Technologists also discuss role in security, spurring innovation and how the industry can help lead the U.S. economy out of the recession.
In late September, a group of chief technology officers and strategists from the world’s leading software-makers met in Washington in part to discuss the implications behind President Barack Obama’s innovation agenda.
Their interests and concerns include creating the next generation of innovators, making sure the right incentives for intellectual property protection are in place to foster innovation, figuring out how the IT industry can help lead the US economy out of the recession, and determining the extent to which the federal government should engage in those issues.
Those and other topics were among the points the CTOs discussed with the Obama administration and legislative officials organized by the Business Software Alliance and its president and CEO, Robert Holleyman II.
Between meetings with federal chief information officer Vivek Kundra, chief technology officer Aneesh Chopra, the House Science and Technology Committee, and others, these corporate CTOs talked with GCN Editor-in-Chief Wyatt Kash and senior editor Rutrell Yasin about some of their critical concerns — and what messages they felt were important to convey to federal officials.
GCN: If you had just two minutes with Aneesh Chopra or Vivek Kundra, what thought would each of you want to impress on either of them about improving the government’s use of technology?
Craig Mundie, Microsoft chief research and strategy officer: The subject I would [discuss] is a bigger focus on the broad issues around identity. Many of these issues, whether it’s data-oriented security, or cybersecurity, the fundamental weakness we have right now is in the identity space. It’s a complex thing. Government should play a seminal role in establishing identity. It’s clearly going to have to be a federated kind of model, and yet I just don’t think there’s enough focus on any of these domains.
Bryan Barney, McAfee senior vice president of worldwide product engineering: There were some interesting things said in the White House cyberspace policy review about the need for private and public sectors to work more closely together. I would ask what the next steps are, his thoughts around the cybersecurity coordinator and how we get that dialog moving forward so that we can start sharing information between the public and the private sector that we currently don’t share today. [For instance,] we don’t share vulnerability and risk and malware data in a systematic way between the public and the private sector. There are issues with privacy concerns, there are issues with national security concerns, and we have to figure out how to get around those obstacles before we can really collaborate more closely on some of those security issues.
Tom Malloy, Adobe Systems senior vice president and chief software architect: I’d like to see from Vivek the prioritized list of his interests. He was fairly open [when we met] that his vision is a five- to 10-year vision. But where we’re going to be able to help, obviously in the short term, are on the places where he places the most priority and the places where there’s the most opportunity for us to have an impact, and I’m not yet clear on what that short list is. Craig Mundie has been very articulate about identity; it should be on that short list. But I’d like to see what he’d really like industry to focus on to help him be most successful.
Mike Fulkerson, Rosetta Stone senior vice president technology and labs: I would say standards. Every time we do a new implementation for the government, it feels like we’re starting from scratch. Things like identity are a great example of where, if the government was using more standards, our job would be so much easier, and we could deliver solutions to the government at much less cost because we’re not worrying about those kinds of problems over and over and over.
Jeff Kowalski, Auto Desk CTO: I was really heartened to hear where we were starting to use technology to support the overall administration’s initiatives. What I’d love to see is more emphasis not just on the greening of IT but on the application of IT to initiatives such as green [computing] and sustainability. There’s a supply of technologies that can be used more effectively, not just more efficiently.
Charlie Huang, Cadence Design Systems senior vice president and chief strategy officer: The IT industry is still an industry where the U.S. shines, and other countries like to participate in our success. I’d like to see [industry] giving inputs to the policy-makers and legislators who continue to cultivate and encourage innovation instead of adding more roadblocks. And there’s a lot they can do. Obviously they can’t dictate how people buy what color of phones they buy, but with the IT infrastructure, they have a lot to influence.
Chuck Grindstaff, Siemens PLM Software executive vice president and CTO: I think there are two different factors that I’d like to really dig into with more depth. One is those things that just the government can do. Craig Mundie’s point around identity is one of those examples where the government has a unique position and role in helping to solve this problem that the rest of us would like to get solved.
But the other side is operational efficiency of the government. And there I would want to see a very strong focus on interoperability. We have amongst the BSA companies a view to this tech-neutrality. We also want all of our products to work together. It’s the government and the public information, and we want these systems to not only work together superficially but in depth. There is quite a bit that the government can do together with us to help improve that without dictating particular details. They don’t have to tell us how to generate the electricity, but it’s fine to lay down some rules about the voltage and cycle time on the current. If there’s a big focus on those two vectors…then I think that would get a lot of traction.
Raj Nathan, Sybase senior vice president and chief marketing officer: I agree with Tom Malloy; we need a set of priorities defined both in the short and long term and that we can work toward. Also, some of these problems would require some research work. The notion of funding companies like ours for research work or basic research in some of these areas is something for them to consider. It’s just not basic research in physics and chemistry but also in software.
