This years winner of the Franke Award was recently retired from Government service Jim Williams. Independent of his obsessive Red Sox fandom (is there any other kind of Red Sox fandom come to think of it?), Jim is one of the wonderful people. Jim has represented the best qualities of Government service at least to me. He has been consummate professional, dedicated to achieving the highest possible results, and at the same time a good partner to work with for the private community that supports Federal programs.

I was lucky to get to know him during my time at the US Department of Transportation and am proud to have him as a friend. Now, if we could only cure him of his Red Sox’ism.

Dan Heath’s talk was an interesting one, I am sure my memory and this short summary will not do it justice.

He basically said that there are two aspects to how people react to change. First, there is a rationale perspective which he likens to a rider sitting on an elephant. Second, there is an emotional component which he likens to the elephant the rider is sitting on. He notes when push comes to shove which one is the powerful, the answer being the elephant.

His opinion is that we focus too much on the rider, emphasizing the logic of change. Though we cannot ignore the rider, we need to make sure we pay attention to the elephant.

In simple terms it is important that we explain the reasons for the change in explicit terms so the rider understands. But it is critical that we illustrate for the elephant why it is advantageous to change. He pointed out that the elephant needs that information often in an illustrative fashion.

One example he used was a financial executive who showed using spreadsheets how a billion dollars could be saved over ten years by centralizing purchasing. Almost everyone at the company he worked at ignored him. To prove his point he had his staff go out and get an example of every type of work glove they bought in each of the many divisions in the company. Attached to each work glove he attached the price paid for the glove, which varied not just between different types but even the same type bought by different divisions. He then had all of these gloves dumped in a conference room and invited all of the corporate executives to come to the room. A few months later he was given the authority to centralize purchasing.

I think his points were cogent. The challenge, as usual, is to apply those generic principals to my (or your) specific situations. The value however is that they do provide a context for thinking through what steps to take to cause change.

The webinar, moderated by Adam Ross, the Managing Editor from the SANS Institute, will focus on some of the challenges faced in creating secure Federal Systems. With the growing movement for speed-to-market and the movement to the cloud, and associated buzz words, and with the increased publicity about cyber-attacks, how we should best deal with such issues is becoming a still greater issue.

Pat and I will look at these issues in three parts.

First, we will look at the context that we now face. I find that without understanding the context of a problem, it becomes difficult to really deal with the systemic issues. Second, I will review some of the high-level goals that I would focus on, putting on my now dusty CIO hat from my Department of Transportation days. Finally, Pat will tackle real-world issues with implementation suggestions, looking at how to integrate security planning rather than dealing with it as an afterthought. He will also offer his thoughts relating to SCADA design issues (Supervisory Control and Data Acquisiton – e.g. computers managing things like the electrical grid, power plants, and so forth).

Registration details are at:

http://event.on24.com/r.htm?e=195825&s=1&k=D14C3C31F1889E77A82E235253D58190

The Government Executive website is at: http://www.govexec.com/

Powertek Corporation’s web site is at: http://www.powertekcorporation.com/

The Nuclear Regulatory Commission’s web site is at: http://www.nrc.gov

In this entry I wanted to give a Workshop committee update, encouraging readers to either comment here or send me an email, and also talk a little bit about ACT-IAC.

Management of Change Workshops

Each year Government and Industry IT and associated functional leadership get together to discuss key challenges facing the Government usage of IT. This year the conference is being held in Philadelphia, May 23-25, http://www.actgov.org/EVENTS/MANAGEMENTOFCHANGE/MOC%202010/Pages/default.aspx.

Monday afternoon there will be four workshops, two per session. Our current thinking is to focus on the following four topics:

Panel 1: Increasing Citizen Engagement

One of President Obama’s Technology Guiding Principles is “restoring a culture of accountability through openness and transparency of government operations and information.”  Part of this initiative involves opening communication and increasing engagement with citizens..This panel will bring together individuals from different lines of business and organizations, who have had experience with these efforts to not only discuss their efforts and the technologies used, but also best practices and lessons learned and how to measure whether these efforts have actually resulted in the desired results. 

