Does Congress need to give agencies a freer hand in developing good systems? I’m all for it. Should Congressional Republicans commit to support the president in hardening our government against cyber-attacks and other disasters, rather than simply holding political show hearings? Heck yes. But these things won’t happen unless the president makes fixing government IT a bigger priority — and starts enforcing accountability for every disaster that happens on his watch.
Along similar lines, David Strom, an IT consultant, writes,
If a private industry CIO had this sort of security record, they would never work in IT ever again, unless to become a motivational speaker and tell people what not to do. Instead, because they are the Feds, we just shake our heads and wonder what is going on, and some how give them a free pass to mess something else up again. It really boils my blood.
In my view, bureaucracies are notable for two things.
1. They filter out new ideas.
2. They blur accountability. When you make a reasonable request and are turned down because of “policy,” you have encountered this blurred accountability.
I understand the constructive value of filtering out new ideas. A large organization can only focus on a few major initiatives. Those initiatives had better be good ones. Most new ideas are bad. Think of a Type I error as making a catastrophically bad bet and a Type II error as missing out on a profitable opportunity. Bureaucracies help to curb Type I errors but tend to make Type II errors. And every middle manager who has ever had an idea die in the bureaucracy is convinced, usually incorrectly, that the organization committed a Type II error.
Perhaps there is also a constructive value for blurred accountability. But I cannot think of one.