In FY97, FEDLINK saved its members more than $9 million in cost avoidance and millions more in vendor discounts. According to the Abacus Technology Corporation's Cost/Benefit Study of FEDLINK Services, "FEDLINK acts as a vital link between federal agencies and information services vendors."
Abacus researchers worked with FLICC/FEDLINK staff and members in FY97 to develop a study which would "identify and quantify, wherever possible, the tangible cost savings/cost avoidance and the intangible benefits which accrue to users of FEDLINK services and FEDLINK vendors." The final Abacus report concluded that the program provides libraries, information centers, and vendors with cost avoidance, a centralized procurement process, an expanded supplier base for increased competition, an improved payment process, and knowledgable and experienced staff members.
Pulling together the facts
As a preliminary step, Abacus reviewed current literature on information retrieval and publications acquisition services in the federal context. They discovered that information services vendors are experiencing increased competitive pressures in the rapidly changing information dissemination market. As a result, federal libraries and information centers are in a position to leverage their buying power to influence the pricing of electronic information. Consortia such as FEDLINK allow small buyers to join together to demand volume discounts.
Next, Abacus researchers developed a profile of the "typical agency" cost structure for procuring information retrieval and publications acquisition services. They drew information on the steps and estimated time needed for a typical agency to put a procurement in place from a 1994 report from NASA's Administrative Issues Group on reengineering the small purchase process; a report from the Federal Electronic Commerce Acquisition Team on streamlining procurement through electronic commerce; responses from FEDLINK's Contracts and Logistics, Fiscal Operations, and Network Operations staff members; and reviews of the cost estimates by two FEDLINK member agencies. Additional interviews with FEDLINK members and vendors completed the Abacus study.
Abacus calculated the cost of agency equivalents to the FEDLINK process, including open market purchases using simplified procedures for acquisitions under $100,000 and published competitions for acquisitions above $100,000. The open competition process requires solicitation, evaluations, best and final offer, negotiation, and special approvals. Procurements of $25,000 or more require announcement in the Commerce Business Daily (CBD). Researchers estimated that a typical agency's cost for one procurement would be approximately $2,000 for procurements less than $25,000, nearly $12,000 for procurements between $25,000-$100,000, and $23,000 or more for procurements greater than $100,000.
Benefits to FEDLINK members
In FY97, FEDLINK offered agencies two service levels: transfer pay, with a charge of 8% of agency service dollars, or direct pay, with a charge of $850 per account plus a supplemental fee of .5% for accounts above $100,000.* Under the transfer pay option, members transfer funds to FEDLINK under the authority of the Economy Act, and FEDLINK provides them with technical assistance and centralized procurement and accounting services. Direct pay customers handle their own procurement and accounting processes, but reference FEDLINK BOAs, thereby avoiding the initial requirements development and Request for Proposal (RFP) processes and sharing in group discounts.
Abacus researchers found that using FEDLINK services results in a cost savings for agencies who choose either transfer or direct pay options. The study recommends that agencies choose FEDLINK for all procurements above $25,000, and for books and database services under $25,000 as well. More research is necessary to establish cost savings for serials procurements under $25,000, due to limited information about serials agent fees on small accounts outside of FEDLINK.
Four FEDLINK member agencies responded to a survey intended to identify the benefits of choosing one payment option over the other. Both transfer pay and direct pay customers indicated that the FEDLINK program helped their agencies save local procurement time and offered them a wide variety of vendors from which to choose. Transfer pay customers indicated that the FEDLINK service also saved library staff time, allowed the agency to comply with vendors which require transfer payment, permitted them to move no-year funds balances forward to the next year, saved time in invoice reconciliation, and provided them with access to FEDLINK staff knowledge and expertise. Direct pay customers noted that the program saved procurement time while allowing their agency to retain local control of billing and funding.
The Abacus report noted that by using FEDLINK, the staff of a typical agency saves the time it takes to develop expertise in information technology products and the experience in dealing with vendors that FEDLINK staff members already offer. FEDLINK members also suggested that using FEDLINK services helps to improve agency staff morale by reducing staff time spent on procurement issues and increasing time spent on professional tasks such as evaluating the quality of received publications.
Benefits to FEDLINK vendors
Abacus researchers conducted surveys and phone interviews with five representative FEDLINK vendors to identify the tangible and intangible benefits of selling information products and services through FEDLINK. Vendor benefits included:
Next stepsFEDLINK staff can help customers or potential customers develop a targeted cost-benefit analysis on the basis of the Abacus findings. A good starting point for an analysis of your local costs is the chart titled "Cost-Benefit Comparison of Local and FEDLINK Options" in section I of the 1998 update to the FEDLINK Member Handbook. Information about pricing and discounts offered by FEDLINK vendors will be available in the "Contracting and Vendor Services" section of the FLICC/FEDLINK Web site in February. If you need additional assistance in analyzing your library's use of FEDLINK services, contact FEDLINK Vender Services Coordinator Jim Oliver at 202-707-4960 or [email protected].
