Public CIO Magazine February 2011Predictions for 2011 Local CIOs talk about what lies ahead. NYC’s...

T E C H N O LO G Y L E A D E R S H I P I N T H E P U B L I C S E C TO R » F E B R UA RY / M A R C H 2011

INSECURITY A R K A N S A S C TO

C L A I R E B A I L E Y

Social

CIOs GRAPPLE WITH THE SECURITY RISKS OF WEB 2.0

ISS

UE

1 |

VO

L.9

A

PU

BLI

CA

TIO

N O

F E.

RE

PU

BLI

C

PCIO02_01.indd 1PCIO02_01.indd 1 2/7/11 9:46 AM2/7/11 9:46 AM

Designer Creative Dir.

Editorial Prepress

Other OK to go

100 Blue Ravine RoadFolsom, CA 95630

916-932-1300

PAGE

Designer Creative Dir. Designer Creative Dir.

�

��

��

��

Editorial Prepress Editorial Prepress

Other OK to go Other OK to go

F E A T U R E S

8To Friend or Not to FriendCIOs grapple with the security risks of social media.B y C i n d y W a x e r

C O V E R S T O R Y

16

Gov

ernm

ent T

echn

olog

y’s

Publ

ic C

IO (I

SSN

# 1

944-

3455

) is

publ

ishe

d bi

mon

thly

by

e.R

epub

lic, I

nc. 1

00 B

lue

Rav

ine

Roa

d Fo

lsom

, CA

956

30.

Perio

dica

ls P

osta

ge p

aid

at F

olso

m, C

A a

nd a

dditi

onal

offi

ces.

Pos

tmas

ter:

Send

add

ress

cha

nge

to G

over

nmen

t Tec

hnol

ogy’

s Pu

blic

CIO

, 100

B

lue

Rav

ine

Roa

d Fo

lsom

, CA

956

30 C

opyr

ight

201

1 by

e.R

epub

lic, I

nc. A

ll R

ight

s R

eser

ved.

SU

BSC

RIP

TIO

NS:

Sub

scrip

tion

inqu

iries

sho

uld

be

dire

cted

to G

over

nmen

t Tec

hnol

ogy’

s Pu

blic

CIO

, Attn

: Circ

ulat

ion

Dire

ctor

, 100

Blu

e R

avin

e R

oad

Fols

om, C

A 9

5630

. (91

6) 9

32-1

300.

FE

BR

UA

RY

/MA

RC

H 2

01

1

26

CONT

ENTS

www.public-cio.com [3]

A Tough Position to FillIT managers have trouble adding business analysts to their lineups. B y D a v i d R a t h s

What’s Our Payback?The inexact science of measuring the value of public-sector technology.B y J i m R o m e o

Selling Umbrellas in the RainThoughts for new CIOs on defining the value of IT for government executives.

B y D e a n I a c o v e l l i

Lessons Learned Open source pioneers identify five critical factors for success.B y M a r k C a s s e l l

Void at the Top Why are governors taking longer than usual to appoint their CIOs?B y M a t t W i l l i a m s

Connecting the Dots Could emerging Semantic Web technology help intelligence analysts spot new terror threats? B y B r o o k e A k e r

22

32

36

3826

PCIO02_03.indd 3PCIO02_03.indd 3 2/3/11 12:13 PM2/3/11 12:13 PM


Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



ONLINEEXCLUSIVES

www.public-cio.com

Predictions for 2011

Local CIOs talk about what lies ahead.

NYC’s chief digital officer

Meet Rachel Sterne, New York’s new 20-something

social media guru.

Learning from WikiLeaks Michigan CTO Dan Lohrmann says recent incident

shows that the insider threat is real.

Minnesota names new CIO

Carolyn Parnell comes from state university system.

NEWS

VIDEO

BLOG

NEWS

The inside pages of this publication are printed on 80 percent de-inked recycled fiber.e

U P F R O N T

6 IntroductionNow is the winter of our discontent

2 0 0 7 M A G A Z I N E O F T H E Y E A R 2008 Silver Folio: Editorial Excellence Award

50

CIO CentralNews, reviews and careers

Book ReviewTips for improving your project management skills.

CIO2Successful leaders need the right situation.B y A n d y B l u m e n t h a l

44

CTO StrategiesBenchmarking government IT is easier said than done.B y D a n L o h r m a n n

FastGovLean times demand a more practical brand of innovation.B y P a u l W . T a y l o r

D E P A R T M E N T S

A p u b l i c a t i o n o f ©

PRINTED IN THE USA

Publisher: Jon Fyffe [email protected]

EDITORIALEditor: Steve Towns [email protected]

Associate Editors: Chad Vander Veen [email protected]

Matt Williams [email protected]

Chief Copy Editor: Miriam Jones [email protected]

Managing Editor: Karen Stewartson [email protected]

Justice and Public Safety Editor: Jim McKay [email protected]

Features Editor: Andy Opsahl [email protected]

Copy Editors: Elaine Pittman [email protected]

Sarah Rich [email protected]

Staff Writer: Hilton Collins [email protected]

Contributing Writers: David Raths, Cindy Waxer, Jim Romeo, Brooke Aker, Mark Cassell, Dean Iacovelli, Jim RomeoContributing Editor: Jessica Mulholland [email protected]

DESIGNCreative Director: Kelly Martinelli [email protected]

Senior Designer: Crystal Hopson [email protected]

Graphic Designer: Michelle Hamm [email protected]

Illustrator: Tom McKeith [email protected]

Production Director: Stephan Widmaier [email protected]

Production Manager: Joei Heart [email protected]

PUBLISHINGGroup Publisher: Don Pearson [email protected]

VP Bus. Development: Tim Karney [email protected] EAST

Regional Sales Directors: Leslie Hunter [email protected]

EAST

Shelley Ballard [email protected]

WEST, CENTRAL Account Managers: Melissa Cano [email protected]

EAST

Erin Gross [email protected]

WEST, CENTRAL

Business Development Dir.: Glenn Swenson [email protected]

Bus. Dev. Managers: John Enright [email protected]

Lisa Doughty [email protected]

Kevin May [email protected]

Exec. Coordinator to Publisher: Julie Murphy [email protected]

Regional Sales Administrators: Sabrina Shewmake [email protected]

Christine Childs [email protected]

National Sales Admin.: Jennifer Valdez [email protected]

Dir. of Marketing: Andrea Kleinbardt [email protected]

Sr. Dir. of Custom Events: Whitney Sweet [email protected]

Dir. of Custom Events Lana Herrera [email protected]

Custom Events Managers: Tanya Noujaim [email protected]

Katey Lamke [email protected]

Gina Fabrocini [email protected]

Custom Events Coordinator: Megan Turco [email protected]

Custom Events Admin.: Sharon Remeiro [email protected]

Dir. of Custom Media: Stacey Toles [email protected]

Custom Media Editor: Emily Montandon [email protected]

Sr. Custom Media Writer: Jim Meyers [email protected]

Custom Media Writer: Rohish Lal [email protected]

Custom Media Proj. Asst.: Courtney Hardy [email protected]

Dir. of Web Productsand Services: Vikki Palazzari [email protected]

Web Services Manager: Peter Simek [email protected]

Custom Web Products Manager: Michelle Mrotek [email protected]

Web Advertising Manager: Julie Dedeaux [email protected]

Web Svcs/Proj. Manager: Adam Fowler [email protected]

Subscription Coordinator: Eenie Yang [email protected] CORPORATECEO: Dennis McKenna [email protected]

Executive VP: Don Pearson [email protected]

Executive VP: Cathilea Robinett [email protected]

Executive Editor: Steve Towns [email protected]

CAO: Lisa Bernard [email protected]

CFO: Paul Harney [email protected]

VP of Events: Alan Cox [email protected]

Marketing Dir.: Drew Noel [email protected]

Chief Marketing Officer: Margaret Mohr [email protected]

Government Technology’s Public CIO is published by e.Republic Inc. Copyright 2011 by e.Republic Inc. All rights reserved. Opinions expressed by writers are not necessarily those of the publisher or editors.Article submissions should be sent to the attention of the Managing Editor. Reprints of all articles in this issue and past issues are available (500 minimum). Please direct inquiries for reprints and licensing to Wright’s Media: (877) 652-5295,[email protected] Information: Requests for subscriptions may be directed to Subscription Coordinator by phone or fax to the numbers below. You can also subscribe online at www.govtech.com.

46

4842

[4]



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



ADATA CENTER THAT’SEXPANDING BUT ABUDGET THAT ISN’T.

SOLVED.

Domorewith less. Youget that seemingly impossiblemission allthe time.Andsodowe.Withover20yearsof experiencewith citiesand states across the country,we can help handle cuts in staff andcuts in funding. All while keeping your data center in oneoptimizedpiece. Contract, policy and purchasing requirements?Been there.Done it thousands of times before. And happy to do it again.Make your impossible possible at CDWG.com/datacenter

©2011 CDWGovernment LLC. CDW®, CDW•G® and PEOPLEWHOGET IT™ are trademarks of CDWLLC


Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



[ INTRODUCTION ]

IT’S FEBRUARY — the dark, frigid heart of winter — and there are seemingly few bright spots on the

horizon. Bleak budgets, unfi lled CIO positions and brutal weather can work in concert to make this a most depress-ing time. But fear not. For in your hands you hold an issue of Public CIO

brimming with so much compelling content that it’s sure to warm your outlook on the months ahead.

Our cover story, featuring Arkansas CTO Claire Bailey, delves into the secu-rity issues surrounding social media. Like it or not, social media is not only here to stay, but is also increasingly integrating into everyday business pro-cesses. This story aims to help you get a handle on securing something that’s largely the antithesis to security.

Also in this issue, you’ll fi nd a story by Contributing Writer David Raths that examines the challenges IT managers face when they try to add business analysts to their staff. Though the need for such employees is great, the opportunities are few and the obstacles are many.

Next up is a story that details the growing role metrics play in establish-

ing the value of IT investments. You’ll also fi nd an excellent piece by Dean Iacovelli fi lled with advice on how to sell IT to government executives. With a host of new governors and (hopefully) CIOs, making the case for IT has never been more important.

Contributing Writer Brooke Aker offers up a feature on the growing power of Web intelligence and how it may be used to spot trends to stop incidents, like terrorist

attacks, before they start. And Associate Editor Matt Williams presents a look as to why a number of state CIOs have not yet been appointed. Almost everyone, ourselves included, thought we’d be awash in new names and faces by now.

And rounding out this issue is a story about open source initiatives in three

German cities: Munich, Schwäbisch Hall and Treuchtlingen. Author Mark Cassell takes pains to explain why free open source software is worth consid-eration by American governments.

And I’d be remiss not to mention new columns by Andy Blumenthal, Dan Lohrmann and Paul Taylor, as well as a book review about strategic portfolio project management from Managing Editor Karen Stewartson.

So while it may be a dreary, cold winter, the cover-to-cover content in this issue is like a summer blockbuster, Public CIO-style. ¨

Now Is the Winter of Our Discontent

B Y C H A D V AAAA N DN D E RE RE RE R V V E EE NNNNNA S S O C I A T E E DE D I T O RO R

Like it or not, social media is not only here to stay, but is also increasingly integrating into everyday business processes.

[6]



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



Up to 10x Faster Claim: Based on download speed comparison of 3G’s 600 Kbps vs. 4G’s 6 Mbps. Industry published 3G average speeds (600 Kbps–1.7 Mbps); 4G average speeds (3–6 Mbps). Actual speeds may vary.Coverage not available everywhere. Sprint 4G is currently available in over 45 markets and counting and on select devices. See sprint.com/4G for details.

3G/4G USB Modem 250U by Sierra Wireless

Turn your department into a lean, mean, red-tape-devouring machine. Hello 4G. Now team members can

move huge fi les, transmit video and perform GIS mapping functions

in the fi eld at speeds up to 10x faster than 3G. Plus, you’ll be able to

track the whole department, ensuring they’re in the right place at

the right time. That’s efficiency. Welcome to the Now Network.™

1-800-SPRINT-1 (1-800-777-4681) sprint.com/4G

“Sprint showed the biggest improvement in customer experience across 14 industries.”—Forrester Research Report: Customer Experience Index 2010


Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



[8]

WHEN A DEADLY TORNADO TOUCHED DOWN in Cincinnati, Ark., last New Year’s Eve, state officials could have relied on typical channels like TV and radio to warn citizens of dangerous road conditions and weather patterns. Instead, the Arkansas Homeland Security and Preparedness Agency chose to tweet up-to-the-minute storm reports. The result: “We were overwhelmed by the level of volunteers who came in to support our citi-zens in their time of need,” said Arkansas CTO Claire Bailey. “We had to turn people away.”

TO FRIENDTO FRIEND

CIOs GRAPPLE WITH THE SECURITY RISKS OF SOCIAL MEDIA.

BY C I N DY WAX E R | CO N T R I B U T I N G W R I T E R

or not



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



iSTO

CK.C

OM/ V

IOLE

TKAI

PA




Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



Welcome to Government 2.0. In an era of Facebook, LinkedIn, YouTube, Twitter and blogs, more government agencies are embracing these social media tools to com-municate with citizens in real time and supporting inter-nal collaboration. In fact, 66 percent of all government agencies currently use some form of social networking

— from blogs and wikis to instant messaging and discus-sion boards, according to a recent study from the Human Capital Institute and Saba. And 31 percent of counties and municipalities surveyed have embraced social media as a more efficient customer feedback channel.

“Government’s mission for centuries has been to reach citizens on topics, whether that’s in person, at town halls, through letters or signs on street corners,” said Steve Ressler, president and co-founder of GovLoop.com, an online social networking site that connects government innovators. “Part of government’s role is to get information out to citizens and get their feedback. Social media is one of the No. 1 tools people want to use right now.”

A HEATED DEBATEBut while social media can be used to warn citizens of

an approaching tornado, another storm is brewing around government’s use of social media and the potential security risks. Phishing scams that convince users to perform a task that launches a malware attack and unwitting employees who reveal state secrets on their personal blogs are just a few ways social media presents enormous security risks.

“If you make social media available to hundreds of pub-lic employees, you have acceptable use issues, people hav-ing to be sensitive to what should be public information and what should not be, and people speaking on behalf of their agencies when they shouldn’t,” said Charles Robb, a senior policy analyst at NASCIO. “Plus, you’ve opened up a whole new point of entry into your network.”

Even the Pentagon is grappling with what role social media should play in government circles. Despite rumors of banning sites like Facebook and Twitter altogether, and the recent dissolution of its social media office, the

Pentagon is currently reshaping its social media policy format to better integrate these services.

