MeriTalk - Where America Talks Government
Steve O'Keeffe

Delicious Digg StumbleUpon
View All Entries
Popular Tags
Posted: 6/5/2014 - 3 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

CDM Roadtest

CDM is all about numbers – $6 billion, 17 primes, legions of subcontractors, and one big question. Is the shiny new program making Uncle Sam's cyber security safer? This'll be a focal point of the Cyber Security Brainstorm on June 18 at the Newseum. More than 250 Fed cyber security execs have registered – so space is tight. But back to the question – how's CDM doing? Are the customers satisfied?

Under the Hood

Only one way to find out – take a peek under the hood. So, MeriTalk's Cyber Security Exchange asked Fed cyber security execs in the agencies if CDM's a Lamborghini or a lemon? We put the analysis wrenches down – and rolled out the CDM: Under the Hood study on Monday.

Good First Lap

DHS tells us that agencies burned rubber to meet OMB's CDM deadlines. More than 96 percent of agencies met the April 30 deadline to identify a CDM manager in their agency. More than 87 percent met the May 30 deadline to deploy products to support the new security management approach.

Find the Accelerator, Please

Quizzed about roll out and task order processing timing, 58 percent of Feds want to accelerate program phase roll out. Fifty-one percent want phase one solutions task orders processed more quickly – flag for Jim Piche and his team at GSA. Providing recommendations on how frequently to refresh security assessment and discovery information, Feds want more real-time updates. Today, the plan for CDM is to provide updates to agencies every 72 hours. Ninety percent of Fed cyber execs want daily updates, and 56 percent want updates every hour. Thirty-two percent want real-time intelligence.

Risky Business

As the cyber security market shifts from compliance to risk management, CDM corners like it's on rails and eats up the asphalt on the straightaway. Asked about the benefits CDM provides in their agencies, Feds revved their engines. Fifty-six percent say CDM reduces operational risk. Fifty-five percent point to enhanced risk prioritization – allowing cyber security pros to get to the worst issues first. Fifty-four percent point to quicker risk mitigation times – and 51 percent say CDM reduces time spent on paperwork.

FISMA Fork in the Road

Speaking of paperwork, it's impossible to put CDM on the lift without road testing it against FISMA. I asked OMB about CDM and FISMA – do agencies still need to pay for FISMA if they're doing CDM? OMB clearly said yes. "Yes. FISMA is the law." The study provides interesting insight on the relationship between cyber security's favorite acronyms – LOL. The net up front – FISMA’s far from RIP. Only 13 percent of Fed cyber execs consider FISMA OBE – saying that they have enough data to do away with FISMA. Fifty percent say they need FISMA today until CDM produces more data. Twenty percent say CDM will never replace FISMA. Interestingly, 17 percent are unsure.

Fed cyber security leads tell us they spend 25 percent of their cyber security budgets on FISMA compliance. Chipping in on future plans for FISMA reporting provides important insight on how CDM and FISMA can run together. Thirty-six percent plan to automate FISMA monthly reporting. Forty-two percent plan to swap out the automated dashboard for today's quarterly/annual reports. Disappointingly, 24 percent have no plans whatsoever to change their reporting behavior.

Real takeaway, NIST and DHS need to get together to tell one story. How do these programs fit together –and what's the roadmap for the future? And, speaking of confusion, or perhaps insecurity, the Federal cyber security initiatives need a branding makeover. How will the government achieve clarity if it keeps coming up with new terms?

Analytic Converter

Seems cyber execs like their new Streufert speedster. Looking down the road, Feds point to training, budget, legacy integration, technical complexity, culture, acquisition, and leadership supports as major speed bumps to accelerating CDM – check out the study for the stats. What do they need to pimp their CDM ride? Fifty-eight percent of Feds want more analytic capabilities. Next on the grid are critical application resilience, common trusted identities, automated tools, and enhanced RoI metrics – again, check out the study for stats.

So, there you have it, the numbers on CDM. If you're interested in the voice track, we'll look forward to meeting you in the pits at the Cyber Security Brainstorm at the Newseum on June 18. John Streufert's in pole position on the CDM panel.

CSX Brainstorm

Opt in today to keep stirring IT up.

Posted: 5/29/2014 - 7 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Halvorsen Hates Iowa

But he’s really got it in for data centers, applications, and cost. In a world of posturing and politics, I'd like to take a minute to salute Terry Halvorsen as he steps into Teri's shoes as DoD IT tzar. With the challenges in DoD computing, Terry may quickly develop a bunion. We know he's already recovering from Achilles surgery.

Modernization, the Movie

When acting as the DON CIO, Terry recently spoke at the Data Center Brainstorm and the Cloud Computing Caucus Advisory Group meeting on the Hill. Perhaps I'm losing my mind recommending that you watch a 17-minute video on the web, but if you want insight into DoD's most powerful IT brain, it's 17 minutes well spent. By government IT standards, this movie’s an action thriller – and a horror movie for those who dig the failing status quo.

Burn the Ships

No TQM, BPR, or Six Sigma – just straight talk. Navy plans to take $1.3 billion out of its data center spend. To achieve this, Terry cut the data center budget by $1.3 billion. Halvorsen hones in on what's important – and calls out the nonsense of the data center consolidation and counting fiasco. "It's about data center closings – not consolidations. You need to count money, not just data centers. To be clear, savings means that we spent less money – not just cost avoidance." Map this against OMB's double speak on the Hill – it's like music to my ears.

It's the Data, Stupid

Halvorsen grabs the issue by the scruff of the neck – to realize success you need to understand the data in your data center. You need to know your risk – not just cyber risk. This is where those of my readers from Iowa may want to turn off. At this juncture, Halvorsen unleashed on Iowa – maybe he has an allergy to corn? When running older applications, you will likely need your data geographically nearby – so cheap data center space in Iowa may be a false economy.

Killer Apps

"I don't like application rationalization – I like application kill." It doesn't get more real. Halvorsen tells us straight – murdering applications drives down data volumes. Is virtualizing data a good idea? **** straight it is. 

