This is the first part in my series about Computer Network Operations (CNO).  Again, I welcome any and all discussion on the matter and hope that this post will help educate our readers and encourage dialogue between them.

• Computer Network Exploitation (CNE): Includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks. Joint Pub 3-13

CNE, which can include cyber-espionage, has many advantages at the strategic, operational, and the tactical levels.  Strategically, an adversary may find it more beneficial to collect data against us rather than make an offensive move against us, for fear of retaliation.  Again, a vulnerability in our network is an open door for another to come take information.  This is generally physically harmless, but the amount of information that walks out the door daily is staggering and it adds up.

This has been one of the biggest problems that the U.S. has had to deal with in recent years, as witnessed during the release of hundreds of thousands of diplomatic cables over the Wikileaks website last summer.  China and other countries steal our government and our industry secrets every day.  Of course, that is not to say that we aren’t stealing theirs as well, but we need to continue to become better, while getting better at securing our own information.

In an excerpt from the book Toward a Theory of Space Power: Selected Essays, Benjamin Lambeth, a RAND researcher, says “unlike the air and space environments, cyberspace is the only military operating area in which the United States already has peer competitors in place and hard at work.”[1] Naturally, most hold China to be our main competitor in this arena, and in fact most other areas as well, but there are and will be other adversaries, state-level and below, that have designs on exploiting the United States through the cyber domain.  What are some strategies that we should seek to continue growing in this area?

You may also like -

Twelve Principles of DoD Cyber ConflictA Discussion About Computer Network OperationsCNO Part 2: Computer Network Defense50 Days of Lulz: A RetrospectiveJTF-CND to JTF-CNO to JTF-GNO to CybercomPeering into North Korea’s Future: the Cyber AngleShepherd's PiA First For The Nation: NERC Completes First Grid Security ExerciseCrucialPointLLCSOCOM’s Technology Wish ListCrucialPointLLCSOCOM's Technology Wish ListCTOvision.comA CTO Perspective: Consider The Message The Elders of the Internet Have A Mes ...CTOvision.com

TechAmerica has released federal IT spending predictions.  Their five-year forcast of Federal IT growth is 2.8% a year from $79.6B in FY 11 to $91.3 in FY 16. Additionally, they predict that DoD spending will drop 1.1% annually over the next ten years, resulting in a drop from $704B in FY 11 to $663B in FY 21.

“Both federal IT and defense spending are likely to run up against the realities of an uncertain economy, the federal debt and other pressures in coming years,” said TechAmerica Foundation Chairman Phil Bond.  TechAmerica breaks down the IT spending growth in DoD dollars and civilian,  With DoD moving from $36.9B to $40.3B  and civilian spending rising from $42.8B to $50.9B over the next five years.  Of all the civilian agencies, HHS and the Department of Treasury are expected to have the most IT growth.

What Does all this mean?

This is indicative of the fact that all agencies (civilian and DoD) are under pressure to extract the greatest value from every IT dollar.  In the 90′s this was achieved through word processing and printers (in lieu of typewriting), in the 2000′s it was an interconnected, instant sharing world.  Today, IT and business managers must use technology to create business flow savings, and expedite work flows.

• Expect continued growth and desire for streamlining capabilities and resource saving/consolidating solutions.
• Work towards TIME and MONEY saving solutions
• Forklift upgrades need not apply
• Look for training/capability trade-offs (training costs time and money – thus too many managers are loathe to require it)

The key technologies of the next 5 years are going to work much like technologies that are currently used, just faster and more efficient (leveraging new concepts like Cloud, of course).  The bottom line for new adoption may be: if it is not as easy to use as Facebook, it won’t work.

Related articles

• Somebody is too optimistic about defense spending (nowpublic.com)
• Federal IT Spending To Grow Modestly, Report Says (informationweek.com)
• Whither FY11 Spending (gloucestercitynews.net)
• Tech CEOs Tell US Gov’t How to Cut $1 Trillion From Deficit (pcworld.com)

You may also like -

Cybersecurity could be a bright spot in otherwise flat IT budgetsCrucialPointLLC

I enjoyed listening to the President today as he provided an update on where we are in our efforts to enhance our freedom of action in cyberspace.  All the details are on the White House website and I hope you visit there yourself to download the 60-day cyberspace policy review. Details are here: http://www.whitehouse.gov/CyberReview/

I have been reading the report already– and will also read all the papers and studies referenced there.

