A few comments regarding reader comments

rejected stamp

At a time when most websites' comment threads are filled with spam, trolls and off-topic attacks, FCW's commenters consistently show themselves to be a thoughtful and well-informed bunch.  We do, however, get the occasional mudslinger, or offers of GREAT DEALS on [insert product here]!!!  And since all comments are moderated before publication, we do our best to keep those comments out of the otherwise-insightful mix. 

What follows here is a refresher on the types of comments that will tempt the moderating editor (usually yours truly) to hit "delete" rather than "publish." 

Obvious spam or self-promotion. We want you to express your opinions; we don't want you to use our comment space to sell your products, promote your blog or company, or entice our users to click on links to who knows where.

Foul language. If you can't express your opinion without using dialog from a Quentin Tarantino script, you can't express it here.

Personal attacks. Many FCW stories focus on specific senior executives at various agencies, and sometimes draw comments aimed directly at those individuals. If you want to criticize an official based on documented facts you cite, we'll likely publish it -- especially if it helps to put the story in context. If, however, you simply want to label someone as incompetent, unethical or "weird" (as one commenter put it), go elsewhere.

False identification. We do not require our commenters to identify themselves, but do require them to identify themselves truthfully if they do at all. One's email address is never published, but including a valid address will help us to verify your identity or answer other questions that might be holding up approval. (Including your email is also a good way to connect with a reporter on a given story if you are interested in doing so.)

Conversation Domination. When we see multiple, nearly identical comments from the same person in the same day, we will probably pick one to approve and delete the rest, even if they otherwise meet the criteria for acceptance. The comments section should be a conversation among readers, not one or two voices holding forth.

Off-topic comments. There are comments that do not include any of the above transgressions, but still don't pass muster. If your comment is not germane to the story to which you're posting it, we likely won't use it – not because there is anything wrong with it, but because it doesn't further that particular conversation.

As a general rule, if your comment is on-topic, cordial and focused on the issue rather than swiping at people, it will appear. Moderated comments serve the reader by ensuring the comment threads provide a useful and engaging discussion, not just a series of tirades. We hope you appreciate it, and we hope that those of you who read without commenting will consider joining the discussions.

And finally, please remember that moderation is not instant.  FCW's editorial staff is small, and working hard to produce the stories on which you all comment.  And as wonderful as our interns are, this is not a task that gets delegated to them -- senior editors read every comment that's submitted.  So if you're wondering why your on-topic, fact-filled and profanity-free comment has not been published, please be patient -- a deadline crunch, not censorship, is likely the issue!

Posted by Troy K. Schneider on Jul 09, 2014 at 6:52 AM1 comments


How to pick a Rising Star

Rising Star 2013

Nominations for he 2014 Rising Star awards are now being accepted -- and we need your input to be sure we find the best possible candidates for our judges to consider.

The Rising Star awards spotlight women and men who -- even in the early stages of their federal IT careers -- are having an impact far above their pay grade, and who show clear signs of being leaders in the community in the years to come. Nominees can come from government, the private sector, academia or the non-profit world -- the only restrictions are that be actively involved in the community, and in the first 10 years of their federal IT careers. So while many nominees are in their 20s and 30s, age is not the issue -- a 50-year-old veteran who's embarked on a second career is every bit as eligible.

So be thinking about the individuals you know who are both doing great things today and showing potential for tomorrow. Start identifying your supporting nominators, and gathering the information you'll need to show us these people are really Rising Stars.

This year's nomination form has been streamlined; there are now three key questions rather than five:

  1. Describe this person's job, and the work for which he or she is being nominated.
  2. What impact did this work have? How did the nominee go above and beyond to make a difference?
  3. If needed, provide any additional background information to support this nomination.


There are 1,200 characters allowed for each question, so choose your words wisely -- clarity and brevity count!

Each nomination also requires basic biographical details for the nominee (name, title, organization, years in the field, etc.), and contact information for you and any supporting nominators (each nominee can have up to five). The essay questions, however, are what make or break a nomination. Here's what to keep in mind as you write them:

  • Focus on an individual’s accomplishments over the past year. This is an All-Star Team, not the Hall of Fame award, so don’t dwell on long and faithful service. Be specific about what the project encompassed and what the person did that was extraordinary.
  • It is the accomplishment and not the job title that counts, so describe the person’s contribution and show why the project is important to the community at large.
  • We know teams are important, but this is an individual award. Save your team nominations for the GCN Awards -- those nominations are also open!
  • This is not a popularity contest. Nominate people who have had a significant impact, even if they are not universally liked.
  • Supporting nominators matter -- a nomination with a single nominator can certainly produce a winner, but the judges pay attention to who is nominating and how they know the nominee/project.
  • That said, ask before you add someone’s name as a supporting nominator. Every year we have at least one judge who is stunned to find his or her name on a nomination he or she knew nothing about. It almost never has a positive effect on the discussion.
  • If you are nominating an industry person for work done at a government agency, it helps to have government corroboration. If ethical considerations make it difficult to enlist an agency employee as a supporting nominator, try to get third-party substantiation.
  • Finally, show the judges why this individual is an emerging leader to watch!

So gather all the necessary information, and begin nominating your favorite Rising Stars today.

Posted by Troy K. Schneider on May 07, 2014 at 1:23 PM0 comments


Help us find this year's rising stars

Rising Star 2013

UPDATE: Rising Star award nominations are now open.

This is not in response to one comment in particular, but rather to several scattered across the site in recent weeks -- and to the increasing number of inquiries landing in FCW editors' inboxes: We are almost ready for Rising Stars.

In just a few days, FCW will open the nomination period for the 2014 Rising Star awards. And we will need your input to be sure we find the best possible candidates for our judges to consider.

The Rising Star awards spotlight women and men who -- even in the early stages of their federal IT careers -- are having an impact far above their pay grade, and who show clear signs of being leaders in the community in the years to come. Nominees can come from government, the private sector, academia or the non-profit world -- the only restrictions are that be actively involved in the community, and in the first 10 years of their federal IT careers. So while many nominees are in their 20s and 30s, age is not the issue -- a 50-year-old veteran who's embarked on a second career is every bit as eligible.

So be thinking about the individuals you know who are both doing great things today and showing potential for tomorrow. Start identifying your supporting nominators, and gathering the information you'll need to show us these people are really Rising Stars.

This year's nomination form has been streamlined; there are now three key questions rather than five:

  1. Describe this person's job, and the work for which he or she is being nominated.
  2. What impact did this work have? How did the nominee go above and beyond to make a difference?
  3. If needed, provide any additional background information to support this nomination.


There are 1,200 characters allowed for each question, so choose your words wisely -- clarity and brevity count!

Each nomination also requires basic biographical details for the nominee (name, title, organization, years in the field, etc.), and contact information for you and any supporting nominators (each nominee can have up to five). The essay questions, however, are what make or break a nomination. Here's what to keep in mind as you write them:

  • Focus on an individual’s accomplishments over the past year. This is an All-Star Team, not the Hall of Fame award, so don’t dwell on long and faithful service. Be specific about what the project encompassed and what the person did that was extraordinary.
  • It is the accomplishment and not the job title that counts, so describe the person’s contribution and show why the project is important to the community at large.
  • We know teams are important, but this is an individual award. Save your team nominations for the GCN Awards -- those nominations are open now!
  • This is not a popularity contest. Nominate people who have had a significant impact, even if they are not universally liked.
  • Supporting nominators matter -- a nomination with a single nominator can certainly produce a winner, but the judges pay attention to who is nominating and how they know the nominee/project.
  • That said, ask before you add someone’s name as a supporting nominator. Every year we have at least one judge who is stunned to find his or her name on a nomination he or she knew nothing about. It almost never has a positive effect on the discussion.
  • If you are nominating an industry person for work done at a government agency, it helps to have government corroboration. If ethical considerations make it difficult to enlist an agency employee as a supporting nominator, try to get third-party substantiation.
  • Finally, show the judges why this individual is an emerging leader to watch!

Posted by Troy K. Schneider on May 05, 2014 at 1:26 PM0 comments


What 'continuous monitoring' means in the clearance context

thumbprint

FCW recently reported on plans by the administration to use continuous monitoring for security clearances for feds and contractors.

One reader wondered how this would work in practice:

"Will this eliminate the need for the [five- and 10-year] re-evaluations for [top secret and secret] clearances? What criteria will be used for this collection of data? Traffic stops, speeding tickets, arrests, credit scores, late payments?"

Adam Mazmanian responds:

As with any policy, the devil is in the details. The Security Clearance Reform Act, sponsored by Rep. Stephen Lynch (D-Mass.), would include financial credit history, currency transactions, court records, traffic violations, arrests, and foreign travel as areas to be examined.. This would require access to a mix of consumer databases and records of local and state law enforcement, as well as federal financial regulators. That tracks with other proposals made by experts in congressional testimony and those coming from the administration.

It's not just insider threats like Edward Snowden that drive the need for changes to policy. The government can't keep up with the required periodic reinvestigations of cleared personnel. About 22 percent of those eligible for access to classified information have outdated clearances, according to a recent report from the Office of Management and Budget.

Designing a system that gets inputs from those disparate systems and checks them accurately against feds and contractors holding secret and top secret clearances won't be easy. A study by the Intelligence and National Security Alliance suggests increasing the use of an existing self-reporting tool, the Standard Form 86 certification, which allows cleared personnel to report changes to their personal or financial status, report arrests, foreign contacts and other information.

Cleared individuals could file an updated form annually through a secure website, to provide a basis for automated checks. The self-reporting process would help provide a "clearance health" baseline for important information, and free up time for investigators to deal with the most important cases. The report's authors advise making the annual updates mandatory, and advising cleared personnel of the serious consequences of submitting false information.

The INSA report argues that a centralized, self-reporting system also has the advantage of helping track the access of feds and contractors who might be cleared for information at multiple agencies. Individuals with the most sensitive access could be given priority for investigative checks. The report suggests testing a new continuous monitoring system with individuals cleared to access "sensitive compartmented information" systems – this group is only about 4 percent of the overall cleared population of more than 5 million, and has access to the most sensitive and potentially damaging national security information.

Posted by Adam Mazmanian on Mar 31, 2014 at 10:05 AM1 comments


Readers take on telework

Videoconference

In a recent FCW article, readers voiced opposition to telework as an effective tool for federal workers.

One reader wrote:

"100,000+ Feds emailing their contractors at all hours to do more work so the Feds look good."

Another said:

"So FEMA employees could save over $2M in transit costs. As long as they buy $4 million in BYOD devices. If telework is playing a large role in retaining existing employee talent, we're all doomed. Last week there was a telework day. Tried to have a teleconference. No luck. Folks 'balancing' their work/life weren't available. Played hooky with no managers checking in on them. The managers were also likely 'balancing' their work/life. Sad. And emerging countries (like China) are more than happy to actually work 6-7 days a week to out-compete us. America needs to learn how to work again. Getting up and coming to work forces discipline and appreciation for compensation. Some may see this as gloomy, but we'd better stop taking our position in the world for granted. We didn't get to be the best just by having more ability to balance work/life. We got to be the best by working our butts off, not by playing hooky and touting it as a positive thing. We are a rich nation and we can afford this for some time, but when the time comes for us to once again really work, we won't remember how. "

Frank Konkel responds:

I disagree that telework equates with lower production. As telework has turned into a viable option for more federal agencies with the emergence of the Telework Enhancement Act, several studies suggest federal employees actually increase productivity when they telework.

While opinions, especially those in middle management, continue to vary about the effectiveness, some federal agencies have managed to implement telework in a fashion that maintains or bolsters productivity among their employees. Not surprisingly, those ahead of the curve also have the metrics to back up these claims. 

Personally, I enjoy coming into the office as often as I can, but I do appreciate that my employer allows telework. As with anything else, I’m certain that some individuals take advantage of their agency’s telework policies in negative ways, but I’m also certain that many people use telework productively, and with the added benefit of an improved work/life balance. The comment that “America needs to learn how to work again” surprises me, given that Americans today work far longer hours than most other nations. We know how to work, and telework has become part of how we work. Is the U.S. government’s approach to telework perfected yet? No, but that is part of the point of events like Telework Week.

Posted by Frank Konkel on Mar 07, 2014 at 8:19 AM6 comments


Does CBP’s Tombe expect too much from the cloud?

Wolf Tombe, Customs and Border Protection (Photo: Flickr/GTRA)

Readers critical of CBP CTO Wolfe Tombe suggested he was overly demanding of cloud service providers.

Readers were divided over comments made by Customs and Border Protection CTO Wolf Tombe in a Jan. 29 FCW article headlined “Moving to the cloud? Learn from CPB’s mistakes.” To some readers, Tombe came off as overly demanding of cloud service providers, while others said his comments should be a “must read” for federal CIOs.

One reader wrote:            

"Tombe said agencies should demand 99.999 percent -- sometimes called the five nines -- and should subsequently demand not to pay extra for it. Really??? How does that work? Each "9" is an order of magnitude more effort to deliver, and that entails additional cost. Someone's gotta pay for it. Why not just demand ten 9s?”

Another said:

“Demand commercial pricing and then demand additional services that commercial pricing doesn't include and then refuse to pay for it and then test it out in 'small' programs that are just trying to get their work done since nobody cares about them if they fail. Pretty much sums up cloud-first, huh?”

Frank Konkel responds:

I think Tombe’s comments are hardened from experience. Clearly, he and the agency at large were unhappy with one of its initial forays to the cloud – a botched email-as-a-service effort that the agency is still feeling repercussions from.

This isn’t someone saying you should start small in “low profile, low visibility” projects because larger enterprise efforts don’t belong in the cloud; this is someone saying start small and fail fast because practice makes perfect. The mission is still affected if a small program gets botched, but it’s affected a lot more when a large service like email goes down. Guaranteed, if CBP could have a do-over on a few of its troubled cloud efforts, it would take one faster than you can say “infrastructure-as-a-service.”

As for Tombe’s request for 99.999 percent availability without paying extra for it, I believe Tombe is saying that the five-nines of availability are a standard. Reliability is an important factor when considering any kind of cloud service, so it should be part of an organization’s business case. To me, Tombe is saying federal agencies should request what has become standard without paying extra money for it. In a competitive market, his statements – especially for cash-strapped agencies – make sense to me.

Posted by Frank Konkel on Feb 11, 2014 at 6:27 AM2 comments


Behind clearance reform, a struggle in data collection

fingerprint

Our Jan. 29 story, “Security clearance reform: more questions than answers,” drew responses that reiterated the central point made in the piece. Some readers wrote in with their own experience with the clearance process, while others raised the issue of Edward Snowden's cleared access that ultimately led to his leaking a trove of classified materials. The most common sentiment, however, centered on just how difficult it is to find the right information to begin with.

Ray W. wrote: I have a friend who is an investigator for one of the private firms. He was complaining that he gets investigations that are months old, sometimes close to a year, and is expected to complete the background in a week or two. This often requires travel to many states (and out west there is a LOT of distance between Montana and Texas) which cuts into the investigation time. ... The mentioned sharing of data is good for security, but that does not obviate the need to walk around asking references about the person and finding other people that are not references to go find out more and to get away from coached answers (for my first clearance in 1970, I was told that the investigator only asked my references who else I knew, and then went and asked those other people questions).

Amber Corrin responds: The amount of time it takes to conduct a thorough background investigation is one of the many issues crippling the current process, given that roughly 5 million people hold a security clearance of some kind. How do you walk around and get references on every single one of those people even once, let alone on a recurring basis? But then again, when it comes to national security, how do you not?

Of course, Manning, Snowden and Alexis all prove that the process failed at some point in the chain of events that go into obtaining a security clearance. Somewhere along the line, critical information failed to be discovered, whether it was a case of information not being shared or being obscured altogether – or something in between.

"We're talking as if one impediment that does not exist is access to data – but that's not true. Whether you're a contractor or federal agency, there are all kinds of databases that either don't exist and should, or that are unavailable to you," Rep. Gerry Connolly (D-Va.) said at the Jan. 28 Congressional Smart Contracting Caucus event in Washington.

According to Brenda Farrell, director of defense capabilities and management at the Government Accountability Office, another major problem is poor documentation, including when a background check is incomplete: Often there are no details on why information is missing, she said, such as an inability to make contact with the person being investigated.

"That would help OPM make determinations where there are weaknesses or where they might put more [resources] ... or where it might be acceptable to not have documentation," Farrell said. "We do know more about the adjudication process because it is better documented by some of the agencies. But that investigative piece is still a mystery."

Posted by Amber Corrin on Feb 03, 2014 at 12:27 PM1 comments


Should risky employees be allowed to hang around?

Soda Spill - Shutterstock Image

In response to an FCW article published Jan. 28 headlines “What feds can learn from Coca-Cola’s data breach,” a reader opined that government employee terminations could get ugly if they follow industry’s course regarding IT security. The reader wrote:

"So one of the big lessons is the terminated employee should have his/her rights terminated immediately as well. In private industry, an employee might be sitting at his/her desk and security walks up and says, 'your services are no longer needed' and the employee is given 10 minutes to gather his/her personal belongings and is escorted out of the building. This is where this recommendation will lead in the [government]."

Frank Konkel responds: I don't think quick goodbyes are necessarily a bad thing under the correct circumstances, especially under the pressure IT organizations are under to prevent unwanted data breaches and enforce the best possible cybersecurity policies. It is clear from Coca-Cola's response that it had policies in place at the time that would have prevented the breach. Had company officials actually followed them, perhaps a former employee wouldn't have strolled out of Coke's Atlanta headquarters with the personal information of 74,000 employees, suppliers and contractors.

As Tony Busseri, CEO of Route1, said in the article, policies are effective only if they are actually implemented. Coca-Cola received a big wakeup call, as have Target and Neiman Marcus in recent months, and that wakeup call should echo to government. Yes, federal employees should be afforded every possible employment right, but at the end of the day, if an employee has access to classified information, trade data or other sensitive types of information -- and that employee is terminated for any reason -- does it pose more risk to the mission to keep the employee on for two weeks or to wave a quick goodbye? In 2006, one stolen device containing unencrypted  data ultimately cost the Department of Veterans Affairs more than $20 million and severely damaged its reputation. Imagine what a disgruntled terminated employee could have cost them. Terminated employees know where weaknesses are in organizations – the connection to networks, technology and any sensitive data should be severed the moment their employment is.

Posted by Frank Konkel on Jan 30, 2014 at 8:00 AM2 comments


'Great servers, unhappy administrators'

workers

In response to a Dec. 13 FCW article on a report that said the government is decisively losing the battle for IT talent, a reader wrote:

"In a ploy to appease the masses, the government has decided to cut corners, and one of the simplest ones to cut is IT. And what's been cut the deepest is how they treat the people in IT, especially the people who do the work. So many will talk about how much is being spent in IT, but they balk at talking about the things they're doing to attract and keep IT workers. You end up with great servers being run by many unhappy administrators."

Reid Davenport responds: That comment demonstrates how difficult it is to clear the smoke of ambivalence and pinpoint how to refill the talent pipeline. Even though the report identifies compensation disparity as a major hindrance to employee recruitment and retention, its reasoning is backed by employee perception rather than concrete numbers.

How do you compare a worker's salary at Microsoft or IBM with one in the government? Do you base it on job title, experience, number of people managed or other factors? As you start going down the list of job details in order of tangibility, with compensation theoretically on top, it becomes less and less feasible to compare the public and private sectors.

Job culture and how IT professionals are treated are among the myriad complaints flung at government. But again, how can we decide whether Microsoft or the Department of Homeland Security treats its IT professionals better? If you say salary, we're back to square one.

