Does government have the highly trained and talented top-level executives critical in promoting innovative ideas and growth through the use of information technology?

"The answer is 'No,'" writes Tom Hughes, chief information officer for the Social Security Administration, for a government management journal.

Hughes' blunt assessment appears in the upcoming spring issue of The Public Manager journal. Hughes' article, "The Courage to Change When Challenged," is one of four articles in the journal written under the purview of "PMA 44" (the President's Management Agenda for the 44th president, as in the next administration, a seminar series organized by Cisco's Business Solutions Group under the leadership of Alan Balutis, who also is a blogger for Tech Insider.) The other three articles cover human resources, acquisition and execution.

To improve government through the use of IT, Hughes recommends reinvigorating the bureaucracy by hiring younger leaders in the Senior Executive Service and hiring more private-sector managers in agencies' upper leadership ranks. He also suggests instilling in top leadership positions the understanding of how to use IT strategically to meet agency goals. One way, Hughes writes, would be to ask large companies to loan top executives to agencies to instill these changes.

Third, Hughes argues the government must invest in new technologies to remain competitive and to improve government services, such as spending more on high-speed broadband communications. (The United States has fallen from fourth in the world in broadband penetration to 24th, right behind Estonia.) Such an investment would provide new services to the public, including educational and recreational opportunities, and providing medical care to underserved populations.

You can read more about what the next administration should do to improve government management when the Public Manager is available in a few weeks.

The New York Times reported today that the Transportation Security Administration sent a letter to at least four graduate students at MIT informing them that the agency turned down their request for an identification card to work at the nation’s ports. The letters noted the students were “security threats.”

The students had applied for a so-called Transportation Worker Identification Credential, or TWIC, card, a program the federal government created after 9/11 to tighten security at the nation’s ports. The deployment of TWIC has been delayed for months for numerous reasons.

The Times article cites two cases, one involving a German student, the other a British student. In the rejection letters, John Busch, who is identified as a security administration official, wrote, “I have determined that you pose a security threat.”

When news broke several weeks back about the Census Bureau and the decision to scrap plans for the use of handheld devices and a so-called “high-tech count” in 2010 I can’t say I was “shocked.” I held off commenting because it brought back so many memories from 1980, from 1990 and from 2000. In fact, if I unearthed meeting notes, memos, and briefings from then, I likely could produce an account that mirrored what is swirling now: One of those “ripped from today’s headlines” accounts.

But it saddens me in so many ways:

The first wiki was created by Ward Cunningham in 1995. Cunningham’s goal was to use his wiki to establish a compendium of software design wisdom.

The rationale underlying the wiki concept is to post an idea publicly, then to let players add to, adjust, or take away from the idea iteratively. Over time, with input from many players, what starts as a primitive idea can grow into a well-developed statement.

The power of the wiki was demonstrated with the creation of Wikipedia in 2001. In a very short period of time, with input coming from tens of thousands of contributors, Wikipedia evolved into a first-rate encyclopedia. What is interesting is that the encyclopedia emerged without any central organizing force. It has been created by amateurs who organize their efforts independently. No one tells them what to do. They work on what they find interesting. Furthermore, Wikipedia is a work in progress – entries are continually changed to reflect prevailing thinking and actions. It will never be a finished document.

Both public and private sector entities are trying to harness the forces of wiki-like collaboration. The traditional way of getting things done has been to put a job into the hands of experts. For example, in developing a new product, technical people work on technical things, editors work on documentation, marketers develop a market strategy, and so on. The wiki-way is very different. Different players contribute their insights to develop a new product, regardless of their expertise. Technical people can contribute thoughts on marketing strategy, while marketers can suggest technical enhancements.

Interestingly, some of the greatest enthusiasm for collaborative work efforts in government is coming from the intelligence community. The 9/11 disaster highlighted the price the USA had to pay for the absence of a collaborative spirit among intelligence agencies. We now know that all the information needed to stop the 9/11 terrorists was in the hands of American intelligence agencies prior to the attack. However, because the agencies did not share the information they had, no one in the US government was able to anticipate and head off the impending calamity.

One attempt to harness the collective wisdom of employees working at different intelligence agencies has been to establish the wiki Intellipedia, which was set up in 2006. Link Only employees with proper clearances are able to access and contribute to Intellipedia (comprised of three wikis). Already, it has provided the intelligence community with insights into how to deal with terrorist attacks in Iraq. Its strength is that it can quickly leverage the knowledge and thoughts of the entire intelligence community. There is no need to set up a task force and wait six months for results.

In order to make sure that managers within the intelligence agencies take the need for cross-agency collaboration seriously, the Office of the Director of National Intelligence has issued a new directive that will require senior managers at the nation’s sixteen intelligence agencies to be assessed according to a common performance evaluation system Link. A key criterion for evaluation focuses on the extent to which senior managers promote collaboration across agency boundaries. This is a good step.

Intellipedia offers a technical fix to the challenge of cross-agency collaboration. However, given the strong territorial tendencies of the agencies, a number of important questions arise: Are their employees willing to participate in the effort in an effective way? Will they hold back information that they feel their agencies “own”? When looking at the conclusions emerging from a wiki exercise, will they ignore the findings based on not-invented-here feelings?

Ultimately, the success of cross-agency collaboration requires that the players trust the system and want to work together. If these criteria are not met, then technical wiki fixes won’t work.

Information technology experts and analysts have written about extensively: If you want IT to help drive an organization to meet its mission, the chief information officer must report directly to the head of the organization. California Gov. Arnold Schwarzenegger (R) has taken that to heart in his bid to improve the state's convoluted and disparate computer systems that resemble the federal government. He's placed the state's new CIO, Teresa "Teri" Takai, on his cabinet, "which means she has direct access to the governor, who also will hold her accountable," according to an article posted by the San Jose Mercury News. "In addition, the elevated stature earns her the respect of other cabinet secretaries, with whom she will need to work closely to institute any major changes that affect how computers are run across the state's dozens of departments and agencies."

In the federal government, rarely does a CIO have such a lofty position in a department, much less the president's cabinet. We'll watch closely to see how successful Takai is.

The following item was posted by Jill R. Aitoro.

The Office of Management and Budget has long touted the value of transparency in government. So explain this:

OMB released a report today on progress in implementation of Homeland Security Presidential Directive 12, or HSPD 12, which requires agencies to issue biometrically enabled credentials to all employees and contractors to replace standard flash badges. In that report, the total number of employees and contractors that will receive the badges were more than double what OMB reported only six months ago. OMB now reports that 4.3 million employees and 1.2 million contractors require new cards, compared to 1.9 million federal employees and 591,358 contractors, as reported in October 2007.

