Outgoing Federal CIO Warns of 'IT Cartel' In DC

CWmike writes "In a wide-ranging discussion Friday with President Barack Obama's top science advisors, Federal CIO Vivek Kundra warned of the dangers of open data access and was sharply critical of government IT contracting, telling the committee: '...We almost have an IT cartel within federal IT' made up of very few companies that benefit from government spending 'because they understand the procurement process better than anyone else.' He added: 'It's not because they provide better technology.'"

And this applies exclusively to IT.

Not any other area of federal contracting. No sir, this is exclusively an IT problem...

Re:And this applies exclusively to IT.

[robbyb20]

Sorry, but hes the CIO. He should have no comment on any other part of the government since what he says wouldnt be valued by the public eye since its "not his area of expertise" We are lucky he even said this. Should the CIO of a company be calling out the Marketing Dept? How about HR?

Re:And this applies exclusively to IT.

[BuildingSnowmen]

Exactly. How does it work again?
1.) Get lowest bid proposal from committee insider.
2.) Make slightly lower bid to win contract.
3.) Win contract, and use money from contract to fund committee insider's re-election campaign.
4.) Rinse, repeat.

Re:And this applies exclusively to IT.

[poetmatt]

I still don't get it though. What the hell does being good with contracting have to do with open data access? Granted, both are issues, but they don't really seem to go together.

Re:And this applies exclusively to IT.

[alexborges]

Everyone in the know will tell yo: in IT its easyer because nobody can properly audit IT purchases. Purchase decisions in our field tend to be subjective.

As subjective as a brand new Mercedes 510 at the doorstep of the procurement decision maker.

Re:And this applies exclusively to IT.

[rtaylor]

In (most of) Canada we don't even open the bids until after the closing date. They sit in sealed envelopes.

Makes #1 impossible.

I would be surprised if the process wasn't similar in the US.

Re:And this applies exclusively to IT.

[topham]

Bahahaha.

In Manitoba we have a system in place on how to handle bribes ethically.

not kidding, and it's fucking sad.

Re:And this applies exclusively to IT.

[h4rr4r]

If he sees problems there, hell yes.
This whole BS MBA compartmentalized mentality is killing America.

Re:And this applies exclusively to IT.

[kaizendojo]

I would hope that the janitor would be able to call out the CIO if he found him to be wasting company resources. At least that's th way W. Edwards Deming saw it, and I've always been inclined to agree. He said that the most important people in the company are usually the lowest on the corporate pyramid because they have day to day contact with the customer. All workers need to be empowered to be part of the quality control equation becuase they all function within the system. It seems to have worked quite well for Japan and many of the other Asian nations...

Re:And this applies exclusively to IT.

[Daniel_Staal]

They don't. He just happened to talk about both.

Re:And this applies exclusively to IT.

[grub]

Mayor Katz, is that you?

Re:And this applies exclusively to IT.

[mswhippingboy]

Exactly. How does it work again? 1.) Get lowest bid proposal from committee insider. 2.) Make slightly lower bid to win contract. 3.) Win contract, and use money from contract to fund committee insider's re-election campaign. 4.) Rinse, repeat.

Close.

However, item 2 is not a requirement. A lot more goes into deciding who gets the contract than lowest bid (such as how much the contractor donates to the congressman's campaign).

Re:And this applies exclusively to IT.

[cayenne8]

Somewhat.

But his larger point of knowing how to use the system and apply for the contracts...is what keeps the major few companies as being the only IT companies doing business with the feds.

The hoops you have to jump through are many. The larger contract houses have staff devoted to NOTHING but writing proposals. The small guy, cannot compete with this.

And even when there are contracts dedicated to SM's....the only way that truly works, is, the larger contract houses, *back* the small business and join to them...basically using them as a front to get the bids on the small business contracts.

They generally find a small company, it must be female or minority owned about 99% of the time, to get federal consideration.....then, the big guys basically do most of the proposal work, and the so call PRIME contractor that wins...gets a good kick of money in, but they really aren't in control of anything.

Happens all the time.

You'd need to rewrite the oversite rules...somehow...to try to prevent this. To make the application process simpler....but I don't see that happening any time soon. But, ever since they've been trying to make mandates that the Federal govt workers be more oversite and managers, rather than hands-on tech, you're gonna see more and more of this.

That and the situation that really kills the small companies off....is the hesitance of the feds to hire individual contractors as 1099's directly....they'd rather hire a large IT company which then wires the 'contractors' as W2 employees....giving you essentially the worst of both worlds.

You don't get the bill rate you should get as a true contractor, but you do get the lack of stability of a contractor. This bastardization of the contracting paradigm has really hurt things....

Re:And this applies exclusively to IT.

I would be surprised if the process wasn't similar in the US.

I live in Minnesota, and I wouldn't be. There is something of an epidemic of corruption in my nation's state and federal governments. It is Standard Operating Procedure to do exactly what BuildingSnowmen says:

1.) Corrupt contractor get's lowest bid proposal from corrupt committee insider.
2.) Corrupt contractor makes slightly lower bid to win contract.
3.) Corrupt contractor gives kick-backs to corrupt committee insider to fund committee insider's re-election campaign.
4.) Rinse, repeat.

If it's not exactly this, it's something like embezzling, tax evasion, or pay-offs by massive Ponzi scheme operators. We have Tom Petters. We have Denny Hecker.

We had an Interstate Highway (I-35) bridge collapse into the Mississippi River. Last Independence Day we had an Interstate Highway (I-94) buckle and rip open during evening rush-hour traffic.

The entire United States should be looking at Minnesota, and watching very carefully.

Re:And this applies exclusively to IT.

As someone who works for a government contractor, honestly a lot of the "military-industrial complex" conspiracies aren't really certain companies in bed with the government.

It's just that only certain companies are willing to deal with the government's bullshit and have effectively built a business out of dealing with government bullshit.

The funny thing is that a lot of the BS was put into place to try and save taxpayers money by preventing companies from ripping off the government - but in the end, there's so much paperwork and overhead that on average, the taxpayer spends FAR more than the era where 90% of companies were efficient and 10% ripped off the government. Now it's more like 0% are efficient and 1% are actually ripping off the government.

Re:And this applies exclusively to IT.

[AvitarX]

You missed the part where you over-run the cost by a factor of 2-3 (thought the slightly higher bid was by a company with integrity that wouldn't of done such).

Re:And this applies exclusively to IT.

[interkin3tic]

Not any other area of federal contracting. No sir, this is exclusively an IT problem...

Don't put words in his mouth. He didn't say that. It also does not need to be a problem exclusive to one area to be a problem worth commenting on specifically.

Re:And this applies exclusively to IT.

[jellomizer]

If federal government is anything like New York state I would agree (I would expect the feds to be even more so)
While there are rules around to prefer small and minority own businesses, their policies make it impossible for such groups to put their foot in the door. And don't blame just the Republicans or the Democrats they both added to the mess.

1. Open bidding isn't anything like an open bid. They take the resumes and profiles of companies they want to use and create a bid so only such company can win, the bid. You will see odd things in the bids like 10 years FORTRAN experience required or 4 Years networking experiences for doing a VB6 to .NET conversion job.

2. The company often makes the bid. Employees actually have little time to make a bid so a few companies may propose bids for them to put out. Then they choose which one the like and bid them out.

3. Expensive requirements, companies need a large line of credit open to show proof that they are not overnight operations... However such line of credit hurts the small business.

4. If you are in, then you stay in. One you got your foot in the door you will never leave unless you really really mess up.

Re:And this applies exclusively to IT.

[steelfood]

Perhaps not, but IT is certainly a good place to start fixing the problem.

Re:And this applies exclusively to IT.

[pixelpusher220]

This whole BS MBA compartmentalized mentality is killing America.

I sooo much prefer the "Palinization" spewing word salad on any topic imaginable that they know nothing about...

Re:And this applies exclusively to IT.

[Jah-Wren+Ryel]

The hoops you have to jump through are many. The larger contract houses have staff devoted to NOTHING but writing proposals. The small guy, cannot compete with this.

Sometimes they can. Maybe it helps to be stoned.

Re:And this applies exclusively to IT.

[alexander_686]

Exactly. How does it work again?
1.) Get lowest bid proposal from committee insider. .

The issue is with #1, the “bid proposal”. We are talking about a risk adverse customer that is staffed by lawyers. Bureaucracies are punished when the fail but are not rewarded when they take risks that succeeded. So you get overlong contracts that contain highly technical requirements [from a legal, not technical viewpoint.]. Can you certify that all of your chips are from a approved foundry? That your employees are paid at the prevailing wage? [And it’s not the fact that you are paying the “prevailing wage” which is the union wage – it’s the additional paperwork that one has to file.]

One can’t even file a “bid proposal” without having specialized people on the payroll – that is why it is a cartel. In theory anybody can bid, but in reality you need specialized knowledge in the bureaucracies– which is only held by the insiders.

