As an elected State District Court clerk in Texas, Tom Hughes reengineered the courts and trust-fund management environments and gained recognition as having the most efficient court operations in the State.

Fast forward through his career as an IT executive and business consultant, to 2006. Today, with a presidential appointment as CIO of the Social Security Administration (SSA), he leads a billion-dollar IT operation that serves the entire U.S. population, with 65,000 employees in 1,500 places. It, too, has gained recognition for exceptional performance. Among other accomplishments:

• In the most recent American Customer Satisfaction Index report on 95 Federal websites, two SSA sites earned the highest satisfaction ratings with scores of 87 out of 100-reflecting the importance to citizens of Social Security Benefits and the Medicare Prescription Drug Plan, the topics of the winning websites.
• SSA earned an A+ from OMB on its FY 2005 Federal Information Security Management Act report-reflecting the agency's long-standing preoccupation with protecting the identity and privacy of Social Security cardholders.
• SSA has modernized and created a successful approach to capital investment management and delivered "the best technology solution for the money and for our citizens."

Now, four years after he joined SSA, Hughes has a healthy respect for the Federal CIO's ability to have a profound impact on U.S. society. He has been a strong advocate of bringing government CIOs into their organizations' top-level strategic discussions, provoking passionate discussions about the future of the role when he meets with other members of the IT community.

"To be really effective, the CIO can't spend all his time on technical issues, but must also learn the strategic drivers of the organization," Hughes said. He or she must be "front and center as a change agent, looking forward into security, disaster management, and several of the other issues impacting organizations." At the moment, dealing with the security issues that affect an organization the size of the SSA is his greatest challenge.

A graduate of the John F. Kennedy School of Government at Harvard University and of the University of Texas, where he received bachelor's and masters' degrees in business administration, Hughes has a broad perspective on the role of the public sector CIO. He sees Federal CIOs helping the United States--public and private sector--prevail against foreign competition in the technology arena.

"We've got to win the technology challenges facing the USA from other countries," he said. "It's been the USA's lead in technology solutions that has been driving higher core Gross Domestic Product for the rest of the U.S.," he said.

"Going forward, my opinion is that Federal government CIOs in particular are in a position to help the private sector by deploying technology-leading solutions throughout the Federal government, which, in turn, allows a critical mass to be developed for the private sector," he said. "Right now, Federal CIOs are not moving in this fashion, but my prediction is that this effort will find renewed vigor in the coming years and resulting technology challenges between countries."

He sees the Federal IT community at the vanguard in transitioning to the new Internet protocol, IPv6, and in implementing interoperable biometric identification cards for Federal employees and contractors under presidential directive HSPD-12.

To be effective in the future, Federal agencies will "have to expand over the Internet, while recognizing the privacy and security issues." SSA, in particular, recognizes that more people will want services over the Internet as the Baby Boom generation moves into retirement. SSA is ready for this onslaught, and it is also prepared to provide services through other channels-e.g., telephone call centers, walk-up counters-that citizens want to use.

"CIOs must be forward-thinkers with a strong knowledge and commitment to technology," he said. Looking ahead 10 years, he predicts that the CIO's role will be "critical," but only "if it morphs from where it is today. Younger executives seem to get it in terms of technology and I think this trend will continue," he added.

Looking back, he appreciates the opportunities he has had, as SSA CIO, "to work with an agency that has such an impact on the lives and well-being of so many citizens, young and old. It is very humbling to know that every decision made here has such a far-reaching impact."

OMB has reluctantly published its list of 226 Federal "high-risk" IT projects representing about $6.4 billion in Federal spending.

Karen Evans, OMB Administrator for E-Government and IT, announced the decision to post the list at a September 21 luncheon of the Association for Federal Resources Management (AFFIRM).

She cautioned that the projects on the list are not necessarily "at risk" and drew a clear distinction between the high-risk list and OMB's management watch list, which was established under the 1996 Clinger-Cohen Act. Only 86 programs are now on the watch list, down from 563 in 2005.

While the programs on the high-risk list may be performing well, they are considered high risk due to different factors such as the high cost of the project or the level of importance the project plays in an agency's overall mission. The 24 presidential E-Gov initiatives and nine line-of-business initiatives are on the list because they are complex and interdependent and require special attention from senior leaders.

