April 21, 2013 By Dan Lohrmann
After the unprecedented events that took place in and around Boston last week, where are we now and where are we going?
As an American living in Michigan who closely watched the events unfolding from Monday through Saturday, my thoughts and emotions are mixed.
Sadness Becomes Relief
I was in my boss’ office on Monday afternoon about 3:30 PM (EST) when I received initial word of the bombings at the Boston Marathon. We turned on CNN for about 20 minutes as the unfolding events were described in detail. Several of us stood around as we watched replays of the bombs going off by the race’s finish line on Patriot's Day in Boston.
My mind instinctively went back to the planes flying into towers on September 11, 2001. I was at work only a few blocks away on that Tuesday morning. While this doesn't appear to be a terrorist incident on the level of 9/11, the attack did hit at an American traditional event that is celebrated with national press coverage.
Our thoughts and prayers go out to the devastated families and victims of the horrible bombings.
There were numerous twists and turns all week. I watched President Obama’s remarks at the interfaith service on Thursday, as he told the world that, “Boston will run again.”
We awoke Friday morning to the news of a gunfight and an armed man in a residential neighborhood. A city with a metro area of several million people was completely shut down on a work day. Wow!
Thanks for the Men and Women in Uniform
Celebrations broke out all over Boston Friday night and Saturday. Crowds chanted “USA, USA!” Others sang the national anthem or screamed, “BPD! BPD!” (BPD stands for Boston Police Department).
Law enforcement -- from firemen to police to FBI and more, were instant heroes again. I am thankful for the men and women in Michigan and all over this nation who serve this country so diligently every day.
And the president reappeared Friday night with another address to the nation after the second bombing suspect was caught. He also made it clear that many questions must still be answered.
By the time that my family happily moved on with “regular life” on Saturday, a whole new set of
questions started popping up. The central question is -- why? What was the suspects’ motive(s)?
Here are just a few of the tough questions that will take some time to answer:
Did these brothers have additional help, training or ties to domestic or foreign terrorist groups?
Does this event signal the increased radicalization of American residents, whether native or immigrant?
Are There Lessons Learned?
There are also some healthy warnings online regarding the dangers of politicizing these events for personal gain. I like this piece from Bloomberg which makes the point: “How to exploit the Boston bombings for political gain.”
Nevertheless, I am going forge ahead and try to highlight developments that taught me a thing or two.
1) Breaking News is Broken – stay away from Twitter – I like this piece from Slate.com which highlights the many failings of our current news organizations over the past week. There were many false alarms and false reports. Their advice?
“When you first hear about a big story in progress, run to your television. Make sure it’s securely turned off. Next, pull out your phone, delete your Twitter app, shut off your email, and perhaps cancel your service plan. Unplug your PC. Now go outside and take a walk for an hour or two….”
Wow. That may be a bit extreme, but the points are compelling if you read the rest of the article.
2) Security is everyone’s responsibility – Several commentators have pointed out that the suspect was caught because an average citizen phoned "911." I like this Washington Post article that reminds us that everyone has a part in homeland security.
3) Crowdsource investigations went wrong – The second lesson is that the self-proclaimed
experts who tried to solve this crime online were badly mistaken. I like this BBC piece on how
Internet detectives got it very wrong. And yes, it did cause some harm and pain for the falsely accused. Here’s an excerpt worth reading:
“Thousands have been tirelessly picking through the evidence -- every piece of video footage, every photo, every eyewitness account they can get their hands on. But this investigation wasn't within the confidential confines of the FBI or local police.
No, these sleuths were working in public -- discussing their theories and "leads" within massive communities such as Reddit, 4Chan, Facebook and Twitter. On Friday, those efforts ended with an apology. After hours of chatter and speculation, the standout suspect identified -- and named -- was the wrong man….”
4) The Internet turned kitchen utensils into weapons of terror -- The bombs did not appear to be made with advanced plastic explosives or cutting-edge technology. The tools used seemed to be rather simplistic, and many people have pointed out that bomb-making instructions were available online. The Boston mayor stated that the brothers acted alone; however, more information is needed on this topic. The UK's Mirror newspaper online reported new information on Sunday -- claiming the detonators were in fact sophisticated and the brothers had help from others.
5) Proud to be an American – The last lesson for me was one that I’ve already learned – but needed a reminder. Yes, I’m proud to be an American. Despite difficulties, our system worked. We don’t yet know how this story will end, but it appears that the perpetrators will be brought to justice.
