data security


data security

Information: To Share and Protect, Part 1

Wednesday, January 9th, 2013 - 8:40
Wednesday, January 9, 2013 - 07:35
Among my New Year’s reading list were two December issuances that impact the world of information and privacy in government:  the White House’s National Strategy on Information Sharing, and the Federal CIO Council’s Recommendations for Digital Privacy Controls.  The interrelated nature of these issues should not be lost – sharing information requires protection for individuals in order to be sustained and supported over the long term.  This blog post addresses the Sharing Strategy; a second will address the Privacy Controls; and a third will discuss the necessary linkages

Designing Collaborative Networks: Lessons Learned from Public Safety

Friday, June 15th, 2012 - 13:14
This report offers practical advice to public managers and political leaders who are addressing complex public challenges through multi-organizational networks.  The use of collaborative networks of organizations has matured in the past decade.  However, the developers of collaborative networks face political, organizational, and technological challenges in a world accustomed to the traditional, hierarchical approach to problem-solving and accountability.

A Conversation with Kamal Bherwani: Chief Information Officer for New York City’s Health and Human Services and Executive Director of HHS-Connect

Tuesday, April 7th, 2009 - 10:13
Posted by: 
Local and state governments are under tremendous pressureto do more for citizens and to do it better. Technology hasenabled governments to do just that, and nowhere is this

Jonathan Q. Pettus: Enabling IT Collaboration Across the National Aeronautics and Space Administration

Tuesday, October 7th, 2008 - 16:16
Posted by: 
As the National Aeronautics and Space Administration(NASA) celebrates its 50th year, it continues to pursue oneof the most complex and exciting missions in the federal

Robert Howard: Transforming IT Processes to Better Serve Veterans

Tuesday, October 7th, 2008 - 16:10
Posted by: 

Jonathan Q. Pettus interview

Friday, May 16th, 2008 - 20:00
Jonathan Q. Pettus
Radio show date: 
Sat, 05/17/2008
Intro text: 
Jonathan Q. Pettus
Magazine profile: 
Complete transcript: 

Originally Broadcast May 17, 2008

Washington, D.C.

Announcer: Welcome to The Business of Government Hour, a conversation about management with a government executive who is changing the way government does business. The Business of Government Hour is produced by The IBM Center for The Business of Government, which was created in 1998 to encourage discussion and research into new approaches to improving government effectiveness. You can find out more about The Center by visiting us on the web at

And now, The Business of Government Hour.

Mr. Morales: Good morning. I'm Albert Morales, your host, and managing partner of The IBM Center for The Business of Government.

As the National Aeronautics and Space Administration celebrates its 50th year, it remains one of the most complex and exciting missions in the federal government. With its cutting-edge research in aeronautics, space science, and earth science, NASA expands our knowledge of the universe, and applies these insights to our daily lives. A few years ago, President George Bush gave NASA a defining challenge for the 21st century: to expand human presence in space. The success of this ambitious vision rests on NASA's pursuit of an effective information technology strategy.

With us this morning to discuss NASA's critical efforts in this regard is Jonathan Pettus, chief information officer at NASA.

Good morning, Jonathan.

Mr. Pettus: Good morning.

Mr. Morales: Also joining us in our conversation, from IBM, is Paul Kayatta, partner in IBM's General Government Practice.

Good morning, Paul.

Mr. Kayatta: Hi, Al. Good morning, Jonathan.

Mr. Morales: Jonathan, many of our listeners are probably generally familiar with NASA, given its wide public recognition, but could you take a few moments to provide us an overview of NASA's history and its mission today?

Mr. Pettus: Sure. What we like to say is that we're about pioneering the future of space exploration, scientific discovery, and aeronautics research. So if you think about really what we do, it's really about innovation and exploration, and in part inspiration, in terms of the human desire to explore and discover. Many, and especially those of who work at NASA, find that to be inspirational, and we believe the public does as well, in general.

And in terms of our history, this is a particularly important year to our history because it's our 50th anniversary. And the roots of NASA date back to 1958, when the agency was spawned, in part as a reaction to the launch of Sputnik. Of course, from there, the '60s were about getting to the moon, the Apollo program building on Mercury, Gemini, and then ultimately Apollo. And so that era that so many people are familiar with and one of our greatest achievements, man reaching the moon, is obviously something we're very proud of, but NASA has had a broad history beyond just that.

And in fact, from there, we moved into, in the '70s, a focus on -- you may recall Skylab, which was that early version of an orbiting laboratory for experimentation -- as well as actually the beginning of the development of the Space Shuttle Program during that era, along with many different scientific missions. For example, the Voyager missions, which basically spanned the solar system and actually continues on out beyond the solar system in terms of those two spacecraft.

Then again in the '80s, where the shuttle program moved into full-fledged operations as well as continuing, you know, many different science missions. And then the development and then the construction of the Space Station, which is an international partnership including 16 countries. And you really see of late the international flavor of the Space Station, as you've seen European components be launched and assembled. And of course, we have a significant partnership with Russia in terms of the operation and habitation of the Space Station.

So we focus a lot on human space flight, but I should mention the scientific missions, the robotic missions, like most people would be familiar with our Mars Rover projects and the fact -- the amazing lifespan of those Rovers that are still operational on the Martian surface. Then with our full portfolio of science missions -- and many people probably don't know this, we have over 50 or so science missions either in-fly or in preparation to fly. So our portfolio of projects that NASA is about these very large, long-term, human space flight efforts, like the shuttle, the station, and you mentioned the President's plan and strategy for us to begin to work to return to the moon and then on to Mars with humans, as well as our large set of smaller scientific missions.

With the aeronautics research, the scientific discovery, and the human space flight, those are the major themes within NASA, and really what we're about from our earliest days.

Mr. Morales: Well, that's certainly a very broad portfolio of missions, and certainly, you know, NASA's about making history in all those events and accomplishments that you mentioned. So to help provide our audience a sense of scale, can you just tell us a little bit about how NASA is organized, the size of its budget, number of full-time employees and contractors, and perhaps its geographic footprint?

Mr. Pettus: Yeah, I can start with the numbers, give you a little bit of information about our organization. We have roughly 17,000 government employees, civil servants, and then around 40,000 contractors, contractor partners, which are a huge part of how we accomplish our mission at NASA. Our budget's roughly $17 billion annually. Our geographic footprint really consists of 10 major locations -- we call them "centers" -- spread throughout the country, with headquarters in Washington, D.C. And your listeners will be familiar with some of our major centers, like Johnson Space Center in Houston, Texas, where Mission Control for shuttle and station operate out of; of course, Kennedy Space Center is another example, down at Cape Canaveral, where we launch from; as well as centers like Ames Research Center out on the West Coast, which has a major role in our scientific programs as well as supporting some of our human space flight efforts. So in all, 10 centers spread throughout the country, all headquartered in D.C.

Mr. Kayatta: Now that you've given us a great sense of the larger organization, could you tell us a little bit about your role as NASA's chief information officer? And could you tell us a little bit about your organization, also, how you're organized and the size of your staff, budget?

Mr. Pettus: Yes. Of course, the chief information officer role is the senior most IT official in the agency, responsible for IT policy. I'm responsible for the agency's IT infrastructure, our data centers, networks, end-user devices, those components that make up our infrastructure, as well as facilitating and architecting our overall applications landscape, our systems that are used to automate business processes and to exchange information/store information. And obviously, especially in this day and age, also responsible for information technology security, information security for all of those assets.

Then in terms of our organization, we have a federated model for our IT organization. Here in headquarters, our office consists of about 50 employees. But across the agency, we have each of those sites that I mentioned has a chief information officer that's part of our IT community, and I coordinate the efforts of those IT officials across the agency. The total workforce across the agency consists of about 700 NASA civil servants and about 2,000 contractors.

Mr. Kayatta: That's an expansive purview. I'm sure in that responsibility there are many challenges that you face. Could you highlight perhaps the top three and what you're doing to address them?

Mr. Pettus: Sure. Well, it is a challenging responsibility, as you state. I'd say there are many challenges. It's hard to hone in on three specific ones, but I'll give it a try.

First is ensuring that given the expansive nature and diversity of our overall mission and programs, ensuring that our IT investments are focused on enabling the mission. And so in our federated model, making sure that we have at least enough visibility of IT decisions that are made, and ensure that there's some consistency around infrastructure. Then interoperability from an application and infrastructure perspective is a significant sort of overarching challenge, and many of the other challenges fall from that.

So a second challenge, sort of related, is that our tradition at NASA is for those centers to be very autonomous. And the work profile in the past, in our history, has been much more focused on specific sort of big footprint roles for each of those centers. Whereas with our future and the role of what we call our Exploration Program coming from President Bush's mandate to NASA to develop the plan to return to the moon and then to move further into the solar system in terms of human exploration, the model going forward is for our agency to collaborate and to leverage resources that exist across those centers in a much more granular way. So from a CIO perspective, what that means is that our organizational model and our style of how we execute our programs is changing. And so from a CIO standpoint, that has an impact on our strategy, which is ensuring that IT is a key tool in helping that integration, collaboration across those center boundaries.

And then the third challenge is given our role at NASA, you know, if you think about what we're about, which is creating knowledge, sharing information for the advancement of humankind, then we're all about openness in terms of our information and systems. But we also have the challenge of security and securing the information. So balancing this need that's fundamental to our mission to share information and to collaborate with academia, education at the lower levels, with our business partners, and with the public at large, while also ensuring that we have the appropriate level of security on some very important national assets is a big challenge.

Mr. Morales: It's certainly a delicate balance to strike between those two. Now, Jonathan, I understand that you've been with NASA now for roughly about 17 years, but you didn't necessarily start in government. So can you tell us a little bit about how you got started?

Mr. Pettus: I can. My first job was a high school math and history teacher and a basketball coach. I started out for a couple of years at least in education. My parents were both teachers, so I knew I was interested in teaching. I also loved basketball, in particular, and so thought I would -- my plan all along was to actually get an education that would allow me to have some mobility between my number one thought, which was to follow in my parents' footsteps and be a teacher, and then also be able to move into the technology field. And so I earned a degree in computer science and a master's degree in computer science, along with degrees that would allow me to teach. So I started out as a school teacher.

And then I gave technology a try with a job. My first job in technology was with a software firm that developed human resources and benefits systems for the private sector, and I did that for about a year.

