Langevin's bill takes a stab at measuring actual security results, at least for the Homeland Security Department, and, for what some security experts hope, could be governmentwide. The key to the bill is requiring DHS to test if it can successfully defend its networks against known cyberattacks and to conduct vulnerability testing. The bill would have DHS measure what is actually happening on the ground and defending itself against what are real threats.

Mark Hamilton, the Environmental Protection Agency's senior information management officer, has a lot of ideas about how technology can serve the agency's strategic plan to meet its mission.

First there's nano-technology. Speaking at the Industry Advisory Council’s Executive Session on May 7, Hamilton said the EPA is incorporating the use of technology with its operations teams to better track the status of natural disasters. Hamilton used the example of a recent encounter with an EPA field employee, who was assigned to cover the Port of Long Beach in Los Angeles, Calif. The employee was driving a mobile laboratory van when Hamilton approached him and asked to check out the inside. The employee explained to Hamilton that the EPA was using nano-sensors spread over the water’s surface to detect and isolate oil spills, work that used to be done visually from a helicopter – a practice that is "not too useful at night,” Hamilton said.

The recent contamination problems with foreign produce heparin that is believed for the deaths of 81 persons in the US as well as chemical-tainted wheat gluten in pet food have been major drivers for strengthening the FDA's oversight capabilities.

The story goes on to say:

Recognition that collaborative efforts can lead to great results is growing in both the public and private sectors. What distinguishes the wiki approach from previous collaborative initiatives is that contributors to the process can be “amateurs” rather than professionals. Anyone can contribute. The contributions of some may be modest, focusing on the correction of spelling and grammatical errors. The contributions of others may be deeper – for example, they may focus on developing and refining foundational ideas. The Wikipedia experience has shown that well-articulated and valuable insights can emerge through this process.

Government agencies are mulling over the wiki phenomenon to determine its value in the public sector. Its value can be seen at three levels of operation:

• Project level: In building new systems, requirements can be harvested through wiki exercises. That is, a primitive statement of system requirements can be posted publicly. Customers and technical people can be asked to build on this primitive statement in order to create a full-blown set of requirements that reflect both customer and technical sensibilities.
• Intra-agency level: When an agency plans to launch a program that will change how it operates, inputs from employees and contractors handled through wiki processes can help the agency to formulate the program architecture more quickly and comprehensively than by setting up a task force to do the job.
• Inter-agency level: Government agencies tend to operate as stove pipes. However, this can lead to poor results, as the 9/11 catastrophe showed us. Because US intelligence agencies did not share their knowledge and insights regarding terrorist activity, the US was unable to anticipate and prevent the 9/11 attack. Government agencies can establish wikis to span organizational boundaries. The intelligence community did this after 9/11 when the created Intellipedia, three wikis that solicit contributions from employees of 16 intelligence agencies. Early results from this effort are encouraging.

There are two basic advantages to a wiki approach. First, because it is carried out in a virtual environment, it can be implemented quickly. There is no need to assemble committees of experts who deliberate indefinitely. Second, because it solicits input from a wide range of contributors spanning organizational boundaries, it has the potential of generating solutions that are both deep and broad.

Government should experiment with cross-boundary collaboration at the project, intra-agency, and inter-agency level. The tendency of bureaucracies to operate inside boxes is well-known, as are the perils – particularly the curse of parochialism. However, in exploring the strengths of collaborative action, government should avoid marching around with the wiki tool in search of applications. First, it should identify situations where collaborative inputs would help it function more effectively. Then it should determine whether a wiki approach is appropriate to engender meaningful collaboration, or whether some other approach is better. Finally, it needs to address the details of implementing a wiki solution – Are we able to establish a wiki platform? Will our organizational culture promote meaningful participation by the intended audience? As wiki solutions to problems emerge, will they be taken seriously by the agency’s management?

The rationale underlying the wiki concept is to post an idea publicly, then to let players add to, adjust, or take away from the idea iteratively. Over time, with input from many players, what starts as a primitive idea can grow into a well-developed statement.

The power of the wiki was demonstrated with the creation of Wikipedia in 2001. In a very short period of time, with input coming from tens of thousands of contributors, Wikipedia evolved into a first-rate encyclopedia. What is interesting is that the encyclopedia emerged without any central organizing force. It has been created by amateurs who organize their efforts independently. No one tells them what to do. They work on what they find interesting. Furthermore, Wikipedia is a work in progress – entries are continually changed to reflect prevailing thinking and actions. It will never be a finished document.

