President George W. Bush leaves office soon with a diverse legacy. Although his business background was quickly overshadowed by the urgent need to fight terrorism, his administration was marked by an effort to create a more businesslike approach to government.
The war on terrorism brought its own innovations.
Bush and his team created the Homeland Security Department and launched information-sharing and security initiatives. Some of those efforts drew the disapproval of privacy advocates, who were concerned that the programs gave the administration too much power to snoop around in ordinary Americans’ private lives.
Finally, Bush’s team and congressional allies sought to reform acquisition processes, expand help for small businesses and institute an enterprise software licensing program to harness the government’s buying power.
Everyone learns from experience, but the experiences don’t have to be the learner’s. The outgoing administration has accomplished much and had some spectacular failures, too.
President-elect Barack Obama would do well to study the lessons of the past while leading the country into the future.
In the following pages, we share some of the lessons from the past eight years that can and should carry over into the Obama administration.
No. 1 Privacy: No program is too important for oversight
The Total Information Awareness program seemed like a good idea to the Bush administration. The plan was to develop information technology systems that would collect a wide array of information from the country’s daily communications and transactions and then look for patterns and connections in the accumulated data.
But as word got out about the scope of the program — first announced in 2002, launched in 2003 and quickly rebranded Terrorism Information Awareness — civil libertarians grew increasingly hostile to what seemed eerily close to the Big Brother of George Orwell’s novel “1984.”Congress quickly defunded the Information Awareness Office at the Defense Department, although some core elements of TIA survived in other programs.
One reason the initiative sparked concerns was that it would have been carried out in secrecy, with little oversight within the government and virtually no public accountability.
Fred Cate, director of Indiana University’s Center for Applied Cybersecurity Research and an adviser to President-elect Barack Obama’s campaign, said the Bush administration subscribed to the misguided notion that homeland security is so important that programs connected to it should be able to shortcut the usual oversight and accountability measures.
“One of the major steps forward for this committee, Congress and the administration is [to] get over this [notion] that this is just too important to subject to scrutiny or testing or oversight,” he said at a roundtable discussion hosted by the House’s Homeland Security Committee in early December. “It’s because it’s so important that it needs testing and scrutiny and oversight.” TIA wasn’t the only counterterrorism effort to encounter such fierce opposition.
Some of the most controversial initiatives have focused on combining, sifting through or mining data. Such programs have expanded the amount of data the government holds in various databases and continue to alarm privacy advocates.
Hugo Teufel, the Homeland Security Department’s chief privacy officer, said protecting privacy is not incompatible with the department’s mission. But many privacy experts say they hope the next Congress and the incoming Obama administration will address some of the questions that counterterrorism technologies have raised.
—Ben Bain
No. 2 Security: Compliance with rules doesn’t guarantee results
Senior federal managers have become quite familiar with the Federal Information Security Management Act of 2002 because they are responsible for complying with the program’s cybersecurity rules. But it is not clear whether agencies with good grades are any more secure than those with lower marks.
Many believe the act’s requirements were underfunded and the deadlines unrealistic, which led to a great deal of frustration.
Poor grades on annual FISMA report cards have resulted in “a lot of pencil whipping,” said Wayne Plucker, industry manager for North American aerospace and defense at Frost and Sullivan.
FISMA’s critics say the program has raised awareness of information security, but its emphasis on process rather than results has made it less effective than it could be.
The law focused on compliance because compliance is easy to measure, said Deniece Peterson, a principal analyst at research firm Input.
Results are not as easy to gauge. “The problem seems to be finding the right metrics,” she added.
Lawmakers are pushing for an update of FISMA in the next Congress. “FISMA was a good first step, but I do think that it needs to be updated to reflect more meaningful metrics that better align with rapidly changing risk and threats,” Peterson said. “FISMA laid the groundwork, but I think there’s more work to be done.” Some analysts say FISMA should be counted a success because it raised awareness of information security issues — a significant accomplishment.
“Having FISMA is better than no FISMA,” said Jim Flyzik, president of the Flyzik Group consulting firm. “It does keep the attention on cybersecurity as a priority.”
—Alice Lipowicz
No. 3 EnterpriseArchitecture: Take small bites of big pies
Developing and deploying an enterprise architecture is a big undertaking, which is why experts say the most successful strategies start small.
Maj. Gen. Dale Meyerrose successfully implemented an enterprise architecture at the North American Aerospace Defense Command, said Wayne Kulick, senior program manager at LGS Bell Labs Innovations. Meyerrose, who has since retired, and his team studied 300 processes, identified and eliminated the duplicative ones, and ended up with only 80 they needed to keep, Kulick said.
