THE BUSINESS OF FEDERAL TECHNOLOGY HOW TO STAY OUT OF THE VOLUME 26 NUMBER 18 OCTOBER 30, 2012 HOT SEAT 6 tips for getting along with Congress and keeping your cool at the witness table PAGE 20 Supporting All Walks of Government– No Matter What Shoes You Fill On the road to mission success, you can always count on GSA to help you reach your destination. With GSA’s innovative procurement options, you can get whatever your military or civilian agency needs to step up and achieve its goals, at the best value for America. For product and service solutions that meet all government requirements and mandates, including environmental sustainability, turn to GSA. Visit gsa.gov/atyourservicecmp to learn more. We Accept GSA SmartPay® 2 Trending 119 federal data centers were slated to close in Q3 of 2012. The latest agency progress reports were due Oct. 26. GAO: Strategic sourcing is a missed opportunity Agencies are failing to take full advantage of the chance to save significant money through strategic sourcing, according to a new report from the Government Accountability Office. In fiscal 2011, the departments of Defense, Homeland Security, Energy and Veterans Affairs spent 80 percent of the government’s total $537 billion in procurement spending, but fewer than 5 percent of those dollars were managed through strategic sourcing. The four departments reported $1.8 billion in savings from the purchases that were strategically sourced, a process in which an agency takes a broader cross-departmental approach to purchases. By consolidating individual contracts, agencies can save from 5 percent to 20 percent, GAO found. For example, DHS saved $324 million through strategic sourcing in fiscal 2011 and earned praise last year from the Office of Management and Budget. FCW CALENDAR 10/30 Big data This webcast will announce winners of the 2012 Government Big Data Solutions Award and highlight tips for mission-focused big data deployments. Cloudera Webcast Series. is.gd/wemomo 11/2-9 Innovation and social media The weeklong festival for designers, developers, entrepreneurs and social innovators of all kinds includes 100-plus events around Washington. DCWeek 2012. is.gd/alajoq 11/7 Secure information sharing Gen. Keith Alexander, commander of U.S. Cyber Command and NSA director, will keynote this conference on the security challenges that come with But overall, strategic-sourcing savings equaled less than 0.5 percent of total procurement spending. GAO compared the four departments’ data to those of leading pri- Federal procurement spending in fiscal 2011 $537 billion total $25.8 billion through strategic sourcing (5 percent of overall spending) $1.8 billion in savings through strategic sourcing (0.34 percent of overall spending) Source: GAO vate-sector companies. The private firms strategically manage about 90 percent of their procurements and save roughly 10 percent or more. One unnamed company with $55 billion in improved information sharing. Symantec Government Symposium, Washington, D.C. is.gd/lafafo 11/8 Election impacts Two days after the 2012 elections, a panel of journalists, including FCW Executive Editor Troy K. Schneider, will assess the outcome’s implications for government/ business relations and longer-term technology trends. NVTC Business to Government Committee Event, McLean, Va. is.gd/qaraze 11/13 Digital government Harvard’s John Palfrey will discuss the promise and perils of highly interconnected systems at this daylong conference on deploying Web-based applications, produced by FCW parent company 1105 Media. Akamai Government Forum, Washington, D.C. is.gd/icegid annual spending focused on reducing expenses related to services so that it could cut operating costs by 10 percent to 15 percent. GAO auditors said a similar savings rate would yield the federal government as much as $50 billion annually. GAO said the secret is to use strategic sourcing for services, which is the biggest area of spending for agencies. However, federal officials told GAO that requirements for services are difficult to standardize and it is easier to show results when they use strategic sourcing for commodities. GAO’s recommendations include having Joe Jordan, administrator of the Office of Federal Procurement Policy, tell agencies to track the savings generated from strategic sourcing and use the Federal Strategic Sourcing Initiative to identify products and services governmentwide that would be well Continued on Page 8 11/14 Interagency collaboration GSA CIO Casey Coleman and OMB Deputy CIO Lisa Schlosser are slated to speak on the importance of dialogue across federal departments. AFFIRM Monthly Speaker Series, Washington, D.C. is.gd/onuqun 11/15 BYOD The role of bring-your-owndevice policies in fulfilling the Digital Government Strategy, federal case studies and pilot programs across government, and the management and cultural challenges that come with BYOD are among the topics of this breakfast discussion. AFCEA Bethesda Monthly Breakfast Series, Bethesda, Md. is.gd/saluwi October 30, 2012 FCW.COM 3 Contents 10.30.12 F E AT U R E insecurity: 14 Cyber Managing against the risks Firewalls and other barriers can’t begin to guard against every threat. Today’s interconnected systems and mobile workforce demand a very different approach. BY BRIAN ROBINSON COVER STORY to get along 20 How with Congress Testifying before a congressional committee doesn’t have to be an ordeal. These tips can help agency leaders stay calm and focused under fire. BY BOB WOODS PROFILE Gen. Mark 24 Maj. Bowman: Leading DOD across the enterprise finish line IT is playing a key role in bringing together the military services to share information, services, platforms and costs. Behind the scenes, Maj. Gen. Mark Bowman is helping to drive that change. BY AMBER CORRIN 4 October 30, 2012 FCW.COM TRENDING D E PA RT M E N T S 3 PROCUREMENT GAO: Strategic sourcing is a missed opportunity 5 FCW CALENDAR Where you need to be next 1 1 C O M M E N TA RY 8 9 Managing risk, cyber and otherwise Where are the bold ideas for remaking government? DEFENSE Air Force expands cybersecurity mission BY ALAN BALUTIS Acquisition workforce under siege TECHNOLOGY Industry to agencies: Start small with big data CYBERSECURITY Data leaks: An inside job BY ANNE REED, DAN GORDON AND AL BURMAN 3 keys to boosting employee satisfaction BY SAMPRITI GANGULI 28 EXEC TECH CRITICAL READ A report from DHS’ Task Force on CyberSkills 1 0 PEOPLE David Shearer leaves USDA for (ISC)2 EDITOR’S NOTE Disaster recovery: Should you trust it to the cloud? BY ALAN JOCH 31 DRILL DOWN A 21st-century approach to democratizing data SOCIAL MEDIA A new mayor on Mars BY CHRISTOPHER J. LYONS AND MARK A. FORMAN 34 BACK STORY A cyber conundrum Editor’sNote CHIE F CONT E NT OF F IC ER EX EC UTIV E ED ITOR Anne Armstrong Troy K. Schneider P RINT MANAGING E DITOR ONLINE MANAGING EDITOR Terri J. Huck Michael Hardy SE NIOR WRIT E R Matthew Weigelt STAF F WRIT E RS Amber Corrin, Camille Tuutti CONT RIBUT ING WRIT ERS Alan Joch, Brian Robinson CRE AT IVE DIRE CTOR Jeff Langkau ASSISTANT ART DIRE CTOR Managing risk, cyber and otherwise The need for risk management extends to the budget and agencies’ relationships with Congress Dragutin Cvijanovic SE NIOR WE B DE SIGNERS Biswarup Bhattacharjee, Martin Peace SOCIAL ME DIA MANAGING ED ITOR Heather Kuldell DIGITAL ME DIA P RODUCT MA NAGER William Winton E DITORIAL ASSISTANT Dana FitzGerald E DITORIAL INT E RN Emily L. Cole P RE SIDE NT Anne Armstrong CHIE F OP E RAT ING OF FIC ER Abraham M. Langer SE NIOR VICE P RE SIDENT/GROUP PUB LISH ER Jennifer Weiss VICE P RE SIDE NT, MARK ETING Carmel McDonagh P RE SIDE NT AND CHIE F EX ECUTIV E OFFICER Neal Vitale SE NIOR VICE P RE SIDENT A ND C H IEF FINA NCIA L OFFIC ER Richard Vitale E XE CUT IVE VICE P RE S ID ENT Michael J. Valenti VICE P RE SIDE NT, F INANCE & A D MINISTR ATION Christopher M. Coates VICE P RE SIDE NT, INF ORMATION TEC H NOLOGY & AP P L ICAT ION DE VE LOPMENT Erik A. Lindgren VICE P RE SIDE NT, E VE NT OPERATIONS David F. Myers CHAIRMAN OF T HE BOA R D Jeffrey S. Klein HOW TO REACH THE STAFF You can reach staff members of 1105 Government Information Group. A list of staff members can be found online at www.fcw.com. E-mail: Staff members can be reached by using the naming convention of first initial followed by their last name @1105govinfo.com. Vienna Office (weekdays, 8:30 a.m. – 5:30 p.m. ET) (703) 876-5100; Fax (703) 876-5126 8609 Westwood Center Drive, Suite 500, Vienna, VA 22182-2215 Corporate Office (weekdays, 8:30 a.m. – 5:30 p.m. PT) (818) 814-5200; Fax (818) 734-1522 9201 Oakdale Avenue, Suite 101, Chatsworth, CA 91311 FCW (ISSN 0893-052X) is published 21 times a year, two issues monthly except one issue in Jan, Feb and Dec by 1105 Media, Inc., 9201 Oakdale Avenue, Ste. 101, Chatsworth, CA 91311. Periodicals postage paid at Chatsworth, CA 91311-9998, and at additional mailing offices. Complimentary subscriptions are sent to qualifying subscribers. Annual subscription rates payable in U.S. funds for non-qualified subscribers are: U.S. $125.00, International $165.00. Annual digital subscription rates payable in U.S. funds for non-qualified subscribers are: U.S. $125.00, International $125.00. Subscription inquiries, back issue requests, and address changes: Mail to: FCW, P.O. Box 2166, Skokie, IL 60076-7866, email FCWmag@1105service. com or call (866) 293-3194 for U.S. & Canada; (847) 763-9560 for International, fax (847) 763-9564. POSTMASTER: Send address changes to FCW, P.O. Box 2166, Skokie, IL 60076-7866. Canada Publications Mail Agreement No: 40612608. Return Undeliverable Canadian Addresses to Circulation Dept. or XPO Returns: P.O. Box 201, Richmond Hill, ON L4B 4R5, Canada. For federal technology executives, risk management is always a challenge. But as demands multiply and dollars shrink, there seem to be more risks than ever. That is certainly true in the case of cybersecurity, where the days of impenetrable defenses — if they ever truly existed — are clearly gone for good. (Brian Robinson looks at some of the choices agencies must make in the article that begins on Page 14.) But there are risk management challenges in broader budget categories as well and in the personnel churn that inevitably comes after any presidential election, regardless of who wins the White House. This fall, that balancing act is even more difficult because budget politics have intensified the usual game of political chicken over funding the government. The continuing resolution pushed Congress’ most basic responsibility six months into the new fiscal year. Although agencies are grateful to have at least six months of funding, the threat of sequestration, triggered by the supercommittee’s failure to trim the debt, has injected a new level of uncertainty and risk into everything federal managers are trying to accomplish. The continuing resolution provides a scant 0.6 percent across-the-board increase above fiscal 2012 levels and precludes new starts or projects. Should Congress fail to avert sequestration, agencies will face automatic cuts of some 10 percent come Jan. 2, 2013. Just calculating how much they actually have to spend could consume a good part of the next six months for large agencies. Perhaps the one challenge that is clear and constant for FCW readers these days is the need to connect with Congress and make certain the oversight committees know what is happening. (On Page 20, Bob Woods draws on his agency experiences to show how and why agencies should forge strong ties with Congress.) Even if the Hill is not performing its most basic function, legislators need to be kept up-to-date on the consequences. It’s the only way for executives to navigate these difficult times. — ANNE ARMSTRONG aarmstrong@fcw.com October 30, 2012 FCW.COM 5 Sponsored Report BIG DATA Why you should care about Big Data How to handle the torrent of data cascading into government agencies W hat do these diverse projects have in common? t 'FXFSDPNCBUUSPPQTJO "GHIBOJTUBOBSFCFJOHJOKVSFEPS EZJOHGSPNiJNQSPWJTFEFYQMPTJWF EFWJDFTw*&%T CFDBVTFUIFMFUIBM NJOFTBSFCFJOHEJTDPWFSFECFGPSF UIFZEFUPOBUF t "QBUUFSONBUDIJOHUPPMJT CFJOHEFWFMPQFEUPýOETDIPPMT UIBUQSPWJEFGBLFTUVEFOUWJTBTUP QPUFOUJBMUFSSPSJTUT t "OZDJUJ[FODBOHPPOMJOFBOE JOBGFXDMJDLTTFFIPXIJTUBY EPMMBSTBSFTQFOUCZBXBSETJ[F KPCTDSFBUFETUBUVTMPDBUJPOBOE PUIFSWBSJBCMFT Big Data becoming vital to meet agency missions AGREE SOMEWHAT 45% AGREE STRONGLY 18% 7% DISAGREE SOMEWHAT NEITHER AGREE NOR DISAGREE 23% 7% DISAGREE STRONGLY PGSFTQPOEFOUTXIPBHSFFEPSEJTBHSFFEXJUIUIJT TUBUFNFOU"HFODJFTUIBUBSFVOBCMFUPJNQMFNFOU BOEVTF#JH%BUBXJMMýOEJUNPSFEJGýDVMUUPNFFU UIFJSBHFODZTNJTTJPO 4PVSDF(PWFSONFOU*OGPSNBUJPO(SPVQ3FTFBSDI4UVEZ Other Big Data Research Report Articles 2. More robust analytical tools needed 3. The data deluge conundrum 4. The Big Data talent hunt 5. Overcoming the Big Data challenges FULL REPORT ONLINE Go to fcw.com/bigdataresearch 5IFZSFQSFTFOUUIFEJGGFSFOU XBZTUIBUMPDBMTUBUFBOEGFEFSBM BHFODJFTBSFBDDPNQMJTIJOHUIFJS NJTTJPOTCZMFWFSBHJOHi#JH%BUBw %JGGFSFOUQFPQMFEFýOF#JH%BUB JOEJGGFSFOUXBZTCVUJUTUZQJDBMMZ EFTDSJCFEJOUFSNTPGUIFUISFF7T 1.5IFvolumePGJOGPSNBUJPO 2. 5IFvarietyPGJOGPSNBUJPOBOE 3. 