Richard Friedrich, HP Laboratories director of the strategy and innovation office: Most of us realize that the nation faces an innovation crisis. The rest of the world’s quickly catching up to our capabilities, and I think that we’re in a unique position between Vivek, Aneesh and [the Office of Science and Technology Policy] to begin to think about government, university and industry partnerships that can address a wide range of short-term, medium-term, and long-term activities related to societal scale issues of the 21st century. How do we apply IT to solve some of these problems? Energy independence, health care costs, climate, education, food safety, water shortages. Those are major societal issues that not only would have a direct benefit to the nation, but [applying IT] would help accelerate innovation and a lot of the IT infrastructure as well.
Patrick Gnazzo, CA senior vice president and general manager: All the issues raised around the table were extremely important, but I think from a practical perspective, Vivek’s comments about raising the level of the presence of the CIO within each one of the agencies is going to help deal with all of the issues. Getting that CIO in front of their Cabinet official and seeing that the importance of what they’re able to bring to the table would be extremely important, and if he can do that, that would be a real benefit to all of us.
Mark Bregman, Symantec vice president and CTO: One thing that’s very encouraging is a new openness to dialogue between the administration and our industry. So I would encourage Vivek to continue that and expand it not only with himself and Aneesh but also with those CIOs of the agencies and open up that dialogue. We need to understand what the short-term and long-term top goals are because there’s so much that can be done. We could become very defocused if we don’t have that prioritized list. I would also echo the need for the government to refocus its long-range R&D investments, stimulating universities and industry to focus on the long term, not just on the short-term outcomes. On some of those problems, we may not know what the answers are, but if we start working toward them, it will drive a lot of innovation.
GCN: Based on what you’re observing, do you feel that the Obama administration is making genuine game-changing moves? And how do you envision supporting those moves?
Grindstaff: Yeah, there are some game-changing kinds of concepts: the idea of subdivisioning and flat computing. I think all of us are excited by that, but we also have to do a lot work on the security layers and the actual core technology to make sure that it ties in and can process the information properly — and that we can get to the metadata and core concepts that are in those systems and really make it useful.
Bregman: Tech neutrality is our big recommendation. We’ve seen some statements that still require further definition from the government. In particular, we see some definitions around preference for free software or for open software that doesn’t look comprehensively at what those terms really mean.
For example, free software typically isn’t truly free in the entire life cycle of the software ownership. Free tends to charge someone, maybe not the end-user and maybe not the end-user in a traditional form of currency.
Secondly, when we talk about open software, there are a variety of different nuances inside of that that need to be examined very closely. We think that open software, in the sense that it provides interoperability, is something that we champion. But open software, in the sense that it elects a certain business model, once excluding certain — actually an entire class — of businesses from participation, and by virtue of that, excludes a number of solutions which may be actually the most appropriate choice.
Kowalski: I think the point is that we don’t think it’s appropriate for the government to be selecting approaches. It’s appropriate for them to be defining requirements in terms of needs and then leaving it open in terms of the specific business model that fits their needs, their specific standards, as long as they’re interoperable to meet their needs and so on.
Mundie: I think when you look at introducing the cloud as a component of delivering the future government solutions, you have to break it down into three parts. Today they generally are not clearly done in that way.
The first is the government wants to be more efficient. It always has had a lot of computer systems and the question is: In its own internal consumption of computing, is there a way to gain some efficiency? That does beg all the questions that Chuck raised: How’s it going to work? Is it going to be secure? Is it going to be a private cloud? Is it going to be government or open cloud?
The public, on the other hand, really looks to the government to provide services and to provide governance. One of the open questions in the United States is: How do these things turn out to be a new tool for how the public gets government services? Whether it’s renewing a license or getting a business license. Whatever it is. There’s a big desire for more automation around those things.
And the third: I think that with initiatives like Apps.gov, we’re a step in the direction of saying that a new class of government service can be provided, which was never provided before, where the government provides just raw data to facilitate the creation of either the public access to services or new businesses that could come in and help the government be more efficient. It’s going to be important over time to make sure we know which one of the three buckets we’re talking about when we ask a lot of these questions because the considerations are quite different as a function of each of them.
GCN: What are your reactions to Apps.gov, the government’s initial effort to retail online computing services to government employees? And will it cause you to rethink your licensing and payment models?
Grindstaff: In general, the BSA member companies like the concept. We like the ability for the end-users and their management to be able to quickly decide, procure and provision applications, even though many of them are already on the [General Services Administration] schedule. I don’t know that there are remarkably big technical hurdles for any of us to go through in order to provide solutions there. The main issue is really getting through the start-up process that doesn’t seem to be very highly evolved at this point. I think many of us are anxious to get our applications in technology available this way but are also concerned that we’re [starting] a bit flat-footed in many cases — at least in our case — in getting our apps fully available [for the Apps.gov model].
Mundie: I actually think it’s going to be a bit more complicated than people understand. This is not an alternative way to buy things that were already on the GSA schedule. The goal of this is not just a storefront to buy things that were already purchasable in a fairly direct way. It’s to move these applications — whether they’re platform infrastructure or whatever — into a service model of delivery. It’s the coupling of those that I think most people don’t fully understand what [is involved] — taking an individual app that somebody used to buy, run on a local computer or in a local data center [and making it] available in Apps.gov. They’ve got very confined mechanisms for payment.
