August 14, 2012 By Bill Schrier
This past week Gizmodo/Wired Writer Mat Honan’s iPhone, iPad, iCloud (and probably iRaq) where all hacked and wiped clean after a hacker stole his password, aided and abetted by the help desks of none other than Amazon and Apple.
This little episode provided plenty of grist for the blogosphere this week, as tech writers far and wide trotted out their best advice for us common folk to avoid getting our finances and data drawn, quartered, toasted, fried and bobbed like an Apple on Halloween. Mr. Honan himself probably got the highest blog hit rate of his career, and Slate’s Farhad Manjoo wrote a serious column on the subject. My friend Glenn Fleischman of Seattle exposed his answers to all the common security questions, thereby saving hackers the trouble of a brute force attack on his own Internet presence.
Of course I have to partake of this Dear Abby Advicefest as well, giving government CIOs and employees some expert security advice on how to avoid being Mat-ed (not mated) or Honanized.
1. Always reboot without saving your files and never take time to make those pesky backups. Apparently Mr. Honan was following this advice to the letter, as he didn’t have backups of his data.
2. Make sure you choose a password extraordinarily hard to guess. Preferably one which uses a lowercase letter, an uppercase Cyrillic character, and middle-kingdom-sized Chinese hanzi character, a Roman numeral, and a special character with an IQ less than 80. Or, if you have a unique first name (like “Mat” as opposed to Tom, Dick, Harry or Bill) you can just use your first name as a password.
3. Completely trust the company making your devices, especially if they have a monopoly, and they have the most popular products in the market, and their name can be confused with a common fruit. If they say you can "find your fruit-phone" and remotely vaporize, slice and dice it like the promises of a Popeil Veg-O-Matic, and they further promise all your data is safe in their cloud with the gold lining (their gold, not yours), what more do you need?
4. Have all your password resets pointing to the same email address, and make that email address something easy for anyone to guess. Something like email@example.com using both your firstname and lastname. That way once you or the hacker have your email password, access to all the other jewels in your kingdom falls easily into place. (Yes, yes, firstname.lastname@example.org is indeed my personal email address. But I’m not worried about getting a lot more spam and malware to that email account, as I have spam-blocker software from a company which only has to issue security patches twice a month whether they’re needed or not.)
5. Turn on six factor authentication immediately. This means you’ll have to prove your identity using six different methods whenever you log into a website. Ideally, those methods would include:
a. A strong password like, well, ”Mat” – see above.
b. A retinal scan, preferably one conducted with a military-grade laser.
c. A sample of your DNA. Drawn from a fresh blood sample. After two days your thumb will look like a pin cushion.
d. A hard-to-guess personal attribute like your mother-in-law’s maiden name. Like Btfsplk. If you’re unmarried or your mother-in-law is unmarried or she kept her birth name, or your mother-in-law is a guy, you’re really in trouble on this one.
e. The key fob which opens your garage and perhaps fires missiles from a nearby nuclear submarine.
f. A toeprint from your company’s Chief Information Security Officer.
There are many advantages to six factor authentication. For one, it is so complicated you’ll never be tempted to use online services, and therefore cannot be hacked. For another, your authentication will always be within one degree of separation from Kevin Bacon.
Ok, ok, enough levity already. I don’t really mean to offend my favorite fruit company (gee, I have five fruit-iPhones on my personal plan), or Mat Honan, who I’m sure is as gifted a writer as he is poor at backing up his data, or my favorite hometown retailer, Amazon. We all make mistakes, especially in this rapidly evolving technology age. And we learn from them.
Oh yeah. Read Manjoo’s column and follow his advice.
And don’t answer your security questions like Glenn does!
July 31, 2012 By Bill Schrier
The Digital States Performance Institute hosted a webinar on government mobility on July 30th. Over 120 listeners heard about several innovative mobile applications states are deploying today, plus some interesting ideas for the future. And those listeners had a wide variety of questions, which I’ve listed further down in this post.
Now, in this age of iPhones and Android devices and tablets and cool apps, a "school bus inspection" application isn’t very sexy. That is, until you think about the amount of time many children spend on a school bus, and the facts that school buses are often operated by budget-constrained school districts and private companies who must eke out a profit in addition to transporting the kids. Sergeant Whitaker described how a mobile application to do the inspections and document them replaced an older, cumbersome, slow, paper-based reporting system. He talked about how the system is used not just by the inspectors, but by maintenance workers and schools themselves to help insure their buses are safe for transporting kids. Steve also talked about how the app was built.