This isn't to say that all comparisons between the public and private sectors are useless or naively simplistic, but rather that as issues concerning the federal workforce become less tangible, the margin of error increases.

There is, however, one measurable area other than compensation that the government could pay more attention to. At a time when science, technology, engineering and math jobs are supposed to land the big bucks, STEM's college majors are becoming more attractive. If the government is serious about filling the pipeline, it needs to find a way to recruit college graduates more effectively. Maybe that means creating more programs like the Presidential Innovation Fellows program, which attracts the best and brightest from the private sector in exchange for a prestigious resume line and an opportunity to effect real change in the public sector.

Posted by Reid Davenport on Jan 10, 2014 at 6:02 AM2 comments


Big data, Big Brother and you

abstract head representing big data

Responding to a Nov. 20 article about big data and privacy, a reader commented:

“Big Brother is a usual product of Big Government. ObamaCare is a prime example of an expanded government trying to run all aspects of people's lives - and it is made possible by Big Data. That is not to say that Big Data is bad, but it is a tool that can be used for bad as well as good purposes. As such, it is reasonable for people to be suspicious of any big data project that is controlled by politicians. The IRS database has been recently abused for political purposes and many believe that the ObamaCare site will become a prime target for future abuses. There are several other big databases that are also being proposed that can also be used politically against the people they are supposed to be helping. Many believe that the intentions of some supporters of these proposed databases is for these databases to be used for unethical political advancement - and they have plenty of evidence to support that theory. As such, until there are strong enough limitations on the government, Big Data will be seen as a threat to many law abiding people who do not bow down to and follow the political elite.”

Frank Konkel reponds: I agree that big data represents a tool with positive and negative ramifications. The example you summarize of an Orwellian government using information to control or keep tabs on its citizens is an analogy that has become almost commonplace since former National Security Agency contractor Edward Snowden leaked a stash of surveillance secrets about the government.

While I can’t speak to the ramifications of HealthCare.gov – assuming it ever gets running at full capacity – in an informational sense, I do believe big data represents a major challenge for the government over the next decade. The biggest question is whether privacy law will be updated sufficiently to stay abreast of advancements in technologies and Moore’s Law. Defense and intelligence agencies already have capabilities in place to ingest huge amounts of data produced by machines, satellites, unmanned drone aircraft and a variety of other devices. Big data allows unstructured data to be correlated against social media databases, geospatial data, records databases and potentially other sources of data such as census records, giving unprecedented real-time glimpses of live action.

The NSA’s big data efforts make collection even more personal. The agency can graph trillions of data points -- phone call metadata, IP and e-mail addresses, instant messenger accounts and a variety of other data -- allowing analysts who target individuals to view a kind of chain that links his or her contacts. Whether it’s OK for the government to have those powers -- which continue to be revealed through Snowden’s leaks -- is a conversation the public and Congress are beginning to have. But remember that it isn’t just your government that is collecting information: Private-sector companies make serious cash selling the contents of your Internet searches, purchase records and the like. Privacy law has yet to seriously address those concerns, either.

Finally, I think it is prudent to mention that big data is a seriously disruptive technology, which is why we’re even having this conversation. Most disruptive technologies have pitfalls associated with them. Think about the Internet itself: The good comes with bad.

Likewise, big data comes with good and bad capabilities. Now that this technology is very much in the public spotlight, the biggest data producers in the world – human beings like you and me – have a say in how the government and industry use that data.

Posted on Dec 02, 2013 at 10:04 AM1 comments


Feds sound off on morale

When the partial government shutdown ended in mid-October, FCW published a piece looking at the possible consequences on the morale of federal workers, and questioned whether retirement-eligible federal workers and younger workers with long careers ahead would leave federal service. The article drew a lot of comments from federal workers worried about pay freezes, job security and being demonized in the media.

One reader asked:

"What will it take to get workers to stay? 1. Restoration of COLAs and adjustments to be closer to private sector pay. 2. Restoration of bonus pools (now down 80%). 3. Restoration of the ability to travel to conduct the nation's business. 4. Restoration of the ability to attend, participate in, co-sponsor and hold technical and training conferences to interact with stakeholder and to sharpen job skills. But, most of all, start treating us like the assets we are, instead of costs to avoid."

Another reader wrote:

"I am retirement eligible and wondering why I still bother. I was even joking that I might have to retire to INCREASE my take home pay! How does Congress expect us to attract young talent when one of the few things going for Federal employees was job stability? Hard to make that argument anymore."

Some readers worried about how federal workers are portrayed in the media. One wrote:

"Every day the news [says that] government worker is an over paid fat cat that only sucks on the nipple of the American tax payer. How is that for morale? Honestly, many government workers are vested and have too much invested to leave even if they wanted too. However, for many new employees who are not yet vested, what is the incentive to stay?"

One reader alluded to the Federal Employee Viewpoints Survey from the Office of Personnel Management:

"OPM should replace most of their survey with a 'this place sucks' button."

Adam Mazmanian responds: Since our initial article, OPM released the results of its 2013 survey, which shows overall job satisfaction in decline among federal workers. While there's no breakout of retirement-eligible feds, the survey did show that federal employees age 60 and older in general reported the highest levels of job satisfaction compared to other age groups, are among the most satisfied with their organization, and are the most likely to answer that the work they do is important.

The survey is murky about whether a morale-based retirement wave is in the offing. About 84 percent of survey respondents said they planned to stay at their agency or seek another federal job, with roughly 6 percent planning to retire, 4 percent looking for work in the private sector, and 5 percent leaving for other reasons. (The numbers add up to 101 because of rounding.) The 2013 survey was conducted before the shutdown, but during sequestration. It will have to wait until next year's survey to find out if the partial shutdown was a tipping point for employee morale.

Posted by Adam Mazmanian on Nov 12, 2013 at 1:41 PM5 comments


Are IT certs really a measure of talent?

cybersecurity concept

In FCW's Oct. 28 story on IT certifications, a couple of readers disagreed with the contention that the credentials are the be-all, end-all to security hiring – or even necessarily the right answer.

Madwhitehatterwrote:

I'd rather see companies hire people who've been going to hacker conventions for the last decade than someone who did a 40-hour boot camp and got a brain dump. The government will stay behind when they don't have people who know the subject doing the hiring.

Amber Corrin responds:

The big problem there is recruiting the people attending hacker conventions. There may be a few talented individuals here and there who are willing to take on civil employment or working for someone else in a corporation, but by and large, you're talking about people whose very nature skews away from that type of work.

Tom Kellerman, vice president for cybersecurity at cloud security firm Trend Micro said it best at an event in October: "The U.S. has a culture of bastardizing the hacker community as a whole," he said. "If you're technically sophisticated and you know how to become a mission [yourself], why would you want a boss?"

An anonymous commenter wrote:

The only benefit of certification is for the certification providers! It takes critical finances, time and resources away from defense projects with little to no benefit in return. Experience is by far the premier indicator.

Amber Corrin responds:

But how do you measure that experience? I'm not defending certifications, merely playing devil's advocate – and reporting to you the response I got when I expressed a similar sentiment. Most commonly, certification requirements are used at least as a front-end filter in the hiring process rather than a guarantee of IT security savvy. But it's possible – maybe even likely? – that credentials end up being more than just a checked box that gets your resume past the first phase.

Posted by Amber Corrin on Nov 04, 2013 at 11:04 AM2 comments


Are cyber workforce woes actually all about the money?

dollar signs

FCW's October feature on federal cybersecurity personnel -- "Is there a cybersecurity workforce crisis?" -- took a critical look at the requirements the government faces in securing essential IT networks and operations. But some readers thought it was not critical enough, particularly when it comes to the reasons why workers take government jobs rather than higher-paying private-sector roles.

An anonymous reader commented:

In order to appeal to a sense of "duty" or "country" and/or a "love of technology," the appeal has to be followed through with actual empowerment. As a contractor, I have heard this sales pitch more times than I can count, and I have never seen it realized. Also, the idea that compensation is not a primary motivator is horribly skewed. Many young cyber professionals recruited by federal agencies leave for contractors because they can be paid sometimes two to three times the federal salary for doing the exact same work, with the exact same fulfillment of "duty" and "country." If the federal agencies want to recruit and retain cyber professionals as federal employees, they are going to need to minimize bureaucracy, empower the workforce to effect change, and realign their overhead to provide compensation competitive enough for federal workers to live next door to contractors -- experience and education being equal -- in areas where the cost of living is so high (D.C. metro area is a good example).

Reader Howard Risher wrote:

I do not understand how or even why you would write a story about any aspect of the technology workforce and not focus on the closely related problem: Federal salary increases have to be competitive. It's broader than cybersecurity -- it extends to all STEM occupations.

Amber Corrin responds:

All good points. Across the board, the current and former federal officials I asked about compensation agreed that the government faces serious challenges, if not outright inabilities, in offering pay equal to the private sector. This is particularly true in an era of sequestration and budget cuts that are forcing federal managers to get creative with recruiting.

At the Defense Department, officials sang the same tune, although some also alluded to being able to move money around to try to entice cybersecurity professionals with better pay than some other government positions. Obviously, that's not a sustainable approach, but it does illustrate a borderline-frantic pursuit of professionals with the right stuff.

That's why, in the story, there was a lot of discussion about perks other than money. Appealing to that pool of talent that seeks a different kind of benefit -- a pool that studies show does exist and largely seems composed of Generation Y workers -- appears to be a strategy that government managers can more easily embrace than squeezing the proverbial blood from budgetary stones.

As for the idea that contractor work provides the "exact same fulfillment of duty and country," that might be true of the veteran feds who have endured many years of the trials and tribulations of government employment. However, I'm not so sure it is equally true of the fresh faces seeking those attributes in government work now -- those same fresh faces of which the government is in dire need.

Posted by Amber Corrin on Oct 23, 2013 at 10:32 AM0 comments


What's so special about federal fellows?

young people working

In response to an Oct. 11 article about furloughed federal fellows, a reader commented:

Should one infer, from the article's exclusive focus on "federal fellows," that rank and file civil servants are not similarly disheartened and frustrated by federal furloughs?

Reid Davenport responds:

Not at all. FCW has done a number of stories on the shutdown's many ramifications for  federal employees of all stripes.

For example, Amber Corrin wrote on Oct. 9 that, "A week into the partial government shutdown, the ripple effects are becoming clearer. Cybersecurity is in jeopardy while deliverables are at a standstill, and some agencies are hollowed out. But at the center of the shutdown's impact are people."

Frank Konkel wrote an Oct. 8 article that centered around the tremendous bite the shutdown has taken out of the IT workforce at Veterans Affairs. And on Oct. 3, I wrote a piece on the hit the public IT workforce has taken across the federal spectrum.

The story about the fellows seemed inherently interesting because of the specificity of their work, stringent limits on their time of service and how their positions relate to federal technology. It was not intended to put their work on a pedestal that rose higher than other federal employees -- simply to offer another angle in FCW's continuing coverage of how the shutdown affects federal IT and the people who make it happen.

Posted by Reid Davenport on Oct 16, 2013 at 6:35 AM0 comments


It's about more than where you sit

gsa atrium

The atrium of GSA's headquarters building. (GSA photo)

Readers offered some strong commentary on sources quoted in a Sept. 25 FCW article that outlined contractor concerns about GSA's new headquarters renovation and telework policy.

One reader wrote: Did our genius friends that polled a "handful" of contractors give any thought to logical reasons behind a longer lead time for communications or modifications? Moving from VA to DC does not happen overnight and it takes a few days to pack up for the move. Unpacking is just as time consuming. I'm not sure I care about the perceptions of nameless contractors.

Another said: Why are we concerned with what contractors think about government employees' seating arrangements? We are still available via telephone and email as before. Our administrator has been accomplishing what he had been tasked with by the White House. Yes, I am a GSA employee and we do a fine job for the taxpayers!

Mark Rockwell responds: To say this story is only about seating arrangements misses a larger point. The story is about profound shifts for every GSA worker and the effects of those changes on the outside world.

GSA's bold efforts to radically, and innovatively, change its employees' work environment -- including the locations they work from -- are bound to have some initial challenges. These same kinds of changes have rocked the everyday operations of large private corporations the last few years as they implemented similar policies. The reported difficulties aren't a reflection on whether GSA employees are effective or not.

Big, notable companies on the leading edge of workspace innovation, from Best Buy to Yahoo!, have struggled mightily with telework policies in the last year. I didn't bring up Yahoo! CEO Marissa Meyer's decision to rescind her company's telework policy lightly. It illustrated the current struggle corporations are having with flexible-workplace issues. Yahoo! and Best Buy ultimately chose to end their telework programs.

Those decisions, however, don't necessarily predict the fate of GSA's efforts. Meyer later told a workplace convention that her decision applied only to her company and shouldn't be held up as an example for every organization implementing flex-work programs.

It can take some time to make small things -- like how to reserve meeting spaces -- routine once again, when operating with a slew of new procedures and locations. Having to work from home or share desks are challenges for any organization, its workers, customers and contractors. For some, it's an upheaval; for others, a bump in the road.

Posted by Mark Rockwell on Sep 30, 2013 at 8:59 AM1 comments


Readers rankled over NOAA satellites

NOAA storm imagery

NOAA satellite data provides essential information for tracking storms and forecasting weather. (NOAA image)

Readers were critical of the National Oceanic and Atmospheric Administration's management of two major weather satellite acquisitions following a Sept. 19 article.

One reader wrote: NOAA has clearly proven with this debacle that they should never have been permitted to manage a satellite program in the first place. All satellites should be under NASA's jurisdiction and the incompetent and redundant NOAA satellite program should be shut down.

And another commented: NOAA has a problem with priorities! Let's get the priests of global warming out of the organization and get back on track with the real important issues... like weather satellites!

Frank Konkel responds:

While NOAA received the lion's share of criticism at a Sept. 19 congressional hearing, don't forget that NASA already partners with NOAA on both the Joint Polar-orbiting Satellite System and the Geostationary Operational Environmental Satellite (GOES-R) program. Combined, the lifecycle costs of both satellite programs are more than $22 billion, and they have experienced delays, cost overruns and ugly oversight reports. In the early- and mid-2000s, a joint NASA-NOAA-Defense Department satellite program wasted billions of dollars on similar types of satellite programs.

The general responsibilities now go like this: NOAA handles the procurement and NASA provides expertise when applicable. NASA launches the satellite and oversees its transition to a fully operational satellite, then NOAA takes over its operations.

These satellites aren't orbiting around the Earth doing nothing. They're making key measurements on weather phenomena of all kinds, providing data to help forecasters make predictions, including tracking dangerous storms and warning people in danger. Data from these satellites is infused into weather data models and forecasters from the National Weather Service – a component agency within NOAA, which in itself is a component of the Commerce Department – and the folks at NWS use the models to make the forecasts that affect every American.

"Shutting down" NOAA's satellite program would require an enormous transfer of information, personnel and logistics information to NASA that no doubt would come with a massive price tag. It might not even be safe, considering NOAA's historical hold on operating weather forecasts. While NOAA's faults are clear – they haven't exactly been transparent with lawmakers or the public on these matters – they provide a vital service to the country. If you value weather prediction or storm tracking, you have NOAA and its satellite programs to thank.

In addition, while NOAA does spend money on climate research, the presence of any "priests of global warming" at the agency is for the most part irrelevant to the debate over the weather satellites. Climate research has at times been a contentious issue in Congress, but the debate at hand has to do with the acquisition of two satellite programs, and has nothing to do with climate research that looks largely at information that's already been documented.

Posted by Frank Konkel on Sep 24, 2013 at 7:42 AM3 comments


Crafting a winning Fed 100 nomination

Fed 100 Logo

Nominations for the 2013 Federal 100 awards will be opening soon. If experience is any guide, many of our readers will have questions, such as:

"How are the winners decided?"

"Who is eligible?"

"What's required in a nomination?"

"What are the deadlines?"

In anticipation, then, here's a quick guide to how it works and how nominators can make the strongest possible case for their nominees.

The ground rules

First of all, anyone who is part of the federal IT community is eligible for a Federal 100 award. Generally, that means agency employees and select members of the federal contracting sector, but past winners have included members of Congress, academics, independent watchdogs and even a journalist or two.

Second, anyone can submit a nomination. Floating oneself is a bad idea, and nominations that are clearly driven by commercial interests are rarely effective, but a broad pool allows the judges to make better picks.

Third, an individual can win multiple Federal 100 awards over the years, so long as he or she has a new accomplishment that merits the recognition. Eagle award winners, however -- the one government and one private-sector winner selected from each year's Federal 100 as the best of the best -- have their number retired and are not eligible for future Federal 100s.

Nominations must be submitted via an online form on FCW.com. There is no "save this for later" option, so be sure to have the nomination drafted and ready before starting to submit.

Basic contact information for both the nominee and nominators is required, but five short "essay questions" form the heart of the nomination. Winning nominations tell a compelling story about:

  • The nominee's job. What he or she is tasked with doing in the federal IT space.
  • The nominated work. What was accomplished this year that is noteworthy.
  • The nominee's impact. Hard work without results might be noble, but it is not award-worthy. What did this person get done?
  • The nominee's effort. Federal 100 awards are not given for just doing one's job, however important it might be. What did he or she do that went above and beyond?
  • The nominee's background. What enabled the nominee to step up and make a difference? Federal 100 awards are given for specific accomplishments, not lifetime achievement, but the work of 2013 can be put into a larger context.

Note that these are not long essay questions -- character-count limits allow roughly 200 words for each.

The process

In short, the community nominates, FCW picks the judges, and the judges decide. The timeline, give or take a few days, will look like this:

  • Oct. 1 - The nomination form is published, and 2013 nominations are accepted.
  • Dec. 23 - Final deadline for nominations; the form is taken off-line Jan. 3 - All nominations are compiled into print binders and electronic dossiers and delivered to the judges for review.
  • Mid-January - Judges gather for a daylong selection meeting; 100 winners and a handful of alternates are chosen.
  • Late January - Winners are verified, and any questions raised during judging are addressed.
  • Jan. 31 - Federal 100 winners are announced.
  • February/March - Profiles of Federal 100 winners are written; Eagle award judges vote on industry and government winners.
  • Mid-March - Federal 100 awards gala.

The intangibles

The Federal 100 judging is a subjective process, one that draws heavily on the expertise of the IT leaders who volunteer their time to read and assess the hundreds of nominations. There are, however, some basic do’s and don'ts, which Chief Content Officer Anne Armstrong outlined in last year's call for nominations:

  • Focus on an individual’s accomplishment. This is an All-Star Team, not the Hall of Fame award, so don’t dwell on long and faithful service. Be specific about what the project encompassed and what the person did that was extraordinary.

  • It is the accomplishment and not the job title that counts, so describe the person’s contribution and show why the project is important to the community at large.

 

  • We know teams are important, but this is an individual award. Save your team nominations for the GCN Awards.

  • The Federal 100 award is for work done this year. If the nominee is a previous Federal 100 winner, the accomplishment behind this nomination should be substantially different from the work that was recognized in an earlier year.

 

  • This is not a popularity contest. Nominate people who have had a significant impact, even if they are not universally liked.

  • Ask before you add someone’s name as a supporting nominator. Every year we have at least one judge who is stunned to find his or her name on a nomination he or she knew nothing about. It almost never has a positive effect on the discussion.

 

  • If you are nominating an industry person for work done at a government agency, it helps to have government corroboration. If ethical considerations make it difficult to enlist an agency employee as a supporting nominator, try to get third-party substantiation.

