The Department of Defense (DoD) spends big bucks on modernizing the IT systems it uses to run its day-to-day operations, but a lot of these systems are late to arrive and do not meet expectations, according to a recent report from the Government Accountability Office (GAO).
The GAO report published on July 11 explains that several of the Pentagon’s IT business programs are plagued by delays and cost overruns, raising concerns about the efficiency and effectiveness of the agency’s tech investments amid increasing demands for modernized defense.
“DoD spends a lot of money on IT systems. But a lot of these systems are late and don’t meet expectations. They’ve taken some steps to improve what they’re doing, but there’s really a lot more that they can do,” said GAO IT and Cybersecurity Director Vijay D’Souza, during a recent episode of GAO’s Watchdog Report Podcast.
According to GAO, DoD spent, or planned to spend, $9.1 billion on IT business programs throughout fiscal years (FY) 2022-24. Of the 21 DoD IT business programs that GAO reviewed, 70 percent ($6.4 billion) of the total reported cost across the three-year period was for operating and maintaining the systems and 30 percent ($2.7 billion) was for development and modernization.
Overall, the programs reviewed reported mixed results in meeting performance goals. DoD mandates that programs track at least five key metrics covering customer satisfaction, business results, financial performance, and innovation. But only four met all performance targets, ten met at least one, and one met none, while six programs failed to report any data.
The report also found that of the 21 programs, ten actively develop software “but only six adhered to the agile and iterative methods recommended by the GAO.” Four of these programs fell short in using the necessary metrics and management tools for tracking customer satisfaction and software development progress, putting the effectiveness of their Agile efforts at risk.
“DoD really needs to further implement the pathway or revised software acquisition process, it itself has developed. This includes following … an agile methodology, which is something most new software projects follow,” said D’Souza.
Additionally, while all 21 programs reported conducting cybersecurity testing, several lacked an approved cybersecurity strategy. In June 2022, GAO recommended that the DoD’s Chief Information Officer (CIO) ensure all programs develop a cybersecurity strategy.
GAO acknowledged that DoD officials did agree with this recommendation and are following up on unapproved strategies, but progress has been slow.
“Each of these systems is supposed to report high-level performance metrics so that DoD management and the taxpayers understand whether they’re doing what they’re supposed
to be doing or achieving their intended milestones. And we found a lot of gaps here. This is something we had made a recommendation on in a prior version of this report,” D’Souza said.
In the new report, GAO recommended that the Pentagon ensure that IT business programs developing software are using agile metrics and management tools required by DOD and consistent with GAO’s Agile Guide.
DoD concurred with GAO’s recommendation and described actions it planned to take to address it, such as including guidance on metrics and management tools for agile development in the Department’s next Software Modernization Implementation Plan.
However, according to GAO, in a prior annual assessment review GAO made three recommendations related to performance reporting and cybersecurity strategies. While the DoD outlined steps it intended to take in response, these measures have yet to be implemented, leaving unresolved issues that could impact the effectiveness of the department’s IT initiatives.
