DHS
My Opinion: NYT wants cyber security to be a divisive issue.
I just read an article that seems designed to keep spreading FUD (Fear, Uncertainty, Doubt) about the US government and the NSA. The article is titled “Control of Cybersecurity Becomes Divisive Issue “. It starts with an assertion stated as if it were a fact that says “The National Security Agency has been campaigning to lead the government’s rapidly growing cybersecurity programs”.
I bump into all sorts of people in the beltway, and there is a huge amount of buzz regarding cyber. There is also a huge amount of pontification and rumor and hype, and I think Risen and Lichtblau have fallen for some of that. Read the rest of this entry »
The Number One Reason To Move To Open Source: Security
I just read Bill Vass’s latest blog entry titled: “The No. 1 Reason to Move to Open Source is to IMPROVE Security”
Bill opens this article with:
If you are like me, and you have been involved in cryptography and Cyber Security for a long time, it’s obvious to you that commercial open source code is more secure. As a matter of fact, in the late 90s, many of the Intelligence agencies mission systems and the DoD tactical systems moved to open source ONLY to improve security. Today, the majority of the critical systems in the Intelligence agencies (the people that care most about Cyber Security) run on open source operating systems like Solaris and Linux. The same is true of places like the FAA, IRS, and a whole lot of other organizations that care
about security.We have a saying in the world of Cyber Security: Security through obscurity, isn’t.
CTOs, Global Cyberwar and Our Collective Future
If you are a technologist, please take a moment to download the PDF of the report by the U.S. Commission on Cybersecurity. This report, titled Securing Cyberspace for the 44th Presidency, is the best proclamation of the challenges of cyber I have read. It is also a roadmap that will help any trying to navigate these very tough issues.
I've been involved in things cyber for a long time. My deepest
involvement began in December 1998, almost 10 years ago to the day.
In all that time I've seen lots of studies and lots of papers and many
treatments of the issues. But I've never seen one that captures the
complexities and the need for specific actions as well as this one.
I'd really recommend you read every word, if you want to be considered literate in this field. But if it will be a little while till you get to it, here are some key points:
The three major findings are: 1) Cybersecurity is now a major national security problem for the U.S., 2) Decisions and actins must respect privacy and civil liberties, and 3) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure.
The report makes a few points about the Bush Administration's Comprehensive National Cybersecurity Initiative (CNCI). In general the give credit to that initiative, and call it good. I agree, it is a great activity I've previously written about that is led by one of the most effective people in government today and has done great work. But as the comission points out, the work of the CNCI is good but not sufficient.
The biggest shock for me in this study: The amount of funding on R&D for cyber security. I have been looking into the many activities underway, and maybe that look made me deceive myself into thinking it was a well funded effort. According to the comission, however, they estimate that the total R&D funding in the federal government for cybersecurity is about $300million. Less than two-tenths of one percent of the total federal R&D.
The report has a great section on identity manangement.
I am convinced the organizational approaches outlined in the study are the right ones as well. There is only one place in our government where we can lead solutions to this challenge. Where is that? Hey read the report!
What else do I recommend CTOs do besides read the report? I think one way we can all help the cybersecurity effort is to think through which standards bodies are the most important to engage with regarding security. A few are here:
http://www.ctovision.com/2008/05/standards-organizations-ctos-should-track.html
Three Events of Federal CTO Interest: Will You Be At These?
FYI, in case your schedule will allow us to connect in person I wanted
to update you on a few events I plan on being at over the next few
weeks.
The Advanced Technical Intelligence Association TECHINT conference will
be held 9-11 Dec 2008. This conference focuses on the technical
dimensions of intelligence, and has a theme of "integrated
performance." The theme refers to the need to integrate capabilities
from all the agencies engaged in national security to better perform in
meeting our national security challenges. On 9 Dec I'll be speaking
at a panel on the real and growing threat in cyber space. There will
be no blogging or tweeting from the conference. But if you are going
to be there please drop me a note and lets connect in person there.
For info see http://masint.org
The AFCEA Solutions conference on Cyberspace will be held 10-11 Dec
2008 at the Ronald Reagan Center in DC. This conference will be
focusing on the challenges and solutions of cyberspace related to
national security. Speakers include Secretary of Homeland Security the
Honorable Michael Chertoff, The Deputy Secretary of Defense the
Honorable Gordon England, Assistant Secretary of Defense for Networks
and Information Integration the Honorable John Grimes, Ms. Melissa
Hathaway, senior adviser and cyber coordination executive for the
Director of National Intelligence, LTG Keith Alexander, Director of the
National Security Agency, Deputy Assistant Secretary of Defense for
Information and Identity Assurance Mr. Bob Lentz and Deputy Assistant
Secretary of Defense for Information Management Mr. David Wennergren.
I'll be speaking on a panel on Wednesday at 1530 on formulating a
common response.
