The Office of Management and Budget had success using techstats to fix problematic IT systems. Now, Federal Chief Information Officer Vivek Kundra said agencies should get ready for similar cybersecurity oversight. Cyberstat sessions are a new, more intense brand of oversight to plug security holes in agency networks.
“The cyberstats are obviously classified because we’re dealing with very, very sensitive information,” said Kundra, during a panel discussions with other federal CIOs Friday at a breakfast hosted by AFCEA Bethesda. “The first one we did was with the Department of Education. We had great outcomes. The cyberstats are actually leading to very, very concrete actions and outcomes.”
Kundra didn’t offer too many details of how the program works because of its sensitive nature.
Cyberstats is one of several new IT initiatives, especially around cybersecurity, OMB is pushing as part of the fiscal 2012 budget request.
Kundra said OMB also directed agencies to invest in continuous monitoring tools. He said agencies have been using a bureaucratic approach to cybersecurity full of paperwork that doesn’t actually make anyone safer.
He said the budget would devote more than $450 million to develop blue and red teams that will actively attack government systems to find weaknesses before they are exploited.
Richard Spires, the Homeland Security Department’s CIO, agreed that continuous monitoring is one piece of the larger reform puzzle. But he said agencies need to simplify the underlying architecture of many systems in order to implement successful continuous monitoring. He says agencies will need industry’s help to lay that new foundation.
But Kundra says agencies aren’t just sitting back and waiting for industry to bring solutions to them.
“We’ve got a number of organic CIO communities that are looking at collaboration technologies, infrastructure, even financial systems,” Kundra said. “They’re very interested in moving forward aggressively – they’re not just meeting to discuss issues, they’re actually getting together to put RFPs in place.”
Kundra said the General Services Administration will issue a solicitation in the coming months that could be worth more than $3 billion for tools to build a community of collaboration.
Meanwhile, Kundra said the budget guidance calls for another transformation of agency operating structures. He said a study of underperforming programs found a common problem – large scale ERP systems that promised to do everything, and actually delivered nothing.
“Where we’re heading, and we’ve sent a very clear signal from a demand perspective, is that we want the federal government to move away from the old model of IT management and IT acquisition, which was based around asset ownership, and shift to service provisioning,” said Kundra. Service provisioning is the idea that agencies subscribe to specific services rather than purchasing entire IT systems.
Kundra said the move has already begun with e-mail. Agencies such as GSA and the Department of Agriculture no longer own thousands of servers to operate their e-mail systems. He says GSA and USDA saved $6 million and $15 million, respectively, by getting rid of their e-mail servers.
“Imagine what would happen if we went after the financial systems,” he said.
Kundra said he envisions building agencies with absolutely no asset ownership and no need to buy data centers or IT systems. But he says the market must mature before that goal can be realized.
DHS’s Spires agreed that agile infrastructure will improve efficiency, but it also will require a change in agency culture. He said shorter timelines for project delivery will spur agencies to move faster.
“Perfect decisions are the bane of our existence,” Spires said. “It’s much more important to get a decision made and move along with the information you have, especially when you’re in these compressed timeframes. I’m not saying you’re going to always get it right, but you’re going to move the ball forward, you’re going to learn, and you have a chance to adjust later on.”
Roger Baker, Veterans Affairs Department’s assistant secretary for information and technology and CIO, agreed that a streamlined process is much more effective.
“Program managers just want to deliver,” Baker said. “We’ve found that if we get the bureaucracy out of their way they can actually do a pretty darn good job of doing that.”
He said VA has a “red flag” program that makes accountability a two-way- street – program managers are responsible for delivering but managers are responsible for removing barriers.
Baker said he found that senior management could easily remove about two-thirds of the problems program managers identified.
He also said accountability plays a key role in agency efficiency.
“It is fundamental that the entire enterprise is responsible for the delivery of every program,” Baker said. “I can’t do it without acquisition, I can’t do it without general counsel, I can’t do it without HR, I can’t do it without IT, I can’t do it without the customer.”
Baker said there is a high probability that a project will fail if the Integrated Project Team (ITP) doesn’t attending meetings. He said at that point, it makes more sense to stop the program than waste money to find it doesn’t deliver on time.
“Establishing a reputation that, ‘oh yes, I will stop your program,’ then drives people to show up, because they don’t doubt that it’s going to happen,” said Baker. “It’s amazing how this feedback loop works.”
Kundra said in the coming months he is hoping transform the federal IT space even more by transitioning to user-owned technologies.
He said fears about security have led agencies to rely on a federal desktop core configuration that lags behind technology used by the private sector.
Kundra said the new world he envisions is one in which virtualization renders the type of machine employees use irrelevant.
“Over the next couple of months to a year, you’re going to be able to run an instance of a corporate phone on a personal phone,” Kundra said. “What if the government moved toward a model where we would give every employee a subsidy and disintermediated the centralized IT departments? That’s what I’m exploring right now.”
(Copyright 2011 by FederalNewsRadio.com. All Rights Reserved.)