Does government have the highly trained and talented top-level executives critical in promoting innovative ideas and growth through the use of information technology?

"The answer is 'No,'" writes Tom Hughes, chief information officer for the Social Security Administration, for a government management journal.

Hughes' blunt assessment appears in the upcoming spring issue of The Public Manager journal. Hughes' article, "The Courage to Change When Challenged," is one of four articles in the journal written under the purview of "PMA 44" (the President's Management Agenda for the 44th president, as in the next administration, a seminar series organized by Cisco's Business Solutions Group under the leadership of Alan Balutis, who also is a blogger for Tech Insider.) The other three articles cover human resources, acquisition and execution.

To improve government through the use of IT, Hughes recommends reinvigorating the bureaucracy by hiring younger leaders in the Senior Executive Service and hiring more private-sector managers in agencies' upper leadership ranks. He also suggests instilling in top leadership positions the understanding of how to use IT strategically to meet agency goals. One way, Hughes writes, would be to ask large companies to loan top executives to agencies to instill these changes.

Third, Hughes argues the government must invest in new technologies to remain competitive and to improve government services, such as spending more on high-speed broadband communications. (The United States has fallen from fourth in the world in broadband penetration to 24th, right behind Estonia.) Such an investment would provide new services to the public, including educational and recreational opportunities, and providing medical care to underserved populations.

You can read more about what the next administration should do to improve government management when the Public Manager is available in a few weeks.

Remember that story about the New York City employee who got fired for playing computer solitaire at work? Well, it turns out that just maybe the addictive game isn't all about wasting time; it's also, according to Josh Levin writing for Slate, "propelled the revolution of personal computing, augured Microsoft's monopolistic tendencies, and forever changed office culture. It has also helped the human race survive innumerable conference calls and airplane trips. If solitaire is not the most important computer program of all time, it is at least in the top two, along with Minesweeper."

In the most recent New Yorker magazine, an article details how the Defense Department is using virtual reality gaming software to treat post-traumatic stress disorder, an mental illness afflicting soldiers coming back from Iraq and Afghanistan. The program, which takes soldiers back into the streets and battles in Iraq with scenes that look identical to a kid's upscale video game, is called Virtual Iraq.

More than a year before, Nextgov editor at large Bob Brewin wrote an article about using virtual reality to treat PTSD while working for Government Health IT. If you think gaming software – or virtual reality exposure therapy, as its practitioners call it – has no place in treating these soldiers suffering from PTSD, consider this from Brewin's article:

Fifteen years ago, cartoonist Peter Steiner drew two dogs sitting in front of a computer, one saying to the other, "On the Internet, nobody knows you're a dog." This iconic adage, cute in its day, is now a warning.

Criminal, terrorist and nation-state cyberattacks against banks, technology companies, online merchants, individuals and government agencies cost the U.S. economy $400 billion annually, focused most often on stealing business and military secrets, and personal data.

In cyberspace, not knowing for sure what person or device is on the other end of the line has serious downsides. It erodes overall trust, limits users' ability to secure their own systems, hinders effective governmental response, and causes organizations to collect more personal data than they really need.

The following item was posted by Gautham Nagesh

Because June marks the culmination of several initiatives to standardize information technology practices to improve information security, Karen Evans, administrator of the Office of Electronic Government and Information Technology at the Office of Management and Budget, took a moment on Tuesday to discuss the big picture at a conference sponsored by 1105 Government Information Group in McLean, Va.

Evans said the upcoming deadlines for agencies to comply with several IT initiatives was a deliberate choice, designed to help tie together the separate initiatives into one coherent security strategy across the government. She discussed the Trusted Internet Connection initiative, the shift to the newest Internet protocol called IPv6, the issuance of HSPD-12 credentials and the Federal Desktop Core Configuration, which requires users operating with a Microsoft desktop environment to adopt a standard configuration for the desktop.

The New York Times reported today that the Transportation Security Administration sent a letter to at least four graduate students at MIT informing them that the agency turned down their request for an identification card to work at the nation’s ports. The letters noted the students were “security threats.”

The students had applied for a so-called Transportation Worker Identification Credential, or TWIC, card, a program the federal government created after 9/11 to tighten security at the nation’s ports. The deployment of TWIC has been delayed for months for numerous reasons.

The Times article cites two cases, one involving a German student, the other a British student. In the rejection letters, John Busch, who is identified as a security administration official, wrote, “I have determined that you pose a security threat.”

When news broke several weeks back about the Census Bureau and the decision to scrap plans for the use of handheld devices and a so-called “high-tech count” in 2010 I can’t say I was “shocked.” I held off commenting because it brought back so many memories from 1980, from 1990 and from 2000. In fact, if I unearthed meeting notes, memos, and briefings from then, I likely could produce an account that mirrored what is swirling now: One of those “ripped from today’s headlines” accounts.