That change likely explains another anomaly. Ninety-seven percent of federal employees and 79 percent of contractors could not have completed the required background checks, as reported in October, because the latest report states that only 59 percent and 42 percent respectively have done so.

What’s the explanation for such a drastic difference? OMB opted not to provide one in a briefing on the latest numbers; in fact, the change in the numbers wasn’t even mentioned. When asked later, a spokeswoman attributed the undercount to faulty data. “We have better and more complete data now than we had previously,” she said.

If you needed reminding that information technology isn't always the answer to efficiency, you may want to check out New York Times technology reviewer David Pogue's recent pieces on the modernization of the air traffic control system. Last week he wrote about the automatic dependent surveillance - broadcast system (ADS-B), a GPS-based system that gives pilots a view of the air traffic around them. The idea is that with that kind of control (and not having to depend on air traffic controllers so much), planes could fly closer together and relieve some of the congestion that has led to record delays this past year.

But wait.

An article in InfoWorld today quotes IPv6 experts calling for organizations to adopt the next generation Internet protocol, which will provide more Internet addresses and with it the promise for new applications. From the article:

The telecommunications industry is going through "a period of grief" over the end of IPv4 (IP version 4), said Tony Hain, IPv6 technical leader for Cisco Systems. "Most people in the world are still in a state of denial" about upgrading to IPv6. "No one will ask for IPv6 until they run out of IPv4 addresses," he said.

Agencies are facing a June deadline – a mandate issued by the Office of Management and Budget – to make their network backbones IPv6 compliant. It looks like most will meet the deadline, but whether agencies will develop applications that take advantage of IPv6 is the question.

The ho-hum response from the Hill concerning private contractor employees accessing the passport files of Sens. Barack Obama, D-Ill., Hillary Clinton, D-N.Y., and John McCain, R-Ariz., is a bit surprising -- or on second thought, is it?

As Ari Schwartz, deputy director of the Center for Democracy and Technology, pointed out in his Nextgov blog and in a Nextgov article, the point here is the lax attitude many agencies have taken in developing privacy impact assessments, which are required by the 2002 E-Government Act. In the assessments, agencies are supposed to analyze how they collect, store, share and manage personal information in federal networks. The idea is for agencies to develop policies that limit access to information before setting up a database.

State, Schwartz says, has done only cursory assessments. And a State agency official says the department believes they "have seen the last of this."

None of the congressmen in the Congress Daily article (link above) mentioned the privacy impact assessments or the E-Government Act. This may be an opportune time to investigate how well agencies have complied with the law's requirement to properly protect the private information they have stored on databases.

In essence, the information security/assurance certification and accreditation process -- in both civilian and military realms -- represents a command and control view of decision making.

On the battlefield, the commander gathers information from advisors who are qualified to attest to the accuracy (or limitations) of the information they provide. Because no one ever operates without a degree of uncertainty, the commander makes decisions using available information but with the full realization that other factors are unknown and perhaps unknowable. The commander also recognizes that a bad decision will reflect on him or her directly.

An article in CIO Insight, states that CIOs, especially those in large companies, are to blame for the IT skills shortage; and if they were serious about ending the shortage they would make more investments in IT training. This correlates with my post, Training Anyone?" which suggests that agency CIOs should invest much more in training for their IT professionals.

The annual CIO survey recently released by ITAA and Grant Thornton again points to some of these very same issues elucidated by the CIO Insight article, but highlights the special concerns found in the federal environment. Agency CIOs are hampered by their lack of funding and agency commitment for training and staffing resources.

The “Blame” article also points out that IT executives are frustrated by the lack of skilled workers coming out of the university system, ill-prepared to function in the business world. In fact, federal agencies are lucky to be able to recruit and hire graduates of the Scholarship for Service Program. This program was designed to prepare students to graduate with specific knowledge and skills in IT Security and Information Assurance that would transfer immediately in the workplace.

Finally, “Blame” advises that many companies treat employees as disposable and fewer than half of large companies are successful in creating specific career paths. Again, federal agencies may have an advantage. The CIO Council’s IT Workforce Committee has created an IT Career Development Roadmap to assist IT Professionals in government to build long-term career progression plans.

The new president, coming into office Jan. 20, 2009, will face what the current head of the Office of Personnel Management has called a “retirement tsunami." According to many experts, 60 percent of the federal government’s rank and file workforce and 90 percent of its top managers will be eligible to retire in the next decade. OPM projections show that nearly 61,000 full-time permanent federal employees will retire in fiscal 2008 and that the number of retirements will peak between 2008 and 2010 – just as an incoming president seeks to launch her or his new administration.

Over the next five years, the federal government will lose more than 550,000 employees. But the market for recruits has never been more competitive and government employees are locked in a fierce contest with the private sector.

In an editorial in the New York Times Thursday, the paper calls the 2007 Secure America Through Verification and Enforcement Act, " a bad idea compounded by the notoriously bad state of federal government records."

The act would, among other things, "force all workers, including citizens, to prove they have a right to earn a living," by relying on the Social Security Administration to verify Social Security numbers for workers, the paper contends. The problem is that one SSA database has a 4 percent error rate, which would mean possibly thousands of workers would face firings and discrimination.

Other federal databases contain errors. The inspector general at the Justice Department reported last year that the Terrorist Watch List, which is used to screen 270 million people a month to identify possible terrorists, has a large error rate. "In an examination of 105 records, for example, the auditors found that 38 percent of the records contained errors or inconsistencies that the [Terrorist Screening Center's] own quality-assurance efforts had not found," according to a Washington Post article.

As the federal government relies more on information technology to support critical decisions, the importance of how clean its data is rises.

How confident are you that your data is error free?

The Government Accountability Office recently reiterated its designation of information security as a governmentwide “high-risk issue” in its report, Information Security: Protecting Personally Identifiable Information. The high-risk designation for information security in the federal government has been included in GAO reports to Congress each year since 1997. Along with its own audits, GAO’s most recent high-risk assessment was based on consideration of annual reporting by federal agencies of their own assessments of risk, including certain material risks reported regarding information security.

Consequences of real and perceived inadequacies in information security policies and controls

Under what circumstances would U.S. consumers confidently continue to share their data with companies that self report under Sarbanes-Oxley that their operations put customer data at high risk? Frankly, it is hard to imagine the likelihood that such companies could easily maintain the continuing trust and confidence of customers or shareholders without significant costs. In fact, Larry Ponemon, chairman of The Ponemon Institute, has reported that U.S. businesses have seen a steady exodus of customers, a reluctance of some customers to share data and increased costs, including from lost business opportunities, following disclosure of data breaches at their companies. Should we expect the reactions of U.S. citizens to be any different in the federal space? It seems unlikely.

