Summaries for November 15, 2009

SPIRES TAKES CONTROL AS CIO AT HOMELAND SECURITY
How do you get your arms around 79 IT projects, each of which is large enough to have its own Exhibit 300 justification? For Richard Spires, the new CIO at the Homeland Security Department, you do it one project at a time. It matters, because DHS has something of a reputation for problematic IT deployment. "I am personally conducting reviews of all 79 programs," he said.   -> Read More

IS FEDERAL IT REALLY SO BADLY OUTDATED?
Back in the days when hardware advances were the gating function in IT development, the long procurement cycles of the federal government used to regularly receive blame for the government being behind the technology curve. "By the time we buy it, it's obsolete," was the common refrain. That hasn't been heard for a long time. Now processing, memory and storage are cheap. Applications are developed for a web environment. So aside from scale and capacity, obsolescence of hardware is a more easily surmountable problem than it was decades ago.  -> Read More

                                                                            Advertisements



Register Today for GSA's:
IRMCO 2010: Vision+Velocity=Value
Formula for 21st Century Leadership
Early registration rates for government are now available for IRMCO 2010.  Plan now to attend IRMCO 2010 on April 11-14, 2010 at the Hyatt Regency Chesapeake Bay in Cambridge, Maryland.  Federal Travel Regulation on Conference Planning-Prepayment of Registration Fee, FTR Amendment 2006-02allows for the reimbursement of the prepayment of early bird registration fees to attend a conference, so take advantage of the IRMCO 2010's discounted rate.  The 49th annual government-only gathering of agency career and political leaders is the premier place to network and discuss the government's challenges.

Go to www.irmco.govto register and receive early discounted rates for government's management conference or call 202-237-0300.  For further information, email Peg Hosky at peg@hosky.com.

NO USE WAITING AROUND FOR A WHITE HOUSE CYBER COORDINATOR
It is becoming increasingly clear, no one wants the job of cyber security coordinator in the White House. So Chris Painter continues to perform the job on an acting basis, tasked from the FBI. The question is what job he is doing. Bills pending in the Senate would turn the job in to a Senate-confirmed one. Competing bills would put the person in the White House or the Homeland Security Department. And Rep. Jim Langevin (D-R.I.), chairman of the House Armed Services Strategic Forces Subcommittee, has promised to introduce a bill to detail exactly what the cyber coordinator would do. -> Read More

BUDGET "CUTS" FOR 2011 WILL BE MOSTLY FICTION
It was no coincidence that the Office of Management and Budget warned agencies to prepare a zero-growth and 5 percent lower 2011 budgets just as President Obama headed for China. Those tough Chinese know they can pressure the U.S. president on budget deficits. But is real budget reduction in the cards? The short answer is no. Never has been.  -> Read More

• Spires Takes Control as CIO at Homeland Security

  Richard Spires

  How do you get your arms around 79 IT projects, each of which is large enough to have its own Exhibit 300 justification?

  For Richard Spires, the new CIO at the Homeland Security Department, you do it one project at a time. It matters, because DHS has something of a reputation for problematic IT deployment. "I am personally conducting reviews of all 79 programs," Spires said. The programs range from departmentwide, like consolidating the DHS infrastructure, to mission-specific, like the Secure Border Initiative tech-fence along the U.S. and Mexico border.

  "Delivery has not been stellar," Spires said, referring to a string of Government Accountability Office reports. "So my top priority is to access and help where we can, and to understand when we have systemic weaknesses." That is, problems with execution that are common to several projects and that stem from project management deficiencies evident in more than one component of the department.

  The departmental CIO, as a position, often has the disadvantage of having too little authority over budgets and activities of agencies and bureaus to be effective. But Spires says the setup at DHS gives him sufficient leverage over the big projects.

  "To make [the reviews] operational, we have an acquisition review process to approve anything over $2.5 million," he said. Plus, a council of all the CIOs in the department is chaired by Spires. He described the council as a "well functioning, collaborative body" that is working to sort out which IT projects can remain strictly under the purview of the component agencies and which, regardless of where they originate, affect the department and therefore should be subject to the CIO office's scrutiny.