OMB established its high-risk list in August 2005 to ensure agencies and programs were meeting their intended goals. The list is updated quarterly, but the names on it have not been publicized before, because of concerns that agencies might slant the information they provide OMB to avoid being put on the list, Evans said. Pressure to publish the names began to mount when the Government Accountability Office, in a June report, called for strengthening oversight of high-risk projects, prompting congressional requests for the list.

OMB has issued recommendations for agencies to use in planning and responding to data breaches that could result in identity theft.

The recommendations reflect the work of the President's Identity Theft Task Force, led by Attorney General Alberto Gonzales and Deborah Platt Majoras, chairwoman of the Federal Trade Commission. They were sent to agencies in a September 20 memorandum from Clay Johnson, OMB Deputy Director for Management.

To mitigate the risk of identity theft should a breach occur, agencies should establish a core management group, including the CIO, the chief legal officer, chief privacy officer, inspector general and a senior management official, the memo states.

The group would be responsible for responding to the loss of personal information resulting from the breach of a government database. It would determine whether the incident poses a risk of identity theft, and if it does, consider providing credit monitoring services at the government's expense, the task force recommends.

Karen Evans, OMB Administrator for E-Government and IT, told agencies in an August 25 memorandum that as part of their annual update of e-government projects, they must also list the steps they have taken to comply with an executive order that directed the government to streamline FOIA processing.

The other components of the annual E-Gov report, which were also required last year, are (1) the agency's overall implementation of the E-Government Act of 2002, including a summary of one agency-specific E-Gov initiative, and (2) the process for determining which agency information will be made available on the Internet.

The December 2005 executive order required agencies to appoint a chief FOIA officer and make information about how they handle FOIA requests available online by last June.

Congress passed the GSA Modernization Act September 25 to establish the GSA Federal Acquisition Service by merging the GSA Federal Supply Service and the GSA Federal Technology Service. It also provides for the replacement of the General Supply Fund and the Information Technology Fund with the Acquisition Services Fund. The bill is H.R. 2066.

The E-Authentication presidential E-Gov Initiative has launched the E-Authentication Federation, a public-private partnership that will permit individuals and organizations to access online government services using IDs issued by trusted third-parties, such as banks, credit card providers and other government agencies.

By September 7, 17 Federal agencies had joined the E-Authentication Federation, signaling their intent to make select systems available through the use of trusted third party log-in IDs. Fourteen of these have already launched E-Authentication-enabled online services.

Six other members are credential service providers that issue, manage and verify the login IDs online services can rely on to admit end users to their sites. They include government agencies and commercial entities, e.g., financial services companies. They participate in the Federation under the Treasury Department's authority to designate certain companies as financial agents of the government.

E-Authentication Federation Membership List

Three Asian nations rank ahead of the United States in Brown University's Sixth Annual Global E-Government Study of online government services offered by 198 nations around the world.

The U.S. ranks fourth behind South Korea, Taiwan, and Singapore; Canada ranks fifth. The U.S. ranked third last year, behind Taiwan and Singapore. South Korea rose from 86th in 2005 to top the list in 2006.

The survey was conducted by a research team led by Darrell M. West, director of Brown's Taubman Center for Public Policy and American Institutions. They evaluated government websites based on two dozen criteria, including disability access, existence of publications and databases, presence of privacy and security policies, contact information, and the number of online services.

In the report on its annual survey of key government executives around the world, Accenture, the international consulting firm, identifies the factors that contribute to high performance in customer service by nine countries that are considered trendsetters in e-government.

Interviews with 46 executives in Canada, the United States, Denmark, Singapore, Australia, France, Japan, Norway and Finland led to the five key findings in the report:

• Leading governments are introducing services on par with the best of the private sector, using a range of technologies "to provide unique and interesting services that range from the merely helpful or convenient to the truly life changing."
• Governments are at a critical juncture for service success, veering away from a "one-size-fits-all template" and "putting the 'custom' back in government customer service."
• Successful governments are advancing by putting in place new modes of operation that vary dramatically from the past "government-centric view of service" to undertake "strong new organizational designs, relentless simplification, business reengineering, consolidation and forays into shared services."
• Successful governments are using a combination of four proactive tactics to promote adoption of their service strategies-"the stick, the carrot, marketing pull and high-touch push."
• Today's leaders won't necessarily be tomorrow's leaders.

The report also includes individual overviews of the state of customer service in each of the 21 governments in its annual survey.

