Originally Broadcast February 2, 2008
Announcer: Welcome to The Business of Government Hour, a conversation about management with a government executive who is changing the way government does business. The Business of Government Hour is produced by The IBM Center for The Business of Government, which was created in 1998 to encourage discussion and research into new approaches to improving government effectiveness. You can find out more about The Center by visiting us on the web at businessofgovernment.org.
And now, The Business of Government Hour.
Mr. Morales: Good morning. I'm Albert Morales, your host, and managing partner of The IBM Center for The Business of Government.
The quality of our lives, the shape of our communities, and the productivity of our nation's economy rests on the existence of a safe, secure, and efficient transportation system. Today, the U.S. Department of Transportation stands at the forefront in promoting an efficient and interconnected national transportation system.
In doing so, it relies heavily on the use of information technology to both sustain the nation's transportation system and make it safer.
With us this morning to discuss his efforts in this area is our special guest, Dan Mintz, chief information officer at the U.S. Department of Transportation.
Good morning, Dan.
Mr. Mintz: Good morning.
Mr. Morales: Also joining us in our conversation is Pete Boyer, director in IBM's federal civilian industry practice.
Good morning, Pete.
Mr. Boyer: Good morning, Al.
Mr. Morales: Dan, I always like to start by providing our listeners some context about the organization; in this case, the Department of Transportation. Can you just take a minute to give us an overview of DOT's history and its mission today?
Mr. Mintz: Glad to do so. The idea for the Department of Transportation began in the mid '60s, when under President Johnson, the thought was that there was a need to have a focused department dealing with these transportation concerns. It was proposed in 1965; passed in 1966. The first official day of operation was, of all dates, April 1, 1967.
It was taken a large part initially from the Department of Commerce. And in fact the Under Secretary of Commerce for Transportation became the first Secretary of Transportation. The strategic goals for the Department -- currently there are five of them. One is safety, making all the modes of transportation safe. The second is the reduction of congestion. The third is global connectivity, understanding that transportation goes across the world. The fourth relates to environmental stewardship; that is making sure we protect the environment. And the fifth regards security, both of the passengers and commerce, and the information associated with them.
The current focus, in particular, that the current Secretary, Secretary Peters, and our Deputy Secretary Barrett have relates to congestion, safety, and making sure that we use 21st century solutions associated with them.
Mr. Morales: That's great. Now, to provide our listeners a sense of scale, can you more specifically describe how DOT is organized, give us a sense of the size of the budget, number of full-time employees?
Mr. Mintz: We have approximately 56,000 employees, a budget of almost $67 billion. We are broken into organizational units which are called operating administrations or modes, and I believe we will use that terminology during this discussion. That stands for the modalities of transportation we use. There's a significant number of employees, in terms of location, in the Washington area, both the departmental headquarters is here, a block and a half from the new baseball stadium that will be opening later this year. And also the FAA headquarters are a couple of blocks away from that. We have offices all around the country, including, of course, with the Federal Aviation Administration at all the airports around the country.
Mr. Boyer: Dan, now that you've provided us with a sense of the larger organization, perhaps you could tell us more about your area and role within the Department. Specifically, what are your responsibilities and duties as the chief information officer? And could you tell us about the areas under your purview, how you organize the size of your staff and budget?
Mr. Mintz: First, I'm the departmental chief information officer. So each of the modes within the Department also have a chief information officer that have responsibility for optimizing the investment and managing it within the mode.
I have sort of two broad areas; the first is policy-related. That is the creation and management associated with policy across the Department. That has three pieces to it. One is information assurance, or security, and that would include privacy issues. The second, I call business partnership. That would include things like our enterprise architecture, which is a way of describing how we do the business architecture at the Department, and the second part being capital planning, that is how we manage our investments.
And the third piece, which is a piece we've really stood up this year, is focused on project management, so that we have coherence in terms of how we implement processes, make them repeatable across the Department. The term that's used a lot these days is called earned value management, a way of tracking whether the project is being performed in a way that the earned value that we expect to achieve is achieved with the right amount of investment over the right amount of time.
The other part of my responsibility, it relates to operations, or we call it shared services. That is shared amongst all the operating administrations. And that's another group.
We have approximately 250 staff people that are part of my office. Most of them are actually contractors, and a lot of them are associated with our shared services operation. We interface to the IT staff in each of the operating administrations.
We have -- from my staff, approximately a $12 million budget that supports the policy creation, about $65 million that is associated with the operational activity. The entire Department spends about $2.4 billion a year on IT. So relating to that dollar amount, we have policy impact, but the implementation is done by the CIOs at the operating administrations, and in some cases, by the business leaders within the administrations.
Mr. Boyer: Great. Now, regarding your responsibilities and duties, what are the top three challenges you face in your position, and how do you address these challenges?
