Concentrating Power

Chief information officers are growing stronger as agencies consolidate technology.

"I never want to be called the queen of technology," says Christine H. Liu, chief information officer at the Small Business Administration. Liu, the agency's CIO since April, says her job is far broader. She must strategize with the business side of SBA to meet the agency's mission.

When speaking with agency executives, CIOs should describe technology in terms of what it will accomplish, says Karen Evans, Office of Management and Budget administrator for e-government and information technology. Agency heads "don't necessarily want to know about bits, bytes, encryption," she adds. "You have to be able to talk about the value of a program in three minutes or less. It's the elevator speech."

CIOs have made measurable gains in power and responsibility in recent years. IT offers profound ways to shape operations by speeding information to those who need it, when they need it. "We truly are transforming the way that [agencies] do business," says David M. Wennergren, Navy CIO.

Most agencies begin that process by consolidating their internal infrastructure. A tangle of disparate systems that trap data into stovepipes is the opposite of the seamless information sharing environment agencies say they need. But getting there requires shutting down old systems, which takes centralized IT authority.

The Veterans Affairs Department, for example, announced in October 2005 that it will make the IT operations and maintenance functions of its three administrations the responsibility of the headquarters CIO. Information technology spending also now gets its own line item in the budget, theoretically making it harder for the administrations to divert IT dollars elsewhere.

The Justice Department began funding its CIO shop through a line item appropriation starting in fiscal 2006. "It was difficult to operate the other way, given the amount of change that I was trying to bring to the department," says Justice CIO Vance Hitch. Still, opinion in the IT community can be divided over whether it's worth gaining the exposure that comes along with a single fund. Better to remain hidden from the inquisitive eyes of budget cutters, who are unappreciative of the role of federal IT, they argue. "A big pot of money is always a target," Hitch acknowledges. "The only thing I can do is make my case" for IT as a strategic partner, he adds.

Martha Morphy, CIO of the National Archives and Records Administration, says she has it relatively easy when it comes to communicating with the business side, because her agency is small. "I can walk to anybody's office and sit down and have a discussion with them," she says. "When you're in a small organization, it's very much like a family."

Infrastructure consolidation done across multiple federal agencies is trickier to pull off-though OMB gamely keeps at it despite deepening congressional skepticism. "Consolidation, when taken too far as an objective, can become an excuse to usurp decision-making from agencies, and leave them without the ability to acquire the critical technology to become more efficient and effective," says a Senate Appropriations Committee report accompanying the Commerce, Justice, Science related agencies fiscal 2007 appropriations bill. The committee allotted no funding for agencies under its control to spend on e-government or OMB's lines of business initiatives, both of which are attempts to merge administrative systems into a pared-down few used by many agencies.

Congress and OMB really are after the same thing-cost-effective spending that boosts agencies' ability to meet their missions-but it's been hard to deliver that message successfully, says Evans. The benefits of consolidation and IT reuse more often are found in cost avoidance than cost savings. Those with long experience in IT say it's self-evident that when better results are achieved without additional outlays, extra dollars are freed up. "We are avoiding costs in the future," Evans says. Negative congressional language "reflects the fact that I need to do a better job of communicating," she adds.

The Trouble With Sharing

To a great degree, the improved data sharing that Congress wants must go hand in hand with consolidating IT systems. Making data portable and accessible requires moving it out of locally based client-server solutions. "In today's world, you have to be part of a broader enterprise," says Wennergren.

Technology is moving in that direction anyway. Take service-oriented architecture, for example. SOA aims to create a plug and play software environment of loosely coupled IT functions linked either through a registry of applications with standard data interfaces, or through middleware known as an enterprise service bus. SOA theoretically would allow agencies to create applications to accomplish common IT actions and then to share those applications across agencies and even government- wide. SOA arrived accompanied by blasts of industry-generated hubris that hasn't entirely panned out.

Implementing it creates problems not always accounted for in vendor presentations. For example, if different parts of the government dependent on different funding streams start relying on each other for IT applications, then how will they accommodate the law that prevents one department from supplementing another's budget? How can the government institute a SOA governance structure that doesn't penalize agencies for creating a popular application by overloading their infrastructure?

Those are real-life problems that probably will check reuse of applications across government. "There's always going to be a need to maybe have a separate service when there are things like demand issues, or the need to control things more," says Charlie Armstrong, the Homeland Security Department deputy CIO. Another pressing problem, he adds, is whether contractors should be allowed into the federal SOA structure. That would be more cost effective, but "then what happens if our service isn't up for some reason?" Armstrong asks. In that case, how will vendors be held accountable for service delivery?

