Advice for Obama's CTO

During the presidential campaign, President-elect Barack Obama said he would appoint a federal chief technology officer "to ensure that our government and all its agencies have the right infrastructure, policies and services for the 21st century," according to a management reform plan he released in September. Just what skills does this CTO need to do this, which includes leading the historically change-averse bureaucracy to embrace new ways of doing business?

To answer these and other questions, Nextgov sat down with Norm Lorentz, the first -- and only -- federal chief technology officer. He was named CTO at the Office of Management and Budget in January 2002 and worked in that position until September 2003. While CTO, Lorentz worked on the Federal Enterprise Architecture, which provides a common model for buying information technology so agencies can share information. He also served as CTO for the U.S. Postal Service, where he worked from August 1998 to December 1999.

Nextgov's executive editor, Allan Holmes, sat down with Lorentz on Dec. 8 in his office at the Council for Excellence in Government, where he is head of the organizational management and improvement practice. Edited excerpts from the interview follow.

Question: You served as the first federal chief technology officer in government. What were you trying to accomplish in that role?

Lorentz: I came in right after 9/11. My job was to establish a capability that did not exist, the Federal Enterprise Architecture. The Federal Enterprise Architecture was viewed as an IT thing, but, in effect, it is a process-based depiction of the federal government. That was going to be used as a tool for improving government, showing a database method for doing mission consolidation and aligning technology investment. So it was really about a government transformation and mission performance capability. We used it as a method for influencing budgets. When people would submit their [reasons for spending money on a project to OMB], they had to describe what they were doing in the context of lines of business, as well as describing what other organizations they were working with.

Question: We've seen many names of IT stars floated as the federal CTO in an Obama administration. What type of person would be a good fit for this position?

Lorentz: First, the person has to be very passionate about the improvement of government. I can't imagine that the president, based on [his] selections so far, wouldn't do anything other than that. But it starts right there.

This needs to be a pragmatic technologist. This needs to be somebody when they talk about something that excites them it's [based on] where they've actually applied technology in creating a whole new business model and created extraordinary performance. I ran an IT job board for a period of time. That kind of changed the way we hired people. It's that kind of thing. But it wasn't the fact that it was a new technology approach, it was the fact that it matched people with jobs. This should be somebody who has run a large organization, knows the vagaries of running a large organization, but has produced real results and has very practical experience at process improvement using primarily technology.

With all due respect, all the names that have been bandied about, they wouldn't seriously consider the position. I am sure they smile when they see their names mentioned, but that really wouldn't be that great a fit for those kinds of folks. But I'll tell you what, they would be there to aid and abet the right type of person.

Question: Is this person in government now?

Lorentz: Transformation never comes from within -- ever. I've never seen it. So this person, bluntly, needs to be from the outside. That doesn't mean that the person can't have been in government before, left and come back. That's fine. But they need to have fundamental experience and a point of view that is external. This is not a popularity contest, so it doesn't matter if they don't know anybody in government, although it would be helpful if there was a mutual respect to begin with.

Question: What would you tell the federal CTO in an Obama administration about the big obstacles he or she may face? Where are the minefields?

Lorentz:There's an old saying: "There's no idea more potent than one whose time has come." And the corollary is also true: "There's no idea more impotent than one whose time hasn't come."

So it's around a change management tool set. When I first came [to OMB], there was a bipartisan behavior because of 9/11. After about eight months that went away. There were distractions, so while the change management around making government improve continued, it was almost a secondary area of focus to the other distractions such as Iraq, etc.

That's different now. There's nobody who doesn't think that government's role should not change and actually be enhanced in terms of the problems that we have right now. And frankly, some of the stuff around fixing financial management cannot be done without an injection of relevant technology. It can't be done.

The good news is . . . there's nothing that we can think about doing right now that can't be done with the technology we have right now. We have a reason for improvement. And that's also bad news, because we have a lot of things that are broken. But I think that is fundamentally different now. I also think that this CTO role will be viewed as fundamentally different in that I believe it is a chief transformation officer.

Question: How is it different?

Lorentz: It's an external policy injection from the president on how the processes of government, fueled by technology, are going to change. One of the basic precepts of transformation is it never comes from within. Ever. Even in the private sector. If you look at the three automakers, which one has changed the most? Ford. Why? The new CEO [brought] outside influence. …. In the federal government, it's just the same. That CTO will bring those external stimuli to the existing situation. It will be disruptive. It will be uncomfortable. And by the way, if it's not uncomfortable, it means nothing is changing.

Question: But you hear that it is so hard to bring about change in government. We've had numerous reforms that had lofty goals and most have fallen way short. What can the new CTO do to make this transformation?