Many have asked if FCW could share a "good nomination." Unfortunately for those seeking a case study or recipe, the submitted nominations -- like the judging discussions and even the identities of the nominators -- are treated as confidential.

That does not, however, prevent nominators from sharing their own submissions. And Christopher Dorobek -- former FCW editor-in-chief and a Federal 100 winner himself -- did just that a few years ago. As someone who has covered the community closely and been in the room for multiple Federal 100 judging sessions, Dorobek knows that it takes, so the 2008 nominations he shared (see here, here and here) and his general advice on the Federal 100 are all worth reading.

Other Federal 100 veterans are often willing to share their insights as well. Look at last year's list, and ask around.

Between now and October

Details matter, so start taking notes now, if you haven't been already. Identify colleagues who deserve the recognition, round up others who will sign on as supporting nominators (a single nomination can have up to five nominators), and gather stats and anecdotes to show what makes this person great.

In the judging process, nominations that come in on "opening day" are not given any advantage over those that are submitted in the final hours of Dec. 23. But those that are written and polished in advance almost always do better than those that were slapped together to beat the deadline -- and would-be nominators who come asking about a late submission in January or February (!) are out of luck till next year. So start early, and spare everyone the holiday stress.

And finally, don't wait until October to let FCW know about good people doing great work. We're always on the lookout for good stories -- and if FCW does choose to cover a successful project or individual, that visibility can only help when the judges are reviewing nominations next January.

Posted by Troy K. Schneider on Sep 16, 2013 at 11:08 AM0 comments


How deep does NSA incursion at NIST go?

keyhole digital

FCW published an article Sept. 6 in which sources questioned the integrity and trustworthiness of the National Institute of Standards and Technology following the release of  top-secret documents showing the National Security Agency weakened a set of encryption standards adopted for worldwide use in 2006.

Readers expressed concern at the news, questioning whether the NSA's intervention was a one-time event or a frequent occurrence.

So if our computer security standards are open to, let's call it "tweaking", I wonder what other standards that NIST regulates are "tweaked?" remarked one reader.

Another said, So much for NIST's credibility. I noticed they ignored the good stuff brought to them, now we know why.

A reader identifying himself as William Frazier questioned why government agencies even bother to compare each other's security protocols when they're all apparently operating with subverted encryption standards promulgated by NIST and used in IT solutions mass-produced by vendors.

Another reader wondered how far down the rabbit hole NSA-tweaking extends beyond encryption standards.

Frank Konkel responds: NIST responded to the criticism on Sept. 10, reopening the standards for public scrutiny and stating "NIST would not deliberately weaken" standards it approves for adoption.

However, the key word here is "deliberately," and I agree with readers who believe NIST's credibility is now open to question. When a top-secret NSA document – leaked by former NSA contractor Edward Snowden – states directly that the NSA "became the sole editor" of the weakened encryption standards in question, what does that say about NIST?

Nobody has come out and claimed responsibility for the apparent weakness in standards, and it's unlikely anybody will. What is more likely is that the cryptographic community will work hard to expose the vulnerabilities– if any – and work to correct them in a widespread, yet sensitive endeavor. If vulnerabilities exist, patches will be made. But as several cryptographers have noted, the time between when a vulnerability is found and a patch is implemented is key.

Regardless, the revelations uproot the image of NIST as a "just the facts, ma'am" agency based on scientific principles, which is sad for federal agencies and worldwide commercial organizations that adhere their security standards to NIST recommendations. What role did NIST play in adopting the weakened standards?

The agency says none at all, and that raises questions in itself. How many other standards were adopted in the same fashion? Was NIST handcuffed by the NSA from discussing any kind of potential sabotage? How often does the NSA take the lead on standards for unclassified systems?

NIST regularly exposes its standards to public scrutiny in an effort to be a transparent organization, but if anyone at the agency knew the NSA deliberately or even inadvertently messed with standards, they sure didn't make a public fuss about it.

While the whole issue got lost in the NSA leaks story, the NSA's efforts to defeat encryption by any means necessary is one of the biggest stories to come from Snowden's flash drives. Perhaps there is more to come on that front, and if it involves more collaboration between NIST and the NSA, it may be more bad news for feds.

Posted by Frank Konkel on Sep 11, 2013 at 9:33 AM1 comments


More than one path for FedRAMP

FedRAMP logo -- GSA image

In an Aug. 30 FCW article about a ninth vendor receiving approval through the Federal Risk and Authorization Management Program (FedRAMP), reader Peter Stark questioned whether companies were skirting the FedRAMP process by earning agency authorities to operate (ATOs) rather than certification through the FedRAMP’ Joint Authorization Board (JAB): The article states that Akamai is the 9th vendor to receive FedRAMP approval, then lists only five others. The other three are characterized as receiving "agency authority to operate," implying it's not the same as FedRAMP ATO (presumably being issued by an individual agency for its own enterprise). Then it concludes by stating that one of those three is the only federal agency to achieve FedRAMP approval. It doesn't seem like all those statements can be true. Does an agency ATO somehow equate to FedRAMP approval?

Frank Konkel responds: This question has come up before, most notably when Amazon Web Services went through an agency ATO process to gain FedRAMP certification. Some questioned whether gaining the ATO was on par with attaining JAB certification.

As FCW Editor-in-Chief Troy K. Schneider explained in May, an agency-provided authority to operate is no less “real” than certification to operate from the FedRAMP JAB. Either avenue is perfectly acceptable. As Scott Renda, Federal Data Center Consolidation portfolio manager Scott Renda has repeatedly stated, to think otherwise is mistaken.

"We never intended the JAB to authorize every system in government," Renda said at the FOSE conference in May. "That's a myth. And it would slow things down." What the FedRAMP team wants, he stressed, "is to implement a government-wide standard."

Posted by Frank Konkel on Sep 05, 2013 at 8:09 AM0 comments


Can a foreign firm safeguard American privacy?

cloud concept with man in suit

Responding to an Aug. 28 FCW article outlining the government's Federal Cloud Credential Exchange, a reader questioned the logic of having a foreign company design an American credentialing system, writing:  I'd like to see the background of how we decided having a foreign country be the epicenter of our credentialing system makes good sense. I'm sure logic was used in that decision, I'm just not seeing it.

Frank Konkel responds:

SecureKey Technologies Chief Marketing Officer Andre Boysen suggests that American citizens shouldn't worry about their information getting used outside the borders through FCCX.  

While SecureKey is headquartered in Toronto, it has an American headquarters in Washington, D.C., from which its American contracts operate. In addition, Boysen said, services and servers hosted for FCCX will be housed on U.S. soil, not in Canada or anywhere else. It should be noted that SecureKey has not yet picked a cloud provider, yet its concern for data sovereignty aligns with the company's philosophies and existing deals with Canada and the United Kingdom.

Finally, our article describes the "triple blind" process that keeps the FCCX hub and the agency involved from putting two and two together from a user's personal information. User privacy is one of the main goals of the pilot, which has one year to prove useful enough to merit a contract extension.

As for the procurement process, keep in mind that the U.S. Postal Service received nearly 20 bids on the FCCX pilot, many of which came from U.S. companies. The contract award makes clear that none matched what SecureKey could do from a technological or fiscal standpoint.

Posted by Frank Konkel on Sep 04, 2013 at 8:12 AM2 comments


Sourcing restrictions: prudent or punitive?

china cyber

Responding to an Aug. 20 article in FCW on how NASA is enforcing rules governing the acquisition of China-sourced IT gear and software in a new government-wide procurement vehicle, a reader commented:

This is just calling for tit [for] tat protectionism all the way around. Let's hope Beijing is not as petty.

Adam Mazmanian responds:

The provision referred to in the original article requires four agencies – NASA, Commerce, Justice and the National Science Foundation – to obtain special approval when acquiring technology systems that are sourced to companies with ties to the Chinese government. Industry groups have opposed the measure, contained in the continuing resolution currently funding the government, in part because as the reader suggests, it invites retaliation. An April letter from the U.S. Chamber of Commerce and other trade groups to Congressional leaders opposing the measure noted that, "The Chinese government may choose to retaliate against U.S. based IT vendors by enacting a similar policy for screening IT system purchases in China."

So far, it's hard to point to substantive action on the part of China that can be linked to the U.S. policy. "I think the pieces are moving," said Jon Lindsay a research scientist at the University of San Diego who specializes in cybersecurity. "U.S. companies are going to get a ton more scrutiny from China."

The law is just one small piece affecting China's posture toward U.S. information technology firms. The naming of Huawei and ZTE as cyber-espionage security risks by the House Intelligence Committee in 2012 has diminished the ability of those companies to land U.S. contracts, even in the private sector. A report in February from Mandient traced U.S. cyberattacks to a Chinese army espionage unit. More damning are recent revelations about spying programs run by the National Security Agency with the cooperation of U.S. technology firms. Additionally, Edward Snowden, the former NSA contractor who was the source of the disclosures, made accusations, reported by the Hong Kong press, that the U.S. maintained the capability to spy on China through back doors in American-made network equipment.

State-run media in China has since reported that IBM, Oracle and EMC are under investigation over possible security concerns. Daniel Castro, senior analyst with the Information Technology and Innovation Foundation, said recent moves by Chinese officials to examine U.S. technology firms were more in response to revelations about NSA spying than about law governing U.S. acquisitions. He noted that there are longstanding restrictions in place that apply to government procurement of technology for military and security use.

Lindsay understands the concerns of American technology companies when it comes to inviting retaliation. American companies have been able to maintain market share against Chinese competitors by producing better products. But now, "the Chinese have strong political reasons to get active and involved and start retaliating against the U.S.," he said.

Posted by Adam Mazmanian on Aug 29, 2013 at 7:11 AM1 comments


Sequester not to blame for lack of innovation

compass innovation

Responding to an Aug. 22 article in FCW about procurement hindering innovation in the government, a reader wrote:

Another killer of innovation has been sequestration. We are technologically losing ground to adversaries. The reason is the way sequestration was executed was first to protect all employees, then recap budgets and if anything was left it funded technology development. Guess what - in most agency cases there are no technology innovation dollars left. In a commercial environment a budget cut would have involved 10% layoffs, 20% reduction in recap (servers will last another year), and left money for innovation, otherwise you lose competitiveness. Why can't government be run like this?

Frank Konkel responds:

Good points – the government isn’t run like this, but to place the blame on sequestration probably isn’t correct, either. For starters, the government has been wasting money in IT for the past decade, a documented $9.2 billion since 2003. Those numbers come from the Government Accountability Office.

Not coincidentally, GAO released a report in December 2012 that showed the federal government spent $54 billion of its $79 billion 2011 IT budget on legacy technology. In other words, seven dollars of every 10 the government spent on technology went to maintaining old technology, and only three went to developing any kind of new applications or technology. According to a MeriTalk study released in July, the government spends closer to 80 percent of its IT budget on maintaining legacy systems. The data suggests a fundamental problem in the way the government procures technology and maintains systems, which inadvertently stifles innovation. Sequestration might have added to the problem, but it existed long before sequestration became a political talking point. The government doesn’t like to fire employees, it’s not always quick to adapt to change and its bottom line isn’t measured in terms of whether its operating in the red or black. For these reasons, I don’t think the government will ever operate like a private-sector business in prosperous times.

Yet some agency IT shops and CIOs have promoted innovation as a necessity, given tighter budget constraints. Innovation, some agencies have found, leads to better ways of doing things. Perhaps a continued scarcity of funds and uncertainty will force the government to run more like a private-sector company might. Time will tell, and it’s a fast-moving time in IT right now.

Posted by Frank Konkel on Aug 27, 2013 at 10:10 AM0 comments


If not Clapper, then who?

surveillance camera

It seems the confusion surrounding the review of surveillance activities ordered last week by President Barack Obama goes beyond just the head-scratching over whether Director of National Intelligence James Clapper will lead the review group. There is a sense of uncertainty not only over who should lead, but who should be involved, as evidenced by an email message from an anonymous reader:

I can see why Clapper leading the intelligence review would be a conflict of interest. But shouldn't the people involved in the review be pretty familiar with how things work in the intelligence community? By its very nature the community and activities under review are secretive, so I would think only certain people -- those who know how things work on the inside -- would be able to determine if current methods and technologies are effective. How would real outsiders know such things?

Amber Corrin responds: It is true that members of the review group will need to have a firm handle on the issues closest to intelligence, surveillance and the technological capabilities central to the discussion. As Kate Martin, director of the Center for National Security Studies, pointed out in the story, that means those people will be in some way tied to the government, but it does not necessarily mean they have to be the top officials from the community being evaluated.

"With regards to the membership, we would hope that the members of the panel would not be made of persons who work under Clapper or in an agency he supervises; we would also hope that they are not contractors working with the agencies," said Aimee Thomson, a legal fellow at the Project on Government Oversight. "While we acknowledge that any panel that reviews intelligence programs must certainly be made of persons from within the intelligence community, we hope the panel will be balanced by those who will represent privacy and civil liberties concerns."

Thomson pointed out that a similar review is expected from the bipartisan executive-branch Privacy and Civil Liberties Oversight Board. The board’s review likely will be more credible as an independent evaluation, with the review panel comprising former members of the intelligence community and representatives of the civil liberties community, she said.

The White House, through National Security Council spokeswoman Caitlin Hayden, has insisted that Clapper's role is limited and focused on facilitation -- a role serving the logistical purpose of being the central communications channel, much like the reasoning for the creation of the Office of the Director of National Intelligence itself, as Thomson noted. Even so, Clapper's involvement, however indirect, remains an issue.

"Any independent review of surveillance programs would lack credibility if they appeared to be controlled by the intelligence community," she said. "While such a review can have merit, a report influenced by the intelligence community cannot reasonably be called independent."

According to Martin, the involvement of Congress is critical to an effective and comprehensive evaluation of the community, its activities, and the programs and technologies at the center of the controversy. She noted that in the past, such reviews have been successful only when Congress pushed for transparency, which would include the declassification and release of more information than has so far emerged.

Posted by Amber Corrin on Aug 16, 2013 at 9:46 AM0 comments


Readers divided about VA theory on stolen laptops

Image of file folders

Readers responded to an Aug. 8 FCW article on data breaches at the Department of Veterans Affairs with a mixture of criticism and praise for Acting Assistant Secretary for Information and Technology Stephen Warren, as well as a few questions.

One reader wrote: Stephen Warren said "people tend to steal laptops indiscriminately for their street value rather than in hopes of profiting from veterans' private information." I guess he's basing this statement on anecdotal evidence and personal supposition? Or empirical evidence gleaned from interviews with the thieves?

Another wrote: Based on the June 4 hearing, it really doesn't matter what VA, [or] Stephen Warren in particular, says about security or whether or not the breaches were high, moderate or low risk. Once you’ve been caught deceiving Congress, veterans and the general public, you forfeit your credibility. Still waiting on what the VA is going to do about the hacking and general penetration of the VA network. As a vet, I’ve yet to receive anything in the mail like the letter sent out in 2006. At some point, offering free credit monitoring is a moot point.

Another had a rebuttal for those criticizing Warren: The last comment is born of ignorance and lack of common sense! While Warren has fewer than a handful of supporters (his supporters are mostly the contractors he hires to document his desires and publish them as if they are their unbiased and undirected opinions), in this case he’s right. Unlike people stealing paper records for the folders that hold the paper, it’s commonly known that most people steal laptops for the laptop itself. And if people want a veteran’s information, they’ll more than likely find a way to hack into one of the many databases that hold it all. Please don’t add to the ridiculous paranoia that’s infecting VA and taking our focus away from treating patients.

Frank Konkel responds:

There have been many documented problems at VA, and much of the criticism of the department is justified. But I don’t believe there is substantial reason to doubt Warren’s claims that laptops are taken primarily for their hardware value and not the data on them. Why?

The main reason is that even though paper records continue to be the primary data breach for VA -- sometimes releasing the names and Social Security numbers of hundreds of veterans -- few cases of identity theft resulting from these breaches have been reported.

In the case of stolen laptops, many of which are encrypted anyway, it seems unlikely that thieves would think about stealing laptops for reasons that go beyond simply selling them to someone else. If it was appealing for thieves to steal these VA laptops and PCs in hopes of selling veteran identities to the highest bidders, wouldn’t it be far more common than it is?

If that kind of activity did increase, you can bet VA’s very active Office of Inspector General would get the word quickly.

Posted by Frank Konkel on Aug 15, 2013 at 10:55 AM2 comments


Reader: Government is ready for videoconferencing

Videoconference

In response to an Aug. 5 FCW article detailing possible hurdles for videoconferencing legislation, a reader wrote:

Government agencies have been building the infrastructure for videoconferencing for over a decade. I know, because I have been using it for over a decade. Add to the fact that if these agencies still do not have it completed, most likely they can easily complete it with savings from reduced travel costs. So if people are still complaining, it sounds to me like they have another agenda - one that they will not state because they know that it is not a positive agenda. I think most of us can come up with a few guesses as to what those real reasons are to not cut travel that they do not want to provide.

Frank Konkel responds: Videoconferencing is commonly used by feds, but much less often than we’d be talking about if H.R. 2643 were passed as is. Reducing travel expenditures by half – or even anything close to those numbers – would result in a significant increase in Internet traffic that would push the capabilities of some agencies.

Imagine all the employees who commonly travel for meetings and conferences logging into networks and sucking up bandwidth. Most civilian agencies are far away from having the full infrastructure in place to seamlessly allow their employees to telework or videoconference without issue.

That said, I can understand your cynicism: I do believe most feds, especially those at the managerial level and above, would prefer to conduct the vast majority of their business in person. Yet the rule of law could force even high-level officials to comply. 

Posted by Frank Konkel on Aug 09, 2013 at 5:50 AM0 comments


Why data centers are hard to count

data center

In response to a July 24 FCW article highlighting the severe underestimate of the number of federal data centers, a reader who identifies himself as Peter Marshall writes:

It has been my experience in the field that not only each federal agency, but offices within each agency, and even down to the Division level have different definitions for the "Data Centers" proper. Many will define small data processing and IT equipment rooms ranging from 500 square feet to 3,000 square feet as data centers when the dynamics of the facility's primary systems and spaces allocated to data processing do not have the characteristics of a "Data Center" as the industry defines it. Therefore, OMB in conjunction with all Federal Agencies and IT components need to first gather consensus around definitions and categories of data processing spaces, rooms, and facilities prior to the development of a fed-wide inventory of "Data Centers". The biggest challenge is getting past senior management who think they are IT savvy and the IT authority within their sphere of control, when in fact their technical experience and understanding of data processing systems, facilities and strategies are limited. It is my guess that once you define the Data Center you will find that the actual numbers of Data Centers (proper) will be down and the number of other IT and data processing spaces/rooms will be up. But until then there will continue to be a disconnect between the truly IT savvy technical engineer and the upper level manager.

Frank Konkel responds: Your criticism is spot on, Peter. When pressed at the data center hearing before Congress in July about how the Office of Management and Budget underestimated the number of data centers so dramatically, the federal CIO said the dramatic increase in data center count was in large part a result of a change in the definition of the term. Previously, OMB measured data centers based on size – greater than 500 square feet – but that definition was changed to include "data centers" that might fit in your coat closet, as you allude to.

The loudest criticisms of OMB regarding data center consolidation in recent months have been the agency's lack of leadership and lack of guidance in metrics to track cost savings realized. The criticism keeps coming from Congress and from reports generated by the Government Accountability Office, which publicized the data center increase before OMB owned up to it despite reports that the agency knew about the higher data center number  as early as mid-2012. And OMB's efforts at mitigating the criticism so far have fallen short. Now that FDCCI has been rolled into PortfolioStat, another IT initiative led by OMB, the agency is intent on "optimizing" rather than closing data centers, yet OMB hasn't produced any metrics that agencies could use to track savings, leading to minimal results for an initiative that launched in 2010 and was supposed to save between $3 billion and $5 billion by 2015.

