The DoDIIS Conference Agenda is now up at the conference site, and it really looks to be a great one. The confernece will be great for technology leaders in government, technology providers from industry, and the mission-focused executive leadership who seeks to guide both. If you want to shape the future, come to the DoDIIS conference and see what secure enterprises with advanced analytical missions are up to.

I’ve pasted the full agenda below, but some key highlights include:

• An overview by DIA’s CIO and Director of DS, Mr. Grant Schneider.
• Insights into secure collaboration provided by Mr. John “Mike” McConnell, former Director of National Intelligence and a mentor to legions of us who have long revered him.
• An overview of the mission needs put on the DIA technology team, provided by the Director of DIA Lieutenant General Ron Burgess.
• Insights into the human element of the system provided by noted professor and thinker Robert Axelrod.
• Deep dives into successes in innovation and information sharing, “CIA Style” presented by champion innovator Mr. Geoffrey Fowler, Director and Managing Editor of the World Intelligence Review (WIRe).
• Many breakout sessions are scheduled, including a wide range of mission-focused topics and advanced technology deep dives. I personally plan on hitting the ones on Hadoop (of course, since “Big Data” is an issue we should all be accelerating into our enterprise). I’ll also attend the “Data Center for the Future” talk since DoDIIS planners are always at the forefront of datacenter design and I’m sure I’ll pick up some good tips there.  I also noticed a breakout on the “Egyptian Revolution and Twitter” that might be insightful.

I hope to run into about 2000 of my friends at the event. I’ll also be blogging a bit from there, as will Ryan Kamauff and Chris Barnes.  And look for us on Twitter as well. We are at: @bobgourley, @Ryan_Kamauff, @ChrisBarnesCP

And, consider this a pre-announcement: we are putting the finishing touches on a site meant to pull together our evals of DoDIIS technology and twitter feeds/etc during the event. Find it at http://dodiistech.com

For more details and to register see: http://www.ncsi.com/dodiis11/index.html

Here is the DoDIIS agenda:

Sunday 1 May

Evening reception/strategy sessions/networking.

Monday 2 May

0750 – 0800

Announcements

0800 – 0830

Keynote Speaker

Mr. Grant M. Schneider Deputy Director for Information Management and Chief Information Officer, Defense Intelligence Agency

0830 – 0915

Secure Collaboration — Technology to Support the Mission

Mr. John “Mike” McConnell Executive Vice President, Booz Allen Hamilton

0915 – 1000

Networking Break/Technology Exposition

1000 – 1045

Keynote Speaker

Lieutenant General Ronald L. Burgess, Jr.Director, Defense Intelligence Agency

1100 – 1145

Vulnerabilities of Wetware Professor Robert Axelrod Walgreen Professor for the Study of Human Understanding, University of Michigan

1145 – 1300

Networking Break/Technology Exposition/Lunch

1300 – 1345

Breakouts / Learning Labs

1400 – 1445

Breakouts / Learning Labs

1445 – 1545

Networking Break/Technology Exposition

1545 – 1630

Breakouts / Learning Labs

Tuesday 3 May

0750 – 0800

Announcements

0800 – 0845

The Real Business Value of IT: How CIOs Create and Communicate Value

Mr. Richard Hunter Vice President Distinguished Analyst, Gartner

0845 – 0930

Disruptive Innovation in Computing, and Mission Impact in the Next Decade

Mr. David McQueeney Vice President of Software Research, IBM

0930 – 1030

Networking Break/Technology Exposition

1030 – 1115

Breakouts / Learning Labs

1130 – 1215

Breakouts / Learning Labs

1215 – 1330

Networking Break/Technology Exposition/Lunch

1330 – 1415

Potential for Two-Way Collaboration

Mr. Terry Kline Vice President and Chief Information Officer, General Motors

1415 – 1515

IC Executive Board: Integrating the Intelligence Mission through Technology

Moderator:
Mr. Al Tarasiuk Assistant Director of National Intelligence and Chief Information Officer, Intelligence Community

Panelists:
Mr. James Beagles Acting Director, Chief Information Officer, Department of Homeland Security

Mr. David DeVries Principal Director, Office of the Department of Defense Chief Information Officer, Under Secretary of Defense for Intelligence

Mr. Dean E. Hall Associate Executive Assistant Director and Deputy Chief Information Officer, Federal Bureau of Investigation

Mr. Kelly A. Miller Deputy Chief Information Officer, National Security Agency/Central Security Service

