Government Executive - Authors - Jill R. Aitoro

Flagging Fraud

Jill R. Aitoro — Mon, 01 Nov 2010 00:00:00 -0400

Billions of dollars are lost each year to payment errors and bogus benefit claims, and agencies are turning to technology for help.

In the past few years, 14,000 felons, both fugitive and jailed, raked in $230 million in federal benefits they were not entitled to receive. Twenty thousand dead Americans earned $180 million. In 2009 alone, the federal government made $110 billion in improper payments-that's nearly double the amount taxpayers will end up shelling out for the massive financial bailout, according to the latest estimates from the Congressional Budget Office. The Office of Management and Budget breaks down the numbers like this: One-third of improper payments can be explained by poor documentation that makes it impossible to verify whether they were accurate, and another third result from failure to confirm individuals are eligible to receive the payments in the first place. The rest boil down to simple program errors, or people duping the system.

"Just as important as the choice of what strategies to pursue is how we pursue them," Jeffrey Zients, federal chief performance officer and now OMB interim director, said in a memo that outlined a series of goals for improving IT performance. "Where efforts are off-track and a team is not making the necessary midcourse corrections, we will work with them to get efforts back on track. Where progress is being made and breakthroughs achieved, we will celebrate success and work to spread best practices for achieving results across government. Where progress toward a goal shared by multiple agencies requires interagency coordination, or where agencies face similar problems that could benefit from cross-agency attention, we will facilitate those efforts."

Among the agencies that likely will fall under the microscope is the Internal Revenue Service. More than a quarter of the $48.1 billion in payments made under the Earned Income Tax Credit for low- to moderate-income workers were incorrect, according to the research firm INPUT. Refunds went to recipients for taxes they didn't owe, even though data on workers' income and tax contributions are readily available on the W-2 forms that employers file.

"Agencies should be able to access more seamlessly information [that would help] prevent these clearly ineligible beneficiaries from receiving payments," says Danny Werfel, controller of OMB's Office of Federal Financial Management. "That requires administrative steps that allow existing data sets to be accessed and linked, and additional data sources created when necessary. We do it, but we need to do it more."

In July, President Obama signed the 2010 Improper Payments Elimination and Recovery Act, saying it would reduce waste and fraud by $50 billion by 2012. The law requires agencies to conduct recovery audits for programs that spend $1 million or more annually, review programs susceptible to significant payment errors every three years, and plan corrective actions for preventing future waste.

The White House also launched PaymentAccuracy.gov, a public website to track progress in reducing improper payments, and established the Do Not Pay List for agencies to verify individuals' or contractors' eligibility before making payments. Agencies were instructed to establish prepayment controls that systematically confirm eligibility of payment beneficiaries with existing databases, including the Social Security Administration's Death Master File and the General Services Administration's Excluded Parties List System that tracks companies barred from receiving federal contracts. At the same time, OMB is leading an initiative to integrate relevant databases into a central portal agencies can check prior to making payments.

"There's an element of cultural change that has to take place," says Frank Blaul, senior vice president of government services at Equifax. The consumer credit reporting agency is among the companies providing input for a white paper OMB is producing in partnership with the industry group TechAmerica. The document will lay out a phased approach to eliminating fraud, waste and abuse in government programs.

"Some agencies have better defined processes than others, but there is no silver bullet," Blaul says. "There needs to be an evaluation of current systems so improvements can be made, implementation of technology to help mitigate errors, and establishment of policy to ensure these programs are monitored."

Technology, Werfel agrees, plays a critical role in enabling access and integration of data, "so agencies can make smart, informed judgments before payment are made." But no single technology solution will address all risk of fraud or waste in federal programs. Agencies will have to customize data mining and analytics software to extract patterns from information and to flag anomalies, he says.

The Health and Human Services Department, whose Medicare program accounted for $24.1 billion in improper payments in 2009, according to a June report from the Government Accountability Office, plans to install data analysis tools to root out fraudulent payments in that program, as well as Medicaid and children's health insurance programs. Under a rule introduced in September, the Centers for Medicare and Medicaid Services will deploy computer applications that alert administrators to suspicious activities in the systems that process requests, including unusual patterns in billing and applying for services.