And then I moved over to an aerospace company that was a contractor for NASA, and that's how I got into the NASA business. And so I worked on payload integration software for our Space Shuttle Program as a contractor, and then finally moved over to the government side about 17 years ago, when I first came to work for NASA and came into the IT organization down at Marshall Space Flight Center, which is in Huntsville, Alabama.

Mr. Morales: So as you kind of reflect back on some of these experiences and some of these decisions, how do you feel they reflect your current management approach and your leadership style?

Mr. Pettus: That's a good question. I think that -- and again, this may be surprising to some, but I like to say -- as I think back about it, I think this gets truer every year -- is that those first two years when I was a teacher right out of college and a basketball coach, the skills I developed in terms of communication, teamwork, how to coach kids into not all wanting to shoot the ball, but some being willing to pass the ball up and set screens so that teammates might be able to score, that whole sort of environment and experience, I can translate that into what I've been challenged to do through my career in IT in the government. You know, as important as understanding technology is to that, I think I believe this more strongly again every year, is that relationships and communication and teamwork are the keys to success in IT probably as they are in any endeavor. And so what I learned there was really important.

I think having a job in IT in the private sector taught me a little bit about business, even though I was in that job for a short time, but just gave me a sense of what it was like in the private sector from a business perspective. And then working as a NASA contractor was really important for me, because my job at NASA is so much about working with our contractors and partners -- given the size of our IT workforce that's made up of so many contractors, I think having that experience on that side of the fence has been very useful to me to maybe understand all the perspectives.

Mr. Morales: That's a great set of lessons. Thank you.

So what is NASA's IT strategy? We will ask Jonathan Pettus, chief information officer at NASA, to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Jonathan Pettus, chief information officer at NASA.

Also joining us in our conversation from IBM is Paul Kayatta.

Jonathan, you referenced earlier the IT strategy at NASA. Perhaps you could tell us a little bit more about that. Specifically, how have you sought to modernize and standardize the use of technology so it benefits both the agency and the constituents that you serve, as well as align the resources to NASA's overall strategic goals?

Mr. Pettus: Well, we spoke a little bit in the last segment about the shift in terms of how we go about executing our programs. And that's been a huge driver in terms of changing our IT strategy. When we talk about our IT strategy at NASA, we talk about four principles; one overarching principle, which is IT should serve to enable the mission. Now, that sounds like motherhood and apple pie. Who could disagree with that? But what it means to us is, if you think about our history again, we created a lot of IT. Back in the early days of, say, the Apollo Program, everything that that program needed in terms of technology, they created. And so things like routers and networks and protocols and things of that nature, which today are commonplace and commodity items, we created.

We're about innovation, as I said earlier, but sometimes perhaps we have not adapted to the availability of commercial IT quickly enough. And so when we talk about ensuring that our IT's about enabling the mission, what we really mean by that is that we don't create IT just to be innovative in IT. We are innovating around our mission. And where IT supports that is where we innovate, but we rely on the private sector where we can, especially where we have commodity style type IT.

A second principle is that our IT should be about integrating information and business processes across the organization. I spoke to that a little earlier in terms of using IT as a way to allow our workforce to collaborate across our center and organizational boundaries in order to design and develop our new space flight systems as well as our science missions and so forth.

A third principle is that IT at NASA ought to create efficiencies. And along with that, we ought to be efficient in our implementation of IT. It sounds like it's a duplicative statement, but it's really not. IT is about creating efficiencies through automating processes and integrating information, so you think about things like business cases and investment style processes to ensure that. But also, at NASA through the years, in some cases we've had no shortage of efforts to try to be efficient through implementing IT, and in doing so, we've created some inefficiencies in our IT itself. So in our rush to create automation, we've done so, in some cases, without an eye toward ensuring that we're efficient with our IT.

And then the last principle that I'll mention is that as we implement information technology solutions, we ought to ensure that they're secure. At a high level, we've used those principles to sort of outline our IT strategy going forward.

Mr. Morales: Great. Now, in your IT strategy, I was excited to see a reference to my old alma mater, the MIT Sloan School of Business. And MIT's research has found that effective IT governance is a key to an organization's ability to respond quickly and effectively to changing needs. So to this end, could you tell us more about your efforts to enhance IT governance within NASA? Specifically, could you elaborate on efforts to foster an enterprise-wide view of IT rather than a stovepiped model of IT?

Mr. Pettus: That's one of those big challenges, and we referred to that topic a little bit earlier. But in fact, we've actually used some of the research from MIT that you refer to, and also research from folks like Gardner and Forrester, to look at different best practices around governance for IT. And so what we've done at NASA is, number one, we've tried to clarify the difference between the information technology solutions that support the mission versus those that are embedded in the mission. And let me explain.

So if you think about our financial systems, our networks that allow our employees to collaborate and communicate, even our CAD design tools that our engineers use, that's all IT that supports the mission. If you think about, though, on board a spacecraft, the avionics systems that guide the spacecraft, the operations systems that are embedded in the spacecraft, tons of IT there, but not so much IT that needs to be governed by the CIO. It's IT that's part of the program. And so one of the difficulties we've had in the past at NASA is sort of distinguishing between the two in the sense that the programs themselves would oftentimes be responsible for sort of the governance of, if you will, each of the supporting IT elements in addition to those core sort of mission elements. And so we've tried to clarify that definition.

Then also, we've tried to implement some processes -- and we're in the midst of doing this; we've by no means completed it -- where we provide better visibility into IT investments. Because you can't improve decision-making if there's not really better visibility into those decisions that are being made at a broader level. So we've established a strategy and investment board at the most senior level in the agency. The role of that board is to look for opportunities, and the CIO facilitates the process for cross-enterprise implementation versus stovepipe implementation, so looking at the big-ticket items in our budget in terms of investments.

And then we have -- in the federated model, we have similar structures that link up with that agency structure that exists at each of the centers. So focusing on using that committee and that process, clarifying the role of the CIO in managing the support IT, and then of course, budget visibility, so that we really understand where in the budget, from a financial perspective, having that transparency relative to where the IT spend is -- all are important in terms of helping us improve our IT governance, which, in the end, is being clear about how we allocate decision rights for IT.

Mr. Morales: So, like many organizations, NASA's IT infrastructure comprises things such as hardware, software, and the processes that all together deliver the IT capabilities that you have. Having said this, NASA's IT infrastructure is now being challenged to meet your IT principles. Could you tell us a little bit more about these principles? And to meet the challenges, could you elaborate a bit more on three aspects of the NASA infrastructure?

Mr. Pettus: Yeah, we like to talk about the infrastructure consisting of -- if you think about you as an end user and you have to interact with an IT solution, you're typically starting that interaction from an end-user device: a laptop, a desktop computer, a PDA. That end-user device component is a component of our infrastructure.

Then the communication that takes place, if you're at one of our centers, it's either over a land line or a wireless network, you're communicating on a local network. If you're trying to access a service that's running on a server or a computing engine that's remote to that site, you're then traversing our wide-area network. So we think about LAN/WAN together as our com infrastructure. And then finally, the data center component is those facilities and operations capabilities that house the computing environment on which applications run. So together, those make up our IT infrastructure.

Now, I found at NASA that it's been helpful to sort of simply describe what we mean when we talk about IT infrastructure, especially to our stakeholders and our leadership, because the word is thrown around a lot, but just sort of getting clarification about what are we really talking about when we mean IT infrastructure? Where we're focusing from an IT infrastructure perspective, back to those principles of efficiency, of integration, and security. Number one, we want to make sure that our networks are not -- and our infrastructure itself is not stovepiped such that it's actually a B-to-B type of transaction when an employee needs to interact with another employee who happens to be at another NASA center. We like to say that sharing a CAD joint (?) across centers shouldn't be a B-to-B transaction. We're trying to simplify that through standardization, integration, and in some cases, consolidation.

In terms of the data centers, for example, we're moving to consolidate the number of data centers that we have down to a much smaller number, so that we're clear in terms of our computing environments being housed in secure, well-managed data center facilities.

And end-user devices, you're probably familiar with the mandates from the federal government to all agencies in terms of standardizing configuration, at least on Windows platforms. And so we're moving to have a more complete service-level management of the desktop environment to help us ensure that systems are patched and appropriately configured to help us from a security standpoint, and also to help us from an interoperability standpoint as applications need to be delivered across those end-user devices across the enterprise.

Mr. Kayatta: Being a mission-focused enterprise, NASA has generated a significant number of applications; currently over 2,500, I believe, including over 8,000 websites. Could you tell us a little bit about the IT application management strategy, and specifically, what you're doing to create a CIO-facilitated process that drives standardization and efficiencies that you mentioned earlier within NASA?

Mr. Pettus: Well, we think when you look at the role of the CIO, and the role of IT in general, if we just focus on infrastructure, then at the end of the day, the value that we're providing is not what it should be and not what it could be. And so for CIOs to sort of move up the stack and to have a close relationship with the business or the mission, applications have to come into play.

Now, the tradition at NASA is that applications in many cases have been developed within the business units, within the centers, within the programs for specific needs, and that's appropriate in many cases. However, it's led to, as you described, a large number of applications. And in fact, a difficult time for us as an agency to understand even what our inventory is of applications and where are those opportunities for cross-center, cross-enterprise implementation and rationalization of our applications?

And so our strategy is to, number one, educate our leadership and our key business partners around "the application problem" so that people begin to understand why it's not such a good thing to have such a proliferation of tools. It may seem obvious to IT people. It's not necessarily obvious to all of our business partners why that's actually a significant issue that needs attention. So we talk about it in the context of those principles again, and why it's important to have rationalization of your application environment to gain some efficiencies to allow for better integration, and then obviously from a security standpoint.

So we see the CIO's role in that process as much more of a facilitator, being clear about our sort of sub-portfolios that exist within the overall application portfolios; clear about who the owner is. So for example, if it's financial, it's the CFO that owns that portfolio from a business perspective. And then understanding what does that portfolio look like? What are the opportunities for rationalization? Where are the gaps in terms of business processes in that particular area? Then it helps us to be much more logical and structured in how we invest in the future, and also, rationalize to save money. And so we like to use words like "facilitate," "coordinate," and we talk about applications. Words like "control" and "dictate" don't work so well in the applications environment.

