Forgot your password?
typodupeerror
Government IT Your Rights Online

Outgoing Federal CIO Warns of 'IT Cartel' In DC 198

Posted by Soulskill
from the interweb-industrial-complex dept.
CWmike writes "In a wide-ranging discussion Friday with President Barack Obama's top science advisors, Federal CIO Vivek Kundra warned of the dangers of open data access and was sharply critical of government IT contracting, telling the committee: '...We almost have an IT cartel within federal IT' made up of very few companies that benefit from government spending 'because they understand the procurement process better than anyone else.' He added: 'It's not because they provide better technology.'"
This discussion has been archived. No new comments can be posted.

Outgoing Federal CIO Warns of 'IT Cartel' In DC

Comments Filter:
  • by Anonymous Coward on Monday July 18, 2011 @01:41PM (#36801648)
    Not any other area of federal contracting. No sir, this is exclusively an IT problem...
    • Exactly. How does it work again?
      1.) Get lowest bid proposal from committee insider.
      2.) Make slightly lower bid to win contract.
      3.) Win contract, and use money from contract to fund committee insider's re-election campaign.
      4.) Rinse, repeat.

      • by rtaylor (70602)

        In (most of) Canada we don't even open the bids until after the closing date. They sit in sealed envelopes.

        Makes #1 impossible.

        I would be surprised if the process wasn't similar in the US.

        • by topham (32406)

          Bahahaha.

          In Manitoba we have a system in place on how to handle bribes ethically.

          not kidding, and it's fucking sad.

          • by JustOK (667959)

            Bahahaha.

            In Manitoba we have a system in place on how to handle bribes ethically.for the right price

            there, fixed that for you.

      • Exactly. How does it work again? 1.) Get lowest bid proposal from committee insider. 2.) Make slightly lower bid to win contract. 3.) Win contract, and use money from contract to fund committee insider's re-election campaign. 4.) Rinse, repeat.

        Close.

        However, item 2 is not a requirement. A lot more goes into deciding who gets the contract than lowest bid (such as how much the contractor donates to the congressman's campaign).

      • by AvitarX (172628)

        You missed the part where you over-run the cost by a factor of 2-3 (thought the slightly higher bid was by a company with integrity that wouldn't of done such).

      • Exactly. How does it work again?
        1.) Get lowest bid proposal from committee insider. .

        The issue is with #1, the “bid proposal”. We are talking about a risk adverse customer that is staffed by lawyers. Bureaucracies are punished when the fail but are not rewarded when they take risks that succeeded. So you get overlong contracts that contain highly technical requirements [from a legal, not technical viewpoint.]. Can you certify that all of your chips are from a approved foundry? That your employees are paid at the prevailing wage? [And it’s not the fact that you are paying t

    • by poetmatt (793785)

      I still don't get it though. What the hell does being good with contracting have to do with open data access? Granted, both are issues, but they don't really seem to go together.

    • Not any other area of federal contracting. No sir, this is exclusively an IT problem...

      Don't put words in his mouth. He didn't say that. It also does not need to be a problem exclusive to one area to be a problem worth commenting on specifically.

    • If federal government is anything like New York state I would agree (I would expect the feds to be even more so)
      While there are rules around to prefer small and minority own businesses, their policies make it impossible for such groups to put their foot in the door. And don't blame just the Republicans or the Democrats they both added to the mess.

      1. Open bidding isn't anything like an open bid. They take the resumes and profiles of companies they want to use and create a bid so only such company can win,

      • by Thing 1 (178996)

        Open bidding isn't anything like an open bid. They take the resumes and profiles of companies they want to use and create a bid so only such company can win, the bid. You will see odd things in the bids like 10 years FORTRAN experience required or 4 Years networking experiences for doing a VB6 to .NET conversion job.

        So, can't we petition (some other branch of) the Government to make use of their pervasive surveillance powers, so that they can root out this wrongdoing? Surely that's one of the reasons that they created this monstrosity in the first place, to secure the State and its resources, right?

