February 2009 • Volume 7 • Number 1
Cybersecurity Execs Get Obama's Support
 Cyber attacks on government computers rose 40% last year US-CERT reported on February 18. Yes, attacks are up; but so also up are government's efforts to thwart the bad guys. And now that government and industry cyber execs have a staunch ally in the White House, look for government to put the "pedal to the metal" to boost cyber security implementation and education.
President Obama took his first course of action on February 9, when he ordered a 60 day review of the nation’s cybersecurity to probe how federal agencies use technology to protect secrets and data.
According to the White House, this effort is being led by Melissa Hathaway, respected leader of the Comprehensive National Cybersecurity Initiative. She has the task of examining all the government plans, programs and activities to manage large amounts of data – including passport applications, tax records, personal tax returns and national security documents.
Pro-Active Cyber Execs
But government's cyber security efforts didn't start on January 20. And right now there are dedicated cyber security pros working hard every day to protect government networks and data. So, what are government agencies doing in the cybersecurity arena-- right now? And how is the private sector engaging with the government to put the clamps on the continuous barrage of attacks?
Government and industry leaders answered those questions and more during the recent Federal Executive Forum on Cybersecurity broadcast on Federal News Radio. The panel was moderated by Jim Flyzik of The Flyzik Group and included:
· Robert Carey, CIO, Department of Navy
· Rear Admiral Mike Brown, Deputy Assistant Secretary, Cyber Security and Communications at the National Protection Program Directorate, DHS
· Richard Hale, Chief Information Assurance Executive, DISA
· Lee Holcomb, VP for Strategic Initiatives, Lockheed Martin Information Systems and Global Services
· Robert Dix, VP Government Affairs, Juniper Networks
· William Billings, CISO, Microsoft Federal
During the hour long discussion, panelists discussed the current state of cybersecurity, challenges and priorities and gave their vision of the future. The articles below outline what they said.
Cyber Execs Have Big Roles, Big Responsibilities
If the government is going to clamp down on cyber crime, it is going to be due to the efforts of dedicated professionals from both the public and private sector.  Rear Admiral Mike Brown is the Deputy Assistant Secretary, Cyber Security and Communications at the National Protection Program Directorate at DHS. As the acting secretary for cybersecurity, Brown’s responsibilities largely deal with actual planning and execution of the nation's cyber initiative.
Brown said a significant example of progress that we’ve made has been the deployment of Einstein for DHS. He went on to say that with policies such as the National Infrastructure Protection Plan (NIPP) there has been significant progress made in the public/private partnership.
“What we’ve done is chip away at a lot of the challenges we had with respect to the sharing of information and the timeliness that it needed to be done, but we are not there yet. There’s still a lot of work,” Admiral Brown added, because “the one thing that we’ve learned is that all these things are interdependent. You can’t just do one without thinking about the others, so that adds an element of challenge to everything we do.”
Revving Up Cyber Drive
 The question now is how, not if. Cybersecurity is becoming more of a national priority with each passing day. For some this analysis of cyber security may be a new priority, but Federal Executive Forum government and industry panelists are not in that group.
Navy CIO Rob Carey is one of the high level Navy officials who have their eyes squarely on cyber for quite some time. Carey said the Navy is developing a road map which encompasses their investment strategy based on threats.
Cyber Progress Is Overcoming Challenges
Throughout government, agencies are expanding their efforts to close the doors to cyber attackers. But there are challenges both technical and cultural to success.
 At DOD great progress has been made on the notion that a single entity has to be in charge said DISA’s Richard Hale. “There isn’t time in the cyber business to have a discussion about who is in charge when the chips are down and so the department has been, has made good progress in defining US Strategic Command as the head operator of the information infrastructure in the department and having the operational responsibility flow from that. So that’s been good progress.”
On the technology side according to Hale, there has been great progress in identity and in trying to drive out anonymity in the networks.
“We were the early adopter in public infrastructure with our teaming with the DOD ID card people. We came up with a PKI credential and a hard token and that’s the model for PKI identity credentialing for the rest of the federal government now,” added Hale. “The reason I think we made progress there is that we are using this credential for everything now. It’s actually made life much easier, so it’s an example of security that’s made accessing information all over the department easier. You don’t have to remember passwords anymore.”
A Brighter Cyber Future
Government sites are prime targets for cyber attacks as the recent pilfering of some 45,000 FAA records demonstrates. Whenever something like that happens, the alarms go off with some forecasting a devastating “Digital Pearl Harbor”. While anything is possible, government defenses are growing stronger each day. So are we really safer? And what can we look forward to in the future?
 “I think if this question was asked a couple of years ago I think my answer would be much different than it is today,” said Microsoft’s William Billings. But because of the increased partnering between government and industry, “we are in a much better position than we were a couple of years ago and I think the scope of a digital Pearl Harbor is much less.” But Billings also warned that there is still a lot of work to be done to educate government and industry alike on how they can better protect themselves.
 Juniper’s Bob Dix added, “The one thing I believe that we need to continue to be building around is: to evolve and mature a joint operational capability between industry and government to address the threats, vulnerabilities, and consequences of cyber instances, whether they are man-made or the result of a natural disaster.”
