Originally Broadcast May 17, 2008
Announcer: Welcome to The Business of Government Hour, a conversation about management with a government executive who is changing the way government does business. The Business of Government Hour is produced by The IBM Center for The Business of Government, which was created in 1998 to encourage discussion and research into new approaches to improving government effectiveness. You can find out more about The Center by visiting us on the web at businessofgovernment.org.
And now, The Business of Government Hour.
Mr. Morales: Good morning. I'm Albert Morales, your host, and managing partner of The IBM Center for The Business of Government.
As the National Aeronautics and Space Administration celebrates its 50th year, it remains one of the most complex and exciting missions in the federal government. With its cutting-edge research in aeronautics, space science, and earth science, NASA expands our knowledge of the universe, and applies these insights to our daily lives. A few years ago, President George Bush gave NASA a defining challenge for the 21st century: to expand human presence in space. The success of this ambitious vision rests on NASA's pursuit of an effective information technology strategy.
With us this morning to discuss NASA's critical efforts in this regard is Jonathan Pettus, chief information officer at NASA.
Good morning, Jonathan.
Mr. Pettus: Good morning.
Mr. Morales: Also joining us in our conversation, from IBM, is Paul Kayatta, partner in IBM's General Government Practice.
Good morning, Paul.
Mr. Kayatta: Hi, Al. Good morning, Jonathan.
Mr. Morales: Jonathan, many of our listeners are probably generally familiar with NASA, given its wide public recognition, but could you take a few moments to provide us an overview of NASA's history and its mission today?
Mr. Pettus: Sure. What we like to say is that we're about pioneering the future of space exploration, scientific discovery, and aeronautics research. So if you think about really what we do, it's really about innovation and exploration, and in part inspiration, in terms of the human desire to explore and discover. Many, and especially those of who work at NASA, find that to be inspirational, and we believe the public does as well, in general.
And in terms of our history, this is a particularly important year to our history because it's our 50th anniversary. And the roots of NASA date back to 1958, when the agency was spawned, in part as a reaction to the launch of Sputnik. Of course, from there, the '60s were about getting to the moon, the Apollo program building on Mercury, Gemini, and then ultimately Apollo. And so that era that so many people are familiar with and one of our greatest achievements, man reaching the moon, is obviously something we're very proud of, but NASA has had a broad history beyond just that.
And in fact, from there, we moved into, in the '70s, a focus on -- you may recall Skylab, which was that early version of an orbiting laboratory for experimentation -- as well as actually the beginning of the development of the Space Shuttle Program during that era, along with many different scientific missions. For example, the Voyager missions, which basically spanned the solar system and actually continues on out beyond the solar system in terms of those two spacecraft.
Then again in the '80s, where the shuttle program moved into full-fledged operations as well as continuing, you know, many different science missions. And then the development and then the construction of the Space Station, which is an international partnership including 16 countries. And you really see of late the international flavor of the Space Station, as you've seen European components be launched and assembled. And of course, we have a significant partnership with Russia in terms of the operation and habitation of the Space Station.
So we focus a lot on human space flight, but I should mention the scientific missions, the robotic missions, like most people would be familiar with our Mars Rover projects and the fact -- the amazing lifespan of those Rovers that are still operational on the Martian surface. Then with our full portfolio of science missions -- and many people probably don't know this, we have over 50 or so science missions either in-fly or in preparation to fly. So our portfolio of projects that NASA is about these very large, long-term, human space flight efforts, like the shuttle, the station, and you mentioned the President's plan and strategy for us to begin to work to return to the moon and then on to Mars with humans, as well as our large set of smaller scientific missions.
With the aeronautics research, the scientific discovery, and the human space flight, those are the major themes within NASA, and really what we're about from our earliest days.
Mr. Morales: Well, that's certainly a very broad portfolio of missions, and certainly, you know, NASA's about making history in all those events and accomplishments that you mentioned. So to help provide our audience a sense of scale, can you just tell us a little bit about how NASA is organized, the size of its budget, number of full-time employees and contractors, and perhaps its geographic footprint?
Mr. Pettus: Yeah, I can start with the numbers, give you a little bit of information about our organization. We have roughly 17,000 government employees, civil servants, and then around 40,000 contractors, contractor partners, which are a huge part of how we accomplish our mission at NASA. Our budget's roughly $17 billion annually. Our geographic footprint really consists of 10 major locations -- we call them "centers" -- spread throughout the country, with headquarters in Washington, D.C. And your listeners will be familiar with some of our major centers, like Johnson Space Center in Houston, Texas, where Mission Control for shuttle and station operate out of; of course, Kennedy Space Center is another example, down at Cape Canaveral, where we launch from; as well as centers like Ames Research Center out on the West Coast, which has a major role in our scientific programs as well as supporting some of our human space flight efforts. So in all, 10 centers spread throughout the country, all headquartered in D.C.
Mr. Kayatta: Now that you've given us a great sense of the larger organization, could you tell us a little bit about your role as NASA's chief information officer? And could you tell us a little bit about your organization, also, how you're organized and the size of your staff, budget?
