Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Public CIO Magazine February 2010


Published on

Public CIO Magazine, Feburary …

Public CIO Magazine, Feburary

To connect and collaborate with other CIOs in government, please see the CIO Innovation Center at

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 2. MAKE SURE EVERYTHING OLD IS READY FOR ANYTHING NEW. As you respond to demands for change, how do you prepare your infrastructure to deliver new services? CA software empowers you to manage and secure all of your systems—from the desktop to the mainframe to the cloud. We help your infrastructure work harder and smarter so it’s completely ready for any new challenge. Find out if you are ready! Get your complimentary Architecture Assessment from CA at or call 1-866-836-5234 Copyright © 2009 CA. All rights reserved. Software
  • 3. F E B R UA R Y / M A R C H 2 0 1 0 CONTENT C O V E R S T O R Y 10 C ov e r P h ot o b y T e r e nce B r own In the Spotlight All eyes are on Los Angeles CTO Randi Levin as city deploys cloud-based e-mail. B y M a t t Wi l l i a m s F E A T U R E S additional offices. Postmaster: Send address change to Government Technology’s Public CIO, 100 Blue Ravine Road Folsom, CA 95630 Copyright 2010 by e.Republic, Inc. All Rights Reserved. Government Technology’s Public CIO (ISSN# 1944-3455) is published bimonthly by e.Republic, Inc. 100 Blue Ravine Road Folsom, CA 95630. Periodicals Postage paid at Folsom, CA and SUBSCRIPTIONS: Subscription inquiries should be directed to Government Technology’s Public CIO, Attn: Circulation Director, 100 Blue Ravine Road Folsom, CA 95630. (916) 932-1300. 16 28 Checkup An Urgent Fire in the Big Sky In massive information technology Montana Gov. Brian Schweitzer talks about his ambitious plans for wind transition, U.S. health-care system has power and growing a new generation less than four years to upgrade disease of scientists and engineers. diagnosis code sets. By Ch ad Vand er Veen B y Rus s el l Ni ch ol s 20 IT Fraud Firewalling 30 Voice The New IT fraud in government can be costly. Here are five ways CIOs can of the CIO Insights from the Global Chief Information prevent and control the problem. Officer Study. By A lyssa G. Martin B y L y nn Rey es 24 Paving the Way Technology is laying the groundwork for health reform. By Greg D eBo r and Ro bert W ah
  • 4. D E P A R T M E N T S 36 Guest Column Cloud Economics 101 41 CIO Central News, Reviews and Careers By Kev in Merritt 38 CTO Strategies Ready for Your Budget Emergency? 42 Security Adviser Is the Policy Window on By D an Lo h rmann Cyber-Security Closing? B y M ark Weat herf ord 40 Straight Talk Remaining Relevant 43 FastGov Too Many Chiefs, Not Enough Agencies? By Liza Lo wery Massey B y Paul W. Tay l or U P F R O N T 6 Introduction 8 Contributors 2007 MAGAZINE OF THE YEAR 2008 Silver Folio: Editorial Excellence Award The inside pages of this publication are printed on 80 percent de-inked recycled fiber. e ONLINE EXCLUSIVES VIDEO Green Tech: Montana Gov. Brian Schweitzer describes his state’s efforts to become a leader in green technology and alternative energy. NEWS Savings: California’s Office of Technology Services reports savings of $100,000 a month after moving part of a major data center to a more modern facility. BLOG Infrastructure: Michigan CTO Dan Lohrmann takes a look at the technology and security preparations under way for the Winter Olympics in Vancouver. NEWS Cloud Computing: Colorado’s Statewide Internet Portal Authority seeks contract with a private cloud computing company to provide hosted services for state and local governments. [4]
  • 5. Kids think the place is haunted. You suspect it’s not up to code. Getting building inspectors to places all around town takes serious choreography. Good thing there’s Nextel Direct Connect. It uses GPS to help you track ® and manage your team. Letting you instantly locate and connect, whether they’re inspecting new construction or a creepy old manor. Nextel Direct Connect. Only on the Now Network.™ 1-800-NEXTEL-9 ® BlackBerry® Curve™ 8350i smartphone Direct Connect: Nextel and PowerSource devices operate on the Nextel National Network. Other Terms: “Fastest” claim based on initial call setup time. Coverage not available everywhere. The Nextel National Network reaches over 274 million people. ©2009 Sprint. Sprint and the logo are trademarks of Sprint. Other marks are the property of their respective owners.
  • 6. [ INTRODUCTION ] Parting Words I n the summer of 2002, campaigns for 36 gubernatorial races were beginning to heat up. The economy was on everybody’s mind in the wake of the dot-com bust that had left a the cover. Mark Forman may not have had the title of national CIO, but he was then-President George W. Bush’s point man for the federal government’s $60 billion IT program. Since the first leadership. Today’s CIO not only must understand the complexities of IT, he or she also must be a great communicator, relationship-builder and management guru in order to survive and thrive. string of bankrupt technology firms issue was published in summer 2003, Despite the relatively low pay and and lingering questions about the we managed to put the next two federal occasional political whiplash that comes Internet’s direction and purpose. We CIOs on the cover — Karen Evans and with the job, not to mention the mind- did the math and realized that a large Vivek Kundra — as well as many state numbing budget constraints, the public number of state CIO positions would and local CIOs. CIO community continues to attract be vacant and rookie governors were When we interviewed Forman for the people who want a challenge and want about to begin new agendas at a time first issue of Public CIO, several of to lead in digital government. That’s when public-sector IT needed guid- our questions focused on the leading a good thing. Unfortunately many are ance and leadership. trend: electronic government. It’s hard also leaving the field, making the need With that as background, e.Republic to believe that just eight years ago e-gov, for new leadership paramount. CEO Dennis McKenna decided to as many eventually truncated the term, I’ve had the pleasure of editing this launch a new publication, called Public was so powerful a topic. And as outdated magazine during its first seven years CIO, dedicated to covering and serving as it now seems, I look back with pride of existence and found the work and the public CIO community. Despite the that we also covered some topics, such people I covered always interesting. acute political situation at the state as change management and enterprise Now it’s time to say farewell as I take level, the goal was to reach the entire IT, that were hardly barn-burner stories up a new position with our newly spectrum of CIOs, from those who back then but continue to resonate as acquired publication: Governing. It’s ran IT for gigantic federal agencies issues worth covering for CIOs. been a pleasure serving our readers, down to modest-sized communities, all Today IT is firmly enmeshed in the and I know that the magazine is now in of whom needed critical information fabric of government and the public the very capable hands of my colleague about managing and leading IT opera- CIO’s role and purpose are more impor- Steve Towns. I hope you continue to tions within government. tant than ever. And just as information enjoy and learn from Public CIO for With that somewhat ambitious technology has changed a fair amount years to come. ¨ mission statement, we chose to put since 2002, so too has the significance the nation’s first federal IT leader on and importance of IT management and [6]
  • 7. [ CONTRIBUTORS ] Publisher: Jon Fyffe GREG DEBOR is a partner at Computer LYNN REYES is a senior managing consultant in IBM’s Institute EDITORIAL Science Corp.’s Global Health Solutions for Business Value. She has more than 10 years of experience in Editor: Tod Newcombe Practice and manages client relation- industry and as a strategy and change consultant. Associate Editors: Steve Towns ships in New England from CSC’s Emily Montandon Waltham, Mass., office. Chad Vander Veen Chief Copy Editor: Miriam Jones Managing Editor: Karen Stewartson Justice and Public Safety Editor: Jim McKay Features Editor: Andy Opsahl Assistant Editor: Matt Williams Copy Editor: Elaine Pittman DAN LOHRMANN is Michigan’s CTO PAUL W. TAYLOR is the chief content Staff Writer: Hilton Collins and was the state’s first chief informa- officer of e.Republic Inc., publisher of Editorial Assistant: Cortney Towns tion security officer. He has more than Public CIO. He previously was the deputy Contributing Editors: Paul Taylor, Wayne Hanson 23 years of worldwide security experi- CIO of Washington state. ence, and has won numerous awards DESIGN for his leadership in the information Creative Director: Kelly Martinelli security field. Senior Designer: Crystal Hopson Graphic Designer: Michelle Hamm Illustrator: Tom McKeith Production Director: Stephan Widmaier Production Manager: Joei Heart ALYSSA G. MARTIN, certified public STEVE TOWNS is the editor accountant, is the Dallas executive part- Government Technology magazine PUBLISHING ner and the firmwide partner in charge and interim editor of Public CIO. Group Publisher: Don Pearson of the Risk Advisory Services group at VP Bus. Development: Tim Karney Weaver and Tidwell, the largest indepen- EAST dent certified public accounting firm in Regional Sales Directors: Leslie Hunter the Southwest. EAST Shelley Ballard WEST, CENTRAL Account Managers: Melissa Cano EAST Erin Gross LIZA LOWERY MASSEY served as CHAD VANDER VEEN is the WEST, CENTRAL a public-sector IT executive for nearly associate editor of Public CIO Business Development Dir.: Glenn Swenson 20 years, including as CIO of and Government Technology. Bus. Dev. Managers: John Enright Los Angeles. She then established Lisa Doughty The CIO Collaborative to provide public- Kevin May sector research, benchmarking and Exec. Coordinator to Publisher: Julie Murphy consulting services. She also teaches Regional Sales at the University of Nevada, Las Vegas. Administrators: Sabrina Shewmake Christine Childs National Sales Admin.: Jennifer Valdez Dir. of Marketing: Andrea Kleinbardt Dir. of Custom Events: Whitney Sweet KEVIN MERRITT is CEO and founder ROBERT WAH, M.D., is the chief Assoc. Dir. Custom Events: Lana Herrera of Socrata Inc. Merritt focuses on medical officer for Computer Science Custom Events enabling national, state and local Corp. and former deputy national Coordinator: Karin Morgan governments to achieve new levels of coordinator for health IT at the U.S. Dir. of Custom Publications: Stacey Toles transparency and citizen participation Department of Health and Human Custom Publications Writer: Jim Meyers while significantly lowering the costs of Services. Dir. of Web Products serving online data. and Services: Vikki Palazzari Web Services Manager: Peter Simek Custom Web Products Manager: Michelle Mrotek Web Advertising Manager: Julie Dedeaux Web Svcs/Proj. Coordinator: Adam Fowler Subscription Coordinator: Gosia Colosimo TOD NEWCOMBE is the former MARK WEATHERFORD is the editor of Government Technology’s director and chief information security Public CIO. He’s now the editor of officer (CISO) of California’s Office of CORPORATE Governing magazine. Information Security. He previously CEO: Dennis McKenna served as Colorado’s CISO. Executive VP: Don Pearson Executive VP: Cathilea Robinett Executive Editor: Steve Towns CAO: Lisa Bernard CFO: Paul Harney VP of Events: Alan Cox Marketing Dir.: Drew Noel Government Technology’s Public CIO is published by e.Republic Inc. RUSSELL NICHOLS is a staff writer MATT WILLIAMS is an associate editor Copyright 2010 by e.Republic Inc. All rights reserved. Opinions expressed by writers are not necessarily those of the publisher or editors. for Public CIO. He has worked for various of Government Technology magazine. Article submissions should be sent to the attention of the Managing Editor. publications including the Boston Globe, He was formerly a sportswriter for Reprints of all articles in this issue and past issues are available (500 minimum). newspapers, and was a researcher Please direct inquiries to the YGS Group: Attn. Mike Shober at (800) 290-5460 where he served as a city reporter. ext.129 or He received his bachelor’s degree in for Sports Illustrated. Subscription Information: Requests for subscriptions may be directed to Circulation journalism from Florida A&M University. Director by phone or fax to the numbers below. You can also subscribe online at Canada Post Publication Mail Agreement 40048640, undeliverables 27496 Bath Road, Mississauga, Ontario L4T 1L2 © A publication of [8] PRINTED IN THE USA
  • 8. government technology ® Produced by Just Released: This free resource offers a step-by-step evaluation of your existing IT environment and a clear road map to execute your virtualization strategy. Now: Inefficient infrastructure. Next: Virtualization on. Productivity everywhere. Your Road Map to the Virtual Data Center Legacy data center constraints prohibit the computing speed and agility needed to govern with today’s expectations. The time is right to consider the value of virtualization. This must-read resource identifies the four critical stages of your virtual data center transformation. A best-practices virtualization road map will guide your current IT infrastructure towards greater flexibility and efficiency. Download your FREE copies at: EMC2, EMC, and where information lives are registered trademarks of EMC Corporation. All other trademarks used herein are the property of their respective owners. © 2010 EMC Corporation. All rights reserved. 01/10
  • 9. BY M AT T W I L L I A M S , A S S O C I AT E E D I TO R IN THE SPOTLIGHT THE HIGH-RISE OFFICES of the Los Angeles Information Technology Agency (ITA), which manages the IT systems used by 30,000 city employees, are a model of corporate efficiency — a floor of cubicles ringed by window-facing rooms. Glass doors define a modest-size waiting room, where a flat-screen plays the city government TV channel on loop. A tall trophy case displays the department’s victo- ALL EYES ARE ON LOS ANGELES CTO RANDI LEVIN ries. An organizational chart shows photos of CTO and ITA General Manager Randi Levin and her executive team. AS CITY DEPLOYS It’s all ordinary enough to make one temporarily forget that the iconic L.A. City Hall building, a tower made famous as a scene-setter in CLOUD-BASED well known motion pictures, is across the street. Believe it or not, this Hollywood reference point is tangentially relevant, at least for Levin. E-MAIL. Whether she likes it or not, Levin has become the star of her own story — partly of her own doing, partly due to forces beyond her control. Levin’s front-and-center introduction to the mainstream world came last year, when she led the ITA on a procurement that will replace the city’s aging e-mail system with a new Web-based enterprise solution. At the core, Levin had two simple goals in mind: improve service and save money. [10]