As a first step, he reached out to students at the Indiana University-Purdue University Indianapolis (IUPUI) campus. They did a lot of the difficult work of business analysis and discovery creating a blueprint for the application. To actually build and code the application from that blueprint, he reached out to Sloane Wright and Indiana Interactive, which is part of NIC and operates the state’s award-winning web portal, www.in.gov. Sloane embraced it, took the idea, and developed the application which is now deployed. Steve calls this his "A" team of the original UIPUI students and Indiana Interactive.
NIC is actively considering how to make the app available for other states with a similar need. NIC hosts the portals for over 30 state and federal agencies, and has developed a number of innovative web-based applications to allow constituents to do business 24x7 on those sites.
Spencer Wood, Chief Information Officer for the Ohio Department of Transportation, ODOT, described the many initiatives they are working on to improve mobility along state roads and highways. ODOT has a large number of intelligent transportation system (ITS) projects in progress including variable message signs, radio broadcasts, texting alerts and more. As an example, here is one amazing fact: ODOT collects average traffic speeds every mile or two miles along many state highways. This represents huge data set which shows how traffic ebbs and flows in the state. How slowdowns start, build, and then dissipate. Such information is not only a valuable feed for research but also would be available to travelers and motorists as a mobile app. Spencer and ODOT are actively working on a lot of machine-to-machine systems to collect data, a lot of which will be made available to the public on mobile devices.
Troy Cromwell is Verizon’s Group Vice President for Government and Education. Verizon has the most extensive 4G wireless network in the nation. Troy talked about a number of the issues governments face in developing mobile apps. Chief among those is security – keeping personal data entered by constituents safe, but also keeping data collected about health and criminal justice secure in accordance with applicable laws and regulations. Besides secure platforms and data encryption, Troy mentioned the need for mobile device management for all the tablets and smartphones used by government employees, including, increasingly personal ones an employee may use. In his experience, there’s no “one size fits all approach” – addressing the security, financial, policy and governance issues are solutions which need to be tailored to the needs of individual states and jurisdictions.
In one of our polling questions during the webinar, the listeners indicated a major obstacle was lack of development resources – information technology professionals with mobile applications experience, for example. That’s one area where NIC/Indiana Interactive, which Sloane manages, and Verizon, Troy’s company, can bring a lot of additional resources and expertise to bear, often at low cost, as indicated by the school bus application. The audience was quite engaged, and had a lot of questions, not all of which we were able to answer in the webinar.
First, in a final polling question, it was clear most of the audience really wanted to deploy constituent-facing applications like service request/311 apps and travelers’ information to “get their toe” in the water of mobile apps.
Finally I asked the panel what applications they’d like to see. Sloane mentioned an amber alert application which might activate mobile devices throughout a region or state. Steve is concerned about expanding the child safety work he’s doing with the school bus inspections. Spencer has a whole list of applications he’s building to speed transportation in Ohio. Troy talked about revitalizing education with mobile device applications students, teachers and parents could use to enhance and extend the classroom environment.
Again, the level of interest from the panel and the audience was quite high. Please add your thoughts and comments to this post, or drop me an email for follow-up. You can view an archived version of the webinar here.
July 28, 2012 By Bill Schrier
Visionary. That word surely describes Albuquerque Police Chief Ray Schultz. He’s not a "visionary" Chief with his head in the clouds, but, rather, a Chief who is actually making his vision a reality on the ground in his City today.
I had the chance to hear part of that vision from Chief Schultz at the annual Integrated Justice Information Systems industry summit in Albuquerque on July 27th. The Chief covered a wide variety of topics, but I’m going to highlight just a few which inspired me.
3 minutes, 38 seconds
That's the amount of time it takes the Albuquerque Police Department (APD) to respond to a priority one call. And that's also the amount of time the Department has to collect a wide variety of data, analyze it and turn it into the vital pieces of information which the responding officers need to have, literally, at their fingertips.
What is this information?
It's the history of how many times police have been at that residence, and the nature of the calls there. It's simple items such as who lives there and have they threated police or threatened suicide in the recent past? Has a social worker or child protective services visited the home and what did they find? Are any weapons registered to people who live here? There’s even related information, such as, does someone wanted on a felony warrant live across the street? Police might get a "twofer" by seeking that individual after completing the first call for service.
Indeed, even a simple call – say screaming heard in a neighborhood – could benefit. Often police will arrive, find nothing, and leave. But what if they knew a restraining order was in force protecting a particular resident of that neighborhood? Or that an arrest for domestic violence was made recently in that neighborhood. With such information, the police might very well prevent a crime.