Mr. Pettus: Yes. Of course, the chief information officer role is the senior most IT official in the agency, responsible for IT policy. I'm responsible for the agency's IT infrastructure, our data centers, networks, end-user devices, those components that make up our infrastructure, as well as facilitating and architecting our overall applications landscape, our systems that are used to automate business processes and to exchange information/store information. And obviously, especially in this day and age, also responsible for information technology security, information security for all of those assets.
Then in terms of our organization, we have a federated model for our IT organization. Here in headquarters, our office consists of about 50 employees. But across the agency, we have each of those sites that I mentioned has a chief information officer that's part of our IT community, and I coordinate the efforts of those IT officials across the agency. The total workforce across the agency consists of about 700 NASA civil servants and about 2,000 contractors.
Mr. Kayatta: That's an expansive purview. I'm sure in that responsibility there are many challenges that you face. Could you highlight perhaps the top three and what you're doing to address them?
Mr. Pettus: Sure. Well, it is a challenging responsibility, as you state. I'd say there are many challenges. It's hard to hone in on three specific ones, but I'll give it a try.
First is ensuring that given the expansive nature and diversity of our overall mission and programs, ensuring that our IT investments are focused on enabling the mission. And so in our federated model, making sure that we have at least enough visibility of IT decisions that are made, and ensure that there's some consistency around infrastructure. Then interoperability from an application and infrastructure perspective is a significant sort of overarching challenge, and many of the other challenges fall from that.
So a second challenge, sort of related, is that our tradition at NASA is for those centers to be very autonomous. And the work profile in the past, in our history, has been much more focused on specific sort of big footprint roles for each of those centers. Whereas with our future and the role of what we call our Exploration Program coming from President Bush's mandate to NASA to develop the plan to return to the moon and then to move further into the solar system in terms of human exploration, the model going forward is for our agency to collaborate and to leverage resources that exist across those centers in a much more granular way. So from a CIO perspective, what that means is that our organizational model and our style of how we execute our programs is changing. And so from a CIO standpoint, that has an impact on our strategy, which is ensuring that IT is a key tool in helping that integration, collaboration across those center boundaries.
And then the third challenge is given our role at NASA, you know, if you think about what we're about, which is creating knowledge, sharing information for the advancement of humankind, then we're all about openness in terms of our information and systems. But we also have the challenge of security and securing the information. So balancing this need that's fundamental to our mission to share information and to collaborate with academia, education at the lower levels, with our business partners, and with the public at large, while also ensuring that we have the appropriate level of security on some very important national assets is a big challenge.
Mr. Morales: It's certainly a delicate balance to strike between those two. Now, Jonathan, I understand that you've been with NASA now for roughly about 17 years, but you didn't necessarily start in government. So can you tell us a little bit about how you got started?
Mr. Pettus: I can. My first job was a high school math and history teacher and a basketball coach. I started out for a couple of years at least in education. My parents were both teachers, so I knew I was interested in teaching. I also loved basketball, in particular, and so thought I would -- my plan all along was to actually get an education that would allow me to have some mobility between my number one thought, which was to follow in my parents' footsteps and be a teacher, and then also be able to move into the technology field. And so I earned a degree in computer science and a master's degree in computer science, along with degrees that would allow me to teach. So I started out as a school teacher.
And then I gave technology a try with a job. My first job in technology was with a software firm that developed human resources and benefits systems for the private sector, and I did that for about a year.
And then I moved over to an aerospace company that was a contractor for NASA, and that's how I got into the NASA business. And so I worked on payload integration software for our Space Shuttle Program as a contractor, and then finally moved over to the government side about 17 years ago, when I first came to work for NASA and came into the IT organization down at Marshall Space Flight Center, which is in Huntsville, Alabama.
Mr. Morales: So as you kind of reflect back on some of these experiences and some of these decisions, how do you feel they reflect your current management approach and your leadership style?
Mr. Pettus: That's a good question. I think that -- and again, this may be surprising to some, but I like to say -- as I think back about it, I think this gets truer every year -- is that those first two years when I was a teacher right out of college and a basketball coach, the skills I developed in terms of communication, teamwork, how to coach kids into not all wanting to shoot the ball, but some being willing to pass the ball up and set screens so that teammates might be able to score, that whole sort of environment and experience, I can translate that into what I've been challenged to do through my career in IT in the government. You know, as important as understanding technology is to that, I think I believe this more strongly again every year, is that relationships and communication and teamwork are the keys to success in IT probably as they are in any endeavor. And so what I learned there was really important.
I think having a job in IT in the private sector taught me a little bit about business, even though I was in that job for a short time, but just gave me a sense of what it was like in the private sector from a business perspective. And then working as a NASA contractor was really important for me, because my job at NASA is so much about working with our contractors and partners -- given the size of our IT workforce that's made up of so many contractors, I think having that experience on that side of the fence has been very useful to me to maybe understand all the perspectives.
Mr. Morales: That's a great set of lessons. Thank you.
So what is NASA's IT strategy? We will ask Jonathan Pettus, chief information officer at NASA, to share with us when the conversation about management continues on The Business of Government Hour.
Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Jonathan Pettus, chief information officer at NASA.
Also joining us in our conversation from IBM is Paul Kayatta.