  • 11. PHOTO BY TERENCE BROWN When the city picked Google’s productivity tools along like many IT departments, Levin was facing the prospect with its popular e-mail service Gmail, what initially of shrinking budgets due to the recession’s lingering effects. was thought to be a run-of-the-mill IT project quickly The problem would only get worse, she thought. On-premises morphed into something bigger and more complex. The e-mail just wasn’t a cost-effective option anymore, in her mind. decision stoked a period of intense lobbying from L.A.’s So the ITA put together an RFP with the option of a existing e-mail provider (Novell) and Google’s biggest software-as-a-service product or a hosted solution. Levin competitor (Microsoft), rivals who likely saw the city’s said the agency received 10 responses, from the likes of decision to adopt Google’s hosted services as something Google, Microsoft and Yahoo. After mulling over the deci- that could potentially crack the state and local govern- sion with an intradepartmental group of IT managers, last ment market’s inertia when it comes to cloud computing. summer officials chose a proposal that would implement Levin was unexpectedly pressured from within, as L.A. Gmail on more than 30,000 desktops, and later adopt the fire and police officials expressed concern that moving Google Apps productivity suite, which includes calendar, their sensitive data onto Google’s off-site servers could word processing, document collaboration, Web site sup- pose a security problem. Levin said she has since quelled port, video and chat capabilities, data archiving, disaster those concerns and the political pressure. recovery and virus protection. The script, if you will, continues to be written. Los The five-year deal, valued at $17 million, made L.A. the Angeles is now slowly marching toward a full implemen- first government of its scale to choose Gmail for the enter- tation of Gmail for the city work force. If successful, the prise — a somewhat surprising bit of information that project could open the floodgates for other governments made approving the project much more complex. that are awaiting a successful test case before entering the “We were under the assumption that Washington, D.C., cloud computing environment. had already fully implemented Google for its e-mail solu- tion, which it had, but not in the way we’re doing it. But A MISSING DATA POINT we didn’t really know that at the time,” Levin said. Ever since Levin began leading the ITA two and a half It turned out that Washington, D.C., was using Gmail years ago, she repeatedly heard from employees who for disaster recovery and giving employees the option to were dissatisfied with the unreliability of the city’s exist- use it as their primary e-mail. During the decision-mak- ing e-mail system, Novell GroupWise. It had too much ing period, Levin didn’t think L.A. would be the first large downtime, and users were frustrated by the lack of fea- government to fully adopt Gmail. “Nor did we think it was tures and the user experience. The product itself wasn’t going to be as political as it turned out to be,” she added. inherently unreliable, Levin said, but the ITA lacked the That knowledge wouldn’t necessarily have changed the necessary money or manpower for its proper upkeep. And city’s decision, Levin said, but it would have given the city [12]
  • 12. a heads-up that lobbying and outside interest from the public was coming. The lobbying was “extensive,” said L.A City Council President Eric Garcetti, who presided over the Council’s unanimous vote in October 2009 to adopt the plan. As many as five companies made their presence known in the cor- ridors of City Hall, he said, as misinformation reigned and unfounded rumors flourished. Attempts at deal-making continued until minutes before the Council voted. Levin said those temptations were never a factor. “We tried to maintain a very rigorous [procurement] process, and we really wanted the integrity of the process to stay intact.” LO S A N G E L E S C I T Y CO U N C I L PRESIDENT ERIC GARCETTI CRUNCHING THE NUMBERS, SQUEEZING THE BUDGET P R E S I D E D O V E R T H E O C TO B E R The incessant lobbying spurred troublesome misinfor- 2 0 0 9 CO U N C I L V OT E TO A D O P T mation, particularly about the solution’s cost and security, T H E C LO U D CO M P U T I N G P L A N . FLICKR/ERIC GARCETTI Levin said. The cost and potential savings confused outside observ- ers and elected officials because the ITA wanted to accu- rately reflect the city’s deteriorating economic condition, Levin said. That meant the projections were changed more than once. “It became more and more important to focus on cash the difference between ROI and cash savings, she said. By as opposed to a true ROI [return on investment],” she the time the numbers were made clear, some people inac- explained. This changed the numbers. The ITA had, at dif- curately believed Gmail would be more expensive than the ferent times, estimated savings of $8 million to $30 million. existing solution. Although, in a limited sense, that was “From the cash perspective, we looked at what software true because the city will pay for both GroupWise and and hardware would be removed as we went to a new Gmail for one year as the migration occurs. (Ironically the solution — what wouldn’t we have to buy anymore or pay ITA will offset the added cost by using money from a prior maintenance on.” anti-trust settlement with Microsoft.) Levin felt it was important to do an “apples-to-apples” After a few attempts at numbers crunching, the city esti- comparison. Unfortunately some people didn’t understand mated $5.5 million in hard-cost savings from the Google adoption, and an additional $20 million ‘GEECS’ SQUAD savings in soft costs due to factors like better productivity. The ITA expects appli- Prior to the Gmail pilot, a working group from within the Los Angeles Informa- cations like Google Docs will help reduce tion Technology Agency (ITA) began testing the feel and functionality of the solu- some of the redundant paper pushing that tion. The group — nicknamed “L.A. GEECS,” a.k.a. the Google Enterprise E-mail and plagues bureaucracies, and it hopes some- Collaboration System — isn’t short on work. day to utilize Gmail’s mobile functionality There’s a laundry list of new issues that must be addressed, several of them and ease-of-use to drive further savings unique to government usage on the Google platform. The group must hash out through increased collaboration. how to provide enough customizable options for the city’s 44 departments, Moving the city’s data to Gmail will while still maintaining consistency and control. Tasks include: let the ITA reassign and/or cut nine • Writing policies for when chat and video may be turned on and off, employees who were working internally in order to fulfill e-discovery requirements. on the GroupWise system, Levin said, and • Determining how Freedom of Information Act requests will be handled it will eliminate 92 servers from the city’s through Google’s search and archiving capabilities. data center — a sprawling basement-level • Building in customization so that individual departments may allow facility in the ITA building. Those savings their employees to make cosmetic tweaks, like changing the skin of are significant, she said, because as of the Gmail interface. [13]
  • 13. mid-November the ITA faced the prospect of losing 60 or migration. Google employees who have access to L.A.’s 70 employees to early retirement, as well as additional cuts data will be certified by the state Department of Justice. to the 800-person ITA organization. Google, for its part, is building a segregated “government “We have servers of every shape, size, brand and year cloud” that will house data owned by public-sector cus- here,” Levin said. “And with diminished staffing, we’re try- tomers, like Los Angeles. The government cloud will be on ing to figure out where’s the best use of our resources, and servers located somewhere within the contiguous 48 states, although L.A. won’t know exactly where its data is — the unknown location is part of Google’s security model. “WE’VE WRITTEN [THE CONTRACT] The government cloud will be up and running “sometime AS IRONCLAD AS WE CAN. WE’VE ALSO in 2010,” according to David Mihalchik, business develop- ment executive for Google federal. Crawford said he’s been WRITTEN INTO THE NONDISCLOSURE told the new cloud will be ready by June, in time for L.A.’s THAT THE DATA BELONGS TO US IN full implementation. The company also is in the process of securing Federal Information Security Management Act PERPETUITY; IT WILL OUTLIVE THE (FISMA) certification. CONTRACT ITSELF.” L.A.’s agreement with Google is written so that it’s clear the city owns the data at all times, Crawford said. “That’s a KEVIN CRAWFORD, DEPUTY CTO, LOS ANGELES very big deal for us. We’ve written [the contract] as ironclad as we can. We’ve also written into the nondisclosure that the we think it’s really more in the applications area — in public data belongs to us in perpetuity; it will outlive the contract safety related to their radio systems and some of their other itself,” he said. That means if the city wants to switch to applications, and also for the other departments’ Web sites another vendor after the contract ends, the city will be able — doing a lot in terms of transparency and getting data out to recall its archived data. Officials also negotiated unlimited to the public, and more self-service.” and liquidated damages in the event that there’s a breach of Google’s servers. SECURITY FEARS, RELIABILITY CONCERNS Crawford said the bottom line is that Google’s security Data security was another contentious issue. The public apparatus is far superior to the ITA’s for the simple fact at large continues to debate the security of cloud comput- that the company has the resources to devote many more ing and hosted services, particularly as it relates to putting people to it. In Google-speak, L.A.’s data will be “sharded,” the public’s data — which may well include addresses, meaning it will be shredded into multiple pieces and stored Social Security numbers and other sensitive information on different hard drives — a security encryption method — on servers in unknown locations that are managed by a the ITA can’t do from its in-house data center. Garcetti too corporation. said he’s comfortable with the security of cloud computing: After some officials from the L.A. police and fire depart- “At the end of the day, I trust Google’s security as much as ments expressed worry that their departments’ sensitive any individual city, town or village to protect themselves data would be vulnerable if stored on off-premise servers, because [Google] is that much more experienced.” the ITA worked hard to ensure that the security parameters Of course, reliability is part of security. Crawford said met California Department of Justice requirements, said Gmail had only about 10 percent of the downtime in 2009 as Kevin Crawford, Levin’s deputy in charge of the Gmail the city’s current e-mail. And if disaster strikes — L.A. sits C O N T I N U E D O N P A G E 37 SELLING THE PLAN According to Los Angeles City Council President Eric Garcetti, there was a valuable lesson to be learned from how L.A. presented its Gmail adoption to the public and internal stakeholders: Address human issues as well as technical concerns. “There was an assumption by some of the IT professionals that this would sell itself or that people would trust them because the IT professional is recommending this,” he said. But IT officials shouldn’t be expected to sell change for an integral system like e-mail, Garcetti said. Instead, they should rely upon public communicators, which include the elected members of the City Council, to make the case. “The stakes are high, and people will be lobbying one way or the other,” he said. “But people have to think it through not just from the technology side, but from the human side.” [14]
