“We want to move the government from a paper-based model of cybersecurity to a continuous monitoring model,” she said May 21.

Speaking via Skype, Schlosser said continuous monitoring implementation will be a big focus the next two to three years. Filling in for U.S. CIO Steven VanRoekel, who was called in on official business, she echoed VanRoekel’s mantra the past weeks of innovate, deliver and protect.

Schlosser said the Office of Management and Budget wants federal agencies to move to a more headquarters-based authority to take advantage of commodity information technology services while minimizing duplication. Those savings, she said, can be reinvested in more mission-critical areas.

VA’s claims backlog

The Veterans Affairs Department has gotten the wrong kind of attention the past few months for the enormous backlog of claims it has to process. Stan Lowe, the department’s deputy assistant secretary for information security, has an idea that could help speed it up: increase the use of digital signatures.

Instead of relying on a paper system where documents need to be printed out and physically signed, Lowe wants to see more use of digital signatures – with employee identity verified using personal identity cards – to create more of a digital work environment.

“We use the digital signatures some, but not enough for my liking,” Lowe said.

Information sharing about trust

Donna Roy, executive director of the Department of Homeland Security’s National Information Exchange Model, said the future of information sharing largely hinges on the amount of trust people put into the process.

For example, in the Boston Marathon bombings, the images of the believed attackers were shared throughout social media. The trust comes in that citizens believe the information law enforcement is putting out is credible while law enforcement uses the information it receives back in a responsible way.

For instance, if the wrong people were publicly named, the system would have failed and there would have been consequences.

“For-profit industries already do this well,” Roy said, pointing to banks and credit cards that ensure card owners are not held responsible in the event of fraudulent purchases. “We need that same level of trust in government. If we can do that, there is no limit to what the information sharing environment can look like. And if not, we’ll always be hampered.”

Failure is not a word

When it comes to innovation, said Gadi Ben-Yehuda of IBM’s Center for the Business of Government, there is no such thing as failure. He quotes the old sports cliché, “I never lose the game. It just sometimes ends before I’m ahead.”

When an innovation project fails to reach its outlined goals, Ben-Yehuda said he takes it in stride, not seeing it as a failure as he was able to learn valuable lessons, built his rolodex and maybe got some ideas for the future.

“When you’re innovating,you can’t be afraid to fail,” he said. “You have to embrace it, because a lot of times that’s where the real breakthroughs come from.”

The new mobile offerings include Rapid Response 311, Mobile Communities for Government, Government Social Command Center and Platform Mobile Services for Government that will help the government connect on any device and any channel, said Dan Burton, the company’s senior vice president for government transformation.

“This is an indication of the fact that Salesforce is doubling down for government,” Burton told FedScoop. “We’ve focused on the mobile space a lot in the past, but this is specifically for government. This is taking things we’ve known to work and optimizing it for the federal government.”

The solutions, according to Salesforce.com:

• Rapid Response 311 – Based on the industry’s #1 customer service app, Salesforce Service Cloud, the new Rapid Response 311 solution enables government agencies to deliver outstanding service, improve agent productivity and resolve cases faster. Now, agents have quick and easy access to all of the pertinent information to manage a case on any channel – phone, email, web and social media. For example, the City of Elgin, Illinois is transforming how it manages winter snow cleanup efforts across the city by using Salesforce technology to pinpoint severely impacted areas and quickly resolve citizen issues.

• Mobile Communities for Government – Now agencies can create private and secure social communities to connect with other departments, agencies and external partners in entirely new ways. New Mobile Communities for Government will combine social networking features — such as profiles, real-time feeds, trending topics, recommendations and influence measurement — with the critical business information and processes found in Salesforce. Enabling secure, immediate collaboration across government dramatically improves productivity, transparency and efficiency. For example, the FDA is piloting Mobile Communities for Government to transform and streamline the federal approval process for drugs and medical devices.