Jonathan, you referenced earlier the IT strategy at NASA. Perhaps you could tell us a little bit more about that. Specifically, how have you sought to modernize and standardize the use of technology so it benefits both the agency and the constituents that you serve, as well as align the resources to NASA's overall strategic goals?
Mr. Pettus: Well, we spoke a little bit in the last segment about the shift in terms of how we go about executing our programs. And that's been a huge driver in terms of changing our IT strategy. When we talk about our IT strategy at NASA, we talk about four principles; one overarching principle, which is IT should serve to enable the mission. Now, that sounds like motherhood and apple pie. Who could disagree with that? But what it means to us is, if you think about our history again, we created a lot of IT. Back in the early days of, say, the Apollo Program, everything that that program needed in terms of technology, they created. And so things like routers and networks and protocols and things of that nature, which today are commonplace and commodity items, we created.
We're about innovation, as I said earlier, but sometimes perhaps we have not adapted to the availability of commercial IT quickly enough. And so when we talk about ensuring that our IT's about enabling the mission, what we really mean by that is that we don't create IT just to be innovative in IT. We are innovating around our mission. And where IT supports that is where we innovate, but we rely on the private sector where we can, especially where we have commodity style type IT.
A second principle is that our IT should be about integrating information and business processes across the organization. I spoke to that a little earlier in terms of using IT as a way to allow our workforce to collaborate across our center and organizational boundaries in order to design and develop our new space flight systems as well as our science missions and so forth.
A third principle is that IT at NASA ought to create efficiencies. And along with that, we ought to be efficient in our implementation of IT. It sounds like it's a duplicative statement, but it's really not. IT is about creating efficiencies through automating processes and integrating information, so you think about things like business cases and investment style processes to ensure that. But also, at NASA through the years, in some cases we've had no shortage of efforts to try to be efficient through implementing IT, and in doing so, we've created some inefficiencies in our IT itself. So in our rush to create automation, we've done so, in some cases, without an eye toward ensuring that we're efficient with our IT.
And then the last principle that I'll mention is that as we implement information technology solutions, we ought to ensure that they're secure. At a high level, we've used those principles to sort of outline our IT strategy going forward.
Mr. Morales: Great. Now, in your IT strategy, I was excited to see a reference to my old alma mater, the MIT Sloan School of Business. And MIT's research has found that effective IT governance is a key to an organization's ability to respond quickly and effectively to changing needs. So to this end, could you tell us more about your efforts to enhance IT governance within NASA? Specifically, could you elaborate on efforts to foster an enterprise-wide view of IT rather than a stovepiped model of IT?
Mr. Pettus: That's one of those big challenges, and we referred to that topic a little bit earlier. But in fact, we've actually used some of the research from MIT that you refer to, and also research from folks like Gardner and Forrester, to look at different best practices around governance for IT. And so what we've done at NASA is, number one, we've tried to clarify the difference between the information technology solutions that support the mission versus those that are embedded in the mission. And let me explain.
So if you think about our financial systems, our networks that allow our employees to collaborate and communicate, even our CAD design tools that our engineers use, that's all IT that supports the mission. If you think about, though, on board a spacecraft, the avionics systems that guide the spacecraft, the operations systems that are embedded in the spacecraft, tons of IT there, but not so much IT that needs to be governed by the CIO. It's IT that's part of the program. And so one of the difficulties we've had in the past at NASA is sort of distinguishing between the two in the sense that the programs themselves would oftentimes be responsible for sort of the governance of, if you will, each of the supporting IT elements in addition to those core sort of mission elements. And so we've tried to clarify that definition.
Then also, we've tried to implement some processes -- and we're in the midst of doing this; we've by no means completed it -- where we provide better visibility into IT investments. Because you can't improve decision-making if there's not really better visibility into those decisions that are being made at a broader level. So we've established a strategy and investment board at the most senior level in the agency. The role of that board is to look for opportunities, and the CIO facilitates the process for cross-enterprise implementation versus stovepipe implementation, so looking at the big-ticket items in our budget in terms of investments.
And then we have -- in the federated model, we have similar structures that link up with that agency structure that exists at each of the centers. So focusing on using that committee and that process, clarifying the role of the CIO in managing the support IT, and then of course, budget visibility, so that we really understand where in the budget, from a financial perspective, having that transparency relative to where the IT spend is -- all are important in terms of helping us improve our IT governance, which, in the end, is being clear about how we allocate decision rights for IT.
Mr. Morales: So, like many organizations, NASA's IT infrastructure comprises things such as hardware, software, and the processes that all together deliver the IT capabilities that you have. Having said this, NASA's IT infrastructure is now being challenged to meet your IT principles. Could you tell us a little bit more about these principles? And to meet the challenges, could you elaborate a bit more on three aspects of the NASA infrastructure?
Mr. Pettus: Yeah, we like to talk about the infrastructure consisting of -- if you think about you as an end user and you have to interact with an IT solution, you're typically starting that interaction from an end-user device: a laptop, a desktop computer, a PDA. That end-user device component is a component of our infrastructure.
