Summaries for September 15, 2009

COAST GUARD BUILDS NEW SUSTAINMENT DECISION MODEL
The United States Coast Guard is one of the oldest government agencies, dating back to 1790, before the Navy. But it has a mission that is up to the minute. And it is in the midst of a top-to-bottom modernization of its assets — everything that floats, flies, or provides support from ashore.  It is the shore assets, including IT, that concern David Hammond, Senior Program Manager for Shore Infrastructure at the Coast Guard.  -> Read More

WHITE HOUSE QUIETLY TRANSFERS A POWERHOUSE CYBER GUY
Few realized it, but just a few days after Melissa Hathaway departed as acting Senior Director for Cyber Security at the White House, she was replaced. The acting senior director now is Christopher Painter, on detail from the Justice Department. This news came about casually with no major announcement.  So just who is this powerhouse cyber guy? -> Read More

                                                                            Advertisements



IRMCO Early Bird Registration Opens September 15
Early bird registration for IRMCO 2010 opens September 15! Plan now to attend IRMCO 2010 on April 11-14, 2010 at the Hyatt Regency Chesapeake Bay in Cambridge, Maryland. Federal Travel Regulation; Conference Planning-Prepayment of Registration Fee, FTR Amendment 2006-02 allows for the reimbursement of the prepayment of early bird discounted registration fees to attend a conference, so take advantage of the IRMCO 2010 early bird rate. The 49th annual government-only gathering of agency career and political leaders is the premier place to network and discuss the government's challenges.

IRMCO, GSA's Interagency Resources Management Conference, has been produced by GSA since 1961 to serve the needs of the government's senior executives. The three-day retreat provides these leaders the opportunity for dialogue with experts in organizational change, peer-to-peer discussion of strategies to transform their agencies, and insightful keynotes from industry and government visionaries.

Go to www.irmco.gov to register and receive early discounted rates for government's management conference. To register call 202-237-0300.

DATA'S THE NEW DIGITAL GOLD, BUT IT BELONGS TO EVERYBODY
The federal fiscal new year is two weeks away, and agency managers are already at work on their 2011 budget submissions. In thinking about IT requirements, it's a good idea to step back and think how computing has changed. Microprocessor technology and hardware in general continue their rapid progress, but that has ultimately spawned a new model of how information is used and the technology to use it.  "Machine-readable format" is a word you'll be hearing a lot more of.  -> Read More

WHAT'S SO HARD ABOUT AUTHENTICATION? ASK THE IRS
During a recent panel discussion in Washington, someone from the audience asked Vint Cerf what he would have done differently in development of IP, the Internet Protocol. Cerf, one of the original IP team members back in the 1970s, said he would have given more attention to three characteristics of IP: Address space (thinking the nearly five billion allowed by the original IP would be "enough for an experiment"), authentication and mobility.  When Cerf developed the original IP he never expected the Internet to encompass tens of millions of computers and billions of users.  -> Read More

• Coast Guard Builds New Sustainment Decision Model

  David Hammond

  The United States Coast Guard is one of the oldest government agencies, dating back to 1790, before the Navy. But it has a mission that is up to the minute. And it is in the midst of a top-to-bottom modernization of its assets — everything that floats, flies, or provides support from ashore.

  It is the shore assets, including the enabling IT, that concern David Hammond, Senior Program Manager for Shore Infrastructure at the Coast Guard headquarters. Those assets support the operational parts of the Coast Guard. As it modernizes and updates ashore assets, Hammond explained, the Coast Guard is also working to consolidate supporting IT and centralize many of the decisions now being made locally. The overarching goal is to more closely link decision-making about shore facilities to the missions of the Coast Guard.

  "Over the last two years, we've been going through a modernization Coast Guard-wide. So we're putting more emphasis on shore technical infrastructure," Hammond said.

