recommended reading

Government Culture Inhibits Shared Services


Technology has finally caught up with the will to share services more efficiently in government but federal agencies’ siloed and cautious culture is still a major impediment, the senior adviser to the government’s Chief Information Officers Council said Thursday.

It’s difficult to convene CIOs from across the government to sort out basic information including who should be a supplier and who should be a consumer of shared services such as wireless Internet and data storage, Adam Hughes said during an event sponsored by the American Council for Technology - Industry Advisory Council.

“We don’t have good processes in place to be able to have formal information sessions and that’s what I want to focus on this year,” Hughes said. “That’s a real impediment to even getting over that hurdle to create an environment where shared services can work, to have folks in the room to say ‘How can we do this?’”

Another hurdle to information sharing is the reviews agencies must go through in order to share even basic practices with each other and the public, he said.

When the CIO Council asked agencies that had adopted “bring your own device” programs if it could share the privacy and personnel policies those agencies drafted as part of its BYOD Toolkit, for instance, it took several weeks and several reviews to win approval, Hughes said.

“These were not sensitive or long policies,” he said. “We struck agency names so you couldn’t tell what agency it came from and still there were policy and legal reviews. And some of these things were three paragraphs long.”

Government culture has become more agile when it comes to digital services that are already open to the public such as interactive government websites and mobile applications, said Hughes and Gwynne Kostin, director of the General Services Administration’s Digital Services Innovation Center.

Kostin’s office is developing an open content management system that agencies can adopt for any website that seems suitable. The innovation center is inviting agencies to sign up for an alpha version of the tool so they can give feedback on the CMS during development rather than after the project is complete.

Kostin also is encouraging agencies to make the code underlying their websites and Web tools open to the public through developer sharing sites whenever practical, she said.

One significant barrier to sharing government code is that the vast majority of it is written by contractors who often have a financial incentive to not share their work too widely, Hughes said. Even if a contractor allows an agency to share code with other agencies it will often balk at sharing it with the other agency’s contractors, he said.

Modifying that will require a long-term commitment to changing the culture of both the government technology and government acquisitions shops, he said.

Making government more agile and efficient will require a similar longterm culture change and an increased tolerance for risks that must spread from the top of agencies down through the ranks, Hughes said.

“I’ve been appalled at the risk averseness of federal employees,” he said. “It’s not because they’re not innovative or don’t want to be creative. It’s because they don’t get backed up on that when things fail. That’s the whole struggle. When things fail then the hammer of oversight gets sent down. It’s not ‘what can we learn and do better next time’ or ‘wow you really took a risk.’ That’s what you get in the private sector. [There] if you took a risk and you failed that’s what you were supposed to be doing. That’s not encapsulated in government very well.”

(Image via VLADGRIN/

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.