But it saddens me in so many ways:

Ed Meagher, deputy chief information officer at the Interior Department and former deputy CIO at the Veterans Affairs Department, announced today that he plans to retire July 1 to take a position with SRA International, in that company's health care unit.

In a short email sent out this monring, Meagher wrote:

Folks,

I have decided to retire from the government effective July 1, 2008.
I will be joining SRA International in their Health Care Unit in mid July.

Regards,
Ed

Meagher was known for working hard to push information technology into the strategic decision making processes in agencies' top executive levels. He has been a strong proponent of giving the CIO more influence in agencies to improve government performance. In March, Meagher told Government Executive in an article that the government has failed to make IT strategic, as laid in the Clinger Cohen Act of 1996:

With a few notable exceptions, we're moving in the wrong direction. Clinger-Cohen was the direct result of these same conversations in the 1990s, when folks recognized that IT is a $70-billion-a-year operation in government. But Clinger-Cohen has fundamentally been ignored. The CIO has no voice. He doesn't get invited to meetings, he gets his directions and gives feedback through a third party after decisions have already been made, and he only gets called in when things are broken.

Meagher also was equally known for his work with wounded veterans returning from Afghanistan and Iraq, frequently providing them a steak dinner and helping them work their way through the Defense Department's and VA's health care maze so they could re-enter society.

Human behavior is inherently risky. In this entry, I want to explore two types of behavioral risk to the organization – operational risk and reputational risk – and to argue that illegal behavior is a reputational risk that is inconsistently regulated.

In a Government Executive piece a couple months ago, Jill Aitoro reported on a survey of federal IT workers that revealed employees using government computers and networks sometimes fail to follow policy and thereby endanger information security. Certainly, this is no surprise. In fact, I question the study's results because only 56 percent of 474 survey respondents reported having observed security violations. If anything, this suggests that 44 percent of the respondents were simply unaware of the security policy.

After years of calling for an alternative to the Federal Information Security Management Act of 2002, one may have been proposed -- or at least the start of one. As Nextgov reported today, Rep. Jim Langevin, D-R.I., introduced the 2008 Homeland Security Network Defense and Accountability Act. generally, the knock against FISMA is that it measures processes not results. For example, good FISMA compliance requires providing training for "employees with significant security responsibilities," but nowhere does it require the agency to test how much the employees learned or retained form the training. With FISMA, agencies aren't sure how good or bad their security vulnerabilities are because FISMA doesn't test for them.

Langevin's bill takes a stab at measuring actual security results, at least for the Homeland Security Department, and, for what some security experts hope, could be governmentwide. The key to the bill is requiring DHS to test if it can successfully defend its networks against known cyberattacks and to conduct vulnerability testing. The bill would have DHS measure what is actually happening on the ground and defending itself against what are real threats.

The following item was posted by Nextgov reporter Gautham Nagesh.

Mark Hamilton, the Environmental Protection Agency's senior information management officer, has a lot of ideas about how technology can serve the agency's strategic plan to meet its mission.

First there's nano-technology. Speaking at the Industry Advisory Council’s Executive Session on May 7, Hamilton said the EPA is incorporating the use of technology with its operations teams to better track the status of natural disasters. Hamilton used the example of a recent encounter with an EPA field employee, who was assigned to cover the Port of Long Beach in Los Angeles, Calif. The employee was driving a mobile laboratory van when Hamilton approached him and asked to check out the inside. The employee explained to Hamilton that the EPA was using nano-sensors spread over the water’s surface to detect and isolate oil spills, work that used to be done visually from a helicopter – a practice that is "not too useful at night,” Hamilton said.

Allan Holmes pointed me to a recent story in the Congress Daily. It seems that Edward Kennedy, D-Mass., who chairs the office of Senate Health, Education, Labor and Pensions Committee Chairman circulated on Monday a list of options for strengthening drug and device safety that are being considered for inclusions in legislation Kennedy's panel is reviewing to improve FDA oversight.

The recent contamination problems with foreign produce heparin that is believed for the deaths of 81 persons in the US as well as chemical-tainted wheat gluten in pet food have been major drivers for strengthening the FDA's oversight capabilities.

The story goes on to say:

Wiki forces are upon us. With the wiki concept, an individual posts an idea publicly. Then over time, subsequent contributors add to, adjust, or take away from the idea iteratively. Over time, with input from many players, what starts as a primitive idea can grow into a well-developed statement. The most dramatic example of the power of wikis is Wikipedia.

Recognition that collaborative efforts can lead to great results is growing in both the public and private sectors. What distinguishes the wiki approach from previous collaborative initiatives is that contributors to the process can be “amateurs” rather than professionals. Anyone can contribute. The contributions of some may be modest, focusing on the correction of spelling and grammatical errors. The contributions of others may be deeper – for example, they may focus on developing and refining foundational ideas. The Wikipedia experience has shown that well-articulated and valuable insights can emerge through this process.

Government agencies are mulling over the wiki phenomenon to determine its value in the public sector. Its value can be seen at three levels of operation:

• Project level: In building new systems, requirements can be harvested through wiki exercises. That is, a primitive statement of system requirements can be posted publicly. Customers and technical people can be asked to build on this primitive statement in order to create a full-blown set of requirements that reflect both customer and technical sensibilities.
• Intra-agency level: When an agency plans to launch a program that will change how it operates, inputs from employees and contractors handled through wiki processes can help the agency to formulate the program architecture more quickly and comprehensively than by setting up a task force to do the job.
• Inter-agency level: Government agencies tend to operate as stove pipes. However, this can lead to poor results, as the 9/11 catastrophe showed us. Because US intelligence agencies did not share their knowledge and insights regarding terrorist activity, the US was unable to anticipate and prevent the 9/11 attack. Government agencies can establish wikis to span organizational boundaries. The intelligence community did this after 9/11 when the created Intellipedia, three wikis that solicit contributions from employees of 16 intelligence agencies. Early results from this effort are encouraging.

There are two basic advantages to a wiki approach. First, because it is carried out in a virtual environment, it can be implemented quickly. There is no need to assemble committees of experts who deliberate indefinitely. Second, because it solicits input from a wide range of contributors spanning organizational boundaries, it has the potential of generating solutions that are both deep and broad.

Government should experiment with cross-boundary collaboration at the project, intra-agency, and inter-agency level. The tendency of bureaucracies to operate inside boxes is well-known, as are the perils – particularly the curse of parochialism. However, in exploring the strengths of collaborative action, government should avoid marching around with the wiki tool in search of applications. First, it should identify situations where collaborative inputs would help it function more effectively. Then it should determine whether a wiki approach is appropriate to engender meaningful collaboration, or whether some other approach is better. Finally, it needs to address the details of implementing a wiki solution – Are we able to establish a wiki platform? Will our organizational culture promote meaningful participation by the intended audience? As wiki solutions to problems emerge, will they be taken seriously by the agency’s management?

The first wiki was created by Ward Cunningham in 1995. Cunningham’s goal was to use his wiki to establish a compendium of software design wisdom.

The rationale underlying the wiki concept is to post an idea publicly, then to let players add to, adjust, or take away from the idea iteratively. Over time, with input from many players, what starts as a primitive idea can grow into a well-developed statement.

The power of the wiki was demonstrated with the creation of Wikipedia in 2001. In a very short period of time, with input coming from tens of thousands of contributors, Wikipedia evolved into a first-rate encyclopedia. What is interesting is that the encyclopedia emerged without any central organizing force. It has been created by amateurs who organize their efforts independently. No one tells them what to do. They work on what they find interesting. Furthermore, Wikipedia is a work in progress – entries are continually changed to reflect prevailing thinking and actions. It will never be a finished document.

Both public and private sector entities are trying to harness the forces of wiki-like collaboration. The traditional way of getting things done has been to put a job into the hands of experts. For example, in developing a new product, technical people work on technical things, editors work on documentation, marketers develop a market strategy, and so on. The wiki-way is very different. Different players contribute their insights to develop a new product, regardless of their expertise. Technical people can contribute thoughts on marketing strategy, while marketers can suggest technical enhancements.

Interestingly, some of the greatest enthusiasm for collaborative work efforts in government is coming from the intelligence community. The 9/11 disaster highlighted the price the USA had to pay for the absence of a collaborative spirit among intelligence agencies. We now know that all the information needed to stop the 9/11 terrorists was in the hands of American intelligence agencies prior to the attack. However, because the agencies did not share the information they had, no one in the US government was able to anticipate and head off the impending calamity.

One attempt to harness the collective wisdom of employees working at different intelligence agencies has been to establish the wiki Intellipedia, which was set up in 2006. Link Only employees with proper clearances are able to access and contribute to Intellipedia (comprised of three wikis). Already, it has provided the intelligence community with insights into how to deal with terrorist attacks in Iraq. Its strength is that it can quickly leverage the knowledge and thoughts of the entire intelligence community. There is no need to set up a task force and wait six months for results.

In order to make sure that managers within the intelligence agencies take the need for cross-agency collaboration seriously, the Office of the Director of National Intelligence has issued a new directive that will require senior managers at the nation’s sixteen intelligence agencies to be assessed according to a common performance evaluation system Link. A key criterion for evaluation focuses on the extent to which senior managers promote collaboration across agency boundaries. This is a good step.