Mr. Mintz: It's interesting you ask that, because almost from the first day I started at the Department, I would put out a one-page list with a list of bullet points with my top priorities. And typically they've had about six, and this year even though my office still has those six, I've limited it down to three, coincidentally. I will tell you last year, we may talk about this a little later, probably the most distracting responsibility I had was moving to our new headquarters building, and I think we'll touch on that.
So I have three priorities. The first priority is relating to security, that is information assurance. The goal there is to come up with a sufficiently robust approach in implementation that we can protect the information and the applications that we're running. And that's across the entire Department. We've done a number of things there; for example, one of the things we did was we have what's called a cyber oversight function -- the ability to look into the computer systems and decide whether or not there's -- some bad guy has gotten in, or something is going wrong. And that's called the cyber cert operation.
We used to have two of them: one of them at the FAA, one of them at the departmental level, which didn't make a lot of sense really. We merged them together and we created a joint oversight board consisting of senior leadership again from the FAA, and then representing the rest of the Department, to manage it, which is working really well. We just started this October 1st of this fiscal year, and that's a big plus.
Second, we are trying to move the organization from being purely tactical, that is responding to day-to-day activities, and looking more at strategy and context. And that's a very difficult problem that we face. The third is -- and this is one of the focuses that are going on right now -- is we are trying to re-look our whole approach to how we physically deal with the network. It's sort of grown over time, we want to bring a more -- a better approach to how we place systems, how we protect them, create different zones of security, so that there might be some that have a very high protection level, some that have a less protection level. This deals with risk investment. We don't have infinite money, so we have to be very careful about where we put our resources. So we have to decide what we have to highly protect as opposed to that we want to do somewhat, but it's open, perhaps more open to the internet or the public.
My second priority is a governance priority. It's a challenge in terms of making group decisions. The problem there is that everybody has a day job, and it's hard doing that job. So to say that we want everyone to stop for a moment, get together, put together a group plan, which takes time, because there will ultimately be a reward to that by being more efficient, better security, more optimal behavior, it's hard to not take the step and wait. So we've done a lot of work in terms of enhancing our governance
We revised our chief information council to add a representative to help run it from the operating administration so that we had more buy-in from them. We've revamped our investment review board and done a lot of activities to make that robust. And the third priority, unfortunately, is our day job. The reality is that every day, something happens that we have to deal with, that we have to get done. And the balance we always have to do is balancing out the tactical demands of getting through the day with these more strategic long-term goals.
Mr. Morales: Dan, I understand that you came to the Department directly from the private sector. Could you tell us a little bit about your career path and how you got started?
Mr. Mintz: I stumbled onto computers while I was in high school, and I was sponsored by Vitro Corporation, and they allowed each of us to do something technical. And I didn't know what I was asking, but I asked them, could I have some time to learn to program on their IBM 704 computer in FORTRAN II.
Mr. Morales: Wow.
Mr. Mintz: And I wrote a program to bid bridge. My career I guess I divide into sort of three pieces, though I've noticed the third piece has gotten longer. The first piece, I was very technical, I did a lot of programming work and systems analysis, worked on operating systems. The second part, I moved into management, system analysis, RAM projects and things like that. And the third, I expanded my activities, got involved with marketing and project -- how do you sell both internally and externally; how do you deal with the management issues in technology. And really the focus at that point became much more involved with the business issues; that is, how you could use technology relating to business. And I will say that through all that activity, I was lucky enough in terms of this job to be supporting federal business often during that in my entire career. So that's made it a little bit easier.
Mr. Morales: So Dan, from this vast wealth of experiences, what lessons have you learned and have brought to the culture at Transportation, say, from your private sector experiences?
Mr. Mintz: Two things. First of all, I want to say that the general rules associated with management are not so different between private and public sector. The things I learned from the people I respect in the private sector were to respect individuals and to treat them well and to give them the ability to be successful. And I think that's very important, to be transparent in terms of how you act, to try and do a good job in terms of defining goals. And I think that works in both areas.
The challenge you have I think in government, which I've tried to bring some of what the lessons are -- is that the government has a very complex set of stakeholders. In private industry, you have a relatively simple existence -- you have to make a profit. But in the government, you have many masters, and you have to satisfy them all at once. And often, they have contradictory demands on you.
What happens because of that is there tends to be a focus on process, which stays the same, as opposed to goal, because not only is it difficult to define what is the precise goal of the government program, but in addition, the goals change, so that people will make a big investment and then two years later, the goals have been moved.
So it tends to make it harder to get people to focus on the goals. But at the same time, that's very important. So the things I've tried to do is to make sure we understand that at the end of the day, we have to realize we are trying to accomplish certain things. So you have to define them. The second is, we have to be transparent in what we are doing, sharing of information, good or bad. And the third is to make sure people have some kind of ownership that they feel comfortable enough that they'll take responsibility for their work.
Mr. Morales: That's great.
What about Transportation's IT strategy? We will ask Dan Mintz, chief information officer at the U.S. Department of Transportation, to share with us when the conversation about management continues on The Business of Government Hour.
Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Dan Mintz, chief information officer at the U.S. Department of Transportation.
Also joining us in our conversation from IBM is Pete Boyer.
Dan, can you tell us a little bit more about the IT strategy at the Department? Specifically, could you elaborate on the efforts to align information technology to support the departmental and modal business goals and strategic priorities?
Mr. Mintz: I'd be glad to, and I want to start by saying you have to look at why this is a problem. People tend to jump into answering it, they don't think through why does it happen, and there is a number of complications with it. The first is, one of the issues -- and it's certainly true at the Department, but it's true, I think, in a lot of the civilian agencies -- is that to some extent there are conglomerates of responsibilities. So you have to think through what are in fact the broad strategic goals.
One of the things that's been very good for us in terms of Secretary Peters is she's defined a relatively small number of strategic goals that we can focus on. If you don't do that, there may not be an obvious theme that you can talk about in terms of the goals. There's often disagreement about that.
The second problem that you face is that there's a tendency to be outward-focused related to that. We get a lot of demands put on us in terms of initiatives and requirements. And so what happens is the focus tends to get to satisfy that demand, as opposed to looking inward -- that is, how does that requirement allow us to do our job better. And so you have to change the focus to also look inward a lot more.
And the final piece problem is that a lot of times you have to build up to accomplish these goals. So what happens is you may have to do what I call a two-step process, make a series of investments that may or may not have obvious reward in order to achieve the strategic goal. This is a problem, by the way, that's in the private sector also. People want the immediate return.
Mr. Morales: Immediate satisfaction.
Mr. Mintz: Immediate satisfaction, and what happens is with the two-step processes, you have to make an investment, and then the second step is to get the satisfaction. It's very difficult to get that investment to allow you to do that. Having said all that, I'm trying to get to what I call an 80-20 goal. That is that 80 percent of the time we're doing the right thing collegially, and only 20 percent of the time is because we have to impose some kind of structure as opposed to the reverse, because at the end of the day, if the staff don't take ownership of what the goals are, they're not going to do it. You can't impose it completely from on top. I'm trying to get to that collegial activity.
One of the ways we did that is we added a modal CIO to take over ownership of the CIO Council, working with me on that to get more buy-in from the staff across the Department. The second is, there's always a tension when you have a single agency that's an enormous part of the Department; the FAA is approximately 80 percent of the IT spend of the Department.
So what I've done, and what the FAA CIO and we have done working together is that we focused on the value-add proposition. That is, rather than fighting over whose territory is what territory and who has control over what budget, we've identified those areas which would be of mutual benefit to the entire Department, and help the individual agencies, including the Federal Aviation Administration, and those are the things that we work on.
The final thing is, one of the recent initiatives that OMB has wanted us to focus on relates to performance measurements, and the performance measurements initiative. I'm not sure that the CIO community and people in general realize how important that is in the long term, because that's a mechanism really for the first time if done correctly -- to start tying a lot of these activities into strategic goals, because this is -- now you have the opportunity to do that, because you can see how making these investments can eventually have an impact on results.
Mr. Morales: Right, the cause and effect.
Mr. Mintz: Yes.
Mr. Morales: Now, not to get too controversial here, but it's been my experience that information technology is an area that's sometimes noted for its turf battles and proprietary views. Could you elaborate on your efforts to foster a more enterprise view that enhances the overall IT governance at the Department?
Mr. Mintz: I've mentioned a couple of the activities already. That is -- again, the goal you have to get to is how you can get the staff in general to buy in to working together. Steve Kelman, who is now a professor at Harvard, wrote a book about how to effectuate change in large organizations, focused on particularly the government. And what you find is that you will have a number of change agents that actually want to accomplish the goal that you just articulated. You'll have a small group of people who will be interested in these turf battles. And then you have a large number of people who really just want to do their job and swing back and forth.
One of the goals you have to do is identify those change agents, and then figure out how to empower them and then grow that desire, because I think you'll find that people do want to accomplish good things. The other challenge -- and this is still a work in process -- is how you set up a governance organization and process that allows the touch point for this decision process to happen at the beginning, because typically what happens is we tend to put it at the end, yes, no; that's far too late. You have to set it up so that as these individual people start doing their planning on their projects, how do you set it up so it's at that point or close to that point that you start having the dialogue to see how there's value add that will actually make them successful too. We're not there yet, but that in fact is one of the top goals I have, as I mentioned earlier, for the rest of this calendar year.
Mr. Boyer: Dan, we understand your Department's information technology capital investment portfolio is in the hundreds of millions of dollars. Would you elaborate on how you have strengthened the Department's IT capital investment process to assure that investment decisions are mission-aligned and cost-justified, and what role does your DOT CIO Council, which you mentioned earlier, play in establishing a robust results-oriented investment review process?