Big Enough to Matter

Halvorsen says he's not interested in definitions of data centers. The Navy has 150 data centers that are big enough – read expensive enough – for him to care. Unlike other execs who downplay the cost of labor, Terry tells it straight. The number-one cost in Federal data centers is labor – far and away. He also sparked off about power and facilities costs – and how Uncle Sam needs to rein them in.

Amazon Your Agency

Here's another third-rail issue. Halvorsen wants half the Navy's data housed in commercial solutions. He's pushing public-facing websites to Amazon – and realizing 66 percent in cost savings. Other commercial providers include HP's NGEN.

DISA Data Center Delight

He also applauded DISA's cloud and data center solution – saying it was very cost effective. The Navy is and will continue to run in DISA's data center. We're excited to hear from David Bennett, CIO at DISA, when he keynotes at the September 10 Cloud Computing Brainstorm.


It's not cost vs. mission – it's both. Cost significantly impacts your ability to achieve the mission. Halvorsen finally let up on Iowa as he noted that many applications do not need full COOP – it's very expensive. If you don't absolutely need a hot fail over – and can live with data restoration in five to seven days – here's your chance to take advantage of cheap capacity in Iowa.

Halvorsen's exactly what we need to shake things up in government IT. Again, I encourage you to watch the movie. Two thumbs up for his direct approach. He's going to shake things up in the E Ring. If he has a failing, it may be that obsession with Iowa? Perhaps it's because it's landlocked? Maybe he had a bad experience with a Goldfinch? Do the West Florida Argonauts have it in for the Iowa State Cyclones?

CSX Brainstorm

Opt in today to keep stirring IT up.

Posted: 5/22/2014 - 3 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]


While the weather’s tip top, the May 7 Senate Appropriations Subcommittee Hearing on Federal IT investments would have left Bill Murray with a chill. While the Ghostbuster suffered Groundhog Day in Punxsutawney, even he’d be scared by the déjà vu in D.C. For those who follow these things – the hearing sounded and tasted like last year’s hearing. Did OMB see its shadow – and if so, does that mean more accountability or six more weeks of IT left out in the cold?

This was the annual appropriator hearing on Fed IT spending. The questions here – is Fed IT's behavior appropriate, and will the Hill change its appropriation? Rather than simply report on who said what, we wanted to follow up with Senator Mikulski (D-Md.), the appropriations committee chair, to find out about next steps. Not to be inappropriate, but does the Hill plan to follow up on its comments – will we see any change in Fed IT appropriations?

The witness line up for the hearing included Federal CIO Steven VanRoekel and GAO IT director Dave Powner, as well as the administrators from GSA and OPM.

Read My Lips

To give you the net upfront, Senator Mikulski threw down hard in the hearing – she’s not happy about what she heard. And I quote – “We have spent billions of dollars on projects that have languished for years, only to be canceled or replaced with something else. This is inexcusable.”

Now You See IT, Now You Don’t…

Okay, now back to the stuff of the hearing. Pressed on IT savings, Steven VanRoekel said OMB has delivered $2.5 billion in savings from its PortfolioStat – and that we’ve already realized $1.9 billion in savings. To quote Cuba Gooding Jr. – Show me the money! But VanRoekel’s no Jerry Maguire. In this era of open government, OMB won’t release its CIO assessments. So, we don’t get to verify which agencies have realized savings, how they’ve achieved this, or where that saved money has been reprogrammed?

Too Big to Fail?

And, of course, the “savings” in Fed IT aren’t reducing the total IT spend – they’re being ploughed back into IT modernization. If government were a regulated industry, this type of accounting wouldn’t pass the smell test.

GAO Takes the Gloves Off

Dave “Rocky” Powner provided a reality check for the folks ringside. He hit VanRoekel with a series of rib shots – swinging hard at OMB’s $2.5 billion savings. “Based on our work, there are over 200 PortfolioStat initiatives that agencies are working on to eliminate at least $5.5 billion in duplicate spending.” Powner jabbed at the IT Dashboard – noting too many agencies have thrown in the towel on updates. Seems DoD’s listening to GAO. Here’s a DoD memo requiring components to do better on the Dashboard.

To Be Continued…

We followed up with Senator Mikulski’s office to get a sense of plans for next steps.  We hope the Senator plans to take some real action, but know she’s a busy lady.  Action needs to be had – there’s a reason why we don’t have a sequel to Groundhog Day.

50 First Dates

If there’s no accountability, then we’ll see no change – it’s 50 First Dates. And, speaking of dates, if there’s no enforcement, I wouldn’t bother putting next year’s Federal IT appropriations hearing on your calendar. Better to stay home and take in a good movie.

Opt in today to keep stirring IT up.

Posted: 5/8/2014 - 5 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Walter Bigelow – Chief of IT Systems ATF&E – Mountain Man?

So, you think you know Walter Bigelow at ATF&E?  Former Army, DoD, and NASA, he's the sober hand in Uncle Sam's most combustible IT shop.  Well it's a long way from his new-fangled office in NE Washington, D.C. to the top of Mount Rainier in Washington state – but that's where Mr. Bigelow's heading, again.  A real mountain man – not exactly the stereotype of a computer geek.  Explains why Walter and Simon Szykman hang together.

Head in the Clouds?
His appetite for cloud befits somebody with an appetite for heights.  He's an active participant in the Cloud Computing Caucus Advisory Group.  That said, he couples vision with steely pragmatics.  Nobody knows the reality of how to manage a government IT operation better than Bigelow.  Yes, he can be a cynic – that's why he's my go-to expert on why the latest new-fangled IT idea will fall off the mountain in D.C.  His attitude, wit, and purchase on reality come through loud and clear in this latest Zoom installment.

One additional aspect on Walter, he likes to get oil under his fingernails.  We share an affinity for old British jalopies.  Walter rebuilt the gearbox on his MGB, on his kitchen table, a few days before his wedding.  Hardware problems don't leave him stranded by the side of the road.

Go Bigelow
So, keep an ear open for news on Mr. Bigelow's ascent.  At more than 14,000 feet, Mount Rainier is the loftiest peak in the lower 48.  It takes three days to reach the summit.  Read more about his journey in the latest installment of Zoom.


