February 2009 • Volume 7 • Number 1

Cybersecurity Execs Get Obama's Support
 

Cyber attacks on government computers rose 40% last year US-CERT reported on February 18. Yes, attacks are up; but so also up are government's efforts to thwart the bad guys. And now that government and industry cyber execs have a staunch ally in the White House, look for government to put the "pedal to the metal" to boost cyber security implementation and education.

President Obama took his first course of action on February 9, when he ordered a 60 day review of the nation’s cybersecurity to probe how federal agencies use technology to protect secrets and data.

 

According to the White House, this effort is being led by Melissa Hathaway, respected leader of the Comprehensive National Cybersecurity Initiative. She has the task of examining all the government plans, programs and activities to manage large amounts of data – including passport applications, tax records, personal tax returns and national security documents.

Pro-Active Cyber Execs
 

But government's cyber security efforts didn't start on January 20. And right now there are dedicated cyber security pros working hard every day to protect government networks and data. So, what are government agencies doing in the cybersecurity arena-- right now? And how is the private sector engaging with the government to put the clamps on the continuous barrage of attacks?

 

Government and industry leaders answered those questions and more during the recent Federal Executive Forum on Cybersecurity broadcast on Federal News Radio. The panel was moderated by Jim Flyzik of The Flyzik Group and included:

 

·         Robert Carey, CIO, Department of Navy

·         Rear Admiral Mike Brown, Deputy Assistant Secretary, Cyber Security and Communications at the National Protection Program Directorate, DHS

·         Richard Hale, Chief Information Assurance Executive, DISA

·         Lee Holcomb, VP for Strategic Initiatives, Lockheed Martin Information Systems and Global Services

·         Robert Dix, VP Government Affairs, Juniper Networks

·         William Billings, CISO, Microsoft Federal

During the hour long discussion, panelists discussed the current state of cybersecurity, challenges and priorities and gave their vision of the future. The articles below outline what they said.

Watch Video/Listen To Audio   •   Read More

---

---

Cyber Execs Have Big Roles, Big Responsibilities

 If the government is going to clamp down on cyber crime, it is going to be due to the efforts of dedicated professionals from both the public and private sector. Rear Admiral Mike Brown is the Deputy Assistant Secretary, Cyber Security and Communications at the National Protection Program Directorate at DHS.  As the acting secretary for cybersecurity, Brown’s responsibilities largely deal with actual planning and execution of the nation's cyber initiative.   

Brown said a significant example of progress that we’ve made has been the deployment of Einstein for DHS. He went on to say that with policies such as the National Infrastructure Protection Plan (NIPP) there has been significant progress made in the public/private partnership.

 

“What we’ve done is chip away at a lot of the challenges we had with respect to the sharing of information and the timeliness that it needed to be done, but we are not there yet. There’s still a lot of work,” Admiral Brown added, because “the one thing that we’ve learned is that all these things are interdependent. You can’t just do one without thinking about the others, so that adds an element of challenge to everything we do.”

Watch Video/Listen To Audio   •   Read More

---

Revving Up Cyber Drive

The question now is how, not if. Cybersecurity is becoming more of a national priority with each passing day. For some this analysis of cyber security may be a new priority, but Federal Executive Forum government and industry panelists are not in that group.

 

Navy CIO Rob Carey is one of the high level Navy officials who have their eyes squarely on cyber for quite some time. Carey said the Navy is developing a road map which encompasses their investment strategy based on threats.

Watch Video/Listen To Audio   •   Read More

---

---

Cyber Progress Is Overcoming Challenges

 Throughout government, agencies are expanding their efforts to close the doors to cyber attackers.  But there are challenges both technical and cultural to success.

 

At DOD great progress has been made on the notion that a single entity has to be in charge said DISA’s Richard Hale.  “There isn’t time in the cyber business to have a discussion about who is in charge when the chips are down and so the department has been, has made good progress in defining US Strategic Command as the head operator of the information infrastructure in the department and having the operational responsibility flow from that. So that’s been good progress.”

 

On the technology side according to Hale, there has been great progress in identity and in trying to drive out anonymity in the networks.

 

“We were the early adopter in public infrastructure with our teaming with the DOD ID card people.  We came up with a PKI credential and a hard token and that’s the model for PKI identity credentialing for the rest of the federal government now,” added Hale. “The reason I think we made progress there is that we are using this credential for everything now. It’s actually made life much easier, so it’s an example of security that’s made accessing information all over the department easier. You don’t have to remember passwords anymore.”

Watch Video/Listen To Audio   •   Read More

---

---

A Brighter Cyber Future

Government sites are prime targets for cyber attacks as the recent pilfering of some 45,000 FAA records demonstrates. Whenever something like that happens, the alarms go off with some forecasting a devastating “Digital Pearl Harbor”. While anything is possible, government defenses are growing stronger each day. So are we really safer? And what can we look forward to in the future?

“I think if this question was asked a couple of years ago I think my answer would be much different than it is today,” said Microsoft’s William Billings. But because of the increased partnering between government and industry, “we are in a much better position than we were a couple of years ago and I think the scope of a digital Pearl Harbor is much less.” But Billings also warned that there is still a lot of work to be done to educate government and industry alike on how they can better protect themselves.