*Please note: In FY98 the direct pay rates have since been adjusted to $1200 per account plus a supplemental fee of .6 percent for accounts above $100,000.
By Jessica Clark
Understanding an agency's firewall system is a key piece in the puzzle of managing electronic information resources. Firewall systems protect internal networks from outside invasion, monitor incoming data for dangerous code, and may host an agency's "public face" on a protected proxy server.
To protect sensitive information and help users access Web resources, librarians should familiarize themselves with their agency's firewall programs and policies and find out whether the library Web site is posted on a secured server. Firewall programs may also be used to monitor employee use of the Internet, to block access to sites deemed inappropriate by agency management, or to track or prevent interdepartmental information sharing. Librarians should find out what the agency allows to be downloaded from the Internet and how Web and network usage information is logged and applied.
What is a firewall?
"Firewall" is a blanket term for programs or devices which control the kinds of network traffic that can pass between an intranet or LAN and the Internet. Discussions of firewalls compare the protection of computers and networks to the defense of medieval castles. Firewall systems must secure a network against attackers and double agents with measures such as moat-like barrier programs, guard-like monitoring programs, and ambassador-like proxy programs. Like a castle which is protected more stringently in times of war, secure or "closed" firewalls work on the principle that everything not explicitly permitted to enter must be denied. In contrast, open firewall systems work on the principle that everything not explicitly denied is permittedthey may be used to protect networks which do not contain sensitive information.
The most secure network is one that is not linked to the Internet. Now that Web connections have become ubiquitous, however, this type of system has become less valuable. To create a secure online presence, system administrators must evaluate security risks, identify potential saboteurs, and isolate particularly sensitive information.
Firewall programs can only protect against network-based attacks; they do not scan dial-in connections or record unsanctioned file theft. They cannot protect very well against viruses either; there are too many ways of encoding binary files for transfer over networks and too many different architectures and viruses to configure firewall software to search for them all. Finally, basic firewall programs do not automatically encrypt data e-mailed from within a network.
What kind of attacks do firewalls repel?
Firewall programs are designed to protect networks and servers from "denial of service" attacks which disable systems and allow invaders access or prevent access by other users. Such attacks include:
Other Web-based practical jokes include replacing site graphics with lewd images, removing a system's password file and plumbing its databases, or capturing and posting financial reports on the Internet. Interactive Web site elements such as chat areas, electronic commerce programs, and automatic e-mail response forms create security holes because the scripts of forms include server names, which can be used to locate the addresses of vulnerable network machines. Systems administrators and library Webmasters need to be aware of these gaps in their system defenses and take steps to protect information that may be sensitive or classified.
Types of firewall programs
Circuit-level proxy servers only mask network addresses. Application-level proxy servers can also act as gateway programs, scanning the structure and content of incoming and outgoing data. These servers may be programmed to require passwords or authentication tokens for access. A typical application-level gateway can provide proxy services for common protocols such as telnet, FTP, HTTP, and SMTP. A separate proxy must be installed for each application-level service.
Stateful inspection programs
A common arrangement for a firewall might include a router as the first line of defense to check the sender and type of incoming information or requests. The next level of defense would be an application-level gateway which requires users to enter a password. The user would then encounter a proxy server which provides him/her with logical equivalents of the network's IP addresses. Internal server machines may additionally be protected by state-watching or router devices.
Creating firewall systems and policies
A variety of freeware and commercial firewall building and security checking tools are available. Some commercial firewall products also include tools which provide additional security measures, such as checking passwords to see how easily they can be guessed; sending alarming messages to crackers who try to break into a system; scanning incoming data for viruses; and encrypting outgoing data. The National Computer Security Association (TruSecure) certifies firewall systems (http://www.trusecure.com/index.shtml).
Librarians or information center staff who are responsible for creating a firewall system or policy should ask the following questions:
It is important to consider firewall policies carefully. A lax screening policy will weaken the protection provided by firewalls, but if internal users find the policies too restrictive, they may bypass the network and use a personal modem. Policy statements should address internal and external access, remote user access, virus protection and avoidance, encryption requirements, program usage, authorized media, appropriate use of the server which hosts the firewall, password protection, and backup and disaster plans.
