MeriTalk - Where America Talks Government
Steve O'Keeffe

Delicious Digg StumbleUpon
View All Entries
Popular Tags
Posted: 10/19/2010 - 6 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]


Yankee Doodle dates from the Seven Years' War - 1756. If our frontier government rode on one pony's back then, we'd need 10.68 trillion donkeys or 1.068 trillion elephants* to carry today's national responsibilities. And with heaped Chinese debt in every saddle bag and a rapidly aging population at the reins, the upcoming mid-term election question for our economy is not if, but "which straw will break the camel's back?" - please excuse the mixed metaphor(s).

Let's face facts, government and the nature of our society as we know it have to change. Take a look at the global picture. Shrinking workforce. Increasing healthcare cost. Slow growth in GDP. The developed world can't afford our benefits. The French and Greek governments are being taken to the wood shed as they try to increase the retirement age. The Brits are taking a pounding over cutting child benefit for the rich. Ireland is drowning in debt - where are those lucky charms? But, this is not a uniquely European phenomenon. Secretary Gates sounded the alarm about defense healthcare spending. While America's population is younger than Europe's and our spending on healthcare is significantly lower, America does need to restructure benefits - and the retirement age must climb.

The irony is that politicians need the courage to make tough decisions in reforming social policy. But, those decisions will be unpopular - and likely disastrous for the brave at the polling stations.

As we head into the mid-term elections, President Obama is bracing for impact. He needs to point across the water at the lands of our forefathers, present the tough choices ahead clearly and simply, and critically focus America's engines on innovation. And, this notion of open government - trumpeted by policy wonks as vaunted digital democracy - must be repurposed as an operational engine to provide available services at radically reduced cost points.

Join MeriTalk and 500 Federal open government leaders for the 2010 Adobe Government Assembly - Engage America conference on November 3 in D.C. Here's your chance to hear David Plouffe, President Obama's campaign strategist, talk about technology and citizen engagement. Get the latest on progress in transparency, collaboration, and citizen participation. Donkeys and elephants welcome.

*Calculation based on the assumption that an elephant will carry 10 vs. a donkey carrying one. Calculation of the number of donkeys required completely made up.

Posted: 10/11/2010 - 2 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]


I attended an all-boys high school. At 16, we had no idea how to talk to women. It seems OMB is tongue-tied too when it comes to FISMA reform, CyberScope, and chatting up CIOs and CISOs. As the deadline for all agencies to use CyberScope for FISMA reporting looms - November 15, 2010 - it looks like OMB is in serious danger of going to the prom alone.

A new MeriTalk study - FISMA's Facelift - reports that as of July 2010, 85 percent of Federal IT security leaders have yet to go on a first date with CyberScope. If beauty is only skin deep, let's dig beneath the surface. Of the 85 percent "CyberScope virgins," 72 percent don't understand CyberScope's mission and goals - and 90 percent don't know how to get lucky - they're unclear on the submission requirements. 55 percent question CyberScope's economic benefits - asserting it will increase cost. Most damaging, Feds don't see the value of courting. 55 percent don't believe CyberScope will improve security oversight and 69 percent are unsure if the new approach will improve Uncle Sam's cyber security.

Now, if I were OMB, I'd be feeling pretty insecure about a new approach that was sold as a way to reduce C&A cost and improve outcomes at the October 29, 2009 Senate Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security Hearing. But, the study is not all bad news - no reason to resign CyberScope to living with his mother until middle age quite yet. You see, the 15 percent of Federal cyber execs in the study who have used CyberScope can't say enough good things about the portal. 100 percent of them give CyberScope an A or B grade - and they're all bullish about its ability to reduce cost, enhance oversight, and improve security outcomes.

From Cyrano De Bergerac to Billy Joel, there's ample evidence that to win in romance, we need to "tell her about it." OMB owns a golden opportunity to change the economics and outcomes associated with FISMA - too long the ugly duckling of Federal IT. Like a teen looking for love in today's connected world, Mr. Kundra must work his network to win - get the CIOs and CISOs that know, like, and value CyberScope to run their mouths. Perhaps OMB has too many balls in the air to listen to and really engage with its most important audience - the agencies? Time is short before the CyberScope deadline. Let's hope that romance is in the air.

That's two in a row on FISMA issues and OMB. Time to give it a break. I'm sure that Mr. Kundra could give me a pointer or two about how to speak with women.

Posted: 10/5/2010 - 7 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]


"Why are agencies forced to pay twice to C&A systems?" said the exasperated and cash-strapped Federal IT exec. "If agency A wants to use a system from agency B - a system that has already been C&A'd - then agency A needs to pay for a completely new C&A. If we're spending more than 20 percent of our cyber security budget on C&A - and the average C&A costs $167,643 - shouldn't we look for efficiencies?"

An observation over lunch was quickly validated by other Feds - IT execs battling with the double-headed budget and security dragon. Curious stuff. The FISMA C&A reciprocity riddle set me on a fool's errand to put a dollar figure on the cost of C&A redundancy. That said, it opened a new window on OMB's lack of transparency - quite astonishing in this era of open government.

Take a look at OMB's 2009 report to Congress on FISMA implementation - and you should. Here's the run down:

  • "Economic prosperity of our nation, blah, CyberScope, blah, training, blah"
  • Some nice charts and graphs
  • Alarming stats that make the case for cyber security automation. The report states that there are 60,000 cyber security Feds at an average cost of $159,000 per annum - confusing as OPM says that there are 70,000 IT pros in the Federal government; wonder what the other 10,000 do? Back to cyber security - so Uncle Sam's spending $10 billion+ each year on cyber folks. The report tells us that the agency cyber FTE budget is more than 150 percent of the total cyber security budget. Oh, and on top of that, agencies hired more than 30,000 cyber security contractors in 2009... pause to scratch head

But, back to the fool's errand. Disappointing to find there's no list of agency C&As in the report that would allow us to quantify the cost of redundant C&As. But, now the report gets really interesting. Take a gander at the charts on pages 14 and 15 of the report. The titles sound good - "C&A Cost by Agency" and "Testing Cost per Agency System." The Y axes show hard cost in dollars. However, the X axes are anathema to the principles of open government - "each dot represents an agency." OMB knows the agencies' identities, so why not attribute the dots on the graphs and show comparative costs? Why not map expenditure per system against FISMA grades to show taxpayers the value we're getting for every dollar?

Okay, the FISMA C&A redundancy quantification quest did not pay off yet, but it did lead to some other interesting data - and a series of more questions. I'll leave you with these three - and if you've got the answers, I'm all ears:

  1. Do Feds have too many people in cyber security - and could automation serve us better?
  2. Why is OMB talking transparency but hiding actionable information on cyber security performance and RoI?
  3. What's the cost of C&A redundancy and why is it necessary?