• Government Social Command Center – Based on the industry’s #1 social media monitoring and engagement solution, the Salesforce Marketing Cloud is enabling federal, state, and local government agencies to transform how they communicate and engage with citizens. Now, agencies can connect with citizens in real-time wherever they are most engaged, whether on social networks, websites or mobile devices. The City and County of San Francisco, for example, uses insights derived from social media to measure sentiment and policy-impact in real-time so that it can quickly respond to citizens’ priorities.

• Platform Mobile Services for Government – Government IT can now build, integrate and deploy any government app that makes data available on any device. From personal productivity apps to full-blown enterprise apps such as project management, constituent service, budgeting and finance planning, Platform Mobile Services for Government allow government IT teams to focus on solving issues, not managing infrastructure. The GSA has already built over 100 custom government apps on the Salesforce Platform.

According to Ambassador R. James Woolsey, chairman, Woolsey Partners LLC and former director of the Central Intelligence Agency, we should be more concerned with the safety of our electric grid than with any other critical infrastructure component.

Why? Even a small detonation of a nuclear blast over the United States can seriously damage and destroy a substantial degree of the electricity connections holding together the electric grid. A relatively low-level attack, launched only by a weather balloon, could take out approximately 70 percent of the nation’s grid in one blast.

The failure of the nation’s electric grid will cause a chain reaction, bringing down all 17 critical infrastructures with it, Woolsey said. North Korea, China and Iran all possess or are in the process of acquiring these capabilities.

In discussing what steps are required to mitigate the possibility of the aforementioned attacks and whether a National Institute of Standards and Technology cyber framework will suffice, Woolsey said “with this kind of problem, we have to have a national policy and a national commander in chief.”

Rep. Marsha Blackburn (R-Tenn.), overseeing the May 21 committee hearing, favored the industry-led, multistakeholder cyber framework underway at NIST. “[O]ur focus should be on developing consensus based public policy that puts American business in the driver’s seat,” she said.

At the heart of the debate is whether standards will provide enough incentives for industrywide adoption or if government regulation via new cyber legislation is required.

Patrick Gallagher, director of NIST, was optimistic about the agency’s ability to create a robust framework to protect U.S. critical infrastructure within executive order 13636’s mandated one-year time frame.

For Gallagher, an effective framework must be developed through an industry-led process, open and transparent to all stakeholders. NIST standards are not synonymous with regulation. The industry-driven standards embedded in a NIST cyber framework would not be static, but could adapt to meet technological developments and performance requirements.

A multistakeholder approach to cyber standards will significantly bolster the relevance of the resulting framework to industry, making it more appealing for industry to adopt, Gallagher said.

Despite Gallagher’s optimism, many of the senior industry personnel in the following panel disagreed. Dave McCurdy, president and CEO of the American Gas Association and former chairman of the House Intelligence Committee, Mike McConnell, vice chairman of Booz Allen Hamilton and former director of National Intelligence, and Woolsey advocated strongly in their testimonies for additional cyber legislation, weary of standards lacking enforcement power.

“[P]ut it in law what you don’t want to happen,” McConnell suggested.

“The problem is that sometimes that regulation is overly specific about a technology and ends up hindering rather than helping companies to be optimally secure,” said Phyllis Schneck, vice president and chief technology officer of McAfee’s global public sector. “We urge the adoption of a faster review process, possibly an annual review of rules, and we also urge that regulations be outcome-based. For sectors not already regulated, we urge information sharing, innovation, and positive incentives.”

GAO would like this FY2014 budget.

OK, it’s officially a disaster.

A partnership is born: Time to reduce the backlog of compensation claims for vets.

Five tribal clean-energy projects.

You have the job, now swear to do it.

Interagency film agreements.

Funds to improve Arizona’s neediest schools.