And the Pentagon isn’t alone. As social media becomes a critical component of any communication and collabora-tion strategy, more federal and state agencies are rethink-ing their philosophy on these controversial tools. Rather than simply wring their hands, the true trailblazers are discovering a multilayered approach that maximizes social networking’s benefi ts while addressing critical security concerns.

A MULTIPRONGED APPROACH TO SECURITYAt the core of any solid social media plan is training,

according to Ressler. “Agencies need to start thinking about providing more training and education on proper use. There will always be that 1 percent — that person in Iraq who posts a photo on Facebook or something they shouldn’t,” he said. “It’s about training people on proper behavior.”

Bailey agrees. To get her department up to speed, she hired Boot Camp Digital, a social media and Internet marketing training agency that offers courses, seminars and workshops on managing social media. Lessons ranged from teaching public information officers the fi ner points of creating social media content to giving the agency’s information systems personnel a crash course in more technical aspects such as network security. Through for-mal training, Bailey said the agency reassured technology employees who might fear the security risks of sites like

[10]

STEVE RESSLER: Training should be at the core of any social media plan.

“THERE WILL ALWAYS BE THAT 1 PERCENT — THAT PERSON IN IRAQ WHO POSTS A PHOTO ON FACEBOOK OR SOMETHING THEY SHOULDN’T. IT’S ABOUT TRAINING PEOPLE ON PROPER BEHAVIOR.”STEVE RESSLER, PRESIDENT AND CO-FOUNDER, GOVLOOP



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��




FACEBOOK’S PRIVACY POLICY TIMELINESince the dawn of social networking, security issues have routinely been problematic. Facebook, the world’s leading social network, has made headlines over the years for its questionable security practices. The following excerpts, compiled by the Electronic Frontier Foundation’s Kurt Opsahl, illustrate Facebook’s increasingly murky position on user privacy. It’s also worth noting that Facebook’s privacy policy is presently more than 5,700 words — about twice the length of this entire article.

2005FACEBOOK PRIVACY POLICY CIRCA 2005:No personal information that you submit to Thefacebook (editor’s note: Facebook was originally called Thefacebook) will be available to any user of the website who does not belong to at least one of the groups specifi ed by you in your privacy settings.

2006FACEBOOK PRIVACY POLICY CIRCA 2006:We understand you may not want everyone in the world to have the information you share on Facebook; that is why we give you control of your information. Our default privacy settings limit the information displayed in your profi le to your school, your specifi ed local area, and other reasonable community limitations that we tell you about.

2007FACEBOOK PRIVACY POLICY CIRCA 2007:Profi le information you submit to Facebook will be available to users of Facebook who belong to at least one of the networks you allow to access the information through your privacy settings (e.g., school, geography, friends of friends). Your name, school name, and profi le picture thumbnail will be available in search results across the Facebook network unless you alter your privacy settings.

2008FACEBOOK PRIVACY POLICY CIRCA NOVEMBER 2009:Facebook is designed to make it easy for you to share your infor-mation with anyone you want. You decide how much information you feel comfortable sharing on Facebook and you control how it is distributed through your privacy settings. You should review the

default privacy settings and change them if necessary to refl ect your preferences. You should also consider your settings whenever you share information. ...

Information set to “everyone” is publicly available information, may be accessed by everyone on the Internet (including people not logged into Facebook), is subject to indexing by third-party search engines, may be associated with you outside of Facebook (such as when you visit other sites on the Internet), and may be imported and exported by us and others without privacy limita-tions. The default privacy setting for certain types of information you post on Facebook is set to “everyone.” You can review and change the default settings in your privacy settings.

2009FACEBOOK PRIVACY POLICY CIRCA DECEMBER 2009:Certain categories of information, such as your name, profi le photo, list of friends and pages you are a fan of, gender, geographic region, and networks you belong to are considered publicly avail-able to everyone, including Facebook-enhanced applications, and therefore do not have privacy settings. You can, however, limit the ability of others to fi nd this information through search using your search privacy settings.

2010CURRENT FACEBOOK PRIVACY POLICY, AS OF APRIL 2010:When you connect with an application or website it will have access to General Information about you. The term General Infor-mation includes your and your friends’ names, profi le pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting. ... The default privacy setting for certain types of information you post on Facebook is set to “everyone.” ... Because it takes two to connect, your privacy settings only control who can see the connection on your profi le page. If you are uncom-fortable with the connection being publicly available, you should consider removing (or not making) the connection.

Excerpts used with permission.



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



Twitter and discovered how the state could better utilize social media.

For Terry Bledsoe, CIO of Catawba County, N.C., and an active Twitter user, social media education isn’t some-thing to be taken lightly. An IT governance committee comprising representatives from across the county meets monthly, supervisors participate in annual training sessions to update their skills, and new hires are informed of the agency’s social media rules and regulations.

Bledsoe doesn’t believe in a cookie-cutter approach to teaching safe social media practices. Because fresh-faced Millennials, or 20-somethings, make up 10 percent of Bledsoe’s own staff, he says he’s careful to recognize the varying degrees of understanding of social media’s inherent risks among disparate age groups. “The Millennials are a lot more active on Twitter and Facebook,” he said. “They’ve grown up with this technology, so they’re able to fl ex as things change, whereas the baby boomers get on Facebook and they don’t really know how to address security.”

PROMULGATING POLICYCarefully crafted usage policies can help bridge this

generational divide by addressing employees’ behavior regardless of age and offering strict guidelines on how to mitigate social media security risks. That’s not to suggest, however, that there’s a standard template for social media policies. Rather, agencies must cherry-pick the controls that best meet their unique security concerns.

For example, Bailey, whose department currently is drafting a formal social media policy, has stipulated that “the only people who will have access to update our social media site, or deliver messages to it, are within my com-munications team.” By limiting access, Bailey said she can better monitor the types of information made public while ensuring that what’s being communicated represents the state of Arkansas rather than personal opinion.

Nevertheless, Bailey said agencies statewide will be encouraged to create their own social media policies versus abiding by a single set of rules. “We want to make sure the social media policy is developed by each agency so they can align it with their Internet acceptable use policy,” she said.

Bledsoe also established tight controls on social media that require employees to gain approval before joining the social media sphere. “Any department that wants to set up a Facebook page, Twitter account, or even a Web page has to go through the public information officer’s office,” he explained. “We don’t just set up a profi le because some-body would like to have one. We make sure that there is a benefi t to the organization.”

SEPARATION OF SELF AND STATEHowever, as more employees bring their BlackBerrys to

work and their laptops home, the line between personal and business is becoming increasingly blurred. As a result, many employees risk exposing an agency to major security breaches by divulging seemingly innocuous details about the workplace via Facebook or LinkedIn. Take, for example, the disgruntled state worker who expresses his frustration on Twitter about a network that’s been down for hours.

[12]

WORLD’S TOP 10 SOCIAL NETWORKING SITES

1. FACEBOOK: 500 million users. Based in the U.S.

2. QZONE: 200 million users. Based in China

3. TWITTER: 200 million users. Based in the U.S.

4. HABBO: 200 million users. Based in Finland

5. BEBO: 120 million users. Based in the U.S.

6. FRIENDSTER: 115 million users. Based in the U.S. (most popular in Asia)

7. VKONTAKTE: 110 million users. Based in Russia

8. TAGGED: 100 million users. Based in the U.S.

9. ORKUT: 100 million users. Based in Brazil (owned by Google)

10. MYSPACE: 100 million users. Based in the U.S.

PHOT

O BY

CAT

HY

YOUN

T / S

EIZE

TH

E PH

OTO

“ANY DEPARTMENT THAT WANTS TO SET UP A FACEBOOK PAGE,TWITTER ACCOUNT, OR EVEN A WEB PAGE HAS TO GO THROUGH THE PUBLIC INFORMATION OFFICER’S OFFICE.” TERRY BLEDSOE, CIO, CATAWBA COUNTY, N.C.



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



Although it’s a public airing of a common occurrence, for a government agency, it’s an open invitation to hackers.

To keep employees’ priorities in check, Bailey said that all employees in her Department of Information Systems sign annual confi dentiality agreements. “The day-to-day things that we do in our jobs are bound by the confi dential-ity agreement, and I trust and educate my employees.” Still, she admits, “people can make mistakes.”

Making matters even more difficult is striking a balance between agency security and employee freedom. “You have to respect the privacy rights of the individual and their basic individuality,” Robb said. “At the same time, government employees need to consider who will see what information.”

SOFTWARE SOLUTIONSLuckily managing technology is much easier than cur-

tailing human behavior. Today there are countless network security technologies available that provide a secure line of defense against ill-intentioned intruders. From monitoring

and threat-detection tools to blocking and Web fi ltering technologies, state and local agencies now have a growing arsenal of weapons to choose from.

That’s good news given the network and system vulner-abilities that social media tools can create. After all, just as a single tweet can reach millions of people at once, a single worm or stolen password can rip through an agency’s com-puter infrastructure like a wildfi re.

“Social media is an opportunity for malware to come into an enterprise, as well as an opportunity for spear phishing attacks where a message is crafted to a specifi c agency and an individual is targeted to obtain certain information,” warned David Thompson, group president and CIO at Symantec Services Group, a security software and services fi rm. “Data loss can also occur where someone inadver-tently attaches a fi le that he or she thinks is their resumé but, in fact, it’s a list of confi dential missions or programs.”

But that’s not all. Because computer viruses are best known for spreading via e-mail, employees using social media tools may be likelier to “let their guard down or wear their consumer-at-home hat when they’re actually in the office,” said Thompson.

For this reason, Bailey admits to “constantly looking for a best-of-breed tool so that if my computer gets infected, and I send someone a link that says ‘Check this out,’ and she clicks on it, we have technology in place that blocks that infection.” Besides, she added, “Today’s security tools


CLAIRE BAILEY: Her Arkansas employees sign annual confi dentiality agreements.

PHOT

O BY

DIA

DO M

ACK

“IT’S CRITICAL THAT PROVIDERS OF SOCIAL MEDIA TOOLS UNDERSTAND THEIR RESPONSI-BILITY IN HOW THEIR TOOLS CAN DEFINITELY IMPACT A GOVERNMENT AGENCY.” CLAIRE BAILEY, CTO, ARKANSAS



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



have to keep up with the hackers and malware providers who are out there working 24 hours a day, 365 days a year to bring us down.”

In fact, some would argue that without anti-virus, data loss prevention and scanning tools, a social media pres-ence simply wouldn’t be possible for a public agency. And

that, Thompson fears, would have a disastrous impact on the government’s ability to recruit skilled professionals, especially Millennials.

“I would hate to see us lose talent or not be able to attract talent into our armed forces because we restricted it so much that they can’t actually communicate,” Thompson said. “There’s some great talent that, with the right train-ing and the right protections, can use these social media tools and still accomplish the mission.”

THE IMPORTANCE OF TEAMWORKWorking alongside social media providers is another

tack government agencies are adopting to safeguard their systems and data while delving into Web 2.0. In early January, NASCIO and the National Association of Attorneys General (NAAG) struck a deal with Facebook that required the social networking giant to revise its service terms for state government use. After months of negotiations, Facebook agreed to modify the provisions of its terms and conditions regarding dispute resolution and indemnity clauses.

“It’s critical that providers of social media tools under-stand their responsibility in how their tools can defi nitely impact a government agency,” said Bailey, who is also a NASCIO executive committee member. “From a public-service perspective, we were very happy for Facebook to work with us because these are tools that not only help their company but also the delivery of government services when used effectively.”

So too must an agency’s human resources and IT person-nel work collaboratively to ensure that the right policies and technologies are in place to minimize security risks. After all, intrusion detection software is only as effective as the employees who use it. “Human resources and IT have

to work together,” Robb said. “It’s often a partnership, but a joint governance structure needs to be established to do that most effectively. There are certainly aspects of human resources policies and procedures that CIOs are not going to have comparable expertise in, but they can still contribute a lot to the knowledge of [social media] tools and how they’ll be used or misused.”

In the end though, the greatest risk of social media tech-nologies may not be a breach of security, data loss or a denial-of-service attack. Rather, the most signifi cant threat is not using social media at all. “There’s a huge risk if you’re not active in social media channels,” Ressler said. “For example, if your brand is being beaten up or if there’s a great conversation going on and you’re not a part of it.” By ban-ning social media outright, federal and state agencies risk frustrating their constituents, alienating potential recruits, and stepping away from an opportunity to set the record straight or better inform the general public. And that’s a conversation worth having despite the security risks. ¨

Cindy Waxer is a journalist whose articles have appeared

in publications including The Economist, Fortune Small Business, CNNMoney.com, CIO and Computerworld.

[14]

“WITH THE RIGHT TRAINING AND THE RIGHT PROTECTIONS, YOU CAN USE THESE SOCIAL MEDIA TOOLS.” DAVID THOMPSON, CIO, SYMANTEC SERVICES GROUP



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



power

to th

epublic

®

Find your power to pay less at www.TCPN.org/PowerToThePublic

How transparent is YOUR energy contract?

G o ahead, read the

fine print, there’s a lot of non-transparent embedded fees

attached to even what are called “wholesale energy plans.” TCPN’s

energy contract is different. We’ve developed an electricity pricing model which gives our members access to actual wholesale electricty pricing.

We think “fully revealed” means you know exactly what you

are paying for...every fee, every fraction of a penny,

for every kilowatt hour used. You’ll be surprised to know how much you can save with an energy contract that is completely

transparent!


Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



[16]

TO FILLTOUGHA

BY DAV I D R AT H S | CO N T R I B U T I N G W R I T E R

POSITION

[[16]

BYBYBYBYBYBYBYBYBYYBYBYBYBYBYYBYBYBYBYYBBBYBYBBYBYYYYY DDD D D DD D D DDD DD DDDDDDDDDDDDDDDDDDDAVAVAVAVAVAVAVAVAVAVAVAVAVAVAVAVAVVAVAVAAVAAVAVVAVAAVA I DI DI DI DI DI DI DI DI DI DI DI DDI DI DDI DI DDDDDI DI DI DI DDDDDDI DDDD R R R R R RRR RRRRR R RR RRR RRRRRR ATATATATATATATATATATATATATATATATAATATATAATTATAATATATATTTTAAA H SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SH SSH SH SHHH SHHH SH | | | | | || | | | | | | | || | || ||| |||| CCC C C CC CCC CCCCCCCCCCCCCCCCCCCCO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NNNO NO NO NO NO NO NO NOO NOO NO NO NNOO NNO NO T RT RT RT RT RT RT RT RT RT RT RT RT RT RT RT RT RT RT RT RT RT RT RTT RRTTT RTT RRRTT RRRT RT RT RTT RT RTTT I BI BI BI BI BI BI BBBBI BI BI BI BI BBI BI BBI BI BIII BI BBBBBBBIII BBI B U TU TU TU TU TU TU TU TU TU TU TU TU TU TUU TU TU TU TU TU TU TU TTU TU TU TUU TU TTUU TTTTTTU TU TU TTUU TUUU TUU I NI NI NI NNI NNI NI NI NI NI NI NNI NNNNNI NI NI NI NI NI NNNI NNNNNNI NNNNNNI NN G G G G G GG GGGGGG GGGGGGG GGGGGGGGGGGGGGGGG W RW RW RW RW RW RW RW RW RW RW RW RW RW RW RW RW RW RRW RW RW RW RW RW RW RW RW RW RW RW RW RWW RW RW RWW RRW RRWW RRRW R I TI TI TI TI TI TI TI TI TI TI TI TI TI TI TI TTI TI TI TI TTI TI TI TI TI TTTI E RE RE RE RE RE RE RE RE RE RE RE RE RREE RE RE RE RE RE RE RE RE REE RE REEE RREE RREE REE RREEE R

GETT

YIM

AGES

.COM



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��




an Smith, CIO of Atlanta, has a unit within his IT department dubbed Business Strategic Services that’s charged with analyzing business processes and applying technological solutions to them.

One of Smith’s ongoing challenges, however, is fi nding peo-ple with the right mix of skills to fi ll the business process analyst positions.

“They have to be able to act in a collaborative fashion and talk to a lot of different people in a situation where they recognize they have very little authority,” he said. “It is very much like being a consultant,” added Smith, who earlier in his career worked as a manager at Deloitte & Touche.

Business analysts must adapt to working with multiple business units with very different needs, ranging from aviation to public safety to fi nance. That’s why it is even more challenging than in the private sector to fi ll these positions, he added. “I came here from Matria Healthcare, and although health care is complex, the different divisions were working in the same fi eld. Here, we have requirements in each department that are vastly different, so the adapt-ability of analysts is crucial.”

Smith describes Michael Dogan, his deputy CIO in charge of Business Strategic Services, as an example of the type of employee he appreciates. “He can easily talk to a network engineer on his level one minute and the mayor on his level the next.”

The effort to identify and correct misalignment and mis-communication between IT organizations and business units is decades old, and yet the problem persists. Many CIOs say the missing link is staff members who understand and can translate business requirements into effective IT projects.

Business analyst is a difficult job to fi ll because it requires a fairly high level of business knowledge and com-munication skills, said Gregg Powers, a senior management consultant for IT consulting fi rm Ciber Inc. “It is a horrible liability to an IT organization to have a business analyst hidden away in a corner cubicle drawing up requirements in isolation or only occasionally asking questions,” he said. “Most business groups are desirous of IT interactions. Both sides can grow from the experience. As we build that com-

munication bridge, the tech people understand business process fl ow and the business side can better understand how technology gets applied.”

Part of that communication bridge should be a well defi ned and representative governance structure that fi lters information up to the CIO, Powers said. “And CIOs need to be spending 50 to 60 percent of their time with busi-

ness units and the rest on delegation and decision-making inside the walls of IT.”

Powers said CIOs might want to have business analysts physically reside in the business areas they serve. “There they will pick up on how the group works and sit in on meetings they would never have access to otherwise,” he explained. In consolidated IT organizations, it’s important that roles, such as business analyst, remain close to the organization they serve. “We recommend pushing those positions out rather than bringing them into a consolidated group,” Powers said.

WEST VIRGINIA’S CONSOLIDATIONWest Virginia’s technology leaders recognize that it’s

particularly important that their staffing decisions address alignment issues in the wake of a broad IT consolidation being completed this year. In fact, the fi rst goal mentioned in the Office of Technology’s most recent strategic plan is tightening partnerships and alignment with the business side of state government.

In the consolidation, some agencies lost all their IT expertise, said Kathy Moore, the state’s deputy CTO and director of Client Services Delivery. “Although we met with cabinet-level leadership regularly, we realized those meet-ings were not sufficient to meet their needs, so we created ‘relationship manager’ positions.”

By defi nition, the relationship managers serve customer agencies as a single point of contact for communications at the agency and cabinet levels. They understand the mission and goals of their customers, how infrastructure technol-ogy can best be used to advance these goals, and inform customers on changes and service availability at the Office of Technology.

IT MANAGERS HAVE TROUBLE ADDING BUSINESS ANALYSTS TO THEIR LINEUPS.



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



Six people spend about 40 percent of their time on it, Moore said. Their skill set is that of high-level IT team leaders with much experience converting agency needs into solutions. (Moore is one of the six relationship man-agers who shepherd agency projects through the newly created Project Management Office, which also has created several business analyst positions.)

Sue Ann Lipinski, acting information services director, said her department assigns project managers and business analysts to specifi c government agencies for extended peri-ods of time. The project managers coordinate agency project steering committees and provide project oversight for a program or portfolio of agency activities. This helps better position the project managers to identify related projects within an agency so that priorities can be established and resources can be allocated according to customer objec-tives. Lipinski said the agency’s strategy for hiring project managers and business analysts is to fi nd individuals with both business and technical backgrounds. These individu-als must embrace a philosophy of “lifelong learning” and possess keen analytical, problem-solving and communi-cation skills. “We are particularly interested in fi nding professionals with the ability to understand and translate business requirements into technical specifi cations and vice versa,” she said.

PROJECT MANAGEMENT SKILLS LACKINGPublic-sector agencies that have outsourced most IT

functions often fi nd the pared-down internal team lacking in project management skills. San Diego County signed a seven-year, $667 million contract with Northrop Grumman that took effect in January 2006.

For its IT projects, the Northrop Grumman team appoints a project manager and the county appoints someone from the business department to co-manage these projects, said Harold Tuck, the county’s CIO.

“What we have found is that the Northrop Grumann person is trained and certified in project manage-

ment, but the county folks do not have that discipline,” he said.

“On large enterprise projects, someone from our core group of 15 people will be involved and they have the nec-essary background,” he explained. “But we have 40 people who are departmental IT coordinators, and it is that group that needs some help. We are starting to talk about putting together our own training curriculum for them involving project management skills so they can focus on defi ning deliverables, tracking payment milestones, slippage, change orders and better establish project gov-ernance structure.”

Tuck’s core team also relies on feedback from these departmental IT coordinators to help assess how well the outsourcing arrangement is working. In October 2010, the county set up an internal enterprise project management office. “We are hoping that group can pass along lessons learned to these IT coordinators,” Tuck said.

No matter what your organizational structure is, if you identify the business analyst position as a weak point in your team, you may not be recruiting and training cor-rectly, according to Seattle management consultant Jeff Angus, who often brings baseball analogies to his con-sulting advice. (In fact, he is the author of a book called Management by Baseball.)

“In baseball, you have to scout and invest in the right people, you have to continuously assess their strengths and weaknesses, ascertain which skills can be improved and which are going to stay as constraints, and then attack important limits with coaching, drills and other forms of conscious, premeditated refi nement,” Angus said. So for these analyst positions, CIOs should hire only people who are predisposed to “get” business requirements. That makes the analysis and building out of technology requirements low overhead, because they understand the basic business rules already, Angus stressed.

Consider reinforcing the technologists who are good at this by promoting it, having successful employees set aside time to mentor others, he said, and pay people who are good at business and technology more than you pay some-one who’s good at only one or the other.

Angus also suggests dedicating time for additional training. “Business requirements change; technology, of course, turns over, and that means each of the two tectonic plates is shaped differently, so the way they act on each other is mutating.”

Sometimes a strong executive sponsor can identify a weakness in IT alignment and do something about it, said Garth Carter, Ciber’s vice president for state and local government. He gave as an example Phillip Washington,

“IN THE PUBLIC SECTOR THIS IS HARDER THAN IN THE PRIVATE SECTOR, AS TENURED EMPLOYEES ARE SOMETIMES MORE RESISTANT TO CHANGE, BUT IT IS POSSIBLE.” GARTH CARTER, VICE PRESIDENT FOR STATE AND LOCAL GOVERNMENT, CIBER

[18]



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��




Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



general manager of the Denver Regional Transportation District (RTD). “As RTD began risk assessment for the implementation of a new ERP system, it did an organiza-tional assessment of IT and concluded the existing IT team did not have enough people with business analyst skills,” Carter said. “Washington made it clear he expected people to get training, develop new skills and move in a new direction to accomplish a successful ERP implementation.”

Some employees left because they felt they weren’t a fi t, but it forced the IT group to go through a transformation and skills development, Carter added. “In the public sector this is harder than in the private sector, as tenured employees are sometimes more resistant to change, but it is possible.”

Another executive sponsor who took an aggressive stance on IT/business alignment issues is Adam Jones, chief operating officer of the 1,100-employee Texas Education Agency in Austin. He has taken several steps to get cus-tomers more involved in the IT decision-making process, including naming himself the agency’s CIO in 2010.

“Not to put too fi ne a point on it, but to address the IT/business alignment issue, I made myself CIO,” Jones said.

Jones and CTO Rick Goldgar are implementing an agile software development methodology that puts IT project requirement analysts closer to customers. “We have hacked up projects into smaller pieces,” Jones explained. “The days of the huge $100 million IT projects are over. So we had to have IT learn to give up much of the decision-making to the people on the project from the line of business. Of course, IT is not afraid to point out processes that may not make sense. As my CTO Rick Goldgar says, ‘A bad business pro-cess that is automated just makes a bad process run faster.’”

The shift in how projects are handled has forced the job requirements for the analyst positions to be reconsidered. People from a traditional IT background can make good business analysts, Jones said. People from a testing back-ground, for instance, can see where things are going wrong and make adjustments. But it’s becoming clear to Jones that the analysts don’t have to be technologists. “In the

future, I think we’ll see more people switching teams and moving over to the IT side,” he said.

“The Millennial generation is very tech-savvy, and the work they are doing is really solving communication prob-lems rather than programming,” Jones continued. “They don’t have to write a line of code. So I think we’re as likely to see liberal arts majors as computer science majors fi lling those positions in the future.”

How computer science and information systems courses are taught could also contribute to the problem. According to professor George Strouse, who teaches information sys-tems at York College of Pennsylvania, university curricula in information systems needs to be refreshed to meet cur-rent needs. Too many universities are still teaching about system development life cycles for three- to fi ve-year proj-ects with the specs frozen in the beginning, he noted. “They should be teaching how to chop up those big projects and use rapid development prototyping,” Strouse said.

York College updated its information systems cur-riculum to include project management, business analysis, information security and Web development.

Strouse, who has written several articles about IT staff-ing for alignment, suggests that CIOs hire IT staffers who not only understand business and technology, but who also can cross-train functional area staff members who already have business knowledge to have more low-level IT skills. “Those functional-area staffers will be best at aligning information systems and functional areas, and recognizing when issues come up that must be addressed,” he said.

Strouse added that business skills training for current IT staff is another option, but most CIOs don’t have much budget for training.

Indeed, budget cuts can upset plans to work on alignment. Atlanta’s Smith said the economic climate has hampered the work of his Business Strategic Services group. Initially business process analysts were assigned to work with agen-cies to defi ne business requirements, then another group would translate them into technical documentation, and then the project management office would execute.

“I took this job three years ago with 120 people in IT and was told I would have to lay off 50 people immediately,” Smith recalled. “In Business Strategic Services, that means people are forced to wear all three hats at once. Now some people are good at all three, but it is a stretch. If things begin to pick up for the city, I am hoping to start staffing to the original model.” ¨

David Raths, a writer based in Philadelphia, contrib-

utes frequently to Government Technology, Public CIO, Governing and Emergency Management magazines.

“WE ARE STARTING TO TALK ABOUT PUTTING TOGETHER OUR OWN TRAINING CURRICULUM FOR THEM INVOLVING PROJECT MANAGEMENT SKILLS.” HAROLD TUCK, CIO, SAN DIEGO COUNTY

[20]



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



THE LEADERSHIP EVENT FOR NEW YORK THE LEADERSHIP EVENT FOR NEW YORK STATE PUBLIC SECTOR CIOSTATE PUBLIC SECTOR CIOs

DESMOND HOTEL & CONFERENCE CENTER DESMOND HOTEL & CONFERENCE CENTER ALBANY, NEW YORK | APRIL 6 & 7, 2011ALBANY, NEW YORK | APRIL 6 & 7, 2011

FOR MORE INFORMATION AND EVENT DETAILS VISIT:WWW.GOVTECH.COM/EVENTSWWW.GOVTECH.COM/EVENTS

NEW YOR K PUB LIC SECTORNEW YOR K PUB LIC SECTOR

[22]

THE INEXACT SCIENCE OF MEASURING THE VALUE OF PUBLIC-SECTOR TECHNOLOGY.

J I M R O M E O | C O N T R I B U T I N G W R I T E R

PAYBACK?What’s Our

Budget crunches are everywhere in state and local government. Recently elected leaders and officials carry promises of fiscal restraint with them as they face their constituents.

Many are taking bold initiatives at the outset of their terms to show they mean business. For example, newly elected New York Gov. Andrew Cuomo volunteered to cut his pay before cutting state workers’ salaries, and he has threatened to shut down the state if a budget isn’t passed. California Gov. Jerry Brown plans to cut $12.5 billion in a state that has faced and will continue to face dire fiscal challenges.

Amid this landscape of belt-tightening is a fiscal topic that most governments must face: IT spending. Policymakers — not to mention taxpayers — want to see a return on any IT spending; tools, and technologies must save money, improve service and boost productivity with a reasonable payback. If governments can demonstrate this to multiple stakeholders that range from ordinary citizens to state assemblies and city councils, then IT spending can be spared aggressive cuts.

To justify and substantiate IT investments, government leaders and managers must sharpen their ability to com-

municate value that constituents can understand and embrace. If analytics are available, it makes the sell that much easier. Larry A. Godwin, director of the Memphis, Tenn., Police Department (MPD), is not a CIO, but he knows the value and importance of IT as a public good.

“As an organization whose mission is to create and maintain public safety — with focused attention on pre-venting and reducing crime, enforcing the law and appre-hending criminals — the Memphis Police Department is held accountable on a daily basis by the citizens it serves,” he said.

