Government Executive - Authors - David Perera

The Dangers of Security

David Perera — Fri, 01 Jun 2007 00:00:00 -0400

Chief information security officers must balance restricted access with productivity.

A few ways federal agencies handle cybersecurity: During the day, automatically log off users after 30 minutes of no mouse or keyboard activity. Install card readers. Require passwords that are random strings of letters and numbers. In the evening, have employees remove their hard drives and dump them into filing cabinets under lock and key.

Also, encrypt data. Make sure no one downloads unapproved software by revoking individuals' operating system administrator privileges. Restrict Web access. Plug up USB ports with epoxy glue. (OK, that last example might be the federal equivalent of a contemporary legend: an oft-repeated but unverifiable story. No one will confirm seeing it or doing it themselves, but plenty of folks know a friend of a friend who swears it's true.)

Security measures are restrictive by definition. They place barriers where once there was free-flowing traffic. They demand immediate attention from users who probably would prefer to do anything else but reconfirm their identity. "We hear the complaints about things slowing down," acknowledges an information security officer at an agency deploying new encryption measures. But, he adds, "we don't care."

Agencies can push only so far before the backlash sets in, however. Civil servants will write down their complex passwords on paper and keep a list of them near their computer (greatly lowering the passwords' value). They might find an application that simulates mouse movement, preventing the automatic logoff function from kicking in. (One such program is sold pre-installed by Wichita, Kan.-based WiebeTech on a USB thumb drive.) Employees might grow unintentionally careless if they're told to perform too many security procedures. And that's just the users. The more the cybersecurity shop has to do, the more it might find its responsibilities overwhelming and fail to keep up with all of them.

Standing at the center of this debate on how much security is enough are agency chief information security officers, who report to chief information officers. Balancing ease of network access with cybersecurity restrictions is just one trade-off CISOs must consider. There's the question of expense; implementing additional cybersecurity on top of existing infrastructure can be costly in terms of software, hardware and management. Money spent on cybersecurity is money that can't be spent elsewhere; things like innovation and modernization likely will be among the losers.

How much to centralize security in a far-flung department is another conundrum. "You can't secure what you can't manage," says the agency security officer, but many departments refuse to give headquarters chief information officers budget authority over bureaus and agencies. On the other hand, centralize everything and all of a sudden an agency has created an inviting target for attack. With a centralized account accreditation system, "if someone pops into that one, they have the keys to the kingdom," notes Larry Ruffin, the Interior Department's CISO. Ruffin adds that another challenge is responding to Office of Management and Budget mandates. OMB is "placing some really heavy demands on our existing staff," he says.

OMB reacted quickly after the most notable recent loss of federal data, the May 2006 theft of a laptop containing information about 26.5 million veterans from a Veterans Affairs Department worker's suburban Maryland home. Within about two months of a loud public reaction to the VA data loss, OMB issued a mandate requiring agencies to encrypt within 45 days all data stored on laptops "unless the data is determined to be nonsensitive, in writing."

"It's like this vicious cycle of constant new requirements and then always trying to find this balance of efficiency," says Shannon Kellogg, director of government and industry affairs for RSA Security Inc. in Bedford, Mass. A public cybersecurity meltdown like VA's can be useful from an oversight perspective for ramming through cybersecurity measures that otherwise might take a back seat, but CISOs tend to say they're already under enough pressure to secure things as it is.

"The issue of balance of course is very important to us because we could secure the VA by just shutting everything down," says Bob Howard, VA's assistant secretary for information technology and CIO, who acts as his own CISO. "We obviously can't do that." For example, in keeping with the OMB mandate, VA is working to encrypt portable flash memory sticks. "What I'm not going to do is take away all the unencrypted thumb drives," Howard says. "People still have to conduct their business."

Being a CISO requires more than knowledge of cybersecurity. The job of a CISO really is prioritizing risks. Everything is risky (even doing nothing). And there's no such thing as a 100 percent secure system. Mandate that all mobile data be encrypted and the potential of data loss is stemmed. But life can't stop while the encryption program gears up. The encryption is never "complete." There always are new devices, new standards, new systems, new vulnerabilities. One reason VA has not encrypted all thumb drives is that some manufacturers falsely told the department they comply with National Institute of Standards and Technology's cybersecurity standards, Howard says. Only VA testing (which took time and money) revealed the lie. "We were pretty teed off about that," he adds.

Says Kellogg: "If anybody tells you they have an easy answer, they're either living on another planet or they're not taking the time to learn these complex problems."

]]>

If the Symptom Fits

David Perera — Tue, 15 May 2007 00:00:00 -0400

Electronic patient files advance care, up to a point.

Catheterized, put on electrolytes and given beta blockers, the hospital patient is doing better today. A case of obstructive uropathy, this morning there's no bladder distention or tenderness and no fever. Still some blood in the urine, however. Standing in a ward of the Veterans Affairs Medical Center in Washington, a resident physician reels off the information to Dr. Divya Shroff, a staff doctor.

The resident, Dr. Christina Hatara, looks up the patient's history with a few clicks of a mouse. As she and other postgraduate trainees go on morning rounds supervised by Shroff, they wheel around a wireless-connected laptop on a cart. Shroff presses Hatara on a point: Who will take care of the patient after he's discharged, probably with a urine collection bag strapped around his leg? In another hospital, it might not be so easy to find that information. The patient's paper file containing a social worker's report might be somewhere else.

"It's just such an advantage to have everything here and in front of you," Hatara says. Doctors can spend a lot of time tracking down files. The VA medical system is ahead of most in minimizing paper files in favor of electronic health records and computerized order entry. As a result, Hatara can answer Shroff's question right away. The patient has a niece living next door helping him, but nonetheless he might need professional help, she says.

VA offers a glimpse of where American medicine likely is headed. As federal standards for health records are promulgated, as patient expectations are bolstered and as digital communication increasingly becomes the norm, it's just a matter of time.

But inevitable is not the same as being entirely good. Every technology creates unexpected new problems, and not just things like software bugs. Beyond the programming layer is an entirely different world of unanticipated consequences generated by unforeseen interactions between the software and its users.

Each hospital and each clinic tends to have a slightly different process. Doctors often argue that their facility's unique approach has valid reasons for existing. Medicine is an art and a science-and not an industrial process, they say.

But software designers like standardized processes ordered in linear fashion. Sure, in real life nurses might order and administer patient medications on their own and later get a sign-off from a shift doctor (who might be busy elsewhere). But software designers are told that's not supposed to happen. So they design a system that assumes it doesn't. In that system, when the doctor gets around to authorizing the medicine, a new shift of nurses might not know it was already administered, and give it again. (VA says its system has safety checks that would prevent that from happening.)

Even just lining up a cursor with the correct command in a drop-down menu sometimes can require too much attention to a computer screen while other things are going on, says Joan Ash, an associate professor at the Oregon Health and Science University. Cognitive overload can occur pretty quickly, especially if a health system requires clicking through multiple computer views to get to the right information. But despite the potential for mistakes brought on by simple errors, people tend to assume that computerized information is always correct.

Shroff says these all are valid concerns. But she still wouldn't want to give up a computerized system and go back to the days when medical records had to be physically located and it was hard to get comprehensive information. For all the new problems that health information technology can add, it's still worth it, she believes. Part of a doctor's job is to think about the information on charts, checking to see if it makes sense. "It's not to say, 'OK, now we've got computers, so I as a doctor don't need to speak to you as a patient,' " she says. The same thing goes for the labs, other doctors and nurses.

Still, there's a line Shroff doesn't want health IT to cross. It's the medical note, the portion of the record where doctors make their observations about a patient's condition and diagnosis. The note should consist of freely composed text, she says, not be assembled from checked-off boxes of preselected vocabulary terms. "That would make me detest the computer," she says.

But the military's health IT system, the Armed Forces Health Longitudinal Technology Application, expects doctors will use standardized vocabulary contained in a menu. Such forced structure in medical notes makes statistical aggregation of symptoms and diagnoses much easier. It's a trade-off, and the military has decided it's a beneficial one. If soldiers suddenly were falling sick with diarrhea, "we need to be able to roll that up and aggregate it so the commander knows not to commence combat operations the next day without replanning their strength ratios," says Army Col. Bart Harmon, chief medical information officer of the Military Health System. Or, if there's a trend of symptoms consistent with weapons of mass destruction, quick detection is important. In such ways lives are saved, too. The military's needs are different than VA's. What's right for VA might not be right for the military.

Even within the military the need for structured data varies, Harmon says. Information flowing from the first line of medical defense-from primary care and emergency doctors-probably needs more standardization than that from specialists seeing patients already in the system.

The bottom line for software developers in any context? Know your users.

]]>

Running Lean

David Perera — Tue, 15 May 2007 00:00:00 -0400

In a world of sense-and-respond logistics, vehicles call in when they're low on gas and fuel is delivered before they run out.

Food and water supplies for U.S. troops fell to dangerously low levels during the invasion of Iraq.

The charge north was probably the fastest yet by a significant military expeditionary force, so fast that the supply chain had a tough time keeping up. Soldiers ditched malfunctioning Humvees and trucks in the desert or cannibalized them for parts. "It was very good that the conflict ended as soon as it did," said one participant in Operation Iraqi Freedom who was quoted in a 2003 Pentagon Office of Force Transformation report. "If it had gone on much longer, things could have gone very badly, very quickly," the Central Command official added, reflecting a widely held view about the logistics support during the march to Baghdad.

For the Office of Force Transformation, the Defense Department's in-house think tank charged with shaking up the status quo (it was disbanded in 2006), the Iraq invasion was evidence. It was further proof that although logistical support was far more agile than in the past, it still needed a revolutionary transformation.

Even before 2003, transformation-minded folks worried that logistics trailed behind advances in operations thinking. On the warfighting side, a consensus gelled that information technology would permanently change war. The new orthodoxy, netcentric warfare, holds that the military should become faster and lighter and able to find and shoot enemies before they attack by relying on battlefield sensors feeding data across a network of plugged-in troops. Bloody and manpower-dependent counterinsurgency operations have dampened enthusiasm for netcentricity, but few doubt that a variation of it is coming. Some logisticians decided they needed to get plugged in, too. If shooters were going to become faster and use situational awareness to make sudden battlefield adjustments, so should they. While reading up on network theory they came across a concept called "sense and respond," developed in the early 1990s by IBM marketing executives.

Rewiring supply chains for transparency and adaptability became a business obsession in the 1990s, as demonstrated by the attention generated by companies such as Wal-Mart, Dell and Amazon.com. Military logisticians, too, got into the game. By 2003, they had a far superior system than a decade before. Back in 1990, in the run-up to a war to rid Kuwait of Iraqi occupiers, the U.S. military dumped an iron mountain in Saudi Arabia. When materiel left American supply depots for the theater, nobody knew where anything was until the containers were opened and the contents sorted out in the scorching desert heat.

In 2003, only about 30 percent of materiel could not be immediately identified and located. Whereas in the Persian Gulf War, U.S. troops built up 60 days' worth of supplies before they attacked, they were confident enough in logistics capacity to keep only five to seven days of supplies on hand during Operation Iraqi Freedom. Logisticians adapted to an evolving situation. For example, when warfighters began to outrun fuel trucks, Marine Corps logisticians strung a 100-mile flexible fuel line across the desert floor.

Bulk Is a Target

Bullets, engine parts, food-military operations require constant infusions of stuff. It falls to logisticians to buy it, move it, track it and replace it. Consider the old military cliché: Amateurs discuss strategy while professionals discuss logistics. Despite improvements since the 1990s, military supply systems remain erratic. Sometimes orders show up after a week, sometimes after seven weeks. A normal reaction to inconsistency is to distrust the system that produces it. "No trust in the system leads to all sorts of bad habits, including more inventory than you need," says Alan Estevez, principal assistant deputy undersecretary of Defense for logistics and materiel readiness.

Having too much stuff in a battle theater is dangerous-not as life threatening as having too little, but nonetheless a problem. Bulk is a target. Stuff slows down troops, wastes their time. "You end up with butt-stroking individuals defending an iron mountain of food that you're planning on giving to them tomorrow," says Marine Col. Arthur J. Corbett, former director of warfighting requirements at the Corps' Combat Development Command, now director of the 12th Marine Corps District.

Supplies pile up because people, not unreasonably, will reorder things that don't show up soon enough. That clogs the system. Duplication exacts a steep opportunity cost-a plane carrying a redundant item can't deliver what's truly required. Hoarding has a cascading effect of pipeline congestion as people repeatedly reorder more materiel.

Consider a Navy ship's crew. "The first time that a Marine or a sailor walks into a head and there's no toilet paper there, the next time he walks into a head, he will take three rolls and put them into his locker," Corbett says "And from that day on, there will not be enough toilet paper on that ship. It's not that there isn't any on that ship; it's just that it's always in the wall lockers out of fear of future scarcity. . . . You can bet that's going to work in terms of other things like ammunition."

Supporters of sense-and-respond logistics contend that problems like this will never go away as long as supply remains a hierarchical, linear system. They envision a dynamic, networked world in which everyone is a consumer and a supplier in an integrated logistical and operations system powered by real-time information. A Marine gunnery sergeant would know exactly how much ammo his company had fired that day because a chip inside each rifle would keep track. Monitoring chips would be everywhere: inside armored vehicle turrets, vehicle gas tanks, on batteries, on cases of meals ready-to-eat.

In-theater logisticians would compare the real-time rate of actual consumption against the planned rate. They would make predictions about when a unit would need more ammo or anticipate when an engine would stop working. They could order supplies before the ammo ran out or the engine went bust. The most important missions with the most urgent needs would be supplied. And the supplies would come from whatever military service's unit happened to be nearby. An Army battalion short of hand grenades but about to commence a high-priority operation would get them from a Marine Corps unit on a lower priority mission.

