Buried deep in George Strawn's resumé is a string of job titles that signal to the cognoscenti that Dr. Strawn, now the CIO of the National Science Foundation (NSF), has been integrally involved in the creation and enhancement of the Internet.

Most notably, his work as director of the Iowa State University Computation Center led to an involvement with a regional component of NSFNET--the government-supported network interconnecting supercomputing centers and universities that was a major part of the Internet backbone from 1985 to 1995. This brought him to Washington in 1991 to preside (temporarily, he thought) over the transition of NSFNET into the privatized and commercialized Internet of today.

It was a formative time, to say the least.

As the NSFNET program director from 1991 to 1993, Strawn oversaw the transition of the NSFNET backbone network from 1.5 megabits per second to 45 megabits per second. Although these bandwidths seem slow today, they were blazingly fast at the time. At its peak, NSFNET interconnected more than 4,000 institutions and 50,000 networks across North America, Europe and Asia.

From 1993-1995, he was involved with defining and deploying the new, privatized Internet architecture that would keep the Internet interconnected when the NSFNET was retired and the original government-financed network transitioned to the commercially operated Internet we know today.

From 1995-1998, he moved up to serve as director of the Division of Advanced Networking Infrastructure and Research for the NSF Computer and Information Science and Engineering Directorate (CISE). There, he led NSF's efforts in the Presidential Next Generation Internet Initiative, which developed the first national high performance network testbed that led to the creation of "Internet2" by the university community. He was promoted to executive officer and then acting assistant director for CISE, before becoming CIO in 2002.

No doubt, George Strawn was around at the birth of the Internet. But asked if he could be considered a "father" of the Internet, he replies with the old saying, "Success has many fathers (and mothers); failure is an orphan."

Certainly, he is not resting on his laurels. He continues to look into the future of innovative technology, until recently serving as co-chair of the interagency Large-Scale Network Working Group and the international Coordinating Committee for Intercontinental Research Networks. He also heads up NSF's investigation into knowledge management and co-chairs the CIO Council's Best Practices Committee.

He is still looking to the future. "Not many in the '70s predicted the importance of the personal computer, nor, in the '80s, the importance of the Internet," he said. "Now personal computers and the Internet dominate information technology in the government--and everywhere else.

"What are we not predicting now for the next decade that will be as revolutionary as PCs and the Internet? Maybe it's modeling of complex systems (from cells to people to organizations to galaxies) by supercomputers. Maybe it's information itself," he suggested.

"I like to say that a CIO should now spend at least as much time on the 'I' as on the 'T.' Will we be able to turn information into knowledge that can be processed by our computers while being 'untouched by human minds?' Some predict that knowledge management will be as important in organizations' futures as IT is today."

A recognized IT leader in higher education before joining NSF, Strawn was a computer science faculty member at Iowa State University, where he received his PhD in Mathematics. He served as chair of the ISU Computer Science Department from 1983 to 1986, when the computer science program became one of the first in the country to be accredited by the Computer Science Accreditation Board. He was director of the ISU Computation Center from 1986 to 1995, when ISU became a charter member of the regional NSFNET network named Midnet (which eventually led to his coming to NSF).

Now, as CIO, he is pursuing new methods of scientific communication, collaboration and decision-making, And he sees changing roles for CIOs in the near future. "IT is of increasing strategic importance to the conduct of government, business and just about everything else."

"The CIO position has a chance to grow with the growing importance of the technology. This probably means a broader, more business-focused role for the 'new CIO,'" he said, noting that there is even talk about overlaps and conflicts between the CIO and the chief operating officer in some companies.

Still, the CIO's job offers many fundamental challenges in the everyday management of an agency's information resources, its integrated IT architecture and work processes. His greatest accomplishment as CIO, he said, will be to complete the automation of NSF core processes--proposal and grants management--a process that has been underway for more than ten years.

His biggest challenge is "to continue the never-ending task of finding and implementing the right IT solutions from among to new ones that are constantly emerging, to enable NSF to fulfill its mission more effectively and efficiently." Since the NSF mission is "to find and support the best projects to advance fundamental knowledge and understanding of science and engineering research and education," even the back-office support functions can be visionary.

The House Government Reform Committee issued a report on agency losses of personally identifiable information that detailed thousands of breaches of government computers since 2003.

Meanwhile, Karen Evans, OMB Administrator of E-Government and IT, announced more than 338 incidents of personal identity information loss between July and September had been reported to OMB. Most of the losses are not from attacks by outsiders, but are attributable to "people losing data," she said.

