Eye on... rules and regs

The Bush administration made one thing clear early in its term: Information technology is on the agenda.

E-government, of course, is one of the tenets of the President's Management Agenda, but that was last year's news. IT also plays large in numerous other major policy initiatives, including competitive sourcing and homeland security.

Some of the people championing the agenda have changed in recent months and may change yet again if the president wins a second term, but that's next year's story. The policy battles expected in the months ahead should make 2004 a memorable year for everyone involved.

A-76 revisited

Why you should care

After successfully fending off several congressional challenges to water down its competitive sourcing initiatives, the White House could make big gains in 2004.

What's coming

Opponents likely will mount more attacks, even as agencies move ahead with more competitions.

Security governance

Why you should care

The White House and Congress have given up the laissez-faire approach to security in both the public and private sectors.

What's coming

Forthcoming recommendations

from a security task force formed last month will likely turn into a

to-do list for agencies and private organizations.

Project management certification

Why you should care

Because project managers are not exactly lining up at agency doors looking for jobs, training and certification looks like a better investment all the time.

What's coming

Neither the Office of Management and Budget nor the Office of Personnel Management is expected to mandate certification, but most agencies are likely to make it a priority on their own accord.

Privacy reality check

Why you should care

Privacy impact assessments filed in late 2003 give OMB officials an opportunity to put privacy on the agendas of agency chief information officers.

What's coming

Don't look for privacy concerns to derail many major homeland security initiatives, but at least it could become a variable in the equation.

issue

Small-business conundrum

Why you should care

Administration officials are on the record advocating small-business contracting, yet agencies have made a point of going with large prime contractors.

What's coming

Something's got to give. So-called contract bundling will not go away, but prime contractors should expect more scrutiny of their strategies for passing business to small-business subcontractors.

Unfinished business

If the Bush administration were to put together a list of New Year's policy resolutions for 2004, it would probably look much like last year's.

You can't say the administration did not try to make progress on its core management agenda. But if anything, its efforts only intensified the debates that had begun the year before and now carry into 2004.

Looming over the debates this year is the upcoming presidential election. To what extent is the administration willing to do battle over competitive sourcing or small-business contracting and risk distracting attention from core election issues? Some observers fear that administration officials would rather put some issues on the backburner, taking them up again — or not — if Bush wins a second term.

Other issues are likely to continue beyond 2004, whoever wins the office. Legislation passed in late 2002 requires the White House to deal with mounting concerns that homeland security initiatives are eroding privacy. This coming year could prove a turning point for that debate, but it is unlikely to provide any resolution.

Here is a review of these and other issues topping the agenda in 2004.

A-76 revisited

Proponents in the Bush administration of competitive sourcing could be forgiven if they look back to the closing months of 2003 with satisfaction.

They successfully fended off a number of congressional maneuvers aimed at undermining some newly minted rules for competing federal jobs with the private sector. Yet with hundreds of thousands of jobs potentially on the line, anyone who thought the fight was over should think again.

The Office of Management and Budget's revised Circular A-76, which lays the framework for competing agency jobs with the private sector, is still in play as far as its opponents are concerned, and their legislative defeats last year have left them undeterred. During the final weeks of 2003's congressional sessions, several measures that they had inserted into appropriations bills were taken out again, leaving the path mostly clear to implement the rules.

"Everything that we've been pursuing this year, we're going to be pursuing next year," said Randy Erwin, assistant to the president of the National Federation of Federal Employees, in late 2003. "These last few weeks have been really, really difficult to swallow."

"Because it's an election year, it's going to be very, very nasty," predicted Catherine Garman, senior vice president of public policy for the Contract Services Association of America. "The battles are going to be intense. The federal sector employee unions are going to pull out all the stops."

Opponents might focus their attacks on specific measures more than on A-76 as a whole, said attorney Anne Perry, a procurement dispute specialist with Sheppard, Mullin, Richter and Hampton LLP in Washington, D.C. For example, federal employees might continue pushing hard for the right to appeal a decision to outsource to the General Accounting Office, rather than remain limited to protesting within their own agencies.

"That was something they were pushing very hard for," Perry said. "I would be surprised if they just let that go."

Security scrutiny intensifies

White House officials and members of Congress may butt heads in other information technology policy areas, but security is something they agree on.

Each year brings to light new threats to information and services on government systems, but each revelation elicits a response from the public and private sectors that is largely reactionary, at best. But that could be changing.

Leaders in both branches are shifting the focus of government security initiatives from technology to governance, said Bill Conner, Entrust Inc.'s chief executive officer, chairman and president, and co-chairman of a new public/private sector task force on corporate security governance.

Neither administration nor congressional officials are content to develop security recommendations only to see them dismissed or forgotten. Instead, they plan to take an oversight role, forcing top-level officials in both government and industry to account for the security of their systems.

