A Look Ahead

Industry and government managers see information technology as pivotal to the next administration's agenda.

When President Clinton signed the Clinger-Cohen Act in 1996, the goal was to overhaul the way government bought information technology products and services, and to create a chief information officer position so top executives would be informed about how IT could support agency missions. Five years later, President Bush issued his management agenda, which included expanding electronic government to "secure greater services at lower cost."

What should the next president's IT strategy be? To find out, the Association for Federal Information Resources Management, a group of government and industry IT specialists, invited technology managers and consultants from government and industry to take part in its annual roundtable discussion. This year's topic: How should the president use IT to help form government's management strategy? Should he build on what the Bush administration established? Or should a new administration follow a different path? Should IT play a bigger part in forming policies and government programs? The consensus is the 44th president has a unique opportunity to elevate IT to a strategic role. Considering how the candidates are using the Web as a strategic tool to support their campaigns, most agree technology will play a bigger role in the new administration.

The following is an edited transcript from the discussion in Washington, moderated by Executive Editor Allan Holmes.>>

Q: Let's start with what we mean when we say strategic IT. What does that term mean to you?

Young: I have a very simple definition: acquiring and managing IT as a means to an end, not the end itself. When I started at OMB five years ago a lot of people were focused on e-mail systems and CRM [customer resource management] and the acronym du jour. The focus now is how IT can improve program performance, and that's important because CIOs, to be strategic, have to be adding value, not to IT staff but to the secretary, to the constituents of that agency or department. In order to do that, they have to keep the lights on. E-mail has to be operational, bandwidth has to be supported, et cetera. Above that, they have to use IT to support a greater goal, a greater utility. CIOs who come to the table and add value are not the ones who say we need to require the CIO to report directly to the secretary; they're already doing that because of their performance, because of the way they view IT.

Balutis: The concept of strategic IT has changed. Going back to the enactment of Clinger-Cohen in the early years, a lot of things that were considered strategic elements of a plan, for example that we're only going to buy off-the-shelf products, are considered tactical today, and that's a good thing. Second, most analyst groups talk about the evolving role of IT. They say in the beginning you have a Web site, and then you're using IT for transmission, you're pushing information out. The third stage is a transactional stage where people can go online and actually do business. The final stage is transformational, the role of the CIO as almost being the CEO of transformation in the organization, using technology to shape the way the organization does business. That's the area that we really aspire to.

Having looked at many of the IT strategic plans around government today, there are a lot of them where I don't see any strategy.

Cureton: The key thing that we should focus on is being anticipatory. It's like we are CIOs running in front of a speeding freight train trying to keep from getting run over by the business. But if we're anticipatory and aligned the way we should be, we're in the cab with the guy driving the train, helping decide how IT can help shape the direction or deciding which track you go on.

Rodgers: At the end of the day, one of the challenges that IT strategy faces is that it has to link back to business strategy. I actually would argue that IT strategy within government agencies has evolved better and faster and more robustly than business strategy has across the departments. You end up sometimes doing an IT strategy for a broken business strategy. Unless you're part of that architect of change and you're part of shaping what that business strategy is, you end up architecting to the wrong future.

Krzysko: I work backwards here. Mission does matter. Technology is a key component and most from the business side realize that we can't devise where we're going without using technology. Information is key to those changes that we try to drive in our environments. But the mission is the key, not just the technology. We can't decouple those things.

Q: In 2001, President Bush laid out a management agenda that included expanding electronic government. The ad-ministration's goal was to improve the government's value to the citizen. What should the next president's overall IT strategy be?

Balutis: John Koskinen [deputy director of management at OMB from 1994 to 1997] likened this to ice-skating. In ice-skating you have the compulsories. You've got to be able to do some of the basics right. We need clean audits. We need performance metrics and budgets. We need this established record of an accomplishment on most of the government initiatives. And then you get into the freestyle and creative kind of aspects. This administration has given us a base in terms of the compulsories, and a lot of things are better because of these actions. The next stages are more around execution.