The Risk Factor blogger Bob Charette, a risk management expert who consults with federal agencies on risk management, picked up yesterday's story on the deep trouble that the Census Bureau's handheld computer contract is in. In his blog post, he questions the credibility of the Capability Maturity Model Integration (CMMI®). Harris Corp.'s Government Communications Systems Division, which is the prime contractor on the $600 million handheld contract (now likely much more than $650 million after all the costs from changes, errors and delays are included), has a Maturity Level 3 rating. "The Level 3 rating denotes superior process maturity within the division's program management, engineering, quality assurance, and other disciplines, and achievement of this rating has become a competitive differentiator on many government programs," Charette quotes.

Charette wants to know: "At the very least, I think the division's CMMI rating may need to be re-evaluated, or maybe better, the U.S. government better start looking at what, if anything, SEI CMMI Level 3 actually means in practice."

Or it could mean, the customer, the Census Bureau, put too many demands on Harris -- so many, in fact, that no maturity designation, no matter how high, could have avoided the very problems that now threaten the viability of the U.S. census.

The Census Bureau has had trouble managing the costs, time lines and, most important, the performance of a contract to develop a handheld computer to collect data during the 2010 census. The cost of the contract has increased from its original $600 million to $647 million, according to a General Accounting Office report released today. If all related costs due to the handheld contract's delay and mismanagement are taken into account, GAO estimates the increase in costs for the 2010 census could range between $600 million and $2 billion.

While those overrun costs are high, many government information technology projects (and private-sector IT projects) have suffered similar fates -- with little or no repercussions for the agencies. But Sen. Tom Coburn, R-Okla., and a member of the Committee on Homeland Security and Governmental Affairs, has suggested something new that could set a precedent for other agencies. In a committee hearing held today on the problems with the handheld contract, Coburn suggested that any cost overrun in the contract be covered by the Census Bureau cutting the budgets for programs in future budgets. This is what he said:

For years, the Census Bureau has estimated that the 2010 count will cost between $11.3 billion and $11.8 billion. I hope that the Secretary of Commerce will work to ensure that the cost does not increase beyond that, even with these trying circumstances. However, let me be perfectly clear -- if the costs go over that amount, taxpayers should not have to subsidize this mismanagement more than they already have. If more money is needed, I fully expect that the department and the bureau will work internally and with [the Office of Management and Budget] to find offsets out of programs that already exist.

The Census Bureau's total budget for fiscal 2008 is about $1.5 billion, with larger budgets coming at the end of decades to pay for conducting the decennial census. Using even the conservative estimate of a $600 million cost overrun in the hand held contract would present a financial challenge, to say the least.

The administration’s top IT official bid an early farewell to government and industry IT workers at the 2008 Information Processing Interagency Conference in Orlando, Fla., Monday before announcing the winners of government project management awards.

Acknowledging the approaching end of the Bush administration, Karen Evans, administrator of the office of e-government and information technology at the Office of Management and Budget, called her fifth keynote at IPIC “bittersweet.” She then acknowledged the work of agencies to achieve the goals of the e-government initiatives, which identified several governmentwide programs to integrate agency operations and information technology investments.

“It isn’t work OMB has done; the work is done by vendors that help the agencies and the agency [IT administrators],” Evans said.

Recipients of government project management awards, some of which Evans announced Monday and others that will be announced at a Tuesday session, were recognized for programs that demonstrate excellence in project management:

Cost Savings/Cost Avoidance
Winner: NASA’s Shared Services Center
Winner: The Office of Personnel Management’s Human Resources Integration

Retooling the Infrastructure
Winners: The Energy Department’s Pacific Northwest National Laboratory Campus Camera and Emergency Call Station System; and the Interior Department’s 104 Mainframe Efficiency Improvement Project

Service-Oriented Architecture
Winner: DHS’ U.S. Citizenship and Immigration Services Enterprise Service Bus

Digital Trust-Infrastructure Security
Winner: GSA’s Managed Service Offering USACCESS Program

Identity Management-Biometrics
Winner: Federal Bureau of Investigation’s Quick Capture Platform

Delivering Mission Services/Practical Innovations
Winner: Bureau of Alcohol, Tobacco and Firearms’ ATF Knowledge On Line

Delivering Mission Services/Practical Innovations
Winner: Small Business Administration’s Business Gateway Initiative

Government Executive's Robert Brodsky reported today about how the Environmental Protection Agency may have wasted millions of dollars in extra fees to contractors for meeting performance thresholds. "EPA regularly gave contractors ratings of 'exceeds expectations' or 'outstanding,' which facilitated the higher incentive fees, according to" an EPA inspector general report.

Brodsky cites one of the nine contracts the IG analyzed, in which a high rating "was justified only with the following comment: 'The project management was excellent with no problems encountered and costs were within scope of work.' A project that merely encountered no problems or stayed within budget should have earned a grade of satisfactory, the IG said."

Since government projects typically miss deadline and come in over budget, encountering no problems and keeping costs within scope may seem like quite an accomplishment. Others may view it it as simply doing your job.

The idea that government should not be in the business of business was first articulated by the Bureau of the Budget during the Eisenhower administration in the 1950s. BOB was the predecessor to the Office of Management and Budget, which was created in 1970 during the Nixon administration.

Government should not be in the business of business. What this principle means is that there are broad areas of business activity that should lie outside the domain of government effort, e.g., providing food service, manufacturing, advertising, and offering medical services.

When Ronald Reagan took office in 1981, one of his top priorities was to shrink government. He believed that many of the activities carried out by civil servants could best be executed by the private sector. So he instructed the Office of Federal Procurement Policy (OFPP) to aggressively implement OMB Circular A-76, a government directive geared toward privatizing government activities.

Since retiring from the federal government in 2007, I have watched with a mixture of alarm and amusement as the Office of Management and Budget, Congress, the National Institute of Standards and technology, the inspectors general, the Government Accountability Office and agencies have continued to miss the point of information and mission assurance while enriching consultants and printer manufacturers by producing mountains of increasingly meaningless paperwork.

I intend to bring to readers’ attention various issues I believe deserve more critical thinking than is typically available in the federal enterprise (which I will henceforth call FedWorld).

I also believe:

• Information protection is better than security plans
• Privacy protection is better than privacy plans or impact statements
• Intrusion prevention beats the pants off intrusion detection
• Personnel security has almost nothing to do with HSPD-12
• Cybersecurity is only marginally related to information security
• … and so on.