  • 14. CLOUD COMPUTING: FOUR QUESTIONS TO ASK YOUR VENDOR Data location, access and security are crucial to cloud computing contracts. BY STEVE TOWNS, EDITOR AS CLOUD COMPUTING INITIATIVES take hold in government, agencies points that are worthwhile to negotiate. It’s very important to have need to consider the contracting implications of this new technology a vendor that can actually respond to a subpoena. They need to pull model. Managing a relationship where government data could reside only the information relevant to the subpoena and not put other on privately owned computing infrastructure located anywhere in cloud-based information at risk.” the world demands that agencies ask some crucial questions of cloud Also, find out how much your vendor intends to charge for vendors before they close the deal. responding to a FOIA or e-discovery request. “That can be a very big Daren Orzechowski, an intellectual property attorney who special- surprise,” he said. “You may even want to prenegotiate the rate for izes in IT and outsourcing issues, said government agencies need that type of work when you do the initial contract.” answers to four fundamental questions before they choose a cloud computing provider. 3 How secure is my data? Cloud vendors need to satisfy two types of security require- 1 Where is my data? Server virtualization technology allows cloud vendors to opti- mize their use of computing hardware and other IT resources. That ments: physical and logical. Your agency may have specific physical security requirements. Background checks, fingerprinting or drug tests may be required for can cut costs, especially as the volume of cloud computing customers staff working in data centers that house your data. Make sure your grows and vendors achieve economies of scale. But virtualization cloud computing vendor understands and can comply with these also has a downside. rules. Luckily vendors are becoming more accustomed to meeting “Your data could be broken up — or the instance of your appli- these requirements, Orzechowski said. cation could be broken up if it’s a platform provider — so your data Large cloud computing providers also are becoming more trans- and software could be in a lot of different places. In the government parent about their logical security processes, and they’re typically space, I think this is particularly important to have a handle on,” subject to regular security audits and penetration testing. Still, said Orzechowski, a partner in the New York City law firm of White cyber-terrorism and hacking represent the biggest threats to cloud & Case. “On one hand, you have to recognize that the provider gets computing, especially in the government space, Orzechowski said. an economic benefit from being able to break up the data and store “As you have more and more customers going to certain cloud it in different places, or virtualize it. At the same time, depending on providers, and those providers become bigger and are housing more the sensitivity of the data, the government needs to know where that data, they’ll become bigger targets for hackers and terrorists,” he said. information is.” “What will happen the first time there’s a real big hit, especially if there’s Keeping your data within the United States should be a key require- government data housed with that vendor? A terrorist or major hacker ment, he said. attack is a test that in the back of everyone’s mind may be coming.” “When you look at what people’s expectations about their rights are, they come at it with a very American-centric view. In a lot of places that are popular for offshoring — like India and China — your rights may not exactly be what you think they are. So there’s a comfort level 4 How portable is my data? The last point to cover during contract negotiations is what happens when the deal is over. How will you get your data out of one with keeping data within the U.S. borders.” vendor’s cloud and into another, or back into your own data center? “There’s been talk among some of the big players on having data 2 How do I access my data? Cloud computing involves accessing remote applications and data through a client interface, typically a Web browser or perhaps a standards for the cloud space. As a consumer, you probably are very interested in that,” Orzechowski said. “You want to have your data in a form that can easily be ported over to a new vendor. It may not mobile device. Government cloud customers should consider nego- always be in your current vendor’s interest to allow for this because tiating service-level agreements for routine access and system they want to keep you captive.” uptime. The key is to avoid being held hostage, he said. In addition, agencies need to understand how their cloud vendor “This is something to think about when you’re negotiating. What is will help them respond to specialized data requests. the template, what are the data sets and how are the fields defined? “What happens if there is litigation?” Orzechowski said. “What Get a sense of this and understand it,” Orzechowski recommended. happens if there is a subpoena? Or since we’re talking about govern- “From there, negotiate for migration assistance. Find out how the ments, it’s very possible you’ll have a FOIA [Freedom of Information vendor will help you move to someone else, and how much they’ll Act] request. How will the vendor pull this data for you? These are charge to do that.” [15]
  • 15. FIRE IN THE C H A D VA N D E R V E E N A S S O C I AT E E D I TO R MONTANA GOV. BRIAN SCHWEITZER TALKS ABOUT HIS AMBITIOUS PLANS FOR WIND POWER AND GROWING A NEW GENERATION OF SCIENTISTS AND ENGINEERS. W hat’s the biggest problem with alternative energy? The simplest explanation is that burning coal and oil for electricity generation is supported by existing infrastructure, while clean energy sources like wind and solar aren’t. Specifically alternative energy has In Montana, one of the country’s windiest places, Gov. Brian Schweitzer is trying to solve that transmission and storage challenge by adopting the “build it and they will come” approach. Wind farms are popping up across the state, and Schweitzer believes it’s only a matter of time a built-in hurdle — how do you store solar power when the before the technology follows. sun isn’t shining and how do you transmit wind energy Schweitzer is passionate about transforming Montana when the wind isn’t blowing? into a renewable energy leader. In a recent interview, he Some nascent technologies may provide the answer. But discussed this and other issues important to Montana’s by and large, the storage and transmission technology future, such as the Real ID Act and how to foster a new that would make these energy sources more feasible generation of students who are interested in math, science doesn’t exist. and engineering. [16]
  • 16. YOU WANT MONTANA TO BE A LEADER IN ALTERNATIVE We do need to add to our transmission capacity, and that’s FUELS AND ENERGY SOURCES. HOW DO YOU MAKE THOSE why Montana leads the entire world in digitally cataloging GOALS A REALITY? our wildlife corridors. So when people are deciding where According to recent studies, Montana has the second-best they’re going to build transmission lines, we already know wind energy resources in the country and some of the best on where the antelope, bears and elk need to move — and we the planet. We have 30 percent of the coal in America — 10 build those transmission lines so that we’ll be able to main- percent of the coal on the planet. We’re increasing our oil pro- tain our quality of life and a transmission system that deliv- duction at the fastest rate in the country. We have many energy ers Montana wind power to California cars. resources that can be cleaner and greener. Whether we’re talking about capturing car- YOU’VE ADVOCATED FOR SYNTHETIC FUELS, bon dioxide from existing coal-fired plants IN ADDITION TO WIND AND OTHER ENERGY or creating new kinds of coal-capturing SOURCES. CAN YOU EXPLAIN WHAT SYN- devices for new kinds of plants, we’re excit- THETIC FUELS ARE AND WHY THEY’RE NOT ed about developing our coal. And we’re A LARGER PART OF THE ENERGY MARKET? excited about developing our wind. I’m most excited about crops that pro- The most important thing is we have duce oil for biodiesel — crops like canola to develop storage technology. We actu- and camelina in Montana, and jatropha in ally have an unlimited supply of energy, the tropics. All told, they could be 5 or 10 whether it be tidal, wind or solar. But the percent of our fuel supply. Ethanol is inter- wind isn’t blowing all the time, and the sun esting because most of the ethanol plants isn’t shining all the time. As consumers, we were built in the Midwest and the fuel was demand electricity when we want it, not corn. Most of the future ethanol plants are just when the sun is shining or the wind is likely to be in the West — and the energy blowing. So that means the most important source will be trees. In Montana, we have technology of our time — and for the next about 3 million acres of dead and dying decade — will be storage technology. trees from a pine beetle kill. These are To give an example, if every car, light great sources of energy that can be used to truck and SUV in America had a battery that could get the make ethanol or some kind of biomass to create electricity. So first 40 miles on a charge before it switched to another source you have trees that are dying and they become a fuel source, of energy, we could eliminate two-thirds of the oil we import. either for a liquid fuel or for an electricity supplier. Those cars exist today. What we don’t have is the resolve to buy those cars and put them on the highways. YOU’VE TALKED ABOUT “CLEAN COAL,” A CONCEPT THAT CAN BE DIFFICULT TO UNDERSTAND. WHAT IS CLEAN COAL? WIND FARMS ARE BOOMING IN MONTANA. BUT ISN’T THE COST The first cleanup of coal was to remove the sulfur, mer- OF BUILDING TRANSMISSION LINES ALWAYS BROUGHT UP AS cury and nitrogen. But more recently, we’re concerned with A REASON NOT TO BUILD THEM? HOW DO YOU OVERCOME the CO2. There’s approximately two tons of CO2 produced THAT OBJECTION? for every ton of coal we burn. Many of us believe CO2 is Part of the solution to transmission is storage. We need to contributing to the greenhouses gases that are contributing build more transmission so we can get the electricity to those to climate change. If we can capture a portion of that CO2 who are using it. But understand — we build transmission immediately, it starts to make coal cleaner. And if we use coal for peak demand. For example, in California at 10 a.m. on gasification — plants that are already built around the world, a Tuesday they have peak demand. But by Friday night at including in our region, that capture 100 percent of that CO2 2 a.m., they’re only using half as much electricity. So if we — and then if that CO2 is pumped back into the earth, either could build a transmission system that had storage on the for enhanced oil recovery or for storage geologically in some other end — so that consumers with batteries in their cars deep saline formations, or even to be made into bricks as a could either be buying electricity in the middle of the night fuel source for making more biodiesel, that means we capture or selling it back into the grid at 10:00 in the morning — we the CO2, sulfur and mercury. And if coal is zero emission, would need less transmission. that’s clean coal. [17]
  • 17. IS COAL GASIFICATION SIMILAR TO PLASMA GASIFICATION, THE And that’s true of most children. We’d like talented young PROCESS OF USING A PLASMA TORCH TO REDUCE WASTE DOWN people to aspire to designing a ball, not hitting a ball; to TO ITS ELEMENTAL STATE? aspire to creating new sound systems, not playing rock ‘n’ It’s very similar. The traditional way of producing ener- roll guitar. If we can get more of these young people to aspire gy from coal is you ignite the coal; it makes a ball of flame, to be engineers and not journalists, we think we can change which you direct onto a water source. That water becomes the world one scientist at a time. steam, which turns a turbine and generates electricity. With coal gasification — think of a Thermos jug, the kind HOW DO YOU MAINTAIN STUDENTS’ INTEREST IN MATH AND SCIENCE? steel workers used to carry. Now think of a Thermos that’s We pound it in. We continually talk about how cool sci- 150 feet high and 40 feet in diameter. The top comes off, ence is. We have Montana science trading cards. Elementary you dump 30 tons of coal into it, and you screw it back school kids can trade these cards that have cool science facts MONTANA’S JUDITH GAP WIND MONTANA GOV. BRIAN SCHWEITZER FARM, WHICH BEGAN OPERATING SAYS GRADE SCHOOL IS THE TIME IN 2005, GENERATES 135 MEGA- TO INTEREST KIDS IN MATH AND WATTSP T I O EMPLOYS 10 PEOPLE. C A AND N SCIENCE. on. Then you heat it. And with high temperature and high about Montana. You have a governor and first lady who pressure, methane gas — or natural gas — and CO2 actu- continually talk about how cool science is, who continue ally comes off the coal. You separate the CO2, pump it back to give accolades to the best science and math teachers into the earth where it came from, and then that natural — those teachers who bring math and science to life — those gas can run your cars, heat your homes or make electricity. are the people we like to reward. That’s coal gasification 101. It’s a controlled environment so there are no emissions. There is no smokestack with LET’S TALK ABOUT THE ROCKY MOUNTAIN SUPERCOMPUTING this process. CENTERS IN BUTTE. IN WHAT WAYS WOULD YOU LIKE TO LEVERAGE THAT TECHNOLOGY? IS YOUR VISION FOR MONTANA AS A HUB FOR ALTERNATIVE Look at the remarkable geology of Montana: God has ENERGY THE REASON YOU WANT TO GET STUDENTS INTERESTED blessed us with some of the best resources for hydrocarbons. IN TECHNOLOGY, SCIENCE AND MATH INITIATIVES? We have the only platinum and palladium in the Western My wife Nancy and I are scientists, and we want more Hemisphere. We have copper, silver and gold. When you young people to study science and math. She and I were are trying to map the earth’s strata, it’s three-dimensional. talking about the channel that sent us into science: It wasn’t Montana is the size of New York, Pennsylvania, Ohio and in college or even high school; it was fourth or fifth grade. three of those other little states combined, so you have a [18]
  • 18. large area to map geologically. The supercomputer can help and people who had committed no crime, who were sim- us with that. ply German immigrants or who spoke German, or those It can help us when we are injecting CO2 8,000 to 10,000 who were critical of the war effort were rounded up and feet deep into these geologic structures to geologically put in jail. store it so we can measure the pressure at 10,000 feet, 5,000 This card, simply stated, would have allowed the federal feet, 4,000 feet. It can help us as we attract bioengineering government — in a digital way — to follow every place you to Montana. come and go. When you get on a plane, it would have stored Everybody gets an opportunity to rent a little space on that information forever so that everyone would know where that supercomputer. This isn’t just for scientists working you went, how you got there and how you got home. That in a laboratory, but also for applied research and science isn’t the way you treat free citizens — and in Montana we across Montana. It gives an opportunity to the 950,000 value freedom above anything else. GOV. SCHWEITZER AND FIRST LADY NANCY SCHWEITZER BOTH HAVE BACKGROUNDS IN SCIENCE. GOV. BRIAN SCHWEITZER, SHOWN HERE TOURING A MONTANA COAL MINE, ADVOCATES DEVELOPMENT OF CLEAN COAL TECHNOLOGY. people of Montana to share the supercomputer. Businesses A NEW BILL, PASS ID, IS WORKING ITS WAY THROUGH CONGRESS. large and small can rent a space on that computer and help SOME CALL THIS JUST A REBRANDED OR WATERED-DOWN REAL their business grow. ID ACT. WHAT DO YOU THINK? The devil will be in the details. If Pass ID will allow MONTANA WAS AMONG THE FIRST STATES TO OPENLY OPPOSE Montana residents to cross the border into Canada without AND EVENTUALLY OPT OUT OF PARTICIPATION IN THE REAL a passport, that would be OK. If the federal government has ID ACT. WHY? no capability of collecting digital information of private There are several reasons. They told us the reason every- citizens’ travel or how many times they went to a federal one in America has to carry a card that’s standardized is so courthouse, that would be OK. So we’ll wait and see what that we can stop another 9/11 from occurring. But we know the rules are. If it’s helping citizens through a common iden- that virtually every one of those hijackers and the other tification system without infringing on their civil liberties, terrorists we’ve caught would have qualified to have this we can support that. ¨ so-called Real ID. Second, while the federal government isn’t bad, we know it has abused individual civil rights before. We know that during World War I, it passed the Sedition Act, [19]