Westerback: One of the challenges in developing an IT strategy is truly understanding the business. At the Department of Commerce, we have multiple business lines and it's a true challenge for the CIO to understand those different business lines and have a vision of where IT can take them. As we transition to a new administration, it's a great opportunity for the CIO to get an education about those business processes and the direction the new administration would like to take them in.

Smith: One of the biggest challenges the next administration is going to have is understanding how what they're trying to do translates into an IT transformation, into a business transformation. The CIO's job is to make that translation. The successful CIOs have been able to say, this is the change you're looking for and this is how IT makes that happen-institutionalizes it-how IT can make that better.

Q: Does the next administration need to have an interest in and a knowledge of IT, and what can it do to understand how to make IT strategic?

Balutis: You'd hope that somebody might come in and be IT savvy or very supportive, but if you're in government, you have to play some role as a policy entrepreneur and you have to look at their agenda. Everybody is talking about change. So how do you enable that change? How can you use IT to save money to connect the dots, to connect those who know with those who need to know to streamline trade processes? Information. Because what are they passing out? It's environmental information, it's trade information, it's statistical and economic information.

Smith: Where you have to be able to talk is around this concept of information becoming an asset and the culture of information ownership. I see it happening across national security in all the different areas. The government owns the agency that collected it, and now it's theirs. That is something that across government is changing. From a president's IT strategy standpoint, that's going to be one of the major themes that people talk about. How do we move out of this information ownership and get toward more of a stewardship model of information? It's a central theme for us.

Q: What should be on the next IT agenda?

Young: The legacy of this administration on e-gov won't be to shut down duplicative systems, or cost savings, because it's narrow-minded to view it that way.

It's a change in the culture of sharing information and acknowledging that as a CIO or a program official, I don't have to own every asset in order to fulfill my mission. I can ask someone in the private sector to do this for me. I can buy service from an agency down the street.

When I started at OMB almost five years ago, we had 26 payroll systems. The average cost to process payroll was exceeding $250 per W-2. It's now $125 per W-2, and we now have four payroll systems. That's just a very small example of what we're able to accomplish if we work as one government, and that's something I hope and expect will endure beyond the Bush administration.

Rodgers: There are a couple of other hallmarks that are really important to stress that hopefully, regardless of who the new administration is, they will adopt. The first is this notion that the IT agenda or IT reform has to be part of a broader business transformation and a broader reform. Expanding e-gov was part of a broader set of elements of management reform. The second is this notion that you need to have that rallying cry-whether it's the President's Management Agenda or reinventing government or whatever the mantra is-as an organizing principle for cultural change. The third thing is the spirit of creativity and the spirit of invention. We're going to come together and we're going to work across silos and we're going to work across information boundaries that are sometimes legislatively mandated and say, "We're going to overcome that."

Krzysko: The next dramatic shift is how do we measure the value of what we provide as a government. I would like to change the lexicon to focus on value. We need to take some of the next steps and measure once, and not measure many times from many different perspectives, because that drives an inefficiency within the processes of government that are hugely burdensome on program managers, policymakers-everyone in the organization.

Q: How should the next administration manage IT security?

Liu: About two weeks ago there was a federal mandate to participate in the organizing of continuity of operations test and the SBA participated in that. I feel very strongly that throughout the federal government there ought to be more such tests, not only for systems but especially for communications. If we were to lose that and go out to AT&T or Verizon, what kind of operations do they have to serve us?

Paller: I want to reinforce this idea that we're going to find a balance between the demands of security and getting the job done that we got paid to do. My favorite story on that one is Lt. Gen. [Michael] Peterson, who is the CIO of the Air Force. He said we're going to force every desktop in the Air Force to have exactly the same configuration. And he did it over the dead bodies of people [who said,] "You can't do that. You're crazy."

And so he's on a bus [to work], and a sergeant walks by him, sees his name tag and says, "Excuse me, sir, are you the general who made us all use exactly the same desktop?" Peterson said, "Yeah."

And he said, "I just wanted to tell you thank you, sir. I work on the help desk. The users are phenomenally happier. We have half the work we used to do. They're getting their work done. I just want to say thank you because you changed my life."

I'm sure there are other people still cursing his name, but my point is the goal is not to find the balance between security and getting the job done. The goal is to make security so transparent that you get your job done naturally. It's an enabling job.