Mr. Mintz: Actually, the total IT investment is in the billions of dollars every year. It's really a major component of the Departmental work. The CIO Council is critical; most of the alignment to the individual mission is done at the operating administration, the modal level. So one of the focuses we've had over the last year and a half has been how do we make sure that that process is sufficiently robust and moving in a more robust direction. That is that they are integrated with the business owners within the operating administrations supporting the mission correctly. And in fact, we've made a lot of progress in that area.
The second step relates to then, now that we have that working, how do we bring it together so that when there are commonalities, that they can be dealt with in a more efficient fashion. And we're just -- we're really don't -- we do it but we don't do it as well as I would like right now. And that will be a focus going forward this year.
Mr. Boyer: Now, the E-Government Initiative is a critical component of the President's Management Agenda, which seeks to improve and expand services to citizens, businesses, and agencies alike. Would you tell us about your Department's efforts in this area, and what are some of the challenges faced and what remains to be done?
Mr. Mintz: First, I want to emphasize, I'm a very strong supporter of the e-government programs within the federal government. I suspect it's not been a very easy road over the period of years. I know over the year and a half that I've seen it that it's been often difficult -- the kinds of turf battles that you've referenced and things like that have been a problem. We are a center of excellence in the financial area, so we have experience both in terms of being a participant and a provider.
The challenges that you have are fundamentally cultural. One problem it seems in this city, in Washington these days, being reasonable seems to be perceived as a weakness. So that the problem you have sometimes is you have to be somewhat dictatorial to cause things, which as I've indicated a number of times I think is not the most efficient way of doing it, but sometimes is necessary, unfortunately.
The second problem you have is people have that darned day-job, and therefore, doing e-government means they have to now be involved in a planning process, working with other agencies, how to work together. It means you add that second step, you make what seemed to be a one-step process into a two-step process. Even though the result might be better, people don't enjoy having to take that second step.
The other thing is that there's a lot of learning that had to go on. We are asking people to work together, but the other thing we're asking is we're asking government agencies to be service centers, and it takes a while for people to learn how to do that. I think there were some growing pains, but right now, I think it's working much, much better. The other thing is it's countercultural -- my experience with all organizations, but perhaps -- it's certainly true in the government, too, people have a sense that the bigger their budget, the more span of control they have, the more powerful they are, which in fact is often not the case, but this means giving that up for a greater gain. And that's hard for people to get used to. It makes them question what's the value that they then bring.
The other issue that we've had to wrestle with -- in fact, OMB has been sensitive to this, and we've had some conversations about it -- is you have what I'll call a horizontal versus a vertical problem. We're creating what I would call vertical integration. We take all of the issues regarding rulemaking, for example, which is something the Department of Transportation just finished up its transition with. And we make it into a vertical application. At the same time, we've integrated some of these applications horizontally within the Department itself, so we have to make two adjustments.
First, moving it to another -- to the center of excellence, but second, figuring out how do we then make sure that this horizontal integration within the Department is still optimized. And we're still learning how to do that together, and I think you're going to see the second wave of e-government will start being more sensitive to that goal.
Mr. Boyer: Now, from a technology perspective, can you tell us about the federal government's migration to Internet Protocol version 6, or IPv6?
Mr. Mintz: Yes. Tim Schmidt, who is my chief technology officer for the Department, has been the co-chair of the IPv6 activity, and has been a leading thinker related to it, which has helped the Department a lot.
For those people who are not familiar with the issue, everything on the internet has an address, just like you have an address for a letter you send in the post office. The internet has grown so much that we're literally running out of addresses, which is an amazing thing. There was a commercial I saw one time where the person got to the end of the internet and then he didn't know what to do. Well, unfortunately, amazingly, we are in danger of getting to the end of the internet.
So what this does is, in the same way the number of digits in your address at home, if you make it longer, it gives you more flexibility, we're going to increase the size of the address dramatically in the internet address. So one of the things it's going to do is allow us more addresses, and that's important just to survive in the internet.
It turns out in the transportation sector, that's a very important thing also for our stakeholders, because what's happening on the internet is we're moving away from just person-to-person connectivity, but person-to-thing and thing-to-thing connectivity. You know, when you have a GPS locator in your car or even a cell phone, you have internet connectivity, and you may have, you know, your car now someday talk to something in your house. So you now have to do thing-to-thing addresses -- or you may want to manage the car. GM announced that they are going to come out with a car that can drive itself in some number of years.
So you need all that additional connectivity to allow all those things to address other things. You have some other peripheral benefit related to it. It turns out that by having this longer address, you can build in additional security, you can also build in some optimizations so that the transport of information across the internet becomes more efficient.
Mr. Morales: Now, along similar lines, new social networking ideas and technologies are redefining the relationships of citizens with their government, both at the federal level and certainly at a local level. So to that end, what is the private virtual world, and what are some of the potential business applications that you're identifying?