The department uses analytic software to guide strategic planning and day-to-day activities. The analytic tools can evaluate crime patterns in areas as wide as the entire city or as narrow as a single block, allowing the MPD to find crime hot spots and deploy additional patrols.

Godwin said the software produces results that are difficult for any steward of the city’s budget to argue with. Predictive analytics is part of the MPD’s Crime Reduction Utilizing Statistical History (Blue CRUSH) program, which cut serious crime in Memphis by more than 30 percent, including a 15 percent reduction in violent crimes.



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



©iS

TOCK

.COM

/ MBP

HOT

O, IN

C.

K?



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



[24]

Godwin said this is only the beginning of the payback as the increased use of technology in crime-fi ghting activi-ties has improved communications with other levels of law enforcement and government. “Through Blue CRUSH, MPD works hand-in-hand with the district attorney’s and U.S. attorney’s offices to ensure that Blue CRUSH defen-dants are prosecuted in the most appropriate venue,” he said. “Today Blue CRUSH has expanded tremendously and works in tandem with MPD’s Real Time Crime Center [RTCC], a $3 million state-of-the-art crime monitoring and analysis hub that opened in April 2008.”

IT METRICS: A NECESSARY EVIL?What the MPD did, however, may not be possible for all

governments as it requires additional budget and effort. Some believe that it may not even be necessary.

Patrick Gray is president of the Prevoyance Group in Fort Mill, S.C., and author of Breakthrough IT: Supercharging

Organizational Value Through Technology. Gray thinks that the proof is in the pudding. If taxpayers can easily see the benefi t of IT spending, a sophisticated ROI calculation may not be needed.

“While I’m not sure that the public at large is chomping at the bit for published IT metrics, there is obviously a desire for knowing that the government is reducing costs and spending taxpayer money wisely,” Gray said. “If these types of metrics can be consolidated across government functions, it makes a compelling case for these being mon-ies well spent. I don’t think there’s anything necessarily wrong with ROI measurement, save for when you have to make too many leaps to tie the return to the IT investment.”

Often a challenging task of determining the economic return on a public good is defi ning who the stakeholders of such public goods truly are.

“The fi rst step is to parse what you mean by the ‘public.’ If you want to be serious about measurement, you have to dismiss the idea that there is a monolithic public, but rather a diverse mix of stakeholders who have different interests and therefore different value propositions,” said Theresa Pardo, director of the Center for Technology in Government at the State University of New York, Albany. “Any measurement model must therefore have a way of rep-resenting these interests and how they are affected by the

P R E D I C T I V E A N A LY T I C S H E L P E D C U T S E R I O U S C R I M E I N

M E M P H I S BY 30 P E R C E N T, M A K I N G T H E T E C H N O LO G Y

I N V E S T M E N T H A R D TO A R G U E W I T H .

MEMPHIS POLICE DEPARTMENT: IT METRICS SPEAK FOR THEMSELVESCalculating ROI on an IT program or investment can be complicated and expensive. When it’s possible to provide such analytics to the public, however, the facts may speak for themselves. The Mem-phis, Tenn., Police Department (MPD) did just that. In 2005, the department introduced an IT data tool to help combat the city’s rising crime rate. The MPD introduced a data management IT tool, Crime Reduction Utilizing Statistical History (Blue CRUSH), to identify and focus on crime trends and problem areas.

Realizing that traditional policing approaches were becoming less eff ective, MPD Director Larry A. Godwin convened with the district attorney general, U.S. a ttorney, members of the MPD’s Organized Crime Unit, and Richard Janikowski of the University of Memphis’ Department of Criminology and Criminal Justice to discuss evidence-based practices that the MPD could adopt.

Through the partnership, the Department of Criminology and Criminal Justice accumulated crime-related data from the MPD. The department deployed IBM predictive analytics software as the foundation for the new solution.

Shortly after the Blue CRUSH methodology implementation, the department conducted pilot operations in selected precincts before rolling out the program citywide. The initial results quickly validated its strategy.

• IN AUGUST 2005 , Operation Blue CRUSH took place in select precincts. The university worked with maps, charts and other data from police reports fi led between July 16 and Aug. 12. It used predictive analytics to identify crime patterns based on type of criminal off ense and the time and day it took place to determine hot spots for future criminal activity. Within the operation’s fi rst few hours, members of the MPD’s Organized Crime Unit arrested 67 people for various off enses, particu-larly drug charges. In about 18 hours, 162 arrests were made, capping one of the most successful operations in MPD history. The department later reported a 6 percent decrease in similar crime activity in those areas following Operation Blue CRUSH.

• FROM SEPTEMBER TO OCTOBER 2005 , the MPD conducted Operation Safe Haven, focusing on Hurricane Katrina evacuees in Memphis who were being targeted by local criminals. With predictive analytics, the MPD identifi ed areas that were likeliest for this type of crime and added patrols. Operation Safe Haven reduced these targeted crimes by 85.7 percent.

• IN SEPTEMBER 2005, the MPD focused on the escalating rate of crimes involving Hispanic residents with the introduction of Operation Colaboracion. On Sept. 4-10, the MPD received reports of 84 robberies within the Hispanic community, up by 49 cases over the previous week. Predictive analytics helped determine where this crime would likeliest occur, as well as the time, day of week and other victim/off ender characteristics. After Operation Colaboracion, the MPD saw a 71 percent decline in robberies involving Hispanic victims.

Every pilot program that the MPD conducted resulted in crime reduction from 67 to 87 percent. That validation enabled the department to expand Blue CRUSH citywide the next year.

PHOTO COURTESY OF MEMPHIS POLICE DEPARTMENT

PHOT

OCO

URTE

SYOF

MEM

PHIS

POLI

CEDE

PART

MEN

T



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��




IT project development and operation. The model requires identifi cation of stakeholder groups, their specifi c interests in relationship to the project’s characteristics, and methods to detect how those interests are likely to be affected.”

Getting public buy-in for government programs can make the justifi cation of an IT investment easier.

In Florida, Volusia County helped sponsor community forums for a variety of issues for its member agencies. The city of Daytona Beach Shores used a community forum to involve the public in the direction and policy of the city’s strategic plan, explained Phara McLachlan, CEO of IT con-sulting fi rm Animus Solutions.

“ One of the issues discussed was the creation of a full-time emergency management program in the wake of Hurricane Andrew,” McLachlan said. Citizens rated the program a top priority, even though it required the city to make a signifi -cant technology investment, including standing up a new emergency operations center.

“The citizens made this their No. 1 directive because of the intangible insurance benefi ts to the community,” she said.

While private companies often can evaluate the effectiveness of new technology based on cost reduction or revenue gains, the benefi ts of government IT systems can be harder to quantify.

“Traditional ROI measures fail to account for some of the unique functions that government performs, like public safety — for example, what is the ROI of preventing crime? — which contain both hard and soft cost savings,” said Terri Jones, government industry manager of Hyland Software in Westlake, Ohio, who has implemented IT projects for the Pennsylvania Treasury Department. “Government entities

exist to provide what economics has traditionally clas-sifi ed as public goods. These goods are difficult to assign costs and value to, and processes like those of the justice system are based in constitutional and legal rights. If they are ignored, there are lawsuits and legal costs that might be costs that could be observed, but it is difficult to assign accurate costs for concepts like due process.”

Policymakers often have mandated that agencies develop and report performance measures, but these initiatives typi-cally lack additional funding for agencies to implement them, Jones said, resulting in ineffective and inconsistent results.

“This has resulted in a lack of baseline cost estimates, failure to consistently monitor and tally savings, and often changes in policy choices might change metrics before IT projects are fully implemented,” he said. “Traditional customer satisfaction surveys can be swayed by political discontent or other factors that may not be directly related to the performance and effect of a technology project.”

In this vein, could it be that traditional ROI models used in the private sector just doesn’t apply? Gopal Khanna, former CIO of Minnesota and the U.S. Peace Corps, thinks so.

“When it comes to fully measuring the value of public-sector IT projects, the traditional ROI model does not suf-fi ce,” Khanna said. “It’s based upon the notion that capital investments in IT projects should result in actual savings over the project’s duration. This is great in theory, but doesn’t accurately measure a project’s value. Governments, like the private sector, must move on to determine other outcomes they are looking for.”

Khanna knows well that in the last decade, governments are following suit of their private-sector peers in ensuring that IT investments achieve savings and gain a competitive advantage in the global market.

“Government too needs to rethink investment philoso-phy when it comes to IT,” he said. “As governments struggle to balance revenue with legal obligation, they must look for savings, while working to make services more citizen-centric and providing the productivity gains necessary to offset a dwindling work force.”

In a 2006 white paper, Advancing Return on Investment

Analysis for Government IT, Pardo said experts, consul-tants and local leaders mostly agree that it’s difficult to pinpoint IT ROI in the public sector. Framing the value to citizens and stakeholders is key. The conclusion that she and her colleagues reached then still stands: “The value of a government’s investment in IT should be assessed from the point of view of the public it serves.” ¨

Jim Romeo is a writer based in Chesapeake, Va. He is the

author of two books and more than 700 magazine articles.

His focus is business and technology topics.

M E M P H I S P O L I C E D E PA R T M E N T D I R E C TO R

L A R R Y A . G O D W I N W O R K S W I T H A N O F F I C E R I N

T H E D E PA R T M E N T ’S R E A L - T I M E C R I M E C E N T E R .

PHOT

O CO

URTE

SY O

F M

EMPH

IS P

OLIC

E DE

PART

MEN

T



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



[26]



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



ith the November 2010 U.S. election still fresh in our

minds, and with a host of newly elected officials (and newly appointed CIOs) pre-

paring to make their mark on civic life, now seemed an opportune time to examine the relationship between these two groups more closely. More specifi cally, in the midst of the Great Recession described in the Time magazine quote above, how does a new CIO articulate and demonstrate IT’s value to his or her administration’s overall political agenda and guide gov-ernment leaders toward the aforementioned “cuts that heal?”

As Microsoft’s former chief security adviser to state and local governments, the difficulty in selling the seemingly intangible value of IT isn’t lost on me. I was responsible for driving proactive cyber-security policy awareness and investment with government IT leaders and elected offi-cials. In my role, there was often a perception by elected

officials that cyber-security was an insur-ance policy that one paid into endlessly but rarely generated any political value. A tough sell indeed, but if I were at all successful during my tenure, it’s because I focused on leveraging rather than ignor-ing the difficult times and changing the conversation — which also is applicable

to defi ning broader IT value. Given that the fi rst order of business for almost any new

administration is producing a budget, we’ve all no doubt seen this headline in one form or another during transitions: “New governor takes office and fi nds revenues lower than expected and expenditures higher than expected. Cuts to be announced shortly in new austerity budget.”

While there historically has been an element of political theater to this type of announcement, it rings truer than ever under the ongoing and well documented budgetary cri-ses occurring nationwide. For the CIO, this inevitable event

In government, as in life, there are cuts that injure and cuts that heal. As they continue to slog through the wreckage of

the Great Recession, state and local leaders have a challenge to be surgeons rather than hacks and make this era of crisis

into a season of fresh starts.” — Time magazine, June 17, 2010

THOUGHTS FOR NEW CIOS ON DEFINING THE VALUE OF IT

FOR GOVERNMENT EXECUTIVES.

S E L L I N G

UMBRELLASI N T H E R A I N


B Y D E A N I A C O V E L L I / C O N T R I B U T I N G W R I T E R

I L L U S T R A T I O N B Y T O M M c K E I T H



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



also poses a serious problem: An incoming executive may have had little exposure to the value of the state’s IT orga-nization, and thus may have no opinion of the CIO’s work. Or worse, the incoming governor sees the CIO as a pure cost center and ripe for potential “cuts that hurt.”

The good news is that as incoming leaders take stock of the historically unprecedented budgetary shortfalls they’re facing, even the most optimistic will realize that the usual rolling 5 percent cuts will never make a dent in the problem, and big ideas and bold action are needed.

Public CIO readers won’t be surprised to know that elected officials are a highly specialized audience whose priorities can at times seem vexing when one has a technology agenda to promote. Let’s face it, everything an elected official does in tenure to make or keep citizens happy is to get re-elected. This isn’t intended as a pejorative observation. In fact, it’s the nature of the beast, and the system is designed for them to be the uber advocate for citizen-focused thinking. Success when

dealing with elected officials really lies in getting ahead of and guiding certain key conversations to a place that serves the interests of both the elected official and administration as a whole (innovation, cost-efficiency, risk management, etc.). And when this works, it is easy to identify. At Microsoft, for example, the executive education/envisioning briefi ngs on particular solutions with government customers typically have been attended by the IT leadership. But we increasingly see those IT leaders proactively invite their elected and line-of-business stakeholders to the sessions to ensure that their perspectives inform technology decisions.

DEFINING IMPORTANT CONVERSATIONSI’ve found that much of the success in my work is due to

changing the conversation (and, by extension, the percep-tion) of the people I interact with. For example, when I took over my chief security adviser role, the conversation relating to Microsoft and security was highly adversarial and almost exclusively about patch management. For the fi rst year and beyond, I made it my job to refocus that conversation on building partnerships in service of more effective cyber-security response. I also talked more broad-ly about risk management — something elected officials understand and care about.

As it relates to this audience as far as selling the value of IT, here are a few “fi rst things fi rst” conversations that will be important for new CIOs to defi ne as early as possible with their elected leaders.

COLLABORATION Quantifying the value of citizen-facing technology ini-

tiatives to elected officials is straightforward; doing so for internal-facing technologies, however, typically has been more of an uphill battle. A potential way to frame any technology initiative is in the context of collaboration. One way to think of government is essentially as a collection of workfl ows in service of positive outcomes for citizens/taxpayers. These workfl ows are moved forward by people who, even in pure fi nancial terms (fully burdened salary, benefi ts, pension, etc.), are the most valuable asset of any government. And when manual processes, productivity gaps and redundant work exist within these workfl ows, you get human latency-driven outcomes of government — i.e., missed connections that cost money and more importantly, delay the people. Something as simple as the problem of phone tag is a great example of this. If we accept Gartner’s estimate that by 2015, 80 percent of work outcomes will need explicit input from and the cooperation of two or more people, and the work will seldom be done in per-son, the importance of seamless collaboration cannot be overstated. Thus, whether a proposed initiative is a new internal portal or improvements to an existing 311 system, it’s always about enabling people to better do their part in getting to citizen-relevant outcomes sooner.