DOD robotics competition:

Search and rescue ops in Oklahoma:

Amazon Web Services Vice President of Worldwide Public Sector Teresa Carlson (Photo: David Stegon/FedScoop)

Amazon Web Services became the first vendor to receive agency authority to operate under the Federal Risk and Authorization Management Program when the Health and Human Services Department granted the company two ATOs.

The authorizations will allow all federal agencies to leverage the company’s approved ATO packages stored in the FedRAMP repository, the company said May 21.

“We feel like this is a tipping point for government agencies where they can begin to take advantage of a large commercial providers like AWS,” Teresa Carlson, vice president of worldwide public sector for AWS, said in an interview with FedScoop. ”We’re here. We’re ready to go, and we’re open for business.”

Two vendors – CGI and Atomic Resources – have previously received ATOs, but both did it through FedRAMP’s Joint Advisory Board. FedRAMP officials have said the agency authorization model will become more of the standard as the FedRAMP model matures.

One of the ATOs covers the GovCloud region of the company’s infrastructure while the other the U.S. East/West regions of the cloud infrastructure.

Within those boundaries, agencies can use Amazon’s EC2 compute cloud, Simple Storage Service and Elastic Block Store, as well as its Virtual Private Cloud.

With this distinction, AWS has demonstrated it can meet the FedRAMP security requirements and as a result, an even wider range of government customers can leverage AWS’s secure environment to store, process and protect a diverse array of sensitive government data.

“The FedRAMP requirements raise the security bar for the agencies, results in uniform evaluations, and will provide government entities with immediate benefits of using the AWS Cloud,” said Stephen Schmidt, AWS chief information security officer.

The Veris Group served as the independent third-party assessment organization for the authorization.

“HHS worked closely with the FedRAMP program office and AWS to achieve FedRAMP compliance,” said Kevin Charest, HHS chief information security officer, in a prepared statement. “Utilizing the FedRAMP templates, HHS was able to maintain security requirements while achieving economies of scale.”

He continued, “HHS is pleased to be one of the first federal agencies to go through the FedRAMP process, and to issue an agency FedRAMP ATO. Our collaborative approach allowed all of HHS operating divisions to leverage that ATO and thereby reduce duplicative efforts, inconsistencies, and cost inefficiencies associated with current security authorization processes.”

Federal agencies who want to review and leverage the authorization package, can complete the form located here and email it to info@FedRAMP.gov with the subject title “Leverage Authorization.”

According to AWS, more than 300 government agencies and 1,500 educational institutions now use the company’s services.

U.S. CIO Steven VanRoekel (File photo: David Stegon/FedScoop)

U.S. Chief Information Officer Steven VanRoekel has been asked by Office of Management and Budget Director Sylvia Burwell to lead OMB’s management team on an interim basis until a new deputy director for management is selected, a White House official confirmed to FedScoop.

According to OMB spokeswoman Ari Isaacman Astles, during this period, VanRoekel will remain the U.S. CIO and administrator of the Office of E-Government and Information Technology.

Deputy Controller Norman Dong will lead OMB’s Office of Federal Financial Management in Danny Werfel’s absence.

VanRoekel was scheduled to give a keynote address at the Management of Change conference in Cambridge, Md., on May 21, but canceled the day before. U.S. Deputy CIO Lisa Schlosser spoke to the conference via Skype in his place.

VanRoekel has served as federal CIO since 2011, a role in which he’s instituted projects such as the Digital Government Strategy, the recently released open data policy and PortfolioStat.

Before coming to the White House, VanRoekel served as executive director of citizen and organizational engagement at the U.S. Agency for International Development and as managing director of the Federal Communications Commission following a successful career at Microsoft where he at one point worked as an adviser to Bill Gates.

The Doors will forever be Jim Morrison’s band, his writing and baritone voice the hallmarks of one of the most controversial – and greatest bands – to ever exist.

But second to Morrison, one could argue the biggest key to the beauty of The Doors was the playing of keyboardist Ran Manzarek, who died Monday at the age of 74.