Re:And this applies exclusively to IT.

[tnk1]

One shouldn't open their mouth unless they can back it up. As CIO, he has the experience to be able to make his point about IT. He has the budgets, he has worked with the players, etc. That's not compartmentalization, it's simply discretion and good sense.

The difference between Vivek Kundra and someone like me is that if he talks, people will print it. He is a "senior official", and as such, even if he doesn't know anything about the defense budget or procurement process, people will listen to him talk about it. It is only good sense that someone with that level of visibility remains circumspect about things outside their own experience even if they have something to say about it.

Re:And this applies exclusively to IT.

[compro01]

Should the CIO of a company be calling out the Marketing Dept?

If they did, maybe we can get some actual honesty out of marketing.

Re:And this applies exclusively to IT.

[kelemvor4]

You may not have been paying attention over say the past.. 20 or so years, but that corruption exists in every state's government. The specifics may involve infrastructure, rigging presidential elections (like we had with G. Bush when his brother was running FL) or as "simple" as the Sarah Palin scandal that resulted in her leaving office early.

Like unicorns, I've never heard of an honest politician... Rumors, yes; but they are quickly debunked.

Re:And this applies exclusively to IT.

Amen

Re:And this applies exclusively to IT.

[ChronoFish]

You don't need to be a baker to know when you've had a bad pie.

-CF

Re:And this applies exclusively to IT.

[JustOK]

Bahahaha.

In Manitoba we have a system in place on how to handle bribes ethically.for the right price

there, fixed that for you.

Re:And this applies exclusively to IT.

here we have a) no bid contracts and b) contracts that go to the "best suited" regardless of price as long as it is below the maximum. This results in contracts being awarded that are always within a few dollars of the maximum allowed. After all, you would be a schmuck to not balloon things as much as possible - after all, the "best fit" wins, so make sure you cover every possible angle to make your proposal the "best" regardless of how unnecessary elements of it are in the real world.

Re:And this applies exclusively to IT.

You missed the part where you over-run the cost by a factor of 2-3 (thought the slightly higher bid was by a company with integrity that wouldn't of done such).

This certainly happened to us--we bid as part of a team (the smallest of three companies) on a project for US Govt. Our price was based on quite a bit of experience and I'm reasonably convinced that we would have delivered what we quoted. Our team was beat by a bid at half the price. The winner than came to us and asked us to work for them...which we did after discussing with our original team members. The project went over budget by about 2x the winning bid. The final result (an experimental car) didn't work, although our portion of the project was reasonably functional.

Re:And this applies exclusively to IT.

[tiedyejeremy]

as a defense contractor, I can assure you this is status quo for all government contracting. it has nothing to do with price, quality or delivery, but everything to do with the procurement process.

Re:And this applies exclusively to IT.

"wouldn't of done such"
Where do idiots like you come up with this sentence structure? "wouldn't of"? WTF?

School? Yeah, I of done that! I would of passed English too, if I could of understood the language I was writing!

Fucking putzes!

Re:And this applies exclusively to IT.

[MickyTheIdiot]

But..but...but...but... an MBA CEO is worth 4 million a year!

Re:And this applies exclusively to IT.

[Dishevel]

1.) Get Cash from company.
2.) Write up the RFP of a large contract so that only one company is in a position to make a cost effective proposal.
3.) Company wins,
4.) Rinse, repeat.

Re:And this applies exclusively to IT.

[LordLimecat]

Was your post an attempt at irony?

Re:And this applies exclusively to IT.

[Reverand+Dave]

This is not exclusively a federal problem either. I work for a state government agency and a certain company (lets just call them Smell) offers computers on a state contract that are so woefully overpriced and underpowered that it's amazing we can even run a lot of the modern GIS applications at all. We recently procured a number of PC's on this contract and apparently the Dept of Admin chump that negotiated the contract was really please because he got them to shave $200 off the cost of the systems so they were only charging us $700 for a $300 unit instead of $900. Yeah the state is to blame for putting no IT people in purchasing and procurement roles and rewarding them for bad decisions, but these companies taking advantage of the government is unethical at best and criminal at worst.

Re:And this applies exclusively to IT.

Mostly because no one gives a shit about minnesota, the whole state could sink and the rest of america would just say "meh" and move on with their lives. These is a good reason for that.

Re:And this applies exclusively to IT.

[erroneus]

I would rather see government IT run by government employees of exceedingly high qualifications. Let's keep the spending and the responsibility in the same place. How often do we hear about all manner of abuse and waste by contractors who essentially do not answer to the citizens of the country? And besides that, we have a big problem of multiple vendors being hacked and they are housing all this sensitive data which should also be kept in-house. This crap is definitely out of hand.

Re:And this applies exclusively to IT.

In my "EU landia" the 1. would be easily challenged in the "market court" which is a special court for violations in marketing, bidding, contracts and so on. 2. is endemic in here too in more technical areas where the administrations really have no expertise or even standard "commercial level" bidding skills. 3. is partially a result of the vicious cycle of lobbying both from the companies involved and the insurance providers, and partially from the general business values taught to young from the very first jobs they have. Small business owner is the villain here, an enemy of the socialist dreamland where there are only big companies and everybody is an employee, and for the love of Tor, don't own a piece of land (caricature, a shadow from the past). 4. here applies only in the very smallest of bids which are not even forced to announce for bidding by the EU and national law.

Then again, why the established players win the bids can also be explained simply by reciting know your customer, know your market a few times.

Re:And this applies exclusively to IT.

Ha ha, I wish I was young and naive again. The trick is to rig the proposal requirements so that only your friends can get the contract regardless of the price.

Re:And this applies exclusively to IT.

[DudeTheMath]

My brother writes these proposals (or something like them). He has been known to go on and on that his proposals win because he reads the RFPs and writes exactly what the RFP writer needs (or says they need) to make a decision. Mostly, he says, it's ticking off the boxes (they ask for A, they get A; they ask for C, they get C), but well-edited grammatical English is something he insists on from his team.

So can a small shop manage this? Yes, but it will probably take somebody away from development for a couple of weeks.

He was a Spanish major on the five-year plan, and now makes about five times what I do in my Sr. P/A position.

Re:And this applies exclusively to IT.

Actually
1) Hire insider who knows the process.
2) Bid the scope of work very narrowly
3) Bill the shit out of them for additional work that was out of scope for initial bid.

Re:And this applies exclusively to IT.

[Thing+1]

Open bidding isn't anything like an open bid. They take the resumes and profiles of companies they want to use and create a bid so only such company can win, the bid. You will see odd things in the bids like 10 years FORTRAN experience required or 4 Years networking experiences for doing a VB6 to .NET conversion job.

So, can't we petition (some other branch of) the Government to make use of their pervasive surveillance powers, so that they can root out this wrongdoing? Surely that's one of the reasons that they created this monstrosity in the first place, to secure the State and its resources, right?

Re:And this applies exclusively to IT.

[AvitarX]

I suppose it was wouldn't 'ave, but that looks terrible

Re:And this applies exclusively to IT.

[AvitarX]

I've just been corrected, it was supposed to be wouldn't've

certain organizations

DAB-C innit?

I think we need a new government agency...

[darien.train]

Called the No-Shit-Sherlock Department. This would be a good example of an agency press release.

This aptly describes the problem.

[Bob+the+Super+Hamste]

I believe that this aptly describes the problem.

Re:This aptly describes the problem.

[Stavr0]

This is more accurate.

At least there is a "concernt" for privacy

[Bob+the+Super+Hamste]

From the article:

In particular, Kundra is worried about the "mosaic effect," the unintended consequence of government data sharing, where data sets are combined and layered in ways that can strip away privacy and pose security threats.

Now granted he probably isn't concerned with the privacy of the individual citizen but that of government officials, but at least it sounds like there are some privacy concerns.

How can you take him seriously?

[MikeRT]

"My view is we should only have three major data centers across the entire U.S. government," said Kundra.

Set aside the procurement debate for a moment and let this one quote sink in. Three data centers is not enough to give each of the branches of the military its own dedicated data center for operations. There are five (technically) branches: Army, Navy, Air Force, Marine Corps and Coast Guard. Each one of those should have at least one "major data center" except maybe the Coast Guard.

Let's face it, Kundra doesn't appear to be any better than the very people he's criticizing.

Re:How can you take him seriously?

I'll bite. Why does (technically) each branch need its own data center?

Re:How can you take him seriously?

[armanox]

Three is too little, I agree, but not because of military. It wouldn't be enough for each Department to have one (DOE, USDA, DOD, DOJ, DOT, etc). But of course, this is the country that values death and destruction above all else, so it would be the DOD controlling it all...(thinks spending cuts should start with the military).

Re:How can you take him seriously?

[gurps_npc]

Most people consider the Marines part of the Navy. Because they are part of them.

So that would be Army, (Navy +Marines), and Air Force.

