Month: February 2018
Information governance in the federal government
e-mail archiving & management
Several years ago, I arranged for a representative from the New York State Archives to provide training in e-mail and document retention for one of my government clients. The trainer did a fantastic job and here are a couple of takeaways she provided:
- Never use your personal e-mail account for official business.
- Never use your government account for personal communications.
- Never, ever send official, intra or inter-agency business e-mail to anyone’s personal account.
This organization also used an e-mail archiving system and was preserving every single e-mail that went in or out of the organization as required by published retention and disposition schedules for different government entities in the state. In other words, hayseed county and municipal governments all over the country have processes and procedures for preserving official, digital communications whereas the federal government seems to be completely lacking in this area.
Let’s take a look at a few examples of our federal government’s complete lack of information governance.
Avoiding FOIA requests
In 2013, the Associated Press reported on top Obama appointees using secret email accounts. Not only were high level appointees guilty of this, the president also engaged in this behavior. This is apparently occurring to some extent in the Trump Administration, as well. The most well-known case, of course, is Mrs. Clinton’s use of her own e-mail server which was used to send and receive classified information and demonstrated gross negligence – a criminal offense. Conveniently, “someone mistakenly deleted Clinton’s archived mailbox from her server and exported files.”
I spent four years in army intelligence during Ronal Reagan’s second term and my colleagues and I might still be breaking big rocks into smaller ones at Leavenworth had we been involved in these sorts of activities. While the high-profile culprits have all gone unpunished, Jake Tapper reported that “the Obama administration has used the 1917 Espionage Act to go after whistleblowers who leaked to journalists…more than all previous administrations combined.”
Missing e-mails
Then there is the case of two years of missing e-mails for Lois Lerner. Not only did her hard disk crash and need to be sent for destruction, but her Blackberry was mysteriously wiped clean after “congressional staffers began questioning her.” Coincidentally, five other employees who worked closely with Mrs. Lerner also lost e-mail related to the investigation when their hard disks crashed at around the same time. In addition to all this, Mrs. Lerner was also using a personal e-mail account for official business under the name of her dog.
Are you kidding me? You mean to tell me that the IRS has no archiving system or centrally managed mail server with 7 years of backups through which these tragically lost e-mails could have been restored? Had these shenanigans been exposed at a publicly traded company, we would have seen heads rolling and executives doing the perp walk on national television facing up to 20 years in prison under the Sarbanes-Oxley Act.
Missing text messages
Recently, the “premiere law enforcement agency in the world” had to forensically recover five months of missing text messages between investigators in a high-profile investigation. This was the result of a “technical glitch…that affected 10% of the FBI’s employees.” In this particular case, Andrew Napolitano calls for the release of all the raw data to the public; “The government works for us; we should not tolerate its treating us as children.” I completely agree.
Stolen national security documents
Then, there is the case of Sandy Berger, a former National Security Advisor, who stole classified information related to the 9/11 attacks from the National Archives. Don’t worry – he pleaded guilty to a misdemeanor in federal court and was severely punished with 100 hours of community service and a $50,000 fine. A breach of protocol allowed him to remove these documents and there have been a number of other thefts from the National Archives, as well.
In another high-profile case, former CIA Director General Petraeus gave classified information to his mistress/biographer, Paula Broadwell. He pled guilty to a misdemeanor and avoided prison time. In what can only be described as an Inspector Clouseau moment, the CIA boss and Ms. Broadwell were using the draft folder in a shared Gmail account to communicate with each other.
Recent, significant data breaches at federal agencies have included the NSA, IRS, OPM and the USPS.
Information governance by politicians
UK politicians are as clueless as our own when it comes to information security and governance. Apparently, British MPs routinely share login credentials with their staff members.
While the DNC isn’t a government agency, their inexplicable handling of hacked e-mails and the Imran Awan case provides insight into the casual disregard elected officials seem to have for information security and IT management.
In all of the examples I have covered here, the information belongs collectively to us – American citizens. It doesn’t belong to the miscreants who wantonly mismanage or attempt to it hide from us. These people aren’t our leaders, they are our employees and we have a right to know what they are up to. Radical truthfulness and transparency rather than radical secrecy should be the default stance for our well-paid politicians and government employees.
Governance is a top level function
Good information governance comes from the top, which is why ISO standards call for “top management” to be involved in development of governance policies and procedures for information and IT. When can we expect to see this in the federal government?
This article was first published on CIO.com at https://www.cio.com/article/3252850/government-use-of-it/information-governance-in-the-federal-government.html as part of the IDG Contributor Network.
© Copyright Jeffrey Morgan, 2018
by 
Cybersecurity in county and municipal government
Information security and cybersecurity are huge problem areas in county and municipal governments. In this six-page article on the subject, I cover the information every county and municipal leader should know including a summary of problems, barriers, specific solutions, and resources. The free document is available here. The intended audience is CEO, CAO, CFO, COO, County or city manager, county commissioner, city council member, or other senior management personnel in the public sector. This is a reprint of my two-part article published in CIO.com last year.