Mr. Kayatta: The entire stack that you had mentioned to spend is approximately $2.2 billion, which represents nearly 13 percent of NASA's total budget. And recent industry research suggests that for some enterprises, that could be another 10 to 50 percent of actual IT spend that's hidden among program budgets. Earlier, you were talking about visibility and the review board. I'd like to know, how's that working? And are there other things that you've done to be able to manage a capital investment plan that results in a mission aligned and cost justified?

Mr. Pettus: That's a good question and an important one. Because ultimately, in terms of things like governance and trying to drive rationalization and integration, it typically comes back to budget. And so it's an important aspect, I think, of an overall plan, and we've tried not to ignore it.

The first order, we've been trying to better understand that 2- to $2.2 billion figure that you quoted. That's actually what we report to OMB in terms of our IT spend. Earlier, when I talked about sort of this differentiation between support IT and that embedded mission IT, when we report to OMB, we include a lot of that embedded mission IT. So if you think about the big-ticket items, like the software development processing facility for Space Shuttle, some of those things, which are -- when you start comparing us to other agencies and other entities, it's not quite apples-to-apples if you're throwing in those kinds of sort of heavily mission-oriented IT. So one of the things we're trying to do is better understand sort of that total cost and IT spend related to that support IT and be a little clearer about what that entails. So we've had some success in terms of defining that.

We were working with OMB in terms of how that impacts our overall reporting and what that means. But internally, we've worked to create within our financial system the ability to more clearly track the IT spending. We've worked with our procurement officers and the associated procurement officers at each of our sites. The linkage between the procurement officer and the CIO is so important because the shadow spending occurs, in many cases, where a program has an IT need. Maybe they don't even know that it's available from the CIO, but perhaps they do and would prefer to actually have local control themselves of that particular IT solution. And so they might look to a contractor that they're using to provide some other mission service to do some IT work.

Well, that can oftentimes become visible through the procurement process. And so partnering with the procurement officer to help gain visibility into the actual acquisitions so that we can see where there are big-ticket IT buys that perhaps may not be consistent with our overall IT principles and where we're trying to head, it allows us to have some dialogue with the businesses in cases where that occurs.

And then we have this governance process that we've structured so that ultimately the major issues can actually be brought to that group. Now, when you're talking about a $2 billion IT spend with 17,000 employees, it's not possible from a top-down perspective to manage every IT spend element. But the big-ticket items, like someone who wants to create a new data center, someone who wants to implement a new ERP application, someone who's developing a new collaborative tool, that's a pretty big -- it's a sizable investment -- those things, we'd want to have visibility to.

So we've taken what we've done for years, this capital planning process, but we've kind of -- frankly, in some cases, maybe we're just kind of going through the motions, and we've tried to more completely link it to the budget process so that it actually is not just a reporting process, but it actually drives some of the decision-making that occurs during the budget process.

Mr. Morales: That's great. Jonathan, I only have a minute left and I want to shift gears here for a moment.

But as you know, the e-Government Initiative has been a critical component of the President's Management Agenda. Could you just take a brief moment to tell us about your agency's efforts in this area, and what are some of the challenges faced that remain to get accomplished?

Mr. Pettus: Sure. We're an early adopter, one of the first out of the chute in terms of the -- one of the first big e-Government projects was the payroll consolidation, and NASA was an early adopter. We used Department of Interior's offering there, and have been running that for four years or so. And we found that to be a very successful implementation in terms of cost savings, in terms of allowing us not to focus precious IT resources on that kind of sort of more commodity-style application. So we were an earlier adopter there.

Also, in the human resources side of our business processes, some smaller footprint applications, like position description, management tools, and resume management tools, that were early e Gov projects we have implemented. And in fact, actually, some of our first experience with web services and service-oriented architecture style sort of interaction occurred with some of those HR small projects. So we benefited from that not only through the implementation of the tool, but the learnings that we got in terms of -- or received with the experience with the web services piece.

The challenges are ensuring that -- balancing the internal needs of the organization with the overarching sort of strategy that the federal government has in these particular e-Gov areas. We're in the process of implementing the travel management solution. We think it's going to be a good tool. However, if we looked at our overall portfolio of investments and the needs that existed, quite frankly, there was an internal debate around the fact that we already had a travel system that people felt worked. And so what's the compelling need to move to this new travel system? And so that creates some interesting discussions around prioritization internally.

And so that's one of the challenges, is understanding that it's the right thing to do, but also needing to make it fit within your overall portfolio.

Mr. Morales: So what is NASA doing to advance its IT security efforts? We will ask Jonathan Pettus, chief information officer at NASA, to share with us when the conversation about management continues on The Business of Government Hour


Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Jonathan Pettus, chief information officer at NASA.

Also joining us in our conversation from IBM is Paul Kayatta.

Jonathan, the President's vision for space exploration, as we discussed earlier, defines a challenge for the 21st century, and sets a compelling new set of objectives for your organization. Now, recently, NASA conducted an assessment of its current state of IT. Could you tell us a little bit about what some of these key findings were, and what are some of the critical lessons learned going forward?

Mr. Pettus: Well, we've actually had a couple of different studies. One was focused on IT security, but then we had a more general one focused on the overall state of IT and the role of the CIO. And so maybe I'll start with the latter and then we can speak a little bit about security.

In terms of the work that we did, the assessment of IT, it was actually something that I started when I came on to the job roughly 17 months or so ago. And it was a process where we actually went out and talked to key stakeholders across the agency and the mission specifically about their views of IT. And so what we learned was that at the infrastructure level, at the local level, people were generally okay with the infrastructure delivery in terms of e-mail services, desktop. Yeah, there were some complaints, as always, about particular issues. But in general, people, in terms of availability and that sort of thing, were okay.

However, they did see that it was extremely difficult to interact, to work, to collaborate with people across other organizations. And that in terms of being mobile, as you move from one NASA center to another, which our people often do, it's very difficult just to plug-and-play at NASA. And so feedback was, we need better support for mobility both within the agency and as we work outside of the agency after hours and that sort of thing.

Another finding was that there was a recognition that -- they didn't refer to them as "applications," but the discussion was typically around there was a proliferation of tools, and that perhaps there was a better way to manage our tools such that there was better interoperability and then perhaps some efficiencies to be gained there.

And then lastly, there was a note from our stakeholders. They were aware because of some issues we've had relative to our scorecard, our PMA scorecard, and such that we have had some IT security challenges. And so there was a general awareness that there were emerging threats that were significant to the agency and IT security and that overall, there were certainly some issues with IT security that needed to be addressed. And so those were findings that all sort of led into this discussion that resulted in these principles that I talked about earlier.

Mr. Morales: So given the complexity and just the sheer size of the programs that you all manage, how has your agency sought to improve its project management discipline and structure for monitoring project performance?

Mr. Pettus: Project management at NASA is sort of a core fundamental competency, because that's what we do. If you think about how we operate running these large programs, multi-year, very significant dollar value-wise and content-wise programs, but the processes that had been set up in the agency for project management were geared around these flight programs. So the basic fundamentals of project management are the same regardless of the domain. However, when it comes to IT projects, we were having some difficult times trying to sort of fit some of the necessary sort of components of an IT project into this overarching framework that people are familiar with in terms of flight projects. So what we've done is we moved to create a similar but separate project management methodology and governance model for projects that are IT projects in nature.

And we've established a Project Management Oversight Board that reviews major IT projects. And for important key decision points and milestones and gates for those projects, that's done at an agency level. For lower order projects, similar to the governance discussion we had earlier, each center has a project management board for their own sort of local projects where they would use that framework, that new framework we've developed, and then use that Project Management Governance Board to see those projects through.

Mr. Kayatta: As a CIO managing in the federated environment that you described earlier, I would imagine that a big portion of your job is to put in place policies, cultural change strategies, educational outreach that will help staff recognize that they are part of a broader enterprise. To this end, what are some of the pushbacks that you encounter?

Mr. Pettus: Certainly in terms of some of the things we've talked about, transformational type things that we've talked about, there's always going to be people who don't understand the compelling need to do some of the things that we've talked about; or the strategies create such a change in the way that they're used to working, they perceive them, the changes, to be non-value added. And so some of the common sort of complaints that we'll see is, you know, using, say, this new project management process that we just talked about is too slow. It slows down the project. So this notion of sort of using these processes to add visibility, to add some discipline to IT investments in project executions, slows things down. And so we have to sort of combat that and be -- as an IT community, we have to ensure that the things that we're doing don't slow down the ability of solutions to be created for people.

Another key area of pushback, or if you look at kind of the root cause, in many cases they're battles over control. Who gets to control a particular system or solution? Who gets to control and specify an architecture? And the more important it is, depending upon the domain or the subject or the problem that's being addressed -- the more important it is to the enterprise, the more need to have sort of a larger view of that effort. If you're an individual who has a particular problem that's a piece of a bigger problem and you're just focused on the solution for your sort of finite, very discrete problem, you can kind of not understand the big picture as to why -- although it might optimize locally, it may really sub-optimize at an enterprise level.

And so having those discussions, I found we have very intelligent and brilliant people at NASA, and they educate me every day. But I found that when we have these discussions, that people are logical and rational in general. And as long as you have a solid sort of reason and basis for what you're trying to do, you can make progress.

Mr. Kayatta: NASA's a very unique organization, simultaneously engaging science as well as development. And you've had a lot of experience, the agency has had a lot of experience, in managing a large contractor base. I think you mentioned 40,000 contractors to 17,000 actual federal employees. Some of the agencies out there might not have had as much experience as that. What kind of recommendations can you give to federal managers that need to effectively manage the ever-increasing blended workforce that's becoming more and more apparent?

Mr. Pettus: Well, I would say you have to think about the relationship as being a partnering-type relationship. And I know that sounds very simple and high-minded, but the reality is it's very true. And we do have a lot of experience doing this. And I have found in talking to the other agencies that we may be somewhat unique in terms of the length of time in which we've been sort of contracting out, and in some cases, really outsourcing IT.

And so in our world of IT, it will sound contradictory, but you have to create an environment where that partnering environment is where there's sort of a win-win opportunity for the contractor and the internal government organization -- if everything from day one is drawn up as sort of ensuring that things are scoped so that it's going to be very clear who's at fault and who's to blame if something doesn't work, it's important to be clear about deliverables and roles and responsibilities, but it's also important to establish the execution of the project -- or the endeavor where you're partnering with a contractor -- it's very important to establish an environment and a culture in which the contractor feels part of the team. It's a difficult skill, I think, to move people from an environment where they're actually just doing the work themselves to where they're actually having to coordinate with external partners.

