The Future of Cyberspace Security: The Law of The Rodeo

This is an update of my now annual assessment of the future of technology associated with good and evil in cyberspace which was first posted here.

Predictions
of the future of technology are increasingly starting to sound like
science fiction, with powerful computing grids giving incredible computational power to users and with autonomous robots becoming closer and closer to being in our daily lives vice just in computer science departments. Infotech, nanotech and biotech are fueling each other and each of those three dominate fields are generating more and more benefits that impact the other, propelling us even faster into a new world.   Depending on your point of view the increasing pace of science and technology can be good or
bad.  As for me, I'm an optimist, and I know we humans will find a way
to ensure technology serves our best interests.   

Read the rest of this entry »

Melissa Hathaway Op-Ed on Cyber Security

Below I'm going to post, in its entirety, the text of an e-mail I received from the ODNI notification service.   The subject is an op-ed written by Melissa Hathaway, a senior leader who has been spearheading significant coordination action in the federal government (opinion: Melissa is perhaps the most effective SES-level leader in the US government today, IMHO).

I wanted to post this in totality for a couple reasons.  One is it is something all of us should read.  Although I believe most readers of this blog will find no surprises in this op-ed, Melissa has a real talent for capturing information in easy to understand ways and I think we can all borrow lessons from the way she explains things. 

Read the rest of this entry »

Performance Management In Organizations and Computers

There are some interesting analogies between performance management applied to organizations and performance management applied to computers.

In both cases, performance metrics are crucial to success.  In organizations, what we reward gets measured, and what gets measured can be more efficiently and effectively done.   In our computers, what we decide is important gets measured, and those measurements can help us drive to increasingly effective and efficient performance.

Read the rest of this entry »

Securing Enterprise Data and Computer Power

In March I posted an entry on a significant enhancement in the computing realm, the thin client.   That post focused on how thin client computing is changing the net assessment in computer security (see:  http://www.ctovision.com/2008/03/computer-securi.html  ).

I've been really pleased to watch thin client computing take off.  How widespread is adoption now?  In August Sun announced that they had nearly doubled their shipments of thin clients from the previous quarter.   That's pretty cool.  In fact, it is Kurzweilian.  

Read the rest of this entry »

Another government IT program succeeds beyond all expectations!

2002 congress passed the E-Government Act.  It mandated that the approximately 300 federal entities that can make rules expose those rules in a modernized way and also specified that regulations in draft will be exposed so comments can be solicited.

The government's response: OMB and CIO's from throughout the government established an eRulemaking solution that required extensive IT planning, engineering and the fielding of a new IT system.  The eRulemaking Initiative's Federal Docket Management System (FDMS) was created to provide an online public docket and comment system which expands public access to read and comment on Federal Agency rulemaking. Although it is a centralized system, agencies were given an ability to manage content and workflow related to their own regulations. Scalable web-based solutions that enable users in government and also citizens to find and read proposed legislation and supporting documents was provided.  

And they did this in a way that was way under budget and delivered on time.  And its functionality exceeded all expectations.  Which is GREAT!

As an IT professional, this is the really neat part that bears repeating.  This project, which is very complex and IT intensive, was delivered under budget and on time.  Additionally, its capabilities far
exceeded the expectations of everyone involved.

If you haven't heard of FDMS, maybe it is because it was widely successful.  To frequently the only programs that make news are those that don't deliver on expectations.  That means IT heros, like Pat Micielli of EPA who led this program, frequently don't get the recognition they deserve for the great things they do.

I hope I've gotten your curiosity up a bit on what Pat accomplished. If you are a citizen of the US you should be very proud of this one.  So check out http://regulations.gov for a first hand look.  You will see a single interface into approximately 1.5 million documents.  Don't worry, there is a way you can navigate through these without looking at each individual record.  Just dive in and give it a try.  Search for a term like "data center energy"and view the results or narrow them down by agency.  Or click on those in the range of comment period you are interested in.  which ever selection you pick, notice how all the other facets of the search change as you do.   See how you can guide through the results and how the results keep giving you options for refining results?  After you try it this way, can you imagine doing it any other way?

Government users are giving more access (there are nearly 4 million records accessible only by federal agency users on FDMS.gov).

Overall, as a CTO and an admirer of technologists at the large agencies, I enjoy pointing this out and really admire what these folks have done.   Great Job!  And as a citizen– Thanks!

I hope to see you at the Synergy Conference

The second annual Synergy Conference and expo will be held 12-15 August 2008 at Marco Island, FL.  Last year’s conference provided a great way for participants to learn from each other and interact with speakers from both operational and intelligence backgrounds.   I sure enjoyed it. It was one of my last official events before leaving DIA.    I had a couple speaking parts, so I got to solicit feedback on my views of the future of technology, and I really appreciated that.  But it was also really enjoyable to be on a panel led by Col Montgomery that let me interact with John Marshall of JFCOM, LTC Mahoney of NRO and Ms. Lynn Schnurr of the USA G2 (she is the CIO for G2). 

