Government Modernization: October 2008 Archives

The next president's choice of, and mandate for, a federal CIO has been speculative fodder for publications as diverse as BusinessWeek and The Atlantic on one side and c|net, CIO, Information/Network/Computer -Weeks and our sister magazines (Government Technology and Public CIO) on the other.  Much of the coverage is aspirational -- projecting what the IT industry and other interested third parties (including the editors of the magazines) would like to see.

These speculative pieces look forward to election day or, more properly, inauguration day, and what could be.  With much less fanfare, and just 15 days before the election, the outgoing administration issued a memo that defines what is now.

The memo, heavily laden with the kind of language that assigns responsibility retroactively while simultaneously dulling the senses, lays out fourteen characterstics of a federal CIO.  (It is worth noting that the memo codifies a federated model where there are many federal CIOs, each working independently on behaf of their respective agencies.)  Here is the job as understood in the dying days of an outgoing administration, in its own words:

I. Organizational Structure and Reporting Relationships of IT Executives and Senior Managers

A. The Department or Agency has a designated executive-level Chief Information Officer (CIO) reporting to the head of the organization, with formal and full responsibility for all requirements set forth in promulgating statutes, regulations and guidance of Public Law 104-106, "Clinger-Cohen Act of 1996," Public Law 107-347, "E-Government Act of 2002," Title 44 U.S. Code Section 3506 "Federal Agency Responsibilities," Federal Acquisition Regulation Part 39, "Acquisition of Information Technology," and Office of Management and Budget (OMB) Circular A-130, "Transmittal Memorandum #4, Management of Federal Information Resources."
B. The Agency CIO has ultimate responsibility for the governance, management and delivery of IT mission and business programs within the Department, and has an effective operative means of meeting this responsibility.
C. The CIO may review the qualifications of and provides input into the selection process for IT and IT-related executive and senior management positions within the Agency and organizational components thereof.
D. IT executives and senior managers in all organizational components of the Agency have clear responsibilities and accountability for adhering to Agency IT policy and direction established by the CIO.
E. The CIO may establish and provide evaluations and appraisals in collaboration with the appropriate supervisors of record for at least one critical performance element within the performance plans of IT and IT-related executives and senior managers within the Agency and organizational components thereof.

II. Authorities to Set IT Policy and Implementing Procedures
Except where otherwise authorized by law, regulation, or other policy, the CIO has the authority to set Agency-wide IT policy, including all areas of IT governance such as enterprise architecture and standards, IT capital planning and investment management, IT asset management, IT budgeting and acquisition, IT performance management, risk management, IT workforce management, IT security and operations, and information security.

III. Authorities to Select, Plan, Control and Evaluate Investments in and Acquisition of Information Systems and Information Technology
Except where otherwise authorized by law, regulation, or other policy, the Agency head is responsible for the following activities. The Agency CIO shall be the lead agency official in taking the necessary actions to ensure such activities are completed. Thus, the Agency head:

A. Is responsible for ensuring all Agency business and mission policies, processes, and IT and IT-related programs comply with the Federal Enterprise Architecture;
B. Ensures the organization's enterprise architecture data is visible and accessible to other federal agencies and mission partners to the extent necessary for other organizations to leverage those resources, and works collaboratively with other agencies and organizations on enterprise architecture issues and opportunities;
C. Ensures IT and IT-related systems, assets and services acquired and existing within the organization do not unnecessarily duplicate those available from other federal agencies, and are planned for and managed throughout their lifecycle;
D. Shall include the Agency CIO in budget formulation, preparation, prioritization and presentation activities, including determining and evaluating IT resource requirements in support of mission execution and program administration and support;
E. Shall include the Agency CIO in Agency and component budget execution and resource allocation and planning activities for IT and systems development, operations, and services as appropriate to ensure resources are expended in accordance with established IT policy;
F. Shall include the Agency CIO in the selection, planning, review, and oversight of major IT and IT-related investments and acquisitions, development projects, and contracts or agreements for goods or services, and in evaluating and providing approval to proceed at the earliest state possible prior to initiating procurements or advancing to subsequent phases of system development and/or acquisition;
G. Reviews the status and progress of projects and activities in the Agency IT investment portfolio to determinate whether to continue, suspend, re-baseline or cancel projects or components thereof, including any associated current or planned acquisitions; and
H. Has established means for ensuring investment management, risk management, information security, and systems development lifecycle management policy compliance, including periodic review of artifacts and development products for IT investments and activities developed within or for component organizations.

