Author: Khan

Speaker | Advisor | Blogger

A Review of President Joe Biden’s American Rescue Plan

On January 14, 2021 President Joe Biden released his new administration’s USD $1.9T plan called the American Rescue Plan. This plan shows the priorities of the new White House administration and calls for Congress to help the American people in many ways. Here are some of the most repeated words in this plan:

American Rescue Plan

Suprisingly, at the end of the American Rescue Plan, there is a section that asks for increased funding to “Modernize federal Information Technology (IT) to protect against future cyber attacks”. Here are my thoughts on it:

Expand and Improve Technology Modernization Fund (TMF)

For now and the foreseeable future, technology will continue to have a direct impact on our lives. Nowhere is this more evident than in the U.S. Federal Government which is the largest purchaser of technology in the world. Recognizing this, in 2017, the Technology Modernization Fund (TMF) was created whose mission is to help U.S. Federal Government Departments and Agencies use technology efficeintly, effectively and securely.

TMF receives proposals from different U.S. Federal Government Departments and Agencies in what they want to accomplish. After vetting the proposals, TMF provides funding to the U.S. Federal Government Departments and Agencies who have a 5-year window to return the funds. TMF receives its own funding from Congress. To understand how much funds have been approved for TMF, lets look at the budget requests versus the appropriations received in the table below:

Fiscal YearBudget RequestAppropriations Received
2021$150M$25M
2020$150M$25M
2019$210M$25M
2018$228M$100M
TMF Budget Requests vs. Appropriations Received

As we can see from the above table, TMF has never received the budget it has requested even though TMF’s mission is basically to benefit the American public through technology.

In regards to cybersecurity, in 2018, Cyber Security and Information Security Agency (CISA) was created whose mission is to lead at the national level to mitigate cyber and physical risks to vital infrastructure. To understand how much funds have been approved for CISA, lets look at the budget requests versus the appropriations received in the table below:

Fiscal YearBudget RequestAppropriations Received
2021$1.7B$2.25B
2020$3.1B$2B
2019$3.3B$1.68B
CISA Budget Requests vs. Appropriations Received

As we can see from the table above, CISA received more funds than they asked for because Congress felt the cybersecurity is important especially when it came to the elections.

The American Rescue Plan presented by President Joe Biden requests Congress to increase the combined appropriations to be $9B which will be used to increase IT shared services and cybersecurity across the U.S Federal Government. This plan also recommends removing the need of U.S. Federal Government Department and Agencies to reimburse the funds back to TMF witin 5 years. I think these are good firsts steps. However, we have to also see these $9B funds as an opportunity to:

  1. Hire the right people/contractors to do the right jobs
  2. Prioritize and optimize processes before cloud migration and automation
  3. Apply technology at the right time with redundancy and security built-in
  4. Create services that improve experiences for the American public
  5. Create products that make government become more digital

Surge Cybersecurity Technology and Engineering Expert Hiring

The Office and Management Budget (OMB) is responsible for managing the Information Technology Oversight and Reform (ITOR) fund which produces quarterly reports on Government-wide IT reform efforts to save on cost of operations U.S. Federal Government Departments and Agencies. The American Rescue Plan also asks for $200M in hiring cybersecurity professionals to improve the U.S. Federal Government’s cybersecurity efforts across the government.

The problem here is two-fold:

  1. IT is always asked to do more with less. This is also true in government. Sometimes IT is asked to produce cost-savings, however, IT does not and should not operate in a bubble. This means that if you truly want to transform an organiztion then the motivation should not be cost savings only. Motivation should be efficient and effective processes augmented by IT which results in frictionless operations that directly provide value to the American public.
  2. While hiring cybersecurity professionals is a line of defense but it is not the only one. Cybersecurity needs to be a whole of government approach which requires cultural change in different U.S. Federal Government Departments and Agencies. This change requires everyone in these organizations to be vigilant and mechanism to be put in place that not only trains people but unexpectedly tests them too.

In both of the above issues, culture plays a very important role.

Build Shared, Secure Services to Drive Transformation Projects

The mission of the Technology Transformation Services (TTS) under the General Services Administration (GSA) is to create a digital government that can benefit the American people. They do this through various programs and services provided to different U.S. Federal Government Departments and Agencies. The American Rescue Plan has asks for $300M so that TTS can create more programs and services that can be used. In order for this to work:

  1. We have to make sure that different U.S. Federal Government Department and Agencies see TTS as not the last resort but the first option to consider.
  2. While TTS’ solutions in Data and Analytics, Innovation, Public Experience, Secure Cloud, Smarter IT, Cloud.gov, Login.gov and other Free and Low-Cost Tools are great but they are not enough. I think TTS should expand its mandate to become a “connector” between different agencies so that redundancies can be reduced and lessons learned can be shared.

