This page is not built out yet. If you are seeing this page, please contact an administrator.

Smile! You’re on Camera

A picture is worth a thousand words. At least. From now until 2020, the digital universe will nearly double every two years, with video surveillance reaching approximately 3.3 trillion hours globally by the same time, according to MeriTalk’s new Video Vortex study.

That’s a lot of words.

Behind the Lens
Surveillance cameras, mobile devices, and even drones give Feds the ability to capture more video data than ever.

An overwhelming 99 percent of Feds believe video surveillance will play a significant role in the prevention of crime, theft, and terrorism over the next five years. Bad guys aren’t like you and me – they don’t like to smile for the camera. How many good mug shots have you ever seen?

The Video Vortex examines video surveillance across Federal IT, from the challenges to the opportunities for agencies to enhance the value of their video data assets.

Time to Hit Pause?
All that data can pose problems. For instance, 54 percent of video data is never analyzed.

Feds already tap into some real-time capabilities as 57 percent use the data to track suspicious behavior, 49 percent use it to monitor traffic, and 38 percent harness it for anomaly detection. Imagine what they could do if they analyzed all the surveillance video they capture.

Focus on Solutions
What’s the answer?

If agencies want to keep up with the unprecedented influx of video information, they must constantly revamp their IT infrastructure – storage, computing power, and personnel. Right now, 91 percent of IT professionals say they need to increase storage, 89 percent believe they need to increase computing power, and 84 percent believe they need to increase personnel.

Once organizations tackle storage and personnel, they can use advanced analytics to gain more powerful insights for better outcomes.

Picture This
What if agencies worked a little harder to define roles and collaborate? A whopping 79 percent of respondents believe their agency needs to improve collaboration between physical security and IT to improve their surveillance programs.

Feds need to reach a consensus over who is in charge – 76 percent of physical security managers currently see video surveillance as a collaborative endeavor, but only 33 percent of IT managers believe it’s a shared responsibility.

Feds that work together are more prepared for the influx of data (81 percent versus 24 percent), more likely to analyze at least 50 percent of their data (63 percent versus 47 percent), and more than twice as likely to operate an edge-to-core platform architecture for surveillance (92 percent versus 44 percent).

A picture is worth a thousand words, but only if you’re ready to handle the video.

Join our free webinar on June 11 to hear about video surveillance, trends, analytics, challenges, and insight from Feds on collaboration and infrastructure. Register here.

Read the full report here. And let us know – how many surveillance cameras do you see in a typical day?

Andrew Doggett contributed to the report.

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Bill Glanz is the content director for MeriTalk and its Exchange communities. In the past 14 years, he has worked as a business reporter, press secretary, and media relations director in Washington, D.C.

Common Sense IT Revolution?

Atkins Diet. Metabolism Miracle. Fen Phen. The 25-Point Plan. There’s no shortage of gorgeous slim-and-trim gimmicks. GAO tells us that IT cholesterol is rising – Uncle Sam now spends 80 percent of the $86.4 billion on legacy IT. Yesterday’s blubber’s chocking today’s innovation. So, what’s next? Legacy liposuction, software spanx, perhaps a binary bypass? Maybe, just maybe, it’s time to get clean and sober about fixing Fed IT. Five practical, actionable steps that will make a real difference.

1. Put the Pie Down
If you want to lose weight, the first step is to stop pushing pies into your pie hole. The same is true for trimming Fed IT. We need to find a way to starve out the massive legacy investments so we can transition to more economic, lower-calorie alternatives – cloud or other. It’s binary – if we change nothing, nothing will change.

2. Do What Athletes Do
The world’s most efficient IT organizations embrace the CMM software development maturity model andITIL to align IT investments with desired business outcomes. Ironically, these two pole-star standards for IT excellence were pioneered in government. But for some reason, agencies aren’t required to use these frameworks to improve their IT capabilities. Why not?

3. Change the Company You Keep
Making a change isn’t easy. As I’ve wrestled with smoking over the years, I’ve had to stop hanging out with friends that smoke. More important than FITARA, CIOs need hire-and-fire authority for all IT personnel – and they need to be allowed to reward super performers. There’s a precedent:, Agencies can do this today for cyber security pros. Why not spread it across IT?

4. Multi-Year Money
It’s impossible to change your diet and exercise regimen if you’re living hand to mouth. You can’t prioritize available funds to drive to positive new outcomes – that’s why a lot of street people shuffle to the Golden Arches. That’s true for Fed IT. We look for real, meaningful change, but only provide our IT execs with one-year money. We need to give agencies the ability to access multi-year appropriations to fund significant modernization initiatives. The CDM revolving capital fund provides a precedent. Why not apply it more broadly?

5. Data Diet Plan and Version Control
You are what you eat – and our government ingests and runs on data. And, let’s be honest, our data’sall over the place. This drives up storage cost, it inflates application and professional services expenses, and it balloons our cyber attack-surface vulnerabilities. It’s time for agencies to get data centric – define data models across the enterprise and map to those models at the onset of each new engagement. This discipline will drive huge savings. And, as portion control’s critical to a healthy diet, version control is central to IT wellness. Too many agencies realize false savings by running out-of-data operating systems – XP anybody? Agencies need to stay within one or two versions of the current code. Currency and consistency boost capabilities, as well as cut cholesterol and cyber liability.

Five not 25 steps. Only one mention of cloud. Not that taxing. Who’s up for changing our IT diet?

The Greatest Show on Earth

It’s not the circus. Is that what you thought? Apologies to Cecil B. DeMille.

Cyber’s all the rage. Feds can’t get enough. It touches everything – data, networks, mobile, data centers. Feds are throwing money at security.

Is it enough? Don’t think so. But don’t take my word. Take it from someone who was on the frontlines.

The Ringleader

Robert Mueller led the FBI following 9/11 and cultivated its counterintelligence service so it could aid in combating terrorism. The former Top Cop modernized the agency from a domestic crime-fighting force to what it is today: “…an intelligence-driven and a threat-focused national security organization with both intelligence and law enforcement responsibilities.”

Mueller will be the main attraction at the upcoming Symantec Symposium, where cyber experts will discuss insider threats, mitigating risk, managing information, and information access.

Those are big topics, but Mueller’s the man in the know so it will be a great show.

Under the Big Top

No lions, tigers, or elephants at the Symposium, but there will be a full house.

Nearly 2,000 Feds have registered for the Symposium because… it’s the Greatest Show on Earth. But you knew that.

So get your ticket here.

Marquee Talent

Mueller isn’t the only attraction.

Symantec has secured lots of top-flight talent for its Symposium. Assistant U.S. Attorney General for National Security John Carlin, and Lt. Gen. James McLaughlin, Deputy Commander of the U.S. Cyber Command are two names of note on the marquee.

These two are seriously tapped in to the nation’s cyber security challenges, which is why the room will be full.

Follow Symantec’s Twitter feed here for updates on the Symposium.

You can also go here for information and here to register.

See you there. I’ll bring the popcorn.

Cyber is Serious Business

It may be April Fool’s Day, but cyber’s no joke.

