We Have A Cyber Czar, and He Has Spoken

A debate has been running for months both among government thought
leaders and the technical literati on whether or not the US should appoint a
“Cyber Czar” who can exert authority over IT security in the federal space or perhaps even
aspects of the nation’s IT defenses.  This is a complex discussion
that has had some of the greatest thinkers in and out of government
involved.   A great snapshot of issues and the opinions of many well
reasoned experts are expressed in the CSIS report “Securing Cyberspace for the 44th Presidency“   and other
thoughts are here: The Future of Cyber Security and here: Threats In the Age of Obama .

Unfortunately for those who would like to still debate and discuss this
issue, there is already a Cyber Czar who can accomplish most all his
objectives in our networks.  His name is Russian Prime Minister
Vladimir Putin.  This former KGB operative now controls Russia with an
iron fist and has shown others again and again he will exert influence
anywhere he needs to in order to accomplish his objectives.  He will
use tanks when required and cyber when desired and combinations when it
suits him.  There are indications his agents are also in our networks
now.  If our objectives are to keep players like him out, we cannot say
we are accomplishing them.  If his objectives are to get in, then we
can say he is accomplishing them.  Till this situation changes, we
need to confront then this new reality:  Vladimir Putin is the Cyber
Czar.

We have our own great technologists and wizards of cyber, of course. 
And we have great hero entrepreneurs of technology who have built the
cyber world we all use today.  One of those greats is Michael Dell,
creator of an idea and corporation that develops, manufactures, sells
and distributes personal computers we all depend on.

But he is someone who will now think twice before thinking he can
interact as a peer to Cyber Czar Putin.  After listening to Putin’s speech at the World Economic Forum in Davos, Michael Dell
praised Russia’s technical and scientific prowess and asked a nice,
friendly question:  “How can we help.”  As a former govie CTO I would
get asked that type of question all the time from industry and really
appreciated it whenever a senior thought leader would ask that.  But
not Czar Putin.  He did not appreciate that at all.   Putin was
offended by the assertion that the mighty Russia might need help in anything Cyber.
The exchange is captured here on YouTube:

Fortune: described the exchange this way:

“Putin’s withering reply to Dell: “We don’t need help. We are not
invalids. We don’t have limited mental capacity.” The slapdown took
many of the people in the audience by surprise. Putin then went on to
outline some of the steps the Russian government has taken to wire up
the country, including remote villages in Siberia. And, in a final dig
at Dell, he talked about how Russian scientists were rightly respected
not for their hardware, but for their software. The implication: Any
old fool can build a PC outfit.”

Clearly cyber domination is personal with Putin.  He is the Cyber Czar. 

I think I should end with a plea to all who care about cyber freedom and all who know the potential positive contributions of IT:  Please don’t be
pleased with this current situation.  Please don’t just think the title
of Cyber Czar I’ve now used to describe Putin is something we should be
proud of.  It is not.  We should continue to act till we are able to
assert that we are masters of our own networks.  Our nation’s
intellectual property, including the intellectual property of all our
companies and citizens, is too important to let it be given away
without at least a cyber fight.

A look ahead: Some technology developments to expect in 2009

2008 was a year of rapid changes for Chief Technology Officers.  We should expect 2009 to move even faster.  Where will the biggest trends take us?  I offer some considerations below.  Please
look these over and give me your thoughts.   Push back if you have
disagreement.

First, my overall advice for CTOs in 2009… Just like the new thin interfaces you will be testing in your lab… be flexible.   Now here are some more thoughts on what's in store for CTO s in 2009:

• Here is a no-brainer: Increasingly CTOs will leverage social media to
  collaborate.  Things are moving so fast that we all like to network to
  seek help on big things and to get advanced warning on what is coming
  next.  More of us will be on Twitter, in Facebook, and writing blogs. 
  And this is a good thing.

