The Fifth Domain by Richard A. Clarke & Robert K. Knake

Author:Richard A. Clarke & Robert K. Knake
Language: eng
Format: epub
Publisher: Penguin Publishing Group
Published: 2019-07-15T16:00:00+00:00

Learning from State Governments: Not Everyone Can Do IT

We would also centralize IT service in the civilian agencies of the federal government. People like to justify the existence of fifty state governments in this country with the phrase “the states are laboratories for innovation.” The system of fifty fiefdoms also gives you a better-than-even chance of living in a state that has poor education and health systems, but we digress. One thing that several states have done successfully and that could serve as a model for the federal government is to create information technology departments. We have had the pleasure, as unpaid advisers, to work with the IT departments in both New York and Virginia.

The idea is simple enough. No state agency (or in the case of Virginia, no commonwealth agency, because “commonwealth” just sounds classier) or department is likely to have the ability to recruit enough quality IT professionals to run the agency’s own network effectively and securely. Moreover, the leadership of, let’s say, the Fish and Game Department is probably not really likely to be a great set of supervisors for a bunch of computer geeks running the agency’s network. Nothing against Fish and Game people, you understand.

The solution is to make all, repeat all, IT functions into services that state agencies buy from the one state agency that specializes in computer science, network management, data storage, and, oh yeah, cybersecurity. Rather than just issuing cybersecurity guidelines and rules and hoping that the other agencies think the rules are important enough to spend money implementing, the IT department is responsible for securing everything.

The statewide IT departments often contract out to one or more IT services companies, which actually run parts of the network day to day. The IT department specifies the deliverables, the standards, the security features that will appear in the contract. The state employees in the IT department do contract monitoring, oversight, and quality control. Expecting each of forty or fifty separate state-level agencies and departments to be able to do that kind of contract management is unrealistic. Many states have figured that out and have centralized IT.

Why don’t we take the results of this successful experiment in “the laboratories” that are the state governments and try it out at the federal level? Today, there are scores of independent federal departments and agencies, each with the authority to decide whether they are going to run their own IT network or let some other department do it. If they do run their own, and they almost all do, they must live up to security standards issued by the White House’s Office of Management and Budget in association with Homeland Security. Most departments and agencies, however, get away with flouting the security standards.

You can’t really blame a Cabinet secretary for wanting to spend money on, say, a shiny new embassy complex in London, rather than a state-of-the-art endpoint detection and response (EDR) software application. After all, you can cut a ribbon and throw a hell of a party at a big new embassy.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.