Hot or not: Congress failed to make a mark

But policies for better information sharing and e-discovery were positive advances

In the past 12 months, the White House, Congress and agencies addressed a wide range of policy issues, some more successfully than others. The move to consolidate data centers and streamline financial and human resources management operations were prevalent themes in 2007, but the absence of new laws setting policy highlighted the continuing stalemate between Congress and the White House. Large agencies, including the Homeland Security Department, consolidated information technology platforms and data centers to improve security and reduce costs. Agencies were helped in their consolidation efforts by the Office of Management and Budget’s Information Technology Infrastructure Line of Business, a governmentwide initiative for standardizing infrastructure improvements to reduce costs and maintain or increase performance. Agencies spent billions of dollars on computers, data centers and telecommunications, but they lacked a federal standard against which to measure the benefits of that spending. In industry, Gartner introduced a set of general-purpose infrastructure metrics for assessing support costs, efficiency and service levels for desktop computers and help desks. In 2008, the company will develop similar metrics for mainframes and servers and telecom services. Agencies found that IT consolidation requires organizations to change their culture, said Brian Burns, deputy chief information officer at the Education Department.” Most agency business owners want to touch and feel their IT,” he said. “I tell them to let it go. It’s about measures to get performance.” Meanwhile, Education awarded a service contract with service- level agreements for all of its IT infrastructure and support. With Congress and President Bush squabbling over spending bills late into the year, federal agencies were forced to count pennies to keep the government operating. A case in point: Bush vetoed a $23 billion water resources bill, and lawmakers overturned it Nov. 5. However, the sparring didn’t end there. In mid- November, Bush signed a $459.3 billion Defense Department spending bill and then vetoed the appropriations bill for Labor, Health and Human Services, Education and related agencies because it exceeded his recommended spending cap. It looks as though another long-term continuing resolution is in the offing, meaning that 2008 would be the second consecutive year that agencies would be funded at about the 2006 level. The budget uncertainty has forced some agencies to scale back operations. For example, the Census Bureau is undergoing a pivotal rehearsal for the upcoming 2010 census. The continuing resolution provided no additional money for the bureau’s operations. With the main portion of the agency’s census dress rehearsal scheduled to begin in less than five months, planning officials trimmed as many non-IT-related tests as possible and pushed the opening of the rehearsal back by a month. The continuing resolution “made us stop and think about what we could spend on what,” said Frank Vitrano, chief of the bureau’s decennial management division. Agencies began to grasp the idea that security risk is a changing, dynamic condition that makes it difficult to use traditional security certification and accreditation procedures to comply with the Federal Information Security Management Act. The National Institute of Standards and Technology published a Risk Management Framework to help agencies deploy security controls and assess the risk to systems that support their missions. FISMA was energized by collaboration among the officials of the Office of the Director of National Intelligence, DOD and NIST who are developing a governmentwide foundation of standards and guide lines for risk management, said Ron Ross, a senior computer scientist at NIST. Ross said real-time, continuous monitoring of security controls equips agencies with an effective defense against sophisticated cyberthreats. “The threats plus the dynamic nature of the world we live in today combine to drive us toward almost real-time continuous monitoring,” he said. Real-time monitoring makes agencies aware of information security risks as hardware and software changes. The Bush administration called on Congress to transfer $115 million to the Homeland Security Department’s Einstein gateway monitoring program. OMB issued a policy mandating the program’s use. The Justice Department and Environmental Protection Agency developed applications that automate real-time, continuous monitoring. Those applications are available under the governmentwide Information Systems Security Line of Business, which offers agencies a cost-effective method to acquire tools and support for security programs. A December 2006 amendment to the Federal Rules of Civil Procedure expanded the pool of documents that organizations might be asked to produce in a lawsuit’s discovery phase. That pool now includes electronically stored information, a change that caused agencies to scramble to learn how to implement e-discovery. “There has been an enormous rise in awareness since the rules change and some of the adverse [court] rulings that have gotten people scared,” said Rachel Spector, a senior attorney at the Interior Department who helped assemble the Federal Electronic Discovery Working Group. Despite new guidance from Justice on how to handle electronic discovery, experts say agencies still are uncertain about what to do. “The reality is that you have varying levels of compliance and awareness throughout the federal government,” said Jonathan Redgrave, an attorney and editor of “The Sedona Principles: Best Practices, Recommendations and Principles for Addressing Electronic Document Production.” “The biggest problem that we’ve seen with agencies is that they don’t have the right people or haven’t done their homework to prepare before litigation,” Redgrave said. Interior learned about preparing for e-discovery the hard way. After agency lawyers were unable to produce certain electronic documents during the discovery phase of an ongoing court case, the judge called the department’s entire IT security into