The Committee's Staff Report on Agency Data Breaches since January 1, 2003, issued October 13, detailed a wide range of incidents involving data loss or theft, privacy breaches, and security incidents. Agency responses to data losses appear to vary as well, with some--but not all--agencies notifying all potentially affected individuals. The report's major findings were:

• Data loss is a governmentwide occurrence--with all 19 federal departments and agencies reporting at least one loss of personally identifiable information.
• Agencies do not always know what has been lost or how many individuals could be affected and do not appear to be tracking all possible losses of data.
• Physical security of data is essential--The vast majority of data losses arose from physical thefts of portable computers, drives, and disks, or unauthorized use of data by employees, not from online hackers.
• Contractors are responsible for many of the reported breaches.

Reporting on agency data losses was in large part a response to the May 2006 revelation that computer equipment containing the personal information of 26.5 million veterans and active duty personnel were on a laptop stolen from the home of an employee of the Department of Veterans Affairs (VA). Since then, many other agencies revealed security breaches affecting thousands of individuals.

In response, the committee issued a request July 10 asking agencies to report on all incidents going back to 2003, and OMB issued a July 12 memorandum requiring that agencies report all confirmed or suspected data breaches within one hour of discovering their occurrence. Legislation to improve VA information management has been passed by the House and referred to the Senate Committee on Veterans Affairs.

Senior IT officials of the U.S., Canada, Australia, the U.K. and New Zealand met by videoconference on November 1 to discuss mutual concerns about personally identifiable information (PII). The two-hour discussion was the third quarterly international CIO meeting organized by the GSA Intergovernmental Solutions Division.

Participants discussed how the five national policies for dealing with privacy and the protection and use of PII were very similar in some ways, although each country takes a slightly different approach.

All five countries have policies in place covering the use of PII by government. New Zealand law has specific constraints on the use of government databases; the other four countries have national privacy laws dating to the 1970s and 1980s--before the Internet. Most countries also have specific policies regarding the collection and protection of PII. They reported that their citizens are of two minds about government collecting personal information. On the one hand, they don't want the government to maintain databases of their personal information; on the other hand, they want the convenience of being identified when they transact business with the government.

All five countries are dedicated to becoming increasingly citizen-centric and want to use PII to improve their service to citizens. The U.K. has published an Information Sharing Vision Statement that promotes information sharing specifically to deliver better services to the public. The government cites benefits including greater convenience in a citizen's everyday life, expanding opportunities for the most disadvantaged, protecting against fraud and reducing the burden on business.

Like the other countries, however, the U.K. also emphasizes limiting the reasons PII can be collected, restricting access to it and allowing individual citizens to control the "who/what/why" of how their information is used. The U.K. Information Commissioner is developing guidelines for assessing proposals involving personal data, and a framework Code of Practice that will help protect personal privacy.

Canada has adopted a governmentwide approach that requires "a broad consideration of all aspects of the issue to ensure proper protection of privacy and human rights." Specifically, it states

• PII is collected only when it relates directly to an operating program or activity with legislative or regulatory authority;
• The use of PII in any government program or service must also consider legislative context, regulations, relevant policies and program requirements;
• Any secondary use of PII must be justified by explicit consent by the client, specific legal investigative purposes, or emergency preparedness or disaster situations.

New Zealand's All-of-government Authentication Programme includes the creation of policy, law, standards, and shared services in relation to identity proofing for people. Policy drivers include: government efficiency and transformation and economic transformation. Unlike the other countries, New Zealand's policy is not driven by national security, illegal immigration or financial fraud concerns. Policy principles include privacy, security, acceptability, user-centricity, proportionality and disaggregation of data.

All five countries are developing codes, principles and guidelines to control PII use. Canada is considering a set of 11 pan-Canadian identity principles. In the U.S., the Presidential Identity Theft Task Force has issued a set of Interim Recommendations for protecting PII. Created in May, the task force was expected to issue final recommendations in November and to present an Identity Theft Plan to the President in February 2007.

The Australian Government e-Authentication Framework Privacy Principle provides that agencies will only collect personal information where necessary for the processes being undertaken and will conduct Privacy Impact Assessments. Australia's Privacy Act contains 11 Information Privacy Principles based on the Organization for Economic Co-operation and Development Privacy Guidelines, but it is being amended to better enable the sharing of personal information in emergencies. In addition, the Australian Privacy Commissioner regulates interagency data-matching.

The federal government has to do a better job of testing IT security controls and of coordinating cyber security research and development, according to two recent reports issued by the Government Accountability Office (GAO).

