Month: March 2009
Widespread Cyber Espionage: More evidence and what to do about it
This week the New York Times and CNET ran a story by John Markoff titled “Vast Spy System Loots Computers in 103 Countries”
It reads in part:
A vast electronic spying operation has infiltrated computers and has
stolen documents from hundreds of government and private offices around
the world, including those of the Dalai Lama, Canadian researchers have
concluded. In a report to be issued this weekend, the researchers said that the
system was being controlled from computers based almost exclusively in
China, but that they could not say conclusively that the Chinese
government was involved.
Responding Strategically to Cyber Attacks
The last 12 months has seen a significant amount of progress in our
nation’s awareness of cyber threats and in our collective actions to
address the security of our IT systems. However, a huge amount of work remains
to be done.
In a cyber context, the situation is a little like the one Winston Churchill described when he said: “This is not the end. It is not even the beginning of the
end. But it is, perhaps, the end of the beginning.” We in the cyber world have taken some serious blows, and we are shoring up our defenses. But there is a long long way to go before our
objectives are met.
With this post I want to provide a snapshot of some of the progress of late.
1) CNCI: The Comprehensive National Cybersecurity Initiative provided a kickstart to many elements of the federal enterprise and facilitated coordination action by multiple agencies. It was also an important evolution for Congress. The changes to the federal budget and the intentions of agencies was very positive. It is my opinion that the CNCI made a lasting positive difference in reducing unauthorized access into the federal enterprise and in enhancing resiliency of our systems. For more info see:
2) The CSIS report and related actions/studies: This 8 Dec 2008 report is the result of hard work and collective study by some of the best brains in the cyber security world. Commissioners on the study are a who’s-who of security and the quality of this report is a direct reflection of this fact. The report offers recommendations on multiple hard areas and should be referenced by anyone making decisions in the IT arena. A recent related development is the posting by SANS of the Common Audit Guidelines. This is a fantastic step towards providing guidelines to enhancing security and functionality. Read the rest of this entry »
A Proposal Regarding High Tech Immigrants to the US
The topic of H-1B visa’s has always been a hot one. In the current economic climate there are plenty of American tech workers looking for work and therefore this special visa program is under increasing scrutiny. I have many friends and associates and family members who have either lost jobs or found themselves in positions they would not prefer due to the current economic meltdown and my bias is to side with them on this. We need to rethink the nation’s objectives regarding the H-1B program (you can read more on the H-1B visa program, including criticisms, at wikipedia). Read the rest of this entry »
You Really Have to See This: From MIT Media Lab
Words can hardly describe how neat this technology is. I’m excited and enthused for many reasons, including the potential power of this technology to help us all make better decisions and of course to bring even more fun to our lives. Watch and let your imagine go… Think of the wonderful ways we can interact with data to do good things in the world.
Other thoughts: Look for the dynamic, moving newspaper. Yet again there is more evidence that Hollywood is driving enterprise technology.
Vivek Kundra: Still the Alpha CTO and now the First Fed CIO
Today’s news on Vivek Kundra’s role in the federal space made me think of another CTO, Yuvi Kochar. Yuvi, the CTO of the Washington Post, is a great connector of CTOs who leads the informal collective of the Washington Area CTO Roundtable. Although I had heard Vivek speak a time or two, the first really deep interactions I had with
Vivek were through Yuvi’s work in service to the tech community and I much appreciate that.
For a quick update on Vivek from a CTO perspective see: Read the rest of this entry »
Open Source Databases
All indications are the next significant growth segment for open source software will be in databases. This follows the trend of open source operating systems (Open Solaris and Linux).
Additionally, MySQL can result in better reliability and more uptime, which should also be factored into your TCO calculations.
So, those are cost reasons to move to MySQL. Other, perhaps more important reasons include:
- It is easy to learn and easy to administrate
- It helps prevent vendor lock-in and companies that will try to place you over the barrel
- Security is built in and in my opinion there will continue to be fewer vulnerabilities in MySQL because of its open source model
- There are very large numbers of developers supporting MySQL, so it is easy to find highly qualified developers and administrators.
