StateTech Magazine - Technology Solutions That Drive Government en The Network and IT Security Needed to Defend Smart Cities <span>The Network and IT Security Needed to Defend Smart Cities</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 12/12/2018 - 16:51</span> <div><p>Smart cities are <a href="">popping up all over the country,</a> with cities <a href="">both big</a> and <a href="">small</a> deploying Internet of Things devices to improve services for residents and enhance public safety. This is all for the good, especially in cases where cities are <a href="">focused on concrete and near-term benefits</a>.</p> <p>However, there is <strong>a dark side to this proliferation of connectivity</strong>. As Gary Hayslip, the former CISO of San Diego, <a href="">recently wrote in <em>StateTech</em></a>, when cities become smarter they also become more vulnerable to cyberattacks.</p> <p>“Smart city networks pose a unique challenge for security professionals and engineers alike, as large integrated networks of systems within systems and a mix of legacy and new technologies connect together,” Hayslip notes. “These complex arrangements ultimately open the network to risk.”</p> <p>Importantly, as Hayslip adds, smart city IoT systems often connect to larger networks, “so if they are compromised, not only can they be a target, but they can also be <strong>a doorway to larger security incidents citywide</strong>.”</p> <p>That is why it is critically important to understand the vulnerabilities smart city systems face, as well as how city governments can defend against such threats. <strong>Network segmentation, security incident and event management tools </strong><strong>and</strong><strong> penetration testing</strong> can help cities bolster their defenses. </p> <p><a href="" target="_blank"><em><strong>VIDEO: </strong>Find out what keeps state CISOs up at night. </em></a></p> <h2 id="toc_0">The Vulnerabilities Smart City Systems Face</h2> <p>While security may sometimes be an afterthought as cities deploy <a href="">smart traffic lights</a>, <a href="">transportation systems</a> and <a href="">water monitoring systems</a>, it shouldn’t be. </p> <p><a href="" target="_blank">According to research released in August</a> by <a href="" target="_blank">IBM</a> Security's <a href="" target="_blank">X-Force Red group</a> and the cyber research firm Threatcare, it is remarkably easy to hack into smart city technology. </p> <p>The researchers examined smart city products from three companies — Libelium, Echelon and Battelle — and <a href="" target="_blank">discovered 17 vulnerabilities</a> that could allow hackers to commandeer sensors and data for nefarious purposes. <a href="" target="_blank">In some instances</a>, the hacks were as <a href="" target="_blank">obvious as entering</a> a factory-default password like “admin” or <strong>bypassing authentication requests by adding slashes to a URL</strong>, according to the researchers. When the researchers found vulnerabilities in the products these vendors produce, the team disclosed them to the vendors, all of which were responsive and issued patches and software updates to address the flaws, according to IBM.</p> <p><a data-entity-type="" data-entity-uuid="" data-widget="image" href="" id="" rel="" target="_blank" title=""><img alt="Cybersecurity_IR_howstrong_700x220.jpg" data-entity-type="" data-entity-uuid="" src="" /></a></p> <p>“According to our logical deductions, if someone, supervillain or not, were to abuse vulnerabilities like the ones we documented in smart city systems, <strong>the effects could range from inconvenient to catastrophic</strong>,” the researchers say. </p> <p>These effects range from manipulating water level sensor responses to reporting flooding in an area where there is none — or preventing such sensors from alerting authorities in the event of an actual flood. Attackers could also set off radiation alarms when there is no radiation threat, causing mass panic. And they could cause vehicle traffic to come to a standstill by manipulating traffic signals. </p> <p><a href="" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Discover how Massachusetts assessed its IoT vulnerabilities. </em></a></p> <h2 id="toc_1">How to Defend Against Smart City Cyberattacks</h2> <p>The first step city governments can take to ward off such devastating impacts is to use <strong>network segmentation</strong>, creating physically separate networks for IoT devices. </p> <p>“With this approach, if a hacker is able to compromise the IoT devices, they are unable to conduct a ‘pivot attack’ to other enterprise assets, since the physically separate IoT network is ‘air-gapped’ from their secure enterprise network,” Ken Hosac, vice president of IoT strategy at <a href=";enkwrd=Cradlepoint+" target="_blank">Cradlepoint</a>, writes <a href="">in <em>StateTech</em></a>.</p> <p>Instead of directing this network through a city’s data center, for example, city governments can <strong>direct the parallel networks to public or private clouds</strong>, limiting access to valuable information and reducing bandwidth bottlenecks, Hosac notes. “If hackers gained access to one of the parallel networks, they could not pivot to another network,” he adds. IBM also advises cities to <strong>implement IP address restrictions</strong> to connect to the smart city systems.</p> <p>Additionally, IBM advises cities to take advantage of <strong>security information and event management (SIEM) tools </strong>to identify suspicious traffic. SIEM solutions — available from vendors such as <a href="" target="_blank">Hewlett Packard Enterprise</a>, IBM and <a href="" target="_blank">Splunk</a> — receive logs from a controlling network server and IoT endpoints, then use correlation rules to help IT security analysts monitor traffic entering the network, the launching of unsolicited services, software integrity, anti-virus feeds and other activities. </p> <p>IBM also suggests cities leverage basic <strong>application scanning tools </strong>that can help identify simple flaws and use safer password and application programming interface key practices.</p> <p>Finally, IBM advises cities to hire hackers to test systems for software and hardware vulnerabilities and <strong>find them before malicious actors do</strong>. Many vendors and value-added service providers offer such solutions. For example, CDW’s <a href="" target="_blank">Comprehensive Security Assessment</a> service uses white hat hackers using the same tools and techniques deployed by cybercriminals. </p> <p>It is clear that smart cities are vulnerable to security flaws and attacks. Equally clear, however, is that they have the tools to fight back.</p> <p><em>This article is part of </em>StateTech<em>'s <a href="">CITizen blog series</a>. Please join the discussion on Twitter by using the <a href="">#StateLocalIT</a> hashtag.</em></p> <p><em><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="CITizen_blog_cropped_0.jpg" data-entity-type="" data-entity-uuid="" src="" /></a></em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11301"><img src="/sites/" width="58" height="58" alt="Houston Thomas III" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11301"> <div>Houston Thomas III</div> </a> </div> <div class="author-bio"> <p> <div><p>In his role as Senior Business Development Strategist and Public Safety Senior Strategist, Houston Thomas III manages the architect and engineering process for large-scale integration projects involving public safety agencies. He provides subject matter expertise to CDW•G law enforcement customers with respect to digital intelligence and evidence management.