Dependable systems

The central problem in information technology management has shifted. Runaway

systems development projects have given way to a new central concern — that

of making systems dependable.

The road to success is well-known: understand the mission and goals,

design the system with the users in mind, rely on off-the-shelf technology,

take a modular approach and so forth. Solving the Year 2000 problem was

strong proof that if industry and government chief information officers

follow this road, they can successfully manage large initiatives.

Fixing the Year 2000 bug also ushered in the focus on making systems

dependable. This crops up in a variety of guises, which then compete for

resources and create confusion about priorities. The three most common variations

are often heard as cries to:

* Protect critical infrastructures, including federal computer systems,

from cyberthreats.

* Provide confidentiality, integrity and privacy in electronic transactions.

* Ensure reliability and dependability in application software.

Crisis-mongers fill the air with sound and fury to hype each cause.

Those promoting critical infrastructure protection remind us that the keels

of all the U.S. battleships that won World War II were laid before the Pearl

Harbor attack.

In the second case, we are warned by cyberspace's brightest legal scholar — Lawrence Lessig, in his book, Code and Other Laws of Cyberspace — that

industry's very design for the network is destined to undermine freedom

and autonomy.

As for the third point, we are counseled to rise up against a software

industry that dismisses as "undocumented features" bugs that steal, as coldly

as Jesse James, the productive time of scores of people.

We are at the beginning of what author Lester Thurow calls the third

industrial revolution, one that encompasses IT and its unruly offspring — forces such as biotechnology and globalization. Revolutions are by nature

confusing, contentious and troubling.

Those of us at the helms of craft that ply these turbulent waters must

now adjust our bearings and set a course for the middle way.

The true middle ways are robust "win-wins." They stand above the competing

calls for security, privacy, reliability and free access and create balanced

solutions that serve all interests better. One such solution is U.S. encryption

policy that, in the words of longtime administration critic Rep. Bob Good-latte

(R-Va.), "will protect privacy, promote our national security and allow

U.S. companies to compete with foreign encryption manufacturers."

Like good system designs and well-managed projects, these middle ways

are not born perfect. They grow best from iterative, participative, risk-taking,

cross-functional teams of public- and private-sector experts who struggle

together to achieve a common goal. The goal of creating innovative, dependable

solutions is worthy. We, too, must be.

—McConnell, former chief of information policy and technology at the Office

of Management and Budget and director of the International Y2K Cooperation

Center, is president of McConnell International LLC.