Getting plugged into E-Government

Apply for Social Security benefits, reserve campground space at a national park or comment on pending legislation – all from the comfort of your Internet-connected home computer.

That’s the scenario envisioned by the U.S. government under its broadly termed “E-Government” plan to simplify delivery of its services to citizens, businesses and municipalities.

The strategy is one of five that President Bush has adopted as part of his management reform agenda, which is aimed at making government more about citizens than bureaucracies.

“Just like companies were product-centered, governments tend to be agency-centered,” says Mark Forman, associate director for IT and E-Government at the U.S. Office of Management and Budget (OMB). “The president wants the government to look across the agencies and focus on the citizens.”

Forman is a man who could help make that happen. He oversees federal IT spending – which will exceed US$48 billion this year and $52 billion in 2003 – and he is leading the federal government’s digital remodeling.

Last fall, a Forman-led task force of 81 members from 46 agencies identified 24 “high-payoff” projects to focus on during the next 18 to 24 months. These projects will consolidate several hundred overlapping IT projects in the federal government, Forman says. Their expected payoff will be in the form of improved operating efficiencies, more targeted spending and less paperwork, totaling possibly several billion dollars in savings, the task force concluded.

For the most part, the projects fall into four categories, organized around interactions with citizens, businesses, states and localities, and internal users. For example, Online Access for Loans will help citizens and businesses find the right loan option for their needs; Federal Asset Sales will consolidate 150 disparate sites dedicated to selling federal assets; and e-Training will provide a centralized repository of government courseware.

Forman says the current administration’s e-government efforts are not cosmetic, not simply putting up Web content – which he calls “Web enablement.” The federal government already has plenty of Web content, with more than 33 million Web pages and 22,000 Web sites, he says. “We do not do Web enablement. Web enablement locks in poor customer service for us,” Forman says, referring to Web sites that merely put a new face on old processes.

Rather, the projects are about backstage fixes – for example, integrating multiple agencies’ systems to streamline the process of applying for an economic development grant, which today could require a community to file more than 1,000 forms with 250 federal bureaus. “Pretty soon you’ll see a lot better service, but it’s not because there’s a prettier Web site. It’s because we’ve fixed the redundancy,” Forman says.

In its strategizing, the task force identified potential obstacles that could derail the E-Government effort. Recurring barriers included agency culture, stakeholder resistance, resources and trust.

Overcoming close-minded agency cultures and stakeholder resistance are management issues – mitigation requires strong leadership, communication and engaging resistant parties, the task force determined. Forman says collaboration among agencies is sometimes very easy. “The people have wanted to collaborate, they just were looking for leadership. And now the White House, via my office, is providing that,” he says.

The resources issue might be mitigated by moving resources to programs with the greatest potential, the task force says.

The trust issue, it turns out, requires an initiative of its own: e-Authentication.

Security plus privacy

E-Authentication is one of 24 official E-Government initiatives, though it differs because it’s an infrastructure project that is intended to be used by the other task-oriented initiatives.

A linchpin of E-Government, the authentication project will set a standard for determining identity, says Jeanette Thornton, portfolio manager for e-Authentication at OMB. Among the 22 other projects, there is a need for such features as access control and digital signature support to ensure secure communications and transactions. Rather than address authentication separately for each initiative, the e-Authentication project provides a shared service that lays out a method for proving identity to the federal government, says Thornton, who acts as a liaison between OMB and the e-Authentication project team.

Granularity is a key part of e-Authentication. Different applications require different levels of security, which need to be defined through business policies. Potentially, a user will present a credential – a password, certificate, smart card or token – to access to the appropriate applications.

“There are lots of transactions buried in 22,000 Web sites, lots of opportunities for authentication,” Forman says. “To allow a citizen to do a simple transaction that cuts across agencies, the authentication infrastructure has to be built.”

Some of the funding to do that is in the bag. In April, OMB allotted $2 million to get the e-Authentication project started. Today, the project is in the definition-and-requirements stage. Steve Timchak, program manager for the e-Authentication initiative, leads the project team. Timchak is with the General Services Administration (GSA), which is the agency charged with managing e-Authentication.

He says the project team has three primary tasks: determine the authentication requirements for each of the e-Government initiatives; build an authentication gateway to map authentication levels to the different applications; and provide common solutions for varying authentication needs.

Basically, it’s about providing a level of trust appropriate to the application, Timchak says. Some transactions require strong authentication, others won’t. Making a payment to the Internal Revenue Service might require a public-key infrastructure (PKI)-type credential, whereas for browsing business loan options, an ISP-provided personal identification number and password might be sufficient.

The key is not to grossly over- or under-secure any transaction. “We certainly don’t think that we’re going to issue digital credentials to 285 million Americans by any means,” Timchak says.

To determine the level of security required, the GSA-led project team is using a modified version of the Operationally Critical Threat, Asset and Vulnerability Evaluation tool developed by the CERT Coordination Center at Carnegie Mellon University.

On the security technology front, the government is getting a hand from Mitretek Systems, a nonprofit organization that held a “technical exchange day” in June to brief security vendors on the government’s authentication plans – at least at a conceptual level. The next step is to issue a request for information to vendors, followed by a request for proposal.

Based on its interaction with industry vendors, Mitretek then will develop, build and deploy a prototype gateway, which team members expect to be operational – and processing live transactions from at least one other E-Government project – in September. Full deployment of the gateway will follow a year later, according to estimates.

“We have a pretty rigorous schedule we have to adhere to,” Timchak says.

Fortunately, GSA and company aren’t starting from scratch. The e-Authentication initiative builds on existing government efforts to secure Internet transactions. The GSA, through its Access Certificates for Electronic Services program and the National Finance Center, has established models for acquiring technology to authenticate users, Timchak says.

“What we would like agencies to consider is taking a look at those contract vehicles for PKI that are already in place within the government,” Timchak says. “Any business case certainly ought to consider what’s already in place and use it if it makes sense to.”