</p> </div> </p> </div> </div> </div> </div> Wed, 12 Dec 2018 21:51:51 +0000 phil.goldstein_6191 41886 at How to Mitigate Cybersecurity Threats to Public Safety Communications Systems <span>How to Mitigate Cybersecurity Threats to Public Safety Communications Systems</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 12/11/2018 - 10:45</span> <div><p>State and local governments rely on public safety agencies to provide critical support and communications <a href="">in the event of emergencies</a> or <a href="">natural disasters</a>. But what happens if those agencies’ own communications are taken down because of a cyberattack?</p> <p>It is a worrying thought for many public safety agencies and their government partners — or at least it should be, based on the findings of a recent survey from <a href=";pCurrent=1&amp;b=SMB" target="_blank">Motorola Solutions</a>. The <a href="" target="_blank">survey of 120 and land mobile radio (LMR) system managers</a> around the world in public safety, government and enterprise organizations found that nearly a quarter of respondents — <strong>22 percent</strong> — are not taking any significant cybersecurity measures and <strong>just 11 percen</strong>t of organizations cited establishing a cyber incident plan as a priority for the coming year.</p> <p><a href="" target="_blank">As Urgent Communications reports</a>, public safety agencies face numerous threats to their communications systems, including <strong>“swatting” attacks</strong>, in which criminals manipulate 911 calls to show that a call is originating from a location where a very serious criminal act has occurred or is occurring, leading public-safety answering points (PSAPs) to send a Special Weapons and Tactics (SWAT) team to the call location. PSAPs and public safety agencies also face threats from <strong>ransomware attacks</strong> that lock them out of their communications systems, attacks that lead to unauthorized network access allowing attackers to cripple systems, <strong>denial of service attacks</strong> and more. </p> <p>In addition to following basic cybersecurity measures like patching software and establishing rules around connecting portable storage devices via USB or other ports, public safety agencies can take several steps to bolster their security. </p> <p>Motorola suggests they need to <strong>lose the “set it and forget it” mindset on cybersecurity</strong> and continually evolve their security strategy, establish <strong>a holistic, risk-based security </strong><strong>plan</strong>, and use <strong>proven cybersecurity frameworks and standards</strong>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href=";screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Tue, 11 Dec 2018 15:45:44 +0000 phil.goldstein_6191 41881 at 4 Tips for Successful State Agency Cloud Deployments <span>4 Tips for Successful State Agency Cloud Deployments</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 12/10/2018 - 14:07</span> <div><p>Cloud services are the No. 2 priority for state CIOs in 2019, according to the National Association of State CIOs’ <a href="" target="_blank">recently released list</a>. </p> <p>Specifically, the priority includes “cloud strategy; proper selection of service and deployment models; scalable and elastic IT-enabled capabilities provided ‘as a service’ using internet technologies.”</p> <p>Cloud adoption is likely going to continue to grow at the state and local level. <a href="" target="_blank">Gartner expects</a> double-digit growth in government use of public cloud services, with spending forecast to <strong>grow 17.1 percent</strong> on average per year through 2021. Across all industries, companies spend an average of <strong>20.4 percent </strong>of their IT budgets on the cloud, according to the research firm, compared with <strong>20.6 percent</strong> for local governments.</p> <p>North Carolina Chief Deputy CIO Tracy Doaks <a href="">recently told <em>StateTech</em></a> that cloud use has advanced significantly in the Tar Heel State over the last couple of years. The state went from not using the cloud (unless that use was unauthorized), to the introduction of a cloud service broker that supports multiple cloud vendors that any agency can use. </p> <p>“And not only can they use those clouds, it’s self-provisioning, so they have self-service in a way that they never used to have,” she says. “So, for an on-prem provisioning solution, it took <strong>maybe 30 days </strong>to get what they we were looking for. <strong>And now they can get that in 15 minutes</strong>.” </p> <p>Some states are further along in their cloud journey than others. What are the best practices states should follow to successfully migrate to the cloud, and, once they make that decision, to ensure that their deployments will yield benefits? </p> <p><a href="" target="_blank"><em><strong>MORE FROM STATETECH:</strong> Discover the benefits of hybrid cloud for state governments. </em></a></p> <h2 id="toc_0">1. Determine Cost of Existing Operating Models and Cloud Migrations</h2> <p>Karthik Viswanathan, Massachusetts’ assistant secretary of technology services, says that before any agency moves to the cloud, it should <strong>examine the total cost </strong>of running its entire enterprise in an on-premises environment. </p> <p>California CIO Amy Tong says that migrating to <strong>the cloud is a journey and “not an overnight thing.” </strong></p> <p>Many state governments have a number of legacy systems and applications that they want to migrate to the cloud. “For those, I would say do an assessment, a cloud readiness assessment, which we did for every single one of our major systems,” she says. </p> <p>Tong says state governments need to <strong>properly budget for cloud migrations</strong>, whether it is a simple lift and shift or a complete rearchitecturing. “And if it is, budget ahead of time and level set expectations on the timing required to do that so you can have a more realistic plan,” she says. </p> <p>Agencies also need to rethink their IT costs once they start using cloud platforms. “The big difference in the mental shift between on-premise vs. cloud is certain things where we take for granted where it’s a fixed cost over a period of time,” Viswanathan says. “In a cloud environment, it’s a constant iteration. You look at what the usage looks like, make tweaks, it’s almost like <strong>checking your utility bills every month</strong>.” </p> <h2 id="toc_1">2. Determine Governance Models for Cloud Apps</h2> <p>Once agencies have decided to move apps to the cloud, they need to <strong>consider the governance model </strong>they will use for their cloud environments, says Viswanathan. That includes how the cloud environments will be managed, patched and upgraded. </p> <p>“So, I would say the three areas one should focus on are the right-sizing of the application, the utilization of the different assets within the infrastructure, and to upgrade the software to the right versions so everything is comfortable and supportable,” Viswanathan says. </p> <p>Agencies also need to<strong> determine which apps to move to the cloud</strong>. Four years ago, California adopted a cloud first policy, under which new apps are built in the cloud as a first choice, and whenever possible, apps are migrated to the cloud, Tong says. However, since then, California has learned that moving apps to the cloud is not as easy as one might think, especially for large legacy systems that are not cloud ready. </p> <script type="text/javascript" src="//;widget_id=1365730869&amp;width=640&amp;height=360"></script><p>“So, we really have switched to a cloud adoption focus rather than just simply cloud first,” Tong says. </p> <p>She advises agencies to “be smart, be strategic, be thoughtful on what it would take to actually move a solution into a cloud environment when it was not designed to be that way.” </p> <h2 id="toc_2">3. Ensure Employees Have Cloud Training</h2> <p>Doaks says that if other state governments are looking to go on a cloud journey like North Carolina’s, she would “strongly suggest that they don’t look at the end game first. There are steps to getting there.” </p> <p>Some state agencies might be more tech savvy than others, and their employees may want to use self-provisioning and other cloud options. While Doaks says that is “great,” state CIOs cannot forget about other state agencies that are not as technologically advanced. Those employees will <strong>need</strong><strong> trainin</strong><strong>g to be able to maximize their use of cloud tools</strong>.</p> <p>“We also have to meet all those other agencies that are not as tech savvy and have programs and solutions for them,” she says. </p> <h2 id="toc_3">4. Do Not Forget About Cloud Security</h2> <p>Doaks says she works very closely with the state’s enterprise risk and security officer to help <strong>define where apps belong</strong>. “But most of them are going to be driven by the types of cloud vendors that we have, and the requirements that we have in order for them to store data,” she says. Some clouds are able to store sensitive data like Health Insurance Portability and Accountability Act data, and others are not. </p> <p>North Carolina is planning to ensure cloud data security by introducing <a href="" target="_blank">a cloud access security broker</a>. CASBs serve as a unified control point to give organizations <strong>visibility and control for all their apps, usage and data in the cloud</strong>.</p> <p>“That allows us to understand where a workload sits, and if it moves from one cloud to another cloud and it’s not the right cloud for that data classification, we will know that and then we can stop that movement,” Doaks says. “That’s going to be a significant way for us to understand where data sits and whether it’s sitting in the right place.”</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="Modern IT Infrastructure report" data-entity-type="" data-entity-uuid="" src="" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href=";screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 10 Dec 2018 19:07:36 +0000 phil.goldstein_6191 41876 at How Digital Scanners Enabled a New Era of Document Management <span>How Digital Scanners Enabled a New Era of Document Management</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 12/07/2018 - 13:44</span> <div><p>What is one thing that state and local governments all have in common? They store a lot of records on residents.</p> <p>State and local governments collect and store everything from tax records to licenses, registrations, certificates and other documents from residents, not to mention agencies’ own documents. All of that creates <strong>quite a paper trail</strong>. Thanks to the advent of the digital scanner in the mid-1970s, state and local governments have had the ability to <strong>digitize such records</strong>. </p> <p>According to <a href="" target="_blank">a recent report from the National Association of State CIOs</a>, produced along with the <a href="" target="_blank">Council of State Archivists</a>, between 2006 and 2016, the number of state and territorial electronic records skyrocketed by <strong>1,693 percent</strong>. During that time, the report noted, there was also <strong>a 445 percent growth</strong> in electronic versus paper records in state and territorial archives.</p> <p>That would not be possible without the digital scanner and corresponding digital storage systems. Digital scanning makes it <strong>easier for state and local governments to preserve records</strong>, for residents to fill out forms and send them electronically, and for government businesses to become <strong>more efficient as a result</strong>. </p> <p>Today, digital scanners are almost an afterthought, <a href="" target="_blank">integrated into multifunction printers</a> that are as common in government offices as laptops and smartphones. Yet it was not always so. How did the digital scanner come to be? And how can state and local governments make the best use of them?</p> <p><a href="" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Find out how state CIOs should preserve digital records. </em></a></p> <h2 id="toc_0"><span style="background-color: rgb(210, 199, 110);"> HOW</span> the Digital Scanner Came to Life</h2> <p>Optical, automated light sensor technology had been available since the early 1900s and was used in digital fax scanning systems, according to <a href=";q=1975+kurzweil#v=snippet&amp;q=1975%20kurzweil&amp;f=false" target="_blank"><em>Digital Images for the Information Professional</em> by Melissa Terras</a>. For decades, scanners had been known as “drum scanners,” where the article to be scanned was “wrapped around a drum while a single cathode ray light sensor checked the brightness at a single spot, becoming a chain of observations as the drum continually spun the image,” Terras writes. </p> <p>However, Terras notes, there was no capacity to store these scans, which were created to <strong>enable the transmission of a digital image</strong>. </p> <p>The first image scanner <a href="" target="_blank">developed to input images into a computer was a drum scanner</a>. It was built in 1957 at the U.S. National Bureau of Standards (now the <a href="" target="_blank">National Institute of Standards and Technology</a>) by a team led by Russell Kirsch. In 1964, R.T. Moore, M.C. Stark and L. Cahn at the National Bureau of Standards “built a precision scanner that could accommodate a much larger image, built around a commercial lathe body offering dimensional precisions of 1/200 inch and capturing 2.98 million pixels of information at one of eight levels of grey,” Terras writes. </p> <p>Such machines were bulky and required special magnetic tape machines to save the scanned information. In the late 1960s and early 1970s, researchers at Bell Labs, George Smith and Willard Boyle, worked on a method to capture images based on silicon’s reaction to light, and the ability to transfer the resultant electrical charge along the surface of a semiconductor. They constructed a device which contained an array of linked light-sensitive sensors, known as charge-coupled devices or CCDs, according to Terras.</p> <p>CCDs were integrated into scanner technology in the 1970s. However, it was Ray Kurzweil who developed both <strong>optical character recognition technology</strong> and the notion of a <strong>flatbed scanner</strong>, in which the sensor could move across the paper instead of the paper moving around a drum, Terras notes. </p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="CDW Modern Workforce Insight Report" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> <p>In 1975, the first system capable of scanning a printed page in multiple type styles and converting it to comprehensible full-word speech was completed, <a href="" target="_blank">according to Kurzweil’s history of the scanner</a>. The scanner was part of a larger system known as the Kurzweil Reading Machine, which converted print to speech, and was designed as a reading prosthetic aid for the blind and visually impaired. </p> <p><a href="" target="_blank">As the <em>Houston Chronicle</em> notes</a>, “This scanner only worked on a horizontal strip a little more than an inch high and had no more than 64 kilobytes of memory. Eventually, engineers improved scanner resolution and memory capacity, allowing these devices to record images as large as 9600 dpi.”