But I found in talking to other organizations outside of government, I mean, this notion of the days where a particular task is done specifically by an organization in-house and there's no partnering or collaboration with other external entities are long gone. There's almost no work left that doesn't require some level of partnering. So I think creating that culture of partnering, that shared sort of win-win type model, but also not losing site of being clear about deliverables and roles and responsibilities.

Mr. Kayatta: We talked earlier about the IT management model and improving security to achieve efficiencies. Could you elaborate a little bit about the security threats and the challenges that face the agency?

Mr. Pettus: Yes. I think the speed at which those threats emerge just increases every day, it seems. And so it's a race. It's sort of an arms race that you have to be in to basically try to stay ahead of all the vulnerabilities that exist. And so what we're doing is, number one, going back to our infrastructure, we want to simplify the complexity of our infrastructure because of some of the stovepipes we've talked about in the past in terms of our model of how we implemented infrastructure created a very complex sort of web of infrastructure with layers of firewalls, which is not necessarily a bad thing, but if those firewalls are implemented in a sort of disconnected way, it could make it very difficult to interoperate. So we want to simplify our infrastructure.

So part of our focus is on our network perimeter, is hardening our network perimeter. If your focus today is just on the network and building sort of that fortress, you're probably going to lose. Because endpoint security is probably as important or more important, because you have to expect that no matter how strong your perimeter is, it will be breached, partly because of this amount of interoperability and interaction we have with the external world that we've already talked about. The reality is we have to be able to share. We have to be able to interact. And by virtue of that, you are creating some risk. And so if you're creating that risk, then you also need to make sure that you're protecting your information assets at the client or endpoint level. So endpoint security is a big deal.

Things like this Data at Rest Initiative that all agencies are pursuing, where we ensure that we're protecting encrypting information stored no mobile computing devices, is important. So simplifying and then having this multi sort of layered, multi-pronged approach to security, and then leveraging the tools that are out there that help you with things like vulnerability scanning, intrusion detection. In some cases, these tools are really becoming integrated, so that there's a platform for security that are available to you. We think those are really important to our IT security program going forward.

Mr. Morales: I would imagine that also the proliferation of types of devices also presents a challenge, right? It used to be just workstations, and workstations become laptops, laptops become PDAs and BlackBerrys and --

Mr. Pettus: Right, just mobility in general, I mean, creates -- because our employees -- it creates the challenge because our employees expect -- in fact, for our discussion today, I was a little early, so I went next door and plugged in and in two minutes, I was online and doing work. And so our employees expect to be able to do that, and you want to provide them with that capability. It's important to the organization. But when you provide that, it also presents some security challenges. So you have to balance the two, and that's one of the toughest jobs I think we have in IT today.

Mr. Morales: Sure, sure. Now, Jonathan, I would imagine that as you continue to transform your organization, you're creating new competitive areas and new competencies. So what key competencies will be needed for IT staff to provide proper IT support in the future? And specifically, what steps are being taken to attract and maintain this high-quality technical and professional workforce that can build on these competencies?

Mr. Pettus: Good question. And it's really important to us and I think to any IT organization to think about what competencies are important in the future, and with our model, where we rely so much on contractors and our partners to help us with certain IT implementation. And we haven't always done a good job of this, but we've really focused on this in the last year, is being clear about the role of the government IT employee. And we focused on competencies like project management, enterprise architecture, relationship management, which is sort of a soft competency, but this goes back to those communication and interaction skills that are needed to communicate with the business so that we can explain IT to the business and also explain the business to IT.

And so that actually gets to this next piece, which is -- I think to have a future in IT, it's really important to have competency in the business that you're in. So we're working with our IT employees on strategies to allow them more access to some of our programs and missions, so they get a better understanding of what the actual business is: again, enterprise architecture, relationship management, project management. We think IT security, given its importance, is still obviously a very important competency to hold within the government role.

The other thing I would say is financial and resource management, having people that understand how to relate from an investment perspective, sort of the spin to the investment, to the actual benefits. So business case development, that sort of thing, are all important competencies that we want to maintain and grow in-house.

Mr. Morales: That's great.

What does the future hold for NASA's information technology efforts? We will ask Jonathan Pettus, chief information officer at NASA, to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Jonathan Pettus, chief information officer at NASA.

Also joining us in our conversation from IBM is Paul Kayatta.

Jonathan, given the critical role information technology plays in mission and program delivery, would you give us your view on how the role of the CIO has evolved? But more importantly, what are the key characteristics of a successful CIO in the future?

Mr. Pettus: I think the role has obviously evolved and evolving. I think in government, we've struggled in the federal government with the role from the outset in terms of whether it's a policy-oriented role, a delivery-oriented role, so we've had that struggle. I mean, that's somewhat unique to government in terms of my interaction with other CIOs outside of government.

I think the other component, though, in terms of evolution is very similar to what has happened in the private sector, and that is the CIO as being focused on infrastructure, where it's almost as if the "I" should stand for chief "infrastructure" officer instead of "information" officer. Sort of moving -- I see it evolving, and I think many people see it evolving, from sort of a technology focus as so much of the sort of base technology becomes commoditized, moving up the stack, as I said earlier, into process. And I think the CIO has a unique view, a cross-organizational view, that many executives don't have, because you're interacting with all of the business units to help solve problems.

And in doing so, you're getting sort of this unique view, so you can offer some value to the organization in terms of a perspective. But you can't do that if you're focusing all your time on the technology and the infrastructure. You have to kind of let some of that go in terms of allowing your staff, allowing your partners to help you with that. You still have to deliver on that because that's the price of admission to sort of the "seat at the table." But I think that creating the relationships that I think are so important allows you then to perhaps offer up some of those things that you see that could be of value to the organization. So I think the future's in process, it's in the business, and it's less about just nuts-and-bolts technology.

Mr. Kayatta: We talked earlier that with the President's impetus, NASA is in the midst of a very major shift: retiring the shuttle in 2010; replacing it with a new manned flight mission to the moon and then eventually to Mars. How do you envision the IT needs evolving as this major change occurs?

Mr. Pettus: Well, I think the reliance on off-the-shelf solutions, as I said earlier, is already there at NASA, but I think it will continue to grow. We don't have an Apollo-era budget to execute our new mission, and so we're constrained from that perspective. And so we want to look for opportunities to be efficient. That means, in many cases, buy versus make. Things like service-oriented architecture is a very important concept for us as we look at ways to integrate and collaborate across our organization. We acknowledge and understand that we're going to have a heterogeneous environment, and so SOA helps you deal with that. But also, just sort of throwing that term out doesn't get you very far, because I think it demands a level of governance and a level of discipline that only mature organizations have.

And so part of what we've discussed today here in terms of governance and discipline in terms of IT overall is important to really effectively implementing service-oriented architecture. But I think that's an important component in a technology that will be important to not just the Exploration Program, but to all of our future mission at NASA. Plus, just the Web 2.0 technologies themselves in terms of the participatory style of -- capabilities that they provide really help us engage with the public, and draw the public more into some of the problems that we're working on at NASA, and we're looking at technology as a way to make that happen. And I think the Web 2.0 toolsets that are becoming so popular are ways to do that.

Mr. Kayatta: There are a lot of changes that take advantage of it, I think, in industry. Clearly, the issues continue, but the need for standardization and lower costs also continues. So as far as government-wide, this exists also. Given that, can you give us some perspective on what emerging technologies you hold? You mentioned the Web 2.0. What do you think are the most promising ones for the federal IT and CIO?

Mr. Pettus: Well, I think the ones that I mentioned, this whole collaborative style of computing, you hear sort of the way it's characterized by many people as we went through this sort of Industrial Age, then the Information Age, and now we're into the Collaborative Age. And I think it's very true, if you look at -- you know, I have a 14-year-old daughter, and I look at how she interacts with her friends and her comfort with technology, I think that sort of this social style of computing, social networking, using the "social computer" to solve problems, which is this interconnected set of human minds that are interacting, is a really interesting way to solve the kind of problems that NASA works on. The emergence of those kinds of tools is really critical.

Now, for the government, I think what we have to do is understand what it means to adapt to using those tools, both in terms of policy and in terms of organizationally, how do we do that, because we oftentimes can be somewhat resistant and slow to adapt to those kinds of fast-moving changes. I think it's important for us at NASA to do so for many reasons, not the least of which is to be able to adapt the next -- or to attract the next generation of explorers to NASA.

Mr. Morales: Jonathan, I talk with many of our guests about the impending government retirement wave. How are you handling this retirement wave, and what's your organization doing to ensure that you have the right staff with the right skills to meet some of these future challenges?

Mr. Pettus: Well, one is to focus on the core competencies that are really critical to the government employee.

The second is to look for ways to leverage the NASA brand name. Because we still -- you know, we talk to people out there, young people out there, who are interesting, who have an IT background. And they have an opportunity to come to work for NASA, they find that -- you know, many of them find that very compelling. In some ways -- and sometimes we can't compete when it comes to financial incentive with perhaps the private sector for certain types of skills, but we can offset that in many ways by this sort of desire by many people who have that sort of skill set to contribute to the space program and what we do at NASA, so leveraging that brand name in what we do to recruit younger workforce.

And then finally, to make sure that the tools and technologies that we're involved with or that we're investing some segment of our portfolio in progressive tools and technologies, so that the new generation that comes to work for NASA are as interested in coming to work for NASA will see us as an organization that is not slow to adopt those kinds of tools that I think they will see so important to where they want to work.

Mr. Morales: So given your career in public service, what advice might you give a person who's out there considering a career in government or perhaps in IT in government?

Mr. Pettus: Well, I think I would say consider public service, because the ability that you have to influence and to make a difference in a particular field. And for me, it's something I think is very important, that I'm very interested in, which is space exploration. Having a role in a government organization gives you some unique opportunities. I think it also provides you with some ability to gain some experience more quickly in terms of responsibilities that perhaps may not be available to you in some other areas. So I would say don't rule it out.

And then from an IT perspective, I would say that your success will be determined as much by how you communicate and build relationships, articulate a particular need or persuade the need for a particular project or initiative, as it will on your technology prowess.