As for the Coast Guard, I think everyone would agree with you that they do not need a major data center.

Re:How can you take him seriously?

[Amouth]

explain to me why we need that much overlap? i understand the different roles that each branch fills.. but there is zero reason why each of them can't use the same data center.

Re:How can you take him seriously?

[Dexter+Herbivore]

To seperate the branches? To allow indepedent actions? I don't necessarily agree that the branches of the military are the only ones that should have their own data centers... but it has a *certain* internal logic at least.

Re:How can you take him seriously?

I think he's talking about Executive, Legislative and Judicial, you retard. The military isn't elected.

He's talking about "government". In particular "federal" government.

He's not talking about three letter alphabet agencies, or military branches, or the pentagon.

Civilian federal government.

Re:How can you take him seriously?

[h4rr4r]

Why do they need to be separated. Sounds more like a pride issue than a resource issue. If anything we should be reducing the number of branches.

Re:How can you take him seriously?

[sugarmotor]

Maybe he has in mind a different categorization: One data centre for each of the "common use cases" at http://aws.amazon.com/s3/#common-use-cases

Why would one amazon/s3 be enough for everybody else :-)

Stephan

Re:How can you take him seriously?

[Z_A_Commando]

Are you serious?!? If that one data center is breached/destroyed/offline, the entirety of the US military has been laid bare. The is exactly the kind of situation multi-factor security and redundancy are designed to prevent.

On a separate, yet related, note, most major government data centers that are acknowledged by the government are owned and operated by the Department of Energy, even if they're used by other agencies (think National Laboratories).

Re:How can you take him seriously?

[nschubach]

I would think that it would help to consolidate all military data centers into a few (for redundancy). Better logistics for internal data sharing, less transmission of data to other centers... heck, you may even be able to roll FBI and the other acronyms into this center as well. It could be the Defense Data Center.

I also figure the Tax, Social Security, and other public services could share one. You could call this the Internal Data Center.

I don't see why they each need their own building, infrastructure, etc. You could theoretically set up a few dedicated/redundant data centers across the US and have a team dedicated to securing the data, keeping the system running, and bring everyone under one (figurative) roof. Military would have access to military data, IRS would have access to citizen tax data... the people working the center could do their jobs without having access to any private data. You'd have a few top secret clearance personnel who could swap out drives that fail and destroy the failures before leaving the "heart" and everyone else would have restricted access to the actual hardware. Heck, I can imagine all kinds of fancy workings to bring machines up to special rooms where maintenance would be performed without granting people access to other hardware as well.

Re:How can you take him seriously?

[mosb1000]

In the era of cloud computing, you should be able to do everything with a single data center. You would have three for redundancy and to distribute the load.

Re:How can you take him seriously?

What, tracking every ship that enters or leaves the US territorial waters doesn't take a data center? I'll bet they track a lot more than the Navy does...

(Fair disclosure: I work in the Coast Guard's data center.)

Re:How can you take him seriously?

[nschubach]

I assume they wouldn't have just one data center... but they'd consolidate all military data under one collective of centers distributed throughout the nation, buried in non-disclosed locations.

Re:How can you take him seriously?

[MikeRT]

explain to me why we need that much overlap? i understand the different roles that each branch fills.. but there is zero reason why each of them can't use the same data center.

Really? You can't think of at least a few good reasons without asking?

1. How about the kind of disaster you'd have if an adversary, say the PRC, were to get a guided missile destroyer through our naval defenses and put a cruise missile or three right into one of those data centers? Do you really want such "efficiency" that a well-coordinated attack could bring down essentially the entire military IT capacity with only a minimal amount of firepower being used by the enemy?
2. Operational security. The day-to-day operations of each branch aren't a need-to-know for the others. The Navy has no need to be kept abreast of where the Army is moving except when joint command decisions need to be made. Compromising one data center shouldn't compromise the operations of another branch. You don't want some hacker to break into the Army's data center and find the latest flight plans for the Air Force's nuclear bombers and the Navy's ballistic missile forces.
3. The military is not a monolithic organization. Each command in each branch should have its own modest-sized data center and backup site because each command has a separate task and/or is required to be able to operate independently. "The Army" doesn't go into Iraq. Certain units were pulled together and sent in together. Each of those was a separate organization under the Army. This works well for the taxpayer because there is a single "The Army" target for a hostile actor to disable.

Re:How can you take him seriously?

[R3d+M3rcury]

Three data centers is not enough to give each of the branches of the military its own dedicated data center for operations. There are five (technically) branches: Army, Navy, Air Force, Marine Corps and Coast Guard.

Which, of course, brings up another question: Why do we need five branches?

Start with the obvious one: Why do we have the Marines and the Army? Isn't the job of both of them to run around and shoot people? Should it makes a difference that one rides a boat to get there and another one rides in a tank or Armored Personnel Carrier?

The Coast Guard is a bit different--they're actually part of DOT and they have non-military functions like rescuing people and inspecting ships.

But I think the concept is more that it might be cheaper to have three big data centers. Is there a reason that each military branch needs their own data center versus sharing with the other branches and saving money?

Re:How can you take him seriously?

[Nimey]

Why do you assume that only one of those three data centers would host military stuff?

What makes you think that just because computers are physically adjacent that they can talk to one another?

Re:How can you take him seriously?

Yeah, pot calling the kettle black here, Kundra is just a buzz-word riddled blow-hard as far as I'm concerned and shouldn't have a job doing much more than basic coding. Or stay in a job for a little longer than six months, his tenure in the District itself was clouded by contracting improprieties with several firings and arrests--after his "timely" departure.

Re:How can you take him seriously?

[g01d4]

There are too many contradictions. He want's more openess and to clamp down w/security=privacy as the same time. He's against the large contractor cabal but favors a one-size-fits-all, economy of scale, standardization. WTF?

Re:How can you take him seriously?

[Amouth]

If you read the comments before mine the guy was claiming that the CIO's comment of 3 data centers would be insufficient for the 5 branches of military.

my comment was wondering why the military would be unable to share data centers.

everyone knows that relying on a single data center would be stupid but then that would be one reason why he is recommending 3..

again back to the original question rather than "jumping to a conclusion" why exactly could the different branches of the military not share a data center(s)?

Re:How can you take him seriously?

I disagree. I think if there's anyone who should be consolidating data centers, it's the military.

That said, it's never going to happen... The branches are notorious for epic turf wars.

Re:How can you take him seriously?

The army is large and slow, great for fighting protracted wars...piss poor at expeditionary warfare. It takes months for the army to get in theater for war. Whereas the Marines are built for this, look at most of the humanitarian missions, quick engagements and rescue missions. A MEU (Marine Expeditionary Unit) can be anywhere in 24-48 hours and supply itself for 30 days, and bring in ground, air and logistical support to conduct the mission.
What we should look at is a smaller army, move more into the reserves and a smaller combat air force. We as tax payers get more bang for the buck with a Marine Corps than an army or air force.

Re:How can you take him seriously?

Another poster mentioned that he wasn't talking about military, but I'll bite as to why your solution makes absolutely no sense.

However many data centers we have for the military branches should be shared between all 4. The worst thing we can do is compartmentalize each into a limited number of data centers. By doing this, you create a vulnerability. Since each branch, in theory, specializes in some aspect of warfare, you wouldn't want to create a situation where one nuke or one act of sabotage could take down a single branch's infrastructure. It would be much better for that attack to take down a certain percentage of each branch's infrastructure. To centralize military resources would be to ignore the beauty of DARPA's original vision behind the network they created. The more geographically diverse the network is, the more difficult it is to attack from the outside.

Re:How can you take him seriously?

[Amouth]

So i assume the pentagon is a horrid idea and that we should never have the leaders of these branches in the same area as each other?

aside from your "cruse missile" (which by the way would work just as well now as it would then) comment the other stuff is already covered inside a data center - just because the info is in the same building doesn't mean the networks talk to each other - nor does it mean one side knows what the other is doing..

Re:How can you take him seriously?

[phatphoton]

Your ignorance astounds me.

Re:How can you take him seriously?

[mspohr]

Why do we have five branches of the military (who should all work together but end up "competing" for resources) and why do they each need their own data (which won't be shared).

Re:How can you take him seriously?

I'm not saying they do or don't require a data center but it doesn't matter what most people think. What matters is what they actually need or can utilize properly. The Marines are their own branch of the military. They are part of the Department of the Navy but that is different.

Re:How can you take him seriously?

[cayenne8]

I assume they wouldn't have just one data center... but they'd consolidate all military data under one collective of centers distributed throughout the nation, buried in non-disclosed locations.

LIkely impossible. Each branch has systems, of systems of systems....many undocumented (no, they don't actually know how they all really interract)...many of them stove pipe systems with maybe special interfaces (and yes, sometimes even these are still sneakernet) to talk to each other. Old OSes and hardware....it is a mess. There is no standardized version of data between the branches....do a little research on DIMHRS, which didn't work out too very well trying to get all of them to just get manpower and pay on a single system.