"In a network, you have many, many more options on where to source something from," says Linda Lewandowski, a retired Navy captain formerly with the Office of Force Transformation. Supported by OFT, she had latched on to the sense-and-respond concept before Operation Iraqi Freedom. But it gained additional strength when, in 2004, the office hired Washington-based defense consultancy Synergy Inc. for $3.9 million to flesh out the concept for defense purposes. Lewandowski retired from the Navy in 2005 and is now director of adaptive enterprise solutions at Fairfax, Va.-based consultancy ICF International, which bought Synergy in 2005.

She acknowledges that OFT and Synergy took a no-holds-barred approach in shaping the concept. "Forget about the information systems that we have, the constraints organizationally, just forget about that. Start with a clean sheet of paper . . . that's really how the sense-and-respond concept was formed," she says.

Skeptics note that just the sensor portion of sense and respond, much less the rest of it, requires technological and doctrinal capabilities beyond those of today's military. The services are justifiably proud of their asset-tracking abilities, but their current equipment works only to the point of delivery, not consumption. For one thing, the radio frequency identification tags now used to pinpoint the location of bulk items still require technological refinement before they can be used ubiquitously.

Back in 2004, when OFT and Synergy began producing a series of sense-and-respond papers and presentations, they did the rounds on the Pentagon speaker circuit. "We did a lot of meetings with a lot of folks," recalls former Synergy chief executive officer Don Zimmerman with a wry laugh. Zimmerman now is an ICF executive vice president.

He says he classifies the audiences he and OFT personnel spoke to as those who were genuinely interested, "and the people who were really doing it superficially as 'Here's a new concept that we've got to deal with again from some idiots from OFT.' " It has since all but dropped from circulation as a buzzword.

Great Leap Forward

One nonbeliever is Allan Banghart, director of enterprise transformation at the Defense Logistics Agency. DLA provides the military with consumable items such as jet fuel, uniforms and food. "The way that it was envisioned by the Office of Force Transformation . . . sort of defied the laws of physics, and defied the nature of the battle space," the logistician says. One military unit doesn't want to worry about becoming the materiel supplier of another, he adds. Troops should focus on fighting, logisticians on supplying them effectively. He agrees that the logistics system can and should be better, but doesn't think a more efficient system requires a sense-and-respond quantum leap. Logistics organizations in the services and in cross-service organizations such as DLA are investing in new information technology systems, new capabilities. They cooperate more than they once did and want to root out the expensive overlap that's grown over the past decades.

DLA is in the final stages of fine- tuning implementation of a six-year, $500 million upgrade of its six 1960s-era data systems. The replacement is a single, modern Web-based unified system. "That is a huge transformational change," Banghart says. "And I can tell you it's huge because of how freaking difficult it was." The question is, can Defense change its logistics system by doing more of what it already is doing, such as buying new IT systems, or does it need to plunge into a risky and decentralized world of sense and respond.

Says Estevez: "I don't think there's a point where we're going to say, 'Oh, boy, here's the revolution; here's the great leap forward.' It didn't work so well for China."

Iron Mountain

In 2004, when OFT still existed and had power and money to advance sense-and-respond ideas, it funded the Marine Corps Pacific Command's experimentation center to do some computerized simulations. Getting warfighter input and incorporating it into the sense-and-respond concept was important to Lewandowski, who uses it to refute critics who say sense and respond is too ivory tower. The simulations showed that "yes, it would help our operations and be a force multiplier," says Shujie Chang, the experimentation center director. Strategists talk of a culminating point in battle, the moment when one side backs off (either offensively or defensively) because it has exhausted its resources. Sense and respond would forestall that point for U.S. forces. Periods of retrenchment no longer would be necessary; gas and ammo would be on the way before troops ran out of them. Real-time fulfillment of warfighter needs has another tactical advantage, too. The more a fighting force weighs, the more stuff it lugs with it, the easier it is to fall under attack. It's less maneuverable and makes a more rewarding enemy objective. "We need to be able to de- massify so we can not make a very lucrative target out of ourselves," says retired Marine Corps Lt. Gen Wallace "Chip" Gregson, former commander of Marine Corps Pacific.

"We've always had the assumption without even questioning it that if you need something, then it's a good thing to have lots of it available," adds Gregson, who championed sense-and-respond experimentation. He cites as an example of a clash between a highly massed entity and a lighter though technologically savvy force Israel's fight with Hezbollah in 2006. Hezbollah paramilitaries could lob missiles from a distance while not forming a distinct target. Though the missiles were relatively inaccurate, and the fighters hurled them against cities, a lesson remains for the United States: If there's an iron mountain "that we've got stuck somewhere on the ground within range of the enemy, it is going to be vulnerable," says Gregson. "The more [resources] you have to devote to your own support in a counterinsurgency operation, the less resources you have available to devote to the product end, the purpose end, of what you're trying to do."

Still, wouldn't sense and respond increase the individual risk for soldiers, who must now carry less and place more faith in an electronic sensor system? "Risk is a military virtue," Corbett says. Heaviness has risks, too-attrition, predictability, slowness. "For every enabling capability that we will gain from this, there will be, to a greater or lesser degree, a corresponding risk. No argument there," he adds.

It's mostly a theoretical debate for now, however. The 2004 simulations found that although sense and respond offered military potential, the technology to do it wasn't quite ready. The military can't wait to improve logistics; it's a pressing need now.

Evolution vs. Revolution

Few people argue against the goals of sense and respond. Something like it probably will occur in the future, but the road there will be paved in increments, they argue. In today's operations- constrained environment, funds for a big leap forward are not in the offing. "If you have one dollar to spend, would you invest it in sense-and-respond logistics?" asks George Topic, Joint Staff deputy director for strategic logistics, J4. "Or maybe you would spend it on improved bandages for medical care, or maybe you invest it in better intel."

Sense-and-respond proponents are not penniless. The Marine Corps Logistics Vision Team has arranged for tests of embedded fuel and battery sensors on two to three vehicles (such as a light armored vehicle, a medium tactical vehicle replacement truck and a Humvee) during two summer training exercises at Marine Corps bases, one at Quantico, Va., the other at Twentynine Palms, Calif. "We're keeping it simple upfront," says Nick Linkowitz, the vision team head.

Outsiders might wonder why, if companies can track everything they sell or deliver or make, the military is having such a tough time. After all, Wal-Mart is aware of every single gallon of laundry detergent that departs its shelves. Civilian cars equipped with OnStar or other such monitoring services have 24-hour representatives ready to give out directions or warn that the gas is too low. FedEx or UPS will deliver anything anywhere almost anytime and let customers watch online as their packages move around the world. But in a Wal-Mart, somebody manually scans every item that goes out the door. And the worst that will happen to Wal-Mart customers if the system fails is they'll have to go to another store to buy laundry soap. General Motors doesn't have a worldwide fleet of vehicles it needs to integrate into OnStar, nor a plan for integrating OnStar data into a concept of operations. Delivery companies have the benefit of fixed addresses, while war-fighters change location constantly. And delivery people don't care when or how you consume what they deliver.

Sense-and-respond logistics would be hard to implement, even its supporters will say. It's more sophisticated than any logistics system ever made. But in their eyes, that's a plus. "You can do better if you have a more sophisticated system," ICF's Zimmerman says.

Skeptics don't doubt that good will comes from moving toward sense and respond, but they are prone to be cautious. Revolutionary technology mostly appears so only in retrospect. The Internet required decades of digital growth before it became mainstream, notes Estevez: "Most revolutions are evolutionary."

]]>

Remote Access

David Perera — Tue, 01 May 2007 00:00:00 -0400

Agencies are looking anew at Web-based software applications.

Like martinis or avocado green, the old-fashioned can become trendy in the technology world, too. Witness the recent buzz about Web-based personal computer applications, whereby users access word processors or other office programs through the Internet. Companies selling Web applications let you buy access to their servers, which store your data and provide software functionality via a browser. To use them, your desktop computer needs nothing more than a good network connection, an operating system and a browser.

If the approach sounds somewhat familiar, it should. It's similar to the computing model in which dumb terminals were connected to a big remote mainframe that supplied all the data and functionality. It also conjures up repeated attempts to create alternatives to the personal computer. Oracle tried to launch a "network computer" twice in the 1990s, as recently as 1999. "The personal computer is a ridiculous device," Oracle Chief Executive Officer Larry Ellison once proclaimed.

But, under the rubric of "software as a service," applications run by a remote server are gaining new respect. Information technology consulting firm IDC of Framingham, Mass., predicts that worldwide spending on it will reach $10.7 billion by 2009, a compound annual growth rate of 21 percent. The Federal Aviation Administration is investigating switching to Web applications in lieu of a Microsoft Office 2007 upgrade, possibly in tandem with replacing its Microsoft XP operating system with Linux. Computer manufacturer Dell, popular in the federal government, recently announced it will soon sell preinstalled Linux on desktops, making a switch of operating systems more plausible-though as FAA Chief Information Officer David Bowen points out, Web applications are operating-system independent. The agency is considering all options, he adds.

Mainframes died for good reasons, and Web application companies say they're not exactly resurrecting that old model. They aren't necessarily out to kill applications run by local hard drives. In fact, many of them stress their compatibility with the Microsoft environment. Users of Zoho, a Web suite created by Pleasanton, Calif.-based AdventNet, can import files and download them back into the Microsoft format, says company technology evangelist Raju Vegesna. And they acknowledge that Web-based applications don't offer as many functions as local applications. "We're not trying to say every single application needs to be Web based," says Michael Lock, the head of Google Enterprise's North American sales. Google's own legal department won't leave Microsoft Word for Google applications because the company's Web word processor lacks a track change feature, Lock adds.

Google entered the Web application business in February when it started charging $50 a month per user account (no discounts for big enterprise buyers) for a suite of online applications that includes e-mail, spreadsheets and word processing along with 10 gigabytes of remote memory (it also offers a lesser, advertising-sponsored free version that comes with 2 GB of memory). Besides Google and Zoho, other Web applications include Glide, OpenOffice and Zimbra.

Web applications do make sense, its boosters say, when users have low functionality needs but high collaboration demands. Web storage allows multiuser collaboration in real time on documents that can be accessed by clicking on a link, they say. And unlike the old dumb terminals, Web applications are accessible by any machine with a Web connection; you could log on from a public kiosk or from work.

But just like mainframes, Web applications are only as good as the network connection and the data center that supports them. Google, for example, promises only 99.9 percent reliability, and lately has been delivering less than that to some customers.

On three occasions in March, Google Web applications went offline for significant amounts of time, as InfoWorld first reported. (A Google spokesman says the company is "absolutely focused on providing extremely high levels of availability for all users.") Some Web applications try to get around this problem by offering downloadable versions (thus increasing their similarity to

normal local applications) or by letting system architects place the data on the local area network's servers, so long as the Web application can synchronize with them. "If the user doesn't trust Zoho, that is fine," Vegesna says. Trust may be the Achilles' heel of Web applications that don't let users take at least some control of their data on a local area network level. With Google, for example, all the application data resides within Google data centers, which are spread out across the nation and contain (as of mid-2005) an estimated 150,000 to 170,000 individual servers. The estimate is by independent Google expert Stephen E. Arnold.

Federal security law requires agencies to secure systems, including remote commercial applications. The degree depends on the sensitivity of the data-"the interest we have got is not necessarily for the government's most secret applications," Google's Lock acknowledges-but it never quite disappears. Some concerns may be cultural, Lock adds; people have to get used to the idea of remote commercial data storage and, anyway, people shouldn't be networking secret information on the Internet in the first place. Still, were FAA to buy Google, it might require the company to build a separate data center for federal storage, says Bowen.

"I have concerns about security from whatever platform it's operating on," says Patrick Howard, chief information security officer of the Housing and Urban Development Department. Today's architecture of many individual computing units has drawbacks, too-laptops can be lost or stolen, security patches can take a while to reach every machine, users can do stupid things. In fact, from a security perspective, the old mainframe days were not bad, Howard says. "The more centralization," he adds, "the easier it is to secure the data."

]]>

Outside the Box

David Perera — Sun, 15 Apr 2007 00:00:00 -0400

With some hesitation, the Defense Department is starting to give open source products a whirl.

One day a few years ago in the bowels of U.S. Central Command's central headquarters in Tampa, Fla., something new awaited the techies who support the Global Command and Control System. The military relies on GCCS-Joint to present a unified global picture of itself-how ready its troops are to fight, where they're located, intelligence reports and more. Its primary residence is CENTCOM.

The new thing was a situational awareness piece of hardware and software called the Joint Range Extension, which tracks airborne assets. Andrew Seely, a GCCS lead system administrator contractor, recalls that it "just showed up one day, bang, it's in the rack.

"It was literally a black box . . . no documentation, no experience, no knowledge and big, fat serial cables coming out the back," Seely says. It could interface with the GCCS system, but it soon stopped working, and no one in Tampa knew why. Turns out the internal structure was proprietary, and CENTCOM hadn't paid for access to the technical documentation. So, the malfunction was a mystery. To fix it, system administrators had to hack their way in to find the bug causing the system crash.

That's what can happen (and happens often enough) when the government pays the private sector to develop an information technology system but doesn't pay for access to the source code or the technical documentation. Often when it does pay for the code, it can afford only a limited-distribution license. Companies charge extra to write documentation or hand over what they consider their intellectual property.

Situations like this have some Defense Department folks advocating open technology development. This approach means building applications with open source software such as the freely distributed programming language Linux. It allows more eyeballs to scan code, so problems are found and solved quickly. (The Joint Range Extension failed due to a bug that Seely says could easily have been avoided.)

The approach is about open standards for data exchange among systems. It's about not having to build everything from scratch because similar hardware and software is locked away in proprietary restrictions. It's also about agility: Integrating pre-existing open systems is faster and more responsive than building systems from the ground up.