Then the communication that takes place, if you're at one of our centers, it's either over a land line or a wireless network, you're communicating on a local network. If you're trying to access a service that's running on a server or a computing engine that's remote to that site, you're then traversing our wide-area network. So we think about LAN/WAN together as our com infrastructure. And then finally, the data center component is those facilities and operations capabilities that house the computing environment on which applications run. So together, those make up our IT infrastructure.
Now, I found at NASA that it's been helpful to sort of simply describe what we mean when we talk about IT infrastructure, especially to our stakeholders and our leadership, because the word is thrown around a lot, but just sort of getting clarification about what are we really talking about when we mean IT infrastructure? Where we're focusing from an IT infrastructure perspective, back to those principles of efficiency, of integration, and security. Number one, we want to make sure that our networks are not -- and our infrastructure itself is not stovepiped such that it's actually a B-to-B type of transaction when an employee needs to interact with another employee who happens to be at another NASA center. We like to say that sharing a CAD joint (?) across centers shouldn't be a B-to-B transaction. We're trying to simplify that through standardization, integration, and in some cases, consolidation.
In terms of the data centers, for example, we're moving to consolidate the number of data centers that we have down to a much smaller number, so that we're clear in terms of our computing environments being housed in secure, well-managed data center facilities.
And end-user devices, you're probably familiar with the mandates from the federal government to all agencies in terms of standardizing configuration, at least on Windows platforms. And so we're moving to have a more complete service-level management of the desktop environment to help us ensure that systems are patched and appropriately configured to help us from a security standpoint, and also to help us from an interoperability standpoint as applications need to be delivered across those end-user devices across the enterprise.
Mr. Kayatta: Being a mission-focused enterprise, NASA has generated a significant number of applications; currently over 2,500, I believe, including over 8,000 websites. Could you tell us a little bit about the IT application management strategy, and specifically, what you're doing to create a CIO-facilitated process that drives standardization and efficiencies that you mentioned earlier within NASA?
Mr. Pettus: Well, we think when you look at the role of the CIO, and the role of IT in general, if we just focus on infrastructure, then at the end of the day, the value that we're providing is not what it should be and not what it could be. And so for CIOs to sort of move up the stack and to have a close relationship with the business or the mission, applications have to come into play.
Now, the tradition at NASA is that applications in many cases have been developed within the business units, within the centers, within the programs for specific needs, and that's appropriate in many cases. However, it's led to, as you described, a large number of applications. And in fact, a difficult time for us as an agency to understand even what our inventory is of applications and where are those opportunities for cross-center, cross-enterprise implementation and rationalization of our applications?
And so our strategy is to, number one, educate our leadership and our key business partners around "the application problem" so that people begin to understand why it's not such a good thing to have such a proliferation of tools. It may seem obvious to IT people. It's not necessarily obvious to all of our business partners why that's actually a significant issue that needs attention. So we talk about it in the context of those principles again, and why it's important to have rationalization of your application environment to gain some efficiencies to allow for better integration, and then obviously from a security standpoint.
So we see the CIO's role in that process as much more of a facilitator, being clear about our sort of sub-portfolios that exist within the overall application portfolios; clear about who the owner is. So for example, if it's financial, it's the CFO that owns that portfolio from a business perspective. And then understanding what does that portfolio look like? What are the opportunities for rationalization? Where are the gaps in terms of business processes in that particular area? Then it helps us to be much more logical and structured in how we invest in the future, and also, rationalize to save money. And so we like to use words like "facilitate," "coordinate," and we talk about applications. Words like "control" and "dictate" don't work so well in the applications environment.
Mr. Kayatta: The entire stack that you had mentioned to spend is approximately $2.2 billion, which represents nearly 13 percent of NASA's total budget. And recent industry research suggests that for some enterprises, that could be another 10 to 50 percent of actual IT spend that's hidden among program budgets. Earlier, you were talking about visibility and the review board. I'd like to know, how's that working? And are there other things that you've done to be able to manage a capital investment plan that results in a mission aligned and cost justified?
Mr. Pettus: That's a good question and an important one. Because ultimately, in terms of things like governance and trying to drive rationalization and integration, it typically comes back to budget. And so it's an important aspect, I think, of an overall plan, and we've tried not to ignore it.
The first order, we've been trying to better understand that 2- to $2.2 billion figure that you quoted. That's actually what we report to OMB in terms of our IT spend. Earlier, when I talked about sort of this differentiation between support IT and that embedded mission IT, when we report to OMB, we include a lot of that embedded mission IT. So if you think about the big-ticket items, like the software development processing facility for Space Shuttle, some of those things, which are -- when you start comparing us to other agencies and other entities, it's not quite apples-to-apples if you're throwing in those kinds of sort of heavily mission-oriented IT. So one of the things we're trying to do is better understand sort of that total cost and IT spend related to that support IT and be a little clearer about what that entails. So we've had some success in terms of defining that.
We were working with OMB in terms of how that impacts our overall reporting and what that means. But internally, we've worked to create within our financial system the ability to more clearly track the IT spending. We've worked with our procurement officers and the associated procurement officers at each of our sites. The linkage between the procurement officer and the CIO is so important because the shadow spending occurs, in many cases, where a program has an IT need. Maybe they don't even know that it's available from the CIO, but perhaps they do and would prefer to actually have local control themselves of that particular IT solution. And so they might look to a contractor that they're using to provide some other mission service to do some IT work.