And, you can't change a lot of these things either...because many times they way the do things isn't just policy, it is mandated by laws or a set of laws....going WAY back in history.

Consolidation? Sure, it would be a good modern way of doing things...but damned near impossible in reality with the old service branches.

And I've not even gotten into the red tape, bureaucracy, or "we've done it this way always" mentality in each branch.

Re:How can you take him seriously?

Maybe he was talking about VLAN hopping.

Re:How can you take him seriously?

Don't forget environmental protection, search and rescue, and law enforcement.

Re:How can you take him seriously?

[dkleinsc]

Ah, but there's a way of dealing with the problem of having the leaders all taken out in what is known as a 'decapitation strike', as explained by General Buck Turgidson:

Plan R is an emergency war plan in which a lower echelon commander may order nuclear retaliation after a sneak attack if the normal chain of command is disrupted. You approved it, sir. You must remember. Surely you must recall, sir, when Senator Buford made that big hassle about our deterrent lacking credibility. The idea was for plan R to be a sort of retaliatory safeguard. I admit the human element seems to have failed us here, but the idea was to discourage the Russkies from any hope that they could knock out Washington, and yourself, sir, as part of a general sneak attack, and escape retaliation because of lack of proper command and control.

Re:How can you take him seriously?

Since you think each branch of the military needs 'at least one major data center', I'm not sure you're right, either.

Each government entity needs to have data in multiple data centers, right? From there, let's plan N data centers for redundancy. Let's give them physical security to a crazy level: hardened, power-isolated, and sited in a secure military-guarded facility. Between those facilities, let's build the data redundancies and network requirements that make us happy. Finally, within those facilities, let's make 'em capable of being complexes of small-to-large data centers for (insert list of names, both governmental and military).

In such a case, various paranoid 3LA's may want their own building, secondary security measures, TEMPEST, data pipes, etc.

Seems to me, that'd be doable with 3 *complexes* of secured data center functionality. As for getting there, evaluate existing secure locations, pick one to consolidate towards, then hybridize it to allow governmental access if military or to heighten to military protections if civilian. Start implementing and consolidating. Rinse, Repeat.

Full disclosure: this puts me out of my current job -- my paycheck comes directly from a lesser federal data center. And I'm cool with the need to consolidate and merge data centers, since many projects I'm involved in are such infrequent tasks that we're not expert -- they'd be automatable in the above facility configuration. My problem with Kundra's plan is that it puts a lot of value on those 3 'targets'.

The resultant inflexibility is a whole 'nuther can of worms.

Re:How can you take him seriously?

[Archangel+Michael]

I would figure that the three major data centers for the US Government should be for Legislative, Executive and Judicial branches, and weren't referring to the Military. ;) In this case the Military should be under Executive Branch.

And, I've often wondered why we don't have a combined military force with divisions for Air, Marine and Land operations. I think it would eliminate a bunch of duplications across the current three branches. I'm sure there is some logical reason why this is completely unworkable, I just can't think of it

Re:How can you take him seriously?

"Which, of course, brings up another question: Why do we need five branches?"

It's an obvious question at first glance, but a truly silly one if you consider it.

We have one military:"US military". The US military is divided into 3 departments: Army, Navy, AirForce (which spun off from the Army Air Corps).. Those departments have further divides (The Navy, for example, has the Marine Corps and Coast Guard, United States Fleet Forces Command, United States Pacific Fleet, Naval Forces Central Command, Naval Forces Europe, Naval Network Warfare Command, Navy Reserve, Naval Special Warfare Command, Operational Test and Evaluation Force (OPTEVFOR), and Military Sealift Command), and so on and so forth.

Unless you believe that organizations should operate as unorganized mobs (would that make them "not organizations"?), then your decision to make trivial changes in the names of where those divisions occur is useless.

"Start with the obvious one: Why do we have the Marines and the Army? Isn't the job of both of them to run around and shoot people? Should it makes a difference that one rides a boat to get there and another one rides in a tank or Armored Personnel Carrier?"

Wow. Where to start with that one.

Well: to begin with it's not a matter of how one transports; but the sorts of operations being performed. If you want to insert a force behind enemy lines to take and hold territory by air; that's handled by the US Army (specifically the Airborne rangers). If you wish to do the same by sea, it's handled by the US Navy (specifically the Marines).

So "Naval Marines" isn't really comparable to "Army"... it's comparable to "Army Rangers". If you were to move the Marines to be part of the Army as you suggest, you would simply have "Army Marines". You haven't removed a distinct group; you've merely relocated it. (and no: staging a beach assault is not the same as staging a para-drop).

Of course: there are other distinctions in function between Rangers and Marines; and there are other functions (particularly for Mariens) than assaulting an area. Marines are, for example, Naval security (this is why Marines tradionally had swords, and why they carry sidearms). Marines are also reasonably self-contaned. They can provide their own support and so are better suited to more nimble operations. The logistics of assault are different than those of pacifying territory.

The list goes on but, to sum up: you are asking from a distinct lack of knowledge about military structure and the reasons for it's existance. A real explanation would take several books.

"But I think the concept is more that it might be cheaper to have three big data centers. Is there a reason that each military branch needs their own data center versus sharing with the other branches and saving money?"

Should Google switch to a single Data Center? How about three?

Why do you think they have not?

Re:How can you take him seriously?

Which, of course, brings up another question: Why do we need five branches?

Start with the obvious one: Why do we have the Marines and the Army? Isn't the job of both of them to run around and shoot people?

Army is just a bunch of glorified babysitters, the Marines are the ones that kick major ass.

Re:How can you take him seriously?

[Talderas]

The military is one place where consolidation doesn't work too well. Rules and lines of though get established within sections and deviation from that line of thought tends to be frowned on and will screw up your career.

A classic example of this was the tank in the US post WW1. There were three dominant lines of thought.

1. Merge the tank with the infantry and have it support the infantry as mobile pillboxes.
2. Merge the tank with the cavalry and have it perform the roles traditionally filled by the horse.
3. Make tanks their own corps.

1 is the method we ended up pursuing and it probably a dominant reason why US tanks were never on par with the Panzers. 2 received opposition from within the cavalry because their existed a number of officers that still had a romantic vision of the horse and rider with cavalry charges despite WW1 showing that horses were no longer suitable. 3 would have been the best option but neither artillery, cavalry, or infantry wanted a 4th corps in the army to compete with for funding.

Re:How can you take him seriously?

[blair1q]

The military only needs one data center. Change the colors of the website based on the URI it's accessed through, if you want.

Re:How can you take him seriously?

[Talderas]

It does exist. It's called the Marines.

The Marines operate their own aircraft, their own tanks, and use their own ground personnel.

That's the entire purpose of the marines, to function as an all in one rapid response projected force that can be deployed to a hot zone to secure it while waiting for the army and air force to come in.

Re:How can you take him seriously?

[avandesande]

Another comment that was silly was about contractors that stay quasi permanently in a position- do you really think it serves the best interests of the organization to turn over the staff every few years? That would be chaos.

Re:How can you take him seriously?

[Nimey]

If they're important enough to have classified information, the computers will not even be using the same network switches. VLAN hopping will therefore be a non-starter.

Re:How can you take him seriously?

[Talderas]

Would it make more sense to take down a portion of one branch's infrastructure rather than an equivalent part of each branch's infrastructure? You're assuming that each branch has one data center rather than each branch having two, three, or more. We're talking 3 data centers in your view to 15 data centers in another.

Re:How can you take him seriously?

[bill_mcgonigle]

A classic example of this was the tank in the US post WW1. There were three dominant lines of thought.

I suggest:

4. To raise and support Armies, but no Appropriation of Money to that Use shall be for a longer Term than two Years;

(aka no standing Armies)

Re:How can you take him seriously?

[bill_mcgonigle]

Three data centers is not enough to give each of the branches of the military its own dedicated data center for operations.

Do they each have their own road into the Pentagon?

Re:How can you take him seriously?

>>explain to me why we need that much overlap? i understand the different roles that each branch fills.. but there is zero reason why each of them can't use the same data center.

The Army's needs to be on land, the Navy's at sea, and the Air Force's in the air.

Duh.

Re:How can you take him seriously?

No, a better question is something like, why do the Marines need their own planes, the Navy needs their own planes and the Air Force need their own planes?

Re:How can you take him seriously?

(Fair disclosure: I work in the Coast Guard's data center.)

So you are working from Iraq?

Re:How can you take him seriously?

The Coast Gard is tracks a huge amount of data. Besides tracking all the shipping in the country they are one of the few government agencies that are both intelligence and law enforcement.

Re:How can you take him seriously?

I suggest: 4. To raise and support Armies, but no Appropriation of Money to that Use shall be for a longer Term than two Years; (aka no standing Armies)

Excellent way to ensure that your army will be utterly incompetent.

Re:How can you take him seriously?

