George Newstrom | Know your vulnerabilities

IN 2002, GEORGE NEWSTROM, now president and chief executive officer of Lee Technologies, became Virginia's second secretary of technology at the requestof Gov. Mark Warner, after 28 years at EDS. Newstrom served both as chief information officer and chief strategist for raising Virginia's visibility inthe global technology marketplace.He left the secretary of technology position in 2004 to become president and CEO at Wisper Technologies and took the helm at Lee Technologies in October 2006. Gov. JimGilmore appointed Don Upsonas the first secretary of technology.I was the second. Going inwith Warner, who was abusiness-oriented governor andtreated the commonwealth as abusiness, my job was directingthe technology spending of thecommonwealth and restructuringhow technology served thebusiness needs of Virginia. Inaddition, the Center forInnovative Technology nearDulles Airport, which is anincubator for new technologyand biotech ideas, really came tothe forefront. In the federalgovernment, there is a hiddenemphasis on getting things donein a structure that is not necessarilyfocused on the business ofthe agency. It has much more todo with covering the bases,making sure they follow all ofthe procurement regulations.Timeliness is not necessarily theNo. 1 issue. In the private sector,you are faced with monthlyrequirements, quarterly requirementsand annual requirementsthat you must produce, or yourstock goes to hell.I'm not suggesting that this isall negative. In some cases it'spositive because they are tryingto avoid problems that havebeen seen in government contracting.But it's really not anenvironment in which youget the leading-edge solutions.If the procurement takestwo years to do, technology isoutdated in the first sixmonths.The second big thing I see inthe federal sector is the numberof senior workers and knowledgeworkers leaving. In thenext few years, there is going tobe a major issue in getting theskill sets that are necessary tokeep the major programs going.One study recently showed thatthe talent pool for skilled workersin the technology area isgoing to shrink by 45 percent by2015. That is really onerous forgovernment. I chair anorganization called the WorldInformation Technology andServices Alliance, an associationof associations. Ninety-threepercent of all IT dollars spent inthe world are represented inthis association. There is acorollary between the issues inthe private sector and any government' whether it be federal,state or local across the world' and that is the securityaround networks, communications,databases and individualrecords. That information isextremely important. If a businessnetwork goes down, theylose money. If a governmentsystem goes down, in somecases it's not a big issue. In otherissues, it is very serious. [TheHomeland SecurityDepartment] is very cognizantof not just data security but thephysical security of this informationstored in governmentdatabases. There are someagencies that are doing verywell, and there are agencies thatare not doing as well. Maybe it'sbecause of priorities, maybebecause they don't have a cultureof looking at this. DHS isone of the departments thatspend a lot of time working onthis subject. The EducationDepartment is making somevery positive, forward-thinkingchanges. Within theTransportation Departmentthere are some very positive elements.Federal government issuch a broad term [that] Iwould hate to give one answerfor the whole thing. Inventorying 'in a very honest manner 'where you are, where the vulnerabilitiesare and what youhave to do to overcome them. Itdoesn't matter whether it isa database, a network, a communicationsdevice or physicalinfrastructure. It is understandingwhat your situation is,where you stand today and howvulnerable you are. If you havedone that in the last six or ninemonths and proactively takenthe action to remedy problems,even if you are in bad shape,at least you are moving forward.If you haven't done that,the exposure is absolutelytremendous. Absolutely.Twenty years ago, you had a datacenter with a mainframe anddirect connections to dumb terminals.Then we went to distributedsolutions outside of the datacenter. Today we are in a totallyinterconnected global networkthat in many ways is vulnerable.At one time, you could controlphysical security, data securityand communications security,but today they have been separated.In this country, we aregreat at protecting ourselvesfrom viruses. We even knowwhen a virus outbreak is going tooccur. But in physical security wehave not been as proactive andnot taken the responsibility, withsome exceptions.DHS is moving data centers,data storage facilities and othermission-critical facilities out ofharm's way. Washington, D.C.,happens to be in harm's way 'it's a major target. It is a physicalsecurity issue, but also lookat the unemployment rate inthe Washington area. It is lowsingle digits. We don't haveenough skilled workers in governmentor the private sector.Look at energy. If you are onthe eastern grid in the UnitedStates, you are vulnerable. DHSis looking at places outside theeastern power grid where theremay be multiple sources of energyand where there is manpower.They are being veryproactive about looking aftertheir infrastructure. I am not thatfamiliar with the securityaround IPv6. But from a generalperspective, I would suggestthat when new technologycomes along, users have to takea look at their needs and if thetechnology fits in, go forwardwith it. I don't think it is anylonger possible for us to accepta standard ' whether it is aninternational standard, a companystandard or a governmentstandard ' and say, 'I hope itworks.' We have to be diligenton what the requirements arefor any technology before we goforward.