Well, that can oftentimes become visible through the procurement process. And so partnering with the procurement officer to help gain visibility into the actual acquisitions so that we can see where there are big-ticket IT buys that perhaps may not be consistent with our overall IT principles and where we're trying to head, it allows us to have some dialogue with the businesses in cases where that occurs.
And then we have this governance process that we've structured so that ultimately the major issues can actually be brought to that group. Now, when you're talking about a $2 billion IT spend with 17,000 employees, it's not possible from a top-down perspective to manage every IT spend element. But the big-ticket items, like someone who wants to create a new data center, someone who wants to implement a new ERP application, someone who's developing a new collaborative tool, that's a pretty big -- it's a sizable investment -- those things, we'd want to have visibility to.
So we've taken what we've done for years, this capital planning process, but we've kind of -- frankly, in some cases, maybe we're just kind of going through the motions, and we've tried to more completely link it to the budget process so that it actually is not just a reporting process, but it actually drives some of the decision-making that occurs during the budget process.
Mr. Morales: That's great. Jonathan, I only have a minute left and I want to shift gears here for a moment.
But as you know, the e-Government Initiative has been a critical component of the President's Management Agenda. Could you just take a brief moment to tell us about your agency's efforts in this area, and what are some of the challenges faced that remain to get accomplished?
Mr. Pettus: Sure. We're an early adopter, one of the first out of the chute in terms of the -- one of the first big e-Government projects was the payroll consolidation, and NASA was an early adopter. We used Department of Interior's offering there, and have been running that for four years or so. And we found that to be a very successful implementation in terms of cost savings, in terms of allowing us not to focus precious IT resources on that kind of sort of more commodity-style application. So we were an earlier adopter there.
Also, in the human resources side of our business processes, some smaller footprint applications, like position description, management tools, and resume management tools, that were early e Gov projects we have implemented. And in fact, actually, some of our first experience with web services and service-oriented architecture style sort of interaction occurred with some of those HR small projects. So we benefited from that not only through the implementation of the tool, but the learnings that we got in terms of -- or received with the experience with the web services piece.
The challenges are ensuring that -- balancing the internal needs of the organization with the overarching sort of strategy that the federal government has in these particular e-Gov areas. We're in the process of implementing the travel management solution. We think it's going to be a good tool. However, if we looked at our overall portfolio of investments and the needs that existed, quite frankly, there was an internal debate around the fact that we already had a travel system that people felt worked. And so what's the compelling need to move to this new travel system? And so that creates some interesting discussions around prioritization internally.
And so that's one of the challenges, is understanding that it's the right thing to do, but also needing to make it fit within your overall portfolio.
Mr. Morales: So what is NASA doing to advance its IT security efforts? We will ask Jonathan Pettus, chief information officer at NASA, to share with us when the conversation about management continues on The Business of Government Hour
Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Jonathan Pettus, chief information officer at NASA.
Also joining us in our conversation from IBM is Paul Kayatta.
Jonathan, the President's vision for space exploration, as we discussed earlier, defines a challenge for the 21st century, and sets a compelling new set of objectives for your organization. Now, recently, NASA conducted an assessment of its current state of IT. Could you tell us a little bit about what some of these key findings were, and what are some of the critical lessons learned going forward?
Mr. Pettus: Well, we've actually had a couple of different studies. One was focused on IT security, but then we had a more general one focused on the overall state of IT and the role of the CIO. And so maybe I'll start with the latter and then we can speak a little bit about security.
In terms of the work that we did, the assessment of IT, it was actually something that I started when I came on to the job roughly 17 months or so ago. And it was a process where we actually went out and talked to key stakeholders across the agency and the mission specifically about their views of IT. And so what we learned was that at the infrastructure level, at the local level, people were generally okay with the infrastructure delivery in terms of e-mail services, desktop. Yeah, there were some complaints, as always, about particular issues. But in general, people, in terms of availability and that sort of thing, were okay.
However, they did see that it was extremely difficult to interact, to work, to collaborate with people across other organizations. And that in terms of being mobile, as you move from one NASA center to another, which our people often do, it's very difficult just to plug-and-play at NASA. And so feedback was, we need better support for mobility both within the agency and as we work outside of the agency after hours and that sort of thing.
Another finding was that there was a recognition that -- they didn't refer to them as "applications," but the discussion was typically around there was a proliferation of tools, and that perhaps there was a better way to manage our tools such that there was better interoperability and then perhaps some efficiencies to be gained there.
And then lastly, there was a note from our stakeholders. They were aware because of some issues we've had relative to our scorecard, our PMA scorecard, and such that we have had some IT security challenges. And so there was a general awareness that there were emerging threats that were significant to the agency and IT security and that overall, there were certainly some issues with IT security that needed to be addressed. And so those were findings that all sort of led into this discussion that resulted in these principles that I talked about earlier.
Mr. Morales: So given the complexity and just the sheer size of the programs that you all manage, how has your agency sought to improve its project management discipline and structure for monitoring project performance?