  • 19. Firewalling IT Fraud IT fraud in government can be costly. Here are five ways CIOs can prevent and control the problem. BY ALYSSA G. MARTIN | WEAVER AND TIDWELL A water department cashier extracts residents’ personal information from a database and then sells that data. A municipal court employee improperly accesses the system to alter values for citations issued. Everyday reliance on technology makes it possible for so many fraudulent schemes to unfold. The Computer Security Institute (CSI), an educational organization for information security professionals, conducted its 13th Annual Computer Crime and Security Survey in 2008. The survey found that financial fraud ranked as the costliest type of IT incident, with an average reported cost of $500,000 per incident. In its 2008 Report to the Nation on Occupational Fraud and Abuse, the Association of Certified Fraud Examiners (ACFE), a national society of fraud investigation profession- als, reported that government organizations were the victims in 18 percent of 959 fraud cases its members investigated between February 2006 and January 2008. Technology presents many opportunities for fraud. Fortunately it also offers many capabilities for combating these crimes. In a preventative role, technology enforces defined segregations of duties. It restricts IT access and limits functions individuals may perform. Technology also helps officials more promptly detect and respond to potential inci- dents. The ACFE reports that a typical fraud scheme goes undetected for two years. As a result, much is lost and never recovered. Continuous monitoring technology, however, alerts managers whenever any suspicious IT-related activity occurs, thereby limiting the ensuing damage. [20]
  • 20. [21]
  • 21. IT systems deployed in public-sector entities vary monitors provisioning within Windows server systems. immensely, but the following universal concepts aid in AS 400, IBM and other server platforms incorporate simi- addressing and combating technology-related fraud. lar oversight through the distribution of access. When someone attempts to sign on for any IT function, GENERAL FRAUD PREVENTION CONTROLS access is granted or denied, based on the login, password By continually emphasizing the importance of ethical and user provision information in the IT directory. behavior, public officials create an internal culture that values maintaining trust and safeguarding public assets. That culture 2. CHANGE MANAGEMENT sustains all fraud prevention concepts and controls. Public To commit fraud, someone may install unauthorized CIOs can control and prevent IT fraud in the following ways: software or make unapproved changes to an existing net- work component, essentially compromising or disabling 1. LOGICAL SECURITY security settings. How easily can an individual gain unauthorized IT access Sound change management policies must direct any to manipulate or extract data? Logical security measures IT installations or modifications. File integrity agents address that concern. detect all file changes, and not just recent modifica- Firewalls and software for blocking spyware and viruses tions. Regularly comparing those findings to an autho- provide network perimeter security against common rized change log helps administrators more easily detect external attacks. Virtual private networks (VPN) and improper alterations. various whitelist approaches that allow only authorized applications to run on any hardware provide additional 3. DATABASE ADMINISTRATION malware defense. Databases house crucial information that can lead to Within the network, authorization and authentication immense losses when altered or stolen. Database admin- policies that go beyond standard login/password practices istration controls define and enforce individual action, provide greater security for crucial files and applications. object and constraint rights. Passwords and logins should require regularly updated An action includes insert, read, modify or delete alphanumeric and special character combinations that responsibilities. Granting authorization only for work- cannot be easily guessed. required actions could deter a state transportation department’s regional supervisor from inserting a record for a nonexistent vendor. VARIOUS METHODS OF DATA ENCRYPTION ASSURE Object limitations restrict the types of database records THAT CRUCIAL INFORMATION REMAINS IN AN someone can access. With object restrictions, a public hospital administrator, for example, could not access UNUSABLE FORMAT IF ACCESS CONTROLS FAIL. individual patients’ records. Constraint restrictions assign limitations for authorized Personal authentication practices provide an additional actions. Based on assigned constraints, a public utility layer of protection. Authentication measures include chal- employee would face dollar restrictions in crediting a resi- lenge questions, smart cards or portable electronic tokens dent’s account. that store a PIN, digital signatures, fingerprints or other form of unique identification information. That information 4. DATA STORAGE transmits to a desktop PC, laptop or mobile device via a card Where does critical data reside? Is it on a workstation or reader, RFID, USB port or Bluetooth wireless technology. laptop hard drive, a secure or unprotected server, within a User provisions define what IT access rights individu- data warehouse or in an offsite repository? als need to perform work-related duties. Those provisions Data storage considerations must reflect the data’s encompass specific application functions and modules, nature, with more crucial information requiring more and enable organizations to enforce defined segregations secure storage and tighter access restrictions. Police 911 of duties as they relate to IT needs. calls and ambulance response reports should reside on a IT directories maintain employee groupings and IT secure file server in a searchable directory. access levels granted to each individual, based on assigned A register of deeds office may hold thousands of build- user provisions. Microsoft’s Active Directory manages and ing permit files. A secure data warehouse may be the best [22]
  • 22. location for those records. Data that needs to be archived, Various methods of detecting inappropriate or unexpected such as death certificates from past decades, should reside activity exist. Exception reports identify data anomalies or in an offsite storage repository. Nonpublic information changes to protected data. Data analysis compares data sets that isn’t needed for future purposes should be properly to identify transactions — based on rules — that indicate disposed of to alleviate data security concerns. incongruent or inappropriate activity. 5. DATA ENCRYPTION SEGREGATION OF DUTIES IS A CRUCIAL FRAUD Various methods of data encryption assure that crucial information remains in an unusable format if access con- PREVENTION CONCEPT. A CIO OR CHIEF trols fail. For online transmissions, secure sockets layer INFORMATION SECURITY OFFICER MUST ALIGN (SSL) encryption is commonly used to keep intercepted data from being read. ACCESS RESTRICTIONS WITH SEGREGATED Within the network, data encryption technologies let- WORK ROLES AND RESPONSIBILITIES. managers protect vital information while retaining common file management practices. Data encryption, for example, Newer technologies also incorporate instant detection and secures driver’s license numbers while maintaining the notification capabilities. Database activity monitors (DAM), metadata and existing file system view. for example, continuously oversee all database activity and Such general IT controls provide a first line of defense issue alerts whenever uncommon or improper activity occurs. against fraud and are supplemented by automated detec- Security information and event management (SIEM) sys- tive systems that immediately call out or suspend ques- tems also automatically send notifications whenever unusual tionable IT-related activities. transactions, security infractions or other suspicious activi- ties happen. That SIEM oversight may cover a lone applica- THE POWER OF SEGREGATION tion or numerous programs, as well as other IT components. Segregation of duties is a crucial fraud prevention con- Administrator-defined business rules and standards of cept. A CIO or chief information security officer must normal IT activity determine when DAM or SIEM systems align IT access restrictions with segregated work roles and provide alerts. An alert may occur when someone spends responsibilities. This allows managers to most effectively too much time viewing a read-only file containing stu- deploy application controls and other automated, preventive dents’ Social Security numbers. Managers may also get measures. alerts when the monthly volume of closed traffic citations User provisions provide the foundation for establishing exceeds normal averages, or when a public safety officer’s and enforcing segregation of duties within IT systems. The work shift hours exceed the legally allowed limit. user provision incorporates the least privilege concept, Screenshot files and audit trail features document activity which restricts a person’s IT access rights to components sequences. Some systems also immediately suspend user required for defined, segregated duties. activity whenever suspicious actions unfold. Such imme- IT directories maintain employee groupings and each diate detection eliminates the costly time lags and other individual’s IT granted access levels. When someone logs potential difficulties associated with manually evaluating on to any IT element, access is granted or denied, based on IT logs to detect anomalies or exceptions. login, password and user provision information. In conjunction with the IT directories, user provisions MAINTAINING CONTINUAL VIGILANCE automatically ensure that segregation of duties remains in The public sector faces constant internal change in per- place for all processes requiring IT access. sonnel, processes and the IT systems it uses. Keeping pace with such change and providing optimal fraud protection DAM: GOOD DETECTION requires continual vigilance. Even with the best preventive measures, individuals may Sustaining that vigilance takes money and time, but those still find ways to commit fraud. Preventive IT controls cumulative costs are generally less than the expenses associ- can’t fully protect against collusion. Someone may misuse ated with just one fraud discovery incident. The resources com- granted authorization or share access information, while mitted to preventing and detecting fraud function as a form of another individual may devise means to circumvent pre- insurance, a form of insurance that saves significant potential ventative controls. taxpayer expense and provides immediate peace of mind. ¨ [23]
  • 24. BY G R E G D E B O R A N D R O B E R T WA H | C S C O ver the next five to seven years, major federal health-care initiatives will offer new and significant industry direc- tion and funding for health IT investment. STATES MUST ACT QUICKLY Providers, the federal government and the states are coming together, in many cases for the first time, as a result of health The American Recovery and Reinvestment Act will pump IT efforts — specifically about health information exchange billions of dollars into health IT through the act’s Health (HIE). The federal Office of the National Coordinator for Information Technology for Electronic and Clinical Health Health Information Technology issued a request for proposals (HITECH) provisions. These provisions offer an estimated in August 2009 for states, territories and nonprofit organiza- $2 billion in seed funding and $45 billion in incentives for tions to participate in the State Health Information Exchange the “meaningful use” Cooperative Agreement Program. All eligible states and ter- of electronic health ritories applied for funds in October 2009 and received pre- WAY records (EHRs), as liminary budget determinations ranging from approximately defined in recent reg- $4 million to $40 million in federal funds over the next four ulations proposed by federal fiscal years (through October 2013). the U.S. Department States will use these funds to plan and implement exchange of Health and Human capabilities designed to enable EHR systems in provider Services, payable organizations, and state and federal agencies, so they are through the Centers for interoperable and share data for specific purposes. HIE funds Medicare and Medicaid are essentially a down payment on providers earning their Services (CMS). portion of the larger CMS incentives. In fact, HIE funding At the same time, represents the first small wave of health IT investment that’s major health-reform legislation at the federal level relies expected over the coming years — to be followed by a larger on health IT to implement payment reforms, new capabili- investment in EHRs and, finally, an even larger wave of invest- ties and cost savings. Although many aspects of the reform ment in a fully wired and reformed health economy that would debate and federal regulations for health IT adoption remain be capable of providing population health analysis, manage- unresolved, there seems to be one issue that all participants ment and decision support. and policymakers — from government to employers, health The new responsibilities require states to have high levels of plans, providers and consumers — tend to agree on: Health organization, expertise and support, but states are currently all IT is a foundational and essential element of health-care over the map in their plans for HIE. Some, like New York, have reform. been investing in their own for years. Others have been plan- ning for investment, but their plans may not be aligned with HISTORIC OPPORTUNITY the federal guidelines detailed in the national coordinator for Guided by this new federal policy push and its associated health IT’s RFP The majority, however, have only begun plan- . funding, health IT investment over the next few years will ning as a result of the RFP and are now crafting an approach , likely have three main focal points: for investment, implementation and operation that takes Health-care providers will use federal impetus and funding into account the five areas of concentration directed by the to move their business plans and agendas forward. Recovery national coordinator for health IT: governance, finance, tech- Act funds are significant, but only available for a short time nical infrastructure, business and technical operations, and and will have the desired effect of getting the private sector to legal/policy. The states are encouraged to incorporate public- begin moving toward adopting health IT. private investment and representation into their plans and to Federal agencies will look to use broader IT capabilities in “leverage existing regional and state level efforts and resources health care to streamline processing and payment of benefits that can advance HIE,” including regional health information — and to track the nation’s health and improve health out- organizations and their Medicaid Management Information comes through programs and policy. Systems infrastructure. States and territories will provide an important multiplier To continue to qualify for HITECH implementation fund- effect for federal efforts and a critical concentration point for ing, states have three to eight months to complete their plans, providers seeking assistance and connection to federal efforts. depending on where they are in the process. They have heavy [25]