Opt in today to keep stirring IT up.

Posted: 5/1/2014 - 7 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Hunk of Burning Love or Hound Dog?

Elvis released "Hound Dog"on June 5, 1956.  OMB picked the same date, 58 years later, for its FedRAMP deadline.  Will it be a hunk or a howler?  

The FedRAMP rockers – agencies, CSPs, and 3PAOs – who’ve invested millions in FedRAMP certifications, have Suspicious Minds.  They’re All Shook Up over concerns that OMB’s not going to enforce the deadline – leaving agencies free to buy non-FedRAMP cloud solutions.  And, those that bought the FedRAMP record, Crying in the Chapel.

Return to Sender?
MeriTalk chatted with OMB to understand EOP’s FedRAMP enforcement plans.  According to OMB, “agencies have to be FedRAMP compliant, not CSPs.”   OMB asserts that the deadline is designed to “put agencies on notice.”  OMB acknowledged there needs to be more communication around what FedRAMP means.
A Little Less Conversation
Here’s the Q&A with OMB:
 1. Can agencies still buy/specify non-FedRAMP compliant cloud services after the deadline?

 Yes.  But agencies need to get their CSPs into the process.  But  that does not mean the full GSA and JAB process.  Agencies can  certify their own CSPs – see HHS’ experience.
 2. Will not having a FedRAMP A&A and/or being in the pipeline effectively close the government market to CSPs? 
 3. Will agencies have to stop using non-FedRAMP-compliant solutions? 
 4. How will OMB determine what CSPs an agency is using if the business office is buying those services around the IT function?  Folks can and do buy cloud services on a credit card. 
 That’s a larger issue around oversight and CIO authorities.
 5. Can you please specify how you will treat FedRAMP in your ongoing PortfolioStat sessions? 
 We cannot.  This is a government-only process.
 6. What happens if agencies ignore the FedRAMP compliance deadline?
 OMB will work through normal oversight channels to identify an appropriate response.
 7. How are you collaborating with DoD on cloud security certifications and this deadline?
 Ongoing dialogue with DoD stakeholders.  We engage with DoD  via the JAB.
 8. How will you factor the new Rev4 FedRAMP standards into your management plans?
 You mean if an agency says we just did Rev 3 FedRAMP, do we  have to do Rev 4?  We do not have an answer for this question right now.
 9. Other thoughts associated with the June 5th Deadline?
 FedRAMP is a process, not a thing.
Heartbreak Hotel?
So, it’s Viva Las Vegas – careful about betting the farm on FedRAMP.  If certification’s not required, those who’ve invested will be pissed.  Those who haven’t, won’t bother.  A lot of companies in California will scrap plans for FedRAMP.  It’s going to make it harder for Federal leads to get their companies to take certification seriously.
Couple of additional thoughts.  What happens to non-compliant CSPs already installed, that are not interested in investing to go through the FedRAMP process?  Will agencies need to kick them to the curb?  Who owns the responsibility at DoD now that Teri Takai has left the building?  Will David DeVries pick up the guitar?
It’s Now or Never
The time for cloud is now.  We urge OMB to take a stronger stance – and send the right message to agencies and industry.  To help, MeriTalk is launching a new Federal Cloud Watch on the FedRAMP OnRAMP site.  We’re tracking government procurements to see which agencies spec FedRAMP-compliant CSPs – and if new procurements comply with Cloud First.  More soon. 
We’re not the only folks interested.  We have heard that members of Congress are keenly interested in this issue as well.  The Cloud Computing Caucus Advisory Group will take a closer look at FedRAMP at the next Hillversation on May 20th at the Rayburn Building – register here.
It’s time to TCCB – Take Care of Cloud Business.  Thank you, thank you – thank you very much.
CCS Brainstorm

Opt in today to keep stirring IT up.

Posted: 4/17/2014 - 2 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

 J, P, G, or R?  Do You Want to Know a Secret?  It’s 50 years since Shea Stadium.  She Was Just 17 – and so’s O’Keeffe & Company, MeriTalk’s sister organization.  They Say It’s Your Birthday.  So, we’re hosting the Fab 4 on May 15 at the State Theatre in Falls Church.  You’re invited to Twist and Shout with us.

Know it’s still a few weeks away, but Tomorrow Never Knows.  We’re offering you a Ticket to Ride.  I am a Loser and I Don’t Want to Spoil the Party – here’s your chance to Please, Please Me by joining us from Across the Universe, Norwegian Wood, or Strawberry Fields.

Register hereIt Won’t Be Long.  Don’t believe those who say Hey, You’ve Got to Hide Your Love Away.  Here’s a real Nowhere Man saying I’m Happy Just to Dance With You.  Even if it looks like I’m Only Sleeping.

Don’t Let Me DownI am the Walrus And Your Bird Can SingAll You Need is Love to get in.  If you miss it, then Happiness is a Warm Gun.

Back to the chorus.  Join us Thursday, May 15, at 5 pm at the State Theatre in Falls Church.  It’s easy to get there.   As Jim Beaupre will attest – baby, you can Drive My Car.

So who’s my favorite Beatle?   We Can Work It Out – which song is not like the others?  Reserve your spot today – you might hear me play Love Me Do on the harp.  Oh, did I mention we have a band?

OKCO 17 Anniversary


Opt in today to keep stirring IT up.