5IFvelocity PGJOGPSNBUJPO UIFTQFFEBUXIJDIEBUBCFDPNFT BWBJMBCMFBOEDBOCFBOBMZ[FE 5IFUISFF7TVTVBMMZESJWF PSHBOJ[BUJPOTUPEFQMPZOFX UFDIOJRVFTBOEUFDIOPMPHJFTUP DPQFXJUIUIFTFGBDUPSTXIJDIPGUFO BSFJODPNQBUJCMFXJUIUIFJSFYJTUJOH CVTJOFTTJOUFMMJHFODFBOEBOBMZUJDT JOGSBTUSVDUVSFTi4PNFQFPQMFNJT UBLFOMZUIJOL#JH%BUBTJNQMZNFBOT UIFZDBOUBGGPSEUPCBDLVQBMMUIF EBUBUIFZDVSSFOUMZIBWFwTBZT#PC (PVSMFZGPSNFS$50PGUIF%FGFOTF *OUFMMJHFODF"HFODZBOEGPVOEFS PG$SVDJBM1PJOU--$BUFDIOPMPHZ SFTFBSDIBOEBEWJTPSZýSNi#VU XIFOZPVTBZ#JH%BUBUIBUVTVBMMZ JNQMJFTBOFXXBZPGEPJOHBOBMZTJT UPNBLFTFOTFPVUPGUIFEBUBw *OBTVSWFZDPOEVDUFEJO"VHVTU CZUIF(PWFSONFOU *OGPSNBUJPO(SPVQQFSDFOUPG UIFBMNPTUSFTQPOEFOUTBHSFFE UIBUVOMFTTUIFZVTF#JH%BUBJU XJMMCFNPSFEJGýDVMUUPNFFUUIFJS BHFODZTNJTTJPOTFFDIBSU "TBSFTVMUFWFOJOFDPOPNJDBMMZ UPVHIUJNFTQFSDFOUPGUIF SFTQPOEFOUTFYQFDUUPJODSFBTF UIFJS#JH%BUBCVEHFUTXIJMF BOPUIFSQFSDFOUQMBOUPNBJOUBJO UIFJSCVEHFUT &SJD4XFEFOQSPHSBNEJSFDUPS GPSFOUFSQSJTFBSDIJUFDUVSFBOE HPWFSOBODFBUUIF/BUJPOBM "TTPDJBUJPOPG4UBUF$IJFG*OGPS NBUJPO0GýDFST/"4$*0 TBZT TVDITVSWFZýOEJOHTSFþFDU BHFODJFTHSPXJOHOFFEUPVTF EBUBUPVOEFSTUBOEUIFGVMMQPSUGP MJPPGJTTVFTUIBUUIFZBSFGBDJOH i"TXFHPGPSXBSEUIFDPODFQU PGJTTVFTNBOBHFNFOUXJMMCFNPSF BOENPSFDPNQMFYwIFTBZTi5IF QFSDFOUXIPTBZUIFZOFFE#JH %BUBUPBDDPNQMJTIUIFJSNJTTJPO BSFSFDPHOJ[JOHUIBUDPNQMFYJUZ BOEUIFOFFEUPHBUIFSJOGPSNB UJPOGSPNBNPSFEJWFSTFTFUPG TPVSDFTWJEFPBVEJPOFXTQB QFSBSUJDMFTBTXFMMBTUSBEJUJPOBM USBOTBDUJPOBMEBUBUPEFWFMPQ UIFLOPXMFEHFUPNBLFDSJUJDBM TUSBUFHJDEFDJTJPOTwt Brocade is helping federal agencies deliver data center-class reliability and scalability to the edges of the network and into the cloud. Brocade. Unlock the full potential of the cloud. Brocade is, quite simply, the leader in cloud-optimized networking for the federal government. With the largest breadth of federally certified products, Brocade is committed to achieving the highest standards of interoperability and reliability required for all federal solutions and the Cloud First mandate. Brocade builds network foundations that ensure federal data center consolidations enable cutting-edge cloud services, seamlessly. When the mission is critical, the network is Brocade. Learn more at brocade.com/everywhere © 2012 Brocade Communications Systems, Inc. All Rights Reserved. Trending 24,500 Continued from Page 3 suited to that procurement approach. In an e-mail message to FCW, Jordan said the government has made progress and that President Barack Obama’s insourcing and acquisition workforce reforms have included telling agencies to buy smarter through strategic sourcing. “As a result, we have seen tremendous progress in leveraging the buying power of the federal government to deliver better prices for taxpayers and are committed to ramping up these results moving forward,” Jordan said. “Strategic sourcing has also been a topic of tremendous focus for top private-sector leaders on the President’s ManJoe Jordan agement Advisory Board, and we are committed to drawing on private-sector best practices along with the many learnings from our agency experience as we work with agencies to ramp up efforts this year,” he added. In response to the report, Rep. Darrell Issa (R-Calif.), chairman of the Oversight and Government Reform Committee, said agencies need to step up their efforts on strategic sourcing. “The federal government must do better when purchasing commonly used goods and services — especially information technology — where inefficiency and waste [are] substantial,” he said in a statement. Issa’s proposed IT procurement reform bill would mandate priority consideration for strategically sourced goods and services. “As the GAO has underscored, leading private-sector companies have successfully used strategic sourcing since the 1980s and saved billions of dollars,” Issa said. “It is time the federal government catches up.” 8 October 30, 2012 FCW.COM DHS jobs could be lost to sequestration, according to Rep. Norm Dicks (D-Wash.), ranking member of the House Appropriations Committee. Air Force expands cybersecurity mission On the same day that Defense Secretary Leon Panetta was in New York warning of a “cyber Pearl Harbor,” Air Force officials in Virginia said the service is making significant progress in both defensive and offensive cyber capabilities, as well as in understanding what is happening on its networks. “We need resiliency in our hardware, our software and the applications,” Air Force CIO Lt. Gen. Michael Basla said at AFCEA’s Air Force IT Day on Oct. 11. “That resiliency will provide us…with the ability to fight through an attack.… We’ve certainly bolstered networks to provide availability…but we haven’t paid quite as much attention to developing a consistent, repeatable and reliable way of guaranteeing the integrity of our information.” Basla said the service is bringing in outside help to get a better idea of the limitations. The Air Force has tapped Rand, for example, to analyze the effects of malicious network activities on command and control systems. According to Brig. Gen. Burke Wil- INK TANK son, deputy commander of Air Forces Cyber, the service is beefing up both defense and offense on its networks. “We’re expanding the mission. Clearly, there is a threat out there,” Wilson said. “We can’t wait for zero-days to hit; we have to be able to see across the network.” That full-spectrum visibility — a sense of situational awareness within and beyond cyberspace — remains a soft area, particularly because the domain is newer than the traditional spheres. “That is probably one of the highest priorities of our senior leaders,” Basla said. “We need to continue to grow that situational awareness cyber picture, and then…get the cross-domain picture between air, space and cyberspace because you’re going to find tippers when you look across those domains, and you’ll derive way more intelligence value.” “We’re looking at defense differently.… It’s really a paradigm shift,” Wilson said. 30,000 computers were rendered useless by the Shamoon virus, which Defense Secretary Leon Panetta called the most destructive attack yet on the private sector. Industry to agencies: Start small with big data A new report on big data urges federal agencies to start small but start now and calls for the creation of a chief data officer position at each agency and also governmentwide. “Demystifying Big Data,” released Oct. 3 by the TechAmerica Foundation, attempts to define big data and its value, and offers 10 case studies to illustrate how big-data projects can serve critical government missions. Half of those examples showcased federal projects. Government has been at the forefront of creating and sharing big data, said SAP’s Steve Lucas, global executive vice president of SAP’s Database and Technology division and co-chairman of TechAmerica’s Federal Big Data Commission. “If you think about what we take for granted today — population data, weather data...we have the federal government to thank for it,” he said. And now, with agencies shar- ing thousands of datasets and the cost of storage and analysis plummeting, “you’ve got almost a perfect convergence [for putting the data to use]. It is not a research experiment. This is something anyone can tackle today.” The report urges agencies to identify two to four key business or mission requirements that big data can address and craft projects to meet those needs instead of attempting to implement a comprehensive big data strategy. Regarding the report’s call for yet another C-level role at agencies, Lucas said big data warrants a dedicated champion, and CIOs and chief technology officers often don’t have the time or the appropriate focus for big data projects. “The reality is, if you’re a CIO and you’re really delivering information to your business...then maybe you get a pass,” he said. “But we’ve [too often] moved from a focus on the information to just the technology.” CRITICAL READ WHAT: A report from the Department of Homeland Security’s Task Force on CyberSkills that outlines 11 recommendations for improving DHS’ recruitment and retention of cybersecurity talent. WHY: DHS formed the task force to address the rising threat of cyberattacks against defense and civilian agencies. The task force’s recommendations are divided among five objectives, including how to make working for DHS more desirable than working in the private sector or at other agencies. According to the authors, the report’s recommendations will help fulfill DHS Secretary Janet Napolitano’s goal of ensuring that Data leaks: An inside job federal agencies and the private sector “will have the technical Despite all the buzz about cyber war these days, a recent MeriTalk survey of federal information security professionals found that unauthorized data is slipping past agency defenses mainly via e-mail. Some cases may reflect sinister intentions, but careless employees seem to be a more significant risk for agencies. cybersecurity workforce needed to meet their mission responsibilities.” VERBATIM: “Recommendation 5: Make the hiring process smooth and supportive and make mission-critical How unauthorized data leaves federal agencies STANDARD WORK E-MAIL AGENCY-ISSUED MOBILE DEVICES USB FLASH DRIVES PERSONAL E-MAIL PERSONAL MOBILE DEVICES WEB-BASED WORK E-MAIL cybersecurity jobs for the 48% 47% 40% 38% 33% 23% federal civilian workforce enticing in every dimension: in mission and service, skills, growth potential, and ‘total value proposition.’” FULL REPORT: DHS.gov October 30, 2012 FCW.COM 9 Trending David Shearer leaves USDA for (ISC)2 SPECIAL REPORT Cloud Services David Shearer, associate CIO for International Technology Services at the Agriculture Department, has left USDA for the nonprofit organization (ISC)2. Shearer, whose 26-year career in public service also included positions at the Coast Guard and Interior Department, left USDA Oct. 19 and started as chief operating officer Oct. 29 at (ISC)2, a global organization focused on educating and certifying information security professionals throughout their careers. Clinton Swett, technical support director at USDA’s ITS, will take over Shearer’s position in an acting role until officials make a permanent selection, Shearer told FCW. At press time, USDA officials had not commented on his departure. TO LEARN MORE, VISIT FCW.com/CloudServices TOPICS INCLUDE 4 cloud trends you need to know about Don’t believe the hype 4 crucial cloud migration strategies Addressing compliance issues in the cloud IaaS: The benefits and limitations A new mayor on Mars SPONSORED BY CSC SCAN THIS QR CODE with your smartphone for the full research report. 10 October 30, 2012 FCW.COM NASA’s Curiosity rover is no stranger to social media. The @MarsCuriosity Twitter account dates back to 2008. On Oct. 3, however, the car-sized, six-wheeled robot generated new interplanetary buzz by checking in at Gale Crater on Foursquare. The check-ins and tips (“Mars is cold, dry and rocky. Extra moisturizer and sturdy shoes would be a good idea, plus oxygen for those of you who breathe.”) have garnered nearly 25,000 likes for Curiosity on the location-focused social network. Not everyone is impressed, however. Wired, for example, noted that NASA has already checked in “in space” and asked: “Shouldn’t planet-hopping robots and scientific agencies have better things to do with their time?” Commentary | A L A N BALUTIS ALAN BALUTIS is senior director and distinguished fellow at Cisco Systems’ Internet Business Solutions Group. Where are the bold ideas for remaking government? The nation faces a wide range of formidable challenges, but ideas for tackling them seem to be in painfully short supply Four years ago, I guided an 18-month initiative to develop a management agenda for the then-incoming 44th president of the United States. That initiative involved: • A year-long seminar series to tap into the collective wisdom of experts with proven knowledge of how to handle the challenges of management in government. • A partnership with The Public Manager and other journals to publicize and distribute findings and insights from the seminar discussions and individual experts. • Close collaboration with other organizations, associations, universities, nonprofit groups, think tanks, and so on to jointly support innovative ideas to improve government and the delivery of services to the public. • A website (NewIdeasfor Government.org) to which individuals from within and outside government were invited to submit new ideas to improve the management of government. This year, I am involved with several good government and academic associations that are similarly gathering ideas and initiatives to present to the new administration and Congress after the election in November. At a recent meeting here in Washington, D.C., several colleagues laid out their proposed report, which focused on the human resources arena. It was a nicely framed, well-researched and eminently reasonable report. But the audience’s reaction left me both surprised and chastened. We all know that our nation is facing challenging times. The lame duck Congress that will reconvene in November must keep the country from going over a fiscal cliff. Lawmakers must deal with the threat of sequestration, the expiration of the Bush-era tax cuts, a budget for fiscal 2013 to extend the existing six-month continuing resolution, and an extension of the federal debt limitations. At our current pace, by 2080 the total We hear again and again that government needs to change, that it needs to be