And let’s be clear: Two facets enable CIOs to get their mission to resonate with elected officials (and those around them). First, there’s perception — can they “feel” your orga-nization’s commitment to collaboration (results, customer service, etc.) — and then there are the actual things you deliver, both internally and to constituents. For IT to be perceived as a partner and as delivering value, a change on both counts is required. Here’s another way to think of it: If government is a car, cyber-security is the brakes that allow the car to safely forge ahead with, in this case, its technol-ogy agenda. And collaboration can be thought of as the oil that reduces friction in the engine, letting the car run more smoothly and efficiently.

QUICK WINS, BROAD AND VISIBLE IMPACTThere’s a shift afoot in how governments perceive and

act on technology initiatives. Elected officials today are leery of massive 18- to 36-month “Hoover Dam” IT proj-ects that have so often delivered questionable outcomes — or outcomes that are not measurable. They want quick

[28]

ONE WAY TO THINK OF GOVERNMENT IS ESSENTIALLY AS A COLLECTION OF WORKFLOWS IN SERVICE OF POSITIVE OUTCOMES FOR CITIZENS/TAXPAYERS.



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



wins that ultimately impact many users/citizens and that are deliverable in a short time span — wins that may only involve one agency or constituent group at the outset, but ultimately prove out a larger concept without the 36 months of hand wringing and perceived risk. Once proven, the focus becomes the next agency, next electronic form, next constit-uent group, etc. But for the elected official, the perception of risk has been reduced and trust gained. The projects must be strategically visible and deliver incremental value. A former public CIO colleague of mine said, “I could spend all day keeping the public safety system from collapsing in a storm, and no one would notice. But if I drove awareness about the upgrade or addition of a new tower to improve public safety communication, they would throw me a thank you lunch.”

CONSOLIDATION/INTEGRATIONIn my chief security adviser role, I witnessed fi rsthand

how state and local government IT agencies continue to labor under the burden of highly fragmented, redundant and difficult to manage technology infrastructures. While the reasons for this situation are understandable (and far more involved than we can address here), the fact remains that the “islands of information” problem is arguably the single largest inhibitor to modernization of government systems — and we can no longer afford to keep kicking the can down the road on this problem.

The idea of government agencies consolidating and/or shar-ing resources to reduce cost and improve efficiency is nothing new — and the math for it has long been sound. Technological innovations like cloud computing are helping reboot the idea of consolidation. But beyond that, driving a defi nition-al and tactical shift in the conversation also is required. Put simply, consolidation is not just about where the bits and bolts reside. There is low-hanging fruit in a broadly conceived consolidation process that can drive immedi-ate benefi ts — those quick wins referenced earlier such as standardization of desktop images or procurement consolidation. A recent example of this is New York City Mayor Michael Bloomberg’s October 2010 IT modernization announcement. While the city’s planned move to the cloud for more than 30,000 employees was groundbreaking, just as interesting was Bloomberg’s announcement that simply by consolidating core IT procurement for all city agencies, he expects the city to save more than $50 million. If we look more broadly, we fi nd that the governments typically lauded as being the most “digital” — like Utah and Michigan — are ones that have tackled consolidation in one form or another, understanding that it’s a stepping stone to many other outcomes they’re seeking.

THE CLOUD THINGCloud computing is top of mind these days, yet the defi ni-

tion of “cloud” and its value to state and local governments often has been highly problematic. Most elected officials don’t know what cloud computing is — they’ve never heard the term — yet they likely have unknowingly used cloud services for a long time (webmail, etc.). So one must ask: How useful can a term be if it distances people from things they’re already benefi ting from? And for those who have

heard the term, it’s often misunderstood or reduced to a buzzword. In a recent meeting with a governor, we spoke about cloud computing, to which the official said, “I don’t know what this cloud thing is, but I gotta get me one.” While it would be easy to dismiss this as just a humorous remark, it is distressing when an important industry term becomes almost a fashion statement. It’s indicative of a level of hype and misconception that, in the hands of budget-wielding, elected officials can become hugely problematic and dis-tracting to the CIO’s strategic aims. This is the reason it’s important to reinforce with political leaders that the cloud is not a destination, but a potentially powerful tool for solv-ing business problems. However, it doesn’t come before the business problems. Also important will be distinguishing for political leaders the difference between what they see of the cloud in ads or at home and the more exacting requirements of an enterprise cloud strategy.


PHOT

O CO

URTE

SY O

F W

IKIP

EDIA

.ORG

/RUB

ENST

EIN

N E W YO R K C I T Y

M AYO R M I C H A E L

B LO O M B E R G E X P E C T S

CO N S O L I D AT I O N

TO S AV E M O R E T H A N

$50 M I L L I O N .



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



CONSUMERIZATION WITHOUT COMPROMISE The Institute for the Future estimated in 2009 that 47

percent of employees work beyond regular business hours, while 32 percent also do personal activities at work. And this trend will become more important as Millennials con-tinue to grow in the work force , replacing many of the mass of civil servants retiring in the next several years. Given that Millennials lead far more digital lives than previ-ous generations — having grown up with the Internet — they’re expecting to bring the tools of their current digital lives into their new workplace, and will choose workplaces in large part based on such considerations.

Elected officials are also keenly aware of the shifting demographic in their constituent base and are seeking new ways to leverage technologies that will show their face to new demographic groups in new mediums — such as blogs, Twitter and smartphone apps. The rub here is that they will often do this outside the scope of IT’s control, which can introduce risk to the administration. For example, in a recent meeting with a city council member, we talked about an iPhone app that one of his interns helped him create to more easily interact with his constituents. He couldn’t have been prouder of how easily constituents could install the app and e-mail him, and he would immediately see it. The problem with this otherwise wonderful tool, as it turns out, was that it had been built completely without the knowledge and support of the city’s IT department — it completely bypassed city mail systems and associated records management processes, thereby creating potential compliance and security risks.

It’s important for CIOs to accept that this trend is inevi-table. So rather than shutting down fi rewall ports, and offi-cially and irreversibly becoming “the agency that says no,” get ahead of this conversation and position IT as the de facto

partner for a measured, planned embrace of consumer tech-nologies. Be the lead voice in sifting through the pretenders who bring too much enterprise risk for the capabilities they provide to arrive at a manageable, happy medium.

And don’t forget about integration between work and home! Introducing consumer technologies that can’t inte-grate with anything in your enterprise simply continues and even exacerbates the islands of information problem because

government workers (and people in general) increasingly want technology tools that refl ect a seamless, 360-degree view of their digital life. For example, Microsoft integrated the video-chat capabilities of the new Kinect Xbox 360 con-troller with the video-conferencing capabilities of Windows Live Messenger and Lync, the company’s enterprise instant messaging/presence/video/audio conferencing solution. So when I travel for work, I can video conference via my Lync client with my family on the consumer device, the Kinect, and get the benefi ts of consumerization without the risk.

Ultimately in my chief security adviser role, I found that life was too short to spend my time engaging elected offi-cials in some philosophical debate designed to suddenly make them care about cyber-security for its own intrinsic value. Rather, I worked to recast that conversation in terms of risk management — risk to infrastructure, risk to public image — and found that when connecting what I cared about to things they already cared about, most were more willing to listen and act. The same is true in selling the broader value of IT. If CIOs do these things, they will be better positioned to defi ne IT as a living, breathing example and enabler of government at its best. ¨

Dean Iacovelli is the director for collaboration solutions

for Microsoft State and Local Government. He leads a

national team of solution and technology architects work-

ing with state and local government customers on cloud

and self-hosted collaboration strategies and solutions. He

is the former chief security adviser for Microsoft State and

Local Government.

[30]

SUCCESS WHEN DEALING WITH ELECTED OFFICIALS REALLY LIES IN GETTING AHEAD OF AND GUIDING CERTAIN KEY CONVERSATIONS.

YO U N G E M P LOY E E S W I L L E X P E C T

TO B R I N G FA M I L I A R T E C H N O LO G Y

I N TO T H E W O R K P L AC E

PHOTO BY JAY HAUF



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



A BZ Media Event

www.sptechcon.com

Sheraton Boston Hotel

SharePoint Comes Back to Boston!

Download the Full Class Listing!Follow us at twitter.com/SPTechCon

Choose from over Classes & Workshops!90

Keynote by Dux Raymond Sy

“I would recommend SPTechCon to SharePoint admins and developers.By far the best tech event I have attended.”

—Venki Oruganti, Software Developer, Pitney Bowes

“Conference was very informative and educational. I learned a lot andam excited to try some new solutions at work.”

—Dolores Bertin, DRMS Admin.. Inter Pipeline Fund

Register Early

and SAVE!

Learn from the most experienced SharePoint experts in the industry!

Over 55 Exhibiting

Companies!

Attend


Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



IN 2001, HORST BRÄUNER, the IT director of Schwäbisch Hall, a fairy-tale city in southern Germany, faced a situa-tion familiar to many local U.S. government officials. Germany was in an economic slump — the country’s economy had been fl at for several years. The gross domes-tic product dropped from a 2.5 percent rate of growth in 2001 to an anemic 1.4 percent in 2002. In response, the fed-

eral government expanded the number of tax deductions fi rms could take on as losses. Since local governments in Germany depend heavily on business taxes, the change in the country’s tax law coupled with the broader economic recession led to a sharp decline in local tax revenue. But according to Bräuner, Schwäbisch Hall’s problems were even worse.

OPEN SOURCE PIONEERS IDENTIFY FIVE CRITICAL FACTORS FOR SUCCESS.

MUNICH: A HIGH-LEVEL ADMINISTRATOR LED THE CITY’S SHIFT TO FREE OPEN SOURCE SOFTWARE.

LEARNED

PHOT

O BY

DAV

ID K

OSTN

ER /W

IKIP

EDIA

[32]

Lessons

SCHWÄBISCH HALL: WITH ITS BUDGET CRATERING, THE CITY NEEDED AN ALTERNATIVE TO PROPRIETARY OPERATING SYSTEMS.

TREUCHTLINGEN: THE CITY GAVE EMPLOYEES FREE SOFTWARE TO TRY AT HOME.



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



M A R K C A S S E L L | C O N T R I B U T I N G W R I T E R

Just as government budgets were cratering, Microsoft Corp. upgraded its operating systems from Windows NT to Windows XP, forcing IT directors like Bräuner into a difficult choice: retain an outdated operating system without sup-port from Microsoft, pay for the new operating system, or fi nd an alternative. When Schwäbisch Hall’s technological and budgetary challenges collided, it felt to Bräuner like a slow moving tsu-nami. Things would only get worse.

While most governments bit the budgetary bullet and opted for the Microsoft upgrade, three cities in southern Germany embarked on something radically different. Munich, Schwäbisch Hall and Treuchtlingen adopted and implemented plans to migrate all PCs to open source operating systems and applications.

With some notable exceptions like Garden Grove, Calif., and Largo, Fla., most local govern-ment officials in the United States have had little exposure to free/open source software (FOSS). This article sheds light on the topic by consider-ing the experiences of these three German cities. The focus is simple: If a local elected official or IT administrator were interested in migrating to FOSS, what should he or she keep in mind? Before answering the question, some background on the cities and FOSS is needed.

Treuchtlingen, Schwäbisch Hall and Munich may represent the most advanced migration to FOSS among local governments in the world. The cities vary in population from 13,000 for Treuchtlingen to 1.3 million for Munich. They also differ in the degree to which they’ve implemented their FOSS migration policy. Treuchtlingen and Schwäbisch Hall have completed migration, but Munich’s migration is only partially fi nished. Although each city followed its own path toward FOSS, they overcame similar organizational and personnel challenges that reveal what local gov-ernments should take into account as they con-sider open source.

FOSS is a generic term for software that is nonproprietary, can be reviewed by large num-

bers of users, and can be revised and shared for free. FOSS refers to program licenses that permit users the freedom to run the program for any purpose, to study and modify the program, and to freely redistribute copies of the original or modifi ed program. The use of FOSS is widespread in the public and private sector. In April 2008, a survey of 328 IT and business executives found that 53

percent use FOSS and an additional 10 percent planned to do so in the next 12 months. And a January 2010 survey of more than 273 million websites by Netcraft found that Apache, a FOSS Web server, is the most widely used Web server with 59 percent of the market share. The FOSS Web browser, Firefox, continues to gain market share on Microsoft’s Internet Explorer, particularly among users who have a choice of browser. And 65 percent of all active websites use open source code to run their sites.

For governments, the decision to switch to FOSS operating systems, such as Linux, is wrought with challenges. There are technical issues of compatibility and interoperability since many popular applications are designed for the proprietary software operating systems: Windows and Mac OS. And as with any new IT application or system, there are personnel challenges associated with training, accepting and adjust-ing to new systems and different ways of doing things. Also, as with any change in technology, a switch to FOSS can be costly in the short run. Finally, research on FOSS suggests political challenges to its adoption and implementation. Elected officials are often skeptical of new software, par-ticularly nonproprietary software. Local governments may confront external pressure from software vendors to continue with existing (proprietary) systems.

Despite the immense challenges, Treuchtlingen, Schwäbisch Hall and Munich opted for innovation over the status quo. The IT directors were each asked: What sug-gestions would you give to a manager or IT director in an American city considering the switch to FOSS? The follow-ing summarizes their answers.

POLITICAL BACKING AND LEADERSHIP ARE ESSENTIAL The adoption of new technology is difficult under any cir-

cumstances, whether proprietary or FOSS. Studies indicate political backing is an essential ingredient to a successful migration since IT managers need the freedom to take risks. The experiences of the three cities confi rm this. In each case, the mayor and parliamentary majority supported the shift to FOSS. As one IT director put it, “The political lead-ership must embrace the change to FOSS in order to give the IT administrator the freedom to make mistakes and try new things.” He added that in the case of FOSS, one should expect criticism from private vendors and some resistance for change from government employees.

In Munich, a high-level administration member took a leadership role to shepherd staff through the process. In practice, this meant the administrator did several things: made the case for adoption; took the political heat when the migration process hit a glitch, thereby shielding the IT staff; and consistently communicated to the Parliament

EDwww.public-cio.com [33]

©IS

TOCK

PHOT

O.CO

M/H

ANS

KLA

MM

PHOT

O BY

QUE

NTI

N SC

OUFL

AIRE

/FLI

CKR



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



and public the rationale for the migration, thus controlling the terms of the debate about FOSS.

