Despite many cries to the contrary, there are a lot of good things actually happening in the D.C. region. To learn more about the myriad good things happening in our region, we spoke with John Cofrancesco, VP of business development at Active Navigation.
ABERMAN: John, thanks for joining us.
COFRANCESCO: Well, thank you guys for having me back. And this is the most contrarian Washington story, because it’s a story of how Washington is actually getting it right. So, this story really begins in September 2001. President Bush is responding to the attacks in the country, and he does two things. The first thing he does is, he says, hey, we have to go get these bad guys, but the second thing he does is, he says, we have to make sure this doesn’t happen again. And that begins a study that culminates in the 9/11 Report of 2004. And out of that report, we learned a lot of really important things, but one really important thing about information. And that was: our agencies didn’t have the ability to effectively communicate with one another, because they had each put ad hoc policies in place about how they were going to deal with information that was sensitive, but not so sensitive that it was classified.
So, this sort of in-between space. Think tax returns, or even the design of buildings. So those wouldn’t be classified, but you don’t want the terrorists to know where you’re keeping certain material in buildings, or even the design of those buildings, in case they choose to attack it. So because of this, these agencies had no mechanism of sharing information that hurt us on 9/11. President Bush resolved to fix it. So, as the story goes, President Bush then put into action some policies, and really he came out and said, okay, I want you to design rules of the road for how agencies can share information. And this is where things get funny, because the agencies really fought with themselves for four years, and couldn’t come up with an answer.
ABERMAN: There was no common standard, unlike top secret information. There was no consistent standard.
COFRANCESCO: And more than that, you had agency one saying, well, my standard’s clearly the best standard, because obviously we know what we’re doing, and there’s no way your agency knows what you’re doing.
ABERMAN: And that’s the kind of behavior that most outsiders assume that the “bureaucrats in D.C.” pursue. So what broke the logjam, and why is this a success story, and not just another sad example of why things don’t work?
COFRANCESCO: So, President Bush lays the hammer down in 2008, and he comes out with an executive order basically saying, get it right, and get it right right now. So, now it’s a transition of administration. Obama comes in, and all you ever hear about is the disagreement between the political parties. But this is not the case here. They were hip to hip on this. So, by early 2009, Obama has a commission put together to make sure that that executive order is being followed, then quickly follows up with an executive order of his own, replacing President Bush’s. But not in a way to countermand it, rather, to strengthen it.
So, now we have an even stronger executive order that places the National Archives and Records Administration in charge of this whole befuddling problem of figuring out what to do with this sensitive information. Also, puts NIST in charge of coming out with the standard on how to secure it. So, this persists for some time, really the length of the Obama administration. And the agencies, in fact if you read the most recent information that’s come out on this, by the Information Security Oversight Office, it still says the agencies haven’t been complying, but Obama was smart. And what he did was, he codified this into the CFR. He said, not only are the agencies going to get hit with an executive order, but this is really going to go into the hard regulations that they’re going to follow these rules. So now, we roll over to maybe the biggest disagreement on political parties, at least in recent history, between Trump and Obama.
You think they get along on nothing, but actually they get along really closely on this particular issue. The Trump administration comes in, sees that the agencies still aren’t complying, but then goes back and really advances the cause by empowering them to do something that they haven’t been doing with the agencies, and that’s inspecting them. And that’s where this story gets really interesting, because now the agencies, not only do they have to comply because of the regulations, but they have to comply because somebody is knocking on the door and saying, are you complying?
ABERMAN: What is it about this particular fact pattern? Is this a template for behavior that could be followed in many other places, or is this a unique circumstance?
COFRANCESCO: I’ve lived and worked in and around Washington for a long time, and I think that the media, and I’m on the media now, but the media sometimes gets this wrong. We’d like to focus on the squeaky wheel, and for every major issue we have that Washington really is failing on, the truth is, we probably have a thousand issues we’re getting it right on. This is one of those cases where the policymakers have been hip to hip, and really doing a wonderful job of advancing the cause, and the bureaucracy has been slow to respond. And we at Active Navigation think we understand why, and are actually trying to bring a commercial perspective to solving the problem.
ABERMAN: Now let me ask you: what are the implications of this? You know, with Europe hammering so much on privacy, and a lot of trends prevailing, I think, towards a greater sense of government protecting people’s privacy in the private sector. What are the implications of this unification of standards you’re talking about?
COFRANCESCO: So this is a really interesting time, because I believe we’re really at the beginning of seeing a federal privacy law come to place here. Because when the Obama administration directed NIST to come up with a standard, that standard has now grown. In fact, NIST is getting ready to release a new standard, NIST 800-171, and that standard doesn’t only touch the government agencies that have access to this controlled unclassified information, but it’s also reaching out to the companies that they work with. So if you’re working for General Dynamics, or Lockheed Martin, or Boeing, well guess what? You’re now going to have to comply with these NIST standards, despite the fact that you’re a commercial organization. And that’s really laying the foundation, we think, to a broader privacy perspective from the federal government.
ABERMAN: As you look at the lessons learned here, and you look at your own expertise and work around data and privacy, do you think we’re failing ourselves by not publicizing more often these successes?
COFRANCESCO: It kills me that we don’t do it. I love this country, I’m a patriot. I have friends of all political parties. And if you live in the Beltway, you get to hear these stories, often because you’re working them or living them. If you live outside the beltway, you never get to hear it. All you hear is sort of the bad end. This is not working, this is broken, and I guess it makes sense, right? The squeaky wheel gets the oil, it also gets the attention. But it’s those other things that make the country work.
ABERMAN: So in this particular instance, we’ve actually found something that’s working in Washington?
COFRANCESCO: It is working in Washington. You’ve got it.
ABERMAN: John Cofrancesco from Active Navigation. As always, thanks for providing insight on an important issue.