 “If you look back eight or ten years we saw a lot of cyber attacks, they were visible, they stood out,” explained Lockheed Martin’s Lee Holcomb. “Today, you don’t see them standing out. I think the nature of the attack going forward as is going to be different.” Holcomb stressed that cybersecurity is a way of life. “It’s something that we are going to have to build into all our systems so that as our systems operate, and they are under attack, we can manage that risk and ensure mission success in the face of that risk.”
October 2008 • Volume 6 • Number 10
The Office of Horizontal Government
He calls his office the Office of Horizontal Government.
Kshemendra Paul is the Chief Architect at OMB. And he is leading the broad-based adoption and advancement of Service Oriented Architecture (SOA) capabilities throughout the federal government.
“I work in the Office of E-Government and Information Technology, but most days I think of it as the Office of Horizontal Government,” said Paul during the recent Federal Executive Forum on SOA.
Joining Paul on the Forum panel hosted by Jim Flyzik of the Flyzik Group, produced by the Trezza Media Group and broadcast on Federal News Radio were:
Vish Sankaran - Program Director, Federal Health Architecture, HHS
Scott Bernard - DCIO, Director of IT/ISSO, Federal Railroad Administration, DOT
Craig Muzilla - Vice President, Middleware Business Unit, Red Hat
Andy Hoskinson - Vice President & Partner, Technology Strategy and Consulting, Unisys Federal Systems
For Paul, a major challenge for government is moving from being a vertical organization – steeped in silos - to one that thinks and acts horizontally.
“We are organized by agencies, bureaus and programs. Money is appropriated that way, people grew up that way. Getting people to think across boundaries and being able to work across boundaries is really the key challenge.”
Read Full Article Watch Video
|
Breaking down silos is a major objective of Service Oriented Architecture (SOA).
SOA promises to help agencies rapidly reconfigure their business and more easily position IT resources to serve it. Through it they will improve business agility – through the sharing and reuse of infrastructure, services, information, and solutions. |
SOA: Health Care Enabler
SOA is at the heart of the health information exchange movement. The drive to electronic health records and the seamless sharing of patient information is on ongoing movement within the American healthcare community.
Even though the benefits are obvious, major challenges exist to make health information available online at the different stages of patient care. That’s why we should be cheering the efforts of dedicated professionals such as Vish Sankaran, the program director for Federal Health Architecture at HHS.
Read Full Article Watch Video
Establishing Common Ground
The goal of the Practical Guide to Federal Service-Oriented Architecture is to provide government with a road map to implementing SOA and has been developed to meet the unique challenges the federal IT community has to address.
“The PGFSOA came out of a realization that SOA vocabulary, approaches, technologies, techniques are getting more mature,” said Kshemendra Paul Chief Architect at OMB. “But there are a lot of different approaches; there’s a lot of hype in the marketplace and a lot of things that are unique and not unique about the federal government,” explained Paul.
Read Full Article Watch Video
Governing Principles
Governance is the key ingredient of the Practical Guide to Federal Service Oriented Architecture. As with any horizontal movement, getting consensus from the many stakeholders is never easy. With SOA it is no different; there needs to be governance processes in place that allows stakeholder input, but at the same time moves the various layers of an organization towards a common destination.
“It’s a really crucial topic, an important topic for OMB especially in the E-Gov area,” declared Kshemendra Paul, Chief Architect at OMB.
Read Full Article Watch Video
SOA: Evolving Challenges
SOA is a good way to integrate the business data and application levels into that enterprise wide architecture. And there are a lot of mature best practices now on how to do SOA within the context of EA. But SOA faces a number of challenges as it moves from conceptual guidelines to practical mainstream use.
“One challenge is understanding the relationship between enterprise architecture and service oriented architecture and then using both of those to improve mission performance,” explained Scott Bernard, Deputy CIO at Transportation’s Federal Railroad Administration.
Read Full Article Watch Video
A SOA Future
Here's what the Forum's panel of experts had to say about the future of SOA.
Craig Muzilla, Vice President, Middleware Business Unit, Red Hat
“SOA is not new, it’s really a 20 year old concept, but I think the time is right, the time is appropriate for it to really make an impact on the world in terms of how it operates.
Because of SOA, you’ll see a lot more dynamic processes among agencies and businesses; you’ll see a lot more technology independence; and you’ll see a lot more collaboration. The concept, to give an example, in health care of a common patient record freely available is possible. I think you will begin to see that now because of this trend and I think it will have great benefits for everyone.”
Scott Bernard, DCIO, Director of IT/ISSO, Federal Railroad Administration, DOT
“I think SOA will continue to mature as a best practice both in driving a reorientation in thinking from programs and systems to services, as well as standards and products being harmonized more towards those services that are important to the agencies.
And the other thing is that EA as the overarching piece of governance is here to stay. Because as I said, I’ve lived through those bad old days when we had programs that were fighting for resources, systems that were duplicating functions, and we don’t want to go back to that.
EA is here to stay and it’s about much more than IT. It’s about strategy, business and technology planning, being integrated, the architecture being used and really EA is for CEOs I think as we move forward, and that’s an exciting proposition.”
Andy Hoskinson, Vice President & Partner, Technology Strategy and Consulting, Unisys Federal Systems
“I think a specific benefit that we will see in the next couple of years with SOA -- that will be huge and very popular with citizens -- will be more streamlined data collection that is more user friendly.
