Politics and IT

Cybersecurity initiatives require education, shared knowledge

Cybersecurity initiatives aren’t about just you, the CIO, or your organization. And because of that, the solutions shouldn’t come solely from you, but from shared knowledge from all sectors.The same model applies to the U.S. government’s approach to cybersecurity initiatives. The Center for Strategic and International Studies’ Commission on Cybersecurity for the 44th Presidency, a panel formed in August 2007 “after the United States suffered a wave of damaging attacks in cyberspace,” recommends that incoming President Barack Obama should establish a new White House office and appoint a presidential assistant to oversee a “comprehensive national security strategy for cyberspace,” CNN is reporting.

As we noted last week, 2008 has been a very spammy year, with threats targeting social networking sites. The cybersecurity report takes the spectre of these threats even further, stating that cybersecurity is one of the major national security problems facing the U.S. and “all the tools of U.S. power” - diplomatic, intelligence, military and economic - are needed to deal with cybersecurity, CNN reports.

Some of the recommendations with regard to national cybersecurity should sound very familiar to enterprise CIOs charged with overseeing cybersecurity protocols in their organizations. For instance, the report recommends “requiring better authentication” of digital identities and limiting government purchasing to secure products and services. Research, training and education should also be expanded, the report says.

The lesson here? Your cybersecurity insights and experiences carry far beyond your individuals organizations’ walls. Share your cybersecurity stories and solutions with others. You can start by clicking the “comments” link below! 

Electronic-discovery worries may lead to BlackBerry blackout for Obama

See, maybe we all shouldn’t have been so down on John McCain for acknowledging that he didn’t know how to send an email – apparently, it’s something presidents don’t do, thanks to electronic-discovery concerns. According to CNN.com, in taking his oath for office, President-elect Barack Obama is unlikely to carry his BlackBerry, and will probably not send an email for (at least) four years.

That’s because, according to the article, the president’s emails, whether personal or for business, are subject to a subpoena at any time and could be considered public records. Neither Bill Clinton nor George W. Bush emailed while they were in office, CNN reports.

“It’s all discoverable; it creates a trail that might end up in congressional investigators’ hands,” said Clinton press secretary Mike McCurry in the CNN article. If you want to delete White House email, you get a stern warning about archiving presidential records, he said.

Now, I’ll ignore the fact that CNN’s fact checker apparently missed a beat with this article (toward the bottom, there’s a psychology professor quoted from Keene State University, but it should be Keene State College – that’s my hometown). But I’m still kind of baffled and left at a loss with this whole issue. Naturally, the president wouldn’t want his private emails out there for the world to see. But am I the only one who thinks that there must be some better solution than the chief executive of the country living without email?

There’s a reason that email is so ubiquitous in the business world: It allows for communication across geography and time-zone differences. It can provide useful information more quickly and efficiently to a range of people, and certainly increases productivity, in my view. Shouldn’t the chief executive of a 300-million person “corporation” have access to the same tools on which other top executives rely, especially when he’s clearly already a “CrackBerry” addict?

Maybe the answer is to give Obama “read-only” access to his email. That way, he can feel in the loop without ever typing a sentence or hitting “send.” What would you suggest, given his current “BlackBerry blackout” predicament?

It’s up to Obama whether he keeps using email, of course – he’s the president, and I don’t think anybody can command him not to send an email. I’ll be curious to see which way he goes, and whether he feels more or less productive as a result.

Obama administration: Internet rogues need not apply

Correct me if I’m wrong, but I imagine neither you nor I will be working for President-elect Barack Obama’s administration in any high-ranking official position (that is, unless any of you intend to pursue the Chief Technology Officer job we’ve heard so much about).

But that shouldn’t stop us from gawking at the seven-page questionnaire one must fill out to apply for a top job in the Obama administration, according to a New York Times report. It also raises an interesting question for CIOs: To what extent do you keep track of your employees’ outside-of-work online presence? 

The Obama questionnaire asks whether the applicant and his/her spouse or immediate family members have been affiliated with Fannie Mae, Freddie Mac, American International Group, Washington Mutual or any other institutions receiving a government bailout, the Times reports. It questions the immigration status of applicants’ housekeepers, nannies, chauffeurs and yard-workers, and whether the applicant has paid the required taxes for household employees. It even asks about diary entries that could be potentially harmful to Obama if they were to get out.

And here’s the tech angle: Applicants must include any email “that might embarrass the president-elect,” along with any blog posts and links to their Facebook pages. The application also asks people to “please list all aliases or ‘handles’ you have used to communicate on the Internet.”

It’s a good thing I don’t plan on joining Obama’s cabinet any time soon, because I don’t even know where to start. Sure, Obama, you can view my Facebook page, but don’t ask me to be responsible for some of the acronyms my friends might leave on my “Wall.” All of my online “handles”? I know I often use derivations of my first name, last name and favorite numbers, but I couldn’t list them all for you. Embarrassing emails? Define embarrassing. I think we all correspond with friends over things that could be personally embarrassing to us if they got out, but does Obama care that I’m embarrassed that I ate all of my dinner and half of my friend’s meal too?

