The year ahead in policy

Aug. 27, 2004, was an unusual day at the White House. President Bush issued four executive orders and two presidential directives establishing new policies linked to the use of information technology.

The sheer number and scope surprised some federal officials. Lee Holcomb, chief technology officer at the Homeland Security Department, said DHS officials and others are studying how the president's broad new directives for screening people, cargo and transportation vehicles fit with existing terrorist screening programs.

Similar overlaps exist among intelligence-sharing initiatives and the president's Aug. 27 "Executive Order Strengthening the Sharing of Terrorism Information to Protect Americans." But the order acknowledges the potential for overlap. It creates an Information Systems Council to advise the president on consolidating and eliminating redundant terrorist information-sharing programs, systems and processes.

Even before Bush signed a 600-page

intelligence reform and terrorism prevention bill last month, news reports occasionally mentioned an executive order issued Aug. 27 that authorized many of the reforms in the legislation. Nothing in the bill contradicted what the president had already ordered, said Stephen Wayne, professor of government at Georgetown University.

Several significant policy stories to watch in 2005 began as presidential directives and executive orders. Will the new policies produce real progress on intelligence reform this year? How quickly can federal officials issue standardized smart cards to secure access to all federal buildings and federal information systems? How far will federal officials go in

expanding terrorist-related screening activities?

In April 2004, the president issued an executive order authorizing federal incentives to create a national health care IT infrastructure but restricting new funding for it. Will the policy begin producing results in 2005?

Other policy stories to watch include the Bush administration's recent revisions to Office of Management and Budget policies. How will federal executives respond to demands for greater financial accountability? These are some of the questions that will keep policy watchers tuned to the White House.

Making intelligence reforms a reality

The nation's intelligence apparatus could get a major facelift in 2005 because of the Intelligence Reform and Terrorism Prevention Act of 2004, but few policy experts expect quick changes. A new director of national intelligence will be in charge of strengthening intelligence, creating a national center for counterterrorism and expanding intelligence sharing across all levels of government.

"It's going to take some time," said Lee Strickland, a former CIA agent who is now a visiting professor of information studies at the University of Maryland.

The new intelligence director will oversee 15 civilian and military intelligence agencies and about a $40 billion budget. But the director's control of operations and programs, including technology-related ones, will be limited, Strickland said. The director will also have to compete with other intelligence players for the president's attention, he said.

The National Counterterrorism Center will have a significant role in overseeing security operations. "It certainly appears the [center] will have the lead in collecting, analyzing and disseminating terrorism-related information and in the development and monitoring of domestic counterterrorism efforts," said John Cohen, a homeland security adviser to the governor of Massachusetts.

Strickland said the center won't diminish the Homeland Security Department's role in counterterrorism. The center's function is to advise the president, he said. DHS officials advise the nation.

Another significant requirement of the new law is the creation of a framework and details for exchanging terrorist threat information among all players. A presidential executive order issued last August jump-started work on a nationwide information-sharing infrastructure.

The intelligence law also has provisions for improving transportation, border and maritime security. It provides minimum standards for birth certificates, driver's licenses and Social Security cards, and it authorizes the expanded use of biometric technologies in travel documents.

Stronger federal IDs to be required

With Homeland Security Presidential Directive 12, Bush essentially ordered all federal agencies to stop using flash passes. Federal officials are concerned, however, about how quickly and painlessly they can respond to the directive.

The directive compels federal agencies to adopt stronger security standards and procedures for issuing identity credentials to employees and contractors. For instance, all federal agencies must begin using smart cards to verify the identities of employees and contractors who need access to federal buildings and information systems.

The cards must be capable of providing various levels of computer security, depending on the application. They must be resistant to identity fraud, tampering and terrorist exploitation. They must be electronically verifiable and issued by providers whose reliability has been established by an official accreditation process. Most importantly, the cards issued by one federal agency must be compatible with the smart card readers and card management systems at other federal agencies.

Donna Dodson is a senior computer scientist at the National Institute of Standards and Technology, which must issue technical standards before the end of February to comply with the directive.

"It's a big mandate for NIST," she said, "and an even bigger mandate for federal agencies."

Before the directive was issued, federal officials at agencies that had begun using smart cards only had to agree on standard specifications and procedures within their own agencies. Achieving interoperability among all federal agencies "is going to be hard, and hard decisions are going to have to be made," Dodson said.

For those reasons, a presidential directive requiring stronger federal identity credentials is probably necessary, said Rick Simmons, a vice president of Oblix, which specializes in network identity management. "If you don't have that highest level of support, it's hard to get momentum for projects like that," he said.

The directive might also set a precedent. "This may presage other interesting uses of [presidential] directives for things that are important to get done uniformly across the government, whether they are technology or policy," said George Schu, vice president for public-sector business at VeriSign. He said most people recognize that interoperability "makes a whole lot of sense for homeland security."

Expanded screening to stop terrorists

A presidential directive that citizens' rights groups will be watching closely in 2005 authorizes expanded terrorist-

related screening. People, cargo, transportation vehicles and anything else that could pose a threat to homeland security could be screened.