Posted: 4/10/2014 - 5 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Friendly Fire?
The National Defense Authorization Act for 2012 requires GAO to provide DoD with an annual IT management physical.  The components need to give blood, cough, and pee in a cup to ensure they're healthy on IT cost and schedule, as well as on track to deliver functionality and performance.  GAO just released a new study – “Major Automated Information Systems (MAIS):  Selected Defense Programs Need to Implement Key Acquisition Practices.”
The report looks at 15 of DoD's 42 MAIS – across Air Force, Army, DLA, and Navy/Marine Corps.  If you're tracking DoD IT, the report's worth a read.
Fog of War
Only 13 of the 15 had cost information available – here's the chart.  Of the 13, 11 experienced changes in cost estimates.  Seven experienced increases – from seven to 2,233 percent.  Four experienced decreases – from four to 86 percent.  For example, Next Generation Enterprise Network (NGEN) Increment 1 dropped costs from $25.4 to $21.6 billion – due to competitive contracting.  Two stuck to their original budgets.
All but one of the 15 had schedule information available – here's the chart.  Thirteen experienced timeline shifts.  Twelve slipped to the right – with delays from a few months to six years.  One program will beat the delivery date.
Four MAIS couldn't deliver systems performance data.  Of the remaining 11, eight did not meet their functionality targets.  For those scoring at home, that's more than half.
Risky Business
GAO weighed risk on three MAIS.  The Defense Health Agency's Theater Medical Information Program-Joint Increment 2 had an excellent risk bedside manner.  The Navy's Global Combat Support System had blind spots in risk and mitigation planning – although it's starting to see more clearly.  The Defense Logistics Agency's Defense Agencies Initiative program lacked robust risk categorization and management.
12 of 15 – Not Stellar
Net net, 12 of the 15 MAIS programs had cost, schedule, and/or system performance issues – five had challenges in all three areas.  If this is how custom-build programs are performing, the question begs, where's DoD on cloud and shared services?

Opt in today to keep stirring IT up.

Posted: 4/2/2014 - 2 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

A Dose of Data?

If an apple a day keeps the doctor away – seems a storage array will pick you right up.  That, according to the new Big Data Cure study just prescribed by MeriTalk.  The report’s based on a survey of Fed execs working in agencies with healthcare missions.

So, let’s take a look at the chart.  Sixty two percent say big data will improve patient care in the Department of Veterans Affairs and Military Health Systems.  Sixty percent say big data will enhance their ability to deliver preventative care.
Out of the Lab
But, this is more than an academic exercise.  One in three Feds say their agency has successfully launched at least one big data initiative.  More vital stats – 35 percent use big data to improve patient care, 31 percent are pulling on big data to cut the cost of care, and 22 percent are successfully using big data to improve early detection.
Therapy Still Required
While Feds are upbeat about the big data prognosis, there’s clearly room for improvement.  Only 34 percent have invested in IT systems to optimize data processing, just 29 have trained their IT teams to manage and analyze big data – and less than a third have educated their senior management on big data issues.
If big data’s big, it promises to be bigger with a little help from a new three letter acronym – M2M or machine to machine.  While just 15 percent have implemented M2M, 53 percent plan to do so in the next two years.
With healthcare costs eating an ever greater percentage of the defense budget, big data may prove to be a critical new weapon in our arsenal.  Read the study – it's a lot shorter than Gray's Anatomy. 

Opt in today to keep stirring IT up.

Posted: 3/24/2014 - 1 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Share and Share Alike?

My mother told me it was good to share my toys.  Seems Uncle Sam can cut costs by sharing tech toys.  That, according to a new MeriTalk study – Shared Services: Ready or Not?.  The study's based on a survey of 138 Fed IT execs at the MeriTalk Cloud Computing Brainstorm in January.  For the multitaskers, too busy to read the study, the takeaways are below.

Rampant Redundancy
GAO reports 777 supply chain systems and more than 600 HR systems strewn across the Fed IT playground.  Someone's not sharing...
And the study puts the first numbers around the waste associated with Fed IT fiefdoms – $27.9 Billion.  That's the savings from shared simplicity.  That's about one third of the Fed IT budget.
Making Nice
Feds are in touch with the opportunity.  Ninety six percent of survey respondents recognize the importance of shared services – and 72 percent say their agency's tracking shared services as a strategic initiative for the CIO Council. 
Reality Check
Okay, so we know it's good to share, but who's doing it?  According to Fed IT execs, just over half of agencies are using any shared services and 44 percent are providing shared services.  Top of the list of shared services apps: help desk, MDM, and finance.  But – and it's a big but – bear in mind, those shared services are only a fraction of those agencies' IT consumption diet.
Get a Plan, Stan
So, we know that redundancy is rampant.  Feds know shared services will unlock savings.  Why aren't we sharing more?  It appears government-wide efforts are all at sixes and sevens.  Just 40 percent of agencies have defined shared services goals and objectives.  Only 32 percent have established service-level agreements.  A paltry 16 percent have developed a financial model and chargeback system to deliver services to other agencies.  Agencies call out procurement, security, culture, measurement, and infrastructure as key barriers to sharing the IT love. 
First Things First 
Cloud is clearly the pathway to shared services reality.  While it certainly doesn't absolve the sharing sins, FedRAMP takes a swipe at the shared security shyness.  The FedRAMP OnRAMP allows agencies to see which CSPs are FedRAMP approved, by what agencies – and which CSPs are currently in the pipe.  Important stuff as we run at OMB's June FedRAMP deadline.
Play Nicely Together 
And, the FedRAMP OnRAMP shows the value of government and industry playing well together – sharing information to accelerate change.  What agencies need is a procurement platform and culture change to enable and measure progress.  Perhaps a government-wide cloud broker that gets us out of solitary IT confinement?
It's less than two months to May 11th.  No, that's not another OMB deadline – it's Mother's Day.  When we're able to save $27.9 billion by sharing, seems she really does knows best.  Perhaps send her a copy of the study with that bunch of flowers this year?

Opt in today to keep stirring IT up.

Posted: 3/20/2014 - 2 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Big Five in Overdrive

Let’s change gears for this week’s circuit.  Chance to step outside the Beltway and look under the hood in the mega-billion dollar state and local IT race.  How’s transformation going – what’s fast and who’s furious?