Mr. Mintz: There's a joke that Don Tapscott, who was one of the co-authors of a book called Wikinomics says if you want somebody to understand these concepts, ask them if they remember when a man first stepped on the moon. If they answer yes, disqualify them. So the private virtual world, anyone under 35 knows exactly what you'll be talking about with a private virtual world, because they have an avatar, which is a representation of a person, they've played some game online where they were a person, or they were in a second life, or they've done one of these things already. People who haven't used it, it's almost like trying to explain the color green to somebody who is colorblind. You have to try it to understand the power.
Psychologists have studied the brain response, and it turns out the human brain relates to the human interaction in these virtual worlds in a way very similar to human interaction in the real physical world, which may not be such a good thing, but it's true. We in fact have created what I call dotworld, though people are trying to get me to change the name, a very small virtual world. We're almost finished with it, it will just be a couple of classrooms and an auditorium internally. And we're going to use it for training for employee -- as an experiment initially, a pilot. We're going to use it for employee orientation, training in general.
One of the things that other people are using these kinds of things for is for emergency situations and emergency simulation. When you do these very large exercises in simulating a potential emergency, the reality is you can't invest in making all the alternatives happen, you can't do that in the real world. Generally, these are set up to be successful, but in fact, emergency training is supposed to teach you how to deal with the situation you don't expect. The question that really is being asked is what do you do when you don't know what to do.
In a virtual world, you can simulate anything, and therefore, you can do with much less investment, do much better or more complex, or more varied kinds of training. So that's something eventually you want to tag on to when that becomes more robust.
The challenges to the government is that the -- and this is a problem with the internet and what we call Government 2.0, which is becoming a focus of OMB and the Federal CIO Council, is that it's unpredictable and to some extent uncontrollable. And in fact, that's why you do it, because you're coming up with unpredictably interesting responses and ideas. That's a problem with government, because we have policy requirements, we have privacy requirements that are very serious and very important to us. They do not go away, so when you combine an unpredictable environment with the policy requirements, it's a little bit difficult to figure out how to deal with it.
Mr. Morales: Interesting.
What about Transportation's cyber security efforts? We will ask Dan Mintz, chief information officer at the U.S. Department of Transportation, to share with us when the conversation about management continues on The Business of Government Hour.
Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Dan Mintz, chief information officer at the U.S. Department of Transportation.
Also joining us in our conversation from IBM is Pete Boyer.
Dan, given the composition of the Department which you described earlier, and the various modal agencies, there must be many opportunities to employ shared services, which you also talked about. Could you elaborate on how the Department approaches the use of shared services, but more specifically, how you identify Department-wide IT activities that would benefit from this type of centrally-managed approach?
Mr. Mintz: First, it might make sense to talk a little bit about what my goals currently are related to shared services, because I suspect I may take a slightly different prioritization in terms of the goals than a lot of people that I have talked to do. We have a fairly active shared services organization at the Department right now.
The reason I think we want to do shared services in general is -- there are three. The first is, by having some consistency in terms of how we approach the IT infrastructure activities, we are able to have a more robust security architecture. So one of the issues we have -- and I think government in particular has a great responsibility for -- is making sure that we have sufficient levels of security that people deal with us are confident that their information is being protected appropriately.
The second is, we have to optimize the human resources at the Department. The reality is, for all the talk about budget issues, the biggest scarcity we have is talent. There is retirement issues associated with that. We are going to lose a lot of the institutional memory. So the question is, how do we optimize the human resources?
When they're focused on things that we can centralize and manage that are -- activities that are not directly related to the mission -- for example, video conferencing, do we need video conferencing worried about by staff and every one of our operating administrations, or would it make sense to centralize that activity and have them focus on how that operating administration can do a better job of supporting the American citizen and their stakeholders? It makes sense to me to optimize people.
The third area is, if we do it right, we can have better service level agreements; that is, we can do a more professional job, and if we work hard at it, we can save money. People tend to emphasize that last piece the most. But it's actually not the most important value we bring. We obviously can't spend more money, that's not what we are optimizing. We are optimizing the human resource, which is the precious resource within the organization.
Right now we're doing desktop and network infrastructure at the Department. We have combined information assurance, that is cyber oversight with the FAA - we do e-government initiatives, if you really think about it, are shared services activities. We also have a number of initial projects, one related to document management, and the other is, we're doing a study with the FAA in terms of how we can bring in more coherent approach to data centers in general. We have a lot of different data centers run by a lot of different parts of the Department, and so we're working on how we can best consolidate the management and deal with it more intelligently.
The issue you ask is how do we identify Department-wide IT activities that benefit from central management. In fact, it's a discussion I'm trying to change, because that historically has been the approach -- that is, what is it now we can centrally manage? And in fact, when you start with that approach, there's 1,000 reasons why you don't want to. I think the approach has to be different. And this is the hard part. We have to start with the approach that what shouldn't be centrally managed. We should start with the assumption that anything that is not completely tied directly to the mission should be centrally managed.
So therefore, we're trying to change the dialogue -- this is what's going on right now -- let's start by assuming everything should be done centrally. And by the way, centrally doesn't necessarily mean by my shop. We could centralize it in a center of excellence within the Department. We could centralize it at our Federal Highway's operating administration, or the FAA, or wherever. I mean, it doesn't all have to be with me, but we want to centralize it for the Department.
