Tom Wiesner | Labor's E-Gov Guide
Labor deputy CIO Tom Wiesner has worked in IT for more than 30 years in various federal agencies, including the National Security Agency, the Treasury Department and the Homeland Security Department’s Transportation Security Administration during its first year of existence.
GCN: Now that you’ve achieved all green on the President’s Management Agenda scorecard, how do you plan to stay there?
WIESNER: It’s true what they say, that getting to green is tough, but staying green is tougher. Our philosophy to stay green is basically how we got to green, and that is to stay focused on what is required and where we want to be at the end of 90 days every quarter.
We believe a good relationship and good communications with the Office of Management and Budget is essential, so there is clear understanding of what we’re trying to do and whether it meets their expectations and objectives. We’re continuing to engage the entire department and all the agencies as necessary. It’s definitely a team effort, and everyone’s program, cost schedule performance, security and enterprise architecture are all important.
GCN: On what will you base your performance goals since you have fulfilled OMB basic requirements?
WIESNER: Performance goals go up in some areas once you achieve green. For example, once you have at least 90 percent certification and accreditation of your IT systems, then you have to get to 100 percent and stay at 100 percent.
In addition to what OMB asks us to move toward, we have some of our major IT programs that we comment on, and [establish] our own internal goals we want them to meet in the course of the fiscal year or 12 months.
For example, we have a good security program, but there’s room for more improvement. We recognize the need to develop a technical security standards manual, so when we start to address new technologies, we will be developing security standards as we roll out that technology. We would set a target and over two or three quarters we’d put milestones into our scorecard as to when we wanted to achieve having that manual and maybe one or two technologies incorporated into that manual with the appropriate security standards.
GCN: On your PMA success, what were two of the most important things Labor did that led other parts of the scorecard to fall into place?
WIESNER: There’s always been leadership and commitment from the secretary [Elaine Chao] herself, throughout the senior management and through the entire department in trying to achieve success in the five PMA areas. When we achieved green in human resources, which was the first one, that told us we can achieve success, we can get to green. It sort of established a benchmark for the rest of us who were responsible for other areas.
Success feeds off of itself. Once you get one [green rating], you see the reaction. A lot of folks are proud of what they accomplished. Everyone in their individual area tries to motivate the staffs across DOL to continue to push forward.
We thought we were doing well in all the areas required to be green in e-gov.
For example, in cost schedule performance, we had a strong methodology for many years, and we continue to hit that benchmark time and time again. We didn’t think that area would be an issue preventing us from getting to green. But then OMB said earned-value management is the standard by which to measure the performance of your IT programs. So, in less than a quarter and one half, we established the process, policies, procedures and came up with a tool that would measure for the standard.
We really wanted to get to green by the end of fiscal year 2004. The CIO staff, along with all the agencies’ support, took the steps necessary to make that part of the culture of DOL. We had to do a quick gap analysis of what we had and didn’t have and then fill in those gaps and establish policy procedures and get some of our IT programs under the earned-value management methodology.
GCN: How mature is Labor’s enterprise architecture?
WIESNER: In the last OMB assessment in June, we were rated at 3.6. OMB rates maturity levels from 1 through 5. Over half of federal agencies, I believe, have at least a 3.0, which means they have a mature enterprise architecture with processes, procedure and governance in place.
Higher than that is a matter of using what you’ve developed in terms of everyday management of your programs, business processes and IT investments. We have a strong governance process to address the EA requirements of the department. We’ve developed an enterprise architecture for universal functions that go across all of DOL and are starting to use the EA process in making IT investments.
We’ve used enterprise architecture in our unified DOL technology infrastructure. The EA helps identify the redundancies.
GCN: How do you get the requirements of enterprise architecture, security, capital planning and investment control, and earned-value management drilled down into Labor’s bureaus?
WIESNER: We summarize that as our IT governance. It starts from the management review board level, and the agency heads within the department drill down to our technical review board, which is made up of senior IT representatives from DOL agencies, and then we spin into the various subcommittees on capital planning and investment, enterprise architecture and security. We drill all our direction in implementation from top down and work at subcommittee level on up.
On a quarterly basis, we take a sampling of all our major IT programs and review them in terms of: Is their enterprise architecture up to date for that program? Is the cost schedule performance and capital investment where they’re supposed to be in their lifecycle? Do they track security C&A? On a biennial basis, we have an agency scorecard just like the departmental scorecard process that OMB issues to us. As we are being measured for all the areas within DOL from OMB’s perspective, we drill that down to the agency level and ask them to respond accordingly in those same areas.
GCN: How has Labor improved its IT security?
WIESNER: For the PMA, we started focusing on certification and accreditation of IT systems two years before we got to green. Over that two-year period, we were able to achieve over 90 percent from less than 50 percent. We next started concentrating on security testing and evaluation of management, operational and technical controls related to our IT systems. We use guidance from the National Institute of Standards and Technology for the standards for those various controls and we incorporate them into our policies and procedures that the individual IT specialists within the agencies need to follow for all their programs.
GCN: What are a couple of major IT projects and near-term milestones?
WIESNER: We will consolidate from nine networks to one wide area network, with common Internet access and common remote access for users across DOL. We intend to pilot three DOL agencies in the first quarter of calendar year 2006: the Office of Administration and Management, the Office of Adjudication Law Judges and the Office of the Inspector General.
We’re using general contract support from program management support activities. We expect to use a GSA FTS 2001 service provider for the pilot. We’re putting requirements together now and will release that in the fall and make an award in the beginning of the calendar year 2006. We’ll roll out the rest of the department under the Networx contract when it is awarded. We’re targeting FY 08 for completion of the consolidation, depending on Networx.
NEXT STORY: EPA data littered with errors and gaps