So far I have three comments:

1) I really enjoyed hearing the President reference Melissa Hathaway.  She has done an incredible job and to hear him praise her was music to my ears.  Melissa deserves the thanks of the nation.

2) A great deal of work remains to be done. The policy review provides a framework for action and guidance that will help prioritize activities, but don’t expect instant miracles.

3) Number one on the list of near term actions is to appoint a cybersecurity policy official. The President did not do that today.  That will be done in due time.  I should also point out that no one in government is using the term “Cyber Czar” for this position.  That term Czar is used by all the reporters and all the pundits.  It sounds cool.  It also brings lots of baggage.  The typical “Czar” in DC is a powerless position that has little or no effect.

To underscore that point I’d like to close with a little self-plagerization.  A reprint of a blog post I first wrote in January 2009 titled “We have a cyber czar, and he has spoken.“  In the post, now below, I try to make the point that if Putin can accomplish his objectives in our networks then he is our cyber czar.  I also hope to make the point that we should not be happy with him being in this position.

We Have A Cyber Czar, and He Has Spoken

A debate has been running for months both among government thought leaders and the technical literati on whether or not the US should appoint a “Cyber Czar” who can exert authority over IT security in the federal space or perhaps even aspects of the nation’s IT defenses.  This is a complex discussion that has had some of the greatest thinkers in and out of government involved.   A great snapshot of issues and the opinions of many well reasoned experts are expressed in the CSIS report “Securing Cyberspace for the 44th Presidency“   and other thoughts are here: The Future of Cyber Security and here: Threats In the Age of Obama .

Unfortunately for those who would like to still debate and discuss this issue, there is already a Cyber Czar who can accomplish most all his objectives in our networks.  His name is Russian Prime Minister Vladimir Putin.  This former KGB operative now controls Russia with an iron fist and has shown others again and again he will exert influence anywhere he needs to in order to accomplish his objectives.  He will use tanks when required and cyber when desired and combinations when it suits him.  There are indications his agents are also in our networks now.  If our objectives are to keep players like him out, we cannot say we are accomplishing them.  If his objectives are to get in, then we can say he is accomplishing them.  Till this situation changes, we need to confront then this new reality:  Vladimir Putin is the Cyber Czar.

We have our own great technologists and wizards of cyber, of course. And we have great hero entrepreneurs of technology who have built the cyber world we all use today.  One of those greats is Michael Dell, creator of an idea and corporation that develops, manufactures, sells and distributes personal computers we all depend on.

But he is someone who will now think twice before thinking he can interact as a peer to Cyber Czar Putin.  After listening to Putin’s speech at the World Economic Forum in Davos, Michael Dell praised Russia’s technical and scientific prowess and asked a nice, friendly question:  “How can we help.”  As a former govie CTO I would get asked that type of question all the time from industry and really appreciated it whenever a senior thought leader would ask that.  But not Czar Putin.  He did not appreciate that at all.   Putin was offended by the assertion that the mighty Russia might need help in anything Cyber. The exchange is captured here on YouTube:

Fortune: described the exchange this way:

“Putin’s withering reply to Dell: “We don’t need help. We are not invalids. We don’t have limited mental capacity.” The slapdown took many of the people in the audience by surprise. Putin then went on to outline some of the steps the Russian government has taken to wire up the country, including remote villages in Siberia. And, in a final dig at Dell, he talked about how Russian scientists were rightly respected not for their hardware, but for their software. The implication: Any old fool can build a PC outfit.”

Clearly cyber domination is personal with Putin.  He is the Cyber Czar.

I think I should end with a plea to all who care about cyber freedom and all who know the potential positive contributions of IT:  Please don’t be pleased with this current situation.  Please don’t just think the title of Cyber Czar I’ve now used to describe Putin is something we should be proud of.  It is not.  We should continue to act till we are able to assert that we are masters of our own networks.  Our nation’s intellectual property, including the intellectual property of all our companies and citizens, is too important to let it be given away without at least a cyber fight.