better managed, that it needs to be flatter, more connected, less hierarchical. So why is our reform cupboard so bare? cost of government will be more than three times the revenue. And there are other challenges: the continuing war on terrorism, increasing economic competition from emerging world powers such as China and India, rising energy costs, environmental concerns, and unknown new problems and threats. We hear again and again that govern- ment needs to change, that it needs to be better managed, that it needs to be flatter, more connected, less hierarchical. In other words, we need a 21st-century government. That’s what our audience of fellows at the National Academy of Public Administration told us at our recent meeting. We are at a government management watershed, they said, and are hungry for initiatives that will remake the federal bureaucracy. So where are the big, bold ideas to do so, they asked? The words of Donald Kettl, dean of the University of Maryland’s School of Public Policy, rang in my mind. In the opening article from our 2008 forum on the need for a new management agenda, Kettl argued: “Never has American history seen a time when management has been more important but the stock of ideas has been so low.” If we are at a watershed in modern government, where is the torrent of initiatives that will remake our bureaucracy? Where are the thinkers who will banish our 1950s-era federal processes and structures and remake Washington, D.C.? And why do our career and political leaders — intelligent, thoughtful men and women who have been educated at America’s finest institutions — seem so painfully and embarrassingly short of new ideas? I need to think more about this myself. Why is our government management reform cupboard so bare? What do you think? E-mail me at abalutis@cisco.com. ■ October 30, 2012 FCW.COM 11 of Anne Reed Consulting and former CIO at the U.S. Department of Agriculture. is associate dean Commentary | for governmentis founder procurement law studies at George Washington University Law School and former administrator of the Office of Federal ANNE REED DAN GORDON | Procurement Policy. AL BURMAN is chairman of the Procurement Round Table, president of Jefferson Solutions and former administrator of OFPP. Acquisition workforce under siege Agencies have made progress in hiring talented acquisition professionals, but unreasonable scrutiny from all sides is encouraging risk avoidance and stifling innovation What is the current status of the federal acquisition workforce? Have the actions taken over the past four years helped to address the pressures caused by insufficient personnel and an increased workload? What are the current stress points? To explore these and other questions, the Procurement Round Table, a nonprofit organization of former senior leaders in federal acquisition, recently convened an informal discussion with a number of current executives from multiple federal agencies. This is the first in a series of columns in which we summarize some of the key points from that discussion. The conversation was spirited, and there were some rays of hope, particularly the hiring of additional contracting specialists. One participant welcomed the increase in the acquisition workforce. And it’s not just numbers. Another executive said, “The government has hired more super competent people as interns in the last three years than it has in the prior 20 years.” Still, much of the news was disheartening. Many participants said the current challenges are not related to workload, which suggests that recent efforts to increase the workforce are making a positive difference. Rather, the biggest concern was the toxic work environment and the fear that it will drive talented new employees away. One executive talked about how poorly interns are supervised, saying 12 October 30, 2012 FCW.COM they complain that they “are not allowed to use their brains, to use what they have been taught.” But the problems go far beyond internships. Seasoned professionals feel as though they are under siege. As one participant put it, “Acquisition people cannot make decisions and are frustrated at having to send their work through so many layers of review. Warranted contracting officers cannot get the simplest tasks done and are not allowed to make simple decisions.” Warranted contracting officers cannot get the simplest tasks done and are not allowed to make simple decisions. According to participants, oversight bodies are contributing to the poisoned work environment. One person said the Government Accountability Office and inspector general “have been very aggressive. The GAO and the IG go to the Hill if agencies do not follow them exactly. It is a very confrontational time right now.” Another said, “In its reports, the [Defense Department] IG makes comments like ‘We need to hold the contracting officer accountable.’ These contracting officers are getting named and sometimes have to come in and testify. Rarely has contracting been held to this standard, held accountable in ways that it should not be.” It was discouraging to hear the lesson one person drew from the experience: “Nothing happens to you if you do nothing.” We are succeeding in recruiting and training talented people to tackle complex acquisition challenges, but we are then putting them in an environment that drives them toward risk avoidance and a focus on mere compliance. One senior official said, “We tell contracting officers to use their brains, but also that if they make a mistake, they are toast.” Another participant expressed the view that “it used to be a different environment, one [that cut down on] regulation. Now the environment is risk-averse, and everyone is afraid of being reported to the IG.” Creating a stimulating and rewarding work environment for talented professionals is the key to strengthening the government’s acquisition practices and ensuring that it achieves the outcomes desired for a reasonable cost. After our discussion, we believe we need to raise awareness about the need to find a better balance between oversight — as important and necessary as it is — and promoting the freedom to use good judgment. That flexibility is essential for professionals to thrive and find creative solutions to complex challenges. ■ Commentary | S A M P R I T I GANGULI SAMPRITI GANGULI is managing director of the Corporate Executive Board’s government practice. 3 keys to boosting employee satisfaction The Corporate Executive Board pinpointed areas that have the biggest impact on an agency’s rank in the Best Places to Work index Government executives will soon be receiving their agencies’ results from the latest Federal Employee Viewpoint (FedView) Survey. Those results will not only inform agencies’ 2013 priorities, but will also serve as the basis for the much-anticipated 2012 index of the Best Places to Work in the Federal Government. An agency’s placement on this ranking can have a big impact on employee engagement and candidate attraction. Strong or improving scores can bolster an agency’s brand and reputation and serve as a badge of honor for all employees. Declining scores can confirm employee suspicions of worsening conditions and encourage top talent to explore job opportunities elsewhere. The Partnership for Public Service derives the index from the answers to three FedView Survey questions that indicate employees’ satisfaction with their jobs, their organizations and their agencies’ advocacy. Although those questions are informative indicators, they are not very suggestive of what agencies can do to improve in those areas. The Corporate Executive Board (CEB) used regression analysis of the 2011 FedView Survey results to uncover which workplace attributes have the greatest impact on agency rankings. We found that three characteristics had a disproportionate effect. 1. Recognizing work unit and agency successes. Perceptions of agency mission success and the quality of work completed by an individual’s work unit had the strongest impact on employee satisfaction. Low scores on those questions do not necessarily mean that agencies are not meeting their goals, as there is a wide communication gap across government that can limit employee awareness of local or enterprise success. FedView results indicate that half of employees are not satisfied with the information they receive from management about activity within their Strong or improving scores can bolster an agency’s brand and reputation and serve as a badge of honor for all employees. organizations, while a third do not agree that managers evaluate the organization’s progress toward meeting its goals. Managers and leaders must recognize and share the successes of their teams and those taking place across the agency. Highlighting achievements can pay big dividends in employee morale. 2. Soliciting upward feedback. Employee involvement in the decisions that affect their work represents another top driver of agency rankings. Involving employees in decision-making does not mean catering to their every wish, but it does entail proactively asking for employees’ opinions and valuing their perspectives. Given that some staff are reluctant to share their thoughts, tapping into a direct report’s insights might require proactive probing. Equally important is a manager’s receptivity to employee feedback. In the FedView Survey, one in four employees did not agree that their managers listen to what they have to say. Although soliciting employee feedback can lengthen the decisionmaking process, the benefits — becoming aware of potential risks and increasing employee engagement — can more than make up for the extra time spent. 3. Reinforcing workplace inclusion. A manager’s ability to work well with employees of different backgrounds represents another top driver of employee satisfaction. Although agencies have traditionally focused diversity efforts on getting diverse talent through the door, CEB research shows that workplace inclusion actually has a greater impact on employee engagement and satisfaction than workforce diversity alone. By providing supervisors and hiring managers with simple workflow tools, agencies can improve workplace inclusion without incurring heavy costs. ■ October 30, 2012 FCW.COM 13 CY BER INSECURIT Y Managing against the risks Firewalls and other barriers can’t begin to guard against every threat. Today’s interconnected systems and mobile workforce demand a very different approach. Architecture descr • Architecture referenc • Segment and solution a • Mission and business • Information system b STEP 6 MONITO security con BY B R I A N R O B I N S O N R isk management has been part of IT security from Day One, but has often taken a backseat to aggressive zero-tolerance policies that sought to raise impenetrable barriers to security threats. Now we know better. An explosion in the volume and sophistication of malware in the past few years has overwhelmed barrier technologies such as firewalls and intrusion-detection systems, and the bogglingly fast spread of powerful mobile devices such as tablet PCs and smart phones has provided the black hats with a wealth of different ways to break into networks. “Three decades ago, a mainframe would have been a big investment for an organization, but IT has become a commodity today and we use those technologies very aggressively,” said Ron Ross, a fellow at the National Institute of Standards and Technology and the leader of NIST’s Federal Information Security Management Act (FISMA) Implementa14 October 30, 2012 FCW.COM tion Project. “The trend now is also to connect everything to everything. Couple that with the exponential growth in malware, and that’s why people are so concerned.” In contrast to the castle-and-moat approach to security, risk management sets acceptable levels of risk for an organization, and then controls and seeks to mitigate those risks. That way — or so the theory goes — the most mission-critical systems can be protected and the organization will still be able to function even if cyberattacks succeed in penetrating periphery defenses. Theory is one thing and implementation another, however. Although the concept of risk management is now well understood in agency IT and security departments, it is not yet a widely practiced discipline. Agencies such as the National Security Agency and the State, Commerce and Defense departments are acknowledged leaders in risk man- STEP 5 AUTHORIZE information sys escription rence models on architectures ess processes m boundaries Organizational inputs • Laws, directives, policy guidance • Strategic goals and objectives • Priorities and resource availability • Supply chain considerations STEP 1 CATEGORIZE information system EP 6 STEP 2 NITOR controls SELECT security controls RISK MANAGEMENT FRAMEWORK PROCESS OVERVIEW 5 STEP 3 RIZE system IMPLEMENT security controls STEP 4 ASSESS security controls Source: National Institute of Standards and Technology October 30, 2012 FCW.COM 15 RISK MANAGEMENT agement, but overall, the government is behind the curve. A recent Ponemon Institute study of risk-based security management in the United States, which included input from government organizations, noted that more than three-quarters of respondents had a significant commitment to RBSM, but less than half actually have a