[capnchicken]

I don't take hime seriously because of this:

http://www.dvorak.org/blog/2009/08/12/special-report-is-us-chief-information-officer-cio-vivek-kundra-a-phony/

Re:How can you take him seriously?

Coast guard falls under DHS now I believe, and not DoD. Pretty sure that counts them as paramilitary at best.

Re:How can you take him seriously?

[base3]

Hey, it rained yesterday -- did you get sea pay? (Just kidding--tremendous respect for the USCG here!)

Re:How can you take him seriously?

[Archangel+Michael]

Yup. Marines rock. Bad Ass to the core. (Corps). Kill the other branches of the military and call it good. You got my vote. Army, Navy and Air Force are for people who can't be Marines!

Re:How can you take him seriously?

Lets say I agree with you that we cannot allow the US military data to be destroyed by taking out a single location.

Isn't the solution to this for their servers to be hosted by two different data centers, not to say army goes to #1, navy to #2 etc. Otherwise someone blowing up #1 would take out the army.

Re:How can you take him seriously?

Excellent way to ensure that your army will be utterly incompetent.

Maybe that's his intent.

Re:How can you take him seriously?

[qwak23]

Technically, the Marines are PART of the Navy, and rely heavily on the Navy to get places and provide support.

If any branch is redundant, it's the Air Force.

Re:How can you take him seriously?

[crypticedge]

The Coast Guard after a law change about 8 years ago are a branch of the military rather than a part of the department of treasury like they had historically been. On top of that if you ever go to a coastal area, the Coast Guard has a very high presence. We have 1 airbase here for the Air Force and 6 Coast Guard bases within 100 miles of where I live. Go out on the water, and you see Coast Guard ships all the time, so they aren't this small operation you seem to think they are, and they do have a lot of data I'm sure to go with all the attempts to keep the Cubans from landing or keep drug runner boats out (or that one guy who was running drugs in his own home built sub)

Believe me, as former Air force, I'm all for ripping on the Coast Guard, but to say they don't need a major data center is being intentionally obtuse.

Re:How can you take him seriously?

Utilizing a single facility for multiple branches is not a big issue so long as each center has an appropriate backup. I fail to see the importance from a technical perspective why a unique data center is a requirement for each individual branch.

Re:How can you take him seriously?

[Talderas]

The Air Force was fractured from the US Army sometime after World War II (I don't remember exactly when. I believe it was some sort of issue with the army having too much power in its command structure (I admit I may be wrong on that).

Re:How can you take him seriously?

Three data centers for classified data is crazy, and will never happen. On paper it looks great, but there is no way a TS SCI project is going to share space with another TS only. You'd have to compartmentalize each project, you'd never be able to sort the security access out either, imagine the nightmare of getting contractors in and out of the facility, it would be a huge waste of money.

Re:How can you take him seriously?

[Coren22]

This is why there are three...the three is for redundancy, there is no logical reason for each branch of government to run their own, instead the initiative is to consolidate on three for the whole gov.

Re:How can you take him seriously?

[Swave+An+deBwoner]

Good Heavens, Man! Do you realize how much money all those extra colors are going to cost the US taxpayer?

translator engaged

[v1]

very few companies that benefit from government spending

I think you meant to say "very few companies that take taxpayers to the cleaners"?

Regulatory Capture

[TheSync]

"'because they understand the procurement process better than anyone else.' He added: 'It's not because they provide better technology.'""

This is another example of Regulatory Capture, where private entities use the regulatory process created for the public interest to forward their private interests.

Whenever we open up complex regulatory regimes (such as the incredibly insane Federal government procurement process, campaign finance regulations, etc.), inevitably someone will figure out how to game the system for their private benefit.

The best regulations are simple ones, as complexity breeds gaming. Complex regulations also encourage corruption on the government side as well.

Re:Regulatory Capture

[smerdyakova]

Thanks for the link. If anyone can find it there's a wonderful though sadly out of print book entitled "The Federal Subsidy Beast" by Brian J. Finegan that describes the feedback loop between industries and government that ends up sidelining the citizenry.

Re:Regulatory Capture

[jellomizer]

The Republicans favor the rich.
The Democrats create law so complex that only the rich have the resources to follow.

Re:Regulatory Capture

This. I once worked for a government contractor that sued the government because they purchased hardware from another vendor? We had positioned ourselves (based on the regulations) as really the only vendor possible of meeting the criteria for the hardware that was needed.

Re:Regulatory Capture

[organgtool]

The best regulations are simple ones, as complexity breeds gaming.

Where do you think complex laws come from? When you create simple regulations with broad language, you leave plenty of loopholes for companies to exploit. Then the government needs to close those loopholes by adding more specific language to the regulations. Companies find new loopholes in the regulations and the government responds with more complexity. So our options are to have simple laws that are widely exploited or have complex laws that are narrowly exploited.

Re:Regulatory Capture

[Archangel+Michael]

Regulations are designed to stop assholes, but don't nor can they.

I call it the law of assholes. Assholes exist, and will always dance on and around the edge of "legal". They can because there is no law against it, and that is where they live.

That is the way of the Asshole.

Re:Regulatory Capture

[hoppo]

Regulations have a declared intent of stopping assholes. They are designed to expand the government's reach and tilt the playing field in favor of the big fish.

Re:Regulatory Capture

[Archangel+Michael]

Exactly what I mean. You can't make being an Asshole illegal. The only thing you can do is kick the shit out of them when you have to. That is the only thing assholes understand.

Re:Regulatory Capture

[CodeBuster]

The best regulations are simple ones, as complexity breeds gaming. Complex regulations also encourage corruption on the government side as well.

And yet those who call themselves "progressive" continue to advocate for ever more intrusive and pervasive regulations in the vain hope that some wonderful utopian society is waiting for them at the end of all the waste, fraud and abuse. Indeed, these are the very sorts of people that P.T Barnum was speaking of when he said, "there's a sucker born every minute". Whenever someone tells me that big government and regulation is the path to prosperity, I know immediately that one of two things is true: they have rocks in their heads OR they have an agenda that involves taking advantage of those who fall into the first category. Government has its place and uses, but at least here in the United States right now we have far far to much of it.

Re:Regulatory Capture

Just spent a week reworking a training company's site in DC area. Hundreds of classes. Interestingly enough, basic to advanced courses in successful bid writing including continuing education credits are a big hit. I imagine these are some of the bread and butter for the trainers, what with the thousands and thousands of Federal employees here. While a company may have a great product, if their bid writer doesn't speak the same language as the drone evaluating it, they don't stand much of a chance.

Re:Regulatory Capture

[citation needed] ;)

IT Cartel

[kalalau_kane]

"very few companies" that benefit from government spending "because they understand the procurement process better than anyone else."

Too many IT contracts are written with overly broad personell and systems security requirements, essentially requiring that the people working on these contracts originally coming from military or government offices to start with. Essentially built-in job security for those leaving government jobs.

Par for Course

[pavon]

Welcome to all government procurement of any sort. We have rules to prefer small businesses over big companies. So who gets this business? Not all the existing small businesses in town who know their product, can answer questions, keep stock on hand, are a generally helpful. They can't handle the bureaucratic overhead of government procurement.

Instead we have to buy from companies created for the sole purpose of being middle men to the government, whose only benefit is their understanding of the procurement process. Bonus points if they are owned by a woman or minority. They don't keep anything in stock, and add another 2-5 days to the shipping process compared to buying direct from the manufacturer. They are even more expensive than the local shops. They don't know what their products are used for and can only regurgitate what catalog in front of them says. But since they do so little they can turn over tons of revenue with only a few employees and thus remain a "small company".

Re:Par for Course

[Daniel_Staal]

And typically they just sub-contract the system out to some large company.

Re:Par for Course

[trout007]

I worked for a government contract that was up for bid every 5 years. It was a small disadvantage business set aside. So basically ever 5 years I worked for a new company working at the same job, same desk, and with the same government people. Only the owners of the shell company that ran the contract changed.

Re:Par for Course

[mosb1000]

My company actually hired an employee specifically to handle procurement for one of our more needy government clients. We told them, "if this is how it's going to be, we are going to hire someone to do this and bill you for their time" and they were ok with it. Madness.

Like he was not on the gravy trian. whatever.

[sanzibar]

trying to distance himself. ha if he had any real balls, he would have named names and gave clear examples.

Re:Like he was not on the gravy trian. whatever.

[Bob+the+Super+Hamste]

But that would ensure that he couldn't get a nice high paying job after he finishes with the current administration by working with a major lobbying firm or government contractor. It is no different from those who go into the military stay for 20 years (at around age 40) and then go off and "work" for a defense contractor. Not only do they get the nice pension, but they make a metric ton of money at these companies.

Re:Like he was not on the gravy trian. whatever.

[glebovitz]

Or released it on Wikileaks

Re:Like he was not on the gravy trian. whatever.

