The Council of the Inspectors General on Integrity and Efficiency (CIGIE) issued a summary today of the top challenges facing Federal agencies, as identified by those agencies’ respective Offices of the Inspector General (OIG) – and once again IT issues headed up the list.
The Sept. 22 report, Top Management and Performance Challenges Facing Multiple Federal Agencies, is the third the council has released – following one in 2018 and another in 2021. According to CIGIE, Fed’s top issues have remained mostly consistent over the last five years – with IT security and management remaining as a constant at the top of the list.
The report – compiled by a group of 23 individuals from various Federal OIGs – listed IT challenges as a top concern by 74 percent of IGs, up one percent from the 2021 report.
While IT and security management has remained a top challenge for agencies since the CIGIE’s first report in 2018, some of the key areas for concern of the IT challenge have changed.
In the report released today, the IGs listed the five key area of concerns as:
- Cybersecurity;
- IT modernization;
- Investment and project management;
- Regulatory requirements; and
- Post-pandemic remote work and web presence.
Cybersecurity top Concern
“Federal agencies are rightly concerned with evolving cyber threats, such as the growth in availability and effectiveness of internet-based hacking tools, threats from foreign adversaries, and quantum-vulnerable cryptographic technologies,” the report reads.
According the CIGIE, when identifying weaknesses in agency IT environments, many OIGs highlighted identity and access management, administrative privilege control, risk management, and a shortage of technological and personnel resources.
“In addition to direct cyber threats, agencies also expressed concern with limited vetting and oversight of third-party system contracts and related system development activities,” the report says.
For example, the Small Business Administration (SBA) stated that most of its pandemic assistance was delivered using systems developed by third-party service providers. However, the SBA Business Technology Investment Council did not meet regularly and performed limited reviews of system contracts and related system development activities.
Tech Investment, Project Management Lacking
“Poor IT investment and project management cause inefficient spending, project delays, and sometimes even project failure, which hinders the agency’s ability to meet mission needs, address security risks, meet compliance requirements, and reduce operating costs,” the report says.
For example, the Department of Housing and Urban Development (HUD) stated that it has historically failed to fully execute modernization plans and project implementation, failing to realize hundreds of millions of dollars in potential savings and causing ongoing security risks.
“HUD cited poor contract management and communication; significant weaknesses in cost and schedule estimation processes; and a lack of fully defined roles, responsibilities, and performance measures as reasons for its failures,” the council wrote. “It also stated that IT project managers often have insufficient expertise or resources.”
Regulatory Requirements Overload
“New regulatory requirements designed to promote security among Government IT systems require agencies to dedicate resources toward adopting new requirements, while maintaining flexibility to adapt to an ever changing IT environment,” the report says.
Specifically, the CIGIE mentioned the Office of Management and Budget’s (OMB) zero trust architecture strategy, the Federal Information Security Modernization Act, guidance from the National Institute of Standards and Technology, and diversity, equity, inclusion, and accessibility initiatives.
“The Treasury expressed concern that dedicating resources to comply with these directives could hamper other IT projects, such as cloud adoption,” the council said.
Post-Pandemic Work Exacerbates Existing IT Problems
“The COVID-19 pandemic led to a rapid expansion of remote work, increased use of personal devices, and increased demand for customer-facing web portals, especially to compete with private-sector offerings,” the report reads.
“These challenges heighten many of those already mentioned in this section, with an increased attack surface leading to more cybersecurity risk, a wider range of devices and new technologies causing IT investment and project management challenges, and rapidly issued guidance requiring quick adoption of new requirements,” CIGIE wrote.
IT Modernization Challenges Persist
IT modernization is the only key concern that has persisted in the report throughout the years. In both the 2018 and 2021 reports, the top concerns – in addition to modernization – were safeguarding sensitive data and information systems; continuity of operations; and building and maintaining an IT workforce.
“Legacy information systems create the risk of increased maintenance costs, lack of available support, and a decreased capacity to support business needs,” the report released today says. “Major hindrances to IT modernization efforts across the Government include IT funding shortages, changing priorities, and poor IT investment and project management.”
For example, The Department of Veterans Affairs has expressed that its antiquated systems are burdensome, costly to maintain, cumbersome to operate, and difficult to adapt to continuously advancing operational and security requirements.
IGs Other top Concerns for Agencies
The OIGs other five top concerns for the agencies, in order, include:
- Human capital management;
- Performance management and accountability;
- Financial management;
- Procurement management;
- Grants management; and
- Homeland security, pandemic recovery, disaster preparedness, and climate change.
