Summaries for March 1, 2010

CURETON SETTLES IN AS NASA CIO
Almost everything at NASA is in flux. Most of all, it’s very mission. For NASA's 2011 budget request, the Obama administration seeks to reverse the course the Bush administration had for the agency, with near-term missions to the moon via the large and expensive Constellation program, which would be zeroed out. The budget request has touched off intense debate in Congress. No matter what, though, data and information will be important to NASA's mission.  -> Read More

WHY NASA POSTPONED ITS DATA CENTER RFP
New policies from the Office of Management and Budget on data center consolidation and cloud computing are gaining traction, if the withdrawal or postponement of two major acquisitions is any indication. Consolidation and the cloud are highly interrelated. The more surprising of the two was the General Services Administration's decision to cancel its cloud computing request for quotations—specifically its Infrastructure as a Service project—at the end of February. Surprising perhaps, but in retrospect, probably a wise decision.  -> Read More

                                                                            Advertisements



Attention Program Managers! Receive up to 17 CLPs at IRMCO 2010
IRMCO is government's CXO conference exclusively by and for government executives and program managers. Please join us for the 49th IRMCO at the Hyatt Regency Chesapeake Bay in Cambridge, MD from April 11-14, 2010.

The cut-off date for guaranteeing rooms in the conference hotel is March 26 so register now for the opportunity to:

• Receive up to 17 Continuous Learning Points (CLPs) for FAI and 1.5 Professional Development Units (PDUs) for PMI certification.
• Gain unequaled access to government leadership objectives and directions.
• Develop new contacts across agencies to help enhance your agency’s project and program implementation approach.
• Explore Customer Service techniques to better assist your customer base.
• Examine successful risk mitigation and contingency planning techniques.
• Discuss management questions together with other government thought leaders.

GSA's IRMCO conference will take place from April 11-14 at the Hyatt Regency Chesapeake Bay in historic Cambridge, Maryland. Register today at www.irmco.gov.

NEW LINE TO BE DRAWN FOR 'INHERENTLY GOVERNMENTAL'
To paraphrase a famous contemporary philosopher, Kermit the Frog, sometimes it's not easy being a contractor. That's because lately, emerging policy is aimed at definitively lessening the government's dependence on contractors. At the same time, policy acknowledges the importance of private industry to jobs creation, an explicit goal of the American Recovery and Reinvestment Act.  -> Read More

CYBER SECURITY PREOCCUPIES FEDERAL IT MARKET
Between the RSA Conference, the Cyber Shockwave show, and release of a topline view of the Comprehensive National Cybersecurity Initiative (CNCI), cyber security climbed into the Top Ten charts in recent days. The real work of securing federal networks remains a day-in, day-out effort of constant vigilance. Two of these events converged, when White House Cyber Security Coordinator Howard Schmidt chose the annual RSA event to release the CNCI.  -> Read More

• Cureton Settles In As NASA CIO

  Linda Cureton

  Almost everything at NASA is in flux. Most of all, its very mission. For NASA's 2011 budget request, the Obama administration seeks to reverse the course the Bush administration had for the agency, with near-term missions to the moon via the large and expensive Constellation program, which would be zeroed out. Instead, the plan is for use of commercial lift capability to take astronauts to the International Space Station once the Shuttle program ends this year, followed by an interim period in which NASA uses Russian Soyuz space "taxi" services. The budget request has touched off intense debate in Congress, and at this point the future of U.S. human space travel is a question mark.

  Research missions, though, involving unmanned spacecraft will continue to be a major component of what NASA does. So regardless of what its future turns out to be, that future will involve the acquisition and processing of data and information.

  Linda Cureton is responsible for that information future, having moved up a notch at the end of September 2009 from the CIO slot at NASA's Goddard Space Flight Center to the CIO slot for all of NASA.