Mr. Pettus: Project management at NASA is sort of a core fundamental competency, because that's what we do. If you think about how we operate running these large programs, multi-year, very significant dollar value-wise and content-wise programs, but the processes that had been set up in the agency for project management were geared around these flight programs. So the basic fundamentals of project management are the same regardless of the domain. However, when it comes to IT projects, we were having some difficult times trying to sort of fit some of the necessary sort of components of an IT project into this overarching framework that people are familiar with in terms of flight projects. So what we've done is we moved to create a similar but separate project management methodology and governance model for projects that are IT projects in nature.
And we've established a Project Management Oversight Board that reviews major IT projects. And for important key decision points and milestones and gates for those projects, that's done at an agency level. For lower order projects, similar to the governance discussion we had earlier, each center has a project management board for their own sort of local projects where they would use that framework, that new framework we've developed, and then use that Project Management Governance Board to see those projects through.
Mr. Kayatta: As a CIO managing in the federated environment that you described earlier, I would imagine that a big portion of your job is to put in place policies, cultural change strategies, educational outreach that will help staff recognize that they are part of a broader enterprise. To this end, what are some of the pushbacks that you encounter?
Mr. Pettus: Certainly in terms of some of the things we've talked about, transformational type things that we've talked about, there's always going to be people who don't understand the compelling need to do some of the things that we've talked about; or the strategies create such a change in the way that they're used to working, they perceive them, the changes, to be non-value added. And so some of the common sort of complaints that we'll see is, you know, using, say, this new project management process that we just talked about is too slow. It slows down the project. So this notion of sort of using these processes to add visibility, to add some discipline to IT investments in project executions, slows things down. And so we have to sort of combat that and be -- as an IT community, we have to ensure that the things that we're doing don't slow down the ability of solutions to be created for people.
Another key area of pushback, or if you look at kind of the root cause, in many cases they're battles over control. Who gets to control a particular system or solution? Who gets to control and specify an architecture? And the more important it is, depending upon the domain or the subject or the problem that's being addressed -- the more important it is to the enterprise, the more need to have sort of a larger view of that effort. If you're an individual who has a particular problem that's a piece of a bigger problem and you're just focused on the solution for your sort of finite, very discrete problem, you can kind of not understand the big picture as to why -- although it might optimize locally, it may really sub-optimize at an enterprise level.
And so having those discussions, I found we have very intelligent and brilliant people at NASA, and they educate me every day. But I found that when we have these discussions, that people are logical and rational in general. And as long as you have a solid sort of reason and basis for what you're trying to do, you can make progress.
Mr. Kayatta: NASA's a very unique organization, simultaneously engaging science as well as development. And you've had a lot of experience, the agency has had a lot of experience, in managing a large contractor base. I think you mentioned 40,000 contractors to 17,000 actual federal employees. Some of the agencies out there might not have had as much experience as that. What kind of recommendations can you give to federal managers that need to effectively manage the ever-increasing blended workforce that's becoming more and more apparent?
Mr. Pettus: Well, I would say you have to think about the relationship as being a partnering-type relationship. And I know that sounds very simple and high-minded, but the reality is it's very true. And we do have a lot of experience doing this. And I have found in talking to the other agencies that we may be somewhat unique in terms of the length of time in which we've been sort of contracting out, and in some cases, really outsourcing IT.
And so in our world of IT, it will sound contradictory, but you have to create an environment where that partnering environment is where there's sort of a win-win opportunity for the contractor and the internal government organization -- if everything from day one is drawn up as sort of ensuring that things are scoped so that it's going to be very clear who's at fault and who's to blame if something doesn't work, it's important to be clear about deliverables and roles and responsibilities, but it's also important to establish the execution of the project -- or the endeavor where you're partnering with a contractor -- it's very important to establish an environment and a culture in which the contractor feels part of the team. It's a difficult skill, I think, to move people from an environment where they're actually just doing the work themselves to where they're actually having to coordinate with external partners.
But I found in talking to other organizations outside of government, I mean, this notion of the days where a particular task is done specifically by an organization in-house and there's no partnering or collaboration with other external entities are long gone. There's almost no work left that doesn't require some level of partnering. So I think creating that culture of partnering, that shared sort of win-win type model, but also not losing site of being clear about deliverables and roles and responsibilities.
Mr. Kayatta: We talked earlier about the IT management model and improving security to achieve efficiencies. Could you elaborate a little bit about the security threats and the challenges that face the agency?
Mr. Pettus: Yes. I think the speed at which those threats emerge just increases every day, it seems. And so it's a race. It's sort of an arms race that you have to be in to basically try to stay ahead of all the vulnerabilities that exist. And so what we're doing is, number one, going back to our infrastructure, we want to simplify the complexity of our infrastructure because of some of the stovepipes we've talked about in the past in terms of our model of how we implemented infrastructure created a very complex sort of web of infrastructure with layers of firewalls, which is not necessarily a bad thing, but if those firewalls are implemented in a sort of disconnected way, it could make it very difficult to interoperate. So we want to simplify our infrastructure.
