2014 could be a big year in government management, procurement and implementation of the cloud. Why? Dan Chenok is the Executive Director for IBM’s Center for the Business of Government. He told Chris Dorobek on the DorobekINSIDER program that 2014 may the year for comprehensive IT reform?
“Whether 2014 is big year for IT reform depends on your definition of IT reform. There are three types, legislative, policy and practical. Legislation is something that will move along and will continue to have the attention of Congress. I think you will see OMB will look at various ways to address IT reform through policy and budget practices. OMB wants to incentivize agencies to make changes to increase the likelihood of success in their IT projects. Third, I think agencies themselves are look at a broader scope of what is the art of the possible. What are the best practices within industry that could be duplicated? Working with the Chief Information Officers council etc. to look at ways they can reform their own projects,” said Chenok.
What will the impact of Healthcare.gov’s be on 2014?
“Healthcare.gov has brought a significant amount of attention to IT issues, both within the administration and the public sector. I think the media focus around healthcare.gov has focused in on issues that have been issues for government for many years. They were issues in different ways in the 1990s when the OMB director came out with Raines Rules. It tends to work in a cycle where government will be moving along and then there will be some high profile issues like healthcare.gov that force people to focus on what is needed. We saw a number of similar issues that led up to the impetus of the Clinger Cohen Act in the earlier 90s. So this issue sort of hits on the historical trend of a key external event or system, where issues have been raised and caused public attention,” said Chenok.
Right now there is a lot of frustration from the public?
“I think the frustration shows that people do depend on government and want government to do things that provide services more efficiently and effectively,” said Chenok.
What will be in Obama Management Agenda?
“Anytime you see an administration in a second term, there is a different cadence in how it approaches management reform then there is at the beginning of an administration. At the beginning of an administration they are looking at 4-8 years to achieve their goals,” said Chenok.
Chenok explains the current management situation:
- Here you have a new director at OMB, who is looking at what can be achieved to drive change in particular areas. Areas that can be done and institutionalized before the end of the term. I think you will see in the management agenda activities from agencies in the four areas that the administration discussed: actions by government that can improve the economy, actions that can improve the efficiency of government, effectiveness of government in terms of outcomes, and the manner in which government works with its own workforce and stakeholders. Stakeholders include contractors and those non-profit entities and other third parties that work with government.
- You will see a few initiatives in each of those areas because it is hard to take on a large scale reform agenda in year five or six. You will likely see some more targeted initiatives where you can see real change happen.
The Government Performance and Results Act Modernization is being fully implemented in 2014, what will this mean?
“GPRA implementation is more of institutionalizing a trend that has been around for more than 20 years since the first GPRA Act was passed in 1993. You have these Modernization Amendments that were passed in 2010 which had a long lead time in terms of when they were implemented. 2014 is the first year that you have full implementation. Agencies are going through and putting together a new set of strategic plans and strategic goals and OMB will be doing these annual assessments. This year will be more about institutionalizing the process and continuing down the path of using performance information more effectively to drive government action. Whether that be making a budget decision or identifying what programmatic priorities agencies want to focus on, to identifying what services the government really want to optimize,” said Chenok.
Security and Privacy
How much data should the government have?
“Government is the steward of a lot information about individuals who are receiving services from the government. Those services could be health information, financial information, or information about student loans for college, or where they go to participate in recreational activities at the Department of Interior’s national parks site. There is a lot of attention paid to how the government protects personal information and how the government communicates that protection to the public. Communication is often a privacy issue that doesn’t get much attention. Privacy is not only about protecting information, but it is also about clearly communicating what the government is going to be doing with that information. That way people will understand what will happen when they provide information to the government in various ways,” said Chenok.
Does NSA leaker Edward Snowden change things?
“Whenever there is an issue surrounding the intelligence sectors and how that affects government more broadly, you see both a sort of a general concern from the public about government action and then also as the cycle moves on, a realization that the government really does exist for many different reasons, providing many different services. People depend on those services and in order to receive them they engage with the government in different ways and provide personal details at various times. So I do think that Snowden called attention to the issue but I think over time people will want to receive the benefits the government provides and will continue to engage in a discussion on how best to do that in a way that protects personal information,” said Chenok.
Security beyond FISMA?
Chenok said he has seen three significant actions at the end of 2013 that will have lasting effects in this coming year:
- Issuance by the the Department of Homeland Security of a new broad contract like a purchase agreement around continuing diagnostics and monitoring. That means you look at security from a manner of constantly checking your network. Understanding what the traffic is. Detecting malware and then quickly responding. As opposed to really assessing security through looking at a snapshot view every three years or so, which was done under FISMA.
- The second piece which was done under an OMB policy that told agencies that they should be moving towards continuing diagnostics and monitoring over the next several years and that should become the default presumption by 2017. So you will see a lot of migration beginning to happen both because policy says it should happen and because there is a contractor vehicle that indicates that.
- Finally, you have the Cybersecurity Framework that is coming out of the NIST which really gets agencies to think about how best to work within a risk framework. This also affects the broader economy and how private actors address risk and security in their operations.
“There is going to be a lot of attention paid to security and this doesn’t even include the attention if Congress once again takes up cybersecurity legislation,” said Chenok.
“If you think about cloud from the buzzword cycle, it has really moved beyond the ‘Is cloud good’ discussion, to how do we use these types of services? How do you make it work in your programs to deliver services for effectively? How does cloud make your operations run more effectively? You can do things for less money and you can reach more people. So you are gaining for greater effectiveness with fewer resources. So these cloud technologies and related technologies are offered as a service and can provide a great opportunity. This will gain even greater traction as open standards for the cloud are adopted more broadly in the industry so that consumers don’t have to think about one type of cloud versus another type of cloud. Just as they don’t think about which phone company they are using on when they pick up the phone to make a phone call they just know they pick up the phone,” said Chenok.
FedRamp and the Cloud
“FedRamp is a strong, across agency, interoperable type of policy program. Meaning if you get a cloud authorization seal from one agency and you have a FedRamp stamp of approval you can take that authorization and offer your services to another agency. That prevents the need to go back through another bureaucratic process, saves money,” said Chenok.