Then they set about incorporating those processes into the architecture.
“Do not try to eat the elephant in one bite,” Kulick said. “Define a measurable portion of the enterprise and implement enterprise architecture around that portion. Modularize it and expand it to other areas.” The Internal Revenue Service is another agency with a mature enterprise architecture that permeates almost every aspect of its operations, said Avi Bender, the IRS’ director of enterprise architecture. The agency accomplished that by making the architecture “an integral part of the way business gets done” rather than a compliance checklist, he said.
The small-bites concept also applies to communications about the architecture, said John Low, a senior associate at Booz Allen Hamilton. It’s essential for architects to keep executives apprised of their progress and remind them why the architecture is important, he said. That isn’t easy under the best of circumstances, and it’s even harder when information technology professionals don’t break the subject down into easily understood pieces.
“Reaching out to all the department executives as well as the bureaus that comprise those departments is essential,” Low said. “The most successful enterprise architecture programs have road shows where they regularly go out and meet with bureaulevel architects.”
—Doug Beizer
No. 4 Regulations: New policies demand firm management
In many cases, managers and regulators can take a relaxed approach to overseeing employees and policies.
But when dramatically new situations arise, they might have to adopt a firmer hand for a while.
For example, the rapid proliferation of electronic documents, such as e-mail messages, has presented an immense recordkeeping challenge for agencies and promises to pose serious policy and technology questions for some time.
Experts agree that the rules governing the definition of official records and how they should be retained and managed are antiquated because they address only paper records. But agencies must have systems for maintaining electronic records because they could be compelled to produce them under Freedom of Information Act requests or as part of the discovery process in a lawsuit. Meanwhile, the White House’s e-mail recordkeeping remains the subject of ongoing litigation.
Under the leadership of the National Archives and Records Administration, agencies are working to incorporate electronic recordkeeping into their policies.
But in May, NARA’s inspector general told a Senate panel that NARA’s collegial approach to ensuring that agencies are complying with recordkeeping laws was inadequate. In June, the Government Accountability Office recommended that NARAtake a more aggressive approach to ensuring that agencies are preserving electronic documents by developing various types of inspections and surveys.
Laurence Brewer, director of NARA’s Lifecycle Management Division, said the agency is heeding GAO’s advice and will be testing new assessment tools.
Patrice McDermott, director of OpenTheGovernment.org, said she believes most agencies still have not grasped the importance of electronic recordkeeping, mainly because of lax enforcement.
“It’s a real disaster in the making,” she said.
—Ben Bain
<!--[if !supportLists]-->
No. 5 Pay for Performance: Transparency key to gaining trust
The Bush administration learned a difficult lesson about pay for performance that seems obvious in retrospect: When you mess with people’s pocketbooks, you better say what you are doing and do what you say.
In the past eight years, many federal employees have become subject to pay-for-performance systems. In particular, the Senior Executive Service and the National Security Personnel System have been revamped to tie salaries more directly to the quality of employees’ work.
But agencies have managed the systems inconsistently, and employees don’t easily trust changes to systems they are comfortable with, said Bill Bransford, general counsel at the Senior Executives Association.
Some agencies have not adequately funded the process to provide monetary awards to employees who meet the performance criteria. And other agencies have left the decision of who should receive awards to the discretion of senior managers, which makes the systems seem arbitrary.
“When pay-for-performance systems don’t allow the full amount of the annual increase to be paid for those employees performing at a successful level, it creates a negative reaction by employees and lack of acceptance of the system,” Bransford said.
Agencies must fully fund pay-for-performance systems and implement them in a way that is easily understood and builds on a performance appraisal and ratings system, he said. When employees have confidence in the appraisal system, it paves the way for a smooth transition to pay for performance, he added.
Pay for performance is a work in progress, said Linda Springer, former director of the Office of Personnel Management and now an executive director at Ernst and Young.
“I think that everyone recognizes that you have to have good performance structures in place and managers who can administer those systems in order to be successful,” she said.
Pay for performance is essential for attracting the next generation of talent to the government, said Ronald Sanders, chief human capital officer at the Office of the Director of National Intelligence. That makes it imperative that the government learn how to do it right, he added.
— Mary Mosquera
No. 6 Acquisition: There is such a thing as too much competition
Government procurement policy-makers are always looking for ways to ensure that the government receives low prices for products and services. Historically, one factor that’s been considered crucial is adequate competition.