Mr. Paul E. Muench Deputy Chief Information Officer, National Geospatial-Intelligence Agency

Mr. Grant M. Schneider Deputy Director for Information Management and Chief Information Officer, Defense Intelligence Agency

Mr. Neill Tipton Director, Information Sharing and Partner Engagement, Department of Defense

Ms. Jill Tummler Singer Chief Information Officer, National Reconnaissance Office

Ms. Jeanne C. Tisinger Chief Information Officer, Central Intelligence Agency

1515 – 1615

Networking Break/Technology Exposition

1615 – 1700

Breakouts / Learning Labs

Wednesday 4 May

0750 – 0800

Announcements

0800 – 0845

Unifying Intelligence Strategies — The Central, Critical Node to Achieving Integrated Intelligence

Mr. Robert Cardillo Deputy Director for Intelligence Integration, Office of the Director of National Intelligence

0845 – 0930

Innovation in Information Sharing — CIA Style

Mr. Geoffrey K. Fowler

Director and Managing Editor, World Intelligence Review (WIRe), Central Intelligence Agency

0930 – 1030

Networking Break/Technology Exposition

1030 – 1130

Services Panel: Secure and Collaborative Intelligence to Support the Warfighter

Panel Moderator: Mr. James R. Martin Director, ISR Programs, Office of the Under Secretary of Defense (Intelligence)

Panel Members:

Mr. Robert “Bo” T. Martin Deputy Director, ISR Capabilities, U.S. Air Force

Mr. Gregory B. Palmertree Chief Technology Officer, Marine Corps Intelligence

Ms. Lynn Schnurr Senior Technical Advisor, Army Intelligence Chief Information Officer, Information Management, Deputy Chief of Staff, G2 Headquarters, Department of the Army

Mr. Jack Y. Gumtow Chief Information Officer, Office of Naval Intelligence

1130 – 1215

The Path to Secure and Agile Cloud Computing

Mr. Michael Capellas Chairman and CEO, VCE, The Virtual Computing Environment Company

1215 – 1315

Networking Break/Technology Exposition/Lunch

1315 – 1400

Breakouts / Learning Labs

1415 – 1500

Breakouts / Learning Labs

1500 – 1545

Networking Break/Technology Exposition

1545 – 1630

Breakouts / Learning Labs

Thursday 5 May

0750 – 0800

Announcements

0800 – 0845

NIST Cloud Computing Program: Useful Information for USG Cloud Adopters

Ms. Dawn Leaf Senior Advisor, National Institute of Standards and Technology Information Technology Laboratory and Senior Executive for Cloud Computing

0845 – 0930

Keynote Speaker

Mr. James Stout Senior Director, DoD Customer Executive, Avanade Federal Services

0930 – 0945

Networking Break

0945 – 1030

Intelligence Studies: What Academia Provides

Professor James Breckenridge Dean of the Walker School of Business and Chair of the Department of Intelligence Studies at Mercyhurst College

1030 – 1100

Related articles

• Technology Firms at the DoDIIS Worldwide (ctovision.com)
• 2011 DoDIIS Worldwide Conference (ctovision.com)
• DIA CIO Grant Schneider Highlights Cloud Computing (blogs.forbes.com)
• Government Eyeing Security Technology To Prevent Another Wikileaks (informationweek.com)
• Leaks a “Serious Problem” for Defense Intelligence (fas.org)

You may also like -

How is the DoDIIS Conference Going?DoDIIS Technology: A need for better ways to understand and assess2011 DoDIIS Worldwide ConferenceDoDIISTech.com is a new reference for DoDIIS technologistsTechnology Firms at the DoDIIS WorldwideNominating Technologies For Review At CTOlabs.comCrucialPointLLCDisruptive Technology of the Week – Republic WirelessBob GourleyGeneral Dynamics Press Release on SITECTOvision.comLatest DodgeRetort – GAO: Federal CIO’s need to focus more on information man ...CrucialPointLLCEnhancing Participation, Collaboration & Transformation with Gov 2.0CTOvision.com

The work of the National Counterterrorism Center (NCTC) is important and, because of the need to protect our nation’s information sources and advantages over international terrorists, criminals and other malicious actors, is not discussed much in the open. But there are things you can learn about NCTC by review of reputable sources. The most important source is testimony of its leadership to Congress.  For example, see the statement of The Honorable Michael E. Leiter of 9 Feb 2011.  These guys have a very hard job to do and we have great leadership in place here to get it done.