  The major project reviews culimate in formal, two-hour meetings. These occur after Spires and his staff haved looked over the paperwork and reviewed earlier program reviews. The program managers prepare presentations, giving the background, status, risks and mitigation strategies. Integral as they are to the IT projects, contractors are not part of Spires' reviews, his rationale being that government staff can be more forthright and candid without the presence of contractor employees.

  "I'm not out to kill progams, but to give them the best chance for success," Spires said. He said he hopes the patterns emerging from the reviews will help his office develop an internal center of excellence for project management by creating tools and guidance for dealing with the common problems.

  Spires is no stranger to big systems and the challenges they entail. He was a long-time employee of SRA International, the systems integrator, rising to senior vice president for its commercial sector. And he worked a stint at the IRS as, successively, Deputy Commissioner for Operations Support, Associate Chief Information Officer for Business Systems Modernization, and Chief Information Officer.

  Did anything surprise him upon entering DHS?

  "I won't say 'surprised,'" Spires said. "When working at the IRS, I was surprised. But not this time." Pretty much throughout the 1990s, the IRS was enmeshed in struggles to get its epic modernization effort off the ground as the agency, at the behest of Congress, sought to reorganize the agency along the lines of the classes of taxpayers.

  "IRS was a much more centralized model. Here, we're trying to figure out how to work effectively in a federated model," Spires said.

  Besides reviewing the projects, Spires has other priorities. One is standing up two matching, physically separated data centers and migrating the department to a single network infrastructure served by the centers. He said the department is still operating 19 legacy data centers that are slated for eventual shuttering, their applications moved into the two centers. The two, Spires said, could be considered Homeland Secuity's own cloud computing facility.

  "This is a top priority from a cost and security standpoint," he said. The timeline for the consolidation, though, "is not all in our hands," he added. For fiscal 2010, Spires got $150 million to help accelerate the migration, but that's not enough to get it all done in a year. So far five have closed, and Spires said the department has developed a methodology for migrating applications and closing data centers in a predictable manner. "There is an approach, it is working," he said. But now the money becomes the limiting factor.

  Other priorities include beefing up DHS's cyber security capabilities, giving more resources to the security operation centers and implementing better intrusion detection capabilities. And, Spires wants to correct what he termed "an imalance between federal employees and contrators" working on DHS mission applications.

  Not that the job can be done without contractors, "but I don't think we have the right balance." So he is planning to hire 200 CIO office employees over the next two years to provide better IT oversight.

  Return to top

---

• Is Federal IT Really So Badly Outdated?

  Back in the days when hardware advances were the gating function in IT development, the long procurement cycles of the federal government used to regularly receive blame for the government being behind the technology curve. "By the time we buy it, it's obsolete," was the common refrain.

  That hasn't been heard for a long time. Now processing, memory, and storage are cheap. Applications are developed for a web environment. Aside from scale and capacity, obsolescence of hardware is a more easily surmountable problem than it was decades ago.

  So it was surprising earlier this month when Jeffrey Zients, the Office of Management and Budget's deputy director for management and chief performance officer, cited outdated IT as one of the government's biggest impediments to improved performance.

  For the most part, federal hardware is about par with that of the private sector. Perhaps what Zients intended to convey is how difficult it is for the government to deploy the latest applications for managerial decision support. If you look across the recent landscape of federal systems, you'll find plenty of examples of where more modern applications might have staved off some real performance problems.

