Tuesday, May 16, 2017

An Excursion into Government Legacy IT Systems - X



10.     Risks and Risk Mitigation

10.1     Politics

Risk: GS-21 must be a technical effort guided by an impartial government entity (OAI?). If GS-21 takes on the appearance of a partisan political effort, it will die from distraction. In that regard, any appearance of crony capitalism or congressional or activist interference could kill the effort.
Mitigation: GS-21 will require high cover from the White House to make clear, at every challenge, that this effort is meant to 1) improve working conditions for government workers, 2) improve service to the American public, and 3) save taxpayer money and therefore needs to be allowed to succeed. GS-21 decisions must be based on technical and cross-agency programmatic criteria. Political decisions will be very difficult to defend.

10.2     Internal resistance

Risk: Workers, agencies, and users all dislike change. Resistance to GS-21 can be expected from all directions.
Mitigation: OAI must make users an integral part of the development process.

10.3     Skepticism

Risk: On one hand, there have been failures. On the other hand, some are terrified that, even if OAI succeeds, someone may benefit unfairly.
Mitigation: Impartiality, transparency, and a careful incremental approach are necessary.

10.4     Impatience

Risk: Big projects tend to allocate too little time to Team building, Planning, Socialization, Requirements definition, Architecture definition, and Standards specification. During design
·         too little attention is given to Community feedback, Comment review, and Response,
·         too little time is left for Alpha and Beta test and refinement, and
·         there is a temptation to take on too much at once – too many layers, agencies, or activity domains.
Mitigation: Celebrate successes and plan following steps deliberately.

10.5     Leadership

Risk: GS-21 is an enormous undertaking. Project leaders may be
·         Slow to make vital decisions,
·         Unable to resolve team disagreements,
·         Unable to motivate the team on behalf of program sponsors,
·         Unable to defend the team and the program to program sponsors.
Mitigation: GS-21 will need clear goals and a team-oriented, apolitical, disinterested leader with the courage to take risks, admit mistakes, and credit successes to the team.

10.6     Funding

Risk: Money will be closely watched. Underfunding could choke off vital operations; and overfunding could breed waste and make the effort a target for cancellation.
Mitigation: GS-21 should start with a “bare bones” budget, build the team, and request more funding as needed. Since agencies have a stake in GS-21 success, cost sharing has the potential to significantly reduce funding risk.

10.7     The Roadmap

Risk: The schedule may not be quite right. If it is too ambitious, the team may miss deadlines and look bad. If it is too cautious, the work may slow to meet expectations.
Mitigation: The Roadmap must be a living document, kept current as the effort proceeds.

10.8     Technical setbacks

Risk: Not everything will go as planned. GS-21 represents innovation and new development.
Mitigation: make the ITE Facility a Center of Excellence, open for critical experiments (needed to mitigate technical risk) and for demonstrations on short notice – keep it Great.

10.9     Innovation never works in government

Risk: Even when they spend millions of dollars, DARPA and ONR rarely transition anything. Although this is not entirely fair, those agencies generally rely on others to make transition happen.
Mitigation: Invest in and insist on high-quality system engineering. The innovation must be proscribed “within the layers,” observant of standardized interfaces

10.10     Security, security, security

Risk: the external threat ranges from mischief to crime and espionage; the internal threat represents a violation of trust and presents a related, but separate set of challenges.
Mitigation of external threat: Inconvenience – maximum convenience results in maximum risk – there must be tight, well-protected pathways to data; data must be accessible, but access must be tightly controlled. Defense in depth must include physical protection, partial isolation, and trusted processes and personnel. The ITE Facility must be accessible to critical security experiments, where live data are not exposed. Security measures must themselves be protected (classified). Inconvenience raises costs for all: system developers; authorized users; and unauthorized users.
Mitigation of internal threat: verification of insider trustworthiness can help, but as we have learned from double agents, is not foolproof. Access logs, redundant cross checks, data and access partitions, rotation of admin privileges, and (admin) term limits can help, but the insider threat will continue to be a difficult challenge.
Mitigation of data loss/destruction threat: continual data backup; geographic distribution of data; a transaction paradigm; and elimination of single points of vulnerability.
R&D: investment in detection. ID, pursuit, and prosecution to raise the cost to hackers.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)