Seven people to watch in 2007

Impact in '07: Border management veteran Bob Mocny faces continued scrutiny from Congress and oversight agencies as well as a tight schedule to roll out upgraded systems within a restricted budget.

In addition to running daily U.S. Visit operations, Mocny's highest priority will be managing the program's migration from a two-fingerprint biometric database to a 10-fingerprint system. A key element of that upgrade will be selecting and deploying some 3,000 new fingerprint readers.

U.S. Visit officials expect to issue a request for proposals for the fingerprint readers within a few weeks. After the initial vendor selection, officials will conduct a flyoff to choose contractors for fingerprint readers.

One problem Mocny faces is delays in deployment of a biometric exit system to keep track of travelers leaving the country.

'We haven't abandoned the exit [phase of U.S. Visit],' Mocny said recently. 'One of our priorities is to put it in airports. It is easier in an airport [than at land ports of entry and exit], because we have an environment for processing [travelers].'

In 2007, Mocny also will likely lay the groundwork for a 'global security envelope' of identity management that involves international sharing of standardized biometric data. This program involves continued negotiations with European and Asian authorities as well as talks with privacy advocates here and abroad.

As a federal career employee and an acting director of the program, Mocny may lack the political slugging percentage to shift the course of U.S. Visit in 2007.
But Congress, secretary Michael Chertoff and the program's many other overseers already have set the agenda, and Mocny will be judged on how smoothly he keeps the program on track.

Mike Smith, Homeland Security Department and Security Line of Business program manager

Impact in '07: As the program lead for the IT Security Line of Business Consolidation effort, Mike Smith, a Homeland Security Department IT program manager, will need to act more like a conductor than a traditional program manager to ensure the initiative takes off.

'The biggest challenge the LOB has is pulling this conventional community together and going in a nonconventional direction,' Smith said. 'I need to get security professionals to work together as a team, and look at the federal government as an enterprise.'

The LOB will take shape in April when the shared-services providers in two of four areas'training and Federal Information Security Management Act reporting'of the initiative begin supplying services.

Smith led the Security LOB task force over the past two years, which decided on the shared-services providers and decided the minimum requirements that the SSPs will provide.

'We tried to find commonalties across the enterprise to find out how best to satisfy the requirements of most agencies,' Smith said.

Starting in April and continuing over the next 18 months, agencies will hire the SSPs as their contracts with private-sector vendors for security training or FISMA reporting expire. The SSPs also will expand to ensure they can meet every agency's needs.

Smith also will lead the formation of two new working groups that will analyze the government's requirements for Tier II training, and situational awareness and incident response in preparation for the fiscal 2009 business case submission to the Office of Management and Budget. Tier II training includes certifications, role-based training and specific training for chief information security officers and their staffs.

Additionally, the LOB will re-evaluate the findings of the 2005 task force for the fourth area of the initiative, security solutions. The security solutions area will provide a common methodology for evaluating security tools so each agency does not have to go through the process from scratch each time it acquires security products or services.

Rep. Henry Waxman (D-Calif.), chairman of the Government Reform
Committee

Impact in '07: Waxman alerted agencies even before the elections that he would scrutinize large federal contracts when he introduced his Clean Contracting Act. He pledged to bring it before the next Congress and conduct hearings to reduce waste, fraud and abuse in federal contracting.

'I plan to pursue legislation that increases competition, prevents unjustified award fees and strengthens oversight,' Waxman said.

Although he has indicated that problem contracts awarded for rebuilding Iraq and the Gulf Coast are first in his crosshairs, IT components of large problematic contracts will come under scrutiny as well.

The administration has relied extensively on IT vendors, and Waxman will examine potential harm done in some of those relationships that have not been addressed before, said Bob Woods, president of Topside Consulting and a former commissioner of the General Services Administration's Federal Technology Service.

When problems occur, such as data breaches, investigating them will be a more contentious process, and protecting personal data and privacy will rank high, Woods said.

Rep. Tom Davis (R-Va.), former chairman and now ranking minority member, had a big handicap conducting oversight because he couldn't look like he was questioning the administration, said Stan Collender, managing director of Qorvis Communications LLC of Washington. Waxman will not have that problem.

'He will have a freer hand and will not be taking calls from the White House,' he said.

Olga Grkavac, executive vice president of the Information Technology Association of America, anticipates heavy IT oversight early on.

'We hope this is not a gotcha situation,' she said.

Oversight will need an upside, Collender said.

'If the hearings look like witch hunts, he will lose support. But if they are more important, substantive and produce results, he will have tremendous support for doing more of them,' he said.

Gregory Garcia, Homeland Security Department's assistant secretary for cybersecurity and telecommunications

Impact in '07: The business community finally has received what it spent three years asking for'a person high up enough in the DHS power structure to make a credible commitment to protecting the nation's IT infrastructure.

Now, Gregory Garcia just has to make sure the nation's telecommunications systems and computer networks don't get taken down by either natural or man-made disasters.