  • The Commission on Wartime Contracting chided the Defense Department for not even being able to get a handle on the contractor headcount in Iraq and Afghanistan. The application, the Synchronized Predeployment and Operation Tracker, SPOT, just doesn't work very well. The commission recommended the Defense Contract Audit Agency and the Defense Contract Management Agency get on the stick to obtain an accurate count. Shay Assad, the Deputy Under Secretary of Defense for Acquisition and Technology, promised a fix.
  • Social Security Administration is hindered in its ability to offer online services because its information is locked up in mainframe formats -- at least according to a report from the Computer and Communications Industry Association. The purple prose in the report overstates the problem, and frames it as the agency's dependence on IBM. Many large organizations have migrated COBOL logic to modern languages, and exported data to other database formats. Social Security certainly could do the same as it contemplates a new data center scheduled to come online in the next few years.
  • At the FBI, the fifth in a series of inspector general reports on the Sentinel project warned last week that glitches in a particular functional module of the half-billion-dollar case management system had to be redone, delaying Phase 2 of the project and adding cost. Phase 2 is supposed to bring eight electronic forms online and the workflow to support their use. Now it will be nine months late. One problem with the system is the FBI's old network infrastructure, the IG found. It slows down information requests from users. The FBI is spending another $39 million to increase network capacity. But delays in Sentinel itself were caused by difficulty getting information forms in to electronic formats. Sentinel sounds like a fiendishly complex project to accomplish, but its ultimate purpose is to help agents access and share information from anywhere within the FBI and to boost productivity.

  At the heart of these and so many other projects is data -- gathering it, storing it and making it into usable and sharable information.

  The trend in data use is combining all of the data, whether structured or unstructured, and looking for the types of patterns that support decision-making. Relational databases do this with reports, while Boolean searches serve up documents with key words. Social media allow sharing of what people think is important. But the ability to apply unstructured questions to large masses of data, that is, data analytics, is just now making its way into government. Several point product vendors offer tools, and now the large companies are trying to get in on this business. Last week, IBM opened a new data analytics center in Washington, the sixth one it has opened. The center integrates data analysis products the company has developed or acquired and turns them into a service for federal agencies.

  So Zients seems to have been correct in his call for updated systems. Some agencies, like the FBI, have to update their infrastructures so they support speedy movement of large files or data sets. But the cross-cutting issue for government is decision support out of the terabytes of data agencies are sitting on.

  Return to top

---

• No Use Waiting Around For a White House Cyber Coordinator

  It is becoming increasingly clear, no one wants the job of cyber security coordinator in the White House. So Chris Painter continues to perform the job on an acting basis, tasked from the FBI. The question is what job he is doing. Bills pending in the Senate would turn the job into a Senate-confirmed one. Competing bills would put the position in the White House or the Homeland Security Department. And Rep. Jim Langevin (D-R.I.), chairman of the House Armed Services Strategic Forces Subcommittee, has promised to introduce a bill to detail exactly what the cyber coordinator would do.

  Beyond that is a bill approved by the House Science Technology Committee that would update the Computer Security Act of 1987 to take into account the Internet dependency that has spread through the cyber world. The un-numbered Cybersecurity Coordination and Awareness Act would require the National Institute of Standards and Technology (NIST) to develop fresh standards to apply across the government for the protection of non-classified federal systems. And Sen. Joseph Lieberman's (I-Conn.) bill is still on the burner, to give the Homeland Security Department and the Federal Energy Regulatory Commission (FERC) more authority to set standards for and regulate cyber security for the privately-owned electrical grid.

  It is an open secret in the cyber community that numerous people have turned down the White House for the cyber job. And the reason is the job doesn't have any real power the way it is constituted. Who would want to report bilaterally to National Security Advisor Jim Jones and Economic Advisor Lawrence Summers? Especially Summers. The situation may go on a while, because the aforementioned bills are unlikely to see action before the end of the year. Between the 2010 appropriation work yet to do, and long debate on health care legislation, it is unlikely a slew of cyber security bills will make it to the floor this year.

  Not that there’s any slowdown in cyber threats. The latest report comes from Neustar Inc., of Sterling, Va. Neustar is a provider of network services like transfer of phone numbers from one cellular network to the other. It is also the federal contractor for the Domain Name Service at the root of the Internet. As such, the company scans the Internet for threats. In a report last week it pointed out the existence of a new man-in-the-middle scheme to purloin credentials of automated clearing house (ACH) users. The damage to small companies and non-federal government agencies has hit the tens of millions of dollars, but the company said thousands of federal servers look to be infected with the malware.