Mr. Morales: That's great. Good perspective. We've reached the end of our time, Jonathan. I want to thank you for taking time out of your busy schedule to join us here. But more importantly, Paul and I would like to thank you for your dedicated service to our country across the various roles you've held at NASA.

Mr. Pettus: Well, thank you very much. It's been a pleasure to spend some time with you talking about what we're doing with IT at NASA, but more importantly, just to share a few comments and thoughts about what we're doing at NASA with our overall mission. And we certainly would encourage your listeners, if they're interested in learning more about the current projects and programs at NASA, both our mission and IT as well, they can go to our website at

Mr. Morales: Great, thank you.

This has been The Business of Government Hour, featuring a conversation with Jonathan Pettus, chief information officer at NASA.

My co-host has been Paul Kayatta, partner in IBM's General Government Practice.

As you enjoy the rest of your day, please take time to remember the men and women of our armed and civil services abroad who might not be able to hear this morning's show on how we're improving their government, but who deserve our unconditional respect and support.

For The Business of Government Hour, I'm Albert Morales. Thank you for listening.

Announcer: This has been The Business of Government Hour. Be sure to join us every Saturday at 9:00 a.m., and visit us on the web at There, you can learn more about our programs and get a transcript of today's conversation.

Until next week, it's

A Conversation with General James Cartwright: Vice Chairman of the Joint Chiefs of Staff, U.S. Marines

Tuesday, April 8th, 2008 - 16:16
Posted by: 
General James Cartwright, U.S. Marines, served as commanderof the U.S. Strategic Command (STRATCOM) from2002 to 2007 and introduced a number of innovative managementapproaches, including the use of blogging. Bloggingis an online journal of regular entries that users post andreaders can comment upon. In mid-2007, he became thevice chairman of the Joint Chiefs of Staff. In June 2007, the IBM Center hosted an event on bloggingand Web 2.0 technologies. General Cartwright was asked to

Dan Mintz interview

Friday, February 1st, 2008 - 20:00
Dan Mintz
Radio show date: 
Sat, 02/02/2008
Intro text: 
Dan Mintz
Complete transcript: 

Originally Broadcast February 2, 2008

Washington, D.C.

Announcer: Welcome to The Business of Government Hour, a conversation about management with a government executive who is changing the way government does business. The Business of Government Hour is produced by The IBM Center for The Business of Government, which was created in 1998 to encourage discussion and research into new approaches to improving government effectiveness. You can find out more about The Center by visiting us on the web at

And now, The Business of Government Hour.

Mr. Morales: Good morning. I'm Albert Morales, your host, and managing partner of The IBM Center for The Business of Government.

The quality of our lives, the shape of our communities, and the productivity of our nation's economy rests on the existence of a safe, secure, and efficient transportation system. Today, the U.S. Department of Transportation stands at the forefront in promoting an efficient and interconnected national transportation system.

In doing so, it relies heavily on the use of information technology to both sustain the nation's transportation system and make it safer.

With us this morning to discuss his efforts in this area is our special guest, Dan Mintz, chief information officer at the U.S. Department of Transportation.

Good morning, Dan.

Mr. Mintz: Good morning.

Mr. Morales: Also joining us in our conversation is Pete Boyer, director in IBM's federal civilian industry practice.

Good morning, Pete.

Mr. Boyer: Good morning, Al.

Mr. Morales: Dan, I always like to start by providing our listeners some context about the organization; in this case, the Department of Transportation. Can you just take a minute to give us an overview of DOT's history and its mission today?

Mr. Mintz: Glad to do so. The idea for the Department of Transportation began in the mid '60s, when under President Johnson, the thought was that there was a need to have a focused department dealing with these transportation concerns. It was proposed in 1965; passed in 1966. The first official day of operation was, of all dates, April 1, 1967.

It was taken a large part initially from the Department of Commerce. And in fact the Under Secretary of Commerce for Transportation became the first Secretary of Transportation. The strategic goals for the Department -- currently there are five of them. One is safety, making all the modes of transportation safe. The second is the reduction of congestion. The third is global connectivity, understanding that transportation goes across the world. The fourth relates to environmental stewardship; that is making sure we protect the environment. And the fifth regards security, both of the passengers and commerce, and the information associated with them.

The current focus, in particular, that the current Secretary, Secretary Peters, and our Deputy Secretary Barrett have relates to congestion, safety, and making sure that we use 21st century solutions associated with them.

Mr. Morales: That's great. Now, to provide our listeners a sense of scale, can you more specifically describe how DOT is organized, give us a sense of the size of the budget, number of full-time employees?

Mr. Mintz: We have approximately 56,000 employees, a budget of almost $67 billion. We are broken into organizational units which are called operating administrations or modes, and I believe we will use that terminology during this discussion. That stands for the modalities of transportation we use. There's a significant number of employees, in terms of location, in the Washington area, both the departmental headquarters is here, a block and a half from the new baseball stadium that will be opening later this year. And also the FAA headquarters are a couple of blocks away from that. We have offices all around the country, including, of course, with the Federal Aviation Administration at all the airports around the country.

Mr. Boyer: Dan, now that you've provided us with a sense of the larger organization, perhaps you could tell us more about your area and role within the Department. Specifically, what are your responsibilities and duties as the chief information officer? And could you tell us about the areas under your purview, how you organize the size of your staff and budget?

Mr. Mintz: First, I'm the departmental chief information officer. So each of the modes within the Department also have a chief information officer that have responsibility for optimizing the investment and managing it within the mode.

I have sort of two broad areas; the first is policy-related. That is the creation and management associated with policy across the Department. That has three pieces to it. One is information assurance, or security, and that would include privacy issues. The second, I call business partnership. That would include things like our enterprise architecture, which is a way of describing how we do the business architecture at the Department, and the second part being capital planning, that is how we manage our investments.

And the third piece, which is a piece we've really stood up this year, is focused on project management, so that we have coherence in terms of how we implement processes, make them repeatable across the Department. The term that's used a lot these days is called earned value management, a way of tracking whether the project is being performed in a way that the earned value that we expect to achieve is achieved with the right amount of investment over the right amount of time.

The other part of my responsibility, it relates to operations, or we call it shared services. That is shared amongst all the operating administrations. And that's another group.

We have approximately 250 staff people that are part of my office. Most of them are actually contractors, and a lot of them are associated with our shared services operation. We interface to the IT staff in each of the operating administrations.

We have -- from my staff, approximately a $12 million budget that supports the policy creation, about $65 million that is associated with the operational activity. The entire Department spends about $2.4 billion a year on IT. So relating to that dollar amount, we have policy impact, but the implementation is done by the CIOs at the operating administrations, and in some cases, by the business leaders within the administrations.

Mr. Boyer: Great. Now, regarding your responsibilities and duties, what are the top three challenges you face in your position, and how do you address these challenges?

Mr. Mintz: It's interesting you ask that, because almost from the first day I started at the Department, I would put out a one-page list with a list of bullet points with my top priorities. And typically they've had about six, and this year even though my office still has those six, I've limited it down to three, coincidentally. I will tell you last year, we may talk about this a little later, probably the most distracting responsibility I had was moving to our new headquarters building, and I think we'll touch on that.

So I have three priorities. The first priority is relating to security, that is information assurance. The goal there is to come up with a sufficiently robust approach in implementation that we can protect the information and the applications that we're running. And that's across the entire Department. We've done a number of things there; for example, one of the things we did was we have what's called a cyber oversight function -- the ability to look into the computer systems and decide whether or not there's -- some bad guy has gotten in, or something is going wrong. And that's called the cyber cert operation.

We used to have two of them: one of them at the FAA, one of them at the departmental level, which didn't make a lot of sense really. We merged them together and we created a joint oversight board consisting of senior leadership again from the FAA, and then representing the rest of the Department, to manage it, which is working really well. We just started this October 1st of this fiscal year, and that's a big plus.

Second, we are trying to move the organization from being purely tactical, that is responding to day-to-day activities, and looking more at strategy and context. And that's a very difficult problem that we face. The third is -- and this is one of the focuses that are going on right now -- is we are trying to re-look our whole approach to how we physically deal with the network. It's sort of grown over time, we want to bring a more -- a better approach to how we place systems, how we protect them, create different zones of security, so that there might be some that have a very high protection level, some that have a less protection level. This deals with risk investment. We don't have infinite money, so we have to be very careful about where we put our resources. So we have to decide what we have to highly protect as opposed to that we want to do somewhat, but it's open, perhaps more open to the internet or the public.

My second priority is a governance priority. It's a challenge in terms of making group decisions. The problem there is that everybody has a day job, and it's hard doing that job. So to say that we want everyone to stop for a moment, get together, put together a group plan, which takes time, because there will ultimately be a reward to that by being more efficient, better security, more optimal behavior, it's hard to not take the step and wait. So we've done a lot of work in terms of enhancing our governance

We revised our chief information council to add a representative to help run it from the operating administration so that we had more buy-in from them. We've revamped our investment review board and done a lot of activities to make that robust. And the third priority, unfortunately, is our day job. The reality is that every day, something happens that we have to deal with, that we have to get done. And the balance we always have to do is balancing out the tactical demands of getting through the day with these more strategic long-term goals.

Mr. Morales: Dan, I understand that you came to the Department directly from the private sector. Could you tell us a little bit about your career path and how you got started?

Mr. Mintz: I stumbled onto computers while I was in high school, and I was sponsored by Vitro Corporation, and they allowed each of us to do something technical. And I didn't know what I was asking, but I asked them, could I have some time to learn to program on their IBM 704 computer in FORTRAN II.

Mr. Morales: Wow.

Mr. Mintz: And I wrote a program to bid bridge. My career I guess I divide into sort of three pieces, though I've noticed the third piece has gotten longer. The first piece, I was very technical, I did a lot of programming work and systems analysis, worked on operating systems. The second part, I moved into management, system analysis, RAM projects and things like that. And the third, I expanded my activities, got involved with marketing and project -- how do you sell both internally and externally; how do you deal with the management issues in technology. And really the focus at that point became much more involved with the business issues; that is, how you could use technology relating to business. And I will say that through all that activity, I was lucky enough in terms of this job to be supporting federal business often during that in my entire career. So that's made it a little bit easier.