Responding to online attacks
The CERT Coordination Center (http://www.cert.org) can help system administrators whose servers have been invaded. The center, administered by the federally funded Software Engineering Institute at Carnegie Mellon University, studies Internet security vulnerabilities, provides incident response services to sites that have been the victims of attack, publishes a variety of security alerts, researches security and survivability in wide-area-networked computing, and develops information to help site administrators improve security.
The FLICC Information Technology Working group has established a Consortium Purchasing Task Group to consider an additional business model for FEDLINK. In this new model, voluntarily established consortia of federal libraries would use FEDLINK's transfer pay mechanism to pool resources for group procurement and license negotiation.
Under its traditional business model, FEDLINK guarantees the vendors no minimum level of sales or number of customer libraries. With consortial purchasing, FEDLINK would negotiate a contract with a vendor for an amount specified by consortia members. This model should be especially effective in negotiations with service providers which have not previously worked with FEDLINK.
To test the model, the group will select a specific vendor and establish a prototype consortia of libraries interested in negotiating for electronic access to journals handled by that vendor. The pilot project will focus on acquiring electronic access to full-text scientific and technical information journals. This project will also help task group members and FEDLINK staff to refine bargaining efforts with vendors in the volatile arena of electronic publications.
On January 27, the task group held a preliminary meeting. Representatives from the National Aeronautics and Space Administration, the Department of Energy, the Office of Scientific and Technical Information, the US Geological Survey, the National Agricultural Library, the National Defense University, the Army Research Lab at Aberdeen, the Naval Research Laboratories, the Navy Libraries, the US Patent and Trademark Office, the Library of Congress, and FEDLINK attended. Stephanie Publicker of the National Institutes of Health led the group through a series of questions about consortial licensing and the proposed pilot project.
Group members discussed a number of their concerns about procuring electronic journals:
In order to choose a publisher for the pilot project, the group agreed that FEDLINK would ask subscription agents to identify sci-tech journals publishers most commonly used by FEDLINK customers. Attendees also agreed to forward lists of likely journal publishers to FEDLINK staff. Once this information is collected, members of the group will discuss their next steps via e-mail. Librarians interested in joining the task group should contact Publicker at [email protected] or FEDLINK Network Program Specialist Meg Williams at [email protected].
To encourage further dialogue between federal librarians and vendors, FLICC/FEDLINK is also organizing a March 31 event featuring speakers who will discuss current directions in scholarly publishing. Watch your mail and the FLICC/FEDLINK Web site (http://www.loc.gov/flicc) for more details.
On January 30, White House policy advisor Ira Magaziner announced a long-awaited proposal to move the authority for the Internet's Domain Name System (DNS) to the private sector.
Currently, the federally funded Internet Assigned Numbers Authority (IANA) controls the assignment of IP addresses and a government contractor, Network Solutions Inc. (NSI), controls the registration of generic top-level domain (TLD) names such as .com and .net. The proposal suggests that these functions be transferred to a new, US-based, not-for-profit corporation with an international board of directors. This transition would begin as soon as possible, and the new corporation would assume control of DNS registration by September 30, 1998. Participation in the organization would be open to any business or group with an interest in Internet governance.
The proposal also recommends adding five new registries that would each maintain a single new TLD. These new registries would differ from the seven new TLDs proposed by a group of 88 global participants under the auspices of the Geneva-based Council of Registrars (CORE). CORE had hoped to see their TLDs put into operation immediately; they will now be forced to respond to the US government proposal. CORE protests that the government proposal favors US interests and thwarts self-governance of the Internet.
The White House seeks comments on the draft policy (http://www.ntia.doc.gov/ntiahome/domainname/dnsdrft.htm) through the first week of March.
Telecommunications and Access
Dedicated TCP/IP Lines Now Available
Libraries that spend less than $506 per month via Internet access ($3.60/hour) or TCP/IP dial access ($6.90/hour) will not find any cost savings and should not move to dedicated TCP/IP lines. Another way to compare TCP/IP and multidrop lines is to compare 140.5 hours of Internet access available per month for the cost of a dedicated TCP/IP line, or 73 hours of TCP/IP dial access. For more information, visit OCLC's home page: from http://www.oclc.org choose Services, then Access Services. See especially the Site Preparation Guide for technical specifications regarding dedicated TCP/IP lines.
OCLC will not charge for fewer than 3 ports for dedicated TCP/IP at this time. Some libraries which currently use one or two workstations on the synchronous dedicated line will remain at that number for another two or three years, while OCLC works with larger libraries and their move to dedicated TCP/IP. Contact FEDLINK's OCLC team for assistance in analyzing your OCLC telecommunication needs. If your library fits the dedicated TCP/IP requirements, FEDLINK will assist you in completing the Dedicated TCP/IP Analysis Form.
