As state leaders gather in Washington, D.C., this weekend for the 2011 National Governors Association (NGA) Winter Meeting, one topic on the agenda is cyber-security. Experts in the field will be addressing questions like: What threats in cyber-space do we face? What are the potential ramifications of these cyber-threats? What steps can governments take now?

A NGA news release highlighted the importance of this first meeting since the November 2010 elections. NGA Chair Washington Gov. Chris Gregoire said, "We have many challenges to tackle in the days ahead. However, with these challenges come great opportunities, and I look forward to working with fellow governors to find solutions and take necessary actions to put our states on the path to economic recovery." 

No doubt, some readers may be surprised that cyber-security is even being given precious time alongside such essential topics as education, job creation and Medicaid. And yet, as cyber-attacks against critical infrastructure have grown in frequency and sophistication over the past few years, the negative impacts to business and government are being felt. If significant attention is not given to current cyber-risks, the potential exists for derailing advances made in digital government over the past decade.

Yesterday, the National Association of State Chief Information Officers (NASCIO) issued a new call to action which directs attention to current cyber-security risks. Specifically NASCIO urges government leaders to take steps to know the risks, know the landscape, know your government cyber-assets and know your opportunities.

Protecting critical infrastructure is not an new issue; however, the importance of the topic continues to grow. This DHS video describes some of the public-private partnerships that exist in protecting key infrastructure assets. The National Infrastructure Protection Plan (NIPP) and sector-specific plans are also available (scroll down to the bottom of the page) to assist governments in taking action.

In Michigan, we have developed a strategic plan that includes both cybers-ecurity and infrastructure appendices as well as tools and newsletters. No doubt, Michigan, like other states, has a ways to go in protecting critical infrastructure. There’s always more to do and areas that require improvement.

One of the hardest parts for technology and business leaders is the moving threat target. The bad guys are getting more organized and better at what they do. In addition new technologies and advances in mobile computing and cloud computing present different security and privacy challenges.

Nevertheless, it is nice to see this cybersecurity topic on the NGA agenda this weekend. This may be the first time that such a high-level cyber-presentation has been given to these new governors. The time for action is now.

Any thoughts on this topic or on protecting critical information and/or government infrastructure?

Follow-up note on 2/28/2011: A video of this NGA session can now be seen at this CSPAN link:

http://c-span.org/Events/Health-Care-and-Cyber-Security-on-Governors-Agenda/10737419823-3/ 

Egyptian democracy and high-speed Internet are not topics that typically go together, but they were both highlighted during President Obama’s speech this week in Marquette, Michigan.   But the President was not discussing the Google marketing executive who helped to start the Middle East protests with his social networking comments a few weeks back. This trip to Michigan was about jobs, high-speed Internet access and our new economy.

ABC News reported:

“Obama traveled to frigid Marquette (the temperature was negative 19 degrees with the wind-chill) today to sell his plan to make high-speed wireless Internet service available to at least 98 percent of Americans. 

Residents and businesses in rural Marquette are using super fast WiMAX Internet, and towns like Marquette, the president said, will create the jobs and businesses of tomorrow….

The president also wants to double wireless spectrum availability for mobile broadband, invest $3 billion in development of emerging wireless technologies, and develop a nationwide wireless network for public safety.  The White House says the president’s plan will cut the deficit by nearly 10 billion over the next decade. Republicans are likely unwilling to increase spending for the president’s wireless plan.”

Comparing investment in wireless technology with the investments that Americans made in railroads, the President made it clear that he wants to “connect every corner of America to the digital age.”  

As a Michigan resident, it was nice to hear that the President sees Michigan as innovative. I think it is true that Northern Michigan University’s implementation of WiMax is impressive, and I think their model is a national best practice. The benefits that local residents and businesses receive from this high-speed network in Michigan’s Upper Peninsula (UP) could only have happened with public/ private partnerships and help from companies like Motorola and others.   

We have a long way to go when it comes to enabling all Americans with affordable, ubiquitous high-speed Internet. Nevertheless, it is nice to highlight a few success stories. What is working now? What can we learn from their experience? What would they do differently if they started over?

There is no doubt that this NMU success story needs to be told. What are your thoughts on what Northern Michigan has done with WiMax?

A quiet, but dramatic, change is well under way in rural America. Over the next two years, broadband Internet access will become available in many parts of the United States that have been struggling in the digital age. These areas currently have limited high-speed access that is affordable, and many areas have no online connectivity or slow dial-up speeds.

USA Today ran a major article on this topic following President Barack Obama’s State of the Union address last week. The story is entitled: Stimulus funds help wire rural homes for Internet. The focus is on our new digital infrastructure which is vital for new 21st century jobs, health care and more.

The president said,  "To attract new businesses to our shores, we need the fastest, most reliable ways to move people, goods and information — from high-speed rail to high-speed Internet."

No doubt, federal stimulus projects have been very controversial and have become political hot buttons. (I’m staying out of those debates in this blog.) Still, there are plenty of tools and charts that I find helpful in showing what’s happening or happened. Here are a few:

1)    Recovery.gov maps website – lists contracts, grants and loans by state and region
2)    USA Today Economic Stimulus Charts – summarizes jobs create and saved, funds awarded, funds received and unemployment rate by state – although the data is a bit dated
3)    Stimulus.org – listing of details on various stimulus programs
4)    Broadband USA website  – you can find plenty more details on broadband infrastructure projects by visiting this government website.
5)    Broadband Stimulus Resource Center by Adtran – an assortment of articles and updates on broadband stimulus projects.

While some individuals are calling for even more projects, stimulus spending is fading and any efforts to add new spending will likely run into trouble with the Congress. But for now, it’s important to keep track of progress on existing grant awards and plans in your state to expand broadband into rural America.

Any thoughts on broadband stimulus?

“What do think about that WikiLeaks situation?”

 I’ve been getting that question a lot lately - not only from the typical techies or security pros, but from just about everyone else. From government leaders to self-confessed Luddites to elderly acquaintances at church, lots of people are talking about WikiLeaks – still.

For example, last month I ran in to a former government executive who moved on to a leadership role in the private sector several years back. The conversation went something like:

Former Gov Exec: “Dan – you won’t believe this, but I was just thinking about you and your state security organization. I was shocked by those WikiLeaks disclosures! I can’t get that topic off my mind."

Dan: “Really? You’re the second person who mentioned that today.”

Former Gov Exec: “You know, they don’t understand computer security or these risks the same way in the private sector as in government. Many of my current colleagues just don’t get it. (Laughing) Everyone was blown away by that WikiLeaks thing….”

 (After a long, serious pause) “So what should we be doing now?” 

I sent my old friend a few resources. But no doubt, this is tough (and difficult) question to answer. I’d like to share some of the same advice I gave my colleague.

Over the past several months, there have been numerous articles offering “lessons learned” from WikiLeaks.  Here are a few of the interesting articles that I’ve read on this topic:

Lessons Learned from WikiLeaks

WikiLeaks Anonymous Force Change to Federal Governments Security Approach

Business lessons Learned from WikiLeaks

Yes, there are plenty of misperceptions out there amongst people who should probably know better. A few government managers have commented, “We don’t have anything worth protecting here. We’re not the Department of Defense (DoD), you know.”

These naïve perspectives may shock some (for good reason), but they cause me to relook at our security training for business areas. In the defense of some state and local government staff, a large amount of government information is (and should be) open and the information is available via the Freedom of Information Act (FOIA) or even freely on public websites.

Newly elected officials and legislators and/or other new state or local execs may not be aware of the various compliancy and legal issues we must abide by to protect citizen information. We can certainly use WikiLeaks as a training opportunity.

Bottom line, we do have plenty of sensitive data that must be protected, and no citizen wants their health records, high school test scores, social security numbers or tax records revealed to the world.

So what WikiLeaks lessons am I suggesting? Here are three, keeping it simple in this particular blog:

1)    The “insider threat” is real for all of us.

2)    Yes, we have sensitive data to protect in state and local governments.

3)    You need to have a comprehensive cyber security program that is a priority which addresses privacy, security and cyber ethics.

Final thoughts: Government Technology Magazine ran this article stating that City Leaders are worried about the implications of WikiLeaks for security in their jurisdictions. This gives readers an opening to educate others on the importance of good practices.

There is also this webinar from Governing coming up later this month that may help you in this area if you want to learn more as we begin 2011.

Any opinions on WikiLeaks that you would like to share?

   It’s that time of year when everyone seems to be recapping 2010 and making technology predictions for 2011. While I don’t plan on recapping the first decade again or make any bold predictions for the future, I will offer some important trends to watch in government technology infrastructures for 2011.

But before I do that, here are a few of the top 2011 technology prediction articles that I have read by others:

Consumer technologies (from the United Kingdom) – From mobile payments to more social gaming to new TV options, this should be a very exciting technology year.

 13 Mobile Predictions – This area is so hot that mobile-mania now needs its own category.

 Gartner Predictions for 2011 - Although you need to pay for the detailed write-ups on each topic, it’s worth the time to just scan their free summaries to gain an overview of where technology and management are heading, in their view.

I don’t know what “Technobabble 2.0” is, but I like this post with several predictions from different IT websites.  If there was a “Technobabble 1.0” – I missed it. Nevertheless, how about these bold predictions:

1.      By 2016, a G20 nation’s critical infrastructure will be disrupted and damaged by online sabotage….

2.      By 2015, 10 per cent of your online "friends" will be nonhuman. (I doubted this until my daughter just told me that she already has a nonhuman friend now who she plays rock/paper/scissors with her and answers a variety of her questions.)

As far as Government Technology goes, 2011 should be a pivotal year in the USA in many respects. A large number of states will be appointing new CIOs, and many states have new Governors with new agendas. In addition, many state and local government are considering significant changes to their IT governance models and/or privatized IT.    

Even our federal counterparts are implementing significant changes in IT Management as they push a cloud first policy and other reform initiatives. There seems to be a new focus on measureable results and smaller deliverables with shorter-term schedules coming from the DC beltway. Hopefully, this trend will help state and local governments as well, if we can utilize federal contract vehicles which save money or offer better service.

So what technology trends do I see for state and local governments in 2011? Most of these will not surprise readers, so I call them trends rather than predictions. There certainly are no big surprises on my list.

Security and Consolidation are still near the top of everyone’s to do list. Given my background in security, I still blog occasionally for CSO Magazine on security topics as a CTO. A few months back, I wrote this article which describes the latest on this trend. Put more bluntly, security is an area that will get government technology leaders in trouble in a hurry, if ignored. Don’t assume anything regarding smart phones, cloud computing or Software as a Service (SaaS). Even if you outsource a function, make sure that you have the right security language in your contracts.

One more thing on security: I thought that security “peaked” as an issue a few years ago, but over the past year I realize that we are right back to square one regarding mobile apps and cloud computing. That is, we are going through the same new technology issues and trials that we did in the first part of this century. I now believe that security will be hot for another decade – at least.

Support for More Mobile Devices and Apps – Yep, we now need to support many different tablets and smartphones. Get used to it. Sticking to the blackberry on full-size PCs won’t cut it with the new teams coming in. They like iPhones, iPads, Droids and more. Nope, the Blackberry isn’t going away either, so we need to figure out how to truly do more with less in managing this area. Mobility is the new normal and part of the consumerization of IT; however, it is also the place where employees and citizens are increasingly accessing government data from. Bottom line, we need better plans and strategies for mobile devices and apps.

Even more virtualization, consolidation, SaaS and cloud computing – Again, no surprise here. Some of this work will be outsourced in 2011, but that will vary from state to state. The focus should be on creating plans to “right-size” efforts based upon skill sets, technology needs and priorities. Many states, such as Minnesota, continue to consolidate data centers, or move email to private sector partners.    

I realize that these trends are not earth-shattering, but they will be challenging in 2011. State and local governments face very difficult budgets, and there will be pressure for quick results that lower costs now and improve services as well. This pressure will probably create a few train wrecks along the way on the operational side – so expect to see one or more stories similar to the events that occurred in Virginia in 2010.

It should be a very interesting year. What are your thoughts on 2011?