1 / 34

The State of Federal eGovernment and eBusiness

The State of Federal eGovernment and eBusiness . January 23, 2001 Mary Mitchell Office of Electronic Government GSA Office of Governmentwide Policy ec.fed.gov. AOA - Lansing MI Jan 22-23, 2001. Internet. IT skill shortage and aging of workforce. Increased outsourcing

ronli
Download Presentation

The State of Federal eGovernment and eBusiness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The State of Federal eGovernment and eBusiness January 23, 2001 Mary MitchellOffice of Electronic Government GSA Office of Governmentwide Policy ec.fed.gov AOA - Lansing MI Jan 22-23, 2001 1 - 10/18/2007

  2. Internet IT skill shortage and aging of workforce Increased outsourcing and privatization Performance measurement and accountability Globalization Increased public expectations Trends Driving Government Transformation Government 2 - 10/18/2007

  3. Implications of Current Reality Old ways of doing business won’t go away anytime soon • Improvements require up-front investment • Multiple benefits but often one program carries the burden • Need to support old and new ways of doing business, at least for now • Up-front investment requires tough choices because existing operational costs exceed demand for service 3 - 10/18/2007

  4. Key eGov Findings • Most government Web sites are informational, serving as an important dissemination channel • Government Internet development is fragmented due to • different origins of revenues • lack of overall strategy • Despite fragmentation, Web initiatives can integrate independent efforts & automate off-line transactions • Most government Web sites don’t support • access by persons with disabilities • offer language translation Sources: Jupiter and Brown University studies 4 - 10/18/2007

  5. The eGov Challenge • Approximately 265 Million Americans • Growing number of Americans are Wired • Most Americans want to do business with the government online today! • Public expects online services similar to the best commercial capabilities • Public does business with multiple agencies • Your agency may not have a clue who they are! 5 - 10/18/2007

  6. Business Driver: Efficiency/Savings U.S. Mint savings $5 per transaction AZ DMV savings $6 per transaction Cisco Systems $564M saved IBM $600M saved 6 - 10/18/2007

  7. Business Driver: Savings by Process Type Percent Savings Traditional System Internet Bill Payment $2.22 - $3.32 $0.65 - $1.10 71% - 67% Insurance Policy $400 - $700 $200 - $350 50% SoftwareDistribution $15 $0.20 - $0.50 97% - 67% Procurement 70% Motor Vehicle Registration $7 <$2 71% Order-Filling (DOD) $24 $12 50% Source:DECD from various sources. 7 - 10/18/2007

  8. Process Change Story: eProcurement Purchase Cards Estimatedsavings: $55. per order * FY 2000 23.5million actions 12.3 billion$ 55 million rebates avg. buy ~$500 20% increase! * Substantiated in GAO & other reports 8 - 10/18/2007

  9. GPRA PRA Clinger -Cohen CUSTOMER SERVICE GPEA Electronic Government Imperatives • Reduce burden on the public • Provide customer service in better ways • Single Point of Entry • Electronic forms aren’t enough but it is a start • Easier To Access • Easy to Fill & More Accurate • Faster: Submit, Respond & Process 9 - 10/18/2007

  10. Challenges for eGov Applications • Authenticating the users • Interoperability with agency systems • Assignment of liability and risk • Scalability/extensibility • Assurance of data Integrity • Non-repudiation for transactions • Maintaining confidentiality (privacy) 10 - 10/18/2007

  11. Federal eGovernment Mandates • Government Paperwork Elimination Act (GPEA) • Privacy Act • Improper disclosure is a crime! • Individuals’ have access to their own data • Newer specific protections • Health Information Privacy Protection Act (HIPPA) • Child Online Privacy Protection (COPPA) • PL 106/107 for the Grants Community • Other Existing Mandates • Presidential directive - Dec 17, 1999 • Program specific laws, Laws relating to “obligations” 11 - 10/18/2007