I also spoke on a dinner panel with General Clapper and Rita Bush.   What an honor to be seated next to them. 

And then I ended up on a third panel moderated by Lewis Shepherd that included Rita Bush, Gayle von Eckartsberg and David Chaffee.  I enjoyed that panel the most.  Ten minutes before the panel Lewis reminded me that I should have graphics.  No worries, I said, I’m a trained Naval Intelligence officer, I can produce graphics almost instantly.  The result was the attached.

A key graphic in the presentation is shown here.  This graphic is my list of who is wired and who is tired in enterprise technology.  On the tired list, Acquisition Executives.  They have a hard hard job that is thankless most of the time, largely because of the constant mission demands, the horrible government system they have to work in, and the fast pace of technology that is making them less relevant.

In my comments I mentioned that because of the rapid pace of technology and the increasing tech savvy of power users and the ability for users to “mashup” their own solutions, “Acquisition executives are becoming increasingly irrelevant to the delivery of capabilities to end users.” 

I didn’t mean for that comment to generate drama, but it seemed to do just that!  Friends/allies/associates in the audience went wild with the remark.  Then my comrade and community leader Kevin Meiners asked me for my handwritten notes and used them in introducing Jennifer Walsmith, the Acquisition Executive for all of NSA!   Much to my surprise, Jennifer agreed with me that things are getting harder on the acquisition community and there is a great need for change. 

This year I’ll be spending most of my time watching/listening/visting the expo floor, but I do have a few brief moments on a panel and look forward to seeing how I can insert some drama/controversy to the proceedings.  

Anyway, if you can make it to Synergy, please come.  If you can’t make it, please stay tuned to the blog.  I’ll try to capture interesting parts in future entries.   I’ll also plan on posting to Twitter while there, so please sign up for your Twitter account and connect to me there at http://twitter.com/bobgourley

More on Synergy:

The 2nd Annual Synergy Conference and Expo
will provide a unique forum to highlight advances the Intelligence and
Operations communities have made in support to military operations in a
tactical wartime environment and how these may reform national-level
processes. It will give front line Operators, Key Decision Makers,
Intelligence professionals, Technologists, and Academia the opportunity
to learn from and work with experienced tactical-level representatives.

In conjunction
with U.S. Strategic Command (USSTRATCOM), the Government Emerging
Technology Alliance (GETA) is planning an event that will focus on:

• Changes occurring and envisioned in the relationship between Operations
  and Intelligence as a result of lessons learned from current wartime
  activities.
• Each of the Uniformed Services
  sharing their front-line experiences and providing thought provoking
  ideas about the critical need for change in an agile operational
  environment.
• Insight into activities at the
  Commands and National Intelligence Agencies with the critical
  challenges of better integrating Operations and Intelligence activities
  during a period of Irregular Warfare.

Compliance enhances IT support to the mission

I’ve previously blogged about Triumfant, a company that has mastered
the automated detection and resolution of IT problems.   I also think
of them as the world’s greatest compliance monitoring capability.  What
do I mean by compliance?  I mean compliance in the context of the many
rules, regulations and configurations that external organizations and
the government require, and also compliance with your own policies and guidance.

For those who are not familiar with the full scope of compliance
issues, a great source is the site of the IT Compliance Institute.  
Their goal is to be a global authority on the role of technology in
business governance and regulatory compliance.   That means they are
driven to seek out regulations, understand the requirements for
compliance, and then help determine the best way to automate that
compliance. 

The site holds several white papers and
checklists on topics like IT Audit, Risk Management, keeping up SOX
compliance, Change Management, Logging, Reporting, and Security.  
These papers seem to be good primers for any CTO or other enterprise
technologist who needs to understand this domain. 

Here are some other thoughts on compliance:

- During my time as a CTO of a DoD Agency, I noticed a shift in how
federal organizations perceived compliance.  Federal organizations are
all about compliance, and have long followed mandates like the
Clinger-Cohen Act, FISMA, the many Enterprise Architecture requirements
(like DoDAF or FEA), and a wide variety of other requirements.   But
most federal organizations did not treat compliance as a way to
optimize delivery of IT capabilities to users.   And most federal
organizations did not have to comply with many of the regulations being
levied on industry (like SOX, for example).   That is all changing. 

- More recently IT professionals began to see compliance and the need
for automated control of systems as a way of not just complying with
regulation and reporting requirements, but a way of ensuring uptime,
helping speed delivery of new software deployments, helping reduce IT
admin costs, and helping with overall abiity to support the mission. 
Add to this new awareness of the importance of compliance the recent
shifting of federal policy  towards having agencies produce financial
audits and IT auditing requirements to the same standards as the
commerical sector.

There are more shifts in compliance underway in the federal space,
including a new Federal Desktop Core Configuration (FDCC).  I see all
this compliance as a good thing that should be executed in a way that
enhances uptime, enhances security, and enhances the delivery of
capability to end users. 

For more on compliance see my previous post    http://www.ctovision.com/2008/07/automated-resolution-of-it-problems.html

For more on triumfant see:  http://triumfant.com