Contributing to Intelligence Innovation

Below are two ways to contribute to innovation in government, and specifically in intelligence matters. One is for you to consider, the other is a fun new path for me.

Continue reading →

Education for Information Security in a Connected World

Much of what I work on involves technologies which address information security and cyber security. So I have to ask, Who is training our next generation of technologists? And are those educators doing enough to focus on the dynamically changing demands of Information Security?

Those fundamental questions took me to Chicago recently, to take part in a roundtable discussion sponsored by DeVry University, “The Demand for Information Security in a Connected World.”

Continue reading →

Departure of the Pentagon CISO

I’ve had the good fortune to work with talented folks in my (short) time in Washington, since moving back East in 2002, particularly in the Intelligence Community and Department of Defense.  And one such fellow at DoD has been Bob Lentz, the outgoing deputy assistant secretary of Defense for information and identity assurance – the Chief Information Assurance Officer and equivalent to a private-sector CISO.

I gave an interview this afternoon to Federal News Radio (AM 1500 in the DC area, worldwide at www.FederalNewsRadio.com), on Bob’s tenure, and what will come next for DoD in the wake of his departure. You can read the news story about the interview here, or listen to the entire 15-minute interview as an mp3:

Shepherd interview on Federal News Radio, 10/13/2009

Continue reading →

The Cyber Trough of Disillusionment

I’ll call the moment: the cyber security field is now past its giddy buzzword peak.

Gartner is well known for preparing “hype cycle” analysis of technology sectors, as in their recent publication of the 2009 “Hype Cycle for Social Software.” That report got a lot of attention on Twitter and in blogs, naturally; social medians are nothing if not self-reflective regarding their community. I thought an interesting take was by an IBM developer, who compared the 2008 version against the new one, measuring the changes in predicted “time to maturity” for individual technologies, and thereby coming up with something like a measure of acceleration. By that measure, individual blogging and social search made the most rapid gains.

But I notice something missing on the full list of 79 Gartner hype cycle reports: there’s not one about “cyber security.”

Continue reading →

San Francisco’s Wild and Wacky World of Technology

Fact: San Francisco’s municipal IT continues to self-destruct, according to new reports this weekend.  According to an IDG story (San Francisco hunts for mystery device on city network), “With costs related to a rogue network administrator’s hijacking of the city’s network now estimated at $1 million, city officials say they are searching for a mysterious networking device hidden somewhere on the network. The device, referred to as a terminal server in court documents, appears to be a router that was installed to provide remote access to the city’s Fiber WAN network, which connects municipal computer and telecommunication systems throughout the city. City officials haven’t been able to log in to the device, however, because they do not have the username and password. In fact, the city’s Department of Telecommunications and Information Services (DTIS) isn’t even certain where the device is located, court filings state.”

Continue reading →

Google’s Argument to Enterprise IT: “Trust Us”

FACT:  Yesterday, Google’s Dave Girouard, VP of enterprise sales, gave a keynote speech on “The Evolution of Cloud Computing” at FOSE, a Washington trade-show focusing on federal government and military IT customers.  According to a Washington Post reporter’s blog account afterwards:

[Girouard said] “Google will have to do things differently” to work with defense and intelligence agencies, where data security and privacy are held to the tightest standards. But he argued that having information spread across hundreds of different servers is actually more secure than housing data on a few servers at a specific location. “Security is now more virtual than physical,” he said.

ANALYSIS:  The Google salesman (Girouard is VP of enterprise sales) was speaking at FOSE on the same day I made an April Fools blogpost featuring a lame “Cloud Computing” joke (see it here, come back when you stop laughing).  

This year I’m at FOSE as neither buyer nor speaker; the past couple of years I spoke at FOSE, as a DIA official, and I always enjoy walking the exhibit floor, plus I was curious about Girouard’s take on Google’s current move into the federal space.

To be honest I’ve met him before when he was with Virage and he’s a fine fellow, a good salesman.

The rhetoric of his main pitch, though, seems to be battling uphill, and I’m not sure he gets a nuanced distinction.

Continue reading →

A Roadmap for Innovation – from Center or the Edge?

Fact:   In marking its five-year anniversary earlier this month, the Department of Homeland Security released a fact sheet touting the department’s accomplishments in that time, including “establish[ing] the Computer Emergency Readiness Team (US-CERT) to provide a 24-hour watch, warning, and response operations center, which in 2007 issued over 200 actionable alerts on cyber security vulnerabilities or incidents. US-CERT developed the EINSTEIN intrusion detection program, which collects, analyzes, and shares computer security information across the federal civilian government. EINSTEIN is currently deployed at 15 federal agencies, including DHS, and plans are in place to expand the program to all federal departments and agencies.”

Analysis:  I’m not going to write, in this post at least, about US-CERT and EINSTEIN in particular. I will point out that some writers have been skeptical of “Big DHS” progress on cyber security up to now, and the anniversary was an occasion for much cynical commentary. 

Charles Cooper in his popular Coop’s Corner blog on CNet wrote that “when it comes to network security, DHS appears to be more of a wet noodle than even its sharpest critics assumed… Talk with security consultants and former government officials involved with DHS and you come away wondering what these folks do all day.”

Continue reading →

Expect Some “New Thinking” on Cyber Security…

FACT: Department of Homeland Security head Michael Chertoff last week: “I am pleased to announce my appointment of Rod Beckstrom as the first Director of the National Cyber Security Center. Rod will serve the department by coordinating cyber security efforts and improving situational awareness and information sharing across the federal government.”

ANALYSIS: There are people who think inside the box, those who think outside the box, and those who ask: What box?

Then there are “the anti-box people.”  They see the box, shove it on its side, stomp on it to squeeze it flat, and consign it to recycling where it belongs.

One of those kind of people is Rod Beckstrom, a well-known Silicon Valley successful entrepreneur and author. I knew him at Stanford, aeons ago, and like others recognized his leadership drive when he ran successfully for student body president, and he left with both a BA and MBA on the way to forming his first successful software startup.

I was surprised when I read last week that Rod is moving to Washington to take a high-level government job.

Continue reading →

Using Web 2.0 in a top-secret environment

Network World magazine has just posted a podcast interview which I recorded with editor Paul Desmond about a month ago, just after speaking at their “IT Roadmap” conference in December. The interview topic is “Using Web 2.0 tech in a top secret world,” and we discuss the DIA and Intelligence Community experience with social networks, wikis, and blogs.  We also discuss cloud computing, enterprise IT, SOA, IARPA, and the challenges of deploying secure software. Representative quote: “Intelligence analysts are much like ‘knowledge workers’ on Wall Street or in the media, they know what’s going on on the Internet, they know what they want, they know what they need, and it’s in the IT side’s interest to try and service them.”

At the end Paul was gracious enough to ask about my new role with Microsoft’s Institute for Advanced Technology in Governments. If your daily life has a 17-minute hole which you need to fill, then dim the lights, crank up the speakers, and mellow out to the Quiet Storm (I was using my NPR voice)….

Email this post to a friend