Intellipedia offers a technical fix to the challenge of cross-agency collaboration. However, given the strong territorial tendencies of the agencies, a number of important questions arise: Are their employees willing to participate in the effort in an effective way? Will they hold back information that they feel their agencies “own”? When looking at the conclusions emerging from a wiki exercise, will they ignore the findings based on not-invented-here feelings?

Ultimately, the success of cross-agency collaboration requires that the players trust the system and want to work together. If these criteria are not met, then technical wiki fixes won’t work.

Lisa Porter, director of the Intelligence Advanced Research Projects Activity suggests in an interview that one way for intelligence agencies to better comb the tsunami of data they now collect is by using virtual worlds. She doesn't elaborate in her Q&A in the May issue of IEEE Spectrum magazine, but IARPA already has a project underway to collect data about virtual worlds.

IARPA is the intelligence version of DARPA, the Defense Advanced Research Projects Agency, where, incidentally, Porter once worked. In the interview, she discusses the new tripartite organization for IARPA. Its three program offices are Smart Collection, Incisive Analysis, and Safe and Secure Operations. The agency lives in the Office of Science and Technology at the Office of the Director of National Intelligence.

IARPA recently announced it will be snooping around the virtual world via a foxy little project called Reynard, a fox who is the hero of Medieval satires about social manners and classes. It's a study of emerging social dynamics in virtual worlds and large-scale online games being conducted by the Incisive Analysis program.

Porter told the magazine that she is looking for people to run projects within the agency's three programs. IARPA is designed to do high-risk, high-payoff advanced intelligence research, so she is looking for "very smart people who understand what it takes not just to technically comprehend a problem but how to bring an idea to reality programmatically," she said.

The IARPA.gov Web site soon will carry instructions and forms for applying to run projects there.

IARPA will cooperate with DARPA and work closely with In-Q-Tel, the intelligence community's venture capital fund, even though In-Q-Tel's focus is near-term, high-risk problems, Porter said.

IARPA's current location -- on the University of Maryland campus, albeit in a fenced and guarded National Security Agency compound -- is intended to signal the agency's openness to academics and others outside the intel world whose ideas and skills could help solve huge problems such as sorting through data, figuring out how to better target and winnow what intel agencies collect and how to keep that information safe in the Web-enabled world.

You can go to the Moon with NASA late this year. Well, sorta, at least your name can go.

NASA is offering to add anyone’s name to a database, which will then ride on a microchip inside the Lunar Reconnaissance Orbiter spacecraft. Just go to the designated Web site to sign up and print out a certificate saying you’ll be on board.

The orbiter will create an atlas of Moon features and resources, a first step in creating a U.S. base there to assemble spacecraft to take humans to Mars. LRO will carry six instruments and a technology demonstration project. It’s supposed to send back the most complete dataset ever compiled about our satellite planet, including best landing sites for America’s return now slated for 2020.

The deadline for getting your name on the lunar list is June 27.

You can watch NASA-produced videos about sending your name to the moon here.

The Washington Times is reporting that Sen. Russ Feingold, D-Wis., wants to know "why federal air marshals (FAMs) were prevented from boarding some flights because their names matched those on the terrorist no-fly list, and whether the problem has been solved."

The Times ran a story yesterday that said the problem has persisted for years, but it wasn't until April 23 that a new security directive was released "to address those situations where air carriers deny FAMs boarding based on 'no-fly list' names matches."

"Glad" to see that the government takes as long to address the problems of air marshals as the general public.

If this is all true, this is just too dumb for words.

If your agency’s auditor concluded that because your networks didn’t have the ability to monitor which employees were accessing personally sensitive information – say, like, Social Security and tax identification numbers – would you respond to the audit by saying that such a security practice was adequate and that to do monitoring wasn’t worth the time and effort?

That’s how John Guhl, New Jersey’s Medicaid director, responded when the state’s auditor concluded that New Jersey’s Department of Human Services lacks the security policies and procedures to protect personal information on the computer system it uses to process claims for more than 1 million Medicaid patients, according to an article posted by Newsday.

Here’s an excerpt from Newsday on what Guhl wrote in response to the auditor’s report:

In a written response to the audit, [Guhl] … said all employees take training in federal requirements for personal health information.

But he wrote even the best procedures would not guarantee security and said he believes "the current security provisions are adequate."

"As indicated by the auditors, the implementation of this recommendation would require substantial time and effort," Guhl wrote. "This cost would be continuous as resources and time would be needed to monitor and maintain this function."

He told senators during a recent budget hearing that employees cannot access the entire system, only the areas in which they work. He said supervisors know what employees logged into the system and when but not what record was viewed.

"We don't have that level of detail," Guhl said.