| |
|
Expanding the Dialogue
|
|
Published,
November 2, 2009
|
 |
At this point, November 2009, I have been writing the CIO Blog for almost two years, and I want to thank all of you who have taken the time to post comments.
To date my 32 blogs have received more than 300,000 hits. (It's amazing how quickly the numbers add up when you sit at your home PC each night and click the titles for an hour.) But seriously, the large number of hits made me think that the number of comments, while respectable, could be more robust.
So I thought (yes -- I know -- can you hear the gears turning between my ears?) that we need to remove the barriers to participation in order to take the dialogue a step further. To that end, we are creating a secure extension of the DON CIO web site that will provide Common Access Card holders the opportunity to engage the DON CIO team, as well as others within the Department, more directly and candidly than is currently possible on the public web site. Personnel from any DON organization will have the opportunity to become involved in charting the course for information management/information technology and Cyberspace within the Department by providing their input to ongoing discussions on this site.
Much has been said about the many Web 2.0 (tired of that term yet?) tools that are available to Internet users to manage and share information. RSS feeds, mashups, wikis, blogs and, of course, social networking sites are readily available to anyone with the click of a mouse. All of these tools foster collaboration and trust among a particular community that shares a common purpose.
With the goal of better and more candid collaboration in mind, we will launch the secure extension of the DON CIO web site in January.
To expand a bit, the purpose of this collaborative site is to provide a secure forum for DON personnel to discuss and collaborate on key IM/IT and Cyberspace initiatives. We want you to participate in shaping this aspect of the Department. This application will allow users to post ideas in the form of a blog and invite participation from other users no matter their position within the organization or their geographical location. This candid exchange of ideas will enable our DON CIO subject matter experts to gather informal feedback before the formal process of strategy and policy development is initiated. This forum will also provide leadership key insight into the concerns/challenges being felt from anywhere within the Department, as well as identify policy gaps. In addition, it will highlight those initiatives that are on the right track and viewed as valuable to the IM/IT community.
We intend to build effective and secure information flow about IM/IT and Cyberspace issues and initiatives within the Department, using social media tools to encourage participation and enhance information exchange in an informal environment. I hope to use this tool to support decision agility, provide for a change management/innovation discussion and ensure accountability across the enterprise. I encourage you to submit your ideas for change and innovation. I believe that this opportunity for participation will help us become more effective and efficient with our use of information in support of our Naval mission.
Look for the new site in early 2010, and by all means tell us - in real time - what you think.
|
|
 |
Tagged with: Blog, DONCIO, InfoSharing, Strategy, Web20 |
|
|
|
|
|
|
|
|
The Cyber/IT Workforce's Bright Future
|
|
Published,
October 19, 2009
|
|
|
One of the most enjoyable events I get to participate in is the DON Workforce Town Hall, which we host twice a year during the DON Information Management/Information Technology conferences in San Diego and Virginia Beach.
This session allows me to directly engage with the Cyber/IT Workforce and hear their concerns, whatever they may be. As a matter of fact, I have a few regulars who tee up important questions that I do my best to answer – on the spot – no prompts!
As the DON Cyber/IT Workforce Community Leader, I thought I might write a few words about the future of this 12,000+ strong – with plans to grow, albeit slightly – component of the civilian workforce, and about how the composite workforce (military, civilian, contractor) might move faster and more comfortably into the information age.
I view the following strategies and concepts as opportunities to move into the information age and deliver more effective IT in support of mission needs.
1. Embrace Technology. We are fervently developing the skill sets to achieve and remain current on our networks. We must remain a learning organization. As the Internet evolves, so must our workforce and its associated skills. To that end, we must be able to embrace change and ensure that our organizational leaders are ready to make use of IT in support of the DON mission.
2. Information Age vs. Industrial Age Thinking. While the Navy and Marine Corps are rich in culture and tradition, many of our processes are rooted in the Industrial Age and will need to move toward the Information Age to remain relevant in the coming years. I believe that the Cyber/IT Workforce is the key to successfully transforming processes to fully exploit the power of information sharing and secure collaboration. We will need to learn new ways to move information where it is needed and build new skill sets as needs arise. While we cannot predict what the future holds, we can forecast technology acceleration and change.
