Summaries for December 1, 2009

FOR IBM'S ALTMAN, RETURN TO GOVERNMENT MARKET IS A REUNION
When Anne Altman left IBM's government unit to take over its far-flung server and mainframe business, the federal IT community felt like a friend was leaving the home team for a distant league. But this past summer, after about two years, Altman returned as general manager for public sector. "It does feel like coming home to something I have been passionate about my whole life," Altman said.  -> Read More

THE PROBLEMS IN GOVERNMENT DON'T COME FULL CIRCLE
Can't. Fails To. Snafu. Unable. Glitch. Misuse. These are the words in current headlines talking about government 's ability to get things done, or rather inability. Some of the failings make a great case for application of IT, but some are in the application of IT itself. Find out why there is yet another legislative attempt to fix IT procurement. -> Read More

                                                                            Advertisements



Register Today for GSA's:
IRMCO 2010: Vision+Velocity=Value
Formula for 21st Century Leadership
Early registration rates for government are now available for IRMCO 2010.  Plan now to attend IRMCO 2010 on April 11-14, 2010 at the Hyatt Regency Chesapeake Bay in Cambridge, Maryland.  Federal Travel Regulation on Conference Planning-Prepayment of Registration Fee, FTR Amendment 2006-02allows for the reimbursement of the prepayment of early bird registration fees to attend a conference, so take advantage of the IRMCO 2010's discounted rate.  The 49th annual government-only gathering of agency career and political leaders is the premier place to network and discuss the government's challenges.

Go to www.irmco.govto register and receive early discounted rates for government's management conference or call 202-237-0300.  For further information, email Peg Hosky at peg@hosky.com.

WEB SITES BECOME THE ADMINISTRATION'S WD-40
Ever meet a mechanic whose automatic answer to any household mechanical malfunction is the application of WD-40? You know, the spray-on lube designed to loosen rusty nuts and bolts. Unfortunately, in many instances WD-40 solves a problem only briefly. For instance, if the underlying squeak or balky hinge requires heavy white grease that stays in place, then runny WD-40 won't do. It seems as if posting things on Web sites has become the Obama administration's WD-40.  -> Read More

BURNED CIRCUIT BOARD TO NEW CHINA CONCERNS: NEWS FROM THE CYBER FRONT
Developments on the cyber security front show the increasing complexity of this challenge. For a long time, agency security managers have preached the idea that security should be programmed into systems from the outset, not added in later. Now they have a new tool to help in that endeavor. The release of a revised Special Publication 800-37  from the National Institute of Standards and Technology describes a life-cycle approach to cyber security.  -> Read More

• For IBM's Altman, Return to Government Market Is A Reunion

  Anne Altman

  When Anne Altman left IBM's government unit to take over its far-flung server and mainframe business, the federal IT community felt like a friend was leaving the home team for a distant league. But this past summer, after about two years, Altman returned as general manager for public sector. Her new post includes not just U.S. federal but government worldwide as well as the educational sector. In all, 170 countries, kindergarten through high school, health care, and life sciences including pharmaceuticals fall under her stewardship.

  "It does feel like coming home to something I have been passionate about my whole life," Altman said. In the two years Altman was gone from the government market, a great recession struck the country and the U.S. federal government underwent a sea change in policy with the election of a Democratic president.

  "There's a different lens on the same issues. In the market, the Obama administration put a face on its priorities that is different from its predecessors. For example, the desire for more transparency and application of new technology to make the government more accessible," Altman said. The souped up emphasis on health IT and the effect of stimulus spending also make for a noticeable difference from two years ago, she said.

  She sums up her view of how she pictures federal managers' thinking: "Two years ago we talked about skills and shared systems, but IT's focus is very much around mission outcomes, how can I use these technologies to deal with very tight budgets and be expected to deliver impressive mission performance and responsiveness."

  A big marketing push for IBM has been behind the company's "smart planet" theme. "Today, everywhere we look, things are 'instrumented,'" Altman said. That is, components in systems such as electrical, water, transportation, buildings and weather carry IP addresses so that they can be monitored by and respond to network control.