question. As a result, the department agreed to disconnect from the Internet in 2001, and today, several Interior components still do not have e-mail accounts. “I think the overarching lesson is beware of what you don’t know before you make representations to the court of what you can produce during the electronic discovery process,” Spector said. The contentious relationship between Congress and White House officials is to blame for a noticeable lack of new legislation in 2007. Many proposed bills and legislative updates stalled in committees, didn’t have support in both chambers or were rebuffed by the White House. Even hot topics, such as reforming procurement and inspectors general, failed to get out of the House and Senate. For example, the Inspector General Re form Act cleared the House and the Senate Homeland Security and Governmental Affairs Committee. Lawmakers are negotiating with the administration on the bill because Bush threatened to veto it as it is currently written. Other issues have simply slipped under the radar. The E-Government Act of 2002 will expire Dec. 17. The Senate waited until late November to approve a reauthorization bill.Meanwhile, the House has no similar bill. Lawmakers sent the Wired for Health Care Quality Act to committee after it failed to reach the floor for a vote. Trey Hodgkins, director of defense programs at the Information Technology Association of America, said procurement reform attracted congressional attention, particularly among members of the House Oversight and Government Reform Committee. However, reform legislation stalled because lawmakers went into wait-and-see mode for the duration of President Bush’s term, he said. “Some of these proposals could be being held because of who could become [the next] president,” Hodgkins said. “I believe we will see a different approach to these issues, given the leadership” in Congress. Agencies wrestled with several secure identity verification programs, including: Homeland Security Presidential Directive 12 for federal employees and contractors, Real ID for states, and the Transportation Worker Identification Card for port workers. No agency fully met an October deadline to issue HSPD-12 secure ID cards to employees and contractors, and many agencies might not make the next HSPD-12 deadline in 2008. Meanwhile, DHS’ Western Hemisphere Travel Initiative published its air travel rule in June. The requirement that U.S. citizens have passports for air travel across U.S. borders threw people into a panic and resulted in a huge backlog of passport applications at the State Department. Fearing further backlogs and unacceptable costs, Washington Gov. Chris Gregoire (D) announced in March that the state would pilot secure driver’s licenses that would meet WHTI’s requirements. The new IDs would also fulfill another controversy-mired DHS mandate, the Real ID Act, which requires states to issue driver’s licenses based on national standards. Washington was one of several states to test a secure driver’s license. Arizona, Vermont and New York also jumped on the bandwagon. “Agreements like this one, and the others before it, move secure identification in the right direction,” DHS Secretary Michael Chertoff said during a recent press conference announcing the Arizona pilot project. DHS also launched TWIC for all port and maritime workers, despite union complaints about the price of TWIC cards — $132.50 apiece — and the background check that must be completed before workers can get a TWIC badge. DHS expected to finish deploying TWIC to all ports of entry by September 2008. The government’s mandatory switch to IPv6 didn’t generate a lot of excitement as agencies prepared to upgrade their backbone networks to support the new protocol. In 2005, OMB told agencies that by June 30, 2008, their network backbones must be ready for IPv6, and other networks should be capable of handling the new protocol. “It’s a good news story that doesn’t have any new news,” said Casey Coleman, chief information officer at the General Services Administration. “I think that might be why it kind of dropped off the news circuit.” Coleman said agencies ve started to refresh their technology and infrastructure, and vendors are making IPv6- ready products. But IPv6 has not gained the attention of agency leaders. A Federal Computer Week survey released in August found that many agency employees don’t know about the IPv6 mandate, and many federal IT employees are unaware of the transition’s challenges. Also, at least 30 percent of the respondents who knew about the requirement were unaware of the status of their agency’s progress, the survey found. Information sharing has been a buzzword since the 2001 terrorist attacks, but federal, state and local agencies didn’t make significant progress toward sharing information until this year. John Cohen, senior adviser to the program manager for the Information Sharing Environment, said two events marked the development of sharing capabilities. First, he said, was gaining an understanding at the federal level of state and local roles and responsibilities. “That common understanding allows us to have productive discussions on how to facilitate information sharing,” Cohen said. Cohen also said the White House’s National Strategy for Information Sharing, issued in October, recognizes the role of state and local agencies. Another significant development was the agreement on a data standard, Cohen said. The National Information Exchange Model (NIEM) gained greater acceptance within the Justice and Homeland Security departments and the intelligence community. Cohen said the use of NIEM will improve data sharing because it offers standards for structuring information.


Hot: IT consolidation








— Mary Mosquera

Not hot: Agency funding














— Wade-Hahn Chan

Hot: Real-time security monitoring










— Mary Mosquera

Hot: E-discovery














— Ben Bain

Not hot: Legislative stalemate
















— Wade-Hahn Chan

Hot: Identity management
















— Wade-Hahn Chan

Not hot: IPv6












— Matthew Weigelt

Hot: Information sharing














— Jason Miller 

NEXT STORY: FlipSide

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.