COST ARGUMENTS SHOULD BE SECONDARY Scholars note the importance of cost savings in the

motivations of local governments to consider FOSS. The experience of these three German cities supports this view generally. However, the story is more interesting. Each gov-ernment turned to FOSS not when surplus funds became available to try something new and innovative. Instead, FOSS became an option for the cities when a change in the federal government’s tax system triggered a sudden budget defi cit. The federal change served as a catalyst that directed public officials’ attention toward the need to save money and be self-sufficient. It was in this new environ-ment, created by the change in federal tax law, that FOSS found fertile ground. A lesson offered by the German cities’ experiences is that although leadership, knowledge and expertise are important, an unexpected event or crisis is often needed to create an opportunity to redirect organiza-tional attention and behavior in a new direction.

While a decline in tax revenue created an opportunity to adopt FOSS, each of the IT administrators echoed fi ndings in much of the FOSS literature, namely that its adoption and implementation is costly. As with any new technol-ogy, FOSS requires a signifi cant investment in training, implementation service and maintenance to succeed. The IT administrators also acknowledged that it’s easy to manipu-

late the total cost of operation of any type of technology. Although cost savings are important, they say IT direc-tors must also make the case for FOSS on other grounds, including better cooperation among governments; greater independence from monopolistic software providers; more fl exibility and security; and increased local economic devel-opment. Thus, the two takeaway lessons from the three cities are: to be successful, FOSS is likely to be expensive in the short run; and while cost savings are important, officials should strive to make the case for FOSS on other grounds.

TAKE INCREMENTAL STEPS, BUT WITH AN OVERALL STRATEGY The three IT directors said it was unusual for a municipal-

ity to completely switch to FOSS in a single step, particularly if the governments have little experience with FOSS. The directors suggested taking incremental steps or a “soft migra-tion.” They recommended beginning with common software applications like the Firefox browser, Thunderbird e-mail program and OpenOffice suite (an equivalent to Microsoft Office). In Schwäbisch Hall and Treuchtlingen, city employ-ees were given free programs on a single disk and encouraged to install and use the software on their home computers. As mentioned, such steps reduced the anxiety of city employees to the new software. A second step is for the city to develop macros, templates and forms in the OpenDocument format, and set up pilot desktop stations in each department that run on the Linux-based operating system.

While the IT directors suggested an incremental approach, they also stressed the need for an overall strat-egy. “You have to know where you are going,” said one director. “Incrementalism is fi ne, but there needs to be a clear idea of the end goal. Otherwise you could fi nd your-self going nowhere or in the wrong direction.”

PRACTICAL EXPERIENCE TRUMPS THEORYInterviews with the IT directors underscored the impor-

tance of experience over theory. Just knowing about FOSS wasn’t enough, they argued. Instead, the IT directors suggested that any local government considering FOSS migration to spend time in a government that uses it, learn fi rsthand what that government isdoing and collect infor-mation from line employees who are using FOSS. One IT director also suggested that local governments consider

A CLOSER LOOK: THREE CITIES AND THEIR APPLICATIONSTHREE CITI HEIR APPLICATIONSCITY POPULATION SELECTED FOSS APPLICATIONSTreuchtlingen 13,000 Sun Enterprise 450 Server Sun Ray 1 Clients KDE Desktop Server Message Block MySQL StarOffice Suite

Schwäbisch Hall 36,000 SUSE Linux Enterprise Server 10/11 CentOS Debian SUSE Linux Enterprise Desktop 10 Ubuntu 9.10 OpenOffice Suite GNU Image Manipulation Program Document Imaging

System Firefox MySQL

Munich 1.3 million Debian GNU/Linux OpenOffice Suite KDE 3.5 and xorg Mozilla Thunderbird Firefox

[34]

ADDITIONAL OPEN SOURCE RESOURCESOpen Source for America: http://opensourceforamerica.org

Open Source Initiative: www.opensource.org

Center for Strategic Studies: www.opensource.org/node/549



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



hiring a college intern with computer science training and no bureaucratic experience. He noted, “It’s important to get someone with the latest technical knowledge. But you also want someone who has not been infected by the ‘bureau-cratic virus.’ You want someone who will look at a problem with eyes unencumbered by the bureaucratic culture. A university student is often a good resource.”

ORGANIZATION MATTERS IT administrators said organizational structure is impor-

tant. IT infrastructure is often decentralized so that each department has its own IT person. Officials in the three German cities stressed that a change as fundamental as migrating to FOSS is easiest with a centralized IT depart-ment. Based on their experience with migration, the directors reported that a decentralized IT structure creates cultural and structural barriers in the organization that make it dif-fi cult to adopt a governmentwide strategy.

In Munich, for example, before migration to FOSS, IT was highly decentralized. More than 850 IT professionals were scattered across 17 departments. The departments did not resist change per se. Instead, when migration to FOSS was proposed, the city departments were reluctant to give up what they perceived as their IT professional(s) or expertise. This signifi cantly slowed the migration pro-cess since migrating to FOSS required taking stock of the government’s entire IT infrastructure, identifying FOSS alternatives, and then standardizing the government’s operating systems and software. Such a change is made easier by a centralized IT structure, regardless of the city’s organizational culture. IT directors in all three cities argue that a centralized structure improved migration to FOSS.

The cities’ experiences with migration to FOSS also demonstrate a more complex relationship between orga-nizational and technological change than what appears in scholarly literature. While technological change is often viewed as the product of organizational characteristics, the three case studies point to an inverse relationship: New technology changes the organization.

Respondents in each city explained that migrating to FOSS led to virtual and physical organizational changes. Virtual organizational change refers to how the cities managed their computer software systems. The policy to migrate to FOSS forced each city to take stock of its IT hardware and software because without such an assess-ment it wouldn’t have been possible to implement the migration policy. In some cases, cities conducted the assessments on their own. In other cases, cities relied on assistance from private-sector partners such as IBM and Novell. As cities addressed their virtual organizations,

several also made changes to their physical organizations. Cities took stock of their IT staffs, identifi ed redundancies and moved toward a more centralized IT support structure.

Finally, respondents in the three cities reported that the switch to FOSS improved their internal capacity and increased employees’ willingness to innovate. Because the benefi ts from FOSS derive from working with computer code, the advantages of open source increase as the IT staff’s expertise increase. While Schwäbisch Hall and Munich relied on contractors to aid the implementation process, all three

cities were and are committed to doing as much of the IT work in-house as possible. And as the skill level of the IT pro-fessionals increased, so did the motivation to innovated. Each city reported developing new programs and applications, which were shared with other cities, as well as the broader open source community. Schwäbisch Hall, for example, recently developed a new council information application to provide materials and minutes to city parliamentarians. Munich and Treuchtlingen also have developed dozens of new applications. And Munich was recognized with the European E-Learning Award in 2007 for the learning platform the city developed to teach staff how to use open source software.

In sum, the German cities’ experiences suggest that the decision to switch from proprietary to open source software is neither easy nor obvious. It depends on a range of factors — administrative capacity, political backing and organizational structure. Yet, the experiences of the three cities underscores that while FOSS may not be appropriate for every circum-stance, it should at least be considered by U.S. local government officials as a viable, perhaps even superior, alternative to its proprietary counterpart. ¨

Mark K. Cassell is an associate professor of political science at

Kent State University. He specializes in public-sector transfor-

mations. His writing includes How Governments Privatize: The Politics of Divestment in the United States and Germany and

Mission Expansion in the Federal Home Loan Bank System.

HORST BRÄUNER, IT DIRECTOR, SCHWÄBISCH HALL




Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



[36]

Doug Robinson never thought it would take so long to fi nd out who would lead each state’s technology department. But three months after the guberna-torial elections, the executive director of NASCIO

is still waiting.Robinson has witnessed a number of election cycles and

administrative transitions, but none have been quite like this: Twenty-seven new governors — the biggest crop in history — took office this winter, according to the National Governors Association. And as of Feb. 1, only 10 governors had permanently fi lled their administration’s top technol-ogy job. The wheels of bureaucracy in this election cycle are moving more slowly than in the past, Robinson said. There are several possible reasons for this.

PLAGUED BY POLICY DECISIONSSubstantial budget pressures and revenue reductions

are plaguing most states, forcing new governors to imme-diately confront serious policy decisions such as how to operate and fund programs like Medicaid, and how to deal with the sunset of Recovery Act funds. Some transition

teams also are reappraising the basic structure of their government, Robinson said, and considering how departments can be combined, reorganized or elimi-nated to improve efficiency and save money. And states like California are dealing with furloughs and the specter of staff reductions.

Many gubernatorial transition teams are having these fundamental dis-cussions not just for their technology department, but for all state agencies.

“I think all of those things have overwhelmed these new administrations to a degree,” Robinson said.

CIO STATURE UNCERTAINTYGiven that kind of uncertainty, some states are likely

fi nding it difficult to recruit qualifi ed candidates for the CIO role, Robinson said. Candidates might shy away from accepting the position if there’s doubt about who their boss will be or what agency they will work for.

About half of the state CIO positions in the nation are cabinet-level posts, but that number could change if states decide to reorganize. A CIO conceivably could be recruited as a cabinet-level appointee, Robinson said, but later have the position moved beneath a fi nance secretary or depart-ment of administration. State CIOs prefer, as a group, to stay in the cabinet because it gives them an equal voice with their peers on decision-making.

“Some of these states are recruiting for CIOs,” Robinson said, “but with all that uncertainty, the candidates for those positions are probably saying, ‘I really ought to give this a second thought as well.’”

CHOOSING THE RIGHT CANDIDATENebraska CIO Brenda Decker thinks there’s another

reason states are taking longer than usual. The new gover-nors realize IT is no longer a back-office function hidden from public view — it’s evolved into a strategic priority. “So I think there is a lot more thought process going into making sure they have the right choice in the position,” she said.

The delay is having a tangible effect on Decker’s work. Nebraska is nearly surrounded by states with interim CIOs and new governors. “A lot of the things we do, especially in our border towns, we try to coordinate with the states that are near us,” she said. “For example, in Nebraska I’m in the eastern corner of the state [in Lincoln], so for the things I’d

BY M AT T W I L L I A M S | A S S O C I AT E E D I TO R

WHY ARE GOVERNORS TAKING LONGER THAN USUAL TO APPOINT THEIR CIOS?

B R E N D A D E C K E RCIO, NEBRASKA

AT THE

P H OTO I L LU S T R AT I O N BY TO M M c K E I T H



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��




like to do in the western side of the state, I’d like to col-laborate with the other state governments.”

But interim or empty CIO positions in several of those states hamper collaboration efforts. “You just don’t fi nd anyone willing or able to make decisions when they’re not in a permanent position and don’t have the governor’s confi dence or ear,” she said.

Furthermore, national efforts like electronic health records and health information exchange may be delayed without a full slate of state CIOs. States are putting them-selves at a disadvantage by not having that one strategic partner with technical expertise in the room, Decker said.

CLARIFYING THE CIO ROLESome states are probably deciphering what exactly the

new CIO will manage before making the hire. Washington and a few other states are considering big changes to how they deliver IT. Washington Gov. Chris Gregoire fl oated a proposal to create a new state IT agency, and a permanent

CIO hasn’t been hired because lawmakers haven’t ironed out the particulars. Other states, meanwhile, are mulling enterprisewide IT outsourcing and/or consolidation to cut costs.

These new approaches could result in different day-to-day emphasis for the CIO. The role could change around service delivery options. Increased outsourcing and con-tracting — and the move to cloud computing — could mean CIOs will spend less time in the operational world and more time in the policy and strategy realm, Robinson said. The trends indicate that state IT work forces are being reduced, but states have the same or a growing demand. Consequently states may have little choice but to supplement with contract services, outsourcing and staff augmentation, he said. “If you do that, the CIO will spend more time in negotiation and managing vendor relationships.”

Vacancies in the CIO ranks prompted NASCIO to push back its traditional orientation program for new CIOs a month to mid-March. But Robinson still isn’t certain the association will have a full roster by then. Some new governors might decide to leave interim CIOs in place for as long as a year, given that there are so many other issues to address fi rst. Seventeen states had acting CIOs as of late January — an abnormally high number, according to Robinson.

Six states and U.S. territories had named new technol-ogy chiefs as of Feb. 1: Guam’s Ed Cruz, Georgia’s Calvin Rhodes, Pennsylvania’s George White, New Hampshire’s Bill Rogers, Michigan’s David Behen and New Mexico’s Darryl Ackley. New governors also had retained Oklahoma’s Alex Pettit, Tennessee’s Mark Bengel, Alaska’s Anand Dubey and Rhode Island’s John Landers.

The retentions in Tennessee and Rhode Island were unusual, Robinson said, because there was a party switch in the governor’s office.

Given the slew of challenges that state governments face, more new administrations might choose not to make leadership changes. “It indicates they have confi dence in the abilities of the CIO to continue to execute on the strat-egy, vision and the operational side,” Robinson said. “In the same vein, it indicates there’s nothing that needs to be fi xed, so the administration isn’t going to use the partisan platform to make a switch.”

Until some executive decisions are made, however, Robinson will continue speaking with transition officials about position selections. “We’ve been waiting for some movement,” he said, “but it’s been slow.” ¨

HE TOPVoid

D O U G R O B I N S O NEXECUTIVE DIRECTOR, NASCIO



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



[38]

IN LIGHT OF 9/11, the attempted Christmas Day bomb-ing in 2009 and even last year’s WikiLeaks incident, it’s clear that the search and information-sharing process across government intelligence databases is fl awed and

missing an element that would potentially enable analysts to see threats and prevent future incidents.

Semantic technology is used increasingly to help orga-nizations manage, integrate and gain intelligence from multiple streams of unstructured data and information. Semantic is unique in its ability to exceed the limits of other technologies and approach the automatic understanding of a text. While Semantic Web — a web of understood word meanings and connections — technology is quickly eclipsing fi rst-generation, keyword-based index search systems and second-generation social media interaction, the transition is far from complete. Nowhere is this technology more useful than in the national intelligence space.

As a semantic technology professional, I think about how semantic technology could have aided in connecting the dots between the available information in the gov-ernment intelligence community in the 2009 Christmas bomber case, and most recently, the highly publicized leak of classifi ed government information about the war in Afghanistan.

As a former intelligence analyst, I know the frustra-tion of lacking both complete information and computer systems capable of aiding the analysis process. Almost a decade after 9/11 and untold dollars later, the nation still struggles with effective intelligence sharing. An often mentioned issue is the lack of collaboration among intelli-gence teams on the analysis of incoming information from the multitude of existing databases.

BY B R O O K E A K E R | CO N T R I B U T I N G W R I T E R

CONNECTINGTHE DOTS

COULD EMERGING SEMANTIC WEB TECHNOLOGY HELP INTELLIGENCE ANALYSTS SPOT NEW TERROR THREATS? ONE PROVIDER ARGUES YES AND OFFERS A DEMONSTRATION.