  "I had to hit the ground running," she said simply. First order of business was getting a handle on some of the agency-wide programs, such as I3P, NASA's Information Technology Infrastructure Integration Program. It consists of five acquisitions, four of which are on the street as RFPs under the leadership of Deborah Diaz. The last to be released was to be NASA Enterprise Data Center. "NEDC, we're still working on that,"Cureton said. At the end of February, the NEDC RFP was postponed until the fall of this year. More on that below, but it relates to an issue important to Cureton and NASA, namely cloud computing.

  With respect to cloud computing, "people are asking security questions. The dilemma of the innovator is looking at those issues and pushing through to something new," Cureton said. She added, "The cloud computing model has benefits you can't ignore. The perceived barriers keep you from looking."

  The ideal requirements that can be met with a cloud model, Cureton said, are "elastic and unclassified."  Elastic means that the total computing requirements may not be known at the outset, or may have to scale quickly up or down.  Another example is when the computational need may come to an end, such as at the conclusion of an experiment or mission.

  "You can save a lot of money when there's not a solid requirement. Cloud gives elasticity and flexibility. It's not a silver bullet for everything, but it lends itself well to NASA." She pointed out that NASA itself is tinkering with its own Nebula cloud computing facility at NASA Ames Research Center in California.

  A believer in the value of online collaboration, Cureton said she would like to expand the Spacebook concept she helped establish at Goddard. "Collaboration is why I advocated Spacebook. It's where a unified network comes in and a mature enterprise architecture process, so we can build things that make collaboration easier," she said. Thus, "Spacebook is being considered for the whole agency."

  With respect to the future NASA mission and purpose, while the politicians decide, Cureton said she will stick to the basics as CIO. "With the new mission, we'll discuss what the new budget means. But you still need usable information. [The need to] share information, for cyber security and for demonstrating the value of the IT investment—that's all unchanging."

  Since her promotion to NASA CIO, Cureton said, she laments that she hasn't had as much time to keep up with her blog, a more highly personal online testimony than is typical for high level federal career managers.

  "I didn't have the time to keep up, but I resolved I would. I'm still a zealot about web 2.0 and social media," Cureton said. "I wanted to learn firsthand how it worked. You can't ignore the power of the trust it creates."

  Return to top

---

• Why NASA Postponed Its Data Center RFP

  New policies from the Office of Management and Budget on data center consolidation and cloud computing are gaining traction, if the withdrawal or postponement of two major acquisitions is any indication. Consolidation and the cloud are highly interrelated.

  The more surprising of the two was the General Services Administration's decision to cancel its cloud computing request for quotations—specifically its Infrastructure as a Service project—at the end of February. Surprising perhaps, but in retrospect, probably a wise decision. And I speculate there might have been communication from OMB asking for the cancellation, because it was only days later that Federal CIO Vivek Kundra launched a renewed push for data center consolidation. After all, Kundra made cloud computing a priority almost immediately upon joining OMB, and made GSA the vehicle for establishing cloud services for the federal government. Since then, the market has changed, and government's understanding of cloud computing has deepened, thanks in part to cloud projects at NASA and the Defense Information Systems Agency. 

  Dave McClure, the associate GSA administrator for the Office of Citizen Services and Communications, noted to several media outlets that during the 11 months the RFQ was out there, it had withered on the vine thanks to changes in the cloud market. One thing that will change is that the new RFQ will include more emphasis on cyber security—the most-often cited uncertainty federal buyers express about cloud computing.

  Since GSA issued the cloud RFQ, vendors have come into the market with cloud services they are offering directly to the government. Microsoft, for example, has established secure, dedicated facilities that host what it calls Business Productivity Online Suite (BPOS). It is a software-as-a-service plan the company says complies with several key security standards. Amazon last spring leased a Northern Virginia building to house a cloud infrastructure, the services of which it hopes to offer the federal government.

  Also at the end of February, NASA postponed its request for proposals for the NASA Enterprise Data Center. NEDC is the fifth of five acquisitions under NASA's Information Technology Infrastructure Integration Program (I3P).  RFPs for the four others are on the street--the Web Enterprise Service Technologies (WEST), NASA Integrated Communications Services (NICS), Enterprise Applications Service Technologies (EAST) and Agency Consolidated End-used Services (ACES).