And (you’ll see) better interagency information sharing. For example now if you go to the IRS you provide data, you fill out a lengthy form; you go to the Social Security Agency, you fill out a lengthy form. You provide a lot of the same kind of identity and profile information using different forms to different agencies. It takes a long time for citizens to fill out; and introduces the possibility of data collection errors.
I think what we are going to see with the successful implementation of SOA governmentwide; we’ll get to a place where a citizen might provide their profile in one spot and with the click of a mouse, the click of a button, decide which agency they want to submit it to depending on the particular activity they are performing.”
Kshemendra Paul, Chief Architect, OMB
“Well with the Federal Enterprise Architecture, what we are starting to see now is that there’s a maturity. We are seeing in the agencies, in the bureaus and the programs some of the different successes we’ve been talking about. We are starting to see a bottom-up target architecture start to coalesce, cross cutting segments like health IT or counter terrorism information sharing.
That view is becoming increasingly structured and allows us to provide feedback to the agencies on specific opportunities for collaboration. The original vision when this was started was something like this. You go back to the Quicksilver; the lines of business initiatives were done. What we are able to do now is to inform those kinds of analyses and activities with specific opportunities for collaboration and then drive that through the federal enterprise architecture.
I mentioned earlier the Federal Transition Framework. That becomes a key repository for that collaboration and reuse. It becomes the kind of thing where as agencies start what they are doing they are able to share architectures, share architectures around business services around enterprise service segments, for example identity management, or core mission segments like health IT. We are able to do that at plan time and to get to a coherent plan through the Federal Enterprise Architecture.”
Learn more about SOA. Go to www.egov.gov and www.CIO.gov. For information sharing activities go to www.NIEM.gov.
What The PFGSOA Says
Here is what The Practical Guide To Service Oriented Architecture (PGFSOA) has to say about the challenges SOA faces.
The process of reconciling the Enterprise Architecture’s IT services portfolio, both intra-agency and cross-agency, frequently results in conflict when two or more programs have an interest in a given service type. Conflict is, in part, due to a lack of an enterprise-wide SOA framework and may be grouped into at least four major challenge categories (politics aside):
1. Lack of an operational or target model for federal enterprise-wide SOA environment;
2. Lack of understanding and experience in implementing SOA at the agency/department-level;
3. Lack of procedures/guidance for consuming enterprise services in lieu of local services; and
4. Lack of operational services management; particularly for cross-agency services once implemented.
Source: From the Practical Guide For Service Oriented Architecture, June 30, 2008.
Read More Exerpts
September 2008 • Volume 6 • Number 9
It’s About Saving Lives
 “We have to remember that at the end of the day it’s about saving lives,” said Dr. David Boyd, Director, Command, Control and Interoperability,Science and Technology (S&T) Directorate at the Department of Homeland Security.
According to DHS, through a practitioner-driven approach, "the S&T creates and deploys information resources—standards, frameworks, tools, and technologies—to enable seamless and secure interactions among homeland security stakeholders. With its Federal partners, CID is working to strengthen capabilities to communicate, share, visualize, analyze, and protect information."
Dr. Boyd was talking about the critical importance of the role interoperable communications plays for first responders, law enforcement and medical personnel each and every day – and how they can make the difference in life and death situations.
Dr. Boyd made his comments during the Federal Executive Forum on Interoperability broadcast on Federal News Radio and produced by the Trezza Media Group. Watch/Listen
Joining Dr. Boyd on the panel hosted by Jim Flyzik of the Flyzik Group were:
• Kent Holtgrewe, Deputy CIO for Policy and Planning, Department of Justice
• Paige Atkins, Director, Defense Spectrum Organization, DISA
• James Ransome, Ph.D., CISSP, CISM, Senior Director, Secure Unified Wireless and Mobility Solutions Corporate Security Programs and Global Government Solutions, Cisco Systems, Inc.
Listen and Learn
 When asked what the major challenges to be overcome are, DHS' Dr. David Boyd was quick to point out that as recently as 9/11 there were no effective communications capabilities between state and local first responders – and between S&L responders and the federal government either. Since that time there have been great strides, but much work needs to be done in the areas of funding, listening and technology. Watch Video Read More
No Silver Bullet
 Paige Atkins, Director of Spectrum Management at DISA said that interoperability has been on DISA’s plate for what seems like forever. But like Dr. Boyd, Atkins says technology is not the issue, it is policy and the planning, coordination processes. And even though there are a number of technologies that are in play, not one is a “silver bullet”. Watch Video Read More
Driven From The Ground Up
 Saying that there is “no one size fits all solution”, Justices’ Kent Holtgrewe talked about the advances in partnerships with state and local official due to several successful initiatives such as the 25 Cities Program and the Integrated Wireless Network (IWN). Watch Video Read More
DHS Demonstrates Interoperability Among Incompatible Communications Systems
On August 27 in Washington, DC the DHS Science and Technology (S&T) Directorate demonstrated how to connect existing wireless radio systems with advanced broadband technologies, such as laptops and smart phones.
In addition to traditional, hand-held or vehicle-mounted radios, emergency responders are increasingly using separate, wireless broadband systems to communicate. Wireless broadband services are often supplied by a commercial cellular service provider.
Because the radio and broadband systems serve specific and different needs, they were not designed to communicate with each other. The lack of interoperability between these two systems may compromise emergency response operations when responders using a broadband system are unable to communicate with responders using a radio system.