"The proposed regulations [provide] important new tools to help us move from a 'pay-and-chase' approach," which identifies unscrupulous acts after the government has issued a check, "to one that makes it harder to commit fraud in the first place," CMS Administrator Donald Berwick said during a conference call with reporters in September.

The agency will buy more sophisticated analytical tools to screen applications to enroll in the program and to identify patterns in phone calls to the toll-free Medicare hot line from beneficiaries who flag possible problems in the program. CMS also is seeking public comment on the rule's proposal to collect fingerprints from health care providers and suppliers, which would be checked against law enforcement databases.

Technology solutions depend largely on individual programs, all of which face different challenges in closing loopholes or addressing flaws in their systems. For the Agriculture Department that means finding a way to prevent school employees from ringing up the cost of meals incorrectly, which led to $1.6 billion in improper payments through the School Lunch Program in 2009, INPUT reported. That objective is distinct from HHS identifying individuals attempting to defraud the health insurance system, or the IRS flagging errors taxpayers make in filing their own returns.

"For the most part, these capabilities are developed as situations arise and are tacked onto the systems that are currently in place," says John Reece, an independent IT consultant and former chief information officer at the IRS. "When we did modernization, we did a thorough re-examination of fraud and nonpayment and late payment of taxes. Those modernized systems reflected our best thinking then, but they've been updated since and will be again. The key is to put in place end-to-end systematic controls that can identify [incidents] of fraud within the program that need to be addressed." The simplest solutions often have the biggest impact. Electronic benefits transfer cards, which replaced paper checks for distributing Food Stamps to low-income people, have reduced improper payments at the Agriculture Department from 38 cents per dollar to 1 cent per dollar since 1999, according to INPUT. GSA had a markedly different result when it deployed charge cards governmentwide for small and routine purchases. The SmartPay cards were intended to reduce fraud and waste, but they actually did the opposite. The program has been the subject of numerous congressional hearings and Government Accountability Office reports that revealed employees used the cards to purchase personal items.

"The amount of fraud that slipped through as people tried to control cash and reconcile paper forms was one of the many reasons that drove us to use credit cards in the first place," says Alan Balutis, director and distinguished fellow with Cisco Business Solutions Group. Balutis was chief information officer at the Commerce Department when it first began testing the use of charge cards in the mid-1990s. Software linked to the cards can identify potential fraud and waste-flagging charges for certain vendors or products deemed off limits, for example, or notifying administrators when employees exceed caps on expenditures.

"The problem then and now is the lack of any desire by managers to actually examine the data and take action when the system begins to note certain irregularities," he says. "The failure has never been with the card or the card technology, which has only gotten more powerful and exact over the years; the failure is that no one is paying attention. Do we need some device like the ones in Rube Goldberg cartoons, where smoke bellows out and lights start flashing whenever something abnormal is detected?"

Though automated processes can go a long way in identifying anomalies in financial systems, the human element is crucial to targeting the right data and taking steps to address problems once they're identified.

"We've got terabytes of data coming in, but they're only as power- ful as the intelligence behind the questions that we ask them to answer," Werfel says. "[Agencies] need to take a multidisciplinary approach to formulating these queries that includes the right combination of people who understand how fraudsters might take advantage of the complexities of the program.

That's all about analytics and human intelligence, as much as technology. It's where I see the greatest promise for development."

Technology change breeds operational change, which breeds cultural change, Balutis adds, noting agencies have to consider all three if they want to see any true return on investment.

"Sometimes we turn to technology as if it is going to be the panacea, without taking a look at some of the other aspects of implementation," Balutis says. "How do you deal now with the vast array of information you're going to get, and the speed with which it's going to occur? To some extent, it takes considerable rethinking of processes and operations."

