CIOs in particular – to be able to push change,” the congressman said.
“The FITARA scoring is a mechanism that really allows us to keep ourselves accountable,” said André Mendes, CIO at DoC.
Exactly how the scorecard looks has evolved over time. This latest iteration previews two new categories coming for the 17th scorecard: cloud and CIO reporting structure, budget, and acquisitions.
An IT workforce category is also something to consider as an addition, said GAO’s Harris, who added that cloud procurement is a big challenge area for agencies given outdated language and pricing models in the Federal Acquisition Regulation.
“In addition to that, the IT workforce we talk about – cyber workforce has been something that gets a lot of play and a lot of coverage but cloud expertise, and also how to effectively procure cloud, that expertise is also something that we need to see more in the IT workforce,” Harris said.
In addition to workforce, Rep. Connolly also put a lot of emphasis on cloud and legacy IT systems, noting that he hopes future iterations of FITARA will measure agency implementation of FedRAMP. The congressman is also interested in looking into legacy IT systems at agencies for future FITARA iterations, though he did not specify how this category would be measured.
Rep. Connolly highlighted that technology is now the foundation of the Federal government’s mission-driven business.
The government can no longer afford the mentality of not wanting to fund IT modernization, Rep. Connolly said. “It’s integral to what you want,” he continued, adding, “If you are mission driven, then you better care about the IT platforms.”