Another good source on what they do is the website at NCTC.gov. The info they put there is intentionally designed to inform us on the threat and what the country is doing about it. It is all worth a review.

As a techie, one of the things I really appreciate about the unclassified NCTC site is the automated information discovery tool they provide for research into terrorism incidents. Unclassified information on terror attacks can help academic research, security studies and even research into counter terror technologies. To see how they provided it, visit the site for the Worldwide Incident Tracking System (WITS). This system provides statistical information in a searchable format focused on discovery of trends and relationships.

The WITS system is available at: https://wits.nctc.gov

Visiting that URL brings up a familiar “Endeca-like” interface into the incident data. This lets you navigate all reported incidents by multiple paths.  You can search, you can correlate, you can plot on maps with density clusters and heat maps, you can navigate through tag clouds and concept clouds, and you can continuously iterate in and learn from your research as you go.

I would like to see more government organizations presenting their information this way. A couple already are.  For example, the entire US Census is now available from this sort of interface.  But I’m proud to say NCTC was leading the way in getting info out to our citizens via this type of interactive interface.

Related articles

• US Census Bureau Launches New American FactFinder on Endeca (ctolabs.com)
• Holiday vigilance – Obama receives security briefing (politico.com)
• To Find Needles In Haystacks, US Gov’t Has Built Hundreds Of New Haystacks (techdirt.com)
• White House Convenes “Inter-Agency” Call on Holiday Threats (blogs.abcnews.com)
• No. 1 priority for US security: domestic terrorism, threat report says – Christian Science Monitor (news.google.com)
• Napolitano: Nation’s terror threat may be highest since 9/11 (cnn.com)

You may also like -

Deputy Secretary of Defense Lynn: Cyber Strategy’s Thrust is DefensiveThe Devil is in the Details: Seven Tests to Apply to any Cyber Conflict ConceptEnhancing IT Support to the Counter Terror Effort: The ChallengeMelissa Hathaway: Compelling action along a broad frontThe End of Cyber Security (Part IV)Haft of the Spear

The next big Gov2.0 event is the 21-22 July 2009 Open Government & Innovations Conference (OGI).  The list of speakers includes some of the greats from the federal IT scene, including:

• Vivek Kundra, Federal CIO
• Aneesh Chopra, Federal CTO
• Tim O’Reilly, Visionary of the Web2.0 movement
• David Weinberger, Berkman Center for Internet and Society, Harvard Law School
• David Wennergren, ASD NII and DoD CIO
• Michael Wertheimer, CTO, ODNI
• Lovisa Williams, Senior Technology Advisor, State Department
• Robert Carey, CIO, USN
• Colleen Coggins, Architect, Department of Interior
• Sean Dennehy, Intellipedia and Enteprise 2.0 Evangelist, CIA
• Mary Davie, Assistant Commissioner, GSA
• Debra Fillippi, Information Sharing Executive, DoD
• Jack Holt, Strategist for Emerging Media, DoD
• Jeffrey Levy, Director of Web Communications, EPA,
• Col Robert Morris, US Army

Topic, besides some incredible keynotes, include Web2.0 and National Security, Cross Agency Collaboration, Health IT, Openess and Information Sharing, Citizen Engagement, Transparency, Data Visualization and many others.

I’ll be speaking on a panel at 10:15 on the 21st on the topic of Web2.0 and National Security.  Panelists include Mark Drapeau, a published expert on the topic, Lin Wells, one of the most influential people in the national security space, and Lewis Shepherd of Microsoft’s Institute for Advanced Technology in Government.  I enjoy learning from all these guys and think they will make a good panel.  I’m wondering how they will respond to a new thesis I’m working on: the observation that just because you give Web2.0 tools to people it doesn’t mean they will use them.  We learned a similar lessons with information sharing.  Just because you connect everyone and give them interoperable tools does not mean they will collaborate.  They have to want to collaborate. If that thesis is correct, then giving everyone in the national security community access to web2.0 tools inside their firewall or not, will not mean the culture will change.  Those that want to collaborate and share will make great use of those tools.  Those that don’t want collaborate and share will not.  This means web2.0 will not make a difference for national security till we work some big cultural issues in the community (maybe that is just a blinding flash of the obvious.  Maybe that is a point of this conference).