Panel 2: Top Commercial Practices by the Global 500; Organizer

This panel will present CIOs from global, industry-leading companies discussing their solutions to challenges common to CIOs everywhere. Our plan is to select 3 or 4 topics from the following list to focus on:

• Program management, program managers, project failures
• Budgeting, budget justification, capital planning
• Interactions with executive managers, bringing value to product managers
• Recruiting staff, training staff, retaining staff
• IT Security, balancing risk and cost, publicizing breaches
• Standards, policy enforcement, working with component CIOs
• Oversight, audits, transparency 
• Cloud versus CoBOL – Risk of implementing new versus risk of maintaining old 

Panel 3: Human Capital: To Insource Or Not To Insource?

Today’s political climate has the President and the Congress putting pressure on Agencies to insource contractor jobs, in particular those jobs having to do with acquisition.  OMB is providing new guidelines on what is inherently governmental.  Join panel members as they consider the value added (or not) of increasing the federal workforce.  Gain insight into the challenges associated with altering the federal employee /contractor employee staffing proportions.  Consider the operational and cultural adaptations necessary to effectively move professionals from the private to the public workplace.  Share insights concerning how a partnership of government and industry can contribute to efficiently accomplishing a major workforce transition.  Perhaps, most importantly join the panel in examining possible and probable impacts to agency mission and how to mitigate potential risk to high profile projects.

Panel 4: Innovation and Performance focusing on Sustainability/Green IT focused

The Green IT track provides a forum for presentation and discussion of planned and ongoing Green IT initiatives designed to provide new services, improve operations, and reduce the cost of IT. Topics of discussion include energy efficiency improvement of data centers, green computing initiatives, new communication tools, improved operations of legacy systems, and leveraging new technology.” 

Our Thoughts 

We want these to be much more interactive than in the past. Typically these panels have a moderator and three-to-four panelists. Each speaks for 10-15 minutes, then the audience gets to answer a few questions, with the moderator having a question handy in case everyone is too shy to ask anything. 

We are thinking of doing a debate for Panel 3 picking speakers who will be on different sides of the premise of the panel. For some of the other panels we are thinking about posting a summary of the panelists opinions and pass copies out before and at the workshops. There would be no formal presentation, rather the entire interaction would consist of the audience asking questions or presenting arguments and having the panelists respond. 

What Are Yours? 

What do you think about the topics as well as the areas of focus for Panel 2? Any comments on format? Suggested panelists for any of the panelists? Questions about the Management of Change conference or as it is popularly referred to as MOC? 

If so, feel free to add a comment here or send me an email at dmintz@powertekcorporation.com and I’ll pass your comments on to the organizers of each of the panelists. 

A Final Word About ACT-IAC 

For those of you who have not heard of ACT-IAC, it is a great organization to join if your company hasn’t joined; and participate in if you have not done so. 

You get to interact with great people, learn from serious practitioners inside and outside Government what the real issues are, and how they are grappling to deal with them. 

Perhaps most important you have the chance to make some great new friends. 

http://www.actgov.org/Pages/default.aspx

Despite my decision to move, CSC, the company I am leaving, continues to be a  great place to work  with committed and talented employees, many of whom have become friends over the last year. So why did I leave?

Simply put, it became clear to me that my need to help grow something and bring about change within my workplace is greater than I had realized. While I valued my time at CSC, my fundamental worth there was related to what I was not what I did. It brought home the fact that my happiest times were when I was valued for the changes I helped bring about.

At the US Department of Transportation I had in many ways the perfect position, at least for me. I was able to take advantage of my experiences to provide strategic insight into the use and management of Information Technology. I used my capital-P political experiences to work with the small-p organizational politics of being a Departmental CIO. At the same time I was lucky in that the DOT CIO had responsibility for a significant operational segment of the Department, managing the desktops and telephones for headquarters and a growing percentage of the field offices as well as a data center for the non-FAA agencies.

I tell people that during my three years at the Department of Transportation, no-one ever felt that any one person was in charge of Information  Technology BUT they agreed that IF someone was in charge it would have been me. I was able to use that general opinion to cause more change than I had expected.

Powertek provides a comparable opportunity to the one I had at the US Department of Transportation. This is a chance to bring my background in the public and private sector to support the development and implementation of a strategic vision, and to utilize my leadership skills to mentor employees who have less experience and to provide operational and tactical direction. I feel very lucky and privileged to be part of a company that has been very successful thus far but with hard work has the potential to make even more of a difference in the future.