 

Juniper’s Bob Dix added, “The one thing I believe that we need to continue to be building around is: to evolve and mature a joint operational capability between industry and government to address the threats, vulnerabilities, and consequences of cyber instances, whether they are man-made or the result of a natural disaster.”

 

“If you look back eight or ten years we saw a lot of cyber attacks, they were visible, they stood out,” explained Lockheed Martin’s Lee Holcomb. “Today, you don’t see them standing out. I think the nature of the attack going forward as is going to be different.”  Holcomb stressed that cybersecurity is a way of life. “It’s something that we are going to have to build into all our systems so that as our systems operate, and they are under attack, we can manage that risk and ensure mission success in the face of that risk.”

Watch Video/Listen To Audio   •   Read More

---

 

 

 

The Office of Horizontal Government

He calls his office the Office of Horizontal Government.

Kshemendra Paul is the Chief Architect at OMB. And he is leading the broad-based adoption and advancement of Service Oriented Architecture (SOA) capabilities throughout the federal government.

“I work in the Office of E-Government and Information Technology, but most days I think of it as the Office of Horizontal Government,” said Paul during the recent Federal Executive Forum on SOA.

Joining Paul on the Forum panel hosted by Jim Flyzik of the Flyzik Group, produced by the Trezza Media Group and broadcast on Federal News Radio were:

Vish Sankaran - Program Director, Federal Health Architecture, HHS

Scott Bernard - DCIO, Director of IT/ISSO, Federal Railroad Administration, DOT

Craig Muzilla - Vice President, Middleware Business Unit, Red Hat

Andy Hoskinson - Vice President & Partner, Technology Strategy and Consulting, Unisys Federal Systems 

For Paul, a major challenge for government is moving from being a vertical organization – steeped in silos - to one that thinks and acts horizontally. 

“We are organized by agencies, bureaus and programs. Money is appropriated that way, people grew up that way. Getting people to think across boundaries and being able to work across boundaries is really the key challenge.” 

Read Full Article     Watch Video

SOA: Health Care Enabler

SOA is at the heart of the health information exchange movement. The drive to electronic health records and the seamless sharing of patient information is on ongoing movement within the American healthcare community.

Even though the benefits are obvious, major challenges exist to make health information available online at the different stages of patient care.  That’s why we should be cheering the efforts of dedicated professionals such as Vish Sankaran, the program director for Federal Health Architecture at HHS.

Read Full Article     Watch Video

The goal of the Practical Guide to Federal Service-Oriented Architecture is to provide government with a road map to implementing SOA and has been developed to meet the unique challenges the federal IT community has to address. 

“The PGFSOA came out of a realization that SOA vocabulary, approaches, technologies, techniques are getting more mature,” said Kshemendra Paul Chief Architect at OMB. “But there are a lot of different approaches; there’s a lot of hype in the marketplace and a lot of things that are unique and not unique about the federal government,” explained Paul.

Read Full Article     Watch Video

Governance is the key ingredient of the Practical Guide to Federal Service Oriented Architecture. As with any horizontal movement, getting consensus from the many stakeholders is never easy. With SOA it is no different; there needs to be governance processes in place that allows stakeholder input, but at the same time moves the various layers of an organization towards a common destination. 

“It’s a really crucial topic, an important topic for OMB especially in the E-Gov area,” declared Kshemendra Paul, Chief Architect at OMB.  

Read Full Article     Watch Video

Here's what the Forum's panel of experts had to say about the future of SOA.
 

Craig Muzilla, Vice President, Middleware Business Unit, Red Hat

“SOA is not new, it’s really a 20 year old concept, but I think the time is right, the time is appropriate for it to really make an impact on the world in terms of how it operates.

Because of SOA, you’ll see a lot more dynamic processes among agencies and businesses; you’ll see a lot more technology independence; and you’ll see a lot more collaboration. The concept, to give an example, in health care of a common patient record freely available is possible. I think you will begin to see that now because of this trend and I think it will have great benefits for everyone.”

Scott Bernard, DCIO, Director of IT/ISSO, Federal Railroad Administration, DOT

“I think SOA will continue to mature as a best practice both in driving a reorientation in thinking from programs and systems to services, as well as standards and products being harmonized more towards those services that are important to the agencies.

And the other thing is that EA as the overarching piece of governance is here to stay. Because as I said, I’ve lived through those bad old days when we had programs that were fighting for resources, systems that were duplicating functions, and we don’t want to go back to that.

EA is here to stay and it’s about much more than IT. It’s about strategy, business and technology planning, being integrated, the architecture being used and really EA is for CEOs I think as we move forward, and that’s an exciting proposition.”

Andy Hoskinson, Vice President & Partner, Technology Strategy and Consulting, Unisys Federal Systems

“I think a specific benefit that we will see in the next couple of years with SOA -- that will be huge and very popular with citizens -- will be more streamlined data collection that is more user friendly. 

And (you’ll see) better interagency information sharing. For example now if you go to the IRS you provide data, you fill out a lengthy form; you go to the Social Security Agency, you fill out a lengthy form. You provide a lot of the same kind of identity and profile information using different forms to different agencies. It takes a long time for citizens to fill out; and introduces the possibility of data collection errors.

