December 23, 2012    /    by

After Newtown: Should Government Security Also Change?

As we head into the heart of the holiday season, our thoughts and prayers still turn towards the families and devastated communities following the horrible events in Newtown, Connecticut, on December 14, 2012.

As we head into the heart of the holiday season, our thoughts and prayers still turn towards the families and devastated communities following the horrible events in Newtown, Connecticut, on December 14, 2012.

As expressed so well in the comforting speech by President Obama, our hearts go out to everyone impacted. READ MORE

December 16, 2012    /    by

Defining a National Doctrine on Cybersecurity

Do we need such a national doctrine on cybersecurity? If so, what needs to be included? How will the rest of the world view this doctrine? Can a cyberdoctrine help guide our actions?

Our nation has developed a fairly long list of doctrines that have historically provided statements of what we believe and the principles by which we’re going to base our future actions. Two examples that come to mind are the Monroe Doctrine and the Reagan Doctrine, but there have been many others.  In addition, military doctrine has long provided a guide to national defense actions.

Do we need such a national doctrine on cybersecurity? If so, what needs to be included? How will the rest of the world view this doctrine? Can a cyberdoctrine help guide our actions? READ MORE

December 9, 2012    /    by

Cooperative Purchasing: WSCA Joining Forces with NASPO Makes a Powerful Contract Team

Ever since the Western States Contracting Alliance (WSCA) was formed in the October 1993 by the state purchasing directors from fifteen states, governments have been saving millions of dollars through cooperative purchasing.

Ever since the Western States Contracting Alliance (WSCA) was formed in the October 1993 by the state purchasing directors from fifteen states, governments have been saving millions of dollars through cooperative purchasing. By working together on developing contracts with a lead state, the savings can be huge. Joint purchases, on items such as laptop and desktop computers and much more, can ultimately save time and resources by working together with other like-minded government officials from around the country.

Many of these excellent contracting relationships and procurement opportunities have developed over the years at meetings held by the National Association of Purchasing Officers (NASPO). WSCA is now used by many states besides the initial fifteen members. For example, this chart shows over 50% savings on desktop PCs when you use the discounts from the “Premium Savings Packages” available to certain WSCA-participating states from numerous vendors. READ MORE

December 2, 2012    /    by

2012 Review: Most Significant Data Breaches

What were the top government data breaches in the USA in 2012 (so far)? It appears that this year will be remembered more for state and local breach headlines than for federal government breaches.

What were the top government data breaches in the USA in 2012 (so far)? It appears that this year will be remembered more for state and local breach headlines than for federal government breaches.

I’m starting off this blog with highlights from one of those “scary headline” articles that government technology leaders want their organizations to avoid. And yet, there is an ominous sense across the nation right now amongst security professionals. Most Chief Information Security Officers (CISOs) understand that there are more breaches to come in 2013. To some extent, the sentiment is: “I could be next.” READ MORE

November 26, 2012    /    by

Is BYOD Really Cheaper?

More and more companies and governments are implementing technology policies that allow their staff to bring your own device to work (or BYOD). But is BYOD really cheaper for governments?

More and more companies and governments are implementing technology policies that allow their staff to bring your own device to work (or BYOD). This means those shiny new Christmas presents, like iPads, iPhones and Droid-enabled devices can access company and government data. Some experts estimate that BYOD will become the predominant technology approach to access mobile apps in coming years – with almost 60% of offices already implementing some type of BYOD.

Recently, I covered some of the good, the bad and the ugly regarding BYOD in this presentation for auditors in Lansing, Michigan. But beyond the implementation headaches, security concerns and topics such as Mobile Device Management (MDM), there is an emerging debate surrounding a series of cost-saving statements and claims. READ MORE

November 19, 2012    /    by

My Best Advice After Petraeus Emails

Everyone is talking about the General David Petraeus scandal. But what I find most intriguing are the articles, blogs and opinions analyzing what all of this means for the rest of us who use technology with a special emphasis on redoubling efforts to protect email privacy. So here is my best advice.

Everyone is talking about the General David Petraeus scandal.  No matter where I’ve turned since the day after the election, from CNN to the BBC, from cable TV news to Hollywood gossip or from the office coffeepot chatter to Drudge headlines, inquiring minds want to know more.

The stories are all over the map. The women involved, the Congressional testimony, the General’s distinguished career, warnings telling us “don’t throw stones,” Saturday Night Live (SNL) videos, the lifestyles of four-star generals and even articles proclaiming Petraeus is a scapegoat. READ MORE

November 12, 2012    /    by

Introducing the Michigan Cyber Range

I'd like to introduce our new Michigan Cyber Range which was formally launched on Friday, November 9, 2012.

I’d like to introduce our new Michigan Cyber Range which was formally launched on Friday, November 9, 2012. But before I do, I’d like you to reflect on a few questions that we have been thinking long and hard about in Michigan over the past eighteen months.

With the “bad guys” getting better and America probably outgunned in cyber, where can business and government cybersecurity teams go to learn how to defend against complex cyber attacks? READ MORE

November 4, 2012    /    by

Security News Roundup: S.C. Breach, Possible Executive Order and Perhaps a Cyber Treaty

We currently have several important security stories and not much public attention.

We currently have several important security stories and not much public attention.  

As America prepares to vote in a pivotal presidential election on Tuesday, there have been several significant security stories recently. However, they are receiving minimal national attention. Between the coverage of Tropical Storm Sandy, pre-election rallies and the latest unemployment rate coverage, almost all security news has taken a back seat – unless you are talking about the September 11, 2012, Benghazi attack. READ MORE

October 31, 2012    /    by

Tropical Storm Sandy Slams Networks

The impact of Tropical Storm Sandy is being felt far and wide.

 

The impact of Tropical Storm Sandy is being felt far and wide. READ MORE

October 23, 2012    /    by

NASCIO and Deloitte Publish New 2012 Cybersecurity Survey for State Governments

Day 2 at the NASCIO annual meeting, and one hot topic is the new Cybersecurity survey results that were released this morning called

Day 2 at the NASCIO annual meeting, and one hot topic is the new Cybersecurity survey results that were released this morning called

 
Government Technology Magazine wrote a good summary of the security survey panel session which covered the report topic.
 
As I looked at the new survey results, I found several concerning trends that we didn't have time to discuss on the morning panel today. One of those trends was a reduction in vulnerability management implementations and less scanning of critical systems for vulnerabilities and malware. I am also concerned about the lack of trust that CISOs have in the level of expertise on their cybersecurity teams.
 
Another highlight was the majority of states reporting the same or less money for security programs at a time when the private sector is raising Cybersecurity budgets. A mismatch between "executive buy-in" and funding for security raises a red flag for me about how much real support exists.
 
I'm keeping this blog short, but I strongly urge you to go out and read the report and recommendations for CIOs and CISOs. Overall, there is a mixed message with some positive trends but also the realization that many states are not doing enough to secure their systems and data.
 
What are your thoughts on the survey results?
READ MORE