So let's start with the assumption everything should be centralized, then look at those things that we have to break out. And we're going to try and change that dialogue, we're having a lot of discussions right now as to how can we take that concept which everyone has begun to believe in, but then how do we take that and make that a practical process.
Mr. Morales: Interesting approach.
Dan, I want to go back to something that you mentioned earlier in our first segment, which was the move to the new headquarters building. And I think I saw you twitch in your seat when you mentioned that. Could you tell us a little bit more about this effort and how it affected your IT operations, but more importantly, what were the benefits of the move and some of the lessons learned?
Mr. Mintz: So let me take care of that in those three parts. The first is to just give a sense of the sizing, we moved something over 5,600 desktops and phone systems, and we had to move the individual desktops desk-to-desk. Everyone kept their same extension, both in the old building and the new building. We moved over 40,000 data connections. At the very same time we were doing that, there were something over 700 application servers that were scattered around the old headquarters building. We moved them all for the first time to a central data center out in Frederick, Maryland.
So we were doing that, and at the very same time, we were decommissioning the building under the lease terms, the headquarters building, which had been occupied for over 30 years, had to be restored in a state approximately that at the beginning of the lease. All being done at the same time, while we are moving a Cabinet-level Secretary that had to have constant communications working all the time. It was an impressive process. We reflect on it, and we're not quite sure how we got from there to here.
The IT space, the second part of your question, we in effect created a parallel organization, because it required so much focus that we needed a group of people that really were paying attention to that. Unfortunately, because we always have limited resources, a lot of the people underneath the management structure were the same people. And so we did have two separate focuses, but we actually -- unfortunately, people had to go back and forth between the two. So for a while, we actually were running two different infrastructures; one at the old headquarters building, and one at the new headquarters building, both at the same time. It is a compliment to all the people involved and to the employees of the Department that we got through it, because it made everything much more complicated. And people were very, very patient. I think the reasons why are the lessons learned; we tried very hard to be transparent in whatever we did. We tried to treat the management and the staff with the respect I talked about at the beginning of this discussion. They deserve to know the good news and the bad news.
And as long, in my opinion, as we kept them informed as to what was going on, they worked with us to make sure it happened. And we treated them all with respect in that way, that we knew they'd be trying their best.
The other thing in addition to transparency -- and if I had one lesson to learn, it's the transparency part -- as part of our IT effort, a very detailed project plan mapped out. There's always unknown activities and surprises that occur, but if you don't have the vast majority planned, then everything is a surprise. The other thing is, when you are communicating the information by having a plan, you allow people to understand where they fit in, and they appreciated that.
It actually had some side benefits in terms of the move. We were in the process of doing a lot of this consolidation that ended up with the shared services organization, a lot of that actually was enhanced. I don't know if we would have -- been as easy to get all those service in one building except that we had to move. The other thing is it created a lot of teamwork between the IT group and the staff with -- across the Department. This whole effort made -- it showed that people could work together and do it successfully. And having evidence on the ground is always better than having a philosophic discussion about some gold at the end of a rainbow when no one yet can see either the rainbow or the gold. And proving that it was possible to be successful made the Department stronger.
Mr. Boyer: Dan, I understand at one point your Department had issued a moratorium on upgrading desktops and laptops with the most recent operating system. Would you elaborate on your rationale for pursuing such a course of action, and what is your current plan in this area?
Mr. Mintz: One of the things that surprised me was, doing something that made sense, such basic sense, which was, come up with a plan before you do something, caused such a reaction. So the answer is, and I want to emphasize, this had no reflection on the software at all.
My issue was we have tens of thousands of employees, we're spending a couple of billion dollars on IT a year, we have mission critical systems all over the place, my feeling was we should not take a step until we put together a plan. So what I said was we should take a breath, let's hold up right now, everything is working okay. There are features that we want to look at that would be of value to us. Until we come up with a transition strategy, I don't want us to move, and I certainly want us to move coherently as a Department, and that takes time.
The building move got a little bit in the way of putting together the transition plan. So we are still working on that. My expectation right now is sometime in calendar 2008, we will put together a plan that will deal with the issues of what we want to do with the operating system and what we want to with the versions of office. We'll pass it through our CIO Council and then we'll do that. So we have not yet made a decision, we are still exactly where we were when that came out.
Mr. Boyer: Previously, you had mentioned the importance of security and information assurance as one of the key goals in your department. Now, technology has clearly enhanced the ability to share information, but it has also made organizations more vulnerable to unlawful and destructive penetration. Could you describe your efforts around encryption of data, and specifically your strategy to strengthen the protection of personally identifiable information?
