The federal Chief Information Officers Council, in partnership with the Department of Homeland Security, will soon publish a concept of operations to implement continuous monitoring in the federal government, Deputy U.S. CIO Lisa Schlosser told Management of Change conference attendees.
“We want to move the government from a paper-based model of cybersecurity to a continuous monitoring model,” she said May 21.
Speaking via Skype, Schlosser said continuous monitoring implementation will be a big focus the next two to three years. Filling in for U.S. CIO Steven VanRoekel, who was called in on official business, she echoed VanRoekel’s mantra the past weeks of innovate, deliver and protect.
Schlosser said the Office of Management and Budget wants federal agencies to move to a more headquarters-based authority to take advantage of commodity information technology services while minimizing duplication. Those savings, she said, can be reinvested in more mission-critical areas.
VA’s claims backlog
The Veterans Affairs Department has gotten the wrong kind of attention the past few months for the enormous backlog of claims it has to process. Stan Lowe, the department’s deputy assistant secretary for information security, has an idea that could help speed it up: increase the use of digital signatures.
Instead of relying on a paper system where documents need to be printed out and physically signed, Lowe wants to see more use of digital signatures – with employee identity verified using personal identity cards – to create more of a digital work environment.
“We use the digital signatures some, but not enough for my liking,” Lowe said.
Information sharing about trust
Donna Roy, executive director of the Department of Homeland Security’s National Information Exchange Model, said the future of information sharing largely hinges on the amount of trust people put into the process.
For example, in the Boston Marathon bombings, the images of the believed attackers were shared throughout social media. The trust comes in that citizens believe the information law enforcement is putting out is credible while law enforcement uses the information it receives back in a responsible way.
For instance, if the wrong people were publicly named, the system would have failed and there would have been consequences.
“For-profit industries already do this well,” Roy said, pointing to banks and credit cards that ensure card owners are not held responsible in the event of fraudulent purchases. “We need that same level of trust in government. If we can do that, there is no limit to what the information sharing environment can look like. And if not, we’ll always be hampered.”
Failure is not a word
When it comes to innovation, said Gadi Ben-Yehuda of IBM’s Center for the Business of Government, there is no such thing as failure. He quotes the old sports cliché, “I never lose the game. It just sometimes ends before I’m ahead.”
When an innovation project fails to reach its outlined goals, Ben-Yehuda said he takes it in stride, not seeing it as a failure as he was able to learn valuable lessons, built his rolodex and maybe got some ideas for the future.
“When you’re innovating,you can’t be afraid to fail,” he said. “You have to embrace it, because a lot of times that’s where the real breakthroughs come from.”