The race to meet a series of milestones for advancing federal mobility continues to encounter differing expectations and the underlying need for better methods for managing data, according to a group of federal IT leaders in the throes of delivering the Obama Administration’s Digital Government Strategy.
In a White House report issued last month, Administration officials listed a variety of accomplishments in the first 90 days of a year-long set of initiatives, declaring “agencies are making great strides towards putting a solid foundation for a 21st Century Digital Government in place.”
But practical and philosophic impediments remain a significant challenge as agencies attempt to embrace mobile technology, the IT leaders said during an industry forum in Vienna, Va., on Wednesday, sponsored by ACT-IAC.
That became particularly evident with the release of the Bring-Your-Own-Device (BYOD) Toolkit, said Brad Nix, chief information security officer, for the Department of Agriculture’s Food and Nutrition Service, one of five panelists who spoke at the event.
The toolkit was aimed at guiding agencies considering BYOD policies. But with only 90 days to complete, the report mostly captured key considerations, best practices, and examples of existing BYOD policies from forward-leaning agencies, with little for agencies to put into place.
“Agencies are risk-averse,” said Nix (pictured above, right, at a July event.) “You can deal with risk four ways: You can eliminate it. You can reduce or mitigate it. You can transfer it. Or you can accept it. Agencies were looking for a way to transfer the risk of BYOD,” and the toolkit didn’t provide a way to do that, he said, disappointing many officials who were expecting more.
Employee reimbursement is related issue, Nix said. “It’s a very sticky subject,” and more challenging in government that in the private sector, he said. “If you can’t get that in place, it will make BYOD more difficult to implement.”
Perhaps even stickier is what happens if an agency needs to confiscate an employee’s phone that has been compromised, said DJ Kachman, director, security and mobile divisions within the Department of Veteran Affairs.
“The government essentially owns your device in the end,” when it can hold it for a week or a month for analysis, he said.
Another area of tension, beyond gaps in expectations, is the differing philosophic approaches in establishing security guidelines, said the forum panelists, including Dr. Rick Holgate, CIO and assistant director for Science and Technology at the Bureau of Alcohol, Firearms, Tobacco and Explosives (ATF).
To help agencies navigate the rapidly evolving mobile security space, federal IT officials are working with the National Institute of Standards and Technology, which released a report last month on their current work in mobile security. The report includes summaries of forthcoming publications on managing and securing mobile devices.
NIST is also involved a related Digital Government Strategy effort to evaluate “opportunities to accelerate the secure adoption of mobile technologies into the federal environment at reduced cost.”
But NIST’s tendency to define processes and frameworks for assessing risks contrasts with the more “binary,” requirements-oriented approach of defense and other officials working on the initiative, Holgate explained, and that has been a source of contention in keeping on schedule. Holgate said the issue is expected to be addressed at a meeting scheduled next week.
Perhaps the most challenging dimension of advancing mobile technology in government is how to manage mobile data, said Gwynne Kostin, director for mobile initiatives at the Office of Citizen Services and Innovative Technologies, General Services Administration.
When Kostin (pictured above, left) first began working in the mobile arena, she said the majority of her efforts revolved around apps and devices, and the experience users had on their devices.
“But as we looked at it more, what we really came to appreciate is that what is mobile is the data,” she said. That has refocused attention, “looking at what does content management mean? What does a system mean? And what does that mean for interoperability?” It’s much different than looking at mobile software apps, she stressed.
“That’s why API (application programming interface) is so important,” she said, to ensure that the data is more available and more open to use in ways people have become accustomed to experiencing. She also stressed how essential it is that APIs be well documented, so as mobile technologies evolve, it remains clear “how an existing API works and what the (data) calls mean.”
Kostin, who also leads the Digital Services Innovation Center, remained bullish on the government’s efforts to help agencies move into the mobile era. She pointed as evidence to the plans agencies have submitted thus far to optimize at least two existing priority customer-facing services for mobile use and publish a plan for improving additional existing services.
“There are a lot tasks being done in 12 months, but it’s really about getting agencies to get their feet wet to deliver services anytime, anywhere,” she said.