There is no undertaking Zal Azmi wouldn't tackle. After becoming CIO of the Federal Bureau of Investigation in May 2004, he took on one of the most problematic IT projects in the U.S. government. He is helping transform a culture not known for information-sharing into a more agile and modern organization, better equipped to confront the threats of the post-9/11 world.

This new era presents challenges for the FBI, Azmi says. Using IT tools, terrorist networks seek to attack U.S. businesses and damage economies around the world; intellectual property rights are not secure; and cyber villains hack into corporate websites or send bits of malicious code across the Internet.

Internet-facilitated crime is a top priority for the FBI. Its Cyber Division is dedicated to combating cyber-based terrorism, cyber crimes such as child pornography and exploitation, and hostile intelligence operations conducted over the Internet.

Zal Azmi's journey from a childhood in Afghanistan to a stint in the U.S. Marines to work with several federal agencies—learning English and earning bachelor's and master's degrees along the way—has prepared him to take on these 21st century challenges.

Born and raised in Afghanistan, he immigrated to the U.S. with his family in 1982, after his father had been killed and several members of his family imprisoned for their political activities. Their way out of their homeland was through Pakistan and Germany, where one brother had found a job as a translator and later linked up with U.S. charity organizations. His mother and five brothers and sisters soon followed and they have lived close to one another ever since.

Grateful for the opportunities offered by his new country, Azmi joined the U.S. Marine Corps in 1984 and served for seven years as a Communication and Intelligence Specialist. He returned to Afghanistan twice after 9/11, with the members of the Counter Terrorism Center (CTC), to support military operations on the ground.

He joined the Department of Justice in 1999, "just in time to work on its Y2K modernization plan." There, he got to know Robert Mueller III, who became director of the FBI in 2001 and offered Azmi the job of evaluating the Bureau's computer systems in 2003. After two months as a special assistant to Mueller and six months as acting CIO, Azmi was named CIO in 2004. By then the FBI knew it had to change its culture and adopt the unfamiliar habit of data sharing, just to stay on top of and ahead of emerging threats.

Technology has helped the FBI evolve and will continue to play a significant role in the future, Azmi says. By modernizing IT systems and enabling users to share information no matter where they are located, the FBI has strengthened lines of communication between the bureau and its federal, state, local, and international partners in law enforcement and the intelligence community.

The widespread use of personal digital devices is one factor driving change. Since August, the FBI has issued 8,000 Blackberries, with 4,000 more to be distributed by January. The "indispensable" device gives agents wireless access to websites such as the Terrorist Screening Database, National Crime Information Center, LexisNexis, and ChoicePoint - a provider of identification and credential verification services - all through a secure program.

Another major program the FBI introduced is SENTINEL, a next-generation web-based information management system that will make it easier to keep tabs on cases and share and access information. It's the successor to the FBI's Virtual Case File software application that was abandoned before completion in 2005 after four years and more than $100 million spent on its development. When completed, SENTINEL will help the FBI manage information to provide enhanced information sharing, searching, and analysis capabilities, Azmi says.

The first of the four phases of SENTINEL was rolled out in mid-June. Phase 1 provides a user-friendly, web-based interface to access information currently in the FBI's ACS system. Information is pushed to users and made available through hyperlinks. It features a personal workbox that summarizes a user's cases and leads, putting more information at the user's fingertips, and moves employees away from dependence on paper-based files. It also provides user-friendly search capabilities, Azmi notes.

Some other technology programs the FBI has introduced recently include a Terrorist Explosive Device Analytical Center, an Integrated Automated Fingerprint Identification System, and a Foreign Terrorist Tracking Task Force.

The Foreign Terrorist Tracking Task Force includes participants from a number of U.S. government agencies and has, as well, established liaisons with Canada, Australia, and the United Kingdom. Its mission is to provide information that helps keep foreign terrorists and their supporters out of the U.S. or leads to their removal, detention, or prosecution.

To accomplish this mission, the Task Force has developed information sharing agreements among the participating government agencies and its private sector technology partners to assist in locating terrorists and those that support them in the United States. "The quality and completeness of the data directly impacts our efficiency and effectiveness," Azmi says.

The FBI also participates in fusion centers where officers from federal, state, and local agencies work together under one roof to share information as if they were working in a single agency. The center activities allow the FBI to analyze an issue from every angle, not just from its own perspective, Azmi says. "It lets us bridge the gap from information to knowledge and from knowledge to action."

Recently Azmi participated in the 7th Annual North America Day talks at the request of Karen Evans, OMB Administrator for E-Government and IT. North America Day brings together delegations of senior IT officials from the U.S., Canada, and Mexico to discuss IT issues that affect all three countries.