Mr. Morales: So Dan, from this vast wealth of experiences, what lessons have you learned and have brought to the culture at Transportation, say, from your private sector experiences?

Mr. Mintz: Two things. First of all, I want to say that the general rules associated with management are not so different between private and public sector. The things I learned from the people I respect in the private sector were to respect individuals and to treat them well and to give them the ability to be successful. And I think that's very important, to be transparent in terms of how you act, to try and do a good job in terms of defining goals. And I think that works in both areas.

The challenge you have I think in government, which I've tried to bring some of what the lessons are -- is that the government has a very complex set of stakeholders. In private industry, you have a relatively simple existence -- you have to make a profit. But in the government, you have many masters, and you have to satisfy them all at once. And often, they have contradictory demands on you.

What happens because of that is there tends to be a focus on process, which stays the same, as opposed to goal, because not only is it difficult to define what is the precise goal of the government program, but in addition, the goals change, so that people will make a big investment and then two years later, the goals have been moved.

So it tends to make it harder to get people to focus on the goals. But at the same time, that's very important. So the things I've tried to do is to make sure we understand that at the end of the day, we have to realize we are trying to accomplish certain things. So you have to define them. The second is, we have to be transparent in what we are doing, sharing of information, good or bad. And the third is to make sure people have some kind of ownership that they feel comfortable enough that they'll take responsibility for their work.

Mr. Morales: That's great.

What about Transportation's IT strategy? We will ask Dan Mintz, chief information officer at the U.S. Department of Transportation, to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Dan Mintz, chief information officer at the U.S. Department of Transportation.

Also joining us in our conversation from IBM is Pete Boyer.

Dan, can you tell us a little bit more about the IT strategy at the Department? Specifically, could you elaborate on the efforts to align information technology to support the departmental and modal business goals and strategic priorities?

Mr. Mintz: I'd be glad to, and I want to start by saying you have to look at why this is a problem. People tend to jump into answering it, they don't think through why does it happen, and there is a number of complications with it. The first is, one of the issues -- and it's certainly true at the Department, but it's true, I think, in a lot of the civilian agencies -- is that to some extent there are conglomerates of responsibilities. So you have to think through what are in fact the broad strategic goals.

One of the things that's been very good for us in terms of Secretary Peters is she's defined a relatively small number of strategic goals that we can focus on. If you don't do that, there may not be an obvious theme that you can talk about in terms of the goals. There's often disagreement about that.

The second problem that you face is that there's a tendency to be outward-focused related to that. We get a lot of demands put on us in terms of initiatives and requirements. And so what happens is the focus tends to get to satisfy that demand, as opposed to looking inward -- that is, how does that requirement allow us to do our job better. And so you have to change the focus to also look inward a lot more.

And the final piece problem is that a lot of times you have to build up to accomplish these goals. So what happens is you may have to do what I call a two-step process, make a series of investments that may or may not have obvious reward in order to achieve the strategic goal. This is a problem, by the way, that's in the private sector also. People want the immediate return.

Mr. Morales: Immediate satisfaction.

Mr. Mintz: Immediate satisfaction, and what happens is with the two-step processes, you have to make an investment, and then the second step is to get the satisfaction. It's very difficult to get that investment to allow you to do that. Having said all that, I'm trying to get to what I call an 80-20 goal. That is that 80 percent of the time we're doing the right thing collegially, and only 20 percent of the time is because we have to impose some kind of structure as opposed to the reverse, because at the end of the day, if the staff don't take ownership of what the goals are, they're not going to do it. You can't impose it completely from on top. I'm trying to get to that collegial activity.

One of the ways we did that is we added a modal CIO to take over ownership of the CIO Council, working with me on that to get more buy-in from the staff across the Department. The second is, there's always a tension when you have a single agency that's an enormous part of the Department; the FAA is approximately 80 percent of the IT spend of the Department.

So what I've done, and what the FAA CIO and we have done working together is that we focused on the value-add proposition. That is, rather than fighting over whose territory is what territory and who has control over what budget, we've identified those areas which would be of mutual benefit to the entire Department, and help the individual agencies, including the Federal Aviation Administration, and those are the things that we work on.

The final thing is, one of the recent initiatives that OMB has wanted us to focus on relates to performance measurements, and the performance measurements initiative. I'm not sure that the CIO community and people in general realize how important that is in the long term, because that's a mechanism really for the first time if done correctly -- to start tying a lot of these activities into strategic goals, because this is -- now you have the opportunity to do that, because you can see how making these investments can eventually have an impact on results.

Mr. Morales: Right, the cause and effect.

Mr. Mintz: Yes.

Mr. Morales: Now, not to get too controversial here, but it's been my experience that information technology is an area that's sometimes noted for its turf battles and proprietary views. Could you elaborate on your efforts to foster a more enterprise view that enhances the overall IT governance at the Department?

Mr. Mintz: I've mentioned a couple of the activities already. That is -- again, the goal you have to get to is how you can get the staff in general to buy in to working together. Steve Kelman, who is now a professor at Harvard, wrote a book about how to effectuate change in large organizations, focused on particularly the government. And what you find is that you will have a number of change agents that actually want to accomplish the goal that you just articulated. You'll have a small group of people who will be interested in these turf battles. And then you have a large number of people who really just want to do their job and swing back and forth.

One of the goals you have to do is identify those change agents, and then figure out how to empower them and then grow that desire, because I think you'll find that people do want to accomplish good things. The other challenge -- and this is still a work in process -- is how you set up a governance organization and process that allows the touch point for this decision process to happen at the beginning, because typically what happens is we tend to put it at the end, yes, no; that's far too late. You have to set it up so that as these individual people start doing their planning on their projects, how do you set it up so it's at that point or close to that point that you start having the dialogue to see how there's value add that will actually make them successful too. We're not there yet, but that in fact is one of the top goals I have, as I mentioned earlier, for the rest of this calendar year.

Mr. Boyer: Dan, we understand your Department's information technology capital investment portfolio is in the hundreds of millions of dollars. Would you elaborate on how you have strengthened the Department's IT capital investment process to assure that investment decisions are mission-aligned and cost-justified, and what role does your DOT CIO Council, which you mentioned earlier, play in establishing a robust results-oriented investment review process?

Mr. Mintz: Actually, the total IT investment is in the billions of dollars every year. It's really a major component of the Departmental work. The CIO Council is critical; most of the alignment to the individual mission is done at the operating administration, the modal level. So one of the focuses we've had over the last year and a half has been how do we make sure that that process is sufficiently robust and moving in a more robust direction. That is that they are integrated with the business owners within the operating administrations supporting the mission correctly. And in fact, we've made a lot of progress in that area.

The second step relates to then, now that we have that working, how do we bring it together so that when there are commonalities, that they can be dealt with in a more efficient fashion. And we're just -- we're really don't -- we do it but we don't do it as well as I would like right now. And that will be a focus going forward this year.

Mr. Boyer: Now, the E-Government Initiative is a critical component of the President's Management Agenda, which seeks to improve and expand services to citizens, businesses, and agencies alike. Would you tell us about your Department's efforts in this area, and what are some of the challenges faced and what remains to be done?

Mr. Mintz: First, I want to emphasize, I'm a very strong supporter of the e-government programs within the federal government. I suspect it's not been a very easy road over the period of years. I know over the year and a half that I've seen it that it's been often difficult -- the kinds of turf battles that you've referenced and things like that have been a problem. We are a center of excellence in the financial area, so we have experience both in terms of being a participant and a provider.

The challenges that you have are fundamentally cultural. One problem it seems in this city, in Washington these days, being reasonable seems to be perceived as a weakness. So that the problem you have sometimes is you have to be somewhat dictatorial to cause things, which as I've indicated a number of times I think is not the most efficient way of doing it, but sometimes is necessary, unfortunately.

The second problem you have is people have that darned day-job, and therefore, doing e-government means they have to now be involved in a planning process, working with other agencies, how to work together. It means you add that second step, you make what seemed to be a one-step process into a two-step process. Even though the result might be better, people don't enjoy having to take that second step.

The other thing is that there's a lot of learning that had to go on. We are asking people to work together, but the other thing we're asking is we're asking government agencies to be service centers, and it takes a while for people to learn how to do that. I think there were some growing pains, but right now, I think it's working much, much better. The other thing is it's countercultural -- my experience with all organizations, but perhaps -- it's certainly true in the government, too, people have a sense that the bigger their budget, the more span of control they have, the more powerful they are, which in fact is often not the case, but this means giving that up for a greater gain. And that's hard for people to get used to. It makes them question what's the value that they then bring.

The other issue that we've had to wrestle with -- in fact, OMB has been sensitive to this, and we've had some conversations about it -- is you have what I'll call a horizontal versus a vertical problem. We're creating what I would call vertical integration. We take all of the issues regarding rulemaking, for example, which is something the Department of Transportation just finished up its transition with. And we make it into a vertical application. At the same time, we've integrated some of these applications horizontally within the Department itself, so we have to make two adjustments.

First, moving it to another -- to the center of excellence, but second, figuring out how do we then make sure that this horizontal integration within the Department is still optimized. And we're still learning how to do that together, and I think you're going to see the second wave of e-government will start being more sensitive to that goal.

Mr. Boyer: Now, from a technology perspective, can you tell us about the federal government's migration to Internet Protocol version 6, or IPv6?

Mr. Mintz: Yes. Tim Schmidt, who is my chief technology officer for the Department, has been the co-chair of the IPv6 activity, and has been a leading thinker related to it, which has helped the Department a lot.

For those people who are not familiar with the issue, everything on the internet has an address, just like you have an address for a letter you send in the post office. The internet has grown so much that we're literally running out of addresses, which is an amazing thing. There was a commercial I saw one time where the person got to the end of the internet and then he didn't know what to do. Well, unfortunately, amazingly, we are in danger of getting to the end of the internet.

So what this does is, in the same way the number of digits in your address at home, if you make it longer, it gives you more flexibility, we're going to increase the size of the address dramatically in the internet address. So one of the things it's going to do is allow us more addresses, and that's important just to survive in the internet.

It turns out in the transportation sector, that's a very important thing also for our stakeholders, because what's happening on the internet is we're moving away from just person-to-person connectivity, but person-to-thing and thing-to-thing connectivity. You know, when you have a GPS locator in your car or even a cell phone, you have internet connectivity, and you may have, you know, your car now someday talk to something in your house. So you now have to do thing-to-thing addresses -- or you may want to manage the car. GM announced that they are going to come out with a car that can drive itself in some number of years.