There are surely many writers greater than I who can properly eulogize Manzarek and his work with The Doors, so I’m going to keep it in the context of my own experience – that of a 31-year-old who, to put it simply, loves the band even though it’s been 42 years since Morrison’s death and the end of the band.

I found The Doors a few years back when I began to grow tired of the Top 40 and sports talk radio that filled my commutes. For a break, I began listening to a classic rock station on the radio, putting it on as I did household projects on the weekend just for a change of pace.

At night, I would look up the songs that stood out on YouTube, re-listening to the songs I heard and digging deeper into the playbooks of the bands I liked. I’d then turn to iTunes to download the ones I liked the most and that included The Doors, along with bands such as Pink Floyd, The Animals and anything else that stood out.

The Doors, for me, were just cathartic to listen to — the perfect music to listen to while going on a long drive from my home near Quantico (a good 45 minutes into D.C. under the most perfect of conditions) or even to put on during my work hours as Morrison’s lyrics served as stimulation for my own writing on days when the words struggled to come.

To give Morrison all the credit, though, is not particularly fair despite his greatness as a songwriter and singer. He was paired with amazing musicians who helped bring to life his vision, and no one did that better than Manzarek who coupled with guitarist Robby Krieger provided the foundation of the group’s sound.

Jon Densmore, the band’s drummer, said as much.

“There was no keyboard player on the planet more appropriate to support Jim Morrison’s words,” Densmore wrote following the announcement of Manzarek’s death. “Ray, I felt totally in sync with you musically. It was like we were of one mind, holding down the foundation for Robby and Jim to float on top of. I will miss my musical brother.”

The keyboards played strongly in the majority of songs from The Doors, bringing energy in classics including “Light My Fire” – a song I had the DJ play at my wedding – and providing depth in longer songs like “The End” and “When the Music’s Over.”

Manzarek provided an extra element to the band’s sound not regularly heard as keyboards – even in that era – tended to be more of a background accompaniment than a featured player. His musicianship, though, helped bring the band to life for someone nearly a half century after they stopped making music.

There’s a reason the classics are in fact classic. The Doors fit into that category because in some way of Manzarek.

So if you’re not a fan of the band, take 10 minutes today, listen to the YouTube clip above and dig into their library. The rabbit hole is deep, but it’s unlike anything else you’ll find musically.

FedScoop’s Luke Fretwell and Red Hat U.S. Public Sector Chief Technology Strategist Gunnar Hellekson discuss the latest in federal government open source software. (Archive · RSS)

This episode

Data.gov Evangelist Jeanne Holm discusses open data, economic benefits, the new executive order and related milestones and the continued migration to the CKAN open data platform.

Sen. Claire McCaskill, chair of the Senate Subcommittee on Financial & Contracting Oversight. (File photo: McCaskill Flickr)

(This story was updated May 21 to include a comment from Dan Cruz, GSA spokesman) 

The federal government may have been be tightening its purse strings in the past few years, yet some senior-level employees have been receiving substantial cash bonuses – funded by taxpayer dollars, according to a new report.

Released May 18, Sen. Claire McCaskill’s (D-Mo.) report revealed the federal government doled out more than $340 million on bonuses for members of the Senior Executive Service between 2008 and 2011 – a practice the senator called “outrageous.”

“The idea that some of the highest-paid federal government employees could be getting bonuses while others are being furloughed is outrageous,” said McCaskill, who introduced bipartisan legislation that would stop bonuses from being awarded during sequestration.

Although SES employees make up less than 1 percent of the federal workforce, they received more than 4 percent of the total amount of federal dollars spent on employee bonuses during that time period, according to the report.

The report findings also showed a majority of SES members receive a bonus. In 2011, 6,519 members of SES received a bonus, which totals more than 80 percent of all SES employees.

