Tag Archives: Government Technology

Security breach costs US CIO his job

By David Bicknell

Beware of data security – a breach can cost you your job.

According to Government Technology, a breach of health data within the Utah Department of Health in the US has cost the state’s CIO, Steve Fletcher, his position.

Fletcher’s departure was part of Utah Governor Gary Herbert’s actions following the breach, which was discovered on April 2 and is believed to have compromised 280,000 Social Security numbers other personal information of an estimated 500,000 people, including names, addresses, birth dates and some details contained in patient health records.

In response to the data loss, Utah has now started a comprehensive security audit of the state’s technology systems and created a new position of “health data security ombudsman.”

The data breach was found to have occurred on March 30, and is believed to have been caused by a weak password that allowed hackers to break through the department’s security and steal the personal information of as many as 780,000 people.

Government Technology reported that the breach was regarded as ‘preventable’, and that the incident shows that greater funding is needed to protect government’s IT systems.

At the same time, it shows the problems CIOs – in both the public and private sectors – face in trying to put adequate protection in place to prevent security breaches before they occur.

The problem is that if you ask for security funding before anything has happened, the request risks being rejected by executives. And if you wait until a breach occurs, as in the latest Utah case, it’s a bit like shutting the gate after the horse has bolted.

Dept of Technology Services CIO resigns over UDOH data breach

New York’s emergency call IT project: just 7 years behind schedule and $1bn overbudget

By David Bicknell

Everything is always bigger in America: the breakfasts, the buildings – and the IT project overruns. 

According to Government Technology, the call-takers behind New York City’s emergency 911 systems are now using the same technology and are sharing data.

The only problem is that, according to an audit from the City Comptroller John Liu, the expansive  – perhaps that should read  ‘expensive’ – upgrade is $1 billion over budget and seven years behind schedule.

Originally started in 2004, the Emergency Communications Transformation Program (ECTP) is now estimated to cost $2.3 billion, with full completion now expected in 2015.

The project initiated by  the New York City’s Department of Information Technology and Telecommunications (DoITT) set out to establish two public safety call centres in order to improve the resiliency and redundancy of 911 response, which formerly was decentralised within individual city agencies. The New York City Fire and Police departments are now operating in one of the two new call centres while construction work continues on the other building.

According to the audit report, New York employed Gartner as quality assutance consultants when the project began eight years ago, and the consultancy helped implement a series of modifications to the project’s scope and management when problems arose. DoITT contracted with Hewlett-Packard (HP) in 2005 to provide services as a system integrator1 for public safety answering centres (PSAC1) and as project manager over other contractors providing services and equipment for PSAC1.

Gartner subsequently made a series of telling comments on project governance, complaining of a lack of timely decision making; a lack of executive sponsorship participation; and no governance/communications centre administration plan.

Liu blamed the cost overruns on inadequate project management within the city’s administration.

“Taxpayers are just tired of hearing about out-of-control projects involving expensive outside consultants,” Liu said. “This is unfortunately yet another example of massive waste and delay due to City management that was at best lackadaisical, and at worst, inept.  New cost constraints put in place by my office will help curb overruns, though they cannot turn back the clock or put already wasted dollars back in taxpayers’ pockets.”

In his report Liu says:

“We found DoITT’s overall project management of the ECTP lacking – due to its initial underestimation of time and technical constraints involved in implementing the multi-agency mission-critical ECTP – which therefore did not allow for project completion on a timely basis.”

It went on: “The original project governance, roles and responsibilities and project controls  were found to be deficient by ECTP’s quality assurance consultant in 2006 covering the 2005-2006 initial time period of system integration work on the ECTP.

“Specifically, the QA consultant noted questionable judgement, poor decisions and deficiencies in the ECTP governance structure.”

It added that: “The effort… to implement a shared Computer Aided Despatch (CAD) system for Police, Fire and the Emergency Medical Services (EMS) Division was a major technical misstep. Due to technical obstacles, ECTP departs from one of its original goals of having a shared CAD. The New York Police Department (NYPD), the Fire Department and EMS will need to independently address their respective CAD systems requirements outside of the ECTP.”

The audit also points out a need for ongoing independent, external quality assurance which has been lacking since Gartner’s contract ended in March 2011.

Audit Recommendations

To address the audit issues, Liu’s office recommended:

  • DoITT, in conjunction with ECTP executive sponsors, should have its current governance strategy expanded, formulated into a plan, reviewed and formally approved by all stakeholders, and conveyed to all pertinent ECTP team members. The expanded areas should include operational coverage for  PSAC1 upon full completion and occupancy, and line of authority for operations within PSAC1 should be clearly defined and conveyed to stakeholders.
  • DoITT and the OCEC should increase its efforts to fill open positions with appropriately qualified personnel to ensure that the ECTP has sufficient resources required for the ongoing monitoring and management of the ECTP
  • DoITT should improve upon its current strategy to provide Quality Assurance coverage by retaining, on a temporary basis, independent quality assurance experts to monitor the balance of HP’s contractual performance for the duration of its contract.  In addition, DoITT should consider a Quality Assurance arrangement to monitor Grumman’s performance as primary contractor at PSAC2

In a letter responding to the findings, DoITT Commissioner Carole Post said that the 911 upgrade has significantly improved call capacity and that call-takers have moved successfully into the first new call centre.

In January, New York’s Mayor Michael Bloomberg celebrated the opening of the first public safety answering centre. The centre is able to handle 50,000 calls per hour, 40 times more than the average volume and nine times more than was received on Sept. 11, 2011.

“The changes we have made have eluded many administrations and the project has been a challenge, but we have never shied away from the tough decisions or taking on the difficult projects that will make New Yorkers safer and the city work better, and we never will,” Bloomberg said.

More background

New York Daily News report on the project’s history

City Comptroller John Liu’s Audit Report