John P. Carlin was confirmed as the Assistant Attorney General for National Security a year ago. He’s a serious gentleman with a serious job. At DOJ’s National Security Division, he heads law enforcement’s cyber security efforts.

Heading Off Disaster
In a speech last year at Carnegie Mellon University, Carlin drew a parallel between terrorist threats and cyber threats. Referring to the work of the 9/11 Commission, he said:

“In its report, the Commission noted that: ‘we are at September 10th levels in terms of cyber preparedness.’ They added that ‘American companies’ most-sensitive patented technologies and intellectual property, U.S. universities’ research and development, and the nation’s defense capabilities and critical infrastructure, are all under cyber attack.’

“I could not agree more.

“As the Commission concluded, ‘One lesson of the 9/11 story is that, as a nation, Americans did not awaken to the gravity of the terrorist threat until it was too late. History may be repeating itself in the cyber realm.’”

Starts with “D”
In other words, let’s not sit back and react.

In the past Carlin also has spoken about the three Ds – “detect, disrupt, and deter.” Those are ideas he likely will cover when he speaks at the Symantec Symposium. He may also discuss legal reforms necessary to support international efforts to prosecute the bad guys.

Cyber Command’s Role
Carlin will be joined at the Symposium by Air Force Lt. Gen. Kevin McLaughlin. He’s the deputy commander of the U.S. Cyber Command, which is positioning itself as the nation’s cybersecurity workhorse. The Air Force is working in tandem with a Defense Department-wide initiative to recruit 6,000 personnel from all the services to be part of 133 cyber teams by 2016, according to the Air Force Times.

That’s a big job. But the lieutenant general is a big deal.

Similar Focus
Like Carlin, Lt. Gen. McLaughlin believes in deterrence. He echoed Carlin’s thoughts in a December interview with Stars and Stripes.

“A lot of what we’re doing today is reacting to what happened, so we spend a lot of our time chasing our tails in the cyber command,” he said.

The command’s goal is to get ahead of such threats, perhaps through the analysis of big data from the network that will reveal anomalies to prevent outside incursions before they happen, Lt. Gen. McLaughlin told reporter Wyatt Olson.

Tangled Web
Suzanne Vautrinot, Major General, U.S. Air Force (ret.), will also attend the Symantec Symposium and talk about how cyber threats have evolved from a minor issue to a major problem. The title of her remarks says it all – “Cybersecurity isn’t About Your E-mail. It’s About Your Life.”

It’s not just about servers. Everything’s connected – 25 billion devices by 2020, according to Gartner – from cars to front doors, and everything inside your house.

Get the big picture on cyber from Carlin, Lt. Gen. McLaughlin, and Vautrinot at the Symantec Symposium. Should be an eye-opener… and a full house.

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Bill Glanz is the content director for MeriTalk and its Exchange communities. In the past 14 years, he has worked as a business reporter, press secretary, and media relations director in Washington, D.C.

Racing Against the Clock

Was Mandiant Pushed?

Once in a while, it’s good to revisit and reconsider from a distance. It’s just over two years since then-unknown Alexandria-based cyber security company, Mandiant vaulted into the media spotlight. Remember? Mandiant released a report detailing a slew of cyber attacks perpetrated by the Chinese military. More than sweeping accusations, Mandiant identified specific Red Army IP and physical facility addresses in a bold tell-all counter attack on a sophisticated and persistent Chinese cyber offensive on U.S. targets.

It was a cyber shot heard around the world. To be sure, Mandiant shocked the world when it released the report. Many sources inside the Federal government expressed distress and disappointment – their concern, that Mandiant had tipped the U.S. intelligence community’s hand. The rationale, better not to let our adversaries know we were tracking them. Removing the blind signaled to the Chinese hackers that they should simply change their addresses and methodologies.

Did anybody see the movie Imitation Games?

Here’s a question – was our government complicit in the Mandiant report? Was this an early jab in a cyber sparing match between the U.S. and China? In May 2014 – one year and three months after the Mandiant release, our government took the unprecedented step of identifying and bringing charges against a series of Chinese cyber attackers by name. Perhaps the Mandiant report was a proxy offensive designed to put the Chinese on notice?

After all, how did a small firm like Mandiant lay hand on such detailed information? How did it have the nerve to release such a controversial report – which could have capsized the firm by invoking the ire of Uncle Sam?

Let’s say the Federal government did want to leak the report through a proxy – who better than a small firm? Using a major contractor would have been a far more transparent proxy. Further, working through a large organization would have been more complex, taken much longer, and amped up the risk of a leak.

It’s doubtful we’ll ever know for sure, but as Alan Turing would tell us, simple things are rarely simple in cyber space.

Do you think Mandiant was pushed?

It’s March. It’s Madness.

Fans will fill out 70 million brackets this week in an attempt to win an NCAA Men’s Basketball Tournament pool.

Who’s your pick? Kentucky? U Va? Both look strong.

Apparently the odds of picking a perfect March Madness bracket are less than one in 9.2 quintillion (that’s 9,223,372,036,854,775,808), according to Science Daily, which credits DePaul University Mathematics Professor Jeff Bergen with the calculation.

Could you apply Big Data analytics to improve your odds?

Brackets and Big Data
Every statistic is a data point, and lots of fans will rely on those data points this week as they fill out their brackets. Microsoft’s Bing is offering 10 years of data to fans who want to use analytics to fill the intellectual gap.

Like this: teams that travel less than 100 miles win 77 percent of the time, while teams that travel more than 500 miles win 46.5 percent of their games.

That’s a lot higher than your odds of being audited by the Internal Revenue Service. The Internal Revenue Service audited only 0.86 percent of individual taxpayers in 2014, according to the Wall Street Journal’s Laura Sanders. That was the lowest rate in a decade, according to data released by the agency.

Keeping Score
Big Data has Big Implications for the government in many sectors. Cybersecurity and healthcare, for example. It can help agencies hunt down and stop fraud, waste, and abuse. The amount of money the government loses to those three each year is madness…

But do Feds make the most of their data?

A Better Offense
We plan to find out.

MeriTalk has gathered some top IT talent to discuss data management at the Informatica Government Summit on Thursday, April 23, at the Grand Hyatt D.C. They will discuss:

New opportunities in big data analytics – fueled by the Data Act, metadata, and emerging data governance models
The impact of data management on reducing agencies’ attack surface as well as Data Loss Prevention – and how that translates into better security and improved uptime
How data quality, data accessibility, and data security affect data center consolidation, cloud initiatives, mobility, and other IT initiatives

Leading the Fast Break
Joyce Hunter, Acting CIO at the Department of Agriculture, and Dave Dutton, Chief Data Officer at the Energy Department, will sit on MeriTalk’s Big Data panel. They’ll explain how they’re applying data analytics to solve big problems – sharing their insights so you can do the same.

Learn more about the Data Summit and register here. And let us know how your agency uses Big Data. Can you point to tangible results? And good luck with your brackets – I think this is your year.

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Encryption’s Role in Cybersecurity

The Great GAO?