    • by steelfood (895457)

      Perhaps not, but IT is certainly a good place to start fixing the problem.

    • by tiedyejeremy (559815) on Monday July 18, 2011 @04:22PM (#36803286) Homepage Journal
      as a defense contractor, I can assure you this is status quo for all government contracting. it has nothing to do with price, quality or delivery, but everything to do with the procurement process.
  • Called the No-Shit-Sherlock Department. This would be a good example of an agency press release.
  • I believe that this aptly describes the problem [despair.com].
    • HSPD-12 badges (Score:4, Informative)

      by oneiros27 (46144) on Monday July 18, 2011 @01:57PM (#36801802) Homepage

      So, the infamous 'HSPD-12 badge', aka, the 'CAC card' ...

      Supposedly they run $200 each. We all got bitched at for it ... have I *ever* used it to slot into a computer? Nope, because our network runs OSes that don't support the CAC functionality, and a lot of the folks on our machines aren't federal employees and remote users, so we'd have to have them run a background check (which we already do), then come in (from out of the country), finger print 'em, wait a month, then have them come back for a badge.

      And then we'd have to issue them CAC readers and force them to use Windows or some OS that can use the CAC readers (MacOS? nope).

      And if you loose the badge? Well, good luck on that one. Took me months to get a replacement. All the while, I couldn't enter any secured rooms, so I had to get issues a 'temporary' key card, and a 'temporary' badge ... which were EXACTLY like what we had before, only not at $200 a pop.

      And the temp badges? They have HUGE text on them for the things that matter -- expiration date (the HSPD12 badges run for 5 years, no matter the length of your contract), affiliation (just says 'Contractor' in tiny type), and has an indication of your security access more than just foreign national / US cltizen / civil servant (I'm guessing because then they'd have to issue new people badges 3-4 times as their various background checks get done).

      So ... more expensive, no new functionality that actually gets used ... and less secure, in that it's possible to enter the facility with an expired badge because the text is so tiny the guards can't read it, and they don't tie badge expiration to your contract, so a person with 1 year on their contract still gets issued a 5 year badge.

      • by h4rr4r (612664)

        I like how these are such a screw up and their name is a homophone for cock in a certain US accent. I can just see a Kennedy proposing these cards in some government meeting.

        • Along the same lines I heard a story form a coworker who use to be in the Marines. When he was in they had 2 radios for the motor pool the PRC-77 and PRC-169 (I think those are the correct number) and PRC would be pronounced prick. Well as with all things new recruits working in the motor pool would be sent to go see the quartermaster (at the base he was at it was a Master Sergeant) to get a new PRC-E8. This usually ended with the ones who sent the new recruit off to get the PRC-E8 in trouble.
      • by chill (34294)

        The CAC readers we are working with also work on Linux and Mac. Every laptop we buy now has a built-in smartcard reader.

        We're putting a lot of effort into making these work right now. The big driver is being able to dump RSA tokens and replace them with the CAC cards. We're counting down the days we can tell EMC/RSA "Fuck you very much" for their bullshit.

  • From the article:

    In particular, Kundra is worried about the "mosaic effect," the unintended consequence of government data sharing, where data sets are combined and layered in ways that can strip away privacy and pose security threats.

    Now granted he probably isn't concerned with the privacy of the individual citizen but that of government officials, but at least it sounds like there are some privacy concerns.

    • if i am not mistaken.

      and he is right.

      when your local news says 'anti-terrorism operation happened today on the freeway, many trucks stopped', you might blow it off.

      when you read a bunch of websites about what a VIPR team is, read its budget, read the congressional criticisms of it, then you starting getting antsy about it.

  • by MikeRT (947531) on Monday July 18, 2011 @01:48PM (#36801698) Homepage

    "My view is we should only have three major data centers across the entire U.S. government," said Kundra.

