Digital Government

Like duct-taping airbags to a '65 Mustang

Flickr image: 1965 Ford Mustang coupe Rally Pac gauges. Taken at the 2012 New South Wales All Ford Day, held at Sydney Motorsport Park (formerly Eastern Creek Raceway).

There would be little room for an airbag among a 1965 Ford Mustang coupe's Rally Pac gauges. (sv1ambo / Flickr)

“This is a 1965 Mustang, a classic American automobile,” said federal CIO Tony Scott, flashing a cherry red muscle car on the projector. “If you are into cars, this is probably one of the cars you would lust after.”

But for all its appeal, the vintage vehicle is lacking in many ways – uncomfortable seats, no airbags – and bringing it up to modern standards, Scott said, is a lot like the challenge facing federal IT departments.

“If you were in charge of trying to make this car modern,” installing anti-lock brakes, airbags and the like, Scott told the audience at the National Institute of Standards and Technology’s eighth Cloud Computing Forum and Workshop on July 7, “and you were told you had to do it with that car and not a new version of that car, you’d find it almost impossible.”

You’d wind up essentially duct-taping many elements on the car, he predicted. It’s a metaphor he has employed before. But he extended it for NIST.

“Even if you could do it, the result would probably be pretty ugly,” Scott said. “You would probably end up with a car that no fan of a ’65 Mustang would want.”

The Mustang modernization is much like the task before federal agencies when it comes to upgrading their IT.

“All of us are being asked to take technology that was designed and largely figured out in the ’80s and ’90s, some of it in the ’60s, and apply security to it,” Scott said. “It’s expensive, hard to do, and the result is not actually all that great. You end up with something that no one really wants.”

Cloud offers an escape from the Frankensteinian conundrum, giving agencies a chance to start fresh with user-centered design, security by design and scalable enterprise services, Scott said.

But it’s not an effortless task.

“Even in the most mature cloud architecture and implementation [nowadays], it still feels a little bit to me like the ’65 mustang example,” Scott noted, saying agencies need to ensure security is built into every single layer – from buildings and networks down to the device and data levels.

Scott also noted that his 30-day cyber security sprint could produce more coherent, not merely more, guidelines.

“We make a lot of rules but we never unmake rules,” Scott said. “Everything we want to do is now some navigation through some really crazy web of rules and regulations.”

Scott said he hopes the sprint, originally sent to agency CIOs on June 11 and now nearing its end, will enable government to “catalogue” the array of security rules and then “normalize and clean up” the “awkward” mess.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Defense

    DOD wants prime contractors to be 'help desk' for new cybersecurity model

    The Defense Department is pushing forward with its unified cybersecurity standard for contractors and wants large companies and industry associations to show startups and smaller firms the way.

  • FCW Perspectives
    tech process (pkproject/Shutterstock.com)

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.