One of Garcia's top priorities for 2007 is to use his position as a bully pulpit.
'I want to help develop a well-informed public at both the enterprise level and individual consumer level,' Garcia said. 'It's a matter of getting out and talking. Doing a lot of talking.'

Garcia will work with the Office of Management and Budget this year to 'raise the bar for federal agencies' on implementing sound security practices.

But his responsibilities extend beyond government cybersecurity. Garcia also will try to build a public-private partnership that will let government and industry coordinate incident responses in the face of an attack or disaster. He also will establish a new national office of emergency communications.

'[The office] is dedicated to emergency and interoperable communications; that is an added bonus to my portfolio,' he said.

Kevin Messner, associate administrator in GSA's Office of Congressional and Intergovernmental Affairs and Governmentwide Policy

Impact in '07: With the GSA administrator's decision to combine the Office of Governmentwide Policy with the Congressional and Intergovernmental Affairs Office late last month, Messner walks into a new role in shaping how GSA supports e-government and the Lines of Business. He said the goal is to make GSA work better by intertwining policy, legislation and regulations.

'Strong communications along the entire line of legislation, regulations and policy is very important,' said Messner, a political appointee and a former Capitol Hill chief of staff who has mechanical engineering and international management degrees. 'GSA is uniquely situated to affect government in many aspects because legislation feeds regulations, which feeds policies, and the feedback among the three needs to continually happen.'

But some observers think GSA merged the offices to have a political appointee act as a buffer with the Office of Management and Budget's IT and E-Government office.

For many years, OMB has used OGP as its operational arm to move initiatives forward, but GSA administrator Lurita Doan isn't happy with that role.

'The idea around the merger was focused on the One GSA policy that Doan is pushing,' said a senior IT manager, who requested anonymity. 'OGP was founded on objectivity, but there will be more of a conflict with the merger.'

Larry Allen, executive vice president of the Coalition for Government Procurement, an industry association in Washington, said Messner's biggest challenge is to ensure agencies and vendors understand OGP's role in and out of GSA.

Neil Fox, a former GSA procurement official, agreed with Allen's assessment, and added that a lot of OGP's work over the last year moved to the Federal Acquisition Service so Messner must clearly define the new office's role.

Air Force Lt. Gen. Robert Elder Jr., commander, Air Force Cyberspace Command

Impact in '07: Cyberspace is the new frontier in warfare, and Lt. Gen. Bob Elder is the sheriff who will lead the posse.

Already the commander of the 8th Air Force, based at Barksdale Air Force Base, La., and joint functional component commander for global strike and integration for U.S. Strategic Command, Elder now is the nation's first cybergeneral.

'Our first priority is to establish cyberspace as a warfighting domain characterized by the use of electronics and the electromagnetic spectrum,' Elder said. 'The Air Force now recognizes that cyberspace ops is a potential center of gravity for the United States and, much like air and space superiority, cyberspace superiority is a prerequisite for effective operations in all warfighting domains.'

How Elder goes about building the military's capability to wage offensive war in cyberspace is what will be answered over the next 12 months.

The evidence has been increasing in recent months that nation-states such as China, North Korea, Iran and other countries hostile to the United States are probably funding, if not actually carrying out, many of the millions of probes of DOD systems launched each day.

'We are already at war in cyberspace,' said Lani Kass, director of the Air Force's cyberspace task force, when Elder was appointed. 'Having a [commander] there that thinks about this issue exclusively, focuses not only his organizational capabilities but his mind as a warfighter, he can not only respond to the threat of today, ... he can plan and think about the fight we are going to be in tomorrow and the day after tomorrow and 20 years out.'

Robert Howard, CIO of Veterans Affairs Department

Impact in '07: Veterans Affairs Department CIO Robert Howard will be in the spotlight this year for how well he delivers on pledges to make VA a model for IT security. He stepped into his position just as VA was pilloried in congressional hearings for gaping holes in data security and lack of enforcement following the theft of a VA notebook PC containing the personal data of 26 million veterans.

The data breaches ended up being a catalyst for overhauling VA's IT environment. VA secretary James Nicholson directed that the department CIO assume authority for IT management, operations and application development from the health, benefits and burial administrations. Howard also gained enforcement authority over IT security.

Nicholson's actions to centralize VA's IT authority could establish a model for other large, decentralized agencies, according to the former chairman and now ranking member of the House Veterans' Affairs Committee, Steve Buyer (R-Ind.). But Howard must do the heavy lifting to make it happen.

'We do need one thing, and that's time, and we don't have that,' Howard said.
This year, Howard will move applications development personnel under his authority and complete more activities from its Data Security Assessment and Controls program to implement VA data security controls, resolve IT material weaknesses and create an environment of vigilance, he said.

He hopes to use the example of VA's transformation of health care into the gold standard for data security.

At the same time, Howard will advance plans for the development of HealtheVetVistA, VA's modernized version of its electronic health record, and its Financial and Logistics Integrated Technology Enterprise, its financial management program to replace the failed CoreFLS system.