You may also like -

Interested in Cyber Security? Read (and support) the new Cybersecurity Legisl ...FedCyber.com Cybersecurity Summit on Wednesday, September 28Deputy Secretary of Defense Lynn: Cyber Strategy’s Thrust is DefensiveCTO Perspectives on Cyber Security BillCalling All Federal Cybersecurity Practitioners: Contribute ideas and actions ...The U.S. International Strategy for CyberspaceCTOvision.comIf You Could Pick One Thing For Congress To Do Regarding CyberSecurity, What ...CrucialPointLLCJTF-CND to JTF-CNO to JTF-GNO to CybercomCTOvision.comThe FedCyber.com Cyber Security SummitCTOvision.comCyber Conflict Studies Association History ContestCrucialPointLLC

INSA, the Intelligence and National Security Alliance, is a group of professionals from academia, industry and government who seek to enhance innovation, discussion, debate and progress on key national security issues.  I’ve been involved as a member for years and get the pleasure of interacting with folks from a wide swath of the community.

One of the many services INSA provides the community is providing a venue for speakers and community leaders to interact.  INSA did that again just last night when their Distinguished Speaker Series featured Melissa Hathaway.  Melissa, who I have previously called the most effective and efficient senior executive in government today, spoke on the topic  of the White House Cyber Security 60-day review.

I watched Melissa’s RSA presentation, and for those who did or for those who have been engaged with her during this review, last nights presentation was in consonance with what we know of the hard task she has been working on (if you haven’t watched it yet, I’d recommend you take a look now, at:  http://media.omediaweb.com/rsa2009/keynote_catalog.htm )

A couple thoughts from a CTO perspective:

- Like so many other problems, tackling this one requires both a knowledge of technology and of people. Both technology and people must be influenced.

- When it comes to people, Melissa mentioned the book  Influencer: The Power to Change Anything .  I haven’t read it yet, but have just added it to my Amazon wish list and will be getting it soon. Melissa said the authors of the “Influencer” book say there is power in everyone to make a change and therefore everyone should get engaged, and in this cyber context she asked everyone at INSA to stay engaged.  She wants folks to continue to dive in and stay involved and form views and move out.

- One of the most important ways the federal government influences is through law.  Our great government flows from a great Constitution and, although it was not a civics lesson last night, Melissa did mention the incredible legal review that these many cyber issues have been through.  She said over 80 significant legal issues were reviewed.  The report, when it is released, will have a 150 page legal annex that captures some of the opinion of federal legal experts from across the government.   As for me, I intend on reading every page of the report, and will pay particular attention to this legal section.

- Now that I’ve had time to think about what Melissa said, I think we (the nation, and we humans everywhere) are going to need more work to be done on how we influence technology.   I’ve tried hard to think through this from a security perspective, and I know there are things we can do right now to improve things in this regard (and I’ve provided papers to Melissa’s study team on a couple significant constructs like enhancing security through smart use of cloud computing and through smart use of open source).  But there is still much much more work to be done in this area.   CTOs cannot rest on this topic, yet.  In fact, I am not comfortable with the state of technology leadership in this area and I think all of us technologists need to follow Melissa’s advice.  We all need to get engaged and get a view and move out.

Part of the event last night was a networking reception where INSA members from academia, industry and government could chat.  The gist of the conversations confirmed what I have long thought, everyone wants Melissa to succeed and a wide swath of people are lining up to follow her lead.  She has done a great job at building a broad team and we are all looking forward to her continued leadership on things cyber.

For more on this topic see:  http://ctovision.com/category/cyber-initiative/

You may also like -

Melissa Hathaway: Compelling action along a broad frontPrediction: BlueCat Networks is one you should watchDoDIIS Conference Agenda PublishedNew Boeing Intelligence Collaboration Center2010 DoDIIS Worldwide ConferenceHow Much Freedom Will You Give Up to Fight International Cybercrime?CrucialPointLLCUS needs to kick network security intelligence up a notchCrucialPointLLCA First For The Nation: NERC Completes First Grid Security ExerciseCrucialPointLLCFormer Head of National Counterterrorism Center, Michael Leiter, to Keynote C ...CrucialPointLLCSINET Showcase 27 October 2010CTOvision.com

OK, sometimes I get emotionally attached to great technology.  I need to watch that, I know humans are what is important.  But science is cool too, and it gets really really exciting to watch great humans create and field great technologies.  That is why I have long been a fan of both Oracle and Sun.  I like many other powerhouse IT companies as well… but those are the two names dominating this week’s news and it has been the topic of dozens of conversations with other CTOs since the announcement that Oracle Buys Sun.