So you need all that additional connectivity to allow all those things to address other things. You have some other peripheral benefit related to it. It turns out that by having this longer address, you can build in additional security, you can also build in some optimizations so that the transport of information across the internet becomes more efficient.

Mr. Morales: Now, along similar lines, new social networking ideas and technologies are redefining the relationships of citizens with their government, both at the federal level and certainly at a local level. So to that end, what is the private virtual world, and what are some of the potential business applications that you're identifying?

Mr. Mintz: There's a joke that Don Tapscott, who was one of the co-authors of a book called Wikinomics says if you want somebody to understand these concepts, ask them if they remember when a man first stepped on the moon. If they answer yes, disqualify them. So the private virtual world, anyone under 35 knows exactly what you'll be talking about with a private virtual world, because they have an avatar, which is a representation of a person, they've played some game online where they were a person, or they were in a second life, or they've done one of these things already. People who haven't used it, it's almost like trying to explain the color green to somebody who is colorblind. You have to try it to understand the power.

Psychologists have studied the brain response, and it turns out the human brain relates to the human interaction in these virtual worlds in a way very similar to human interaction in the real physical world, which may not be such a good thing, but it's true. We in fact have created what I call dotworld, though people are trying to get me to change the name, a very small virtual world. We're almost finished with it, it will just be a couple of classrooms and an auditorium internally. And we're going to use it for training for employee -- as an experiment initially, a pilot. We're going to use it for employee orientation, training in general.

One of the things that other people are using these kinds of things for is for emergency situations and emergency simulation. When you do these very large exercises in simulating a potential emergency, the reality is you can't invest in making all the alternatives happen, you can't do that in the real world. Generally, these are set up to be successful, but in fact, emergency training is supposed to teach you how to deal with the situation you don't expect. The question that really is being asked is what do you do when you don't know what to do.

In a virtual world, you can simulate anything, and therefore, you can do with much less investment, do much better or more complex, or more varied kinds of training. So that's something eventually you want to tag on to when that becomes more robust.

The challenges to the government is that the -- and this is a problem with the internet and what we call Government 2.0, which is becoming a focus of OMB and the Federal CIO Council, is that it's unpredictable and to some extent uncontrollable. And in fact, that's why you do it, because you're coming up with unpredictably interesting responses and ideas. That's a problem with government, because we have policy requirements, we have privacy requirements that are very serious and very important to us. They do not go away, so when you combine an unpredictable environment with the policy requirements, it's a little bit difficult to figure out how to deal with it.

Mr. Morales: Interesting.

What about Transportation's cyber security efforts? We will ask Dan Mintz, chief information officer at the U.S. Department of Transportation, to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Dan Mintz, chief information officer at the U.S. Department of Transportation.

Also joining us in our conversation from IBM is Pete Boyer.

Dan, given the composition of the Department which you described earlier, and the various modal agencies, there must be many opportunities to employ shared services, which you also talked about. Could you elaborate on how the Department approaches the use of shared services, but more specifically, how you identify Department-wide IT activities that would benefit from this type of centrally-managed approach?

Mr. Mintz: First, it might make sense to talk a little bit about what my goals currently are related to shared services, because I suspect I may take a slightly different prioritization in terms of the goals than a lot of people that I have talked to do. We have a fairly active shared services organization at the Department right now.

The reason I think we want to do shared services in general is -- there are three. The first is, by having some consistency in terms of how we approach the IT infrastructure activities, we are able to have a more robust security architecture. So one of the issues we have -- and I think government in particular has a great responsibility for -- is making sure that we have sufficient levels of security that people deal with us are confident that their information is being protected appropriately.

The second is, we have to optimize the human resources at the Department. The reality is, for all the talk about budget issues, the biggest scarcity we have is talent. There is retirement issues associated with that. We are going to lose a lot of the institutional memory. So the question is, how do we optimize the human resources?

When they're focused on things that we can centralize and manage that are -- activities that are not directly related to the mission -- for example, video conferencing, do we need video conferencing worried about by staff and every one of our operating administrations, or would it make sense to centralize that activity and have them focus on how that operating administration can do a better job of supporting the American citizen and their stakeholders? It makes sense to me to optimize people.

The third area is, if we do it right, we can have better service level agreements; that is, we can do a more professional job, and if we work hard at it, we can save money. People tend to emphasize that last piece the most. But it's actually not the most important value we bring. We obviously can't spend more money, that's not what we are optimizing. We are optimizing the human resource, which is the precious resource within the organization.

Right now we're doing desktop and network infrastructure at the Department. We have combined information assurance, that is cyber oversight with the FAA - we do e-government initiatives, if you really think about it, are shared services activities. We also have a number of initial projects, one related to document management, and the other is, we're doing a study with the FAA in terms of how we can bring in more coherent approach to data centers in general. We have a lot of different data centers run by a lot of different parts of the Department, and so we're working on how we can best consolidate the management and deal with it more intelligently.

The issue you ask is how do we identify Department-wide IT activities that benefit from central management. In fact, it's a discussion I'm trying to change, because that historically has been the approach -- that is, what is it now we can centrally manage? And in fact, when you start with that approach, there's 1,000 reasons why you don't want to. I think the approach has to be different. And this is the hard part. We have to start with the approach that what shouldn't be centrally managed. We should start with the assumption that anything that is not completely tied directly to the mission should be centrally managed.

So therefore, we're trying to change the dialogue -- this is what's going on right now -- let's start by assuming everything should be done centrally. And by the way, centrally doesn't necessarily mean by my shop. We could centralize it in a center of excellence within the Department. We could centralize it at our Federal Highway's operating administration, or the FAA, or wherever. I mean, it doesn't all have to be with me, but we want to centralize it for the Department.

So let's start with the assumption everything should be centralized, then look at those things that we have to break out. And we're going to try and change that dialogue, we're having a lot of discussions right now as to how can we take that concept which everyone has begun to believe in, but then how do we take that and make that a practical process.

Mr. Morales: Interesting approach.

Dan, I want to go back to something that you mentioned earlier in our first segment, which was the move to the new headquarters building. And I think I saw you twitch in your seat when you mentioned that. Could you tell us a little bit more about this effort and how it affected your IT operations, but more importantly, what were the benefits of the move and some of the lessons learned?

Mr. Mintz: So let me take care of that in those three parts. The first is to just give a sense of the sizing, we moved something over 5,600 desktops and phone systems, and we had to move the individual desktops desk-to-desk. Everyone kept their same extension, both in the old building and the new building. We moved over 40,000 data connections. At the very same time we were doing that, there were something over 700 application servers that were scattered around the old headquarters building. We moved them all for the first time to a central data center out in Frederick, Maryland.

So we were doing that, and at the very same time, we were decommissioning the building under the lease terms, the headquarters building, which had been occupied for over 30 years, had to be restored in a state approximately that at the beginning of the lease. All being done at the same time, while we are moving a Cabinet-level Secretary that had to have constant communications working all the time. It was an impressive process. We reflect on it, and we're not quite sure how we got from there to here.

The IT space, the second part of your question, we in effect created a parallel organization, because it required so much focus that we needed a group of people that really were paying attention to that. Unfortunately, because we always have limited resources, a lot of the people underneath the management structure were the same people. And so we did have two separate focuses, but we actually -- unfortunately, people had to go back and forth between the two. So for a while, we actually were running two different infrastructures; one at the old headquarters building, and one at the new headquarters building, both at the same time. It is a compliment to all the people involved and to the employees of the Department that we got through it, because it made everything much more complicated. And people were very, very patient. I think the reasons why are the lessons learned; we tried very hard to be transparent in whatever we did. We tried to treat the management and the staff with the respect I talked about at the beginning of this discussion. They deserve to know the good news and the bad news.

And as long, in my opinion, as we kept them informed as to what was going on, they worked with us to make sure it happened. And we treated them all with respect in that way, that we knew they'd be trying their best.

The other thing in addition to transparency -- and if I had one lesson to learn, it's the transparency part -- as part of our IT effort, a very detailed project plan mapped out. There's always unknown activities and surprises that occur, but if you don't have the vast majority planned, then everything is a surprise. The other thing is, when you are communicating the information by having a plan, you allow people to understand where they fit in, and they appreciated that.

It actually had some side benefits in terms of the move. We were in the process of doing a lot of this consolidation that ended up with the shared services organization, a lot of that actually was enhanced. I don't know if we would have -- been as easy to get all those service in one building except that we had to move. The other thing is it created a lot of teamwork between the IT group and the staff with -- across the Department. This whole effort made -- it showed that people could work together and do it successfully. And having evidence on the ground is always better than having a philosophic discussion about some gold at the end of a rainbow when no one yet can see either the rainbow or the gold. And proving that it was possible to be successful made the Department stronger.

Mr. Boyer: Dan, I understand at one point your Department had issued a moratorium on upgrading desktops and laptops with the most recent operating system. Would you elaborate on your rationale for pursuing such a course of action, and what is your current plan in this area?

Mr. Mintz: One of the things that surprised me was, doing something that made sense, such basic sense, which was, come up with a plan before you do something, caused such a reaction. So the answer is, and I want to emphasize, this had no reflection on the software at all.

My issue was we have tens of thousands of employees, we're spending a couple of billion dollars on IT a year, we have mission critical systems all over the place, my feeling was we should not take a step until we put together a plan. So what I said was we should take a breath, let's hold up right now, everything is working okay. There are features that we want to look at that would be of value to us. Until we come up with a transition strategy, I don't want us to move, and I certainly want us to move coherently as a Department, and that takes time.

The building move got a little bit in the way of putting together the transition plan. So we are still working on that. My expectation right now is sometime in calendar 2008, we will put together a plan that will deal with the issues of what we want to do with the operating system and what we want to with the versions of office. We'll pass it through our CIO Council and then we'll do that. So we have not yet made a decision, we are still exactly where we were when that came out.

Mr. Boyer: Previously, you had mentioned the importance of security and information assurance as one of the key goals in your department. Now, technology has clearly enhanced the ability to share information, but it has also made organizations more vulnerable to unlawful and destructive penetration. Could you describe your efforts around encryption of data, and specifically your strategy to strengthen the protection of personally identifiable information?