As for the disconnect between IT-savvy engineers and their managers, I agree, but I think the biggest communication barrier is among OMB, GSA and the agencies charged with carrying out these executive orders and OMB mandates. If the agencies aren't given metrics to follow and repeatable plans officials can alter to fit their agency, what is the point of the initiative in the first place? Because it isn't going to save a lot of money if agencies have to figure it all out on their own.

Posted by Frank Konkel on Aug 06, 2013 at 3:32 PM1 comments


Readers complain about 'brass creep'

navy ranks

Navy ranks are shown here, but the Navy is not the only service implicated in 'brass creep.'

FCW's July 31 story on the Pentagon's bleak response to a sweeping department-wide review drew multiple criticisms of Defense Department management. Readers called for members of Congress to be held accountable, for DOD to start from scratch and build a more enterprise-focused organization and for an overhaul in leadership structure. Some of the proposed solutions are more likely than others to be acted on, particularly the ones referring to changes in higher-level management.

An anonymous reader commented: You know they need to … quit having so many chiefs and supervisors. A supervisor should have at least 10 people under him, no different than a squad leader in the service. Too many head honchos and not enough worker bees. Need to look at all the agencies around the government and minimize top-heavy agencies.

Amber Corrin responds: A lot of people out there would agree – many arguments have been made against "brass creep," or the increasing number of high-ranking officers. This is not a new problem, though past efforts to deal with it have proven less than effective. But it looks like those efforts may be renewed in the latest round of Pentagon budget trimming.

On Aug. 1 Deputy Defense Secretary Ashton Carter released a memo directing a 20-percent reduction in Defense Department management headquarters spending over the next five fiscal years. The memo – which has been posted by the Project on Government Oversight, a watchdog group that has previously targeted brass creep – does not specify cuts aimed at the highest-ranking officials. But it "will apply to all higher headquarters staffs including Office of the Secretary of Defense principal staff assistants (PSAs) and their associated defense agency staffs, Joint Staff, service secretary staffs, service chief staffs, service 4-star major commands and service component commands, lower level service staffs (down to the appropriate level [determined] by the service secretaries and chiefs), and combatant command staffs."

The 20-percent cut applies to total headquarters budgets, but departments are directed to implement a goal of 20-percent reductions in government civilian staff as well as military personnel billets on staff. The cuts also will apply to related headquarters costs, including contract services, facilities, IT and other support functions.

The reductions are ordered regardless of the status of sequestration – including whether it continues into 2014. If that does happen, further cuts will have to be made, Carter warned in an Aug. 1 House Armed Services Committee hearing in which he took swipes at Congress and, perhaps inadvertently, the Obama administration of which he is a part.

"The things we have to do under sequestration are not strategic … they're dumb," Carter said. "This is not the result of an economic emergency or recession … [It is] purely the collateral damage of political gridlock, and potential enemies around the world are watching our behavior."

Posted by Amber Corrin on Aug 05, 2013 at 3:43 PM0 comments


How to get your comments rejected

rejected stamp

As the editor who most often moderates submitted reader comments, I'm sensitive to allegations that FCW is censoring certain points of view. In fact, while I have not done a close count, I think that probably 85 percent or more of the comments I evaluate end up on the site. The few that don't have some easily identified characteristics that earn a click of the "delete" button.

It may be helpful, therefore, for me to tell you a little a bit about the things that will make me reject a comment.

Obvious spam or self-promotion. We want you to express your opinions; we don't want you to use our comment space to sell your products, promote your blog or company, or entice our users to click on links to who knows where.

Foul language. Come on, your momma raised you better. If you can't express your opinion without using dialog from a Quentin Tarantino script, you can't express it here.

Personal attacks. Lately, some of our stories have drawn large numbers of comments that are aimed directly at people involved in the stories. Our reporting on the Veterans Affairs Department's IT troubles is a good example of this. If you want to criticize an official based on documented facts you cite, we'll likely publish it -- especially if it helps to put the story in context. If, however, you just want to rant about someone being incompetent, unethical or "weird" (as one commenter put it), go elsewhere.

False identification. We do not require our commenters to identify themselves, but do require them to identify themselves truthfully if they do at all. One's email address is never published, and including a valid address will help me to verify your identity or answer other questions that might be holding up approval.

Conversation Domination. When I see multiple comments from the same person in the same day, I will probably pick one or maybe two of them to approve and delete the rest, even if they otherwise meet the criteria for acceptance. The comments section should be a conversation among readers, not one or two voices holding forth.

Off-topic comments. There are comments that do not include any of the above transgressions, but still don't pass muster. If your comment is not germane to the story to which you're posting it, I probably won't use it – not because there is anything wrong with it, but because it doesn't further that particular conversation.

As a general rule, if your comment is on-topic, cordial and focused on the issue rather than swiping at people, it will appear. Moderated comments serve the reader by ensuring the comment threads provide a useful and engaging discussion, not just a series of tirades. We hope you appreciate it, and we hope that those of you who read without commenting will consider joining the discussions.

Posted by Michael Hardy on Jul 31, 2013 at 11:21 AM1 comments


Did the State Department's William Lay deserve IG criticism?

William Lay

Does the State Department's William Lay deserve the criitcism leveled at him in a recent IG report? Some readers say no. (File photo)

Several readers reacted strongly to an article FCW published July 19 covering a State Department Inspector General report on the Bureau of Information Resource Management, Office of Information Assurance (IRM/IA).

Some readers were critical of FCW’s reporting on the IG’s findings, which included criticism against Chief Information Security Officer William Lay, who heads the Bureau.

One reader wrote: This article and the report are totally unfair to the CISO. Mr. Lay just arrived only months before this inspection, and inherited decisions from other people already departed. I am glad there are some positive things in this, but this seems to be placing a lot of blame on the CISO, without even letting him settle in and sort out the pieces left behind.

Another reader wrote: Any of the major takeaways from this IG report (lack of vision, disregard for standard operating procedures, abusive authority, inconsistent and ineffective strategy, etc...) are already occurring at DHS since the former State CISO took control at DHS-FNR. [Federal Network Resilience.] The DHS IGs better wake-up because what happened at State isn't an isolated event. Someone in the IG better take a close look at what is happening in FNR before the crew that provided the miserable iPost solution completely tanks the 180+ million DHS continuous monitoring effort.

Another reader wrote: Amazing . . . . The previous CISO leaves a total disaster behind as he rides a wave of glory into a new position at DHS, leaving his replacement (Lay) to take the blame. Pathetic.

Still another wrote: Is anyone surprised at this report? Does anyone think the Department of State really cares about the report? A Department spokesman states "The Department takes the OIG feedback seriously and is committed to addressing the recommendations and the concerns that led to the assessment." All one has to do is to review the last four or five OIG annual FISMA audits,  to see that the OIG has been documenting these issues for years. Who cares!!!!

Frank Konkel responds: I reached out to the State Department’s Inspector General’s office on this matter and was told that the report provides a “historical snapshot” of the bureau at any given point in time. I believe Lay, while new on the job, happened to be the guy in charge when the IG came looking around, so he’s going to shoulder some blame for the bureau’s problems. The IG report balances praise and criticism for Lay, and I believe our report portrays that fairly.

However, most of the criticism by the IG is bureau-wide, and a slew of the problems documented in the report certainly predate Lay’s tenure, which began in September 2012. Major issues like the bureau operating without a mission statement and mishandling its certification and accreditation processes were either not fixed or not addressed by Lay’s predecessor, John M. Streufert, who held the position from February 2008 to January 2012, or almost four years.

Streufert now works as the director of Federal Network Resilience at the Department of Homeland Security. I sent a request for comment to DHS on the matter, but didn’t hear back, so I can’t say anything more on that. But I do agree with reader perspectives that Lay, hired nine months ago, should not bear the brunt of responsibility for documented problems that were years in the making.

Posted by Frank Konkel on Jul 24, 2013 at 12:03 PM11 comments


Should Steve Kelman stay quiet on reverse auctions?

auctioneer

After Steve Kelman posted an entry to his FCW blog, The Lectern, on reverse auctions, several readers were critical. Kelman, as he disclosed, is on the board of FedBid, a provider of reverse auction services. The General Services Administration's new reverse auction platform competes with FedBid, some readers argued, making it hard for someone with an interest in FedBid to be objective.

I believe Professor Kelman continues to be out of line in commenting on reverse auctions in any form, wrote one. He is biased toward FedBid....no question about it. The fact that he admits he's a paid employee of FedBid doesn't eliminate his bias ... He is painting a false picture by comparing GSA with FedBid, and he's doing it intentionally to cast doubt on GSA.

Another wrote: Mr. Kelman is crossing the line based on his personal relationship with FedBid. Come on Steve, you can't provide "independent" commentary on a topic of personal gain! You may want to retake a Harvard course on ethics/integrity. Awhile back you were on GTSI's Board when they were debarred - think you should stick to teaching and out of profiting from both. You did a great job at OFPP but not on the Boards you are on!!! Sorry, no passing grade here!

Steve Kelman responds: I appreciate the comments on my recent blog post on the GSA reverse auction site, arguing that I should not comment on reverse auctions at all because I am on the FedBid Board of Advisors.

I think the comments raise a fair issue, which I would like to address.

Anytime I say anything about reverse auctions, including in this post, I mention my association with FedBid. I believe that reverse auctions are an important enough procurement innovation, and represent an important enough cost-cutting strategy in tight budget times, to be of enough general interest sometimes to warrant comments in the blog -- just as are the many other procurement innovations and cost-savings issues I also discuss in the blog. I believe I can be reasonably objective in discussing these issues, but I feel it is my obligation to discuss my business relationship in case a reader wishes to discount what I say only for that reason.

However, the critical comments did not all raise substantive arguments about why anything I said in the blog was wrong. I think there is in general a problem in public discourse that people sometimes attack the bona fides of the person making a comment rather than discussing the substance of the comment. This is problematic and troubling.

Second, based on some of the comments, I suspect -- though of course I can’t know for sure -- that some of them come from people who work for companies that face increasing competition, and probably have had to lower their prices, because the government is now using reverse auctions. Yet, unlike me, no commenters disclosed any personal interest they might have in the issue of reverse auctions.

One commenter made a reference to GTSI, on whose board I served before the company was taken over. Because there were no general issues raised by GTSI’s problems with the Small Business Administration several years ago, I wrote nothing about this at the time. However, since the commenter raises this question, I will take this opportunity to note that an SBA-appointed monitor made an extensive investigation of GTSI’s business practices in terms of small business, and told the board of directors that their investigation showed no evidence at all of any systematic problem with GTSI’s business practices, and that even in the one specific incident that produced the SBA action, it was a matter of legitimate dispute whether GTSI’s actions did or did not violate the regulations.

Posted by Steve Kelman on Jul 19, 2013 at 12:00 PM3 comments


Data center holdup: A question of funding?

data center cages

In commenting on a recent FCW article regarding Congress’ requests for answers from the secretaries of the Department of Energy and the Office of Management and Budget regarding a hold on a data center energy savings performance contract, a reader wrote:

I thought this administration was all about "efficiency"; be it energy and/or operational. Could this be an issue on who's providing the financing? Personally, I would rather see private financing help make the federal infrastructure more efficient than my tax dollars continuing to operate the costly, less efficient, federal data centers and IT infrastructure. The ESPC program could definitely help the federal agencies finance their [data-center consolidation] plans.

Frank Konkel responds: Many sources have told me one potential reason for the initial OMB hold on the $70 million deal that would optimize two of DOE’s data centers – paid for by efficiency savings over six years – is that financing for the deals does indeed come from private companies, not from taxpayer dollars allocated at OMB’s discretion. Thus, OMB loses budgetary control and power.

Interestingly, companies like Lockheed Martin – called ESCOs (an acronym for energy savings companies) – must compete for financing among the private companies such as Hannon Armstrong, Bank of America and Dominion Federal that operate in this particular market. Financing is an integral piece of any ESCO’s investment grade audit, which is necessary before any deal can take place. In this particular deal, Lockheed Martin was able to attain an interest rate of less than 2.5 percent – extremely low for an ESPC project of this scope. Low-cost financing, guaranteed savings and no major capital investments up front using ESPC’s as a vehicle for data center optimization sounds like a great deal for federal agencies – some critics argue it’s too good to be true – striving to adhere to OMB’s Federal Data Center Consolidation Initiative, but for reasons unknown, the first ESPC data center optimization deal is still on hold. OMB continues to stay silent on the issue.

Posted by Frank Konkel on Jul 17, 2013 at 12:10 PM0 comments


The ripple effect of furloughs

image of worried man

Defense Department civilian employees have begin taking the long expected -- and feared -- furlough days. (Stock image)

FCW's stories on the ongoing saga of Defense Department furloughs have all attracted attention and comments, many from those on the receiving end of the mandatory pay cuts and time off. Our latest report, DOD furloughs begin as Pentagon looks to 2014, was no exception. Readers chimed in to share their experiences and viewpoints – and yes, rant a bit about the powers that be and their disconnect with the people most affected.

Reader RayW wrote:

I wonder how much this furlough will cost the taxpayers? I know that our contractors have three days every two weeks in which they cannot work since we are not here to have the building open, so they sit in another building wasting eight hours per person per day doing personal stuff since they have no contract work that can be performed there. I personally am being told that even though I have a [25 percent to 30 percent] cut in hours I still have to meet deadlines ...

I know that one of our groups (the GS14 and GS15 level) is trying to hire contractors to do some critical infrastructure work so as to not look bad. The peons are yelling at them saying NO, that makes us look bad because the work gets done with a cut in time so that means we are not needed. If management gets their way, then the contractors cost more, and the government workers get a worse reputation. Of course, if the work does not get done now, then other things break too, costing more to fix in time and material.

Amber Corrin responds: A lot of red flags here, indeed. A bit of research confirms what most probably assume: hard numbers on the taxpayer costs of sequestration-related furloughs, specifically those at DOD, are difficult, maybe impossible, to come by.

However, most sources say there will indeed be costs incurred and taxpayers will foot the bill. Rep. Walter Jones (R-N.C.) on July 12 posted on his website that DOD furloughs would delay the completion of already-funded projects at Fleet Readiness Center East, resulting in overtime to make up for lost time "and an ultimate increase in cost for the Department of Defense and taxpayers. "

Rep. Mike D. Rogers (R-Ala.) took a similar stance in a July 8 statement to the Anniston Star. "I believe these ill-advised furloughs will not only hurt our military's readiness, but ultimately cost the taxpayer more money in the long-run," Rogers said.

Those costs stem from myriad places, programs and projects. Appeals to the merit system protection board, to which furloughed employees were able to appeal their furlough after being notified, reportedly cost thousands in man-hours. According to CNNMoney, some furloughed DOD employees are eligible for unemployment benefits. DOD agencies that generate revenue lose those profits, and in a domino effect that ends up costing taxpayers as well, according to one former Space and Naval Warfare Command (SPAWAR) official.

"Without the furlough, SPAWAR would have experienced a generation of revenue from work in support of its customers, while simultaneously finding itself able to absorb related overhead fixed costs. When employees are furloughed, SPAWAR is unable to recoup any revenue as a result of each affected employee. In effect, the furloughs actually increase, rather than reduce, both taxpayer and [DOD] costs," James Ward, former SPAWAR Systems Center executive director, wrote last month in the Charleston Post and Courier. "Further, SPAWAR will need to increase its rate structure to make up this loss in overhead generated dollars. But SPAWAR has experienced significant growth by successfully lowering its rates due to executing more direct hours than planned and thus providing even more efficiency to its customers. That is what we all expect from government."

As for hiring contractors? Don't count on it. As stated in the original FCW story, a June 28 memo from Defense Secretary Chuck Hagel explicitly forbid the hiring or repurposing of contractors "to compensate for the workload/productivity loss resulting from the civilian furlough."

Posted by Amber Corrin on Jul 12, 2013 at 2:08 PM9 comments


Contractor compensation: Just a giveaway?

To our article "Deconstructing the contractor compensation debate," a reader commented: How can this be a democratic government when we have corrupt policies like this giving top executives money so they can keep doing business with the government. We are no better than the next guy down the road. You know, you get paid for the work you do and if you do not do it then that is it, go somewhere else to get that money. ... You would have some of the small companies be able to compete if they would stop giving away money to corporations. ... Think of the billions of dollars they would save if they would quit giving these top executives money. Someone's is in somebody's back pocket, think about it.

Mark Rockwell responds: It has to be difficult for agencies to find the right balance here, enough reimbursement to keep companies interested in the federal market, but not so much that it turns into a corporate giveaway. This issue feels akin to the difficulties federal agencies encounter in adopting public company management practices to operate in a more business-savvy way. While some of those practices--like making inspirational videos, or hosting expensive events—may not raise executive eyebrows at some private-sector companies, the same things can result in congressional hearings, resignations or even indictments if federal agencies indulge in them. Practical business management habits and practices common inside corporations, like cost-savings programs and more efficient bulk buying platforms, that have been embraced by federal agencies obviously aren’t as controversial.

The public should demand its tax dollars be spent well and it rightly abhors excesses. It also wants federal agencies to be more business-savvy and nimble enough to get good deals on the best services from the most able suppliers. The intersection of all those things is not an easy target to hit.

Posted by Mark Rockwell on Jul 10, 2013 at 9:36 AM0 comments


What's wrong with cyber training? Apparently, a lot.

Navy person using keyboard

Why are trained cybersecurity professionals hard for the government to hire?

Our recent story headlined What’s wrong with cyber training? provoked quite the reaction.

Some readers agreed that there is too much focus on paper credentials and not enough on real-world know-how. Others argued that without those certifications, landing a job is next to impossible.

As commenter rb CA put it: (1) In most professions, you have book learning and you learn how to really work after you are hired. No one comes out of college (or the one-week course) ready to design the next gen CPU for Intel. They work their way up after years of effort. (2) We want them cyber ready but their 4 year degree is worthless if they don't have A+, SEC+, and/or CISSP.

Others presented new angles to the discussion. Commenter Kathleen Smith, for example, wrote: "What we don't understand is that those launching cyber attacks have a different moral compass than we do. We do not train our folks to go no-holds-barred when researching, developing an offense or going on the defense as our assailants."

Amber Corrin responds: It’s true that there are cultural factors at play here. In China, enormous pressure is put on young computer science students to be able to crack codes, hack into iron-clad network and to do it all faster than anyone else. In Russia, involvement in cyber crime, especially if it’s being provided as a service to the government, is often a matter of pride. In both places, these types of activities are heavily ingrained in the culture – and not coincidentally, both countries are frequently attributed as being responsible for cyber attacks on the U.S.

SANS Institute founder Alan Paller, quoted in the original story, suggested it is a cultural issue in the U.S., too – one that is holding us back. Recruiting, rather than training, is a key problem, one both rooted in and magnified by the lack of attention paid to the types of young minds that the U.S. needs in the cyber domain.

"We’re not celebrating that kind of brain that likes to break stuff apart and figure it out," Paller said.

Finally, @PrometricCyber tweeted FCW: Would you say the lack of well-trained cyber security professionals makes the industry a lucrative job market?

Amber Corrin responds: The answer to that is two-fold. There’s no shortage of cybersecurity jobs – the market is stronger than essentially any other, according to the numerous reports released over the last six months. By most standards, it is also quite lucrative: According to an InformationWeek survey from earlier this year, IT security staff enjoy a median yearly salary of $95,000, with management at $120,000.