John Stewart Examines and Explains Twitter
Note: This is an update of the now famous John Stewart Twitter explanation that links to the Comedy Central version. The YouTube version was pulled in order to better serve you.
This video clip from the Daily Show just made my day.
.cc_box a:hover .cc_home{background:url(‘http://www.comedycentral.com/comedycentral/video/assets/syndicated-logo-over.png’) !important;}.cc_links a{color:#b9b9b9;text-decoration:none;}.cc_show a{color:#707070;text-decoration:none;}.cc_title a{color:#868686;text-decoration:none;}.cc_links a:hover{color:#67bee2;text-decoration:underline;}
This video reminds me of discussions I’ve been in with so many people who wonder why anyone would ever want or need a microblogging capability like this.
As for me, I like Twitter. It lets me keep a key slice of friends in the loop on things and it lets me learn from a large group of folks. It gives me insights into conferences and events I can’t be at. And it provides a great source of new reading and links to URLs I would never have found without it. And since I follow Rainn Wilson there, it provides a chuckle or two as well.
I know many CTOs who are also using it in similar ways (for example, see @lewisshepherd or @Padmasree ). Following them is a great way to stay in the loop.
If you are not on Twitter, check it out. If you are on Twitter, connect to me at http://www.twitter.com/bobgourley
White House Conducting Review of Cyber
Followers of the cyber initiative and its related work have been strongly encouraged by the kickoff of a 60 day study tasked by the White House and led by Melissa Hathaway. Melissa was named by President Obama to conduct this review. As has been reported here in previous posts Melissa is one of the most effective, efficient senior executives in public service, and I have no doubt she will execute this task in a way that benefits the nation.
As an update, the White House blog posted an entry on this study today. It reads as follows:
QUOTE:
<!–
WhiteHouse.gov Blog
–>
Monday, March 2nd, 2009 at 11:14 am
Cyber review underway
John
Brennan, Assistant to the President for Homeland Security and
Counterterrorism, passed along this update about the ongoing review of
our nation’s communications and information infrastructure.
In response to President Obama’s
direction, the National Security Council and Homeland Security Council
are presently conducting a 60-day review of the plans, programs, and
activities underway throughout the government that address our
communications and information infrastructure (i.e., cyberspace). The
purpose of the review is to develop a strategic framework to ensure
that our initiatives in this area are appropriately integrated,
resourced and coordinated both within the Executive Branch and with
Congress and the private sector.
Our nation’s security and economic
prosperity depend on the security, stability, and integrity of
communications and information infrastructure that are largely
privately-owned and globally-operated. Safeguarding these important
interests will require balanced decision making that integrates and
harmonizes our national and economic security objectives with enduring
respect for the rule of law. Guided by this principle, the review will
build upon existing policies and structures to formulate a new vision
for a national public-private partnership and an action plan to:
enhance economic prosperity and facilitate market leadership for the
U.S. information and communications industry; deter, prevent, detect,
defend against, respond to, and remediate disruptions and damage to
U.S. communications and information infrastructure; ensure U.S.
capabilities to operate in cyberspace in support of national goals; and
safeguard the privacy rights and civil liberties of our citizens.
The review will be completed by the end
of April 2009. At that time, the review team will present its
recommendations to the President regarding an optimal White House
organizational construct to address issues related to U.S. and global
information and communications infrastructure and capabilities. The
recommendations also will include an action plan on identifying and
prioritizing further work in this area.
Learn more about the administration’s Homeland Security priorities.
UNQUOTE
The fact of this White House blog entry is a huge signal that something has changed. Openness on this topic was unthinkable just months ago. We have also seen more direct work with industry groups on cyber, another positive step.
There is a great deal of work to be done in a very short amount of time. What ever the result of this review is I’m sure it will be first rate and I’m ready to support it fully. It is not often that I endorse something before it is done, but in this case I think it is the right thing to do. There are too many bad things happening because of poor security, and too much of the economy is hurting because of it.
For more on related topics see:
Foreign Spies Make Recession Worse and Steal Part of Our Future
and