Click below to download.
Have questions?
Want to talk about information security in your organization? Click on the link below to e-mail me and schedule a time to talk.
Don’t hesitate to e-mail me. Initial consultation are free.
© Copyright Jeffrey Morgan, 2018
by Digital transformation in the public sector
I loathe the term digital transformation (DX). Implicit in the term is that there is something technological about it, something digital; a one-time event you can buy or outsource.
I think we should start calling it management transformation (MX). If your management team is doing its job well, the digital transformation never stops. The success or failure of a digital project is a testament to management performance, and digital transformation is a naturally occurring byproduct of excellence in management.
What is digital transformation?
Technology is a means to accomplish business goals, not an end in itself. Unfortunately, much of the extant information on digital transformation identifies technology as the goal. I think this is the wrong approach.
The best definition of digital transformation I have encountered appears in a 2014 MIT Sloan Management Review article and defines it as “the use of technology to radically improve performance or reach of enterprises.” For the purposes of the discussion that follows, let’s understand that digital transformation is really about improving performance rather than implementing technology.
Take a look at this county technology plan and you’ll find meaningless slogans like, “to be a digital county – ready for today and prepared for tomorrow.” The document is full of buzzwords and comes up short in terms of addressing specific, clearly defined business objectives. Technology is presented as the goal rather than as a vehicle for achieving business objectives. The language always puts technology first, with a vague objective appearing to be an afterthought.
On the other hand, this solid county business plan demonstrates that its management team has a strong understanding of how to achieve business goals and improve performance through the thoughtful application of technology.
Exacerbating the problem are vendors willing to sell their version of DX before explaining that managers must completely reevaluate all their assumptions and processes in order to make a new business solution really deliver value. In organizations where due diligence isn’t a cultural value, the harsh realities of an initiative only see daylight once an iron-clad contract has been signed.
Successful transformation of any kind requires management transformation first. The digital part is easy; the management part is an enormous challenge because managers rarely see themselves as part of the problem. Organizations that pursue technology rather than measurable business objectives are the ones most in need of management transformation.
Some standard scenarios
In one typical scenario, a senior manager wants to replace his or her antiquated enterprise application suite with a new one. In county and municipal agencies, this may mean replacing a 30-year-old midrange system. The business processes on which the current system is based may have roots in the 1950s or earlier and all the business functions rely on indefensible manual processing.
Other scenarios might include just about anything – a 311 system, highly automated zoning and code enforcement, or even something as mundane as reengineering payroll, AR and AP functions.
You sit down at the kickoff meeting and someone, maybe everyone, says, “We want to do everything exactly the same as we do it now; we just want new software.” This isn’t a transformative vision. If your management team shares this attitude, they are overseeing dysfunction and decline rather than leading. Buying a product and expecting performance gains to magically appear is delusional.
The correct way to approach these projects is to identify the business, management, and process problems first, establish goals and objectives, and then start thinking about technological solutions that can meet the business requirements. Technology should come last, not first.
In addition to avoiding change at any cost, many local government agencies overemphasize the role of technology and IT in transformational projects. Digital transformation isn’t a technology initiative; it is a core business initiative and should be managed appropriately with the board and senior management providing leadership, oversight and accountability.
Digital quicksand
Digital projects can quickly become quagmires, the $2.1 billion ACA website being a perfect example. The UK’s National Health Service EHR disaster dwarfed that with a £12.7 billion loss. These losses are frequently blamed on technology, but tech is rarely the problem. Digital project failures are management failures.
I recall one agency that had over 50 concurrent initiatives and projects underway in a single department and they weren’t doing any of them well. As a result, they were throwing boatloads of cash at the problems rather than stepping back and changing their approach by thoughtfully analyzing their objectives and business processes and pursuing a shared vision.
How to get started with management transformation
The MIT Sloan article quoted above identifies nine elements of DX in three major groups: transforming the customer experience, transforming operational processes, and transforming business models and the ideas presented might make a good foundation for your transformation. The authors stop short of telling you how to do it, so I provide the following suggestions for embarking on your own transformational project.
Be brutally honest
Total honesty in management teams is rare, but it’s a requirement to pull off a systemic transformation.
Focus on performance improvement and quality rather than technology
Even the best technology won’t inherently improve performance – that’s the role of management. Figure out how to improve quality and performance. Keep experimenting, brainstorming, and rethinking as you work through the project and don’t compromise until it is absolutely necessary.
Take a holistic view of the entire organization
For your transformational efforts to produce quantifiable results, the management team must share a common vision of what DX will look like in your organization. They need to be able to see the whole picture with all the moving parts in place. The best managers know how to do this, but most managers need to work hard to imagine what a completely transformed operation will look like once the initial transformation cycle is complete.
Understand current and future processes before applying technology
Apply technology only after understanding all your processes, goals and objectives. Your ideal business models and processes should drive technology, not the other way around.