I think what we are going to see with the successful implementation of SOA governmentwide; we’ll get to a place where a citizen might provide their profile in one spot and with the click of a mouse, the click of a button, decide which agency they want to submit it to depending on the particular activity they are performing.”

Kshemendra Paul, Chief Architect, OMB

“Well with the Federal Enterprise Architecture, what we are starting to see now is that there’s a maturity. We are seeing in the agencies, in the bureaus and the programs some of the different successes we’ve been talking about. We are starting to see a bottom-up target architecture start to coalesce, cross cutting segments like health IT or counter terrorism information sharing.

That view is becoming increasingly structured and allows us to provide feedback to the agencies on specific opportunities for collaboration. The original vision when this was started was something like this. You go back to the Quicksilver; the lines of business initiatives were done. What we are able to do now is to inform those kinds of analyses and activities with specific opportunities for collaboration and then drive that through the federal enterprise architecture.

I mentioned earlier the Federal Transition Framework. That becomes a key repository for that collaboration and reuse. It becomes the kind of thing where as agencies start what they are doing they are able to share architectures, share architectures around business services around enterprise service segments, for example identity management, or core mission segments like health IT. We are able to do that at plan time and to get to a coherent plan through the Federal Enterprise Architecture.”

Learn more about SOA. Go to www.egov.gov and www.CIO.gov. For information sharing activities go to www.NIEM.gov.

Here is what The Practical Guide To Service Oriented Architecture (PGFSOA) has to say about the challenges SOA faces.

The process of reconciling the Enterprise Architecture’s IT services portfolio, both intra-agency and cross-agency, frequently results in conflict when two or more programs have an interest in a given service type. Conflict is, in part, due to a lack of an enterprise-wide SOA framework and may be grouped into at least four major challenge categories (politics aside):

1. Lack of an operational or target model for federal enterprise-wide SOA environment;

2. Lack of understanding and experience in implementing SOA at the agency/department-level;

3. Lack of procedures/guidance for consuming enterprise services in lieu of local services; and

4. Lack of operational services management; particularly for cross-agency services once implemented.

Source: From the Practical Guide For Service Oriented Architecture, June 30, 2008.

Read More Exerpts

September 2008 • Volume 6 • Number 9

It’s About Saving Lives

“We have to remember that at the end of the day it’s about saving lives,” said Dr. David Boyd, Director, Command, Control and Interoperability,Science and Technology (S&T) Directorate at the Department of Homeland Security.

According to DHS, through a practitioner-driven approach, "the S&T creates and deploys information resources—standards, frameworks, tools, and technologies—to enable seamless and secure interactions among homeland security stakeholders. With its Federal partners, CID is working to strengthen capabilities to communicate, share, visualize, analyze, and protect information."

Dr. Boyd was talking about the critical importance of the role interoperable communications plays for first responders, law enforcement and medical personnel each and every day – and how they can make the difference in life and death situations.

Dr. Boyd made his comments during the Federal Executive Forum on Interoperability broadcast on Federal News Radio and produced by the Trezza Media Group. Watch/Listen

Joining Dr. Boyd on the panel hosted by Jim Flyzik of the Flyzik Group were:

• Kent Holtgrewe, Deputy CIO for Policy and Planning, Department of Justice 

• Paige Atkins, Director, Defense Spectrum Organization, DISA

• James Ransome, Ph.D., CISSP, CISM, Senior Director, Secure Unified Wireless and Mobility Solutions Corporate Security Programs and Global Government Solutions, Cisco Systems, Inc.

When asked what the major challenges to be overcome are, DHS' Dr. David Boyd was quick to point out that as recently as 9/11 there were no effective communications capabilities between state and local first responders – and between S&L responders and the federal government either. Since that time there have been great strides, but much work needs to be done in the areas of funding, listening and technology. Watch Video  Read More

No Silver Bullet

Paige Atkins, Director of Spectrum Management at DISA said that interoperability has been on DISA’s plate for what seems like forever. But like Dr. Boyd, Atkins says technology is not the issue, it is policy and the planning, coordination processes. And even though there are a number of technologies that are in play, not one is a “silver bullet”. Watch Video  Read More

Saying that there is “no one size fits all solution”, Justices’ Kent Holtgrewe talked about the advances in partnerships with state and local official due to several successful initiatives such as the 25 Cities Program and the Integrated Wireless Network (IWN). Watch Video  Read More

It's About the Platform, the Hosted Environment and the Cloud!

“We need to be able to deploy a Warfighting force wherever in the world and enable it to connect, share and collaborate as it sees fit for its mission, not for something that is prescribed for them,” explained DISA CIO John Garing.

“It’s all about the platform and the cloud and the hosted work environment. We need to provide the hosted environment, the cloud (computing environment), so people can work from wherever they are.”

The “we” Mr. Garing was describing is DISA and it demonstrates how integral the DISA infrastructure is to the on-the-ground success of our Warfighters. He made those comments during the Federal Executive Forum panel on Future Infrastructure broadcast on Federal News Radio.