Responding officers need this information immediately. Not just on a device in their vehicle, but "on their hip". Within 3 minutes and 38 seconds, to be precise.
Indeed, such information could be invaluable to protecting the lives not only of police officers, but other responders: firefighters, emergency medical techs, public health nurses, child protective services social workers and, of course, citizens.
Furthermore, rapid deployment of information will not be limited to government workers. Chief Schultz described Albuquerque’s partnership with local retail stores. They share video and tips. But his police department rapidly shares information as well. So if criminals run out of a store with merchandise, the store and police work together to rapidly get images from video and distribute it to all other stores in the area. This has resulted in rapidly apprehending criminals moving from store to store.
Chief Schultz is the first large city police chief to equipment all of his officers with Personal Video Recorders (PVRs) to record their interactions. He requires such recording by policy, and it sounds like it might extend to the 1400 incidents they manage on any weekday (more than 2000 on weekends).
PVR video has many advantages, of course – just knowing the interaction is being recorded often results in better behavior by both citizens and police. But it is also invaluable as evidence and to quickly resolve complaints about officers.
Such extensive video recording results in huge data management issues, of course, in terms of storing, indexing and retrieving all such video. The Chief states public demand to see the tapes through public disclosure requests. Chief Schultz didn’t describe how APD tackles that but the solutions will be of interest to industry and city/county technology folks.
Speech-to-text technologies, facial recognition tech and similar really advanced methods will also be required as the amount of video collected and managed by police departments and other government agencies across the nation grows exponentially.
Collecting a lot of Information about Everything
Everything police officers do requires collecting, cataloging and managing vast amounts of information. And, with newer technologies such as tablet computers with cameras and PVRs, that information will grow rapidly.
Chief Schultz talked about the CSI effect, where the public, conditioned by the Crime Scene Investigation TV series. The CSI effect is well known in police circles. Unfortunately it sets the expectation, as the Chief said humorously, that "all crimes will be solved in 55 minutes, less time for a couple commercials". But it also sets the expectation that budget-strapped police departments have a wide variety of cool and bleeding-edge technologies available to solve crimes.
Perhaps, as officers are equipped with PVRs, smart phones, tablet computers with high speed wireless access, and similar technologies, they will collect a lot more information about each incident they investigate, which will lead not just to crime solving, but perhaps true predictive policing. But collecting all that information again leads to massive problems with storage, cataloging, search and analysis to produce meaningful information.
This is music to the ears of IJIS participants who specialize in addressing all those data management and analysis problems.
Chief Schultz covered a lot more territory in his talk – bait cars, SMART policing, advanced mapping, predictive crime analysis, and much more.
Clearly here is a Chief with a vision for how technology-enabled police officers and their civilian support can significantly improve the public safety of our cities.
July 15, 2012 By Bill Schrier
Many county, city and state CIOs shudder, laugh and cry about consultants.
Here’s the lament: a large part of a CIO's job is to make both tactical and strategic recommendations regarding the use of information technology. These suggestions go to elected officials, line-of-business directors (utility superintendents, transportation directors, police and fire chiefs), and county/city councils. But those recommendations often fall on deaf ears.
And it's not just chief information officers who grouse about consultants – directors of other functions ranging from water utilities to police departments to parks and recreation folks often feel the same way about their recommendations for action about their businesses.
So, quite often, officials charged with making decisions turn to outside consultants, who are generally not familiar with the local situation, to swoop in, quickly study the issue, and make a recommendation. These reports from the outside consultant generally do not fall on deaf ears.
There are, quite often, good reasons to employ an outside consultant. Such consultants may have worked for many other governments (or private sector companies) across the nation, and therefore have experience and expertise they bring to bear on the problem at hand. They also may have a perspective not influenced (tainted?) by local pressures and politics. Good consultants also listen to the local experts (e.g. the CIO) before making their report.
But it can really be galling for a CIO who has recommended a certain course of action for a long time, and been ignored, to suddenly find her/himself charged with implementing that course of action, but only after the "outside consultant" recommended it.
Are there are alternatives to using the "outside consultant"?
I’m at the National Association of Counties (NACo) annual conference in Pittsburgh. Bert Jarreau, NACo CIO and his staff do a great job of organizing meetings to allow elected officials and CIOs to talk about issues just like this one. During these meetings, a couple of alternatives have surfaced.