Mr. Mintz: Yes. First of all -- and I'll get to the encryption. We have to understand that most of these issues are fundamentally cultural. There was a study done where people called up an organization -- and I don't remember right now whether it was private or public. But they called up an organization. And it was people in the IT shop, and the phone call was hello, I'm from the help desk. We are resetting your password and -- I mean, this is true. That we are resetting your password, and we need your ID and password just to confirm it so we can do the reset correctly. Fifty percent of the people gave it.

The point of that being, I don't care what technology you put in place or what protections you put in place or how you do identity management, that is, identifying who is signing on or accessing the system. When somebody does that, they're let into the system and they can do anything they want. So the problems are fundamentally cultural.

With encryption, one of the things -- when I looked at some of the problems that have happened across the government, there were at least two or three things that came about that occurred to me when I looked at the lessons learned. So one was just a technology issue, that is encrypt the data. So certainly, everything in particular that's mobile is encrypted now at the Department, it has been for some time. We were very aggressive in following the mandate that was given to us by OMB. I thought was it was a good one, and we do that now.

Second, one of the problems was communications. A lot of times, people are afraid to bring bad news, and one of the comments is when you punish the messenger, you end up having no messages. So we've tried to create a culture where we can deal with bad news and not -- and deal with the news, as opposed to who brought it to us. In some cases, it took weeks or months before the bad information made its way up the management chain.

I have a policy that I inform senior management at the Department essentially at the same time we report any incident into the Department of Homeland Security, what's called US-CERT, where we report incidents. I have a commitment that I report it to them very shortly thereafter whether I have perfect information or not, so they were alerted to that. And that's -- luckily I work for a group of people that are able to handle that kind of interaction.

The third thing is an auditing activity. Typically, we put these policies out and we create what I call policy on a shelf. And what I mean by that is we create these huge three-ring notebooks or the functional equivalent of three-ring notebooks on the web, and no one knows which ones to follow, and we don't check to see if they are actually in place. So one of the things we're doing is we are doing a lot more aggressive job of going back and auditing each of the policies to make sure they're effective.

We do a lot of training programs associated with this topic, we have a week-long security conference which has existed really for many years at the Department. FAA does a security conference. We've done a lot more online training trying to make that more robust.

Mr. Morales: So Dan, along similar lines, there's obviously a rise in telecommuting and working from home, and many government employees are accessing IT infrastructure via non-government PCs, which increases the potential for system vulnerabilities. Now, my understanding is that peer-to-peer software applications resting on home PCs is one of the major reasons that increases the security risk.

First of all, can you tell us a little about what is the peer-to-peer software, and what are some of the challenges and benefits represented by these applications, and how you are dealing with them?

Mr. Mintz: Peer-to-peer software is software that allows multiple computers to access each other's disk drives as if the disk drives were all connected to the computer doing the access. And like a network, peer-to-peer -- because each computer is a peer of the other -- a lot of it's used for copying music and things like that, which are other activities that you really don't want to encourage.

We've taken a number of steps to try and deal with it. First of all, we have a policy that says you can't keep personally identifiable information or sensitive information on non-government computers anywhere. Second, the software we use that accesses our own systems prevents data from being downloaded on their home computer, though a user who wants to can obviously go around that requirement by just copying and taking it.

We are doing education processes to discourage people from doing that kind of activity associated with peer-to-peer work. We discourage people, frankly, from using that kind of home use peer-to-peer software. In addition, we scan for that software on our own networks to make sure that it doesn't exist on the Department's.

packages that merely do peer-to-peer work are not good applications in general for us to use. The security dangers are much too great related to that.

Mr. Morales: So your main line of defense here is really the education of the employees and making them aware of the dangers and the policies.

Mr. Mintz: Yeah, that, and the final thing is, we also have started changing the policies of the Department for those people who are doing a lot of telework, we are encouraging their primary computer to be a laptop, a government-provided laptop. So while we can't afford typically two computers, we can afford the one, and so more and more of the time, the primary computer's becoming a laptop.

Mr. Morales: What does the future hold for the U.S. Department of Transportation?

We will ask Dan Mintz, chief information officer, to share with us when the conversation about management continues on The Business of Government Hour.


Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Dan Mintz, chief information officer at the U.S. Department of Transportation.

Also joining us in our conversation is Pete Boyer from IBM.

Dan, given the critical role IT plays in mission and program delivery, could you give us your view on how the role of the CIO has evolved, and what are some of the key characteristics of a successful CIO going into the future?

Mr. Mintz: I see the CIO function breaking into two directions. One direction will be those CIOs that will focus on technical issues and potentially operational issues. And the second will be those CIOs that will focus more on strategic and policy issues, and I think over time that actually may separate out.

The characteristics of the CIO, therefore, will depend on which person, which role they have. The latter role, which I think is the more interesting -- I think people have to have experience with business issues and business background. Technology is a useful piece of knowledge to have, but will not be the primary driver of the CIO function. Their ability to translate between technology and business goals I think will be what they have to bring to the table.

Mr. Boyer: Now, continuing our focus on the future, can you give us a sense of some of the key issues that will affect CIOs government-wide over the next couple of years, and given this perspective, what emerging technologies -- and we've talked about some of them already -- hold the most promise for improving federal IT, and any advice you would give to the next administration in this area.

Mr. Mintz: My opinion is the biggest -- and it's in a sense not an emerging technology, but the technology I think that the CIO function needs to pay the most attention to is the continuing impact of the internet on organizational structure. Historically, the technology challenge has been how to optimize technology, which however difficult, is actually manageable and understandable.

With technology being completely pervasive, the issue now becomes how do you optimize organizations? That's a particularly difficult problem in the government, where making organizational changes is very, very complex.

Mr. Morales: Is this the flat-world issue?

Mr. Mintz: To some extent, yes. What happens is it empowers the people at the top who have much greater visibility into an organization; it empowers the average employee, which is a good thing, particularly for younger employees, because they have access to policy and things like that they otherwise wouldn't have. But the vast number of people in the middle who historically have -- get value by passing information up and down the organization, their self-worth is under attack. So the question becomes how do you make sure that they are able to give a valued contribution to the organization, because they have great talent.

Mr. Boyer: More specifically, Dan, what are some of the major opportunities and challenges your organization at DOT will encounter in the future -- and this is pulling out your crystal ball, but how do you envision your office will evolve over the next five years?

Mr. Mintz: I wouldn't be surprised that the challenges in five years are going to look a lot like the challenges today. The focus right now -- there are three focuses, two of which I've already talked about. One is how do we make sure that we have architecture that supports security needs, particularly when we have all these other emerging technologies and the internet breaking apart the relationships internally and externally.

which is how do we relate operational responsibilities and policy responsibilities, and how will that evolve over time.

Mr. Morales: And then you touched upon this a bit earlier, but you know, the pending retirement wave is a big issue across the government, and certainly within your organization. So more specifically, how are you handling this issue, and how are ensuring that you have the right mix of staff to meet some of the future challenges that you've outlined?

Mr. Mintz: I suspect that one of the issues evolving with retirement, because we are losing some very senior and valuable people -- the solution may be possible if we can figure out how to have more robust relationships from a variety of different external resources, because I'm not sure we can hire fast enough to replace all of them.

I think, however, in many ways the major problem is with the people we still have right now, because the nature of what their job role is just changing dramatically because of this internet impact. We have people who are used to working in a hierarchical relationship and are relatively comfortable with it. We need to move that to being able to deal with a horizontal relationship with partners. It takes different skills.

When you look at the private sector, a lot of the companies who failed at outsourcing failed because they didn't know how to relate two horizontal activities. And they didn't realize it was a core value that they had to develop.

The government will need to figure out how to interface to private partners more, academic institutions, state governments, international organizations, in ways that people may not yet be comfortable with. We also have to be spending, I think, a lot more focus on that human capital issue. And I think we need to spend actually a little bit more on that. And that's what we are doing right now in IT.

Mr. Morales: So it really comes back to your point about different organizational modes, and different ways of managing the business.

Mr. Mintz: Yes, and I think the private industry is moving much faster, and eventually government will be forced to catch up because all of its partners will be doing this.

Mr. Morales: So Dan, given the wide breadth of experiences that you've had in your migration from the private sector over to federal government, I'm curious, what advice might you give a person who's out there considering a career in pubic service?

Mr. Mintz: I'd highly recommend it. I mean, I've had a wonderful challenge. One of the things I say when I speak in different groups is this is honestly the first job I ever had where I love coming to work every day. I've obviously had jobs that I've enjoyed, but I can honestly say every day I've been at the Department, I love coming into the office.

And it's a rare opportunity. There are great people within the government, you have a sense of mission; you're trying to accomplish something that's really helping the citizens and the public, which is a very wonderful thing. It's the best job I've ever had.

Mr. Morales: Dan, that's great advice. Unfortunately, we have reached the end of our time together. I want to thank you for fitting us into your busy schedule today, but more importantly, Pete and I would like to thank you for your dedicated service to our country at your role at the Department of Transportation.

Mr. Mintz: I'd like to thank you for having me here. I love to talk about the Department and my office. For those people who want to know further information about the Department, they should access

Mr. Morales: Thanks.

This has been The Business of Government Hour, featuring a conversation with Dan Mintz, chief information officer at the U.S. Department of Transportation. My co-host has been Pete Boyer, director in IBM's federal civilian industry practice.

As you enjoy the rest of your day, please take time to remember the men and women of our armed and civil services abroad who may not be able to hear this morning's show on how we are improving their government, but who deserve our unconditional respect and support.

For The Business of Government Hour, I'm Albert Morales. Thank you for listening. Announcer: This has been The Business of Government Hour. Be sure to join us every Saturday at 9:00 a.m., and visit us on the Web at

There, you can learn more about our programs and get a transcript of today's conversation.

Until next week, it's

The content of this field is kept private and will not be shown publicly.

Your comment will appear after administrative review.

This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.

2479 recommendations
The content of this field is kept private and will not be shown publicly.

Your comment will appear after administrative review.

This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.

1344 recommendations
The content of this field is kept private and will not be shown publicly.

Your comment will appear after administrative review.

This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.

1132 recommendations
The content of this field is kept private and will not be shown publicly.

Your comment will appear after administrative review.

This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.

1436 recommendations