A fair reading of this 14-point job description suggests that the memo is a one-size fits all straight jacket.  It would have to be undone by any incoming administration that had a different view of how to manage or lead government modernization efforts.  It would telegraph a message to anyone considering a role as one of many federal CIOs about the skills and world view that are valued -- and those that are not.  And, sadly, it places a straight jacket on incumbent federal CIOs who are instructed to "review the attached IT governance framework [the 14 points above] and summarize your agency's current alignment with each element of the framework via signed memorandum by December 1, 2008."

Sign here.  Take one for the team.  And good luck with the transition.

Asian stock markets began the new week at 26 year lows and a sharply lower Dow futures market was a harbinger of more bad news domestically.  And some of that bad news came from a new report on state government revenues.

The Center on Budget and Policy Priorities surveyed 15 states and the news was universally downbeat.  Revenues for the quarter just ended were lower than in the same period in 2007 in the majority of surveyed states.  When adjusted for inflation, total revenue collections are below last year's levels in all but one of the 15 states covered in the survey.

The median state experienced a 5.5 percent decline in total tax revenue after adjustment for inflation. The sales tax story was even worse.  The report says, "Revenues are down in every one of those 15 states, with a median decline of 7.3 percent after adjustment for inflation."

The report says the numbers can be explained by the crisis in consumer confidence that is seen throughout the economy, and reflects the anxiety created by the loss of a half million jobs between September 2007 and September 2008.

The report's authors expect government service delivery to pay the price for the constitutional requirement on states to balance their budgets:

Many of the actions states take to balance their budgets will be harmful to families and to the economy.  State taxes pay for state aid to K-12 schools, support for public colleges and universities, health coverage for children, families, seniors and people with disabilities, public safety, and transportation.  States are enacting cuts in all these areas already.  They are also increasing taxes and fees.  Both spending cuts and revenue increases take money out of state economies, deepening the nation's economic problems.

State finances have not been this tight since 2002 when states slashed spending on health care insurance and education.  That could happen again this time around or, borrowing a page from Wall Street and the financial services sector, the federal government could step in with loans and a bail out package for political subdivisions.

The hardest hit states among the 15 in the CBPP survey -- when adjusted for inflation -- are: Washington (11.3%); Tennessee (9.5%); Idaho (9.1%) and Virginia (9.0%).  On a percentage basis, the country's largest states did moderately better -- with California experiencing a 6 percent decline and New York revenues off by a 1.3 percent.  

As road trips go, a journey to visit each of the Top 10 states as ranked in the 2008 Digital States survey (conducted every two years by e.Republic's Center for Digital Government) would cover 12,928 miles (if done in order) from coast to coast, with stops in a number of state capitols in between.

In the spirit of those famous 5-day tours of Europe, here is a busboy's recap of an only-time-to-hit-the-highlights trip to the eleven states that earned the distinction of being a Top 10 Digital State. 

The tour begins in the industrial heartland and ends, after crisscrossing the country at least three times, in the emergent new mountain west.

10.    Pennsylvania
(Image: Pennsylvania Portal)

COMPASS brings together these programs in a simple fashion - the customer does not have to have the detailed understanding of federal, state and local policy knowledge and focuses on 3 key steps - Click, Apply, Benefit.    A customer is able to access a wide variety of human service programs online that are spread across 20 different bureaus, agencies and departments. COMPASS began by integrating the various forms of state Medicaid assistance programs offered by DPW and Insurance and integrated healthcare access to individuals, pregnant women, families and children who are in need of healthcare assistance. Through the much publicized "Cover all kids" program, Pennsylvania expanded access for healthcare to all eligible children, and COMPASS is the primary access point for the commonwealth. In addition to health related access, including access to long term care and home and community based services, customers can access benefits for food assistance, school meals, and Women and Infant Children programs online. COMPASS expands access to critical emergency programs such as fuel assistance and general assistance for needy residents.     COMPASS improves customer service by providing electronic features to report any coverage changes, and allowing access to benefit and service information similar to online banking features.

10.    Tennessee
(Image: Tennessee Maps)

Tennessee.gov maps drivers license stations, schools, county clerks, state parks and other public facilities.  Below the covers, the state has consolidated three-quarters of what had been 1,600 widely dispersed servers and more than 200 IT functions into a shared data center.