In summary, a lot of security infrastructure work has been done at all levels of government since 9/11/01, and we’ve come a long way in many areas of local, state and federal law enforcement cooperation, tools and training. The national response to this incident was impressive.
Most of all, I’m glad that Boston will be back to work on Monday morning -- and running a marathon next April.
April 16, 2013 By Dan Lohrmann
I am excited to announce the release of my new eBook on the hot topic of mobile technology and specifically bringing your own device to work (BYOD). As described yesterday by Sarah Rich in this piece called BYOD Recommendations and Dilemmas, the focus of the book is to provide a guide for employees who use their own smartphone, tablet or other mobile device for both personal and professional tasks.
The new eBook is called BYOD for You: The Guide to Bring Your Own Device to Work. The specific details on the eBook, as well the introduction, can be found at the “BYOD for You” book website: www.byod4u.com or Facebook.com/byod4u.
This blog is intended to cover some of the background regarding the eBook. Here are some of the most common questions I’ve received over the past week:
1) Why did you write a book on BYOD for end users or the average employee?
Answer: There are plenty of technical articles, books and white papers on BYOD for enterprises architects, security geeks, technology experts or others who implement policies for large enterprises. However, this is the first book that I know of that is written specifically for the employees who own the device. I wanted to take a different perspective and offer options for whatever situation the reader is currently in – from a novice employee who quietly brings their own device to work to a smartphone guru who has been bringing their own device to work for a while.
2) What topics does the book cover?
Answer: After explaining some basic terms and concepts involved in bringing your own device to work, I cover the top areas that need to be thought through before an employee brings their own smartphone, tablet or other personal device to work. The topics include: assessing your own environment, work policies, security, privacy, mobile device management (MDM), financial aspects (show me the money), ethical considerations and how to develop your own personal BYOD plan.
3) Why didn’t you name the book “BYOD for Dummies?”
Answer: I’ve never felt comfortable with the “for dummies” book title, as it tends to have a negative connotation. Someone will probably write a book called “BYOD for Dummies” at some point down the road, since it is a good marketing term in the tech world for introductions on various topics. Nevertheless, my readers are smart, and I like the phrase “for you” better than “for employees.”
4) Describe what you mean by “assessing your own environment” or “developing your own BYOD plan.” How can that be done with such a wide divergence in policies and end user work situations around the country?
Answer: One of the unique challenges in writing this book was to answer that very question. I decided to create three different levels that I call “gold, silver and bronze options” for each topic.
Recent surveys suggest that the majority of employees who currently bring their own device to work do not have (or are not aware of) their employer’s policy regarding BYOD. These end users have taken matters into their own hands in order to gain efficiency, ease of use or other personal and professional benefits. Typically, these staff feel as if they are on their own regarding security, privacy and other aspects of BYOD. The bronze options offer advice to this group in each critical area.
On the other extreme, the gold options are available to employees who work for companies with strong BYOD policies, full mobile device management technology (MDM) in place, financial incentives to bring their own device to work and good training available to BYOD adopters.
5) Why is BYOD such an hot topic right now? Why is this the time for employees to take a deeper look at their own mobile situation?
Answer: Here’s how I start the book’s introduction…
A radical change is sweeping across American workplaces: mobile
technology is redefining the boundaries between work life, home life and play.
The "digital generation" is demanding more freedom and flexibility
with their smartphones and tablet PCs in order to get their jobs done faster
and more accurately both in the office and on the go. Whether their motivation
is improving performance, enhancing personal convenience or because employers
are encouraging productivity enhancements, more people than ever are bringing
their own devices (BYOD) to work.
6) Why release this eBook now? Aren't there many unanswered questions on BYOD?
Answer: There is no doubt that we don’t have all the answers yet for BYOD, but my goal in this book is meet our customers where they are at right now. I recently wrote a blog for CSO Magazine which made the case that BYOD is the New WiFi. My point was that security and technology professionals, including me, can be very good at offering policy standards and goals that employees and enterprises must meet, without offering practical steps they can take to improve security in their current situation.
Yes, we will need improvements in MDM technology, new mobile device hypervisors and more. But most of all, technology and security pros need to embrace BYOD today and become part of the solution to existing BYOD problems at home and work. Answers must include people, process and technology changes.
Whether you read the book or not, I’d love to hear your thoughts and concerns on BYOD. Feel free to leave a comment on this blog or on LinkedIn under the group “BYOD for You.”
