CyLab
We Have A Cyber Czar, and He Has Spoken
A debate has been running for months both among government thought
leaders and the technical literati on whether or not the US should appoint a
“Cyber Czar” who can exert authority over IT security in the federal space or perhaps even
aspects of the nation’s IT defenses. This is a complex discussion
that has had some of the greatest thinkers in and out of government
involved. A great snapshot of issues and the opinions of many well
reasoned experts are expressed in the CSIS report “Securing Cyberspace for the 44th Presidency” and other
thoughts are here: The Future of Cyber Security and here: Threats In the Age of Obama .
Unfortunately for those who would like to still debate and discuss this
issue, there is already a Cyber Czar who can accomplish most all his
objectives in our networks. His name is Russian Prime Minister
Vladimir Putin. This former KGB operative now controls Russia with an
iron fist and has shown others again and again he will exert influence
anywhere he needs to in order to accomplish his objectives. He will
use tanks when required and cyber when desired and combinations when it
suits him. There are indications his agents are also in our networks
now. If our objectives are to keep players like him out, we cannot say
we are accomplishing them. If his objectives are to get in, then we
can say he is accomplishing them. Till this situation changes, we
need to confront then this new reality: Vladimir Putin is the Cyber
Czar.
We have our own great technologists and wizards of cyber, of course.
And we have great hero entrepreneurs of technology who have built the
cyber world we all use today. One of those greats is Michael Dell,
creator of an idea and corporation that develops, manufactures, sells
and distributes personal computers we all depend on.
But he is someone who will now think twice before thinking he can
interact as a peer to Cyber Czar Putin. After listening to Putin’s speech at the World Economic Forum in Davos, Michael Dell
praised Russia’s technical and scientific prowess and asked a nice,
friendly question: “How can we help.” As a former govie CTO I would
get asked that type of question all the time from industry and really
appreciated it whenever a senior thought leader would ask that. But
not Czar Putin. He did not appreciate that at all. Putin was
offended by the assertion that the mighty Russia might need help in anything Cyber.
The exchange is captured here on YouTube:
Fortune: described the exchange this way:
“Putin’s withering reply to Dell: “We don’t need help. We are not
invalids. We don’t have limited mental capacity.” The slapdown took
many of the people in the audience by surprise. Putin then went on to
outline some of the steps the Russian government has taken to wire up
the country, including remote villages in Siberia. And, in a final dig
at Dell, he talked about how Russian scientists were rightly respected
not for their hardware, but for their software. The implication: Any
old fool can build a PC outfit.”
Clearly cyber domination is personal with Putin. He is the Cyber Czar.
I think I should end with a plea to all who care about cyber freedom and all who know the potential positive contributions of IT: Please don’t be
pleased with this current situation. Please don’t just think the title
of Cyber Czar I’ve now used to describe Putin is something we should be
proud of. It is not. We should continue to act till we are able to
assert that we are masters of our own networks. Our nation’s
intellectual property, including the intellectual property of all our
companies and citizens, is too important to let it be given away
without at least a cyber fight.
Melissa Hathaway Op-Ed on Cyber Security
I wanted to post this in totality for a couple reasons. One is it is something all of us should read. Although I believe most readers of this blog will find no surprises in this op-ed, Melissa has a real talent for capturing information in easy to understand ways and I think we can all borrow lessons from the way she explains things.
Automated Resolution of IT Problems
In January 2008 I was named to the advisory board of Triumfant, a
company who has mastered the automated detection and resolution of IT
problems. Of all the IT firms I’ve seen, they are the ones with the
most comprehensive approach to automated resolution management and the
only one I’ve seen that can automate the entire lifecycle of IT problem
management, from identification to resolution.
I recently read some very exciting news about Triumfant. They have
just signed a partnership agreement with one of the largest suppliers
of computers to the federal government: computer giant Dell Inc.
Triumfant software will be sold pre-installed on Dell computers to
federal customers running Microsoft Windows XP and Vista.
I take this as a huge endorsement of the Triumfant approach of
automated process monitoring and IT compliance enforcement. This agreement between Triumfant and Dell is
also great news for enterprise CTOs and other technologists who must
meet the mandate of the OMB’s Federal Desktop Core Configuration
(FDCC).
CMU: An impressive resource
I recently finished a visit to one of our nation's greatest intellectual resources, the school of computer science at Carnegie Mellon University. The incredible work being accomplished at the university includes the globally famous Software Engineering Institute and the equally renowned CERT/CC. CMU also serves the nation by hosting and supporting Cylab. More on each of these is below.
SEI is a Federally Funded Research and Development Center (FFRDC). SEI processes and practices, which are almost certainly familiar to readers of this blog, are now being taught at universities everywhere. Their comprehensive approach to quality is being used today by development organizations around the world and is producing fantastic results. There are many reasons for this, but the short version is that SEI processes like the Capability Maturity Model Integration (CMMI), the Team Software Process (TSP) and the Software Engineering Measurement and Analysis (SEMA) have proven to enhance the quality and performance of software activities while reducing cost and development time. Read more at: http://www.sei.cmu.edu.
The CERT/CC is a group I first stared working with in December 1998 when I was one of the startup grew of the JTF-CND. I've been a big fan of them sever since, and have tried to track what was going on there, but frankly I lost touch and am really glad I got the in person update. The CERT/CC is a critical enabler of hte IT industry's ability to detect and remediate vulnerabilities, conduct computer forensics, visualize cyber information, and respond to incidents of every scale. For more on the CERT read more at: http://cert.org.
The Cylab is the nation's largest university based research and education program focused on cyber security, dependability and privacy. Cylab conducts sponsored research as one of the NSF CyberTrust centers. According to the CyLab website:
The CyLab Strategy is to integrate response, prediction, research
and development, and education both nationally and internationally and
build capacity in:
- Technology – by pursuing an aggressive, highly
interdisciplinary research and development agenda that integrates
technology, policy, and management- Human Resources – by educating professionals in Information Technologies, Business, and Policy, and by creating “cyber-aware” citizens worldwide
- Industry – by transitioning technologies to large, medium, and small companies and by creating start-ups
For more on the Cylab read more at: http://www.cylab.cmu.edu/.
Thanks to all at CMU for doing what you do, it is really appreciated by computer scientists, CTOs and leaders everywhere. Please keep it up.