9.    Maryland
(Image: Maryland DG Promo)

Service Access and Information Link (SAIL), a web-based screening and application tool open to all Maryland residents, provides online tools to determine potential benefit eligibility and examine various social services offerings. SAIL is available publicly and DHR has partnered with many community-based organizations such as the United Way of Maryland to encourage awareness and promote access. In addition to allowing individuals to pre-screen for benefit eligibility and explore information about social services programs.

8.     South Dakota
(Image: South Dakota Open SD)

On information: In addition to more than 180,000 pages of information already available on state government websites, OPEN SD provides financial information about state government, in a searchable format, which currently includes over 106,000 different financial records.

On services: Residents can now apply for UI weekly benefits through Interactive Voice Response (IVR) or the Internet and have his/her weekly payment delivered by direct deposit or debit card. The automation also provides the citizens 24x7 access to track their current claims process through online self service. Mailing and printing cost have been eliminated or reduced.  Client trips to the Career Centers have been reduced or eliminated resulting in lower costs for citizens.

7.     Kentucky
(Image: Kentucky Tech Trooper)

Kentucky State Police officer demonstrates a mobile data terminal, scanner and digital driver's license in his cruiser near the State Capitol in Frankfort.  Kentucky is emphasizing wireless delivery of state services as part of its e-Government strategy.


6.    Washington
(Image: Artist rendering of Washington Tech State)

With newly implemented systems in the corrections and personnel departments, and new initiatives in e-health and master business licensing, the Evergreen state has turned its attention to sustainability: 2/3 of agencies use energy conservation software on their PCs and laptops (with $1 million in estimated annual savings); and embraces industry standard sustainability practices for environmentally preferable purchasing and disposal.

5.     California
(Image: California YouTube Channel)

The home state of silicon valley relaunched its portal with new video, blogging and social network entry points while moving mission critical systems that do the heavy lifting of determining eligibility, administering and delivering social services to modern technology architectures.

4.     Arizona
(Image: Arizona @ Your Service)

Building on success of online self service, the Arizona Health Care Containment System has transitioned 20 percent of its workforce (300 people) to full time teleworkers, saving $667,000 each year, cancelled the leases on two office buildings, with employee productivity up by up to 45% and turnover down by 16%.


3.    Virginia
(Image: Virginia CMOC)

Virginia's Centralized Management and Operations Center for information technology at theChesterfield Enterprise Solutions Center, a key element in a ten year $1.9 billion partnership with Northrup Grumman to create a standardized, shared statewide computing utility.  It is expected to save $120 million in the next ten years in energy costs alone.

2.    Michigan
(Image: Michigan Self Service Station)

Business Intelligence Competency Center (BICC) - In 2007, the Governor's emergency financial advisory panel called for structural transformation of public service delivery. Across every state program the directive was given to eliminate fraud/abuse, streamline operations and get critical services to the citizens needing it most. In just two years, BICC has become core to optimizing outcomes and measuring programs, through successfully integrating BI and performance management. Results include:

• Compared food stamp records for 429,000 kids (4-19) against our student database, automatically qualifying 337,000 for school lunch assistance without filing out a single form;
• Matching health screening records against birth records identified thousands of newborns eligible for but not receiving free screening;
• By comparing day care benefits against wage records, detected over $17 million in fraud/abuse;
• BICC influenced policy when data analysis found that many homeless were eligible for, but not utilizing, program assistance, leading to the statewide homeless initiative, proactively getting assistance to at-risk families before they lost their homes; and,
  
• Cross-referencing children's metabolic screenings against immunization records allowed parent notification, increasing immunizations for high-risk kids.
  

1.    Utah
(Image: Utah Digital Library)

Libraries provide an additional access point to Utah.gov's vast array of online services and information.  In 2008, Governor Jon Huntsman dedicated the new digital library at Utah Valley University.  Also:

• Launched in 2007, Utah GovCast is a comprehensive multimedia portal, providing access to over 27 unique channels and several hundred streaming videos, as well as blogs and online radio;
• Utah teamed with CrimeReports.com to present a more comprehensive view to crime information from over 40 state and local law enforcement agencies;
• Utah Geosights help students develop greater understanding and appreciation of Utah's diverse geology.  Standard Keyhole Markup Language (KML) files, enhanced with imagery and other information, allow citizens to perform virtual flyovers using Google Earth, or simply create map views with tools like Google Maps or Microsoft Live;
• Utah interacts with citizens through a variety of social media including Swivel, where the Utah Data Group presents visual charts of state data; and,
  
