Seven policies to watch in 2007

Seven policies that will have a significant impact on the government IT landscape this year.

Impact in ’07: Oversight, oversight and even more oversight. That is the trend agencies and contractors should expect this year.
Procurement Reform



The Office of Federal Procurement Policy, Congress and agencies inspectors general all are expected to apply more pressure on acquisition professionals and contractors than they have in the last five years.


Rep. Henry Waxman (D-Calif.), the new chairman of the Government Reform Committee, will be less contractor friendly than former chairman and now ranking member Tom Davis (R-Va.) was, according to Neal Fox, a former General Services Administration procurement official.


And Waxman is not alone in pushing for more oversight, said Larry Allen, executive vice president of the Coalition for Government Procurement, an industry association in Washington.


Allen said procurement changes also could come from the Armed Services Committee, where staff members are closely watching the recommendations of the Services Acquisition Reform Act panel.


The SARA panel released its draft report late last month (go to GCN.com, Quickfind 725, to read the report) that called for more competition. It will collect comments before submitting its final report to OFPP.


In the meantime, OFPP administrator Paul Denett will try to figure out how to deal with the proliferation of multiple-award contracts, and increase the oversight of those vehicles.


“MACs have become a poor man’s governmentwide acquisition contract and it escapes the oversight of OFPP,” Fox said. “You end up with MACs that don’t make any sense, like the Navy’s Seaport-e.”


Allen also sees a series of potential new regulations that could slow the procurement process.


For example, he said, the Defense Department’s new rule on the use of time and materials contracts is stricter than the Federal Acquisition Regulations rule.
Additionally, Allen said there are questions about whether agencies will use GSA’s newest IT governmentwide contract, Alliant, and how much agencies will come back to use the agency’s procurement services. GSA officials said assisted acquisition services declined yet again in 2006.





Data standards

Impact in ’07: Agencies will take steps to advance standards in health IT, security and intelligence sharing, although actual data sharing still is a far-off goal. Standards provide the foundation on which agencies can exchange data to become more effective and efficient.


There’s a tremendous push toward information sharing, but that depends more on trust among agencies than on standards, said Ron Ross, the National Institute of Standards and Technology’s senior computer scientist.


“If I’m going to give you important information, I’d like to have confidence that you’ll be able to protect it once it leaves my boundary,” he said.


He foresees a common framework for security controls across government, including the Defense Department and the intelligence community.


NIST has given these constituencies visibility as it has developed its FISMA standards and guidelines, including a common language for security controls and assessments, he said. (See data security capsule, below.)


For intelligence data, standards for the Information Sharing Environment, designed to let federal, state, local and other organizations access terrorism information, likely will get a foothold this year.


Participants on the Information Sharing Council are expected to agree on initial standards early this year while the next set of standards should be ready by August, according to plans set by national intelligence director John Negroponte.


The information-sharing project is a collaboration of his office and the departments of Justice, Homeland Security, Defense and State, and the FBI.


Standards should make headway in other areas, too. Agencies will begin to act on the presidential executive order issued last year to use health IT interoperability standards when they acquire and update systems for health data exchange.


They must develop plans this month for the Office of Management and Budget about how they will incorporate those standards in their contracts.





Data Mining

Impact in ’07: Data-mining software will continue its trajectory deep into the core of federal IT managers’ portfolios, even though the tools pose privacy risks and functional drawbacks.


As privacy advocates cite instances of data-mining abuses, federal IT managers will seek to defuse those concerns by citing their adherence to privacy laws and filing privacy impact statements—except when they grant themselves a waiver of that requirement.


The Government Accountability Office found 131 data-mining projects across 52 agencies in a May 2004 study. And that number is only increasing around the government, particularly in the Defense, Homeland Security and Justice departments, and elsewhere in the intelligence community. In 2006, it was revealed that the National Security Agency was buying phone call records. GAO also reported that agencies spent $30 million with companies that provide data analysis services in 2005.


The lure of the software is that the tools can detect valuable information in agencies’ vast data troves, and possibly even help forecast future events by methods known as predictive analytics.


But one incisive warning about the limits of data mining came from Jeff Jonas, a distinguished engineer and chief scientist with IBM’s Entity Analytic Solutions Group, and Jim Harper, director of information policy studies at the Cato Institute in Washington.


Jonas and Harper condemned data mining as a means of pinpointing terrorists because it “would waste taxpayer dollars, needlessly infringe on privacy and civil liberties, and misdirect the valuable time and energy of the men and women in the national security community.”


“I would agree with that,” said Bob Daugherty of Flagstaff, Ariz., a consultant, statistician and data-mining practitioner. Like Jonas and Harper, Daugherty said the number of terrorist incidents was too small to form the basis for a useful model of the threat.





Data security

Impact in 2007: Agencies can expect more support this year from the National Institute of Standards and Technology to help assess the effectiveness of IT security controls.


