Security Is A Joke!

Fascinating video with Dan Tentler on the Shodan Search Engine…which CNN calls the “scariest search engine on the Internet.”

The search engine crawls the Internet for servers, webcams, printers, routers, and every type of vulnerable device you can imagine.

It collects information on more than 500 million devices per month and that was as of last year, so it’s already probably a lot more.

Tentler shows the unbelievable amounts and type of things you can access with this, including our critical infrastructure for the country –from utilities to traffic lights, and power plants:

– Private webcams
– Bridges
– Freeways
– Data Centers
– Polycoms
– Fuel cells
– Wind farms
– Building controls for lighting, HVAC, door locks, and alarms
– Floor plans
– Power meters
– Heat pump controllers
– Garage doors
– Traffic control systems
– Hydroelectric plants
– Nuclear power plant controls
– Particle accelerators
– MORE!!!!

Aside from getting information on the IP address, description of the devices, locations (just plug the longitude and latitude into Google for a street location), you can often actually control these devices right from YOUR computer!

The information is online, open to the public, and requires no credentials.

– “It’s a massive security failure!”

– “Why is this stuff even online?”

Where is our cyber leadership????

>>>Where is the regulation over critical infrastructure?

If there is a heaven for hackers, this is it–shame on us. 😦

A Different Definition For IV&V

A Different Definition For IV&V

In IT circles, IV&V generally refers to Independent Verification and Validation, but for CIOs another important definition for leading is Independent Views and Voices.

Please read my new article on this: here at Government Technology — hope you enjoy it.

Andy

(Source Photo: here with attribution to Joi)

Google Fiber 4 The Nation’s Capital

Google Fiber 4 The Nation's Capital

How About Google Fiber for Washington, D.C.?

– Lead, by example, the rest of the nation forward.

– Speed up the functioning of the government.

– Helpful for Emergency Management

– The Patriotic thing to do! 😉

All Opinions my own.

(Source Photo: here with attribution to Cameron Yee, & no idea why it’s in Spanish, but I like it!)

Cloud Kool-Aid

Cloud Cool Aid

We’ve all drunk the Kool-Aid and believe in using the cloud.

And with almost 1 million active apps alone in the Apple Store it is no wonder why.

The cloud can create amazing opportunities for shared services and cost efficiencies.

The problem is that many are using the cloud at the edge.

They are taking the cloud to mean that they in government are simply service brokers, rather than accountable service providers.

In the service broker model, CIOs and leaders look for the best, cost effective service to use.

However, in NOT recognizing that they are the ultimate service providers for their customers, they are trying to outsource accountability and effectiveness.

Take for example, the recent failures of Healthcare.gov, there were at least 55 major contractors involved, but no major end-to-end testing done by HHS.

We can’t outsource accountability–even though the cloud and outsourcing is tempting many to do just that.

Secretary Sebelius has said that the buck stops with her, but in the 3 1/2 years leading up to the rollout relied on the big technology cloud in the sky to provide the solution.

Moreover, while Sebelius as the business owner is talking responsibility for the mission failures of the site, isn’t it the CIO who should be addressing the technology issues as well?

IT contractors and cloud providers play a vital role in helping the government develop and maintain our technology, but at the end of the day, we in the government are responsible to our mission users.

The relationship is one of partners in problem solving and IT product and service provision, rather than service brokers moving data from one cloud provider to the next, where a buck can simply be saved regardless of whether mission results, stability and security are at risk.

In fact, Bloomberg BusinessWeek, outlines the 3 successful principles used in the creation of consumerfinance.gov by the new CFPB, and it includes: “Have in-house strategy, design, and tech”!

Some in government say we cannot attract good IT people.

Maybe true, if we continue to freeze salaries, cut benefits, furlough employees, and take away the zest and responsibility for technology solutions from our own very talented technologists.

Government must be a place where we can attract technology talent, so we can identify requirements with our customers, work with partners on solutions, and tailors COTS, GOTS, open source solutions and cloud services to our mission needs.

When Sebelius was asked on The Hill about whether Healthcare.gov crashed, she said it never crashed, which was technically incorrect as the site was down.

The cloud is great source for IT provision, but the pendulum is swinging too far and fast, and it will by necessity come back towards the center, where it belongs as an opportunity, not a compliance mandate.

Hopefully, this will happen before too many CIOs gut the technology know-how they do have and the accountability they should provide.

(Source Photo: Andy Blumenthal)

What Will Do You For Cake?

What Will Do You For Cake?

I remember a joke the guys use to tell back in college…about how you can’t have you Kate and Edith too.