The more vendors that compete for sales, the logic goes, the lower the price will fall as they seek to undercut one another. That, in turn, gives rise to the adage, “There’s no such thing as too much competition.” But the General Services Administration’s SmartBuy program has yielded a surprising lesson: One way to get lower prices is to lower the number of competitors.
If companies can be assured that they will have a large number of buyers, they will often agree to drastic price reductions even with few or no competitors, said Tom Kireilis, director of the SmartBuy program.
Government officials looking for commercial software companies to join the SmartBuy program had to prove that the sales volume would offset major discounts. The four-year-old strategic sourcing initiative, modeled on an older Defense Department program, seeks to reduce vendors’ prices by capitalizing on the large volume of products and services the government buys.
The program narrows the field of eligible companies based on the quality of products and services, proposed prices, and other factors. Typically, two to four companies end up competing for work, and the business volume makes up for the deep discounts, Kireilis said.
But the government doesn’t guarantee or even promise any sales through SmartBuy, said Bill Shook, a partner at the K&L Gates law firm. Fewer companies might be selling, but the advantage is eliminated if a competitor joins SmartBuy. Moreover, companies still must sell their products directly to agencies because SmartBuy isn’t a required buying vehicle.
“Why does government deserve better prices if it’s not making it easier and cheaper to sell?” he asked. “Volume pricing discounts arrive when people have actual money.”
—Matthew Weigelt
No. 7 Management: Public humiliation works
Clay Johnson, deputy director for management at the Office of Management and Budget, famously described the system that rates agencies on their compliance with the President’s Management Agenda as leading to “public shame and humiliation” for low scorers.
Although that assessment might not amuse agency managers who have received low marks, few deny that the system is effective.
“They set out on the five [agenda] initiatives and just kept everybody’s nose to the grindstone throughout their tenure,” said Steve Redburn, a fellow at the National Academy of Public Administration and former chief of the Housing Branch at OMB.
“It was the constant communication and publicity of the score cards, the embarrassment as well as the high-visibility praise when agencies did well,” that led to steady improvements in agency performance, he added.
“The score card was used effectively as a focusing tool” for the management agenda, said Norm Lorentz, a vice president at the Council for Excellence in Government. He served as the first chief technology officer for the federal government at OMB.
The attitude of agencies toward the management agenda changed over time, he added. “When you’re putting in a transformational capability, people wait around to see if you’re serious,” he said. Once agency managers understood that the Bush administration was indeed serious, they began stepping up efforts to perform well.
Lorentz said he believes the score card will carry into the next administration, although perhaps under another name.
The score card has helped measure common characteristics across federal agencies regardless of their mission or business, Lorentz said. At the same time, all agencies have initiatives specific to them that are designed to improve performance in each of the agenda’s areas.
President-elect Barack Obama talked about the management categories during the campaign as part of his focus on performance improvement. Just as the Bush administration built on the progress in e-government made during the Clinton administration, the Obama administration will build on the Bush administration’s progress on performance, Lorentz said.
—Mary Mosquera
No. 8 Competitive Sourcing: Talk the walk
During its tenure, the Bush administration increased the use of competitive sourcing, a process under which some government employees must compete with private-sector companies for their jobs. Agencies are supposed to give the work to the competitor that can perform it most effectively — whether government employees or contractors.
Predictably, federal employees grew to fear the process, said Stan Soloway, president and chief executive officer of the Professional Services Council.
“There was a general sense, whether it was fair or not, that this administration came in with a strong bias against federal employees,” he said. “What resulted was sort of guerilla warfare for eight years.” Better communication could have eased a lot of the anxiety, he said, adding that the administration did a poor job of explaining the practice to federal employees, Congress, and pretty much everyone else.
The initiative also needed more participation by the human resources community, said Robert Burton, former deputy administrator at the Office of Federal Procurement Policy and now a partner at Venable law firm. It took awhile for OFPP to realize that competitive sourcing was more of a human resources initiative than an acquisition effort, he added.
Almost 90 percent of competitions resulted in work remaining in the government, and the number of competitions declined overall in the past two years, Soloway said. Agencies that did conduct competitions had few bidders, and some failed to attract any private-sector companies, he added.
“The upshot is that few of the departments that were engaging in competitive sourcing got the benefits of real competition,” he said.
But there is another possible interpretation.
The fact that federal employees won most competitions means that they are high performers, said John Threlkeld, legislative representative at the American Federation of Government Employees.
He said he believes the Obama administration will eliminate competitive sourcing in favor of allowing agencies to pursue internal re-engineering efforts and bring more work back in-house.