Mr. Mintz: Yes. First of all -- and I'll get to the encryption. We have to understand that most of these issues are fundamentally cultural. There was a study done where people called up an organization -- and I don't remember right now whether it was private or public. But they called up an organization. And it was people in the IT shop, and the phone call was hello, I'm from the help desk. We are resetting your password and -- I mean, this is true. That we are resetting your password, and we need your ID and password just to confirm it so we can do the reset correctly. Fifty percent of the people gave it.
The point of that being, I don't care what technology you put in place or what protections you put in place or how you do identity management, that is, identifying who is signing on or accessing the system. When somebody does that, they're let into the system and they can do anything they want. So the problems are fundamentally cultural.
With encryption, one of the things -- when I looked at some of the problems that have happened across the government, there were at least two or three things that came about that occurred to me when I looked at the lessons learned. So one was just a technology issue, that is encrypt the data. So certainly, everything in particular that's mobile is encrypted now at the Department, it has been for some time. We were very aggressive in following the mandate that was given to us by OMB. I thought was it was a good one, and we do that now.
Second, one of the problems was communications. A lot of times, people are afraid to bring bad news, and one of the comments is when you punish the messenger, you end up having no messages. So we've tried to create a culture where we can deal with bad news and not -- and deal with the news, as opposed to who brought it to us. In some cases, it took weeks or months before the bad information made its way up the management chain.
I have a policy that I inform senior management at the Department essentially at the same time we report any incident into the Department of Homeland Security, what's called US-CERT, where we report incidents. I have a commitment that I report it to them very shortly thereafter whether I have perfect information or not, so they were alerted to that. And that's -- luckily I work for a group of people that are able to handle that kind of interaction.
The third thing is an auditing activity. Typically, we put these policies out and we create what I call policy on a shelf. And what I mean by that is we create these huge three-ring notebooks or the functional equivalent of three-ring notebooks on the web, and no one knows which ones to follow, and we don't check to see if they are actually in place. So one of the things we're doing is we are doing a lot more aggressive job of going back and auditing each of the policies to make sure they're effective.
We do a lot of training programs associated with this topic, we have a week-long security conference which has existed really for many years at the Department. FAA does a security conference. We've done a lot more online training trying to make that more robust.
Mr. Morales: So Dan, along similar lines, there's obviously a rise in telecommuting and working from home, and many government employees are accessing IT infrastructure via non-government PCs, which increases the potential for system vulnerabilities. Now, my understanding is that peer-to-peer software applications resting on home PCs is one of the major reasons that increases the security risk.
First of all, can you tell us a little about what is the peer-to-peer software, and what are some of the challenges and benefits represented by these applications, and how you are dealing with them?
Mr. Mintz: Peer-to-peer software is software that allows multiple computers to access each other's disk drives as if the disk drives were all connected to the computer doing the access. And like a network, peer-to-peer -- because each computer is a peer of the other -- a lot of it's used for copying music and things like that, which are other activities that you really don't want to encourage.
We've taken a number of steps to try and deal with it. First of all, we have a policy that says you can't keep personally identifiable information or sensitive information on non-government computers anywhere. Second, the software we use that accesses our own systems prevents data from being downloaded on their home computer, though a user who wants to can obviously go around that requirement by just copying and taking it.
We are doing education processes to discourage people from doing that kind of activity associated with peer-to-peer work. We discourage people, frankly, from using that kind of home use peer-to-peer software. In addition, we scan for that software on our own networks to make sure that it doesn't exist on the Department's.
packages that merely do peer-to-peer work are not good applications in general for us to use. The security dangers are much too great related to that.
Mr. Morales: So your main line of defense here is really the education of the employees and making them aware of the dangers and the policies.
Mr. Mintz: Yeah, that, and the final thing is, we also have started changing the policies of the Department for those people who are doing a lot of telework, we are encouraging their primary computer to be a laptop, a government-provided laptop. So while we can't afford typically two computers, we can afford the one, and so more and more of the time, the primary computer's becoming a laptop.
Mr. Morales: What does the future hold for the U.S. Department of Transportation?
We will ask Dan Mintz, chief information officer, to share with us when the conversation about management continues on The Business of Government Hour.
Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with Dan Mintz, chief information officer at the U.S. Department of Transportation.
Also joining us in our conversation is Pete Boyer from IBM.
Dan, given the critical role IT plays in mission and program delivery, could you give us your view on how the role of the CIO has evolved, and what are some of the key characteristics of a successful CIO going into the future?
Mr. Mintz: I see the CIO function breaking into two directions. One direction will be those CIOs that will focus on technical issues and potentially operational issues. And the second will be those CIOs that will focus more on strategic and policy issues, and I think over time that actually may separate out.
The characteristics of the CIO, therefore, will depend on which person, which role they have. The latter role, which I think is the more interesting -- I think people have to have experience with business issues and business background. Technology is a useful piece of knowledge to have, but will not be the primary driver of the CIO function. Their ability to translate between technology and business goals I think will be what they have to bring to the table.