Both public and private sector entities are trying to harness the forces of wiki-like collaboration. The traditional way of getting things done has been to put a job into the hands of experts. For example, in developing a new product, technical people work on technical things, editors work on documentation, marketers develop a market strategy, and so on. The wiki-way is very different. Different players contribute their insights to develop a new product, regardless of their expertise. Technical people can contribute thoughts on marketing strategy, while marketers can suggest technical enhancements.

Interestingly, some of the greatest enthusiasm for collaborative work efforts in government is coming from the intelligence community. The 9/11 disaster highlighted the price the USA had to pay for the absence of a collaborative spirit among intelligence agencies. We now know that all the information needed to stop the 9/11 terrorists was in the hands of American intelligence agencies prior to the attack. However, because the agencies did not share the information they had, no one in the US government was able to anticipate and head off the impending calamity.

One attempt to harness the collective wisdom of employees working at different intelligence agencies has been to establish the wiki Intellipedia, which was set up in 2006. Link Only employees with proper clearances are able to access and contribute to Intellipedia (comprised of three wikis). Already, it has provided the intelligence community with insights into how to deal with terrorist attacks in Iraq. Its strength is that it can quickly leverage the knowledge and thoughts of the entire intelligence community. There is no need to set up a task force and wait six months for results.

In order to make sure that managers within the intelligence agencies take the need for cross-agency collaboration seriously, the Office of the Director of National Intelligence has issued a new directive that will require senior managers at the nation’s sixteen intelligence agencies to be assessed according to a common performance evaluation system Link. A key criterion for evaluation focuses on the extent to which senior managers promote collaboration across agency boundaries. This is a good step.

Intellipedia offers a technical fix to the challenge of cross-agency collaboration. However, given the strong territorial tendencies of the agencies, a number of important questions arise: Are their employees willing to participate in the effort in an effective way? Will they hold back information that they feel their agencies “own”? When looking at the conclusions emerging from a wiki exercise, will they ignore the findings based on not-invented-here feelings?

Ultimately, the success of cross-agency collaboration requires that the players trust the system and want to work together. If these criteria are not met, then technical wiki fixes won’t work.

IARPA is the intelligence version of DARPA, the Defense Advanced Research Projects Agency, where, incidentally, Porter once worked. In the interview, she discusses the new tripartite organization for IARPA. Its three program offices are Smart Collection, Incisive Analysis, and Safe and Secure Operations. The agency lives in the Office of Science and Technology at the Office of the Director of National Intelligence.

IARPA recently announced it will be snooping around the virtual world via a foxy little project called Reynard, a fox who is the hero of Medieval satires about social manners and classes. It's a study of emerging social dynamics in virtual worlds and large-scale online games being conducted by the Incisive Analysis program.

Porter told the magazine that she is looking for people to run projects within the agency's three programs. IARPA is designed to do high-risk, high-payoff advanced intelligence research, so she is looking for "very smart people who understand what it takes not just to technically comprehend a problem but how to bring an idea to reality programmatically," she said.

The IARPA.gov Web site soon will carry instructions and forms for applying to run projects there.

IARPA will cooperate with DARPA and work closely with In-Q-Tel, the intelligence community's venture capital fund, even though In-Q-Tel's focus is near-term, high-risk problems, Porter said.

IARPA's current location -- on the University of Maryland campus, albeit in a fenced and guarded National Security Agency compound -- is intended to signal the agency's openness to academics and others outside the intel world whose ideas and skills could help solve huge problems such as sorting through data, figuring out how to better target and winnow what intel agencies collect and how to keep that information safe in the Web-enabled world.

NASA is offering to add anyone’s name to a database, which will then ride on a microchip inside the Lunar Reconnaissance Orbiter spacecraft. Just go to the designated Web site to sign up and print out a certificate saying you’ll be on board.

The orbiter will create an atlas of Moon features and resources, a first step in creating a U.S. base there to assemble spacecraft to take humans to Mars. LRO will carry six instruments and a technology demonstration project. It’s supposed to send back the most complete dataset ever compiled about our satellite planet, including best landing sites for America’s return now slated for 2020.

The deadline for getting your name on the lunar list is June 27.

You can watch NASA-produced videos about sending your name to the moon here.

The Times ran a story yesterday that said the problem has persisted for years, but it wasn't until April 23 that a new security directive was released "to address those situations where air carriers deny FAMs boarding based on 'no-fly list' names matches."