]]>

From Nextgov.com: Progress is slow on cybersecurity goals, GAO reports

Jill R. Aitoro — Thu, 07 Oct 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

From Nextgov.com: Supreme Court hears arguments in NASA privacy case

Jill R. Aitoro — Tue, 05 Oct 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

Technology by Design

Jill R. Aitoro — Fri, 01 Oct 2010 00:00:00 -0400

Enterprise architecture shifts IT strategy from the computer room to the boardroom.

At its core, enterprise architecture is less about computer applications and more about management. That's why Randy Hite, director of information technology architecture and systems at the Government Accountability Office, says assigning the responsibility to the IT shop is the tail trying to wag the dog. "Enterprise architecture has to be owned by the executive leadership, the business owners and the CXOs," he says.

In August, GAO released the second version of its Framework for Assessing and Improving Enterprise Architecture Management- first issued in 2003-which included seven hierarchical stages. Stage one, according to the report, is establishing "institutional commitment" to the IT strategy, with recognition from top executives.

"EA is a tool that is going to help the senior executives guide and direct the organization, so it has to be owned by them," Hite says. "There needs to first be an understanding by top executives of what EA is, followed by buy-in of this as a corporate strategic asset."

Defining enterprise architecture, which is somewhat conceptual, is not easy. Many equate it to IT consolidation and standardization: streamlining computer systems and applications so different business units borrow from the same resources. Though not wrong, the definition isn't comprehensive either, Hite says, since it focuses squarely on technology. Viewed properly, enterprise architecture focuses predominantly on the mission and how technology can support it.

"More times than not, the way an enterprise has been organized defines how it delivers services," Hite says. "But the promise behind EA is you suboptimize the parts in order optimize the whole."

This requires cooperation among many disparate entities, which in itself can be a challenge. GAO recommends agencies establish executive committees that include representatives from all business lines-such as acquisition, human resources, finance and information systems-to ensure the architecture is implemented properly and considered in daily operations and project planning.

"Within the federal government, there are different owners for [most] of the individual management disciplines you see. Everyone has developed their own turf, with the strategy being, 'I do my bit, throw it over the transom and move on,' " says Michael Dunham, manager for enterprise transformation services at WBB Consulting and former chief enterprise architect for the Treasury Department. "The enterprise architecture can help inform an organization's strategic plan by defining where an agency wants to go and where the agency currently is in terms of assets. But that dialogue is not as healthy as it could be. EA is just seen as background noise."

The 1996 Information Technology Management Reform Act makes chief information officers responsible for developing and maintaining an agency's enterprise architecture, and each Cabinet-level department has a chief architect to drive its implementation. But most agency initiatives are driven from the program office, and top officials must reinforce requirements for program managers to consider the enterprise architecture during their planning, Dunham says.

"Executive endorsement is there in pockets, but certainly not across the board. Most folks are politicos who will be there for two or three years to perform a specific function; it's few that are coming in and wanting to be really transformational."

Part of the problem is leadership seems to be waning-at least at the highest levels. President Bush's management agenda assigned agencies color-coded scores for progress on plans that link technology to core missions, but enterprise architecture has barely earned a mention by the Obama administration. Any traces of accountability from the Office of Management and Budget, which declined comment for this article, seem to have disappeared.

"We always knew governance was important. We'd say we needed buy-in-somebody to sprinkle holy water on this approach of EA so everyone would say hallelujah," says Richard Burk, who was chief architect at OMB from 2005 to 2007 and is now an independent consultant. "My observation now from outside government is that it hasn't been supported during this administration; or if it has been, I don't know where the support has showed up."

Bob Haycock, OMB's first chief architect from 2002 until 2004, also notes lackluster momentum. "I was lucky enough to land in OMB at that point in time when there was a commitment to EA as both a strategy and an approach," he says. "For those couple of years, it was really significant. Since then, it's dropped off the radar." The emphasis now is on what Haycock calls the "latest flavors of the month," including cloud computing and Web 2.0 collaborative applications.

"Often one approach is pushed aside for what people view as an alternative, but it's really not," he adds. "All these [strategies] still require the structure that is established through an enterprise architecture to understand how services are defined and how they interact. These are all good, effective technologies, but there needs to be some foundation."