Please remember my point of view before you comment on something I’ve written by chiding me that the Federal Information Security Management Act (FISMA) has it otherwise, that OMB guidance points in another direction, or that an IG will write me up. I no longer live in FedWorld so those customs and folk beliefs seem quaint.

The current issue of The Economist (Feb. 16-22, 2008) contains a 14-page special report on technology and government entitled “The Electronic Bureaucrat.” I'm still making my way through it, but it appears to confirm the obvious:

(1) Much that is good has happened to date, but there is more to do;
(2) It isn't all about technology;
(3) The real challenge will be to use IT to transform government.

But more on this when I've fully digested the whole section. What really got me going was an article on page 13 – “Government Offline.” The subtitle should give you a sense of what irked me – “Why business succeeds on the web and government mostly fails.” While private sector IT failures don't attract headlines in the Washington Post or snippets on the major news show, I seem to recall reading about as many serious problems in the private sector as I've seen in government. One major consulting firm had an entire practice devoted to systems in private sector firms that were over budget, behind schedule and not delivering the promised functionality. They even trademarked the name – “Runaway Systems.”

But am I just ranting as a retired civil servant, who can't accept the truth. Has e-government so far mostly meant high costs and poor returns? While in the private sector they have used technology to lower costs, please customers and raise profits? Let me know your thoughts.

IT Manager to IT employee: “I just cannot send you to training right now; I can’t afford your time away from the project. And, our training budget has been cut. ”

Sound familiar? Several issues – scarce training dollars (always the first budget to cut), can’t spare the worker, schedules and deadlines too tight, etc. Agency IT managers and executives are often caught up in this quandary. Take notice, this is short-sighted thinking. It is time to become more strategic and consider the long-term benefits of making sure your employees obtain timely training germane to their current duties.

A study a few years back indicated that top performing companies often had a higher percentage of payroll spent on training. This model should be considered by federal agencies.

Recently I had the privilege of talking about computer security at a hearing before two subcommittees of the House Committee on Oversight and Government Reform.

My principal focus was the Bush administration’s new "Cyber Initiative."

On Jan. 8, President Bush issued a new National Security/Homeland Security Directive. This order establishes a comprehensive, national cybersecurity initiative. Little is known publicly about the details of this national security order, because it is still classified. But it shows that information security is receiving serious attention at the highest levels of the executive branch. I believe this is good news.

The order creates an expanded role for the National Security Agency in protecting civilian agency systems. This raises some significant policy questions, such as, "How best can the government maintain and build trust with the private sector to promote computer security?"

For more on this topic, you can read my earlier post.

Late last year we blogged about a feature from CSO Magazine on the dos and don'ts of disclosure letters, those messages to customers and citizens informing them that their personal information may have been stolen. The feature compared how Monster.com and USA Jobs, the federal government’s site for job openings, informed the public when after a hacker infiltrated monster.com’s database of resumes in August. About 146,000 names and contact information of job seekers on the USA JOBS Web site were stolen.

At the time, CSO hadn't posted the article, but the site recently posted the comparison on line. The interesting take away here is that the federal government, according to public relations experts, did a better job in communicating to the public than Monster did.

Last Thursday was IT Job Shadow Day in federal government, with 475 students trailing IT staff at 36 agencies. Two of those students shadowed Karen Evans, administrator for e-government and information technology at the Office of Management and Budget, and Tim Young, deputy administrator for e-government and information technology, during a press briefing about the IT budget. The hope, Evans said, is that the effort will attract young talent to computer science, which would in turn help deal with ongoing workforce issues. “We’re one of many competing here to attract these students,” she said.

The Information Technology Association of America (ITAA) took the next step today in their merger with the Government Electronics and Information Technology Association (GEIA) by announcing that current ITAA Chairman Hank Steininger will serve as the chairman of the new board. Steininger, currently a managing partner at Grant Thornton, also will lead a five-member executive committee.

Current GEIA Chairman Gene Glazar, vice president for business development at BAE, and Gordon Coburn, CFO of Cognizant Technology Solutions, will serve as co-chairmen. Former GEIA Chairman Randy Lucas, a program executive at Verizon Business and former ITAA Chairman Dave Sanders, chief operating officer at Avotus, will round out the executive committee.

The new 28-member ITAA board of directors will be composed equally of ITAA and GEIA member companies. The merger will bring 400 companies focusing on public policy and IT together under the ITAA banner. The merger has been discussed since last fall and is expected to be completed April 1.

The following item was posted on the Blog "The Agile Mind," written by Anne Laurent, who gave permission to have the item posted in its entirety in Tech Insider.

The military services have been early and avid government adopters of gaming technology and especially software platforms. The Army has had tremendous success with its recruiting game, America's Army, and follow-on training modules built on the same game engine. The Defense Advanced Research Projects Agency and Sandia Laboratories have created wildly successful trainers for languages -- chiefly Iraqi Arabic -- culture and non-kinetic (civil-military) operations.

I've written about DARPA's projects and their Godfather, Ralph Chatham, for Government Executive magazine. I caught up recently with Chatham, who just left DARPA at year's end. Among the many strands in our rich and fascinating discussion, we talked about a very exciting DARPA project that could revolutionize the way the military -- and the rest of government -- uses games, as well as wreaking wide-ranging effects on the way games are created in the commercial world.

In March, Chatham expects to see a first version of DARPA RealWorld become available for use in the field. What's the big deal? Well, the huge speed bump to military use of games for training is that service members haven't been able to easily alter them to accurately represent the terrain, buildings--outside and inside--and vehicles they confront in the field. Real World is designed to be truly user authored by not-so-technically-adept soldiers, airmen, sailors and Marines on the ground. That means Real World can become a real mission rehearsal tool.

Daniel Kaufman, the RealWorld program manager, says his goal is to be able to build simulations without programmers. This "dictates a new approach to getting software requirements," he told the audience at DARPA Tech 2007, the systems and technology symposium held in August in Anaheim, Calif. "The 20 meetings to write the 100-page RFP to generate the 1,000-page specification to find a product that will not be delivered for four years has consistently failed," he continued. So he set out to build tools and capabilities so warfighters can create applications when they need them. Take a 19-year-old soldier in the field, Kaufman said:

He’s out on patrol in a rocky canyon in Afghanistan and some OPFOR pops up and shoots at him because that’s what an opposing force does. Our warfighter engages, the OPFOR vanishes, and our Soldier returns to base to be debriefed by his commanding officer. Our soldier gets out his laptop – and, voila! On the screen appears a scene that is an exact 3-D recreation of precisely where he was in that canyon. Not generic terrain – this is exactly his patrol and exactly his location.