Here is some of the significance of the announcement, in my opinion:

- This is a $7.4B purchase.  Oracle would only have done this if they realized there is incredible value for IT customers in this transaction.

- The value of Sun is in far more than just intellectual property.  It is in incredible thought leadership of Sun’s talented people and terrific, visionary data center experience.  It is also because of the tremendous community leadership in the open source world. And of course there is the hardware production, distribution and service.  And, as emphasized in the release, Java and Solaris.

- You can believe Larry Ellison when he says” The acquisition of Sun transforms the IT industry, combining best-in-class enterprise software and mission-critical computing systems.” He also said  “Oracle will be the only company that can engineer an integrated system – applications to disk – where all the pieces fit and work together so customers do not have to do it themselves. Our customers benefit as their systems integration costs go down while system performance, reliability and security go up.”  All of this rings true.

There are some immediate steps enterprise CIOs and CTOs should do because of this announcement:

- Continue your plans to accelerate open source software into your enterprise.  Move faster now.  Your risk is lower than ever.

- Understand that market dynamics are going to change.  Oracle is a great company that will ensure Java and Solaris and MySQL continue to improve (with backing by and leadership of the great open source software community, of course).  But understand the dynamics may change the equation when it comes to software support costs.

- Move now to lock in your service and support plans for open source Solaris, MySQL, Java Composite Applications Platform Suite (CAPS) and Java Enterprise Services (JES).   Lock in at today’s rates if you can.  And extend today’s rates out for more years if you can.

- The leading operating system for the Oracle database is Solaris. Since Solaris is now open and since its use is growing there are huge numbers of trained administrators with mastery over Solaris.  But this is a good time to re-evaluate how many trained masters you have.  If you have an enterprise suport agreement with Sun it might have training options on it that you are not using.  Now is the time to max out your training.  Clearly this is going to pay off for your enterprise long term.  And after the aquisition is complete there is a chance that if you have not locked in your training rates that some of this cost may go up.

- With this agreement, enterprises are now faced with easy choices for identity management solutions. Sun Identity Management solutions already form about 60% of the identity management stack in the enterprise-class federal space.  Oracle in their fusion middleware account for much of the rest of the enterprise-grade solutions space.  Accelerate your Sun Identity Management solutions.  I believe, just based on personal experience, that Oracle and their policy management capabilities are best of breed, and they can already be engineered to work with open enterprise class leaders like Sun.  I imagine that will be a much smoother integration in the future.  Which leads to the next key point:

- While now is the time to lock in, rapidly, your Solaris, JES, MySQL support licenses, and now is the time to take advantage of any Solaris/Java training available to you, you should also agressively review the entire Oracle Fusion Middleware stack.  There are some really GREAT capabilities there.

Any thoughts on any of the above?

You may also like -

Oracle, Sun and the Enterprise CTOA CTO's favorite list of lessons from the Miracle of the 1980 OlympicsA CTO’s favorite list of lessons from the Miracle of the 1980 OlympicsGoogle Announces Apps for Government: More choices for gov CTO/CIOs.Larry Ellison on the Sun-Oracle Close, January 27, 2010

As I’ve previously noted I’m on the advisory board for Trimufant (I’m at this page).  I’m hoping all CTO types will check out this company (and I’m also hoping you don’t mind me blogging about a company I’m advising.  After all, I’m associated with them because I believe they are a world-class outfit with a great capability).