    Set aside the procurement debate for a moment and let this one quote sink in. Three data centers is not enough to give each of the branches of the military its own dedicated data center for operations. There are five (technically) branches: Army, Navy, Air Force, Marine Corps and Coast Guard. Each one of those should have at least one "major data center" except maybe the Coast Guard.

    Let's face it, Kundra doesn't appear to be any better than the very people he's criticizing.

    • by gurps_npc (621217)
      Most people consider the Marines part of the Navy. Because they are part of them.

      So that would be Army, (Navy +Marines), and Air Force.

      As for the Coast Guard, I think everyone would agree with you that they do not need a major data center.

      • I would figure that the three major data centers for the US Government should be for Legislative, Executive and Judicial branches, and weren't referring to the Military. ;) In this case the Military should be under Executive Branch.

        And, I've often wondered why we don't have a combined military force with divisions for Air, Marine and Land operations. I think it would eliminate a bunch of duplications across the current three branches. I'm sure there is some logical reason why this is completely unworkable,

        • by Talderas (1212466)

          It does exist. It's called the Marines.

          The Marines operate their own aircraft, their own tanks, and use their own ground personnel.

          That's the entire purpose of the marines, to function as an all in one rapid response projected force that can be deployed to a hot zone to secure it while waiting for the army and air force to come in.

          • Yup. Marines rock. Bad Ass to the core. (Corps). Kill the other branches of the military and call it good. You got my vote. Army, Navy and Air Force are for people who can't be Marines!

    • by Amouth (879122) on Monday July 18, 2011 @01:59PM (#36801828)

      explain to me why we need that much overlap? i understand the different roles that each branch fills.. but there is zero reason why each of them can't use the same data center.

      • Are you serious?!? If that one data center is breached/destroyed/offline, the entirety of the US military has been laid bare. The is exactly the kind of situation multi-factor security and redundancy are designed to prevent.

        On a separate, yet related, note, most major government data centers that are acknowledged by the government are owned and operated by the Department of Energy, even if they're used by other agencies (think National Laboratories).

        • by nschubach (922175)

          I assume they wouldn't have just one data center... but they'd consolidate all military data under one collective of centers distributed throughout the nation, buried in non-disclosed locations.

          • by cayenne8 (626475)

            I assume they wouldn't have just one data center... but they'd consolidate all military data under one collective of centers distributed throughout the nation, buried in non-disclosed locations.

            LIkely impossible. Each branch has systems, of systems of systems....many undocumented (no, they don't actually know how they all really interract)...many of them stove pipe systems with maybe special interfaces (and yes, sometimes even these are still sneakernet) to talk to each other. Old OSes and hardware....it i

        • by Amouth (879122)

          If you read the comments before mine the guy was claiming that the CIO's comment of 3 data centers would be insufficient for the 5 branches of military.

          my comment was wondering why the military would be unable to share data centers.

          everyone knows that relying on a single data center would be stupid but then that would be one reason why he is recommending 3..

          again back to the original question rather than "jumping to a conclusion" why exactly could the different branches of the military not share a data cen

      • by MikeRT (947531)

        explain to me why we need that much overlap? i understand the different roles that each branch fills.. but there is zero reason why each of them can't use the same data center.

        Really? You can't think of at least a few good reasons without asking?

        1. How about the kind of disaster you'd have if an adversary, say the PRC, were to get a guided missile destroyer through our naval defenses and put a cruise missile or three right into one of those data centers? Do you really want such "efficiency" that a well-coor

        • by Nimey (114278)

          Why do you assume that only one of those three data centers would host military stuff?

          What makes you think that just because computers are physically adjacent that they can talk to one another?

        • by Amouth (879122) on Monday July 18, 2011 @02:31PM (#36802224)

          So i assume the pentagon is a horrid idea and that we should never have the leaders of these branches in the same area as each other?

          aside from your "cruse missile" (which by the way would work just as well now as it would then) comment the other stuff is already covered inside a data center - just because the info is in the same building doesn't mean the networks talk to each other - nor does it mean one side knows what the other is doing..