And Paller said that those on the policy and decision-making side still tend to earn more than those in the trenches. As he put it, that’s because the policy-makers are the ones determining salaries.

"The people who don’t know what they’re doing are getting paid more than the people who do because they make the rules about who gets paid what," Paller said.

Posted by Amber Corrin on Jul 02, 2013 at 2:30 PM2 comments


Feds and the Fifth Amendment

Mo Brooks

Rep. Mo Brooks (R-Ala.) introduced a bill to make it a firing offense for federal employees to refuse to testify.

News that Rep. Mo Brooks (R-Ala.) introduced a bill that would mandate the firing of federal workers who invoked their Fifth Amendment rights in Congressional hearings sparked a lot of spirited discussion. A few commentators suggested that the bill might do some good. One wrote, "If you are not willing to disclose information about your conduct in your official capacity you should be fired." Another wrote, "The Fifth Amendment--which protects against self-incrimination -- applies to all Americans. That includes federal employees."

Adam Mazmanian responds: The bill was proposed amid anger on the Republican side in the House Oversight and Government Reform committee against Lois Lerner, the Internal Revenue Service's director of tax-exempt organizations. She's a key figure in the ongoing scandal about the alleged targeting of Tea Party groups seeking tax-exempt status for special scrutiny.

Brooks's bill was nicknamed the "Lerner rule" when it was first floated. Since then Republicans on the committee passed a resolution determining that Lerner did not waive her Fifth Amendment rights, due to the content of a statement she made before refusing to answer questions. Since then, another IRS official took the Fifth in a separate hearing of the same committee looking into potential conflict of interest in the award of several IT contracts.

Despite the growing anger of Republicans on the committee, it's unlikely that Brooks' bill will become law, even if it advances through the House. First of all, there would be limited Democratic support for such a measure. For example, the ranking member on the committee, Rep. Elijah Cummings (D-Md.) expressed disappointment that the witness in the IT case was refusing to testify, but offered his strong support for the right to avoid self-incrimination. But even absent that, there would be serious constitutional questions raised by a measure that explicitly impinged on a guaranteed right.

Posted by Adam Mazmanian on Jul 01, 2013 at 1:29 PM3 comments


Can agencies reward workers without money?

stylized professionals

A recent FCW article detailing the findings and recommendations of a report on performance-based advancement in the federal government struck a nerve among several commenters. One wrote that, The suggestions regarding upper management pats on the back are laughable. Another asked, As my generation retires, how are we going to recruit good people to do the public's work when the pay is lacking and the working conditions poor?

Adam Mazmanian responds: The intent of the report from the Partnership for Public Service was to make suggestions for managers that are possible under current budgetary constraints."There are lots of things that can be done that do not require money," Max Stier, CEO of the Partnership, told me in an interview. While "pats on the back" may seem facile, as the commenter suggests, there is some logic to asking managers to get to know their employees better, and tailoring non-monetary awards and career path advice to fit the needs and expectations of individual employees.

Stier is clearly sympathetic to workers who, in addition to furloughs and pay freezes, are pessimistic that their work will be recognized with promotion and rewards. He said he was "horrified" by the low levels of morale indicated by his report, and he blasted the Obama administration for their decision not to pay out bonuses under the Presidential Rank Awards, which go to members of the Senior Executive Service. "It was a massive mistake,"Stier said, and one driven by "political optics." More generally, Stier advocates bringing federal pay in line with private sector pay as part of a larger revamp of the civil service compensation system.

Posted by Adam Mazmanian on Jun 28, 2013 at 2:54 PM5 comments


Can big data really save billions?

bar chart made of $100 

In a recent FCW article highlighting a survey claiming big data could save the federal government up to $500 billion, a reader wrote:

Let us not forget history. Usually, when the government declares that they have a way to save lots of money, implemented costs usually go up not down. Obamacare is the most recent example. When there is savings from some program, it is almost always much smaller than projected. So, at best, all should be very skeptical about any claims of cost savings from Big Data.

Frank Konkel responds:

I want to be clear that the government is not claiming $500 billion in savings from big data as a technology. That number was extrapolated based on what 150 federal IT executives said their respective agencies could save through leveraging big data – a new technology that allows agencies to use the large amounts of data they produce for beneficial purposes. Those executives were surveyed by a company named Meritalk.

I agree with you that savings can be overstated in initiatives, especially those that come to fruition inside the politically-charged Beltway. In our reporting at FCW, we strive to remain objective regardless of the subject matter. If the government claims savings, we’ll ask questions to figure out how they got their numbers.

Big data remains a mystifying technology to some and a buzzword to others, but some agencies – as reported in this story – are diving into big data in a big way. In the past, we have examined the question of whether the government has the policies to truly implement big data initiatives, but we’ve also highlighted early and interesting big data efforts that are producing results – either in cost savings or producing a better product for taxpayers.

We’ve also reported on several aspects of what is probably the most advanced big data effort on the planet – the National Security Agency’s data collection efforts – highlighting its results while digging into its expected costs.

Big data may not be the savior it is touted to be by some – at least not yet – but there is clear evidence that it is being used by the government in efficient ways already. Rest assured we’ll keep asking questions as it continues to develop.

Posted by Frank Konkel on Jun 20, 2013 at 10:50 AM0 comments


Where did the VA comments go?

wounded veteran

A few readers recently noticed that some of the comments posted to our story about VA's IT troubles had disappeared, giving rise to some suspicions. "Why are all of late May's and all of June's comments missing or were they removed because of the pressure the VA gave them?" asked one. "Oooops, did FCW go all VA and lose some data? Where did the most recent comments disappear to? Heat rising in the kitchen guys?" asked another.

Online Managing Editor Michael Hardy responds: The truth is much less interesting than the theories. 1105 Media's development team upgraded our content management system over the weekend, and in the process there were a number of hiccups that we've been unraveling. For one thing, many comments vanished – not just on this story. Blogger/columnist Steve Kelman emailed me to inquire why comments on his recent blog posts had disappeared, and we saw the same thing happen on other stories.

This is a normal part of any major system upgrade, and as it has progressed, the comments appear to have been restored. To address a larger issue, though: FCW does not bow to pressure from the agencies and individuals we cover. While we will always correct factual errors, we don't remove stories, comments or anything else just because someone is unhappy with an accurate portrayal.

Posted by Michael Hardy on Jun 18, 2013 at 10:32 AM2 comments


Who needs an Internet-connected fridge?

cars

As more and more cars become network-connected, they will also become vulnerable to hackers who could take enough control to do everything but steer. (Stock image)

To an FCW article outlining future cyber risks in household appliances and vehicles, a reader responded:

The potential for harm in the "internet of things" is real. However, it is a choice. Unlike the rules and laws of physics which govern air, land, sea and space, the cyber arena is defined by rules we CHOOSE to implement. So we are hung by our own petard if we complain that the gains from interconnecting things are balanced by the vulnerability we introduce to our systems. There are real and tangible effects that can be perpetrated through cyber means far beyond the investment needed to make them. So what are we choosing to connect and why? The headlong rush to connect everything seems devoid of the questioning and deliberateness of the most important word...WHY?

Frank Konkel responds: I don’t need a refrigerator to send a text to my mobile device alerting me that I’m out of milk or that I’m not maximizing my available shelf space. “Hey Frank, pick up some eggs and orange juice,” is just not something I think I need to be told by anything that isn’t, you know, alive.

But in our increasingly connected society, it appears many people – perhaps unaware of the threats such connectedness entails – clamor for such things. Major companies would not mass-produce Internet-connected ovens, microwaves or vehicles if they didn’t know that people want them. They don’t waste their time and money making things nobody buys. What concerns cybersecurity experts the most about the boom of Internet-connected devices isn’t just their lack of security, it’s that many of these devices will be connected to the Internet for their lifecycles without security updates.

One cyber-security expert told me that companies aren’t likely to address security updates on devices that don’t have graphical user interfaces. Modern cars will get updates, but how many of your coffee makers and ovens will?

If they don't, then to update your device’s security settings, you’re going to have to dedicate the time to find out how to do it on your own, and there may not be a simple walkthrough. With your own computer, it’s worth it to spend time updating your software because you really need your computer and it’s not hard to do it, but it’s easy to see most people not spending the time to update their microwaves or coffee makers. Even if they are vulnerable to attack, they’ll keep on working, right?

It seems like a recipe for disaster for me, and personally, I’ll be making sure to avoid Internet-connected everything in my apartment or home. Like you, I don’t need it, and I don’t think the juice is worth the cyber-squeeze, either.

Posted by Frank Konkel on Jun 17, 2013 at 3:41 PM0 comments


Did the GSA IG put communications at risk?

government industry dialog

A reader of our story on the GSA IG's report criticizing managers for intervening in contract negotiations said the IG was right, writing: The GSA IG has properly addressed a serious problem, which has nothing to do with OFPP’s excellent work in clarifying permissible communications in the presolicitation phase [in it's Myth-Busting program]. Interference in the course of negotiations by program or acquisition management not only undermines the warranted Contracting Officer responsible for the award, but will leave the offerors on the other side of the table in doubt regarding the Government’s real intentions.

Mark Rockwell responds: I found several people in the procurement community who said they slapped their foreheads in amazement at the level of detail and overall tone of the memo. Most said the IG acted rightly, but kind of harshly. It was the tone, including sharp exchanges between federal contract managers and staff, that took some by surprise. Seeing those kinds of exchanges in print, they said, tends to make everyone take a step back. In a procurement environment where the government is trying to encourage pre-solicitation interaction between private contractors and contracting personnel, it could be counterproductive.

Posted by Mark Rockwell on Jun 12, 2013 at 12:10 PM0 comments


GSA conference probe: No big deal?

money drain

In response to our story about some General Services Administration employees being put on leave over conference spending, a reader dubbed "I am GSA" wrote: Come on. Really? How about that dead horse, isn't there anything better to write about? Some people did bad things, and we are paying the price for their actions. I need three levels of approval for travel, not to a conference, not to training, but to do my job. We in the field are way past frustration. And if this is the best that FCW can do, I'm out, you have now become a fish wrapper.

Mark Rockwell responds: Acting GSA Administrator Dan Tangherlini said in a June 4 speech at the Professional Services Council that the people most angry about the GSA conference scandal are GSA employees. That's not surprising. The actions of a few tarnished the reputations of thousands of honest, sensible and hard-working GSA employees. Tangherlini has made it a point to address the scandal head-on and to show the agency has moved past that history and is busy reinventing itself as the go-to place for federal government needs. The new revelations concerning over-the-top conference spending -- or at least the perception of lavish expenditures -- at the Internal Revenue Service have provided more perspective for GSA's past difficulties.

The reports coming out of the IRS show that such behavior isn't limited to GSA, but could be a wider issue. This story reports a milestone in the final leg of GSA's handling of a similar problem, where IRS's may be just beginning. It's an important story because it shows that GSA is continuing to make sure such behavior is punished and prevented, even as its scandal fades into memory.

Posted by Mark Rockwell on Jun 06, 2013 at 12:10 PM3 comments


Did Amazon short-cut FedRAMP?

Teresa Carlson

The government is still trying to figure out the best ways to use cloud computing, says Teresa Carlson, vice president of worldwide public sector at Amazon Web Services. (FCW photo)

An FCW reader objected to our story on Amazon Web Services' gaining FedRAMP certification, writing: Amazon did not go through the ACTUAL FedRAMP certification process. They went through an Agency ATO (Authority to Operate) process using the FedRAMP controls as a guideline. And it speaks volumes of both the tech press and federal leadership's preference for firms perceived as new-age/glamorous that neither you nor them has taken the time to correct this misconception. (Rather than shamelessly spread it.)

Executive Editor Troy K. Schneider responds: The second sentence of our story states that the authorization came via the Department of Health and Human Services, rather than the FedRAMP Joint Authorization Board. The General Services Administration's FedRAMP team has been similarly clear about the path to approval, as was Amazon itself.

But an agency-provided authority to operate is no less "real" than a JAB-certified ATO. Scott Renda, the Office of Management and Budget's cloud computing and Federal Data Center Consolidation Initiative portfolio manager, spoke to this at the FOSE conference a week before Amazon's announcement.

"We never intended the JAB to authorize every system in government," Renda said. "That's a myth. And it would slow things down." What the FedRAMP team wants, he stressed, "is to implement a government-wide standard."

Posted by Troy K. Schneider on May 29, 2013 at 12:10 PM8 comments


The dangers of checklists

workers

Improving the acquisition workforce is a key component of Better Buying Power 2.0, but a reader cautions against a compiance-based approach. (Stock image)

To our story on DOD's Better Buying initiative, a reader wrote: I think the government bureaucracy has lost the forest while looking at the trees. Contracts that used to recognize a rough order of magnitude for minutiae now require burdensome justification. (Requiring an itemized list of screws needed in a research assembly… absolutely absurd!) The contracting agent is now happy that his little checklist has all the necessary checks… while the cost of bidding is going up exponentially driven by the inflation of the paperwork!

We need government people who can think, not bean counters looking at an acquisition check-off list.

Amber Corrin responds: Great points – and complaints I hear about frequently from government contractors. I think this ties in with a culture of oversight that focuses on check-the-box approaches to a number of government activities, including acquisition and cybersecurity.

Ashton Carter, deputy defense secretary, and Frank Kendall, under secretary of defense for acquisition, technology and logistics, both addressed this idea at the Center for Strategic and International Studies last week, in the event that occasioned our earlier story. They noted that tackling the oversight-heavy approach to acquisition is a top priority in the Better Buying Power reform efforts.

Kendall said he's "waging a continuing war against non-value added activities" – sounds like excessive checklists might be among those – and that officials want to take that burden off managers and return them to what they should be doing.

"I share industry's concern about an excessive oversight culture. I've long been concerned that the number of watchers was approaching the number of doers in the department," Carter said. "We may in fact be reaching that threshold, especially with respect to things like audits. And we're trying to work internally and work with industry to address these issues."

Posted by Amber Corrin on May 28, 2013 at 12:10 PM0 comments


Why do officials really conduct business on personal e-mail?

E-mail circling the globe

Do officials use personal e-mail to hide unethical behavior? One reader thinks they might. (Stock image)

To our article on the use of personal e-mail accounts, a reader wrote: The big problem for some with using personal accounts is that it is much easier to hide unethical behavior by some of these high level officials. I doubt that the problem with e-mail is that it really "just sucks up time" but actually pins down exact discussions of issues that could be used against those who want to keep things vague and touchy-feely so they can spin things in whatever fashion for political purposes. Just look at most of the people involved in avoiding official e-mail and you can probably figure out why they do not like it.

Adam Mazmanian responds: It's probably difficult to imagine, especially for digital natives, but for a lot of executives in and out of government e-mail might just be a time suck. For a senior executive like Department of Homeland Security chief Janet Napolitano, who is on the record as a non-user of e-mail, it might just be easier to get information in staff briefings and dictate notes on official memos and documents, rather than try to stay ahead of a busy, ever-changing e-mail in-box.

Lisa Jackson, former administrator of the Environmental Protection Agency, said that she created an alias account under the name Richard Windsor as a workaround to the flood of messages she received at her official, published e-mail address. While her motives were a matter of dispute, Jackson said that the Richard Windsor e-mails were archived according to federal rules.

Government records experts I consulted for the original article said that important notes on document drafts and minutes of meetings by agency heads are considered government records, and are supposed to be archived along with visitor logs, phone logs, and other material that gives an accounting of the movements, contacts and activities of high ranking officials. Of course, this process is subject to human error and deliberate omission. An automatically archived e-mail system of the type provided for in the November 2011 presidential memorandum on records management would provide a more complete record, and presumably wouldn't accommodate any less-than-assiduous records management on the part of senior officials.

Posted by Adam Mazmanian on May 14, 2013 at 12:10 PM2 comments


Parsing the VA debate

wounded veteran

More than 150 people, so far, have commented on our article about IT problems and leadership changes at VA. (Stock image)

FCW's story on IT troubles at the Department of Veterans Affairs has sparked a passionate reader discussion to rival the article itself. More than 150 individuals, including former CIO Roger Baker, have weighed in with everything from -- and I'm paraphrasing here -- "Amen!" to "You couldn't possibly be more wrong."

We have deliberately not pulled any of the comments for response in the Conversation Blog -- it would be impossible to pick in an even-handed way, and readers conducting quite a discussion on their own. But there are a few broader points worth making.

1. FCW moderates comments before publication, and will not post those that are abusive or off-topic.

By and large, FCW commenters are a thoughtful and respectful bunch -- a nice change from the "trolls" that dominate many comment threads across the web. But when a story touches a nerve in the way this article has, sometimes the strong opinions get worded... strongly.

We have taken a hand-off approach as much as possible, but a few comments have been rejected and deleted. Criticizing one party or another for their actions or attitudes is fair game, particularly when one has a suggestion for what should be done differently. Simply labeling someone a "weirdo," on the other hand, adds nothing to the discussion.

So please, critique constructively. And remember that, however much you may disagree with the other side, it's unlikely that anyone has chosen public service for the express purpose of making things worse.

2. Be careful when naming names.

That's not a call for anonymity -- despite what some commenters have suggested, we very much prefer to have sources identified and on the record whenever possible. But when bringing new names into the conversation, as several readers have done, it's very important not to misconstrue or misstate.

In one comment, for example, a Senior Executive Service official is paired with Stephen Warren and criticized for poor leadership. In another, that same invidual is labeled as Baker's "personal secretary."

That SES official's title is executive director for quality performance and oversight. Reasonable people may disagree on her management skills -- I have not met her, and she was not a subject of this story -- but it's unlikely that she is both an abusive overlord and a personal assistant.

3. Comments can be on the record too.

Baker, to his credit, added a clearly identified comment almost immediately after the story was published. There are good reasons, of course, why others might hesitate to publish their full names -- but comments that give at least some sense of the author's role and perspective add valuable context to the points being made.

Also, commenters should be aware that the optional email address field is NEVER published. But if you are raising an issue that you'd like FCW to explore in more detail, including an email allows us to follow up directly.

 

Finally, there was one comment that does warrant a reply. On May 5, an anonymous reader wrote:

I find it funny that FCW spent most of the last four years singing the praises of Roger Baker and Steph Warren (even awarding one Fed 100 Award [to] each). Then once Baker exits stage right and FCW no longer has much of a need for him -- his tenure as VA CIO is an utter failure. Interesting

It is a legitimate question as to whether our Fed 100 judges took an overly top-down perspective in honoring Baker and Warren for their work at VA, or whether our article discounted change management efforts that deserve more credit. I don't think we described Baker's tenure as an utter failure, however, and I'm certain that FCW's "need" for either Baker or Warren did not factor into our reporting. (By that logic, we would have conspired to blame Baker and "protect" Warren.)

In fact, I would frame it very differently. Baker has long been an important and well-respected member of the federal IT community -- FCW has covered him frequently and relied on him as a source, and will need to do so again in the future. But when our reporting pointed to problems at VA that needed public attention, we pursued the story wherever it took us -- including to individuals we have long presented (and seen) as among the "good guys."

And for the record: I still see Baker as one of the good guys. But even the good guys can fail to solve longstanding problems -- or allow new ones to develop.

Posted by Troy K. Schneider on May 10, 2013 at 12:10 PM6 comments


DOD furlough delay prompts anger

Chuck Hagel at budget hearing

Defense Secretary Chuck Hagel is expected to reach a decision soon on the number of furlough days DOD employees will have to take. (File photo)

Our latest report about impending furloughs for Defense Department civilian employees provoked several readers to express frustration.