Hosted by Jim Flyzik, joining Mr. Garing on the panel were:

·         John Johnson, Assistant Commissioner, ITS, GSA

·         Tom Simmons, Area Vice President, Citrix Systems

·         Gary DePreta, Manager, Channel Operations, Cisco Systems

·         Edward Vaccaro Partner, Homeland Security, Federal Systems - Unisys

When you think about the future of government infrastructure, two major players come immediately to mind – GSA and DISA. Right now GSA is ramping up its Networx contract for telecommunications services that agencies must use by 2010 as the replacement for the expiring FTS 2001. GSA Assistant ITS Commissioner John Johnson said that GSA is making steady progress. Read More   Watch Video

For Unisys' Ed Ed Vaccaro, the vision starts with getting people access to information anytime anywhere with the understanding that technology is going to introduce all kind of different ways to work with information. Read More  Watch Video

For Citrix's Tom Simmons at Citrix, the vision is about a model. “The analogy we use is: the consolidation of data centers is following a delivery model. If you look at Direct TV as a means of consolidating content, consolidating capabilities and then delivering that over available infrastructure, they use satellite.”  Read More  Watch Video

For Cisco's Gary DePreto of Cisco, the vision is a real transformation for the citizen and the IT end user experience. “I keep coming back to anytime, anywhere anyplace, seeing those services delivered in automated fashion where end user needs very little interaction to get something out of the service. The end user experience becomes very simple. Read More   Watch Video

General Dale Meyerrose, CIO at the Office of the Director of National Intelligence (ODNI) and his team  are fundamentally changing the Information Sharing and Intelligence landscape to "Create Decision Advantage".

“Things that were considered heresy to even mention or talk about two years ago are now considered mainstream concepts we are working through,” declared General Dale Meyerrose, CIO at the Office of the Director of National Intelligence (ODNI).

 “The ODNI has fundamentally changed the discussion about Information Sharing and how we use intelligence,” he asserted.

“That doesn’t mean we have solved them all, but the reticence about even having the discussion in the first place in many areas associated with IS -- such as eliminating barriers, how we handle intelligence, what part of intelligence we make discoverable and what we don’t -- are now things that are common dialogue.” 
 

Gen. Meyerrose shared his thoughts with former Treasury CIO Jim Flyzik on ODNI's most important achievements during his tenure; the most pressing mission information challenges facing the Intelligence Community today; and the changes needed in the way the Intelligence Community "Creates Decision Advantage” during a special Federal Executive Forum Flyzik One on One broadcast on Federal News Radio.

Creating The New Normal

What do you do as an encore when your previous assignment was to help stand up the US Northern Command -- in essence is the first combat command charged with protecting the homeland?

Well, if you are General Dale Meyerrose, you take a position as the first CIO, helping to stand up another organization – the Office of the Director of National Intelligence. 

“Standing up the Northern Command was a huge responsibility and I was honored to do it,” said Gen. Meyerrose. “It was an excellent opportunity to learn about intergovernmental and interagency actions and activities. The lessons learned, the mistakes and the successes; all were directly applicable to the business of how you stand up an organization like ODNI.” Read More Watch Video

ODNI published The National Strategy for Information Sharing in October, 2007. It is succinct, concise, easy to read – and unclassified.

According to Gen. Meyerrose, the first question was whether we in the Intelligence Community could publish an effective strategy in an unclassified format intended for consumption by not only those within government, but those people watching government.  

Gen. Meyerrose is working on several things he would like to bring to closure, to make them the “new normal” as he describes it. “The most prominent is the transformation of certification, accreditation and security practices. This is not only applicable to the Intelligence Community and DOD, but other departments and agencies across the government.” Read More Watch Video

“I think first of all it is a matter of perspective and how you go about solving the issues or challenges,” Gen. Meyerrose asserted. “You can’t buy an answer; you have to grow into a solution!”

One of ODNI’s biggest initiatives is Director McConnell’s 500 Day Plan. The plan has major focus areas, which studies from the Intelligence community have pretty much recommended over last 40-50 years according to Gen. Meyerrose. Read More Watch Video

Creating Decision Advantage is what the Intelligence Community is all about. 

Performance Management is the process by which government agencies go through to improve their overall performance according to Cognos' Porter Shomo. It involves things like defining metrics that are important to that agency’s mission; tying those metrics to goals; and ultimately monitoring how they perform against those metrics. Read More  Watch Video

June 2008 • Volume 6 •Number 6

Sharing With The "Unanticipated User"

"The reality of information sharing (IS) is that you have to be committed to share information with 'unanticipated users'”, said Mike Krieger, Principal Director of IT Management & Technology, Office of Secretary of Defense, DOD.

“That’s the new paradigm. No longer do I know who I can share with. The key capability is attribute based access control, so I can -- machine-to-machine  -- decide whether you have the right credentials to access that information.”

Krieger went on to explain that for information sharing, it’s all about the data; and a key initiative is collaborating with both the intelligence community, DOJ and DHS on coming up with a universal core of semantics that everyone can agree on.

To its credit, the government has heard the public’s demand for increased transparency; it’s insistence on information sharing between the federal, state and local governments and the private sector; all while respecting the public’s privacy concerns and meeting the rigorous security requirements of the post 9/11 world.

For information sharing to succeed throughout government, there has to be rules of the road. Those rules are set out in the National Strategy for Information Sharing published in October 2007. Read More

Federal Executive Forum Panel on Information Sharing

Kreiger made his comments during the Federal Executve Forum on Information Sharing, produced by Trezza Media Group and broadcast on Federal News Radio.

