Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
3 takeways from HealthCare.gov IT hearing; First task order for continuous monitoring is out
Friday - 11/15/2013, 5:20pm EST
This is neither a column nor commentary — it's news tidbits, strongly sourced buzz and other items of interest that have happened or are happening in the federal IT and acquisition communities.
As always, I encourage you to submit ideas, suggestions, and, of course, news to me at firstname.lastname@example.org.
A few takeaways from the Oversight and Government Reform hearing on the IT and procurement breakdowns of HealthCare.gov:
- Congressional staff need to do a better job of understanding how federal
cybersecurity works. The pressure on Henry Chao, the deputy chief
information officer at the Centers for Medicaid and Medicare Services, and
Frank Baitman, the CIO for the Department of Health and Human Services as
to why did or didn't they sign the authority to operate was misplaced.
The CIO of any agency should not have the final sign-off of a system's authority to operate. It should be the business owner because they have to make the decision on how much risk to accept.
So in the case of HealthCare.gov, the fact that CMS Administrator Marilyn Tavenner signed off on the ATO and accepted the risk-wrong or right-was the correct process. It's a shame there aren't more staff members on Capitol Hill who understand, or at least were interested in finding out the proper process.
At the same time, it was also unfortunate that federal CIO Steve VanRoekel or Baitman didn't speak up about what is the correct process and educate the lawmakers.
- Rep. Trey Gowdy (R-S.C.) wasn't picking on federal chief technology
officer Todd Park when he asked him where he was for the last 184 weeks
during the development of the HealthCare.gov portal. That's a fair question for
both Park and the administration.
Park has a long history in working on healthcare programs and should've been involved from the beginning.
But what Gowdy missed an opportunity to ask Park was what was his role during the early days of the HealthCare.gov development?
Someone should have jogged the short-term memory of lawmakers to remember that Park was the HHS chief technology officer up from August 2009 to March 2012, when the White House named his as the federal CTO.
The Affordable Care Act became law in March 2010 so Park was the HHS CTO for two years while CMS and HHS developed architecture and plans for the portal. History shows most of the mistakes made on large IT projects go back to the how the agency defines the requirements.
Shouldn't Park have been a major force in the requirements development?
Shouldn't Park have pushed for technologies such as cloud and the use of agile development to ensure the site worked?
The problems of HealthCare.gov, without a doubt, aren't one person's fault. It was a breakdown of processes and procedures. But there were things Park and others could've done to limit the inevitable problems.
- Karen Evans, the former OMB administrator for e-government and IT, didn't pull any punches during her
testimony after the first panel, which most people missed.
Evans, who may have served for a Republican President, but is purple through and through when it comes to good government management and doing the right thing, told the committee, the policy decisions drove the procurement, workflow and business processes.
"For example, one policy decision that is causing problems with HealthCare.gov was whether the system had to verify the identity of an individual before allowing the user to browse the marketplace. That is a policy decision, not a technical decision," Evans said in her written testimony. "Technology can actually do whatever is required. The policy decision that drove the technical implementation created a bottleneck at the front end. I do not want to speculate on why this identity verification option was selected. But the generally accepted procedure and best practice for decisions on implementation requirements is to list each possible viable option along with the advantages and disadvantages of each."
Evans' tenure at OMB included several high profile technology failures, including the FBI's $170 million Virtual Case File debacle. She pointed out the differences in how she handled it and how this administration handled HealthCare.gov.
"In my management oversight role, I began meeting weekly with the department CIO, the bureau CIO, the program management staff, and the contractors — all in the same room — so that I could understand the project and raise policy issues to White House senior officials as necessary. This 'integrated project team' developed an agreed upon project plan to correct the deficiencies and move forward," she said.
This begs the question, where were VanRoekel and Park-and their predecessors Vivek Kundra and Aneesh Chopra — during this entire process?
Evans made it clear that if she was the federal CIO, she would have been more hands-on because it was her boss' top priority.
No one really knows much about what role VanRoekel or Park played in oversight, but one thing is clear from the hearing, the buck stopped somewhere else and not with them.
A gency Web managers are starting to see some real trend analysis across their website as well as across the entire government.
The General Services Administration's digital analytics program is surveying more than 3,000 federal websites to better understand when citizens are visiting and how often.
Gwynne Kostin, GSA's director of the Digital Services Innovation Center, said under the analytics program GSA puts code across all federal websites to measure usage. To be clear, the government doesn't know who is coming to the websites, just what time of day, from which geographic region and through what kind of device-mobile or desktop.