So part of our focus is on our network perimeter, is hardening our network perimeter. If your focus today is just on the network and building sort of that fortress, you're probably going to lose. Because endpoint security is probably as important or more important, because you have to expect that no matter how strong your perimeter is, it will be breached, partly because of this amount of interoperability and interaction we have with the external world that we've already talked about. The reality is we have to be able to share. We have to be able to interact. And by virtue of that, you are creating some risk. And so if you're creating that risk, then you also need to make sure that you're protecting your information assets at the client or endpoint level. So endpoint security is a big deal.
Things like this Data at Rest Initiative that all agencies are pursuing, where we ensure that we're protecting encrypting information stored no mobile computing devices, is important. So simplifying and then having this multi sort of layered, multi-pronged approach to security, and then leveraging the tools that are out there that help you with things like vulnerability scanning, intrusion detection. In some cases, these tools are really becoming integrated, so that there's a platform for security that are available to you. We think those are really important to our IT security program going forward.
Mr. Morales: I would imagine that also the proliferation of types of devices also presents a challenge, right? It used to be just workstations, and workstations become laptops, laptops become PDAs and BlackBerrys and --
Mr. Pettus: Right, just mobility in general, I mean, creates -- because our employees -- it creates the challenge because our employees expect -- in fact, for our discussion today, I was a little early, so I went next door and plugged in and in two minutes, I was online and doing work. And so our employees expect to be able to do that, and you want to provide them with that capability. It's important to the organization. But when you provide that, it also presents some security challenges. So you have to balance the two, and that's one of the toughest jobs I think we have in IT today.
Mr. Morales: Sure, sure. Now, Jonathan, I would imagine that as you continue to transform your organization, you're creating new competitive areas and new competencies. So what key competencies will be needed for IT staff to provide proper IT support in the future? And specifically, what steps are being taken to attract and maintain this high-quality technical and professional workforce that can build on these competencies?
Mr. Pettus: Good question. And it's really important to us and I think to any IT organization to think about what competencies are important in the future, and with our model, where we rely so much on contractors and our partners to help us with certain IT implementation. And we haven't always done a good job of this, but we've really focused on this in the last year, is being clear about the role of the government IT employee. And we focused on competencies like project management, enterprise architecture, relationship management, which is sort of a soft competency, but this goes back to those communication and interaction skills that are needed to communicate with the business so that we can explain IT to the business and also explain the business to IT.
And so that actually gets to this next piece, which is -- I think to have a future in IT, it's really important to have competency in the business that you're in. So we're working with our IT employees on strategies to allow them more access to some of our programs and missions, so they get a better understanding of what the actual business is: again, enterprise architecture, relationship management, project management. We think IT security, given its importance, is still obviously a very important competency to hold within the government role.
The other thing I would say is financial and resource management, having people that understand how to relate from an investment perspective, sort of the spin to the investment, to the actual benefits. So business case development, that sort of thing, are all important competencies that we want to maintain and grow in-house.
Mr. Morales: That's great.
What does the future hold for NASA's information technology efforts? We will ask Jonathan Pettus, chief information officer at NASA, to share with us when the conversation about management continues on The Business of Government Hour.
Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Jonathan Pettus, chief information officer at NASA.
Also joining us in our conversation from IBM is Paul Kayatta.
Jonathan, given the critical role information technology plays in mission and program delivery, would you give us your view on how the role of the CIO has evolved? But more importantly, what are the key characteristics of a successful CIO in the future?
Mr. Pettus: I think the role has obviously evolved and evolving. I think in government, we've struggled in the federal government with the role from the outset in terms of whether it's a policy-oriented role, a delivery-oriented role, so we've had that struggle. I mean, that's somewhat unique to government in terms of my interaction with other CIOs outside of government.
I think the other component, though, in terms of evolution is very similar to what has happened in the private sector, and that is the CIO as being focused on infrastructure, where it's almost as if the "I" should stand for chief "infrastructure" officer instead of "information" officer. Sort of moving -- I see it evolving, and I think many people see it evolving, from sort of a technology focus as so much of the sort of base technology becomes commoditized, moving up the stack, as I said earlier, into process. And I think the CIO has a unique view, a cross-organizational view, that many executives don't have, because you're interacting with all of the business units to help solve problems.
And in doing so, you're getting sort of this unique view, so you can offer some value to the organization in terms of a perspective. But you can't do that if you're focusing all your time on the technology and the infrastructure. You have to kind of let some of that go in terms of allowing your staff, allowing your partners to help you with that. You still have to deliver on that because that's the price of admission to sort of the "seat at the table." But I think that creating the relationships that I think are so important allows you then to perhaps offer up some of those things that you see that could be of value to the organization. So I think the future's in process, it's in the business, and it's less about just nuts-and-bolts technology.
Mr. Kayatta: We talked earlier that with the President's impetus, NASA is in the midst of a very major shift: retiring the shuttle in 2010; replacing it with a new manned flight mission to the moon and then eventually to Mars. How do you envision the IT needs evolving as this major change occurs?
Mr. Pettus: Well, I think the reliance on off-the-shelf solutions, as I said earlier, is already there at NASA, but I think it will continue to grow. We don't have an Apollo-era budget to execute our new mission, and so we're constrained from that perspective. And so we want to look for opportunities to be efficient. That means, in many cases, buy versus make. Things like service-oriented architecture is a very important concept for us as we look at ways to integrate and collaborate across our organization. We acknowledge and understand that we're going to have a heterogeneous environment, and so SOA helps you deal with that. But also, just sort of throwing that term out doesn't get you very far, because I think it demands a level of governance and a level of discipline that only mature organizations have.