Please check out the conference at opengovinnovations.com

Cheers,
Bob

You may also like -

Vivek Kundra's Retirement Reception and the Role of the Federal CIOCTOs: Provide your inputs on how the government will implement cloud computin ...Enterprise Technology Developments in 2010 and 2011Federal Cloud Computing StrategyThe Cloud and CybersecurityFederal IT’s Revolving-Door ProblemCrucialPointLLCHomeland Security To Move Websites To CloudCrucialPointLLCDo You Use Data? Register Now For Hadoop World 2011 To Help Create The FutureCrucialPointLLCCloudera Day in DCCrucialPointLLCFederal Chief Technology Officer Aneesh Chopra to step downCrucialPointLLC

I previously mentioned the DoDIIS Worldwide Conference, which was held 17-21 May 2009.  I took lots of notes from the conference: enough, in fact, to fuel this blog for a long long time.  My associate Ryan Kamauff took even more (and more relevant) notes on the sessions there, and both of us kicked the tires on as many technology demos as we could.  This was a great education for us and the many other atendees there. I was also allowed to give a presentation at the conference (see: Five Megatrends in Enterprise IT).  Overall it was really a great time.

The following is a run down of some of the more salient parts of the conference.

Presentations were given by:

* Grant Schneider, DoDIIS CIO
* LTG Ron Burgess, DIA Director
* Ms. Sherrill Nicely, ODNI CIO
* Dr. Prescott Winter, ODNI ADDNI for Information Integration
* MG John Custer, CG, USA Intelligence Center
* Ms. Lauren States, IBM Cloud Computing director
* Mr. Mark Bregman, Symantec CTO
* Mr. Marlin Forbes, Verizon Federal
* RADM Tom Atkin, US Coast Guard
* Mr. Kurt Rao, CIO, Time Warner
* Mr. Bill Vass, COO Sun Federal
* Panels including all intelligence community CIOs and several senior customers were also held.

Our views of the most relevant/actionable information:

LTG Burgess very clearly demonstrated his strong support for and high expectations for the IT components of the enterprise, but he also laid down some requirements for the current team to achieve. He expects the mission to be served with highly reliable IT. And he expects that will be done in a way that does not give DIA customers “headaches.” DIA and the IT it provides is supposed to speed up mission success not slow it down (when customers touch DIA networks it should be “Like race time at Talladega”). He expects DoDIIS to deliver timely intelligence (“Intelligence without communications is nothing more than history”). He also expects DoDIIS to be in a mission support role. DoDIIS is to enable and support the mission. He reminded us all that he does not know the future but for planning purposes he believes FY11-15 will be an age of flat lines in the budget. “Not everyone will get what they want, but the mission will get what it needs– deployed in an enterprise style.”

Grant Schneider hit three themes hard: creating a change environment, moving DoDIIS forward to meet this change, and decreasing time to market for DoDIIS IT. Grant wishes to have an environment in DoDIIS that welcomes a change from the current policies. He also mentioned the movement towards “Green IT”. He underscored several other important capabilities, including the need for cross domain solutions and the need for collaborative tools. He established three focus areas for 2009: customer service excellence, enhanced requirements planning/management processes, and decreased time to market.  Upon closing of the conference Grant returned to many of these same themes, and also underscored that social networking is going to be driving much of the communication in the enterprise.

MG Custer provided one of the most exciting presentations of the conference. It was a very technology focused presentation that hit on the complex dynamic between the acceleration of technology and the need for customers to drive requirements. He is a clear believer that innovation on the edge should drive the systems we use, the architectures we employ and the methodologies we utilize on the battlefield. MG Custer provided thoughts on how DIA DS could better serve, and he did so in a way that made many of us think he was not getting responses to his needs in formal channels. Areas he said could use more DIA attention include:

• Designate GISA as Army JWICS regional support center (RSC)
• Develop cross-fertilization exchange program between GISA and RSCs
• Develop personnel exchange between G2 and DS
• Eliminate agendas and ‘not invented here’ syndrome
• MOA to establish battle hand-off between G2 and DIA

General Custer also showed the audience a YouTube video I reported on at this site (see:  http://ctovision.com/2009/03/you-really-have-to-see-this-from-mit-media-lab ).

Many speakers hit on common themes of the need for enhanced data sharing, the need for smarter data center strategies, the need for continual work in cross domain solutions (and smarter networks), the need for rapid implementation of ICD501, and the need to be able to share the results of programs and projects from elsewhere in the community. Speakers hit on the fact that A-Space is a positive thing but still pretty much limited to a small number of beltway analysts (J-space is coming and should be more broadly applied). Other speakers hit on the need to improve the acquisition processes.