Improving Security Monitoring and Incident Response Activities

The American Rescue Plan asks for an additional $690M for CISA to improve shared cybersecurity and continue to moving towards the cloud. What the SolarWinds debacle has taught us is that not only we are highly reliant on technology but also on its interconnectness. This means that to tackle security monitoring and incidence response, we have to to think holistically. This requires us to start with the basics:

  1. Determine the number of legacy systems government-wide
  2. Determine how often those legacy systems are updated/patched
  3. Determine if those legacy systems are too big to fail
  4. Determine what (budget, expertise, time) is missing to replace legacy systems
  5. Determine what data is fed/received from those legacy systems

Other Areas Where IT can Help

IT can help in other areas mentioned in the American Rescue Plan too. Here are a few suggestions:

  1. For a national vaccination program, contain COVID-19, and safely reopen schools:
    • Create a system that automatically pulls data from the COVID-19 tracking systems of States, Localities, Tribes and Territories. Use this data to determine which areas have the fastest rates of spread and then deploy/create vaccination centers in those areas first. Encourage States, Localities, Tribes and Territories to share thier mitigation steps and result in this portal as well so that lessons can be learned. Make this system publically available.
    • Create a system that tracks what tests have been done, what tests needs to be done, frequency of tests required and what States, Localities, Tribes and Territories did after tests were administered.
    • Create a system that pulls in contact tracing data from all States, Localities, Tribes and Territories. Use this data to determine movement of the virus across jurisdictions.
    • Create a system that tracks what communities are underserved.
    • Create a system that tracks supplies, usage, disposal and waste.
    • Create a system that automatically tracks virus data from other countries, it spread rate and any mitigatrion strategies that proved helpful in reducing infections.
  2. For delivering immediate relief to working families bearing the brunt of this crisis:
    • Create a system that takes into account the cost of living for government assistance so that States, Localities, Tribes and Territories support can effetively be augmented by the U.S. Federal Government.
    • Create a system that tracks assistance of healthy nutrition options in relation to health issues in that community.
    • Create a system that tracks which organizations do not provide paid sick leave to their employees.
    • Create a system that tracks which organizations do not give $15/hour to thier employees.
    • Create a system that tracks which organizations do not provide back hazard pay to their employees.
  3. For providing critical support to struggling communities:
    • Create a system that provides seed funding to individuals especially people of color to easily start businesses.
    • Create a system that incentivizes and tracks States, Localities, Tribes and Territories public transit efforts.

Top 5 Articles Of 2020

Thank you to the readers in 148 countries that read my articles in 2020. Following are the top 5 articles that you have been interested in:

  1. What is the relationship between Cloud Computing and Service Orientated Architecture (SOA)?
  2. Is the Internet a Distributed System?
  3. 5 Questions to Ask About Your Organization’s Politics?
  4. 5 Questions to Ask About Your Customer Relationship Management (CRM)?
  5. 5 Questions To Ask About Your Business Process Reengineering (BPR)?

Following are the top 20 countries where most readers have come from:

  1. United States
  2. India
  3. Phillipines
  4. Malaysia
  5. Canada
  6. Australia
  7. Pakistan
  8. United Kingdom
  9. Germany
  10. Indonesia
  11. Singapore
  12. South Africa
  13. Saudi Arabia
  14. Vietnam
  15. Kenya
  16. Finland
  17. Nigeria
  18. South Korea
  19. Sri Lanka
  20. Tanzania

By clicking submit, you agree to share your email address with the site owner and Mailchimp to receive marketing, updates, and other emails from the site owner. Use the unsubscribe link in those emails to opt out at any time.

Processing…
Success! You're on the list.

Artificial Intelligence Is A Mirror

Artificial Intelligence (AI) is changing our lives at an unprecedented rate. Artificial Intelligence is being used to make decisions that directly affect millions of people. Most of the time people are not aware that Artificial Intelligence is being used. For the few people who know that Artificial Intelligence is being used to influence their lives, they have no way of knowing if biases have been removed from the Artificial Intelligence. People just have to trust the companies will do their best to reduce biases in Artificial Intelligence. Depending upon the motivations and the resources available in companies, eliminating biases in Artificial Intelligence might not be at the top of their list. 

So, what is the problem? There is no central third-party authority to verify if companies have actually reduced biases in their Artificial Intelligence.

At its core, Artificial Intelligence is a set of instructions (aka algorithms) that use data to make decisions. There are three issues here: 
1. People determine what the algorithms should do 
2. People determine what data to use 
3. People determine if they agree or disagree with the decisions made by Artificial Intelligence

As we can see, there are people involved in every aspect of creating and using Artificial Intelligence. Algorithms can intentionally or unintentionally create a disadvantage for people. In one example, algorithmic failures in facial recognition have resulted in people becoming unidentifiable due to their facial features. In another example, by not using real cancer patient data IBM’s Watson for Oncology made unsafe medical recommendations. These are just a few examples but they will continue to grow as AI becomes an essential part of our lives.