[jojoba_oil]

trying to distance himself. ha if he had any real balls, he would have named names and gave clear examples.

And he would've come out with this when he was still in charge. It's funny how he only has the balls to make this statement when he's on his way out already.

HSPD-12 badges

[oneiros27]

So, the infamous 'HSPD-12 badge', aka, the 'CAC card' ...

Supposedly they run $200 each. We all got bitched at for it ... have I *ever* used it to slot into a computer? Nope, because our network runs OSes that don't support the CAC functionality, and a lot of the folks on our machines aren't federal employees and remote users, so we'd have to have them run a background check (which we already do), then come in (from out of the country), finger print 'em, wait a month, then have them come back for a badge.

And then we'd have to issue them CAC readers and force them to use Windows or some OS that can use the CAC readers (MacOS? nope).

And if you loose the badge? Well, good luck on that one. Took me months to get a replacement. All the while, I couldn't enter any secured rooms, so I had to get issues a 'temporary' key card, and a 'temporary' badge ... which were EXACTLY like what we had before, only not at $200 a pop.

And the temp badges? They have HUGE text on them for the things that matter -- expiration date (the HSPD12 badges run for 5 years, no matter the length of your contract), affiliation (just says 'Contractor' in tiny type), and has an indication of your security access more than just foreign national / US cltizen / civil servant (I'm guessing because then they'd have to issue new people badges 3-4 times as their various background checks get done).

So ... more expensive, no new functionality that actually gets used ... and less secure, in that it's possible to enter the facility with an expired badge because the text is so tiny the guards can't read it, and they don't tie badge expiration to your contract, so a person with 1 year on their contract still gets issued a 5 year badge.

Re:HSPD-12 badges

[h4rr4r]

I like how these are such a screw up and their name is a homophone for cock in a certain US accent. I can just see a Kennedy proposing these cards in some government meeting.

Re:HSPD-12 badges

[Bob+the+Super+Hamste]

Along the same lines I heard a story form a coworker who use to be in the Marines. When he was in they had 2 radios for the motor pool the PRC-77 and PRC-169 (I think those are the correct number) and PRC would be pronounced prick. Well as with all things new recruits working in the motor pool would be sent to go see the quartermaster (at the base he was at it was a Master Sergeant) to get a new PRC-E8. This usually ended with the ones who sent the new recruit off to get the PRC-E8 in trouble.

Re:HSPD-12 badges

That's odd...the DoD CACs work fine on a variety of OSes. Yes, a bit more fiddly, but not a fundamental show-stopper.

I do agree on the other points, though - getting a replacement is a pain, and they're crap for physical security with humans involved. Of course, I've been to several places with swipe-in access, so I'm not entirely convinced on that point.

Re:HSPD-12 badges

[chill]

The CAC readers we are working with also work on Linux and Mac. Every laptop we buy now has a built-in smartcard reader.

We're putting a lot of effort into making these work right now. The big driver is being able to dump RSA tokens and replace them with the CAC cards. We're counting down the days we can tell EMC/RSA "Fuck you very much" for their bullshit.

Re:HSPD-12 badges

Actually every single thing you wrote in this post is incorrect.

CACs are about $25/per.

CACs work fine in OSX at least, I should know as I use mine on a Mac.

and I'm not sure what you're blathering about access and dates and such.

Re:HSPD-12 badges

for what it's worth, CAC/PIV/HSPD-12 works fine on macos. http://militarycac.com/apple.htm (30 seconds of googling)

and there's native support in Windows 7. What does your network run on? If not Win 7 or OSX, what? I doubt it's 100% linux. So, still running XP?

Re:HSPD-12 badges

Some of what you've posted here is not true in all cases, e.g., CAC expirations. Check around.

Re:HSPD-12 badges

[NoName+Studios]

What? I used my CAC all the time on Mac OS X and Firefox. It is a lot harder to setup, but it does work.

Re:HSPD-12 badges

Eh. My wife uses her CAC all the time. Both to access her laptop and to enter the facility she works at.

Though it amuses me that she has to use a pencil eraser every now and then to get it to work.

Re:HSPD-12 badges

I'm not sure what agency you're working for, but that's a major cluster. I've worked on projects with contractors from all over the country who need to get CACs and they can get them from any base near them, no need to fly them anywhere. I assume this applies globally. I will concede that the background checks are a bit hairy, but getting replacement cards is simple. As long as you know the process it only takes a few hours. Contract expiration dates most certainly should be tied to the expiration date of the card (and all accounts on gov't systems); someone is in major violation if it is not. The facility I work at also does not rely on guards checking small writing, they use hand scanners at the entry points to the base to check if the card is valid. I think it’s also safe to assume the database has a flag to trigger bells and whistles upon scanning a flagged card. The actual building on base also has an access system that ties to your card, so no one is reading text on the thing. I can't speak to the state of your IT systems, but the CAC can be used on Windows, Linux, Mac OS X, and probably others that I am not aware of.
It sounds like many of your gripes should be directed at your IT dept and policy directors, not the CAC initiative.

Re:HSPD-12 badges

[minstrelmike]

I still haven't seen the total budget for that so I tell everyone let's assume $1000/card (to include the backend processing).
Four million cards for employees and contractors is a big chunk of change, especially for a program that doesn't actually address any defined problem.
It is supposed to improve security but 1) it demands workarounds for temporary cards until you can get the official card (a process which doesn't work at all outside of the DC area) and 2) putting all your security eggs in one basket is not considered a good security approach.

Companies take advantage of government money....

[Dexter+Herbivore]

News at 11.

Seriously... this is as obvious as saying that banks make money by taking advantage of existing regulations. It's deplorable, but it's not exactly surprising.

Not just an IT problem

[gmcraff]

It's a military, construction, health, fill-in-the-government-blank, problem.

General Dynamics, Raytheon, Boeing, Halliburton, etc provide a critical service: they understand government regulation. If you've ever seen a printed out copy of the Federal Acquisition Regulations, you'd be surprised that gravitational collapse isn't happening.

For most businesses, it's not worth taking a government contract until they're asking you to provide a COTS solution, where you know what you're selling, and the government pays you, and that's the end of it. The government is getting exactly what the commercial market gets. Firm Fixed Price contract, no surprises.

As soon as the government wants it customized in any way, and they're willing to pay you to customize it, that rabbit hole goes all the way down. Every stipulation of the contract must be assessed for compliance, and every assessment requires some kind of test, and every test has a schedule towards passage of the test, and every last one of these things costs time and resources, which means money, which the government is going to pay you, because the government wants its double cheeseburger in a way that no-one else wants it.

If you're an action oriented kind of entrepreneur, this will drive you insane. So you don't do it yourself. You go in as a subcontractor to one of the big Gov-BS-Handlers. You do the work, they firewall you from the BS, 50% for you, 250% for them (after change orders and spec changes and reviews and program management overhead) and everyone is happy with the $500 hammer (non-sparking, minimal toxic release, aircraft rated, 8 pound, loading bracket hinge, for the hitting of, one count)

Re:Not just an IT problem

[140Mandak262Jamuna]

The problem is not exclusive to the government either.

Many large private companies also are encumbered with such bureaucratic process. Many electric utility companies that are semi-monopolies insulated from the market vagaries are worse than government. They would casually spend 25 million dollars to "upgrade" from PeopleSoft 8.1 to PeopleSoft 8.2 or whatever. Actual work will be done by some H1-Bs who get paid about 65K a year, but his body-shopping Indian company would bill someone for 125$ a hour, from there are series of shell companies would keep adding 10% at every stage till it eventually reaches the utility company at some insane 300$ a hour rate. The purpose of the series of shell companies is to hide the kick backs going to the top management teams that "approve" of this project.

Re:Not just an IT problem

[blackC0pter]

I completely agree with this and I see it happen all the time. IMHO, the biggest issue with the government is that they always want to customize anything they buy. They'd be 10x better getting an off the shelf product and spending 1/5 the cost and 1/5 the time implementing the product. Maybe it doesn't give them everything they want but the reliability, cost and time to implement will more than outweigh the costs of going custom. Also, if anything goes wrong then they can pick up and move to another product. Once you go down the customized route, you are stuck with that product and vendor for a long time to come.

Also, how about we give incentives to government agencies to not use all of their grants? Right now they have no incentive to use only a portion of a grant. Once an agency is given money from the state/federal government for a project, they feel the need to spend it all otherwise they will lose that money. Don't forget that the money they received can only be used for the specific purpose it was requested. So they are going to spend it all in that one place when it might make more sense to put it in other places or...give it back unused! Let's also not forget that it's easy to find out how much money an agency received on a particular grant. So guess what the vendors bid on a project with a known budget? Even worse, so many agencies state the amount of money they have for a project. The bidding then becomes a competition of how close can you get to the grant value while still being under your competitors.

