The Foreign Service Journal, September 2018

42 SEPTEMBER 2018 | THE FOREIGN SERVICE JOURNAL multiple systems) and exposes data to the possibility of loss or misuse. This makes the job of the IRM chief information security officer nearly impossible. Amazingly, the department already has commercial middleware (known as an enterprise service bus) software to coordinate centralized data sharing, but isn’t using it widely. In this software’s hub-and-spoke configuration, each appli- cation connects to a central system. With data “on the bus,” IRM could work with system owners to appropriately share it, securely and efficiently, eliminating hundreds of current con- nections. But without an effective, empowered CIO directing imple- mentation, this isn’t happening. Nor is there a clear plan to make it happen. This is, quite simply, a strategic failure. Moving Toward a Solution Based on the observations and discussion above, there are a number of seemingly obvious steps that could be taken to overhaul, strengthen and rationalize State’s IT architecture. 1. Define goals. Codify department-wide “first principles” to affirm that the purpose of IT systems is to enhance the efficiency of secure global operations. Systems are tools to reduce employee and customer effort. Data is a corporate asset that all IT systems owners must share appropriately, eliminating duplicative data stores whenever possible. IT systems must enhance secure global access to data and meet defined performance levels. 2. Empower the CIO, consistent with federal law and executive orders, to establish and enforce an enterprise-wide IT architecture, prioritize spending and direct cybersecurity operations. Make the CIO responsible for advancing enter- prise goals. 3. Direct the CIO, in consultation with bureaus, to set stan- dards and limit the number of options for software applica- tions, development tools and IT platforms. Set short-term and longer-term goals to converge systems, especially critical core systems. Strictly limit cloud platforms and duplicative tools, permit- ting exceptions only where standard assets cannot be used. Expand department-wide licensing agreements, replacing bureau-by-bureau purchasing, to reduce overhead, improve internal controls and increase incentives for standardization. 4. Invest in hiring, retaining and continuously refreshing the skills of State’s IT employee workforce. While building a strong cadre of Civil Service staff who can manage core sys- tems, integrate Foreign Service personnel with expertise man- aging overseas systems throughout IRM and other bureaus that manage major IT systems. As a priority, strengthen IRM’s core capacities to properly manage IT strategy and core IRM- managed systems while providing guidance and oversight to bureaus managing other critical systems. Provide career paths to ensure the department can count on an experienced team with strong technical and manage- rial skills and, critically, a broad understanding of enterprise business requirements and interrelationships between bureau missions. Especially for core financial, human resources, con- sular and logistics systems, ensure that managers are subject matter experts, with substantive experience, who can expertly inform system development carried out by qualified IT staff. 5. Replace fragmentation with federation. Maintain a degree of decentralization, with bureaus continuing to play lead roles in defining business requirements for IT systems; but empower the CIO to enforce strategy and funding flows, insisting that bureaus receive consistent, achievable direction and resources based on agreed priorities. Over time, transfer technical resources to IRM to permit the bureau to properly provide technical support, reducing IT elements within other bureaus. Assistant secretaries, their deputies and executive directors are not and never will be IT experts. Just as they should manage bilateral relations, con- sular affairs, security, intelligence and financial operations, the CIO and IRM should manage the underlying technical aspects of IT. Information technology processes and platforms are the primary requirement for State’s operational moderniza- tion. Unfortunately, there is no magic bullet to resolve the IT challenges State and other agencies face, which go back many years. But with a serious, sustained commitment from top-level management, a decisive start can be made toward significant improvement in this critical area. n The department already has commercial middleware (known as an enterprise service bus) software to coordinate centralized data sharing, but isn’t using it widely.