  Here's why it has been difficult to centralize and create efficiencies. "It used to be, there was no direct chain of command down to the field. Each local commander had engineers. It was decentralized, parochial," Hammond said. And the assets involved aren't trivial:

  • Plant replacement value of $12 billion.
  • 3,200 Coast Guard sites.
  • 24,000 real property assets totaling 30 million square feet.

  "We're the stewards of all that," Hammond, a 26-year veteran of the service, said. With each shore facility having its own data center and other IT assets, it was impossible to get a clear picture of what the Coast Guard had, and where it had it. And that meant it was well nigh impossible to make planning decisions for the service at a strategic level. So Hammond is leading efforts, as he put it, "to develop and implement a comprehensive decision model that will integrate all levels of shore infrastructure decision making," tying together finance, stewardship objectives and ultimately the mission execution.

  To get there, Hammond pointed out a couple of initiatives. One is reducing the number of IT systems while cutting large scale processes to a minimum. Eventually, IT and system architecture decisions will be executed locally, but with resources decisions made centrally. Hammond said the Coast Guard is moving its servers and services to a centralized location in Martinsburg, W. Va, where it will maintain "a single, authorized data center for agency-wide systems."

  Linked to this consolidation are strategies for taxonomic classification, interoperability and data normalization. Put simply, in order to have meaningful data to support decision making at headquarters, the Coast Guard needs to have common names for items found throughout the service — for example, the components of clinics, schools, berths and piers, housing, navigation aids, cars and trucks, and radio towers.

  Hammond said that key to compiling the data environment is deployment of a technology known as Building Information Modeling (BIM). It "allows us, in planning, to do things simultaneously that would have taken months, serially over years—planning, designing, construction and operations of buildings. It's a huge savings in time and money."

  In a follow-up e-mail to our interview for FedInsider, Hammond emphasized, "The Coast Guard views BIM as a break-through technology that will help us better account for, manage and evaluate the performance of our buildings and infrastructure." It will let the Coast Guard model different maintenance and construction strategies with an eye towards lower lifecycle costs.

  But, Hammond said, you can't get there without quality data. "To fully take advantage of BIM technology's analytical capabilities, we must first centralize, normalize and taxonomically classify disparate existing data elements and databases," he said. No matter what the location or facility, like things must have like names for any data applications to be effective.

  In creating its taxonomies and databases, Hammond said, the Coast Guard is opting for open standards. "We need to control our own data, not be locked into proprietary" formats, he said. "We need application-independent data." So far, he said, 12 percent of shore physical plants have been modeled using North American and ISO standard data elements.

  In short, Hammond said, "the Coast Guard is taking the lead in linking facilities to mission execution." He said the consolidation and data modeling will roll out over the next 18 months, adding that Commandant Thad W. Allen is intent on completing the modernization so that the transformation of Coast Guard operations can occur, and can't be rolled backwards.

  "The Coast Guard needs to sustain itself into the 21st century," Hammond said.

  Return to top

---

• White House Quietly Transfers A Powerhouse Cyber Guy

  Few realized it, but just a few days after Melissa Hathaway departed as acting Senior Director for Cyber Security at the White House, she was replaced. The acting senior director now is Christopher Painter, on detail from the Justice Department. Until moving over to the White House, Painter was Deputy Assistant Director of the FBI cyber crime division. Before that, he was Deputy Chief of the Computer Crime and Intellectual Property Section at Justice.

  This news came about casually. No major announcement. It looked almost like a stealth appointment. Chief Technology Officer Aneesh Chopra mentioned it to a few reporters, including Jason Miller of Federal News Radio and Andrew Noyes of National Journal. They reported it first. Painter is no newbie to cyber security; here's a bio from 2002. He has a criminal prosecutor background, a welcome piece of resume for someone looking after the nation's cyber security.

  I find it curious the White House didn't herald this appointment, even if it was for a still-acting position. Painter doesn't appear to have punched his time card at any of the left-leaning think tanks, or received the stamp of approval from the Center for American Progress. No matter. Chopra also said that Painter has been working all along with him and with CIO Vivek Kundra at the Office of Management and Budget. Chopra suggested to reporters that Painter is a leading candidate for the permanent job. So the federal IT community continues to wonder, gheez, why doesn't President Obama get on with what is sure to be a non-controversial appointment?