The need for continual work in cross-domain solutions is particularly noteworthy. Progress has been made in many fronts regarding cross domain, and the government has done smart things like establish cross-domain management offices to help bring focus to this area. However, in some ways the establishment of cross-domain management offices and the regulations that come with it have actually introduced challenges regarding innovation. The government has focused so hard on reducing cross-domain solutions and narrowing the set of capabilities that new capabilities are very hard to introduce.

Technology themes during the conference mirror the technology themes elsewhere in the IT world: Virtualization, Storage, Cloud Computing, Open Source and Security were all key topics.

This conference informed our thoughts on high interested technology and was a fantastic opportunity to connect with old friends.  Thanks DoDIIS friends for letting me attend.

You may also like -

How is the DoDIIS Conference Going?2011 DoDIIS Worldwide ConferenceDoDIISTech.com is a new reference for DoDIIS technologistsDoDIIS Conference Agenda PublishedDoDIIS Technology: A need for better ways to understand and assessNominating Technologies For Review At CTOlabs.comCrucialPointLLCLatest DodgeRetort – GAO: Federal CIO’s need to focus more on information man ...CrucialPointLLCSolutions for the Information Technology Enterprise (SITE) AwardsCTOvision.comTechnology Firms at the DoDIIS WorldwideCTOvision.com2010 DoDIIS Worldwide ConferenceCTOvision.com

The DoDIIS Worldwide Conference will be held in Orlando Florida this year, at the Orlando World Center Marriott. I really like this conference.  It is filled with folks I like and centers around a hard enterprise mission that cries out for strong IT solutions.

The theme of this years conference is “Empowering Decision Advantage.”  The plenary speakers this year are GREAT! (as usual).  They include Grant Schneider, CIO for DIA, LTG Ron Burgess, Director of DIA, Sherrill Nicely, ODNI CIO, Pres Winter, Info Integration at ODNI, Major General John Custer of the Army Intelligence Center, and an incredible panel of all key IC CIOs.  This panel includes Grant Schneider, Al Tarasiuk (CIO CIA), Charles Barlow (CIO, NRO), Kelly Miller (CIO, NSA), Chad Fulgum (CIO FBI), Craig Kaucher (CIO DHS), Bobby Laurine, CIO NGA, Sherrill Nicely and Pres Winter.   This is going to be an awesome panel.  Really.

I’ve been asked to speak at a breakout session and am honored to do that.  The presentation I’ve been working on is an updated version of a briefing I used to track the future of IT.  This briefing considers five “Mega Trends” in the IT world and then talks about some specific technologies that hold high potential of changing the IT landscape.  I’ll be presenting Tuesday at 1500.  If you are a CTO or other enterprise technologist I would really appreciate seeing you there.

A key thing I really like about this conference is the expo floor.  I’ve been known to roam around in there for hours, going from one technology demo to the next.  This is where America’s greatest technologies are demonstrated.  Every major IT firm will be there, and so will every IT savvy integrator.  Every great application developer and every great mashup capability will be there.   Companies like Carahsoft, Endeca, Adobe, Symantec, Sun, Cisco, Microsoft, Oracle, JackBe and many more will be there.  I can’t wait to catch up with all of them there.

For more on the conference please see:  http://ncsi.com.  NCSI always puts on a great event.

If you are going to be there and will be up on Twitter please drop me a note or connect to me on Twitter @bobgourley.  I’d like to track what you are putting out there.  I hope to be on twitter a bit myself there, but may be too excited to type.

You may also like -

How is the DoDIIS Conference Going?2011 DoDIIS Worldwide ConferenceDoDIIS Conference Agenda PublishedGeneral Dynamics Press Release on SITETechnology Firms at the DoDIIS WorldwideLatest DodgeRetort – GAO: Federal CIO’s need to focus more on information man ...CrucialPointLLCNominating Technologies For Review At CTOlabs.comCrucialPointLLCDoDIISTech.com is a new reference for DoDIIS technologistsCTOvision.com2010 DoDIIS Worldwide ConferenceCTOvision.comDoDIIS Technology: A need for better ways to understand and assessCTOvision.com

INSA, the Intelligence and National Security Alliance, is a group of professionals from academia, industry and government who seek to enhance innovation, discussion, debate and progress on key national security issues.  I’ve been involved as a member for years and get the pleasure of interacting with folks from a wide swath of the community.