For one study, GAO surveyed 24 major agencies and conducted in-depth case studies on 30 IT systems. Its report, Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing, was released in November. It concluded that federal agencies "have not adequately designed and effectively implemented policies for periodically testing and evaluating information security controls."

"What this shows is that we have a long way to go to ensure Americans the information their government keeps about them is safe," Rep. Tom Davis (R-VA) said in a press release. "We're going to do this, but it's going to take time." Davis, chairman of the House Government Reform Committee, ordered the report.

Another GAO report, Coordination of Federal Cyber Security Research and Development, released in October, found the government needs to coordinate its cyber security R&D better and must improve its information sharing and collaboration efforts on the topic.

Most cyber security technologies are shortsighted and "offer only single-point solutions by addressing individual vulnerabilities," the report stated. "Research in cyber security technology can help create a broader range of choices and more robust tools for building secure, networked computer systems."

Cyber security research activities are widely distributed among many government agencies, standards bodies and the intelligence community. Funding is dispersed as well, and many organizations share policy responsibility for cyber security, according to the report. As a result, key information needed for effective oversight and coordination of cyber security research is not readily available.

GAO called on the director of the White House Office of Science and Technology Policy to establish firm timelines for completing the federal cyber security R&D agenda, as recommended in the 2003 National Strategy to Secure Cyberspace. It also recommended that OMB issue guidance to agencies on reporting information about federally funded cyber security research projects.

A national survey by the RAND National Defense Research Institute found that state and local governments have taken a number of steps to improve preparedness after the terrorist attacks on September 11, 2001, despite uneven funding support.

In the survey report, Combating Terrorism: How Prepared are State and Local Response Organizations?, RAND found many organizations conducting risk assessments and updating mutual-aid agreements and response plans for chemical, biological and radiological incidents.

"The events of 9/11 spurred response organizations not only to undertake preparedness activities for terrorism related incidents, but also to make general improvements in emergency response," the report concluded. "All these activities support overall preparedness for any catastrophic event."

Other survey findings included:

• Organizations varied in how they financed these efforts and in receipt of external funding.
• State public health agencies and emergency management services received federal support early in 2002, but first responders did not receive federal support until 2003.
• Organizations varied in their expectations about the role of the military and National Guard in a large-scale terrorist incident.
• Participation with the private sector in joint preparedness activities needs improvement, as does coordination between public health agencies and emergency responders.
• Organizations have high expectations for the Department of Homeland Security, particularly for funding support and for information about terrorist threats, even though DHS appropriations for homeland security assistance have been steadily decreasing.

The RAND National Defense Research Institute is a federally funded research and development center sponsored chiefly by the Department of Defense.

OMB released the latest Executive Branch Management Scorecards November 9 for the last quarter of fiscal year 2006, which ended September 30. Six agencies' scores on the e-government portion improved--two jumped two levels--while four agencies' scores dropped.

The 4th quarter e-government scorecard raised the Department of Transportation and the Small Business Administration from red, the lowest rating, to green, the highest.

The Department of State and the Environmental Protection Agency advanced from yellow to green for the quarter, while the Department of the Interior and the Department of Justice moved up from red to yellow.

NASA and the Departments of Agriculture and Health and Human Services dropped from yellow to red, while the Social Security Administration fell from green to yellow.

OMB evaluates agencies in four areas of the President's Management Agenda as well as e-government--workforce, competitive sourcing, financial performance, and budget and performance integration--rating them "green," "yellow," or "red" in each category. Green means an agency is implementing its initiatives as planned, yellow shows a need for adjustments to achieve the objectives in a timely manner, and red means an initiative is in jeopardy.

The Financial Services Integration Office in GSA--which manages the Financial Management Line of Business--issued a draft common governmentwide accounting classification structure to help agencies with their financial system modernization efforts. The new structure will standardize business processes and data elements in order to reduce the costs and risks of the government's financial management systems.

Adoption of the common accounting classification structure eventually will be mandatory. An agency will likely adopt the finalized structure when it implements a new financial management system, makes major upgrades to an existing certified system or moves to a shared service provider.

The classification structure eventually will be incorporated in requirements for acquiring core financial management systems so that software products will be configured to support the structure.

Comments on the draft are due January 17.

The U.S. Department of Homeland Security and the U.S. Department of Justice issued the first production release of the National Information Exchange Model (NIEM) November 1. NIEM is designed to improve public safety and homeland security, enhance the quality of justice and save money by enabling governments at all levels to share information during an emergency.