"We found, for example, on Christmas Day last year, a large number of people accessed federal sites through their mobile devices," Kostin said during a panel discussion sponsored by Xerox on Federal News Radio. "We also can compare our traffic trends with other industries. We get about 20 percent of all our traffic today from mobile devices."
The digital analytics program is one of the more interesting parts of the Digital Government Strategy, released 18 months ago.
It's been 10 months since the Office of Management and GSA mentioned the digital analytics program. At the time, Kostin and OMB deputy administrator for e-government and IT Lisa Schlosser both said at separate events the tool would help agencies understand how better to serve citizens.
The Agriculture Department has been using Web analytics for about a year. It even has a person assigned to examining the data and identifying how USDA could better improve the delivery and distribution of information, said Amanda Nguyen, director of Web communications at the agency.
"We have a better idea of when there are dead zones and people don't open messages," she said at the same panel discussion. "We either resend or avoid those times."
That's exactly the type of information the government needs to meet the goals of better customer service, which the last two administrations have made a priority.
T he first task order under the continuous diagnostics and monitoring blanket purchase agreement came out earlier this week.
The Homeland Security Department and GSA issued the request for quote to the 17 contract holders on Nov. 13, according to a DHS official.
The official said task order is for tools and sensors only, no services, to be provided to federal civilian agencies. Vendors have until Nov. 22 to respond.
Requests to both DHS and GSA for a copy of the RFQ were denied. A GSA spokeswoman said by email, "Because we are now in the middle of an active procurement, GSA and DHS will not be able to comment on the details of the RFQ until after an award is made."
Of course if that was really the case, why is FedBizOpps.gov a public site? Agencies post dozens and dozens of solicitations so vendors can read and respond and aren't considered procurement sensitive.
This continuous diagnostics and monitoring task order is another example of in a long list of illogical decisions by GSA not to be transparent. It shows a capricious approach to living up to the transparency goals of the administration. GSA refuses to let anyone but schedule contract holder see RFQs or draft RFQs listed on GSA Advantage. They withheld public release of the email-as-a-service RFQ and of the infrastructure-as-a-service task order as two most recent examples. There are dozens of others ones.
And to say it's because it's an active procurement is not a valid excuse.
GSA promotes transparency through vendor pricing and in October 2012 listed transparency as a key tenet of its open government plan.
But they aren't transparent when it comes to these RFQs.
I've talked to senior officials at GSA about this. Mary Davie, the assistant commissioner in the Office of Integrated Technology Services and Anne Rung , the chief acquisition officer, both agreed that making these task orders public makes sense. But after more than three years of asking for this policy to change, I've gotten no progress.
T he Digital Accountability and Transparency Act received a positive budget score from the Congressional Budget Office on Nov. 13, and now is ready for the next step.
Industry sources confirmed the House will vote on the DATA Act on Monday.
CBO found that the DATA Act would cost $395 million to implement between 2014 and 2018, mostly for collecting and reporting financial data. But, CBO said, any net increase in spending would not be significant and enacting the bill would not affect revenues.
The budget office said changing financial management systems and standardizing data would cost agencies $2 million to $3 million each for a total of $285 million over the five year period.
The Senate's version of the DATA Act passed the Homeland Security and Governmental Affairs Committee on Nov. 6, but it has not yet moved to the full Senate for a vote.
CBO also issued a budget score for the Federal IT Acquisition Reform Act (FITARA).
It found FITARA would cost agencies $145 million between 2014 and 2018 to implement, and again would not have any significant increase in spending by the government.
The biggest cost would come from the expanded roles of agency CIOs and their need to hire additional staff. CBO said that would cost $50 million over five years.
The House passed FITARA as part of the Defense Authorization bill in June.
The Senate Homeland Security and Governmental Affairs Committee continues to research and look at the issues raised under FITARA.
Another busy week next week, starting on Monday when you can check out our own Tom Temin broadcasting live at the National Contract Management Association government conference in Washington. Beyond Tom, Shay Assad, the Defense Department's director of pricing; Air Force Maj. Gen. Wendy Masiello, the deputy assistant secretary for contracting; and Jeffrey Birch, acting director of the Federal Acquisition Institute; are scheduled to speak. NextGov's Prime conference takes place Wednesday and Thursday in Washington. Leigh Heyman, director of new media technologies at the White House, and Kate Randal, insider threat analyst at the FBI, are among those scheduled to speak. Then on Friday, AFCEA D.C. hosts the Mobile Technologies Symposium. Speakers include Jennifer Carter, the Defense Information System's component acquisition executive, and John Wilcox, director communications systems and CIO for the Special Operations Command.