How did a wannabee Scott Fitzgerald in college become a middle-aged man fascinated by government audits? Now that’s a question I frequently ask my reflection in the mirror while shaving. But, fascinated I am.

As if it’s not enough to ingest GAO APBs, I recently found myself fascinated by a new analysis of the last 31 years of GAO audits. That’s 1.3 million pages and more than 40,000 recommendations. I tip my hat to the digital detectives at Deloitte, who conducted text analytics against GAO reports dating back to 1983 – an audit of the auditors. This is an astute piece of work – and if Deloitte’s goal was to grab GAO’s attention, then the green light is on.

Top Five in Focus:

The report considers seven questions. I’ll drill down on five:

1. Are GAO Recommendations Effective in Driving Change?

Yes. Agencies completed 81 percent of GAO’s recommendations between 1983 and 2008. Unfortunately, it can take a while – as much as four years in some cases. The report suggests prioritizing recommendations and setting associated deadlines.

2. Where do Agencies Fail?

Feds have issues where data’s part of the problem – doesn’t bode well for the Data Act or new CDO spots. We run into problems when inter-agency or inter-discipline coordination is required – troubling in a collaboration economy. Healthcare and transportation recommendations are common stumbling blocks – what ails healthcare.gov? Ironically, agencies frequently hit the wall when reports call out high-ranking officials or Congress – seems leadership’s more comfortable pointing the finger than getting the finger.

3. Where do Agencies Succeed?

Seems agencies do well implementing IT recommendations – IT has two in the top four most likely to succeed spots. Agencies have successfully implemented 94 percent of GAO IT security recommendations – and 87 percent of overall IT improvement asks.

4. Does Nagging Help?

No, no, no, no, no. Repeated GAO reports on hard problems don’t improve outcomes. Seems the toughest problems really require Congressional intervention.

5. Has GAO Changed Its Focus Over Time?

Not much. GAO consistently focused on the same topics in the ’80s and ’90s. The exception, IT has replaced Natural Resources and Environment oversight since the turn of the century. Watch this space.

Nick Carraway, Gatsby, and the CIO

Let’s try to bring it together for the dismount. While the areas of focus haven’t changed much, GAO has amped up its volume in the top five areas of oversight – from 5,112 recommendations in the ’80s to 10,682 in the ’00s. That growth tracks with the increase in partisan rancor in Congress, and suggests that perhaps Congress is using GAO as a soft power tool to spur change it can’t legislate. The big takeaway for CIOs, weighed down with their new FITARA armor – look for the volume and frequency of GAO IT recommendations to get more intense. That even before IT’s recent debut on GAO’s 30 High-Risk Watch List.

Okay, but here are the difficult questions from Nick Carraway – if GAO’s recommendations are super effective, and Deloitte says that they are, why is Fed IT still in such a mess? Have we succeeded our way on to the High-Risk Watch List? Without commitments to change and effective leadership from OMB – improving IT outcomes is as futile as pursuing Daisy Buchanan. Let’s hope it ends better for Mr. CIO than for Mr. Gatsby. We beat on boats against the current…

Five Takeaways from the New FISMA Report

Continuous monitoring is surging along, but agencies are really bad at authentication.

Cyber attacks were up 15 percent last year.

Agencies spent $12.7 billion on cybersecurity in Fiscal 2014. The annual Federal Information Security Management Act compliance report paints a dismal picture of Federal IT security.

Let’s break it down.

Authentication efforts are lagging. “Numerous agencies have made no progress meeting the Strong Authentication CAP [cross agency priority] goal. SBA, NRC, HUD, Labor, and State were all at 0% Strong Authentication implementation at the end of FY 2014.”

Fifteen agencies “have yet to reach even 50% implementation on the Strong Authentication initiative.”

Fiscal 2014 goal was to have Strong Authentication implementation at 75 percent. That’s a big deal because most cyber threats can be neutralized using Strong Authentication, the report says: “US-CERT incident reports indicate that in FY 2013, 65% of Federal civilian cybersecurity incidents were related to or could have been prevented by Strong Authentication implementation. This figure decreased 13% in FY 2014 to 52% of cyber incidents reported to US-CERT.”

What’s Your Password?
Weak authentication systems plague many agencies, and not surprisingly, those with weak systems suffer more attacks.

“Agencies which have the weakest authentication profile allow the majority of unprivileged users to log on with user ID and password alone, which makes unauthorized network access more likely as passwords are much easier to steal through either malicious software or social engineering. The following 16 agencies fall into this category: State, Labor, HUD, OPM, NRC, SBA, NSF, USAID, USDA, Energy, DOT, Interior, VA, Justice, Treasury, and NASA.”

Sixteen? Yikes.

Ticked Off? Nope.
But agencies are doing much better implementing Trusted Internet Connections, or TIC. Today, the report says, 92 percent of agencies have TIC 2.0 capabilities. Well that’s one bright spot.

Feds Like CDM
CDM looks like a strong point, too. “Based on the IGs’ reviews, continuous monitoring programs were in place at 19 departments. Seven IGs reported that their department had all components of a continuous monitoring program in place.”

At the end of Fiscal 2014, 1.7 million licenses for security monitoring tools and products had been purchased by and distributed to agencies.

It’s a good thing: Cyber attacks increased 15 percent last year, and they show no sign of slowing down.

Feds Respond
Feds aren’t standing still.

First, President Obama announced the new Cyber Threat Intelligence Integration Center. CTIIC, or “see-tick,” will reside in the Office of the Director of National Intelligence, gathering and coordinating data from cyber programs in the intelligence world and sharing it with civilian agencies, including the Department of Homeland Security and the FBI.

The idea is to ensure that intelligence agencies don’t hoard their information and that more of it gets to DHS’s National Cybersecurity and Communications Integration Center (NCCIC), reports The Hill’s Cory Bennett. The center will also ensure agencies are exchanging cyber data with one another. Intel officials aren’t the only ones being asked to take on leading roles. The administration also issued a new executive order promoting information sharing on cyber security in the private sector.

DISA’s New Role
The Defense Information Systems Agency (DISA) is taking over day-to-day operations of the U.S. Cyber Command from the National Security Agency (NSA).

The change allows CyberCom to focus on strategic operations and coordination between combatant commands. NSA Director and Commander of the Cyber Command Adm. Mike Rogers told Newsweek CyberCom is behind in terms of building its cyber defenses and creating a framework for when and how to go on the offensive, reports Lauren Walker. “We’re not mature, and we’re clearly not where we need to be,” Rogers said. “I just think, between a combination of technology, legality and policy, we can get to a better place than we are now.”

Reading between the lines: Is this more fallout from Snowden and Wikileaks or just an interesting subplot? Do we have to wait for the sequel?

CIA in on the Act
CIA Director John Brennan is getting his agency into the action, too. The CIA will dramatically expand its cyber-espionage capabilities as part of a restructuring plan, reports the Washington Post’s Greg Miller.

