Month: December 2018

The security book everyone in government must read in 2019

If we’re ever going to get security right, technologists must embrace the need for policy and government leaders must do the same with technology, which is why Bruce Schneier’s Click Here to Kill Everybody: Security and Survival in a Hyper-connected World is the 2019 must-read book for every government leader, elected and administrative.

Specific security prescriptions range from standards and principles to the creation of a new federal agency, a National Cyber Office, that would advise and hold other agencies accountable, but also manage government-wide security efforts, such as the NIST Cybersecurity Framework.

Click Here to Kill Everybody is accessible to anyone who wants to learn about the problems and potential solutions of our increasingly Internet connected world, without feeling overwhelmed by the nuances and technological details that leave most people paralyzed with confusion.

Key excerpts:

“The admittedly clickbait title of this book refers to the still-science-fictional scenarios of a world so interconnected, with computers and networks so deeply embedded in our most important technical infrastructures, that someone could potentially destroy civilization with a few moue clicks. We’re nowhere near that future, and I’m not convinced we’ll ever get there. But the risks are becoming increasingly catastrophic.”

“It’s easy to discount the more extreme scenarios in the chapter as movie-plot threats. Individually, some of them probably are. But collectively, these are classes of threat that have precursors in the past and will become more common in the future. Some of them are happening now, to a varying degree of frequency. And while I certainly have the details wrong, the broad outlines are correct. As with fighting terrorism, our goal isn’t to play whack-a-mole and stop a few particularly salient threats, but to design systems from the start that are less likely to be successfully attacked.”

“All the blame shouldn’t fall on the technology. Engineers already know how to secure some of the problems I’ve mentioned. Hundreds of companies, and even more academic researchers, are woking on new and better security technologies against the emerging threats … And while nothing is a panacea, there really isn’t any limit to engineers’ creativity in coming up with novel solutions to hard problems. … My pessimism stems primarily from the policy challenges. The current state of Internet security is a direct result of business decisions made by corporations and military/espionage decisions made by governments … What we’ve learned from the past few decades is that computer security is more a human problem that a technical problem. What’s important is the law and economics, and the psychology and sociology — and what’s critical is the politics and governance.”

“I’m not optimistic in the near term. As a society, we haven’t even agreed about any of the big ideas. We understand the symptoms of insecurity better than the actual problems, which makes it hard to discuss solutions. We can’t figure out what the policies should be because we don’t know where we want to go. Even worse, we’re not having any of these big conversations. Aside from forcing tech companies to break encryption to satisfy law enforcement, Internet+ security isn’t an issue that most policy makers are concerned about — apart from the occasional strong words. It’s not debated in the media. It’s not a campaign issue in any country I can think of. We don’t even have a commonly agreed-upon vocabulary for talking about these issues.”

Canada adopts open source mandate for government software

Canada flag (Photo: Caroline Ingram)
Canada flag (Photo: Caroline Ingram)

The Government of Canada has issued an information technology directive on business, information, application, technology and security architectures that includes a mandate to prioritize open source software. 

Excerpt:

C.2.3.8 Use Open Standards and Solutions by Default

C.2.3.8.1 Where possible, use open standards and open source software first

C.2.3.8.2 If an open source option is not available or does not meet user needs, favour platform-agnostic COTS over proprietary COTS, avoiding technology dependency, allowing for substitutability and interoperability

C.2.3.8.3 If a custom-built application is the appropriate option, by default any source code written by the government must be released in an open format via Government of Canada websites and services designated by the Treasury Board of Canada Secretariat

C.2.3.8.4 All source code must be released under an appropriate open source software license

C.2.3.8.5 Expose public data to implement Open Data and Open Information initiatives

Read the full directive.

