Inside Cyber Warfare

One year ago, the buzz across the government/technology nexus was focused on a pair of political guessing games. Neophytes mostly engaged in debating over whom the newly-elected President would name to be the nation’s first Chief Technology Officer. Grizzled Pentagon veterans and the more sober Silicon Valley types wondered instead who would get the nod as President Obama’s “Cyber Czar.”

Continue reading →

The Purple History of Intelink

When I first began talking with DIA CIO Mike Pflueger and Deputy CIO Mark Greer in the fall of 2003 about the work I’d be doing with them inside government, most of the ideas were big ones: let’s re-architect the DoDIIS enterprise, let’s find and deploy revolutionary new analytical software. One of our thoughts was a little one, but for me personally it turned out to be a most valuable project. They let me pull together a panel for the upcoming 2004 DoDIIS Conference called “Geeks and Geezers,” featuring some of the grand old names of intelligence technology. The panel was a success, and in organizing it, I spent quite a bit of time talking to those giants, or should I say listening to them. I learned an enormous amount about “the early days.” This post describes the important work of one of those fellows. 

Continue reading →

San Francisco’s Wild and Wacky World of Technology

Fact: San Francisco’s municipal IT continues to self-destruct, according to new reports this weekend.  According to an IDG story (San Francisco hunts for mystery device on city network), “With costs related to a rogue network administrator’s hijacking of the city’s network now estimated at $1 million, city officials say they are searching for a mysterious networking device hidden somewhere on the network. The device, referred to as a terminal server in court documents, appears to be a router that was installed to provide remote access to the city’s Fiber WAN network, which connects municipal computer and telecommunication systems throughout the city. City officials haven’t been able to log in to the device, however, because they do not have the username and password. In fact, the city’s Department of Telecommunications and Information Services (DTIS) isn’t even certain where the device is located, court filings state.”

Continue reading →

IPsec, IPv6, and Security at Your House

Just had a great meeting in Redmond introducing some government friends to Steve Riley, one of Microsoft’s “technical evangelists” on security – network, app, data security and most of all, IP security.  He’s great at the big-picture integrated view of security, including physical security right up through the IP stack – here’s a video of a recent talk he gave at Microsoft’s TechNet called “The Fortified Data Center in Your Future.”

Check out his blog and you’ll see the kind of topics he works on; just one example of obvious value is a recent post full of real-world down-to-earth security advice for securing your environment at home (home networking, email use, internet browsing, etc for family and friends).

Oh, he’s also been on Twitter for almost a month now, where he mixes interesting finds on security news with offbeat political commentary 🙂  Yet another example of some of the bright people I meet back at the mothership in Redmond….

Email this post to a friend

Microsoft May Have a Killer Cloud App – Live Mesh

Got a technical briefing on Live Mesh today in Redmond, and I’m impressed – particularly by the demonstrated commitment to interoperability through adhering to web standards – and the very cool Live Desktop giving you remote access to all your files and folders from any device (work computer, home laptop, mobile phone) with  the new Microsoft Device Connectivity Service.

This is what will bring Cloud Computing down to earth.

Continue reading →

A Roadmap for Innovation – from Center or the Edge?

Fact:   In marking its five-year anniversary earlier this month, the Department of Homeland Security released a fact sheet touting the department’s accomplishments in that time, including “establish[ing] the Computer Emergency Readiness Team (US-CERT) to provide a 24-hour watch, warning, and response operations center, which in 2007 issued over 200 actionable alerts on cyber security vulnerabilities or incidents. US-CERT developed the EINSTEIN intrusion detection program, which collects, analyzes, and shares computer security information across the federal civilian government. EINSTEIN is currently deployed at 15 federal agencies, including DHS, and plans are in place to expand the program to all federal departments and agencies.”

Analysis:  I’m not going to write, in this post at least, about US-CERT and EINSTEIN in particular. I will point out that some writers have been skeptical of “Big DHS” progress on cyber security up to now, and the anniversary was an occasion for much cynical commentary. 

Charles Cooper in his popular Coop’s Corner blog on CNet wrote that “when it comes to network security, DHS appears to be more of a wet noodle than even its sharpest critics assumed… Talk with security consultants and former government officials involved with DHS and you come away wondering what these folks do all day.”

Continue reading →