Passport for Windows Reminder
Copies of Passport for Windows are $40 per workstation. To order, contact FEDLINK to fax you the order form, or visit OCLC's home page (http://www.oclc.org) to complete an online order form. In both instances, the charge will be billed to your FEDLINK OCLC account. For the web order form, choose Support from the OCLC home page, then select Forms to find the Passport for Windows order form.
Access Suite Software
Priced as an annual license, the OCLC Access Suite will offer OCLC members the latest versions of OCLC software products as they become available, eliminating the need to budget for each product as it is released. The price will be $99 per workstation initially (Product Code SOF9321); an annual renewal of $99 per workstation is projected, billed on the anniversary of the initial purchase.
A look at OCLC statistics on federal library use patterns suggests that purchasing individual workstation licenses will be more cost effective for nearly all our member libraries. The site license is priced as the equivalent of 10 or more workstation licenses; very few federal libraries might use the MicroEnhancer on so many workstations. Passport for Windows continues to be available separately from the bundled Access Suite. ILL ME and CatMe continue to be available separately through June 30, 1998.
Cataloging MicroEnhancer Software Has Shipped
A guided tour of CatME is available on the OCLC home page at: http://www.oclc.org/catme/tour/catour01.htm
Collections and Technical Services
Tool for Dewey Libraries
The current Cutter tables are NOT in the public domain and are still under copyright. To develop the Four-Figure Cutter tables, OCLC started with the original 1896 and 1901 tables, analyzed their distribution against WorldCat, and corrected and expanded them. The latest release of Dewey for Windows software has a cuttering function that uses the Four-Figure tables. Users can choose which cuttering scheme they prefer.
When completed, the Passport for Windows macro takes the main entry (either 1XX or 245 as appropriate), compares it against the appropriate Cutter table, and enters the results in the 092 b. If you want to base the cutter on a field other than the main entry, just highlight that field and reinvoke the macro.
OCLC is also developing unique cutters for all book records in WorldCat that currently have a 082 or 092 class number. Again, you will have a choice of Cutter-Sanborn, Cutter-Three Figure, and text cutters. They will be present in a new field, the 093 field, which you can edit.
A complete description of the cutter tables is available from the OCLC Office of Research Annual Review, 1996, available at: http://www.oclc.org/oclc/research/publications/review96/cutter.htm
Resource Sharing and FirstSearch
On January 25, 1998, OCLC loaded changes to the FirstSearch software to improve the link to Interlibrary Loan services. FirstSearch users completing an ILL request online can now make use of the patron fields from the ISO standard for ILL (ISO 10161).
Tips about how best to process records sent to the library's review file from FirstSearch are available from FEDLINK's OCLC team; the tips are also being posted to OCLC's home page, under Bits and Pieces Articles at http://www.oclc.org/oclc/ill/doc.htm
Purchasing books through FEDLINK Transfer Pay offers members an uncomplicated way to minimize the number of personnel needed to conduct day-to-day acquisitions and contract negotiations, while maximizing the use of limited funds.
Here are a few tips to make the acquisitions process easier and more economical:
If you need vendor information, call the vendors' representatives at the numbers listed in the Contracting & Vendor Services Section of the FLICC Web site (http://www.loc.gov/flicc).
For complete information about FEDLINK vendor offerings check the FEDLINK Web site (http://www.loc.gov/flicc) or call FEDLINK's Vendor Services Coordinator Jim Oliver at (202) 707-4900 or FEDLINK Network Program Specialist Dave Pachter at (202) 707-4848. For information on IAGs and IAG Amendments, call the FEDLINK Fiscal Hotline (202) 707-4900.
FEDLINK Technical Notes is published by the Federal Library and Information Center Committee. Send suggestions of areas for FLICC attention or for inclusion in FEDLINK Technical Notes to:
Federal Library and Information Center Committee
Library of Congress, 101 Independence Avenue SE, Washington, DC 20540-4935
Executive Director: Susan Tarr Editor-In-Chief: Robin Hatziyannis
FLICC was established in 1965 (as the Federal Library Committee) by the Library of Congress and the Bureau of the Budget for the purpose of concentrating the intellectual resources of the federal library and related information community. FLICC's goals are: To achieve better utilization of library and information center resources and facilities; to provide more effective planning development, and operation of federal libraries and information centers; to promote an optimum exchange of experience, skill, and resources; to promote more effective service to the nation at large; and to foster relevant educational opportunities.
Return to FLICC Home Page
Library of Congress
Comments: Library of Congress Help Desk (02/25/98)