3. Social Media as a Tool to Build Trust. Social media is an inherent part of the toolbox for members of the millennial workforce, while baby boomers are just adopting it. Social media tools should become the standard by which we can share and collaborate on information inside and outside the network boundaries.
4. Recognize the Need for and Embrace Security. The Cyber/IT Workforce will need to manage the nexus between information access and the necessary security layers. While a great deal of work has been done in this space, much work remains. Secure information sharing presents a very different challenge than does "secure the network" or "post it on the web site." As threats increase, so must our vigilance to securely share information and manage the associated risks.
5. Going Green and the Mobile Worker. As the Department embraces Green initiatives, removing the tethers that bind our workforce from their desks will require connectivity and information access at unprecedented levels. Our Naval Networking Environment~2016 strategy to connect to the network from nearly anywhere, will free up time devoted to commuting, but will require unfettered secure access to information required to perform our jobs. The potential benefits are huge, to the Nation, the naval services and the planet.
6. Recruit our Successors. Lastly, this is one of our most important jobs. Our ability to convey the challenge and reward of working in the naval services in support of the Nation's security must be all of our responsibility. If the Department is to remain pre-eminent, the DON Cyber/IT workforce will be central to that work, ensuring the information is accessible to those who need it anywhere, anytime. I believe that the DON Cyber/IT Workforce is that fundamental enabler to the Navy and Marine Corps kinetic mission success.
What do you think?
|
|
|
|
|
|
Tagged with: Blog, CND, DONCIO, IA, Workforce |
|
|
|
|
|
|
|
|
A Security Update: Flash Drives
|
|
Published,
September 16, 2009
|
|
|
Hello again. I am back in the saddle after being on travel and then off for a week on a "stay-cation." Incidentally, vacations are more relaxing than stay-cations!
It is amazing what happens (and does not happen) when one "leaves the pattern" for a few days.
One thing that remained the same is the debate over access to information and the relative security of being connected to the Internet; specifically, access to user-generated content sites and social networking sites (SNS). However, the DON CIO staff is working closely with the Department of Defense CIO team to examine the facts and make a cogent recommendation allowing the right set of actions to proceed. The benefits of access to SNS and other user generated content sites are great; however, the risks also must be weighed and factored into decisions.
Another ongoing issue, and one many of you have asked about, is the -- drum roll please -- return of thumb drives.
As you all remember, last November, use of USB flash media and removable storage devices was suspended on all DoD networks at all classification levels by the order of the Commander, U.S. Strategic Command (USSTRATCOM). The ban includes USB thumb drives, memory sticks/cards and camera flash cards. Use of external hard drives is permitted when "proper procedures" (scans) are followed.
Although policy and processes were in place to facilitate the safe use of USB flash media, they were not being followed. This included procedures for data transfer between network domains and classifications, virus/malware scanning guidance for all forms of removable storage media before connecting to the network, and guidance for protecting data stored on removable media. Unfortunately, it was our bad IT hygiene that resulted in the ban of this all too flexible use of storage media.
We recognize the utility of portable media storage in support of mission operations. Such media provide a simple, inexpensive, reusable and ubiquitous means for transferring information between computers and servers on both public and private networks. USB flash media are often used for deploying operating system patches, anti-virus updates, and other large data transfers in bandwidth constrained environments (e.g., shipboard/tactically deployed). While we are working on net-centric solutions, USB drives afford us a tool to move information quickly. A downside is that flash media characteristics expose our networks to increased risk of contamination by viruses, worms and other forms of malware when used improperly.
The DON team is currently identifying the minimum requirements (policy, process and technology) necessary to fortify our network security posture. The DoD Removable Storage Media Tiger Team, led by the Defense-wide Information Assurance Program (DIAP), has been coordinating policy for incorporation into future USSTRATCOM operational guidance. The Navy and Marine Corps are drafting organizationally specific CONOPS and Communications Tasking Orders in preparation for secure USB flash media pilots once the DoD-wide ban is lifted.