Homeland Security Presidential Directive 11 also requires that officials screen in a manner that safeguards legal rights and avoids disrupting commerce and transportation.

Few people, however, have detailed knowledge of this directive. It basically endorses a strategic, governmentwide approach to terrorist-related screening, said Anna Hinken, spokeswoman for DHS' U.S. Visitor and Immigrant Status Indicator Technology program, under which the new screening efforts will occur.

More than a dozen departments and agencies, including DHS, are working under the expanded screening mandate, Hinken said.

Others include the CIA; the Agriculture, Commerce, Defense, Education, Justice, State, Transportation and Treasury

departments; the Department of Health and Human Services; OMB; and the Office of Personnel Management.

If fully implemented, the directive would create a comprehensive terrorist screening program affecting immigration, law enforcement, intelligence, counterintelligence, border protection, commerce, transportation and critical infrastructure.

Bruce McConnell, president of McConnell International, said much about the edict is unclear. However, he added,

"US-VISIT will be one of the main tools that makes [the directive] work."

The first requirement was a report delivered in November 2004 that outlined plans for implementing the directive. Bush administration officials would not comment on the report.

Lara Flint, staff counsel at the Center for Democracy and Technology, agreed that the directive's aims remain unclear. She also doesn't understand how it meshes with existing screening initiatives and programs such as US-VISIT and the Transportation Security Administration's Secure Flight passenger screening program.

Flint said she has not seen the report, but she said it most likely documents existing programs and describes ways to develop them further.

And as that occurs, people must make sure citizens' rights are safeguarded, she said. "As we move toward more and more screening points in society, the need for appropriate redress mechanisms is going to become more and more acute," she said. "What we need, in my view, is a redress mechanism that goes across government agencies."

Incentives for electronic health records

Lawmakers cut $50 million from the president's budget this year for the Office of the National Health Information Technology Coordinator. But health care IT advocates say they still expect Bush administration officials to aggressively promote electronic health records in 2005.

Despite the budget cuts, the president remains committed to a nationwide plan for converting to electronic health records, said a spokeswoman for Dr. David Brailer, national health IT coordinator at HHS.

A need for greater efficiency and safety in the health care system will overcome any budget blips, said Scott Wallace, president and chief executive officer of the National Alliance for Health IT, an advocacy group.

Because the federal government pays roughly a quarter of the nation's total medical bill through Medicare, Medicaid, and military and veterans' health programs, administration officials cannot afford to ignore the possible savings from using digitized health records, Wallace said.

Janet Marchibroda, CEO of the eHealth Initiative, which advocates the use of electronic records, said important health care IT programs survived intact in the 2005 budget, and they will help in establishing a nationwide infrastructure for e-health records.

One of the surviving programs is the Centers for Medicare and Medicaid Services' Doctors' Office Quality-

Information Technology Program, which offers incentive payments to physicians who use electronic health records in their practices.

Marchibroda also said officials at HHS' Agency for Healthcare Research and Quality have awarded more than $96 million in grants to 100 organizations from the department's fiscal 2005 budget for setting up health IT systems in community clinics and hospitals.

Additionally, the health care research agency has provided a total of $25 million in funding to five states — Colorado, Indiana, Rhode Island, Tennessee and Utah — to develop statewide health care IT networks. They will serve as building blocks for a nationwide infrastructure for e-health records, Marchibroda said.

Greater federal financial accountability

A bevy of stricter internal financial controls, which are being called Sarbanes-Oxley for Feds, will become mandatory for federal executives by October 2005.

The new requirements appear in a revised version of OMB's Circular A-123, the compliance rulebook for the Federal Managers Financial Integrity Act. The revised circular will require federal officials to improve how they document and test internal financial controls. Agencies with patterns of weak controls will be subject to independent audits.

The changes will mean added costs for federal agencies, say people who helped craft the new rules as part of a joint committee of officials from OMB, the Chief Financial Officers Council and the President's Council on Integrity and Efficiency.

The greatest costs will be for documentation, said Jim Taylor, Commerce's assistant CFO. "All the Cabinet departments are going to have significant investments in making sure that they can put this information together," he said.

The fiscal 2006 deadline for agency compliance won't be easy, but officials can find ways to keep expenses down, Taylor added. "You decentralize the approach, you establish a formula, you verify, you have the

bureaus perform it," he said.

The need for stronger policies on internal financial controls became apparent after committee members compared government reporting requirements with private-sector requirements created in the Sarbanes-Oxley Act of 2002.

Committee members decided that if more exacting controls are a good thing for companies, it made sense to match them on the federal side, said Elliot Lewis, assistant inspector general at the Labor Department.

Unlike Sarbanes-Oxley, however, OMB's circular contains no language threatening to send agency chiefs to jail for poor financial oversight.

Federal executives will comply because "no agency head wants to be in the position of not being able to give a positive assurance on this," said Linda Springer, OMB's controller. "It's going to be very highly spotlighted."

Compliance procedures will be explained in an implementation guide set for release early this year.

Bob Brewin, Florence Olsen, David Perera, Dibya Sarkar and Aliya Sternstein contributed to this article.

NEXT STORY: DISA creates tsunami ops center

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.