  • 25. incentives to move quickly because funds are only available commercial policies purchased through the connector have for four years and state-matching requirements increase used its Web site, Many states annually under the federal program. In fact, there is no match- are looking to create similar portals to expand coverage, and ing requirement in year one (the current federal fiscal year). the connector’s self-service capabilities can serve as a model State HIE plans must include an approach to becoming fully for keeping educational and support costs associated with self-sustaining by year five. coverage expansion as low as possible. Finally Europe may provide further lessons for the U.S. in LOOKING TO MASSACHUSETTS AND EUROPE FOR GUIDANCE using health IT to improve quality and outcomes for patients, At least one state, Massachusetts, already has a self-sus- while simultaneously lowering costs. Although Europe’s taining HIE model as a result of a public-private partnership efforts are far smaller than what will be required in the U.S., known as the New England they are comparable in size to Healthcare Exchange Network state-level efforts and often (NEHEN), which was created THE FIVE HEALTH INFORMATION have encountered many of in 1997. The network is funded the same challenges and risks by large and small private-sec- TECHNOLOGY CONCENTRATION associated with interoperabil- tor providers in Massachusetts AREAS AS DIRECTED BY THE ity, privacy and sustainabil- and Rhode Island, commer- ity. In particular, efforts under cial health plans, and the NATIONAL COORDINATOR ARE: way or completed in the UK, Massachusetts government. 1. GOVERNANCE 2. FINANCE Denmark and the Netherlands NEHEN is standards-based represent successful, complex and includes administrative 3. TECHNICAL INFRASTRUCTURE projects that are showing posi- and payment processing and 4. BUSINESS AND TECHNICAL tive results.They can provide clinical information exchange lessons for how the U.S. feder- functions, such as e-prescrib- OPERATIONS AND 5. LEGAL/POLICY al government and states can ing, laboratory results retriev- undertake HIE and health IT al and sharing clinical sum- planning and implementation, maries. The inclusion of administrative functionality with as well as offer guidance on technical and policy issues on a demonstrable cost-saving, efficiency-oriented business sensitive topics likely to be encountered along the way, such case has been key to its sustainability, along with a tiered as privacy, security or patient identification. subscription fee model as its core financing mechanism. At times, NEHEN has used federal, state and private-sector DRIVING HEALTH INFORMATION TECHNOLOGY ADVANCEMENT grants to augment its participant-based fees, but it doesn’t The HIE is a critical component of achieving the wide- rely on such sources and has operated for more than 12 spread and meaningful use of health IT and attracting years by providing real business value to its stakeholders. federal funding for EHRs. The federal government, through NEHEN participants claim that the HIE has lowered their the Office of the National Coordinator for Health Information cost for some interactions anywhere from dollars to pennies Technology, is funding HIE and EHR adoption to a much per transaction. greater extent than in the past. The caveat is that states Beyond HIE, Massachusetts also offers lessons learned for must demonstrate that the federal investment will be well implementing state-level tools for providing affordable, uni- managed for the benefit of patients and taxpayers. versal health insurance. The Massachusetts Commonwealth Planning for HIE or EHR adoption may at first look Health Insurance connector is the nation’s first and only daunting for states, but it is, in fact, achievable — lessons example of the type of exchange or gateway for purchasing exist in U.S. and European case studies. At this exciting insurance that has been part of national health-care reform time, states, health-care providers and other stakeholders proposals. Massachusetts created the Connector as part of in the health economy must work together in a public- its landmark universal coverage law in 2006 and established private partnership to make the most of these lessons to an interactive Web site that educates consumers on state find new ways to use health IT to improve care, lower costs law. It also lets them browse and purchase affordable health and save lives. ¨ insurance online. Coverage in Massachusetts has increased from approximately 94 to 97 percent, and the majority of [26]
  • 26. Who’s Talking? Calling all readers to join the discussion as experts dispatch witty observations and tackle the tough C-level issues. Converse with like-minded views, or agree to disagree. We look forward to the debate! Securing GovSpace: Mark Weatherford Chief Information Security Officer FastGov: CA Office of Information Security blogs on the latest rumors Paul W. Taylor and news in the government Chief Strategy Officer cybersecurity arena. Center for Digital Government blogs on the continuing campaign for government modernization. Lohrmann on Notes from Infrastructure: a City CIO: Dan Lohrmann Bill Schrier Chief Technology Officer Chief Technology Officer Michigan City of Seattle blogs on the virtual tsunami blogs on making technology of IT challenges and options work for city government. government faces today. We want to hear your viewpoints!
  • 27. AN URGENT CHECKUPIN MASSIVE INFORMATION R U S S E L L N I C H O L S | S TA F F W R I T E R As hospitals switch to the latest disease diagnosis and procedure codes, industry observers say the technical and economic impact to the U.S. government and health-care TECHNOLOGY TRANSITION, community, could eclipse the much-hyped system upgrades at the turn of the century. U.S. HEALTH-CARE SYSTEM HAS “It’s going to affect anybody who touches the health-care LESS THAN FOUR YEARS TO system,” Cleland said. “If not done correctly, this change has the potential to be even more painful than anything in UPGRADE DISEASE DIAGNOSIS the health-care debate that’s going on.” For decades, U.S. medical organizations have used ICD-9, CODE SETS. the ninth revision of the code sets. But ICD-9, developed in the 1970s, is showing its age: With fewer than 20,000 codes, the system struggles to accommodate modern medical T hey say it’s a bigger deal than the Y2K bug — not so much in terms of mass hysteria, but in scope. In 2013, the United States will upgrade to the latest ver- practices and new technology. The latest version, ICD-10, offers more than 155,000 codes, reflecting advances in dis- ease detection, genetic research and connecting the country sion of the International Classification of Diseases (ICD) to a global medical communication network. system — the standard diagnostic taxonomy by the World For many state and local health providers, the prospect Health Organization — a move that represents “the largest of upgrading an entire system is a real pain. But there’s no health-care systems modernization effort in history,” said choice — the deadline for compliance is Oct. 1, 2013. These Bartlett Cleland, senior policy director at TechAmerica, a organizations must also implement the Health Insurance technology industry association. Portability and Accountability Act (HIPAA) 5010 elec- [28]
  • 28. tronic transactions standards by Jan. 1, 2012, an updated quality and effective delivery of patient care.” The CSC version that improves health-care transactions and accom- report also claimed that only two-thirds of hospitals have modates ICD-10 code sets. taken the first step: identifying system gaps to meet the requirements for meaningful use. A PAINFUL PROCEDURE In the global ICD-10 adoption race, the U.S. could use a A PLANNING PROCESS booster shot. The new code set was completed in the early The Medical Group Management Association estimates 1990s. About 100 other countries, such as the UK, Sweden and that the average cost of upgrading to ICD-10 for a three- Canada have already introduced ICD-10 editions. physician practice will be $84,000. Of course, the U.S. health-care system is complicated. To make the transition easier for states, the Centers for But with the constraints of ICD-9, the U.S. can’t as easily Medicare and Medicaid Services (CMS) developed an ICD- compare health-service records with other countries. 10 training package that includes 12 training segments to Take asthma, for example. ICD-9 has two ways to clas- assist with implementation. sify asthma: intrinsic and extrinsic. But ICD-10 classifies For instance, the CMS recommends that as a first step, asthma as mild, moderate and severe. With a system that states conduct a business and technical assessment of the more precisely diagnoses diseases, patients can receive entire agency. It also examines the benefits of ICD-10 and more accurate treatments and physicians can better com- emphasizes the value of creating a team of trained experts pare data for clinical, research and payment purposes. to lead strategy and project teams. In addition, experts Unfortunately no software exists that can precisely say, looking at the system transition solely as an IT issue upgrade ICD-9 codes with the click of a button, which won’t work. means the transition will require a “massive wave of sys- “You have to approach it from a statewide perspective,” tem reviews, new medical coding or extensive updates to said Brian Erdahl, Deloitte’s principal in the public-sector existing software, and changes to many system interfac- practice and leader of the state health IT practice. “Not es,” according to ICD-10: Turning Regulatory Compliance just the technical impacts, but also the business impacts. into Strategic Advantage, a paper from the Deloitte If you don’t look at it broadly enough, it will cost you sig- Center for Health Solutions, the health services research nificant heartburn down the road.” arm of Deloitte. Even though the United States is years behind other ICD-10 is divided into two major parts: ICD-10-CM countries in adopting ICD-10, Cleland said, the delay gave classifies diseases and ICD-10-PCS contains procedure industry analysts time to see what practices did or didn’t codes. “Because of the complex structure of ICD-10 work rather than leaping blindly. “At the end of the day, codes, implementing and testing the changes in [electronic it obviously affects the patients,” Cleland said, “and we medical records], billing systems, reporting packages, and don’t want them to be the guinea pigs.” decision and analytical systems will require more effort than simply testing data fields,” the paper states, “it will A PATIENT PRIORITY involve installing new code sets, training coders, remap- The biggest difference between the ICD-10 transition ping interfaces and re-creating reports/extracts used by all and Y2K, Cleland said, is that nobody seems to be talking constituents who access diagnosis codes.” about ICD-10. The move will affect providers, health plans, claims He attributes that mostly to a lack of public awareness, clearinghouses, technology vendors and more, and Deloitte although “it affects something intimate and private to all noted that it has the potential to spur innovation and pro- of us.” Pushing back the deadline, he added, won’t help duce a gigantic wave of IT spending. industry professionals make it a priority. This transition comes as hospitals are increasingly push- TechAmerica has been working to help spread knowl- ing use of electronic health records systems — from 10 per- edge and lend support on the issue from a technology cent in 2009 to 55 percent by 2014, according to Computer standpoint. In publicizing the ICD-10 transition, Cleland Sciences Corp. (CSC). Despite growing activity, however, said, the group is trying to find a balance between stress- hospitals still have a long way to go. A survey released ing its importance while minimizing fear. in January by CSC revealed that “U.S. hospitals are only “Y2K had the potential to be a disaster and it wasn’t,” halfway to qualifying for government incentive payments Cleland said. “We don’t want a Y2K-esque fear around aimed at controlling health-care costs while improving the this. We just want it to work.” ¨ [29]