Basically, it's about transparent systems, the opposite of enigmatic, proprietary black boxes. "The traditional approach of software development doesn't necessarily allow you to have the source code," says John J. Lussier, the Navy's acting chief information officer. Lussier is close to signing a memo encouraging Navy and Marine Corps staff to consider open source technology. The department wants to make sure they know open source is a viable option "because apparently there was some misunderstanding there."

Terry Mitchell, deputy undersecretary of Defense for advanced systems and concepts, knows why many in Defense have shied away from open source technology, despite its apparent benefits.

"The name brings a baggage of uncertainty," he says. "There's a perception that open technology doesn't have that structure behind it that maintains the sustainability and keeps it going." When Defense considers adopting something, it evaluates whether the manufacturer will last.

Another hurdle is how to get open source through information security certification and accreditation requirements. Developers of proprietary systems have whole teams dedicated to pushing an application through the security requirement process, notes John Scott, defense consultant and director of open integration for RadiantBlue Technologies Inc. of Reston, Va. "With open source, who does that?"

Mitchell's hypothesis is that open technology can surmount the doubts around it. The advanced systems and concepts office is finishing up the first of a three-year experiment (officially called a Joint Capability Technology Demonstration) using open source tools to help U.S. Strategic Command and intelligence agencies store and retrieve large volumes of data from the Defense network, the Global Information Grid.

Mitchell and Scott already have some thoughts on how to clear those hurdles. One is, pay defense contractors to support the ongoing maintenance of open source systems-most of the revenue from software is in support anyway, Mitchell says. Security issues need to be addressed early on within a project.

Defense has used open source tools before. The Army even deployed an open source server operating system called JBoss for logistics support. But the odds of a private sector developer successfully proposing an open source solution in response to a Defense solicitation still are remote, given the unknowns. So far, it's mostly been smart or thrifty managers and developers who have managed to introduce open source piecemeal.

As is usual with new technology, the main challenge associated with open source isn't the technology itself, but the governance issues around it. Mitchell stresses that he's not out to challenge the existing Defense acquisition system, with its multiple reviews and many requirements. Open technology would have to work inside that environment.

Open source advocates aren't against the notion of proprietary systems. Indeed, para-doxically, open source probably will make proprietary systems better by keeping developers on their toes. Mitchell points out, "Why should I pay for technology you developed 10 years ago, when I can go out and get it basically for free, pay for service and some integration, and it's done?" Mitchell is trying to change a mentality surrounding technology development, however. "If I didn't use the phrase 'open technology,' and I said we're going to take Northrop Grumman software, would it bother [anybody]?" he asks rhetorically. "Maybe we could create a culture that says, 'Oh, I've got to build X' . . . and companies would say, 'OK, maybe I can solve that with open technology.' "

]]>

Walking the Talk

David Perera and Jonathan Marino — Wed, 11 Apr 2007 00:00:00 -0400

According to a December 2006 Homeland Security Department survey, technology is where the nation is furthest along in meeting interoperability goals. Where first responder agencies lag the most is in areas such as standard operating procedures and policy, training and use.

When DHS Secretary Michael Chertoff announced in November 2006 that 46 major U.S. cities should achieve interoperability by the end of 2007, he wasn't emphasizing technology upgrades.

"People tend to think about it as, 'We've just got to find the right radio or the right communications device,' " Chertoff told reporters at a Jan. 3 news conference. They tend to forget the governance and policy-making aspects of it, he added.

According to DHS' "National Interoperability Baseline Survey," about two-thirds of first responder agencies can establish at least some crossover communications before a major planned event. What's mostly missing is a way to integrate that capacity into day-to-day operations.

Interoperability "is primarily a matter of leadership," says David G. Boyd, director of DHS' Office for Interoperability and Compatibility. Not to say that today's technology is ideal. Incidents or events still require heaps of different equipment, it seems. Watch first responders in action, and you'll often see a surfeit of gear -- handsets, radios dangling from belt loops, crackling earpieces -- which has piled up for decades.

Still, about 40 percent have cross-discipline equipment that's compatible and 8 percent have an advanced infrastructure solution. One caveat, however: The survey "may have a slightly optimistic bias" because those who responded might have slightly more advanced capacity than people who chose not to participate, the report notes.

Frustrating for many observers is that shifting the interoperability discussion to leadership takes it away from relatively simple issues, such as buying gear, to complex organizational challenges. For the $2 billion to $3 billion that DHS has doled out to local government for interoperable communications, "we could be a little further ahead," says Mark Ghilarducci, vice president at Washington-based emergency management consulting firm James Lee Witt Associates.

But merely replacing systems won't result in interoperability, warns Boyd, adding that agencies "need to design it into their plans."

]]>

Walking the Talk

David Perera and Jonathan Marino — Sun, 01 Apr 2007 00:00:00 -0400

Getting first responders on the same wavelength requires more than just new technology.

Interoperability among first responders is a state of mind. That is, the ability of emergency incident commanders to talk to their counterparts in other jurisdictions and disciplines is not simply a matter of buying new equipment. According to a December 2006 Homeland Security Department survey, technology is where the nation is furthest along in meeting interoperability goals. Where first responder agencies lag the most is in areas such as standard operating procedures and policy, training and use.

When DHS Secretary Michael Chertoff announced in November 2006 that 46 major U.S. cities should achieve interoperability by the end of 2007, he wasn't emphasizing technology upgrades. "People tend to think about it as, 'We've just got to find the right radio or the right communications device,' " Chertoff told reporters at a Jan. 3 news conference. They tend to forget the governance and policy-making aspects of it, he added.

Interoperability "is primarily a matter of leadership," says David G. Boyd, director of DHS' Office for Interoperability and Compatibility. Not to say that today's technology is ideal. Incidents or events still require heaps of different equipment, it seems. Watch first responders in action, and you'll often see a surfeit of gear-handsets, radios dangling from belt loops, crackling earpieces-which has piled up for decades.

"Every time we went out, we had to figure out which [radio device] to take," recalls George W. Foresman, DHS undersecretary of preparedness, who 20 years ago was a medical services first responder. Indeed, 38 percent of agencies surveyed said their solution for interoperable communications across disciplines (say, between the police and fire department) is to share their radio devices. Still, about 40 percent have cross-discipline equipment that's compatible and 8 percent have an advanced infrastructure solution. One caveat, however: The survey "may have a slightly optimistic bias" because those who responded might have slightly more advanced capacity than people who chose not to participate, the report notes.

The problem is that technology is easy to change. "The market is for fully interoperable communication systems," Foresman says. Manufacturers do what they are asked. With roughly half the public safety agencies slated to replace their systems over the next five years, agencies will have even more technology. But merely replacing systems won't result in interoperability, warns Boyd, adding that agencies "need to design it into their plans."

]]>

Tripped Up

David Perera — Sun, 01 Apr 2007 00:00:00 -0400

Close scrutiny and tough rules slow down interagency contracting shops.

Nothing much distinguishes Crystal Square V, a generic office building at 251 18th St. South in Crystal City, Va., just outside Washington. The main tenant-the Defense Department's Counterintelligence Field Activity-is mostly hidden behind the fortified walls of a sensitive compartmented information facility. Despite the absence of a logo in the wood-paneled foyer, however, the agency's presence is hardly a secret. A dolly-wielding UPS deliveryman can tell you the way. "What're you looking for? CIFA?" he says, pointing down the road a couple of blocks.

CIFA's offices are well known in other quarters, too. The Pentagon's inspector general in January decided to highlight them in one of an ongoing series of reports critical of Defense's use of interagency contracting, the practice of buying goods or services through another agency (D-2007-044).

Critics contend that interagency contracting centers allow Defense to play fast and loose with acquisition rules. And the looser the rules in one area, the harder it is to impose discipline elsewhere, they say. Their concern has grown right along with the amount that Defense spends through contracting organizations other than its own. In fiscal 2005, the Pentagon spent $1.66 billion through the Interior Department. The IG and others contend that interagency spending isn't just increasing, it's increasingly mismanaged and ends up costing buyers more than they should be paying.

The IG report scolded CIFA for obtaining office space in 2004 using a service contract through the GovWorks Federal Acquisition Center, a fee-for-service buying operation run by Interior. The building's lease is held by TKC Communications, an Alaska Native corporation that rents the building from metropolitan Washington real estate giant Charles E. Smith Commercial Realty. TKC, in turn, provides CIFA access to the facility.

Providing offices "is clearly, in our view, not a service," says Thomas Gimble, acting Defense inspector general. The government mostly uses service contracts to hire private sector support for tasks not considered inherently governmental-computer programming, janitorial help, that sort of thing. Building leases are governed by a different set of rules.

Within the Washington area, government leases worth up to $2.2 million are supposed to be handled by the General Services Administration. Leases worth less require an affirmative resolution from a handful of congressional committees. CIFA pays at least $6.6 million a year for its offices, but didn't complete any of these steps. Gimble says CIFA and GovWorks circumvented the required process.

David Sutfin, GovWorks' assistant director, says CIFA contracted for use of the building but hasn't leased anything from anybody. "We were simply asking [TKC] to provide a secure facility" on CIFA's behalf, he adds.

CIFA and GovWorks argue that they've done nothing wrong. Sutfin says GSA told GovWorks that the normal rules wouldn't apply to CIFA because the office space was supposed to house CIFA contractors, not government employees-CIFA is heavily outsourced. The IG's office says CIFA officials misled GSA. Most of the back and forth can be found in detail in the IG report. CIFA responded to inquiries with a set of talking points stating that the matter is under legal review.

The larger questions at issue are whether, and if so, how much Defense will continue to use interagency contracting. These are painful questions for the centers that do it. Oversight of their actions has shot up disconcertingly. Most rely on Defense for the majority of their business. The department provides about 60 percent of GovWorks' annual revenue and more than half of GSA's.

Congress has required progressively more wide-ranging reviews of Defense's use of interagency contracting. In particular, the staff of the Senate Armed Services Committee chairman, Sen. Carl Levin, D-Mich., has targeted it for scrutiny. "Too often, DoD officials believe that by awarding a contract or task order through another agency, they have relieved themselves of all responsibility," according to a written reply from Levin's office. On the other hand, interagency contracting officials "believe that they are responsible only for the contract award and that planning and execution remain DoD's problem." More audits could be in the works at Levin's behest. His committee is actively reviewing whether to order new ones in the next Defense authorization bill.

Open to Interpretation

Defense program managers say they are under pressure to rely less on interagency contracting shops. Use has been down since an Oct. 29, 2004, Defensewide memo requiring formal justification when buying through outsiders. At GSA, for example, Defense business fell 38 percent during the past two years, from $8.2 billion in fiscal 2004 to $5.1 billion in 2006.

The justification requirement means program managers must win support from newly suspicious contracting officers. It's a disincentive, says Kevin Carroll, head of the Army's Program Executive Office-Enterprise Information Systems. "A lot of people don't want to do the paperwork," he says.

The 2004 memo permits inter-agency contracting when it is the "best method of procurement," but many acquisition officials took it as a prohibition. How exactly are they to demonstrate that interagency contracting is the "best method"?

"It's open to interpretation," says Joanne Woytek, program manager of the Scientific and Engineering Workstation Procurement, a governmentwide contract vehicle run by NASA. "Some [Defense agencies] have different policies than others, and that's not good." Woytek acknowledges that Defense orders-usually about half of SEWP's business-are down. SEWP handled orders worth $529 million in fiscal 2004, but only $300 million in fiscal 2006.

Since 2004, other Defense memos have emphasized that interagency contracting isn't banned, but congressionally induced inspector general watchfulness has made buyers increasingly cautious. "It's unbelievable right now," says a military program manager, speaking on condition of anonymity. He tells of a Pentagon contracting officer who refused to write a justification for a request to buy furniture through the GSA schedules-which were established in 1949 as a catalog of goods and services specifically to make buying things such as furniture easier. "She didn't want to get in trouble by going through GSA," the program manager says.

Layers of Complexity

Gimble says he isn't trying to inspire fear of interagency contracting. In person, he's hardly the fire-breather his staff's reports conjure. A plain-spoken Army veteran, he says, "We're suggesting that we have good acquisition planning and good contract execution." Levin's office also contends the problem is not that Defense uses interagency contracts too much, but that sound contracting practices slip through the cracks.

Defense acquisition is notoriously messy-in its 60-year history, the department never has produced a comprehensive tally of where all its money goes. But interagency contracting adds further layers of complexity.

It diffuses authority. CIFA paid for alterations to its space at Crystal Square V with money appropriated for operations and maintenance. Auditors say using O&M funds probably violated the Antideficiency Act because funds should have come from military construction accounts. CIFA contends that because GovWorks and the Defense Information Technology Contracting Organization pay the contractor, the renovations weren't military construction, so there was no Antideficiency Act violation. Third-party involvement adds complexity by adding players, as well. GovWorks is peeved about the CIFA lease, too, as it turns out. GovWorks has a beef with the Small Business Administration. SBA certified TKC Communications as an 8(a) small disadvantaged business. But when auditors investigated, they found TKC was ineligible during fiscal 2005 for 8(a) status as a lessor of nonresidential buildings (except miniwarehouses). As a result, SBA's Alaska district office issued a formal size determination of TKC's eligibility on Jan. 4, 2006, and, on Feb. 8, recommended the CIFA contract be terminated. Negotiations are ongoing.

Cost is another point of contention. GovWorks makes most of its deals on Defense's behalf through the GSA schedules-58 percent in fiscal 2005. But GovWorks charges a fee of 4 percent of the dollars spent through every contract it awards. GSA assesses a 0.75 percent fee for every sale made through its schedules. Defense could have avoided GovWorks, written task orders directly through the GSA schedule and saved $22 million on the CIFA deal, auditors contend. "It's hard for me to see that there's additional value add . . . when I could have gone straight to [GSA]," says Gimble. His auditors say that Defense contracting offices could have handled the whole $1.66 million worth of goods and services that Interior purchased for it.