“The ROW-B pilot represents an important milestone in our efforts to advance interoperability progress,” said Dr. David Boyd, Director of S&T’s Command, Control and Interoperability Division. “The capability to communicate among radio and broadband system users will significantly improve emergency response operations by allowing non-radio users to communicate with response units in the field.”
During July-August 2008, the ROW-B pilot connected OCTO’s existing land mobile radio system—wireless radio systems that are either hand-held or mounted in vehicles—with broadband devices using the Bridging Systems Interface. This will allow a single user to reach multiple users through talk groups on a city-operated 700MHz broadband network.
By allowing users to create talk groups in real-time, this technology saves critical response time. ROW-B also will use Geographic Information System (GIS) technology to identify the location of other vehicles, equipment, and responders. GIS databases display these locations on maps that include important information such as roads, buildings, and fire hydrants—enabling emergency responders to access the locations of critical resources, and to form dynamic talk groups based on proximity.
Learn more at www.dhs.gov.
Source: DHS
DHS Releases National Emergency Communications Plan (NCEP)
On July 31, 2008, DHS released the National Emergency Communications Plan (NECP) to address gaps and determine solutions so that emergency response personnel at all levels of government and across all disciplines can communicate as needed, on demand, and as authorized. The NECP is the nation's first strategic plan to improve emergency response communications, and complements overarching homeland security and emergency communications legislation, strategies and initiatives.
"This is a comprehensive plan designed to drive measurable and sustainable improvements to operable and interoperable emergency communications nationwide over the next three years. It emphasizes the human element and cross-jurisdictional cooperation, going beyond simply buying new equipment," said Homeland Security Under Secretary Robert Jamison. "We have recently approved Statewide Communication Interoperability Plans for all 56 states and territories. Aligning these plans with the NECP will move emergency communications forward and further promote a coordinated nationwide strategy."
The NECP defines three goals that establish a minimum level of interoperable communications and a deadline for federal, state, local and tribal authorities:
- By 2010, 90 percent of all high-risk urban areas designated within the Urban Areas Security Initiative (UASI) can demonstrate response-level emergency communications within one hour for routine events involving multiple jurisdictions and agencies.
- By 2011, 75 percent of non-UASI jurisdictions can demonstrate response-level emergency communications within one hour for routine events involving multiple jurisdictions and agencies.
- By 2013, 75 percent of all jurisdictions can demonstrate response-level emergency communications within three hours of a significant event, as outlined in the department's national planning scenarios.
The NECP enhances governance, planning, technology, training and exercises, and disaster communications capabilities with recommendations and milestones for emergency responders and relevant government officials. It is designed to drive measurable and sustainable improvements over the next five years consistent with the: National Response Framework; National Incident Management System; National Preparedness Guidelines; and Target Capabilities List. NECP goals, along with these other department strategies, will improve nationwide response efforts and bolster situational awareness, information sharing and command and control operations.
The department's Office of Emergency Communications developed the NECP in cooperation with more than 150 public and private sector emergency communications officials. The department's new Interoperable Emergency Communications Grant Program will further enable states to align their plans with the NECP.
Download the plan at: www.dhs.gov/xlibrary/assets/national_emergency_communications_plan.pdf
Source: DHS
The Integrated Wireless Network (IWN)
The Departments of Justice, Treasury and Homeland Security (DHS) operate a wide variety of communications systems for their law enforcement and protective personnel. These legacy systems have been plagued with problems in recent years, including aged and antiquated technology; insufficient/inadequate communications coverage for today's operations; and channel crowding and congestion/lack of capacity, among other issues.
Justice, Treasury and DHS law enforcement and protective personnel perform varying and complementary types of missions. These operations are made more effective, efficient, and safe through the use of tactical communications. Law enforcement and protective operations require near-instant communication availability and system response, highly reliable communications during emergency or crisis conditions, physical and encryption security features that minimize interception of sensitive communications, convenience, and ease of operation. Operations, at times, also require wide area communication capabilities to coordinate and inform agents executing fast paced situations and investigations.
To meet these challenges, the current IWN design is based on a very high frequency (VHF), Project 25 trunked system utilizing a packet switched Internet Protocol (IP) backbone. Additionally, the system design provides for encrypted communications (Advanced Encryption Standard [AES]). The network presently is based on land mobile radio (LMR) services, and may be complemented by commercial wireless service solutions. In addition, the IWN will be designed to facilitate interoperability with other federal, state and local public safety partners.
Justice, Treasury and DHS personnel represent the majority of law enforcement personnel within the Federal Government and are responsible for fulfilling numerous duties related to national law enforcement, protective missions, and homeland security missions. Each of the components and bureaus has specific operational groups that support a consolidated set of common and unique missions. These job functions and a broad range of user requirements form the basis of the IWN functional requirements on which the high level system design is predicated.
In general, the missions of Justice, Treasury and DHS can be characterized into three categories-1) day-to-day, 2) task force, and 3) special events. Day-to-day operations are law enforcement and protective activities performed by the components and bureaus on a routine basis. Task force operations are joint law enforcement activities that involve multiple components or bureaus. Special events are operations initiated for specific purposes, and range from protective operations (e.g., Olympics) to emergency, mutual-aid responses (e.g., natural disasters, terrorist attacks).