Although smaller than the NSA, the CIA has substantial cyber capabilities. Miller writes: The agency’s “Information Operations Center, which handles assignments such as extracting information from stolen laptops and planting surveillance devices, is now second only to the Counterterrorism Center in size.” He continues: “The CIA also oversees the Open Source Center, an intelligence unit created in 2005 to scour publicly available data, including Twitter feeds, Facebook postings and Web forums where al-Qaeda and other terrorist groups post material.”

Cyber Symposium
The cybersecurity plot thickens at the Symantec Symposium April 15, where cyber experts will be laser-focused on insider threats, mitigating risk, managing information, and information access.

Starring experts from DOD, DHS, NSA, FBI, NCIS, DISA, FCC, CERT, and the State Department, the symposium will deliver unique perspectives and expertise from a range of stars and rising stars. And don’t miss former FBI Director Robert Mueller’s keynote.

Let us know what agencies can do better to improve cybersecurity and what law enforcement can do to protect consumers from the next Target-like breach.

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Hillary’s Cyber Gaffe: Why Bother Spending on Security?

Revelations that Hillary Clinton exclusively used a personal email account to conduct government business as Secretary of State should scare the hell out of CIOs.

The government spends $14 billion a year on cybersecurity, but no amount of spending or regulations will make a difference if top leaders flout the rules and set up a parallel shadow IT system on unprotected public networks.

This is what should be keeping CIOs and other IT leaders up at night. Nearly 54 percent worry about security for cloud installations, but at least with FedRAMP-approved technologies they can rest assured that the security risks have been mitigated. But that should be the least of their worries if employees are going off the reservation.

“What’s the biggest threat to corporate security?” asked Gregory Millman in a Wall Street Journal piece in 2013. “In many companies, it could be the CEO.”

In government, it could be cabinet secretaries, congressmen, agency chiefs, directors, generals, admirals … the list goes on. All have needs to access vast quantities of critical data and staffs eager to make things easier for them. If rules are made to be broken, leaders are the likeliest to break them.

Going Rogue
Of course, once the staff sees the boss going rogue, it’s not long before they’ll do the same. ‘Do as I say, not as I do’ only goes so far.

John Banghart, director of Federal Cybersecurity with the Cybersecurity Directorate of the White House National Security Council, told a MeriTalk gathering of Federal cyber pros last summer: “We [have] often failed… to do a good job with what you might call the cyber hygiene element, configuration management, vulnerability management, asset management.”

Shadow IT networks are among the worst vulnerabilities, because they exist outside the view of IT managers. You can’t catch that with CDM, no matter how much you spend, if everyone in the agency is in on the deception, as may have been the case with Hillary Clinton.

A 2013 MeriTalk study found half of all Federal cyber officials believed their agencies security policies were violated once a week. The Secretary of State and her staff must have been violating them dozens of times a day.

IT companies are investing millions to help ensure Cloud solutions meet maximum security standards, and they should. But all the money they’re investing in FedRAMP is for naught when leaders or rank-and-file employees decide to do their own thing.

“Despite increases in cybersecurity technology investment, a failure to address human factors and engage employees as part of an integrated security strategy leaves today’s businesses and governments critically vulnerable to cyberattack,” Christian Anschuetz wrote last week in a Wall Street Journal blog.

FISMA Be Damned
The White House put out its annual report on Federal Information Security Management Act compliance last week. It noted Federal agencies reported nearly 70,000 information security incidents in fiscal 2014, up 15 percent from FY 2013.

They didn’t know about Clinton. Her staff said they reviewed “tens of thousands” of pages emails and delivered some 55,000 pages of emails to the State Department. Each email amounts to a potential violation.

Don’t think it stops there. Right now hundreds, if not thousands, of government executives and political appointees are wondering what to do about their gmail, Yahoo, Apple and Outlook accounts. Hillary was not unique.

Snowden Moment?
Clinton’s decision to shun State’s internal email may ultimately offer a silver lining: By bringing the issue to light, it is bound to raise awareness about the cybersecurity risks involved – much like Edward Snowden raised awareness about insider threats. And with Clinton likely to make a presidential run, it’s likely to bring the whole issue into the public debate.

Thank you, Madam Secretary.

What do you think? Did Mrs. Clinton make a major error and put data at risk? Or is this just Beltway bluster?

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Bill Glanz is the content director for MeriTalk and its Exchange communities. In the past 14 years, he has worked as a business reporter, press secretary, and media relations director in Washington, D.C.

DISA Cloud Pricing – milCloud Laps RACE?

True to their word, Terry Halvorsen and Major General Alan Lynn released milCloud pricing on Friday. Here’s the chance for industry to see the competitor’s price card. Some observations.

Let’s start with the definition – milCloud is designed as a more cost effective, modern, and multi-tenant computing model provided by DISA. It allows a military activity or “partner” to build virtual machines within the protective DoD envelope.
Bottomline Upfront
DISA pricing seems pretty fair for the services being offered, although the pricing structure, particularly storage, seems more expensive when compared against commercial cloud providers. Compared to RACE, milCloud is an exceptional value.

Big Benefits
Cost savings come from leveraging security provided by DISA. The milCloud model affords the benefits of DISA’s Top Level Architecture in support of NIPR and SIPR connections. Customers will gravitate to “milCloud Plus,” the DoD equivalent of professional services to design, build, and implement a cloud solution. This includes database and admininstrative support. A simple pricing structure for 1G NIPR and SIPR connection sets up predictable network costs, in contrast to commercial CSPs whose outbound charges represent a significant X factor.

Questions
Why no volume discounts? That tips the scales in big deals towards commercial CSPs. How about more definition around published rates? In order to understand the milCloud services, you need smarts on the December 2014 revision of the DISA Enterprise Information Services Terms and Conditions. Why so restrictive on OS options? Today, limited to MS Windows, Red Hat Linux, and Solaris. Is DoD uncomfortable with open source? How about some indication of migration costs in the milCloud pricing model?

Congratulations to DoD for enhancing cloud transparency — and for amping up the competitiveness of its cloud solutions. You have to ask, why DISA continues to offer RACE? Or should we say that milCloud is the logical successor to RACE?

Wanna Get the Skinny Directly from DISA and DoD?

Join us on March 25th at the Newseum for the MeriTalk Data Center Brainstorm to hear from Jack Wilmer, Infrastructure Lead at DISA. If you’re a govie, register for an executive breakfast program with David DeVries, Principal Deputy CIO at DoD.

Hope to see you at the Data Center Brainstorm on March 25th at the Newseum. Register now, seating is limited.

Show Me The Money

The 2016 budget’s out – read six pages in the Analytic Perspective to get smart on what’s important in Fed IT. If you won’t do the homework, this cup’s a must-read. We did the reading so you don’t have to. In addition to the typical yada, yada on promoting innovation, encouraging small business, and chest thumping on questionable savings, there’s some critical data in the budget.

Spending’s Up:

Top line, more tech spending – up 2.7 percent to $86.4 billion. That said, there’s a slowing in growth. From 2001 to 2009, we had a 7.1 percent annual growth, which cooled to 1.7 percent. The administration claims partial credit for slowing growth – citing efficiencies achieved through better management. See See key charts for budget breakdown and trajectory.