That foundation takes time to create, and officials with the Obama administration are more focused on "throwing data out there for people to use as they choose," says one former federal architect who asked to not be named. "EA is structured by nature and won't result in the same kinds of quick wins."

Enterprise architecture does not need to be one massive undertaking that demands excessive allocation of resources and funds, observers say. GAO's latest version of the EA Framework provides guidance for agencies to establish a conceptual model of what their enterprise architecture would look like and then to take a phased approach to introducing changes in operations. The key is to make sure the processes and technology support the "contextual blueprint" laid out by the architecture, Hite says, "so you can reap value without necessarily boiling the entire ocean."

There are hints of progress. In March, federal Chief Architect Kshemendra Paul issued OMB guidance requiring agencies to evaluate the National Information Exchange Model for sharing data across government. The Homeland Security and Justice departments launched NIEM in 2005 to encourage agencies to design processes that enable jurisdictions to share information in emergency situations and day-to-day operations.

To Burk, sharing capabilities across government is a key advantage to EA.

"Sometimes we should ask ourselves whether we need to be in this business," he says, noting those initiatives that perhaps support or enhance agency operations, but might not be central to the mission. "The answer in a lot of cases is a resounding no."

In another step forward, the Defense Department in May approved the second version of its architecture framework, which focuses on "data rather than on developing individual products as described in previous versions," the department stated on its website. In a memo announcing the second version, Defense CIO Dave Wennergren noted plans to develop a virtual platform that will allow for incremental changes to the architecture based on user feedback.

Defense also joined the United Kingdom, Canada and Australia to establish the International Defence Enterprise Architecture Specification Group to explore ways to make defense architectures interoperable and to ease joint military operations planning. The project is in the initial stages.

"It's clear that the discipline has matured markedly, but now we face the hard part," Dunham says. "This is not just rearranging chairs on the deck of the Titanic. This can lead to some significant transformation if people will just pay attention-where the hell are we, and where we want to go."

]]>

From Nextgov.com: Results of cyber drill will help shape final version of response plan

Jill R. Aitoro — Wed, 29 Sep 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

From Nextgov.com: Senate panel tries again to push through data breach bill

Jill R. Aitoro — Thu, 23 Sep 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

From Nextgov.com: Intel’s purchase of McAfee not a game changer for security

Jill R. Aitoro — Fri, 20 Aug 2010 00:00:00 -0400

Intel Corp.'s acquisition of antivirus software company McAfee Inc. will provide the computer chip manufacturer with real-time data about cyber threats that could influence how security is managed at the processor level, but it will have little direct impact on product development, according to security experts.

Read the full story on Nextgov.com

]]>

From Nextgov.com: Most attacks on federal networks financially motivated

Jill R. Aitoro — Fri, 13 Aug 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

From Nextgov.com: Agencies could be prone to new kind of sophisticated cyberattack

Jill R. Aitoro — Tue, 10 Aug 2010 00:00:00 -0400

Federal computer networks are vulnerable to the same type of sophisticated cyberattack that recently cost a global bank more than $1 million in a month, according to a security company official.

Read the full story on Nextgov.com

]]>

From Nextgov.com: DHS moves forward with financial management system

Jill R. Aitoro — Tue, 20 Jul 2010 00:00:00 -0400

Members of a House committee questioned a massive financial management system modernization at the Homeland Security Department, although officials said on Tuesday the department plans to move forward with the project.

Read the full story on Nextgov.com

]]>

From Nextgov.com: VA ends financial management modernization project

Jill R. Aitoro — Tue, 13 Jul 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

From Nextgov.com: TSA will miss cargo screening deadline

Jill R. Aitoro — Thu, 01 Jul 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

From Nextgov.com: Key lawmaker emphasizes need for new border security technology

Jill R. Aitoro — Wed, 30 Jun 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

From Nextgov.com: Obama administration cracks down on late, over budget IT projects

Jill R. Aitoro — Mon, 28 Jun 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

White House to unveil revised ID management plan Friday

Jill R. Aitoro — Tue, 22 Jun 2010 00:00:00 -0400

The White House on Friday will release the second draft of a plan for managing identities in cyberspace, President Obama's cyber chief said during a conference in Washington.