As usual I am always interested in receiving input from the larger community. If there are people out there who are willing to provide advice regarding growing and transitioning an 8a company and/or would be interested in talking about business opportunities or partnerships, please feel free to reach out to me at dmintz@powertekcorporation.com or my personal email at dmintz@ourownlittlecorner.com . You can also find me on Facebook or follow me on Twitter at technogeezer.

For references to this, see the end of the interview I gave for the DotGov Buzz, http://www.usa.gov/Federal_Employees/USA_Buzz/Newsletter_0522.html#dotgovspotlight, and the reference from a column in Federal Computer Week, written by then rising star Chris Dorobek, http://fcw.com/Articles/2007/09/16/Circuit_633659049783559373.aspx.

I even ran into Firefly fans when in China this last summer when we went to see a solar eclipse, http://www.ourownlittlecorner.com/2009/07/21/serenity-on-the-yangtze/.

I was glad to observe a Firefly reference last night in the latest episode of the Big Bang Theory, http://www.cbs.com/primetime/big_bang_theory/. In it the two leads, and roommates, Sheldon and Leonard have a big fight over who will get to accompany Leonard to see the Large Hadron Collider near Geneva on Valentine ’s Day, Leonard’s girl friend Penny or Sheldon.

Even when Sheldon points out that in their very detailed Roommate Agreement  it states clearly if one roommate is going to see the Large Hadron Collider and can bring the other roommate with them, they have to; Leonard still insists he will take Penny. Other Agreement clauses include one that if one roommate becomes a Zombie, the other promises not to kill them.

Sheldon tries to embarrass Leonard by saying that Darth Vader, Rupert Murdoch, and Leonard were three notorious traitors. Rupert was in the list because he owned Fox and Fox canceled Firefly. And thus the reference.

Naturally I had more than two cents worth of thoughts about the issue and most likely my take was so orthogonal to what they were working on that it ended up being of marginal utility.

On the other hand, it gave me an excuse to think about the topic and allowed me to fill out another blog post. With Wyatt’s permission, the rest of the entry is what I sent to him in response to his request.

Thoughts On 2010 Technologies That Will Be Important to the Government, Pick 3-5

This is a pretty interesting question to answer.

Digital technologies are becoming integrated so tightly into almost everything that we do. Thus one’s answer depends to some extent as to who we are trying to answer for: the internal technologists, the operations managers, the CIO, or the people responsible for mission implementation.

In addition we are in a period of increasingly rapid and radical changes. Thus not only do we need to make a judgment about what technology might ‘win’, e.g. your thought of 4G Wireless winning out over WiMax, but also the impact of the technology; who could have predicted Apps for Democracy happening as a result of the increased capability and comfort level with 2.0 technologies.

Let me focus on those that will have the potential to cause dramatic change either in how Government relates to its external or internal stakeholders or manages itself. I will suggest four that I would pay attention to in 2010:

• Government 2.0
• Virtualization
• Real-time Security Situation Awareness
• Mobile Network Endpoints

 and one that I would start to pay attention to in 2010 but is just starting to reshape our approach to network and business architectures:

• Sensors.

The first two represent technologies whose 2010 importance are that they are moving from the edge of the art, or at least not as used by senior management, to mainstream.

Government 2.0 Where 2009 was a year where 2.0 technologies started to become used in general and where President Obama’s team pushing their use could be news, 2010 will be a year where every Government agency will be expected to have a robust 2.0 presence just to get to average. The culture changes needed to allow the exposure of increasing amounts of information, even in intermediate form, will take energy to overcome. But the result is extremely powerful allowing external interested parties to create mashups and produce much more interesting and often more user-friendly versions of the data which the Government might never have achieved.

This will also lead to greater use of 2.0 technologies to implement various versions of crowd sourcing. Where Intellipedia and Aspace are big news, internal wiki’s will become more second-nature. Pilots associated with prediction markets, using groups to predict things like project results or other public facing data, are starting to be piloted by early adopters.

