GovernmentExecutive.com

Information sharing is the "top imperative" of federal chief information officers, said a top Defense Department IT official on Monday. But progress will be stifled as long as agencies regard information sharing and security as mutually exclusive, said the Pentagon's deputy chief information officer.

The latest innovations in networking operate on the premise that the Internet is dynamic, not static, and that it enables the exchange of information in real time. This concept, known widely as Web 2.0, has not been lost completely on the federal government. In 2002, President Bush included in his management agenda an e-government strategy that identified governmentwide initiatives to integrate agency operations and information technology investments. Two years later, he initiated lines of business to encourage integration and consolidation in key IT areas of government.

Federal employees recognize the opportunities for cost savings and improved efficiency through such efforts, but are often reluctant to relinquish ownership over information and applications. They view security and information sharing as a balancing act, which is the wrong analogy, said Dave Wennergren, Pentagon deputy CIO, during a panel discussion at the Information Processing Interagency Conference.

"You make data discoveries [and] change the world very quickly," he said. "That's the power... [But] there's this cultural issue about willingness to share information. We're getting it, but it's hard. [As] the fabric of the organization changes, we need to change our mindset."

Indicative of such change is the prevalence of social networking Web sites and the foresight in industry and pockets of government to recognize their potential. Most large IT vendors maintain a presence in the virtual world Second Life to market their capabilities and recruit employees, and IBM created a Facebook.com page for its developer community. Storage vendor EMC hired communication coaches with backgrounds in psychology and human resources to help those resistant to change acclimate to the new environment. "It's like learning how to swim," said Chuck Hollis, EMC's senior vice president of strategy. "We're working people into the pool slowly, a little at a time."

Government is moving gradually in that direction as well, with agency MySpace pages growing in number. But the government's tendency to block access to information to maintain security stymies progress, Wennergren said.

"The easy security answer is 'nothing goes out and nothing comes in.' But [by] definition, this is a self-afflicted denial-of-service attack. If you think Second Life is a game, you may be missing the point," said Wennergren. "This idea that 'we'll just limit what our employees do' is very simplistic. We have to think differently if we're going to get over the hump."

COMMENTS

• Rob could hardly be more correct. Many agencies collect specific information with limits explicitly put by Congress on both use and disposition. There are often extensive agreements and maybe more importantly, understandings, of how information may be used and with whom it may be shared. If an agency has been collecting data promising that it will be used only collectively and a 3rd entity then acts on that information and gives a business an advantage or disadvantage over others, someone's head will roll. It won't be the IT guys’. A user down the line has no way to learn all the nuances of these issues from an agency two levels back. Imagine if CBP made all the information it had on commercial importers or individual aliens medical information available to every local police department or the FBI or if the Labor Department passed that information to unions in FOIA requests. See chaos in an office near you soon. The wholesale voluntary compliance the government now relies on in a lot of areas could evaporate if the promises made with the information requests evaporated. Just because you can do something does not always make it a good idea. Jim Kaley Posted March 6, 2008 8:36 PM
• I don't blame agencies for not wanting to share information with other agencies. Given that some agencies are better stewards of private information than others, and given the severe criminal and civil penalties associated with the unauthorized release of protected information under the Privacy Act, the Trade Secrets Act, Graham-Leach-Blilely Act, and others, I find it incredible that any agency would rush into an arrangement in which they were "giving up the keys to the castle" for any reason other than a court order. Efficiency in Government is not always a good thing. Democracies are inherently inefficient, but a well-run totalitarian state could save the taxpayers a bundle. In short, be careful what you wish for. Rob Posted March 6, 2008 1:15 PM