NIST will publish procedures in a document, 800-53A, which will be a companion piece to updated guidelines published last month for selecting and specifying security controls to comply with the Federal Information Security Management Act, said Ron Ross, NIST’s senior computer scientist.


The guidance documents build on mandates from the Office of Management and Budget in the wake of a wave of lost and stolen notebook PCs that put personal data at risk at a number of agencies, most spectacularly at the Veterans Affairs and Commerce departments.


NIST will release a draft of the procedures in March and finalize it by July, Ross said.


“We’re trying to deal with the security problem by establishing a common language for specifying and assessing security. It provides enough structure so we’re all focusing in the same direction, but it doesn’t lock you in so tightly that agencies can’t have flexibility to deploy the controls and assess them in accordance with their own operational environment,” he said.


Agencies this year should expect an increased emphasis on two-factor authentication at key locations within the IT infrastructure, such as at network boundaries.


Agencies also can expect more attention to building trust relationships to assure security controls at vendors; restrictions on systems that federal employees can access or use when telecommuting or traveling; and greater boundary protection, such as cordoning off some critical data into subnets, Ross said.





Homeland Security Presidential Directive-12

Impact in ’07: While the Office of Management and Budget will remind everyone this is a presidential directive, the reality of what the mandate really means will hit home over the next 12 months. Will agencies continue to produce cards and upgrade their infrastructure, or has HSPD-12 lost its momentum? That is the real question 2007 will answer.


Meanwhile, the only real deadline agencies face is Oct. 27, when they and contractors must complete a background investigation for every employee, especially those with fewer than 15 years of experience with their company or agency. One agency started with more than 5,000 employees who needed new investigations; over the past year, they reduced it to about 1,000.


Some agency officials believe HSPD-12’s momentum has been lost for a number of reasons: the General Services Administration’s lack of action on a new managed- services-office contract, the pressure of operating under a continuing resolution until at least February, and the ongoing challenge of integrating physical security with the card.


“HSPD-12 is dead in the water right now,” said one senior IT manager, who requested anonymity. “Agencies are not issuing cards because there still is some question about how to gear up to issue cards to hundreds of thousands of federal workers.”


Certain agencies also are under pressure to explain to OMB why they are going at it alone instead of through GSA or the Interior Department’s National Business Center, said another agency senior IT manager. OMB’s request for justification does not include transitional agencies, including the Defense and the Homeland Security departments.





Spectrum Management

Impact for ’07: The Pentagon’s Exedrin headache No. 7—trying to manage the availability of a very finite resource, the radio frequency spectrum, to allow the maximum number of users at one time, and without knocking other users off the air.


Network-centric operations, collaboration among the branches of the military, and cooperation with allies and coalition partners all place demands on the allocation of frequencies. Yet the Defense Department also has to coordinate its needs with the requirements in the private sector, where demand is going through a similar growth spurt.


As a result, spectrum management is one hot new field in military circles. At a recent conference on Defense spectrum issues, Brig. Gen. Jeffrey Foley, director of architecture, operations and space for the Army, said the service is developing a primary “military occupational specialty” for spectrum managers. The Navy also is establishing it as a career path, and the Marine Corps has already done so, he said.


There are two distinct areas of concern DOD will attempt to address this year. In warfighting operations, spectrum managers have to “deconflict” the use of particular frequencies to make sure that one group of devices doesn’t disable another.


DOD CIO John Grimes told conference attendees that commercial Global Positioning System receivers in a class of inexpensive unmanned aerial vehicles used in Iraq were being knocked out by other devices emitting their own RF signals.


Longer term, all the services have to revise procurement and systems development processes to incorporate spectrum requirements much earlier in the process.





E-Government/Lines of Business

Impact in ’07: E-Government, year five. The Office of Management and Budget continues to push agencies and the 25 projects to produce results. But will this be the year when the so-called “rubber meets the road”?


Many observers believe OMB missed its opportunity to gain congressional support for e-government when Republicans held the Hill.


“The process to get approval to spend money will get harder,” said one agency CIO, who asked not to be named. “In some ways, OMB is painted into a corner. They can’t shut down systems that match cross-agency systems unless they match perfectly. Most agencies built more encompassing systems so they could shut down a module, but not the entire system.”


Still, the Hill’s influence over e-government is secondary. OMB’s push for using outcome-oriented metrics and its gentle prodding of agencies to hire shared-services providers, mean its expectations remain high.


One senior IT manager, who requested anonymity, said the greatest hope should be on the IT Infrastructure LOB. The manager said the potential to find real savings is greater than in any other e-government or LOB project. The rest of the initiatives, the manager said, will continue to toddle along.


Under the Human Resources LOB, the Office of Personnel Management, through the General Services Administration, will issue an open schedule for private-sector companies to act as service providers.


OMB also will name the new Security LOB providers and expects agencies to begin using their services for training and Federal Information Security Management Act reporting.


“This is a transition year in many ways,” said another senior IT manager, who also requested anonymity.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.