Figures:

Three additional hard figures to use in your presentations:

-$14 billion for cyber security

-$105 million to incubate Digital Services at 25 agencies

-$16 million for GSA to administer open data initiative

Three Priorities:

Seems the President’s given up on the 25 point plan – hooray! We’re down to three things. Driving value in IT investments, delivering world-class digital services, and protecting Federal assets. We’re seeing the Feds get into the state space – delivering more services directly to America.

PortfolioStat Portal:

The White House’s doubling down on PortfolioStat – and getting clean and sober on open government. Despite a series of misfires on the IT Dashboard and transparency, the administration commits to making the results of agency PortfolioStats and IT savings performance available on the IT Dashboard. Let’s hope that OMB lives up to this commitment.

Success Stories and Stats:

Bottomline – the White House says we’ve saved $2.7 Billion since 2012, through better IT management. Agile trumps waterfall – Administration claims 40 percent improvement in ability to deliver IT projects on time and on budget. Apparently cloud is happening. Budget tells us that 8.5 percent of the 2015 spend went to cloud “and other provisioned services” – that certainly doesn’t jive with GAO numbers. No disrespect to NSF, which has embraced the cloud – but it’s success is hardly a serious reference point for a major shift to the cloud across government. Big shout-out for data center closures – feds have shuttered 1,136 by August 2014. That said, it’s difficult to believe anybody’s really dead unless we can see the corpse.

Not to be a skeptic, but we’d all like to see more details behind these assertions – please post that math on the IT Dashboard. How about some energy metering data – as well as hard expense costs by civilian agencies for data center operations. After all, Halvorsen committed to posting DISA MilCloud pricing – will Scott do the same in civies? It’s time to address the credibility gap.

Sense of Security?

CDM appears more than any other acronym in the 2016 IT budget. That speaks volumes. The $14 billion allocation for cyber security and flagging of CDM will raise some eyebrows. The 17 CDM prime contractors are starting to ask questions about the program’s direction moving forward. DHS , any thoughts on how to accelerate the pace of the program rollout?

So, that’s the new Fed IT budget flyby. Here’s the full text. Here’s the ADHD version. Spending up. Simplified – three priorities. Show me the money – promise of new transparency.

Three Short Pours

With the snow, don’t want you getting frostbite reading this pour on your mobile. Three short pours. Caution, the beverage you are about to enjoy is extremely hot.

Pause: Cloud Chicken?

Think again. Some new wrinkles in the cloud stuff. DoD CIO Terry Halvorsen and DISA’s Major General Alan Lynn called it like it is at the Cloud Computing Caucus Advisory Group meeting on the Hill last week. Cowboy up – DoD cloud requirements will continue to change. For industry, that means ongoing certifications – read greater cost to play. Halvorsen and Lynn also talked about the emerging requirement for what happens when things go missing in the commercial cloud. The Pentagon’s going to want to root around inside industries’ data centers.

The big questions – and, here’s the cloud chicken. What if industry decides it doesn’t want to play? Or more accurately, what premium will DoD have to pay to convince commercial cloud providers to play? What if that price is more expensive than the legacy systems? Lastly, Halvorsen wants cloud, but can he afford it – especially if he’s bidding against the world’s biggest customer, consumerization?

Paws: Big-Bang Bust Up

Watch out for the claws. GAO doesn’t like the Big-Bang theory – it put IT on the 30 Oversight High-Risk List. Here come the hearings. Great time for Tony Scott to take the wheel. Here’s Scott’s opportunity to use oversight as leverage to make real changes.

Pours: It’s Nice to Share

More tea vicar? Senator Carper may be a Target shopper – that’s why he’s introduced the new Cyber Threat Sharing Act of 2015. Building on the President’s Executive Order – Carper’s proposed bill tells us to share and share alike. Lays out a good framework for industry and government cyber collaboration. Puts National Cybersecurity and Communications Integration Center – NCCIC – center stage. Swings at corporate liability barriers, pushes for faster sharing, and stresses the need for government to share too. The devil lives in the details – curious to see plans to operationalize. We’ll need carrots and sticks to move this stuff forward.

Pause. Paws. Pours. What’s cool and what’s getting you hot and bothered in Fed IT?

Feds and Cloud: 50 Shades of Grey

Fifty Shades of Grey hit movie theaters last weekend, just in time for Valentine’s Day.

Christian Grey and Anastasia Steele have quite an… unconventional romance.

Romantic tension of a different sort is heating up between Feds and cloud computing vendors.

MeriTalk’s new study, “Cloud Without the Commitment,” digs into that relationship. Seems Feds are getting to know the cloud, but they have some trust issues.

How You Doin’?
Cloud is like the stunning woman at the end of the bar. Feds are the geeks at the other end, trying not to stare. Cloud is the answer to all their dreams – cost savings, improved services, cutting-edge technology. But there are risks to all those rewards.

Feds have to break the ice. Fifty-one percent take the first step by looking at their required IT needs and 55 percent start by assessing data vulnerabilities.

“Talk to her!” Before you miss out on the love of your life.

First Date?
Email, Web hosting, and storage are the common pieces Feds have moved to the cloud. In fact, 75 percent of agencies want to get to know the cloud better but are concerned about losing control of their data.

We know agencies are intrigued by cloud, but they are afraid to make it official.

No Strings Attached?
That’s because agencies are afraid the cloud will turn into the old ball and chain – 53 percent say fear of long-term contracts holds them back from getting more involved with cloud.

It’s more than contracts and losing control of data. The portability of data once it’s in the cloud, moving data out of legacy systems, and data security keep agencies from embracing the cloud. Get it?

Open Relationship?
If there’s one thing Feds like about cloud, it’s open source. Feds who are using – or plan to use – open source software report a more positive cloud experience than those who do not.

Just Friends
So Feds like cloud computing, but they aren’t ready for a long-term relationship. How will this story end? Will Feds fall head over heels for cloud? Will the relationship last? Read the full report here. Don’t worry – it’s G-rated.
Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Halvorsen Takes the Hill?

Is DoD marching in double time to the cloud – or MIA on modernization? That’s the question that caused companies to close ranks at last week’s DoD industry day at the Commerce Department. Couldn’t get a billet? You’re not alone – many could not get in. Here’s the military intelligence and an opportunity to sign up to witnessHalvorsen drop the second boot on cloud. Halvorsen, Major General Alan Lynn, Chief Technology Advisor Kenneth Bible, and Deputy Assistant Commandant Thomas Michelli will take the Hill at theCloud Computing Caucus Hillversation on the Hill February 12.

But first, let’s reconnoiter the battlefield from last week’s industry day.