Virtualization. In this case I am referring to virtualization computing resources, not virtual environments which I mention later. It is the maturing of virtualization of servers, still utilized by too few agencies, that has allowed the frenzy around cloud computing, with a dash of high-speed networking and ability to manage multi-tenancy on the servers also required.; though there is likely to be as much or more work done with private or community clouds than public usage in 2010.

This is a big tool for the going Green supporters as well.

Combine this with desktop virtualization and you start to get the incredibly big fight going on between desktop-client versus remote-client providers; the short-hand would be Microsoft vs Google. The implications are enormous in terms of technical architecture, application development, procurement, and security.

Real-time Security Situation Awareness. And speaking of security, I believe the big trend in 2010 will be away from static analysis focused on perimeter protection toward situational awareness used to enable mobile and distributed applications to run even while under attack.

This change underlies a lot of the ferment going on with how to rework the FISMA process.  It also ties back to the thought that it is increasingly necessary to prioritize security investments based on risk rather than trying to do everything everywhere; and thus nothing anywhere; moving from whack-a-mole security to a risk-based focus emphasizing availability and resiliency first.

For those interesting in a practical example, I would recommend looking at what the Department of State is doing in this space, which draws upon the Consensus Audit Guidelines (CAG) effort put together by John Gilligan and Alan Paller, which I had the honor of participating in.

Increasing Power of Mobile Network Endpoints. Cell phones, personal digital assistants (PDAs) continue to proliferate as their computing and communications capabilities increase and their interface to the Internet becomes increasingly robust and integrated.

Here also, three big arguments are being played out:

.   the previously mentioned desktop-client versus remote-client

.  commercialization versus standardization

.  data sharing versus data privacy

Each of these are being dealt with inconsistently across the Federal Government. Their resolution will result in winners and losers organizationally and commercially.

Sensors. While I don’t believe most Government agencies will necessary pay attention to this topic, in fact their increasing power and distribution may overwhelm all of the other suggestions. They bring about two broad changes when they become ubiquitous:

.  they become participants in the network – creating an Internet of Things

.  they allow the collection of real-time data which can then be processed in real-time

This latter change allows virtual environments to become increasingly comingled with physical environments, here virtual refers to environments as Second Life.  Smart cities which interact with their citizens, like San Francisco where it is possible in some places to find out the location of empty parking spaces on your cell phone as you drive around; or the NYU/Cornell experiment wiring some of the NYC rivers so you can check on status from the web including from your cell phone. Applications like layar which provides information about where you are based on web-provisioned information will in the future pick-up its information from the physical surroundings as everything becomes an IP address and/or twitter participant.

Secure SCADA – Dec 2009 a

The presentation consists of two parts.

Part I was prepared by me and talks about the economic basis associated with the impact of the Internet, wanders through a number of topics I like to kick around (‘from earth centered to sun centered to nothing centered and what that means for Enterprise Architecture’, my thought that everything is a cloud, …), and touches on what the Government is thinking about regarding security.

Part II is a subset of what Rus Records, a fellow CSC’er, prepared which provided some thoughts on the state of SCADA systems in the Chemical, Energy, and Natural Resources areas (what CSC refers to as CENR).

I hope to expand on a number of these topics in future blog entries.

My focus, as usual, will be on the strategic reasons behind the movement to SCADA. Oops, perhaps I should back up. SCADA is an abbreviation for Supervisory Control and Data Acquisition. It usually is used as a catch-all term dealing with computer controlled equipment or machinery (or plants or smart grids or, well you get the idea).

Many of these systems were controlled individually by locally provised systems and thus security, while relevant, wasn’t the most critical factor when designing such solutions. Now that many of these systems are managed over the Internet and an increasing percentage of what most would consider our/US economic critical infrastructure touches these systems, cyber issue have become a very hot topic.

So my presentation will focus on why this is happening and also touch a bit on some of the issues the Government is facing in this space. The second presenter from CSC is an industry expert in the utility, chemical and natural resource market and will provide some more detailed oversight and advice.

I adapted some of my past talks on this issue starting with my standard discussion about transaction cost economics and the internet and then push on to cloud computing.

I have started to try and generalize the concept of cloud computing and wanted to get some feedback from anyone who cared to give it regarding what I wrote up. This does NOT include the second part of the presentation which I mention above.