  "We talk about intelligent transportation because that's what people can relate to," Altman said. "Now we have data showing people sitting in cars have 40 hours per year of lost productivity. Think about instrumentation of sensors in roads that can manage traffic flow. It's a very powerful proposition that's now available."

  Similarly, analytics tools applied to large data sets can help government managers detects things like financial fraud or improper payments.

  IBM's strategy for marketing these types of products and services involves the combination of technologies it has developed and acquired in recent years, such as its Tivoli software for managing enterprise IT infrastructure, WebSphere for application integration, and Cognos business intelligence software. The company uses a variety of channels, including direct sales of the software, systems integrators, value-added resellers and offering the software as a service to customers. "We have the intellectual property that differentiates us," Altman said, adding that IBM recently developed a government framework to use IBM software to build public sector applications.

  "More than ever," she said, "government is looking for unique capabilities to speed deployment and lower cost, to reduce their risk, ensure powerful security." That capability can come from any number of types of vendors, and Altman hopes IBM will be common to them all.

  IBM also opened last month a data analytics center in Washington. It has opened similar centers in Beijing, Berlin, Dallas, London, New York and Tokyo. The D.C. center is co-located with IBM's Institute for Electronic Government on K Street. Altman said it will bring advanced software and couple it with subject matter experts, "so we can tailor work we do for requirements of clients."

  Altman, a 28-year veteran of IBM, said her experience in the mainframe market is relevant to the government market. As agencies consolidate their infrastructures of multiple servers and adopt cloud computing, the scale and manageability of mainframes will, in a sense, put the big iron back in vogue. Mainframes run Linux and other open source operating systems as well as derivatives of the classic VM.

  So while the federal market won't have Altman all to itself -- Todd Ramsey remains the general manager for IBM's U.S. federal business -- she does feel at home and has been making the rounds of federal market events. Otherwise, she said, "I'll engage as Todd needs me." Because the Z-Server business caused her to relocate, she quipped that her family "had the sense that mom's home, even though I travel all the time."

  Return to top

---

• The Problems In Government Don't Come Full Circle

  Can't. Fails To. Snafu. Unable. Glitch. Misuse.

  These are the words in current headlines talking about government 's ability to get things done, or rather inability. Some of the failings make a great case for application of IT, but some are in the application of IT itself. The doomed presidential candidate Michael Dukakis, former governor of Massachusetts, famously remarked in his otherwise forgettable 1988 nomination acceptance speech, "This election is not about ideology, it's about competence." He was glaringly wrong, of course. Elections tend to be thoroughly arguments about ideology. But when it comes to the government program completion, competence is a question mark regardless of which party is in office. Eventually, the government finishes projects, but somehow it always takes longer and cost more than anticipated at the outset.

  These delays result in what I call the government's failure to "close the circle" -- in a process that engages contractors with equal culpability.

  Examples:

  • Homeland Security is now able to gather the information it needs on visitors to the United States, but it can't verify that they've left. Nearly 3 million foreign visitors checked in last year, but no one knows if they left when they were supposed to. Like so many projects, the goals of the U.S. VISIT program are easy to state but difficult to accomplish. As with the roach hotel depicted in a commercial for bug killer, people check in, but the government doesn't know if they check out.

  • The Federal Emergency Management Agency's deputy administrator, Timothy Manning, told the House Homeland Security Emergency Communications Subcommittee last month that the agency is unable to verify whether grants given to state and local governments had made measurable progress in their disaster readiness. More than chump change is at stake. Over the last seven years, the grants have totaled $29 billion.

  • A new Government Accountability Office report took a look at whether the Food and Drug Administration ever follows through on drugs for which it has granted approval and which prove to not produce the purported benefits. Turns out, the agency has never actually pulled approval for drugs that don't work, even though the efficacy studies are available. The drugs in question fall under the accelerated approval program dating back to 1992. It's a great idea, to speed promising drugs to the market, but without the back end of pulling the drugs that don't work off the market, the circle stays open.

  • The Social Security Administration has, for 25 years, been handling a steadily increasing workload with a steadily decreasing workforce. The agency's IT investments have made up the difference. Yet if you follow that trend to its logical, if absurd, conclusion, the day will come when everyone in the nation is applying for benefits and there is no one to process them.