Read the full story on Nextgov.com

]]>

From Nextgov.com: Panel to recommend certifications for cybersecurity workforce

Jill R. Aitoro — Fri, 04 Jun 2010 00:00:00 -0400

A commission established to advise the Obama administration on cybersecurity issues will release a report with recommendations for establishing a more skilled, abundant cyber workforce in federal government through a certification process.

Read the full story on Nextgov.com

]]>

From Nextgov.com: First responders still struggle to communicate, despite technology standards

Jill R. Aitoro — Thu, 27 May 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

From Nextgov.com: Internet censorship proves counterproductive in curtailing terrorist recruitment

Jill R. Aitoro — Wed, 26 May 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

Energy Smarts

Jill R. Aitoro — Wed, 21 Apr 2010 00:00:00 -0400

The digital explosion in the federal government during the last decade has led to efficiency, innovation, and perhaps most apparent to those paying the power bills, data center sprawl. Now the Obama administration is trying not only to streamline operations and lower costs, but to cut energy consumption as well. Between 1998 and 2009, the number of server farms supporting agencies' information technology networks grew from 432 to 1,100, according to the Office of Management and Budget. Last year, the federal government spent $19 billion on IT infrastructure.

"It makes no sense to continue spending on this trajectory, as more and more of our data processes move to the digital world and the demand for computing power increases," says federal Chief Information Officer Vivek Kundra. "But this is not just about consolidation and cost savings. It's about green IT-making sure these data centers that are right now energy hogs, incorporate [more efficient] engineering."

In February, Kundra announced in a plan to centralize IT services for civilian agencies and consolidate the 1,100 data centers throughout government. The plan requires agencies to submit an inventory of data centers to OMB by May. A consolidation plan for reducing that number is due in July. Agencies then will provide a more detailed inventory of specific systems and processes by August, which OMB will use as a baseline for putting the consolidation plan into effect later in the year. It will include a technical roadmap, with specific approaches and targets for hardware, energy and cost efficiency.

"We're doing a detailed analysis -- agency by agency, bureau by bureau, data center by data center -- to understand the systems and applications deployed and define what we can do without compromising the mission of these agencies," Kundra says. "We're laying down a strategy to build a foundation that allows agencies to procure technology in an intelligent way. This won't happen overnight."

Leading the data center merger is Michael Duffy, CIO at the Treasury Department, and Richard Spires, CIO at the Homeland Security Department. DHS has been conducting a massive consolidation on its own, migrating 24 data centers into two megacenters-the primary hub known as Data Center One, based at NASA's Stennis Space Center in Mississippi, and a second facility that will act primarily as a backup. The department has not released the location of the second data center.

To ensure energy efficiency, Congress has held back more than half the nearly $83 million budget for Data Center One until DHS upgrades its power capabilities. So far, five of the department's 24 data centers have been migrated to Stennis, as DHS spends the $38.5 million appropriated to improve electrical service and equipment, generators, chilling mechanisms and information technology, according to FedSources.

"From a green IT perspective, one can imagine that the consolidation in itself will provide significant energy consumption savings over time, because you're cooling just one data center," Spires says. DHS is investing in advanced chilling systems that cool only the server areas, rather than the entire facility, he added. "Industry as a whole needs to solve the problem of power management," says Andy Lawrence, research director for eco-efficient IT at the technology analyst firm 451 Group. "A server doing 10 percent of the work should be using 10 percent of the power, but at the moment, it's using much more."

Perhaps the greatest energy-saving potential is in virtualization, a technology that partitions one physical server into multiple virtual servers to maximize capacity. "It's very, very common for servers to run at less than 25 percent utilization, which means they're being powered to do little or nothing," Lawrence says. "Simply put, virtualization is a solution that helps ensure people turn servers off when they're not being used. But the reality is that nothing in green IT is simple; it's all pretty complicated."