If Uncle Sam’s modernization plans around cloud, data center consolidation, cyber security, big data, and mobility could use a tune up – seems the states are generating a lot of horsepower, but running into transmission issues.  This according to a new MeriTalk study, the Big Five in Overdrive: Are State and Local Networks Ready?
Okay, let’s put the Big Five on the lift for a closer inspection.
Based on a survey of 201 state and local IT pros, the study tells us most agencies are revved up about the Big Five – everybody wants into the race.  That said, 94 percent say their agencies are not completely prepared for the IT infrastructure impact.  Fully 63 say the Big Five will cause network bottleneck risks.   Eighty nine percent say they’ll need to upgrade network capacity to guard against traffic jams.
But, as the states move into the IT transformation passing lane, the network braking is just one of the concerns.  Fifty nine percent note security woes and 44 percent worry about storage speed bumps.
So, how do we win this race?  All eyes are on the driver’s seat.  Fifty two percent of respondents question their leaders’ understanding of the Big Five’s impact on IT.  State and local IT pros want better prioritization and coordination from leaders.  They also call for budget to invest in network infrastructure and to standardize associated mapping.
If you’re not up for reading the study, tune in next Tuesday, March 25th at 2 p.m. EDT for the webinar.  Wanda Gibson, CTO, Fairfax County, Virginia; Anthony Robbins, Vice President Public Sector, Brocade; and yours truly on the starters' grid.  It should be an exciting race.
Big Five in Overdrive

Opt in today to keep stirring IT up.

Posted: 3/13/2014 - 2 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Juggling Chainsaws?

Big data is good. Curing cancer. Trapping terrorists. Avoiding Armageddon.

Cyber leaks are bad. There’s a mountain of evidence on that front – we’ll call it Snowdonia. Sorry to the Welsh in the audience.

But concentrating intelligence could put big data and cyber security at crossed purposes. So how do we juggle these chainsaws without making a bloody mess?

MeriTalk sat down with 18 Federal big data and cyber security experts to discuss the art of the emerging science. Check out the study for yourself. Too busy? Here’s the small data download.

More Synergy than Static?
Big data can make cyber security stronger. Agencies are focused on leveraging the oceans of continuous monitoring data to better detect threat patterns. And, outside cyber security, big data’s playing a key role in ferreting out fraud.

Hardly surprising, U.S.-CERT is blazing the cyber trail – utilizing centralized analytics to hex hackers. Far from mailing it in, the Postal Service leverages big data to protect PII, improve mail processing, and stamp out postal fraud.

More Talk than Trousers?
But, beyond these early adopter examples, how much of this is real today – and is Uncle Sam equipped to surf the data torrent without springing a leak in his trunks?

It’s fair to say agencies are at different places in the big data equation. Sure, a few of the cool kids are hanging 10, but most are still at or near zero. Leaders are stoked about the potential, but bumming about budgets. Feds lack big data infrastructure and policy. They need to start with the fundamentals – filtering and characterizing data. They need dashboards to integrate input from multiple analytic engines to get to business insight. And, we’ve heard this before...Uncle Sam needs more highly trained data scientists.

Net Takeaways
Fed big data and cyber security leaders sound the alarm that bigger data sets make elements more sensitive – and amplify risks of unintended consequences. Yes it’s risky business, but ignorance is not a sound defense strategy. Read the full report.

Mobile Work Exchange Town Hall Meeting








Opt in today to keep stirring IT up.

Posted: 3/6/2014 - 14 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

USS ITanic?

There's been hysteria about the grey tsunami since before I had grey hair.  But, today seems Uncle Sam's IT is really drowning in a digital-drop-out deluge. By all reports, Fed IT execs line up to jump overboard from the USS ITanic.

And, it's not just grey beards – young IT leaders are pulling on life vests.  Let's consider those in the lifeboats – Simon Szykman, CIO, Commerce; Casey Coleman, CIO, GSA; Anil Karmel, deputy CTO at Energy NNSA; Anmy Torres, Deputy Division Chief, Cyber Acquisitions, Air National Guard; Major Linus Barloon, Chief of Cyber Operations at the White House – the list goes on...  Let me know who I'm missing.  It'll be interesting to try to compile a full manifest.

Captain Cloud?
It's difficult to single any exec out – but today's the day Captain Cloud goes over the side at DHS.  Yep, Keith Trippie, the innovation lead at DHS is putting in his last day at 7th and D St. SW.  Keith's been at DHS since ground zero.  We're all counting on Greg Capella and his shipmates to keep pulling on the innovation oars at ESDO.

But, let's get beyond the anecdotal.  We decided to scan the horizon on on March 3rd.  Iceberg ahead.  There are 2,559 open Fed  "technology" jobs – 547 in a 50-mile sail of D.C.  Of the total tech empty berths, only 1,256 are open to non govies – so 1,303 are only open to existing govies.  Seventy percent of vacancies require mid-senior experience – GS11-15.  The agencies with the biggest tech talent troubles – VA, DoD (HQ, Army, Air Force, Navy), HHS, and Interior.  And, to rub salt in Uncle Sam's wounds, there's clearly a huge leadership vacuum – 124 SES vacancies.

Marie Celeste?
This isn't the typical appointee ship jump linked to the end of an administration – we're not two years into Obama II.  And, many of those leaving are career govies in their prime.  We're witnessing a massive brain drain – agencies are dangerously short of IT innovation navigators.
And, let's forget new ideas – and instead focus on keeping the lights on in IT.  Without knowledge of where the bodies are buried, agencies may find themselves marooned with their legacy systems.

Why the Sea Change?
Well, it's a perfect storm.  A rudderless OMB.  Uncle Sam's innovation agenda's all wet – data center consolidation and cloud transformations are mostly high and dry.  The high-water mark on Federal pay hasn't moved in four years – consider gas and real-estate inflation.  Add in the lack of empowerment – CIOs watched Richard Spires, the alpha CIO, walk the plank.  And to add insult to injury, consider the public floggings on and Snowden.  The motto for Federal IT should read the beatings will continue until morale improves...

Truth is, our best and brightest Feds know the answers to Uncle Sam's IT scurvy won't come from inside.  Here's hoping those execs stay engaged in the community.  That said, a complete mutiny's not the answer – somebody needs to skipper the ship.

We need a new initiative to boost Fed IT morale.  If we fail to recruit now, Uncle Sam's IT infrastructure may capsize.  Considering the OPM data, I'd recommend agencies open up jobs to non Feds – and lower their seniority expectations or boost compensation.  Something's got to give.  FITARA's a start – but we need to chart a new course to reach dry land.