-
This unclas conference follows a model that AFCEA has been using for
several similar events. They are actively seeking ways to enhance the
value of these conferences by leveraging more Web2.0 capabilities
before, during and after the formal presentations. Blogging and
tweeting from the conference is encouraged. You can visit the site at: www.afceasolutions.org/group
For the event schedule and program details can be found online here: www.afceasolutions.org
The US Army Intelligence Warfighting Summit will be held 15-17 Dec
2008. This one will also be a conference where blogging and use of
twitter is not appropriate due to the sensitivity of info discussed.
However, I would appreciate knowing if you will be going so we can
connect there in person. Speakers will include the most senior Army
intelligence leadership, plus Vice Admiral Bob Murrett from NGA, LTG
Alexander from NSA, and Scott McNealy from Sun Microsystems. For more
on the event see: http://www.ncsi.com/iws08/index.shtml
So, if you are going to any of these please let me know.
And please follow me on Twitter so I can send you a few bursts from the AFCEA conference. I'm at http://www.twitter.com/bobgourley
Cheers.
The Technology Implications of the Obama Win
There are several megatrends sweeping the technology industry today. Some of them are about to be accelerated.
I like to use five key topic areas to track megatrends in IT:
– Globalization and increasing internationalization of IT and demographic shifts
– Increasing open development of software and hardware
– Power, Cooling and Space (PCS) impacting data centers and every place computing is done
– Increasing pace of technology development and probability of disruption
Over the past two months two major events have occurred which are impacting these trends.
The
first was the collapse of Lehman Brothers and the resulting cascading
effects on the financial industry. The impact on IT spending and the
movement of more enterprises to grid/cloud computing because of that
are still being assessed, but for some thoughts see: Wall Street Crisis
The second was the Presidential election of Barack Obama.
Melissa Hathaway Op-Ed on Cyber Security
I wanted to post this in totality for a couple reasons. One is it is something all of us should read. Although I believe most readers of this blog will find no surprises in this op-ed, Melissa has a real talent for capturing information in easy to understand ways and I think we can all borrow lessons from the way she explains things.
Performance Management In Organizations and Computers
There are some interesting analogies between performance management applied to organizations and performance management applied to computers.
In both cases, performance metrics are crucial to success. In organizations, what we reward gets measured, and what gets measured can be more efficiently and effectively done. In our computers, what we decide is important gets measured, and those measurements can help us drive to increasingly effective and efficient performance.
Day One at Synergy Conference
This post provides a summary of day one of the STRATCOM Synergy conference. The conference is focused on integrating combat ops/intelligence implications for national intelligence processes. Conference leader Brigadier General Billy Bingham (USAF, ret) opened the conference by reviewing what was discussed last year’s Synergy conference. He also laid out the goal for this year’s conference, to keep moving things forward and to ensure we are “Integrating operations and intelligence so we can achieve our nation’s objectives in the most efficient means possible. ”
The morning included a presentation by the STRATCOM J5 (Brigadier General Mark Owen). He was followed by Major General Michael Ennis, Deputy Director of the National Clandestine Services for community HUMINT at CIA. The afternoon was filled with discussions and briefings that brought home the perspectives of operators from the Ops/Intel world, including a panel filled with ops/intel professionals which discussed lessons learned. Perspectives on ops/intel synergy on the front lines were provided by a seasoned Marine Corps professional. Key areas where ISR models clash were highlighted by a seasoned Air force ISR Colonel. An update was provided on army operational intelligence.
The following provides some takeaway’s from the discussions:
Brigadier General Owens mentioned the many missions of STRATCOM, including nuclear deterrence, and also cyberspace. In his view, STRATCOM’s mission in cyber is to ensure freedom of action in cyberspace. He also signaled a strong intention of the Commander, STRATCOM to return the J2 position to the importance it once had. He also signaled a strong intent to do that while integrating ops and intel into the mission. He talked about the terms he likes to use, those of intelligence and warfighters, since the operators are warfighters.
General Ennis gave personal stories underscoring how important it is for ops and intel to work together. He said great staffs have always worked that way and now at CIA it is all ops and intel together, at JSOC it is all ops and intel together. He thinks it is wrong to use the old models of ops and warfighters. That too frequently forces a separate structure. In the old days there was an ops cell and an intel cell and they were separate. Today, in efficient operations, the intel and ops cells are together. General Ennis is a strong believer in new tools and thinks three in particular are dramatically changing the way we are working together. Blogs, Wikis and the class of tools that lets users go after content in search vice just headlines. By Blogs and Wikis he meant the many open source/Internet based wikis that can provide context and situational awareness. For example, the MCIA cultural intelligence initiative makes extensive use of these tools. He also provide some thoughts on the term “information sharing.” There are things he doesn’t like about that term because sharing implies the data is yours to own and to decide when to share. He believes in joint interagency platforms for ensuring responsiveness, relevance and unity of effort. Regarding Open Source, he would like to see an interagency open source center that is focused on hard problems. Regarding IT, he believes a common IT backbone is critically important to mission success.
The afternoon speakers hit on many great topics related to ISR and the different cultures in the Services and how they clash over ISR. There were many great stories and lessons, and several meaty recommendations. But the bad news is all the stories sound the same as they have for years and the lessons learned are the same ones we have been relearning for years. I guess the point of the conference is that we need to embody those lessons somehow.
More later
CTOvision Blog 