The IWN will deliver the wireless communications services required by agents and officers to support their varied missions. Under the IWN, the requirements of the components and bureaus are used to drive the development of a consolidated system that supports the mission operations of DHS, Justice and Treasury. Development of the IWN will include LMR and commercial services that effectively and efficiently support Justice, Treasury and DHS missions, foster interoperability, allow resource consolidation, and maintain component and bureau control of operations.
Learn more at: www.usdoj.gov/jmd/iwn/
Source: Department of Justice
May 18, 2007 • Volume 5 • Number 5
|
FEDERAL EXECUTIVE FORUM SPECIAL ISSUE ON
IPv6 |
"Imagine This" Applications To Soar With IPv6!
 For the dreamer, the Internet has always been about, "Imagine This". Well there will be plenty of room for dreamers to dream when the next generation IPv6 Internet comes fully online over the next decade.
For the Internet, it’s always been about having enough address space to do what you want. And if there’s one thing the next generation Internet has, it's IP addresses – about 340 trillion, trillion, trillion, trillion IP addresses according to the Education Department’s Peter Tseronis.
“There were 4.3 billion addresses the first time around for IPv4. Addresses go on a device so that it can communicate; so with more addresses there are more opportunities to communicate, to share data, to have global Internet mobility with “always on” devices,” says Tseronis “You’ll have mobile ad hoc networking, new methods of communicating whether it’s through a service or an application.”
That’s what it’s all about, explains Tseronis.
 Tseronis made his comments during the recently broadcast Federal Executive Forum on IPv6 airing on Federal News Radio and WFED 1050 AM in Washington, DC. Hosted by Jim Flyzik of The Flyzik Group, panelists discussed issues, challenges, security concerns and gave their vision of what an IPv6 future will hold.
John McManus, Deputy CIO and CTO, Department of Commerce
"I really look forward to having a small hand held device for email and to do real time video conferencing. I think from a business perspective that’s a huge value. I don’t have to have a desk top system and a laptop. I don’t have to have a PDA and a laptop. I get it down to a single device. I really think though that the consumer and the corporate world, that’s where we are going to see that growth first. And I think we are going to see that early in hand held devices."
Charlie Wisecarver, Deputy CIO, Department of State
"Diplomats have to be mobile. Now we’ve been able to do a certain amount of that with IPv4 but it’s really just not scalable. So that’s what we look forward to with IPv6. We are going to be able to take this to a much greater stage and have that diplomat, whether it be bilateral talks or out visiting an aid mission or they are in Santa Domingo or if they are in Bucharest or in Baghdad, we are going to be able to extend the tools and information that they need to make the right policy decisions and to support US policy and diplomacy overseas."
Fred Schobert, Networx Program Manager, GSA
"When you really look at what is our overall goal, well it’s to have a seamless, secure, interoperable government. What does that mean and how does IPv6 help? Well the benefits of IPv6 could be things like increased operational efficiency, improved security we’ve talked about, but also I think 2 of the keys are the mobility features it gives you with the additional addresses and the address auto configuration. So now you can have mobile platforms like police cars or soldiers in the field.
If you think about things like friendly fire, it’s new ways to give everybody an IP address and make them a known, make even on a battle field they can automatically be reconfigured in terms of the IP address to know where people are and people can certainly communicate with each other real time."
Tom Patterson, CEO & President, Command Information
"I’m not talking about 2008 or 2010 or some amorphous future, Command Information worked with Cisco and we built a solution for first responders so that with existing equipment that’s already v6 capable (phones and computers), when a fire truck and a police car that have never met each other before show up at a disaster and want to help they will automatically (after ID authentication) be able to share sensor data with the fire engine. Even if they’ve never met each other before and will never see each other again. Right then and there they can network together and they can work to save lives. You can’t do that with the old internet. You can do it with today’s internet. That means 2007."
David West, Director, Field Operations Federal Center of Excellence, CISCO
"Imagine first responders that quickly go to a building that are able to download the blueprints of that building, understand the status of the building, look at the building material, know what’s happening, understand the toxicity in the building. Imagine EMT folks walk in, police, FBI, other folks that want to communicate in that same first responder incident to be able to share information, to be able to collaborate seamlessly. Imagine as these first responders evacuate people to be able to send back critical information so that emergency response personnel, hospitals can react to that first responder in that crisis. That’s the vision of v6; to be able to do all those things and so much more."
|
IPv6 Special Issue Presented By
 |
One year later. It’s time to mark progress on IPv6.
 A year ago, the Federal Executive Forum presented one of the first top level discussions of IPv6 and it’s implications. Now, one year later, this Federal Executive Forum panel has reconvened to talk about successes and continuing challenges. Commerce’s John McManus is a leader on the IPv6 government transition committee. He has spent a good deal of his time extolling the virtues of IPv6.
“When we got together a year ago we were really in the early stages of moving out on IPv6 and over the last year we’ve really been focusing on communications, planning, and relationship building,” says McManus. Read More
Next Generation’s Four Challenges
 “Culturally people know what IPv6 is today,” states Education's Peter Tseronis.
“I’m known as the IPv6 guy at Education. I get the forwarded emails or what have you and the phone calls. People at least are talking about it. A year ago it was, what? And you say Internet is really known as IPv4 and people say what? Now I get it, IPv6 is the next generation.” For Tseronis, the Challenge 1 is culture. Change never comes easy, but he sees more IPv6 acceptance. Read More
Digital Pearl Harbor
 It seems like in the past with all new technologies come new vulnerabilities, said Jim Flyzik during the Federal Executive Forum on IPv6.