One of the many services INSA provides the community is providing a venue for speakers and community leaders to interact.  INSA did that again just last night when their Distinguished Speaker Series featured Melissa Hathaway.  Melissa, who I have previously called the most effective and efficient senior executive in government today, spoke on the topic  of the White House Cyber Security 60-day review.

I watched Melissa’s RSA presentation, and for those who did or for those who have been engaged with her during this review, last nights presentation was in consonance with what we know of the hard task she has been working on (if you haven’t watched it yet, I’d recommend you take a look now, at:  http://media.omediaweb.com/rsa2009/keynote_catalog.htm )

A couple thoughts from a CTO perspective:

- Like so many other problems, tackling this one requires both a knowledge of technology and of people. Both technology and people must be influenced.

- When it comes to people, Melissa mentioned the book  Influencer: The Power to Change Anything .  I haven’t read it yet, but have just added it to my Amazon wish list and will be getting it soon. Melissa said the authors of the “Influencer” book say there is power in everyone to make a change and therefore everyone should get engaged, and in this cyber context she asked everyone at INSA to stay engaged.  She wants folks to continue to dive in and stay involved and form views and move out.

- One of the most important ways the federal government influences is through law.  Our great government flows from a great Constitution and, although it was not a civics lesson last night, Melissa did mention the incredible legal review that these many cyber issues have been through.  She said over 80 significant legal issues were reviewed.  The report, when it is released, will have a 150 page legal annex that captures some of the opinion of federal legal experts from across the government.   As for me, I intend on reading every page of the report, and will pay particular attention to this legal section.

- Now that I’ve had time to think about what Melissa said, I think we (the nation, and we humans everywhere) are going to need more work to be done on how we influence technology.   I’ve tried hard to think through this from a security perspective, and I know there are things we can do right now to improve things in this regard (and I’ve provided papers to Melissa’s study team on a couple significant constructs like enhancing security through smart use of cloud computing and through smart use of open source).  But there is still much much more work to be done in this area.   CTOs cannot rest on this topic, yet.  In fact, I am not comfortable with the state of technology leadership in this area and I think all of us technologists need to follow Melissa’s advice.  We all need to get engaged and get a view and move out.

Part of the event last night was a networking reception where INSA members from academia, industry and government could chat.  The gist of the conversations confirmed what I have long thought, everyone wants Melissa to succeed and a wide swath of people are lining up to follow her lead.  She has done a great job at building a broad team and we are all looking forward to her continued leadership on things cyber.

For more on this topic see:  http://ctovision.com/category/cyber-initiative/

You may also like -

Melissa Hathaway: Compelling action along a broad frontPrediction: BlueCat Networks is one you should watchDoDIIS Conference Agenda PublishedNew Boeing Intelligence Collaboration Center2010 DoDIIS Worldwide ConferenceHow Much Freedom Will You Give Up to Fight International Cybercrime?CrucialPointLLCUS needs to kick network security intelligence up a notchCrucialPointLLCA First For The Nation: NERC Completes First Grid Security ExerciseCrucialPointLLCFormer Head of National Counterterrorism Center, Michael Leiter, to Keynote C ...CrucialPointLLCSINET Showcase 27 October 2010CTOvision.com

The Wall Street Journal just ran an article titled:  “New Military Command to Focus on Cybersecurity.”   In it they indicate “current and former officials familiar with the plans” say a new military command will be established to coordinate the defense of Pentagon computer networks and improve US offensive capabilities in cyberwar.

WSJ also reports that Defense Secretary Gates plans to announce the creation of a new military cyber command after the rollout of the White House review.

My opinion:  This WSJ article seems more balanced and accurate than the article I discussed in my post “NYT wants cyber security to be a divisive issue.”

The WSJ article is in consonance with what is going on and what should be going on.  I believe NSA should be formally given the lead for defending DoD/IC systems, but defense remains a team sport, and DHS should be given the lead for defending the rest of .gov networks (while still leaning on NSA/DoD/DNI as required).  And all players need to work well with industry and allies in a coordinated, fast moving way.

What does this mean for enterprise technologists?  For the most part it is good news.  But for day to day security operations in most enterprises, the relationships you have with other organizations will remain the same as before– for now.   And the current body of best practices remains in place.  You still need to understand and implement and follow the Common Audit Guidelines, for example.  Doing that is going to help you and will help others too.

