FITARA implementation, simple innovation and more

What FITARA looks like at EPA, HHS

The comment period has not yet closed on the Office of Management and Budget's draft implementation guidelines for the Federal IT Acquisition Reform Act, but agencies are already working FITARA into their operations.

Beth Killoran, executive director of the Office of IT Strategy, Policy and Governance at the Department of Health and Human Services, said at ACT-IAC's Management of Change conference on May 18 that her agency was one of the first to speak with OMB about how to implement the bill.

HHS has set up a 20-person group to hash through FITARA's implications, she added, and various HHS organizations are scheduled to present their ideas on implementation this week.

Environmental Protection Agency Chief Architect Param Soni said his agency is also moving quickly to implement various FITARA provisions. EPA already has "a very robust investment review board," he said, and the agency has "taken that as an opportunity to do what we call a FITARA review" for every new IT acquisition.

Killoran said HHS has also established a review process, but at this stage, it is still optional.

Killoran and Soni said their agencies were still wrestling with what CIO oversight of all IT acquisitions will look like in practice. HHS has decided that approval for anything under the simplified acquisition threshold of $150,000 can be delegated to the local business units -- even though the agency's general counsel warned there might be compliance risks.

Soni stressed that EPA's FITARA reviews are designed to help without further complicating the process. It's a one-time review, he said, "and it's a one-hour meeting."

Ben Rhodeside, lead IT staffer for Rep. Gerry Connolly (D-Va.), said his boss has been pleased with OMB's and agencies' efforts so far. Although most of FITARA technically went into effect when the law was signed in December, "we understand that there is a soft launch," Rhodeside said.

Furthermore, the law's provisions for CIO assignment plans are intended to give agencies some flexibility and ensure that CIOs do not spend all day approving laptop purchases.

"Congress has been pretty impressed, I think, with the quality of the implementation guidance," Rhodeside said.

A simple replacement for 'innovation'

"Innovation" -- the much-abused buzzword -- should be shunned. Its replacement: "simplification."

So said Lisa Bodell, CEO of Future Think, to a packed ballroom at the opening of ACT-IAC's Management of Change conference May 17.

The self-described futurist urged the assembled representatives of government and industry to do some serious soul-searching so they can identify inefficiencies in their organizations and work as hard to eliminate deadweight as they do to add new capabilities.

She told the audience members to ask themselves: "How would you actually put yourself out of business?" She urged them to get into the mindset of a competitor to find a path toward radical improvement.

She also gave a homework assignment: Identify and eliminate two unnecessary rules in your organizations, and ask employees what rules they would kill.

Often, Bodell said, managers who do that exercise will discover that employees have been following "rules" that aren't even rules -- they're organizational bad habits.

Above all, Bodell urged clear thinking and keeping things simple.

"Change has become synonymous with complexity," Bodell said, adding that employees don't fear change so much as the needless complications that often accompany it.

Her ultimate message: When it comes to positive change, less is more.

FBI: In-flight hacker took control of a plane

The FBI alleges that the hacker who tweeted in-flight criticisms of the cybersecurity of airplane systems last month has hacked such systems and momentarily took control of a plane in mid-flight.

The FBI said it has interviewed Chris Roberts, founder of the security intelligence firm One World Labs, at least three times this year, and he is under investigation for allegedly hacking into control systems on commercial airplanes, according to a May 15 report on Canada’s APTN news website.

Roberts has not been charged with a crime, however.

According to the article, he told FBI agents during interviews in February and March that he had hacked in-flight entertainment systems on Boeing and Airbus aircraft about 15 to 20 times from 2011 to 2014. The article quotes an FBI affidavit that said in one instance, Roberts told the federal agents he hacked into an airplane's thrust management computer and momentarily took control of an engine.

Roberts had been barred since April from traveling on United Airlines because he live-tweeted about aircraft system vulnerabilities while on a flight to a hackers' convention that month.