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



[40]

AUGUST 2009Al-Qaida operatives in Yemen are heard discussing an ABDULMUTALLAB who had been in contact with a radical cleric,ANWAR AL-AWLAKI, about future terrorist attacks. This information is shared with American officials in November. ABDULMUTALLAB goes to Yemen, ostensi-bly to study Arabic at a Sanaa languageinstitute where he previously studied from 2004 to 2005. But ABDULMUTALLAB disappears in September 2009.

SEPTEMBER 2009American officials order more focus on al-Qaida in Yemen — intercepting e-mail messages and phone calls — to search for hints of future plots, which soon produce important tips.

An al-Qaida United Nations expert, in a speech in Washington, D.C., warns that the explosive device used in a Saudi assassination attempt could be sneaked onto an airplane.

MAY 2009Britain rejects the Nigerian UMAR FAROUK ABDULMUTALLAB’S application to renew a student visa and places him on a watch list to prevent him from re-entering the country. It’s unclear whether American officials are notified.

TIMELINE OF KNOWN EVENTS

The Los Angeles Times points to others:“Lawmakers have been pushing for a capability to

search across the government’s vast library of terror-

ism information, but intelligence officials say there are

serious technical and policy hurdles. The databases are

written in myriad computer languages; different legal

standards are employed on how collected information can

be used; and there is reluctance within some agencies to

share data.”

The newspaper then makes the connection to 2009’s Christmas bomber threat:

“That makes it harder to connect disparate pieces of

threat information, which is exactly what went wrong in

the case of Umar Farouk Abdulmutallab, a Nigerian who

on Christmas Day tried to blow up an airplane using

explosives sewn into his underwear. The bomb failed to

detonate, and a passenger jumped on him.”

Analysts must have a reason to collaborate. They must foresee or imagine how one or more evidence streams, often with many missing elements, overlap or fold into one another to form a complete picture. The reality is, even really good human analysts cannot juggle more than 50 to 60 data points — events, names, places, times, dates and the connections between them — at once.

But good technology that mimics the same approach has no such limitation. Allowing such a system to build the larger picture — to connect the dots — through trial and error, quickly and repeatedly with an analyst review-ing that picture for plausibility, internal consistency and impact, would be a more effective approach than adding a small army of new analysts to the problem.

A system that proactively and con-stantly builds and tests all the available evidence on a person, action, event, etc., is the current architecture of a Semantic Web. This approach is becoming prevalent in the private sector, and governments also are now taking advantage of the Semantic Web rather than a simple web of keywords.

To test this proposition, I used the timeline of known facts about the 2009 Christmas bomber as reported by The New

York Times. Although this is a retrospective view, I wanted to know what I would have concluded over time, if I were an ana-lyst and had good information sharing and robust analytical support, such as current Semantic Web technology can provide.

To begin, I took all the known facts and began to process them semantically. I used a semantic search and analysis system to analyze the content for people, places, things, facts, time and geography, but most importantly, for events. Such analysis answers: Who did what to whom when and where? Based on our established event timeline, in summer 2009, Abdulmutallab would have hit intelligence data-bases when Britain placed him on a watch/no-fl y list after his student visa was rejected.

We can see right away that Abdulmutallab was known to have studied in 2004 and 2005 in Sanaa, Yemen; he has a direct connection to the radical Yemen cleric Anwar al-Awlaki; he’s loosely connected to al-Qaida because of his presence in Yemen; and he disappeared in September 2009. But the most important thread is that he was already on Britain’s watch/no entry list.

On the whole, perhaps this picture doesn’t portray a person who has planned a terrorist attack. But more connections

UMAR FAROUK ABDULMUTALLAB, popularly called the “underwear bomber,” attempted to detonate plastic explosives hidden in his underwear while onboard Northwest Air-lines Flight 253 to Detroit on Dec. 25, 2009. Photo courtesy of www.wikipedia.org

onabc., is the

n-bleis the



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



come to light when we continue to build the pic-ture of Abdulmutallab into

fall 2009. Through November 2009,

several things become apparent. First, the number of connection

points has risen signifi cantly between Abdulmutallab, Yemen and al-Qaida relative

to the previous summer. Second, the number of evidentiary warning signs around Abdulmutallab has grown to include his father, the United Nations and several U.S. agencies (e.g., the National Security Agency and National Counterterrorism Center). Third, there’s a lack of communication or informa-tion sharing among U.S. agencies.

Nonetheless, Abdulmutallab was placed on a terrorist watch list but not on the more restrictive no-fl y list. This may not have been the case if analysts had a diagram that visualized the increased strength between him and al-

Qaida, as well as the increase in additional connections of concern at this stage of this analysis.

In retrospect, we know that there was still more time. Adding the events from December 2009 in the examination makes the graph richer still:

Once again, as the connection between Abdulmutallab, Yemen and al-Qaida increases, more U.S. agencies take note, and now he has purchased airline tickets with a U.S. destina-tion and didn’t check any baggage (a Transportation Security Administration warning signal since 9/11). As with most intelligence analysis, the strongest indicators come too late, so understanding how to fi t them into the overall picture quickly

is essential — in this case, the time it took Abdulmutallab to fl y from Africa to the Netherlands and then to the United States. Semantic technology that can visualize the new input, can speed up analysts’ understanding.

Semantic Web technology can provide a window into how people, places, things and events come together into threats and opportunities. It’s impossible to expect analysts to manually “see” how anomalous and imperfect evidence streams fi t together. And there is always more than one way that they fi t together.

Let machines do what they’re good at. Namely when coupled with semantic understanding, measuring endless clues and hints, fi tting, testing, removing and adding vari-ous puzzle pieces to see if the picture starts to make sense. Past a certain threshold, analysts can take over and do the work computers never will be able to do: apply human judgment and reasoning. Otherwise judgment and decision never arrive, connections are never made, and red fl ags are never raised.

The timeline of these past and recent events (9/11, the Christmas bomber and recent data leakage in Washington, D.C.) show a serious need to address the gaps in our coun-try’s intelligence procedures and sharing processes. And this is where Semantic Web comes in. ¨

Brooke Aker is CEO of Expert System USA. He writes

and speaks on topics, such as competitive intelligence,

knowledge management and predictive analytics.


OCTOBER 2009AL-AWLAKI, a radical American-born cler-ic, posts a message in English on a web-site warning that the jihad will soon be turning to Yemen, which he says is now the center of the war. ABDULMUTALLAB’S father, Alhaji Umaru Mutallab, is alarmed by his son’s radical talk and asks Nigerian officials to help find his son and persuade him to return home. The Nigerian officials suggest that he also contact the U.S. Embassy.

NOVEMBER 2009Mutallab tells U.S.Embassy officials that his son had been radicalized and might have traveled to Yemen.

U.S. Embassy officials send a warning to the National Counterterrorism Center, which puts ABDULMUTALLAB’S name into the largest of four terrorist watch lists. Analysts decide not to put him on the shorter lists of people tagged for extra security at airports.

The National Security Agency inter-cepts a second phone conversation in November among al-Qaida members in Yemen, in which they discuss an unnamed Nigerian man who’s being groomed for an operation.

DECEMBER 2009The CIA compiles biographical data about ABDULMUTALLAB, including his plans to study Islamic law in Yemen, but the report is never completed or broadly distributed.

Yemeni security forces carry out ground raids and airstrikes against suspected al-

Qaida hide-outs. Men claiming to be al-Qaida members

vow to avenge those killed in a Yemeni air-strike by targeting Americans, saying, “We carry prayer beads, and with them we carry a bomb for the enemies of God.” Officials intercept militants in Yemen discussing preparations for an event on Dec. 25.

ABDULMUTALLAB’S round-trip ticket to Detroit is purchased with cash in Accra, Ghana.

f

sevrst

points haAbdulmutallab

sFir

points



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



News, Reviews & CareersNEW IT AGENCY IN WASHINGTON?

Washington state Gov. Chris Gregoire hopes to create a new tech-

nology agency as part of her overall plan to save the state $32 million over the next four years.

The Consolidated Technology Services Agency, if created, is estimatedby the executive

branch to save $10 million a year. The new agency would privatize and con-solidate some of the state’s basic IT operations, such as help-desk support and data center operations.

“The bottom line with this is that they are going to try to fi gure out the most efficient and cost-effective

way to serve the state’s basic IT needs, either through privatization or keeping it in-house,” said Gregoire spokesman Scott Whiteaker.

The proposed restructuring is in response to a $4.6 billion budget defi -cit. In December, Gregoire fl oated a state reorganization plan that would consolidate the state’s 21 agencies into nine, at a projected $30 million savings. As part of that plan, the Department of Information Services, the state’s current technology agency, would be folded into the newly formed Department of Enterprise Services, which would perform back-office functions like printing and fi nancials that today are performed separately in each agency.

Under the governor’s proposal,current staff at the Department of Information Services would

be reassigned to Consolidated Technology Services, the Office of the Chief Information Officer or the Department of Enterprise Services. About 150 employees would be cut overall from a number of state agencies, and not just from the Department of Information Services, Whiteaker said, but as “the result of the overall technology transforma-tion in the state.”

As part of the plan, a cabinet-level CIO would sit on the new agency’s board of directors, and create an enterprisewide business plan, set uniform standards for all agencies, establish a framework of common technology and provide oversight of major IT projects.

Gregoire’s plan requires approval by the Washington state Legislature.

[ CIO CENTRAL ]

[42]

FACEBOOK MODIFIES TERMS OF SERVICE FOR STATE AND LOCAL GOVERNMENT

Facebook has tweaked its terms of service to address concerns from state and local governments about their usage of the popular social media website.

State and local governments were concerned that under the previous terms they’d have to pay the com-pany’s legal fees if Facebook was sued because of content posted by an agency onto the website. The revised terms, announced Jan. 5, address that and other issues raised by NASCIO during more than a year

of discussions with the social media powerhouse.

According to NASCIO, the revised terms and conditions:• strike the indemnity clause except

to the extent indemnity is allowed by a state’s constitution or law;

• strike language requiring that legal disputes be venued in California courts and adjudicated under California law;

• require that a public agency include language directing con-sumers to its official website prominently on any Facebook page; and

• encourage amicable resolutionbetween public entities and Facebook over any disputes.Kyle Schafer, NASCIO president

and West Virginia CTO, said the

organization believes the agree-ment “will allow broader and more appropriate use of this important tool by state governments across the country.” NASCIO Executive Director Doug Robinson added via a statement that terms-of-service problems “have impeded broader use” of Facebook and other social media by states.

Facebook has more than 500 mil-lion users worldwide, according to company statistics. The privately held company was recently valued at $50 billion.

NASCIO is working to strike similar terms-of-service agreements with other social media companies. YouTube is a high priority, said Charles Robb, senior policy analyst for NASCIO.

GOV. CHRIS GREGOIRE



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



B Y E D I T O R I A L S T A F F

CIO Transitions


With 27 new governors entering office last month, many new faces

are fi lling the state CIO ranks while a few CIO posi-tions remain empty, such as in Illinois and Kansas. But in Oklahoma, CIO Alex

Pettit — the state’s fi rst CIO — will stay in his post,

despite the election of Mary Fallin as the new governor. Fallin told Oklahoma-based CapitolBeatOK that Pettit already had helped

streamline some state operations leading to cost savings, and that she was happy to have him on her team.

New appointments, thanks to the gubernatorial changeovers include:

Calvin Rhodes, named executive director of the Georgia Technology Authority and state CIO on Jan. 27; David Behen, appointed Michigan CIO in late January; Rob Mancini, who was appointed as the interim CTO in Washington, D.C., in January; Ed Cruz, who is the new CIO of the Bureau of Information of Technology in Guam as of Jan. 5; Bruce Coppa, who was

appointed director of Hawaii’s Department of Accounting and General Services on Dec. 6, 2010;

Darryl Ackley was nominated by New Mexico Gov. Susana Martinez on Jan. 27, to serve as secretary of the Department of Information Technology; Stu Davis

is interim CIO of Ohio; George White

is Pennsylvania’s CIO as of Jan. 11; Jim Edman was appointed as South Dakota’s interim CIO; Ruthann

Sullivan is Vermont’s new CIO as of Jan. 6; and Diane Kohn is the acting CIO of Wisconsin.

WIKILEAKS DANGER CONCERNS CITY IT LEADERS

In November, The New York

Times published private U.S. dip-lomatic information gleaned from leaked documents from more than 270 U.S. embassies and consulates. These documents and messages were confi dential government property obtained from WikiLeaks, a “not-for-profi t media organization” that publishes media submissions from anonymous sources.

Thus far, the bulk of the leaks have come from federal and private sources, but local government offi-cials are also aware of the danger. The WikiLeaks disclosures could serve as a reminder that all levels of governments can be vulnerable to data breaches.

According to WikiLeaks’ submis-sion policy, the site accepts “restricted or censored material of political, eth-ical, diplomatic or historical signifi -

cance” and accepts submissions via the Internet and postal mail. Since WikiLeaks itself receives information from willing participants, no actual hacking or manipulation is thought to be involved.

Public officials recognize the power and danger of these types of leaks, but much of the information isn’t top secret.

“There’s very little that is secret within state and local government,” said Gary Cook, CIO of Sacramento, Calif., who cited public records requests laws. “Those are open records that anybody can get to. So from that perspective, I don’t know that there’s anything that [would be] released that, for the most part, folks can’t already get to with just a public records request.”

However, Cook believes that such concerns may prompt jurisdictions to re-evaluate how they manage docu-ment security and storage. “There’s a

cost-benefi t equation we have to go through. Obviously we can always be more secure than we are, but is the cost of that next level of security worth the information that we’re trying to secure?” Cook asked.

It also might be possible for juris-dictions to make their information less attractive to those who are moti-vated to leak material. One strategy simply could be to make documents public in the fi rst place. “If they had just been declassifi ed, they probably would have gone completely unno-ticed,” said Hap Cluff, IT director of Norfolk, Va.

ALEX PETTIT



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



WHETHER IT’S DOING more with less or deciphering how to deliver online versus in

line, project portfolio management is critical to government agencies aiming to strategically plan and implement changes that affect the enterprise. If you’re an IT executive searching for a book that pairs theory and tech-nology, Strategic Project Portfolio

Management: Enabling a Productive

Organization is worth perusing.The book contains information on

generating ideas, the importance of planning, improving cost performance and identifying organizational bottle-necks, among other topics. Author Simon Moore also identifi es 10 things to do and 10 things to avoid to achieve a successful strategic project portfolio management process. Some of Moore’s suggestions include:

THINGS TO DOKnow what you have — understand

what resources and skills are available within your organization by conduct-ing a capabilities audit, which can later serve as a benchmark to assess portfolio process.