program in place. A third of respondents have no RBSM strategy. “Lots of organizations want to do RBSM, and they realize the importance of it,” said Larry Ponemon, the institute’s chairman. “But there’s either resistance internally from people who are reluctant to move out of their comfort zones, or they just don’t have the right resources to make it happen systematically. What you often end up with is a kind of a hodgepodge approach to it.” Chris Kennedy, principal security architect and senior program manager at Northrop Grumman Information Systems’ Civil Systems Division, said he believes most federal agencies understand what risk management is, but “it’s just one of those things that’s really tough to operationalize.” “The challenge is that IT has been traditionally managed in agencies as a mission enabler, and there hasn’t been the level of cross-pollination between the mission owner and IT system operators to manage risk appropriately,” he said. “Someone needs to work the priority of the mission to establish the appropriate risk management framework around the systems.” The first step in developing a risk management program is to get everyone to agree on what the risks are, which is more complicated than it sounds. In the older approach to security, the risks were associated with the network and attached systems, and identifying them was the responsibility of the IT department. With enterprise risk management, many communities own the business processes that are at risk, and with the rise of cloud computing, they will TIERED RISK MANAGEMENT APPROACH • Multi-tier organizationwide risk management • Implemented by the risk executive (function) increasingly have responsibility for the IT services that are delivered. However, each of them might have very different ideas of what the risks are and how to define them. “If you want to develop a cohesive risk management strategy, you have to develop a centralized risk register that everyone can refer to, and that means also having a common nomenclature for risk,” said Torsten George, vice president of worldwide marketing and products at Agiliance, a company that provides risk management solutions. “If you try to do that later, then the accuracy of the data that comes back to you will vary, and the trend data that helps you predict your security needs going forward will be impacted,” George added. NIST’s Ross described this as a need for a second front in government to integrate cybersecurity and risk management processes into the mainstream. “I do think the understanding for all of this is there, but the systemic prob- STRATEGIC RISK TIER 1 ORGANIZATION Governance • Tightly coupled to enterprise architecture and information security architecture • System development life cycle focus • Disciplined and structured process • Flexible and agile implementation TIER 2 MISSION / BUSINESS PROCESS Information and information flows TIER 3 INFORMATION SYSTEM Environment of operation TACTICAL RISK Source: National Institute of Standards and Technology 16 October 30, 2012 FCW.COM SPECIAL REPORT lems are also there and need attending to,” he said. Likewise, it is vital early on to create a governance process for making decisions about which risks will be targeted and what steps will be taken to mitigate them. That process will need to cover the entire enterprise. Once it has been decided that there is a risk in a particular organizational unit with an operational mission responsibility, the governance process will require the professional who can assess that risk to characterize it and describe it to the operational manager, said Lee Holcomb, vice president of strategic initiatives and cyber operations at Lockheed Martin Information Systems and Global Solutions. “That manager needs to be able to say he will invest the money to fix that risk and put in a process to mitigate it, or that he will flat out accept the risk and not invest in mitigation,” said Holcomb, whose federal career includes serving as CIO at NASA and chief technology officer at the Department of Homeland Security. “That discussion is a central one that absolutely needs to take place.” He added that one of the current challenges in the cybersecurity area — and it relates directly to the assessment of risk — is the need for people to be able to say what an additional dollar of investment buys in terms of security. “There are probably a significant number of agencies that don’t have a rich discussion of that through a governance process,” he said. Leadership commitment is also essential for implementing an effective risk management program, said Henry Sienkiewicz, vice chief information assurance executive at the Defense Information Systems Agency. Furthermore, the governance process is vital to ensure ongoing collaboration and synchronization of the efforts of the multiple groups and teams that will be involved. Sienkiewicz said key areas include “identifying roles and responsibilities across the organization, methods for de-confliction of issues, means of communication with stakeholders, sharing of information and ensuring leadership acceptance of risks.” Assessing the risks that must be managed is typically more of an art than a science. NIST recently published the final version of its risk assessment guidelines, Special Publication 800-30, which covers what it sees as the four elements of a classic risk assessment: threats, vulnerabilities, impact to missions and business operations, and the likelihood of a threat exploiting vulnerabilities in information systems and their physical environment to cause harm. The document provides a common lexicon regarding risk factors that influence the method of assessing and ultimately managing risks, Sienkiewicz said. But he added that the methods for assessing risk are more Modernizing the Network TO LEARN MORE, VISIT FCW.com/ModernNetwork TOPICS INCLUDE Wireless networks: Getting ahead of the demand Bandwidth hogs: What’s on your network? Under attack: Network security trends The cloud: An extension of your network Future pipes: 4 networking technologies for the future Sponsored by General Dynamics Information Technology SCAN THIS QR CODE with your smartphone for the full research report. October 30, 2012 FCW.COM 17 RISK MANAGEMENT descriptive than prescriptive and leave it to the organization to determine the most suitable approach for itself, taking into account factors such as system use and mission requirements. Agencies will have to make it up on their own to some extent and choose standards for risk assessments that they will be able to carry forward, said Tim Erlin, director of IT security and risk strategy at nCircle, a company that specializes in risk and security performance management. “There also isn’t a consistent methodology for assessing multidimensional risks or the combination of risk and environment that might be dependent on each other,” he said. “While the NIST guidance is very comprehensive, it doesn’t seem to provide a lot of guidance on how to chain these things together.” One constant in any government program, of course, is cost. Given the budget constraints agencies face today and will have to operate under for the foreseeable future, any sizable new investment will be closely scrutinized. Risk management will involve some upfront costs in terms of process and tools, such as new automation technologies, but it could result in savings down the road. In researching the costs of risk management, the Ponemon Institute has come up with a range that covers short-term costs such as extra people and new technology, indirect costs, and what it calls opportunity costs, the potential for damage to agency missions through data loss and a consequent drop in user trust if security is not done right, for example. “The reality is that the short-term costs probably do go up pretty substantially if you do it right,” Ponemon said. “But over time, we would expect to see a reduction, especially in indirect and opportunity costs.” ■ A RISK MANAGEMENT READING LIST The Federal Information Security Management Act of 2002 and the newer Federal Risk and Authorization Management Program provide detailed requirements regarding what agencies need to consider when assessing and managing security risks. The National Institute of Standards and Technology takes those requirements into account in developing its guidelines for agencies. FISMA sets various standards and guidance for agencies to use when assessing risks and establishing security controls, and agencies must comply with them annually. However, the law does not yet tell agencies that they must improve security, only that they must show that they have a process in place that will enable them to do so. However, FISMA is credited with providing a good foundation for risk management in the federal government. Its requirement for continuous monitoring of security risks and controls is considered a fundamental shift in risk management because it moves reporting from periodic snapshots to a real-time process. NIST has a portfolio of documents 18 October 30, 2012 FCW.COM that provide detailed guidance on risk management, including: • SP 800-30 — Risk Management Guide for IT Systems • SP 800-37 — Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach • SP 800-39 — Managing Information Security Risk: Organization, Mission and Information System View • SP 800-53 — Recommended Security Controls for Federal Information Systems and Organizations • SP 800-53A — Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans The big new idea in the latest set of documents is that agencies should look at risk management as an enterprisewide process and not something to be performed at the system level, said Ron Ross, a NIST fellow and leader of the agency’s FISMA Implementation Project. “It applies to all three tiers in an organization — from where the assessment is done at the highest level, where the risk management strategy is produced [and] is pushed down through Tier 2, where assessments have an impact on mission and business operations, to the system security design at Tier 3,” he said. — Brian Robinson SPONSORED CONTENT SmartSolutions > news, ideas & trends in brief Managed Products and Services Help Agencies Secure Their Networks IT leaders are facing a raft of unfunded federal mandates designed to help secure their IT infrastructure. CenturyLink provides services and support, including MTIPS as a managed security service, that can help them comply with and even exceed the requirements in those federal mandates. September ushered in a series of distributed denial-of-service (DDoS) website attacks against several major U.S. financial institutions. Recent events, in addition to real and increasing threats from both internal and external hackers, underscore the fact that organizations must take cybersecurity very seriously. Several technologies have been designed to protect government institutions and organizations from cyberattacks. Among the approved programs is the Trusted Internet Connection (TIC) initiative, which requires that agencies reduce their number of Internet connections. This can be accomplished via Managed Trusted Internet Protocol Services (MTIPS) under the Networx contract. Additionally, Internet Protocol version 6 (IPv6) migration provides additional IP addresses and better security for devices connected to the Internet. However, few agencies comply with either mandate. For example, only 11 percent of federal agencies had operational support for IPv6 websites at the end of September, according to the National Institute of Standards and Technology. Cost is definitely an issue, as these technologies require new equipment and employee training. Managed services from companies like CenturyLink, however, can help reduce an agency’s capital outlay and the need for new IT staff while increasing overall network security. A Simpler Transition CenturyLink provides agencies with a private transport infrastructure to direct traffic from the agency’s location to a secure MTIPS gateway hosted in one of CenturyLink’s industry-leading, next-generation data centers. CenturyLink is one of the first providers to enable IPv6 on its MTIPS platform, which enables Domain Name System Security Extensions (DNSSEC) capabilities. However, this is not the only thing that separates CenturyLink from its competitors. CenturyLink also differentiates itself with its network and MTIPs service design, which features quadruple redundancy and a resiliency that helps customers derive immediate benefits from migration. CenturyLink can also help agencies design their migration strategy using a best practices template. Once the design is created, the company provides program management support so that there is minimal (if any) downtime. Existing IPS customers can be upgraded to the enhanced managed security services features of MTIPS, and they have the ability to customize and reconfigure that service dynamically. New MTIPS customers can also customize and reconfigure their offerings on a rolling basis. This provides the benefit of not needing to know from “day one” how their network should be designed or configured. In other words, the net- work can evolve as the agency’s needs evolve. As customers become comfortable with the MTIPS product, agencies can modify it based on their