</p> <p>Falling costs for computer components led to the development of less expensive and more capable scanners, including from Microtek in 1985 and <a href="" target="_blank">Xerox</a> and Kodak in 1991, according to Terras.<strong> The TWAIN standard</strong> for interfacing scanner software with computer hardware was introduced in 1992, Terras notes, and that “provided a standard set of function calls by which a computer could control the features of any brand of scanner.”</p> <p>“By the 2000s, flatbed scanners were inexpensive and reliable, with entry-level devices costing as little as <strong>$60</strong>,” the <em>Chronicle</em> notes. </p> <h2 id="toc_0"><span style="background-color: rgb(210, 199, 110);"> WHAT</span> Is the Role of Scanners in State and Local Government?</h2> <p>Flatbed scanners are now viewed as “essential, affordable and peripheral” devices, Terras notes. </p> <p>However, <a href="" target="_blank">as digital imaging guidelines from the Library of Virginia note</a>, “Because most agencies and localities do not have the appropriate scanning equipment, software or staff expertise to execute a large imaging project, vendors have become integral to the world of digital imaging.”</p> <p>Since quality varies among vendors, selecting the right one is crucial to digital scanning projects, the guidelines say. </p> <p>Agencies’ imaging systems procedures <strong>“should incorporate a standards-based environment,”</strong> which may include “a comprehensive set of standards-based interfaces, services and supported formats that enable portability and interoperability of applications and data,” the guidelines say.</p> <p>Standards “allow systems to change over time without significant risk of losing records,” the document notes and also “facilitate the importing and exporting of images.” </p> <p>Scanners are today seen as an afterthought, but without them, records would remain on paper <strong>and government business would be much less efficient</strong>.</p> <div style="background-color: rgb(245, 244, 240); color: rgb(77, 77, 79); padding: 20px;"> <p><em>"This Old Tech" is an ongoing series about technologies of the past that had an impact. Have an idea for a technology we should feature? Please let us know in the comments!</em></p> </div> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href=";screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 07 Dec 2018 18:44:42 +0000 phil.goldstein_6191 41871 at How the Push for Smart Cities Impacts Police Forces <span>How the Push for Smart Cities Impacts Police Forces</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 12/06/2018 - 11:28</span> <div><p>The only technology the police force needed 40 years ago was <a href="">the radio</a> and the location of the nearest pay phone. Today, officers <a href="">get all of their information digitally</a>, as there are multiple outlets to monitor, including body cameras, on-board cameras, multiple cell phones, in-vehicle computer data terminals with internet access, traffic-monitoring radar units and much more.</p> <p>These advancements have given police departments opportunities to use <strong>many of the same technologies that are helping create smart cities</strong>. These technologies add new levels of connectivity that allow every level of government to be more responsive and efficient, driving improvements in how they respond to public safety threats. And these changes are helping officers <strong>streamline administrative work and freeing up more time to do what they do best</strong>. </p> <h2 id="toc_0">What Is a Smart City?</h2> <p>The definition of a “<a href="">smart city</a>” is as broad as its potential. To some, it’s about building roadways with sensors embedded in the ground. The next person might view first responders using new techologies as the best example of a smart city. Others include schools and healthcare in their smart city vernacular.</p> <p>Most, however, agree on the benefits of these technologies:<strong> increased operational efficiency for governments</strong>, much of which is based on actionable Internet of Things data, and improved services and quality of life for citizens.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11481"><img src="/sites/" width="58" height="58" alt="Ken Hosac, Cradlepoint" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11481"> <div>Ken Hosac</div> </a> </div> <div class="author-bio"> <p> <div><p>Ken Hosac is vice president of IoT Strategy at Cradlepoint. As part of the leadership team since 2009, Ken has helped drive Cradlepoint’s growth and development through roles in strategic planning, product management, solution strategy and thought leadership.</p> </div> </p> </div> </div> </div> </div> Thu, 06 Dec 2018 16:28:30 +0000 phil.goldstein_6191 41866 at North Carolina to Offer Free Cybersecurity Training to Veterans <span>North Carolina to Offer Free Cybersecurity Training to Veterans </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 12/05/2018 - 08:58</span> <div><p>Veterans in North Carolina looking to transition to careers in cybersecurity will now have a leg up<strong> thanks to a training partnership</strong> between the state government and a nonprofit backed by <a href="" target="_blank">Cisco Systems</a> called <a href="" target="_blank">CyberVetsUSA</a>.</p> <p>North Carolina Gov. Roy Cooper <a href="" target="_blank">announced the partnership</a> in mid-November. The effort is part of a broader campaign to fill cybersecurity jobs. Of the <strong>300,000</strong> cybersecurity positions open in the U.S., about <strong>13,000</strong> are in the public sector, according to <a href="" target="_blank">CyberSeek</a>, a <a href="" target="_blank">National Initiative for Cybersecurity Education</a> online tool that collects employment data. </p> <p>To connect veterans with cybersecurity jobs, Cisco Systems will work with industry partners, the North Carolina Department of Military and Veterans Affairs, the North Carolina Department of Information Technology, the North Carolina Department of Commerce, and post-secondary institutions and veteran services organizations throughout the state to bring the CyberVetsUSA program to North Carolina.</p> <p>“North Carolina is the most military friendly state in the nation and we’re proud that so many of our veterans choose to stay here when they return to civilian life,” <a href="" target="_blank">Cooper said in a statement</a>. “Veterans play a crucial role in powering our economy and we must make sure they have the skills they need to thrive in the workforce. The cybersecurity field is vital to the 21st century economy and I’m pleased that Cisco recognizes that North Carolina’s talented veterans are the perfect fit for these important jobs.”