  12. Electronic Signatures in Global & National Commerce Act • E-SIGN addresses: • Affects interstate or foreign commerce transactions • Legality of electronic signatures and records; • Preemption of inconsistent statutes or rules. • E-SIGN does not address: • Security, authentication, or records requirements; • Interoperability across jurisdictional boundaries; • Electronic signatures based on different technologies; • Rules for acceptance of different kinds of signatures. • Federal activities are generally unaffected, instead abide by Government Paperwork Elimination Act (GPEA). • Effective date: October 1, 2000. 12 - 10/18/2007

  13. Grants Streamlining • Congressional mandate is PL 106/107 • Electronic application and reporting • Reduce burden on grantees • Establishes common formats • Financial, performance reports • Uniform administrative rules • Consolidation A-102 & A-110 • Reduction of program-specific terms • Assurances and Certifications? • Plan published in a Federal Register Notice http://www.financenet.gov/fed/cfo/grants/grants.htm 14 - 10/18/2007

  14. 15 - 10/18/2007

  15. Federal Grants • Approximately $300 billion annually • 1000+ programs in 33 agencies • Over 30,000 organizations receive $300,000 or more annually • Many program-specific requirements • OMB Guidance • Agency-specific solutions not adequate • Engage stakeholders (states, non-profit, etc.) • State & Local Subcommittee Chairs: • tony_cavataio@ed.gov) or evansk@ojp.usdoj.gov 16 - 10/18/2007

  16. Driving Toward Electronic Government6.ppt Infrastructure Federal Mandates Authent- ication Digital Signatures CA Cross Certification Secure Web GPEA Privacy Act E-Sign HIPPA A-130 & PPD-63 (Security ) Driving to eGovernment Leverage Technology Single Face Gov't Getting There Customer Service: Call centers, VOIP, CRM Metrics Business Case Risk Assessment Best Practices Streamlined Processes eMarketplaces Buying, selling, paying Change Agents Strategy: Alliances, Interagency Groups Executive Leadership Workforce: Training, Telework Outreach: White papers, Talks, Press XML Metadata, architecture, access, languages FedSales eGov Products PKI/Smart Cards Policy Setting & Guidance Interoperability & Standards Agency Pilots Alliances w/Agencies & Industry Mobile Devices 17 - 10/18/2007

  17. FirstGov.gov • Keyword Search • Featured Subjects • Interesting Topics • U.S. Government • State & Local • FirstGov Partners • Your Feedback 18 - 10/18/2007

  18. Your Feedback • Feedback by Topic Scroll down to “Veterans” and tell the Veterans’ Administration what you like, or what could be improved about the way they provide services • Feedback by Agency Send e-mail to the Secretary of Health and Human Services or other Department officials • Feedback to FirstGov E-mail the FirstGov team to make content suggestions or comments about the website 19 - 10/18/2007

  19. Baseline: Customer Service Customer Service E-mailResponse Time Public expects 6 hr response time Source: n=81 20 - 10/18/2007

  20. 2nd, 3rd Inquires Contact Overload! Result: Seek Real-Time Solutions, Straining Resources 32% Placed A Telephone Call ? 45% Sent Another Email Source: Jupiter/NFO April, 2000; n=1709 21 - 10/18/2007

  21. State & Local • Links to state and local websites • Information for state and local employees • Locators for federal services 22 - 10/18/2007

  22. Government Online Recruitment/Employment Section Kids' Education Area Government Forms Online Government Records Online File Taxes Online Update Information Online Online Bidding for Government Contracts Online Application for Grants Online Voter Registration Online Voting Source: n=81 23 - 10/18/2007

  23. Risk Assessment • Federal agencies are required to by GPEA • Three primary risks: • Improper disclosure • Program fraud • Image of the Agency • Goal: assess the electronic transaction risk • Recommend an “appropriate” authentication mechanism for a given transaction • Examine transaction flow and vulnerabilities • Provide rough cost estimates 24 - 10/18/2007

  24. Leading Risk Practices • GAO Report, InfoSec Risk Assessment: Practices of Leading Organizations • SSA risk report found few organizations performed a Risk Assessmentbefore implementing new authentication method • Found six “leading practices” for assessment • Most still using PIN/Passwords • Poor job of identifying life cycle costs • Other methods, notably software-based client keys are becoming more common • No widely-accepted industry cost models 25 - 10/18/2007