Q: How do you make that happen?

Cureton: After about a year at [a] center I went to the director, and I did the equivalent of taking my shoe off and beating it on the table to say, "You're looking to me to say fix it, and I'm saying to you, 'Look to your mission directors and say fix it, because that's where the problem is. The problem isn't here.' " I manage 10 percent of the technology at the center, but 90 percent of it's managed in the directorates under the control of the directorates. That's where the problem is. I can give you advice about what needs to happen to fix it, but the accountability needs to be there.

Balutis: One little codicil. I'm going to attribute this to Dave Wennergren, [deputy CIO] at the Defense Department. The CISO's job is to lock everything down, and so they're kind of a troglodyte, a Luddite. The IT sharing person is this crazy person who just wants to push everything out the door. Dave makes the point that it's not balancing information and security, it's sharing information in a secure environment that also protects the privacy of the individuals involved. If we can't do both, well, we're just not doing the job.

Westerback: There's an opportunity for the new administration to build relationships with the software industry to build on that security and the reliability of the software so it does truly become transparent.

Paller: That actually is the big strategic idea. Instead of buying the stuff the way they sell it at Best Buy and then asking you guys to make it military-proof, you put it in your procurements. It's hard to write, and the procurement guys are the main problem because they don't understand it so they back off at the last minute. The big strategic security solution turns out to be you buy it baked in.

Q: During his two terms, President Bush proposed annual IT budget increases between 1 percent and 7 percent or so. How much IT spending should the next president propose?

Young: If you look at this administration, the functional areas that we've invested in have closely mirrored the president's priority list: protecting the homeland, wars, serving veterans, improving health care. The next administration's priorities will and should dictate where we invest in IT because IT spending is a function of program spending.

Paller: Information sharing-that's one of the places where we talk about a lot and we don't do anything that works very well. It might be one of the cool areas where we could actually have a breakthrough. [Director of National Intelligence Mike McConnell] is talking about a change from the "something to share" to "the responsibility to share."

Smith: Responsibility to provide.

Paller: Responsibility to provide. We in government tend to not work together. The reason we don't work together isn't that the guys in government aren't willing to work together, it's they hire integrators who aren't willing to work with each other. So there's a time for government to coalesce and do things together. One of the big ideas that will happen in the next administration is this idea of taking responsibility to provide.

Smith: The change we saw when responsibility to provide came out was enormous. I credit it with the huge changes that were brought on by the White House always bringing in people who knew what they were trying to achieve and had clarity and purpose.

Schmidt: There needs to be a framework in the executive leadership that gives us some authority to take some of those leaps because the culture is against that. That's where leadership comes in: understand risk, understand what our boundaries are.

Krzysko: It is executive leadership. But it's not only at the presidential level; it has to permeate all levels of government. We have to work within our organizations to understand the technology and the changes that have to occur around that capability. That is going to be a huge shift over a period of time. We have to come back to people. They have to understand the capabilities they now have and say, "What if?" I would contend the next generation already does that because they have grown up in a Google-like environment. We have to institutionalize that within the federal space.

Q: The workforce is shrinking and being replaced by younger workers who have grown up with Web 2.0 technologies and expect to use them in a work environment. How does government manage this? Balutis: There is a tremendous opportunity within this exodus. In fact, I'm on record for some period of time saying it's time for them to go because it actually could enable a lot of the change that we're encouraging. The issue is whether government facilitates that change or resists it. The role of government is to deal with some of the issues that are associated with these collaborative technologies. That means dealing with security, privacy and process reengineering.

Young: The thing that attracted me to government was mission, but this was five years ago. Things that attract the younger generation to government now may not be mission, but it's the opportunity to contribute in a meaningful way using technologies that they're used to and that they expect. The solution here is not fighting the utilization of new technologies; it's acknowledging that certain things have to be in place and we're going to manage it.

Cureton: With Web 2.0 technologies, everywhere is an application-hosting environment. We learned how to go from a mainframe to a PC environment. We'll learn how to manage this environment. As managers of technology we're going to have to do-just like your fathers did after the mainframe-learn how to manage in this environment and learn how to embrace it.