  And then there was the news last week that the level of improper payments doled out by the federal government in fiscal 2009 hit close to $100 billion, with Medicare accounting for nearly half of the total. In a Federal News Radio interview , Deborah Taylor, the acting chief financial officer of the Centers for Medicare and Medicaid Services, said, somewhat startlingly, that CMS doesn't track fraud as part of its improper payment monitoring. The reason? Fraud imputes motivation to the recipient of an improper payment, whereas many of the payments are administrative errors. So while the financial office has capable tools for monitoring and catching improper payments, fraud remains the open segment of the circle. (More on improper payments in the story below.)

  It's not as if every federal executive or program manager is incompetent. To the contrary, the level of individual competence in the public sector rivals what you'll find in the private sector. In my observations, the problems in government arise not out of the people, but rather out of the unique federal governance system in which there are conflicting masters of events and it is difficult to execute the kind of crisp yes- and no-saying possible in the private sector. Sometimes I think this phenomenon is more a function of organizational size than of whether private or public. It took 35 years, but bureaucratic governance eventually bankrupted mighty General Motors.

  So it comes down to yet another bill, the 2009 Information Technology Oversight and Waste Prevention Act, introduced by Sen. Tom Carper (D-Del.). Whether action will happen this session is questionable. The current continuing resolution expires Dec. 18 and so the Senate and House will have to fashion yet another omnibus spending bill for fiscal 2010. And, of course, the Senate is about to jump into the muck of health care reform debate.

  One provision of the bill would publish IT investment on a Web site, the administration's default response. Those with longer memories know that predictability and effectiveness of IT investing have been issues dating back to the Brooks Act  of 1965, followed by the Clinger-Cohen Act  of 1996, which repealed the Brooks Act. Clinger-Cohen, or the Information Technology Management Reform Act, came shortly after a screed, "Computer Chaos ," summarized IT development and deployment problems of the day. It was written by Julius Epstein, a staff member of then Senator William Cohen. (A re-read shows how surprisingly fresh the 1994 report remains.) Various trade and lobbying groups have endorsed the Carper bill, but it will be incumbent upon their members to renew the so-called partnership that government and the IT industry have benefited from for the past couple of decades.

  Return to top

---

• Web Sites Become the Administration's WD-40

  We used to kid my father, because his automatic answer to any household mechanical malfunction was the application of WD-40. You know, the spray-on lube designed to loosen rusty nuts and bolts. Unfortunately, in many instances WD-40 solves a problem only briefly. For instance, if the underlying squeak or balky hinge requires heavy white grease that stays in place, then runny WD-40 won't do.

  It seems as if posting things on Web sites has become the Obama administration's WD-40. Following stimulus data, tracking IT investments, contractor performance and improper federal payments are all on or planned for Web sites. But in the case of the up-and-running recovery.gov and IT dashboard sites, the online data serve only part of the government's purpose. They do expose what is going on to some extent. But do they really solve underlying problems?

  The IT Dashboard -- still carrying the "beta" descriptor -- lists the agency IT investments and their state of completion by cost and schedule. Since its debut, it has added information that was obviously missing, such as the contractors for troubled projects. But in most cases, there is precious little information about how and why a project might be faltering.

  Recovery.gov has been so problematic it has become a political problem for the administration. Like the IT Dashboard, which depends on reporting by the agency CIOs, Recovery.gov is populated with reporting by recipients of stimulus funds. The extent of data inaccuracy has called into question the very order of magnitude of the number of jobs created by the whole program. Earl Devaney, the chairman of the Recovery Accountability and Transparency Board, has pointed out that stimulus reporting errors show everyone what those in government have experienced for a long time: difficulty in having real accountability for money spent on federal grants and contracts. That unintended revelation by recovery.gov -- that much of the reporting looks made-up or simply careless -- might turn out to be the real value of the site. Transparency to reveal opacity. As the Government Accountability Office stated in its November report on stimulus, "[T]here are a range of significant reporting and quality issues that need to be addressed." GAO cited 3,978 reports of money received but unspent, yet reporting more than 50,000 created or "saved" jobs. Nearly 10,000 reports representing a billion dollars in spending showed no jobs having been created.