So, what can be done? I think we can solve these issues by creating a central authority/office at the Federal government level. The purpose of this central authority/office would be to inform the public if and where Artificial Intelligence is being used and if the Artificial Intelligence being used has any biases. Companies would inform this central authority/office about their uses of Artificial Intelligence and this central authority/office would certify if these Artificial Intelligence are bias-free. This central authority/office will have its own Artificial Intelligence to check other Artificial Intelligence created by companies. 

5 Questions To Ask About Software Requirements Gathering

In 2011, Marc Andreessen said that “software is eating the world.” Today, this is more truer that ever. Technology has become an essential part of the our daily lives. Modern life is inconceivable without technology and in particular software that powers these technologies. Software continues to create tremendous opportunities around the world. Software can range from making the Internet function, what software application you use at work, your cell phone to Artificial Intelligence and smart devices. Software is created and maintained everyday. Software can be purchased and is also available for free. Software can be built from scratch or bought pre-built. But before software is created, before the wonderful things that software can do, we have to gather requirements about what we want the software to do.

Software requirements gathering is one of the most important aspects of creating software. It is cumbersome, manual and detailed-orientated work but it has to be done. Incorrect requirements gathering can result in software being created that no one will use or ever know how to use thus wasting a lot of time and money. In organizations, software requirements gathering is typically done by people from or affiliated with the Information Technology (IT) Department and/or external IT vendors. The level of complexity in software requirements gathering various depending if the software is being bought off-the-shelf or being custom built. In either case, there are two main issues:

IT People Are Not Domain Experts

While most IT people are ‘trained’ in gathering requirements, they are not domain experts. This means that IT people have to talk to non-IT people in the organization to understand what is needed. Depending upon who the IT people talk to, the information has to be verified by other non-IT people and any available (updated) documentation. Additionally, IT people have to translate what they have learned from non-IT people with the idea of developing a software solution. The non-IT people are the end-users of the software and thus it becomes imperative that correct and timely information is collected without any biases and preconceived notions. The IT people have to develop trust with non-IT people so that it is easier for them to be upfront about the truth.

Non-IT People Are Not Trained In Giving Requirements

While most non-IT people are willing to help in answering questions from the IT people, they are not trained in giving requirements. This means information that non-IT people share might be siloed and unintentionally incomplete because they didn’t think it was ‘useful’ or ‘relevant’. When IT people encounter this, they refer to it as “pulling teeth”. This creates tension that leads to software which is deemed ‘useless’.

The reality is that it requires both the IT teams and the non-IT teams to create software. With good open-ended contextual questions from the IT teams and with holistic thinking from the non-IT teams, any organization can create great software. To get started here are a few self-reflecting questions to ask:

TodayTomorrow
Who is going to give software requirements?Who should be giving software requirements?
What has been replaced by software?What should be replaced by software?
Where are the current roadblocks to software requirements gathering?Where would the future roadblocks to software requirements gathering come from?
When do software requirements gathering reveals organizational weaknesses?When should software requirements gathering reveal organizational weaknesses?
Why is software important for your organization?Why should software be important for your organization?
5 Questions to Ask About Software Requirements Gathering

How Does DevOps Affect Enterprise Architecture?

Let’s try to describe a few terms.

DevOps is a software development methodology that aims to increase the communications and collaboration between software developers and other IT professionals.

Software Architecture is a high level structure for developing software.

Information Technology (IT) Architecture is the process of developing IT specifications that includes software and systems.

Enterprise Architecture (EA) sits in between the Business and IT that captures the capabilities across the organization. EA helps determine strategy and intends to create alignment. This alignment may or may not result in the creation of system integration, system of systems, systems and/or software but if done correctly always results in business transformation across people, processes, products/ services and technologies.

As we can see from these descriptions, an “organization’s architecture stack” would start from

Strategy –> Enterprise Architecture –> IT architecture –> Software Architecture –> DevOps.

From this understanding, following are the ways how DevOps affects EA:

  1. It shouldn’t. EA is driven by and creates strategy while DevOps is the software/system implementation aspect of the strategy
  2. DevOps affects EA if it deviates from the organization’s strategy
  3. If DevOps is being used as a feedback mechanism to improve the strategy then that’s a totally different ball game

However, nothing is written in stone and there are exceptions in every organization based on how they execute the strategy, the feedback loop, their culture, competency of people across the organization’s architectural stack and of course politics.