On average, the General Services Administration awarded the most performance awards, giving out more than $1.1 million in bonuses to SES employees in 2011. GSA awarded an average of 1.6 bonuses to each SES employee at the agency.

In commenting on the report, GSA spokesman Dan Cruz said Acting Administrator Dan Tangherlini last year as part of an agency operations review reduced executive bonuses by 85 percent. In addition, the performance awards system as a whole has been reviewed, and the new GSA leadership has worked to overhaul the system.

“As a result, GSA no longer has peer-to-peer awards,” Cruz wrote in an emailed statement. “Under this administration, GSA bonuses are coming down to their lowest levels in five years.”

Other federal agencies that on average awarded at least one performance award for every SES employee in 2011 include the Labor Department (1.2 awards per SES employee), the National Science Foundation (1.1 awards per SES employee), and the Department of the Navy (1.02 awards per SES employee).

Although most bonuses have been frozen for the federal workforce, under current legislation agencies must pay bonuses to SES employees who meet certain performance criteria. However, McCaskill’s legislation would stop performance award bonuses for SES employees during the across-the-board budget cuts.

Released May 20, the Software & Information Industry Association’s white paper, “Data Driven Innovation: A guide for policymakers,” details the costs and benefits of data-driven innovation, providing a roadmap for public policy that encourages data-driven innovation while addressing security and privacy concerns.

The paper calls on policymakers to proceed carefully and avoid policies that aim to curtail the use of data “as they could stifle this nascent technological and economic revolution before it can truly take hold.”

Policy recommendations include:

Data-driven innovation requires a policy framework that provides for an evolving view of privacy rights: Policymakers should consider the opportunities and challenges of DDI, while balancing the spectrum of privacy laws and potential privacy risks. They should also recognize socially acceptable norms of privacy are evolving along with technology.

The principle of data minimization should be re-interpreted in light of DDI: Combining technological privacy methods and adhering to responsible data principles can create an effective framework for data minimization, balancing privacy with innovation and accounting appropriately for risk.

Policymakers should encourage de-identification as a way to balance the needs of DDI and privacy protection: Often, when personal information is collected, it can be de-identified in a way that does not affect its value or utility. Public policy should encourage this de-identification where appropriate, but avoid overarching mandates to this end.

Uniform rules should not apply broadly to the collection of personal information and the role of consent: Policymakers should consider the viability of obtaining informed consent and be targeted and specific about which circumstances require explicit consent when collecting personally identifiable information.

Policymakers should promote technology neutrality and avoid technology mandates: For innovation to flourish in the DDI ecosystem, technological neutrality is a must.

Open standards are critical enablers of DDI, but they must continue to evolve through industry-led standards development organizations, not governments: Government can play a key role as a facilitator and convener, applying open standards practices to its own data, and encouraging and facilitating agreement around open standards. Nonetheless, government should avoid enacting policies imposing requirements around specific technical standards or trying to create new standards where none existed prior.

Policies should allow data collectors and controllers to work with data management and analytics suppliers to comply with privacy and security rules through contracts across varying jurisdictions: Government should allow data policy frameworks to interoperate to ensure data management and analytics services can be provided across borders and jurisdictions.

Policies must continue to balance the need of protecting the privacy of students, while enabling DDI to greatly enhance the teaching and learning experience: Students and educational institutions benefit from technology-based educational products and services through cost savings and more efficient teaching methods. Providers of technology-based educational products often use technology to improve their services. Policies should carefully balance the need to adequately protect children’s privacy without undermining the ability of these providers to leverage DDI.

Governments should adopt policies that leverage DDI to make government more efficient and reduce waste: Policies should increase the use of data analytics to make strategic decisions, encourage research and development around data science and encourage training for data scientists and professionals.

Governments should continue to embrace open data policies and public-private partnerships that maximize access to critical public data: Government should encourage open data policies, use public-private partnerships to provide access to critical public data and adopt enterprise architectures that enable sharing. These steps will put public sector data to innovative uses.