NIEM offers justice and public safety agencies the capability for real-time, secure, enterprise-wide information exchange to support decisions about border enforcement, passenger screening, port security, intelligence analysis, local law enforcement, corrections and other functions.

NIEM is not a software program or computer system; it is a set of standards surrounding information exchanges among and between government entities that allows disparate systems to share exchange, accept and translate information. It leverages the earlier work of the Global Justice XML Data Model.

The Wharton School at the University of Pennsylvania, and the MIT Sloan School of Management, and Person Education, a leading educational publisher, have invited millions of experts and others to collaborate online on a book about Web 2.0.

Web 2.0 refers to the next generation of the Internet, which allows communities to share ideas, experiences, music, videos, pictures, and other digital information online. The book will examine how Web 2.0 technologies, like wikis, blogs, and social networks, and the communities that use them, will change the future rules of business.

Entitled We Are Smarter than Me, the book will be written and edited online in a collaborative process similar to that employed by Wikipedia, the online encyclopedia. This "networked" book collaboration will allow all registered members of the community to edit, add, and delete content from the website.

The website www.wearesmarter.org combines collaborative tools commonly found on wikis with features for building online communities in which businesses can participate.

The We are Smarter than Me initiative was launched November 16. Within a few days, 1,000 participants had been registered and 40 related blogs had been launched. More than a million business school students, professors and alumni, as well as working professionals are being invited to participate.

Presidential Awards for Management Excellence: The Office of Personnel Management presented five departments with the highest honor for management excellence in executive agencies at an awards ceremony November 14. Recipients of the Presidential Award for Management Excellence were:

• Department of State for strategic management of human capital
• Department of Health and Human Services for expanded electronic government
• Department of Education for budget and performance integration
• Department of Transportation for competitive sourcing and for budget and performance integration
• Department of Labor for expanded electronic government.

Digital States Survey: For the second consecutive time, Michigan has been named the most digitally advanced state government in the Center for Digital Government's 2006 Digital States Survey of state governors and CIOs. States were evaluated on more than 70 measurements in four broad areas--service delivery, architecture and infrastructure, collaboration, and leadership--in their use of digital technologies. Other states ranking in the top five were: Virginia, Ohio, Utah and Arizona.

FCW Power Players: Federal Computer Week has identified the 12 most influential people in the government IT community. Topping the list are U.S. Reps. Henry Waxman (D-CA) and Tom Davis (R-VA), the incoming chair and current chair of the House Government Reform Committee. They are followed by Karen Evans, OMB Administrator of E-Government and IT, at second place, and Lurita Doan, Administrator of GSA, at fifth. "Many of them are influential partly because of the positions they hold," FCW said. "But often such people hold those positions because of the influence they have. But no one is on the list solely because of the position he or she holds."

ACT/IAC Awards: Renato "Renny" DiPentima, president and CEO of SRA International, received the American Council for Technology/Industry Advisory Council's Janice K. Mendenhall Spirit of Leadership Award for helping lead the IT community to improve government. The annual award was presented to DiPentima October 30 at the ACT/IAC Executive Leadership Conference. Other ACT/IAC awards went to:

• John Okay, president of J.L. Okay Consulting, Individual Contributor of the Year (Industry)
• Ira Hobbs, CIO, Department of the Treasury, Individual Contributor of the Year (Government)
• Carey Bandler, Director of Wireless Solutions for fSONA Systems, Rookie of the Year.

Also available in pdf 319 kb

National Electronic Commerce Coordinating Council Annual Conference
Sacramento, CA
December 4-6

Collaborative Expedition Workshop: Toward a Transparent Acquisition Marketplace
Arlington, VA
December 12

Scholarship for Service Job Fair
Washington, DC
January 9-10

IT Job Shadow Day
Contact: Doris.McGuire.ctr@osd.mil or 703-604-1489 X 109
February 1, 2007

Braintrust International 2007 Knowledge Sharing Summit
Cambridge, MD
February 26-28, 2007

Community 2.0
Las Vegas, NV
March 12-14

IRMCO 2007
Williamsburg, VA
April 29 - May 1, 2007

Comments: We welcome your feedback.

Please send your comments, concerns, complaints and questions to dotgovbuzz@gsa.gov.

Check out our previous editions at www.firstgov.gov/dotgovbuzz.html.

The DotGov Buzz is produced by the following individuals in the GSA Office of Citizen Services and Communications:

Darlene Meskell
Ted Cogdell
Bryant Jones
Ernestine Ramsay.