Build momentum — demonstrate that portfolio management is benefi cial to all stakeholders by showing early successes. Transparency is helpful in

[ BOOK REVIEW]

this process and creates a culture of collaboration.

Capture ideas — the more, the merrier. Obtain ideas from a broad range of sources to increase creativity.

Prioritize — get buy-in and reduce duplication of effort by having a robust and clear prioritization process. Also ensure that prioritization is linked to strategic business goals.

Use efficient decision-making — build an effective reporting system that answers specifi c questions tied to spe-cifi c processes.

Conduct post-mortems — assessing projects can help determine areas for improvement.

THINGS TO AVOIDMoving too fast — don’t be frustrated

by slowness since this is sometimes due to the organization adapting to change. Instead, try a phased approach to gradually introduce change.

Relying on the big bang — systems are not built overnight and having an over-ambitious rollout is a sure-fi re way to derail a project.

Not killing projects — making the case for projects to continue when not warranted detracts from the organization’s health.

Missing scope changes — not measur-ing the course of a project to ensure milestones are being reached.

Compartmentalizing information — pre-venting information sharing is not conducive to project success and greatly hinders productivity.

Providing inadequate resources — rationingresources leads to slow failure and underperformance.

If you’re an IT executive aspiring for project management success, Strategic

Project Portfolio Management might be helpful or it might rehash what you already know. You be the judge. ¨

[44]

R E V I E W B Y K A R E N S T E W A R T S O N | M A N A G I N G E D I T O R

Strategic Project Portfolio Management: Enabling a Productive Organization

B Y S I M O N M O O R E

$45.00



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



Get vital peer perspective and strategies for the unique issues of CIOs and enterprise IT leaders.

Public CIO’s Executive Update Email Newsletter Sign-up at: public-cio.com


Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



WHILE reading the book Leadership for Dummies, I came across the concept that

a leader needs three things to succeed:✓ You must be the right person.✓ You must be in the right place.✓ You must be there at the right time.

It seems rather straightforward, and sounds similar to the refrain about information (e.g., information technol-ogy) being most useful to the business or organization when it’s available at the right time, in the right place and to the right people.

The more I thought about this situ-ational leadership concept, the more powerful it appeared to me in terms of how people succeed or fail.

You can be a terrifi c employee, with all the winning attributes to be success-ful, but you know what? If you’re in the wrong place — the wrong organization or workplace culture — or there at the wrong time — perhaps at a time of indecision, mismanagement or political infi ghting — it may not be the right time for you to have the most impact.

Things have to gel; people must gel. As one of my great bosses and mentors used to say, “The stars have to align.”

This is why organizational culture is very important. Different organi-zations have different norms, values, beliefs and accepted modes of behav-ior, and not everyone meshes or works well everywhere. It’s individual but not trivial, because it touches our core thinking and beliefs — what makes us,

[ CIO 2]

us. Not everyone necessarily wants to work at round-the-clock Wall Street, on everyday Main Street or even in the bureaucracy of Washington, D.C.

Perhaps this is why great, legendary leaders who rise through the ranks over 15, 20 or 25 years at one or more organizations, and then get hand-picked by another company with great expectations, sometimes can’t replicate that magic.

Studies by hiring consultant Bradford Smart show that these hiring disappoint-ments happen three out of four times a leader is hired!

Why can’t a leader — like Superman or Superwoman — overcome any and all obstacles (barring some Kryptonite) and deliver no matter what?

Because people, no matter how smart, eloquent or polished, don’t work in a vacuum. They’re mortals who, despite maybe having extraordinary talents and the willingness to sacrifi ce inordinate amounts for their job, still need others to work with them. It’s still a two-way street.

Think of marriage. How many good — or even great — husbands and wives are out there who are loving, giving, car-ing and willing to do whatever it takes to make a happy, lasting marriage? But something goes wrong. They ask them-selves (i.e., blame themselves) what they did or didn’t do to ruin the relationship and where they went wrong.

Perhaps, for the most part, they did right and it still didn’t work. Because

Aligning Your StarsLeadership success often depends on finding the right situation.

B Y A N D Y B L U M E N T H A L

[46]

Andy Blumenthal is the CTO of the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at http://totalcio.blogspot.com. Blumenthal’s views are his own and do not represent those of any agency.

there was another person at that place and time, sitting across the kitchen table from you, and no matter what you said or did, it was like fi re and water.

This doesn’t mean that you shouldn’t question yourself and ask where you fell short or what you could have done better. These can be positive questions to ask if done constructively, because despite our best efforts we all share and contribute to a situation. Like the insurance com-pany that says after a car accident: “It technically may not have been your fault, but everyone shares a part of the blame, so your rates are going up.”

How the blame is shared really doesn’t matter per se, because when a situation goes bad, everyone pays a price in terms of lost productivity and time, ill feelings, etc.

The key is to realize that you’re worth-while. You don’t make your circumstanc-es, but rather they test you — you must deal with the hand you’re dealt.

For all those in this still-healing economy who are looking for work, and for all those coming out of bad marriages or looking for the right rela-tionships, do not despair. You are good, valuable people. For everyone there truly is the right person, career, place and time, and you will have yours. ¨



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



See an interactive map here: www.govtech.com/innovationnation

Building the Innovation Nation Discover which states are the leaders in digital government innovation.

Underwriting provided by

GT10 NIC AD_Nov.indd 1GT10 NIC AD_Nov.indd 1 10/12/10 2:19 PM10/12/10 2:19 PM


Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



HOW DO your technology ser-vices compare with others? Have you compared your ser-

vice offerings, rates and customer satisfaction with organizations of similar size in the public and pri-vate sectors? Should you be offering more for less? Elected leaders, C-level executives and business managers constantly want answers to these questions. But benchmarking gov-ernment technology services is easier said than done.

For one, every organization has a different culture, local politics, history,budget, expectations and gover-nance. Two, governments’ policies and requirements differ from the private sector’s — with open records laws, diverse priorities from elected leaders, pay/benefi t/cost-of-living disparities, and varying perspectives on outsourc-ing. Three, government service offerings must equally serve citizens and must not cherry pick the most profi table services or segments of society. While value-for-money efficiency can and should be measured in government operations, the private sector differs.

These differences make us realize that benchmarking isn’t an exact sci-ence. Developing actionable measures require excellent methodology, a large database of comparable entities, good judgment and lots of experience. During a benchmarking effort a few years ago, one person said, “If this is apples to

[48]

[ CTO STRATEGIES ]

apples, one is a Golden Delicious and the other is a Granny Smith.”

Nonetheless, comparing costs and service levels is a pragmatic strategy that’s an essential element of effective leadership. Most government technol-ogy managers I’ve met believe their teams provide good value for the money spent given their circumstances. Still, managers recognize the need for exter-nal validation and want to benchmark; those who resist are sometimes pres-sured by new business leaders to obtain “experts from out of town” to determine if changes can save dollars or offer bet-ter services.

Michigan recently completed a tech-nology infrastructure services bench-mark. It was a bumpy, lengthy process. The journey was painful but worth it. Here are several things we learned and a few (vendor-agnostic) tips to help your benchmarking.

HOW WE GOT STARTED — Michigan has been working on a new data center project for more than a year. After the request for information phase, we learned that we needed much greater detail before moving to the request for qualifi cations (RFQ) phase. Our bench-marking effort was critical in preparing for the RFQ and request for proposals phases. Tip: Consider linking bench-marking efforts to a wider initiative with executive support.

INITIAL TEAM AND PLANS — After awardingthe competitive contract to a com-

pany with impressive benchmarking expertise, we built an internal team with staff from many different areas. Tip: Ensure all stakeholders are includedin the process.

DIFFERENT DEFINITIONS — Our joint teams met many times to fi ll out spreadsheets and describe our rates and services to the consulting experts. We were compared to public- and pri-vate-sector organizations of similar size and complexity. Tip: Have clear defi nitions, especially for the scope of what’s included in all metrics.

TROUBLES EMERGE — At one point, we had a major disagreement with our vendor partner. Early results showed that our costs were well above others. But further analysis revealed that we weren’t comparing apples to apples, e.g., we included much more consult-ing, research, development, testing and evaluations within our rates. Tip: Do a comprehensive mapping of how each person spends his or her time. Stick with the program, even if you initially disagree with the numbers.

BACK ON COURSE — Later, a top exec-utive from the consulting company said, “This often happens. Customers either think they are too low or too high in some area. It’s a part of the benchmarking process.” In the end, we found the results helpful with our technology services and rates, ranging from best practices to areas requiring improvement.

FINAL THOUGHT: Benchmarking is a must. Lord Kelvin once said, “If you can-not measure it, you cannot improve it.” ¨

Dan Lohrmann is Michigan’s CTO and was the state’s first chief information security officer. He has 25 years of worldwide security experience, and has won numerous awards for his leadership in the information security field.

Benchmarking Technology ServicesThe reality of comparing apples to apples.

B Y D A N L O H R M A N N

PCIO02_XX.indd 48PCIO02_XX.indd 48 2/2/11 4:13 PM2/2/11 4:13 PM


Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



IN TOUGH TIMES YOU HAVE:

DEVELOPED NEW TECHNOLOGIES

PROVED GOVERNMENT PERFORMANCE

OVERCOME FISCAL AND BUREAUCRATIC

BARRIERS

FIND OUT WHO YOU ARE IN THE MARCH 2011 ISSUE OF GOVERNMENT TECHNOLOGY MAGAZINE

NOW YOU’VE BEEN CHOSEN FOR

GOVERNMENT TECHNOLOGY’S TOP 25

DOERS, DREAMERS & DRIVERS

IN TO

IMP

NOW YOU’VE BEEN


Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



A SINGLE LINE from the pres-ident’s State of the Union address went viral and may

well outlast the other 7,000 words from the speech. “In America, innovation doesn’t just change our lives. It is how we make our living.” Indeed, it’s how public CIOs should make theirs.

The thoroughly modern occupation of the CIO emerged during an age of abundance. The watchword during the ascendency was “transformation,” an aspirational description of both the destination and the means of automat-ing tired, old bureaucratic processes with digital efficiencies.

Under the banner of transformation, CIOs aggressively pursued big iron and custom code. There were new data cen-ters to build, new networks to deploy and aging systems to modernize. Most weren’t fi rst movers when the Internet arrived, but in time, found a way to use it to extend the value of enterprise IT by bringing government online.

Many newly appointed CIOs inherit only a vestige of that environment. The fi nancial crisis, the effects of which are still working their way through the public sector, has forced changes to some long-standing assumptions.

A pre-election poll of state CIOs by the Center for Digital Government suggests they were sensing a change in expectations. Eighty-three percent anticipated their span of control would expand over the next two years, while

[ FASTGOV]

73 percent saw their infl uence expand-ing during the same period. The indi-cations are that there’s heavy lifting ahead, but without the excesses of what’s rapidly becoming a bygone era.

Under the rubric of transforma-tion, some well intentioned initiatives poured massive amounts of time, effort and money to create high-tech solu-tions to a problem, when a simple, viable solution would do the same thing at lower cost. Worse yet, automa-tion was sometimes used to speed up things that shouldn’t have been done. The excesses have extended to buying

software licenses in bulk to get better per-seat pricing even as many of the seats go empty, and building ever-larger data centers even as the com-puting footprint shrinks. Against that backdrop are misguided metrics for measuring CIOs — budget, head count and even square footage under their control — that create disincentives for doing the things these times require.

The challenge — and opportunity — as we move forward is to marry inno-vation with the disciplines of scarcity (which has returned whether we like it or not).

Innovation can and does happen dur-ing good times, but it really matters

when times are lean. It is surfacing agency data so it can be used by third parties to do useful things that govern-ment can’t do for itself. It is sharing data, applications, infrastructure, facilities and even people among the family of agencies and across jurisdictional lines. It’s forgetting almost everything we thought we knew about governance so we can think through what it means to jointly steward and safeguard assets in the new public commons that no single entity owns. Perhaps most importantly, it’s prioritizing information fl ow over technology in ensuring that organiza-tions and people get what they need, when they need it, with the least com-plexity. To those ends, it means blowing the plaque out of old arteries to keep the lifeblood of organizations — data — fl owing at healthy rates.

This return to scarcity may begin to look more like community barn raising of old than custom home building of more recent years where a premium is

placed on, and paid for, getting exactly what you want and the way you want it. Necessity is still the mother of invention. And frugality is the last best alternative to austerity.

The new CIO is equal parts negotiator, diplomat, process physician, shaman (to the degree they remain intermediaries to the digital world) and community organizer. They will be measured not by how much they buy or build but by how much they accomplish. ¨

Paul W. Taylor is chief content officer for e.Republic. Taylor previously served as the deputy CIO of Washington state and as chief strategy officer for the Center for Digital Government. He has worked in the public and private sectors, the media and Washington’s Digital Government Applications Academy.

Innovation Without ExcessFor CIOs, frugality is the last best alternative to austerity.

B Y P A U L W . T A Y L O R

[50]

Innovation can and does happen during good times, but it really matters when times are lean.



Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



Washington, D.C. Capital HiltonMay 3-6, 2011

Register now forSPONSORSHIP OPPORTUNITIESat nascio.org!

Join state, federal and local CIOs for the 2011 NASCIO Midyear Conference. NASCIO conference attendees include the highest-profile government and corporate technology experts in the nation. In addition to state, federal and local CIOs, and our corporate partners, past NASCIO conference attendees have included governors, state and federal legislators, and other elected and appointed officials.

NASCIO is the premier network and resource for state CIOs and a leading advocate for technology policy at all levels of government.

Network with State Chief Information Officers this Spring!


Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��




Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



Are you prepared to face

today’s biggest IT risks?

PUT SECURITY FIRST. CONTROL YOUR DATA.Your organization can’t avoid that it is or will be a

target of malicious threats. At the same time, you

need to focus on making your IT systems as cost-

efficient and effective as possible. Symantec has

the technology and experience to help you address

both, so your organization can face the future and

the people you serve with confidence.

symantec.com/publicsector_us

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are

registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.


Editorial Prepress

Other OK to go


916-932-1300

PAGE


�

��

��

��



Public CIO Magazine February 2011Predictions for 2011 Local CIOs talk about what lies ahead. NYC’s...

Documents

Transcript of Public CIO Magazine February 2011Predictions for 2011 Local CIOs talk about what lies ahead. NYC’s...