needs by using a customized interface portal. An added benefit is that by acquiring this cloud-based service, organizations will also fulfill the Cloud-First initiative, since they will only pay for the services they use. MTIPS is only one product offering in CenturyLink’s expansive security suite. Even those agencies that have implemented a Trusted Internet Connection internally can take advantage of other managed services to lighten their IT security load, including cloud-based managed firewall services, data backup and co-location. Other CenturyLink security offerings include DDoS mitigation, cyberthreat analysis, professional security services consulting, threat intelligence and analysis services, infrastructure protection services, and security application development. When combined, these services can provide safeguards by making sure that all incoming traffic, including traffic from cloud services, has been scrubbed so that the agency’s network is protected and by making sure that all outgoing traffic remains on a private network, thus enhancing the agency’s safety and security. r For more information about CenturyLink Government’s services and offerings, please contact your agency’s representative or email us at CTLfederal.federal@centurylink.com. For more information on CenturyLink, please go to: CenturyLink.com/federal Feature Story xx How to get along with Congress Testifying before a congressional committee doesn’t have to be an ordeal. These tips can help agency leaders stay calm and focused under fire. BY B O B W O O D S 20 October 30, 2012 FCW.COM spent at the Navy and FAA, and back then, dealing with Congress was something discussed over beers with friends and colleagues. But as often happens, times change when you enter the senior and executive ranks. As responsibilities and visibilities increase, so does the likelihood of interacting with congressional staff members, lawmakers and other Capitol Hill power players. It is important to recognize that, when it comes to Congress, different rules apply and a little preparation goes a long way. Tip 1: Assess your visibility In the simplest terms, Congress legislates and the executive branch executes, and then Congress oversees that execution. That simple division of duties is not simple in its operation, however. For instance, a presidential administration might set policies in a way that legislators see as infringing on their role, and Congress can take oversight to the level of micromanagement. Pure politics can create those fault lines, but our system is designed G ET T Y I M AG E S W hen many of us came to Washington, we had our ideas about how government works — or at least how it should. Because where you stand usually depends on where you sit, perspective is born of the place where you work. In my case, I spent time in the executive branch of government in the Federal Aviation Administration, the General Services Administration, and the departments of the Navy, Transportation, and Veterans Affairs. My entry- and mid-level years were It is important to recognize that, when it comes to Congress, different rules apply and a little preparation goes a long way. to maintain a healthy tension between the branches. For officials on either side, the secret to being effective and prevailing on issues that matter is to be proficient in operating at this intersection of government. That is not always the case, of course. If the issues are small or mundane enough, components of any branch of government below a certain level can operate almost unimpeded. The situation changes when issues are bigger, more important and more contentious. In other words, not all agency officials will need to interact with members of Congress or their staffs. For our consideration, however, let’s assume that your program or policy area draws congressional interest, which means you must be able to coexist with Congress in order to effectively do your job. Almost by definition, congressional interest means contention and differences in opinion. Any large program that has winners or losers, real or perceived, will fall into this category. Even programs with Mary Poppinstype objectives, such as saving taxpayer dollars, produce winners and losers and will therefore encounter advocates for different ways of performing the program. The variety of stakeholders in government programs and policies is sometimes mind-boggling. Constituencies such as veterans, senior citizens, students and farmers are among the best-known, but they are far from alone. Pick a topic, and then educate yourself on the amazing range of interested parties. Executive branch lead- ers often look at issues in a myopic operational or technical way, without regard to the constituencies that might be interested. Who supports or opposes your initiative is not something you want to learn for the first time at a congressional hearing. Tip 2: Build relationships before you are called to testify I still marvel at how badly some witnesses perform during congressional hearings, and to see members of the executive branch show up poorly prepared and poorly positioned with regard to congressional staffs is particularly disappointing. Although preparation depends on staff work in the few weeks leading up to the hearing, positioning is dependent on what you and your staff have been doing for the past two to three years. It is critical to work with congressional staffers on a regular basis. Often this means visiting them to provide program updates and briefs, even when there might not be much going on. Routine briefings on important programs are important to do often and in small doses. Telling the story as it happens increases credibility and allows time for the staff members to absorb the complexities and complications of the program. Waiting for your program to become interesting to congressional staffers is not a good idea. It means others have likely defined the issues for you, and it will raise the question of why you haven’t been more forthcoming. Tip 3: Know what type of hearing you’ll be attending Even with the best relationship-build- ing efforts, big and contentious programs will often reach a point where congressional committees feel they need to air the issues publicly in a hearing. Press coverage and congressional attention will vary depending on the level of public interest. A lowinterest hearing — to discuss a small agency’s budget, for example — will have no public audience, few lawmakers or staff members attending, and two or three agency executives at the microphones. These are sleepers, and it’s important to stay awake and not offend anyone. Let’s call this a Type C hearing. The next level of hearing — a Type B — will be a full-blown affair in the committee chambers with members of the public present, most lawmakers’ chairs occupied, and some trade and mainstream press reporters attending. There will often be photographers shooting these inside-the-Beltway types of events. Such hearings are important to the stakeholders involved and will appear in the Congressional Record, but they are unlikely to make the evening news. Type A hearings are the ones we see on television. Cameras capture people being sworn in, witnesses sweating, lawmakers being concerned or horrified, and crowds of reporters — all under the blinding TV lights. Type A hearings are shows. Symbolism is paramount, messages are important, and changes are likely to be made as a result. Tip 4: Do your homework, and practice, practice, practice! My experience with being a witness at Type A and B hearings has taught October 30, 2012 FCW.COM 21 How to get along with Congress me some valuable lessons. First, the notice that you are being called to testify is a sobering event — not as sobering as being sworn in before the committee and cameras, but it will raise your pulse rate. Preparation for the event is essential, and having members of your support staff who are experienced and competent is a must. The first time I was called to testify, my head of congressional affairs was a former congressman and committee chairman. His demeanor and experience lowered my blood pressure. And although issue papers, congressional staff questions and research are all vital, it doesn’t hurt to gather political intelligence. Find out what you can about the members of the committee — such as their biases, favorite issues and where they are from. Rehearse for the hearing by having your staffers ask the kinds of hard questions that are likely to come from committee members. The drill is likely to highlight your weaknesses. Urge your team to be combative and even a little nasty during this exercise. The experience should be the worst you will see, not the best. Also, it is critical to know what prompted the hearing and the back channels that were worked before the hearing was called. The most adversarial questions likely will not come from the committee staffers with whom you usually work; they often come from unhappy constituents with an ax to grind. If you know who’s unhappy, you can better prepare to address their concerns and accusations. Tip 5: Document your case Live statements at the witness table are only part of the equation. You should also prepare three documents for the hearing. The committee will ask for the opening statement in writing at least 24 hours before the hearing. That statement is for the Congressional Record and, within reason, can be any length. 22 October 30, 2012 FCW.COM The second document is the one you read to the committee after you are sworn in. You will typically be given five minutes for that oral statement. Don’t take the full five. Members are usually inattentive, even if they are present, and don’t want to hear you drone on. Take three minutes, catch them off guard and give them back two minutes of their lives. The third document is for the press. It is written in plain English and explains what your statement said and why the hearing was called. That document will often appear almost verbatim in press articles. Don’t complain about the press coverage if you didn’t prepare that third document. Tip 6: Keep your cool In general, be relaxed, dress for TV, and be polite and well mannered. Limit your remarks beyond answering questions, and don’t talk loosely during recesses or breaks. You don’t know who is nearby and what microphones are still open. Part of preparation is trying to anticipate the questions and their tone and then phrase the proper answers. The subtle part of the hearing is the banter and attitude of the participants. Listen carefully to the opening remarks and adjust accordingly. Be on the lookout for those “zinger” questions from unhappy parties you identified earlier. Those are often easy to spot because they have an edge that exposes the unhappiness. If you are asked, “Is your agency so efficient that it received 140 pages of comments on Friday and still released the request for proposals on Monday?” you know the question was not submitted by your friend. The only defense to that type of ambush question is superior intelligence gathering. If you get such a question, be gracious, thank the lawmaker for his or her attention to your agency’s efficiency and answer the question as best you can. Another tactic of trial lawyers and committee members is the hypothetical question: “Mr. Woods, if you could do it over again….” Hypothetical questions attempt to draw out a damaging answer to an inquiry without foundation. When a question contains the words “if” or “looking back” or “in retrospect,” you are being asked to answer a hypothetical question. Don’t do it. The best retort was given by Sandra Bates, former commissioner of GSA’s Federal Technology Service. When she got a “looking back” question from former Rep. Tom Davis, who was chairman of the House Government Reform Committee at the time, Bates answered, “My mother said it was OK to look back as long as you didn’t stare.” The key to responding to those questions is not to give them credence. In other words, dumb questions should not be given serious answers or consideration. “If we could turn back the clock 50 years” doesn’t warrant a thoughtful reply unless you know something I don’t about the existence of time machines. A question that begins “If you were 7 feet 4 inches tall” deserves an answer such as “I would be working for the NBA, not for this agency.” Remember: Real questions cannot be answered by fantasy answers, and fantasy questions should not be answered by real ones. Everyone would benefit from better communication between the executive and legislative branches. Although there are times when those interactions seem less effective and border on being toxic, I believe the basics of building relationships and making government work better are much as they have always been. Honesty and directness are important, but you will never get there without preparing and carefully managing perceptions. ■ Bob Woods is president of Topside Consulting Group and former commissioner of the General Services Administration’s Federal Technology Service. EXCLUSIVE FOR FULL CONFERENCE REGISTRANTS! HEAR FROM TECHNOLOGY POWERHOUSE, MICHAEL SAYLOR! Best-selling Author of The Mobile Wave KEYNOTE PRESENTATION: NOVEMBER 29, 9:00 AM – 10:00 AM NOVEMBER 28-29 WASHINGTON, DC WALTER E. WASHINGTON CONVENTION CENTER FREE EXPO: NOV 28 PREPARE FOR THE MOBILE WAVE OF THE FUTURE MIT graduate, formidable intellectual and local legend Michael Saylor, will plunge into his ground-breaking analysis on how mobile intelligence will redefine the lives of people around the globe. As Saylor provides a 360° view of what’s in store for the future of mobile, you’ll take away a sweeping forecast on how Mobility will transform your agency/organization and life. SAVE $200 WITH THE EARLY BIRD RATE! REGISTER NOW! USE CODE: GOVEB PRODUCED BY SEE WHAT’S INCLUDED IN YOUR FULL CONFERENCE REGISTRATION @ govinfosummit.com/registration MAJ. GEN. MARK BOWMAN: Leading DOD across the enterprise finish line BY A M B E R C O R R I N 24 Month xx, October 30,2012 2012 FCW.COM FCW.COM T he Defense Department is changing. From the outside, the reasons might seem obvious: Wars are winding down, budgets are being cut, and national security policies are changing. And to varying degrees, all those things are indeed shaping the nextgeneration DOD. But on the inside, there is a slightly different view. While budgets and geopolitics are driving some contraction, the department is also becoming leaner because its leaders want to build a better connected, more agile organization. IT is playing a key role in bringing together the military services to share information, services, platforms and costs. And behind the scenes, Army Maj. Gen. Mark Bowman is quietly helping to drive that change. Bowman, who in March was tapped to be director of command, control, communications and computers and CIO at the Joint Staff, is resurrecting that briefly shuttered function, known as J6. And, flanked by an accomplished team of defense IT professionals, he is breaking down the walls that have long hindered sharing. A believer in communications, the network and the technologies that advance them, Bowman consistently stresses that IT can change the way DOD does business. He readily acknowledges the hurdles before him, but multiple supporters said Bowman knows, firsthand, what this kind of evolution can herald. Perhaps equally important, Bowman is a believer in the enterprise concept and what it can do for the military. “We have a fiscal environment that’s now going to be different than it has in the past,” Bowman said in an interview with FCW. “We’ve had 10 years of war and lots of money coming in and lots of upgrades on the forward edge that we’ve adopted back here [at home]. We’re not going to have that money. We’re going to have to capitalize on what the other guy’s got and share costs instead of doing it all ourselves.” The logistics behind becoming an enterprise Change is not easy for any agency, but historically it has been particularly difficult at DOD. Although rich in military tradition, the divisions that have long separated the Army, Air Force, Navy and Marine Corps can make it hard to share critical information in an era of coalition warfare and networks that are unconstrained by conventional boundaries. Bowman recognizes that challenge, but said he is determined to overcome the resistance to change that reinforces such divisions. His strategy? “It’s 100 percent leadership. It’s talking to people and getting them to realize that Wayne Gretzky didn’t get to be the greatest hockey player in the world because he played the puck where it was or where he wanted it to be. He wasn’t the biggest, he wasn’t the fastest, he wasn’t the strongest, but he knew to skate where the puck was going to be,” Bowman said. “What we need to convince people is that change isn’t bad. Change is necessary. This is a way to do it. Now let’s be part of the solution as opposed to [being] expert problem identifiers.” That faith in the power of leadership, however, does not translate into an overly top-down approach. “The way I play it is it’s much less about me and much more about the team. I’m just a happy member of the team,” Bowman said. “This is a team sport. We’re all in this together, and we all need to be pulling for enterprise solutions together.” Those who have worked with Bowman paint him as a strong leader whose approach to his new role — he was confirmed in late September — is exactly what is needed to usher in the evolution necessary to achieve an enterprise-focused DOD. “Gen. Bowman is a senior leader who gets things over the finish line,” said Col. John Schrader, chief of staff at the Army National Cemeteries Program. “He doesn’t like wasting time — his, his people’s or his bosses’.” Schrader worked with Bowman in the 1990s and again more recently at the Army CIO’s office. He said for Bowman it is all about getting warfighters what they need. “That’s his gift — focusing large organizations on what really matters,” Schrader said. “It’s never about him. It’s always about the unit, the organization, the Army, the Defense Department.” These days, much of Bowman’s focus is on some of the core components of his enterprise vision, including the Joint Information Environment. The comprehensive, coalitionaimed program is designed to provide a seamless, holistic operational view to troops everywhere, improving the speed and ability to share data and intelligence regardless of location or mission. “The desire for coalition partners to share classified information [and] mission information among each other is huge and can never be understated,” Bowman said. “With JIE, we can have a network that’s operational for any type of mission — combat, disaster relief, homeland. Having something like a hurricane or a tsunami causes people to have to work together.… If we have an environment like that, where we can go anywhere we need to and share at any classification throughout the operation, we’ll get much better results.” A key part of JIE is the Future Mission Network, a follow-on to the ad hoc Afghanistan Mission Network that evolved from the need to communicate across coalition forces in that country. Bowman has been heavily involved in both efforts and said he will continue to be as the “We’re going to have to capitalize on what the other guy’s got and share costs instead of doing it all ourselves.” October 30, 2012 FCW.COM 25 MAJ. GEN. MARK BOWMAN Future Mission Network evolves into an even broader mission partner environment. The coalition communication programs have proved invaluable in battle zones, and they are a cornerstone of JIE and a prime example of the department’s enterprise efforts, Bowman said. He is helping direct the initiative’s ongoing development, including meeting biweekly with other executive-level DOD officials to closely monitor progress and chart the way ahead. “We have to make sure we don’t lose momentum. The JIE’s a wonderful thing, but it doesn’t have irreversible momentum behind it yet,” he said. “If it were left alone, it would go right back to where it was — everyone doing their own thing — and we can’t afford that, operationally or financially.” It is that kind of focus that makes those who know Bowman say the program could not be in more capable hands. “Mark brings an incredible mix of tactical and operational signal experience, plus an extraordinary understanding of joint operations,” said retired Lt. Gen. Jeffrey Sorenson, former Army CIO and now a partner at consulting firm A.T. Kearney. “Simply stated, he’s the right guy at the right time in the right place. He will help drive the JIE to reality.” Staying open to new ideas The Joint Staff position is not Bowman’s first run as a leader or as a CIO, but it is the first time anyone has been both C4 director and CIO at the Joint Staff. For him it makes sense: When J6 was disestablished two years ago as part of former Defense Secretary Robert Gates’ efficiency measures, it left a gap in network connectedness for the military. “With the increased dependence on the network, the increased threats to the network and the fiscal environment we’re in, it just makes sense to have it all together so we can be mutually supportive and push it forward,” Bowman said. “The environment is just perfect for success today.… We’re dealing with that reality, and we can do better than we have in the past.” Part of doing things better is starting from within the organization, said Bowman, who sees his directorate as a prime place for testing new capabilities before fielding them more broadly. Examples include enterprise e-mail, thin-client technology and efforts to reduce costs by cutting down on printing. “We’re open to new ideas. What we’re going to do here at J6 is always try it out ourselves first,” he said. “We identify issues and get it fixed, then we start working with other directorates and activities to put them on as pilot users.” Those experiments serve to identify potential savings and push DOD toward its enterprise vision. By getting new capabilities right at J6 first, it makes makes the transition easier and helps overcome the cultural barriers while also proving the viability of shared resources and services, bring26 October 30, 2012 FCW.COM ing the forces together, and improving defense. “Everything is a learning process, and we have to learn as we go,” Bowman said. “We need to adapt with the times. Our adversaries are using commercial off-the-shelf technology; they’re adapting. It would be irresponsible of us not to change.” The lessons have helped shape the leadership role he has taken on, garnered from his experience in helping guide budgeting, strategy and oversight of $5 billion in Army defense IT, leading data center consolidation efforts, modernizing the Army through the Base Realignment and Closure program, and redesigning the Signal Regiment. Bowman characteristically shares the credit for those accomplishments with his colleagues. “You take all the things you’ve worked with in the past, and quite frankly, they’re not all my ideas,” he said. “It’s obvious things were done in the past that we could do better and more securely in the future if we work together as an enterprise approach. There is no room for cultural differences.… It’s about working together and sharing the view of the network together. If I were asked if I have a quest, that’s it: for everybody to be one radius away from what’s going on.” ■ Federal 100: What it takes Before Maj. Gen. Mark Bowman was CIO for the Joint Staff, he was a Federal 100 winner. He won in 2011 for his leadership on data center consolidation, telecommunication systems and a ground-up redesign of the Army’s Signal Regiment. Defense Department Deputy CIO Robert Carey said at the time that Bowman transformed “how the Army provides communications to warfighters on the ground.” It is for leaders like these that FCW created the annual Federal 100 awards to recognize 100 individuals in government and industry who have played pivotal roles in the federal IT community. The nomination period for 2013 opens Nov. 1. Federal 100 awards are for individual achievement, not teams or projects. And although previous publicity is no disqualifier, we are looking for the unsung heroes who have made a difference through their creativity, energy and sheer tenacity. All nominations must be made online at FCW.com and must be submitted by midnight on Dec. 21. Go to fcw. com/fed100 to learn more and help identify the next Federal 100. NOVEMBER 28-29, 2012 WASHINGTON CONVENTION CENTER GET THE BLUEPRINTS YOU NEED TO TRANSFORM YOUR AGENCY! Don’t miss out on the “town meeting” for EA Professionals The 10th Annual Enterprise Architecture Conference is a forum for government IT professionals to share perspectives on the current state and future role of EA in government. You’ll learn about the real world tools and technologies that advance strategic planning in compliance with federally mandated initiatives in: FREE EXPO NOVEMBER 28! REGISTER NOW! Use promo code: Goveb • Cloud computing • Information sharing • Cybersecurity …and more! SAVE $200! REGISTER NOW TO GET YOUR EARLY BIRD SAVINGS. govEAconference.com PRODUCED BY ExecTech Disaster recovery: Should you trust it to the cloud? BY A L A N J O C H Implementing a disaster recovery plan can be like eating vegetables, getting enough fiber and sleeping at least eight hours a night. Most people understand why these things are important, but few do them religiously. The problem is that traditional disaster recovery methods call for recreating the full IT environment at a separate off-site facility to keep agencies safe from unplanned IT outages. The investment in redundant resourc- es pays off if a server gets fried, some stealthy malware takes down a storage system, or a hurricane forces a data center evacuation. But on most days, when disasters don’t strike, all that duplicate hardware and software are running in standby mode and not contributing meaningfully to the agency’s daily operations. That is a tough expense to justify, particularly in times of tight IT budgets. And so a growing number of IT managers are considering a way to change the equation: cloud-based disaster recovery, also known as DR as a service (DRaaS). With this option, agencies subscribe to a third-party cloud service to avoid the upfront costs of buying, installing and managing the necessary hardware and software. Instead, they pay a monthly fee for storing duplicate copies of data and applications at an off-site location. Next steps: Questions to ask cloud providers A lot rides on cloud-based disaster recovery. Here are the questions agencies must ask before signing a contract. 