  President Obama issued an executive order last month, following another revelation that improper payments had totaled nearly $100 billion in fiscal 2009. It includes a provision to "publish on the Internet information about improper payments under high-priority programs." There was much more to the order, including reduction targets for improper payments and plans for achieving them, but the administration couldn't resist the WD-40 of a web site.

  In the meantime, the administration is also launching a site this month to post Medicare payments. Medicare is the source of $47 billion of federal improper payments. Several news reports pointed out the dangers to privacy inherent in publishing such data. But the bigger question is, absent the hard work of improved management controls and monitoring tools riding on Medicare's financial system, what benefit can come from the site? It could end up being transparency without real value of bringing improvement to Medicare payments.

  So web sites sprout for spending stream after spending stream. They don't do any particular harm, except by signaling to the public, perhaps, that the mere exposition of publicly available information in the Web format somehow equates to transparency and program improvement. But transparency into the real underlying problems of mis-reporting, poor program management, or improper payments? That remains the hard work of inspectors general, the GAO, special interest groups and reporters. Program improvement occurs not by the wholesale publishing of data on a Web site, but, as noted in the story above, by good management and investment in tools that give actionable information to federal managers.

  Return to top

---

• Burned Circuit Board to New China Concerns: News from the Cyber Front

  Developments on the cyber security front show the increasing complexity of this challenge.

  For a long time, agency security managers have preached the idea that security should be programmed into systems from the outset, not added in later. Now they have a new tool to help in that endeavor. The release of a revised Special Publication 800-37  from the National Institute of Standards and Technology describes a life-cycle approach to cyber security. Key to the revision, the first since 2002, is building cyber standards into enterprise architectures so security really does bake into new systems. And it emphasizes real security monitoring, an advance over reporting on standards compliance reporting solely for the purposes of meeting requirements of the Federal Information Security Management Act (FISMA).

  Noteworthy in the 800-37 update, according to Ron Ross, senior computer scientist and cyber security researcher at NIST, is that it is one of several revisions in which there is active collaboration between civilian and DOD agencies, as well as industry. DOD brings considerable resources to the cyber challenge, and so 800-37, if agencies inculcate its recommendations, could bring real improvement into the planning and processes for cyber.

  The release of the new version of 800-37 roughly coincided with a new, if familiar-sounding, report  from the Government Accountability Office. This latest update reflects the changing nature of threats. It urges agencies to update what they do for cyber protection. Threats are certainly becoming more frequent, with the number of intrusions reported by the Computer Emergency Response Team rising steadily. More importantly, they are increasingly motivated by financial gain and espionage.

  The GAO report's principal authors, Greg Wilshusen and David Powner, told the Senate Judiciary Committee's Terrorism and Homeland Security Subcommittee that it's time to update FISMA itself, so that the law has a more operational and outcomes emphasis.

  That latter quality was underscored in yet another new report, this time from the latest annual report to Congress from the U.S.-China Economic and Security Review Commission. It cited a variety of sources pointing to increased intensity of cyber espionage and other malicious online activity originating in China. The precise origin point of cyber mischief is always difficult to pinpoint, the report states, but "a significant and increasing body of circumstantial and forensic evidence strongly indicates the involvement of Chinese state or state-supported entities."

  Still another challenge, at least for some agencies, is the aging of their physical infrastructures. This isn't usually cited in the cyber security context, but consider the recent failure of a circuit board in an FAA communications router in Salt Lake City. The incident caused the widespread Nov. 19 interruption of air travel. The incident showed that the basic plumbing of the FAA's networks is not to be taken for granted. But there is more to it than that, according to an E-week story , which highlighted Harris Corp.'s contract to maintain the National Airspace Data Interchange Network, in which the failure occurred. Now members of Congress are wondering why a single point of failure could bring down NADIN, which meant pilots could no longer electronically upload flight plans. It was the need to manually enter information by FAA employees that slowed the air space system down.

  The outage wasn't the result of a malicious cyber attack. But it shows that a comprehensive approach to the security of cyber systems must include oversight of contracts to maintain systems. It must also take into account the effect of an outage regardless of cause. Cyber threats have one of two goals. Theft of information and money is one. Disruption of operations is the other. In that sense, what's the difference if a hacker or a fried circuit board brings down a network?

  Return to top