Within seconds, our soldier is dragging-and-dropping:

“This is where I was; this is where my buddy was; this is where George was; this is where the HMMWV was, this is where the sniper was, and this is where we got shot, sir.”

Notice that I said he does it. There’s no software guy; there’s no writing down specs. He does it, and within seconds it’s right on his laptop screen and it’s exactly correct.

If you think about it, in that one small instance, four very important things have taken place: RealWorld has become an after-action review tool, a mission planning and briefing tool, a mission rehearsal tool and a training tool.

Imagine recording this whole sequence, and then sending it back by e-mail to Ft. Polk and Ft. Lewis, and Twentynine Palms, or anywhere else. And instead of trying to tell a kid back at a U.S. training base, "Look here’s 100 pages of doctrine that explains how you are supposed to handle an IED, and here’s a PowerPoint slide, and here’s a satellite map, and here’s a contour map," we put him right there!

Now training takes on a whole new meaning. Our stateside soldier is not working with, "Here’s a square: imagine that’s you, and imagine the bad guy is this circle over here." We’re saying, “In 90 days, you’re going to be there. Work with this simulation and figure out what you would do. Because if we have not gotten that sniper – who really does exist -- in three months, odds are he will still be out there and it will be your job to go get him.”

OK, so that's a revolution in military simulation, but what about overturning commercial game creation? Kaufman's prime contractor, Total Immersion, is making a bet by developing RealWorld for very little money. The company is getting its R&D paid for and gets to hang onto the real-time mission-rehearsal building tools it is creating. Since it now costs $20 million to $40 million to build a computer game, companies only invest in those that appear to have "blockbuster" written all over them. But what if a company developed a set of tools it could both use and license relatively inexpensively to others to use to create games quickly? Kind of blows open the whole game economy, eh?

More on all this to come, but for now, it's worth noting that before DARPA, Kaufman worked for DreamWorks Interactive, a joint venture between Microsoft and DreamWorks SKG, where he was involved in creating games including Goosebumps, The Neverhood, Jurassic Park and the precursor of what was to become Medal of Honor. Before that, he was an attorney with Brobeck, Phleger & Harrison (Palo Alto, Calif.), where he had the largest game company representation in the United States, handling the EA/ABC joint venture, Spectrum Holobyte's management buy-out and merger with Microprose, which led to an IPO, the formation of Crystal Dynamics, and the formation and subsequent sale of Humongous Entertainment for $76 million. Oh, and the CIA's venture catalyst, In-Q-Tel, once commissioned him to look into how gaming could help the CIA train, too.

Smart development, smart acquisition, smart partnering with the private sector and smart risk taking. Watch out big, entrenched military simulation companies!

While progress is being made, the government has a ways to go before it can claim to have fully embraced Enterprise Risk Management (ERM), subject experts said at a panel discussion on the topic yesterday.

Attending the 2008 AFFIRM CFO Summit were Douglas Webster, chief financial officer at the Department of Labor; Jim Martin, chief financial officer at the Department of Housing and Urban Development; and Mark Krzysko, an acquisition executive in the Office of the Secretary of Defense. Each spoke about the unique challenges of trying to implement newer risk assessment and mitigation strategies to the federal arena.

According to COSO, ERM is defined as a process to identify, assess and mitigate potential risks across an enterprise. The approach has been gaining steam in the private sector and has started to cross over into the federal workspace.

Webster said that one of the problems with the current approach is the focus on audits and internal controls, which he called a foundation on which better risk management practices must be built. "Internal controls are largely operational, while audits are backward looking. ERM focuses on projected risks,” Webster said. “Identifying all risks is not enough. You must balance those risks with the amount of monetary investment they require.” He added that the government should look to the private sector for those best practices.

The concept of risk vs. return is an interesting one, and one highlighted a Government Executive article on the Census Bureau's rationale and later contract problems in switching to handheld computers to support the 2010 Census. According to Krzysko, such risk/reward calculations are a critical part of ERM. “I believe the dialogue has shifted; we are now asking ‘What value does this (project) bring the taxpayer, the warfighter, or the community at large?’”

As an example of how ERM could improve the acquisition process, Krzysko referred to Defense's success in establishing a new software program that allows senior decision makers to instantly view on a computer the critical pieces of information on major weapon systems. “Within 45 days, we were able to access the programs of 12 major weapon systems worth over $103 billion in nanoseconds," he said. "Before that, you had to go through multiple services and someone had to prepare and walk the data through the process. It has helped us move from a focus on compliance to one on responsibility.”

Still, there remains much to be done. “Not to be negative, but there’s a good ways to go in terms of best practices when compared to the private sector," Webster said. "You still don’t hear the risk part of the equation in the daily vernacular of decision making."

When asked who was leading the charge in the government towards ERM, Webster said the only agency to enforce COSO’s definition of ERM is the Federal Deposit Insurance Corp. “They got it. It would be worthwhile if more organizations did the same,” said Webster. “There are difficulties in applying ERM to the federal government, but they are not so great that we shouldn’t attempt moving in that direction.”

After much speculation, Rep. Tom Davis, R-Va., confirmed yesterday that he will not run for office in 2008. As Republicans and Democrats scramble to defend or snag (respectively) the Davis' congressional seat, the technology community – both in and outside government – bids farewell to a staunch advocate.

The list of IT issues that benefited from Davis' support is long. In his early days in Congress, he founded the Information Technology Working Group to promote a better understanding of issues important to the computer and technology industries. He sponsored the Y2K Act, which encouraged Y2K compliance in industry, and later helped pushed several bills through Congress that advanced efforts to more strategically implement IT: the E-Gov Act of 2002, the Federal Information Security Act, and the Critical Infrastructure Information Act, to name a few. He speaks frequently in support of changes to trade agreement laws that would make it far easier for agencies to purchase technology goods and services.

Phil Bond, the president and CEO of the Information Technology Association of America, described Davis as the “ultimate champion for technology in Congress,” helping to “tear down the wall between the federal government and commercial technologies.

“When other members needed to get smart on IT, they often called Tom,” Bond said in a prepared statement.

Now what? In a statement released this afternoon, Davis said that he has not yet decided what opportunities to pursue, "but it’s clear to me that returning to the private sector and reacquainting myself with that view of the world is the best move." He was careful to call his departure “a sabbatical from public life,” keeping the door open for a return to government, but no doubt the number of offers coming his way in the meantime promises to be staggering -- if it isn't already -- as IT firms and organizations scramble for the chance to profit from his knowledge of government IT as well as his influence.

