A new addition to Pentagon leadership created by the fiscal 2017 National Defense Authorization Act could change the way the department’s chief information officer handles the job.
Effective Feb. 1, 2018, a chief management officer will be charged with establishing policy on and supervising many issues around business planning and management, including “business information technology management.”
While the law, enacted in December, also says the CIO “reports directly to the Secretary and Deputy Secretary without intervening authority,” the language around the new role leaves some questions about how the IT chief and the new CMO will work with each other.
This isn’t Congress’ first attempt at tinkering with IT and management structure: The current law replaced language from the fiscal 2016 NDAA that would have created by Feb. 1 of this year an undersecretary of Defense for business management and information who also would have served as the chief information officer.
The department currently has a deputy chief management officer, and the deputy secretary for Defense — among his many responsibilities — also has to serve as the chief management officer.
Some of the questions about lines of authority should wait, said David Wennergren, executive vice president and chief operating officer at the Professional Services Council, to FedScoop. Before addressing who reports to whom and where the chief information officer is situated within the department, Pentagon leaders must have “a meaningful conversation about what they want their senior information technology official to be responsible for,” he said.
The NDAA says the CMO role will be responsible specifically for “business” IT. The CIO’s responsibilities are broad, including nuclear command and control systems, department issues related to electromagnetic spectrum and “policy, oversight, and guidance for the architecture and programs related to the networking and cyber defense architecture of the Department,” the law says.
It is unclear whether some of those responsibilities would shift. Wennergren, who held several CIO positions at the Pentagon in the 2000s including assistant deputy chief management officer, said the language around “business” IT is vague.
“Are you going to bifurcate? The CIO has responsibility for all IT except for business IT?” he said. “So there is an issue here that has to get worked out.”
Former Defense CIO Terry Halvorsen said in a January roundtable with reporters that he thought taking away the undersecretary for business and information was a good idea, and that the management role and CIO role should remain separate. (The CIO vacancy has not yet been filled.)
“I do think the CIO should remain separate. I think that was a good decision in the NDAA. I think if you look at what the industry, other government sectors are doing it is about strengthening the role of the CIO, I mean they’re all doing that. I think we need to continue to look at what that means at DOD,” Halvorsen said.
He added that he doesn’t think one enterprise-wide CIO for the department is a good idea.
“I’m not there yet, mostly because of speed,” he said. “The services need to be able to take action, particularly when we’re we’re talking about what I will call ‘operational IT.’ And sometimes … that IT controller, that commander on the spot is going to have a better picture than somebody sitting back here in the Pentagon. So what I believe is we certainly ought to have centralized policies, [and] there’s some things we should do in enterprise.”
‘A good place to start’
Defense Secretary James Mattis directed his deputy, in a Feb. 17 memo shared with FedScoop, to establish cross-functional teams to look for efficiencies across business functions such as human resource management; financial management; acquisition and contract management; and cybersecurity and information technology management.
The current NDAA, Mattis says, tasks “the Department to conduct a thorough review of how we conduct our business operations with an eye toward becoming more effective and efficient.” And the review will continue past work the deputy and others have done, Mattis writes.
“I find the work done by you, the Deputy Chief Management Officer and Chief Information Officer staffs in 2014-2015 to be a good place to start,” Mattis’ memo says to Deputy Secretary Bob Work. “You highlighted potential savings to be had by consolidating work in several discrete lines of business.”
Mattis also released a second memo with, among many items, a direction to the deputy to “consider options for an improved Chief Management Officer function, develop alternatives, with specified responsibilities, functions, authorities and structures, for the establishment of a CMO. In addition, consider options for the establishment of an USD for Management in lieu of a CMO, which would require a change to existing law. Provide appropriate legislative change proposals to accompany all alternatives.”
Mattis gave a deadline of Feb. 27 — last Monday — for everything asked for in the second memo. The Pentagon declined to provide an update on whether those items were delivered.
Wennegren says the study “is a really important thing because all CIOs are not the same at federal agencies.”
“Different kinds of CIO jobs can be effective, but … what you need to do is to name what you want that job to accomplish, and then get the right person in the job to do that kind of thing,” he said.
And as they begin to define that role, Wennergren said, it will become more apparent as to where it should reside.
Pentagon management possibilities
A recently published report from the Center for a New American Security proposes one radical route the department could take with NDAA-directed restructuring and its chief management officer: “Mattis could … consider consolidating the disparate financial, human resource, information technology, and innovation functions beneath the CMO to improve accountability, integration, and strategic planning,”
Granted the move would go beyond the NDAA and require extra resources and congressional backing, as the report notes, but it would allow Mattis to use the NDAA-mandated restructuring to address business management in the Pentagon.
The proposal could directly conflict with other legislation, such as Federal Information Technology Acquisition Reform Act, which was designed to — above all else — give chief information officers the authority they need over IT projects so Congress could hold them accountable.
One of that legislation’s intents was to ensure agency IT heads report directly to officials at the top — a department’s secretary or a deputy secretary, or the equivalent in other agencies. But half of the agency CIOs subject to FITARA do not have that reporting structure, according to the House Oversight and Government Reform Committee’s latest scorecard on implementation of the law.
“I would say having been a CIO, I found it very helpful and important to report directly to the Secretary of the Navy, right, because the job of the CIO is to work across organizational boundaries, and the easier to get the kids to play together, you have mom or dad working to get the kids to play together. So there’s definitely an advantage to having a CIO be able to report directly to the Secretary of the Department. That said though, depending on what you want the CIO to work on, there are other management models that do indeed work,” Wennergren said.
The CNAS report was designed to present three levels of change the department could take, though. The other two focused on different levels of change that would leverage the NDAA-instructed split of the undersecretary of Defense for acquisition, technology and logistics into two new offices, said Alexandra Sander, a research associate for the Technology and National Security Program at CNAS and one of the report’s authors.
The changes involving the chief management officer, however, present the most “radical” change, Sander said, adding that the report’s authors estimate might be “a little bit too much to bite off at this point in time.”
But the idea behind that change, Sander said, was this: “When you’re looking at the number of direct reports to the secretary, especially on all of these sort of internal management questions, our main analysis was just that if you have a little bit more integration through this reporting structure of the CMO being on top of IT, and personnel, and innovation and to that extent, that you might be able to do a little bit better in terms of strategic planning.”
Where exactly this chief management officer will fall in the DOD is a little unclear from looking at the NDAA, Sander said.
“My interpretation is, and I think this was the intent behind a lot of the organizational changes in the NDAA, is here is one possible iteration to give the DOD a starting place,” she said. “And it’s completely within their ability to either run with that, or say no we’re going to review the structure, and we think this is actually the best path forward in terms of reorganization.”