Wrote one reader: So while the employees of the government get punished for the lack of fiscal responsibility of this government, tell me if Mr. Hagel will himself get a furlough. Bet not!!

Amber Corrin responds: While Hagel might not face an actual work furlough – many would probably object to the Defense Secretary skipping out on his national security duties – a pay cut still is a possibility. In April Hagel publicly said that he would forfeit part of his salary, even though as a presidential appointee he is exempt from furlough.

Another reader wrote: I question the legality of forcing the services that have the money to meet payroll to furlough their civilians instead, just to show consistency and fairness with the services whose budgets are running short. Is money typically transferred or shifted between [the Navy, Army and Air Force departments] for other purposes? I also agree with others who have noted that by taking so much time to decide, DOD leadership is forcing employees into a 2-day furlough per pay period situation. An earlier decision and earlier execution of the furloughs could have reduced the pain by limiting furloughs to 1-day per pay period. By trying to find the money (from where?) to continue reducing furlough days, it is my household budget they are gambling with!

Amber Corrin responds: It is not clear if the services would be forced to furlough civilian employees if they do not need to do so to meet sequestration budget cut requirements. DOD Comptroller Robert Hale in a press conference did say that the preference would be for decisions to be uniform across the services, but stopped short of any specific requirements for furlough regardless of financial arrangements.

"We would like to see consistency and fairness, because if we're going to have to jump into this pool, we'd like to jump together," Hale said in an April 11 congressional hearing.

In general, money typically is not transferred between departments. At DOD they like to refer to buckets of funding as "colors of money" and historically speaking, rarely do these colors cross each other. If there is leftover money of one color left in a "pot" – which Pentagon officials and program managers try very hard to avoid – it gets returned to the Treasury Department. Like a lot of decision-making today, there remains a lot of uncertainty, and increasingly leaders are allowing for more wiggle room in priorities. So it is always possible that this could change.

As for the number of furlough days per pay period, the original plan, when the number of furlough days was pegged at 22, was to furlough DOD civilians two days per pay period. Although the number of furlough days has been reduced to 14 – and could still be further reduced – it was, from the beginning, planned that employees would be forced to take one unpaid day of leave per week for the last 22 weeks of the fiscal year. DOD officials so far have declined FCW requests for comment on how this may change with fewer furlough days.

Posted by Amber Corrin on May 09, 2013 at 12:10 PM17 comments


Enhancing social-media security

computer and network

To our recent article on the government's response to social media security, a reader wrote: Agencies should use social media platforms that have proven security. For instance, at a bare minimum, use two-step verification beyond username and password to better protect account access.

Frank Konkel responds: Federal agencies currently use more than 60 different social media platforms in their dialog with the public, and usually those platforms are used following "fed-friendly" terms of service agreements in place. The General Services Administration usually facilitates those agreements, and while they are beneficial in reducing duplication and the time agencies would otherwise spend negotiating these deals, social media security isn't something that can be negotiated in them.

This is why GSA's recent guidelines telling agencies to shore up their social media accounts were important. Twitter, for instance, is internally exploring two-step verification (also called multifactor or two-factor authentication) beyond a user name and password. Various reports suggest Twitter's multifactor verification would require a user to use a password, plus have access to a device – likely a smart phone – through which a randomly generated code is sent that must also be keyed in.

It sounds promising, but Twitter has not rolled out anything publicly yet. That means for the time being, some of the government's largest social media accounts – many have millions of followers or "likes" on Facebook – are secured by the same methodology as the teen down the street.

Because of the high-profile social media hacks over the past few months, including the hack of Associated Press' Twitter account that briefly caused the Dow to dip, it is likely that federal agencies will be among the first customers to climb aboard the multifactor authentication train. Until then, though, common sense guidelines are agency's best bets at making sure someone doesn't take control of their social media accounts.

Posted on May 07, 2013 at 12:10 PM0 comments


Who makes how much at DOD?

Furloughs

Several readers had thoughts on our story, "Uncertainty persists with DOD furloughs."
 
I would agree reducing salaries of people making below $35,000 a year would be unfair and counterproductive, wrote one. Does anyone have a quantitative distribution chart or table on what DOD employees make? My suspicion is that many make more than $100,000.

Another reader said: DOD employees do not make close to $100,000. It all depends on the pay system the employee is in, but in the D.C. area, the six-figure salary is reserved for senior leadership in most cases, or those with advanced master's or doctoral degrees. Many staff make as low as $33K/year. I do not believe this is dissimilar to the civilian sector. Also, I believe there can be a sequestration without a furlough. Spending cuts, yes... but at the expense of your loyal employees?

Amber Corrin's response: Like more than 70 percent of the federal government, Defense Department salaries are mostly based on the General Schedule pay scale. The majority of government employees fall between GS levels 11 and 14. That means that a majority, or 36 percent, make between roughly $50,000 at the low end and $107,000 at the high end. Within that band, about 5 percent are at the GS-14 level, which has a range of $85,000 to $107,000. The GS schedule goes up to level 15, a category in which about 3 percent fell in 2008, according to Monster.com figures that break down the data.

On the flip side, GS levels 1 through 5 all top out under or around $35,000 a year. Together the sum of government employees on GS schedules 5 or below, as of 2008, was just over 10 percent.

As for whether DOD can implement sequestration without furloughs, that is a question Defense Secretary Chuck Hagel has convened a review to answer. So far Hagel has cut the number of proposed furlough days to 14, down from 22. He has publicly expressed reservations about furloughing employees, so it is possible a way could still be found to avoid furloughs altogether once a comprehensive review due at the end of May is completed.

Posted by Amber Corrin on Apr 25, 2013 at 12:10 PM6 comments


... but there IS an 'i' in 'data scientist'

gears on diagram

In a recent FCW article on growing demand for data scientists a reader wrote:

This goes in the 'duh' column. It was a team of talented (some greatly so, some not so great because we are all humans) that got us to the moon and all returned safely. The problem always has been those at the top trying to make a name for themselves don't understand the concept of a team effort. Too much TV where one guy (The Mentalist) solves the problem and all around him are his minions. No understanding of team at all.

Frank Konkel responds:  As a profession, data scientists are relatively new in the IT world. As the profession develops, it’s likely we’ll see more talented, curious individuals coming up with insightful ways to approach the massive stacks of data already piling up in government and private sector, and it is highly likely they’ll be integral members of teams. We’ve already seen successes from these teams – the Central Intelligence Agency, for example – yet don’t doubt the importance of sometimes singularly insightful individuals.

I’m not saying some Albert Einstein-like data ninja who eats stovepipes of data for breakfast and spits out revolutionary tidbits that save mankind is going to come along, but given the relative newness of this field, isn’t it possible that a few unique individuals might make major impacts in either results or policy-driven initiatives? Kirit Amin, deputy chief information officer and chief technology officer of the U.S. Department of Commerce, said as much recently, suggesting a few “big data Yodas” in government might blaze a big data path for the rest of the sector to follow

Teams are great, but don’t forget, individuals can be too.

Posted by Frank Konkel on Apr 24, 2013 at 12:10 PM0 comments


Defining big data

Big Data

In a comment on FCW's April 15 article, "Sketching the big picture on big data,"  a reader offered a definition of the term: An easily scalable system of unstructured data with accompanying tools that can efficiently pull structured datasets.

Frank Konkel responds: While I do not disagree with your definition, I believe some people might add or subtract bits to it. Your definition wisely includes "easily scalable," which actually answers one question that some big data definitions seem to (conveniently?) leave out: How big the big data actually is. The phrase "easily scalable" tells the user that there really isn't a limit on size here – if it is scalable, we'll get there.

However, I'm not sure I agree that big data has to be unstructured. For example, the National Oceanic and Atmospheric Administration, an agency within the U.S. Department of Commerce, uses pools of structured data from different sources (including satellites and ground-based observatories) in its climate modeling and weather forecasting. These data troves are large – terabytes and bigger – and in some cases, like weather prediction, high-end computers spit out storm models in real-time on the order of several times per day. Is that big data? Depending on who you ask, it might be.

What about at the United States Postal Service? USPS' supercomputing facilities in Minnesota process and detect fraud on 6,100 mail pieces per second, or about 528 million each day. The time it takes to scan one piece at a post office and compare the data against a database of 400 billion objects? Less than 100 milliseconds. Is that big data? Again, it might depend on who you ask.

In addition, while I agree it's nice to pull structured datasets from unstructured data, I feel like one thing missing from most big data definitions is the "why" factor. You're structuring this data – hopefully – for a purpose: to develop actionable insights. Why else would be doing big data, right? Yet only some definitions seem to include the "value" aspect, one of the "v" words that also include volume, veracity, variety and velocity.

Teradata's Bill Franks, who recently authored a book on big data, argues that value is the single most important factor in all of big data. Is it not reasonable to think that aspect might be outlined in any big data definition?

Because big data is relatively new on the IT scene, I suspect ambiguity regarding its definition and uses for a while. But just like cloud computing, its definition, along with its practical uses, will be cemented in the years to come.

Posted by Frank Konkel on Apr 22, 2013 at 12:10 PM1 comments


What it takes to make the Fed 100

Fed 100 Logo

In the weeks since the gala to honor the 2012 Federal 100 winners, the same four questions keep popping up in emails, voice-mail messages and face-to-face conversations:

"How are the winners decided?"

"Who is eligible?"

"What's required in a nomination?"

"When can I nominate someone for next year?"

Nominations for the 2013 Federal 100 won't be accepted until the fall -- the award is for accomplishments in this calendar year, after all -- but here's how it works and what can be done to make the strongest possible case when the time comes.

The ground rules

First of all, anyone who is part of the federal IT community is eligible for a Federal 100 award. Generally, that means agency employees and select members of the federal contracting sector, but past winners have included members of Congress, academics, independent watchdogs and even a journalist or two.

More on Fed 100 nominations

Bob Woods: Who cares about awards anyway?

Second, anyone can submit a nomination. Floating oneself is a bad idea, and nominations that are clearly driven by commercial interests are rarely effective, but a broad pool allows the judges to make better picks.

Third, an individual can win multiple Federal 100 awards over the years, so long as he or she has a new accomplishment that merits the recognition. Eagle award winners, however -- the one government and one private-sector winner selected from each year's Federal 100 as the best of the best -- have their number retired and are not eligible for future Federal 100s.

Nominations must be submitted via an online form on FCW.com. There is no "save this for later" option, so be sure to have the nomination drafted and ready before starting to submit.

Basic contact information for both the nominee and nominators is required, but five short "essay questions" form the heart of the nomination. Winning nominations tell a compelling story about:

  • The nominee's job. What he or she is tasked with doing in the federal IT space.
  • The nominated work. What was accomplished this year that is noteworthy.
  • The nominee's impact. Hard work without results might be noble, but it is not award-worthy. What did this person get done? .
  • The nominee's effort. Federal 100 awards are not given for just doing one's job, however important it might be. What did he or she do that went above and beyond? .
  • The nominee's background. What enabled the nominee to step up and make a difference? Federal 100 awards are given for specific accomplishments, not lifetime achievement, but the work of 2013 can be put into a larger context.

Note that these are not long essay questions -- character-count limits allow roughly 200 words for each.

The process

In short, the community nominates, FCW picks the judges, and the judges decide. The timeline, give or take a few days, looks like this:

  • Oct. 1 - The nomination form is published, and 2013 nominations are accepted.
  • Dec. 23 - Final deadline for nominations; the form is taken off-line.Jan. 3 - All nominations are compiled into print binders and electronic dossiers and delivered to the judges for review.
  • Mid-January - Judges gather for a daylong selection meeting; 100 winners and a handful of alternates are chosen.
  • Late January - Winners are verified, and any questions raised during judging are addressed.
  • Jan. 31 - Federal 100 winners are announced.
  • February/March - Profiles of Federal 100 winners are written; Eagle award judges vote on industry and government winners.
  • Mid-March - Federal 100 awards gala.

The intangibles

The Federal 100 judging is a subjective process, one that draws heavily on the expertise of the IT leaders who volunteer their time to read and assess the hundreds of nominations. There are, however, some basic do’s and don'ts, which FCW Editor-in-Chief Anne Armstrong outlined in last year's call for nominations:

  • Focus on an individual’s accomplishment. This is an All-Star Team, not the Hall of Fame award, so don’t dwell on long and faithful service. Be specific about what the project encompassed and what the person did that was extraordinary.

  • It is the accomplishment and not the job title that counts, so describe the person’s contribution and show why the project is important to the community at large.

  • We know teams are important, but this is an individual award. Save your team nominations for the GCN Awards.

  • The Federal 100 award is for work done this year. If the nominee is a previous Federal 100 winner, the accomplishment behind this nomination should be substantially different from the work that was recognized in an earlier year.

  • This is not a popularity contest. Nominate people who have had a significant impact, even if they are not universally liked.

  • Ask before you add someone’s name as a supporting nominator. Every year we have at least one judge who is stunned to find his or her name on a nomination he or she knew nothing about. It almost never has a positive effect on the discussion.

  • If you are nominating an industry person for work done at a government agency, it helps to have government corroboration. If ethical considerations make it difficult to enlist an agency employee as a supporting nominator, try to get third-party substantiation.

Many have asked if FCW could share a "good nomination." Unfortunately for those seeking a case study or recipe, the submitted nominations -- like the judging discussions and even the identities of the nominators -- are treated as confidential.

That does not, however, prevent nominators from sharing their own submissions. And Christopher Dorobek -- former FCW editor-in-chief and a Federal 100 winner himself -- did just that a few years ago. As someone who has covered the community closely and been in the room for multiple Federal 100 judging sessions, Dorobek knows that it takes, so the 2008 nominations he shared (see here, here and here) and his general advice on the Federal 100 are all worth reading.

Other Federal 100 veterans are often willing to share their insights as well. Look at last year's list, and ask around.

Between now and October

Details matter, so start taking notes now. Identify colleagues who deserve the recognition, round up others who will sign on as supporting nominators (a single nomination can have up to five nominators), and gather stats and anecdotes to show what makes this person great.

In the judging process, nominations that come in on "opening day" are not given any advantage over those that are submitted in the final hours of Dec. 23. But those that are written and polished in advance almost always do better than those that were slapped together to beat the deadline -- and would-be nominators who come asking about a late submission in January or February (!) are out of luck till next year. So start early, and spare everyone the holiday stress.

And finally, don't wait until October to let FCW know about good people doing great work. We're always on the lookout for good stories -- and if FCW does choose to cover a successful project or individual, that visibility can only help when the judges are reviewing nominations next January.

Posted by Troy K. Schneider on Apr 19, 2013 at 12:10 PM0 comments


Why NOAA-17 was put to sleep

polar orbit diagram

If NOAA-17 will remain in orbit for centuries to come, why pull the plug now? NASA brochure.)

A reader questioned what led to the retirement of one of the National Oceanic and Atmospheric Administration’s longest-serving satellites that FCW covered on April 12. The reader wrote: "There was nothing in the article as to why NOAA-17 was actually retired. Yes it is old and beyond its life expectancy, but was it still providing reliable and useful data? It appeared that it would stay in its orbit for many more decades, so if it was still operational one has to wonder why they retired it. I would like to see that addressed in the article."

Frank Konkel responds: NOAA-17 operated for far longer than satellites like it are supposed to live, but it was no longer working properly when the agency began to deactivate it on Feb. 18. At the time, its sister polar-orbiting satellites -- NOAA-15, NOAA-16, NOAA-18, NOAA-19 and the newest, Suomi NPP -- were all still collecting and sending vital weather information back to computers on land that help NOAA forecast the weather. NOAA-17 was not, which is why NOAA officials made the decision to “pull the plug.”

Rest assured, though, that NOAA is doing all it can to keep its existing polar-orbiting satellites operating as long as possible, and not only to make the most of past investments. The agency faces a huge risk if other satellites fail before 2017, when the newest of the next-generation polar-orbiting satellites under the Joint Polar Satellite System program is finally launched. Every satellite that dies before the JPSS-1 launch brings the agency charged with forecasting the weather one step closer to a gap in weather data.

Posted by Frank Konkel on Apr 16, 2013 at 12:10 PM0 comments


Well, what ARE the Air Force's cyber weapons?

futuristic cyberwar

An anonymous reader thought we omitted some key information in our story about the Air Force designating cyber weapons. The reader wrote: So what are the six cyber tools that are considered weapons? I can't understand how this article, or others reporting similar information, have failed to provide this important detail.

Amber Corrin responds: We did not name the tools because the Air Force has not revealed what they are -- as our story stated. This is a move that is in keeping with many details of the military's cyber capabilities, particularly on the offensive side of things.

For example, it was recently reported – as it has been for close to a year now – that the Pentagon's rules of engagement for cyber operations are close to completion. But we will not necessarily know when they are done, because they will remain classified. It is possible Defense Department officials may divulge that they are in fact being implemented once they are actually finished, but don't expect much more than that in the way of public announcements.

Still, the military in recent months has been more open about DOD in cyberspace than in the past. For example, Air Force officials have noted their struggles to define operations in the domain, something that was reiterated last week along with the cyber-weapons announcement. Gen. Keith Alexander, commander at U.S. Cyber Command and director of the National Security Agency, also has discussed CyberCom's plans to create 13 offensive operations teams as well as other teams focused on cyber threats.

Posted by Amber Corrin on Apr 12, 2013 at 12:10 PM0 comments


Reader skeptical of Congress's Twitter-friendliness

computer and network

After a reading our article suggesting that some members of Congress could give agencies Twitter tips, an unidentified reader commented:  But agencies don't dare go on Twitter because these same Republican congressmen will ding us for using it, and call up their buddies at FOX and Drudge and Daily Caller or Politico to have them help demagogue their attacks.

Adam Mazmanian responds: Perhaps the opening of my article overstated the case a bit – plenty of federal agencies are using Twitter to communicate their efforts and engage with interested citizens. Back in September, FCW compiled this handy list of the most-followed federal accounts on Twitter. NASA tweets out pictures of planets and news of space probes to an audience of more than 3.8 million followers. He's nowhere near as popular, but FEMA administrator Craig Fugate is a one-stop shop for news about cataclysms of every stripe. USAID coordinator Raj Shah is a prolific Twitter user, sharing news about his travels as head of a foreign assistance and development agency.

So the reader's point is perhaps best taken with a grain of salt. High-profile government officials who are in the partisan crosshairs do make inviting social media targets. Attorney General Eric Holder, for instance, is parodied in several fake Twitter accounts. But personal attacks like these don't typically attract a lot of attention, even if their subjects find them irritating. And they don't appear to have stopped agencies from starting Twitter accounts.

Posted by Adam Mazmanian on Apr 10, 2013 at 12:10 PM0 comments


Data scientists: Top talent for government pay?

gears on diagram

People who can turn big data into useful information are in growing demand in the private sector; is government keeping up with the trend?

After our story on the importance of data scientists, “IT Dude” commented: If the government wants to recruit talented Data Scientists, the government is going to have to make a lot of changes in the way it treats its existing employees. Why would anyone choose to work for an employer that consistently denigrates its workers publicly and pays less than the average market wage?

Frank Konkel responds: In attending many recent forums on big data and the federal IT landscape in general, I can say your comments echo the grumblings I’ve heard from many in this community. Data scientists in the private sector are highly compensated and recognized for their efforts, but I believe that is at least partly because private sector companies, driven by the profit motive, were ahead of the curve in recognizing the importance of data scientists. Private sector companies also like to market themselves and their talent, the government doesn’t do that as much.