"One of the best information exchange conferences" he's attended, it validated an important point for him - that nations share similar issues and that solutions can be found by working together. For this transplant from Afghanistan, it's an all-American way to do business.

Information security and privacy, information sharing, identity management, and the adoption of emerging Web 2.0 collaborative technologies are the priority issues for federal CIOs, according to a panel of CIO Council leaders and OMB officials.

The panel, led by Council Vice Chair and Defense Department Deputy CIO Dave Wennergren, included:
Michael Carleton, CIO and Deputy Assistant Secretary for Information Technology, Office of the Assistant Secretary for Resources and Technology, HHS
Molly O'Neill, Assistant Administrator for Environmental Information and CIO, EPA
Janet Barnes, Deputy Associate Director, Center for Information Services and CIO, OPM Rob Carey, CIO, Navy
Bill Vajda, CIO, Department of Education
Tim Young, Associate Administrator, Office of E-Government & Information Technology, OMB
John Lee, Acting IT Policy Branch Chief, OMB

They spoke October 23 at an unusual open session of the federal CIO Council's Executive Committee. It was held at the annual Executive Leadership Conference sponsored by the American Council for Technology/Industry Advisory Council.

Much of the discussion centered on privacy and security and improved information sharing.

"If we don't get privacy and security right, nothing else matters," Tim Young said, summarizing the discussion.

Barnes said privacy and security are her "personal focus."

"It is all about our ability to share information and create new relationships," Wennergren said.

Carleton mentioned the importance of information sharing on import safety and the need to mitigate security risks.

O'Neill described the potential of incubating emerging technologies, and Vajda said he has been focused on the "better practices" that are "coming down the pike."

Carey said the Navy's priority is rationalizing legacy systems and migration to service-based infrastructures.

The U.S. Government Accountability Office (GAO) found the departments of Defense, Homeland Security, Justice, and State face challenges in implementing key information security controls. The Federal Information Security Management Act of 2002 (FISMA) requires agencies to establish effective department-wide information security programs.

In Information Security: Selected Departments Need to Address Challenges in Implementing Statutory Requirements, GAO reported the following challenges at the four departments:

• Defense and State don't have complete and accurate system inventories as verified by their Inspector Generals.
• Only the State Department reported successfully implementing its security configurations for all system platforms, although all four departments had established department-wide policies for common security configurations.
• None of the departments has trained all of its personnel as required by FISMA.
• Guidance for developing plans of action and milestones to address deficiencies uncovered by security controls testing was not sufficient, and processes were not established to carry out the plans consistently. However, the departments did report progress in the percentage of systems in which security controls were tested.
• Only Justice has achieved full certification and accreditation of its information systems.

GAO made recommendations to assist in addressing the challenges, including agency information security training programs and department-level remediation processes.

Changing the name of the official U.S. government portal FirstGov.gov to USA.gov has significantly raised public awareness of the flagship government website, according to a national telephone survey. The survey of 1,000 adults aged 18 and older was conducted in August by The Polling Company.

The survey revealed a 36% recognition rate for USA.gov as compared to 11% for FirstGov in 2006. Further questioning revealed that the respondents had actual knowledge of USA.gov, not just a passing familiarity.

A full 48% of those surveyed correctly identified it as "a government/federal website/portal" or "the federal government's official website." When respondents who said they were not familiar with USA.gov were asked to speculate on what it might be, 35% correctly identified it as a "government/federal website/portal" or "the federal government's official website."

Other factors that contributed to increased public awareness include: a national public service advertising campaign in the broadcast and print media, ongoing information releases highlighting the usefulness of USA.gov to Americans on a daily basis, special mentions by nationally-syndicated columnists such as Heloise, and Time Magazine naming USA.gov as one of the "25 Sites We Can't Live Without."

Gov Gab. USA.gov, the official U.S. government portal, launched its Gov Gab blog with a post on September 20. Updated each day by one of five bloggers who work for the GSA Office of Citizen Services, the blog will talk about government services and information helpful to citizens in their everyday lives.

It puts a "face" on the federal government by making it easier for readers to ask questions, share experiences, and join the conversation.

Gov Gab also features blog policies that may be useful to Web managers. Links to other federal agency blogs can be found at blogs from the U.S. government on USA.gov.

Gartner researchers have identified 10 technologies they believe are most likely to have a significant impact on organizations in the next three years.

• Green IT - The environmental impact of IT operations will accelerate and expand in 2008. Organizations should consider potential regulations and have alternative plans for data center and capacity growth.



• Unified Communications - Most companies will be using Voice over IP in three years, the first major change in voice communications since the digital PBX and cellular phone changes in the 1970s and 1980s.



• Business Process Modeling (BPM) - BPM suites will fill a critical role as a complement to service-oriented architecture development.



• Metadata Management - Through 2010, master data management initiatives will be part of overall enterprise information management strategy.