Again, let us know of other Fed IT execs that have announced plans to jump ship.  Let's get a better sense for the problem so we can chart a tenable course forward.  

DCX Brainstorm  

Opt in today to keep stirring IT up.

Posted: 2/27/2014 - 6 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

No Such Thing as a Free Lunch?

The basis of this idiom is, you get nothing for nothing. Well, I’m going to take a bite out of that one. Next week is Telework Week. And, while the ethics rules are clear about the fact that you can’t buy Feds a fancy lunch, it seems Feds will pocket some nice change from Telework Week.

Let’s take a closer look at the stats and data side dishes – and remember, these numbers will only get fatter next week. More than 137,000 mobile folks have already pledged to telework on the Mobile Work Exchange site – Mobile Work Exchange is MeriTalk’s sister organization. Ninety-nine percent of those pledges are Feds. That’s five percent of the Federal workforce. Pledges will avoid driving 6,593,760 miles. Some road trip – that’s more than 265 times around the globe.

And, by stepping off the gas, pledges will save a total of $11.7 million during Telework Week – that’s $584 million per year. They won't pump 784,000 in gas next week – sorry Exxon. The average Fed will save $85 during Telework Week – which tastes like a $4,255 annual pay raise. And, what goes great with a good meal? Wine [or Whine], but less of it this time. Pledges will save an average of 3.5 hours by cutting out the commute during Telework Week. Less road rage, more time to hug the pillow, walk the dog, and, of course, deliver more value to Uncle Sam and the taxpayer.

Real savings for Feds who haven’t had a pay raise in years. Less traffic on the roads. Less pollution in the environment. More time in your day. Seems the oil companies are the only ones who’d say that tastes bad.

Join the movement and pledge to join us next week for Telework Week. Grab your chance to help add calories to these savings stats.

Also, mark your dance card to attend the Mobile Work Exchange Town Hall Meeting on April 10th at the D.C. Convention Center. Join more than 1,000 Federal mobility leaders. We'll serve up the final Telework Week numbers. Stimulating food for thought. Make your reservation today.



Opt in today to keep stirring IT up.

Posted: 2/21/2014 - 14 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Hats Off to GSA on FedRAMP

FedRAMP has been around for a while – and there's a good bit of confusion. You can read the manual – but at 49 pages and growing, it's not exactly a page turner. There are three flavors of approved FedRAMP CSPs. So far, we think we have 11 cloud service providers – 10 industry and USDA. OMB's deadline for mandatory FedRAMP for all government cloud services takes effect in June of this year. There is ample opportunity for better communication among agencies using and issuing authorizations.

There's a lot of talk about innovation and public-private partnership. Hats off to Dave McClure and the team at GSA for great common-sense decision making. GSA's changing the game on FedRAMP – increasing transparency – to deliver better outcomes. MeriTalk in collaboration with GSA will launch the new FedRAMP OnRAMP. Hosted at the MeriTalk Cloud Computing Exchange, this is a one-stop shopping online portal to answer the big four questions below. It's a forum for public-private FedRAMP and cloud security discussion.

Net, net – here are the key questions:

  • What are government's FedRAMP cloud service provider options?
  • What new FedRAMP cloud service options are coming and when? There are 11 in the pipeline for FedRAMP certification and six lined up to enter the process – but who are they?
  • What's the government's RoI on FedRAMP – how much has government saved by centralizing security certification?
  • How much does it cost and how long does it take for cloud service providers to go through FedRAMP?

MeriTalk will preview the new FedRAMP OnRAMP at the first Cloud Computing Caucus Advisory Group meeting at noon on February 27th on the Hill – Rayburn Hearing Room B369.  Maria Roat, FedRAMP Director at GSA, will moderate the public-private session on FedRAMP. Space is limited.

We expect heavy traffic on the FedRAMP OnRAMP.

Look forward to meeting you this Thursday at the Rayburn Building.


DCX Brainstorm

Opt in today to keep stirring IT up.

Posted: 2/6/2014 - 2 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Uncle Sam AWOL?

Between FISMA, Continuous Monitoring, HSPD-12, et al – Feds are adopting a belt-and-suspenders approach to security.  And, if that wasn't enough, Snowden's taught the Prez about DLP. 

But, there's no point in locking the door and leaving the windows wide open – right?  A new study from the Mobile Work Exchange, MeriTalk's sister organization, shows Uncle Sam's mobility Achilles' heel.  This study is based on data Feds input into the Secure Mobilometer.

I'll try to keep this short so you can read this on those unsecured iPhones and droids – you know the ones you keep in your other pocket...

Let me be clear, these security issues don't apply to Blackberrys – or for that matter, papyrus scrolls.

So, here's the skinny on Feds' mobile security from the study:

  • 57 percent of government agencies failed the mobile security test
  • Only 25 percent have received mobile security training – Digital Government Strategy eat your heart out
  • Only 50 percent have proper mobile device management programs at their agencies
  • 25 percent don't use passwords
  • 33 percent of those with passwords admit they're easy to crack – 1234 anybody?
  • Six percent write down their password – post-it note on the back?
  • 31 percent of Feds use public WiFi
  • 52 percent don't use data encryption or multifactor authentication

And, before you jump on the Fed bashing bandwagon, please note, Feds did better than their private-sector counterparts who took the test.

Wanna know your mobile security?  Check out the Secure Mobilometer and download the study here.

MWE Town Hall Meeting

Opt in today to keep stirring IT up.

Posted: 1/26/2014 - 18 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

RIP VanRoekel?

Once upon a time, there was a Federal CIO who was the most popular fella in town.  However, he wasn't much on real work – and slept right through his terms at EOP.

Far from taking leadership on FDCCI, our IT Moses let data centers grow between his toes while he snored – from 732 to more than 9,000.  The sandman shut his eyes while applications sprawled – 777 supply chain and 600+ HR systems.  The Hill held hearings and he just slept in.  The Hill Cloud Caucused and he rolled over.  Continuous monitoring took off, and he failed to provide guidance on FISMA – giving CISOs sleepless nights.  Even when the Prez sounded the alarm on, nobody bothered to wake him.