Hosting the Forum panel was Jim Flyzik of The Flyzik Group. Panelists were:

• General Dale Meyerrose, CIO, ODNI

• Van Hitch, CIO, DoJ

• Mike Krieger, Principal Director of IT Management & Technology, OSD, DOD

• Robert Riegle, Director of the State and Local Government Program Office, Office of Intelligence& Analysis, DHS

• Mike DeHart, Stealth Program Manager, Federal Systems and Technology, Unisys

• Tom Simmons, Area Vice President for Federal Systems, Citrix

• Steve Hutchens, Client Industry Executive for Homeland Security in the Global Government Industry, EDS

Watch Video, Hear What IS Leaders Are Saying

General Dale Meyerrose, ODNI

"We’ve talked about risk management, identity, data and governance. And that I think they are the nexus of the elements that we need to be working over in the next year or two. But I’d like to add some points to emphasize a couple of things. First of all I agree with the comment that data is becoming..."
Watch Video

---

Mike Krieger, DOD

"I think the vision is pretty clear, that you want to create an agile collaborative environment where everybody can participate and share what they know to accomplish the objective. But it becomes a workforce issue. We are all digital..."
Watch Video

---

Robert Riegle, DHS

"We’ve made a lot of progress here at DHS, our partners in the states and with the fusion center programs and with the national network of fusion centers. Our vision is to continue the implementation of that national network, working with those partners. The strategy will connect..."
Watch Video

---

Van Hitch, DOJ

"I’ll start with my law enforcement hat on. I guess from a DOJ standpoint and law enforcement my vision would be Google for cops that would provide information to help everyday law enforcement officers catch local criminals, drug cartels, prevent child exploitation and..."
Watch Video 
 

Read More About Information Sharing

Changing The IS Dynamic

The whole dynamic about information security and information sharing has to change; we can’t look at them as a balancing act because it pits communities that need to work together against each other. Collaboration tools must furnish solutions about how we share information securely; where data has integrity and we can do trusted computing from an un-trusted computer. Read More

IS Is All About Information Assets

In the new world of IS, it’s all about information assets; we are separating data from applications and we are making both the information asset and the applications available as services. Working together – leveraging federal as well as state and local networks; moving relevant information and intelligence quickly; enabling rapid analytic and operational judgments – that is what the fusion center network is all about. Read More

Information Fusion

At the heart of the collaborative environment, where trusted information is shared among is the fusion center movement. One of the outcomes of the 9/11 tragedy has been the development of fusion centers. In 2004 and 2005, many states began creating fusion centers using local, state, and federal funds. Today according to DHS there are 58 operational centers in 46 states. Read More

Volume 6 • Number 5 • May 2008

Telework Is Not A "Break Glass In Case Of Emergency Proposition"

Last year, when she issued her “Telework Challenge”, GSA Administrator Lurita Doan spoke about the widespread interest in incorporating Telework into our COOP.

Lots of Work, So Little Time

Five short years!

“People forget that DHS has been around for just five years. They ask ‘why haven’t they integrated everything yet?’” said Jim Flyzik of The Flyzik Group.

Flyzik pointed out that there are other agencies that have been around for hundreds of years and many of those agencies aren’t integrated.  “It is a monumental effort but it’s good to hear that progress is moving in the right direction,” added Flyzik.

DHS FY2009 Budget Priorities

DHS has been in existence for just five short years. Its watchwords of “One Team, One Mission Securing The Homeland” are taken very seriously by its workforce of 208,000. Their priorities are: border and cargo security; secure identification; infrastructure protection, emergency response; and department management. These priorities are reflected in DHS’s budget request for FYO9 of $50.5 billion – an increase of 6.8% over FY08.

“There comes a point that rhetoric and promises do not secure the homeland; results secure the homeland. I’m interested in results,” said DHS Secretary Michael Chertoff in announcing his budget request on February 4, 2008.

Crucial to DHS success is the continued investment in the development and deployment of a wide range of advanced technologies.  For example DHS is investing $335 million for real-time information sharing and situational awareness detection tools. These include an Advanced Spectroscopic Portal to examine cargo containers for nuclear materials and a Human Portable Radiation Detection System.

But for these advanced technologies to perform as planned DHS has to have something basic -- a strong unified IT infrastructure. “Successful mission performance is driven by human capital development, executing efficient procurement operations, and possessing state-of-the-art information technology resources,” said Secretary Chertoff.

Providing that strong unified infrastructure is exactly what ICE CIO Luke McCormack is doing. The goal is to provide “not sort of what they need, not kind of what they need, not what we could have given them, should have given them, (but give them) exactly what they need -- when they need it,” says McCormack.

Making that happen is ICE’s Atlas Data Center program. “That’s really our infrastructure plumbing and we’ve made quite a bit of progress in that area,” reports McCormack.

Progress according to McCormack translates into migrating to one network, consolidating our email environment, freshening up our desk top hardware and working very closely with the Department in the consolidation of data centers by moving out of the DOJ data centers into the new DHS data centers.