  Some members of Congress, including Jim Langevin (D-R.I.), chairman of the House Cyber Security Caucus, have been urging the White House to get on with this permanent appointment. Things are moving on the security front. Some of the more recent developments:

  • The National Institute of Standards and Technology has made the final release of the latest version, Revision 3, of its cyber security practices catalog, known affectionately as Publication 800-53. This is the first version to incorporate the thinking of a partnership between NIST and elements of the Defense Department and the intelligence community. It gives civil agencies the option to guard themselves in a more robust way.
  • There's dawning realization that the Confickr worm is still out there on 5 million computers, including some of the government's, and that while the worm itself has appeared benign, its perpetrators in effect have rented its infected network to launch software with real damage impact, like the highly malicious Waledac, which sniffs out keystrokes that look like online bank account information.
  • Plans are underway at the Homeland Security Department for next year's cyber exercise, Cyber Storm III. And DHS has issued its own guidance to agencies for evaluating their cyber security risk.
  • The Trusted Internet Connection initiative, launched and having made progress during the Bush administration, seems to be stalled in confusion.
  • The Senate's Jay Rockefeller (D-W. Va.), chairman of the Conference Committee, and Olympia Snowe (R-Maine) are touching up and renewing their push for a comprehensive cyber security bill, S-773, that would in effect force the administration's hand.

  Mr. President, appoint that permanent cyber security advisor.

  Return to top

---

• Data's The New Digital Gold, But It Belongs to Everybody

  The federal fiscal new year is two weeks away, and agency managers are already at work on their 2011 budget submissions. In thinking about IT requirements, it's a good idea to step back and think about how much computing has changed. I don't mean in the way you usually hear at luncheon remarks: "My phone has more power than the moon landing computers" sort of thing.

  Microprocessor technology and hardware in general continue their rapid progress, but that has ultimately spawned a new model of how information is used and the technology to use it.

  "Machine-readable format" is a word you'll be hearing a lot more of. It's an old term, dating to 1970s technologies such as optical character recognition, and even earlier. But it has a new meaning in this decade.

  Here's how:

  In the earliest days of computing, the data and the machinery were inseparable and mutually dependent. In the mainframe and mini-computer eras, the ability to access a processor was distributed, but data formats were proprietary and locked into processor-hosted applications. PCs and local area networks distributed computing still more widely with the addition of better data and information sharing. The overlay of the Internet and open source data formats has enabled a separation of data from applications, and the wide distribution of both, separately. So machine-readable means ingestible by applications your agency did not develop, or even of which it is unaware.

  The Apple iPhone has been frequently cited as an example of this phenomenon, with its library of thousands of independently-developed applications available for downloading. Although not a perfect example, it's close enough in that many — but not all — of the applications make use of widely available data sources, such as open source maps or sports information, that exist independently of any particular application.

  In the federal government, the data that feeds the recovery.gov, itspending.gov and data.gov sites are, or are promised by Obama administration officials to be, available in open, machine-readable formats for anyone to download. CIO Vivek Kundra has said he hopes that clever citizens will build and share applications on this data. For example, from recovery.gov data someone might want to create an application that sorts data by, really, any parameter; for example, dollar ranges or contract awardees.

  Government might be lumbering there, but it is aware of this burgeoning phenomenon. At last week's Gov 2.0 Summit in Washington, several presenters — many quite young — described their efforts at developing applications on raw data streams. No less than the U.S. Army has such a program. Lt. Gen. Jeffrey Sorenson talked about the new Apps for the Army project. It gathers useful applications developed locally by soldiers, some deployed in Iraq and Afghanistan, for their own use and ensures that they are distributed throughout the Army if appropriate. Sorenson stressed the need to keep soldiers fed with data for such applications, to be housed at forge.mil.