• "Mashups" will still be very
  important as an enterprise objective in 2009 (and beyond).   And the
  company that will help accelerate them into the federal enterprise is
  JackBe.  They do things in a way that enterprise CTO s like.  They build
  in connections to governance, security, identity management.  And they
  play well with the entire ecosystem so you don't have to rework all
  legacy just to use them.  Of course web2.0 will remain a key trend, but mashups takes web2.0 to a new, more mission-oriented level and for enterprise players the mission is what is important.

• An approach we will all learn to love and follow is "context
  accumulation".   This very important term was coined by Jeff Jonas, and
  I think Jeff is going to have all of us moving out on that in the next
  12 months.   If you agree, visit his blog and by all means help others
  understand why this is really the only way we humans stand a chance of
  surviving/thriving in the onslaught of data.

• Federal acquisition of IT will still be criticized for all the
  reasons it always has been.  But there will also be an acceleration of
  a dramatic positive change brought about because of open source
  software and a new appreciation that IT acquisition processes
  (RFI/RFP/FAR/DFAR based purchases) do not apply to software that is
  free.  Free software is not being bought, it is being used, for free. 
  The whole reason the FAR exists is to ensure when the taxpayer's money
  gets spent it gets spent wisely.  When things are free the FAR has less
  applicability.  Services for open source are being bought and since
  that uses government money of course the taxpayers will continued to be
  served by the same FAR-type processes that are meant to ensure open
  competition, but that is not for free open source software, that is for
  services to configure and manage the software.

• Will this be the year of enterprise security?  We have been banking on that for a long long time.  We know the answers on how to make enterprises more secure.  There is a great recap of some of the most important components of security in the CSIS report.  But there are many more things that can be done as well. My goal, as captured here, is to improve security by two orders of magnitude within the next 24 months. 

• Netbooks, Thin Clients and Cloud Computing will accelerate
  throughout the technology landscape, especially inside the federal
  government.  These trends in both devices and the cloud components are directly related and are also benefiting from the global, unstoppable trend toward open computing
  (open software and open standards).  One to watch in this area:  Sun
  Microsystems.   But also track the dynamics of the netbooks providers. 
  Dell will get serious about netbooks, but Acer will continue to grow
  market share.

• A key accelerator of Cloud Computing has been the powerful technologies of virtualization, especially those of VMware.  Open source and other virtualization capabilities are coming fast too.  Trend to watch in 2009 is the arrival of higher order, more elagant capabilities to manage virtualizaiton accross large enterprises.  VMware and Opsware (HP) will continue to evolve to do this, but Appistry, Vizioncore, Xsigo and Sun (and others?) are coming fast.    
• Increasingly leaders will recognize that concepts of operation that
  require humans to tag and create metadata are sub-optimized.  When busy
  people are tasked with burdensome tagging operations they too
  frequently become tempted to cut corners and rush the process.  Over
  time, meta data generated this way just becomes meta crap.  This
  growing recognition in the federal space will sweep in new technologies
  and new approaches to discovery of content.  One to watch to solve this
  issue:  Endeca, because of their approach to visualizing information and enabling human to computer iterative examination of data. 

  

• Flexible computers will arrive in production this year for early
  adopters and many CTOs will use them in labs to assess applicability
  for massive deployment in the coming years.   These flexible computers
  are the ultimate thin clients.   Backends/servers/architectures
  developed for the cloud perfectly suit ultra thin, flexible computing
  devices. For more on this hot topic, start at the site of the Flexible Display Center at ASU.

• Collaboration will increasingly be seen as the means to link human
  brains together.   Collaboration tools that are stand alone stovepipes
  will be a thing of the past.  Users will collaborate using the entire
  technology environment:  voice, video, data, whiteboard, chat,
  application sharing, info discovery will increasingly be integrated
  into a single fabric.  Key players here:  Adobe, Microsoft and Cisco.

• In a big change for how money is moved in major enterprises, the CIO
  will be given responsibility for the energy budget.  This will encourage
  CIOs to modernize to conserve energy, since money saved from energy
  costs can be invested back in modern IT.  This will be a very virtuous
  cycle, that saves money for organizations, saves energy, and modernizes
  IT.   

