July 3, 2011 By Dan Lohrmann
“Where do you get your blog and/or article ideas?” I’m often asked that question. Or colleagues want to know: “What are the top ten websites you turn to in order to gauge innovative technology trends and new ideas that work?”
I typically provide a simple, safe answer, sounding like many lawyers: “It depends.” I've even promised a few friends to write an article with a more complete answer to these questions.
So I thought I’d dedicate a July 4th weekend article to sharing how I find innovative ideas that are working around the world. My hope is to provide government technology pros (like you) some techniques and examples to help improve your research on topics in Information, Communication & Technology (ICT) Infrastructures.
Yes, I write about the technology, security or other “stuff” that interests me at work and/or home. That often means something new is announced by Apple, Google, Microsoft or some hot new startup company. But more often than not, I find that buying a new "black box" or software is the easy part. Successfully implementing technology is much harder in a large government enterprise, especially when you add in the people and process issues – including required cultural change. As portrayed in the TV sitcom “The Office,” our interactions with others are often the most interesting and most complex aspect of our professional work.
Here’s my general outline:
1) Start with questions that need answering. What problems need to be solved by business areas? What topics are being discussed, or need to be discussed by your government teams? [Tip: Break out of the daily grind, if possible. Think bigger picture, unless you are focusing on a very specific answer to a particular infrastructure topic.]
2) Ask: What best-practices are being implemented in governments around the country? What common challenges, projects, solutions and/or approaches can be shared? These can come from the public or private sector. [Tip: Read on for a list of some “go-to” places both online and offline to help uncover these best-practices and intriguing stories.]
3) Bring it home. All infrastructure projects (like politics) are local, so try to apply the national trend or solution to your local situation. [Tip: Cross-check solutions from multiple sources and/or contacts around the country. If a vendor claims an incredible success with one state or local government, verify the results with a government contact and a second reference if possible.]
OK, so where do I go online and offline? As far as finding answers or general ideas, my search techniques have changed over the past few years. Here are a few of my favorite places to look:
Offline: I like to read overview and in depth reports from Gartner and Forrester. [Note: many of these reports aren’t free.] If your government doesn’t have subscriptions, you may want to consider a trial to see what you’re missing. You can also read some of their free material at their websites to get a feel for their available content. I like to learn from conferences and summits like SecureWorld Expo, NASCIO annual and mid-year conferences, regional Government Technology Magazine events, as well as national conferences like RSA for security. Of course, speaking at these events (even as a panelist) can reduce your expense.
Online: There are an endless number of free webinars and white papers available from vendor websites. I like to visit NASCIO’s Publications Website which provides great case studies and examples. You can also visit Centers of Excellence in Public Policy, like the material offered by Harvard and the Pew Charitable Trust. Beyond these, I like to check out these online news places. These websites are in no particular order. [Note: the news websites such as USA Today are recent additions to my list to gauge what the wider population is reading about.]
10) And of course: http://www.govtech.com/ (with associated sub-sites like PCIO)
As I’ve mentioned on other occasions, I also like to occasionally see what the United Kingdom websites and news organizations are saying about US technology, politics and trends. You can easily do this review at the BBC’s website or at The Mail Online’s Science & Tech Section. The London Times is also a great information source, but they now charge for much of their material.
Finally, you can always “google” the idea or issue to gauge what others are saying around a topic. I’ve found that topics like “Cloud Computing” and “Mobile Computing” are everywhere, so you need to be as specific as possible. You can also find conflicting answers. For example, a search for “Government smartphone policies” yields almost 26 million results.
I know that there are plenty of other places to go online to learn more about innovation. We live in an exciting and challenging time. I hope this quick overview of some of my top sources of data can help your research efforts. In a later post I will cover some of the bloggers I follow.
Any good technology websites that you’d like to share?
June 12, 2011 By Dan Lohrmann
Sometimes we come across a new word or phrase that is not only different, but intriguing. Occasionally these new terms or ideas really catch-on and become a part of mainstream thinking and/or technology adoption. While it is rare, these terms can even become a part of everyday language for technology or even non-IT professionals. For example, concepts like “the consumerization of IT” (initially coined by Gartner) are becoming more well-known to techies and phrase like “cloud computing” are showing up in everyday TV commercials. These terms were virtually unknown a decade (or less) ago.
Which brings me to the topic of today’s blog: What is a healthy cyber ecosystem? If you haven’t yet heard people using these words, I suspect that you will soon. The Department of Homeland Security (DHS) published a white paper in March 2011 entitled, Enabling Distributed Security in Cyberspace: Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action. What got me thinking about this even more was the term “ecosystem” showing up in recent meetings with technology vendors.
I know, I know, when we think of “ecosystem” we generally see a mental picture of various water sources with plants interacting with wildlife roaming in protected reserves. But this new approach takes the concept into our virtual cyber worlds.
According to the DHS white paper:
“Like natural ecosystems, the cyber ecosystem comprises a variety of diverse participants – private firms, non]profits, governments, individuals, processes, and cyber devices (computers, software, and communications technologies) – that interact for multiple purposes….
This discussion paper explores the idea of a healthy, resilient – and fundamentally more secure – cyber ecosystem of the future, in which cyber participants, including cyber devices, are able to work together in near]real time to anticipate and prevent cyber attacks, limit the spread of attacks across participating devices, minimize the consequences of attacks, and recover to a trusted state. In this future cyber ecosystem, security capabilities are built into cyber devices in a way that allows preventive and defensive courses of action to be coordinated within and among communities of devices….”
While this may seem a bit like “cyber utopia,” I certainly agree with the overall goals. Helpful analogies are provided in the paper such as our human immune system’s ability to fight off disease or the Center for Disease Control and Prevention’s (CDC’s) approach to a flu outbreak.
If a global system of Internet protections are put in place, we “could enable the ecosystem to continuously strengthen itself against the cyber equivalent of autoimmune disorders.”
According to the DHS white paper, there are three main components (or building blocks) to a healthy cyber ecosystem, including automation, interoperability and authentication. Excellent identity management is essential to building the required trust online. The white paper points to the National Strategy for Trusted Identities in Cyberspace (NSTIC) to build the foundations for this trust. The paper also suggests that traditional notions of “command and control” must be recast in the direction of “focus and convergence.”
In my opinion, the section on "focus and convergence" is an area where I have many questions regarding technology and process. Military forces have seen “command and control” working for millenniums whereas focus and convergence seems to me to be much harder to implement with diverse audiences and interests worldwide. For example, it is difficult to get agreement at the United Nations. And yet, I see the numerous benefits associated with this distributed approach, if we can implement a coordinated response to global cyber threats.
I especially like the ideas in a Enabling Distributed Security in Cyberspace white paper that promote more user incentives (page 26). We need to develop new opportunities for global buisnesses to grow and prosper in cyberspace. Still, this incentive area needs a lot of work, since organizations and individuals still deem “doing nothing” as being reasonable responses to cyber threats.
What’s been the wider industry response to the cyber ecosystem concept? First, many news organizations published detailed articles on the topic. Here are a few:
US-CERT’s Powerpoint Presentation (from last year) on this topic also provides more technical details regarding early actions needed to head in this directions. This presentation from a Cyber Town Hall Meeting by some federal government security leaders also addresses risk in a related security framework. A test wiki has also been set up on this topic.
What’s my opinion on the goal of creating a healthy cyber ecosystem? For the most part, I like this concept. On pages 22-26 of the DHS white paper, the healthy and unhealthy attributes to this new virtual world are identified. We are talking about what Bruce Schneier calls “The endless broadening of security.”
However, if I were to summarize this goal in a few words in non-techie language, I would say society wants an Internet that allows users to safely surf their values. We want our online world to reflect what we value in our offline world - including all aspects of our interactions with other people, businesses and governments. No doubt, our online and offline worlds are merging together in new ways each day, and meanwhile the bad guys are getting better at undermining Internet safety.
If this healthy cyber ecosystem is to become reality, we need to be building safety and trust in new ways and not just fighting malware and identity theft. This approach requires a strengthening of protections through the same natural defense mechanisms we have in our human bodies and building trust in online relationships and interactions just as in our “real world” communities. Programs like "neighborhood watch" may provide helpful models.
And a healthy cyber ecosystem will go well beyond traditional cybersecurity topics. Individuals and businesses will be incentivized to enable the good and disable the bad in cyberspace, if they feel they personal ownership over the ability to influence online life. Yes, this means both freedom and shared responsibility for all of us. It offers Internet safety and reliable online communications. A healthy cyber ecosystem can enable virtual integrity for web activities.
What are your thoughts on a healthy cyber ecosystem?
May 29, 2011 By Dan Lohrmann
Like most IT professionals, I get too much email. Yes - we block spam (over 92% of inbound email traffic from the Internet at last check). But still, unwanted “stuff” gets through…
At home, I use Gmail, and Google does a decent job at separating out the unwanted spam. Nevertheless…, I occasionally check the spam folder to see if any non-spam (important email) is in the wrong place. Some of these funny messages came from there as well.
Recently I decided, if you can’t beat the spammers, I might as well just relax on Memorial Day Weekend and enjoy a good laugh on them. Here are my favorite spam messages in two categories: Funniest and “Give Me a Break…”
1) Hurry – Limited Time Opportunity to Stop Emails Like This One
2) Warning: Reading this email will be hazardous to your boredom
3) Free Money: Just Pay Shipping & Handling Charges
4) Tired of Cloud Computing Mumbo Jumbo? Check Out My Digital Gumbo
5) R U 4 Real?
Get Real: (Or, I’m not clicking )
1) Title: Mony For U
Text - I am Koh Beng Seng from Bank of China have a deal of 65.5m and am ready to share 50/50 see attachment for details if interested. (Tip: Please…. Don’t click on this attachment.)
2) Blog As An Expert in Ten Minutes - Here’s How
3) All the Online Storage You Want For Free
(Comment: China in the address did not instill confidence. They even offered to check my file contents for "safety." Huh?)
4) Thanks For The Order!
(Comment: What Order? The text had a link with the note that looked like a Google URL, but the details showed the link went elsewhere. Of course, I didn’t click. Don’t be fooled by address “aliases” that may first appear to be genuine.)
5) WIN $500: We Need Your Expert Opinion
(Comment: Some offer cash drawings, others T-shirts or even a free iPad without a drawing. While the survey may be legit, so are government ethics rules. Besides, do they really think I’ll give away sensitive cybersecurity information for a T-shirt? Delete!)
One more thing, some spam contains a link “to be removed from this email list.” Clicking on that link is one of the surest ways to get more spam - nor should you send them an email to remove you from their list. (This confirms that the email address is valid and their message is getting through, so they often sell the address to others for a higher profit.)
We might as well smile at these spam messages, because we haven't been able to fully stop them from coming yet.
Any funny spam (or hard to believe emails) come your way? Please share by leaving a comment.
May 21, 2011 By Dan Lohrmann
This has been a rough week for our technology operations. The various headlines about two different (and unrelated) Michigan government outages tell you why our team is a bit behind on our sleep. The good news is that our critical Secretary of State systems are up and offices are open and helping customers. I’m happy again on a beautiful spring Saturday morning in Lansing.
Here are a few of the background articles covering the outages this week:
I know, enquiring minds want to know the “nitty gritty” about what caused the outages in the first place and specific details regarding what happened and how we recovered. That will come soon enough, with a detailed “Root Cause Analysis” (RCA) being performed on each situation. We owe those formal details to our agency customers and the public that was impacted. This RCA report will include steps we are taking to reduce the risk of such incidents reoccurring.
I also hope to do a longer article on this topic later this summer, with some behind the scenes conversations and perspectives on how we responded so quickly from two back-to-back situations. But for now, I felt I owed my blog readers an acknowledgement that the incidents did happen in Michigan – and say a few words about the Michigan outage articles. It was not a fun week. When it rains it pours.
While I’m all too aware of the reality that bad things happen in every technology organization, the key is how our teams respond and come back when apps are down. As I mentioned in an article last September, all government operations must be prepared for outages given various scenarios. (Though, I must admit, I never expected to be in this situation eight months later.)
As I have written over the years, this isn’t the first time, and won’t be the last time, that unplanned outages happen. However, the difference between these two outages and situations like the blackout of 2003 is that public perception and expectations are not the same. When large parts of the Northeast USA lost power, the public understood why services were down. But when an outage occurs as a result of internal people, process, or technology failures, all eyes are on your team to get back up quickly and effectively.
Most importantly, I want to thank our recovery teams who did an outstanding job of responding from the moment that these outages were reported. We have an excellent staff that “got going” when the “going got tough.” The communication demonstrated between the technology and business staff was a good sign of successful teamwork. Several of them worked more than 24-hours straight, and I am proud and thankful for their efforts.
More to come on this topic in the future. But for now, I’m hearing my kids laugh again. I’m enjoying the sunshine. I’m smiling again in Lansing. Now I get to mow my lawn.
May 14, 2011 By Dan Lohrmann
I was recently asked: “What’s the next big thing in technology?”
My colleague wanted to know what will be hot a year or two from now that isn’t yet on the radar for most government leaders, end users at work or teenagers at home. Over lunch, my longtime friend who was asking the tough questions challenged me to:
“Step out and take more chances in your blogs like a few years back. You’ve lost that bleeding to leading edge swagger. Where’s that government visionary I know?”
Ouch! (I was feeling a bit uneasy at this point.) I initially thought, “With friends like this…”
Actually, I realized that he had a point. Not much lately on what's coming tommorrow. So I went back and reread earlier articles on cloud computing, identity management, smart phones and social networking in government. (I know, I should have written that 2007 article on social networking about Facebook and not MySpace – but that’s what happens when you pick particular vendors over industry trends. The first to market isn’t always the top winner.)
But moving back to the question at hand, my winner of “the next big thing” award is: digital wallets.
(Yes, “digital wallets” does qualify as virtually unknown, since my eighteen year old daughter responded, “Huh? Will I have to read a blog on this?”)
First, here are a few definitions. According to Wikipedia,
“A digital wallet (also known as an e-wallet) allows users to make electronic commerce transactions quickly and securely.
A digital wallet functions much like a physical wallet. The digital wallet was first conceived as a method of storing various forms of electronic money (e-cash), but with little popularity of such e-cash services, the digital wallet has evolved into a service that provides internet users with a convenient way to store and use online shopping information.
The term “digital wallet” is also increasingly being used to describe mobile phones, especially smartphones, that store an individual’s credentials and utilize wireless technologies such as near field communication (NFC) to carry out financial transactions….”
The rest of the developed world is already using this technology more than consumers and governments in the US and Canada. “Forrester, an independent market research company, reported from a 2010 online survey that less than 6 percent of American adults have ever used mobile payment. In Japan and Korea, however, the practice is widespread. According to consulting company Accenture, 69 percent of respondents to their recent survey in Asia said they favor using cell phones for most of their payments, compared with only 26 percent in Europe and the U.S.”
The New York Times and LA Times each ran articles on Visa’s implementation plans for digital wallets in the USA this fall. The LA Times reported, “Visa said its digital wallet would be able to handle payments online, using a phone, on social networks and person-to-person payments as well.”
An Emory University website said this about e-wallets, “Consumers are not required to fill out order forms on each site when they purchase an item because the information has already been stored and is automatically updated and entered into the order fields across merchant sites when using a digital wallet. Consumers also benefit when using digital wallets because their information is encrypted — or protected by a private software code. And merchants benefit by receiving protection against fraud.”
I recently saw this concept in action at Detroit Airport when e-tickets on a smartphone were used by several passengers to board a Delta flight. (No doubt, this solution is greener with no paper needed.) But while the process may seem fairly simple, the implications for governments are huge.
For example, think about all the credit card payments that your government makes and receives. Will they accept these new payment types at government offices?
Or, what about mobile device policies and/or acceptable use policies for government employees and contractors? Will government issued blackberries or iPhones be used as personal e-Wallets for employee purchases at home? What if security issues arise or the devices gets hacked? The lines between work and home will become blurred even further.
On the other hand, the opportunities for efficiency, savings and positive innovation are evident. From paying for public transportation to reducing fraud in credit card transactions, many aspects of this topic will ensure that we are discussing this digital wallet topic for years to come. Imagine if there was no longer the need for passing around credit card numbers and expiration dates.
It may be slow at first, but get ready for the next big thing for your smartphone to do (or become). I suggest we start thinking about digital wallets now. They’re coming soon to a government near you.
Any thoughts or experiences with digital wallets?
Building effective virtual government requires new ideas, innovative thinking and hard work. From federal stimulus projects to enterprise architectures to cloud computing, Dan Lohrmann will discuss what's hot and what's not in the world of technology infrastructure.