"Glad" to see that the government takes as long to address the problems of air marshals as the general public.

If this is all true, this is just too dumb for words.

That’s how John Guhl, New Jersey’s Medicaid director, responded when the state’s auditor concluded that New Jersey’s Department of Human Services lacks the security policies and procedures to protect personal information on the computer system it uses to process claims for more than 1 million Medicaid patients, according to an article posted by Newsday.

Here’s an excerpt from Newsday on what Guhl wrote in response to the auditor’s report:

In a written response to the audit, [Guhl] … said all employees take training in federal requirements for personal health information.

But he wrote even the best procedures would not guarantee security and said he believes "the current security provisions are adequate."

"As indicated by the auditors, the implementation of this recommendation would require substantial time and effort," Guhl wrote. "This cost would be continuous as resources and time would be needed to monitor and maintain this function."

He told senators during a recent budget hearing that employees cannot access the entire system, only the areas in which they work. He said supervisors know what employees logged into the system and when but not what record was viewed.

"We don't have that level of detail," Guhl said.

In the federal government, rarely does a CIO have such a lofty position in a department, much less the president's cabinet. We'll watch closely to see how successful Takai is.

As expected, privacy experts and techies aren’t too keen on this development.

Hat tip: Slashdot

Forrester Research released its federal government spending forecast for 2008 (including some insights into what 2009 may be like), as Nextgov reported, and it concludes that any new spending will go to consolidate information technology infrastructure and replace or upgrade servers and applications systems. And for more storage. This is real mundane stuff. Important to build new programs on, for sure, but still ho hum.

The wars in Iraq and Afghanistan, and any IT needs there, are sucking up almost all new spending, Forrester reports. During the Bush administration, IT spending has ranged between 1 percent and 7 percent, with the larger increases coming after 9/11 to build IT systems to fight terrorism – many of them controversial for compromising Americans’ privacy. President Bush asked for a 4 percent increase in IT spending for fiscal 2009. But a lot of that will go to support IT on the battlefield and to support health care for veterans. The rest will just keep the lights on, Forrester concludes.

Even a new administration, which Forrester predicts will focus on domestic IT spending, won’t bring bold thinking in 2010. Forrester predicts: “The new administration … will likely include priorities around reducing costs and improving efficiency.” Sounds like more consolidation.

There’s always 2011.

VA Deputy Secretary Gordon Mansfield, however, didn't think there was any attempt to mislead Congress.

In addition, Mansfield and Undersecretary of Defense for Personnel and Readiness David S. C. Chu also tried to place the best spin on the increasing number of suicide attempts. Mansfield said that young people between the ages of 15 and 24 try suicide more than others, and since Defense recruits in that age group, an increasing number of suicides should not be seen as an epidemic.

This is an interesting view given that it appears that veterans between 20 and 24 years old, and the ones most likely to have been in Iraq or Afghanistan, are committing suicide at twice to four times the rate of civilians of the same age.

Chu put an even more positive spin on the situation. “I think the good news is that on an age-adjusted basis, department suicide rates as a whole tend to be a bit below the national norm. And even with the Army’s increase it puts at approximately at the national level.”

So active duty suicide rates are increasing, especially in the Army, but when you average it out, it is about the same as the general population.

Nothing to worry about here, mate, just move along.

If this is what Defense and VA think is good news, I would hate to see what they think is bad news.

The Office of Management and Budget has long touted the value of transparency in government. So explain this:

OMB released a report today on progress in implementation of Homeland Security Presidential Directive 12, or HSPD 12, which requires agencies to issue biometrically enabled credentials to all employees and contractors to replace standard flash badges. In that report, the total number of employees and contractors that will receive the badges were more than double what OMB reported only six months ago. OMB now reports that 4.3 million employees and 1.2 million contractors require new cards, compared to 1.9 million federal employees and 591,358 contractors, as reported in October 2007.

That change likely explains another anomaly. Ninety-seven percent of federal employees and 79 percent of contractors could not have completed the required background checks, as reported in October, because the latest report states that only 59 percent and 42 percent respectively have done so.

What’s the explanation for such a drastic difference? OMB opted not to provide one in a briefing on the latest numbers; in fact, the change in the numbers wasn’t even mentioned. When asked later, a spokeswoman attributed the undercount to faulty data. “We have better and more complete data now than we had previously,” she said.

So how does FedWorld see this topic? With no subtlety at all, of course.