Re:Not just an IT problem

[feynmanfan1]

You sure the contractors lobbyist makes sure "the government" wants the double cheese burger in a way no one else wants it? "the government" ends up meaning some high level government employee who wants to cash in on the revolving door to the contractor. In the end watch where then money flows cause that is who is fucking shit up.

Re:Not just an IT problem

[blair1q]

And then there's an election and your contract gets cancelled by the new guys.

Re:Not just an IT problem

[Archangel+Michael]

Actually the $500 hammer might just be a $5 hammer, on a PO that has a limit of $500, used to purchase the $2500 tool that was deeply discounted to ... $500 along with 4 other items each costing $500 for something that normally would be $5.

This is because in order to procure the normally $2500 item, it would take walking a maze of stupid regulations and take two months.

Re:Not just an IT problem

[gmcraff]

No, this is the state of play even before we start talking about lobbyists.

The regulations accumulated like that as the result of some grievously bad deal that happened a long time ago on a project you've never heard of. Because of this forgotten screw-up, Congress passed laws to require oversight and record keeping for this, that or the other detail.

Also, when Congress appropriates money in the budget, they allocate the money for certain purposes. In government, they call that "colors of money". Certain colors can pay for R&D, certain colors for initial purchases, other colors for maintenance, things like that. This can guide certain government decisions, such as whether to pay for more R&D now to have lower initial procurement costs, or buy cheaper components in initial procurement and plan for higher maintenance costs, etc. Using funds for purposes not consistent with the appropriated purpose is a crime.

Let's use my cheeseburger example. If you want one, you determine what kind of money you have and what quality you want, and some qualities may be out of your price range. You then go to McDonalds, or Red Robin, or Rainforest Cafe, whatever, and you pay your money and you get a (restaurant name) cheeseburger. Let's say they advertise a double quarter pounder, medium rare with Tillamook medium cheddar cheese with pickles, onions, tomatoes on a sesame seed bun, and you want all that.

Now, let's say the government wants the same cheeseburger, only they're going to buy 10,000 of them. As a result of the FAR, the following certifications must be established before delivery and acceptance by the Decision Authority:

- Weight of each hamburger patty must be +/- 5% of the Critical Performance Metric of 0.25 lbs. Continuous sampling, measurement and reporting must be done to maintain quality/quantity standards to the governments specifications (The restaurant/manufacturer's own QA process is done separately and in parallel, but has no bearing on the government's metrics.), reported monthly
- The cooking process must be certified to achieve a 95% outcome of Medium Rare (see appendix A for definition). Sampling, measuring and reporting to be provided monthly.
- Quality of other ingredients are also to be sampled, measured and reported, monthly.
- The economic health of the providers of cheese, tomato, onion, ground beef, buns, etc must be assessed for economic viability, and a multi-source procurement process must be implemented for any critical material to ensure the supply of all components even in the event of a supplier going out of business. If a component can only be procured from one source (possibly for proprietary reasons), the liability of the manufacturing line must be assessed and if necessary, the government will buy the whole plant to assure the production of the material even if no one else on the market wants that product any more.

Without considering corruption, wastage, inefficiency, lobbying, political favors, etc, this is how you make a $200 hamburger. All by the regulations.

Re:Not just an IT problem

[Agripa]

Your post reminds me of a story I heard about military procurement and Cobra radar detectors.

Apparently during some air force war games, the Americans noticed that the Israelis (?) were very adept at breaking missile lock-on so they asked about it. The Israelis pilots showed them these inexpensive Cobra radar detectors that they had mounted to the inside of their canopies which just happened to work great against the newer American targeting radars and gave the pilots an early warning. Not to be outdone, the air force then contacted Cobra about ordering a special batch made to military specifications and was rebuffed. Cobra told them it was not worth their time submitting paperwork and making a custom model and that such an order was too small to bother with. Not to be denied, they removed some of the requirements but Cobra still declined. Finally, they asked that they just be painted green and Cobra agreed.

Re:Not just an IT problem

[CodeBuster]

None of this should be surprising to any student of economics, but they don't generally teach that in school anymore, except in post secondary education, because that is what suits those in power and their lackeys. They keep the general public ignorant of such things while redirecting their anger into policies which sound good, but actually enrich even further those who benefit from the public ignorance. Those protesting against "corporate greed" and "fat cat bankers" would do better to put down their signs and pick up their economics textbooks so that next time they will not be so easily fooled into supporting their own oppression through misguided government policies.

Re:Not just an IT problem

[feynmanfan1]

The regulations accumulated like that as the result of some grievously bad deal that happened a long time ago on a project you've never heard of.

those regulations accumulated often as a result of the actions of lobbyists, those rules funnel money in the direction of the contractor. The regulations you site for the burger would have been written by the contract that wanted to supply the $200 burger and who has the lobbying power and inside friends to make it happen. You make the false assumption that the rules were written in good faith, they were not.

Cheney slam in 3, 2, 1...

[charlieo88]

Sure, we do that, but in the US we used to only open the envelope from Haliburton.

Re:Cheney slam in 3, 2, 1...

[acoustix]

Sure, we do that, but in the US we used to only open the envelope from Haliburton.

Yeah, because Obama would never do that, right? After all, he wouldn't break a campaign promise, would he?

Re:Cheney slam in 3, 2, 1...

[log0n]

If you're going to slam Obama don't do it by linking to Fox News. You're making at least 89% of us discount your opinion (regardless of what it is) simply because of where you got the info.

.NET?

[jinushaun]

I wouldn't be surprised if he was actually talking about the proliferation of .NET contracts in the govt. After moving to DC from Seattle, I was surprised to see how prevalent .NET was in govt job listings. The problem with the .NET community is that it has too many overpaid and unqualified MCSE paper engineers, and for the govt to base its IT infrastructure on such tech is a big waste of money. The govt would do better to go open source.

Re:.NET?

What does .NET have to do with it? Maybe Microsoft itself getting contracts and with its partners, but it has nothing to do with the quality of staff. It's been my experience most IT professionals are inept. I'd wager to say that there are probably just as many if not more inept PHP programmers out there.

How does being Open Source help? The work itself whether based on open or closed source products still requires services, hence the point of most of the contracts. There are just as many corrupt firms who are Java, Python, Ruby, Perl, or PHP centric. IBM for example comes to mind, and language wise, Java in general is just as much as India code shop outsourcing clusterfuck as .NET.

Your comment regarding .NET comes off as fanboy and typical ignorant slashdot drivel. If you have some facts to back that up, please do. Otherwise, it seems maybe you've just been the victim of working with bad people. Most of the open source popular libraries, frameworks, and products are not shining examples of good craftsmanship, they just happen to have a cheaper license.

You are also forgetting the licensing reality of a lot of open source which makes it hell for contractors to use lots of things. GPL is often worthless or a no-go in government work. MIT on the other hand is at least a more sane, less assholish license. Welcome to the real world where people work for a living, quality service costs money, and having source code does not magically make things good. That said, I'm a fan of open source, but I'll use the best languages and tools for the job, and .NET is often great for certain tasks, so stop being so immature.

Only one?

[malsbert]

Surly the the armed forces need more then ONE! I know there is only one Pentagon, And that simple fact implies; That the Pentagon is basically irrelevant! The .mil crowed may not be rocket scientists, But you can be damn sure; That none of those people, Will ever "put all their eggs in one basket", .mil history is filled with commanders that did just that, they even have a name for it; EPIC brain fart!

Same old crap.

[MaWeiTao]

This is where the real government waste exists and this is exactly the sort of thing that will never be addressed. Instead useful programs are cut wholesale because that's what makes the most visible impact to your average ignorant voter.

Re:Same old crap.

[blair1q]

No, no, no.

This is "inefficiency."

Waste is when this sort of regulation doesn't exist, and the system purchases random junk that doesn't work for projects that stopped operating years before.

Fraud is when anyone in the chain knows that's happening and lets it continue because it means a paycheck.

Who is in the IT Cartel

[byteherder]

The article did not name those companies that are in the IT Cartel. Let me start it off with the ones I know.

1. IBM
2. Accenture
3. Booz Hamilton
4. Deloitte
5. SAIC
6. HP
7. CACI
8. CSC

Why do they win all the IT contracts? They have huge staffs dedicated to understanding the myriad of procurement rules. The little guys don't stand a chance.


Can you name some more.

Re:Who is in the IT Cartel

Seriously, what do you expect these companies to do? Sorry IBM, you have already won $500 Million in contracts this year, you can not win anymore. I am sorry that you spent all that time and money to get people that understand all of the bureaucratic BS but to be fair, we have to let ever company win the same amount.

Re:Who is in the IT Cartel

Oracle
Northrop Grumman
Lockeed Martin
Raytheon
BAE
VMware
Citrix

Re:Who is in the IT Cartel

Dell (Perot) Services.

Re:Who is in the IT Cartel

Sorry Walmart but you have to close your doors until each of the little guys around you have sold as much as you.The fact that you can sell everything cheaper than the little guys because you can buy everything in large quantities which gets you good discounts is just unfair to the little guy.