Banish assumptions and sacred cows
In order to be truly transformational, give up all your assumptions about how business gets done and don’t leave changing even a single aspect of your processes and operations off the table.
Are you ready?
Is your management team up to the task? If they are, you probably already have digital transformation happening. If not, start working on your management transformation, first.
© Copyright Jeffrey Morgan, 2018
This article was first published in CIO.com at https://www.cio.com/article/3247305/government/digital-transformation-in-the-public-sector.html
by Keep your dirty, stinkin’ hands off my Internet
The politics of net neutrality
Mention net neutrality in a conversation and you’ll get an instant, visceral reaction full of political talking points. You can usually take a pretty fair guess about where a person resides in the political universe based on their net neutrality stance.
Why is this so? And why do we allow politicians to control the dialogue? If you listen to politicians and most news outlets, you would think there are only two sides to the issue – the democrat and the republican side, the liberal and the conservative side, the enlightened and the stupid side. All of the reporting is delivered in fact-free soundbites based on specious, counterfactual arguments about what might happen if big daddy doesn’t step in and ensure fairness.
In my view, there is only one side to this issue – the economic side. In a free society, products and services, winners and losers are chosen by the market (consumers). In societies with less freedom, politicians and bureaucrats choose who wins – usually their classmates from Harvard or Yale.
The term Net Neutrality is deceptive and reminds me a little of Ministry of Truth. There is nothing neutral about net neutrality. Regulation doesn’t create freedom; regulation, by definition, creates control. Regulations lead to bakers getting arrested for selling brownies. Regulation leads to monopolies and higher prices for consumers while keeping innovators out of the market because bootstrap startups can’t afford the high price of entry. Regulations generally deny the existence of inviolable economic laws.
Consumers pay dearly for regulation.
A free Internet
Most people on all sides of the net neutrality issue claim they want a free Internet. What do you think about the following statement?
“One of the dangers of the internet is that people can have entirely different realities. They can be cocooned in information that reinforces their current biases.”
“The question has to do with how do we harness this technology in a way that allows a multiplicity of voices, allows a diversity of views, but doesn’t lead to a Balkanization of society and allows ways of finding common ground.”
So, the Internet is dangerous, and it has to be harnessed — by politicians — because it reinforces our biases. Hmm. Can you guess who made the statement quoted above? This doesn’t sound like a free Internet to me; it sounds like one that is tightly controlled by the government.
I suspect that most of the people who claim they want a free Internet are sincere but delusional in the belief that government will provide such freedom. The thought process probably works something like this:
My people are in the White House now, and they know what they’re doing. I trust them to do the right thing.
At best, this is naïve and Pollyannaish. What happens when your people aren’t in office anymore? I am a libertarian and my people are never in office. I don’t want your people deciding what my Internet should look like. Let’s keep the government out of it and let consumers and the market decide.
In the twenty years from 1995 through 2015, world Internet use grew from 16 million users to 3.8 billion. In the United States, between 2000 and 2016 the number of Internet users has grown from 121.87 to 283.7 million users. That growth all happened without regulation under Title II of the Communications Act of 1934.
This coming year is my 30th anniversary on the Internet. The net has come a long way since I first hopped on in 1988. Back then, it all happened through university mainframe accounts, CompuServe, and GEnie with modems as slow as 2400 baud using telnet sessions. It was still working just fine in 2015 when the FCC decided to reclassify it. The Internet will continue to work just fine without such classification and it will continue to be driven by innovation as long as we can keep sleazy politicians and busy body bureaucrats from transforming it for their own nefarious ends.
Recommended reading
Following are some suggestions for further reading on the subject.
- Net neutrality strengthens monopolies, invites corruption. Ryan McMaken, 7/17/2017, Mises Institute.
- The FCC needs to abolish a lot more than net neutrality. Sam Estep, 12/19/2017, Mises Institute.
- Net neutrality and the problem with “Experts.” Ryan McMaken, 12/11/2017, Mises Institute.
- Does net neutrality spur Internet innovation? Roslyn Layton, 8/23/2017, American Enterprise Institute.
- Net neutrality will be reincarnated as platform regulation. Roslyn Layton, 12/20/2017, American Enterprise Institute.
- Net neutrality 2.0: perspectives on FCC regulation of Internet service providers. Stuart N. Brotman, 5/16, 2017, Brookings Institution.
- AT&T’s monopoly offers a cautionary tale for net neutrality. Robert Tracinski, 11/29/2017, The Federalist.
- Understanding net neutrality. Peter Van Doren and Thomas A. Firey, 12/14/2017, Cato Institute.
- No, scrapping net neutrality laws won’t kill the Internet. Ryan Bourne. 12/19/2017, Cato Institute.
© Copyright Jeffrey Morgan, 2018
This article was first published on CIO.com at https://www.cio.com/article/3245390/net-neutrality/keep-your-dirty-stinkin-hands-off-my-internet.html
by 
Recent Comments