• Utah is working to improve the overall efficiency of its data center operations.  In 2007-08, numerous state and local agencies created efficiencies by working with DTS to move their operations into the two primary data centers in Richfield and Salt Lake City.  The connectivity between the two centers is being upgraded to 10Gb in 2008 in a cooperative venture with the Utah Education Network

As part of the state's sustainability program, Governor Jon Huntsman implemented a four day work week for state employees in August 2008.  The move promised to save trips but the Utah plan called for closing governments each Friday.  Closed buildings can go dark and cold, netting energy and cost savings from reduced heating, air conditioning and lighting use.  Significantly, the governor was satisfied that the state portal, Utah.gov, and its suite of more than 600 online transactions were sufficiently broad and deep that the public would be able to conduct business with its government even when the buildings were dark and the employees were at home.

This ability to go green -- or, more precisely, introduce a four day work week in the name of going green -- is a function of having a robust suite of online services.  This table shows, on a percentage basis, the implemtation of major transaction types by state governments over the years.  The first thing to notice is that the majority of transaction or application types have matured out -- that is, all the states that are going to implement a particular online transaction likely have.

The other thing to notice is that those applications with the lowest implementation rates are those that require more sophisticated inputs to complete the transactions - VIN validations, vital records, credential lookups and drivers license renewal among them.  These categories lag the others categories because they are tougher nuts to crack.  The harder work requires rethinking the data sharing needed to complete the transaction.  The data exists somewhere, and the Web 2.0/3.0 challenge and opportunity is to get the data from where they are to where they are needed.  This involves machine-to-machine Web services - the type of Web service that we don't think about because we don't see or touch it.  By definition, it does not involve human intervention or - the way the machines see it - human latency.

The Center's analysis of the data will continue into 2009 with ongoing reports and commentaries.

How Did We Get Here? (Or, About the Digital States Survey)

The Digital State Survey from e.Republic's Center for Digital Government is the nation's original and only continuous assessment of state government's use of information technology (IT) in service to the citizen.  The 2008 survey, conducted with the underwriting support of Verizon Business, included more than 175 questions about citizen self service - including Internet portals, applications and Web 2.0 features such as blogs, wikis, social networks, mashups and viral video.

As importantly, the Digital States survey provides a comprehensive view of state information technology programs as a whole, with measures of the alignment of the architecture, infrastructure, policy, planning, methodologies and organizational maturity of delivering on technology's promise for improved service delivery and operational efficiencies.  The 2008 Digital States survey results also provide a first-in-nation benchmark of state sustainability activities, particularly in the area of the greening of IT.

The most recent Digital States was the most competitive in the survey's decade long history.  The top ranked states include a number of jurisdictions that have consistently made government modernization a priority over time combined with those that have made significant gains more recently. 

The top states reflect the whole country - large and small, red and blue, and geographically diverse.

(This post was prepared with the assistance of Janet Grenslitt of the Center for Digital Government.)
 

Dinner with Kevin Mitnick is at once fascinating and frightening.  In the time that it took the chef to prepare dinner, Mitnick did a little vishing on a major bank's IVR system (with each number pressed on his cell phone appearing in real time on his laptop sceen) after looking up -- through legal online subscription data resellers -- a dinner companion's social security number, drivers license number and mother's maiden name.

Mitnick, an early and infamous hacker who was convcted of computer crimes in 1999, has taken a turn as an information security consultant to government and industry.  We were both in Columbus, Ohio for a Government Technology event.  Interestingly, he is beginning to work magic (or, more properly, illusions) into his speeches and presentations, which takes him back to a childhood curiosity about slight of hand that became a pranksterish era of phreaking (phone freaking), all of which was a precursor to a short but headline-grabbing career as a computer hacker.

He has now gone legit, with a consulting firm and a 2002 book, The Art of Deception, which focuses on the promise, pitfalls and perils of social engineering.


Mitnick, whose metal business card can be broken out into a lock-picking kit, tells a great story but the underlying message is rather basic: Do not use information that is readily available -- SSNs, divers license numbers and mothers' maiden names -- for authentication because it just invites mischief, or worse.  (He differentiates between old school hackers who were motivated by intellectual curiosity and a new underground economy of commercial, malicious hackers who are in it for the money -- yours.)

Granted, information security is the purview of Dan Lohrmann's Securing GovSpace blog but allow me an observation or two: As sophisticated as the attacks and defences have become on this front (and they have), it is telling that the successful exploits remain rather simple, taking advantage of human foibles and poor technical design.