'Computer Chaos' at 20: Back where we started
A key contributor to Clinger-Cohen argues that federal IT has failed to take advantage of the tools that law provided.
Editor's Note: Paul Brubaker worked for Sen. Cohen in the mid-1990s as a subcommittee staff director, and was deeply involved in drafting both the Computer Chaos report and the Clinger-Cohen legislation.
Twenty years ago this month, then-Sen. William S. Cohen issued his seminal investigative report entitled "Computer Chaos."
That report, and the Maine Republican’s deep interest and commitment in fixing the longstanding systemic deficiencies in the government’s approach to buying technology, were the driving forces behind the Information Technology Management Reform Act, now recognized as the IT provisions of the Clinger-Cohen Act.
At a recent luncheon, I had the opportunity to discuss the progress, or lack thereof, with Cohen. I think it is fair to say that we were both dismayed and disappointed that almost two decades later, the government has failed to take full advantage of the tools provided by the law that bears his name.
What was most disappointing was our mutual realization that many of the deficiencies highlighted in the Chaos report are still plaguing the government’s inability to keep pace with advances in technology.
The Government Accountability Office, the inspectors general and congressional committees are still citing failures that can be traced to many of the findings in the report: inadequate planning; misunderstood and over-prescribed requirements; large unmanageable programs; skill set disconnects; cumbersome and antiquated regulations and practices; disconnect between acquisition and mission; failure to link technology investments to mission outcomes; inadequate business cases … and the list goes on.
We also seem to be spending millions and wasting time redocumenting the deficiencies and admiring the problem when in fact, many of these flaws could be addressed by refocusing on the key provisions of the Clinger-Cohen Act and actually implementing them.
Last year I watched in shock and horror as a senior agency executive spent seven figures on a McKinsey study to highlight the very findings outlined above, while many of the oversight responsibilities delegated to that executive under Clinger-Cohen were either neglected or poorly executed. Too often, it seems, government does not take sufficient care to hire people with the necessary knowledge, skills, abilities and traits to succeed.
Over the past decade we have watched successive major procurements continue to fail in virtually every major department. And after spending more than $800 million on a fatally flawed HealthCare.gov site, it is still not clear the holistic and tightly integrated underlying business processes will ever be properly automated.
Moreover, the oversight mechanisms established by the Office of Management and Budget to gain visibility into the health of IT spending are useless. At the core is the fact that OMB and the agencies have lost the plot. They have simply forgotten what Computer Chaos and the Clinger-Cohen Act were saying: "It's the business processes, stupid; not the technology."
Since passage of Clinger-Cohen, well meaning but tragically bureaucratic policy people have been at the core of prescribing implementation guidance for the provisions of the law -- and they have simply gotten it wrong.
Additional laws and regulations have also added to the layers of non-value added bureaucracy that have bastardized Clinger-Cohen's intent, and burdened the system to the point where everything from capital planning and investment control, architecture, security and business case development has turned into a compliance exercise. At the same time, those subsequent additions have stifled innovation and the rapid deployment of the types of technologies that can transform business cases and create billions of dollars in efficiencies.
One need only to look at the FedRAMP process to see my point. This is an extraordinarily cumbersome and bureaucratic response to a legitimate concern that is better handled through clear lines of responsibility and accountability. This process arguably has unnecessarily slowed down cloud deployment in the federal government and has created billions of dollars in opportunity cost and lost innovation, as infrastructure and cloud service providers have spent millions attempting to navigate a fluid, often unclear, and understaffed compliance exercise -- one that, at its core, may not really even be achieving its objective.
There are other examples. Implementation of FISMA, E-Gov Act requirements, OMB A-130, OMB’s 25-point plan and other inflexible and complicated laws, regulations, policies and practices have all conspired to ensure that we live in a federal IT environment that is impossibly complicated.
It is at least as daunting today as it was 20 years ago, when Cohen set out to simplify the government’s approach to technology in a way that would allow agencies to take advantage of 21st century tools. Clearly, and sadly, we are back to the future.