In this post I want to bring your attention to a Triumfant press release .  It is an announcement that Triumfant now provides real-time malware detection and remediation.   Triumfant has long been the leading capability for discovering unexpected changes to computer endpoints, but with their new Triumfant Resolution Manager they build on their ability to deliver zero-day malware protection.  This capability detects changes to state and rapidly returns the computer to the right state. This is done without signatures.  How is this possible?  Check out their website for more, but the way John Prisco (CEO of Triumfant) puts it:  “By continuously scanning desktops and deliverying real-time automated remediation, Triumfant is able to catch zero-day attacks before they impact the end-user and enterprise and eliminate time lost waitning for third party analysis and the updating of signatures and patches.”

Triumfant will be at the RSA conference April 20-24.  Please, if you go, stop by their booth and tell them I said hello.

Cheers,
Bob

You may also like -

Invincea Browser Protection Eliminates Web2.0 Security RisksUsing Triumfant for Secure Configuration and Change ManagementYesterday's Security Doesn't Work for Today's ThreatsThe Evolving Enterprise Threat EnvironmentInvincea and Triumfant: two firms filling important roles in enterprise IT

Have you ever been sucked into the false debate over how much IT spending should be spent on security?  I used to all the time.  Some folks point to a rule of thumb that goes something like “ten percent of the IT budget should be applied to security.”  That old school formula may well be part of the reason we got into the mess we are currently in.  It contributes to thoughts that lead you to think security can be separated.  By my way of thinking, 100% of the budget goes to security and functionality and that is the calculus.

Really, security is about ensuring information confidentiality, availability and integrity. And those constructs are totally connected to functionality of IT.   I try whenever possible to use the term security and functionality in the same context just to underscore that point.

For example, the goal I continually push regarding security in the federal space is not just one dealing with security.  I put it this way:  “Security and functionality of all federal IT will be increased by two orders of magnitude in the next 24 months.”  Putting the goal this ways also underscores that it is not security vs. functionality.  Both need to increase.

This goal also cries out for the need for metrics in security and functionality.  For functionality there are many customer focused survey methods that can help collect the right metrics.  For security, I think one metric stands out above all others:  Detected unauthorized intrusions.  There are many other important metrics for other dimensions of the security problem, but that one is key.  So, a goal that expects both security and functionality of federal enterprise IT to improve by two orders of magnitude will expect customer survey satisfaction to go through the roof, and will expect detected intrusions to drop significantly.  If there were 50,000 detected intrusions in 2008, there should be less than 5000 in 2010.

That is a dramatic goal.  What makes me think it is achievable?  In part the dramatic action being put in place today in the federal space.  And in part by dramatic new technologies and approaches like private clouds and thin client computing and enhanced identity management and authorization methods.  But of more importance and more relevance than all of that, in my opinion, is the coordinated action and leadership underway by CIOs and CISOs and the security  experts in the federal space today.

As evidence of this incredible positive action I’d like to bring your attention to a release by a Consortium of US Federal Cybersecurity Experts on Consensus Audit Guidelines.  Details of this effort are at http://www.sans.org/cag/

The Consensus Audit Guidelines provide the twenty most important controls and metrics for effective cyber defense and continuous FISMA compliance.   These controls and metrics include:

Critical Controls Subject to Automated Measurement and Validation:

1. Inventory of Authorized and Unauthorized Hardware.
2. Inventory of Authorized and Unauthorized Software.
3. Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers.
4. Secure Configurations of Network Devices Such as Firewalls and Routers.
5. Boundary Defense
6. Maintenance and Analysis of Complete Security Audit Logs
7. Application Software Security
8. Controlled Use of Administrative Privileges
9. Controlled Access Based On Need to Know
10. Continuous Vulnerability Testing and Remediation
11. Dormant Account Monitoring and Control
12. Anti-Malware Defenses
13. Limitation and Control of Ports, Protocols and Services
14. Wireless Device Control
15. Data Leakage Protection

Additional Critical Controls (not directly supported by automated measurement and validation):

1. Secure Network Engineering
2. Red Team Exercises
3. Incident Response Capability
4. Data Recovery Capability
5. Security Skills Assessment and Training to Fill Gaps

The site at http://www.sans.org/cag provides more details on each, including detailed descriptions of the controls, how to implement them, how to measure them, and how to continuously improve them.   The site also spells out the fact that this is a work in progress and processes are in place to ensure this great effort remains relevant and maximizes our ability to protect ourselves.

