While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
How well are agencies doing at letting the public know how well they perform?
Agencies are getting better at making the information they gather for the Government Performance and Results Act readily available on federal Web sites, says Jerry Ellig, who helped write the 8th Annual Performance Report Scorecard released this spring by the Accountability Project of the Mercatus Center at George Mason University.
To rate agencies’ performance reporting, the center’s team looks at how readily available an agency makes its performance information to the public, what benefits the agency can demonstrate to the public from specific performance areas and the agency’s leadership on setting a plan to use the information to make future improvements in services.
The center recommends three ways that agencies can improve their online efforts to provide performance results:
• Provide better contact information. Most agencies provide only their main phone numbers and addresses, if they provide any contact information at all.
• Make home page links to reports more prominent. Although most agencies provide links on their main Web sites, the links are often difficult to spot and sometimes are even obscure.
• Give site visitors easy access to earlier reports. Agencies too often only post the link to a current report on the home page or prominently on their sites. Finding earlier reports often requires additional searches.
“Most agencies are now good at making their reports available on the Web; 18 of 24 agencies received the highest possible score on this criterion,” Ellig says. “The biggest remaining challenges involve content: expressing goals and measures as outcomes, and showing what the agency plans to do to remedy performance shortfalls and address management challenges.”
Go to governmentaccountability.org to read the full report.
Agencies Favor Server Virtualization and ITIL
90% Believe the information technology department is valued by agency employees
70% Plan to implement virtualization programs
55% View IT Infrastructure Library as an important tool, but only 30% plan to implement ITIL
20% Expect to be ready for Internet Protocol Version 6 by the June 2008 deadline
Top concerns: 82% IT security; 75% budget constraints; 42% dealing with new technology
SOURCE: April 2007 ScienceLogic survey of 113 federal IT officials
At least a couple of days a week during his morning commute to the Pentagon, David Fisher, director of the Business Transformation Agency, listens to the soundtrack from “Rent.” In particular, he finds motivation from the song, “No Day but Today.” The title alone is a motto, he says, adding that he likes to think of it in terms of the Defense Department efforts to modernize enterprise systems. “We owe it to the taxpayers to be impatient. We must get people to think, ‘What can we do to get some transformation today?’ ”
9 P’s of IT Security
When conducting a systems security assessment, former fed James P. Litchko says an agency, just like a corporation, needs to begin by reviewing nine items — what he calls the “Nine P’s”:
PROFIT: what drives the system’s policy and solutions (“For agencies, this is their mission.”);
POLICY: the basis for all security decisions;
PROCEDURES, PHYSICAL, PERSONNEL and PRODUCT (technology): the four sources for most — 70 percent to 80 percent — security solutions;
PROMOTION: how the agency informs people of their individual security responsibilities;
PLAN: the recovery strategy when the system comes under attack;
PRACTICAL: the usefulness and usability of the security program (“If the security solutions are too cumbersome, they won’t be used and they won’t be effective.”).
Litchko spent 20 years with the Navy, mostly as a surface warfare and cryptographic officer, and five years as a project manager at the National Security Agency, but now runs a security consulting business. He says that the hardest thing to learn when you work in information technology and your job is security is that you also have to know how to market, so you can sell your boss and a system’s users on the need for security.
“You need a motivated program manager,” he says. “To motivate them, you have to make doing the security assessment about meeting their needs. Start by focusing on mission and how security meets mission goals because the mission is something they know.”
Off the Shelf/Recommended Reading
By Whom: Brand Niemann, senior enterprise architect at the Environmental Protection Agency and co-chairman of the Federal Service-Oriented Architecture Community of Practice
Book: Understanding SOA with Web Services by Eric Newcomer and Greg Lomow
Why: “SOA is hot in government, but one needs more than white papers and marketing hype. One needs to see how it is done.”
More Help: The Federal SOA Community of Practice has an active wiki. At the start of May, the group held its third e-government conference to share best practices and roll out its Phase 3 Demo, which features the “Federal SOA Jump Start Kit” and tutorials on architecting and implementing SOAs. To learn more and download information from the conference, Google “SOA CoP Demo 3.”