“Often times new technologies hit the market and then we are catching up later trying to get the security fixes in place because the so called ‘bad guys’ out there find ways to exploit new technologies. There are some concerns today about a digital Pearl Harbor or a terrorist attack taking down networks, attacking networks.”
The question is: will IPv6 improve security. Federal Executive Forum panelists weighed in on the issue. Read More
|
FEDERAL EXECUTIVE FORUM SPECIAL ISSUE ON
IPv6 | April 16, 2007 • Volume 5 • Number 4
True Information Sharing Requires A True Trust Relationship
 “There has to be a trust relationship across the board,” says Karen Evans, Administrator of E-Government and Information Technology at OMB.
Evans explains that “we are asking for agencies to put trust in other agencies to deliver services better than you can do it yourself in their areas of expertise.” For Information Sharing to be ultimately successful, changes are necessary because agencies are used to doing and providing services for themselves.
“The real challenge that I see is moving from the theoretical to the real implementation and operation,” declares Dr. Carter Morris, Director, Information Sharing & Knowledge Management Intelligence and Analysis at DHS.
 “You are talking about autonomy versus authority in many cases. How that affects your decision making and culture,” adds Dale Meyerrose, CIO at the Office of the Director of National Intelligence.
“When we make decisions about either systems or process or organization, we have to take into account those partners and stakeholders and users, if you will, because what we produce is not for ourselves, but for them as well.” According to Meyerrose giving up autonomy means taking other views into account before making a decision.
“That doesn’t necessarily mean that you give up authority. But giving up autonomy is key to collectively making us better for sharing information.”
Evans, Morris and Meyerrose made their comments during the Federal Executive Forum on Information and Intelligence Sharing broadcast on Federal News Radio. Read more about Challenges
One Year Anniversary
 The Federal Executive Forum on Information and Intelligence Sharing brought together the same government panelists who appeared one year earlier. During the program, the panelists talked about advances made during the previous year, challenges still to be overcome, outreach to the State and Local communities and their visions of the future.
The panel, moderated by Jim Flyzik of The Flyzik Group featured:
· Karen Evans, Administrator of E-Government and Information Technology, OMB
· Dale Meyerrose, CIO, Office of the Director of National Intelligence
· Vance Hitch, CIO, Department of Justice
· Zal Azmi, CIO, FBI
· Dr. Carter Morris, Director, Information Sharing & Knowledge Management Intelligence and Analysis, DHS
· Edward Vaccaro, Partner, Homeland Security, Federal Systems, Unisys
· Glenn Cruickshank, Senior Manager, Information Management Practice, BearingPoint
· Michael P Angelakis, President and Founder, Integration Technologies Group, Inc.
Progress Is The Most Important Product
 In just one short year, much has been accomplished in the Information Sharing arena according to the Forum’s government panelists.
“We’ve improved our models. We’ve expanded that to San Diego, St. Louis, Jacksonville, and in May we are going into LA and Texas with our R-DEx system, which is what we share with information consortia and Fusion Centers with,” says Vance Hitch, CIO at Justice. And we awarded a major contract just last month for N-DEx which is our national digital exchange that will be available to law enforcement no matter how small or large the city across the whole country. Read more about Progress
Sharing With Those Who Need It
 Essential to any Information Sharing effort is communicating with state and local governments and the private sector, which owns the vast majority of the nation’s infrastructure.
“Actually at the heart of this Information Sharing for the FBI is the Joint Terrorism Task Forces (JTTF),” says Zal Azmi, FBI CIO. “We have about 100 Joint Terrorism Task Forces throughout the country. That’s the central coordination for a lot of the information that we are dealing with.”
On the law enforcement side for Information Sharing, the FBI relies on law enforcement online, a sensitive, but unclassified network that has been in existence for many years and how the FBI actually collaborates with law enforcement partners. Read more about Sharing
Future Visions
 From the “need to know” to the “need to share” to now the “responsibility to provide” shows that the views on Information Sharing are changing rapidly. So, while the future for Information Sharing seems bright, by no means is it something that can be checked off as being done.
“We have a lot more work that needs to be done, because I don’t know that any of us will ever sit back, at least in my tenure, and say, “Gosh, we have completed everything and so we can close up shop and go home, says OMB’s Karen Evans. “This is a job that will be never ending and we need to do it because the American people are depending on us to do a good job in this area.” Read more about Future Visions
Roles and Responsibilities
 Each agency has a different role in Information and Intelligence Sharing.
For Dr. Carter Morris of DHS, Information Sharing was at the heart of the creation of the Homeland Security Act that created DHS.
“I have a focus that I believe we are doing. We are making sure that the information that DHS has from its operational and regulatory missions flows to the people who can use that information across the community,” explains Morris. Read more about Roles
The Private Sector Is Hard At Work
 Partnership with the private sector is a cornerstone of 21st century government. Without private sector expertise, government wouldn’t have Information Sharing technologies or tools.
