Relying on the same established names in government contracting for the shift to data sharing and cloud computing may not be the best solution for IT security, Federal Chief Information Officer Vivek Kundra warned.
With less than a month left on the job, Kundra told the President’s Council of Advisors on Science and Technology on Friday that hiring new companies could help the government overcome its data security problem.
“We almost have an IT cartel within federal IT, where we have very few companies,” he said. “These companies, frankly, a lot of them benefit because they understand the procurement process better than anyone else, not because they’re providing superior technology.”
The challenge, Kundra said, is to get innovative thinkers beyond the government’s standard fold of contractors to bid on federal contracts.
“With cloud, for example, I actually went out of my way to try and encourage non-traditional players to come in and compete for this $80 billion [in federal IT spending],” said Kundra. “We want to introduce Darwinian pressure so that the federal government can actually benefit.”
Kundra said contractors need to understand the delicate balance between encouraging data collaboration and reinforcing security concerns.
“Part of what we’re struggling with is we know that true value lies at the intersection of multiple data sets, yet at the same time we also know [the dangers of] releasing all this data without actually thinking about the national security implications,” he said.
Part of the risk, he said, comes from a “mosaic effect,” where sensitive information can be gleaned from two or more data sets that, by themselves, have no data security issues.
“In the age of Facebook and Twitter, where a lot of information is available online that wasn’t available when it comes to the American people,” Kundra said. “When you look at that data, and you start combining it with data sets that a lot of people considered innocuous in the past, all of a sudden what you’re to do is identify people that may not want to be identified or didn’t feel like they signed up for this deal.”
The solution, Kundra said, is to bolster data security to the point where reluctant agencies feel comfortable with sharing information.
Kundra said the Nuclear Regulatory Commission, for example, had “a very vigorous debate” with him over what data sets it was obligated to share in order to comply with open government requirements. He said when concerns about data sets – such as those held by NRC – arise, OMB works with the National Security Council to vet data sets to be released to the public.
Along with security concerns, Kundra said the consolidation of more than 12,000 data centers should simplify the management of the information.
“My view is we should only have three major data centers across the entire U.S. government, and we should also look at these platforms, whether it’s collaboration platforms, financial systems, or HR systems, across the board,” Kundra said.
Some mission critical systems, he said, would not be touched.
“You wouldn’t want [to change] the FAA, for example, with its air traffic control system. That’s a very custom IT project that would need to be run,” he said.
To get this interagency system running, Kundra said the biggest challenge is funding.
“If we don’t solve that, none of the other stuff matters because in appropriations language, agencies are actually forbidden from sharing money across the board, so that’s a pretty serious issue,” he said.
Kundra will step down as federal CIO in mid-August. He will become a fellow at Harvard University. His successor has not been named yet.