The New York Times reports today on the backlog of investigations facing the Food and Drug Administration. The FDA must inspect foreign plants that manufacture medical devices, drugs and process food. But, as the Times reports, antiquated computer systems cannot support the work. In fact, the FDA cannot create a list of plants that have not been inspected. The Times based its article on reports obtained from the Government Accountability Office. The reports will be released today at a hearing of the House Energy and Commerce Committee.

The pressure to go green – adopting policies, processes and technologies that reduce energy consumption -- is building, as Government Executive reported last year. Study after study has shown how much U.S. companies and the federal government can save by using more efficient computer equipment – and it’s not insignificant.

Now, two more studies released this week pile on to the findings. The federal government could save about $960 million over five years if it adopts green technologies such as virtualization, consolidating servers and dynamic smart cooling, according to an article published by InformationWeek. Another study found that the federal government could save about $330 million over five years "by using more energy efficient PCs, specifically those that meet the Environmental Protection Agency's more stringent Energy Star standards that went into effect last July," according to the article.

Or, in other terms:

The annual savings by the feds using more energy efficient PCs would be equivalent to conserving 1.3 billion barrels of oil. Over four years, the report estimates the cost savings would be equivalent [to providing] 28,537 Americans with Social Security benefits for a year, or more than 989 million meals "to the hungry."

The studies were underwritten by the technology companies Hewlett-Packard and Intel.

It's official: The Senate confirmed four new leaders at the Homeland Security Department last night, one of which could play a key role in cybersecurity efforts.

Robert Jamison was appointed under secretary for the National Protection & Programs Directorate. The office is charged with minimizing the department's risk through an integrated approach of physical and virtual threats. Previously, Jamison served as deputy administrator of the Federal Transit Administration, leading a transit security program and Lower Manhattan transportation recovery operation, which was established after 9/11.

Other confirmations included Julie Myers as assistant secretary of the U.S. Immigration and Customs Enforcement (ICE), Jeffrey Runge as chief medical officer and assistant secretary for the Office of Health Affairs, and Ross Ashley as assistant administrator of the Federal Emergency Management Agency.

DHS Secretary Michael Chertoff released a statement on the confirmations this morning.

We think you, the technology manager in the federal government and industry, have a pretty good insight into just what are the hot issues and events that will unfold in 2008 for the federal IT market. Over the past few weeks we've invited you to take an online survey to let us know what you think; we just want to take this opportunity to invite you to take the survey again, if you haven’t.

We are conducting the survey in conjunction with our friends at Government Futures, which is also offering readers a chance to place bets on what’s going to happen in the federal IT community using the prediction markets on Government Future's Web site.

If you have taken the survey and placed your bets, thank you. If you haven't, please visit the site and give us your opinions. The questions cover a number of hot areas, including information security, the next-generation Internet and federal information technology spending.

In January, we’ll host a webinar to discuss the results of the survey and present an analysis of the predictions.

In the December issue of Government Executive, we discuss some trends that IT experts told us would be important. Now, we want your opinion. So, please take the survey and join the government futures market to help us figure it out.

Shannon Kellogg, director of government and industry affairs at RSA Security, recently recounted a decision by a federal agency to encrypt everything (systems, emails, devices) to avoid the dreaded security breach that so many other agencies have reported. Apparently, after the decision was made, a contractor working with the agency (Kellogg declined to name the agency or the contractor) accessed sensitive information while on the network, saved it on a USB memory stick -- and then walked out the door. Kellogg didn’t say if the agency reported any data loss – but who's to know? Exposure is exposure, and the risks still apply.

This story certainly isn't unusual, but it bears repeating because this plays out in every agency routinely. Among the most important lessons that can be learned may be to avoid knee-jerk reactions to security threats -- such as believing an encrypt-everything policy will insulate you from security breaches. Such policies are, by definition, reactionary – not strategic. Encryption – like any security strategy – works in specific circumstances, but should not be the end-all-be-all security policy.

And this lesson comes from a security vendor.

For years, information technology has been trying to break into the corporate board room or the high-level government management meetings where it can help inform strategies to accomplish an organization’s goals, be it making more profit or serving the public interest. Despite assertions that state otherwise, IT still, by a long shot, has yet to really become a driver in helping government deliver public services and fundamentally transform how agencies do business. IT has tinkered at the edges.

The reason may be that most of our political leaders are so disinterested in IT. We were reminded of that last week during the Republican presidential debates. As Garrett Graff, an editor at large at Washingtonian magazine, reminded us in the Washington Post’s Sunday Outlook section, presidential hopeful “Sen. John McCain let slip a fairly stunning admission,” when he said he “might ‘rely on a vice president’ for help on less important issues such as ‘information technology, which is the future of this nation's economy.’”

The problem, as Graff points out, is the odd allowance we as a nation give presidential candidates to admit that they know so little about an industry that is vitally important to the national economy – and for that matter, to national security. Such admissions happen with surprising regularly. We’ve written about Defense Secretary Robert Gates – who oversees the world’s largest military complex, which has pursued network-centric warfare as its primary strategic objective – that he is “a very low-tech person.” President Bush also has made statements about his ignorance of IT, as my colleague Tom Shoop pointed out in his FedBlog this past summer.

Graff does tip his hat to Democratic presidential candidate Barack Obama for issuing last month an “innovation agenda,” which lays out an IT agenda for government. Yes, the agenda represents “an exception to the rule” in the presidential race, as Graff says, but almost all Obama’s ideas are vague and warmed, and only advance the introductory Bush IT agenda, which accomplished little of what it set out to do, in just small ways.

The nation and government need something more. Something bolder that shows an understanding of how important IT is to the U.S. economy, how it can transform government and truly improve public services.

It’s been more than 10 years since President Bill Clinton described the 21st Century classroom as a place in which “computers are as much a part of the classroom as blackboards." Since then, schools -- and parents -- have spent millions of dollars on computers for students and their children under the assumption that the computers are directly related to improved learning and higher test scores. The problem is that no national study has proven those claims.

Now, more than a decade after the fact, the federal government wants to find out what the link is and has awarded a grant to education researchers at Indiana University to study how teachers and students use computers to learn. This seems a bit late.