Even Vivek pointed out that something that’s on Apps.gov, the general council of each procuring agency still has to review the terms of service as it relates to that particular agency of government. So the idea that you just go to the Web and download an app for your PC or your phone — it’s going to be substantially more complicated than that even in the best case.
It’s not really an alternate procurement mechanism as much as it’s a way of procuring an alternate way of deploying traditional applications, and I think that these apps will have to be re-engineered to some extent to be deployed in that environment. And then you get into all the questions of: Based on what class of application it is, do you have new security issues? Do you have new identity issues that accrue from it being hosted in another environment?
Even in the Apps.gov taxonomy that was created, they talk about the fact that the cloud will have multiple instantiations. There will be the public cloud, the private government cloud and some hybrid clouds. And each of these configurations represents some complexity for where and how an individual company’s applications might be deployed, even if they were visible in the storefront, and you just went there shopping for them.
So in terms of [advertising] to government employees the range of solutions that might be available that they might not have known about, it will certainly be beneficial. But to really get the benefits that Vivek is looking for will require a considerable amount of work on both the procurement side and on the company side to make these things appear there.
Malloy: One of the things we need to understand, for those of us that have our products on the GSA schedule, is that the whole concept behind the GSA schedule is you have a quantity of one. And you have a term that says "most favorite customer treatment," meaning that the government gets the best price at a quantity of one.
In many instances, the government gets many of our products at even a cheaper price if they’re buying a lot of them, and they’re buying them in bulk. So the whole idea of an Apps.gov being even cheaper than that quantity-of-one price — we have to all look at what are the ramifications with respect to our liability and with respect to what we have in our terms and conditions. But the government already is buying smart with respect to that quantity of one. The discount is a greater discount than anyone else gets.
Friedrich: I think a lot of us are very inspired by Vivek’s enthusiasm and passion for what he’s trying to accomplish, and I think it’s going to pay great dividends for the nation. There’s a tremendous amount of collective wisdom around this table. The software industry has been beating [the drum for] the development and deployment of these kinds of capabilities for years now. Many of our corporations have some kind of common operating environment where we have a self-service capability for employees inside the corporation. So we know how to do this for some class of applications.
But as Craig and Bryan mentioned, there’s some that you have to be very careful about. If you look at Apps.gov, there’s a section for virtual machines. I’m not sure that I want any random person in the government downloading virtual machine technology to some [random] platform. You can cause a lot of other practical difficulties in terms of testing, etc. So I think there are some practical deployment issues that have to be addressed as well as the multitenancy and the business models.
But most importantly, you want to ensure that you have a reliable, predictable environment. If you’re not careful and screen some of these things beforehand, that could actually introduce new problems into the environment. It’s great that the left hand and the right hand finally have a sense of what’s available. Oftentimes, we’ve solved the problem for one agency, and the other one has no idea. So hopefully this will break down some of those barriers.
GCN: Turning to cybersecurity, what could industry do for government to try to accelerate advances in better security for the government’s networks?
Bregman: One of the first things to recognize is that there are two very distinct sectors of cybersecurity that need to be [better understood] from the government point of view. One is the security within government systems and within classified systems. But there’s an equal challenge and role for the government to play in helping to guide operationally securing civilian systems. The vast majority of even critical infrastructure is not operated by the government, like the electric grid, like the financial systems, etc., and they are vulnerable as well.
There’s also a very important role in helping provide guidance to the nongovernmental sectors in how to provide cybersecurity. We, along with most of the other member companies here, are heavily involved in helping the government to understand how to approach those problems. The challenge being that within the traditional government systems, there’s been a mentality of build higher walls, bigger fences.
Within that boundary, we know who’s here and we can protect it. That really just doesn’t work in the nongovernmental systems. All of our companies today have our own corporate systems connected to partners, suppliers, customers, employees. There isn’t a wall around the enterprise anymore, and that’s increasingly true with government, as government tries to be more open to the citizenry, more open to government company/private industry collaborations.
So a different approach needs to be taken when thinking about security: not just how to build better locks and better doors but how to be secure in an environment in which you can’t lock everything down.
Huang: It was good to hear, talking to Vivek, that he recognized that in addition to physical security, the more important issue is data level security. It’s good to hear an important government official, who is charged with so much responsibility, at that level of understanding.
Barney: I’d just add that setting security standards is going to be important going forward, to make sure that the critical infrastructure has some uniform security to it. But that setting the standards is difficult. History says that generally, when you set standards, there’s some reasonable probability that a standard actually ends up being counterproductive, or not well-adopted by industry. So it’s important that the government works with private industry in an open and collaborative way with the standards bodies that already exist; that government doesn’t try to dictate standards from Washington, D.C.; and that we create standards that respect intellectual property and are compatible with international standards so that we don’t have competing standards around the world.
NEXT STORY: DHS releases cyber incident response draft plan