  The I3P site plainly states: "With leadership changes and new OMB requirements regarding Cloud Computing, Greening IT, Virtualization, and Federal Data Center consolidation guidance, NASA reexamined the NEDC acquisition strategy and concluded it did not fully address future NASA enterprise requirements." Deborah Diaz, NASA's associate CIO for Architecture and Infrastructure, told FedInsider that her office had an independent verification and validation study done of the existing NEDC RFP to see what effect new OMB policy would have. "We decided to postpone until we can incorporate those new requirements," Diaz said. "We'll do the planning first, then do the RFP."

  In issuing the OMB data center consolidation memorandum, Kundra joins a long line of OMB leaders trying to trim the redundancy and cost of federal data centers. For example, then-OMB Director Alice Rivlin issued a similar memo back in 1995. (For some reason, it and not Kundra's memo, comes up if you search for "data center consolidation" at whitehouse.gov.) But data centers have a way of reproducing themselves and so over the years, the numbers creep back up. There is no single definition of what constitutes a data center, or how you distinguish it from a server room. But as Kundra notes in his memo, if there were 432 federal data centers in 1998, presumably reduced after the 1995 Rivlin memo, then there are 1,100 now. Consolidation coupled with moving more IT operations to clouds might just be the formula for preventing future kudzu-like growth of data centers after they are pruned.

  Return to top

---

• New Line To Be Drawn For 'Inherently Governmental'

  To paraphrase a famous contemporary philosopher, Kermit the Frog, sometimes it's not easy being a contractor. That's because lately, emerging policy is aimed at definitively lessening the government's dependence on contractors. At the same time, policy acknowledges the importance of private industry to jobs creation, an explicit goal of the American Recovery and Reinvestment Act.

  ARRA was in the news in the past week. Monthly unemployment figures showed a lingering rate of 9.7 percent, raising debate over whether the stimulus bill has met its jobs goal. A new round of reporting by states and municipalities rolled in, just as the Recovery, Accountability and Transparency Board rolled out an updated version of its Web site. Earl Devaney, the chairman of the RAT Board, took the occasion to justifiably scold some 400 entities, both corporate and government, who had not reported after two reporting periods what they've done with their ARRA dollars. Accountability is one reason for the ARRA's reporting rules; measuring jobs creation is the other.

  Aside from ARRA spending, the federal government, for its own purposes, runs an annual $500 billion stimulus program. It's the government's procurement spending, $80 billion of which is for information technology. This is where the drumbeat of less dependence on contractors has been sounding the loudest. Greater clarity on the respective roles of contractors and federal managers is on the way, though. Daniel Gordon has settled into his job as Administrator of the Office of Federal Procurement Policy, and policy development around what is inherently governmental and what is critical to government is mostly written.

  Gordon is not saying that policy is finished, but apparently it is sufficiently developed that he has White House dispensation to talk publicly about it. Thus two successive interviews granted, one with Federal Times and one with Government Executive. Gordon said this month OFPP will publish in the Federal Register new guidance on three levels of work: inherently governmental, closely associated with inherently governmental, and critical.

  As the guidance comes out, it's important to keep a sense of perspective. The inherently governmental line has been adjusted and readjusted for decades, in some sense since the founding of the republic. The same questions go on in industry as well, only there is it called vertical integration versus outsourcing. It's true that since last summer the Office of Management and Budget has been pushing agencies to cut their contracting dollars, with some of those dollars going back into personnel accounts. But while it is certainly putting renewed emphasis on government, the administration is not going to be wholesale canceling contracts and bringing hundreds of billions of dollars of work in house.

  Annoyed by failed programs and contracting scandals in Iraq, Congress has also been pushing for a rebalancing. So the $133 million in the administration's fiscal 2011 budget request to enlarge the acquisition workforce—a key component in Gordon's strategy—will likely receive across-the-board support. Contractors will welcome it as well, for that matter. The more skilled the contracting officers and their staff, the fewer the problems that ensue.

