Open innovation and the OAI report on IT modernization

The White House’s high profile Office of American Innovation (OAI) released its “Report to the President on IT Modernization” last week. The Report follows on numerous stakeholder meetings, which Red Hat participated in, as well as extensive comments. You can see Red Hat’s submission here.

The Report, in fact, is “focused on modernization efforts to improve the security posture of Federal IT” and thus, is more specific in its recommendations than traditional government publications on this topic.

As a thoughtful, concrete roadmap for next steps, the Report targets:

• Network modernization and consolidation. This Report envisions a modern federal IT architecture where agencies are able to maximize the security of cloud computing, modernize government-hosted applications, and more effectively maintain legacy systems.

• Shared services to enable future network architectures. The Report lays out an approach to enable, with ongoing government-wide category management efforts, the federal government to shift toward a consolidated IT model by adopting centralized offerings for commodity IT.

In many respects, the Report reflects the mainstreaming of open source. We expect the emphasis on ‘commodity IT’ to encourage reusable, modular, agile solutions like open source, which is key to federal IT modernization and an effective antidote to the morass of legacy systems.

One of the most direct points made in the Report reflects a key tenet of the open source community playbook: Avoid security through obscurity:

“Internet-wide scanning and discovery is commonplace and effective. Agencies must assume that their publicly accessible systems are trivially publicly discoverable to adversaries, and prioritize the sharing of information about their systems with defenders inside and outside the Federal enterprise. Similarly, agencies should support the use and release of open-source software where it improves agency agility and resilience.”

So, kudos to the OAI team on this updated Report. This will not be the last word. As the team acknowledges, “the public comment period generated responses from industry that highlighted the importance of providing an overarching IT modernization plan, which aligns these efforts with ongoing work to improve citizen-facing services, make better use of mobile technologies, improving security across the Federal enterprise and other key efforts.”

Federal IT modernization depends on effective support and avoiding solutions that are government unique. Whether proprietary or open source, it is essential that agencies have ongoing plans to work with commercial vendors to support enterprise quality software.

That includes: “Acknowledging that Federal agencies are still working, and must continue to work, to meet the objectives of other critical modernization initiatives – for instance, by automating their manual processes, implementing new and diverse testing and scanning options, deploying patches both responsively and preventatively, and by transitioning away from unsupported software….”

The thrust of the Report’s objectives and action items point to open source solutions for federal IT modernization. This is especially true as greater ‘risk-management’ takes hold within agencies, following May’s Executive Order. Many of the existing open source policies, going back several administrations remain pillars of federal IT policy.

And also last week, the “MGT Act” was signed into law, an important step in the path to federal IT modernization. Though the government-wide Technology Modernization Fund established in the Act will still needed to be funded through an Appropriation, the individual agency working capital funds authorized by the Act will be a key tool for federal CIOs to flexibly use funds for IT modernization projects in the very near future, once OMB implementation guidance, apparently near completion, is finalized.