Most states need-and have-a chief information security officer (CISO) to strategically address cybersecruity threats on an enterprise level and to provide guidance to the State CIO and agencies, according to the National Association of State CIOs (NASCIO), which surveyed the 50 states and the District of Columbia this summer.

While not all states have a CISO position, the survey results confirm that the position is an important one in which states are willing to invest.

In A Current View of the State CISO: A National Survey Assessment, released September 12, NASCIO reported that 83% of the 41 responding states have a CISO or equivalent position. More than two thirds (69%) have both policy and operational duties, while 29% have predominantly policy responsibilities.

The survey also revealed many factors that indicate the position of the State CISO is becoming a more high-profile position with more authority over enterprise IT security. These factors include reporting directly to the State CIO; scope of authority extending over executive branch agencies and often multiple branches of government; a defined security budget; and the authority to enforce IT security policies.

The most frequent response to a question about what CISOs most need to do their jobs was "adequate IT staffing and personnel," a factor that will continue to rise in prominence, according to the report.

In a companion brief, Born of Necessity: the CISO Evolution, lays out the evolving and vital role of a CISO in responding to the growing complexities of the IT threat environment, homeland security concerns, and the increasing demands for enhanced citizen services.

The U.S. General Services Administration (GSA) leads the list of "10 organizations worth watching" in the government IT market, according to Federal Computer Week. It is the only government organization on the list, which also includes large corporations and the Project on Government Oversight, an investigative non-profit.

"Some organizations made the list because they are hot," FCW said. Others have been bellwethers of the government information technology market and face important turning points that reveal the market's evolution. Some happen to be in the right place at the right time."

The 10 organizations, in descending rank order, are:

• 10. Dell Computer
• 9. Platinum Solutions
• 8. Project on Government Oversight
• 7. Perot Systems
• 6. Acquisition Solutions
• 5. Procentrix
• 4. GTSI
• 3. Microsoft
• 2. Google
• 1. GSA

"Few organizations are more important to the health of the government IT market than GSA," FCW said in explaining its number-one choice. "The agency buys for the rest of the government. And the agency's importance has increased as agencies have reduced their procurement workforce."

Web Managers Best Practice Awards. Four Federal websites were chosen as winners of the 3nd annual Government Web Managers Best Practice Awards. Winners in the "general" audience category were: NASA and the Food Safety and Inspection Service at the U.S. Department of Agriculture. Winners in the "specialized" audience category were: the U.S. Department of Health and Human Services and NASA Employee Orientation. The Awards are given by the Web Managers Advisory Council, an inter-agency group of about 40 web managers from every cabinet-level agency and many independent agencies.

Federal Computer Week's "Rising Stars" Awards. FCW has named 54 young professionals to its first list of "rising stars," modeled after FCW's "Fed 100" awards program. The winners were selected from among 180 nominees as "tomorrow's leaders and decision-makers in the government IT community." They will be honored at an awards ceremony October 12.

Excellence in Government Senior Fellows Awards. The Council for Excellence in Government presented Senior Fellow Awards for Public Service Excellence to three outstanding graduates of its leadership in government programs. The winners exemplify the spirit and vision of the Council and have produced noteworthy results that benefit the American people. The 2006 winners were: Stuart Willoughby, USA Services Division, GSA Office of Citizen Services; Jan Stevens, Coast Guard, Department of Homeland Security; and Daniel Slattery, Department of Education.

Also available in pdf 915 kb

National Association of Government Webmasters Conference
Reno, NV
September 27-29

E-Gov Institute Program Management Summit
Washington, DC
October 12-13

National Association of State CIOs (NASCIO) Annual Conference
Miami, FL
October 15-18

IT Association of America (ITAA) Identity Management Conference
Vienna, VA
October 19-20

Executive Leadership Conference
Williamsburg, VA
October 29-31

FCW Government CIO Summit
San Diego, CA
November 5-7

National Electronic Commerce Coordinating Council Annual Conference
Sacramento, CA
December 4-6

Braintrust International 2007 Knowledge Sharing Summit
Cambridge, MD
February 26-28, 2007

Comments: We welcome your feedback.

Please send your comments, concerns, complaints and questions to dotgovbuzz@gsa.gov.

Check out our previous editions at www.firstgov.gov/dotgovbuzz.html.

The DotGov Buzz is produced by the following individuals in the GSA Office of Citizen Services and Communications:

Darlene Meskell
Ted Cogdell
Bryant Jones
Ernestine Ramsay.