1 2 3 4 5 6 7 8 Is the service provider certified under the Federal Risk and Authorization Management Program? What penalties will result if the service provider fails to meet the recovery time and recovery point objectives spelled out in the servicelevel agreement? 28 October 30, 2012 FCW.COM What are the service provider’s financial condition, track record and length of time in the cloud-based disaster recovery market? What are the base fees for data replication in a non-disaster situation, what additional fees will arise during a recovery, and will those charges be a onetime or a daily fee for the length of the recovery? Where will my data be physically stored when it is in the cloud, and will that conflict with any of my agency’s internal policies or federal regulations? Are the widearea network connections to the cloud sufficient to ensure adequate performance when sending data between the main and backup facilities? Will the recovery site be far enough away from the production facility that both won’t be affected by the same regional disaster? How frequently will the service provider conduct tests of the disaster recovery capabilities, and what will be the agency’s role and responsibilities during testing? SPECIAL ECIAL REPO REPORT “You’re only going to pay for what you need rather than for an entire duplicate of everything that’s sitting idle waiting for a disaster,” said Chuck Riddle, CIO at the Government Printing Office. He said his department is actively evaluating cloud-based disaster recovery but has not made the move yet. “Done correctly, it opens up a lot of options for doing disaster recovery better than in the past, but the devil’s always in the details when it comes to how you actually move forward.” CConverging i Communications Communications Why it matters Because disaster recovery investments have been difficult to justify, some organizations have attempted to do it on the cheap, said Rachel Dines, a senior analyst at Forrester Research. For example, they might buy only enough duplicate resources to protect missioncritical applications, leaving second-tier but still valuable systems vulnerable to extended outages. But the economies of scale offered by clouds could mitigate those trade-offs. New data from Forrester shows an increasing interest in cloud solutions for disaster recovery. The firm approached IT managers whose organizations have already adopted infrastructure as a service and asked how much the access to improved disaster recovery had factored into their decision. Almost half said it was very important, and another 28 percent ranked it high on the importance scale, Dines said. Paying only for the resources you need — and only when you need them — is not the only appeal, analysts say. Another potential benefit is faster recovery times. The classic benchmarks of effectiveness are recovery time objectives (RTOs) and recovery point objectives (RPOs). The former is an estimate of how fast critical resources will be returned to normal after a disaster, while the latter defines the point from which data will be restored — for example, when the failure occurred or as of the previous night’s backup. “Many of the clients we talk to who are interested in recovery as a service are looking for improvement in their RTOs and RPOs,” said Kevin Knox, a research director at Gartner. DRaaS can also help IT managers sleep better at night because regular testing is written into the solution’s service-level agreement (SLA). By contrast, testing can fall through the cracks in traditional environments because it disrupts daily operations, Riddle said. But IT managers must weigh a number of pros and cons when they consider DRaaS. “DR in a cloud is by no means a slam dunk,” said Yogesh Khanna, vice TO LEARN MORE, VISIT FCW.com/ConvergingComm TOPICS INCLUDE IP convergence is a must for future communications Voice is still the core of converged communications The cloud will play a big part A focus on security is essential to convergence DOD plans base the future on IP convergence SPONSORED BY Level 3 Communications SCAN THIS QR CODE with your smartphone for the full research report. October 30, 2012 FCW.COM 29 ExecTech president and chief technology officer of IT infrastructure solutions for CSC’s North American Public Sector. One of the biggest challenges remains the lack of industry standards regarding what deliverables should be included in a DRaaS package. “Because the space is still very new, I wouldn’t take anything for granted when you are negotiating SLAs,” Dines said. Another potential stumbling block is the need to sort out complex interconnections in existing IT systems before duplicating them in the cloud. “Sometimes it’s not clear what all the interdependencies are for applications you’ve been running for the last 20 years,” Riddle said. The fundamentals What should you consider before trusting the cloud for disaster recovery? The first step is deciding on the right cloud model — public, private or a hybrid of the two. Moving to a public cloud service is best for agencies that have relatively homogeneous infrastructures — namely, virtualized x86 servers rather than a mix of Unix and mainframe servers, Knox said. IT organizations with mixed platforms should consider a private or hybrid cloud strategy instead. “In larger enterprises, people aren’t asking, ‘How am I going to recover my mainframe in the cloud?’” he said. “The more heterogeneous the environment, the more complex [disaster recovery] gets because of different types of hardware and platforms, recovery times, recovery points, and tiers of applications.” Technological diversity is not the only consideration. Agencies should also carefully evaluate the kind of data they might be sending to the cloud, Khanna said. For security reasons, mission-critical applications or those that hold classified data should remain in a private cloud 30 October 30, 2012 FCW.COM or a shared government cloud. Less critical resources could be protected by a public DRaaS solution. “Not all applications and data are classified or top secret — even in intelligence agencies and the [Defense Department],” Khanna said. “So they absolutely could go into a public cloud.” Other security considerations stem from how data will be protected as it is being transferred to and from the recovery site, and while it is housed in the cloud. Encryption and twofactor access controls are a must, he said. Khanna also said agencies should decide what RTOs each application requires and let that guide deployment decisions. “If I go to a public cloud, I may be riding on a public infrastructure and whatever SLA I can negotiate,” he said. “So I may get better RTOs from a private cloud.” The hurdles Planning and a needs analysis alone won’t guarantee success, experts say. IT managers should also prepare for some common challenges associated with DRaaS. Fees can be a shock if they’re not clearly defined during the SLA negotiation process. Analysts said many DRaaS solutions charge a basic monthly fee to cover daily data replications and the cloud resources necessary to prepare for a disaster. But agencies should also be prepared for additional, so-called declaration fees, the costs that kick in when a customer “declares” that a crisis is unfolding and recovery mode is launched. Declaration fees might be levied for each day the agency is in recovery mode. Other pricing confusion comes about because some service providers use their own models rather than an industry-accepted standard. For example, one provider might set prices according to the number of virtual machines being protected, while another might use the number of processors as the benchmark. “It’s been hard to make apples-toapples comparisons,” Knox said. Fortunately, there are signs that the situation is changing. A recent industry trend is to base pricing on a combination of connection costs, memory, disk space and the number of virtual machines. “We are starting to see some standardization around those four core areas for pricing,” Knox said. Another potential snag: Cloud providers frequently oversubscribe their services by signing up more customers than can be accommodated if disaster strikes them all at the same time. That approach is not inherently bad, Dines said, because it helps bring down subscription costs. But agencies should question a potential service provider about how it will keep from becoming overwhelmed. “I would ask what safeguards they have put in place to make sure that there will never be resource conflicts at time of declaration,” she said. “That might be as simple as making sure that they’ve got customers from a wide geographic range so it’s unlikely that they’d all be declaring at the same time.” Finally, agencies should avoid the temptation to view DRaaS as a setit-and-forget solution. “I’ve met organizations that say, ‘I’m sending DR to the cloud; I’m not going to think about it again,’” Dines said. “I’ve seen organizations lose focus because they’ve moved DR to the cloud.” But even with a cloud solution, agencies must continue to perform all the associated duties that go along with a disaster recovery program, including conducting business impact assessments, risk analyses and tests with internal staff. Some vegetables you just can’t avoid eating. ■ DrillDown A 21st-century approach to democratizing data The Internet has become a ubiquitous kiosk for posting information. The government’s role in collecting and disseminating data should change accordingly. BY C H R I S T O P H E R J . LYO N S A N D M A R K A . F O R M A N “Unbelievable jobs numbers... These Chicago guys will do anything,” Jack Welch tweeted. Not surprisingly, the recent steep drop in the unemployment rate has given rise to conspiracy comments and discussions about how the rate is derived. Maybe the employment rate is inflated. Maybe it is understated for months. Maybe seasonal adjustments play a part. Maybe. Recent “democratizing data” concepts hold great promise for improving accountability and even increasing value from the billions of dollars spent on thousands of government data-collection programs. Yet when doubts dominate market-moving, election-shifting data, it is clear that America needs government to change more than how it distributes data. Should government collect the same data and in the same way that it did in the last century? More important, should government’s central role in collecting and disseminating data be changed? Every day an organization near Boston sends its agents out to collect the prices of thousands of items sold by hundreds of retailers and manufacturers around the world. The agents are dozens of servers using software to scrape prices from websites. In nearreal time, the price data is collected, stored, analyzed and sent to some of the largest investment and financial organizations on the planet, including central banks. This is the Billion Prices Project run by two economics professors at the Massachusetts Institute of Technology. With a 21st-century approach, two people can collect and analyze the costs of goods and services purchased in economies all over the world using price data readily available online from thousands of retailers. They mimic what consumers do to find prices via Amazon, eBay and “ through the best methods available in the 20th century — surveys and sampling — and built huge computer databases on a scale only the government could accomplish and afford. Even today, the CPI is based on physically collecting — by taking notes in stores — of the prices for a representative basket of goods and services. The manual approach means the data is not available until weeks after Non-government entities are increasingly filling the information quality gap, generating the timely, trusted data and statistics that businesses and policy-makers use — and pay for. Priceline. The Billion Prices Project does not sample. It uses computer strength to generate a daily census of the price of all goods and services. It routinely predicts price movements three months before the government Consumer Price Index (CPI) announces the same. Beginning in the early 20th century, the Bureau of Labor Statistics responded to the need to determine reasonable costof-living adjustments to workers’ wages by publishing a price index tied to goods and services in multiple regions. Over time, government data collections grew ” consumers are already feeling the impact. The federal government’s role as chief data provider has resulted in approximately 75 agencies that collect data using more than 6,000 surveys and regulatory filings. Those data-collection activities annually generate more than 400,000 sets of statistics that are often duplicative, sometimes conflicting and generally published months after collection. The federal government is still investing in being the trusted monopoly provider of statistical data by developing a single portal — Data.gov — to disseminate data it October 30, 2012 FCW.COM 31 DrillDown collects using 20th-century approaches. However, it is worth asking why government would invest any taxpayer dollars in finding new ways to publish data that is weeks out of date. More importantly, in an age in which most transactions are accomplished electronically, does it make sense