Governmental digital: A framework for scalable, sustainable digital government services

GDS Launch (Photo: Paul Clarke)

GDS Launch (Photo: Paul Clarke)

Anything online is digital and, today, everything is online. To use the term ‘digital government’ in many ways is redundant, because whether it’s streamlining our experience with DMV or responding to natural disasters, all public-facing government services must be prioritized going forward through the lens of digital.

Given its nascency, however, for now we must continue to use the phrase ‘digital government services’ to define both informational and transactional online activities, and provide a framework for public sector success into the future.

The practice and ideal machinations of the digital government services movement has emerged as a primary focus for the civic and government technology community. These discussions coincide with recent political changes, as in California, where there is a desire and need for innovation, accompanied by optimism that tech-savvy leaders such as Governor-elect Gavin Newsom likely will actively expedite digital government agendas.

In order to establish a strategic vision, free from past and individual and organizational context and interests, it’s important for us to develop a holistic framework, but also get specific about what optimal digital government services looks like in the context of larger government organizations, such as countries, states and major metropolitan cities with relatively ample resources. It is in this context to which I prescribe this framework.

Context

Present

Most of the digital government services context we have today is from the histories of three organizations:

Each of these organizations were created under different contexts. While all have impacted the public sector landscape positively and immensely, none are a perfect case study for today’s government leader deploying digital in the context of a clean(ish) slate, especially given the benefit of hindsight.

The UK Government Digital Service was borne from proactive, forward-thinking mandate and given the authority to set standards. 18F’s emergence, too, was more proactive, however, it lacks the authority and mandate UK DGS has, and was set up to deliver much like a commercial services firm does, while also developing long-term standards and resources that benefit all federal government agencies. USDS was set up post-Healthcare.gov, and much of its work was reactive, supporting troubled projects, eventually expanding to provide procurement guidance and recruitment vision and execution. Today, it serves as a model for what other federal agencies are executing and ultimately will be phased out, unless it morphs into a different organization. Both 18F and USDS operate as separate entities under different agencies, which causes redundancies but also confusion around a unified digital government leadership.

Future

Building tomorrow’s digital government services framework will entail leveraging lessons learned from these established organizations, taking the best of each, and also employing successful practices from successful open and agile communities at large. It is in this context that we must build the future of digital government services.

Leadership

Digital government services must unequivocally and adamantly be supported and championed at the highest levels of public service, leaving no doubt to all levels of the bureaucracy that this is an executive priority. This leadership should be aided by an executive position that can effectively advocate for and unblock efforts that run counter to or aim to thwart digital government progress. It can take the form of a senior-level staff member, focused on technology and innovation, or a cabinet-level position with a mandate and authority to facilitate organizational evolution conducive to digital government services success.

Core tenets

Digital government services organizations must adopt core tenets, all of which are relevant to and should be inherent in every government organization, be it federal, state or local.

These include:

  • Open standards
  • Privacy
  • Accessibility
  • Human-centered design

Open standards

Open standards includes an emphasis on open source, open data and interoperability. The UK government has taken leadership on this with its Open Standards principles.

Privacy

Privacy includes 100% encryption or, “HTTPS Everywhere” as the Electronic Frontier Foundation calls it, on all government websites and applications to protect the personal information of the people using them. The federal government has taken a lead on this, but is still not fully compliant.

Accessibility

Accessibility includes making digital services available to “the greatest number of users possible,” as 18F says. Many governments have established accessibility directives, including California with AB-434, but most are failing in actual execution, and no one is providing true leadership on this front.

Human-centered design

Human-centered design focuses on the end user, creating a seamless, simplified and unified digital interface and experience. The federal government has led on this front to some degree with the U.S. Design System and a gradual adoption across agencies.

Organization

The core organizational components of an effective digital government services strategy incorporate a centralized strategic team that facilitates core standards and open communities of practice, including knowledge sharing and support. The digital government services organization also includes empowered digital product owners and procurement officers within the respective agencies.