  • 29. BY LY N N R E Y E S , I B M The NewVoice CIO of the “IT’S A NEW WORLD.” Or, “we’re in a new normal.” These are INSIGHTS FROM increasingly common phrases, but certainly palpable in the THE GLOBAL wake of the financial crisis, which is now a global economic slowdown. What’s clear is that the nature of change has not CHIEF INFORMATION only become more complex and intertwined — it has acceler- ated. But it’s more than the events of the past year; the world OFFICER STUDY. has been rapidly evolving, with cultural and demographic shifts and technological advances that have raised expecta- tions for creating value. Many governments around the world are in the middle of this and are facing more complex decisions and tremendous transformation and service delivery challenges. Information, communications and technology are crucial to both. And with heightened expectations for greater visibility, transparency and accountability, the stakes are high. [30]
  • 30. Public CIOs are at a critical stage in the evolution of their areas to apply information and technology in innova- role. On one hand, they’ve never been more central to govern- tive ways that address complex public challenges and ments’ plans to modernize and transform. There’s growing deliver results. recognition by politicians and public-sector leaders that 2. Improving the value on IT investment. Government CIOs will better use of information, communications and technology is need to enable better use of information for decision- central to making it happen. making, communicating more effectively and delivering On the other hand, it’s unclear if government CIOs results, while increasing efficiency. have the full confidence of citizens or their management 3. Expanding the impact of IT on programs and missions beyond colleagues to deliver on these heightened expectations. the IT function, so that a professional IT function is work- Politicians and colleagues don’t always appreciate the ing with colleagues on programs that not only transform complexity of driving IT change through complex pub- the agency, but also government as a whole. lic organizations. Government IT projects that fail to The survey found some encouraging results. Government deliver or suffer cost overruns are highlighted in the CIOs reported that they are actively represented at senior press. Public CIOs fear budget cuts at a time when invest- management levels in developing and presenting strategy. ment in information, communications and technology is This was even higher at state and local government levels, needed most to deliver efficiencies across the public sec- perhaps because they are closer to the delivery of services tor while accelerating progress toward desired program to citizens. They also reported a strong interest in innova- and mission results. tive technologies, such as virtualization, mobility solutions 22 % OF GOVERNMENT CIOs IN ALL JURISDICTIONS SAID PROGRAM AREAS VIEW INFORMATION TECHNOLOGY AS A CRITICAL ENABLER OF THE AGENCY MISSIONS AND BUSINESS VISIONS. In short, with IT increasingly recognized as government’s “central nervous system,” CIOs have an opportunity to and collaborative solutions, and were keen to drive innova- tion across the organization. In all these areas, the results establish themselves at the heart of government. But they for government CIOs were noticeably higher than their must choose to do so, while delivering quickly and well to private-sector counterparts. It may be that government has program/mission colleagues and partners — or they face lagged behind the private sector in this area and what we the prospect of budget cuts and a downward spiral, strug- might be seeing is an acceleration of government’s own IT gling to meet demands for basic services. revolution in light of the “new normal.” IBM carried out a comprehensive global survey of the However, the survey also points to areas where govern- CIO’s role, conducting face-to-face interviews with 287 ment CIOs must improve their performance. Above all, government CIOs from 48 countries, as part of a cross- industry survey of more than 2,500 CIOs. Sixty-one of those government CIOs were from the U.S., cutting across federal, state and local jurisdictions. (This article focuses on the findings for government CIOs in the U.S.) The sur- A CROSS-INDUSTRY SURVEY OF MORE vey identified the key goals for CIOs and their organiza- THAN 2,500 CIOs FOUND THAT ONLY tions in the years ahead; the roles that CIOs will need to fulfill to achieve them; what many government CIOs are 24 PERCENT OF FEDERAL GOVERNMENT doing to adapt to these roles compared with their private- CIOs REPORTED THEY HAD A STRONG AND sector counterparts; and a point of view on what this might mean for government CIOs in the future. EFFECTIVE DATA GOVERNANCE MODEL IN Government CIOs need to deliver on three key goals: PLACE; 26 PERCENT OF STATE AND 1. Making innovation real. Achieving this goal is more likely when mission and public outcomes are aligned. LOCAL GOVERNMENT CIOs RESPONDED CIOs will need to work with program and mission THE SAME. [31]
  • 31. 54 % OF PRIVATE-SECTOR CIOs SEE BUSINESS MODEL CHANGES AS ONE OF THEIR GREATEST CHALLENGES, COMPARED TO ONLY 38% IN THE FEDERAL GOVERNMENT AND 50% IN STATE AND LOCAL GOVERNMENT. they need to turn their visionary plans into capabilities HOW THE BUSINESS LOOKS AT THE ROLE that help their agencies deliver results, accelerate progress toward public outcomes and improve financial perfor- OF INFORMATION TECHNOLOGY mance for the public sector — closing the gap between the expectations of politicians and citizens, the aspirations of CIOs, and actual results. For all government organizations, Critical enabler of the mission 22% there’s a long way to go before the potential of IT is real- and business ized. To achieve this, CIOs need to: vision 1. Expand their impact at senior levels, so they can secure the 18% resources needed for the right IT investments with the Provider of right commitments from senior management to sponsor industry-spe- 20% joint action that will speed up implementation. While cific solutions to support the business 24% CIOs report that they are invited to participate in setting strategy, it’s not clear as to what degree they influence the 16% Facilitator business agenda. of organizational 17% 2. Tackle public-sector barriers to change. Many CIOs expressed process efficiencies 23% 43% interest in innovative solutions, but referred to difficulties in implementing in government. They must identify these 40% Provider of core constraints, help their program/policy colleagues and public officials better understand them, and work with technology services 31% them and external partners in challenging and overcoming barriers. CIOs also will need to consider radical approach- U.S. Federal Government es and innovative solutions, including new business and U.S. State and Local Government operating models. The private sector has been more active Private Sector here: 54 percent of private-sector CIOs see business model changes as one of their greatest challenges, compared with ing that it’s reliable and secure (e.g., through effective data only 38 percent in the federal government. However, that governance). Only 24 percent of federal CIOs reported that figure rose to 50 percent in state and local government. they had a strong and effective data governance model in Government CIOs must challenge why they cannot imple- place, and 26 percent of state and local CIOs said the same. ment these changes in their organizations. Many CIOs reported that they were overwhelmed with 3. Get the basics right. In particular, they need to make the the routine demands of delivering an IT service. Only by appropriate data readily available and useful while ensur- improving the efficient delivery and productivity of these services (e.g., through standardization or centralization) can time be freed up for CIOs to spend on the more strategic elements of the role. PUBLIC OFFICIALS AND GOVERNMENT 4. Demonstrate how they can deliver improved public value and con- LEADERS ARE SEEKING A NEW BREED OF tribute meaningfully to outcomes through better use of information. There are many excellent examples where CIO — THEY ARE EXPECTED TO RESOLVE government organizations have delivered services using TENSIONS BETWEEN THREE PAIRS OF new channels or increased transparency by sharing infor- mation with citizens. And CIOs are enthusiastic about COMPLEMENTARY ROLES: INSIGHTFUL innovating in government. But there’s much progress still to VISIONARY AND ABLE PRAGMATIST; SAVVY be made. CIOs will need to overcome public-sector culture and processes that focus on lowest cost rather than best VALUE CREATOR AND RELENTLESS COST value in public procurements. It’s also particularly difficult CUTTER; AND COLLABORATIVE BUSINESS to get support for projects where value is created across organizational (and budgetary) boundaries. The key ingre- LEADER AND INSPIRING INFORMATION dient for both scenarios: outcomes, especially as CIOs make TECHNOLOGY MANAGER. design choices that optimize value and cost. [32]
  • 32. Lead ing the Way to Ne w OpportunITies Join state, federal and local CIOs for the 2010 NASCIO Midyear Conference. NASCIO conference attendees include the highest-profile government and corporate technology experts in the nation. In addition to state, federal and local CIOs, and our corporate partners, past NASCIO conference attendees have included governors, state and federal legislators, and other elected and appointed officials. NASCIO is the premier network and resource for state chief information officers and an effective advocate for information technology policies at all levels of government. Register now at
  • 33. WITH THE FOCUS ON VISIBILITY, TRANSPARENCY AND ACCOUNTABILITY, THE GOVERNMENT CIO’s ROLE HAS BECOME BROADER, MORE VISIBLE AND INCREASINGLY INFLUENTIAL. 5. Learn from and work with private-sector colleagues on how to increase the visibility and accountability for IT costs. HOW INFORMATION TECHNOLOGY IS MEASURED: Despite pressures on IT spending and budgets, government TOP PERFORMANCE CRITERIA IN 2009 CIOs aren’t measured by their colleagues on cost-effective- ness as much as their private-sector counterparts are (only 52% 19 percent of federal government CIOs and 33 percent of 56% state and local CIOs mentioned cost-effectiveness as among Project 47 % the top three performance criteria vs. 44 percent in the pri- Execution vate sector). Government CIOs must more effectively plan and manage IT in year and in life cycle, which will widen Aligning 33% Business understanding of and accountability for IT costs and drive & IT 33% efficiencies. 6. Build an IT department with the skills needed for the future. This Budget 18% 27% Control includes technical skills in IT, but also expertise in key 19% 33% areas like innovation, program management, project delivery and an intelligent customer relationship function Cost Effectiveness 44% to optimize value from external partners. Technical 29% The study focuses on the opportunities and challenges Support 26 28% % facing the government CIO. But there are important mes- Stability sages too for senior public-sector managers and public officials. Program and business managers need to actively Management 14% 33% (IT) drive what’s needed from information and technology. To 12% U.S. Federal Government do so, they need an appreciation of what IT can deliver. U.S. State and Local Government Too many managers and officials still perceive IT narrowly Private Sector as an overhead — as a “provider of core technology ser- vices” — rather than a creator of value (43 percent in federal government and 40 percent in state and local government). was “project execution” — ranking above aligning business Hence, CIOs also said the top performance criteria for IT and IT, budget control and cost-effectiveness. But what was also encouraging was that, similar to the private sector, 22 percent of government CIOs in all jurisdictions said program EXTENT TO WHICH CIOS BELIEVE A STRONG areas also are seeing IT as a critical enabler of the mission DATA GOVERNANCE MODEL IS IN PLACE and business vision. Colleagues across the organization need to help CIOs address the constraints that too often hinder the realization of IT’s potential value to government and the 39% Private Sector citizenry. Public officials can help address structural issues through the legislative and budget processes. CIOs have an excellent opportunity to propel the transfor- mation needed and expected of government. Above all, pro- gram, mission and business colleagues, public officials, CIOs, and the IT community must develop more productive and 26% U.S. State and Local Government constructive working relationships — working together to understand and ultimately overcome the constraints that his- torically held back the rapid implementation and application of IT that’s now expected. Indeed, flexibility and collabora- 24% U.S. Federal Government tion are key to accelerating progress and getting things done. With the “new normal” upon us all, the time to act is now. The complete CIO study can be found at ciostudy. ¨ [34]
  • 34. Complimentary Executive Update eNewsletter Get ahead with our enterprise perspective on IT governance and leadership strategies for public sector CIOs and C-level executives. A FREE Bi-weekly eNewsletter 4 News & Best Practices 4 Thought-Leadership Editorial 4 Newsmaker Videos 4 CIO Job Listing 4 CIO Blogs Subscribe today! Follow us on:
  • 35. [ GUEST COLUMN ] Cloud BY KEVIN MERRITT Economics 101 need for file downloads. A common user interface needs to provide accessible data sorting, searching and filtering capa- bilities, as well as community features The government is about to open up vast data stores for for commenting, rating and discussing. public consumption. It should be done in the cloud, says Furthermore, users should be able to one industry expert. share data easily with other citizens. But how do we do that without addi- tional funds? From a fiscal perspec- N OW IS NOT THE TIME to take on large capital expenditures. Yet with the federal govern- ment and an ever-growing number of states, counties and cities focused on made available to the public at large is just that — public — so it doesn’t require the level of security needed for classified information. CIOs face three key challenges as the tive, cloud computing provides CIOs with the flexibility to make data avail- able in numerous formats that are both machine-readable and accessible via a simple Web browser at a significant making more data available online, pent-up demand for government data cost savings. Cloud computing allows the challenge is daunting for CIOs. The reaches its apex: for a pay-per-use model that can be federal government alone has more • Political: From President Obama to scaled as site traffic increases. Cost than 24,000 Web sites, many of which our nation’s governors and mayors, savings can be as much as 50 percent host data. there’s a commitment to open com- compared to the current “post-it-and- Government transparency isn’t a munication, transparency and civic forget-it” model on many public data trend that’s going away anytime soon. participation. sites. When compared with creating CIOs will continue to be measured • Technological: Most government data and maintaining a custom data store, by their ability to make public data sets are not in a format for consump- government CIOs can expect to save on available to the masses. As we recently tion by nongovernment audiences. server infrastructure and maintenance, commemorated the 40th anniversary • Economic: Now is not the time to ask bandwidth, storage, software develop- of Woodstock, we remember that for for more money. ment and maintenance, support staff, many the answer was “blowin’ in the The true measure of success for the and training. wind.” Today for CIOs and CTOs, myriad government transparency and The technical and fiscal resources the answer to reduced budgets and data projects will be governments’ abil- required to address the three key chal- increased expectations may be living ity to make the data usable and share- lenges of a government data site project in the cloud. able for a wide range of audiences, from are massive. CIOs must look outside Cloud computing will allow CIOs scientists to statisticians to entrepre- their organizations for solutions that to pay for what they use and combine neurs to everyday citizens. enable them to meet the new demands purchasing power across agencies, The first generation of government set by their president, governor or states, towns, cities or counties. And data Web sites has merely focused on mayor. With unreasonable deadlines it still allows governments to control posting downloadable files in arcane and massive amounts of data to upload, their data, monitor and measure the formats. The data is difficult for end- it’s time to look for a new way of doing data’s use, and deliver on promises of users to find and download. For the government business. government transparency. Many may government entity, the data is expensive Cloud computing has enabled the argue — fallaciously — that cloud to store and data usage difficult to track private sector to launch huge data computing is not secure. However, and analyze. stores known as Google, these arguments largely focus on pri- Now is the time to transform the way and Facebook. American citizens will vate information, whether it be per- governments of all levels make data require the same ease of use and func- sonally identifiable or classified data. available to the masses. Governments tionality from government sites. The cloud actually lets the government should implement solutions that enable It seems rather clear that the answer better monitor the use of public data. technical and nontechnical audiences to is in the clouds. ¨ Also, let’s remember the data being interact with data online, without the [36]
  • 36. C O N T I N U E D F R O M P A G E 14 in earthquake country atop a fault zone — two other data centers outside the geographical location will have a live version of the city’s data that can be quickly retrieved in case of emergency. The ITA didn’t have the means for such robust disaster recovery in its existing configuration. PILOT TO GMAIL CONTROL A citywide pilot of Gmail launched in January, led by Crawford’s team in partnership with CSC, a Virginia- based integrator that’s partnering with Google on the implementation. The pilot will continue for 60 days with 3,000 participants — about 10 percent of the city’s work force. The citywide implementation is scheduled for mid- June, Crawford said. After the e-mail deployment is done, the ITA will focus on Google Apps, and all employees will be trained on video and chat sooner rather than later. Deployment at the police department will be phased in last so that Google has time to complete FISMA certifica- tion and the government cloud. Crawford said the city will save a significant amount of is on CSC and Google to make this successful,” Levin money by handling the transfer of e-mail archives to the said, “because obviously they would like to increase their new system, instead of having CSC perform the task. The sales in the state and local government arena. I have been city has approximately 14 terabytes of archived data, and assured they will make it work here.” seven terabytes of live e-mail data. With L.A. in the fold, Google executives are bullish on The ITA also wrote a piggyback clause into its agree- the state and local government market. ment with CSC that allows any public-sector agency in “The interest is very strong, and I think it goes back to California to purchase off that same contract. “The kind the benefits of cloud computing,” said Google’s Mihalchik. of services and capabilities we’re providing right now “Government spends too much on IT, and particularly as [to L.A.] are the same as any municipality can get,” said it pertains to e-mail and collaboration solutions that we’re Mark Kneidinger, managing partner for CSC’s Federal offering — it’s rare to have an opportunity to both reduce Consulting Practice, who is a former public-sector CIO. costs and improve performance. That’s what happened in He said the available services include e-mail capacity; the city of Los Angeles, and that’s why other government e-mail migration; building the architecture and security; agencies are looking at this and are strongly interested.” end-user services; training; and the system architecture, Mihalchik said the customer base for Google Apps has design and integration. The vendor can also migrate agen- quickly expanded to include pilots or implementations in cies’ applications to the cloud. governments across the United States, like Orlando, Fla., Kneidinger said smaller municipalities could use the and within 12 federal agencies. Crawford said that as of piggyback contract to form consortia that would further mid-January, he had talked with more than 70 govern- cut implementation costs. “What’s happening currently ments that were interested in moving data and services to among cities — if you have a lot of small towns — and cloud computing. I know there are a number of areas in the country where So Los Angeles might not be an outlier for long. And this occurs, is that they’re sharing common e-mail there’s a sense that Levin already is writing the next part systems. Then basically [Gmail] is just the same overlay,” of this script — and that Web-based e-mail is only Scene he said. One. She’s exploring options that would outsource city But so far, according to Crawford, no other governments servers or put them under the management of a public- have piggybacked on the L.A. contract — he thinks that’s private partnership. because they’re in a wait-and-see mode. It’s just another As for the Gmail decision, Levin is certain. “There was example of the scrutiny and spotlight Levin admits is now no question in our mind that this was the right thing to omnipresent. “But I think more of the pressure actually do,” she said. ¨ [37]
  • 37. [ CTO STRATEGIES ] Ready for Your BY DAN LOHRMANN Budget Emergency? flexibility and “outside the box” thinking were encouraged regarding Emergency management’s scenario-based planning is for delivery of various services, this pro- budgets too. cess helped us clarify core missions for each infrastructure area. • Our conversation quickly turned T HE GOVERNOR will soon be announcing an early retirement plan. Exact details are still in negotiation. However, only one in four employees will be replaced, one-third But can responding to budget cut sce- narios help technology teams improve? What if the budget cuts never happen? Might this be a waste of precious time? Our experience with scenario-based to customer expectations. Several asked, “Can we really stop offer- ing that service?” We discussed our service catalogs, rate structures and related service-level agreements. of our managers will likely leave, planning in Michigan demonstrates an Using early out ground rules, direc- employees cannot come back on con- excellent return on investment for all tors were tasked with clarifying staff tract, contractors cannot be hired to involved. Here’s what we did — and allocation plans after the exercise. fill voids and budgets will be cut what you can do: Several weeks later, plans were dis- equal to staffing cuts. We expect about • First, we asked our infrastructure cussed with selected customers. Some 20 percent of your overall staff to directors to come to the meeting improvements are being implemented, leave. One more thing — no additional prepared. They brought org charts, while other changes will be saved in overtime will be authorized.” office budgets, prioritized project case of an early retirement or budget Devastating news; fortunately it was plans, contract information, retire- emergency. just an exercise. ment eligibility lists and more. After What did we learn from the exercise? Oct. 1, 2009, Michigan’s infrastruc- setting the stage with the early out • When the future budget scenario ture directors were gathered offsite at a announcements, we discussed vari- changed, so did the level of discussion. management planning meeting, and we ous aspects of the situation. What • When “people issues” were addressed were all relieved that our state govern- would you do first, second and third? (under this scenario, many staff ment had just avoided a shutdown. We How would you communicate to retired happily), different budget were immediately challenged with the staff? What reaction do you antici- approaches emerged to open up new above message from our public infor- pate? The discussion was lively, and opportunities. mation officer. Some people seemed stories revealed issues from previous • While some noncritical functions a bit stunned by the announcement; early retirements in Michigan. must continue under mandated bud- others were smiling, since they would • Next, directors were asked to list three get cuts, these activities might be be eligible to leave. core mission functions that couldn’t offered to customers at an hourly rate For decades, emergency manage- fail in their areas. For essential govern- rather than eliminated. Each director ment offices have used scenario- ment services to be maintained, these went away with the task of identify- based planning exercises to test critical activities must go on no mat- ing potential optional services. our ability to respond to natural ter what else happens. Infrastructure I encourage you to challenge your disasters and other emergencies. examples included answering help- team by offering a tabletop exercise And more recently, to mitigate desk calls, ensuring e-mail delivery, with scenarios that include budget cyber-threats. We learned during providing desktop support and sup- emergencies, such as an early retire- the weeks and months after 9/11, plying network availability. ment. You’ll be surprised by what organizations that prepare for the • Each leader also was asked to identity you learn. ¨ unexpected perform much better three activities that could potentially following emergency incidents. stop in this new environment. This Tabletop exercises can enhance information was reported to the wider communication, foster team building, group, with constructive criticism improve coordination, clarify roles offered by everyone during follow-up and help with issue identification. question and answer sessions. While [38]
  • 38. You’ve Got Questions. We’ve Got Answers. Just Released! This free resource offers a starting point and important factors for consideration to help you plan for stringent e-discovery requirements and FOIA requests! The volumes and types of digital content governments must manage, store and discover on demand is overwhelming to say the least. Failure to prepare effectively for e-discovery and Freedom of Information Act requests can be costly and reduce public trust. This 28-page resource takes a common sense approach to information management basics — with a sharp focus on e-discovery and FOIA — and gives strategies for planning and implementing sound information management policy and the best technology processes for support in these critical areas. Produced by: In Cooperation with: Request Your Free Copies at