“A year or two from now, I see an environment where things like Atlas data centers, desktops, emails are like the air we breathe, just a commodity we buy,” notes McCormack. “I see us really focusing on the business applications and more importantly, building specifically what the special components need and when they need it from an applications standpoint. “

For McCormack building includes partnering. “Delivering a solution as a full service provider might not be something that you build yourself, you might be partnering with several different communities, whether it be state and local, whether it be within DHS, other departments and certainly the private industry.”

Migrating Data Centers

“I certainly think continued integration is really key to our success,” says Kathy Kraninger, Deputy Assistant Secretary for Policy, Screening Coordination Office at DHS.

For some migrating data centers might seem mundane and maybe not that important, but not for Kraninger. “We have infrastructure all over the country in different places with different capabilities scattered,” explains Kraninger. Consolidating those data centers is the backbone of accomplishing information sharing, of getting a common operating picture (COP) for the Coast Guard, the Border Patrol and Air and Marine operations personnel.

“We already see pockets of this,” says Kraninger. “Going out to the field and seeing what’s happening in places like Miami where you have the Coast Guard, CBP, TSA and ICE working in the airport, (who) are sitting down on a regular basis and putting together joint operations.”

“These are field folks that need the tools so that they can be successful in those kinds of operations to really further our nation’s security,” says Kraninger. “That’s something that we are all here to do and that’s the mission and goal into the future that we are going to see real benefits from.”

Future VISIT

Bob Mocny, Director of the US-VISIT program says his program is poised to make great even greater strides over the next three to five years.

“You’ll have ten (finger) prints deployed to all the ports of entry. You will see the marriage of iris and face to help with a lot of the throughput,” says Mocny. “You are going to see full interoperability with the FBI’s next generation identification system, with state and local and other law enforcement agencies. You will see biometric exits at all of our air and seaports of entry. All foreign nationals will check out and check in using their biometrics in association with the airlines and the airports and working in conjunction with them.”

Mocny sees an expansion of mobile technology as well with a joint program with the Coast Guard for mobile pass biometrics at sea and doing the same to help CBP in its work in the mountains and in the deserts.

“We have to get serious about pushing our borders out as we have been doing, but moving that in a cooperative manner with all these other entities, sharing our data as appropriate, and getting their data as well,” says Mocny.

“If I have information about individuals I want to share that with the UK, I want to share that with Australia,” explains Mocny. “I want to share that with all these other countries that are building their systems so that we can truly keep these people off the planes, off the ships, and away from our borders.”

Project 28

No project has received more publicity – most of it negative – than Project 28, the Virtual Fence which is an integral part of CBP’s Secure Border Initiative (SBI).

Greg Giddens is the Executive Director of the Secure Border Initiative (SBI) and its program to develop and deploy technology -- SBInet.

“From a CBP perspective in terms of border security, I think you’ll continue to see us using all types of technology,” says Giddens.  According to Giddens CBP has spent a lot of time focusing on a single slice of the SBInet, P28, which brings together the work of many different components and includes a variety of technologies that need to be developed and tested – and most importantly – demonstrated before they can be fully deployed, understanding that it’s not a one size fits all.

“Clearly we want to develop an in-field operational configuration this summer for SBInet and continue to build out the tactical infrastructure,” explains Giddens. “Then (we can) be in a position that we can really productionize that…and have the configuration control where we can apply that to where the operators need it.”

“What we want to do is be nimble in our planning,” says Giddens. “I don’t want to sit here in 2008 and lock ourselves in for a location for 2009; we want to have a nimble enough planning that we can look at our operators and put the technology and solutions where they think they need it most. And we want to do that with continued good oversight.”

“I know that a lot of people have written about Project 28 and how it was delayed,” says Giddens. “But you never read about the dedicated public servants from the government side that protected the government’s interests and looked at this and said ‘that it does not meet the contract’. We managed this in such a way that held Boeing accountable to deliver what they had on contract. You never hear about those dedicated public servants that worked to protect the interests of the tax payer, you never read about those. “

Giddens is adamant about the fact that Project 28 was a demonstration – not a final implementation and deployment. And he says Boeing has stepped up and taken responsibility for the projects shortcomings.

“You also don’t read about Boeing,” explains Giddens. “When we told them, as their customer, that this product’s not ready, they stood up and took responsibility and said ‘you are right, and we are going to fix it, and we’ll take responsibility for that’.”

For Giddens, that’s the type of strategic partner America needs to help secure the borders; people that will take responsibility and invest for this country’s future.

Kermit Says: “Green IT Is Green in Your Pocket”

“I don’t want to take on Kermit the Frog, but I don’t think it is tough being green if you are really committed to it,” said GSA ITS Assistant Commissioner John Johnson.

Being green takes a commitment. And while government has stepped up its efforts as a leader in implementing environmentally friendly practices, Johnson says to make a difference means "embracing change" right now.

“Behavior, behavior, behavior!” repeated Johnson. “Changing behavior is something we can do right now, today. Just think of the savings if everyone turned off their monitor.  That would be significant.”