          • by dkleinsc (563838)

            Ah, but there's a way of dealing with the problem of having the leaders all taken out in what is known as a 'decapitation strike', as explained by General Buck Turgidson:

            Plan R is an emergency war plan in which a lower echelon commander may order nuclear retaliation after a sneak attack if the normal chain of command is disrupted. You approved it, sir. You must remember. Surely you must recall, sir, when Senator Buford made that big hassle about our deterrent lacking credibility. The idea was for plan R to be a sort of retaliatory safeguard. I admit the human element seems to have failed us here, but the idea was to discourage the Russkies from any hope that they could knock out Washington, and yourself, sir, as part of a general sneak attack, and escape retaliation because of lack of proper command and control.

    • Maybe he has in mind a different categorization: One data centre for each of the "common use cases" at http://aws.amazon.com/s3/#common-use-cases [amazon.com]

      Why would one amazon/s3 be enough for everybody else :-)

      Stephan

    • by mosb1000 (710161)

      In the era of cloud computing, you should be able to do everything with a single data center. You would have three for redundancy and to distribute the load.

    • Surly the the armed forces need more then ONE! I know there is only one Pentagon, And that simple fact implies; That the Pentagon is basically irrelevant! The .mil crowed may not be rocket scientists, But you can be damn sure; That none of those people, Will ever "put all their eggs in one basket", .mil history is filled with commanders that did just that, they even have a name for it; EPIC brain fart!

    • by mspohr (589790)
      Why do we have five branches of the military (who should all work together but end up "competing" for resources) and why do they each need their own data (which won't be shared).
    • by blair1q (305137)

      The military only needs one data center. Change the colors of the website based on the URI it's accessed through, if you want.

    • Another comment that was silly was about contractors that stay quasi permanently in a position- do you really think it serves the best interests of the organization to turn over the staff every few years? That would be chaos.

    • Three data centers is not enough to give each of the branches of the military its own dedicated data center for operations.

      Do they each have their own road into the Pentagon?

  • Regulatory Capture (Score:4, Insightful)

    by TheSync (5291) on Monday July 18, 2011 @01:53PM (#36801752) Journal

    "'because they understand the procurement process better than anyone else.' He added: 'It's not because they provide better technology.'""

    This is another example of Regulatory Capture [wikipedia.org], where private entities use the regulatory process created for the public interest to forward their private interests.

    Whenever we open up complex regulatory regimes (such as the incredibly insane Federal government procurement process, campaign finance regulations, etc.), inevitably someone will figure out how to game the system for their private benefit.

    The best regulations are simple ones, as complexity breeds gaming. Complex regulations also encourage corruption on the government side as well.

    • The Republicans favor the rich.
      The Democrats create law so complex that only the rich have the resources to follow.

      • Regulations are designed to stop assholes, but don't nor can they.

        I call it the law of assholes. Assholes exist, and will always dance on and around the edge of "legal". They can because there is no law against it, and that is where they live.

        That is the way of the Asshole.

        • by hoppo (254995)

          Regulations have a declared intent of stopping assholes. They are designed to expand the government's reach and tilt the playing field in favor of the big fish.

          • Exactly what I mean. You can't make being an Asshole illegal. The only thing you can do is kick the shit out of them when you have to. That is the only thing assholes understand.

    • The best regulations are simple ones, as complexity breeds gaming.

      Where do you think complex laws come from? When you create simple regulations with broad language, you leave plenty of loopholes for companies to exploit. Then the government needs to close those loopholes by adding more specific language to the regulations. Companies find new loopholes in the regulations and the government responds with more complexity. So our options are to have simple laws that are widely exploited or have complex law

    • The best regulations are simple ones, as complexity breeds gaming. Complex regulations also encourage corruption on the government side as well.