Defense "has a capacity in house to use [GSA] schedules," Sutfin rejoins. But "they don't have enough contracting resources." That's partly why interagency contracting exists and why it has grown. The Defense acquisition workforce shrank by about 3 percent between 1999 and 2004. But there are glimmerings of a reversal. About a fifth of Army acquisition workers occupy positions created since fiscal 1999. Levin's staff considers authorizing a larger Defense acquisition corps a very live possibility. Such an authorization never would have gotten past former House Armed Services Committee chairman, Rep. Duncan Hunter, R-Calif., but the Democratic leadership might be amenable. A committee spokeswoman had no comment.

Even if Defense had more acquisition workers, it still would need interagency contracting centers, Sutfin contends. Not every military command or office has contracting staff, so they have to shop around for help. For them, what's the difference between a Defense-run procurement shop and an interagency one? "There is none," Sutfin says. And when it comes to cost, interagency contracting organizations say they're cheaper than in-house buyers. They say that because they don't receive appropriations from Congress, they must support themselves on customer fees alone, and that means they know exactly how much acquisition support costs and what to charge for it. Appropriated dollars cloud the true cost of in-house contracting, they argue. Sutfin subscribes to that argument as does GSA Administrator Lurita Alexis Doan, who often makes it during speeches.

"Who cares? . . . We'll go to GSA or the Army, depending on what our real cost is and that means what the real cost is to our program," says the Army's Carroll. "It doesn't matter to us. We're going to go where the prices are [lower]."

Finding Parking

Defense accountants began an offensive in fiscal 2005 against the practice of parking unspent funds in interagency centers at fiscal year's end in order to make the money appear to have been spent. Defense lost between $1 billion and $2 billion after GSA halted the practice in fiscal 2005 and sent unspoken-for funds back to the Treasury Department. The Defense comptroller's office was not happy. But many program managers remain interested in parking dollars.

Most have wish lists of badly needed but unfunded items and services. Says Carroll, "You wait for that call on Sept. 29th [the end of the fiscal year] and someone says, 'Oh, by the way, I got an extra $1 million. Can you spend it today?' And you want to be ready to say yes."

Although appropriated funds supposedly are doled out quarterly like clockwork, in real life money piles up in the fourth quarter to be used or lost. "Not every project starts on Oct. 1 [the beginning of the fiscal year], and there are any number of projects that get started midyear," says Sutfin, hence the need for a parking place, or what he calls "revolving fund flexibility."

An Oct. 16 memo from the Pentagon's acting deputy chief financial officer cut off the practice for Defense. Sutfin says GovWorks will suffer: "Clearly, we're going to see some reduction."

Even if the Defense acquisition workforce grows and if oversight and closed loopholes diminish the workload at interagency contracting centers, they won't disappear. They're simply too useful and too entrenched. "They're not trying to keep people from using us; they're just trying to keep them from using us in the wrong way," says NASA's Woytek.

]]>

Further Complications

David Perera — Wed, 21 Mar 2007 00:00:00 -0400

The question isn't whether or not software projects will sometimes fail. They will. A conservative estimate of the cost of federal software failures pegs the annual value at $3 billion, according to Robert Charette, president of ITABHI Corp., a Spotsylvania, Va., risk-management consultancy.

Take the failure of an Internal Revenue Service electronic fraud detection system, for example. The IRS worked for five years to replace its old system with new Web-based software. Was the failure of the Web-based software a function of its essence, or was it an accident?

As a result, according to a Treasury Department inspector general for tax administration report (TIGTA 2006-20-108), tax dodgers may have gotten away with $318.3 million in improper refunds. The IRS had invested $20.5 million in the Web-based system through last April.

When auditors investigated, they found that developers were unfamiliar with user needs, teams failed to coordinate with each other (so when one team made a change affecting others, the other teams wouldn't know about it, requiring a software fix), there was excessive turnover among CSC and IRS employees, and CSC repeatedly missed intermediate deadlines while still promising to complete the project on time.

"If anything could go wrong in a system-development-type atmosphere, it went wrong," says Margaret E. Begg, a Treasury tax administration assistant IG.

What happened at the IRS was neither an accident nor an example of software's complex essence, says Charette. It "doesn't even deserve the name 'failure,' " he says. "It's a blunder."

No governance process was in place to resolve difficulties and, despite a critical need for the software to perform, risks surrounding the project piled up mostly unattended, the IG found. When, before the project's collapse, the IRS director of refund crimes requested an independent study to scrutinize whether CSC would be able to deliver on its promises, he was informed that "the time needed to resolve 'a few existing glitches' " would prevent the study from starting until after the final deadline.

At another point, when an IRS employee found that CSC grossly exaggerated the work it had completed, the IRS "did not pursue the matter," IG investigators found.

CSC refused to comment, citing contractual obligations. Asked about specific problems cited by auditors, the IRS responded with a statement that it is "taking a number of steps to ensure the continued integrity of this system" and has revamped its governance structure so "significant risks and issues are identified early on and elevated to the appropriate executive level for attention."

A blunder is classic and boring, the stuff of basic project management, Charette says. It's made up of avoidable execution mistakes. Proper management of a software project includes building into the design enough wiggle room to absorb a reasonable number of mistakes.

Managers have an incentive to make their projects look good, no matter their true status, often in the hope that problems will clear up before anybody else can notice. And, of course, deception is self-reinforcing and self-perpetuating; once it starts, it spreads. The problem is systemic: Industry proposes unrealistic costs and understates risks, while government agencies blithely accept them.

"CSC led them to believe that [the fraud system] would be operational, right up until the end, when in fact, they were unable to deliver," notes Begg.

In August 2005, IRS managers began to realize they had a serious problem. The agency started holding biweekly meetings with contractors, and in early December, executives started meeting daily. During the project's last couple of months, technical staffers were sending out two or three daily voicemail updates.

Finally, on April 19, 2006, the IRS decided it had had enough. The April deadline for most Americans to file their personal tax returns had come and gone with no electronic fraud detection system in place. The agency halted further development work and said it would restore the old system, the one that in 2001 it had said needed replacement. IRS says the old system will be working in time for the 2007 tax season.

]]>

Back-Office Blueprints

Daniel Pulliam and David Perera — Thu, 15 Mar 2007 00:00:00 -0400

OMB's plan to consolidate IT infrastructure gets little fanfare in fiscal 2008 budget.

Conspicuously absent from President Bush's fiscal 2008 budget proposal is a new Office of Management and Budget-led initiative to consolidate agency information technology systems. For three years running, OMB had used the budget to target the IT systems underpinning government administrative functions, so-called lines of business, for potential consolidation.

In the first year, OMB selected five lines of business for consolidation, most notably financial management and human resources management IT systems. Those functions would be managed by a handful of federal or private service centers that, according to OMB's plan, would provide IT support at lower costs. One such service center is the Interior Department's National Business Center, and CGI Federal of Fairfax, Va., recently won a contract as the Environmental Protection Agency's financial management shared service provider.

Each year OMB added another few lines of business, ranging from cybersecurity to geospatial data and services. Agencies, "when relieved of the burden of managing these noncore functions, can concentrate more on mission priorities," according to OMB's Web site on the IT infrastructure line of business.

But no new line of business appeared this year. Agencies "took a big sigh of relief," Karen Evans, administrator of e-government and information technology at OMB, said at a Feb. 7 budget briefing in Washington. Though they are loath to admit it, agency officials generally like using their own systems.

Still, that's never stopped OMB in the past. But this year, OMB officials say they already have plenty of irons in the fire. "We got all the big hits," says a federal official, speaking on condition of anonymity. And there aren't many budgets left to go before President Bush ends his term of office. "This is the end. There is nothing more that is going to come out of the pot," says another federal official.

Also, congressional resistance likely has weakened what was supposed to be a giant wave of IT system consolidation to a trickle. House and Senate appropriations committees have criticized effort. "Consolidation, when taken too far as an objective, can become an excuse to usurp decision-making from agencies," said a report by the Senate Appropriations Committee, which approved a Commerce, Justice, Science and Related Agencies Subcommittee fiscal 2007 appropriations bill.

Backlash against lines of business initiatives comes after OMB launched only a year ago what appeared to be its most ambitious one yet. In the fiscal 2007 budget, OMB announced a consolidation effort centered on IT infrastructure, which consumes about a third of the federal IT budget.

As in other lines of business efforts, many expected IT infrastructure consolidation to begin with a task force that would recommend designating a handful of agencies as providers of varying degrees of back-office support (ranging from simple remote hosting to management assistance). Then other agencies would compare costs and consider using these service centers and shutting down their internal systems. And the private sector could compete against service centers for agency work.

But rather than focusing on service centers, OMB ended up endorsing a different approach in the fiscal 2008 budget. It will create governmentwide price and performance measures-centered specifically on desktop management and support, data centers and telecommunication networks. OMB says these standards will allow agencies to collectively force down the cost of infrastructure. Without common measurements, agencies cannot know when or if they're getting a good price on commodity infrastructure items and services, officials say.

OMB is letting agencies write their own implementation plans this time, says a federal official. Such an approach doesn't rule out service centers down the road, it just doesn't require them from the start, the official emphasizes. In fact, the official says, service centers likely will emerge as some agencies perform the work more efficiently than others.

A standards-based approach is definitely a less ambitious solution than governmentwide service centers, but it is not a bad idea, some government and private sector observers say. It's just not groundbreaking in the way that other lines of business have been, or likely to reap any savings in the short term and maybe not much in the long term, they say.

If history is anything to go by, agencies might not leap at the opportunity to standardize technology. Even within a single organization, knocking heads over basic IT can be painful. Bureaus, divisions and branches, much less Cabinet-level departments, are quick to spot their differences and slow to focus on their similarities. Federal officials often repeat that when common needs are stripped away, unique agency needs account for only 10 percent of existing requirements. In most cases, standardization can reach as far as the agency level but not beyond, say some procurement experts.

IT infrastructure consolidation could be complicated by yet another factor. The General Services Administration is OMB's designated agency leader on the initiative. Beset by controversy about its administrator, Lurita Alexis Doan, GSA is not seen as the best home for large IT projects right now. "Lurita Doan and the state of GSA do not speak to the viability of the project," says a federal IT contractor. But it's hard to discern when the right time for IT infrastructure consolidation under the Bush administration might be.

]]>

Further Complications

David Perera — Thu, 15 Mar 2007 00:00:00 -0400

Poor management can make a difficult software project impossible.

Complexity is innate to software, and complex things fail. Complex systems interact in unexpected ways. The more they're asked to do and the larger they get, the more likely unanticipated consequences will pop up.

The tax agency had assurances from contractor Computer Sciences Corp. of El Segundo, Calif., that the new system would be online by January 2006. It wasn't. The IRS had no contingency plan and already had shut down its original system, leaving the 2006 tax season wide open for cheats. As a result, according to a Treasury Department inspector general for tax administration report (TIGTA 2006-20-108), tax dodgers may have gotten away with $318.3 million in improper refunds. The IRS had invested $20.5 million in the Web-based system through last April. When auditors investigated, they found that developers were unfamiliar with user needs, teams failed to coordinate with each other (so when one team made a change affecting others, the other teams wouldn't know about it, requiring a software fix), there was excessive turnover among CSC and IRS employees, and CSC repeatedly missed intermediate deadlines while still promising to complete the project on time.

"If anything could go wrong in a system-development-type atmosphere, it went wrong," says Margaret E. Begg, a Treasury tax administration assistant IG.

What happened at the IRS was neither an accident nor an example of software's complex essence, says Charette. It "doesn't even deserve the name 'failure,' " he says. "It's a blunder."

Blunders are avoidable, but also unlikely to disappear. Institutional pressures conspire to ensure that, despite having blundered many times, the federal government likely will blunder again. Getting a project funded often means overpromising results while downplaying costs. Managers have an incentive to make their projects look good, no matter their true status, often in the hope that problems will clear up before anybody else can notice. And, of course, deception is self-reinforcing and self-perpetuating; once it starts, it spreads. The problem is systemic: Industry proposes unrealistic costs and understates risks, while government agencies blithely accept them. "CSC led them to believe that [the fraud system] would be operational, right up until the end, when in fact, they were unable to deliver," notes Begg.

]]>

Scaling Mount Vista

David Perera — Thu, 01 Mar 2007 00:00:00 -0500

Federal agencies look ahead to Microsoft's new operating system.

Standing tall in full dress uniform in a Rockville, Md., hotel conference room, Army Col. David Coker-an expert in logistics information technology-unabashedly makes an astonishing disclosure.

It's not classified, but it's mind- boggling: Until recently, the Army had been using the Microsoft DOS operating system to run its standard maintenance system. "Very archaic," Coker notes. Long ago surpassed by Windows, MS-DOS for most people is a distant memory of clunky green-screen commands from the early days of desktop computing.

Luckily, the Army has been busy over the past two years upgrading its DOS machines-but only to Windows XP, the operating system Microsoft re-leased in 2001. Since the software giant recently introduced Windows Vista, its latest offering, XP is now a generation behind. Vista is "something the military is going to wrestle with," Coker says.

And it's not alone. A former Homeland Security Department official recalls a sea of Windows 95 computers at Citizenship and Immigration Services. Another federal official has tales of Windows NT still in use. Modernization is replacing those outdated operating systems, but the official release of Vista has kicked almost everyone down a rung on the obsolescence ladder.

Like just about everywhere else on the planet, the federal government is Windows-dominated, mostly by XP and Windows 2000. Microsoft runs on 94 percent of all personal computers worldwide, according to IT consulting firm IDC in Framingham, Mass. The release of Vista creates an opportunity for agencies to think about desktop strategy as they figure out what to do with computers running on what's become yesterday's software.

Vista is a different beast from XP. It consumes far more memory per desktop-at least a gigabyte of RAM to function properly, according to most reviewers (Microsoft maintains that 512 megabytes suffice for a stripped-down version of Vista).

Features such as the snazzy 3-D user interface won't work on less than a gigabyte, though Microsoft Federal's sales force de-emphasizes the gee-whiz factor in favor of "infrastructure optimization," increased reliability, integrated search, improved security and mobility. Better security in particular-things like new data protection encryption, better user account controls and a tougher firewall-will drive adoption, says Patrick Svenburg, Microsoft Federal's Vista program manager.

Still, "If you don't have the RAM, sorry, you can't play, essentially," acknowledges Rob Campbell, a senior Microsoft Federal technology specialist. "Vista was built and designed for new hardware."

That's troubling news for many computer users, according to a December 2006 survey by Toronto IT reseller Softchoice. Recently manufactured PCs could be upgraded to meet the minimum or premium Vista requirements, but any desktop older than 24 months "will be unlikely to support the Vista OS," the report states. Microsoft itself predicts a spread-out curve, with Vista adoption happening mostly as existing hardware is replaced as part of the normal technology refresh cycle. Operating systems are a means to an end. "It's really not about the device or the operating system," says John McManus, the Commerce Department deputy chief information officer. "It's 'Do we have the right capabilities?' "

Even without Vista, XP would have an expiration date. Increasing user expectations and the growth of online software are changing the landscape. These days, thanks to the Web, innovation is everywhere. For example, a key selling point for Vista is desktop search, an obvious adaptation of downloadable search engine programs that gained popularity in 2004.

As a result, applications accessible through a network server, such as Google's online word processor and spreadsheet programs, represent a healthy chunk of the future. In the 1980s, IT moved away from the architecture of dumb terminals wired to a humongous mainframe, but the "software as a service" model is gaining new respect with remotely run applications accessible through the Internet. Even Microsoft got in the game when in 2005 it announced its Windows Live and Office Live, a suite of online applications targeted mostly at small businesses.

But while demand for new software capabilities is fueled by online developments, agencies still won't be able to skip a generation of operating system upgrades, warn technologists. Software as a service is "far enough away that you'll see some early adopters . . . but I don't see the federal community as a whole being able to skip" a move to Vista, McManus says.

They don't necessarily need to go to Vista, note proponents of other operating systems based on open-source code, such as Red Hat, made by the eponymous company in Raleigh, N.C. Companies selling open source (a synonym for Linux-based code) software more easily incorporate innovation into their licensed versions than does Microsoft, asserts Nick Carr, Red Hat's enterprise OS marketing manager. "We're talking about the IT supplier who believes he can improve the memory substructure," he adds. Tinkering without permission in a licensed version invalidates the warranty, but if users such as the National Security Agency have a burning need to make the Linux kernel more secure, they can work with vendors such as Red Hat or Waltham, Mass.-based Novell to incorporate changes into future versions. Nor is it necessary to exclusively commit to either Windows or Linux, Carr says. Virtualization enables the two to communicate.

Of course, whether moving to open source actually saves money when all the costs are tallied is a matter of debate. Microsoft says it doesn't. And not all applications are available in open source versions. Open source proponents say the cost advantage is theirs and application availability is catching up.

Finally, there's Microsoft's history of buggy software releases, especially in recently developed products. The company already is at work on Fiji, a code name for its rumored Vista Service Pack 1 update later this year. The company isn't talking about Fiji (other than confirming it exists) and denies there is anything unusual about updating Vista so quickly. ("We start working on the next version or the next service pack immediately," says a Microsoft spokesman.) But the constant code patches and updates aren't entirely Microsoft's fault. With software, there always will be patches, regardless of who develops it. Users, in fact, are responsible for a great deal of this because of their constantly rising expectations.

To illustrate, ask the Army colonel to compare XP to the military's old DOS system, and he'll wax poetic. "In a Windows environment, you open a screen, you can open multiple screens, you can pull down tables, you can right click for help desk," he says. Just as a widespread DOS presence created demand for a multi- tasking graphical user interface, solving the old problems with new software creates unanticipated challenges. (As I write this, there are no fewer than seven USB devices attached to my laptop to adapt it to my always growing needs.)

"We're not here to tell people they need to run Windows Vista," says Microsoft's Campbell. "XP is still supported. What it really comes down to is . . . why do [agencies] have those machines, what are their capabilities, and what do they want to do?"

]]>

Mixed Signals

Greg Grant and David Perera — Thu, 01 Mar 2007 00:00:00 -0500

Jammers meant to foil roadside bombs in Baghdad jeopardize troop safety.

The trademark image of Baghdad: an Iraqi insurgent, radio or cell phone in hand, lurking in sight of a military convoy. The insurgent pushes a button; an improvised explosive device detonates.

In reaction, the United States has rushed out billions of dollars of promising anti-IED technologies over the past three years, including radio frequency jammers meant to interrupt the signal between the triggerman and the bomb. But like most rushed technology fixes, solutions have caused unanticipated problems, sometimes leaving warfighters worse off than before.

The military calls the problem CREW (short for Counter Radio Controlled IED Electronic Warfare) fratricide. When multiple jammers cancel out each other's signal, it leaves troops unprotected. The result is casualties-and not just from interference with anti-IED efforts. Radio communications are severely degraded by the jammers. Blue Force Tracking, the military's system for locating friendly forces, gets disrupted to the point of complete loss. Jammers also have interfered with the radio signals from ground control stations to unmanned aerial vehicles flying over Baghdad, causing some to crash.

Because of the myriad makes and models of radio frequency jammers operating in Baghdad, plus the Iraqi army's devices, the city contends with the dirtiest radio frequency spectrum on earth, says an Army officer speaking on condition of anonymity.

A world away, military radio engineers and wonks met in Maryland late last year to discuss solutions. "It used to be that the U.S. could take the radios, turn them on and jump into any theater," said John G. Grimes, assistant secretary of Defense for networks and information integration and chief information officer, at the conference keynote. "I'm here to tell you that doesn't happen anymore."

Lately, the military has taken to deploying Navy specialists in electronic warfare to Iraq to help Army units manage the messy radio frequency environment there. The Defense Information Systems Agency also merged its two spectrum organizations into one last year to get a better handle on the electromagnetic spectrum and help de-conflict radio frequency signals.

Part of the problem is that the military does not have a single authoritative source to track use of radio frequencies, says Paige Atkins, director of the new Defense Spectrum Organization. Frequency assignments can be made dynamically as new technology comes online in different geographical areas. DISA draws on a number of military databases to form a picture of frequencies in use, but not all those databases are updated in real time, she adds.

That means signal conflicts can force a commander in the field to decide among calling for air support by radio, operating radar or using a jamming device. "We have had some folks who have had to make that decision," says Atkins.

The agency must become more agile in its processes, she says. A possible solution is to develop a standard for reporting spectrum use across the military. Atkins says that could be accomplished with standardized Extensible Markup Language meta-data tags. But critics of metadata note that real life isn't always conducive to carefully tagging each bit of data for inclusion into a far away database.

The spectrum problem is only going to get worse. At the heart of modern military doctrine lies net-centric warfare, a new way of fighting battles that depends on pulling in and pushing out information from the field and headquarters. Superior information gathered from sensors, radars, UAVs and individual soldiers will collectively create a layer of virtual armor around the American military. But if the radio spectrum goes down, so does the ability of soldiers to fight effectively. The more the military depends on radio spectrum, the more fragile the asset becomes.

"At some point very soon, we're going to have a tremendous spectrum crunch" unless management and technology improve, said Richard Russell, associate director of the White House Office of Science and Technology Policy, who also was at the conference.

New technologies out of the United States' control likely will make things even worse. Take WiMax, a nascent wireless broadband standard that creates a high-speed wireless connection that extends for tens of miles. Manufacturers can deploy it across several patches of spectrum, including those in the 3.5 gigahertz range, a frequency spread used for U.S. military radar. At that range, WiMax conflicts with radars and radars conflict with WiMax.

Critics add to the list of threats a White House policy that allows the auction of federally licensed spectrum. The Federal Communications Commission recently sold about 90 megahertz of spectrum (previously held by both civilian and military agencies), raising almost $14 billion as of September 2006. Russell defended the sale at the conference, saying that it forced agencies to assign a concrete dollar value to spectrum licenses. Agencies sometimes hold on to licenses without knowing their true value, he says. And the private sector now can innovate further with their newfound spectrum, he adds.

Meanwhile, technology doesn't stand still. The problems technology causes usually get technological solutions, for good or for ill. Ever since engineers learned how to send signals through the air, they've been honing ways to slice up signals with ever sharpened electronic knives. Maybe in the future, the many demands on spectrum could be accommodated through advanced multiplexing techniques, "which would allow us not to relinquish spectrum but share it," Atkins says. "The only potential issue would be to assess if . . . those devices cause interference to our own systems."

]]>

Let a Thousand Flowers Bloom

David Perera — Wed, 14 Feb 2007 00:00:00 -0500

gender is the same as sex. Examples abound. I like defendant, you prefer offender. No calling the whole thing off, though -- information sharing's a must.

Built on a Justice Department data sharing project for use by federal, state and local law enforcement officers, NIEM is more ambitious in scope. A joint project between the Homeland Security Department and Justice since 2005, it aims to enable information sharing between entities as far apart as first responders on Indian land and the federal intelligence community.

The how is through metadata, "an external description of a distinct data resource," according to metadata guru Michael Daconta. He had a large role in creating NIEM at the Homeland Security Department and now serves as vice president of enterprise data management at Manassas, Va.-based Oberon Associates.

Look online, Daconta says, at www.pandora.com for an accessible example of how metadata can work. Enter your favorite song into the Pandora engine and out will come similar sounds, based on a search of its song library, which is cataloged by up to 400 distinct song attributes. Good metadata allows search queries to connect dots that otherwise would slip by each other.

Cataloging all government data is too enormous a project even to contemplate. Nor does NIEM attempt it. Instead, it divides the world into seven information domains, such as "emergency management" or "international trade." The heart of NIEM is where the domains intersect, the Venn diagramlike sweet spot at the center of overlap. There lies a set of common data components shared by at least two information domains. Deeper in is a universal set of data components, data so basic that every domain makes use of them.

In practice, NIEM is easier discussed than done. The concept is great, but "there's a lot of concerns on the implementation," says Samuel Ceccola, federal chief technology officer for McLean, Va.-based BEA Systems.

In part, that's because restrictions exist against downloading and caching other organizations' data. Federated query allows users to distribute data searches across multiple data-bases, as opposed to logging on and manually searching each data source or crafting painful point-to-point interfaces. It also sidesteps the need to construct a massive centralized database brimming with storage, synchronization and security issues. But some of the federated query middleware that RABA tested had difficulty loading GJXDM metadata subsets.

The study found that implementing middleware known as an enterprise information integration query broker will not be enough. EII brokers have great difficulty converting the metadata format used by NIEM into the format on which most EIIs are based. What's more, EII brokers don't allow for asynchronous searches, a must for widespread information sharing. If a query only can return all the search results at once (i.e., in a synchronous manner), blockages will build up.

Solving the information sharing problem through NIEM, the study concludes, requires an enterprise service bus - service-oriented architecture middleware. It's a surprising finding, RABA acknowledges.

Usually ESBs aren't associated directly with information sharing but rather with Web services, which are modular software programs, albeit ones based on metadata exchanges. But that's precisely the level at which data aggregation from differently structured databases best take place. Web services make asynchronous returns possible, according to the study. Justice's Paul says Web services aren't an absolute necessity, but he acknowledges that NIEM "works very well" with them.

It's against federal law for one department to augment another's budget, so what happens when Justice builds an enormously popular NIEM service, only to be saddled with other agencies' demands on its infrastructure? Technologists argue that some degree of Web service redundancy, reciprocal funding agreements and other dodges can effectively make service oriented architecture work within government. But if NIEM founders, people, not bits and bytes, likely will be to blame.

]]>

Let a Thousand Flowers Bloom

David Perera — Thu, 01 Feb 2007 00:00:00 -0500

But until a rose is a rose in every database, government agencies won't be able to share pruning tips-or much else.

What's in a name? A lot, it turns out. At least when it comes to sharing data across different computer systems unable to know that gender is the same as sex. Examples abound. I like defendant, you prefer offender. No calling the whole thing off, though, information sharing's a must.

The problem of differing data definitions stored within different database structures isn't going to be solved soon. Conceptually, an answer exists, and has now for a few years. It's called the National Information Exchange Model. Built on a Justice Department data sharing project for use by federal, state and local law enforcement officers, NIEM is more ambitious in scope. A joint project between the Homeland Security Department and Justice since 2005, it aims to enable information sharing between entities as far apart as first responders on Indian land and the federal intelligence community.

Metadata provides a context for data, describing its content and adding information about its creation and its properties. A song, for example, has melody and harmony, rhythm and instrumentation, characteristics that can be described by metadata. Look online, Daconta says, at www.pandora.com for an accessible example of how metadata can work. Enter your favorite song into the Pandora engine and out will come similar sounds, based on a search of its song library, which is cataloged by up to 400 distinct song attributes. Good metadata allows search queries to connect dots that otherwise would slip by each other.

"We think it's pretty cutting edge stuff," says Kshemendra Paul, Justice's chief enterprise architect and NIEM program manager. The idea is that domains voluntarily will use standardized metadata schemas to transmit information. Grants from Justice and DHS will be contingent on state and local adoption of NIEM metadata. In practice, NIEM is easier discussed than done. The concept is great, but "there's a lot of concerns on the implementation," says Samuel Ceccola, federal chief technology officer for McLean, Va.-based BEA Systems.