You may also like -

GovSec conference is March 29-31 2011Pros and Cons: Cyber CommandIntelligence Community Executive Forum on Cyber OperationsDefense bill passes after lengthy debateCrucialPointLLCCybersecurity Workforce FrameworkCrucialPointLLCPentagon CIO’s Tech Revamp: 4 PrioritiesCrucialPointLLCLeadership changes in DoD IT, logistics, cyberCrucialPointLLCHomeland Security Committee Unveils Cybersecurity BillCrucialPointLLC

I just read an article that seems designed to keep spreading FUD (Fear, Uncertainty, Doubt) about the US government and the NSA.   The article is titled “Control of Cybersecurity Becomes Divisive Issue “.  It starts with an assertion stated as if it were a fact that says “The National Security Agency has been campaigning to lead the government’s rapidly growing cybersecurity programs”.

I bump into all sorts of people in the beltway, and there is a huge amount of buzz regarding cyber.  There is also a huge amount of pontification and rumor and hype, and I think Risen and Lichtblau have fallen for some of that.

I guess I should not be so hard on Risen and Lichtblau.  They are writing about stuff they have no real experience in (other than as writers) and their sources probably have their own biases or in some cases probably have no access to what is really going on.

Maybe I should just repeat something that all of us citizens should already know.  Don’t believe everything you read.

If I were writing the article, I think I would have started it out by saying “The National Security Agency has impressive security expertise and a long history of doing the right thing.  Their sensitive mission is conducted with great care and extensive oversight and they have great processes in place to continually improve what they do. They save lives and protect our privacy and do so with great honor.”  I would also have, as Risen and Lichtblau did, quoted my old friend Dale Meyerrose who said “They are probably the premier cybersecurity, cyberorganization in the world.”

There are plenty of other quotes by friends in that article.  All seem to agree that NSA should not be in total command of all aspects of cybersecurity.  OK, there are many many options on how the nation can do this.  But I really think it was wrong to start off the article with the assertion that the NSA is campaigning for anything.

The NSA has great capabilities that the nation will almost certainly take advantage of as we enhance our cyber security.  That doesn’t mean they are lobbying to be in command of everything.  If they were placed in total command then the country would place the right amount of checks and balances to ensure it worked well, and I would be totally fine with that.  If they are not in command then the country should place the right amount of coordination mechanisms in place to ensure the mission is served well, and I would be totaly fine with that.

What I would not be fine with is if we keep kicking the can down the road and keep a model where we are slow to react and cannot mount as vigorous of a defense as we should.

A hypothetical question to ask ourselves:  Which path would the Russian Business Network, a criminal group described by Verisign as “the baddest of the bad”, want us to take? They would probably want to see us fiddle around for as long as possible without taking clear action.  As for me, I want clear, decisive action that moves us forward.  And I don’t see anything coming from NYT that will help us embark on that path.

You may also like -

CTO Perspectives on Cyber Security BillPrediction: BlueCat Networks is one you should watchFixmo Announces Advisory Board, Adds to Board of DirectorsUS Cyber Command Conducts Tactical Cyber ExerciseFederal Cyber Security: Missions, Initiatives, Opportunities and RisksNSA: Growing cybersecurity threats demand defenders think like attackersCrucialPointLLCNSA crafting cyber guidelinesCrucialPointLLCIf You Could Pick One Thing For Congress To Do Regarding CyberSecurity, What ...CrucialPointLLCEnterprise Security: STRATFOR and Activist HackersBob GourleyCloud could provide cybersecurity boost to intelligence, defenseCrucialPointLLC

Foreign spies are in our country for many bad reasons. Spies target defense secrets and seek to penetrate the decision-making process of our government leaders.  They also gain unauthorized access to information held by our nation’s corporations.  In this time of serious economic crisis this aspect of the threat from foreign spies is particularly troublesome.  Spies contribute to the problem’s we face in the economy.

Today one of the most damaging things spies do is steal the trade secrets and intellectual property of our corporations and research labs.  The intellectual property they steal is moved overseas where other countries (and companies inside those countries) can benefit from the investments we make in research and development.  This hurts our economy in many ways.  It causes the value of our research and development to be significantly sub-optimized.  It hurts the ability of our companies to compete in the global market place.  It causes more jobs to go overseas.   It can threaten the survival of companies which of course hurts both investors and employees.  This is all bad for the economy.  And its all WRONG!  Our country needs to invest enough in our counterintelligence capabilities to find foreign spies and get them out of here.