As the largest collector of data in the world, the United States government is beginning to recognize that technology is not the alpha and the omega in terms of putting that data to use. Recently, we’ve seen well-known feds like Kirit Amin, deputy CIO and CTO of the U.S. Department of Commerce, call for an increase in these visionary types of data scientists – he called them Yodas after the "Star Wars" character – that might help agencies drag insights from big data. But perhaps more important in the grand scheme of things is how the government crafts policies that govern data, as they will directly determine the importance of the data itself and those who sift through it. The message is clear: it’s not just technology, it’s the people you have running it.

We know these people – whether you call them data scientists or not – are important, but how much they are worth and how much they will be in demand really will depend on what the government determines their value is, and that determination really hasn’t happened yet. But rest assured, this is an issue that only gets bigger ever y day with each new mountain of data that gets created.

Posted by Frank Konkel on Apr 09, 2013 at 12:10 PM0 comments


Defending 'tombstone thinking'

Bob Woods

Bob Woods wrote a recent column for FCW
on the value of leading with an eye toward legacy.

Bob Woods provoked some sharp disagreement with at least one reader with his column, "The value of tombstone thinking," which encourages leaders to think about how a given project or course of action will look as part of their legacy.

A reader identified as Tim wrote: Actually, I will strongly disagree with the sentiment of this article. Tombstone management encourages discontinuity and has a net negative impact on organizational performance. If you are at a level in which you are considering tombstone management then you are at a very senior level of the organization. This means that you had a predecessor and will have a successor. Tombstone management requires you to abandon everything your predecessor did because all of that will be on his or her tombstone, not yours.

It will also require your successor to abandon everything that you are doing because that will be on your tombstone, not his or hers. Thus the net impact is that the staff will have whiplash because every two years when we have some new campaign. A lot of what goes on in federal IT requires a sustained effort. This approach, tombstone management, causes us to abandon horses that are winning the race and causes me to lose confidence in a leader whose ego is more important than good and effective government. I say tombstone management is a good thing if you want everything that you do to be ripped out by your successor. It has no staying power because you can never get sustained leadership.

Bob Woods responds: I am happy to get the feedback and always enjoy a debate. I don’t think I implied that what’s on your tombstone started and stopped on your watch. The point is that you should shoot for achievements that are real, that are understandable and not bureaucratic babble. Nowhere do I say or imply that you rip out what you find and start over. In fact when you come into and organization you will find things worth keeping and things that should be stopped.

It’s important to know the difference. Things worth keeping and new initiatives started will constitute what you and your organization are known for. As for whether leaders are simply making change to fulfill their ego, we have a lot of leaders who hide behind programs and processes and are unwilling to get the job done and be held accountable. If you work in an organization with all winning horses you are rare indeed. That’s not been my experience and leaders who think they have years to sort out the good from the bad and sow the seeds for the next generation should simply research how their predecessors fared.

Posted by Bob Woods on Apr 08, 2013 at 12:10 PM0 comments


Misunderstand Yoda, you should not

Yoda

On Twitter, @rsoper72 (Randy Soper) wrote in response to our article suggesting 'Yodas' for big data: @FcwNow, what a bizarre thing for DCIO (Deputy CIO & CTO) Commerce to suggest. Isn't the idea to use tech to solve the data problem? If it's not there...

Frank Konkel responds: Misinterpreted the DCIO's remarks, you may have.

The overwhelming theme from Carahsoft's Government Big Data Forum and its several panel discussions was that technology is growing faster than our ability to harness, manage and glean insights from the data we're creating. It's also outpaced our ability to put together data-sharing policies that enhance information sharing between agencies that developed in an era where siloed data was the norm. I believe Kirit Amin, the DCIO of the U.S. Department of Commerce, was essentially saying that all the technology in the world doesn't do a bit of good if it isn't managed and operated intelligently.

Regarding big data, think of it this way: If a few visionary data ninjas – or Yodas -- across the public sector could champion big-data initiatives and publicize the benefits of say, combining Treasury department data with Census Bureau records, it might help educate agencies on the potentials out there and it might help drive policy changes, too.

(We recently answered another question from Soper. Read it here.)

A note from Online Managing Editor Michael Hardy: Some readers may be wondering why an article that so prominently referred to a popular pop-culture character didn't include a picture of that character, say, holding a light-saber or levitating Luke Skywalker's sunken X-Wing. The reason is that LucasFilm, now owned by Disney, controls the legal use of images from its films, and while pictures of Yoda are plentiful all over the Internet, we chose not to risk the empire striking back.

Posted by Frank Konkel on Apr 05, 2013 at 12:10 PM1 comments


More questions on global cyber war

world map

A NATO document seeks to establish a global framework for cyberwar. (Stock image)

Regarding our article on the effects of international law on cybersecurity, Randy Soper commented via Twitter: Interesting questions are how "neutrality" will be defined and "civilian"; e.g., is a "zombie" botnet member a legit mil target?

Amber Corrin responds: According to the Tallinn Manual, neutrality – which applies only during international armed conflict, cyber or otherwise – refers to neutral cyber infrastructure, public or private, that is located in neutral territory or owned by a neutral state and is located outside belligerent territory.

"The global distributions of cyber assets and activities, as well as global dependency on cyber infrastructure, means that cyber operations of the parties to a conflict can easily affect private or public neutral cyber infrastructure. Accordingly, neutrality is particularly relevant in modern armed conflict," the manual states.

Logistically, that means something like this: Hackers and other hostile parties frequently route attacks through servers located in various countries throughout the world. Neutrality means that those countries aren't considered combatants if they have nothing to do with the attacks other than their servers being, for all intents and purposes, hijacked to conduct hostile activities.

Speaking of combatants, the manual is clear – as were its backers who spoke at the Atlantic Council event in the original story – on the role of civilians in cyber warfare. There are no laws against civilians taking part in combat, but so long as they do, they do not receive the protections afforded to civilians under international humanitarian laws.

A "zombie" botnet member would, therefore, be a legitimate military target if what they are doing is deemed an act of war (which is also addressed in the manual) – if it is more than disruptive and actually destructive and causes harm or damage to people or cyber assets. In that case, even if the botnet operator is a civilian, they are engaging in cyber warfare activities and thus forfeiting their civilian protections. As things currently stand, the operations of botnets typically are not what would be deemed acts of war; they tend to be more on the disruptive side of the coin – think distributed denial of service attacks and the like.

Posted by Amber Corrin on Apr 04, 2013 at 12:10 PM0 comments


What's the story with Richard Spires?

Richard Spires

Richard Spires, CIO of DHS. (FCW photo)


To our story on Department of Homeland Security CIO Richard Spires taking leave, an anonymous reader asked, When did FCW morph into a gossip column?

Frank Konkel responds: I find the comment ironic, because what we did in that article is the opposite of a gossip column.

The story started when another publication posted a story early on April 1 that Spires was “Put on immediate ‘on leave’ status” by DHS. Quickly, the rumor mill fired up – on Facebook and Twitter, not to mention many reporters’ e-mail inboxes – and the story took on legs of its own.

We set out to determine what was rumor and what was true. We found that while the details of Spires’ leave remain murky – DHS officials cannot comment on personnel matters and Spires hasn’t responded to our attempts to make contact – many possibilities exist.

So we reported what we knew to be true: That Spires was on elected – not forced -- leave, that DHS Deputy CIO Margie Graves was installed as acting CIO and that Spires’ leave had nothing to do with congressional testimony Spires missed in March, as some people had speculated.

Because the rumors were flying, we thought it appropriate to outline potential scenarios where a CIO might take leave that go beyond a simple vacation. We also explained the differences between elected leave and administrative leave, an important distinction that many people seemed to be missing.

That isn’t gossiping. That is clearing up rumors with facts and explaining to a large federal IT community what actually was happening to the best of our ability.

Posted by Frank Konkel on Apr 03, 2013 at 12:10 PM1 comments


Just what is a 'data center,' anyway?

Kirit Amin

Kirit Amin, deputy CIO and chief technology officer at the Commerce Department, says data center consolidation is 'a tall order for us.'

On our story "Challenge and opportunity await in data center consolidation" piece, an anonymous reader commented: There seem to be multiple definitions of what a data center is. If you think really small, then our group had a data center that was a few small servers. For us, consolidation consisted of moving the servers to the main computer room on our campus and having them managed by the IT group. This required a major change in mindset since we had to give up direct control of our equipment, but after much discussion (argument), [we] felt that it would be to our benefit. This has worked out well for us since the IT group does a much better job than we could ever hope to do. So you might say that our small "data center" is closed even though that was not our primary goal, and we accidentally found ourselves ahead of the "closing" curve. I wish good luck and success to all who find themselves it this situation.

Frank Konkel responds: Your comment echoes similar sentiments from many feds at the forefront of data center consolidation. In November, I wrote a piece based on comments made by Mark Forman, formerly of the Office of Manage and Budget, (click here to read our article), who argued that "it is hard to convince agencies that own the systems and applications that performance will not suffer under consolidation."

In your case, it seems your data center equipment was better managed by the agency’s IT staff, despite the aforementioned conflict that occurred prior to its relocation. It can be a tricky situation, and "giving up" control over a server of application or even a virtual environment can be a very difficult thing to do. In addition, I completely agree with you about your statements regarding the definition of data centers.

Even federal agencies have differed in their opinions on what exactly constitutes a data center – some believe any old server laying around represents a data center, others feel proper metrics should define a data center by physical size (IE: 4 feet by 2 feet). More guidance on that subject may come as agencies present initial progress updates on their data center consolidation updates, which will now be unveiled in the next PortfolioStat update, expected soon.

Posted on Apr 01, 2013 at 12:10 PM0 comments


Congressional telework pros and cons

Rep. Steve Pearce

Rep. Steve Pearce would like to see members of Congress working from their home districts more, Washington less.

A commenter who dubbed him- or herself "earth" had some thoughts on the question of whether Congress and congressional staff members could do their jobs from their home districts. Earth wrote: It might get some research and development done on telepresence, but the security involved in ensuring [that] 400+ home offices haven't been taped, lines are secure, etc. seems daunting.

With everyone in the same room, the Chinese have a somewhat more difficult problem and security has a significantly less work. So committees, particularly those related to "national interests", are either less secure or much more costly.

If they map out each and every workflow and work out the full costs involved so an actual cost cost/benefit analysis can be examined, then a reasonable solution could be found. (Including full security controls.) Want to bet that is part of the bill? Want to bet they have even identified every workflow in Congress? I suspect Capitol Hill is a monument to ad hoc processes.

Adam Mazmanian responds: It's not just the elected Members who would be affected -- a virtual Congress would dramatically alter the way the legislative branch functions because of the effect on staffers. To go by the text of his resolution, Rep. Steve Pearce seems to think that staffers don't spend enough time in their home districts.

It's probably safe to say that few staffers would agree. Congress is kept running by legions of largely anonymous, poorly-paid young staffers who are building careers in government and legislative affairs, and may not have much if any attachment to the home districts of the representatives and senators who employ them. These staffers write legislation, interact with officials in the federal bureaucracy, assist key oversight duties, in addition to responding to constituent concerns.

Mapping these functions to district offices would completely change the way business is done on Capitol Hill. It also might make government service a less appealing career option for young people who view Washington, D.C. as the white-hot center of political universe.

Posted by Adam Mazmanian on Mar 29, 2013 at 12:10 PM0 comments


Big data, big deficits at USPS

yellow mailbox

Is the Postal Service's use of big data a praiseworthy innovation, or an expensive indulgence? (Stock image)

Our recent story on the suprising places big data is being used prompted one reader to comment:

"Ummm... I wouldn't hold the USPS up as a paragon of 'success.' However, I think that you might have identified one of the reasons that USPS is failing. Why do they need a network of supercomputers whose capability exceeds that of NOAA's weather forecast centers? Didn't the mail get delivered back when there were no ZIP codes or barcodes? USPS needs to take a step backwards, away from big data and focus on getting 'back to basics.'"

Frank Konkel responds: Admittedly, delivering the mail does not seem as inherently cool as tracking weather events like Hurricane Sandy or using complex, voluminous data sets to make reasonable climate predictions, but as this follow-up story explains USPS is using big data to reduce overall costs and detect fraud. The technology is complex -- the data from each scanned mail piece is compared to a database of about 400 billion records in real-time through an impressive 16-terabyte in-memory computing environment -- but the payoff is huge, and it's an important one because operational expenses incurred by the USPS are not funded through tax dollars. That means lost revenue through fraud might cost billions without this kind of system in place.

In addition, while "snail mail" might seem outdated, USPS sent out 160 billion pieces of mail in 2012, and people are still receiving their packages and mail in a few days despite paying only 46 cents per sent item. Were it not for efficiency increases and improved fraud detection through big data and supercomputing, it's likely USPS wouldn't be able to get mail out as fast as it done, and it is a near certainty that it would cost more to send out each letter or package from grandma.

Posted by Frank Konkel on Mar 27, 2013 at 12:10 PM1 comments


Shining light on the CIA

shadowy cloud

Several readers commented on our story about the CIA contracting with Amazon for cloud services.

Reader James Woods wrote: Why is there even a need for the CIA to study the American public, since America is a free society?

Frank Konkel responds: The CIA’s mission is twofold: It gives accurate and timely intelligence on foreign threats to national security, and it conducts counterintelligence or other special activities relating to foreign intelligence and national security when the president asks it to do so.

While I can’t speak to information the CIA obtains about American citizens, the agency has made an enormous effort to collect mammoth caches of information – data from social media, data from sensors (like what might be produced from drones), and smart machines. Humans, connected to the Internet via cell phones, mobile devices and laptops, are information producers in their own right, and right now, the CIA is getting to the point where it can store this kind of information and compare it to other data sets. Many of those data sets would be unstructured data, but with the advent of big-data technologies and growing computational power, predictive insights are now possible based on a wealth of disparate information.

The CIA would probably not comment on your question, but my guess is if they did, they’d say something like "Look, America is a free society, and if we want it to stay that way, we’re going to have to adapt to evolving technology out there because everybody else will."

ITM noted that the CIA declined to comment because it "does not usually disclose details of our contracts, the identities of our contractors, the contract values, or the scope of work." ITM commented: Q: ...because? A: "Shut up, slave."

Frank Konkel responds: While "no comment" responses are never what a journalist wants to hear, in this case, it is fully expected. The CIA has a duty to protect national security. You don’t go talking about something on the record that, if publicized, could even remotely put a target on your back, so to speak.

An anonymous commenter wrote: And the simple solution, cutting down the number of overlapping intelligence agencies, never occurred to them?

Frank Konkel responds: The members of the intelligence community, a collection of 17 agencies including the CIA, are all charged with unique missions. With regards to evolving information technologies, different agencies lead the way in different facets, as per the Intelligence Community Information Technology Enterprise strategy. For instance, the CIA and NSA are spearheading where the IC goes with cloud computing – other agencies have different specialties, if you will. While agencies can do frequently do work together, each has a very specific mission that many would argue is important to the nation’s well-being.

Posted by Frank Konkel on Mar 26, 2013 at 12:10 PM0 comments


Reporting telework foot-draggers

man working late

Feds who would rather work from home than doze off at their desks after a long day might encounter managers who are still slow to allow the telework option. To whom do you report such situations? (Stock image)

A reader digging deep through FCW's archives found the 2010 article "Telework bill finally on president’s desk," and wrote in an e-mail: My question is: Whom would someone appeal to if their agency refused to allow their employees to telework and are saying they don’t have the technology to allow their employees to telework?

Camille Tuutti responds: I asked Cindy Auten, general manager at Mobile Work Exchange, for some insight into this question. She said the Telework Enhancement Act of 2010 requires agencies to set up official telework programs for eligible employees, basically establishing the groundwork. In terms of providing technology support, the Office of Management and Budget issued a memorandum after the passage of the law that requires CIOs to "develop or update policies on purchasing computing technologies and services to enable and promotes continued adoption of telework." Essentially, agencies are required to focus on buying telework-enabling IT. The Digital Government Strategy released in 2012 also support telework and purchasing needed equipment. However, if employees find their agencies are not in compliance, they can e-mail Mobile Work Exchange -- which is a public-private partnership -- at info@mobileworkexchange.com. "We can escalate the issue to the acting telework managing officer and CIO in the agency, as appropriate," Auten said. "Any issues will be reported anonymously."

Posted by Camille Tuutti on Mar 25, 2013 at 12:10 PM0 comments


Can the government have too much transparency?

Angela Canterbury

Angela Canterbury, director of public policy at the Project On Government Oversight, shown testifying March 13 to the House Committee on Oversight and Government Reform. (Committee photo)

To the story "Legislators claim culture of secrecy threatens open government," reader Walter of Washington D.C. writes: Part of the problem with too much transparency is that anything Congress has access to is on TV five minutes later, and the Internet two minutes after that. Congress is asking for information from the executive branch they won't provide to the public themselves. I want to see my congressman's appointment calendar so I can see whom he spends his time listening to, what lobbyists visit how often and so on. I am not holding my breath waiting for any of this to change that situation.

Camille Tuutti responds: Is there such a thing as "too much transparency," unless we are talking about legitimately classified information? With the proliferation of the Internet and social media, information gets spread at break-neck speeds. A double-edged sword for sure, but I am positive it contributes to more transparency in government. As for your idea on making public the calendars of members of Congress, that is certainly an interesting idea! I have no doubt it would provide interesting insight into the visitors and topics discussed at the Senate and House buildings. But I agree with you: I don'’t see that happening anytime soon.

Posted by Camille Tuutti on Mar 21, 2013 at 12:10 PM0 comments


Fairly reporting the sequester

Eleanor Holmes Norton

Del. Eleanor Holmes Norton (D-D.C.)

To a story reporting on Del. Eleanor Holmes Norton (D-D.C.) blaming conservatives for the sequester in a speech, an anonymous commenter writes: This is one of the most blatantly one-sided political hack articles that I have had the misfortune to read. I understand that Ms. Norton wants to blame her political opposition. But where is the corresponding article laying out the Republican, Tea Party and conservative positions? Why isn't FCW reminding readers that the initial proposal for a sequester came from the Obama White House, not the House or Senate. Where is the outrage over the fact that the Democrat-controlled Senate has failed to address a national budget for over 4 years? These are some of the issues that you should be addressing.

Camille Tuutti responds: As a publication focused on the people, power and policies that influence federal IT, we are not interested in pushing any type of agenda ... other than the federal IT agenda! Jokes aside, this brief article was about an event and focused on her words as a keynote speaker. It was not an attempt to definitively evaluate the reasons that the sequester is happening, or to determine to whom blame should be ascribed.

The speech took place just days after the sequester took effect and reflects her perspective as D.C.'s non-voting congressional delegate, clearly frustrated with the situation. She was speaking to an audience of federal managers and employees at risk of being furloughed, so that surely played into her rhetoric and topic of discussion.

Posted by Camille Tuutti on Mar 15, 2013 at 12:10 PM0 comments


Making websites accessible

Guide dog

After reading the article "Increasing social media accessibility," a reader pointed out a weakness on FCW's comment system, writing: Isn't using an inaccessible CAPTCHA ironic and discriminatory? This site doesn't fall under Section 508 but if you're going to talk about accessibility, your website, including the option to submit comments, should be fully accessible.

Online Managing Editor Michael Hardy responds: You make a good point, and one that we're already aware of. While I can't promise when, we are working on a better solution. We want FCW.com to be as user-friendly as possible and making it as accessible as we can to people with disabilities is certainly part of that.