      And yet those who call themselves "progressive" continue to advocate for ever more intrusive and pervasive regulations in the vain hope that some wonderful utopian society is waiting for them at the end of all the waste, fraud and abuse. Indeed, these are the very sorts of people that P.T Barnum was speaking of when he said, "there's a sucker born every minute". Whenever someone tells me that big government and regulation is the path to prosperity, I know immediately that one of two things is true: they hav

  • "very few companies" that benefit from government spending "because they understand the procurement process better than anyone else."

    Too many IT contracts are written with overly broad personell and systems security requirements, essentially requiring that the people working on these contracts originally coming from military or government offices to start with. Essentially built-in job security for those leaving government jobs.

  • Par for Course (Score:5, Informative)

    by pavon (30274) on Monday July 18, 2011 @01:57PM (#36801798)

    Welcome to all government procurement of any sort. We have rules to prefer small businesses over big companies. So who gets this business? Not all the existing small businesses in town who know their product, can answer questions, keep stock on hand, are a generally helpful. They can't handle the bureaucratic overhead of government procurement.

    Instead we have to buy from companies created for the sole purpose of being middle men to the government, whose only benefit is their understanding of the procurement process. Bonus points if they are owned by a woman or minority. They don't keep anything in stock, and add another 2-5 days to the shipping process compared to buying direct from the manufacturer. They are even more expensive than the local shops. They don't know what their products are used for and can only regurgitate what catalog in front of them says. But since they do so little they can turn over tons of revenue with only a few employees and thus remain a "small company".

    • And typically they just sub-contract the system out to some large company.

    • by trout007 (975317)

      I worked for a government contract that was up for bid every 5 years. It was a small disadvantage business set aside. So basically ever 5 years I worked for a new company working at the same job, same desk, and with the same government people. Only the owners of the shell company that ran the contract changed.

    • by mosb1000 (710161)

      My company actually hired an employee specifically to handle procurement for one of our more needy government clients. We told them, "if this is how it's going to be, we are going to hire someone to do this and bill you for their time" and they were ok with it. Madness.

  • News at 11.

    Seriously... this is as obvious as saying that banks make money by taking advantage of existing regulations. It's deplorable, but it's not exactly surprising.

  • by gmcraff (61718) <gmcraff&yahoo,com> on Monday July 18, 2011 @01:58PM (#36801816)
    It's a military, construction, health, fill-in-the-government-blank, problem.

    General Dynamics, Raytheon, Boeing, Halliburton, etc provide a critical service: they understand government regulation. If you've ever seen a printed out copy of the Federal Acquisition Regulations, you'd be surprised that gravitational collapse isn't happening.

    For most businesses, it's not worth taking a government contract until they're asking you to provide a COTS solution, where you know what you're selling, and the government pays you, and that's the end of it. The government is getting exactly what the commercial market gets. Firm Fixed Price contract, no surprises.

    As soon as the government wants it customized in any way, and they're willing to pay you to customize it, that rabbit hole goes all the way down. Every stipulation of the contract must be assessed for compliance, and every assessment requires some kind of test, and every test has a schedule towards passage of the test, and every last one of these things costs time and resources, which means money, which the government is going to pay you, because the government wants its double cheeseburger in a way that no-one else wants it.

    If you're an action oriented kind of entrepreneur, this will drive you insane. So you don't do it yourself. You go in as a subcontractor to one of the big Gov-BS-Handlers. You do the work, they firewall you from the BS, 50% for you, 250% for them (after change orders and spec changes and reviews and program management overhead) and everyone is happy with the $500 hammer (non-sparking, minimal toxic release, aircraft rated, 8 pound, loading bracket hinge, for the hitting of, one count)
    • The problem is not exclusive to the government either.