March 9, 2013 By Dan Lohrmann
What are the top infrastructure projects in the world? Why were they chosen? What projects are hot in North America? How is cloud computing changing the way business in conducted?
These were just a few of the questions that are answered in the annual study performed by KPMG which outlines the Infrastructure 100: World Cities Edition.
This information was actually released in July 2012, and a new version is coming out this summer. I recommend taking an hour and exploring this interactive website which offers world maps, project descriptions, a media newsroom, panel judges and much more. This resource outlines a wealth of helpful information on best practices in infrastructure around the world.
For example, here are a few interesting articles and facts that are featured:
Business Activity in the Cloud
Zooming in a bit further and looking at technology infrastructure, the KPMG study examines the business implications of cloud computing. I like this excerpt:
“… Organizations are starting to shift more and more core business functions onto cloud platforms and we are seeing a growing recognition that cloud adoption is significantly more complex than originally anticipated, particularly in terms of data management, system integration and the management of multiple cloud providers.
Findings from our recent cloud research, The Cloud Takes Shape, suggest that business process redesign must occur in tandem with cloud adoption if organizations hope to achieve the full potential of their cloud investments….”
One more thing on this recent global KPMG survey regarding cloud computing. The report outlines these takeaways:
Setting expectations - Cost reduction is a given, but transformation is critical.
Tackling the practicalities - Overcoming the implementation challenge.
Taking a sober look at security - Comfort increases but challenges remain. [Note: the risk numbers from the executive survey on cloud computing are still seem very high on a scale from 1-5. Most areas still list security concerns above 4 out of 5 which is high.]
In conclusion, I know that this report offers the views from one company – KPMG. No doubt, there are many other industry viewpoints that can help. (I am open to comments from others and/or examples that can help government technology professionals.) Still, I find this information to be very helpful and worth reading. The global perspective offers different insights than other material that I have reviewed. For the record, KPMG offered no incentive for me writing this blog or highlighting its contents.
Any thoughts on these global infrastructure trends? How is the cloud is transforming your government business areas?
January 29, 2013 By Dan Lohrmann
If ‘Internet connection speed’ was an Olympic event, the USA wouldn’t even get a medal. In fact, America would finish somewhere between 9th and 24th, depending on the exact event – I mean comparison. This assessment comes from a recent Akamai report on “The State of the Internet.”
According to this CNN article, which commented on the report, Hong Kong takes Internet speed title:
“The city was found to have the highest average peak connection speed of just over 54 megabits per second during the third quarter of 2012….
In the peak speed stakes, Hong Kong is followed by South Korea (48.8 Mbps), Japan (42.2 Mbps), Latvia (37.5 Mbps) and Romania (37.4 Mbps).
The United States straggled in in 14th place with 29.6 Mbps. The U.S. state with the fastest connection is still Delaware with a swift 10.9 Mbps, although the District of Columbia is catching up.”
Data Collection Methods
How is the data collected? Here’s an excerpt from the beginning of the Akamai report’s executive summary:
“Akamai’s globally distributed Intelligent Platform allows us to gather massive amounts of information on many metrics, including connection speeds, attack traffic, network connectivity/availability/latency problems, and IPv6 growth/transition progress, as well as traffic patterns across leading Web sites and digital media providers. Each quarter, Akamai publishes the State of the Internet Report. This report includes data gathered from across the Akamai intelligent Platform during the third quarter of 2012 about attack traffic, broadband adoption, and mobile connectivity, as well as trends seen in this data over time. In addition, this quarter’s report includes insight into SSL, the state of IPv6 adoption as measured by Hurricane Electric along with perspectives on the U.S. government’s IPv6 deadline, and observations from Akamai partner Ericsson comparing application traffic on 2G and 3G networks.”
This Internet data can be visualized in several ways at this website, which allows a wide variety of search parameters.
Any Good News?
Is there any good news coming? Perhaps.
Back in 2010, Newsweek ran this article asking: How fast will your Internet be in 2020? The article talks about the broadband situation in various parts of the country and what is being done to improve things going forward.
Meanwhile CNBC just reported that: Telecom firm’s spending on network gear is expected to be up in 2013, after being down in 2012. Also, network investments are expected to be way up in the USA, while flat in Europe.
The Federal Communications Commission (FCC) also track broadband speeds across the country. Ever since the Recovery Act grants to expand broadband access, this website has tracked investments. In addition this website has detailed progress on broadband connectivity in your state and zip code area.