In the future, we expect that a government-owned and procured USB flash media, that is uniquely and electronically identifiable for use in support of mission-essential functions on DoD networks will be permitted for use by authorized individuals. We are working on upgraded anti-virus and malware detection, alert and eradication capabilities as well as implementation of controls to deny network access to unauthorized USB flash media and revised operating procedures for scanning and cleaning flash media. Those who are authorized to use portable media devices will receive updated user training and awareness and be informed again of his/her accountability through compliance audits and inspections.
The bottom line is, the days of using personally owned flash media or using flash media collected at conferences or trade shows are long gone. What we connect to our home PCs is very different from what is and will be allowed to occur on DON networks. I expect (and support) that only approved, identifiable flash media of known origin will be permitted for use; and only by authorized and trained personnel, in support of mission-essential functions that could not be performed via non-flash media means. In the meantime, we are working on moving our access to information to the use of collaborative workspaces, file shares and portals within our protected enclaves. This will reduce our reliance on USB flash media, mitigate unnecessary risk to the GIG, and protect our data and information by keeping it stored within our network boundaries.
While the future restricted use of flash media may seem somewhat draconian, the expanded use of portals and collaborative work spaces keeps our information in the protected net-centric environment. It is accessible with the proper identity credentials. Seems to me we are actively working to make sure that access to information is balanced with the appropriate security controls.
What do you think?
|
|
|
|
|
|
Tagged with: CND, DAR, IA |
|
|
|
|
|
|
|
|
Aim High, Fly High
|
|
Published,
August 10, 2009
|
|
|
I recently attended the Cloud Computing Symposium at the National Defense University. And as I sat there, I wondered about information management/information technology in the Department of the Navy. Specifically, are we working to keep our IM/IT status quo (very basic evolutionary change) or reaching for what might be considered revolutionary advances?
Most of what we can do when we sit in front of our NMCI desktops (or other legacy networks) has remained essentially unchanged since the beginning of the NMCI deployment. Sure we have larger flat panel monitors and faster CPUs, more current operating systems and software, but its effectiveness has remained relatively unchanged. While we have world-class networks, we are constrained by the architecture we invested in, which makes it a challenge to move forward. As we look to the future, we should aim for high performance at the least possible cost. What do I mean by that?
Our future networks and management processes need to provide room for innovation as a fundamental element of the network. But that innovation must improve the efficiency, increase the security and decrease the cost of computing.
Are we working on reducing the cost of the network seats we procure to $1,000 per seat instead of the approximately $3,000 we pay annually? What drives the cost per seat? Legacy infrastructure, for one thing, is a huge part. Does the network connectivity model we use support revolutionary or evolutionary change?
I believe that some attributes of cloud computing offer the ability to significantly reduce the cost of computing infrastructures, while also improving services and security. The Department drafted the vision for the Naval Networking Environment 2016 a full eight years in advance of its target goals. Are we on a path to meet or exceed those goals? A significant reduction in the cost of our computing infrastructure could be achieved by the Green IT initiative the Department is undertaking.
We need to vet innovative ideas that are capable of demonstrating levels of improvement greater than we have seen in the past. In addition, as the Federal Government works to speed IT acquisition, we must be able to rapidly and effectively insert innovative IT solutions into our legacy networks. The cycle time for introduction of new technologies should not be similar to the ship building and maintenance cycles. Nor can it be every four to six months. Ultimately, we must have agile delivery of capabilities in a timely manner. Industry proven IT acquisition practices can be a model for the government.
What do you think?
|
|
|
|
|
|
Tagged with: Blog, DONCIO, GreenIT, Infrastructure, Web20 |
|
|
|
|
|
|
|
|
|
|
About the CIO Blog |
.gif) The CIO blog is a forum for the Department of the Navy CIO to discuss matters related to information management and information technology and how they impact the Department.
|
|
Comment Policy |
|
|
|
|