Conner's governance task force is one of five formed last month under the supervision of the National Cyber Security Division at the Homeland Security Department. Each task force will report March 1 on specific security initiatives to implement across government and industry.

The executive branch has convened security task forces before, but this is the first time governance has been a major consideration, said Robert Liscouski, DHS' assistant secretary for infrastructure protection.

Federal agencies are already feeling the heat from Congress. The Government Information Security Management Act requires agency officials to provide OMB with regular security reports.

The combined governance push provides the basis for real improvements, said Rep. Adam Putnam (R-Fla.), chairman of the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee. Putnam released the latest set of federal security grades last month and plans to work closely with agencies and the task force to bring all the parties together.

Are you certified?

Not that long ago, many agency officials were debating the necessity and wisdom of putting project managers through certification. But what once seemed a daunting prospect now is a no-brainer.

"I expect to see more federal workers achieve project management certification, not because it is necessarily required of them, but because we expect to see more training in this area, and a natural derivative of the training is certification," said Ira Hobbs, co-chairman of the federal CIO Council's Workforce and Human Capital for IT Committee.

It's not just a matter of making sure project managers have the skills they need. It's about providing federal employees with more marketable résumés.

Hobbs said he would like to see a specific occupational series created governmentwide for certified managers. Now, the job is recognized more as a functional area within an occupation, but a designated series means a certified manager could move across agencies and projects, he said.

The Office of Personnel Management's personnel research psychologist, Tara Ricci, said OPM officials have not made any decisions yet, but she said they certainly would consider plans to create an occupational series if the CIO Council were to present the idea.

Karen Evans, OMB's administrator for e-government and IT, said the council will work with OMB and OPM on any recommendations based on a CIO Council survey, but official guidelines are not expected.

Privacy variable could figure security solutions

The Bush administration, with prodding from Congress, took several steps last year toward answering critics who say homeland security gains are made at the expense of personal privacy.

DHS, as required by the Homeland Security Act of 2002, appointed a chief privacy officer to serve as an internal watchdog. And OMB officials, as required by the E-Government Act of 2002, asked agencies to submit privacy impact assessments for all their information systems.

Privacy advocates are waiting to see what comes next. One concern is that the administration, having fulfilled the letter of the law, gives those assessments no further thought.

"The fact that they are required is a major step forward, but the question is, 'What happens to the assessments?' " said John Sabo, a member of the federal Information Security and Privacy Advisory Board and business manager for security, privacy and trust initiatives at Computer Associates Inc.

But those assessments have the potential to be very effective, said Nuala O'Connor Kelly, DHS' chief privacy officer. The assessments must be performed on every new system and every time an existing system is changed or used in a new way, which means officials must be thinking about security all the time, she said.

Beyond the assessments, the act includes what many observers call the most significant changes to federal IT privacy policy since the Privacy Act of 1974.

One provision requires agency Web sites to generate machine-readable privacy policies, which enable a user's browser to

automatically determine whether a site meets that user's privacy requirements.

So far, government sites are lagging behind commercial ones, said Ari Schwartz, associate director for the Center of Democracy and Technology. "It's not as though Congress has asked the government to take the lead," he said. "Government is behind."

Small business issues to remain center stage

Small Business Administration officials want to solve some of the problems that fomented turmoil in 2003, and the solutions are likely to come this year.

The agency is addressing issues ranging from how small businesses are defined to teaching contract officers how to avoid unfairly bundling contracts, said Linda Williams, associate administrator of the SBA's Office of Government Contracting and Business Development.

The agency's actions last year, some of them continuing measures initiated in 2002, will affect small businesses, larger companies that subcontract to small players and agencies under increasing pressure to meet small-business goals.

The agency published rules last October intended to require agencies to examine more closely their decisions to bundle contracts. The new rules should lead to more bundles being unbundled, Williams said.

"We hope to see agencies implement those [rules] and work to see that bundling is properly justified," she said. "That's going to be the main thing that we'll be dealing with in the next few months."

The agency is also watching the Small Business Reauthorization bill, which includes stronger anti-bundling language. "We have some concerns about that," she said. "We don't know what will be the outcome."

The agency is also likely this year to change both the way small businesses are defined and how often they have to re-certify their status, she said.

Procurement experts say that subcontracting plans are likely to come under the microscope this year as well. Small-business officials say they are sometimes hired onto a prime contractor's team — giving the prime credit — and then given little or no work.

"There's an increased emphasis on it," said Jonathan Aronie, a partner at the Sheppard Mullin law firm. "Traditionally, it hasn't been something that has been heavily enforced."

It's another topic that SBA is working on, Williams said. Officials are reviewing comments that came in on a proposed rule published last fall.