Cake and eat it too…get it?

Here is a link to my article in Public CIO Magazine called “How Hungry Are You?”

It’s about how some people will literally sacrifice their souls for success, while others put their humanity and decency above it.

Hope you enjoy!

(Source Photo: Andy Blumenthal)

IT Departments, Here To Stay

IT Departments, Here To Stay

InformationWeek asks “Will IT Departments Disappear By 2020?”

This question comes from Forrester Research which sees the commoditization of IT as eroding the base for the traditional IT function and roles.

As we move to cloud computing–apps and infrastructure, as well as continue the trend for outsourcing IT such as help desk, desk support, and more what will be left for the CIO and his or her team to do?

The article answers this question with another major trend–that of consumerization–“differentiating value and visibility among consumers and employees.”

This is where IT can be highly strategic in serving those needs in the business that are truly unique and that enable them to be high performing and even outperform in the marketplace.

These ideas of commoditization and consumerization are anchored in Lawrence and Lorsch’s business studies of integration and differentiation of organizations, where organizations need to find their ideal state for integration of subsystems–such as through cloud computing, data center integration, and shared services–and for differentiation, where organizations differentiate themselves to address the unique value they bring to their customers.

So even with commoditization of IT and integration of services, the IT function in organizations will not be going away, no more so than HR or Finance functions went away with Enterprise Resource Planning (ERP) solutions.

The CIO and IT function will be able to leverage base enterprise services as commodities, but they will be expected more than ever to focus on and provide strategic solutions for their customers and give their organizations the real technology competitive advantage they are looking for and desperately need.

This is what distinguishes a real CIO–one that provides strategic leadership in being user-centric and coming up with customer-oriented solutions that are not available anyplace else–from those managers that only help to keep the IT lights on.

If you are not differentiating, you are not really engaging–so get out there with your customers and roll up your CIO sleeves. 😉

(Source Photo: Andy Blumenthal)

Charting Your Course

Charting Your Course

New article here by Andy Blumenthal in Public CIO Magazine called “Using Enterprise and Personal Architecture To Chart Your Course.”

“As a leader, one of your primary jobs is to bring a coherent, rousing vision and strategy to the organization and execute it to keep the organization relevant — that is enterprise architecture.”

Hope you enjoy!

Andy

(Source Photo: Andy Blumenthal)

Perfect, In An Imperfect World

Perfect, In An Imperfect World

I have a new article in Public CIO Magazine about working to perfect ourselves in an imperfect world.

Please read the article here online.

“Recognize the importance of the journey over that of the goal–and accept the task of working to perfect ourselves, rather than of truly being perfect, or as I learned in Jewish day school, there are no angels here on Earth, only in heaven.”

Hope you enjoy! 😉

(Source Photo: Andy Blumenthal)

Federal Leadership Is A Journey

There were three news articles in Federal Times this week (17 December 2012) that highlighted some disappointments for the time being, but that offer hope for the future:
–   Conflicts of Interest at DARPA: The previous director of the Defense Advanced Research Projects Agency (DARPA) is investigated by the Defense Department Inspector General for conflicts of interest related to the award of “hundreds of thousands of dollars in contracts to a company she co-founded and partially owned.” The hope for the future—the new DARPA director has “sent a full list of her financial assets to all of the agency’s employees.”
–   Missed opportunity for use of mobile devices, BYOD in the Federal workforce: The CIO Council’s report on “Government Use of Mobile Technology: Barriers, Opportunities, and Gap Analysis” was required by the Federal Digital Strategy (May 2012); however, while there is clarity of the need for greater mobility in the workforce, instead of a clear architecture forward, the report calls for more guidance from the administration on “how to handle the tricky legal, privacy, and financial implications.” The hope—the report looks toward  a government-wide or agency policy and guidance to support more flexible use of mobile devices and a cross-functional team to evaluate Bring Your Own Device (BYOD) for the future.
–   NASA doubts commitment of getting to an asteroid: NASA, which has been criticized by some for not having a clear direction, has been charged with “sending astronauts to an asteroid by 2025,” yet there is not consensus that this is “the next step on the way to Mars.” The hope—NASA can restructure, engage in cost-sharing partnerships, or otherwise increase budget or decrease scope to right-align and achieve clear focus on the next great goals for outer space.
Lesson learned: leadership does not have all the answers nor do they always do everything right, but leadership is a journey. So while today, we may not always be making the best acquisitions for advanced research, achieving clarity of a mobile strategy, or landing people on Mars—we are on the way—through one small step for leadership, one giant leap for the rest of us.
(Source Photo: here with attribution to NASA)