A recent analysis by RABA Technologies, based in Columbia, Md., found software challenges ahead for NIEM and its predecessor program, the Global Justice Extensible Markup Language Data Model, which is known as GJXDM and is being folded into NIEM. Information sharing across government organizations requires an approach known as federated query. In part, that's because restrictions exist against downloading and caching other organizations' data. Federated query allows users to distribute data searches across multiple data-bases, as opposed to logging on and manually searching each data source or crafting painful point-to-point interfaces. It also sidesteps the need to construct a massive centralized database brimming with storage, synchronization and security issues. But some of the federated query middleware that RABA tested had difficulty loading GJXDM metadata subsets.

Solving the information sharing problem through NIEM, the study concludes, requires an enterprise service bus-service-oriented architecture middleware. It's a surprising finding, RABA acknowledges. Usually ESBs aren't associated directly with information sharing but rather with Web services, which are modular software programs, albeit ones based on metadata exchanges. But that's precisely the level at which data aggregation from differently structured databases best take place. Web services make asynchronous returns possible, according to the study. Justice's Paul says Web services aren't an absolute necessity, but he acknowledges that NIEM "works very well" with them.

Technology probably is the least of the implementation challenges ahead for NIEM. The technology is doable. But ugly issues such as funding raise their heads, doubly so when it comes to sharing resources across agencies. It's against federal law for one department to augment another's budget, so what happens when Justice builds an enormously popular NIEM service, only to be saddled with other agencies' demands on its infrastructure? Technologists argue that some degree of Web service redundancy, reciprocal funding agreements and other dodges can effectively make service oriented architecture work within government. But if NIEM founders, people, not bits and bytes, likely will be to blame.

]]>

Wrench In The Works

David Perera — Thu, 01 Feb 2007 00:00:00 -0500

Blunders and missteps at the General Services Administration go far beyond the administrator's office.

The General Services Administration's buying services and contracts are supposed to work like a self-lubricating machine. In come orders for goods and services from across the government, out go purchasing orders to companies. Off to the ordering agencies go products and assistance. Money to make the machine hum comes directly from customers in the form of fees paid to GSA.

But lately, GSA more closely resembles a sputtering Rube Goldberg contraption.

A Jan. 19 front-page story in The Washington Post detailed an attempt by the agency's chief, Administrator Lurita Alexis Doan, to award a no-bid contract to the company of a longtime friend. A seemingly ceaseless run of problems and missteps has sent customers scurrying in the past several years, sucking away operating funds.

Investigations in 2003 revealed that the agency's procurement organizations, particularly Federal Technology Service regional shops, had parlayed their reputation for quick turnaround with few questions asked into a scandalous misuse of technology contracts. Worried buyers began shopping elsewhere. In response, GSA began a stick-to-the-rules crackdown in 2004, the Get It Right program, which drove off more customers by adding time to the buying process.

In 2005, agencies were stunned to learn that GSA no longer would allow them to use the FTS information technology fund as an off-the-books savings account to park money from one fiscal year to be spent in another. GSA's abrupt return of parked funds angered customers further since the old money no longer could be spent on programs.

Meanwhile, also in 2005, then-Administrator Stephen A. Perry ordered FTS and the Federal Supply Service, a catalog of private sector goods and services for sale to agencies, to merge, creating the Federal Acquisition Service. Partly an effort to exert more control over buying operations, partly a move to offset FTS losses with FSS surpluses, the merger languished for a year awaiting congressional approval.

Audacious

Doan, who stepped in more than half a year after Perry left on Oct. 31, 2005, was expected to clean up the mess. She seemed primed for the job.

Doan exudes energy. She leans forward to emphasize points. She gesticulates. She visibly reacts with displeasure or pleasure. Her voice grows animated. She groans audibly when she hears something or encounters someone she doesn't like. She is not shy.

But within weeks of her Senate confirmation, she picked a fight with NASA over the future of its Scientific and Engineering Workstation Procurement. She has complained that the GSA inspector general's staff "terrorized" regional administrators. She attempted to ignore Defense Department restrictions on use of its money, angering department officials.

"Lurita is a bit of a lightning rod," said Jim Williams, commissioner of the GSA's newly combined acquisition service, during a fall conference. A ripple of murmurs passed through the audience.

In key battles, Doan has lost. The Office of Management and Budget renewed NASA's governmentwide procurement contract and told her to "avoid unnecessary discordant publicity on this matter." Late last year, she capitulated to the Pentagon on how quickly its funds must be disbursed.

What's more, Doan has been unable to halt the decline of GSA's services business. The cost of operating IT services outstripped the fees collected from customers by $111 million in fiscal 2006. The pain of the downturn was softened only by better than expected results from the supply schedules.

She appears unruffled. "I think it's been a great seven months," she said during a January interview at GSA headquarters. Would she have done anything differently, knowing now what she knows? "I don't spend a lot of time on regrets," she said.

Doan "may seem audacious," says Stan Soloway, president of the Professional Services Council, an Arlington, Va.-based group that represents contractors. But her actions and optimism are part of the process of "rebuilding and restoring confidence internally and externally to the agency," he says.

If growing notoriety didn't faze Doan, the Post's attention did. According to the Jan. 19 report, she signed off on a no-bid contract with Public Affairs Group Inc. and its divisions, the Business Women's Network and Diversity Best Practices, to do a 24-page, $20,000 report promoting GSA's use of minority- and woman-owned businesses. GSA lawyers and officials pointed out possible violations and the contract was terminated. Edie Fraser, a longtime friend of Doan's, founded and heads Public Affairs Group, the Post reported.

"I made a mistake," Doan told the Post. "I thought I was moving this along. I was immediately informed that I wasn't necessarily moving it along in the way that was best for it. So at which point they canceled it, life went on, no money exchanged hands, no contract exchanged hands.

"I'm stunned, absolutely stunned by the amount of legs that this has taken, you know, how this has like kind of jumped up and run away with things," she said.

"If reports are accurate, I would expect the head of the agency in charge of government procurement not only to follow federal procurement regulations but to possess better judgment than she has shown," said Sen. Joseph Lieberman, I-Conn., chairman of the Senate Homeland Security and Governmental Affairs Committee, on the day the story broke.

Rep. Henry Waxman, D-Calif., immediately issued formal requests for documents and communications about the deal from Doan, Fraser and former GSA general counsel Alan R. Swendiman, now director of the White House's Office of Administration. "The story raises questions the committee needs to follow up on, and we will be doing that over the next several weeks," said Waxman spokeswoman Karen Lightfoot.

Asked whether the White House had considered taking action against Doan, Clay Johnson, deputy director for management at the Office of Management and Budget, said, "I support Lurita Doan's efforts to make GSA more effective and efficient." But, he added, "no government official is above the law, and everyone must abide by the established procurement rules and regulations."

According to an agency statement about the Post story, Doan "takes seriously the GSA's leadership role as the premier contracting and service provider. As the longtime career attorney who reviewed this matter explained to The Washington Post, this incident has already been reviewed and no improprieties have been found."

Dissatisfied

Doan's style, her publicity, even her decisions won't make or break GSA. Its fortunes depend on larger forces. The years of investigations, increasing restraints on agencies' spending and protracted internal reorganization could hinder GSA's attempt to move from being a middleman for agency purchases to partnering with agencies in improving their operations.

But GSA won't disappear. If it didn't exist, then government would have to invent it, says a Defense official, speaking on background because of department policy. Indeed, the schedules remain popular despite all GSA's setbacks. They generated a 2006 net operating result of about $123 million instead of a projected loss of approximately $54 million.

Market analysis firm INPUT, based in Reston, Va., nevertheless argues that the numbers contain evidence of dissatisfaction with GSA, noting that schedule sales have slowed faster than governmentwide spending. "The decline in schedule spending reflects a conspicuous move by buyers to other contract vehicles," says INPUT analyst Ashlea Higgs.

Contracts specific to a department or government function, such as the Navy's 2004 Seaport IT contract and Homeland Security's Enterprise Acquisition Gateway for Leading Edge Solutions, an indefinite-delivery, indefinite-quantity technology acquisition, compete with GSA. For years, agencies other than GSA have run technology contracts open to all agencies. Doan contends they waste tax dollars.

"We just don't want duplications," she says. "If it's a unique requirement that's being supplied by a particular [agency's governmentwide contract], that's fine." Otherwise, procurement should go through GSA, Doan says. Only GSA covers its costs by collecting fees as opposed to using appropriated funds, she asserts. Other agencies might say they're not using appropriated money to support contracts open to all, "but unless you absolutely carve out your costs for your rent, you carve out your costs for the air you breathe, practically . . . then there's an added burden to the taxpayer," she says.

The proliferation of contracts raises prices, too, she adds. Companies jump to get onto all of them. That drives up their bid and development costs, "and then they pass [those costs] back to their government customers, which means the government is paying more money and the American taxpayer is paying more money," she says.

Not true, say proponents of multiple contracts. Aggregating demand allows agencies to press vendors to cut prices, but only by agreeing on a standard list of supplies and services. Few agencies can agree on the same requirements for a product or service, says Steve Kelman, a former federal procurement chief and a professor at Harvard University.

"In most cases, probably the furthest you'll be able to go [with standardization] is the agency level, and other contract vehicles can do that as well as GSA can," he adds. "It is simply false to state that if the competing programs went out of business the prices on the GSA schedule would be any lower than they are now."

Defense reluctance to buy through GSA has contributed significantly to declining business. Defense buyers-GSA's biggest customers-became upset when GSA abruptly reversed the long-standing practice of parking agencies' dollars in its IT fund. Defense lost between $1 billion and $2 billion when GSA began cleaning up its books to remove the parked dollars. Defense and GSA then locked horns over whether GSA could spend any Pentagon money across more than one fiscal year, even just 90 days after a fiscal year, in order to tie up the previous year's procurements.

Defense and GSA publicly kissed and made up in late 2006 when GSA capitulated and promised to abide by the Defense interpretation for all its purchases. Still, layers of policy to reduce use of outside shops won't disappear. Since 2005, Defense contracting officers have had to write justifications when using other than Defense contracts, an extra time-consuming step.

The 2006 agreement also could be a drag on GSA's bottom line. Agencies often have more than a quarter of their budgets left to spend in the last three months of the fiscal year, whether because of poor planning, unexpected circumstances or congressional tardiness in approving spending bills. But the agreement means Defense must place its GSA orders earlier so they can be completed by year's end. That's likely to be an incentive to use homegrown contracts rather than GSA's.

Nevertheless, Doan is ready to move on. GSA "has repaired the relationship with DoD," she says. "We are not going to let these issues get away from us in the future."

Skeptical

Just as well, since bigger problems loom. Among them, a growing chorus of skeptics suggesting that GSA's current model isn't sustainable. Under the new GSA structure, the IT schedule, by far the biggest moneymaker, is part of Integrated Technology Services, which is focused largely on assisted and network services. Fans of the schedules fear they will be left unattended. Doan's promise to reduce the time companies must spend getting schedule contracts and winning modifications has won plaudits, but doubts remain.

And Doan shows no deep concern about reversals suffered by her lagging services programs, contending they are "a huge growth area for GSA." She adds that a task group is putting together a strategic plan for changing the services model. But asked about the declining revenue and inability to cover costs, she responds, "I don't know about that. What I know about is now."

"Whether the [assisted services] sales levels are exactly as high as they've been, they're just as critical in the future as they've been in the past," says the Professional Services Council's Soloway. Even though the schedules have been around for decades, some agencies still need help using them or knowing exactly what to buy. GSA is a source for that help, Soloway says.

Nevertheless, the slide from the glory days-when, for example, revenue from GSA's IT Solutions Services program peaked at $7.2 billion-might not be over. Assisted services brought in only $4.9 billion in fiscal 2006. A former GSA official estimates revenue could bottom out at $2 billion to $3 billion a year.

When former GSA administrator Perry sent a memo to employees announcing his resignation in 2005, some acquisition officials applauded, according to a consultant close to the agency. High expectations greeted Doan. "I don't fault her for being bold. GSA needed bold, that's for sure," says Frank P. Pugliese, a former GSA acquisition commissioner and now managing director of government business development for DuPont. No one would deny that Doan has succeeded in drawing attention to the agency. But her tactics aren't doing much to repair GSA's reputation, or save its business model.

Daniel Pulliam contributed to this story.

]]>

GSA official: Treasury inclusion in telecom contract won’t lower rates

Daniel Pulliam and David Perera — Tue, 30 Jan 2007 00:00:00 -0500

A decision by the Treasury Department to procure telecommunications through the General Services Administration is unlikely to have any effect on governmentwide rates, a GSA official said Tuesday.

GSA is poised to award contracts for Networx Universal, the largest part of its acquisition of telecom services on behalf of the federal government, in March. The second, smaller portion of the procurement, known as Networx Enterprise, is on track for awards in May, GSA officials have said.

Treasury's decision to use Networx Universal "won't lower the price," said Karl Krumbholz, Networx program manager, speaking during the second of two GSA-hosted Networx transition summits in Virginia. "It'll have no effect on Universal," he said.

In December, Treasury agreed to kill its in-house acquisition in favor of Networx. Critics of Treasury's solo effort said the department's inclusion in Networx would help create greater economies of scale, translating to cheaper prices for the entire government.

But the four big companies bidding on Networx Universal -- AT&T, Sprint, Qwest and Verizon -- already had submitted their final bids by the time Treasury agreed to give up its own procurement. GSA officials will not ask for another round of Universal bidding, Krumbholz said.

The only way Treasury's participation could conceivably reduce prices for the rest of the government would be if a Networx contract winner decided as a result of Treasury's participation to lower its rates across the board, Krumbholz said. Once a telecom company makes a rate reduction for one government customer, it must duplicate it for the entire government unless the service being offered is not reproducible elsewhere.