Data Center Court-Martial

Halvorsen tore the epaulets off traditional data center definitions. Don’t think traditional standalone data dungeons. Set the data free. Think joint operations across multiple clouds – with and without dog tags. “Industry needs to share data…There won’t be one single cloud environment.” No encrypted code here – DoD requires joint forces in the cloud.

milCloud Situation Report

milCloud has been at the center of the DoD IT modernization discussion since its launch last October. Halvorsen said milCloud is too expensive – although he decorated DISA for cutting milCloud costs by 10 percent. Still, industry wannabe milCloud rivals find themselves in no man’s land – nobody knows milCloud’s price list. At the same time, Halvorsen noted the potential to break ranks with DISA and join forces with commercial CSPs as they steel their perimeters and beef up internal security. DISA’s number two, Maj. Gen. Alan Lynn, defended milCloud. He said active duty milClouds in Alabama and Oklahoma offer cheaper prices and better customer service than at launch.

A River in Fatigues?

Halvorsen took a leaf out of NSA’s cloud combat catalogue – asking industry to deliver proposals to OEM commercial clouds inside DoD, effectively putting commercial products in camouflage military uniforms. Don’t dismiss it – at the Navy, the Cloud Commander-in-Chief floated some services up the Amazon.

Defense Goes Offense on Cloud

Like you, the Hill wants to know more. Join me at the Cloud Computing Caucus Advisory Group at theTop of the Hill on February 12th to hear from Halvorsen, Lynn, Bible, and Michelli. Will Halvorsen deliver new intelligence on cloud in combat? Will DISA share its MilCloud price catalogue? Have the Marines got there first? Is the coast clear for cloud at Coast Guard? To the cloud – now’s no time to retreat. Register today.

Great Scott!

At last, someone that knows what they’re doing. That’s the hopeful refrain from Federal IT and industry folks after the White House announced Tony Scott as the new Federal CIO. You can tune in on Tech Tony’s Titan Talent here. But, I’m pouring a cupful of the one thing nobody asks for – advice. Five points to consider:

Less is More

Here’s a chance to reset the madness that is the 25-Point Plan to Fix Fed IT. There are only 10 commandments, how can there be 25 ways to fix Fed IT? Time to back away from the measles – pick three to five priorities. How do we lift the mountain of mandates from the shoulders of our IT leaders – the beatings will continue until morale improves? Time to square the goal posts – and measure Fed IT execs on performance.

Metrics Matter

To be sure, not suggesting that we walk away from metrics – or that we simply dismiss all the audit work that exists against programs like FDCCI, Cloud First, and CDM. But we have to reduce the number of things we measure – or the cure is worse than the disease. Make friends with GAO – they know where all the bodies are buried.

Carry the Standards

Is FedRAMP a good standard or not? If it is, stand behind it. The June 4th OMB FedRAMP non-deadline made fools of the administration and frustrated agencies and industry alike. If you’re going to drive to Cloud and Mobile First, then mean it. Do FISMA, CDM, and risk management represent the path forward in cyber – clarity on coexistence please?

Common Defense Policy

While OMB can’t pull rank in DoD, it’s a great idea to sit down with Terry Halvorsen to map up battle plans. Terry mentioned he knows Tony at yesterday’s Cloud Caucus Advisory Group meeting on the Hill. So gents, we look forward to the two of you getting together to map a path to maximize joint operations.

Listen First

In government we have our special acronyms designed to confuse and confound. The way we budget is all messed up. It’s hard to recruit and retain the best and brightest. And, we’re older than the commercial market. Other than that, it’s exactly the same – and that with no sarcasm. Feds are people – they want to do a good job, and respond to carrots and sticks. Go speak to frontline IT operators. Factor FITARA. Time to reconstitute the CIO Council – and put it to work.

Taking over as Fed CIO with less than two years in a lame-duck administration may seem like a resume-building move. Here’s hoping Tech Tony is Great Scott.

As the new Federal CIO readies to reboot the administration’s IT modernization agenda, folks can be forgiven for uttering – at last someone who knows what they’re doing.

Your thoughts on recommendations for Tony Scott?

Don’t Drop the Ball on Security

Defense wins championships. That’s why New England beat Seattle on Sunday.

Defense also keeps data centers from getting sacked.

This isn’t about Football
Nope. It’s about cyber. And data centers.

We all know cyberattacks are proliferating. So MeriTalk asked Feds how their concerns over cyber affect their data center strategies, and turned it into an illuminating new report, “Heart of the Network: Data Center Defense.”

More than half of Feds say key security measures are missing from their data center modernization plans – things like automation, mobile device management, and endpoint security management.

That’s like playing a game without your linebackers.

Hail Mary?
Think about all the modernization efforts Feds are engaged in – consolidation, virtualization, and moving to the cloud. Two-thirds of those surveyed say the modernization process increases cyber threat concerns.

Yikes. Is it enough to put the brakes on modernization? Nope. But Feds may have their fingers crossed when they begin modernization efforts. Like throwing a Hail Mary, you hope for the best.

Protecting the Quarterback
When it comes to cyber security, agencies remain focused on the perimeter and report being most confident about their perimeter security. But too many Feds ignore the heart of their networks – data centers. A whopping 70 percent of Feds question the strength of their security solutions within the data center fabric.

But data centers are like your quarterback – you have to protect your star player.

A Better Game Plan
Playing good defense isn’t easy. The threats come from all sides. Advanced Targeted Attacks (ATAs)/Advanced Persistent Threats (APTs)/zero-day attacks, malware, viruses, denial of service attacks, and unauthorized device access all represent major threats to data centers. The bad guys are always blitzing.

Looking ahead, 46 percent of Feds believe they need to invest in more security measures.

The full report has a lot more than my Cliff’s notes version. Read “Heart of the Network: Data Center Defense,” and let us know how your agency has tackled data center security. Okay, it sort of was about football (and I’m not talking about soccer, Steve). Did your team win the Super Bowl? Are you going through football withdrawal? Me, too.
Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Acronyms Across the Aisle?

In Fed IT, it’s AFE. Don’t recognize that TLA – Three Letter Acronym? It’s Acronyms For Everything. As the elephants and donkeys charge and kick one another over the 3Is – Immigration, Iran, and Israel – there’s one acronym on which they find common ground – FITARA. And, that one doesn’t need spelling out – unless you’ve been hiding under a rock.

Reds and blues don’t agree on much, but they’re united on their call for enhanced efficiency in government IT. Importantly, FITARA is law now – and the CIO empowerment act gives Federal CIOs the nuclear option. That said, to quote Spiderman, with great power comes great responsibility. As it elevates CIOs, FITARA also puts the top IT execs in the hot seat.

Strange Bedfellows

We all remember that Vivek Kundra set the pace for change as President Obama’s first Federal CIO. At the time, given the administration’s initial Open Government policy, this all made sense. Vivek published headcounts for Federal IT data centers, sounded the battle cry to the cloud, and set quantifiable targets for new efficiencies. Accurate or fantasy, the metrics provided everybody a way to get a grip on the $80 Billion slippery fish that is Federal IT – some say $160 Billion fish. So it’s ironic, the pro-government Democrats essentially placed a target on the back of the CIO.