      Many large private companies also are encumbered with such bureaucratic process. Many electric utility companies that are semi-monopolies insulated from the market vagaries are worse than government. They would casually spend 25 million dollars to "upgrade" from PeopleSoft 8.1 to PeopleSoft 8.2 or whatever. Actual work will be done by some H1-Bs who get paid about 65K a year, but his body-shopping Indian company would bill someone for 125$ a hour, fro

      • None of this should be surprising to any student of economics, but they don't generally teach that in school anymore, except in post secondary education, because that is what suits those in power and their lackeys. They keep the general public ignorant of such things while redirecting their anger into policies which sound good, but actually enrich even further those who benefit from the public ignorance. Those protesting against "corporate greed" and "fat cat bankers" would do better to put down their signs
    • I completely agree with this and I see it happen all the time. IMHO, the biggest issue with the government is that they always want to customize anything they buy. They'd be 10x better getting an off the shelf product and spending 1/5 the cost and 1/5 the time implementing the product. Maybe it doesn't give them everything they want but the reliability, cost and time to implement will more than outweigh the costs of going custom. Also, if anything goes wrong then they can pick up and move to another pro
    • by blair1q (305137)

      And then there's an election and your contract gets cancelled by the new guys.

    • Actually the $500 hammer might just be a $5 hammer, on a PO that has a limit of $500, used to purchase the $2500 tool that was deeply discounted to ... $500 along with 4 other items each costing $500 for something that normally would be $5.

      This is because in order to procure the normally $2500 item, it would take walking a maze of stupid regulations and take two months.

    • by Agripa (139780)

      Your post reminds me of a story I heard about military procurement and Cobra radar detectors.

      Apparently during some air force war games, the Americans noticed that the Israelis (?) were very adept at breaking missile lock-on so they asked about it. The Israelis pilots showed them these inexpensive Cobra radar detectors that they had mounted to the inside of their canopies which just happened to work great against the newer American targeting radars and gave the pilots an early warning. Not to be outdone,

  • by MaWeiTao (908546) on Monday July 18, 2011 @02:21PM (#36802098)

    This is where the real government waste exists and this is exactly the sort of thing that will never be addressed. Instead useful programs are cut wholesale because that's what makes the most visible impact to your average ignorant voter.

    • Every dollar spent by anybody is actually a dollar of revenue to the counter party of the same transaction. You spend a dollar on bread. Your grocer gets a dollar in revenue. Right?

      Now think about wasted money. Wasted money is not cash burnt in the fireplace. It is just money spent, without adequate or reasonable return. For the counterparty to that transaction that money is unearned revenue, undeserved profit. When you say government is wasting 300 billion dollars, it represents 300 billion dollars of un

    • by blair1q (305137)

      No, no, no.

      This is "inefficiency."

      Waste is when this sort of regulation doesn't exist, and the system purchases random junk that doesn't work for projects that stopped operating years before.

      Fraud is when anyone in the chain knows that's happening and lets it continue because it means a paycheck.

  • by byteherder (722785) on Monday July 18, 2011 @02:36PM (#36802266)
    The article did not name those companies that are in the IT Cartel. Let me start it off with the ones I know.

    1. IBM
    2. Accenture
    3. Booz Hamilton
    4. Deloitte
    5. SAIC
    6. HP
    7. CACI
    8. CSC

    Why do they win all the IT contracts? They have huge staffs dedicated to understanding the myriad of procurement rules. The little guys don't stand a chance.


    Can you name some more.
  • by DarkOx (621550)

    This guy is suggesting that Federal Procurement isn't a process of objective evaluation where the best(as in most appropriate to requirements) products, services, and vendors are selected? What you say its system or rigged bids? You mean evaluation criteria is not select to best represent operational goals but instead to ensure a preferred vendor gets the contract? Wow crazy, never would guess that from casual observation of the past 40+ years of US history....

    I am so glad we hire these qualified public

"Consequences, Schmonsequences, as long as I'm rich." -- "Ali Baba Bunny" [1957, Chuck Jones]

Working...