Yes, I’m being a bit facetious here. Like many people, I try to stay on top of my online “image” through Google searches and Facebook-page culling. And I haven’t documented any criminal activity in blogs or emails, as far as I’m aware. But it does raise the question of what red flags the Obama campaign will be searching for.

The Times article rightly points out that applications for high-ranking government posts always evolve over time and adjust to new technologies. But I think this degree of thoroughness is specific not only to the times, but also to Obama, whose tech-savvy campaign should now be considered a bellwether. He appears to understand not only the positive attributes of the Internet - the way it can bring people together and build communities - but also the why-did-I-write-that? faux pas it documents and preserves.

Democracy via technology: Obama and the power of Web 2.0

I know I’m not alone in believing that it’s been fascinating to watch this year’s presidential election from a technology perspective. I have to keep up on Web-based advances as part of my job, but the Internet, obviously, is becoming very integral to the way my generation interacts with and learns about the world. When we at SearchCIO.com talk to CIOs about the power of Web 2.0 (and even Web 3.0), the Obama campaign should now be considered a bellwether for the movement.

As The New York Times pointed out, “the Obama campaign sought to understand and harness the Internet (and other forms of so-called new media) to organize supporters and to reach voters who no longer rely primarily on information from newspapers and television. The platforms included YouTube, which did not exist in 2004, and the cell phone text messages that the campaign was sending out to supporters on Monday to remind them to vote.”

And, according to Newsweek, “the Obama campaign’s New Media experts created a computer program that would allow a “flusher” - the term for a volunteer who rounds up nonvoters on Election Day - to know exactly who had, and had not, voted in real time. They dubbed it Project Houdini, because of the way names disappear off the list instantly once people are identified as they wait in line at their local polling station.”

I know I’m convinced by what I witnessed Tuesday. On Facebook, nearly everybody I know had status updates alluding to the election, many of them proclaiming proudly that they had already voted. Facebook had a running app throughout the day tallying the number of Facebookers who said they voted, and it reached more than 5 million. It was even pointed out to me that some election-day freebies many people jumped on, such as free coffee at Starbucks and free ice cream at Ben & Jerry’s, were by and large promoted electronically.

This emphasis on democracy via technology continued throughout the day. I received several texts and emails from friends encouraging me to vote. When Obama’s victory was announced around 11 p.m. EST, another round of text messages streamed in. 

The Obama campaign really seized on the modes of communication that will propel Americans - and particularly young voters - into the future. According to The Guardian out of England, Facebook is more popular than the BBC’s network of sites. I couldn’t find a similar survey in America comparing Facebook with, say, CNN.com, but I wouldn’t be surprised to see similar results.

As the AP points out, there were only a few hundred websites in existence when Bill Clinton assumed the presidency in 1993, and hardly any blogs when George W. Bush became president in 2001. The world has changed, and with it, the electorate has, too. Never again can a viable presidential candidate ignore the power of the Internet in an election.

And, thankfully, we’ve got at least a couple of years before any of them will have to start thinking about it again.

The CIO, Obama and electronic health records

nbsp;SearchCIO.com senior news writer Linda Tucci wrote an excellent, layered story yesterday on electronic health records. “Privacy issues, interoperability issues, liability and physician reimbursement for all that extra virtual attention are potential deal breakers as the medical practice goes electronic,” she writes. “But most important, people have to understand why e-health is good for them.” 

Electronic health records are certainly a hot topic in the presidential campaign. Those of you who watched Tuesday’s town hall-style debate between Democratic candidate Barack Obama and Republican candidate John McCain heard Obama say that he would cut health care insurance premiums by as much as $2,500 a year by investing in prevention and improving electronic health records.

There are several news sources taking aim at Obama’s assumptions. The Washington Post explains that his campaign is relying on a 2005 study by nonprofit think tank Rand Corp., which estimated that the nationwide adoption of paperless health records would result in $77 billion in savings.

But the same study estimates that the shift wouldn’t be completed until 2019, after Obama (should he be elected) would be out of office. Furthermore, the Congressional Budget Office (CBO) has put out its own paper, “Evidence on the costs and benefits of health information technology,” which argues that a 90% adoption rate over the next decade is unlikely, as moving to a fully computerized system of medical records would be prohibitively expensive for small and medium-sized medical practices. In his blog, CBO Director Peter Orszag wrote that the RAND study “suffers from significant flaws.”

So Obama’s claim is a reach, at best. As we head into these final weeks leading up to the election, just stick to the facts, please.

Do any of you have experience implementing electronic health records and, if so, what is your view of the timeline and obstacles to a reliable, secure and widespread system?

Palin’s Yahoo! hack raises security concerns

In more Sarah Palin/IT news…maybe there’s a good reason for John McCain’s professed aversion to e-mail. He’s selected a more tech-savvy running mate, but she’s quickly become a poster child for some work-e-mail no-nos - and what can go wrong when using public-access mail servers for official business.

VP candidate Palin had her “gov.palin@yahoo.com” Yahoo! e-mail account hacked yesterday and some of its contents posted online. The group, which billed itself “Anonymous,” supposedly posted some of her private communications to expose what appeared to be her use of a personal account for government business. This included personal photos, the contents of several messages, the subject lines of dozens of e-mails and Palin’s e-mail contact list. 