to spread economic data assembled as if we were still in the 20th century? The lessons from the Billion Prices Project lie in its 21st-century approach, which affects the breadth, quality, cost and timeliness of data collection. It is an excellent example of how the rise of the Internet as the ubiquitous kiosk for posting information and the unstoppable movement to online transactions require changing government’s 20thcentury approach to collecting and disseminating data. The trusted information provider role of government is ending, and new ways to disseminate long-standing datasets will not change that. Non-government entities are increasingly filling the information quality gap, generating the timely, trusted data and statistics that businesses and policy-makers use — and pay for. The Case-Shiller indices, compiled by Standard and Poor’s using transaction data, are the standard for determining trends in housing prices. The ADP National Employment Report, generated from anonymous payroll information, is widely trusted to accurately relay changes in national employment. It is time for the government to reconsider its role in data collection and dissemination. The 21st century is characterized by digital commerce that makes large amounts of transactional data available as those transactions occur. Government efforts to collect and analyze data — much like the U.S. Postal Service in the face of texting and e-mail — are becoming more disenfranchised the lon- ger they ignore the paradigm shift. Statistics developed by independent organizations and companies are already essential to markets, businesses and policy-makers, and the government is increasingly a marginal player. As long as the methods of collection and analysis are open and auditable, government might be better served by shifting away from being a producer to simply being a consumer. ■ Christopher Lyons is an independent consultant who works primarily with government clients on performance improvement and adoption of commercial best practices. Mark Forman was the government’s first administrator for e-government and IT and is co-founder of Government Transaction Services, a cloud-based company that simplifies and reduces the burden of complying with government rules and regulations. Statement of Ownership, Management and Circulation 1. 2. 3. 4. 5. 6. 7. 8. 9. Title of Publication: Federal Computer Week Publication Number: 0893-052X Filing Date: 09/28/12 Frequency of Issue: Two issues monthly except in Jan., Feb., and Dec. Number of Issues Published Annually: 21 Annual Subscription Price: US $125, International $165 Complete Mailing Address of Known Office of Publication: 9201 Oakdale Ave., Ste. 101, Chatsworth, CA 91311 Complete Mailing Address of the Headquarters of General Business Offices of the Publisher: Same as above. Full Name and Complete Mailing Address of Publisher, Editor, and Managing Editor: Anne A. Armstrong, President, 8609 Westwood Center Dr., Ste. 500, Vienna, VA 22182-2215 Jennifer Weiss, Group Publisher, 8609 Westwood Center Dr., Ste. 500, Vienna, VA 22182-2215 Troy K. Schneider, Executive Editor, 8609 Westwood Center Dr., Ste. 500, Vienna, VA 22182-2215 Terri J. Huck, Managing Editor, 8609 Westwood Center Dr., Ste. 500, Vienna, VA 22182-2215 10. Owner(s): 1105 Media, Inc, dba: 101communications LLC, 9201 Oakdale Ave, Ste. 101, Chatsworth, CA 91311. Listing of shareholders in 1105 Media, Inc. 11. Known Bondholders, Mortgagees, and Other Security Holders Owning or Holding 1 Percent or more of the Total Amount of Bonds, Mortgages or Other Securities: Nautic Partners V, L.P., 50 Kennedy Plaza, 12th Flr., Providence, RI 02903 Kennedy Plaza Partners III, LLC, 50 Kennedy Plaza, 12th Flr., Providence, RI 02903 12. The tax status has not changed during the preceding 12 months. 13. Publication Title: Federal Computer Week 14. Issue date for Circulation Data Below: September 30, 2012 15. Extent & Nature of Circulation: Average No. Copies Each Month No. Copies of Single Issue During Preceding 12 Months Published Nearest to Filing Date a. Total Number of Copies (Net Press Run) b. Legitimate Paid/and or Requested Distribution 1. Outside County Paid/Requested Mail Subscriptions Stated on PS Form 3541 2. In-County Paid/Requested Mail Subscriptions Stated on PS Form 3541 3. Sales Through Dealers and Carriers, Street Vendors, Counter Sales, and Other Paid or Requested Distribution Outside USPS® 4. Requested Copies Distributed by Other Mail Classes Through the USPS c. Total Paid and/or Requested Circulation d. Nonrequested Distribution 1. Outside County Nonrequested Copies Stated on PS Form 3541 2. In-County Nonrequested Copies Distribution Stated on PS Form 3541 3. Nonrequested Copies Distribution Through the USPS by Other Classes of Mail 4. Nonrequested Copies Distributed Outside the Mail e. Total Nonrequested Distribution f. Total Distribution g. Copies not Distributed h. Total i. Percent paid and/or Requested Circulation 67,514 56,699 52,836 43,806 0 0 12,926 11,251 0 65,762 0 55,057 943 993 0 0 469 1,412 67,174 340 67,514 97.90% 0 0 244 1,237 56,294 405 56,699 97.80% 16. Total Circulation includes elections copies. Report circulation on PS Form 3526X worksheet. 17. Publication of Statement of Ownership for a Requester Publication is required and will be printed in the October 30, 2012 issue of this publication. 18. I certify that all information furnished on this form is true and complete: Jenny Hernandez-Asandas, Director, Print and Online Production 32 October 30, 2012 FCW.COM Advertiser Index Akamai Government Forum www.akamaigovernmentforum.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 General Dynamics Info Tech www.gdit.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Brocade Communications www.brocade.com/everywhere. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7 GIAS www.govinfosummit.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 CenturyLink Government www.CenturyLink.com/federal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 IBM Corp www.ibm.com/usingbigdata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Computer Sciences Corp www.csc.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Level 3 Communications,Inc. www.level3.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Enterprise Architecture Conference www.govEAconference.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 U.S. General Services Admin. www.gsa.gov/atyourservicecmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 This index is provided as an additional service. The publisher does not assume any liability for errors or omissions. AZ, AK, CO, HI, IA, ID, IL, IN, KS, MI, MN, MO, MT, ND, NE, NM, NV, OK, TX, UT, WI, WY, British Columbia CA, OR, WA DC, MD, VA CT, MA, ME, NH, NJ, NY, PA, RI, VT, Eastern Canada AL, AR, DE, FL, GA, KY, LA, MS, NC, OH, PA, SC, TN, WY MEDIA CONSULTANTS ■ Jessica Marty (916) 740-3308 jmarty@1105media.com ■ Tania Norris ■ (410) 552-5899 tnorris@1105media.com ■ Mary Martin (703) 222-2977 mmartin@1105media.com ■ David Tucker (515) 256-0156 dtucker@1105media.com ■ Matt Lally (973) 600-2749 mlally@1105media.com Vice President of Sales Production Coordinator Stacy Money (415) 444-6933 smoney@1105media.com Lee Alexander (818) 814-5275 lalexander@1105media.com ©Copyright 2012 by 1105 Media, Inc. All rights reserved. Printed in the U.S.A. Reproductions in whole or part prohibited except by written permission. Mail requests to “Permissions Editor,” c/o FCW, 8609 Westwood Center Drive, Suite 500, Vienna, VA 22182-2215. The information in this magazine has not undergone any formal testing by 1105 Media, Inc. and is distributed without any warranty expressed or implied. Implementation or use of any information contained herein is the reader’s sole responsibility. While the information has been reviewed for accuracy, there is no guarantee that the same or similar results may be achieved in all environments. Technical inaccuracies may result from printing errors and/or new developments in the industry. Media Kits: Direct your Media Kit requests to Carmel McDonagh, Vice President, Marketing, 703-876-5040 (phone), 703-876-5059 (fax) cmcdonagh@1105media.com. Reprints: For single article reprints (in minimum quantities of 250-500), e-prints, plaques and posters contact: PARS International. Phone: 212-221-9595. E-mail: 1105reprints@parsintl.com. www.magreprints.com/QuickQuote.asp. List Rental: This publication’s subscriber list, as well as other lists from 1105 Media, Inc., is available for rental. For more information, please contact our list manager, Merit Direct. Phone: 914-368-1000; E-mail: 1105media@meritdirect. com; Web: www.meritdirect.com/1105. 1105 GOVERNMENT CORPORATE HEADQUARTERS 9201 Oakdale Ave., Suite 101 Chatsworth, CA 91311 www.1105media.com October 30, 2012 FCW.COM 33 BackStory A cyber conundrum Cyberattacks of all sorts are multiplying… 650% 50,000 1.8 increase in attacks on federal agencies in 5 years attacks on private and government networks reported to DHS in a five-month span successful attacks against private firms per company per week At least 28 nations have cyber warfare capabilities 1. Australia 2. Brazil 3. Canada 4. China 5. Czech Republic 6. Estonia 7. France 8. Germany 9. India 10. Iran 11. Israel 12. Italy 13. Kenya 14. Myanmar 15. Netherlands 16. North Korea 17. Nigeria 18. Pakistan 19. Poland 20. Russia 21. Singapore 22. South Africa 23. South Korea 24. Sweden 25. Taiwan 26. Turkey 27. United Kingdom 28. United States 6 24 20 15 27 3 8 19 7 5 28 12 26 11 18 16 4 10 23 25 9 14 17 21 13 2 1 22 ...U.S. agencies are responding... 79% 39% $ 3 billion of agencies say cybersecurity is a top IT priority say cybersecurity is THE top IT priority is what DOD spends annually on cybersecurity ...but the true costs are unclear ProPublica has found that the widely touted figures of $250 billion a year in cyber-crime costs for U.S. companies and $1 trillion globally are all but impossible to document. 34 October 30, 2012 FCW.COM Sources: GAO, Bipartisan Policy Center, Ponemon Institute, Jeffrey Carr, MeriTalk, DOD, ProPublica. For links to sources and additional details, please visit FCW.com. REGISTER NOW! 3RD ANNUAL INNOVATION FOR TOMORROW’S DIGITAL GOVERNMENT NOVEMBER 13, 2012 WILLARD INTERCONTINENTAL HOTEL, WASHINGTON, DC Join us on November 13 for the Akamai Government PLATINUM SPONSOR: Forum: a complimentary full day educational program on current and emerging technology trends, and strategies for optimizing your agency’s online operations. GOLD SPONSORS: You’ll hear how innovation is changing the information access landscape and how you can keep pace with what’s new and what’s next in online, cloud, and mobile technologies. SILVER SPONSOR: FREE REGISTRATION AT AkamaiGovernmentForum.com SMARTER TECHNOLOGY FOR A SMARTER PLANET FROM DETAILS TO DESIRES: Companies aren’t short on data. In fact, with the average large business storing more than 200 terabytes, companies have more than enough data to tell them who is buying their product, as well as how, when and where the buying happens. DATA’S NEW VOICE. Today, however, customers expect a company to know why they’re buying. Or why they aren’t. Because when a company knows what motivates customers, it can serve them better. The good news is such data exists, just not in the columns, rows, reports and purchase histories we’re used to. It’s called big data, and it comes from tweets, videos, clickstreams and other unstructured sources. It’s the data of desire. And today, we have the technology and tools to make sense of it. So now, instead of learning which customers it has lost, a company can learn which customers it might lose and present timely offers or products motivating those customers to stay. Using IBM Smarter Analytics to identify which customers were most likely to switch to another “For the first time, we can decide which promotions to run based on facts rather than gut feel.” Patrick Neeley Chief Business Of ficer, Chickasaw Nation Division of Commerce THE POWER OF BIG DATA. 2 1 0 3 4 $ 5 £ € $ ¥ € £ ¥ # 8 6 € ¥ $ £ £ $ Combining big data with company data paints a better picture of the customer. 80% of the data currently produced is unstructured —coming from sources like images, videos, tweets, posts and e-mails. MINING MOTIVATION. Enter Smarter Analytics from IBM —software, systems and strategies that help companies combine their own enterprise data with their consumers’ unstructured data to see a fuller picture. A big data platform, paired with predictive and sentiment analytics, allows organizations to correlate, for example, sales records with social media mentions for more relevant insights. communications carrier, XO Communications was able to predict likely customer defections within 90 days, reducing churn by 35 percent the first year. With IBM Smarter Analytics, companies are gathering big data and using it to ask— and answer—smarter questions about what their customers really want. ibm.com/usingbigdata Tweet Tweet Tweet Tweet Tweet Tweet Share LET’S BUILD A SMARTER PLANET. IBM, the IBM logo, ibm.com, Smarter Planet and the planet icon are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. A current list of IBM trademarks is available on the Web at www.ibm.com/legal/copytrade.shtml. © International Business Machines Corporation 2012.
© Copyright 2024