</p> <p><a href="" target="_blank"><em><strong>VIDEO:</strong> These are the cybersecurity threats that keep state CISOs up at night. </em></a></p> <h2 id="toc_0">North Carolina Vets Will Get Access to Numerous Cyber Courses</h2> <p>CyberVetsUSA is <strong>a free </strong><strong>cybersecurity</strong><strong> training program</strong> for eligible veterans, service members transitioning to civilian life, military spouses and members of the Reserves and National Guard who are interested in pursuing a cybersecurity career. The self-paced training program takes <strong>12 to 14 weeks</strong>, according to a North Carolina website on the program, and will be primarily online. </p> <p>Cisco is partnering with other industry leaders to provide the training content, including Amazon Web Services, <a href="" target="_blank">(ISC)²</a>, <a href="" target="_blank">Palo Alto Networks</a>, <a href="" target="_blank">Fortinet</a>, <a href="" target="_blank">NetApp</a>, and National Development Group.</p> <p>According to the statement form Cooper’s office, program participants can choose from over a dozen courses to earn <strong>certifications in cybersecurity operations, secure infrastructure, software engineering, operations </strong><strong>and</strong><strong> technical support, security management and network security</strong>. </p> <p>Additionally, they will have access to mentoring and career resources as well as direct links to employment opportunities. The industry partners are providing career resources and connections to job opportunities for those who complete the training and certification. </p> <p>Eligible participants who are looking to gain cyber employment in North Carolina can <a href="" target="_blank">visit the program website</a> to submit their interest. Interested candidates can complete a form to receive a link to register for CyberVetsUSA, and an enrollment advisor will then reach out to determine available training options.</p> <p>During training, participants will <strong>gain access to virtual communities to enhance their learning experiences</strong>, according to the program website. Additionally, the program will offer career resources — <strong>including help with resume writing, interview techniques </strong><strong>and</strong><strong> career exploration</strong> — to those who achieve a 30 percent course completion milestone. Once the course is completed, participants will get a free voucher to obtain an industry certification.</p> <p>North Carolina is the third state to partner with Cisco to launch CyberVetsUSA, joining Maryland <a href="">and Virginia</a>. <a href="" target="_blank">As StateScoop reports</a>: </p> <blockquote><p>CyberVetsUSA project launched quietly in 2017 in Virginia, where 275 veterans underwent 12 to 15 weeks of training, followed by placement in cybersecurity and other information technology jobs. Maryland Gov. Larry Hogan announced Nov. 1 that his state is also participating in the program. More states plan to enroll in 2020, according to Cisco.</p> </blockquote> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href=";screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Wed, 05 Dec 2018 13:58:09 +0000 phil.goldstein_6191 41861 at 6 Challenges Smart Cities Face and How to Overcome Them <span>6 Challenges Smart Cities Face and How to Overcome Them</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 12/05/2018 - 08:40</span> <div><p>Many cities today have ambitions of becoming <a href="">the smart cities of tomorrow</a>. But to achieve this, they need to overcome the challenges associated with mapping out a complex strategy that involves public and private participants, direct and indirect stakeholders, <a href="">integrators</a>, network and managed service providers, product vendors and IT infrastructure providers. </p> <p>At the outset, smart cities must have the <strong>foundation of a fundamental, standards-based IT infrastructure</strong> that satisfies and supports a broad array of needs and can adjust to advances in technology, such as Internet of Things sensors, measurement and analytics tools and solutions powered by artificial intelligence and machine learning. </p> <p><strong>Smart city planning is a balancing act</strong> that involves citizens, public organizations, state and local government and private enterprises. Once this balance is achieved, it creates huge opportunities for business, sustainability, disaster prevention, public safety and quality of life improvements. </p> <p>The promise of smart cities — just like the process of building one — is difficult to define, as there are <a href="">so many working parts and components to conside</a>r. These include smart buildings, smart governance, smart healthcare, smart transportation, smart security, smart energy, smart commerce and smart infrastructure. </p> <p>However, there are challenges that can be addressed today through <strong>a combination of technological innovation and collaboration between public organizations and private enterprises</strong>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11761"><img src="/sites/" width="58" height="58" alt="Mike Beevor" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11761"> <div>Mike Beevor</div> </a> <a target="_blank" class="twitter" href=";screen_name=MikeBeevor&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Mike Beevor is the technical marketing director at Pivot3, where he leads the company’s safe city and smart city strategies. A 15-year industry veteran, he has held a number of technical roles across a wide range of startups.</p> </div> </p> </div> </div> </div> </div> Wed, 05 Dec 2018 13:40:52 +0000 phil.goldstein_6191 41856 at How to Turn Smart State Ideas into Reality <span>How to Turn Smart State Ideas into Reality</span> <div><p>Smart cities are <a href="">everywhere these days</a>. But there are not that many states that lay claim to the title of a smart state. However, that does not mean that state IT leaders are not thinking about the concept, how it might work and what it would take for their states to be a smart state. We spoke recently with state CIOs about what they think of when they consider their smart state visions and how they might be able to achieve them. </p> <p>For more on how to push your state forward, <a href="" target="_blank"><strong>download CDW's Digital Transformation Insight Report</strong></a>. </p> </div> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 12/03/2018 - 10:06</span> <div> <div>Tweet text</div> <div>How can #stategov use #stateandlocalIT to become a smart state? IT leaders from @ksgovernment, #NewMexico and #Louisiana offer their thoughts. </div> </div> <div> <div>Video ID</div> <div><p>1616424777</p> </div> </div> <div> <div>video type</div> <div><a href="/taxonomy/term/7396" hreflang="en">Conference</a></div> </div> <div> <div>CDW Activity ID</div> <div><p>MKT25519 </p> </div> </div> <div> <div>CDW VV2 Strategy</div> <div>Core</div> </div> <div> <div>CDW Segment</div> <div>State &amp; Local</div> </div> <div> <div>Customer Focused</div> <div>True</div> </div> <div class="pw-widget pw-size-medium pw-layout-vertical" data-layout="vertical" data-url="" data-title="How can #stategov use #stateandlocalIT to become a smart state? IT leaders from @ksgovernment, #NewMexico and #Louisiana offer their thoughts." data-via="StateTech" data-button-background="none"> <span> <span>Dec</span> <span>03</span> <span>2018</span> </span> <a class="pw-button-twitter cdw-taboola-social"></a> <a class="pw-button-facebook cdw-taboola-social"></a> <a class="pw-button-linkedin cdw-taboola-social"></a> <a class="pw-button-reddit cdw-taboola-social"></a> <a class="pw-button-flipboard cdw-taboola-social"></a> <a class="pw-button-email cdw-taboola-social"></a> <!