Mr. Boyer: Now, continuing our focus on the future, can you give us a sense of some of the key issues that will affect CIOs government-wide over the next couple of years, and given this perspective, what emerging technologies -- and we've talked about some of them already -- hold the most promise for improving federal IT, and any advice you would give to the next administration in this area.
Mr. Mintz: My opinion is the biggest -- and it's in a sense not an emerging technology, but the technology I think that the CIO function needs to pay the most attention to is the continuing impact of the internet on organizational structure. Historically, the technology challenge has been how to optimize technology, which however difficult, is actually manageable and understandable.
With technology being completely pervasive, the issue now becomes how do you optimize organizations? That's a particularly difficult problem in the government, where making organizational changes is very, very complex.
Mr. Morales: Is this the flat-world issue?
Mr. Mintz: To some extent, yes. What happens is it empowers the people at the top who have much greater visibility into an organization; it empowers the average employee, which is a good thing, particularly for younger employees, because they have access to policy and things like that they otherwise wouldn't have. But the vast number of people in the middle who historically have -- get value by passing information up and down the organization, their self-worth is under attack. So the question becomes how do you make sure that they are able to give a valued contribution to the organization, because they have great talent.
Mr. Boyer: More specifically, Dan, what are some of the major opportunities and challenges your organization at DOT will encounter in the future -- and this is pulling out your crystal ball, but how do you envision your office will evolve over the next five years?
Mr. Mintz: I wouldn't be surprised that the challenges in five years are going to look a lot like the challenges today. The focus right now -- there are three focuses, two of which I've already talked about. One is how do we make sure that we have architecture that supports security needs, particularly when we have all these other emerging technologies and the internet breaking apart the relationships internally and externally.
which is how do we relate operational responsibilities and policy responsibilities, and how will that evolve over time.
Mr. Morales: And then you touched upon this a bit earlier, but you know, the pending retirement wave is a big issue across the government, and certainly within your organization. So more specifically, how are you handling this issue, and how are ensuring that you have the right mix of staff to meet some of the future challenges that you've outlined?
Mr. Mintz: I suspect that one of the issues evolving with retirement, because we are losing some very senior and valuable people -- the solution may be possible if we can figure out how to have more robust relationships from a variety of different external resources, because I'm not sure we can hire fast enough to replace all of them.
I think, however, in many ways the major problem is with the people we still have right now, because the nature of what their job role is just changing dramatically because of this internet impact. We have people who are used to working in a hierarchical relationship and are relatively comfortable with it. We need to move that to being able to deal with a horizontal relationship with partners. It takes different skills.
When you look at the private sector, a lot of the companies who failed at outsourcing failed because they didn't know how to relate two horizontal activities. And they didn't realize it was a core value that they had to develop.
The government will need to figure out how to interface to private partners more, academic institutions, state governments, international organizations, in ways that people may not yet be comfortable with. We also have to be spending, I think, a lot more focus on that human capital issue. And I think we need to spend actually a little bit more on that. And that's what we are doing right now in IT.
Mr. Morales: So it really comes back to your point about different organizational modes, and different ways of managing the business.
Mr. Mintz: Yes, and I think the private industry is moving much faster, and eventually government will be forced to catch up because all of its partners will be doing this.
Mr. Morales: So Dan, given the wide breadth of experiences that you've had in your migration from the private sector over to federal government, I'm curious, what advice might you give a person who's out there considering a career in pubic service?
Mr. Mintz: I'd highly recommend it. I mean, I've had a wonderful challenge. One of the things I say when I speak in different groups is this is honestly the first job I ever had where I love coming to work every day. I've obviously had jobs that I've enjoyed, but I can honestly say every day I've been at the Department, I love coming into the office.
And it's a rare opportunity. There are great people within the government, you have a sense of mission; you're trying to accomplish something that's really helping the citizens and the public, which is a very wonderful thing. It's the best job I've ever had.
Mr. Morales: Dan, that's great advice. Unfortunately, we have reached the end of our time together. I want to thank you for fitting us into your busy schedule today, but more importantly, Pete and I would like to thank you for your dedicated service to our country at your role at the Department of Transportation.
Mr. Mintz: I'd like to thank you for having me here. I love to talk about the Department and my office. For those people who want to know further information about the Department, they should access www.dot.gov.
Mr. Morales: Thanks.
This has been The Business of Government Hour, featuring a conversation with Dan Mintz, chief information officer at the U.S. Department of Transportation. My co-host has been Pete Boyer, director in IBM's federal civilian industry practice.
As you enjoy the rest of your day, please take time to remember the men and women of our armed and civil services abroad who may not be able to hear this morning's show on how we are improving their government, but who deserve our unconditional respect and support.
For The Business of Government Hour, I'm Albert Morales. Thank you for listening. Announcer: This has been The Business of Government Hour. Be sure to join us every Saturday at 9:00 a.m., and visit us on the Web at businessofgovernment.org.
There, you can learn more about our programs and get a transcript of today's conversation.
Until next week, it's businessofgovernment.org.