• Virtualization 2.0 - By themselves, virtualization technologies are simply infrastructure improvement enablers. With the addition of automation technologies, resource efficiency can improve dramatically and flexibility can become automatic, ensuring high levels of resiliency.



• Mashup and Composite Apps - Mashup technologies will evolve significantly over the next five years.



• Web Platform & Web-Oriented Architecture - Web platforms are emerging that provide service-based access to infrastructure services, information, application, and business processes through Web-based "cloud computing" environments.



• Computing Fabric - A computing fabric is the evolution of server design beyond the blade servers that exist today. The next step in this progression will allow several blades to be merged operationally over the fabric, operating as a larger single system image that is the sum of the components from those blades.



• Real World Web - The term refers to places where information from the Web is applied to the particular location, activity or context in the real world. It is intended to augment the reality a user faces, not to replace it. Now is the time to seek out new applications, new revenue streams and improvements to business process that can come from augmenting the world at the right time, place or situation.



• Social Software - Social software technologies will increasingly be brought into the enterprise to augment traditional collaboration.

The list was released October 12 at Gartner's Symposium/ITxpo - Orlando.

Meanwhile, Forrester Research expects IT budgets to rise by 8% in 2008, with most of the increase going to software, followed by communications equipment, IT services and outsourcing. Spending on computer equipment is expected to decline.

Forrester predicts the following will be the priority initiatives next year, according to eWeek Magazine:

• Green IT (chiefly, cutting electrical costs)
• Productivity-enhancing applications
• Knowledge management, enhanced by blogs, wikis, tagging and other tools that retain worker know-how
• Data warehouses, analytic tools and overall business intelligence
• Centralized data (thanks to virtualization)
• Better security soft skills, processes and plans (as opposed to tools)
• Mainstreamed service oriented architecture and streamlined processes.

The National Institute of Standards and Technology (NIST) provides details on how to keep websites secure while maintaining flexible and convenient Web 2.0 features. In Guide to Secure Web Services, NIST recommends several steps to make Web services more secure, including:

• Replicate data and services at back-up sites to improve the availability of services in a "denial of service" attack.
• Conduct better and more uniform logging of visitors and actions on websites.
• Add encryption to data transmitted through eXtensible Markup Language (XML).

NIST also released five additional security special publications:

• Guidelines on Securing Public Web Servers (SP 800-44 Version 2) presents recommendations for: securing Web server operating systems, applications, and content; protecting Web servers through the supporting network infrastructure; and administering Web servers securely. It also provides guidance on using authentication and encryption technologies to protect information on Web servers. This final version replaces the original 2002 release.



• Performance Measurement Guide for Information Security (Draft SP 800-55 Revision 1) indicates the effectiveness of security controls applied to information systems and supporting information security programs. Comments on this draft should be submitted by November 16.



• Computer Security Incident Handling Guide (Draft SP 800-61 Revision 1) includes guidelines on establishing an effective incident response program, but the primary focus of the document is detecting, analyzing, prioritizing, and handling incidents. Comments on this draft will be accepted until November 9.



• Guide to Industrial Control Systems (ICS) Security (Second Public Draft SP 800-82) provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and recommends security countermeasures to mitigate the associated risks. Comments on the draft will be accepted until November 30.



• Information System Security Reference Model (Draft SP 800-110) is intended to serve as a guideline for software tool developers and federal agencies that wish to develop an automated process for managing an information security program. It is also meant to enable greater interoperability between information system security tools, resulting in more practical and cost-effective information security program management. Comments on the draft should be submitted by November 16.

State IT departments are not prepared to fill the positions of the 27% of state officials who will become eligible to retire in the next five years, according to a national survey conducted by the National Association of State Chief Information Officers (NASCIO).

Currently, 80% of states surveyed are having difficulty recruiting new employees to fill vacant positions, and 65% don't have a contingency plan in place to prevent the vacancies.

The report State IT Workforce: Here Today, Gone Tomorrow? discusses the anticipated state IT workforce retirements, employee recruitment and retention issues, and options for future state staffing and service structures.

The survey was designed to gather evidence about the current and future landscape of the state IT workforce from the state CIO's perspective. The online survey was completed by respondents from 46 states.

Surveying its members at its annual conference, the National Association of State Chief Information Officers (NASCIO) found that cross-boundary collaboration is the most significant challenge the states face today, as it received the largest percentage, 30%, of the votes.

Other challenges perceived by the CIOs were:

• gaining citizens' trust (25%)
• security and identity management (23%)
• serving the healthcare needs of the elderly (13%)
• security and identity management (23%).

Asked where their IT spending would be most focused in 2008, participants responded:

• consolidation and integration technologies (50%)
• security of data (20%)
• document management (15%)
• networking and mobile hardware (10%)
• biometric/REAL ID capabilities (5%).