Tracking Recent Cyberattack Sources
The Akamai report also listed sources of Internet attacks:
“China was found to be the single largest source of attack traffic -- 33% -- during the quarter. Attacks from the country doubled during the period, a statistic the report described as "somewhat surprising."
The United States and Russia came next in the top three. In all, the top 10 countries were responsible for almost three quarters of global attacks.”
The UK website TheRegister had this to say about China’s cyberattack numbers:
This is actually a little curious, since compared to other countries in the region, China's internet infrastructure is not all that impressive. China's share of attack traffic was up sharply from the previous quarter, too, when its packets only accounted for 16 per cent of all attacks….
Chinese customers' average peak connection speed was just 7.1Mbps, and only 3.9 per cent of Chinese had access to broadband faster than 4Mbps.
But China is a nation of 1.3 billion people, and while many have no access to the internet for now, more are coming online every day. By Akamai's latest figures, the number of Chinese with access to 4Mbps broadband increased 79 per cent year-over-year, and the number with access to connections at speeds 10Mbps or higher was up 70 per cent. Hopefully the number of cyber-attacks coming from China does not keep pace with the growth of its infrastructure.”
What About Your Current Connection Speed?
Getting a bit more personal, many people want to know what their current Internet connection speed is at home or work. In case you want to check your own connection speed, you can use this tool from Speedmatters.org.
I must admit, that my home and work Internet connection speeds were well above the listed top International averages, so I’m feeling pretty happy right now.
How about you? Any comments on Internet connection speeds in your part of the world?
January 14, 2013 By Dan Lohrmann
The European Network and Information Security Agency (ENISA), which is a part of the European Union (EU), recently issued a report that describes the current global cyber threat landscape. The excellent report “is based on publicly available data and provides an independent view on observed threats, threat agents and threat trends. Over 140 recent reports from security industry, networks of excellence, standardization bodies and other independent institutes have been analysed.”
In my view, the comprehensive approach used to create this PDF document makes it worth taking the time and energy to read throught the entire document in detail. The extensive coverage of topics includes definitions and activity in these areas of: “Drive-by exploits: Worms/Trojans , Code Injection Attacks, Exploit Kits, Botnets, Denial of service, Phishing, Compromising confidential information, Rogueware/Scareware, Spam, Targeted Attacks, Physical Theft/Loss/Damage, Identity Theft, Abuse of Information Leakage, Search Engine Poisoning, Rogue certificates.”
After coverage of these threats, the EU report covers major threat trends, including:
“The Emerging Threat Landscape
- Threat Trends in Mobile Computing
- Threat Trends in Social Technology
- Threat Trends in Critical Infrastructures
- Threat Trends in Trust Infrastructure
- Threat Trends in Cloud Computing
- Threat Trends in Big Data”
The coverage of each area includes specific topics and whether activity is up, sideways or down. One such area is “Trust Infrastructure,” which many in the U.S. cover under the “Trusted Identities in Cyberspace.”
Emerging Threat: Trust Infrastructure
1. Denial of service (an effective technique to attack trust infrastructure components and achieve impact by blocking access to relevant components, e.g., handshaking with SSL servers65)
2. Rogue certificates (compromising trust relationships will be key in generating fake trust within components of trust infrastructure but also other systems using them)
3. Compromising confidential information (data breaches will have an impact in trust infrastructures, e.g., by providing valuable information to launch an attack)
4. Targeted attacks (spearphishing and APTs will remain a significant concern in this area)
As Bill Jackson points out in his compelling blog over at GCN, European wording used may be slightly different than in the USA, but the cyber protection work is very similar on both sides of the pond:
“Among the programs under way, the administration is launching an initiative to use commercial cloud services to authenticate third-party credentials for accessing government sites, called the Federal Cloud Credential Exchange. The U.S. Postal Service will be operating an FCCX pilot.”
Again, I urge readers to take the time to read this latest European report and William Jackson’s GCN blog. It is clear that these cyber attacks against critical infrastructure are a continuing (and growing) global problem. It is good to see the comprehensive report coming from Europe.
What are your thoughts on the trends identified in this report?
Building effective virtual government requires new ideas, innovative thinking and hard work. From federal stimulus projects to enterprise architectures to cloud computing, Dan Lohrmann will discuss what's hot and what's not in the world of technology infrastructure.