But even then, "we would try to make those new services as normalized as possible," Krumbholz said.

Treasury's decision to use Networx has not come without controversy. Treasury negotiated a 50 percent reduction of GSA's Networx fees for services it currently buys through GSA's existing telecom contract, FTS 2001.

Krumbholz estimated Treasury gets about half of its voice and data services through the FTS 2001 metropolitan area acquisition program, through AT&T. Treasury officials at the conference refused to confirm the number.

The decision to offer Treasury discounts to use Networx is not universally popular. John Johnson, assistant commissioner for integrated technology services at GSA's Federal Acquisition Service, has defended the arrangement. In exchange for the lower overhead fee, Treasury will receive far less support from GSA, he told reporters earlier this month.

Johnson and his Networx team didn't come up with the idea of offering Treasury the discount in the first place, according to industry sources. GSA spokesman Jon Anderson confirmed Tuesday that the idea originated from a working group designated by GSA Administrator Lurita Doan and headed by David Drabkin, the agency's associate administrator for acquisition policy. Neither Drabkin nor Johnson could be reached on short notice for comment. Johnson's team was represented on the working group, but was not in charge, according to a GSA official.

Other agencies using the telecom contract likely will look for treatment similar to that received by Treasury, according to industry sources. But GSA already is examining ways to customize fees on a per-case basis, according to one telecom industry source who spoke on condition of anonymity.

GSA charges a 7 percent fee for FTS 2001, but it's unlikely the agency will continue charging across-the-board fees, the source said. Instead, it may create a sliding scale based on the amount of support it offers to agency telecom efforts, charging more in cases where it manages implementation and less in simple cases of contract review.

]]>

Contracting issues at GSA go beyond administrator's office

David Perera — Fri, 19 Jan 2007 00:00:00 -0500

Editor's Note: This article was prepared for the Feb. 1 issue of Government Executive.

The General Services Administration's buying services and contracts are supposed to work like a self-lubricating machine. In come orders for goods and services from across the government, out go purchasing orders to companies on GSA's schedules. Off to the ordering agencies go products and assistance. Money to make the machine hum comes directly from customers in the form of fees paid to GSA.

But lately, GSA more closely resembles a sputtering Rube Goldberg contraption.

A Jan. 19 front-page story in The Washington Post detailed an attempt by the agency's chief, Administrator Lurita Doan, to award a no-bid contract to the company of a longtime friend. That has led to questions about her future at the agency.

A seemingly ceaseless run of problems and missteps has sent customers scurrying in the past several years, sucking away operating funds.

Investigations in 2003 revealed the agency's procurement organizations, particularly its Federal Technology Service regional shops, had parlayed their reputation for quick turnaround with few questions asked into a scandalous misuse of technology contracts. Worried buyers began shopping elsewhere. In response, in 2004, GSA began a stick-to-the-rules crackdown, the Get It Right program, which drove off more customers by adding time to the buying process.

Meanwhile, also in 2005, then-Administrator Stephen A. Perry ordered FTS and the Federal Supply Service, a catalog of private sector goods and services for sale to agencies, to merge, creating a new Federal Acquisition Service. Partly an effort to exert more control over buying operations, partly a move to offset FTS losses with FSS surpluses, the merger languished for a year awaiting congressional approval.

Audacious

Doan, who stepped in more than half a year after Perry quit on Oct. 31, 2005, was expected to clean up the mess. She seemed primed for the job.

But within weeks of her Senate confirmation, she picked a fight with NASA over the future of its Scientific and Engineering Workstation Procurement. She was accused of saying that the GSA inspector general's staff "terrorized" regional administrators. She angered an already irritated Defense Department by resisting limitations on using Defense dollars.

"Lurita is a bit of a lightning rod," said Jim Williams, commissioner of the GSA's newly combined acquisition service, during a fall conference. A ripple of murmurs passed through the audience.

Despite her energy, some of Doan's efforts have backfired. The Office of Management and Budget renewed NASA's governmentwide procurement contract and told her to "avoid unnecessary discordant publicity on this matter." Late last year, she capitulated to the Pentagon on how quickly its funds must be disbursed.

Doan appears unruffled. "I think it's been a great seven months," she said during a mid-January interview at GSA headquarters. Would she have done anything different, knowing now what she knows? "I don't spend a lot of time on regrets," she said.

If her growing notoriety hadn't fazed Doan, the Post's attention did. The paper reported she signed off on a no-bid contract with Public Affairs Group Inc. and its divisions, the Business Women's Network and Diversity Best Practices, to do a 24-page, $20,000 report promoting GSA's use of minority- and woman-owned businesses.

GSA lawyers and officials pointed out possible procurement violations and the contract was terminated. Edie Fraser, a longtime friend of Doan's, founded and heads Public Affairs, the Post found.

"I made a mistake," Doan told the Post. "I thought I was moving this along. I was immediately informed that I wasn't necessarily moving it along in the way that was best for it. So at which point they canceled it, life went on, no money exchanged hands, no contract exchanged hands.

"I'm stunned, absolutely stunned by the amount of legs that this has taken, you know, how this has like kind of jumped up and run away with things," she said.

"If reports are accurate, I would expect the head of the agency in charge of government procurement not only to follow federal procurement regulations but to possess better judgment than she has shown," Sen. Joseph Lieberman, I-Conn., chairman of the Senate Homeland Security and Governmental Affairs Committee, said the day the story broke.

Rep. Henry Waxman, D-Calif., issued formal requests for documents and communications about the deal from Doan, Fraser and former GSA general counsel Alan R. Swendiman, now director of the White House's Office of Administration. "The story raises questions the committee needs to follow up on, and we will be doing that over the next several weeks," said Waxman spokeswoman Karen Lightfoot.

Dissatisfied

Doan's style, her publicity, even her decisions won't make or break GSA. Its fortunes depend on larger forces. The years of investigations, increasing restraints on agencies' spending, and protracted internal reorganization, could hinder the agency's attempt to move from being a middleman for agency purchases to partnering with agencies in improving their operations.

But GSA won't disappear. If it didn't exist government would have to invent it, says a Defense official, speaking on background because of department policy. Indeed, the schedules remain popular despite all GSA's setbacks. They generated a 2006 net operating result of about $123 million instead of a projected loss of approximately $54 million.

Contracts specific to a department or function of government, such as the Navy's Seaport, a 2004 IT contract, and the Homeland Security's Enterprise Acquisition Gateway for Leading Edge Solutions, an indefinite-delivery, indefinite-quantity technology acquisition, compete with GSA. For years, agencies other than GSA have run technology contracts open to all agencies. Doan contends they waste tax dollars.

Reluctant

Defense and GSA publicly kissed and made up in late 2006 when GSA capitulated and promised to abide by the Defense interpretation for all its purchases. Still, layers of Defense policy direction to reduce use of outside acquisition shops won't disappear. Since 2005, Defense contracting officers have had to write justifications when using other than Defense contracts, an extra time-consuming step.

The 2006 agreement could be a drag on GSA's bottom line. Agencies often have more than a quarter of their budgets left to spend in the last three months of the fiscal year, whether because of poor planning, unexpected circumstances or congressional tardiness in approving spending bills. But the agreement means Defense must place its GSA orders earlier so they can be completed by year's end. That's likely to be an incentive to use homegrown contracts rather than GSA's.

Nevertheless, Doan is ready to move on. GSA "has repaired the relationship with DoD," she says. "We are not going to let these issues get away from us in the future."

Doubtful

Nevertheless, the slide from the glory days-when, for example, revenue from GSA's IT Solutions program peaked at $7.2 billion-might not have ended. Assisted services brought in only $4.9 billion in fiscal 2006. A former GSA official estimates revenue could bottom out at $2 billion to $3 billion a year.

When former GSA administrator Perry sent a memo to employees announcing his resignation in 2005, some acquisition officials applauded, according to a consultant close to the agency. High expectations greeted Doan. "I don't fault her for being bold. GSA needed bold, that's for sure," says Frank P. Pugliese, a former GSA acquisition commissioner and now managing director of government business development for DuPont. And no one would deny that Doan has succeeded in drawing attention to the agency. But can her tactics aren't doing much to repair GSA's reputation or save its business model.

Daniel Pulliam contributed to this story.

]]>

Study: Agencies need top-notch telecom networks

David Perera — Mon, 08 Jan 2007 00:00:00 -0500

The federal government's telecommunications needs now resemble those of a telephone carrier rather than just a large consumer, according to a new study from a market analysis firm.

Some agency networks span thousands of domestic and international locations, require the highest reliability possible -- 99.999 percent, or "five nines" -- and could involve "almost every form of communications technology," stated the white paper by Ray Bjorklund, senior vice president of McLean, Va., Federal Sources Inc. The research was requested by Naperville, Ill.-based telecommunications solutions provider Tellabs Inc.

Government information-sharing requirements have expanded in the post-Sept. 11 world, contributing to carrier-class federal needs. "If information has become so important, then obviously you need networks, and really good networks," Bjorklund said in an interview.

The upshot is that the government often will continue to rely on the private sector, but increasingly will have to integrate and supervise networks, Bjorklund said. "The government wants a whole lot more visibility into how their systems are working, and particularly their networks," he said.

Some agencies now design their networks to encompass multiple carriers as well as technologies, and that requires more government control, Bjorklund said. For example, the Justice Department selected two vendors to build practically parallel networks for its Unified Telecommunications Network in order to guard against network failure.

"It's not going to happen everywhere in the government, but for the very large complex networks, we are seeing this as being the trend," Bjorklund said.

Also, some old ways of managing networks no longer may work in today's constrained budget environment. For example, agencies sometimes have guaranteed their performance levels by providing more bandwidth than they need. "This is not a cost-effective approach," the study noted.

Other drivers of the government's carrier-class demands include requests for high-bandwidth applications, such as those for multimedia, networked storage and virtual private networks. Not included in that list are voice services, the need for which has been rising at a relatively slow pace compared to that for data services.

Another factor is a push toward all Internet protocol networks as a way to ensure interoperability. Expanding or managing separate networks for each individual protocol, such as time division multiplex for voice and asynchronous transfer mode for switched data network services, would be prohibitively expensive, according to the paper.

But a transition to an all-IP environment will not be instantaneous, meaning all protocols would need continued support until a switch is complete. "Certain carrier-class equipment enables legacy protocols and IP/Ethernet to interoperate seamlessly together," the paper stated.

Federal networks already are among the biggest in the world. The U.S. Postal Service operates a network covering about 17,000 locations, making it the largest within the government. When completed, the Federal Aviation Administration's new wide area network will consist of about 35,000 voice, radar and data links to 5,000 locations.

]]>

GSA seeks bids on Washington-area telecom contract

David Perera — Fri, 05 Jan 2007 00:00:00 -0500

Responses to the Washington Interagency Telecommunications System 3 request for proposals are due March 5, with awards anticipated by the fourth quarter of this calendar year.

The contract has a maximum value of $1.8 billion and will be awarded for a base of four years with four one-year options. WITS-3 is a successor to WITS 2001, which expires in January 2008. The incumbents on that contract are Qwest and Verizon.

GSA previously had pulled back the solicitation's release on July 20, two weeks after announcing it would seek a vendor for Washington-area telecommunications services.

Telecom insiders attributed the delay to a dispute between GSA's National Capital Region and headquarters over the geographic scope of the solicitation. A larger coverage area would appease big federal entities with far-flung facilities, such as the Defense Department, but also would limit competition.

In addition to covering the District of Columbia, WITS-3 will cover Montgomery and Prince Georges counties in Maryland; Arlington, Fairfax, Loudon and Prince William counties in Virginia; and the cities of Alexandria, Manassas, Fairfax and Falls Church, Va.

According to the proposal, other "locations sharing a community of interest" also would be included. Ann Everett, GSA's acting National Capital Region administrator, said a "community of interest" is a location currently served by WITS 2001, but outside the traditional boundaries of the National Capital Region. Those areas "are in the RFP beause we're trying to continue the services we currently provide," she said. WITS3 will not expand service offerings to new geographic areas, she added.

]]>

Cutting the Cord

David Perera — Mon, 01 Jan 2007 00:00:00 -0500

WiMax could bridge the last mile to deliver wireless broadband access.

The future usually arrives later and more chaotically than is ideal. Only in retrospect are particular technologies foreordained for success. Meanwhile, competing standards vie to stay relevant tomorrow.

So it is with broadband wireless access, a type of high-speed wireless connection that extends for tens of miles, not yards, and could even compete with local wired infrastructure as a way to connect users to the nationwide telecommunications network.

Most of the buzz today centers on Worldwide Interoperability for Microwave Access, more commonly called WiMax. Telecom nerds call it 802.16, after the Institute of Electrical and Electronic Engineers committee that governs its standards. Experts say that speeds per channel of up to 70 megabits per second will be possible, although Clearwire, a Kirkland, Wash., commercial WiMax provider, currently offers only 1.5 Mbps. WiMax allows administrators to prioritize traffic on the network, an important feature when congestion threatens to shut down everything.

WiMax has big names and big bucks behind it-chip manufacturer Intel Corp. and device maker Motorola Inc., among others. Telecom giant Sprint says it will invest $3 billion in the technology by 2008. Canadian market analysis firm Maravedis Inc. predicts that by the end of 2012, there will be 87 million broadband wireless subscribers, 67 million of whom will use WiMax.

And the federal government might be interested in it, too, beyond just the basic attraction of broadband mobility. Both man-made and natural disasters this millennia have exposed how vulnerable telecom is to disruption, especially when entire buildings depend on just one connection to the outside world. "We've got a lot of single-point entry and exit in our major campuses," says David Cheplick, director of telecommunications operations management for the Veterans Affairs Department.