What should CTOs think about this guidance?  As for me, I most strongly endorse it. In my mind the appropriate implementation of these controls will reduce unauthorized intrusions in any enterprise.

The deeply respected community leader Alan Paller said it this way:

“This is the best example of risk-based security I have ever seen,” said
Alan Paller, director of research at the SANS Institute.  “The team that was
brought together represents the nation’s most complete understanding of
the risk faced by our systems. In the past cybersecurity was driven by
people who had no clue of how the attacks are carried out. They created an
illusion of security. The CAG will turn that illusion to reality.”

Please give these controls a read, and please help get them into the hands of the security and functionality professionals in your enterprise.

If you are a little rusty on your advanced science literature, theater and movies and don’t recall the story from the fictional Star Trek universe known as the Kobayashi Maru, please take a moment to watch this clip, just to get your mind going:

This part of the story, reportedly written by Gene Roddenberry himself, is about a simulation at Star Fleet Academy.  For most students there it is a no-win scenario, as you saw in the clip.   For one, however, there was a solution we should all remember.  That solution is one I like to use to remind people of what we need to do to help enhance the security and functionality of today’s enterprise IT.  More on that later.

Regarding the future of global IT, the NYT ran an article today I’d recommend to any enterprise technologist or security professional titled “Do We Need a New Internet?“  The article provides a good summary of how we got into the current mess regarding security of interconnected devices:

The Internet’s original designers never foresaw that the academic and military research network they created would one day bear the burden of carrying all the world’s communications and commerce. There was no one central control point and its designers wanted to make it possible for every network to exchange data with every other network. Little attention was given to security. Since then, there have been immense efforts to bolt on security, to little effect.

It also briefly discusses some of the threats and significant penetrations we have seen, and then introduces the Stanford Clean Slate project.   This project seeks to build a new Internet with improved security and capabilities to supoprt a new generation of applications, as well as support mobile users.  It is an Internet designed with security in it from day one.  From the Clean Slate site:

We believe that the current Internet has significant deficiencies that need to be solved before it can become a unified global communication infrastructure. Further, we believe the Internet’s shortcomings will not be resolved by the conventional incremental and ‘backward-compatible’ style of academic and industrial networking research. The proposed program will focus on unconventional, bold, and long-term research that tries to break the network’s ossification. To this end, the research program can be characterized by two research questions: “With what we know today, if we were to start again with a clean slate, how would we design a global communications infrastructure?”, and “How should the Internet look in 15 years?”

The site provides a good synopsis of research and profiles of the leaders working on the project.  I’ve heard of several similar efforts, but none so well formed, in my opinion.  The thing I really like about this one is it does not require everything everywhere to be thrown out before transitioning to this new way.  There will be changes required, but this is much more evolutionary than other approaches seem to be.  It is a great way for us humans to take back control of the technological aspects of our destiny.

Now back to the Kobayashi Maru.   How did our hero Captain James T. Kirk win the simulation?  He realized that the simulation was a creation of humans and decided that it could be redesigned.  He designed it to work better for him and he won.   That is the approach we need when it comes to Internet security, and it is an approach I think of when I read about the Stanford Clean Slate project.  People like Nick McKeown have realized it is ok for us to decide what our future will be and design it.  Thanks Nick for that, you remind me of one of our SciFi heros.

You may also like -

If You Could Pick One Thing For Congress To Do Regarding CyberSecurity, What ...CrucialPointLLC

I’ve written a bit here about new display technologies that are so thin they are disruptive to our current way of work. The move to cloud computing and rapid advances in display technology is enabling this, and these are both trends we ahve all been watching for quite a while.

In October 2007 I wrote “Enterprise Requirements Come From Hollywood” where OLED (organic light emitting diode) TV’s were discussed.   I mentioned the fact that once again Hollywood got it right first, with superthin displays in sci-fi and fantasy movies helping to drive user expectations and requirements.  I’ve also written about thin clients, especially the game-changing infrastructure components for thin clients from Sun Microsystems.  The servers supporting thin clients provide dramatic positive benefits for any IT enterprise.