  25. Other Considerations • Identification Risk • Back-end Risk e.g.,database of passwords • Risk Over Time • Single vs. multiple transactions • Interoperability with Other Applications • Intra-agency, inter-agency, B2G, C2G • Infrastructure and Operating Costs • Helpdesk, databases, repositories... 26 - 10/18/2007

  26. Pay Attention to Privacy • Set enterprise-wide privacy policy • Select appropriate security technologies • Trust relationship questions • Does Identity need to be authenticated? • Are credentials presented sufficient? • Is there a trusted authentication authority? • When should I accept credentials from an authority? • Privacy Do’s and Don’ts • Do notify users and follow opt-in strategy • Don’t keep any more information than needed • Don’t keep information any longer than needed 27 - 10/18/2007

  27. Common eGov Applications Needs • Authentication of users • Non-repudiation of transactions • Confidentiality (privacy) • Interoperability among disparate systems • Assignment of liability • Scalability/extensibility 28 - 10/18/2007

  28. Technology Neutrality • E-SIGN and GPEA require “technology neutrality” with regard to creating, storing, generating, receiving, exchanging or authenticating records or signatures. • Can not require use of a specific technology unless necessary to meet government objective • Can not require use of a particular type of hardware/software • GPEA requires risk assessment before technology investment 29 - 10/18/2007

  29. What is an Electronic Signature under E-SIGN? “…means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” Digitized image of a handwritten signature Knowledge-based Authentication Biometric Profile PIN or Password Click through acceptance via software dialog box Typed name Digital Signature or other secure authentication system 30 - 10/18/2007

  30. What about Digital Signatures? • What kinds of transactions need signing? • Submission of a mandated transaction (administrative, regulatory, law enforcement) • Instrument creates a financial or legal obligation (e.g., applications for benefits and grants) • Contract for goods or services • Involves inherently sensitive or private information • When is a secure infrastructure needed? • Strong authentication provided by identity-based digital signature certificates useful in managing risk • Appropriate to satisfy Fed GPEA needs • Use for Agency identified “risky” applications 31 - 10/18/2007

  31. Security Needs Met by Public Key Infrastructure • Authentication:Is originator who they really say they are? • Achieved by binding the sender’s identity credentials to the message (digital signature) • Data Integrity:Has message/transaction been accidentally or maliciously been altered? • Achieved via cryptographic checksums (hash) of the data • Confidentiality: Can message be read only by authorized entities? • Encryption protects information from unauthorized disclosure • Non-repudiation:Can sender or receiver dispute that message was actually sent or received? • Enabled through the digital signature process

  32. Access Federal System with ACES Any Web-based Government Application Return Personalized Government Benefits/Information Citizen Validate Digital Signature Certificate Industry Partner What is ACES? Access Certificates for Electronic Services is a governmentwide contract whichcanprovide secure electronic access to the Public for privacy protected Federal services and information through the use of public key technology. • Authentication • Access Control • Data Integrity • Technical Non-Repudiation 33 - 10/18/2007

  33. Rules of Thumb 34 - 10/18/2007

  34. GSA’s Governmentwide Policy Federal EC/eGov site FirstGov Portal FedBizOpps Contract Opportunities Property & Asset Sales Access America:Students, Seniors President’s E-Commerce WG FedCommons: Grants Interagency Grants Cmte OMB Policy: Grants, Information Procurement, Financial Management Fed Public Key Infrastructure Access Certificates for Electronic Services (ACES) Smartcard Security http://www.policyworks.gov http://ec.fed.gov/ http://firstgov.gov http://www.fedbizopps.gov http://fedsales.gov/ http://students.gov and http://seniors.gov http://www.ecommerce.gov http://www.cfda.gov/federalcommons/ http://financenet.gov http://www.whitehouse.gov/OMB/ http://gits-sec.treas.gov http://gsa.gov/ACES http://smart.gov Some Key Federal eGov Sites 35 - 10/18/2007

More Related