Some agencies have sought to add secondary access lines from alternate carriers at separate entry points, but agencies have bought only the illusion of communications diversity if those lines connect to the same central office. A February 2006 report from the Washington Alliance for Telecommunications Industry Solutions, produced at the behest of the Federal Reserve Board, found that without expensive and periodic manual assessments of circuit pairs, it is impossible to ensure diversity over time. WiMax could prove an easy means to create truly secondary or tertiary connections.

But Cheplick and others say it falls short as a primary connection. "I don't see it right now as being necessarily ready to support the kind of bandwidth requirements we've got," he says. And while there's been plenty of interest in WiMax, a lot of that is due to marketing tactics. "It definitely has an awful lot of hype," says Lillian Goleniewski, author of Telecommunications Essentials (Addison-Wesley, 2006). The standard has undergone significant revisions since it was first released in 2001, though some analysts believe that the two latest versions have stabilized the standard for fixed and mobile access, respectively.

If a mass market does develop, then it will likely start in countries such as Brazil, Russia, India and China-nations lacking extensive wire line infrastructure, Goleniewski says. That's problematic for the potential U.S. market because the frequencies licensed for WiMax are different from those in other countries. Within the United States, much of the technology's frequency is located around 2.5 gigahertz, in spectrum mainly controlled by Sprint and Clearwire, which is investing $1 billion to develop its WiMax network.

"The interoperability issues are pretty big in terms of vendors who want to be able to sell to a wide international market, but then they have to make multiple pieces of equipment that are each operating in a different band," Goleniewski adds. For example, WiBro, which stands for wireless broadband, is a South Korean standard expected to conform to 802.16e-2005, but "it remains uncertain how the two will eventually interoperate," Goleniewski writes in the second edition of her book. Moreover, there are competing wireless broadband standards with IEEE accreditation. For example, Mobile-FI, formally known as 802.20, which has had backing from San Diego-based Qualcomm, suffered a setback when the IEEE temporarily suspended the committee's work last summer following industry complaints that the process was not transparent.

Other providers of wireless communication such as satellite links say they already have low-cost infrastructure diversity solutions. In the aftermath of Hurricane Katrina, they like to point out, emergency crews brought in portable satellite gear to reconnect New Orleans to the world. Satellite communication was a necessity when so much of the terrestrial infrastructure was simply wiped out. Nothing can guarantee diversity like having a router orbiting around the Earth, they add.

The ability to handle heavy use is the Achilles' heel of many a good idea. But if doubts remain about using WiMax at the enterprise level, telecom providers say they're still going forward because their first target market will be individual users.

"Initially, it's going to be driven by consumer customers," says Tony D'Agata, general manager of Sprint's government systems division. Where consumers once expected broadband only on a desktop computer, now they want it everywhere they go on myriad devices. The idea, proponents say, is to use WiMax to blur the edges between wired and wireless environments, but not necessarily replace wires.

]]>

Treasury kills solo telecom contract

David Perera — Thu, 21 Dec 2006 00:00:00 -0500

The Treasury Department on Thursday canceled its much-criticized solo telecommunications procurement effort, saying it will use the General Services Administration's upcoming Networx governmentwide telecom contract vehicle instead.

In a terse statement posted online Thursday, Treasury officials laid to rest the Treasury Communications Enterprise procurement by stating that it "is hereby canceled."

As recently as late August, Treasury officials appeared to still be pursuing the voice, data and video procurement by requesting another round of bids.

The August requests were the latest turn in a years-long saga in which the contract vehicle was awarded to AT&T in late 2004, canceled in the spring of 2005 following a Government Accountability Office bid protest decision, unexpectedly resurrected in the summer of 2005, criticized by the Treasury inspector general and now, ended.

Treasury spokeswoman Eileen Gilligan offered no details on when the department began to consider ending TCE in favor of Networx. GSA says it will award the first set of Networx contracts in March, and another set in May.

Gilligan also could not say whether bidders will be reimbursed for what they spent developing proposals, which amounts to about $1 million per TCE bidder, according to industry sources.

"I'm not surprised," said John Okay, a former GSA telecom executive who is now a partner with Topside Consulting Group in Vienna, Va. "The longer this thing dragged out, any justification that was tied to [Treasury's] desire to move out at a faster pace than Networx kept slipping away day by day, week by week."

Treasury's decision to eschew GSA contract vehicles was the subject of intense criticism on Capitol Hill, particularly from Rep. Tom Davis, R-Va., the outgoing chairman of the House Government Reform Committee.

"Davis is feeling pretty vindicated today," said David Marin, the committee's staff director. "TCE was a flawed acquisition, and he's glad that there's now consensus that Networx should be the vehicle of choice for all agencies."

GSA Administrator Lurita Doan also publicly urged Treasury to use Networx, saying the department's participation would lower overall government telecom costs. Whether GSA will be able to take advantage of Treasury's decision to use Networx is an open question, however.

Bidding companies already have submitted their final price proposals for the largest part of Networx, meaning GSA officials would have to call for yet another round of bids if they want to take into account possible economies of scale created by Treasury's participation.

In a statement, Doan said she was "pleased" with Treasury's decision, adding that it demonstrates "that when GSA presents a solid business case … federal agencies will make the right decision."

"Treasury basically thumbed its nose to the Hill and the Hill won," said a former government official. "It's as simple as that."

The official defended Treasury for pursuing its own telecom contract, arguing that GSA should not be the only telecom-procuring authority for the civilian government. The agency can create economies of scale with commodities, "but you can't possibly expect a central authority with limited knowledge across the entire government to get all of the features and functionalities that are innovating and changing," the official said.

A GSA spokesman could not be reached for comment.

Okay, however, defended Networx, saying it should be able to satisfy evolving demands, although GSA does need to improve its contract modification process. "Making it easier for agencies to customize the offerings under Networx is one of GSA's big goals," he said.

Treasury's decision to revoke TCE could be a setback for some companies within the telecom industry, mostly for AT&T, which was widely seen as the front-runner to win the reincarnated TCE. An AT&T spokesman declined to comment.

Treasury's decision on the telecommunications procurement comes on the heels of its chief information officer's decision to retire. Ira Hobbs, who has supported TCE, will leave government Jan. 3.

]]>

GSA fails in bid to take over NASA technology contract

David Perera — Tue, 19 Dec 2006 00:00:00 -0500

A governmentwide acquisition contract run by NASA will remain under the agency's control, despite a bid by the General Services Administration to take it over, the Office of Management and Budget announced Monday.

The Scientific and Engineering Workstation Procurement contract vehicle requires periodic recertification by OMB. GSA Administrator Lurita Doan has publicly fought since her appointment this summer to wrest the SEWP contract from NASA. But Paul Denett, head of OMB's procurement policy office, informed her during a Monday afternoon phone call that her campaign was unsuccessful.

There is a demonstrated need for SEWP in the federal market and "NASA is well-suited to serve as its executive agent," Denett said in a Dec. 18 memorandum to NASA Administrator Michael Griffin.

The first SEWP contracts -- which are for state-of-the-art computer system technologies, high-end scientific and engineering capabilities, peripherals and network equipment -- will expire in January. Another set expires in September 2007.

With OMB approval in hand, NASA now can award new contracts for a maximum five-year term and a collective ceiling of $6 billion.

"It's good for us to be able to move forward and not worry about that situation and have that designation," said Joanna Woytek, program manager for SEWP.

Doan said she was "disappointed," and reiterated her position that governmentwide acquisition contracts run by other agencies contribute to wasting taxpayer money. "We will continue to highlight ways to reduce the proliferation of GWACs," she said.

A government official who spoke on condition of anonymity said NASA made a compelling argument to keep the contract. SEWP is well-run, responsive to customers and offers more up-to-date technology than can necessarily be found at GSA, the official said. "There are all sorts of things that NASA figured out how to do that other people ought to figure out, including GSA," the official said.

Reaction within the information technology contractor community was positive. GSA functions well at procuring general technology, but not the mission-specific technology that NASA offers through SEWP, said Bob Guerra, a partner at Guerra Kiviat, a government IT market consulting firm. "GSA all along should have known that SEWP wasn't something they could just do."

Doan's argument that governmentwide procurement vehicles managed outside GSA undermine the government's spending power has some validity, said Frank Pugliese, a former GSA acquisition commissioner. But "picking which one you want to go after, that's another story," he said. Speaking about Doan, he said, "I don't fault her for being bold. GSA needed bold, that's for sure."

In addition to attempting to take over SEWP, sources said Doan has unsuccessfully tried for the Army Small Computer Program in Fort Monmouth, N.J.

Any argument that seeks to attack the legality of governmentwide acquisition contracts run by agencies outside GSA is faulty, said Steve Charles, executive vice president of immixGroup, a McLean, Va., consulting firm. Under the 1996 Clinger-Cohen Act, OMB has the power to designate any agency to run a governmentwide acquisition contract.

Doan "really needs to go back and double check the legal underpinning and the operational realities of what she says, because everybody I talk to in industry has said she's lost all credibility," Charles said.

]]>

Justice Scalia warns against 'bureaucrat' judges

David Perera — Wed, 13 Dec 2006 00:00:00 -0500

Low pay for federal judges threatens to undermine the U.S. judiciary system by letting it become the domain of provincially minded career judges, Supreme Court Justice Antonin Scalia said Wednesday.

"Judicial salaries stink," he said while speaking at a Northern Virginia Technology Council event. As a result, he continued, successful lawyers who can earn more in the private sector shun the bench while other lawyers make an entire career of climbing the court system, starting with a municipal or minor state position.

The career climbers are "going to be beady-eyed, cause-y people, more willing to take the veil," Scalia said.

Countries with legal systems derived from Roman law rather than Anglo-Saxon common law already suffer this problem, he said. In places such as continental Europe, judges are consistently promoted through the ranks, so long as they don't make waves, he said. "So you end up with a senior judiciary … that is made up of people who have never met a payroll."

Nonetheless, Scalia said the most fun he has ever had in government service was when he worked in the executive branch during the Nixon and Ford administrations. As a Supreme Court justice, "you don't work with a team of people at all," he said. "You're supposed to have your own opinion, maybe try to persuade others, but it's not teamwork."

Scalia also said he favors televising Supreme Court proceedings, if for nothing else than to show the American people that most of the workload centers around "Internal Revenue code, the [Employee Retirement Income Security Act], the bankruptcy code -- really dull stuff."

Scalia is among the nation's most vocal proponents of the legal theory of originalism - the belief that the Constitution should be interpreted according to the framers' original intent.

It can sometimes be difficult to figure out how the nation's founders would act today, Scalia said. "Sometimes you have to calculate the trajectory of the Constitution," he said. "I acknowledge that I don't have all the answers, but I should not have to persuade you that originalism is perfect. I just have to prove that it's better than anything else."

Proponents of the "living constitution" theory endanger the Bill of Rights by making it subject to reinterpretation, Scalia said. A logical consequence of the living constitution would be similar to the British parliamentary system, under which "whatever the Parliament says is constitutional is constitutional," Scalia said.

Growing intensity around the confirmation of Supreme Court justices in the Senate is a sign that theories other than originalism are destructive, Scalia said. If the high court is central in affirming rights, such as the right to privacy, then politicians find that the most important qualification for a new judge "is that this guy write the kind of constitution I like."

]]>

GSA, Defense reach agreement on acquisition policies

Daniel Pulliam and David Perera — Tue, 12 Dec 2006 00:00:00 -0500

The General Services Administration announced Tuesday that it has agreed to honor the Defense Department's interpretation of appropriations law when placing orders for Defense buyers.

In an agreement signed Dec. 4 by Shay Assad, director of defense procurement and acquisition policy, and Dec. 6 by GSA Chief Acquisition Officer Emily Murphy, GSA officials outlined a series of steps the agency will take to placate long-standing Defense concerns about interagency contracting.

The two agencies have disagreed about when federal law requires the clock to start counting the time remaining on contracts for services purchased on an annual basis, also known as "severable services" contracts.

GSA's position continues to be that it has about 90 days after a fiscal year ends to obligate money from an agency to vendors. Defense says no money can be held over from one year to the next, and GSA has promised to abide by that rule for all Defense purchases made through it.

"What we're doing here is complying with what the customer is asking us to do," said David Bibb, GSA deputy administrator, speaking to reporters Tuesday.

In the course of removing money held over from previous fiscal years from its books, GSA returned about $600 million to Defense during fiscal 2006, Bibb said. Money also was returned during fiscal 2005, but Bibb said he did not recall the exact amount.

The result of GSA's decision to acquiesce to Defense's interpretation will be that Defense must place its GSA orders earlier in the year than it might have previously, said David Drabkin, GSA's deputy chief acquisition officer. He added that GSA revenue should not necessarily suffer as a result.

Federal agencies oftentimes have yet to spend more than a quarter of their budget by the fourth quarter, but the Defense restrictions on holding funds over between fiscal years pertain to purchases made both inside the Pentagon and through outside agencies, Drabkin said, adding, "They'll have that challenge whether they spend it on themselves or spend it with us."

"There's no question that this is going to make it all a little tougher, but there also are tools that you could use to mitigate some of its effects," said Stan Soloway, president of the Professional Services Council, an Arlington, Va.-based contractor association. Rather than send over a purchasing request to GSA all at once, he said, Defense could send the money in phases to accomplish preliminary tasks earlier in the year.

Nonetheless, he praised the agreement, saying it clarifies a point of contention.

The memo outlining the agreement also detailed 22 acquisition areas on which GSA and Defense will work together. Among them are ensuring consistent purchasing practices across all 11 GSA regions.

Observers long have noted that GSA headquarters does not have direct authority over the regional administrators, but Bibb said standardization will occur. "GSA has operated as a matrix of operation for a long time," he said. "The central office issues the policies, controls the funding [and] controls the award pots. And not only that … [it] establishes the collaborative relationship that causes all this to work."

]]>