For sure, the study could shed light on just what value computers give students in the classroom. But this fact has been debated for years. As Todd Oppenheimer pointed out in his article (subscription required) that appeared in the July 1997 issue of The Atlantic, computers’ value to education is questionable. An excerpt from the article:

… Alan Lesgold, a professor of psychology and the associate director of the Learning Research and Development Center at the University of Pittsburgh, calls the computer an "amplifier," because it encourages both enlightened study practices and thoughtless ones. There's a real risk, though, that the thoughtless practices will dominate, slowly dumbing down huge numbers of tomorrow's adults. As Sherry Turkle, a professor of the sociology of science at the Massachusetts Institute of Technology and a longtime observer of children's use of computers, told me, "The possibilities of using this thing poorly so outweigh the chance of using it well, it makes people like us, who are fundamentally optimistic about computers, very reticent."

Oppenheimer compares the computers-in-the-classroom phenomenon to film-strip technology students used 40 years ago: “‘Computers in classrooms are the filmstrips of the 1990s,’ Clifford Stoll, the author of Silicon Snake Oil: Second Thoughts on the Information Highway (1995), told The New York Times last year, recalling his own school days in the 1960s. ‘We loved them because we didn't have to think for an hour, teachers loved them because they didn't have to teach, and parents loved them because it showed their schools were high-tech. But no learning happened.’”

There's no reason to believe that these arguments are outdated -- especially given the fact the federal government just issued a grant to find out if they are. Besides, the rush to introduce computers in the classroom before researching whether they would, indeed, increase performance is part of a long string of similar information technology investments that organizations of all kinds have made, an act of chasing the hottest technology under the assumption that technology, in and of itself, will allow us to work faster and be smarter. “It’s technology, after all," goes the argument. "It must provide value."

For years, IT managers in federal agencies and in the Office of Management and Budget have tried to head off such thinking before it gets too far down the IT investment road. OMB's requirement for agencies to write business cases are just one example of this. A technology may seem like it would create efficiencies and add value, but the results from an IT investment are typically hard to measure – if an organization ever measures them at all. Or, which is more likely, the added value many times falls far short of the expectations managers had when the technology idea was first dreamed up.

The computers-in-the-classroom policy seems to have followed this same line of reasoning, although, at first, some research showed computers raised achievement. Years ago supporters pointed to the study “Connecting K-12 Schools to the Information Superhighway,” conducted by McKinsey & Co. for a Clinton task force formed to study technology and education, as the reasons why the federal government should support a policy that made computers a big part of curriculums. It concluded:

Many schools have experienced significant improvements in student performance after introducing computer-assisted instruction. For example, the Carrollton City School District in Georgia established a computer lab, among other changes, to reduce the failure rate in 9th grade algebra from 38% to 3%. In New Jersey, the Christopher Columbus Middle School saw student performance rise from well below to above state averages on standardized tests in reading, language arts, and math after the school implemented reforms that included extensive use of networked computers. The academic literature confirms technology's role in these improvements: a review of 254 controlled studies concluded that appropriate use of computers in the classroom reduces the time needed to master certain types of knowledge by as much as 30%. Put another way, in three school years, students benefiting from computer-assisted instruction can learn almost a full year's worth of material more than students who do not have access to the technology.

But Oppenheimer, in his article, refutes many of these findings.

Back to today. Now Indiana University’s Center for Evaluation and Education Policy will try “to figure out how teachers use technology in lessons and how students learn from that technology,” according to the Indianapolis Star article. “There have been some larger efforts, but it's mostly been a study here, a study there,” Jonathan Plucker, director of the center, told the Star. “It's a critical question that has never been answered. That's just so exciting.”

It might have been a good thing to ask that "critical question" more than a decade ago before schools and parents spent billions of dollars on computers without knowing for sure if they do indeed raise student achievement or how the computers could be used to do so.

The study is due to be completed in April 2009.

In this month’s cover article, CIO Magazine details how Wal-Mart lost its IT edge. The story is applicable to the federal government. The article catalogues how after years of being an IT leader (being among the first to adopt bar-code scanning, satellite communications, electronic data interchange, and a supply chain management system that automatically triggered orders to suppliers when stocks dropped) Wal-Mart’s legendary IT department has fallen on hard times, including some failures in the social networking realm. The IT problems have indirectly contributed to failed ventures in international markets and missed profit projections.

The failed ventures and lower profits may not be specifically applicable to government, but the reasons for Wal-Mart falling off its IT game may be. According to the article, Wal-Mart “has relied too much on centralized decision making” and “analysts say that Wal-Mart's reliance on homegrown IT systems -- and its conviction of their superiority -- needs to change.” Wal-Mart’s chief information officer, Rollin Ford, “must bring in best-of-breed commercial applications,” such as Business Intelligence and other IT tools to improve operations. “We cannot overestimate how much packaged software can help them right now,” says Paula Rosenblum, an analyst and managing partner with Retail Systems Research, according to the article.

Sound familiar? Also, what Wal-Mart is trying to do to recover its "IT mojo," as CIO calls it, holds some lessons for the federal government.

As an aside, it wouldn’t be too surprising if some government IT managers are now feeling redeemed after Wal-Mart was held up as a better relief provider than FEMA after Hurricane Katrina – mostly because of the company’s superior IT operations.

You just knew there had to be an IT angle to the special inspector general reports on procurement abuses associated with the Iraq War. You were right. There is. Seems that the United States spent $38 million to develop a financial management system for Iraq's government. When it stopped working for a month, no one noticed, according to an Associated Press article. From the article:

"According to U.S. Embassy officials, the Ministry of Finance continues to use its legacy system for overall budget and accounting, 'nobody noticed' when IFMIS was down for a month and no one relies on IFMIS to produce reports," [special inspector general for Iraq reconstruction Stuart W. Bowen Jr.] said.

Other ministries, such as interior and defense, have developed their own financial management information systems, and they are not compatible with the new one and cannot transfer financial data from one system to another.

Sound familiar?

In an item posted today in his blog, “The Risk Factor,” risk management expert Bob Charette calls into question OMB's announcement yesterday that the number of IT projects on its Management Watch List had dropped 61 percent – in seven months. “This is truly amazing,” Charette writes. “Sixty-one percent of government IT projects on the OMB watch list, which indicates whether they are well-positioned to execute, all got better at the same time. One can only conclude that the government has found a new, secret way to manage IT project risk.”

The skepticism doesn’t stop there. In an article posted today on Government Executive’s Web site, government project management expert J. Donaldson Frame says, “When I see miracle improvements occur very quickly, I wonder whether the improvements are genuine or reflect statistical artifacts."

And Ray Bjorkland, chief knowledge officer at federal marketing research firm FedSources, wonders how IT projects get on (and presumably then come off) the Management and High Risk lists in the first place.