• In a stunning turn, IPv6 will be rapidly adopted, not by enterprises,
  but in homes.  The major home communications provider that delivers
  full IPv6 to home environments (and to cell phones) will have an incredible advantage over
  competitors and will dominate.  The many rich features of IPv6
  delivered to consumers will finally push enterprises everywhere to move
  out on IPv6. 

• In 2009, as in every year prior and for most into the future, there
  will continue to be bad people using technology to do bad things. 
  Enterprises will move to protect info, but bad guys will keep moving to
  get the data.   And the use of social networking tools by terrorists
  will likely grow.  This is not a foregone conclusion, but I'm not
  personally sure what can be done to mitigate the use of advanced
  technology by bad people, other than to say that we good people need to
  work together more to stop them, and my hope is that we can keep 2009
  safe and secure.

Thoughts/comments/suggestions?  Please let me know what you think.

Compliance enhances IT support to the mission

I’ve previously blogged about Triumfant, a company that has mastered
the automated detection and resolution of IT problems.   I also think
of them as the world’s greatest compliance monitoring capability.  What
do I mean by compliance?  I mean compliance in the context of the many
rules, regulations and configurations that external organizations and
the government require, and also compliance with your own policies and guidance.

For those who are not familiar with the full scope of compliance
issues, a great source is the site of the IT Compliance Institute.  
Their goal is to be a global authority on the role of technology in
business governance and regulatory compliance.   That means they are
driven to seek out regulations, understand the requirements for
compliance, and then help determine the best way to automate that
compliance. 

The site holds several white papers and
checklists on topics like IT Audit, Risk Management, keeping up SOX
compliance, Change Management, Logging, Reporting, and Security.  
These papers seem to be good primers for any CTO or other enterprise
technologist who needs to understand this domain. 

Here are some other thoughts on compliance:

- During my time as a CTO of a DoD Agency, I noticed a shift in how
federal organizations perceived compliance.  Federal organizations are
all about compliance, and have long followed mandates like the
Clinger-Cohen Act, FISMA, the many Enterprise Architecture requirements
(like DoDAF or FEA), and a wide variety of other requirements.   But
most federal organizations did not treat compliance as a way to
optimize delivery of IT capabilities to users.   And most federal
organizations did not have to comply with many of the regulations being
levied on industry (like SOX, for example).   That is all changing. 

- More recently IT professionals began to see compliance and the need
for automated control of systems as a way of not just complying with
regulation and reporting requirements, but a way of ensuring uptime,
helping speed delivery of new software deployments, helping reduce IT
admin costs, and helping with overall abiity to support the mission. 
Add to this new awareness of the importance of compliance the recent
shifting of federal policy  towards having agencies produce financial
audits and IT auditing requirements to the same standards as the
commerical sector.

There are more shifts in compliance underway in the federal space,
including a new Federal Desktop Core Configuration (FDCC).  I see all
this compliance as a good thing that should be executed in a way that
enhances uptime, enhances security, and enhances the delivery of
capability to end users. 

For more on compliance see my previous post    http://www.ctovision.com/2008/07/automated-resolution-of-it-problems.html

For more on triumfant see:  http://triumfant.com

Automated Resolution of IT Problems

In January 2008 I was named to the advisory board of Triumfant, a
company who has mastered the automated detection and resolution of IT
problems.  Of all the IT firms I’ve seen, they are the ones with the
most comprehensive approach to automated resolution management and the
only one I’ve seen that can automate the entire lifecycle of IT problem
management, from identification to resolution.

I recently read some very exciting news about Triumfant.   They have
just signed a partnership agreement with one of the largest suppliers
of computers to the federal government: computer giant Dell Inc.  
Triumfant software will be sold pre-installed on Dell computers to
federal customers running Microsoft Windows XP and Vista.   

I take this as a huge endorsement of the Triumfant approach of
automated process monitoring and IT compliance enforcement.   This agreement between Triumfant and Dell is
also great news for enterprise CTOs and other technologists who must
meet the mandate of the OMB’s Federal Desktop Core Configuration
(FDCC). 

Read the rest of this entry »