  And the chief technology officer for the administration, Aneesh Chopra at the Office of Science and Technology, used the conference to announce a big, new open government push that will be coming this fall, possibly as a presidential order. The directive won't be confined to encouraging data feeds, but feeds likely will be a part of it.

  For agency managers, this all means it is time to start examining their data resources to see what could be offered up in this new open environment. It means, to complete the earlier thought, developing a strategy to migrate or update data into open formats, which is practically synonymous with machine-readable. It means no more material in the proprietary, if nearly universal, Portable Document Format (PDF), the online equivalent of faxes, and no more proprietary formats. And, it means ensuring new development projects treat data as a separate, reusable commodity separate from the applications the agency (or its contractors) develop for them.

  Not everyone believes this downloading rush is practical. A story just last weekend in NextGov rounded up some doubters who cited the very use of the PDF as a reason why a directive for machine-readable data would be hard to fulfill.

  The irony here is that for science-oriented agencies, like NASA, the concept of creating and publishing raw data for other agencies and external communities of interest goes back decades. The formats might not rate on the openness scale like XML, but they were — and are — understood by the communities they serve. But in the iPhone era, your community is likely to be less cozy than fellow astrophysicists and, instead, encompass thousands or millions you don't know, but who rightly consider your data to be theirs.

  Return to top

---

• What's So Hard About Authentication? Ask the IRS

  During a recent panel discussion in Washington, someone from the audience asked Vint Cerf what he would have done differently in development of IP, the Internet Protocol. Cerf, one of the original IP team members back in the 1970s, said he would have given more attention to three characteristics of IP: Address space (thinking the nearly five billion allowed by the original IP would be enough "for an experiment"), authentication and mobility.

  Then he added, "Still, it's pretty amazing." Well, yes, the Internet is pretty amazing both as a cultural and economic phenomenon. But as Cerf correctly implied, the difficulty of authentication, that is, verifying senders and receivers of data, is one of the most vexing things about the Internet. It is at the heart of many security concerns. When Cert developed the original IP he never expected the Internet to encompass tens of millions of computers and billions of users.

  Given the number of activities in which the average person engages the Internet daily, you'd think authentication had been solved. Yet a recent inspector general report shows that at the IRS, authentication is still a work in progress. Briefly, the IRS was just about to deploy the first phase of an online, citizen-facing application called My IRS Account, or MIRSA. Though its name is homophonous with a deadly virus, MIRSA was to be a way for taxpayers to view their account history online, obtain commonly-used forms, and obtain help without having to call an IRS 800 number. Yet 32 months and $10 million into the project, the IRS canceled it, even as the IG was looking into it.

  Why? Essentially, the MIRSA team had to develop its own electronic authentication system, in the absence of an IRS-wide authentication architecture, the IG found. The MIRSA team had come up with a way to authenticate users, but it wasn't sure its solution would confirm to an eventual IRS authentication system — the development of which was put on hold in 2007. And when stopping MIRSA, the team also didn't develop a formal plan to reactivate it. For now, the one-way, online tax payment will remain the principal e-government application at IRS 

  The full story behind this odd turn of events — the termination of a useful piece of e-government at the 11th hour — isn't known, but I suspect IRS was gun shy over something associated with authentication, and that is the use of cookies. The Obama administration is trying to find a rational way to allow agencies to more frequently use cookies computers of citizens who may frequent a particular agency application. The privacy advocacy groups tend to get hysterical over the mention of cookies, and in fact they — cookies, that is — do represent a threat to privacy if misused or used in the absence of prominent and plain-English privacy statements. But the timid distance agency managers keep from cookies can be a hindrance to deployment of a richer and more-useful e-government generation of applications.

  In the IRS' case, the MIRSA system would essentially be playing back information taxpayers are required to submit already, either electronically or in paper. If the privacy issue was its primary concern, it doesn't sound as if the agency has an insurmountable obstacle from a technology or legal standpoint.

  Return to top