One alternative, employed by counties in Iowa, is "tiger teams". Iowa has 99 counties, many of them quite small with correspondingly tiny technology resources. The Iowa Association of Counties has organized teams of IT professionals from counties who are able to come into another county, study the business and technology situation, and recommend solutions and courses of action based on their own experience in their own county elsewhere in the state.
It might be possible to expand this "tiger team" concept on a broader scale, to cities and counties elsewhere in the nation. That would, however, require a fairly robust collaboration tool which allows cities and counties to share issues and ideas with each other (note: eRepublic’s Digital Communities offers several such collaboratives here.)
Another alternative is being advanced by NACo itself and Phil Bertolini, Deputy County Executive and CIO in Oakland County, Michigan. They are building an "applications catalog" (actually called the NACo Applications Store, but "catalog" is a better description).
In this catalog, Phil and other County CIOs are hoping to build a list of applications which counties use, have to share, and need to replace. In this fashion, individual counties facing an issue like the need to replace a finance system or a court case management system can quickly see what other counties are doing, and seek advice and support from them.
Will these alternatives work? Can they also be applied to cities, states and other local jurisdictions? Do you have other alternatives to using outside consultants?
Time will tell, and we’ll probably see results at the next NACo conference!
July 8, 2012 By Bill Schrier
Do City, County and State government CIOs have a responsibility to be "cheerleaders" for their jurisdictions for economic development of the community?
I think so.
We CIOs have talked about "aligning information technology with the business" of government and “customer service” to other departments. Those are still important, although, increasingly, CIOs are contracting a lot of the actual “doing” of technology to software-as-a-service and other cloud providers.
But most elected officials have little interest in internal information technology functions, However virtually every one believes that bringing new business to their community – or growing it – is the key to improving the overall quality of life. New businesses bring new jobs. Governments prize technology businesses, especially, because they are "cool", generally "green" and also bring high-paying jobs. Look on the websites of any number of cities and counties for economic development goals, and you’ll see emulation of Silicon Valley.
The governments’ CIOs are the technology experts within each government. Where better to get the expertise to help entice or grow such high-tech businesses?
Seattle recently sponsored a "Startup Weekend – Government Edition". Startup Weekend is a non-profit company which has sponsored more than 500 such weekends across the globe. The idea is simple: bring entrepreneurs together to generate new ideas for businesses in the community. The new ideas don’t have to involve tech. They could be new foods (Super Marmite) or Foodspotting which finds great dishes, not great restaurants or Zaarly, a service-finder-service which does cool things like finding someone to bring flowers to your girlfriend or clean your house).
Startup Weekend – Government Edition, was the first-ever Startup Weekend event focused on Government. It came about under the leadership of the City of Seattle’s Sabra Schneider, who oversees the City’s web team, community technology and Seattle Channel. Sabra partnered with Marina Martin of a City advisory panel, the Citizens Technology and Telecommunications Advisory Board, as well as Zach Cohn of the Startup Weekend folks and Wil Saunders of the State of Washington's Department of Commerce.
During the weekend, we looked for cool applications which used open data available on the City of Seattle, King County and State of Washington Open Data sites. We got a number of cool ideas, and those are being further developed in the Evergreen Apps Competition, which has over $50,000 in prizes. Judging and winners will occur in September, so there’s still time to get in on the action.
Besides Startup Weekends, City, County and State CIOs can take many other steps to help their elected officials.
Steve Reneker, CIO of Riverside, California, has helped transform his City into a high-tech mecca not just for the United States, but worldwide. Riverside was recently recognized as the first U. S. City in ten years to receive the "Intelligent City of the Year" award.
Chief Innovation Officers are sprouting as well, both to transform their governments internally and to foster economic development. Bryan Sivak in Maryland (just named as the CIO for the federal Department of Health and Human Services), Adel Ebeid in Philadelphia, and John Tolva in Chicago wear this sort of hat.
But I believe every CIO has a bit of the entrepreneur in her/his blood. After all, we run businesses internal to our governments, balancing profit and loss, constantly innovating, constantly doing customer support for the other functions in government.
So being a "cheerleader" for economic development in the wider community should be a natural progression for most of us.
Postscript: In this blog post I talk about CIOs or Chief Information Officers as cheerleaders, yet I did not mention my role, when I was CTO/CIO at the City of Seattle, in Startup Weekend Government Edition. Essentially, I got out of the way, and encouraged Sabra Schneider, Marina Martin and CTTAB to move forward with it. Quite often leadership is simply giving good people the running room and support to bring a great idea to fruition. That's what happened here.