-- Pinterest button is in EdTechk12 theme's vertical template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-url="" data-title="How can #stategov use #stateandlocalIT to become a smart state? IT leaders from @ksgovernment, #NewMexico and #Louisiana offer their thoughts." data-via="StateTech" data-button-background="none"> <div> <a class="pw-button-twitter"></a> <span class="pw-box-counter" pw:channel="twitter"></span> </div> <div> <a class="pw-button-facebook"></a> <span class="pw-box-counter" pw:channel="facebook"></span> </div> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-counter="true" data-url="" data-title="How can #stategov use #stateandlocalIT to become a smart state? IT leaders from @ksgovernment, #NewMexico and #Louisiana offer their thoughts." data-via="StateTech" data-button-background="none"> <div> <a class="pw-button-twitter cdw-taboola-social"></a> <a href=";" target="_blank"><span class="pw-box-counter cdw-taboola" data-channel="twitter"></span></a> </div> <div> <a class="pw-button-facebook cdw-taboola-social"></a> </div> <div> <a class="pw-button-linkedin cdw-taboola-social"></a> </div> <div> <a class="pw-button-reddit cdw-taboola-social"></a> </div> <div> <a class="pw-button-flipboard cdw-taboola-social"></a> </div> <div> <a class="pw-button-email cdw-taboola-social"></a> </div> <!-- Pinterest button is in EdTechk12 theme's horizontal template --> </div> <div> <div>Pull Quote</div> <div> <p class="quote"><a href="node/"> Any state that isn&#039;t thinking about being a smart state is really letting down their citizens. How we get there is the harder part. </a></p> <img src="/sites/" width="60" height="60" alt="Maria Sanchez, New Mexico Acting CIO and  General Counsel for IT" typeof="foaf:Image" /> <p class='speaker'> <span>Maria Sanchez</span> New Mexico Acting CIO and  General Counsel for IT </p> </div> </div> Mon, 03 Dec 2018 15:06:27 +0000 phil.goldstein_6191 41846 at Data Center Consolidation Strategy and Best Practices for State Governments <span>Data Center Consolidation Strategy and Best Practices for State Governments</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 11/30/2018 - 09:25</span> <div><p>A decade ago, state governments had barely started the process of <strong>data center consolidation</strong>. As the end of 2018 nears, while the process is not complete, it is clear that states have made enormous progress and overcome data center consolidation challenges.</p> <p>In 2007, <a href="" target="_blank">the National Association of State Chief Information Officers</a> reported that, of the 29 states it surveyed,<strong> only 14 percent (four states)</strong> had fully consolidated their data centers, while <strong>38 percent (11 states) were in progress and 41 percent (12 states) </strong>were either planning or proposing to consolidate their data centers. The other 7 percent (two states) had not started any consolidation efforts.</p> <p>By 2017, a fuller picture emerged of the progress states had made. NASCIO reported last year that <strong>46 percent (23 states)</strong> had completed their consolidation efforts, including Kentucky, Florida, Pennsylvania and Washington State. Meanwhile, <strong>42 percent (21 states) </strong>told NASCIO their consolidation work was ongoing;<strong> six other</strong> states said consolidation efforts were planned.</p> <p>That progress has resulted in a host of data center consolidation best practices for state CIOs and their staffs. Last year, NASCIO <a href="" target="_blank">released a “playbook”</a> detailing many of them.</p> <p><a href="">NASCIO advises</a> state IT leaders to<strong> plan rigorously for such consolidation efforts; engage with all of the relevant stakeholders</strong>; create a roadmap; <strong>document IT assets</strong>; address costs; implement standards; manage expectations and expect surprises; make sure the new data center architecture is sustainable; and <strong>capture and report cost savings</strong>.</p> <p>It is a significant undertaking, but there are equally meaningful benefits that result from having sound data center consolidation plans and best practices. States can see meaningful cost savings and achieve greater flexibility as they shift more applications and resources into the cloud. </p> <p>Ultimately, data center consolidation strategies need to be holistic efforts. “Data center consolidation is often an unfunded mandate,” says Shawn McCarthy, research director of IDC Government Insights. “But it’s tough to make the sweeping changes without making associated systems investments.”</p> <p> </p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="IT%20Infrastructure_IR_2.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> <h2 id="toc_0">What Does a Data Center Consolidation Strategy Look Like?</h2> <p>Planning is crucial for any successful data center consolidation strategy. The NASCIO playbook makes clear that state IT leaders must understand the needs of each state agency that will be using their data centers, and they must engage with these stakeholders early. They should also design the end state of the data center consolidation to “fit needs, instead of requiring agencies to find ways to work within (or despite) new government regulations or directives.”</p> <p>“Part of this should include <strong>a gap analysis to understand and communicate the benefits of consolidation versus current capabilities</strong>,” NASCIO states. State CIOs’ teams should also “assess agencies’ requirements for data processing, storage and back-up, continuity of operations, and future needs or expansion.”</p> <p>State IT leaders should understand the needs, requirements and any potential issues before setting a data center consolidation target date or launching any initiatives.</p> <p>“Simply put, more planning and organization results in a smoother consolidation process,” the NASCIO playbook states. “The complexity of data center consolidation is often underestimated. Your team must develop a detailed plan and process.”</p> <p>IT staff must <strong>identify the facilities, technologies, organizations, services, people </strong><strong>and</strong><strong> processes that will be impacted</strong> by the data center consolidation. “During the planning process, the team will need to understand the interdependencies between multiple applications as well as infrastructure to ensure minimal disruption and outages,” the playbook notes.</p> <p>States should also create detailed inventories of their IT assets so that they can better plan for outcomes post-consolidation, NASCIO states; existing technologies and systems that are working and can be reused should be identified. State IT leaders should also discuss the advantages and disadvantages of different hosting environments (cloud, internal and hybrid) and make migration decisions based on the needs of the stakeholders. CIOs also need to decide how to fill technology and systems gaps where new investments must be made, according to the playbook.</p> <p><i><a data-saferedirecturl=";source=gmail&amp;ust=1543674162859000&amp;usg=AFQjCNENo1XJadPT51o4f6xu8ggl8Jd7zQ" href="" target="_blank"><b>MORE FROM STATETECH: </b>Find out how to handle the human side of state and local data center automation</a>. </i></p> <h2 id="toc_1">Data Center Consolidation Benefits</h2> <p>That is a great deal of work, but following through on closing data centers, removing equipment and transitioning services to the cloud bring significant benefits to states.