Re:Who is in the IT Cartel

[Daggeron]

Cisco
Lockheed Martin
Aptis
Northrop Grumman
Raytheon

Re:Who is in the IT Cartel

That list is half "huge company that can hire people who know government regs" and half "one silky-haired lap cat away from a Bond villain".

Re:Who is in the IT Cartel

Northrop Grumman

Re:Who is in the IT Cartel

The little guys don't stand a chance.

Because the little guy actually has no idea how to solve the huge problems that the government needs solved. The "little" guy is not going to know the pitfalls of IT management for 5million+ computers spread over 14,000 separate locations running tens of different OS versions on probably thousands of different hardware platform combinations.

There are many levels to government contracting, and many small businesses compete for and win small contracts.

Why is anyone surprised that huge contracts are only won by huge companies? Your little 100 person IT shop doesn't have enough people to answer the tech support lines required for some of these contracts.

Re:Who is in the IT Cartel

[byteherder]

I am not saying that every little IT shop will be able to bid on every contract. Some contracts just require massive amounts of people, like consolidating 1000's of data centers into 1.

But if the cost to bid on a single contract is that you have to hire a dozen procurement specialists to figure out the requirement and procedures, then the initial cost will be too high for most IT shops. The feds need to simplify the way this whole process is done. And don't even get me started on sole provider contracts. This are just giveaways to big IT shops that then charge outrageous rates.

Re:Who is in the IT Cartel

In all fairness to the companies you mention, you can't call them a cartel if they're not actually colluding or price fixing in any way. This is not about the companies that you list misbehaving in any way; rather, this about the government procurement process being so complex that only companies that specialize in surviving that process seem to get through it. Summing up the companies is pretty far besides the point of the article.

Re:Who is in the IT Cartel

EDS

Re:Who is in the IT Cartel

Unisys. My father worked there at Unisys and its predecessor companies for many years. Most of the time, he was working on government contracts.

Re:Who is in the IT Cartel

Agreed with this list, and add for It and otherwise:

-General Dynamics
-Raytheon
-Lockheed Martin
-Boeing
-KPMG
-Northrop Grumman

It should be pointed out that all the companies in the cartel rarely if ever deliver. The plan is to staff contracts with a crap load of people quickly, and "cheaply," then charge a lot of money and deliver nothing. If you get kicked out, you still pocket the money and rinse and repeat with the next idiotic contract.

Re:Who is in the IT Cartel

[Greyfox]

Oh yeah, they're my favorite! Oh hey guys lets bill the United States Navy 12 million dollars for 4 copies of Citrix! It's the finest technology 1994 can provide!

Re:Who is in the IT Cartel

I have worked for Booz Allen Hamilton and Deloitte, people just move from one place to another and it is exactly the same small group of people that know each other. I have to admit that working on procurements is a pain in the arse and there is a reason why these companies always get it

Re:Who is in the IT Cartel

What no Oracle?

Re:Who is in the IT Cartel

There are plenty more: (and i've worked for all of them)

Northrop Grumman
Lockheed Martin
ILEX
L-3
Mantech
STI

Your Forgetting 2

[alexander_686]

United States Public Health Service Commissioned Corps
National Oceanic and Atmospheric Administration Commissioned Corps

Shouldn’t all uniformed branches get their own data center? ;-)

When Rules Get too Onerous

[banished]

1. Make the laws on government bidding so complex that very few CAN understand them. Requires power.

2. Grease the skids to overcome the inevitable subjectivity inherent with people trying to interpret complex rules (crony capitalism). Requires money.

3. Shazam! You win the bidding process.

Lowest Bid + Generic Requirements = Govt Contract.

telling the committee: '...We almost have an IT cartel within federal IT' made up of very few companies that benefit from government spending 'because they understand the procurement process better than anyone else.' He added: 'It's not because they provide better technology.'"

What do you expect to get when you take all the proposals for a contract and order them by cost. Then starting with the lowest bid, see it is meets the minimum requirements on the RFP. If so, end process and award contract. The other proposals are not even looked at. Also, most of the RFPs are written by people that do not truly know what the requirements should be so they make the requirements very general and open to interpretation.

So with this recipe for disaster, how can anyone truly expect to get anything but the bare minimum.

A dollar spent is a dollar earned.

[140Mandak262Jamuna]

Every dollar spent by anybody is actually a dollar of revenue to the counter party of the same transaction. You spend a dollar on bread. Your grocer gets a dollar in revenue. Right?

Now think about wasted money. Wasted money is not cash burnt in the fireplace. It is just money spent, without adequate or reasonable return. For the counterparty to that transaction that money is unearned revenue, undeserved profit. When you say government is wasting 300 billion dollars, it represents 300 billion dollars of unearned undeserved income to people. They would fight tooth and nail to keep that breach open. They would not let those loopholes to be closed, the procedures to be mended. The looters are also actively aided and abetted by the congresscritters. That is why it is so difficult to cut down the waste and fraud in the government.

WHY IS THIS RATED INFORMATIVE?!

Rate this DOWN. This is utter bullshit, just look at the replies

The Government IT Procurement Process

The outgoing CIO has evidently never had to experience the morass that is the Government IT procurement process.

DADMS, IT approval, PID/PR, sole source justifications to name a few. Approvers who build empires an can send procurements back to the starting line at a whim. The process that began to prevent waste, fraud, and abuse now costs a minimum of an additional $2 for every dollar spent for the actual purchases.

Small IT support groups in the trenches simply do not have the time to spend on the convoluted procurement process. They are busy trying to keep their respective groups operating while trying to fufill the seemingly endless security requirement that are levied without resources with which they can be accomplished. Therefore procurement is outsourced so that purchases can be made in a more expeditious manner.

A need is there and contractors have jumped in to fill that need. It is the nature of business. IF they want to save some money, streamlining the procurement process is a good way to start. Streamlining does not equal adding yet another database or layer of process though.

its the government's fault

They set the playing field with the contracting offices - want to break the cartel, make the contracting office simpler and more efficient, instead of this the CIO blames the government's own process - nice...

Science-fiction

How come I read this line "In a wide-ranging discussion Friday with President Barack Obama's top science advisors" as "In a wide-ranging discussion Friday with President Barack Obama's top science-fiction advisors"?

Wait

[DarkOx]

This guy is suggesting that Federal Procurement isn't a process of objective evaluation where the best(as in most appropriate to requirements) products, services, and vendors are selected? What you say its system or rigged bids? You mean evaluation criteria is not select to best represent operational goals but instead to ensure a preferred vendor gets the contract? Wow crazy, never would guess that from casual observation of the past 40+ years of US history....

I am so glad we hire these qualified public servants with their first rate insight to warn us of these dangers.

every made-in-china laptop?

[decora]

made by companies that are part owned by the People's Liberation Army ?

im sure they didn't put any hardware backdoors in. nah.

he is describing wikipedia and blogs

[decora]

if i am not mistaken.

and he is right.

when your local news says 'anti-terrorism operation happened today on the freeway, many trucks stopped', you might blow it off.

when you read a bunch of websites about what a VIPR team is, read its budget, read the congressional criticisms of it, then you starting getting antsy about it.

SAIC's numerous failures

[decora]

TRAILBLAZER

the New York City thing

etc etc etc.

did i mention that SAIC and NSA senior officials flip back and forth between working for the company and working for NSA?

Congress

[unsolicited]

We don't need Congress.
With the proliferation of Internet and Cell phones people can make informed decisions and can directly vote on Bills and make/change Laws.

Not just procurement

[Avatar8]

Having worked at an IT company that supported the U.S. government, I saw first hand how a load of bureaucratic hogwash can bring an operation to a halt. I fully understand the "skill" needed to navigate government procurement, approval, change, spending, etc. It's the biggest time and money wasting factor in any operation. Because the department heads feel everything needs to be checked, double-checked, triple-checked, signed off, filed in 12 different ways, audited twice and then run through oversight, by the time the work gets done (if it does) it is either no longer needed or outdated. Past actions of unscrupulous politicians, administrative staff and government employees have led to this necessity.

Add to this the people problem. Everyone I ever dealt with in the department I supported was extremely unskilled and ignorant of the knowledge they needed to know to do their job. I know for a fact that work days are short, especially Fridays and thanks to web monitoring software, I know most of the employees only spend about an hour a day of actual work. Now put this sluggish, ignorant person in charge of making a technical change to an application, a server or god forbid, a whole data center. Top it off with the IT barrage of regulations and procedures (SOX, ITIL, ISO, etc.) and you have the epitome of steering a huge ship with a small wooden paddle.

In the three years I supported them, I only ever saw one major implementation of new equipment, one successful disaster recovery exercise and multiple misses of the DNS SEC implementation.

With my inside knowledge I have no faith in our government in any department. I'm surprised ANYTHING gets done ever. Except, of course, pay raises. Those happen immediately, without fail and completely without merit.