Joining government leaders to discuss Information Sharing on the Federal Executive Forum were leaders from Unisys, BearingPoint and Integration Technologies Group – three organizations who are immersed in Information Sharing efforts. Read more about Private Sector Efforts
Fusion Centers
A Fusion Center is an effective and efficient mechanism to exchange information and intelligence, maximize resources, streamline operations, and improve the ability to fight crime and terrorism by merging data from a variety of sources. In addition, fusion centers are a conduit for implementing portions of the National Criminal Intelligence Sharing Plan (NCISP).'' Learn more at: http://www.it.ojp.gov/topic.jsp?topic_id=209
For more information on:
Information Sharing Environment Implementation Plan: http://www.ise.gov/docs/ise-impplan-200611.pdf
DHS Policy for Internal Information Exchange and Sharing: http://www.dhs.gov/xabout/laws/gc_1171048715234.shtm
FBI R-DEx Regional Data Exchange: http://www.fbi.gov/pressrel/pressrel05/niss062705.htm
FBI N-DEx National Data Exchange: http://www.fbi.gov/hq/cjisd/ndex/ndex_home.htm
March 30, 2007 • Volume 5 • Number 3
Secure Borders With Open Doors
" Over the next five years we will see the concept of securing our borders, yet at the same time providing open doors, really come to fruition,” said Frank Moss, State Department Deputy Assistant Secretary of Consular Affairs & Passport Services. “I think we are well on the way there already, but we still have some more work to do.”
“We can make our borders more secure and move them into the 21st century. But do so in a way that doesn't shut down the movement of people and goods across those borders. That has to be our overarching objective in this process,” Moss added.
Moss made his comments during the Federal Executive Forum recorded at the AFCEA Homeland Security Conference and broadcast on www.FederalNewsRadio.com. Listen To Audio/Watch Video
 Joining Moss on the panel: Keith Jones Deputy CIO, ICE-DHS; Lorraine Leithiser Deputy CIO, CBP-DHS; Bob Mocny, Acting Director of the US VISIT Program, DHS; Kathy Kraninger, Director of the Screening and Coordination Office, DHS; Liz Schmelzinger Secure Border Coordination Council Office, DHS.
Seamless Exchange Of Information
“We have to really see this being underpinned by a seamless exchange of information," explains Moss. “If you think about border security, it’s not just about what happens to the CBP officer at an inspection..." Read More
AFCEA 2008 HOMELAND SECURITY CONFERENCE
FEBRUARY 27-28, 2008
Ronald Reagan International Trade Center
Washington, DC
Mark Your Calendar. Make Your Plans To Attend Now. |
Lorraine Leithiser
, DHS on the Advanced Passenger Information System
"In addition to all of those things going on, we are also involved with the double letter big initiatives right now that are starting. There is something called, an enhancement to our APIS, our Advanced Passenger Information System. It includes a real time component called APIS quick query. It’s intended to prevent a non-cleared passenger from being issued a boarding pass at check in. This is something that we are doing in support of the 60 minute rule that will give aircraft operators a real time option to process passengers right up to final boarding."
Liz Schmelzinger, DHS on Educating the Congress and the Public
"Part of the challenge is educating both Congress and the public that Border Security is not simply a line on the border. A fence is not going to secure the United States. We really need to understand from a corporate systems perspective what it is that Border Security means to the country. Do they make sense? Are we making these jobs easier? At the end of the day if all we are doing is not making the job of those individuals easier to do then we are failing them and hopefully we are not doing that."
Keith Jones, DHS on the Immigration Life Cycle
"One of the things we are doing at ICE is making sure that we can really track that immigration life cycle. That is one of the biggest challenges that we have there; being able to track the entry of the person, and that tracks across DHS components and making sure that we can do that. We are improving our systems; making sure that they are complying and working closely with CBP and US VISIT and other DHS components including states and locals."
|
More Articles On Border Security |
DHS TRIP: One Stop Redress
 “We have stood up DHS TRIP as the one stop redress website," says Kathy Kraninger, DHS Director of the Screening and Coordination Office. “It’s fairly new, but the promise to the traveling public, international and domestic, is that when they apply for redress through DHS TRIP due to an adverse screening experience that they had as they were traveling, that they will get one answer back from the Department of Homeland Security.” Read More
10 Fingerprints Are Better Than 2
“The Number One goal is to advance security,” says Bob Mocny, Acting Director of the US VISIT program for DHS. That’s why the U.S. is transitioning to a system where all ten digits are fingerprinted, instead of two, which was the previous norm.
“With the 10 prints you get better accuracy, you are obviously getting more data that you can match more easily,” explains Mocny. “That may not be true for all but it is a feature of the matching process, so by moving to ten fingerprints you create a better accurate picture of that individual.” Read More
Biometrics For The World
The US VISIT program has been instrumental in introducing the concept of biometrics to the world. Fingerprinting and finger scans are just the beginning. Soon you are going to see a proliferation of biometric scans across the board, not just in border security but in the interior of the U.S. and active in ways that not thought about previously. Read More
The Electronic Passport
 The State Department is in the process of implementing border improvements including the US Electronic Passport and the Western Hemisphere Travel Initiative (WHTI).
“We really have one opportunity to do it right and we have to make certain it works right from the beginning,” says Frank Moss, State Department Deputy Assistant Secretary of Consular Affairs & Passport Services. As the program manager at the highest level for the US Electronic Passport issue, Moss has already come face to face with privacy concerns and its role in shaping policy. Read More
What is an e-Passport?