And in January 2009 I wrote:

Flexible computers will arrive in production this year for early adopters and many CTOs will use them in labs to assess applicability for massive deployment in the coming years.   These flexible computers are the ultimate thin clients.   Backends/servers/architectures developed for the cloud perfectly suit ultra thin, flexible computing devices. For more on this hot topic, start at the site of the Flexible Display Center at ASU.

One company poised to take advantage of the technologies of flexible displays is Plastic Logic. They are a Silicon Valley startup producing a paper-pad-thin device that is designed for business reading.   For now, their offerings are focused on the business user and information can get into the device either by users sending it to the device or by content providers.

The Plastic Logic Reader is officially still in development.  It will enter the market later in 2009 via pilots and trials (I hope to get one) and then be commercially available in 2010.  Complete features lists are not available but it supports a wide range of document types, including: PDF, DOC, DOCX, XLS, XLSX, PPT, PPTX, JPEG, PNG, TEXT, HTML, BMP, RTF, and ePub.

Users will hold this reader like they hold a piece of paper and read documents provided via wireless communications. The device weighs ounces not pounds, is thinner than a Macbook Air, and has a battery that lasts days vice hours.  For more see this video of Plastic Logic CEO Richard Archuleta from the Fall 2008 Demo conference:

My suggestion to any enterprise-class CTO is to check out their website and find ways to get their capability into your lab and into the hands of your users.

I’d also suggest thinking through how these devices can fit into the rest of your enterprise, and I’d suggest you (actually, I suggest all of us) start formulating our desires for enterprise capabilities on this device.  For example, what encryption will be used?  How will it do identity management?  How will it to access control?  How will it work with a Sun Ray environment?

You may also like -

Disruptive IT List Update: watching several dramatically positive technologiesSOCOM's Technology Wish ListA National Strategy for Trusted Identities in CyberspaceContinued Evolution of DoD Cyber PolicyA CTO's favorite list of lessons from the Miracle of the 1980 OlympicsNicira Launches: Will change the world of networking giants and enterprise ITCTOvision.comSOCOM’s Technology Wish ListCrucialPointLLCMake Maximum Use of CTOLabs.comCTOvision.comZombie TechnologiesDr Cloud's Flying Software CircusPresident’s Daily Brief- There’s an app for that: iPad Used to Deliver Presid ...CrucialPointLLC

2008 was a year of rapid changes for Chief Technology Officers.  We should expect 2009 to move even faster.  Where will the biggest trends take us?  I offer some considerations below.  Please
look these over and give me your thoughts.   Push back if you have
disagreement.

First, my overall advice for CTOs in 2009… Just like the new thin interfaces you will be testing in your lab… be flexible. Now here are some more thoughts on what’s in store for CTO s in 2009:

• Here is a no-brainer: Increasingly CTOs will leverage social media to collaborate.  Things are moving so fast that we all like to network to seek help on big things and to get advanced warning on what is coming next.  More of us will be on Twitter, in Facebook, and writing blogs.  And this is a good thing.

• “Mashups” will still be very important as an enterprise objective in 2009 (and beyond).   And the company that will help accelerate them into the federal enterprise is JackBe.  They do things in a way that enterprise CTO s like.  They build in connections to governance, security, identity management.  And they play well with the entire ecosystem so you don’t have to rework all legacy just to use them.  Of course web2.0 will remain a key trend, but mashups takes web2.0 to a new, more mission-oriented level and for enterprise players the mission is what is important.

• An approach we will all learn to love and follow is “context accumulation”.   This very important term was coined by Jeff Jonas, and I think Jeff is going to have all of us moving out on that in the next 12 months.   If you agree, visit his blog and by all means help others understand why this is really the only way we humans stand a chance of surviving/thriving in the onslaught of data.

• Federal acquisition of IT will still be criticized for all the reasons it always has been.  But there will also be an acceleration of a dramatic positive change brought about because of open source software and a new appreciation that IT acquisition processes (RFI/RFP/FAR/DFAR based purchases) do not apply to software that is free.  Free software is not being bought, it is being used, for free.  The whole reason the FAR exists is to ensure when the taxpayer’s money gets spent it gets spent wisely.  When things are free the FAR has less applicability.  Services for open source are being bought and since that uses government money of course the taxpayers will continued to be served by the same FAR-type processes that are meant to ensure open competition, but that is not for free open source software, that is for services to configure and manage the software.