Dan’s SCADA Presentation

My thought is that in a sense every computer and in fact in a broader sense every aspect of an organization could be looked at as being part of a private, community, or public cloud. Your desktop could be considered a small, generally unoptimized private cloud for example.

For the purposes of this presentation, each ‘thing’ has a governance question relating to how decisions are made and a security question relating to how security is provisioned or at least who is responsible for the provisioning of it.

The purpose of this thought experiment ties back to my premise as to why cloud computing has taken off, transactional cost economics + some technological developments, and the difficulty in avoiding these implications.

The whole thing needs work but I think the direction I am heading is increasingly clear.  All feedback welcome either as comments to this post or as emails directly to me.

International Experiences with Integrated Services – United States

The conference has been very interesting. I have met a number of people supporting this effort who work for the Government, consultants associated with the project both from Brazil and other South American countries, and speakers from still other locations including a fellow panalist this morning from Korea who supported the Korean President for a number of years regarding their eGovernment effort and who spent the last three months in Paraguay working for the office of their president doing the same thing.

The power of the idea of eGovernment and its associated themes of empowerment and especially transparency are seemingly very strong everywhere.

At the same time, the issues are equally amazingly similar in each location. The biggest conclusions I draw are that it is very important to:

• have high level political support,
• well-defined goals plus if at all possible a credible supporting enterprise architecture, and
• a willingness to take small steps resulting in quick victories in support of the big rainbow in the sky that will occur when all this is implemented

That last point is the one that seems to be so often overlooked. People responsible for policy want to accomplish big results, which is a good thing. But if the first result is the big result often the end-point is a political investigation into why the whole project failed.

The other issue that has resonated with most people that I have talked to is the importance of exposing as much data as possible even when not in a final form, which is how I interpret one of Vivek Kundra’s big initiatives in the US. Allowing others to manipulate, create mash-ups and improve upon the data allows the government to have significant leverage in a time of tight funds.

The Rest of the Week

The next two days I will participate in meetings to talk in more detail about the current action plans and my associated advice.

The people here have all been extremely friendly. For those sessions or conversations which are not in English (and sessions which are not being translated on the fly into English), one or the other person will take their time to give me a rundown on the issues.

Around the Hotel

This evening I was tired so went to the hotel a bit before the final sessions concluded and then took a walk around the hotel including visiting a nearby shopping mall. I skipped past the McDonalds and Burger King, and of all things a Montana steakhouse, decided that ordering gourmet Chinese Food in Brasilia wasn’t a good idea, and instead ate at a place that seemed to have Brazilian food. I am not entirely sure what I ordered, but it tasted great.

Most important I found on the way back an open-air Shwarma restaurant a block away from the hotel. In the event that I end up on my own tomorrow night, I know how I will cap my time here. I hear that the best Shwarma in South America is in Brasilia (well, maybe I made that up).

Coming Home

So, I am scheduled to arrive at 6:30am Saturday morning at Dulles.

At approximately 3:15pm that afternoon, I and my younger daughter Tamar, get on a bus with a big group of Capitals fans and go up to Philadelphia to see the Ovechkin-less Capitals take on the Flyers, capping <bad choice of words I guess> my out-of-town Capitals hockey games.

I have a feeling that before and in particular afterwards on the way back from Philadelphia I might not be the life of the party on the bus regardless of the game result. No one call my house Sunday morning, please.

Being where daily conversations deal with the nature of the black hole in the middle of our galaxy or analyzing the incredible photographs from the Mars lander is a thrill.

Having said that it was from one of the CSC technical staff, Chris Keller, that I learned a completely new, and extremely useful, piece of information.

If you are like me and when traveling from time to time forget both where you parked your rental car and in fact what your rental car is, you might, like me, try and find it by pressing the various buttons on the keys for the car with the hope that you will hear noises or see the trunk pop open. In case someone is looking you can pretend that you pressed the wrong key, close the trunk, and shake your head at how you did that – while being thankful that you found the car.

The problem with this approach is you have to be fairly close to the car for it to work.

Keller pointed out that if you hold the keys to your chin, or in my case to my chins, then your body becomes an antenna extending greatly the range of your key buttons. Voila! Long-distance rental car identification.

A great day of discovery.