Johnson made his comments during the Federal Executive Forum on Green Government produced by the Trezza Media Group and broadcast on Federal News Radio. (FEF Audio/Video)

Joining Johnson on the panel moderated by Jim Flyzik of The Flyzik Group were:

• Molly O'Neill, Assistant Administrator for the Office of Environmental Information (OEI), Chief Information Officer (CIO), EPA

• Catherine Cesnik, Senior Program Manager, Office of Environmental Policy and Compliance, Department of the Interior

• Myra Galbreath, Chief Technology Officer, EPA

• Tom Simmons, Area Vice President for Federal Systems, Citrix

• Edward Vaccaro, Partner, Homeland Security, Federal Systems, Unisys

• Erin Rae Hoffer, Industry Program Manager, Autodesk

During the broadcast, EPA’s O’Neill and Galbreath both talked about how far green had come in government. Just a few short years ago, the focus was on recycling print cartridges, now the focus is on how to be green throughout the entire IT lifecycle.

“We think of this as a lifecycle,” says O’Neill. “Green is always a moving target. First it was print cartridges, then we focused on recycling desktops, now it is virtualization and we’re looking for ways to reduce the footprint.”

O’Neill explains the lifecycle is 4 parts:

1. Building a green facility

2. Making green acquisitions

3. Optimizing performance (and thus reducing power consumption)

4. Green disposal.

Thinking green in terms of lifecycle makes decisions more complex; now we are getting down to green for each individual component even down to the chip.

This cradle-to-grave approach is the heart-and-soul of the Electronic Stewardship program. According to EPA, this “program area addresses the life-cycle management of electronics from procurement to disposal.” You can find links, documents, and case studies at Federal Electronics Challenge (FEC), the Electronic Product Environmental Assessment Tool (EPEAT), and Energy Star.

When it comes to awareness, research shows global warming ranks second to terrorism Galbreath says. “That is awareness in the way we are using, buying and disposing of things. The network is the computer and we are all connected.”

Reducing your carbon footprint is what we are all striving for. Think about when we thought about computing being “always on”. But now a better thought might be computing at the “right time and right place, not anytime or anyplace” said Jim Flyzik.

“I’m feeling guilty now when I don’t turn off my computer at night,” confessed Flyzik. “Or even if I leave the power source in and am sucked up by “vampire” power consumption. (Vampire is when you leave power sources plugged in even though they are not connected to a device. They suck power even when plugged in.)

As a consumer, provider and consultant in this space, Unisys is keenly aware of its green responsibilities in the Data Center says Unisys’ Ed Vaccaro.  “Through a major green initiative and we reduced our carbon footprint by 67% and this is a data center we use for work that is outsourced to us including that from government.”

Vaccaro points out Unisys is taking those same experiences and technologies and offering to our clients. So, when working with government clients undergoing technology refreshes, Unisys is coming up with green strategies using virtualization and consolidation.

“It is a holistic approach where we look at computing management, power management and cooling management to reduce the overall energy consumption and carbon footprint at their sites,” says Vaccaro.

Citrix’s Tom Simmons agrees saying that the biggest impact we can have immediately is in reducing power and making the data center greener. “Telework initiatives, the expanded ability to support and deliver IT applications, virtualization and the dynamic data center are all strategies to reduce energy consumption and extend server life,” explains Simmons. “By extending the life of equipment on client side and by maximizing processing power at data center, we can leave a light footprint.”

Not knowing how to be green is something a lot of people struggle with says Autodesk’s Erin Rae Hoffer “The issue is that I don’t always know what the right thing is in terms of trying to be green or energy efficient.” Autodesk has been focusing internally on awareness and has staffed a group to specifically to look at internal processes of how we work. “We are looking to create messages to help our employees understand how to make their own decisions, because in the end, those individual decisions really add up to a huge impact.”

Rising To The Challenge

When it comes to Green IT, clearly demonstrating savings is a challenge; thus the need for metrics that give us some idea of how to approach these challenges and ROI issues that are sometimes logical in nature but hard to justify.

“From a challenge perspective, you really have to think about green IT from a life cycle perspective,” said EPA CIO Molly O’Neill. Read More

When everything seems so important, how do you prioritize what it is you should actually be doing? Well, that’s daily fare for those responsible for federal government Green IT efforts. So where are government and its Industry Partners putting their emphasis?

For Catherine Cesnik, Senior Program Manager, Office of Environmental Policy and Compliance, Department of the Interior the focus is on Energy Star implementation.

“That is one of the requirements of life cycle management. And we are determining what equipment we need to focus on. The goal is 100% target, so it is very aggressive,” says Cesnik. Read More

“EPA’s mission is to protect human health and the environment,” said EPA CIO Molly O’Neill.

O’Neill says EPA, like other government agencies and commercial companies is responsible for ensuring that IT investments are socially responsible, environmentally friendly, and fiscally sound. She is very proud of what EPA is doing to further Green IT.

“EPA is a leader in this and we are a proud Gold Award winner for the Federal Electronic Stewardship model, an accredited program addressing the purchasing, use and disposal and recycling of IT equipment,” explained O’Neill. Read More

14,000,000 Attacks; Are Some By "CyberSopranos"?

Has your cyber security team “elevated its play” to handle 14,000,000 – that’s right 14 million – attacks monthly?

Or does your organization engage in “pain killer” cyber security?  

Do you know whether your organization’s network infrastructure and critical data being are being attacked daily by “CyberSopranos”?

Federal and industry leaders answered these questions and more during the Federal Executive Forum: CyberSecurity - 2 Years in Review broadcast on Federal News Radio and produced by the Trezza Media Group. (Video/Audio)

Jim Flyzik of The Flyzik Group hosted a distinguished panel of experts who discussed: securely sharing intelligence information; protecting critical infrastructures; new technology standards; and will there be a "Digital Pearl Harbor”.