</p> <p>“Almost every state is either consolidated or in progress,” Amy Hille Glasscock, a NASCIO senior policy analyst, <a href="" target="_blank">said in an interview with Data Center Knowledge</a>. “Everybody is looking for savings, and while it’s an involved process, <strong>you will save money if you consolidate data centers</strong>. You will save energy and have a more secure platform if you have everything under one roof.”</p> <p>States achieve cost savings from data center consolidation in several ways, NASCIO notes: “Savings are created by reducing diversity and complexity in the data center environment, creating economies of scale and reducing operational costs, saving on facility maintenance costs and energy costs via greater efficiency.” </p> <p>Arizona CIO Morgan Reed <a href="" target="_blank">told StateScoop recently</a> that the state has produced a report showing that, by continuing to consolidate data centers, the Grand Canyon State can <strong>save tens of millions of dollars a year</strong>.</p> <p><img alt="NASCIo-screenshot.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /><br /><span style="font-size: 11px; line-height: 20.8px;">NASCIO's report shows the progress states have made consolidating their data centers. Source: NASCIO </span></p> <p>Reed notes that Arizona has set up a new Tier 3 data center, and as it has looked at its data center through a cloud-first lens, it has discovered that only about 25 percent of the data center infrastructure needed to be relocated and stay on premises, while it was able to simply just shut off 15 percent. Meanwhile, the remaining 60 percent “has been able to go into various public clouds, which is fantastic.”</p> <p>Arizona has realized about $2 million in cost savings just from shutting down its own data center equipment, Reed says.</p> <p>Another key benefit of data center consolidation and shifting to more agile cloud services that can be spun up quickly is that <strong>state agencies can move faster to launch new services</strong>.</p> <p>“So, when the governor or an agency director says, ‘We want to do something different,’ it’s not going to be weeks and months of ordering equipment and landing it, installing power,” Reed says. “We can actually decide and respond faster, which is what our citizens expect.” </p> <p>There are numerous other benefits that come from consolidation, according to NASCIO, including stronger IT security; the introduction of process standards such as<strong> Information Technology Infrastructure Library (ITIL) and Information Technology Service Management (ITSM)</strong>; the promotion of enterprise integration and applications; improved support for legacy systems; the centralization of infrastructure maintenance and upgrades; and <strong>improved disaster recovery and business continuity</strong>.</p> <p>“It's really a no-brainer in terms of deliverables,” Utah CIO Mike Hussey says in the NASCIO playbook. “Why spend money on distributed data centers when you can use that money to improve services.”</p> <p><i><a data-saferedirecturl=";source=gmail&amp;ust=1543674162859000&amp;usg=AFQjCNG_5KjTlfhDFMRFuvLq1oUq03p-7Q" href="" target="_blank"><b>MORE FROM STATETECH: </b>Discover how state and local agencies benefited from sharing data center resources. </a></i></p> <h2 id="toc_2">Data Center Consolidation Challenges</h2> <p>Despite the many benefits of data center consolidation, state CIOs face numerous challenges in implementing consolidation plans.</p> <p>“As in 2007, the top challenges continue to be <strong>workforce resistance to change and agencies’ desire to remain autonomous</strong>,” according to NASCIO. “Additional challenges may include problems experienced in moving localized devices away from the current customer base, backlash when consolidation didn’t meet specific business needs, higher-than-anticipated costs and problems with seeking exemptions from state and federal statutory and regulatory requirements.”</p> <p>IDC’s McCarthy notes that fewer data centers in a state’s footprint means the remaining data centers are larger and<strong> will need more bandwidth, more cooling </strong><strong>and</strong><strong> more virtualized systems</strong>.</p> <p>State agencies often get stuck in the “partial progress” phase of consolidation, McCarthy says, “because they don’t make their changes fast enough, and eventually they are faced with multiple additional choices, such as new technology, providers and cloud options. <strong>Being overwhelmed can lead to inertia</strong>.”</p> <p>IT leaders should also undertake cloud migrations after conducting due diligence. While a cloud-first approach “is usually the best idea for new development,” McCarthy says, “moving to cloud just for cloud’s sake is not viable if it costs too much money to get there.” CIOs need to consider the costs, in time and money, of system changes, reconfiguration, consultant time and more when it comes to cloud migrations.</p> <p><a href="" target="_blank"><em><strong>VIDEO: </strong>Find out what state CIOs have on their IT modernization wish lists. </em></a></p> <h2 id="toc_3">What Are Data Center Consolidation Best Practices?</h2> <p>The NASCIO playbook offers numerous best practices, as do analysts and state CIOs.</p> <p>Planning and stakeholder engagement is a common theme. McCarthy notes that <strong>“project portfolio management” </strong>is an old term, but it is still important.</p> <p>Key leaders — CIOs, CFOs, program managers and others — need to meet and set priorities. “Is saving money more important? Or is replacing an older system that is no longer supported by the manufacturer more important?” McCarthy asks. Perhaps a new law has been passed and being able to gather and report on data is simply a legal requirement now; if so, that project needs immediate priority.</p> <p>“If all of these variables are not part of the ongoing dialog, investments can get off track quickly,” McCarthy says.</p> <p>Another best practice is to <strong>align IT systems with business needs</strong>, McCarthy says. “Since those needs can change rapidly, it’s more important than ever to seek better IT agility, with systems that can be changed via reconfiguration rather that full-blown custom programing,” he says.</p> <p>Whenever possible, IT leaders should seek solutions “that use the native tools within a system to adjust its features and outputs.” This will make future updates and consolidation efforts easier to handle because the system will be more standardized, he adds.</p> <p>NASCIO recommends states <strong>adopt ITSM and ITIL</strong>. “Missouri used both ITSM and ITIL when they consolidated their data centers,” the playbook notes. “They found it to be extremely useful to identify a standard supported across the enterprise. They found that not only could they tell the customer they would save money, but they would also get current technology, technological flexibility and readily available, highly qualified support.”</p> <p>Another key best practice is to <strong>make the consolidations self-sustaining</strong>, either by renting out space to other state or local agencies or by using renewable energy sources to drive efficiencies.</p> <p>“Politically, having buy-in from agencies and other customers because of a voluntary commitment (in the case of Ohio) or because of an executive order (in the case of Maine and Montana) is important,” NASIO’s playbook states. “But more importantly, customers/agencies must feel as if they are getting better service and security at the same or less cost. Only then will they want to continue if voluntary, and only then will a new administration want to keep moving forward under a previous executive order.