The Los Alamos National Laboratory virtualized 300 servers and retired three data centers, avoiding $1.4 million in hardware, software, facility and energy costs. "We were running into the proverbial brick wall in terms of power and cooling and floor space," says Anil Karmel, a solutions architect working in the network and infrastructure engineering division at Los Alamos.

Capacity planning tools delivered metrics about the processes running on computer servers, which helped the lab configure the virtual platform for maximum efficiency. If one process requires a lot of capacity during the day but little at night, for example, a portion of that capacity could be transitioned to another virtual server during the evening hours to support a different process.

Los Alamos is developing an internal computing cloud that will allow users to access resources for particular processes through an online portal and then return the resources to the cloud when the processes are complete.

Karmel says education is the biggest challenge with any virtualization or cloud computing project, because many IT specialists "want to be able to put their hands on a physical box, push that power button and know it's there." The lab incorporated into the cloud a tool that calculates the energy being saved by using the virtualized environment versus a physical computer server. Each time users sign in to the portal to allocate computing power to a particular job, they'll see the amount of energy savings.

"Does the general computer user understand green IT? Not necessarily," Karmel says. "We're dynamically computing energy savings and publishing that for users to see, and then totaling those numbers to reflect the amount of energy we're saving year over year."

Beyond educating users about the energy savings, data center consolidation requires detailed planning. Each time DHS migrates an application to Data Center One, for example, a backup must be maintained until the department can confirm the application is fully up and running in the new location.

"It's critical to have a good partnership between the current organization that is operating those assets and those on the receiving end," Spires says. "As we try to optimize these systems for green IT and efficiency, we need to ensure that systems that must be up stay up."

]]>

Energy Smarts

Jill R. Aitoro — Thu, 01 Apr 2010 00:00:00 -0400

Data center consolidation offers an opportunity to go green.

"We're doing a detailed analysis-agency by agency, bureau by bureau, data center by data center-to understand the systems and applications deployed and define what we can do without compromising the mission of these agencies," Kundra says. "We're laying down a strategy to build a foundation that allows agencies to procure technology in an intelligent way. This won't happen overnight."

]]>

From Nextgov.com: Napolitano freezes spending for high-tech border security project

Jill R. Aitoro — Wed, 17 Mar 2010 00:00:00 -0400

Read the full story on Nextgov.com.

]]>

From Nextgov.com: Cyber exercise aims to teach the good guys to think like the bad guys

Jill R. Aitoro — Thu, 18 Feb 2010 00:00:00 -0500

The National Defense University plans to hold its second cybersecurity contest in March as a way to teach federal information security professionals how hackers try to penetrate systems to cause damage, a skill overlooked in training but needed to be able to spot and block such attacks.

Read the full story on Nextgov.com

]]>

From Nextgov.com: Simulation shows government lacks policies needed to respond to cyberattack

Jill R. Aitoro — Tue, 16 Feb 2010 00:00:00 -0500

A simulation of a widespread cyberattack against the nation's critical infrastructure on Tuesday demonstrated the cascading effects an attack can have on networks and the difficulty the government would have in quickly responding, including dealing with civil liberties and how to work with corporations.

Read the full story on Nextgov.com

]]>

From Nextgov.com: HHS awards millions in grants to advance health IT initiatives

Jill R. Aitoro — Fri, 12 Feb 2010 00:00:00 -0500

The Health and Human Services Department will award more than $750 million in grants to support state and local efforts to drive adoption of electronic health records systems by practitioners and hospitals, HHS officials announced Friday.

Read the full story on Nextgov.com

]]>

From Nextgov.com: Government takes layered approach to aviation security

Jill R. Aitoro — Thu, 04 Feb 2010 00:00:00 -0500

The Homeland Security Department is developing new baggage and passenger screening tools and explosive detection technology in the aftermath of the attempted Christmas Day bombing of a Detroit-bound airliner, an official told a House panel on Wednesday.

Read the full story on Nextgov.com

]]>