Federal Computer Week and Government Computer News surveyed a random sample of 91,622 readers in April and May about their IT buying habits.

The results yielded a list of the top 20 most used government IT contracts. The top five contain three contracts from the General Services Administration and two from the Department of Defense. The contracts are in rank order by the percent of readers who use them:

• GSA SmartBuy - 35%
• GSA Schedule 70 - 30%
• Defense Department Enterprise Software Initiative - 18%
• GSA FTS 2001/Networx - 18%
• Army Small Computer Program - 16%.

Power Players. Federal Computer Week released its second annual list of people it felt were influential in the federal IT community. Both Karen Evans, administrator of the OMB Office of E-Government and IT, and Martha Dorris, deputy associate administrator of the GSA Office of Citizen Services and president of the American Council for Technology, were among the 14 Power Players selected.

NASCIO Recognition Awards. The National Association of State Chief Information Officers (NASCIO) honored 11 state programs for Outstanding Achievement in the Field of Information Technology at its annual conference in Tucson, AZ, on October 2.

Winners, chosen from 107 submissions by 30 states, were "those information technology initiatives which exemplify best practices, support the public policy goals of state leaders, assist government officials to innovatively execute their duties, and provide cost-effective services to citizens."

The winners and honorable mentions in each of the 10 categories were:

Government Information Security Leadership Awards (GISLA). The International Information Systems Security Certification Consortium, Inc., awarded three GISLAs for contributions to the advancement of the Information Security Workforce, at an awards gala October 3 in Arlington, VA. Recipients were:

• Non-Managerial IT Security Professional: Cheri Gatland-Lightner, project manager, Office of the Chief Information Security Officer, Centers for Disease Control and Prevention, U.S. Department of Health and Human Services.



• Senior Non-IT Security Manager: John Stoute, acting chief information officer and director, Business Technology Optimization, Program Support Center, U.S. Department of Health and Human Services.



• Senior IT Security Manager: George Bieber, deputy, Information Assurance HR and Training, Defense-wide Information Assurance Program, U.S. Department of Defense.

GCN Awards. Government Computer News (GCN) honored 12 federal agency projects for "a demonstrated record of excellence in applying IT" and honored six current and past federal IT executives.

The 12 agency project winners included seven civilian agencies, three Department of Defense programs, and two county programs.

The 2007 Executives of the Year Award winners were:

• General James E. Cartwright, commander, U.S. Strategic Command
• John Johnson, assistant commissioner, Integrated Technology Services, GSA
• Special Commendation for Government IT Service: Kevin Carroll, program executive officer, Army
• Industry: Diana L. Gowen, senior vice president, Qwest Government Services Division

Two individuals were named to the GCN Hall of Fame for their substantial and sustained government IT contributions:

• Ira L. Hobbs, principal, Hobbs and Hobbs, LLC, and former CIO of the U.S. Department of the Treasury
• Steven Kelman, Weatherhead Professor of Public Management at Harvard University's John F. Kennedy School of Government

Industry awards were also given to companies doing business with the federal government.

Five Most Influential Women CIOs. Government Technology recognized five female CIOs as the most influential: Brenda Decker, CIO, Nebraska; Gail Roper, CIO, Raleigh, North Carolina; Karen Evans, CIO, USA; Teri Takai, CIO, Michigan; Wanda Gibson, Director of the Department of Information Technology, Fairfax County, Virginia.

Also available in pdf 34 kb

The 2007 GCN Awards
Washington, DC
October 24

MILCOM 2007
Orlando, FL
October 29-31

The New New Internet: Web 2.0 Conference
Reston, VA
November 1

ACT/IAC Government IT Speaker Series: Logical Access of HSPD-12
Washington, DC
November 7

Government CIO Summit
Phoenix, AZ
November 11-13

Modeling and Simulation: Walking Through Virtual Worlds Together to Advance Shared Purpose
Arlington, VA
November 13

National Electronic Commerce Coordinating Council Annual Conference
Austin, TX
December 3-5

The 2008 Technology Leadership Conference (formerly the Western Conference)
San Diego, CA
March 25-27

FOSE 2008
Washington, DC
April 1-3

IRMCO 2008
Cambridge, MD
April 13-16

GSA Expo
Anaheim, CA
April 22-24

ACT/IAC Management of Change Conference
Norfolk, VA
June 8-10

Comments: We welcome your feedback.

Please send your comments, concerns, complaints and questions to dotgovbuzz@gsa.gov.

Check out our previous editions at www.usa.gov/dotgovbuzz.html.

The DotGov Buzz is produced by the following individuals in the GSA Office of Citizen Services and Communications:

Darlene Meskell
Andrea Noce
Anne Hartzell
Bryant Jones