A particularly insidious threat is one where a country might couple the power of spies in our borders with cyber attacks and cyber espionage to extract information from companies while at the same time monitoring the response to those attacks.  Humans can enable cyber attacks in many ways that make them far more damaging.  In fact the most feared type of data theft if one where a trusted insider moves data.  With modern high capacity thumb drives large quantities of data can be moved in moments.

I just read an article by an authoritative source on this topic, Michelle Van Cleave.  Michelle served as the hed of U.S. counterintelligence from July 2003 through March 2006 and was in a position to observe firsthand some of the damage being done by foreign spies.  The article outlines examples and gives a firsthand account of some of the challenges we face in this area.  It concludes with:

How important is all of this, really? Cynics will scoff and say, “There
will always be spies.” But I have read the file drawers full of damage
assessments; I have catalogued the enormous losses in lives, treasure
and crucial secrets that foreign intelligence work has caused. The
memory of what’s in those files — and the thought of the people and
the operations still in harm’s way — can keep me awake at night.

So we have to choose. We can handle these threats piecemeal, or we
can pull together a strategic program — one team, one plan, one goal
– to reduce the overall danger. We can chase individual spies case by
case, or we can target the services that send them here. The next
devastating spy case is just around the bend. I fear that when it
comes, we will all ask ourselves why we didn’t stop it. I suspect I
already know the answer.

I recommend this article to all, especially enterprise technologists.  If you are a CTO, a CISO, a CISO it is especially important for you to understand the nature of the threat to your systems and to your intellectual property.  If you are a citizen it is important for you to know as well.  We must collectively address this challenge to our intellectual property and to our economic recovery.

You may also like -

Cyberwar? What Cyberwar?Beer, Bikinis, and Insider HacksCrucialPointLLCU.S. says China, Russia active in cyber espionageCrucialPointLLC

If you are a technologist, please take a moment to download the PDF of the report by the U.S. Commission on Cybersecurity.  This report, titled Securing Cyberspace for the 44th Presidency, is the best proclamation of the challenges of cyber I have read.  It is also a roadmap that will help any trying to navigate these very tough issues.

I’ve been involved in things cyber for a long time.  My deepest
involvement began in December 1998, almost 10 years ago to the day.  In all that time I’ve seen lots of studies and lots of papers and many treatments of the issues.  But I’ve never seen one that captures the complexities and the need for specific actions as well as this one.

I’d really recommend you read every word, if you want to be considered literate in this field.   But if it will be a little while till you get to it, here are some key points:

The three major findings are:  1) Cybersecurity is now a major national security problem for the U.S., 2) Decisions and actins must respect privacy and civil liberties, and 3) only a comprehensive national security strategy that embraces both the domestic and international  aspects of cybersecurity will make us more secure.

The report makes a few points about the Bush Administration’s Comprehensive National Cybersecurity Initiative (CNCI).  In general the give credit to that initiative, and call it good.  I agree, it is a great activity I’ve previously written about that is led by one of the most effective people in government today and has done great work.  But as the commission points out, the work of the CNCI is good but not sufficient.

The biggest shock for me in this study:  The amount of funding on R&D for cyber security.  I have been looking into the many activities underway, and maybe that look made me deceive myself into thinking it was a well funded effort.  According to the comission, however, they estimate that the total R&D funding in the federal government for cybersecurity is about $300million.  Less than two-tenths of one percent of the total federal R&D.

The report has a great section on identity manangement.

I am convinced the organizational approaches outlined in the study are the right ones as well.  There is only one place in our government where we can lead solutions to this challenge.  Where is that?  Hey read the report!

What else do I recommend CTOs do besides read the report?  I think one way we can all help the cybersecurity effort is to think through which standards bodies are the most important to engage with regarding security.   A few are here:
http://ctovision.com/2008/05/standards-organizations-ctos-should-track/

You may also like -

Cyberwar? What Cyberwar?Enterprise Technology Developments in 2010 and 2011Privacy, Security, Functionality and Enhanced Benefits of Free CommerceRedesign of CTOlabs.comIf You Could Pick One Thing For Congress To Do Regarding CyberSecurity, What ...CrucialPointLLCCyberattack as Covert ActionCrucialPointLLCJoin Cloudera and Carahsoft for Big Data Success in GovernmentCrucialPointLLC