Key organizational components:

  • Digital government cooperative
  • Digital product owners (with, ideally, digital teams)
  • Digital procurement officers

Digital government cooperative

A digital government cooperative, much like most open organization governing bodies, facilitates standards, community building, recruitment strategies, training and support for its members, which includes the digital product owners, procurement officers and everyone else whose work is reflected in digital form. This organization operates as a stand-alone executive agency or a top-level entity within an agency that serves a general purpose, such as the U.S. General Services Administration or the California Government Operations Agency.

There has traditionally been an inclination to place these types of initiatives within technology or IT departments, however, digital innovation should never fall within a pure technology organization, as their functions are extremely different and often get lost to the immediate and tactical demands of an IT organization.

Digital product owners

In-agency digital government product owners, as the U.S. Digital Services Playbook states, “has the authority and responsibility to assign tasks and work elements; make business, product, and technical decisions; and be accountable for the success or failure of the overall service. This product owner is ultimately responsible for how well the service meets needs of its users, which is how a service should be evaluated.”

The digital product owner also navigates the respective agency context and work in tandem with the digital government cooperative and the community at large to contribute to and adhere to the established standards.

Digital procurement officers

Digital government procurement officers are knowledgeable of modern digital offerings and how to procure these with little bureaucratic hurdles. They are active in facilitating procurement from all stages of procurement, including specifying needs and ensuring vendors are effectively vetted and contracts are structured to address the deliverables.

Practice areas

Practice areas that encompass the general government community — collaborating online and in-person through recurring open space sessions — are essential in helping to contribute to and implement digital government standards and practices.

Key practice areas include:

  • Accessibility
  • Agile/DevOps
  • Human-centered design
  • Open data
  • Open source
  • Procurement
  • Security

Operations

In modern times, the digital workforce can and must effectively collaborate beyond the physical limits of a building housed in specific, centralized locations and must do so leveraging modern technology tools.

Highly effective and productive digital government services teams operate in:

  • Distributed teams
  • Physical hubs
  • Collaborative software

Distributed teams

Distributed teams enable geographic representation across the governing jurisdiction, but also eliminate a single point of physical failure which, particularly in a states like California, should be taken in serious consideration given the potential for natural disaster.

Physical hubs

Physical hubs provide for the at-times needed, in-person team collaboration moments that may not be accomplished in a distributed environment. A perfect example of this includes the Impact Hub. While some advocate for specific locations where design and technical talent may be centralized, such as the Bay Area, this cultivates a culture of geographic elitism which, addressed below, runs counter to inclusive government services practices.

Collaborative tools

Often, we hear that the technology is less important than people or culture, but digital teams must be enabled with bonafide, collaborative technology to effectively deliver on the mission. Examples of these include Google’s G Suite (documents, spreadsheets, calendars, video), Slack (communications) and Zoom (video conferencing), Trello (project management) and GitHub (project management, rapid prototyping, code sharing).

Language

In the past, particularly with USDS and 18F, there have been terms used to describe digital government services efforts that have caused established bureaucrats to feel supremely inferior, as if they are incapable of innovating or even understanding the problem on their own. While this may be the case in some instances, we must approach digital government services innovation with empathetic and inclusive language that sets a positive tone for faster adoption and long-term success.

Just as important as principles, organizational structure and operations, it’s the words used to describe them that will facilitate faster acceptance and adoption. Language can easily unite or divide, and the digital government services community must choose its words carefully.

Terms that must be avoided and retired:

  • SWAT Team
  • Strike force
  • Elite

Terms that should be incorporated and repeated often:

  • Empathetic
  • Inclusive
  • Collaborative
  • Camaraderie
  • Community
  • Open

Digital forward

Only by taking a holistic, principled, organizational, operational and culture-focused approach to change and innovation will public leaders effectively deliver scalable, sustainable digital government services to the people they serve.

Whether it’s DMV or natural disasters, now more than ever, we need public service leaders who will iterate on the present government services narrative and lead, forward and clear-eyed, into our digital future.