  Earlier there was the scandal-ette when file sharing software on the computer of a House aid cause released of the list of Members under ethics investigation. That caused a flurry of House oversight – of itself.

  Constant probing, and the occasional penetration, sometimes by Chinese hackers, possibly government-backed, also has the federal government both nervous and unsure how to deal with it. China, after all, is a major trading partner and creditor to the U.S.

  Even the technology reseller, CDWG, found in a survey that federal managers face almost daily cyber security problems.

  In the absence of a strong cyber security offensive from the White House, federal agencies need not wait around for direction. NIST has recently updated its security standards guidelines. These include publications 800-53 covering Security controls; 800-65 for integrating security into capital planning; 800-70 covering checklists for IT products; 800-73-3 covering ID cards and related equipment; 800-78-2 covering cryptographics for personal identification; 800-120 and 127 covering wireless network authentication. and 800-126 covering the Security Content Automation Protocol. See the complete list of NIST publications here . The Einstein intrusion detection and Trusted Internet Connection initiatives have not ceased. White House policy isn't needed to implement strong security safeguards.

  Return to top

---

• Budget "Cuts" For 2011 Will Be Mostly Fiction

  It was no coincidence that the Office of Management and Budget warned agencies to prepare a zero-growth and 5 percent lower 2011 budgets just as President Obama headed for China. Those tough Chinese know they can pressure the U.S. President on budget deficits. According to one article TheStreet.com published Monday, China holds in excess of $2 trillion in foreign currency reserves, mostly dollars. And that includes $800 billion in U.S. Treasury bonds. Notwithstanding that most of the goods produced in China are exported to the U.S., the Chinese leaders are in a position go chide Obama on further deficit growth and its effect on the dollar.

  Thus the tough talk on discretionary agency budgets, to show the Chinese that the administration is serious about deficit reduction. But is real budget reduction in the cards? The short answer is no. Never has been. A couple of things to keep in mind: First, discretionary budgets for 2010 are up between four and five percent for most agencies, so there is a high base to start with. Input and others peg the IT spending at above $78 billion in 2010. The overall spending is in addition to still-unspent dollars from the stimulus bill and the Trouble Asset Relief Program. The administration has also been toying with the idea of using the remaining $200 billion in TARP funds for deficit reduction, but the drive to spend the stimulus money will be as irresistible as the Sirens were to Odysseus (if he'd been untied).

  The idea of zero-growth budgets is not new. Every President has proposed them. What would be new is if budgets actually did not rise, a condition that is, for all intents and purposes, impossible. If for nothing else than congressional earmarks, federal budgets will grow. Besides, as Qorvis Communications' Stan Collender points out in his blog , every administration routinely asks for varying budget scenarios. Collender's insistance that this administration is serious about deficit reduction may be questionable, when it is pushing a trillion dollar new entitlement program under the guise of health care reform, but Stan's point that this is nothing new is well taken.

  Of more relevant interest for 2011 is whether more budget authority is moving towards the federal CIOs. As the interview with Richard Spires above shows, CIOs are finding ways to assert more control over IT spending, especially projects that are in danger of going off the rails. And as NextGov reported , language accompanying the 2010 Veterans Affairs spending bill essentially gives the VA CIO a gatekeeper function over IT spending -- recognizing that the CIO, Roger Baker, put nearly four dozen project on hold last summer to review them.

  For contractors, the challenge won't be in whatever total budget is agreed on, but rather what form the nearly $80 billion in IT spending will take. The administration, like its predecessor, wants to reduce infrastructure costs, while at the same time upgrading networks where required. To be sure, there are big projects ahead, including further deployment of NextGen air traffic control systems, new super computers at the National Oceanic and Atmospheric Administration, continuance of the Secure Border Initiative, and cyber security pretty much everywhere.

  Return to top