• Will this be the year of enterprise security?  We have been banking on that for a long long time.  We know the answers on how to make enterprises more secure.  There is a great recap of some of the most important components of security in the CSIS report. But there are many more things that can be done as well. My goal, as captured here, is to improve security by two orders of magnitude within the next 24 months.

• Netbooks, Thin Clients and Cloud Computing will accelerate throughout the technology landscape, especially inside the federal government.  These trends in both devices and the cloud components are directly related and are also benefiting from the global, unstoppable trend toward open computing (open software and open standards).  One to watch in this area:  Sun Microsystems.   But also track the dynamics of the netbooks providers.  Dell will get serious about netbooks, but Acer will continue to grow market share.

• A key accelerator of Cloud Computing has been the powerful technologies of virtualization, especially those of VMware.  Open source and other virtualization capabilities are coming fast too.  Trend to watch in 2009 is the arrival of higher order, more elagant capabilities to manage virtualizaiton accross large enterprises.  VMware and Opsware (HP) will continue to evolve to do this, but Appistry, Vizioncore, Xsigo and Sun (and others?) are coming fast.
• Increasingly leaders will recognize that concepts of operation that require humans to tag and create metadata are sub-optimized.  When busy people are tasked with burdensome tagging operations they too frequently become tempted to cut corners and rush the process.  Over time, meta data generated this way just becomes meta crap.  This growing recognition in the federal space will sweep in new technologies and new approaches to discovery of content.  One to watch to solve this issue:  Endeca, because of their approach to visualizing information and enabling human to computer iterative examination of data.

  

• Flexible computers will arrive in production this year for early adopters and many CTOs will use them in labs to assess applicability for massive deployment in the coming years.   These flexible computers are the ultimate thin clients.   Backends/servers/architectures developed for the cloud perfectly suit ultra thin, flexible computing devices. For more on this hot topic, start at the site of the Flexible Display Center at ASU.

• Collaboration will increasingly be seen as the means to link human brains together.   Collaboration tools that are stand alone stovepipes will be a thing of the past.  Users will collaborate using the entire technology environment:  voice, video, data, whiteboard, chat, application sharing, info discovery will increasingly be integrated into a single fabric.  Key players here:  Adobe, Microsoft and Cisco.

• In a big change for how money is moved in major enterprises, the CIO will be given responsibility for the energy budget.  This will encourage CIOs to modernize to conserve energy, since money saved from energy costs can be invested back in modern IT.  This will be a very virtuous cycle, that saves money for organizations, saves energy, and modernizes IT.

• In a stunning turn, IPv6 will be rapidly adopted, not by enterprises, but in homes.  The major home communications provider that delivers full IPv6 to home environments (and to cell phones) will have an incredible advantage over competitors and will dominate.  The many rich features of IPv6 delivered to consumers will finally push enterprises everywhere to move out on IPv6.

• In 2009, as in every year prior and for most into the future, there will continue to be bad people using technology to do bad things.  Enterprises will move to protect info, but bad guys will keep moving to get the data.   And the use of social networking tools by terrorists will likely grow.  This is not a foregone conclusion, but I’m not personally sure what can be done to mitigate the use of advanced technology by bad people, other than to say that we good people need to work together more to stop them, and my hope is that we can keep 2009 safe and secure.

Thoughts/comments/suggestions?  Please let me know what you think.

You may also like -

The "Big Five" IT trends of the next half decade: Mobile, social, cloud, cons ...One Trillion Reasons: One Year LaterMake Maximum Use of CTOLabs.comAlex's 2012 Tech PredictionsNew IARPA Program Aims To Discover Tech TrendsERP Movement in the Cloud Shaking Up HR Software MarketCrucialPointLLCThe “Big Five” IT trends of the next half decade: Mobile, social, cloud, cons ...Bob GourleyAlex’s 2012 Tech PredictionsBob GourleyBob Gourley’s 2012 Outlook: “Expect Disruptions”CrucialPointLLCDebrief from The White House Forum on IT Management ReformCTOvision.com