Lorentz: When I arrived at the Postal Service it was back when people were hiding and burning mail. These weren't bad people, they just didn't know what to do with the mail. Everything was in need of improvement, but you can't boil the ocean. No. 1 is you have to focus. I mean this is so big and so bureaucratic that you can't do everything at once. This incoming president is going to have some very specific things he is going to want to do. Pick one, pick two. Focus on an area for improvement. That is very, very important.

Then realize it's not a technology thing. It's a mission performance thing. And technology, and I may be using an unpopular term, but it is legal steroids to improve the situation very, very fast. [The president] has some very learned people on how to leverage technology. He needs an operational champion, and that's what that CTO is.

Question: How do you see the next CTO using IT for transformation?

Lorentz: For instance, if they were looking at a method for investing in service-oriented architecture, Web 2.0-based technology, you could use the lines of business definitions to show where you could invest in technology and actually influence process integration and consolidation. You can actually do virtual organizational consolidation without reorganizing the whole government.

A specific example: I was on the Metro this morning and [saw an ad for] E-Verify, [a system employers can use to verify the legal status of workers]. Well, E-Verify is an outcome of the e-government initiatives. So, there's a new tool set. In addition to consolidating existing government, there're new tool sets.

Question: What would be Job 1 for a new CTO come January 2009?

Lorentz: It's very, very mission based. If you look at the places where you have the burning platform right now -- we've had wonderful work that's been done in health care and the federal health architecture around consolidation. But change hasn't really occurred. Why? Because you haven't had focus and attention to that.

So pick one. Lay down the gauntlet for measureable improvement that needs to occur in very specific ways, whether that's sharing patient information, whatever that is, set very, very specific metrics and drive to the performance of that metric. And by the way, it means secretaries and deputy secretaries need to be reviewed on a recurring basis on progress to that metric. And that's when the miracle happens.

Also the CTO needs to have a distinct tendril into OMB. It could reside in OMB just like I did, but it needs to have a much stronger connection to the president, it needs to have direct budgetary influence on how the technology spending occurs in the context of describing that fundamental mission-improvement approach.

The other thing, the new CTO needs to reach out to Congress. This is hugely important. If there is one thing I could have improved in the 18 months that I was in the position, we could have done a much better job of reaching out to Congress. They represent the people so they need to be involved in the transformation.

Question: Some say the position should reside in the White House, some say in OMB. Where should the position reside?

Lorentz: If I was going to err in a direction now, I would be close to the leader. In private -sector firms, where there is very successful technology for product lines, the CTO generally reports directly to the leader. If I were going to err in a direction, it would need to be in the White House. But then there would need to be a very strong connection to the director of OMB and the deputy director of management to drive the necessary action and performance vis-á-vis the budget. It needs to report directly to the president just like any other Cabinet-level [position].

Some view the CTO as more of a technology policy position, someone who would weigh in on the issues of wire tapping and protecting intellectual property, rather than focusing on government operations. What's your opinion on that?

Lorentz: We do not need another bureaucrat. We have plenty. What I have heard from the president-elect is he isn't talking about bureaucracy. He is talking about real change. He is talking about measureable change. He is talking about people needing to change behavior. People only change behavior with consequences. The only way you can leverage consequences is with measurement. So it has to be very specific mission-based measurements that he can review to, hold his Cabinet-level leaders accountable to, and the American public is going to be watching that. It doesn't mean the CTO can't walk and chew gum at the same time. They can do operational functions and also influence policy at the same time. But it really has to be performance and results.

Question: Obama wants government to be more transparent, and the CTO would presumably have a role in that. How difficult is it going to be for the CTO to convince agencies to make their information public and easily searchable?

Lorentz: There already is extraordinary transparency that has been enabled around contracts and so forth. That needs to continue. I just have to say that this is not a popularity contest. This is going to be real transformation. You said, "Convince the agencies." Wrong. Direct; issue executive orders to the agencies. Determine what needs to be done. This president-elect doesn't sound timid. If there is going to be transformation there is going to be discomfort.

Question: Cybersecurity is one of the biggest problems facing government. What can the CTO do to improve cybersecurity?

Lorentz: The CTO certainly needs to maintain what I refer to as the compulsories, which is the current FISMA [2002 Federal Information Security Management Act]. What is your configuration management? Do you have all your patches pushed? Those are like the compulsories in skating. It is necessary, but not sufficient.

What the CTO needs to focus on, and this technology now exists, is what is the real-time view of the network? What incursions are occurring right now? What are the incursions that we should be injecting technology to stop? What approaches are we learning about that are going to impact cybersecurity?

Increasingly, our government processes are going to become purely cyber processes. You look at financials, a very high percentage of the processes are cyber. If you look at the way current wars are waged, a lot of it includes cyber processes. So, the CTO needs to influence the establishment of real-time cybersecurity. We've talked about that for some time, but the technology to actually go into a very low level of detail and see the types of things that are happening [are available now], so that should be a very strong direction given by the CTO.