- March 2012 (1)
- February 2012 (1)
- December 2011 (1)
- October 2011 (2)
- August 2011 (1)
- July 2011 (1)
- June 2011 (1)
- May 2011 (1)
- April 2011 (2)
- March 2011 (1)
- February 2011 (1)
- January 2011 (2)
- December 2010 (1)
- November 2010 (3)
- October 2010 (2)
- September 2010 (1)
Tags: Collaboration, Desktops, Laptops, Printers, Mobile Computing, Networking, Project Management, Security, Workforce
Where Will You Be When The Lights Go Out?
There’s an old joke about a lost tourist asking for directions in Boston and being told, “You can’t get there from here.” Like any good saying, this one mixes a little humor and a little truth. But on a really bad day – a day that will be long remembered because of a catastrophic event such as a major terrorist attack or natural disaster – it may not just be the lost tourist who is stuck at the end of a one-way street. In the past we operated on the assumption that we would have some warning to get key people out of harm’s way. We thought in terms of moving the people who need to make decisions in the immediate aftermath of the incident from one place to another. This is the type of thinking that led to the creation of empty buildings often called “alternate” or “COOP” sites. But today, the threat has changed and, as we have learned, our enemies attack with no warning or need of provocation. It can happen at any time and in any place – and we better be ready with more than a building stocked with computers, phones, and packaged food.
Let me acknowledge that the people who work in the intelligence, counter-terrorism, law enforcement, and military communities in this country are among the smartest, most committed, and courageous people I know. They dedicate their careers and risk their lives every day to protect you and me from the very real dangers we face at home and abroad. But – and I say this with all possible admiration for their efforts, and trust in their abilities – we would be foolish to assume that the bad guys will never get past them. They have, they will again, and we must be ready – every day.
The professionals who think about these worst-case scenarios are continuity planners. Their job is to weigh risk acceptance and mitigation as they strive to produce a system – processes and personnel – resilient enough to withstand any threat and maintain the critical functions we need to keep the country going.
The key assumption must be that prevention measures will fail, and that we must deal with the consequences of those failures by creating an organizational structure that is inherently resilient. This approach ensures critical mission capabilities when our nation needs them the most. Understanding the threat and implementing a risk-based strategy will reduce the effectiveness of our enemies – especially those intent on targeting our systems in a deliberate effort to prevent us from supporting recovery efforts. And this we cannot allow under any circumstances.
Last month, the U.S. Government Accountability Office (GAO), an arm of the Congress whose job is to review and report on the effectiveness of government programs, issued a report on continuity and telework. They found that there was no consistent, government-wide guidance on how to incorporate telework into agency continuity plans, as required by the Telework Enhancement Act of 2010. They cite guidance from DHS, GSA, and OPM, all relating to telework and continuity planning, but our friends at GAO seem to feel that something is missing, and apparently that is more guidance (i.e., paperwork).
So this is where I take exception to that finding and upset a few people in the Legislative Branch (they should be used to it by now as they seem to be getting the stink eye from an entire nation for their handling of the debt ceiling issue). I don’t think we need more guidance, what we need is some action and maybe some leadership. If you want some clear, consistent, and broadly applicable guidance, I would refer you to a document issued in August 2007 by President Bush. This plan was reviewed and reconfirmed as national policy by the Obama Administration soon after they took over in 2009. It’s called the National Continuity Policy Implementation Plan (NCPIP),and it’s pretty clear on the issue of getting people out of the office on a regular basis. It doesn’t mention “telework” by name, but read the excerpt below and send me a note if you are still confused on the meaning.
“…organizations should appropriately disperse staff elements and functions away from the main headquarters building on a routine operating basis to enhance the survival of key personnel and functions. With the continuing improvements in desktop teleconferencing and collaborative tools, the ability to conduct daily business from geographically dispersed locations is growing more commonplace and, if done routinely, will serve as a model for dispersed operations in the event of an emergency.” (NCPIP, Chapter 1, Page 9).
Later in the NCPIP, it does specifically call out telework as a strategy and directs OPM to establish telework guidance for continuity. OPM did issue guidance and has continued to update that guidancebased on new statutes and regulations.
As far as I can tell, nowhere in their 43-page report does GAO even mention the NCPIP. They discuss a group who was established based on its requirements (the Continuity Advisory Group); some of the issue-specific guidance from DHS, GSA, and OPM, resulting from direction in the NCPIP; and some best practices by executive branch agencies. But nowhere do they see how simply it describes the solution: routine geographic dispersion of key people and staff functions will enhance survival of those mission critical functions. Full disclosure, I served as one of many review editors of the draft NCPIP. Its pretty clear and concise, it addresses the issue, and its signed out by the President. So why do we need more paperwork?
This is where I annoy people at both ends of the Mall. Government tends to work best when they have very narrow and clear direction. They seek out the belt and suspenders. Any ambiguity is seen as a reason not to do something, so in GAO’s view, more guidance is always better. While I understand their rationale, I disagree with the very premise. We need to empower federal employees to become more successful. We should give them clear and concise guidance on what we want done and then hold them accountable to do it. “We didn’t have clear guidance” should not be an acceptable excuse. You wouldn’t let your kid get away with this pedantic argument, “Well, I wasn’t sure how you wanted me to clean up my room,” would you?
Maybe the language of the NCPIP is confusing some folks; so let me try to summarize the basic guidance on continuity and telework. Don’t put all your eggs in one basket. Just keep some eggs at home even if its only one day a month.
Join this discussion and read other blog posts here.