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href=";screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 30 Nov 2018 14:25:09 +0000 phil.goldstein_6191 41841 at Vermont Aims to Open Cybersecurity Operations Center in Spring 2019 <span>Vermont Aims to Open Cybersecurity Operations Center in Spring 2019</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 11/29/2018 - 11:53</span> <div><p>Vermont plans to launch a new cybersecurity operations center, or SOC, by the spring of 2019, an investment the state hopes will give it greater resources to monitor for threats. </p> <p>In the last legislative session, Gov. Phil Scott’s administration proposed and the state legislature approved the creation of the SOC, which will be developed and coordinated by the state’s <a href="" target="_blank">Agency of Digital Services</a> (ADS) to <strong>mitigate cybersecurity risks</strong>. Vermont is opening the SOC through a public-private partnership with Norwich University, which will help educate students and provide hands-on job experience with real threats and cutting-edge technology products, <a href="" target="_blank">according to a press release</a>. The partnership is expected to create job opportunities in Vermont. </p> <p>The goal is to boost Vermont’s cybersecurity posture by providing the state with <strong>24/7 threat monitoring capabilities</strong>. Currently, threats are monitored only during normal business hours, according to Vermont CIO John Quinn.</p> <p><i><a data-saferedirecturl=";source=gmail&amp;ust=1543596490530000&amp;usg=AFQjCNH4QIhL5R0XlB5t_ryvv_kyHE8g7A" href="" target="_blank"><b>MORE FROM STATETECH: </b>Discover how Georgia set up its cybersecurity center. </a></i></p> <h2 id="toc_0">Vermont Partners with Norwich to Bolster Cybersecurity</h2> <p>The purpose of a SOC is to have a facility or functional area that monitors, assesses and defends enterprise information systems like websites, databases, networks and servers, <a href=" 2018 - JFC/VTSecurityOperationsCenterImplementationPlan - Administration.pdf" target="_blank">according to a state implementation plan for the center</a>. </p> <p>“Compromises of networks often happen in minutes and the State is not structured to identify and respond in our current configuration,” the plan notes. “A SOC contains the people, processes, and technologies to provide situational awareness of threats to information systems.” </p> <p>The SOC will also serve as “the coordination point for any<strong> incident response involving information systems, using tactics, techniques, and procedures (TTP) to monitor for cyber security events</strong>, establishing if the threat is an actual incident, and determining the severity of the incident along with potential business impacts.”</p> <p>Currently, cybersecurity operations consist of analysts who work on tasks such as security system configuration, VPN changes, compliance assistance, intrusion detection monitoring at the internet boundary and vulnerability scanning. Services provided as needed include incident response, IT project security reviews, security design and policy input. </p> <p><a data-entity-type="" data-entity-uuid="" data-widget="image" href="" id="" rel="" target="_blank" title=""><img alt="Cybersecurity_IR_howstrong_700x220.jpg" data-entity-type="" data-entity-uuid="" src="" /></a></p> <p>However, Vermont does not perform active, 24/7 event and log correlation monitoring, and does not collect logs and audit results in a centralized location. As a result, the state plan notes, incident response “is often slow while information is gathered and business unit impacts are determined before remediation can occur.”</p> <p>Norwich University has a widely respected cybersecurity program. <a href="" target="_blank">In 2017 the university was named</a> a Center of Academic Excellence in Cyber Defense Education by the National Security Agency and Department of Homeland Security through 2022. Also, the Defense Department’s Cyber Crime Center certified Norwich as a National Center for Digital Forensic Academic Excellence. </p> <p>According to the implementation plan, Norwich “will <strong>create the physical facilities, host the monitoring systems and software, and staff the monitoring </strong>with a mixture of full-time professional security analysts and students from its Cyber Security Program.” </p> <p>The university is “uniquely qualified” for this mission, the state plan notes, due to its proximity to Montpelier, its cybersecurity apprenticeship program and other ongoing initiatives with the state, such as internship programs and network assessment exercises.</p> <p>Vermont will provide <strong>network security sensor logs and other log data</strong> to Norwich and will have trained personnel to respond to any events identified through Norwich’s monitoring facility.</p> <p><i><a data-saferedirecturl=";source=gmail&amp;ust=1543596490530000&amp;usg=AFQjCNE7nekm1RJz0rzpaKXWx5vhnW6h_Q" href="" target="_blank"><b>MORE FROM STATETECH: </b>Find out how Oregon enhanced its data center security. </a></i></p> <h2 id="toc_1">Vermont to Take Phased Approach to SOC Setup</h2> <p>The SOC is being implemented in phases. ADS is using the current phase, which runs through the end of the year, to order the network security sensor equipment and incident response gear. Staff training is also expected to start during this phase “to ensure personnel have the proper training and are ready to support the initiation of the VTSOC.” The SOC analyst and ADS leadership will collaborate with Norwich to provide guidance on systems and structure.</p> <p>During the next phase, which will run through March 2019, Norwich will <strong>establish the physical center at the university and commence initial operations</strong>. Activities during this phase will include recruitment of full-time staff and students to fulfill critical threat analyst roles in the VTSOC.</p> <p>ADS staff will participate in coordinated training events to build a cohesive team with the Norwich staff. ADS will provide input to the standard operating procedures and will collaborate and assist Norwich with establishing the national partnerships. Also during this phase, ADS will coordinate with <a href="" target="_blank">MS-ISAC</a> to incorporate its member services, further extending the state’s capability in cyber incident response and forensics investigation.</p> <p>Between April and June 2019, Norwich and ADS will establish full operational capacity of the SOC, meaning it will be fully staffed with trained cybersecurity professionals <strong>delivering services and threat warnings</strong>.</p> <p><a href="" target="_blank">Quinn told <em>Government Technology</em></a> that Gov. Scott has been “very supportive of the new agency and cybersecurity funding.” </p> <p>“We were able to increase the budget last year. But he’s also expecting us to think outside of the box and come up with solutions,” Quinn said. “Creativity doesn’t necessarily cost money, often.” </p> <p>Quinn said that the state has been happy with the interns Norwich has been sending, who are getting real-world experience. </p> <p>“Right now, we’re still kind of going through he playbooks of how exactly it’s going to work,” Quinn said of the SOC. “But we’re excited about it, because it’s been, historically, an 8 to 5 security shop. <strong>Now we’re going to be a 24/7 shop</strong>.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href=";screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 29 Nov 2018 16:53:16 +0000 phil.goldstein_6191 41836 at