Service-oriented architecture does present challenges to the status quo. "Technologies and opportunity changes emerge, [but] organizations change their structure a little more slowly," Wennergren says. But the money argument also can hide deeper cultural resistance to the kind of world SOA will create. "We often use money as the excuse not to do change," he adds.

Machines With E-Mail

Another technology on the CIO watch list is the next generation of Internet protocol, IPv6. An August 2005 governmentwide mandate requires agencies to enable network backbones to handle IPv6 traffic by June 30, 2008. It's also a technology that offers a good demonstration of how CIOs should, in general, communicate with their business peers, Evans says. IPv6 promises to restore the original Internet vision of end-to-end connectivity by increasing potential IP addresses to 340 undecillion (or a trillion trillion trillion), which is more than the stars visible in our universe (about 70 sextillion).

Under the current protocol, IPv4, networks often must resort to middlebox devices that share a single IP address. It's a system that's sufficient for now, but it limits innovation. Imagine if everything had an IP address. Out of bread? Your breadbox would text message you. Need to know exactly where in transit a pallet of equipment being sent to Afghanistan is? The pallet (with a radio frequency identification tag) would e-mail you its location. "The technology that you can deploy [with IPv6] is going to be endless," Evans enthuses. But when talking up the possibilities, CIOs should avoid launching into the intricacies of packet headers and router refreshes, she notes. "The CIO has to be able to walk in a lot of different lanes, and then translate that back to 'How can I use technology in an efficient way,' " she adds.

IPv6 is one of many technology mandates that OMB recently has churned out. "A number of things that are absolutely essential are coming out of OMB," says Justice's Hitch. "The only thing that I would ask is that they heed the light touch as opposed to the heavy touch in terms of what they're asking for and the time frames they're asking for it. Just be realistic, given the fiscal situation and everything else."

Among the OMB deadlines agencies are scrambling to meet is Oct. 27, when Homeland Security Presidential Directive 12 obliges agencies to start issuing interoperable smart card identification badges designed for entry into buildings and access to computer systems. Eventually, everyone regularly working inside an agency will get one. Most officials concede their agencies will barely meet compliance requirements. In fact, some IT executives expect a raft of 2007 inspector general reports on whether HSPD 12 has been satisfied.

But over the long run, HSPD 12, too, presents an opportunity for agencies to revolutionize their business processes with a new technology. The card will do more than increase the security of physical and computer access, its proponents say. Once the infrastructure is in place, the card will become in effect an authoritative identity authentication mechanism that could be used in oodles of transactions. "What other kind of applications, what other kind of business, what other people [can] I do business with, now that I have a trusted verification?" asks Evans. Many processes that currently require waiting in line for a service clerk could be automated when a reliable way to remotely prove identity exists. "You're going to see a lot of innovation," Evans adds.

Summer of Stolen Data

The Veterans Affairs Department still is recovering from theft of a laptop containing data on tens of millions of veterans from an employee's suburban home. Disclosed in May, that incident proved to be only the first in a string of revelations about lost or stolen federal laptops and data leaks.

Data security is such a hot button that the losses sparked huge outcry. But like 2001's so-called "summer of the shark" with its overhyped incidents of shark attacks off the U.S. coast, publicity about the summer's data breaches probably exceeds the damage done. "I don't know that there's been more data loss this year than there has been in years past," notes DHS' Armstrong. "Publicity alone makes everyone more sensitive," says Labor Department CIO Patrick Pizzella. That's not to say that lost data isn't important-in recent years, Internet-enabled identity theft has made personal information more precious.

CIOs are quick to point out that agencies worked to safeguard citizens' privacy long before the VA laptop incident, but most also acknowledge that the burglary brought unexpected attention to privacy concerns. "People now are demanding a better response from us than they have in the past. When I say 'us,' I mean the IT community at large," Armstrong says.

"CIOs have an extremely full plate in general," says Hitch. Managing information technology no longer can be solely the province of the back room now that it is the backbone of agency missions. CIOs sit at the confluence of critical issues: the demand for up-to-date technology, business needs, possibilities created by untested solutions and the promise of future technology. "As the information technology leaders, you have to be focused on what the promise of the future is," Wennergren says.

Visit the Chiefs Directory online to view and download contact information from the continuously updated database of 500 key decision makers in federal finance, information technology, procurement and personnel.