Is Steven VanRoekel asleep at the switch – or did he expire already?  GAO puts this question to us with its latest report on the IT Dashboard.  Dave Powner paints the Federal CIO as narcoleptic.  He reports that OMB has not updated the IT dashboard for 15 out of the last 24 months.  This, for a site that was launched with much fanfare by OMB in 2009, as a dashboard to provide transparency for Federal IT investments and facilitate public monitoring.  Check out this movie on the White House site.  Maybe it's time to pull that down?

Here's the irony.  If there were a dashboard on OMB, clearly it would all be red – presuming it was updated.  The takeaway for agencies is to do what you like – there's no guidance and there are no repercussions.

Now, I'm no Washington Irving, but I hope it's not too late for our sleeper to wake from his dream and apply himself to the task at hand.  While it seems like a long shot, we're all hoping to live happily ever after.

DCX Brainstorm

Opt in today to keep stirring IT up.

Posted: 1/9/2014 - 4 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

New Year's Resolutions?

Swimming pools saturated. Treadmills trampled. Burgers biteless. Yes, it's early January – and as we push away from holiday excess and New Year's hangovers, everybody's resolved to do better in 2014.

Uncle Sam's no exception. Let's consider once sleepy, now Snowden-sexy, Federal records management. Federal agencies have seen their belt-popping records balloon to record girth – Federal agencies manage, on average, 209 million records or 8.4 billion government-wide – as new data relentlessly pours in – yes, that includes email.

All of that paper cholesterol is bad for agencies’ health – creating legal liabilities, putting information at risk, and generally making Federal mission owners unable to operate effectively. And so, the ever-fit President Obama has put Feds on a records weight-loss program. The Presidential Directive on Managing Government Records requires agencies to transition to electronic recordkeeping for all permanent records by 2019 – the office equivalent of six-pack abs.

Time to Weigh In

Well, New Year's Eve 2013 marked the deadline for agencies to identify all their permanent records from the last 30 years – and, importantly, to report e-transformation progress. MeriTalk's "Federal Records and Information Management: Ready to Rumble?" study surveyed 100 Fed records and information management professionals to learn just how lean and mean agencies have become. The net:  Not quite time to go shopping for those skinny jeans.

Paper Wait?

Just 54 percent said their agency would identify permanent records by the end of 2013. Just 18 percent note their agency has made significant progress toward managing records and email in electronic format and are ready to report. A whopping 92 percent assert their agency has a lot of work to do to meet the directive.  Check out the study.

Paper Cut?

But, while agency leads lament progress – agencies agree that leaner records management makes the whole agency healthier. Quizzed on the benefits; 50 percent earmark improved accessibility; 45 percent flag increased overall agency efficiency; 38 percent note the benefits for search, eDiscovery, and FOIA; 33 percent see government transparency wins and cost savings, respectively.  Check out the study.

Forget the fad diets, Abercisers, and disco yoga – agencies need to embrace a real lifestyle change to slim down those muffin-top file cabinets. That means better-trained records management personnel. It means dedicated budgets – not just part of the administrative line item. And, it means leadership that cares. Isn’t it typically true – if the head leads, the body will follow?

Paper Tiger?

Like FDCCI, HSPD-12, and other diet plans, too many resolutions lose resolution as the stuff of life heaps more on our plates. If Uncle Sam forgets America's memory, we can always rely on WikiLeaks – right?

CCX Brainstorm

Opt in today to keep stirring IT up.

Posted: 12/18/2013 - 4 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Social Santa?

With Thanksgiving safely in the rearview mirror, it's that time of the year again.  No, not Santy.  But, whether you believe in social media or not, MeriTalk's coming out with the Federal CIO naughty or nice list.  The second annual sCIOal Circle study rates Fed CIOs' social skills.

And, some added bonuses in your stocking this year.  First, we broadened the reach to look at Deputy CIOs.  Second, we expanded the scope from the big three – LinkedIn, Twitter, and Facebook.  This year's study looks at IT leaders’ participation in GovLoop.  Last, but not least, we've racked and stacked our ratings against commercial data.  How do our scores map against Feds’ Klout scores – and how does Fed CIO social volume compare with their counterparts in the Fortune 250?

You'd Better Watch Out

A quick read in on the methodology.  It's pretty easy, really.  Social media's an open book – mostly.  So MeriTalk looked at the major social media platforms to understand if Fed IT decision makers have a presence – and if so, how actively they are engaged.  More accounts and more activity means more points.

Who's Got Klout?

Just like last year – GSA's Casey Coleman and ATF&E's Rick Holgate are the hottest Fed CIOs – each scoring 11 points.  Next up, its Shawn Kingsberry of the Recovery Board and Bob Brese from Energy – both huge climbers from last year, where they ranked in the middle of the pack.  Honorable mentions to Frank Baitman of HHS, Mike Wash of NARA, and Richard McKinney at DoT.  OMB's Steven VanRoekel is the big slider – his sCIOal Circle ranking drops from second in 2012 to the number-12 spot this year.

And, to give you a sense for how our Fed CIOs rank against the big dogs in social media – as measured by Klout – only Casey, Rick, Sean, Bob, and Steven VanRoekel hit it.  To provide scale, President Obama scores 99 on Klout.  Justin Bieber scores 95.  Steven VanRoekel has a Klout score of 50. 

Digital Deputies

And, doesn't everybody know that it's not all about the CIOs?  So this year, MeriTalk took a look at the Deputy CIOs.  Sonny Hashmi at GSA's in pole position.  Joyce Hunter at USDA's in second.  Deborah Diaz at NASA, Kevin Cooke at HUD, and Larry Gross at Interior place three, four, and five, respectively. 

LinkedIn vs. Twitter vs. Fortune 250.

The first place to look for Fed CIOs in social media is LinkedIn.  Eighty-two percent of CIOs have LinkedIn accounts versus 34 percent who have Twitter accounts.  Interesting to compare Fed CIOs' LinkedIn adoption versus their Fortune 250 counterparts – 82 versus 66 percent.

All a Twitter?