An e-Passport contains an electronic chip. The chip holds the same information that is printed on the passport's data page: the holder's name, date of birth, and other biographic information. An e-Passport also contains a biometric identifier. The United States requires that the chip contain a digital photograph of the holder. All e-Passports issued by Visa Waiver Program (VWP) countries and the United States have security features to prevent the unauthorized reading or "skimming" of data stored on the e-Passport chip.
Learn More About e-Passports at www.DHS.gov. Type in Electronic Passport in the Search Box on the top right.
DHS Traveler Redress Inquiry Program (DHS TRIP)
Filing a Complaint
The Department of Homeland Security’s Travel Redress Inquiry Program (DHS TRIP) is a single point of contact for individuals who have inquiries or seek resolution regarding difficulties they experienced during their travel screening at transportation hubs--like airports and train stations--or crossing U.S. borders, including:
· Denied or delayed airline boarding
· Denied or delayed entry into and exit from the U.S. at a port of entry or border checkpoint
· Continuously referred to additional (secondary) screening
Why DHS TRIP?
DHS TRIP is a central gateway to address watch list misidentification issues
· Situations where travelers believe they have faced screening problems at ports of entry
· Situations where travelers believe they have been unfairly or incorrectly delayed, denied boarding or identified for additional screening at our nation’s transportation hubs
DHS TRIP is part of an effort by the State Department and Homeland Security to welcome legitimate travelers while still securing our country from those who want to do us harm.
Learn more about DHS TRIP at www.DHS.gov. Type in DHS TRIP in the search box on the top right.
March 9, 2007 • Volume 5 • Number 2
Attack-Based Metrics; Guarding Against A Digital Pearl Harbor
 “We take a proactive view of the things that matter the most, what we call attack-based metrics,” says Dennis Heretick, Deputy CIO for Information Security at Justice. “They give you a chance to learn from experience what has been successful so at least you are mitigating those successful attacks first -- those things that would have that direct impact on the mission.”
Thwarting attacks are an everyday occurrence for cyber security professionals as they guard against a constant barrage of threats and avoid a "digital Pearl Harbor".
“We have a swat team approach at Justice,” declares Heretick. “We start with our cyber security assessment and management tool. It gives us a way to take the threats that we had and look specifically at the controls that mitigate those that have a direct impact on our mission.” The team then team then prioritizes those at the top versus those that don’t have a direct impact. More Heretick
 Heretick’s made his comments during the Federal Executive Forum on Cyber Security broadcast on Federal News Radio. Watch Video/Listen To Audio
Hosting the panel was Jim Flyzik, former CIO at Treasury. Joining Heretick from government were:
Dr. Ron Ross, Chief Computer Scientist, NIST
 “I think there’s a misconception that when you get all of your systems certified and accredited that everything’s OK. Then the next day you have a breach and then you wonder why it happened.” More Ross
Patti Titus, Chief Information Security Officer, TSA
 “One of the other challenges that we have which has been key to the success, it is a challenge, but it has been key to the success of TSA’s active security program, is we are a fully managed service organization. So our infrastructure is in that managed service environment.” More Titus
Phil Heneghan, CIO, USAID
 “What I found when we shifted that risk (to the business owners), the resource issues sort of started to go away. Because when the CFO was confronted with accepting these risks, or not, the money appeared to do that. It’s the same with all these other systems. So again you are driving the business people and they are ready to bring the money to the table to avoid accepting these risks.” More Heneghan
And from the private sector.
John McCumber, Vice President, Symantec
 “One of the other things that you’ll notice is in the last two years you haven’t seen the Washington Post or the New York Times publish a report on a wide-spread malicious code attack. It used to be something you’d see every six months. Now you see that has evolved and that the threat has evolved to become much more targeted. And you see that specifically in the empirical studies that we’ve done.”
Tim Kelleher Vice President, Enterprise Security Services, Federal Systems, Unisys Corporation
 “And there is unsubstantiated speculation that that MS blast worm actually had a lot to do with the root cause of the 2004 blackout that hit the north east US and Canada. And I think something of that scale fits into the category of a digital Pearl Harbor. So that’s one end of the spectrum that says it has already happened. Clearly if that’s true, it can happen again. We do need to be diligent.”
More Digital Pearl Harbor
The Final Word from Moderator Jim Flyzik
We need to reframe the conversations and talk about risk and risk management and the need for agencies both within their own agency or corporation as well as looking at those who are dependent on the supply chains those you are working with and can you trust those other entities.
I think identity management techniques and things like that come into play as well as RFID tagging and so forth which are a whole other set of subjects that we can talk about some day.
I also heard a lot of very positive comments about proactivity; trying to push this idea that we’ve got to be more proactive in addressing these cyber security issues and vulnerabilities and identifying and getting out in front so I think we also heard from the last question that it’s probably not feasible to identify every known vulnerability and threat because as the technology changes so do the vulnerabilities and so do the threats.
So in order to be in a position to adjust or react to a major threat we need to be in a situation where we have resilience in place or back up and contingency plans.
Read Full Transcript
The Final, Final Word from Dennis Heretick...
"Inside every old person is a young person wondering what the hell happened."
|
FEDERAL EXECUTIVE FORUM
SPECIAL ISSUE
CYBER SECURITY
Presented by |
|
 |  |
