By: Innocent Obi Jr., Research Analyst
On February 21, 2017, the Office of Inspections and Forensic Auditing in the Office of the Inspector General (OIG) of GSA released an internal evaluation of 18F’s compliance of GSA’s information technology security policies. While this is not the first time 18F’s activities have been evaluated, the intention of this report was to evaluate 18F’s compliance with GSA’s IT security guidelines. The general findings of the report were that 18F “disregarded fundamental GSA information technology security requirements and circumvented the CIO.” (See the report for more analysis)
Why is this important? As we face a very uncertain political environment, it is quite simple to pitch this as yet another kink in the technology agenda of the Obama administration. But this is not a failure. It is a point for instruction. At the time of the inception of 18F, there was a sense of urgency to build and deploy effective solutions. However, bureaucratic intransigence coupled with the complexities of government procurement made it not only more difficult, but also practically impossible to innovate at an appropriate pace. 18F alongside its counterpart USDS, the United States Digital Service, provided a sandbox in government cloistered away from the political logrolling. Where 18F erred was in their belief that circumventing the compliance processes in GSA would ‘disrupt’ how government works thereby introducing a new way of developing software solutions in government, through evidence of their successes. This would have been the case if technology were the only problem. It wasn’t and today it still isn’t.
As noted in our report The Architecture of Innovation, a systemic problem in government is the lack of an environment that encourages innovation and risk-taking. As a result of risk-averse procurement policies, in IT acquisition conversations it is commonplace to choose a product that is low risk and with moderate impact en lieu of one that is high risk with a greater potential for positive impact. The real disruption needed in government was and still is a mindset shift away from bureaucratic compliance towards organizational learning; a mindset shift that places the beneficiary – the citizen – at the core.
Currently in IT modernization conversations, technology is the driver. In government, a variety of technologies support agencies in various budgeting and decision-making tasks while assisting personnel by automating time-consuming exercises and supporting effective and fluid collaboration and communication. At the same time, better policy also supports an environment of innovation. It can alleviate burdens on vendors and ensure that procurement processes are responsive to the needs of the end-user and beneficiaries. Still for both technology and policy to deliver at scale, the current ‘business-as-usual’ approach to operations must change. Delivering technology that is fit-for-purpose and policy that is adaptive and resilient requires an appetite for failure and continuous learning.
For technology modernization to be successful in the new Administration, public servants and technologists must learn from the successes and failures of the past eight years. Only then can we structure the architecture for innovation in government that can support real and relevant solutions at scale. Such a task will require all agencies to work to change processes in government that are inefficient and ineffective, rather than circumventing or disregarding them. It requires an acknowledgement that some redundancies in government that might at first sight seem irrelevant and profligate are often intentionally legislated by agencies and key stakeholders to maintain the balance between innovation and stability, between flexibility and security.
Government cannot predict with certainty the issues and technologies of future. But it can seek to build a public sector environment that supports and incentivizes innovative and creative thinking to achieve better outcomes. Policy cannot be blind to technology and vice versa. By adopting an integrated approach, government – operating as a platform for service delivery – can pursue fundamental, systemic solutions to social problems.
This will require the collective effort of bringing and adding value through multi-stakeholder and cross-disciplinary collaboration and communication. It will require all – the public, private and nonprofit sectors – to hold themselves accountable to the beneficiaries, rather than just the contract. Government can no longer afford to build, buy, and deploy ineffective technologies. The stakes for citizens are too high. So in the style of the perspicacious John F. Kennedy, we should ask not what technology can do for us, but what we can do with technology.