Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Top US Gov't IT Exec Talks Cutting-edge Tech

When the President wanted to make sure that we were improving security and that federal employees had good [interagency] credential verification procedures, the technology didn't exist at the time

Karen Evans is the US government's top IT executive - essentially, its de facto CIO. Her official title is administrator of the office of electronic government and IT at the White House Office of Management and Budget. Evans, also director of the Federal CIO Council, recently spoke with US Computerworld about the government's IT operations. Excerpts follow:

US Federal IT isn't always seen as cutting-edge. "Antiquated", "stovepipe" and "legacy" are words frequently used to describe it. Are they still apt?

"Antiquated", "stovepipe" and "legacy" is probably accurate at several of the major departments, but that isn't necessarily a bad thing. I don't think the government needs to be on the cutting edge, but we do want to be on the leading edge. For example, when the President wanted to make sure that we were improving security and that federal employees had good [interagency] credential verification procedures, the technology didn't exist at the time. We made it very clear what our requirements were, and industry came through and invented the technology that we needed.

Now we have an integrated solution between our logical systems and our physical systems. That's a huge undertaking. Normally, you would think [it would take] five to 10 years for the government to do that. We did all of that work in less than two years.

What kind of efficiencies are you getting from that?

What was happening in the past is when you moved from Agriculture to Justice, they would run all the same business processes again to revalidate that you are who you are. We're not doing that any more. In some of these positions, it would take six months to a year to get somebody to just move [to another agency]. So we set a metric of 45 days from the time a job is posted to the time the person actually appears on the job site, regardless of whether it's an internal candidate or an external candidate.

The ageing of government IT workers and outsourcing are sometimes tied together . . .

Sometimes.

Are they tied together in your mind?

The real short answer is no. We have done surveys and identified our skill gaps. A lot of things we're talking about that you would [put out to bid] - like a data centre type of service and some of these hosting services - those aren't some of the areas that we have identified as critical skill gaps for us and our workforce.

We've actually broken them out into four areas: project management, security, enterprise architecture and solution architectures. We have the authorization to fill vacancies in these skill gaps, so what we're working on is major recruitment activities, like internships [and] outreach to the universities. We have been quite successful in the cybersecurity area. But [recruits] have a tendency to go to the intelligence agencies, because people get pretty jazzed about working [there].

What changes have you made to improve IT security within the US government, and what still needs to be done?

We just recently released a policy dealing with Microsoft and standard configurations [for Windows Vista and XP]. When I really analyze what the issues are associated with our security going forward, we have a couple. The first part is people — gosh darn, it's people. [Chuckles.] People really have to understand the purpose of the information and how to secure the information.

The other part is basic types of system development and maintenance, like configuration management. With the policy that we just released, this is our opportunity to standardize the configuration [of Windows] all the way across the board in every federal agency, down to every desktop. When the government has a standard configuration, it makes it so much easier to maintain patches. That really is the heart of the issue. When you get down to "Why did that incident happen?" — a lot of times, it's because that particular system wasn't fully patched. We are also telling vendors that this is the standard configuration, so you have to make sure your products work on this configuration. That's a big change.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: APT, CIO Council, Federal CIO Council, Logical, Logical Systems, Microsoft, Office of Management and Budget

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Eight things senior managers need to know about data encryption
    Securing sensitive data is a must for every organization. Today’s encryption solutions don’t slow down your users, so you’re not compromising productivity for security. Here are eight things senior managers need to know about encryption to keep their data secure.
    Learn more »
  • Improving Productivity in the Connected Enterprise Through Collaboration
    In the market for collaborative applications, a large convergence is beginning to take hold, and the consumerization of IT is central to this movement. The technologies that people use as consumers are impacting the way employees, customers, and partners want to interact and collaborate at work. People want to take the same technology experiences that are available at home and plug them into their daily work lives. This movement is setting worker expectations as both employees and corporate consumers. Workers need to have the choice and flexibility to consume the applications they want, where they want, and on their preferred device. Read on.
    Learn more »
  • Maximise Software Cost Savings by License Reharvesting, Recycling & Applying Product Use Rights
    Software asset management (SAM) is a complex process that enables organisations to gain control of their software estate from both a license compliance and financial standpoint. In many organisations, SAM represents one of the few remaining ways that substantial IT savings can be realised. McKinsey and Sand-Hill Group estimate that 30% or more of IT budgets are consumed by software license and maintenance costs. By optimising the SAM process, organisations can maximise software utilisation, reduce the risk of non-compliance (audits, fees, penalties), and reduce overall IT costs by as much as 5 to 10% per year. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments