Clickability tracking pixel

Flu Response: The Capacity Dilemma

To buy or not to buy (more telework capacity) - that is the question during an epidemic. As the H1N1 flu situation evolved rapidly ...

by / May 6, 2009

To buy or not to buy (more telework capacity) - that is the question during an epidemic. As the H1N1 flu situation evolved rapidly over the past two weeks, CIOs, CTOs, CISOs, and other government technology officials faced (and still face) a series of tough buying decisions in difficult budget times. 

 When the World Health Organization (WHO) raised their pandemic alert level from 4 to 5 (the second highest level), organizations were told to begin implementing their pandemic plans. No problem - right? A few years back, governments created pandemic plans in preparation for Asian bird flu, so these plans have not even had time to gather dust. In Michigan, we have an excellent plan which we are following. (My focus in this blog is only on the technology-related actions.)

Government Technology Magazine ran a nice background piece on this telework question  last week. They brought up some great points about the overall capacity of Internet Service Providers (ISPs) access into homes during emergencies. They also pointed to success stories in states like Virginia. Still, I'm confident that many cash-strapped government organizations face difficult buying decisions at a time when we all need to do more with less.  

Unlike most emergency situations, such as a fire or tornado hitting a building or data center, a pandemic could leave your infrastructure intact with your staff at home. Whether your employees are caring for family members, watching kids whose schools are closed or recovering from the flu themselves, staff may not be in the office.

So this question will quickly come up: How many people can work from home (connect securely to government networks) at the same time during a pandemic? Putting aside the business-related process questions around working with others, computer applications, etc, we faced the following dilemma:

1) Approximately 13,000 Michigan State employees (out of about 55,000) have laptops. The others who have computers use desktop models. Should we buy more laptops in bulk and make them available? At about $900-$1,000 each, one thousand laptops would cost almost a million dollars.

2) With available telecommunications equipment, we can handle about 4,500 simultaneous Virtual Private Network (VPN) connections. This infrastructure is more than triple our normal demand. Increasing capacity to handle an additional 15,000 or more VPN connections could be done by buying more telecom equipment.

3) Other facts - most employees can already use their home computers for non-sensitive data and connect to the Michigan network for their Microsoft Outlook or Novell Groupwise email needs. However, our policies only allow home computer use for access that does not contain personal data that could cause a data breach (ID theft) or cause a privacy violation.     

In a nutshell, the decision looked like this: should we spend precious dollars now or wait for pandemic level 6 to arrive when equipment might not be available from vendors for weeks or months? We are facing budget cuts and even staff layoffs in Michigan, so there are never enough dollars.

True, this infrastructure may still be used in the future after the flu situation ends. However, stockpiling laptops is generally a bad idea, since the equipment can quickly become "the old model" that customers don't want. Does the situation call for emergency technology purchases now? I'll tell you what we decided in a later blog.

One final item, many governments organizations (like Michigan) are in the process of replacing desktops with laptops over time, but the transition is happening over several years. We are also looking at virtual desktops and other new technologies to help this situation (a good topic for a future blog). Finally, we do have a few hundred spare laptops for emergencies - but nowhere near enough for every need during a full pandemic outbreak if thousands of state employees stay home.

So what would you do in this situation? More important, what have you done?

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso

E.REPUBLIC Platforms & Programs