For the 212 IT projects that came off the Management Watch List, OMB officials said those “agencies were able to adequately address deficiencies and weaknesses identified in these 212 investments by mitigating planning deficiencies, or in some cases, providing and completing additional documentation supporting their management activities.” No word on how well the projects are meeting budget, deadlines or performance measures, which Bjorkland says are the best indications of success in oversight of technology investments.

And the reason given for more IT programs going on the High Risk List? Again, better reporting from agencies, OMB said.

Interesting, better reporting was the reason OMB gave yesterday for the doubling of the number of reported security breaches exposing personally identifiable information. “An increase in reporting isn't necessarily a bad thing,” said Karen Evans, who holds the Bush administration’s top IT executive position at OMB.

This reason given when on the same day, Microsoft reports that phishing scams had increased more than 150 percent in the first six months of 2007 and the number of malware incidents increased 500 percent. Not to mention the 90 percent increase (over nine months) in the number of cyberattacks directed at electric utilities.

It still hurts my head to try to follow this logic. The message seems to be: It's good to know how bad things are. That could be helpful, if you then used that information to develop a plan to fix the bad things. No word on that, yet.

In August, the federal IT market research firm INPUT released a report showing agencies spending a greater portion of their IT budgets in the government’s fiscal fourth quarter. That’s up from 28 percent from the four year time period of fiscal 1997 to fiscal 2000.

Tech Insider blog item wondered if such an increase in IT spending over such a short period of time increased the chance that agencies may not be aligning spending with strategic goals and wasting money.

The answer may very well be yes, according to the Treasury Inspector General for Tax Administration. In a recent report, the IG found that the value of purchases by the Internal Revenue Service made in the month of September increased 671 percent from 2002 to 2006. Reviewing purchases made in August and September 2006, the IG “identified deficiencies with 14 (15 percent) of 92 procurement actions …,” according to the report. “We believe appropriations regulations may have been violated for four of the actions, while all required acquisition steps were not completed for the remaining 10 actions.”

The IG also wrote:

Inefficient and ineffective procurement actions can occur when there is a rush to use funds before they expire at fiscal yearend. This rush increases the risk that items purchased may not meet the requester’s need, thus requiring a second procurement action; were not obtained at the best possible price; or did not use the best vendor or type of contract because Office of Procurement personnel do not have the time necessary to perform a full contractor competition process. Therefore, funds may be spent inefficiently and ineffectively.

Ever feel that those thick, heavy volumes on how to better manage information technology in your IT shop are just a bit dense and hard to comprehend, much less put into practice? Well, you’re not alone. According to a recent survey, reports Network World, while 51 percent of IT managers use the Information Technology Infrastructure Library – known as ITIL, a set of volumes that present best practices in delivering IT services to an organization – more IT managers (55 percent) use practices that they themselves developed.

IT consulting firm BT INS conducted the survey. The firm also reported that those who think ITIL is critical to delivering IT services to their organization declined sharply to 32 percent this year from 45 percent in 2004 and 43 percent in 2006.

What may explain that is at the bottom of the article: “Also fewer survey respondents said they feel that they understand ITIL at both a conceptual and detail level.”

If you don’t get it, you won’t do it.

ITIL’s seven volume set, which was condensed from 30 books a few years ago, is supposed to be condensed even further – to five volumes – and released sometime this year. Not sure if that will help.

As if the Census Bureau didn't have enough risks to manage for the upcoming 2010 decennial census, now the bureau has to worry about not being able to conduct its dress rehearsal. In a New York Times editorial yesterday, the paper laid out the consequences of a stop-gap bill to fund the operations of the federal government through November. That means no funding for the Census Bureau's decennial dress rehearsals, which are critical for testing business processes and, most important, new handheld computers it plans to use to help count the population. Already, the handhelds present numerous risks to the bureau, according to a Government Executive magazine article published this summer, and not being able to test them only exacerbates the problem.

So much so, that the stop-gap funding measure "would virtually guarantee a flawed census," the Times concludes. "Especially imperiled by a funding delay is a contract for the hand-held computers that the bureau intends to use for the first time in 2010," the Times points out.

Information security managers in government, corporations and universities are about as frustrated as they can get in trying to find ways to tighten network security and protect privacy. (Just last month, as posted in Tech Insider, a well respected cybersecurity expert from Georgia Tech figuratively threw up his hands, saying securing the Internet against cybercrime isn’t going to happen.)

But the gloomy outlook hasn’t stopped security experts from trying new approaches. The University of Toronto this year launched the Identity, Privacy and Security Initiative (IPSI), which includes two related interdisciplinary masters level programs: a Masters of Professional Engineering and a Masters of Information Studies with concentration in security, reports InterGovWorld.com.

The program’s chair, Dimitrios Hatzinakos, says security managers have not been trained in programs that combine identity, privacy and security technology, processes and management. “Most of them are self-trained after they joined companies, but they have never been trained to have a holistic understanding of security,” according to the article.

Ontario's Information and Privacy Commissioner, Ann Cavoukian, said:

The IPSI program will not only educate future generations on how to build privacy into technology, but it will also hopefully develop a culture of privacy, a way of thinking that is committed to better information management and the protection of privacy. Even the most advanced technologies and the most rigorous privacy policies will not be wholly effective if organizations do not accept the protection of privacy as part of their institutional culture.

Changing culture. Not sure if a masters degree is the tool that can make that happen.

News that a special agent with the Commerce Department's Office of Export Enforcement was indicted yesterday by a federal grand jury for accessing a government database to track the travels of a former girlfriend raises the question: Just how often do federal employees misuse government computers? For sure, the case of Benjamin Robinson, a 40-year-old special agent for Commerce who had been with the department for 10 years is rather extreme. He accessed the database 163 times, lied to his supervisors and threatened his former girlfriend's life. It’s not the only one. Another extreme case of improper use of a government computer was posted in Tech Insider here. (I urge you to read the comments that accompany the item to get a complete picture.)

Discussing the former case with a source who has spent nearly 30 years working and consulting on federal IT projects here in Washington, D.C., tells me that this is just the tip of the iceberg. Of course, we hear about the more egregious, yet infrequent, abuses. But this source says less serious misuse, such as accessing private information for purely prurient interests and using powerful government applications for personal use is, if not common, widespread. In an upcoming "Managing Technology" column in Government Executive Magazine, a long-time General Services Administration employee says that the GSA has a well-publicized policy of monitoring Internet and network use, but it is widely known among employees that the logs are rarely scanned, leaving no check against misuse. I'll post a link to this story when it is published.

What's your experience at your agency or contractor's office of employees improperly using or accessing government databases or applications? Is it widespread? Let us know by clicking the comment link below.