On the panel were:

• Dave Bowen, CIO, Federal Aviation Administration

• Darren Ash, CIO, Nuclear Regulatory Commission

• Rob Carey, CIO, Navy

• Jim E. Finch, Assistant Director, Cyber Division , FBI

• Dean Turner, Director, Global Intelligence Networks, Symantec Corporation

• Dr. Eric Cole, Chief Scientist, Lockheed Martin

Pain Killer Security

From the industry perspective Dr. Eric Cole points out that government has two priority areas -- redefining cyber security today and creating the future of cyber security. “One of the huge problems today is we get so caught up on what I call ‘pain killer’ security where organizations go in and just throw money at a problem.”

Cole explains we have to step back and realize that security is all about risk to your critical assets. “So instead of focusing on buying a product, we have to say how does that solution reduce and appropriate risk?” says Lockheed’s Cole. “In certain cases there’s a big gap where there’s a problem, yet there’s no solution, so we are actually investing millions of dollars in advanced internal research and development on cyber security.”

NRC CIO Darren Ash urges that government make certification and accreditation (C&A) more than just a paper process. “You are dealing with risk; you want to get to that point of continuous monitoring.” Ash also points to another issue of making sure the “business side – including all of the stakeholders, Congress, the administration and agency leaders -- really understand and see the value of what we do as security professionals and as CIOs.”

End Point Security

The panel agreed that security is all about reducing the risk to critical assets and data portability. The Internet spawns global connectivity making data more accessible. Instead of in the past when your data was just on a server, now think of all the locations it’s on – a server, a PDA, a Blackberry, laptop computer.

Today most organizations have put most of their security effort in firewalls and network architectures designed to protect their servers. But really the efforts are to protect the data on their servers.

So what happens when that same exact data is put on a laptop? That laptop leaves an organization and is plugged into a hotel location or an airport. That’s why end point security is becoming a priority as well as all the ramifications the threat of identity theft brings.

“One challenge is definitely risk assessment and risk analysis. Security is about a trade-off between what it is that we need to do and what we can do,” explains Symantec’s Dean Turner. “So we have to spend more time when we are doing our risk assessments on classifying the types of data. Not all data is necessarily worth protecting; some data is more valuable and we have to apply the appropriate resources at the appropriate locations taking into account that risk assessment.”

Challenges Galore

Then there is the sheer volume of threats; and communicating that fact to senior management. Plus there is cyber crime, where you have a global decentralized network of criminals; maybe not exactly the “CyberSopranos" as Turner calls them, but a they have a level of sophistication.

Funding – or lack of it -- continues to be a complaint from many information security officers. But as FBI’s Jim Finch explains, “I’ve actually made the recommendation to those who claim they are not being funded properly that you have to develop metrics to show that what you are doing is not invisible, is not magic and it requires a lot of work. This way you can show your work and get the funding you know is so desperately need.”

Intrusions remain the number one threat. “My number at the FAA is 14 million,” says FAA CIO Dave Bowen. “There are 14 million attempts to access our network that we deny every month. This gets reported to our management team.”

Having this reporting mechanism at FAA has cut the incidence of personal identity theft and embarrassment to the agency in half over the last couple of years says Bowen. 

“Ease of use trumps security but embarrassment trumps ease of use,” warns Bowen. And to avoid embarrassment education -- especially of senior management on what the risks are -- is essential.

Navy CIO Rob Carey explains. “We have done a lot in trying to educate the very senior decision makers on the risks associated with information security and the investments required to maintain that.

“Once you have their buy in, you can then afford yourself the opportunity to work their budget issues, have their support, they understand it. I would tell you five to seven years ago, it was not a front burner issue for the Department of the Navy, it was an important issue but it wasn’t at the front. Now it has gotten everyone’s attention, they focus on it.”

Priority Rules

Their voices have finally been heard. Maybe it is because one Eastern European country was practically “taken down” due to cyber attacks; or maybe because government networks are being hacked relentlessly (e.g. FAA). Or maybe it's because people finally realized a cyber attack on a power plant can be just as deadly as a bomb.

Whatever was the trigger, they are finally being taken seriously. After years where some have said government has only paid “lip service” to cyber security, big money -- $7.3 billion proposed for FYO9 – is being invested in CyberSecurity – making it a government priority.

So what are some of these cyber priorities?   Read More

Justifying The Investment

Justifying the resources and the ROI; these are two issues that plague cyber experts. Because the best thing that can happen is nothing; and sometimes that doesn’t show up on a balance sheet.

As a society we tend to have a hard time getting out in front of threats and vulnerabilities. We are always trying catch up; coming up with the fix after the bad thing happens. Is that mindset changing? Read More

The Cyber Security Challenges We Face

Accessing the Internet while flying; most of us would love to, but it does present issues that the FAA has to address. Or Is your C&A process just a paperwork drill? How do you make C&A live? What about international laws governing Internet use? Are the world's criminals now our criminals? What about that data that you've protected on your network, but now is "out there" on a staffer's notebook or PDA? How are you managing risk? Panelists give their views. Read More