The Transportation Department’s recipe for RICE all starts with the same basic ingredients.
RICE, which stands for registration, inspections, compliance and enforcement, is a technology platform that nearly every office and modal needs.
Cordell Schachter, the chief information officer of the Transportation Department, said there are numerous platforms across the agency and all need a standard set of functions to begin with.
“Let’s build in-common on any on a platform that has an authority to operate (ATO) from a cybersecurity perspective, that then we can flex to meet the unique needs of each of those operating administrations so that DevSecOps discipline is provided consistently across the whole platform, but yet we still provide an opportunity for each business owner or operations owner to come and get what they need from the platform ,” Schachter said on Ask the CIO. “So the inspection of a vehicle that’s under one administration’s responsibility would be different from a different kind of vehicle or conveyance, and we want the platform to be able to accomplish all of that.”
Schachter made moving to modern development techniques one of his three top priorities. Within that area, DoT is moving toward a DevSecOps methodology, taking advantage of low-code platforms and cloud services.
Over the last year or so, DoT has launched that common platform and started developing applications in a more agile way.
“In the next year or years, hopefully we’ll get the chance to move from that first not even just crawling, but just thinking where we wanted to crawl to and now we’re someplace between crawling and walking. I’m looking forward to being able to run and really develop these things at scale, and also give the taxpayers a better deal because they’re going to invest in that RICE platform once, and then hopefully save money as it’s reused for those custom purposes,” he said.
One big challenge, Schachter said, is he doesn’t have a good idea of how many RICE platforms already exist across the operating models. Part of the reason for that is because not every system provides the four ingredients and many just need one or two.
Solving DoT’s mission challenges
Schachter said his team is trying to assess just how many of these RICE platforms, partial or full, exist and should have a better idea in 6-to-12 months.
The RICE platform modernization effort is one example of DoT’s ongoing digital transformation and security initiatives.
Schachter said all of these efforts are more focused than ever on aligning incentives with intentions. This means holding vendors accountable for meeting specific service levels as well as ensuring their workforce has the necessary skills to help DoT modernize.
“When we now replace legacy applications with low code or no code platforms, then that’s the kind of relationship that we want. It’s newer for us than the way we previously operated. The contracts we write, the solicitations that we let, are going to be different than what we have in the past. So we’re going to need partners who work with us to get it right,” he said. “Our intention is to have a modern system that’s always available, that’s secure, that maintains privacy, that does what it’s supposed to do, and now the incentive should be, because vendors are in it to earn a reasonable profit that they do that, but accept the responsibility that goes with the intentions that I stated.”
Schachter added that there may be different requirements for different platforms, but it all comes back to solving DoT’s mission challenges.
Ongoing portfolio deep dives
Internally, the DoT’s CIO’s office is driving down a similar path with employees.
Schachter said training is now a requirement from the entry level General Schedule positions to the most senior GS and then Senior Executive Service positions.
“We’ve made a lot of progress in establishing an internship program as well as formalizing our training programs and communicating expectations. We are making sure that our teams know that there’s resources available for them to be trained on a regular basis,” he said. “We expect our staff to have two weeks of training a year. That’s the minimum, and some of that’s going to be self-directed study, online information, formal courses available online, or it could be a classroom, if that’s the only way it’s delivered.”
Additionally, he has ensured there is funding for employee training by working with DoT leadership, specifically in the budget office, to make it a “must have” expense and not a “nice to have” one.
Another way DoT is aligning incentives with intentions is through budget and portfolio deep dives with each office and operating administration.
Schachter said these analyses focus on IT, customer experience, cybersecurity and funding.
“We realized some of the reason why the systems are the way they are is the only way to have funded them in the past, would have been to take money out of mission and of other things that that operational administration was supposed to do. I think we need to grow the pie bigger if we’re always robbing from the left pocket to put enough money in the right pocket, and then we’re not really making progress,” he said. “Given the imperative to be more cyber secure, which everyone will agree with on the top line, what is that going to take? We need to be more descriptive of what that cost is. How do we do those two things? How do we generate the right level of support? I’m giving people very specific examples of the need while still maintaining security. And I can tell you, it’s a challenge, but one that we have to accept and drive through.”
The cost models just don’t focus only on cybersecurity, but extend to paying for development, modernization and enhancement too.
“We’ve done a lot of work over the last year or so talking with every operating administration, with their staff, building up our staff within the CIO organization, specifically to address these questions. We realized, just like our technologies were a little long in the tooth, well so are some of our cost models. So not only do we have to update the technologies, we also need to update those models as well,” Schachter said. “We really are trying to obey both the spirit and the letter of the [the Federal IT Acquisition and Reform Act] and at the same time do the very best job we can to give people the best service at the best price.”
Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.