Posted by Michael Hardy on Mar 12, 2013 at 12:10 PM0 comments


Is Obama sincere about transparency?

image of obama on phone

On a story reporting the Obama administration's mixed record for transparency, an anonymous commenter writes: Lack of progress in government transparency is due to the example set at the very top. Based on the actions done ... it is obvious that the actual call for it from this president was all political for obtaining power and not for any improvement in the government.

Camille Tuutti responds: The Center for Effective Government does point out in its report, and so did Gavin Baker in his interview with me, that Obama has taken several strides to make the government more open -- and it does not appear to be just a power grab. For example, one of the first things he did as president was to create a searchable website of logs of White House visitors. It was the first time ever that type of information was made available. Also, during the first two years of the first term, several senior White House staffers worked on transparency reforms. "To its credit, the administration has taken some steps to ensure its transparency policies are enacted," the report summed up. There is no lack of White House-directed policies concerning openness; it is in implementation that shortcomings show. Clearly, more work remains to be done -- and not just by Obama. The recommendations in this report are directed not just at the president, but also to those at the top of the org chart at agencies, as well as legislators.

Posted by Camille Tuutti on Mar 11, 2013 at 12:10 PM2 comments


Could a furlough cost you your clearance?

man_on_dollar

In response to an article about growing criticism of the then-future sequester, Bob Christian wrote: Since many of us federal workers live from paycheck to paycheck, will it affect our security clearance if we let the bank repossess some of our property, such as vehicles, due to the 20-percent cut in our weekly salary?

Matthew Weigelt responds: Don’t stress yourself about it, Bob, at least that’s what John Palguta, vice president for policy at the Partnership for Public Service, says. Financial difficulty due to furloughs, even if it results in the repossession of a vehicle, is not automatically grounds for loss of a security clearance, he said.

Agencies often do checks every five years. If officials uncover some information about repossession, they would evaluate information and its context of what was happening at the time. They will then determine whether it indicates an employee has a personal problem, such as a gambling compulsion or a drinking problem, for example. Something like that might indeed be grounds for a revocation.

But "if the financial difficulty is due to an unpaid furlough, that could well be a mitigating factor and the security clearance would be retained," Palguta said.

He also suggested warning a higher-up about what is happening so it doesn’t appear that there was something hidden. Being upfront about financial troubles, especially those brought on by circumstances beyond your control, can help protect your security clearance.

Posted by Matthew Weigelt on Mar 05, 2013 at 12:10 PM5 comments


How does sequestration look to you?

capitol dome and bills

We've been reporting on sequestration for some time now, but we're interested to know what you're seeing in your own agencies. Now that the deadline for a deal has passed, have you been given new policies? Any announcements of furloughs or other workforce measures? Are projects being canceled or scaled down?

The information our readers provide may help us cover the unfolding of the sequester more thoroughly, so let us know what's happening. You can tell us in the comments below, or if you'd prefer to be less public, e-mail Executive Editor Troy Schneider at tschneider@fcw.com.

Posted by Michael Hardy on Mar 01, 2013 at 12:10 PM7 comments


Is sequestration just media hype?

worried man finances

After reading about federal employees worried about the threat of sequestration to their personal finances, Reader "Mike" commented: Sequestration... please!! Three cents on the dollar, really? This media hype is all theater. The best thing for government to start doing a good job is the threat of losing their jobs. In fact, I think we should clear out a good chunk of those who forgot what it was like to work for a living. I have worked as a contractor in a few agencies, and I have to say, I’ve never seen so much clock watching.

Camille Tuutti responds: There will always be those who complain about the government not doing its job accordingly or “clock watching” employees (I, myself, wrote about so-called turkey farms where low- and nonperforming feds congregate). However, the sequestration threat is hardly hype or theater, as you suggest. More than a million feds – 800,000 DOD civilians alone -- are facing furloughs, reduced pay and further fiscal uncertainty – this on top of the already-ongoing federal pay freeze. And don’t forget the possibility of a government shutdown after March 27, when the current continuing resolution expires. I don’t think the threat of job loss would serve as the best motivator – quite the opposite. Who can truly focus on doing a good job with all that added stress?

Posted by Camille Tuutti on Feb 28, 2013 at 12:10 PM4 comments


How best to measure social media?

Justin Herman

Justin Herman, new media manager at the GSA's Center for Excellence in Digital Government, shown speaking earlier this month at GSA's Social Government Summit. (FCW photo by Frank Konkel)

Responding to a story on social-media metrics, a reader dubbed Sam Ok wondered if measuring the use of social tools has any bearing on real performance. I would like not to see a metric on how much someone uses social media but what is their productivity, the reader wrote. We seem to assume that using social media makes people more productive but I agree with the person above [another commenter who had suggested that productivity and social-media use are not related] until you can develop a metric that shows otherwise.

Frank Konkel responds: The recommendations rolled out last week by the GSA-led interagency working group have to do helping agencies improve their digital outreach. The recommendations are designed to help agencies track how information they release is disseminated through their audience on social media – an audience that continues to grow compared to those who browse agency websites for information or announcements.

If you browse online, you can read through many surveys and studies that suggest that while social media platforms like Facebook and Twitter may be distracting to some – college and high school students, for example – it’s become standard operating procedure for many employed in the private and public sectors. Indeed, nearly every federal agency has a presence on at least one social media platform, while many have tens or even hundreds. NASA, for instance, manages 480 social media accounts, used for everything from disseminating press releases to chatting with astronauts onboard the International Space Station.

Posted by Frank Konkel on Feb 26, 2013 at 12:10 PM0 comments


Where do numbers come from for salary comparisons?

Ron DeSantis

Rep. Ron DeSantis (R-Fla.) introduced a bill to cancel a planned federal pay raise.

In a story about a bill to cancel a federal pay raise, an anonymous reader took issue with Rep. Darrell Issa's comparison of government and private-sector pay, asking, Where do they come up with these numbers? The average government worker has an increase of $3,328 and private sector $1,404?

Matthew Weigelt responds: The Office of Personnel Management provided the House Oversight and Government Reform Committee with data about federal employee pay. Based on that, the committee found the median federal employee pay increased by $3,164 during the pay freeze. It went from $69,550 in September 2010 to $72,714 in September 2012. The number increases to $3,328 when the committee includes seasonal and temporary employees like Census enumerators, some firefighters, or seasonal park service employees.

For the private sector's increase, the Congressional Research Service gave the committee the figures. Click here for a fact sheet from the oversight committee. The fact sheet includes some data a 2012 Congressional Budget Office report on comparisons between the two sectors. It may be useful as you think about the whole issue.

Posted by Matthew Weigelt on Feb 22, 2013 at 12:10 PM3 comments


Responsible reporting on cybersecurity

cyber attack button

A couple of readers raised objections to the story "GAO finds Census Bureau vulnerable to cyberattack."

One reader wondered: Is this responsible reporting? Should these vulnerabilities be broadcast where anyone could read them?

Camille Tuutti responds: All GAO reports are publicly available and frequently covered by FCW and other news outlets. It would be irresponsible if reporters did not call attention to shortcomings and covered only positive news. Also, I would be surprised if some of these problems have not been solved already; according to the report, the Commerce Department, under which Census falls, said it would find the best way to address the issues. (In total, GAO made 13 recommendations to the Census Bureau to enhance its information security program and in a separate report with limited distribution, an additional 102 recommendations.)

Another commenter wrote: This article lacks specifics or context. It looks like Ms. Tuutti is saying that the Census Bureau does not have any IT security in place at all. That is not what the GAO report actually says. I think this story needs to be clarified with actual facts and less hyperbole.

Camille Tuutti responds: I would not call it hyperbole. What I wrote and concluded is the gist of the GAO report: That Census needs to address these weaknesses or it will continue being vulnerable to intrusion, data loss, etc. Although GAO said Census has made some progress, it still struggles with having adequate security in place. The main problem that GAO found, and which I pointed out, is that the bureau does not have a comprehensive information security program to ensure controls are effectively set and maintained. The lack of such a program has led to various problems, including who or what has access to the bureau'’s systems. Census did not adequately control connectivity to key network devices and servers or identify and authenticate users. The bureau also failed to encrypt data, monitor systems and network or ensure appropriate physical security controls were implemented. These were not the only problems, however. What I did not include in my story is that GAO also found the bureau only partially satisfied requirements for contingency  planning. According to GAO, "without an effective and complete contingency plan, an agency'’s likelihood of recovering its information and  systems in a timely manner is diminished."

Posted by Camille Tuutti on Feb 21, 2013 at 12:10 PM1 comments


How will sequester affect congressional staff?

Ron DeSantis

Rep. Ron DeSantis (R-Fla) introduced a bill to overturn an Executive Order granting a federal pay raise.

To a story about a bill that would kill a federal pay raise, a reader asked: I wonder if all of the congressional office staff are continuously awarded "merit" pay raises since they aren't getting [cost-of-living allowances]. Someone review how much their office staff pay is compared to the average American. Are they going to sequester 8 percent of their office budgets?

Matthew Weigelt responds: First, congressional staff members do not receive merit pay raises. In addition, they are going through sequestration too. Their office budgets may be hit by as much as 10 percent.

Do congressional staff members make more than private-sector workers based in Washington? It all depends on your job on the Hill. The Sunlight Foundation has some good data on 2009 salary numbers. A congressional chief of staff in the House of Representatives makes roughly $136,920 while a company chief executive makes $189,790. A legislative director earns $85,912 while a general manager at a company earns $128,300. Who makes more varies from there down to the lowest rung of the House member's office staff.

You can read the Sunlight Foundation's full report here.

Commenting on the same article, another reader suggested some civil disobedience: I think every civil servant across the country should call in sick on the exact same day and then Congress will see what a true government shutdown is all about. It would spur contractors not being able to go to work, federal buildings being closed, no border security, no food inspectors, no air transportation, etc. Then maybe they will put a little more stock in what we really contribute to this country.

Matthew Weigelt responds: That's an interesting take, although I can't advocate every fed calling in sick. Some advice though, if you do it: Make sure your sick day proves your job cannot be done without you there.

Posted by Matthew Weigelt on Feb 21, 2013 at 12:10 PM5 comments


Why does NOAA launch satellites?

NPOESS weather satellite

To a report of the possibility that we could be without weather satellite coverage for more than a year, a reader asked: Why does NOAA have anything to do with the launching of satellites? If NOAA needs a satellite they should just tell NASA what they need, and let the experts build and fly it. We don't need multiple agencies trying to build their own little empires of satellite operations.

Frank Konkel responds: NOAA works with NASA on the JPSS (Joint Polar Satellite System), but prior to that partnership, those two agencies worked with DOD on a program called the National Polar-orbiting Operational Environmental Satellite System (NPOESS) that was supposed to replace polar-orbiting satellites: It failed miserably due to mismanagement and overshot budgets. The government, then, decided the current system would be better than the tri-agency partnership, although there is no shortage of criticism.

Posted by Frank Konkel on Feb 20, 2013 at 12:10 PM0 comments


Parsing Silver's meaning

Nate Silver

Analytics expert Nate Silver addresses the Adobe Government Assembly. (FCW photo by Camille Tuutti)

Reflecting on comments from Nate Silver (Analytics guru Nate Silver offers advice for agencies), a reader commented: I like the comment [in the article] : "As a tool, big data can unlock all kinds of insights from massive amounts of data, but small changes in the way we approach humongous data sets can drastically change outcomes. Seemingly minor details should never be overlooked," Silver said.  As any expert in charts can tell you, "The way you look at data all depends on what you want the data to say.'" (Yes, I know that was not [Silver's] intent, but it is true none the less.)

Frank Konkel responds: I think Silver was speaking about input variables rather than actual output data. As a summary, when the design parameters we derive results from big data sets change just a little, the end result can yield a wildly different outcome. Therefore, his statement to "sweat the small stuff in big data" applies.

Posted by Frank Konkel on Feb 14, 2013 at 12:10 PM0 comments


How to do Hadoop

DNA strand

Genome research is one of several areas where the big-data tool Hadoop is proving itself. (Stock image)

An anonymous reader suggested that the headline "How agencies can put Hadoop to work" may have promised too much: Not to be too critical, but there is NOT ONE example listed here of how a government agency can/should practically apply Hadoop. I'm disappointed. To be clear, any rigorous conversation on this topic should tackle how Hadoop aligns with "Cloud First." Ready? Go!

Frank Konkel responds: The purpose of the article was to touch on a few potential ways agencies could use Hadoop in the near future, not necessarily what they are using it for now, with added focus on layering applications with Hadoop to produce real-time answers to problems. You make a great point for future stories on Hadoop, and that is something I will pursue.

Posted by Frank Konkel on Feb 08, 2013 at 12:10 PM0 comments


A question of word choice

Responding to the story, "Cavalry not coming for the acquisition workforce" – part of our Outlook 2013 feature package -- an anonymous commenter wrote: I disagree with Ms. [Lisa] Mascolo's comment that, 'Much of the expertise those retirees take away is obsolete anyway.' In the 1102 Contracting job series, our expertise is not allowed to become obsolete. We are required to continually update our knowledge and skills. And in this ever-changing environment, that is quite a task.

Camille Tuutti responds: "Obsolete" was not necessarily the best word in this case -- "irrelevant" would have been closer to conveying what Mascolo meant. I also reached out to her to get further clarification. Her response: "For those folks who have been there for an extended period of time, what the government really needs to do is mine those skills and knowledge and figure out a way to transfer that to the younger generation of procurement officers. The skills that they have aren't necessarily as relevant as today as they used to be, but certainly [they're not] obsolete. My point is that in some of these newer technologies, there's a real need -- and most procurement officers would agree-- for ongoing training for contracting and procurement officers."

Posted by Camille Tuutti on Feb 08, 2013 at 12:10 PM0 comments


What will measure the success of RFP-EZ?

RFP-EZ Components

RFP-EZ is a creation of the Presidential Innovation Fellows program

After reading about RFP-EZ, a creation of the Presidential Innovation Fellows program, reader sanchezjb wondered, What are the key performance indicators or measures focused on outcomes that will determine if RFP-EZ is successful?

Matthew Weigelt responds: It's an important point. To determine whether RFP-EZ is a success, officials will evaluate how much competition it generates and if RFP-EZ decreases the time for a federal employee to write a statement of work and for companies to develop offers. Finally, they will want to know if people like the system. The pilot runs through May 1. Get more details here.

Posted by Matthew Weigelt on Feb 08, 2013 at 12:10 PM0 comments


What does transparency really mean?

Lisa Jackson

Lisa Jackson, under scrutiny for apparently using a phony e-mail i.d for some official business, causes a reader to wonder about the government's commitment to transparency.

On a story about EPA Administrator Lisa Jackson's use of a phony e-mail identity, under investigation by the House Oversight and Government Reform Committee,  a reader identifying himself as "Johnny" writes: How disappointing. If this story is found to be true, it shows a sly and cynical approach to transparency. Will this be our future government? Issue a proclamation about transparency, but practice a lack of it when it involves management or cabinet-level officers?

Camille Tuutti responds: I think, and hope, citizens will continue to really push for a more open government. The public wants insight into where tax dollars go, and knowledge of how government carries out its functions. Several members of Congress, including those on oversight committees, also play a key role in ensuring there is enough sunlight on federal operations and hold officials accountable -- all of them, at every level.

Posted by Camille Tuutti on Feb 08, 2013 at 9:03 AM0 comments


How to legislate cybersecurity right

Jay Rockefeller

Sen. Jay Rockefeller, one of the Senate's advocates of cybersecurity legislation.

Responding to an article on the Senate's renewed cybersecurity effort, reader Paul Misner wrote: [The] Senate walks a fine line here. If the bill is too weak, it will have no value as all. Too rigid, and it will result in agencies and companies being forced to implement out of date processes, hardware, software, and procedures that will increasingly become less valuable. What is needed is a strong, but balanced framework which is easy to understand, and dynamic to meet a dynamic set of adversaries. I think this type of legislation should be enforced with a carrot, rather than a stick, but providing protection from penalties for entities that follow it's guidelines, rather than punishment for those agencies who fail to make an effort to enforce.

Amber Corrin responds: That seems to be the consensus. A number of sources have warned against FISMA-like, "check-the-box" regulations that do not allow for the agility necessary to keep up with constantly evolving cyber threats. This, as well as the carrot-over-stick argument, was a top concern for Fortune 500 companies who responded to a cybersecurity questionnaire from Sen. Jay Rockefeller, as FCW reported earlier this month.

Posted by Amber Corrin on Feb 06, 2013 at 12:10 PM0 comments


What's up with FedRAMP certification?

FedRAMP logo -- GSA image

To an article about FedRAMP, reader Ramana asked: I would like to know more details about certification.

Matthew Weigelt responds: FedRAMP offers a security assessment process using a standardized set of requirements; the ability for federal agencies to view security authorization packages in the FedRAMP repository; and ongoing assessment and authorization to ensure that authorized offerings remain compliant in the months and years to come.

There's too much to explain here, but  the General Services Administration has plenty of details about its certification process and everything that goes with it. For the information you need, and for anyone else who has similar questions, this web site is all things FedRAMP: http://www.gsa.gov/portal/category/102371.

Posted by Matthew Weigelt on Feb 06, 2013 at 12:10 PM0 comments


How can one nominate Fed 100 contenders?

Fed 100 logo

A reader asked a common question about FCW's Federal 100 awards: How does a person get nominated for the FED 100? Is there an application to fill out? Id like to nominate someone next time around.

Troy Schneider responds: FCW accepts Federal 100 nominations the last several weeks of the year. The window for nominations for the 2013 Federal 100 opened on Nov. 1, 2012 -- and next year's process will start around that same point in the fall. Anyone can make a nomination -- there is an online form (now closed), and some general guidelines here. Self-nominations are unlikely to get much traction, however.

Posted by Troy K. Schneider on Feb 04, 2013 at 12:10 PM0 comments


Nailing down a date

key showing accessibility symbol

An anonymous commenter noted a timing discrepancy in the story "CIOs told to improve Section 508 standards," writing: 508 Standards were added in 1998, not '86.

Michael Hardy responds: In fact, both dates are correct. Section 508 is part of the Rehabilitation Act of 1973, and was first added in 1986. However, the original version did not work very well, and Congress replaced it in 1998 with new language. We've updated the story to clarify this.

Posted by Michael Hardy on Jan 30, 2013 at 12:10 PM0 comments


TheConversation

  • Rep. Steve Pearce

    Congressional telework pros and cons

    The Conversation: FCW's reporters and editors respond to your comments. Read More

  • yellow mailbox

    Big data, big deficits at USPS

    The Conversation: FCW's reporters and editors respond to your comments. Read More

    Comments: 1
  • concept art for cloud services

    Shining light on the CIA

    The Conversation: FCW's reporters and editors respond to your comments. Read More

  • man working late

    Reporting telework foot-draggers

    The Conversation: FCW's reporters and editors respond to your comments. Read More

  • Angela Canterbury

    Can the government have too much transparency?

    The Conversation: FCW's reporters and editors respond to your comments. Read More

  • Eleanor Holmes Norton

    Fairly reporting the sequester

    The Conversation: FCW's reporters and editors respond to your comments. Read More

  • Guide dog

    Making websites accessible

    The Conversation: FCW's reporters and editors respond to your comments. Read More

  • image of obama on phone

    Is Obama sincere about transparency?

    The Conversation: Our responses to your questions and comments. Read More

    Comments: 2
  • man_on_dollar

    Could a furlough cost you your clearance?

    The Conversation: Our responses to your questions and comments. Read More

    Comments: 5
  • capitol dome and bills

    How does sequestration look to you?

    Help us cover the forced budget cuts and their effects on agencies and employees more thoroughly. Share your experiences and observations with us. Read More

    Comments: 7