Okay, Twitter's not as big as LinkedIn.  Thirty-four percent of CIOs have Twitter accounts versus just 10 percent of their Fortune-250 counterparts.  But, here's a confusing story.  The number of Fed CIOs on Twitter increased over last year, but the total Fed CIO Tweet volume declined over last year.  Another twist, overall agency tweeting is up – every agency, but the CIA, now has a Twitter account.

And, here's some interesting insight, who are Fed CIOs following on Twitter?  The answer: one another.  But also news and analysis sources like FCW, GCN, Gartner, and MeriTalk.

Facebook Fizzles

As Facebook becomes part of the S&P 500, its stock as a communications vehicle to reach Fed CIOs declines.  Just 26 percent – 10 of 38 – of Fed CIOs had publicly searchable Facebook accounts.  Of these, just three are actively and publicly posting.  The net, Fed CIOs don't want people to use pictures of their families as sales tools against them – how is your daughter and isn't your dog a cutie? 

GovLoop Grinch

Interesting insight on GovLoop.  Steve Ressler's done the best job of building a social platform for government – the site boasts 100,000 users.  But, seems Fed IT's not feeling the awesome.  While 26 percent of Fed CIOs have a GovLoop account, not one has signed onto the network as of September 2013.

That's the final cup for 2014.  Wishing you all a safe, warm, and joyous holiday season.  Here's another link to the study if you need something to read by the tree.  We'll put another kettle on the stove in January.

CCX Brainstorm

Opt in today to keep stirring IT up.

Posted: 12/12/2013 - 9 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

DHS Cyber and the Dentist Chair

I'm not much on going to the dentist. Perhaps it's a cultural thing? The waiting. The drilling. The fibs about flossing. The chopper doc's just not my thing. And, if IG reports are like visits to the dentist for your average Fed exec, these exams are like root canals for Fed CISOs. So, when I cracked the November 21 IG Evaluation of DHS' Information Security Program, I feared halitosis, cavities, decay, and, dare I say it, gingivitis...
Cap or Crown?
But wait. Little here to set my teeth on edge. Reading the exec summary in the waiting room makes me feel better about the pearly whites. DHS IG's initial sound bites:
"DHS continues to improve and strengthen its information security program" – good job, fewer cavities.
"During the past year, DHS drafted an ongoing authorization methodology to help improve the security of the Department's information systems through a new risk management approach. This revised approach transitions the Department from a static, paperwork-driven, security authorization process to a dynamic framework that can provide security-related information on demand to make risk-based decisions" – better job brushing and flossing.
"DHS has also taken actions to address the Administration's cyber security priorities, which include the implementation of TIC, continuous monitoring, and strong authentication" – better nutrition and exercise support better overall wellness.

Routine Cleaning:
But who gets out of the chair Scot free? IG does point to five areas for improvement. But they’re not recommending oral surgery, or even braces.
Some systems with no ATOs. Some missing POAMs. Some missing security configuration baselines. More attention needed in incident detection and analysis, training, account and identity management, as well as contingency planning. Continue to work to complete in TIC and implementing PIV compliance.
I've been called cheeky – and yes, by some, sometimes overly critical. While DHS cyber security still has work to do, it's great to see Jeff Eisensmith and his team headed in the right direction. Also great to see a positive relationship between IG and department. Nice to have something to smile about in government IT.
Here's that link again – reading for the waiting room. Now, what's the number for my dentist...?
DCX Brainstorm

Opt in today to keep stirring IT up.

Posted: 12/5/2013 - 4 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Big Data Bling?

This ain’t no Robin Hood story.  As Uncle Sam reels from the recession, street rats are becoming fat cats – and taxpayers are serving up the sardines.  Get these fishy numbers.  One woman, Rashia Wilson, pocketed $11 million in fraudulent tax rebates.  IRS paid out on 1.5 million fake tax claims in 2011 – sending 655 refunds to one address in Lithuania.  In 2010, IRS sent 4,900 refunds to five addresses in the U.S.  You have to read this week’s Economist.  Here’s the shakedown – consider this an overweight retweet.

Rake in Recipe?

Start with identity theft.  Three every second in America – that’s 12.6 million heists per year.  Then mix in tax-refund fraud.  Americans file 145 million returns each year – three quarters ask for rebates.  Next, you go to a store and set up a prepaid debit card.  You don’t need a bank account.  The government pays refunds directly on this platform – and it leaves no trace.  And, there you have the perfect recipe for Stolen Identity Refund Fraud – SIRF.

Getting Tough on Drugs?

Defrauding the Feds is replacing drug trafficking – as gangs log off the streets and onto the Internet.  Let’s get real – it’s higher margin, lower risk, and less time if you get collared.  But, even jail time’s no deterrent. IRS caught 170,000 fraudulent tax claims filed from inside prison – it’s anybody’s guess how many other claims slipped through the bars.

Cure Worse than the Disease?

And, SIRF’s not the only fraud game in town.  Consider Medicaid and food stamps.  After the website misfire, the rush to make the Affordable Healthcare Act more accessible is going to open us up to all kinds of new scams.  Hungry for a good story?  The state of Florida caught one woman applying for food stamps in all 50 states.

Big Data to the Rescue…

But, here’s the good news.  Fed, state, and local agencies are getting smarter about detection.  Seems ignorance isn’t bliss.  We’re heat mapping data to immediately identify suspicious concentrations.  We’re using data mapping tools like Experian, LexisNexis, and Equifax to flag coincidences – multiple claims from the same address.  Three cheers for Joe Hungate and his colleagues at TIGTA.

Big Data promise is electric in a down economy. Invest in these systems and watch immediate exponential RoI – while catching criminals. Talk about return on political capital…

As for Miss Wilson, the first lady of tax fraud, Big Data got her number.  She’s in the pen doing 21 years.  But, maybe we didn’t need Big Data to catch this smart criminal.  She boasted about her exploits on Facebook – posting pictures of herself holding wads of Uncle Sam’s cash

Seem like an easy way to make a bundle?  My advice – don’t try this at home.

CCX Brainstorm


Opt in today to keep stirring IT up.

« Last Page  |  viewing results 21-40 of 195  |  Next Page »