  • 39. [ STRAIGHT TALK ] BY LIZA LOWERY MASSEY Remaining hard dollar return on investment and, better yet, increasing revenue. Your contribution to the organization’s fiscal Relevant bottom line is today’s measuring stick in the public sector, not just private industry. Even public CIOs are not immune to downsizing and layoffs. Another suggestion is to position one- self to gain more responsibility when layoffs or job consolidations occur. CIO certification is great; experience and O NLY A FEW YEARS AGO, public-sector organizations were rushing to create CIO positions and technology executives were pushing to obtain the CIO title. objectively considering what role your organization needs most. For instance, does your organization value timely access to information and information systems above all else? If so, then CIO education outside of technology lead- ership is even better. Volunteering for assignments outside your comfort zone allows you to be seen as an execu- tive, not just the chief techie. Over the The argument behind this movement went something like this: Technology Your contribution to the organization’s fiscal is strategic to the organization, and the position should be too. bottom line is today’s measuring stick in the The question quickly surfaced about public sector, not just private industry. whether the person carrying the CIO title was really the chief technology may be most appropriate. Other options years, I served on emergency opera- strategist or simply the chief technolo- to evaluate include: tions boards, participated on a city’s gist, i.e., the highest ranking techie. • a CTO position, when the organiza- economic development team and led Given today’s challenges, this issue tion values and needs a strong tech- a building construction project. These seems almost quaint. nology leader; “other duties as assigned” coupled with Now the focus is on how CIOs remain • a chief technology strategist, when the a master’s degree in public administra- relevant (and employed) in this eco- focus must be on the organization’s IT tion served me well. nomic crisis that’s led to widespread strategy; and Finally the CIO position should be downsizing in government organiza- • a chief technology leader, when the seen as a viable path to CEO. Private tions. The first time I read about an IT organization requires strong leader- industry is recognizing this career pro- leader being laid off, his position being ship of the technology function. gression and leading edge public-sector eliminated or his duties being combined While you might be thinking your organizations are beginning to follow into those of a chief administrative organization needs all of these roles, its example. Few other leadership posi- officer type, I thought it was the wrong ranking your organization’s needs is a tions require understanding the entire move — but I wasn’t overly concerned. good way to focus your efforts. organization’s operations and ways to Now that I’ve seen it happen several Next, regardless of the CIO’s primary improve them. more times and have heard of public- role, driving down cost — not just in The lesson learned? CIOs who look up sector leaders who question a CIO’s IT but organizationwide — is vital. and out can find their roles expanded value, I’m becoming alarmed — and so As someone wisely stated, a 5 percent instead of eliminated. ¨ should you! So what can a CIO do to reduction in IT costs is great; a 5 percent remain relevant, and hopefully, prevent reduction in operating costs for the job loss? organization is phenomenal. While we First, it’s important to understand may have hesitated in the past to focus how you bring the most value to your on job elimination as a result of tech- organization. This perspective means nology implementation, it’s key in these putting your preferences aside and economic times. Equally important is [40]
  • 40. [ CIO CENTRAL ] CONTRIBUTED BY EDITORIAL STAFF News, Reviews & Careers CIO TRANSITIONS department’s deputy commissioner STATE CIOs’ PRIORITIES FOR 2010 On Jan. 8, John P. Gillispie resigned for the past four years, and replaced Strategies, Management, as Iowa’s CIO to become executive state CIO Tom Murray, who resigned Processes and Solutions director of the Missouri Research and to become the executive director of Education Network, a unit within the Vermont Telecommunications 1. Budget and Cost Control the University of Missouri that Authority. 2. Consolidation provides Internet connectivity In January, Virginia Gov.-elect and technical support to the Bob McDonnell appointed Jim 3. Shared Services state’s schools, higher educa- Duffey as secretary of technology. 4. Broadband and Connectivity tion, state government and oth- Duffey, a longtime private-sec- er public-sector organizations. tor IT executive and former vice 5. American Recovery Gillispie had been Iowa’s chairman of the Northern Virginia and Reinvestment Act CAROLE technology chief since 2003. Technology Council, will report to WALLACE 6. Security POST He was also the executive McDonnell while CIO George Coulter director of the Iowa reports to the Virginia 7. Transparency Communications Network, IT Investment Board, an 8. Infrastructure the state’s fiber-optic independent panel. Duffey network. was president and CEO of 9. Health Information In New York City, Duff Consulting, which he 10. Governance Carole Wallace Post began founded after 24 years at on Jan. 19 as commis- Electronic Data Systems sioner of the Department GEORGE Corp., where he held Technologies, Applications and Tools of Information Technology COULTER various executive-level and Telecommunications. positions. 1. Virtualization (storage, computing, Post, who had served as director of data center, servers, applications). agency services in the Mayor’s Office STATE CIOS CHANGE PRIORITIES DUE 2. Networking, voice and data communications, of Operations, is the agency’s first TO BUDGET CHALLENGES unified communications. female commissioner. Cloud computing, broadband She replaced Paul Cosgrave, connectivity and the stimulus are 3. Document/content/records/e-mail who announced his retirement in becoming higher priorities for state management (repository, archiving, December. Post began her career CIOs in 2010, according to an annual digital preservation). in the New York City govern- survey from the National Association 4. Cloud computing, software as a service. ment in 2001, serving in the of State Chief Information Officers Department of Buildings. She (NASCIO). 5. Security enhancement tools. moved to the Mayor’s Office Budget and cost control took the 6. Enterprise resource planning/legacy in 2006. Prior to joining the No. 1 priority on the top-10 list for application modernization-renovation. public sector, Post worked strategies, management processes as a city attorney for Palm and solutions, up from No. 3 a year 7. Geospatial analysis and GIS. Beach Gardens, Fla., and as ago. As state governments continue to 8. Business intelligence and business PAUL special counsel in a private battle budget deficits due to the reces- analytics applications. COSGRAVE law firm. sion, green IT fell off 2010’s list of top In Vermont, David Tucker was strategies after being No. 7 last year. 9 Identity and access management. named state CIO and commissioner Here’s a list of what CIOs say are their 10 Social media and networking (Web 2.0 of the Department of Information 2010 priorities, according to services, wikis, blogs, collaboration and Innovation. Tucker served as the the survey. ¨ technologies and social networking). [41]
  • 41. [ SECURITY ADVISER ] Is the Policy BY MARK WE ATHERFORD Window on Cyber- national leadership, and I’m hopeful Mr. Schmidt can provide the vision. In a 1998 article, political science pro- Security Closing? fessor Michael Howlett said, “Interest groups, think tanks, political parties and other nongovernmental actors must all operate and plan their activi- ties in accordance with some notion T HERE’S BEEN A LOT OF TALK in the past year about how the federal government will make protecting our nation’s digital infra- structure a national security priority a policy window depends on what he calls the “three streams model,” which includes the problem stream, the pol- icy stream and the political stream. While all three streams are important, of which issues are likely to emerge on government agendas and which are not.” Many of us thought that the release of the Center for Strategic and International Studies report, Securing and appoint a national cyber-security the magic happens when the streams Cyberspace for the 44th President, in coordinator to orchestrate and inte- come together, such as a change in December 2008 met the requirements grate all cyber-security policies for the the problem stream (growing national of this statement and would be the government. At the same time, there cyber-security concerns) and a change impetus for quick action. have been numerous reports, proposed in the political stream (change in pres- In discussing the policy window legislation and cyber-events that com- idential administration), and an issue for cyber-security action, Marcus bine to highlight the growing vulner- goes from just being an idea and turns Sachs, Verizon’s executive director abilities of the global IT infrastructure into real policy. When I think about a for national security and cyber-policy, and susceptibility of our nation’s criti- policy window, it reminds me of the said, “This means lots of opportunities cal infrastructure to cyber-crime and “perfect storm” metaphor because it’s for ‘policy entrepreneurs,’ those indi- cyber-terrorism. all about timing. A little too early or viduals who are able to take advan- A year ago, there was optimism a little too late and you’ve missed the tage of the brief window to advance because it appeared the Obama window of opportunity. initiatives and efforts that are in line administration recognized the need So here’s the question: While there with the general issue of cyber-secu- and had new enthusiasm for tack- have been numerous major cyber- rity. It also means that those who are ling the nation’s cyber-security policy security incidents in the past year able to act fast stand to gain the most; deficiencies. But as the government (far too many to list here) and we’ve those who wait might find their initia- continued to chug along, there seemed reached the first anniversary of the tives left behind as the window slams to be a general reluctance to move new presidential administration, is shut several months from now.” forward boldly until a national cyber- the policy window on cyber-security I’m certainly no public-policy sage, security leader was appointed. Now already closing? Has the nation lost but I think addressing our nation- that President Barack Obama has momentum? In a 2009 column for al cyber-security problem is an idea appointed Howard Schmidt as the CSO Magazine, author and consul- whose time has come and it seems to nation’s first cyber-czar, much needs tant Richard Power wrote, “Cyber- sync nicely with Kingdon’s thoughts to be done to recapture the time that security suffers from lack of a great on the policy window and how pol- has passed. transformative metaphor. We need to icymaking happens. It would be a In his 1994 book, Agendas, find a 21st-century vision worthy of shame if the nation missed this policy Alternatives, and Public Policies, this 21st-century challenge.” We con- window to address our cyber-security John Kingdon coined the term, “pol- tinue to see cyber-events on a daily problem, and we are counting on Mr. icy window” to describe the pro- basis, so what does it take to attract Schmidt to lead the charge. ¨ cess of how policy issues achieve enough attention to achieve some real enough momentum to get traction on policy momentum and take advantage The views expressed are solely mine and nothing stated in or the government agenda. Kingdon’s of what many think is the perfect implied from the article should or may be attributed to the state model addresses how the timing of policy window? I think the answer is of California or any of its agencies or employees. [42]
  • 42. [ FAST GOV ] BY PAUL W. TAYLOR Too Many Chiefs, Ken Theis, the current state CIO, will oversee the consolidation of the two departments and will ultimately be Not Enough named the new department’s director. Theis’ elevation mirrors an expanded span of control granted to local gov- Agencies? ernment public CIOs to the roles of assistant city manager or county exec- utive. It legitimizes the management Will 36 new governors change the face of state government? prowess and strategic vision of those originally appointed to manage tech- nology alone. His challenge will be to institutionalize the multiplying and I N 12 SHORT MONTHS, chances are you will be deciding whether to rent a tuxedo and buy tick- ets for the inaugural ball. Protracted court challenges notwithstanding, the 3. public systems (transportation, water, energy and information technology); 4. well-being (medical care, social ser- vices and public assistance); 5. sustainability (natural resources); forcing effect of technology on the way the state does business. In a recent conversation about the structural changes under way in Michigan — and on the horizon else- results of the 2010 gubernatorial elec- 6. economic opportunity and prosperity where if projections by the National tions should be known by then. The (attracting investment, business reg- Governors Association and a growing combination of term limits and retire- ulation and consumer affairs); and number of think tanks are accurate ments mean that at least 20 states will 7. efficiency and effectiveness (trans- — Theis told me, “I don’t see us getting elect new governors, but two-thirds of parency, administration and fiscal through this and looking anything near all states will have contests for the role management). what we look like today.” of chief executive. It’s easy to see elements of a CIO- That’s true of government structures As transitions typically go, there led organization in a number of those in general and the role of the public will be numerous empty seats around core functions. As a practical matter, CIO. But the question is different this the cabinet table when inauguration day rolls around. But there may be fewer chairs to fill. Permanently. There will be numerous empty seats around the Take Michigan. The state was first cabinet table when inauguration day rolls around. in and hardest hit by the fiscal crisis, owing in no small measure to its reli- But there may be fewer chairs to fill. Permanently. ance on the legacy automobile indus- try. Just as General Motors jettisoned Granholm is placing IT back into the time. It’s not about the merits of being Pontiac, Saturn and Saab to focus on state’s Department of Management and a political appointee or career civil its core brands (Chevrolet, Cadillac, Budget. The change’s announcement servant. It’s about whether the role Buick and GMC), so too the state is called the move a “merger” that brings will still be recognizable as we have trimming its portfolio. the total agency count to 15, down from come to know it in the years since it Gov. Jennifer Granholm asked Lt. the constitutional cap of 20 agencies, emerged from finance and administra- Gov. John Cherry this year to propose the state’s level just a few years ago. tion departments in the first place, or a plan to reduce the number of state One state employee enthused that whether it will exist at all. ¨ departments from 18 to eight. Cherry the consolidation brings with it “all has reduced the number to seven core kinds of remarkable ICT [information functions of government: and communication technology] infu- 1. public safety; sion possibilities at the enterprise and 2. education; shared service levels.” [43]
  • 43. SYMANTEC IS THE WORLD LEADER IN SECURITY. Download the IT Security in Government Guide at © 2009 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.