And so part of what we've discussed today here in terms of governance and discipline in terms of IT overall is important to really effectively implementing service-oriented architecture. But I think that's an important component in a technology that will be important to not just the Exploration Program, but to all of our future mission at NASA. Plus, just the Web 2.0 technologies themselves in terms of the participatory style of -- capabilities that they provide really help us engage with the public, and draw the public more into some of the problems that we're working on at NASA, and we're looking at technology as a way to make that happen. And I think the Web 2.0 toolsets that are becoming so popular are ways to do that.
Mr. Kayatta: There are a lot of changes that take advantage of it, I think, in industry. Clearly, the issues continue, but the need for standardization and lower costs also continues. So as far as government-wide, this exists also. Given that, can you give us some perspective on what emerging technologies you hold? You mentioned the Web 2.0. What do you think are the most promising ones for the federal IT and CIO?
Mr. Pettus: Well, I think the ones that I mentioned, this whole collaborative style of computing, you hear sort of the way it's characterized by many people as we went through this sort of Industrial Age, then the Information Age, and now we're into the Collaborative Age. And I think it's very true, if you look at -- you know, I have a 14-year-old daughter, and I look at how she interacts with her friends and her comfort with technology, I think that sort of this social style of computing, social networking, using the "social computer" to solve problems, which is this interconnected set of human minds that are interacting, is a really interesting way to solve the kind of problems that NASA works on. The emergence of those kinds of tools is really critical.
Now, for the government, I think what we have to do is understand what it means to adapt to using those tools, both in terms of policy and in terms of organizationally, how do we do that, because we oftentimes can be somewhat resistant and slow to adapt to those kinds of fast-moving changes. I think it's important for us at NASA to do so for many reasons, not the least of which is to be able to adapt the next -- or to attract the next generation of explorers to NASA.
Mr. Morales: Jonathan, I talk with many of our guests about the impending government retirement wave. How are you handling this retirement wave, and what's your organization doing to ensure that you have the right staff with the right skills to meet some of these future challenges?
Mr. Pettus: Well, one is to focus on the core competencies that are really critical to the government employee.
The second is to look for ways to leverage the NASA brand name. Because we still -- you know, we talk to people out there, young people out there, who are interesting, who have an IT background. And they have an opportunity to come to work for NASA, they find that -- you know, many of them find that very compelling. In some ways -- and sometimes we can't compete when it comes to financial incentive with perhaps the private sector for certain types of skills, but we can offset that in many ways by this sort of desire by many people who have that sort of skill set to contribute to the space program and what we do at NASA, so leveraging that brand name in what we do to recruit younger workforce.
And then finally, to make sure that the tools and technologies that we're involved with or that we're investing some segment of our portfolio in progressive tools and technologies, so that the new generation that comes to work for NASA are as interested in coming to work for NASA will see us as an organization that is not slow to adopt those kinds of tools that I think they will see so important to where they want to work.
Mr. Morales: So given your career in public service, what advice might you give a person who's out there considering a career in government or perhaps in IT in government?
Mr. Pettus: Well, I think I would say consider public service, because the ability that you have to influence and to make a difference in a particular field. And for me, it's something I think is very important, that I'm very interested in, which is space exploration. Having a role in a government organization gives you some unique opportunities. I think it also provides you with some ability to gain some experience more quickly in terms of responsibilities that perhaps may not be available to you in some other areas. So I would say don't rule it out.
And then from an IT perspective, I would say that your success will be determined as much by how you communicate and build relationships, articulate a particular need or persuade the need for a particular project or initiative, as it will on your technology prowess.
Mr. Morales: That's great. Good perspective. We've reached the end of our time, Jonathan. I want to thank you for taking time out of your busy schedule to join us here. But more importantly, Paul and I would like to thank you for your dedicated service to our country across the various roles you've held at NASA.
Mr. Pettus: Well, thank you very much. It's been a pleasure to spend some time with you talking about what we're doing with IT at NASA, but more importantly, just to share a few comments and thoughts about what we're doing at NASA with our overall mission. And we certainly would encourage your listeners, if they're interested in learning more about the current projects and programs at NASA, both our mission and IT as well, they can go to our website at www.nasa.gov.
Mr. Morales: Great, thank you.
This has been The Business of Government Hour, featuring a conversation with Jonathan Pettus, chief information officer at NASA.
My co-host has been Paul Kayatta, partner in IBM's General Government Practice.
As you enjoy the rest of your day, please take time to remember the men and women of our armed and civil services abroad who might not be able to hear this morning's show on how we're improving their government, but who deserve our unconditional respect and support.
For The Business of Government Hour, I'm Albert Morales. Thank you for listening.
Announcer: This has been The Business of Government Hour. Be sure to join us every Saturday at 9:00 a.m., and visit us on the web at businessofgovernment.org. There, you can learn more about our programs and get a transcript of today's conversation.
Until next week, it's businessofgovernment.org.