— Mary Mosquera
No. 9 Mandates: Connect difficult programs to a larger purpose
Whittling the number of federal agencies’ connections to the Internet seems like an impossible task. How do you examine thousands of connections and find a way to eliminate all but 100 or so? Experts say one helpful approach is to make such a mandate part of a larger initiative with a clear purpose.
Accordingly, the Trusted Internet Connections program is part of the Bush administration’s multibillion-dollar Comprehensive National Cybersecurity Initiative (CNCI) to protect computer systems from electronic attack.
TIC contributes to the larger initiative by leaving only a few points of entry for hackers. A small number of connections will be much easier to document, monitor and lock down than the thousands that existed previously.
Robert Dix, Juniper Networks’ vice president of government affairs, said including the TIC initiative as part of the overall CNCI was an effective strategy. Lawmakers might not understand the importance of reducing the number of connections when they hear about it out of context, but presenting it as part of the overall cybersecurity effort has engendered strong bipartisan support, he added.
Even so, the early stages of TIC required an unglamorous but essential effort to document existing connections, said Karen Evans, administrator of e-government and information technology at the Office of Management and Budget. She and Dix spoke at a recent TIC conference co-sponsored by Juniper Networks and 1105 Government Information Group, Federal Computer Week’s parent company.
On a tactical level, it’s easier for agencies to identify existing connections and decide which ones to eliminate when they’re already overhauling systems, she said.
“The right place to do this is when an agency is getting ready to upgrade or change something, and we focused in on trying to catch those life cycle development pieces and then launch them into a new direction,” she said. “Anytime an agency is getting ready to do something new or change direction, that’s really when you want to seize that moment.”
—Ben Bain
No. 10 Government Reform: Squeaky wheels get greased
Enthusiasm is contagious! That might sound like a high school glee club’s motto, but it’s also proven to be an effective principle for reformers. Procurement reform advocates in particular have found that energy and passion count for a lot in making policy changes.
Nitty-gritty purchasing processes don’t keep the attention of high-ranking administration officials or lawmakers.
Conveying enthusiasm for acquisition reforms might pique their interest, but doing so requires a vibrant personality and an intricate knowledge of how contracting works, experts say.
For instance, the incoming administrator of the Office of Federal Procurement Policy (OFPP) must be energetic and committed to improving the acquisition system, said Larry Allen, president of the Coalition for Government Procurement. He or she shouldn’t be afraid to embark on new tasks and launch initiatives that will enhance the buying process.
The administrator must inspire and motivate acquisition workers to take pride in the essential role they play, said Robert Burton, former deputy administrator at OFPP and now a partner at Venable law firm. They are struggling with growing workloads and the fear of making a wrong move that could end their careers, he added.
The administrator should also commit to stay in the position for more than the average 18 months, said Burton, who was acting administrator for more than two years. He said the government operates slowly, and 18 months doesn’t give an administrator enough time to champion a cause and see it through to completion.
Some OFPP administrators have succeeded in making acquisition reforms while others have been ineffective as change agents. Their success typically depends on the degree of passion they bring to the job, observers say, though they declined to name names.
As with other acquisition leaders, the OFPP administrator must push ahead with strong, well-grounded ideas for reform, said Stan Soloway, president and chief executive officer of the Professional Services Council.
Leaders must be willing to speak out and speak up on proposals from various sectors of industry and government, he added.
—Matthew Weigelt
No. 11 Management: Executive roles need early definition
The Clinger-Cohen Act of 1996 created the role of the federal chief information officer. Twelve years later, the debate continues over how much authority CIOs should have and where they should fit in an agency’s hierarchy.
The clear lesson from Clinger- Cohen is that any new executive office should have its powers and role well-defined from the start, say former CIOs and other analysts. It’s a lesson that President-elect Barack Obama should heed as he creates a federal chief technology officer position, said Mark Forman, who was the first administrator for e-government and information technology at the Office of Management and Budget and is now a principal at KPMG.
Clinger-Cohen left it up to department leaders to formulate the roles of CIOs, and agencies went in different directions, leading to inconsistent approaches.
“You want to have it written in stone, and a job description is one way to do it,” Forman said. “The real way to get this done is to codify it into law.
When you do that, you have to make it live more than one generation or the current wave.” Many observers say they hope Obama’s pledge to create a CTO for the entire government will generate more clout for CIOs as they seek to implement Web 2.0, e-government and IT programs.
For that to happen, the relationship between the CTO and agency CIOs must be clear, and the CTO’s tasks should include better integrating all senior federal leaders for IT, acquisition and human resources, said Stan Soloway, president and chief executive officer of the Professional Services Council.
— Alice Lipowicz and Mary Mosquera