Hardly surprisingly, the Republicans – led in the House by Darrell Issa (R-Ca), then-chairman of the House Oversight and Government Reform Committee – and closely supported by the committee’s senior Democrat, Gerry Connolly (D-Va.) – loved the idea of increased government accountability. In fact, Issa and Connolly like Fed IT modernization so much, they co-founded the Cloud Computing Caucus. The Senate too took on Vivek’s metrics mania – where Senators Carper (D-Del.) and Coburn (R-Okla.) carried the torch. Together, the warring parties passed FITARA – it’s the Acronym Across the Aisle.

CIOs in the Crosshairs

So now that’s it’s law, it’s time to implement FITARA. The law says agency CIOs need to sign off on each and every IT purchase and makes it illegal for other agency execs to reprogram IT appropriations. So if IT projects succeed, CIOs should expect laurels. If they run into challenges, OMG.

A couple of concerns here in defense of CIOs. First off – FITARA envisioned consolidating the CIO title so that there would be just one per agency. Today, many government departments have multiple CIOs within the bureaus and components that make up each agency. This CIO consolidation got killed in the final stages of FITARA’s passage into law. This proliferation of CIOs dissipates control and accountability.

Second, there’s the whole cloud thing – and it’s impact on Shadow IT. The reason folks speculate that the Federal IT budget may be much bigger than the $80 Billion appropriation, is because significant IT investments live within funding for other programs. For example, IT guidance systems within a missile defense system don’t roll up into the $80 Billion IT number. So, do CIOs have veto power on those shadow IT components within “non-IT” programs? I don’t think so.

Shadow IT’s an old chestnut, but it’s made super relevant today by cloud computing which is providing a new dimension to the hidden IT economy. Recent IG reports tell us that some Department CIOs only see about 30 percent of their agencies cloud investments. Mission owners are buying cloud services – sometimes on their credit cards – without OCIO visibility or approval. Like Peter Pan, CIOs need to get a grip on their shadows to really gain control of IT.

What’s Next?

So, we’re heading into hearing season. We understand the folks at GAO have a series of new reports and statistics that point at data centers, cloud adoption, and security. OGR, under new Chairman Jason Chaffetz (R-Ut) and long-time tech champion Connolly will look hard for Fed IT progress and savings. Guessing the new OGR Information Technology Subcommittee, headed by Chairman Will Hurd (R-Tex.), will be the crucible for accountability and change. On the Senate side in HSGAC, Senator Ron Johnson (R-Wis.) and Senator Tom Carper (D-Del.) won’t want to be left out of the IT action.

Rumor has it, the CIO Council has already met this year to map out FITARA implementation plans. While the weather’s cold, it’s going to get hot in IT. All eyes on the CIO Council and the Hill. And let’s not forget the most important acronym in D.C. – CYA.

What’s your take on FITARA? Will the new law change things?

Kumbaya?

There’s only one explanation – it’s a belated Christmas miracle.

The 114th Congress is getting down to business, and the president last night outlined his priorities in his State of the Union speech. It just so happens that the legislative and executive branches are singing the same tune on cyber.

The House and Senate majorities and the White House so often seem at odds, but cybersecurity will bring them together.

Steady Drumbeat
The president unveiled his cyber agenda last week – he urged Congress to draft bills that encourage information sharing and require companies to notify consumers of a data breach within 30 days. The vice president also chimed in, saying the Energy Department will make $25 million available to fund programs that churn out cybersecurity experts.

The cadence of the events to promote cybersecurity legislation was impressive, and long overdue.

They’re finally getting it.

Wait, There’s More
The miracle doesn’t end there.

The truly impressive developments occurred when prominent House and Senate GOP leaders endorsed the president’s cybersecurity goals.

Sen. John McCain, a member of the Homeland Security and Governmental Affairs committee, said he was “glad the administration is coming forward with a proposal” and “guardedly optimistic we can come up with legislation that we can work with the administration on,” AP’s Jack Gillum reported.

House Intelligence Chairman Devin Nunes said the president’s proposals would “receive close consideration” as the panel writes a cyber bill.

House Homeland Security Committee chairman Rep. Michael McCaul may receive the award for the best back-handed compliment of the week.

“While it took an attack on Hollywood for the president to reengage Congress on cybersecurity, I welcome him to the conversation,” McCaul said in a report by The Hill’s Cory Bennett.

That’s a lotta love. Maybe he can watch The Interview at the White House with the president.

Devil’s in the Details
With widespread agreement on the need to address cybersecurity, lawmakers and the president are off to a good start. But we all know how quickly things can unravel.

So, fingers crossed that this Christmas miracle isn’t a mirage. What do you think? Can the two sides come up with meaningful legislation for the president’s signature? Are there other cyber issues they should address?

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Raise the Gas Tax?

This one’s less of a Cup of IT – more like Texas tea, black gold, oil that is. Based on my citizenship exam, three things enshrined in the constitution – freedom of speech, right to bear arms, access to cheap gas. So, I recognize my headline may prove flammable – but here goes.

Barrel of Laughs?

What hasn’t been said about falling gas prices? Detroit happy, Putin sad, drivers revving engines in SUVs. But what about the impact on tax revenue and our aging infrastructure? I was concerned that falling gas prices would mean reduced tax revenue – and failing highways/falling bridges. So, I looked at how government taxes gasoline – which funds the Federal highway system. Interesting, it’s not a percentage. The Feds pour 18.4 cents on a gallon of gas and 24.4 cents on a gallon of diesel – just my luck, I drive a diesel. The state tax is a sliding scale – but the average load is 30.1 cents. They’re equal opportunity discriminators for gas and diesel.

The net here, as best I can tell, government revenue is firewalled off from fluctuations in fuel prices. Ironically, I’m guessing that tax revenues will spike as demand bubbles up.

Oil and Water?

So, what’s fueling the price fall? I debated this with Tom Davis and Jim Moran just last week at Don Upson’s CES Government conference – quite a program. Is it a war between the shale men and the sheikhs? Theories abound. Most popular, OPEC outflanking the frackers – keeping supply high to burn up US shale oil, which is not viable below $70 a barrel. But, how does that make sense? Surely OPEC is hurting itself in the near term, and the frackers will just start right up again when the price of a barrel of oil hits $70 again – which it surely will.

Double Whammy?

Here’s another theory that actually makes good sense. Global demand is down – due to the Brazilian, Chinese, and European slowdowns. As the price falls, OPEC has two choices. One, it can cut production – which means it’s hit twice with lower revenue per barrel and lower volume. If OPEC holds back, other producers will step in to fill the world’s tank. Or, two, it can continue to pump – increasing volume to make up for the price shortfall. Seems one hit is better than the double whammy.

On the Right Road?

Okay, so here’s the heretic thought for the dismount. With gas prices at an all-time low – in real terms –isn’t now the perfect time for government to hike the gas tax? We haven’t increased gas taxes since 1993. The President signed a $1.1 billion stop-gap bill last August to fund highways for 10 months. Proposed bipartisan Senate legislation to raise fuel tax by 12 cents per gallon ran out of gas. It would have raised $164 billion over 10 years – enough to upgrade our infrastructure and perhaps get us on the right road to new smart highways.