Liu: The seasoned workforce needs some kind of provision to ask for retirees to come back on a voluntary basis, let's say, to mentor the younger workforce. It would be very tough to get a younger workforce to join the federal government that knows about project management, program management, security management. They don't want to deal with that. They want to deal with Web 2.0 technologies, especially like YouTube and that kind of stuff. Rodgers: I remain very optimistic about what the next administration will do, because if you look at the campaigns, they're using Web 2.0 as a means of connecting and enabling and empowering and making it much part of the process. As we look at how they will use these technologies to execute whatever their agenda may be, I remain very optimistic about where we're going. This generation, which is dramatically different, uses and thinks about technology not just for work, but for personal life. I am optimistic that whoever is president will understand that.

Q: Oversight of procurement is picking up. What would you say to the next administration about how to approach procurement?

Paller: It's not about procurement. It's about writing the right requirements. If we ever even got close to that, procurement would be seen as a wonderful thing. It's a pain only because we write bad requirements. Everything else propagates because we don't know what we're asking for and contractors take advantage of that.

Smith: It's like location, location, location in housing. It's requirements, requirements, requirements.

Young: The government is not held accountable for writing clear performance metrics, not just requirements, but service metrics that you want to attain. When a [request for proposals] goes out, you spend many weeks writing a response because you're trying to interpret that crystal ball. There's not someone on the giving end who is held accountable when the responses that come in don't meet the quote-unquote requirements. We need accountability for the people who are writing these things. When it's unclear, shame on us, the government, not shame on the contractors for giving these lackluster technical approaches and cost proposals.

Cureton: I'm not so sure that procurement needs to be reformed, but I do think the relationship between CIOs and chief acquisition officers needs to be reformed. That relationship needs to be a partnership. It's being able to sit down with my procurement partner, understanding what I'm trying to accomplish and giving advice about how to get there.

Q: Now that we have discussed this in some depth, how would you summarize what the next president's IT strategy should be?

Rodgers: The IT strategy for the next administration has to have a bias for action. We were talking about it earlier with security. You end up having a new set of things that you're going to try to address for security. Instead of trying to work to solve the problem, we end up getting caught up in paperwork.

Paller: IT people have to start pretending that they can talk business. This idea that I'm an IT guy, so I can't talk business, is just a silly statement. It's like saying I'm not a French guy so I can't speak French. It's just not true. What you do is you find some bridge, and the bridge is the person who carries it with you.

Liu: As a taxpayer I feel there have been a lot of huge investments made throughout the entire federal government on infrastructure, on security, on e-gov initiatives. I'd like to see the next administration promote standardization throughout the federal government for better information sharing, collaboration, leveraging on the existing infrastructure and expanding on the infrastructures.

Krzysko: Focus on value and the value to mission, business and technology. Measure that value and measure your speed in obtaining that value. Last but not least, lead a workforce to that creation.

Cureton: A couple of questions need to be asked and answered. How can IT help what I want accomplished? Whatever that is, how can IT anticipate, enable and support that? The next one is what are the innovative ideas, technologies and thoughts that can be applied to this? Looking at CIOs, what are the skills needed? What are the skills-team leadership, executive leadership, change management.

Westerback: Driving actively toward ensuring that IT security and privacy are transparent, or baked into our software and hardware. In my day-to-day life, we lose so much time documenting our security practices. If we could redirect all that time and energy to a more productive use, we'd all be a lot better off.

Young: The first thing I'd recommend is to develop and implement any new IT strategy with the career staff. For these things to be enduring and positive, they have to be collaborative, and be done in close partnership with the career staff. Second, recognize the successes in place now, as opposed to starting from scratch. Acknowledge failures, but build upon current successes and maybe rebrand them. Third, invest in government and challenge the status quo at every corner. Last, and most important, invest in the workforce because while technology is great, people actually get things done.

Smith: In the sharing area, we have a lot of leadership right now. A lot of transformation is occurring. In the security area, we are on the cusp of a lot of things going on in a lot of areas. In the privacy area, there needs to be a lot of work around what is the framework we are working on. Privacy has completely changed. CIOs need to be thinking about what is privacy.