The Government Accountability Office found that the Federal Motor Carrier Safety Administration (FMCSA) has not completed a modernization plan for its existing IT systems, which will make it difficult to reach its modernization goals.
FMCSA is a department located within the Department of Transportation that regulates the trucking industry in order to reduce crashes, injuries, and fatalities. The agency reported spending about $46 million for its IT investments in fiscal year 2016.
FMCSA’s acting chief information officer said that updating the department’s IT strategic plan had not been a priority for the agency. FMCSA hasn’t clearly defined roles and responsibilities for working groups and individuals, including the Office of the CIO. FMCSA requires participation and collaboration during the initial IT acquisition process, but it lacks procedures for selecting new technologies and continuing funding for investments that are already working.
The GAO recommended that the FMCSA:
- Update its IT strategic plan to include well-defined goals, strategies, measures, and timelines for modernizing its systems.
- Ensure that the IT acquisition process includes responsibilities of all working groups and individuals involved in the agency’s governance process,
- Restructure the Office of Information Technology.
- Review all IT investments and track corrective actions to closure; and perform operational analysis for the agency’s critical IT systems.
In December, the DOT received an F-plus on the Federal Information Technology Acquisition Reform Act (FITARA) scorecard, which includes four categories that track IT progress within agencies, including Incremental Development, Risk Assessment Transparency, IT Portfolio Review Savings, and Data Center Consolidation. DOT’s score improved to a D-plus in June.
The agency has a difficult time achieving high scores because of the agency structure that requires the chief information officer to oversee several smaller departments, which each have their own CIOs making various internal decisions. DOT’s network grew out of necessity from the operating administrations, including the Federal Aviation Administration and the National Highway Traffic Safety Administration. As an afterthought, the networks began to merge to form the centralized DOT network. Because of this, small offices began to add new devices to the network as needed without thinking to inform the CIO’s office of the changes.
Richard McKinney, former CIO of DOT, had been wary of DOT’s decentralized approach to IT because of the vulnerabilities it could cause, and began to enforce rules that would track new devices on the agency’s network during his time as CIO.
“The good news is that now we know,” McKinney said to MeriTalk in February. “Now we have a definitive inventory.”