  But the new line for what is inherently governmental will probably generate more heat. Contractors deeply into management consulting on things like acquisition strategy or program oversight are likely to be the gored ox here. Yet the shift is already happening. Just last week, Jane Holl Lute, the deputy secretary of Homeland Security, reported to the House Homeland Security Appropriations Subcommittee that the Coast Guard had finally dismantled the set-up for management of its Deepwater program. Now Coast Guard managers directly oversee the program, instead of the Lockheed Martin-Northrop Grumman team that had acted as lead integrators. In effect they've been the program managers. This is all good for strengthening federal management. There will always be political debate about whether the government should do this or that, but no one thinks that government should do anything but a superb job at what Congress calls it to do.

  Thus our fascination with who will prevail in the NASA debate now underway on the Hill. Who will prevail—Members of Congress who want the space agency to keep its traditional role of master contractor of space travel, or the administration that, ironically, sees the future of getting astronauts into orbit as a function to be outsourced?

  Return to top

---

• Cyber Security Preoccupies Federal IT Market

  Between the RSA Conference, the Cyber Shockwave show, and release of a topline view of the Comprehensive National Cybersecurity Inititiative (CNCI), cyber security climbed into the Top Ten charts in recent days. The real work of securing federal networks remains a day-in, day-out effort of constant vigilance.

  Two of these events converged, when White House Cyber Security Coordinator Howard Schmidt chose the annual RSA event to release the CNCI. It wasn't a White House transparency move, but rather a response to a lawsuit from the Electronic Privacy Information Center (EPIC). That group, as its title implies, is concerned with the privacy implications of federal monitoring of Internet traffic. While it publicly lauded the administration for posting the document at the same time Schmidt talked about it in San Francisco, EPIC could not have been fully satisfied with the level of detail or insight into precisely what the government monitors and how. In reality, most elements of the CNCI have been thoroughly discussed in public for several years now. Examples include the Trusted Internet Connection initiative, and the progression in capabilities of successive generations of the so-called Einstein intrusion monitors being installed at the edges of federal networks. But secret intelligence activities will remain, well, secret if their disclosure would threaten national security.

  The Cyber Shockwave exercise was one of the more curious cyber events in a Washington that sees some cyber security event take place literally every week. More than a dozen former officials from the Bush and Clinton administrations got together at the Mandarin Oriental hotel to participate in a made-for-TV wargaming exercise. While it might have been instructive for them, it's unclear how the lessons learned will be transferred to those actually in power who'd be responsible for the government's reaction to a widespread cyber attack.

  Out west, the RSA confab annually brings together top brains in industry, government (including DOD) and academia to talk about cyber security and the technologies to help it. RSA is a major encryption products vendor, and many other companies participate. But unless you are there to attend all the techie sessions, all you hear about in the media are the scares speeches, such as ones delivered by FBI Director Robert Mueller and former Homeland Security Secretary Michael Chertoff (fresh from his role in Cyber Shockwave).

  With less fanfare, some important research has surfaced that can give guidance to federal managers and contractors concerned with cyber security.

  • The Common Weakness Enumeration, underwritten by the Homeland Security Department's National Cyber Security Division and managed by Mitre Corp., came out with its second annual list of the 25 most dangerous errors programmers make. It is highly technical, but the existence of the list itself can give CIOs, program managers and contracting officers tools they need to improve RFPs, statements of work, and contract language for more assured software. Although much custom software development has been outsourced over the years, pockets of federal-employee programmers remain, and they can also benefit.
  • The Cloud Security Alliance, a confederation of IT vendors, published a list of the top cloud security threats, providing a useful check off when considering a cloud vendor. For example, how does the provider vet the people it hires, and how can it certify to you, the government buyer, that the people with access to the infrastructure housing your data and applications are trustworthy to federal standards?
  • The National Institute of Standards and Technology has released a draft version of guidance for deploying IPv6 in a secure manner (see FedInsider #51). In January it issued a draft recommendation on management of crytographic keys.

  Return to top