Palin has been criticized for using a personal e-mail account to conduct state business. An Alaska activist has filed a Freedom of Information Act request seeking disclosure of e-mails from another Yahoo! account Palin used,  gov.sarah at yahoo.com.

Michael Allison, chief executive of the Internet Crimes Group, a private company specializing in Internet security, said the hackers may have accessed Palin’s account by using publicly available information to guess her password, or by using a program to capture her keystrokes. A hacker also might have sent a forged e-mail to her account tricking her into revealing her own password.

Of course, I must start by commenting on the immaturity of these hackers. You can dislike a candidate all you want, but don’t hack into his or her e-mail account. Apparently, it’s been known for months that Palin uses Yahoo! accounts to conduct government business. So what, really, do you accomplish by posting some apparently-innocuous messages online? If anything, it just drums up sympathy for Palin.

I’m left wondering: was there any good reason for Palin to be using Yahoo! for official business when she has a more properly secured e-mail address through her work? I don’t see it. Like most large organizations, I’m sure the Alaska state government must have a VPN or other such protocol in place to allow her to access her e-mail remotely. Would you be as brazen about transmitting business information as she has been? This strikes me as another example of Palin’s inexperience and/or overt flouting of the rules. I wonder if those in charge of IT at the White House are already having nightmares over the security snafus they may face if McCain and Palin are elected.

Here’s my bottom line: if Sarah Palin can’t be bothered to rely upon her secure, official e-mail address for conducting state government business, how can we feel confident that she’s going to properly protect information related to national security? I don’t want to live in fear that nuclear war codes are floating around through Yahoo!

Sarah Palin as CEO? Fiorina thinks not

What’s more difficult: being the CEO of a large IT company, or serving as president of the United States?

Appearing on a KTRS Radio show in St. Louis Tuesday, Carly Fiorina, the former Hewlett-Packard CEO turned John McCain economic advisor, was asked whether Sarah Palin could run her old company, and she responded “no.” Cue the headlines: “PALIN COULDN’T RUN A MAJOR COMPANY.”

“But that’s not what she’s running for,” Fiorina quickly added. “Running a corporation is a different set of things.”

In a follow-up interview, Fiorina jammed her foot in deeper qualified her remarks. “I don’t think John McCain could run a major corporation, I don’t think Barack Obama could run a major corporation, I don’t think Joe Biden could run a major corporation.”

And deeper.

“But, on the other hand, a major corporation is not the same as being the president or the vice president of the United States. It is a fallacy to suggest that the country is like a company. So, of course, to run a business, you have to have a lifetime of experience in business, but that’s not what Sarah Palin, John McCain, Joe Biden, or Barack Obama are doing.”

Triggering this query from the Obama campaign: “If John McCain’s top economic advisor doesn’t think he can run a corporation, how on Earth can he run the largest economy in the world in the midst of a financial crisis?”

Personally, I find it arrogant (not to mention incredibly dumb) to say that your candidate and his vice president couldn’t run a company when you’re asking people to vote with confidence that they can run an entire country. What was she thinking? Does she think being a CEO is more difficult than being president of the United States? Are different skills sets required for running a country and running a multibillion-dollar corporation?

I don’t have it out for Fiorina. I just think someone who was fired after a highly visible merger went sour, stock prices plummeted and thousands of employees were laid off should think twice making comments about who would and wouldn’t be qualified to run her former company — or the country. I personally don’t want John McCain or Sarah Palin trying to run a company — or our country — either, but Fiorina’s comments are like the kettle calling the pot black.

And, on that note, I wonder if Fiorina is the one behind McCain’s recent assertion that “the fundamentals of our economy are strong, but these are very, very difficult times.”

Yeah, tell it to Wall Street.

Boston Globe: Cognos contract with state “raises ethical issues”

News flash: The Boston Globe reports today that a representative of Cognos ULC, the business intelligence software maker, improperly offered a Massachusetts state official a job in 2006 when the company was pursuing a multi-million dollar contract with the state.

Globe reporter Andrea Estes and correspondent Stephen Kurkjian report that the job offer “could have violated the state’s conflict of interest law, which bars individuals from offering anything to a public office with the intent to influence an official act.”

The job offer is “another instance of Cognos appearing in the thick of questionable activity in pursuit of state business,” the story contends, pointing to a $13 million performance management software contract awarded to Cognos in 2007. The contract raised eyebrows after critics complained it was signed in haste, and it was subsequently revoked by Massachusetts Gov. Deval Patrick in March 2008.

The Globe reports that in the case of both contracts, dealmakers from Cognos, now owned by IBM, bragged about ties to Salvatore F. DiMasi, the powerful Speaker of the Massachusetts House of Representatives. DiMasi has denied having anything to do with either contract.

Joseph Lally, the Cognos rep who allegedly made the job offer on the 2006 contract, did not respond to requests for an interview from the Globe.

Negotiations on the state contracts occurred before the Canadian BI maker was bought by IBM. Big Blue spokesman Chris Andrews told us that IBM has no comment on the Globe story.