In the wake of the largest data breach the federal government has ever seen, a new watchdog report concludes about a quarter of the federal government’s information technology investments are in “urgent” need of attention because of poor management, oversight and maintenance.
At the end of May, 178 of the government’s 738 major IT investments — totaling $8.7 billion — were in “urgent” need of attention due to their high risk, according to the Government Accountability Office.
Even worse, The Office of Management and Budget — which is responsible for overseeing technology management across federal agencies — has done little to try to remedy the problems, the report found. The GAO has made 737 recommendations to OMB and other agencies for technology management improvements since October 2009, but as of January 2015, only 28 percent of those recommendations had been fully implemented.
Last week, this mismanagement was exposed after China-based hackers, infiltrated the computer systems of both the Office of Personnel Management and the Interior Department, and obtained the information of at least 4 million government employees. That breach came on the heels of the IRS acknowledgment that hackers broke into one of its systems and stole the tax transcripts, including some of the most sensitive information possible, from about 104,000 taxpayers.
Watchdogs say the federal government’s cyber security shortcomings demonstrate a culture of lazy management that not only costs taxpayer dollars but can also have more direct and dangerous impacts on the American public.
“This administration has been plagued with IT mismanagement throughout its tenure. Ranging from the Obamacare website disaster to personnel data breaches, this administration has engaged in systematic information technology malpractice,” said Richard Manning, president of Americans for Limited Government. “Unfortunately, there remains a stunning lack of urgency to resolve these issues and it is likely to get worse as health care professionals and others inundate the system with more and more customer data into systems that are neither secure nor stable.
“As someone who’s data was likely stolen in the federal government personnel records breach, I am truly concerned that this administration’s incompetence could lead to those of us who trust them with our personal information paying the price through identity theft and worse.”
For failing to perform basic oversight and management for sensitive federal information technology systems at the expense of the taxpayer, OMB wins this week’s Golden Hammer, a weekly distinction awarded by The Washington Times highlighting the most egregious examples of government fraud, waste and abuse of tax dollars.
“It is appalling that the federal government continues to waste billions on IT programs that fail to deliver due to inadequate management and oversight,” said Deborah Collier, technology policy director at the non-partisan Citizens Against Government Waste.
OMB did not response to a request for comment made by The Washington Times.
The federal government invests about $80 billion in IT each year, but much of these improvements are crippled by poor management and oversight leading to cost overruns, schedule changes and poor returns on investment, the report says.
GAO investigators listed numerous examples of costly federal technology programs being canceled or delayed at agencies including the Department of Veterans Affairs, OPM, The Department of Agriculture and The National Oceanic and Atmospheric Administration in their latest report.
“This stuff has been going on for decades and it has real serious consequences for the public when these failure happen,” said Chris Edwards, budget analyst at the Cato Institute, referring to the shoddy roll out of Health and Huma Services’ health care exchange website, which was also included in the GAO’s cost estimates.
In order to facilitate transparency in IT investments across federal agencies, OMB established a public website — the IT Dashboard — which provides detailed information on major investments. But OMB does not update the public version of the dashboard while the president’s budget request is being formulated, meaning the site hasn’t been updated for more than six months now.
In 2010 OMB established a process for conducting face-to-face performance reviews of IT investments called “TechStat.” As a result of holding those sessions in 2010, federal agencies were able to save over $3 billion, according to the GAO report.
But OMB has been slipping on TechStat reviews and over the last two years OMB has not conducted any TechStat reviews. OMB has also not listed any savings from TechStat reviews in any of its required quarterly reports to Congress since June 2012, according to the GAO.
Investigators expressed concern in the report over shifts in IT funding as well. Federal agencies plan to spend much of their technology budgets on operations and maintenance of already existing systems — when it might be cheaper just to replace those systems with newer technology.
Over the past six fiscal years the amount of money federal agencies have spent on IT maintenance has steadily increased, but investments in developing new systems have decreased by about $7.8 billion since 2010.
“This raises concerns about agencies’ ability to replace systems that are no longer cost-effective or that fail to meet user needs,” investigators wrote in the report.
Cato’s Mr. Edwards, who testified on reducing wasteful spending at a Wednesday hearing before the Senate Committee on Homeland Security and Government Affairs, said that part of the reason the government can’t rein in its IT spending is there are too many projects for auditors to manage.
Mr. Edwards suggested that agencies privatize on certain projects and do away with unnecessary IT investments all together and argued that federal agencies have never been very good with keeping up with innovative IT projects.
“The government has never been good at advanced technology. That’s why the Pentagon, where advanced technology is most important, hires a lot of private companies to do their IT work,” Mr. Edwards said. “Splitting off some IT projects for the private sector and getting rid of others would leave federal auditors in Congress with more ability to look over things that the government really does need to be updating.”