So, now’s the time to put the gas tax hike back on the forecourt. As gas prices are down we can produce much needed revenue today – without hitting folks hard in the pocket book. In addition to funding infrastructure – sliding higher gas taxes into the mainstream will start to steer our economy away from our unhealthy gas addiction and stimulate energy innovation.

Even the Clampetts would agree this is no gas matter. Is my analysis too crude? Y’all come back now, y’hear?

Eating Our Babies?

If Uncle Sam has a New Year’s resolution, maybe he should stop chewing his digits? No, I’m not talking about nail biting, I’m talking about digital natives. The Washington Post tells us folks under 30 represent just seven percent of the Federal workforce – the low-water mark in over a decade. For context, one quarter of the U.S. workforce is under 30. And, the government’s bleeding babies – nine percent of folks flying the Fed coop in 2013 were millennials. If we’re looking for new ideas in government, we’re going to need fresh DNA. We’ve heard plenty about the Silver Tsunami – what about the Millennial Monsoon? Sequestration, pay freezes, the civil smear, and economic recovery have hurt the government’s millennial mojo.

Mighty Moran

And, as we talk about challenges with the government workforce – and people quitting government – it seems appropriate to tip the hat to the young at heart – Congressman Jim Moran (D-Va). Just this week, I had the honor to travel with Jim on his last day as a Congressman. After 30+ years in public service – as the Mayor of Alexandria and 24 years in the Congress – Jim Moran has elected to bow out. On travel, we ate together at a restaurant – and Jim insisted on clearing the dishes himself. No hubris here. What a gentleman – and advocate for Federal employees. Jim Moran, thank you for your service. You will be missed in Congress – but we know you’re not stepping away from our community, there’s still work to be done.

Short pour this week. But in this weather, a warm cup of IT should do you good. Wishing you the very best for 2015.

Meet the New Boss: IT Decision Makers

The attack on Sony and other high-profile data breaches have forced lawmakers to pay attention to cyber legislation. But will the 114th Congress do as much for IT as the 113th? Several lawmakers who can affect IT policy are newly elected or newly assigned to tech-focused committees. Here’s a rundown of the new faces and notable changes:

House
Oversight and Government Reform – Rep. Jason Chaffetz will take over the committee and didn’t waste time making news. He announced on December 16 his decision to create a new Information Technology subcommittee. Chaffetz said the IT subcommittee will have jurisdiction over anything dealing with technology, from NSA data collection to cybersecurity.

Chaffetz picked Texas Republican Will Hurd, a new face, to head the subcommittee. Rep. Hurd is a former undercover CIA agent who worked on issues including counterterrorism and cybersecurity. For the past four years he has been a senior adviser for FusionX, a cybersecurity vendor. “You can chase terrorists and protect our civil liberties at the same time,” Hurd said, according to Politico’s Kevin Robillard. “I’ve done it.”

Intelligence – Chairman Mike Rogers’ retirement opens the door for a new successor. Speaker John Boehner selected Rep. Devin Nunes to succeed Chairman Rogers. Nunes supports government surveillance, so don’t expect a push for NSA reform from this committee.

Energy and Commerce – Rep. Fred Upton will serve as the Chair of the House Committee on Energy and Commerce for two more years. In a statement issued December 19, Upton said the committee will hold a series of hearings next year to examine the Sony hack and the broader threat to the economy posed by hackers.

Upton did not specify how many hearings the panel will hold or whether lawmakers intend to introduce new cybersecurity legislation.

Upton has named Rep. Greg Walden to serve as chairman of the Subcommittee on Communications and Technology.

House Homeland Security Committee – No change here. Representative Michael McCaul will remain the Chairman of the House Homeland Security Committee.

Senate
Commerce – Ranking Member John Thune will become the committee chairman in the 114th Congress. “Senator Thune played a central role in the Senate Commerce Committee’s passage of cybersecurity legislation in the 113th Congress and is expected to continue to play an active role in cybersecurity issues during his chairmanship,” according to an extensive analysis on the upcoming Congress by lobbying firm Squire Patton Boggs.

Thune advocates an open Internet with slight government regulation.

Homeland Security and Governmental Affairs – Senator Ron Johnson will become Chairman and Senator Tom Carper will become the Ranking Member. Johnson has made clear that he will focus on cybersecurity, homeland security, and counterterrorism issues.

If Johnson’s past comments on the cybersecurity issues are any indication, his agenda will focus on moving legislation to facilitate industry-driven cyber standards and providing legal protections for companies wanting to share information, according to The Hill’s Cory Bennett.

Intelligence – Saxby Chambliss’ retirement allows Senator Richard Burr to chair this important committee. Burr is a solid ally of the CIA and doesn’t believe that any intelligence should be shared with the public.

Armed Services – Sen. John McCain has announced that the Armed Services Committee, which he is expected to chair, will hold a hearing on the Sony hack within the first two weeks of a new Congress.

Let us know if there are other IT issues lawmakers should delve into. Do you think lawmakers will address cyber?

Drew Doggett contributed to this report.

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Six Key Questions for 2015: What You Need to Know

Feds face a long to-do list and lots of questions about the ability – and willingness – of the legislative and executive branches to work together as the 114th Congress convenes. Six issues lawmakers must grapple with in the New Year:

Who Will Be the Next Federal CIO (and does it Matter)?

The White House has been evaluating candidates to replace Steven VanRoekel as U.S. Federal CIO since he resigned the post in September to join the U.S. Agency for International Development and the fight against Ebola. But whether President Obama will appoint a Washington insider or import a Silicon Valley star to fill the position is not yet crystal clear. In theory, whoever gets the nod will oversee a Federal IT budget of some $80 billion. The Federal CIO doesn’t really control IT budgets – at least not directly. It’s more of a bully pulpit to influence the agency CIOs who really own the budgets.

Insiders predict a Washington native will take the reins because outsiders won’t be familiar with the arcane acquisition rules and other baggage that bogs down Federal policy and procurement.

Inside-the-Beltway candidates could include Dr. David Bray, CIO of the FCC (where VanRoekel also served), Dr. Alissa Johnson, Deputy CIO of the White House, and Richard Spires, former CIO for the Department of Homeland Security. Or the president could again turn to Google, as he did for Michelle Lee at the Patent & Trademark Office and Megan Smith, chief technology officer in the White House Office of Science & Technology.

So does it matter? That all depends on who the president picks – and what that choice does with the federal CIO’s bully pulpit.

Can Feds Make FedRAMP Fast and Flexible?

The Federal Risk Authorization Management Program (FedRAMP), which facilitates Federal cloud installations, was created by the General Services Administration (GSA) to authorize and accelerate cloud implementation across multiple agencies. Unfortunately, the authorization process to select cloud vendors is still tedious for many agencies.

“Confusion over how best to incorporate cloud security standards in procurements has reached a breaking point,” according to Jason Miller, at Federal News Radio.

But FedRAMP managers in December issued “FedRAMP Forward,” a two-year outline for the program, indicating they want to spread responsibility for cloud service authorization across the government. They’re re-launching FedRAMP.gov to provide additional resources for agencies pondering cloud implementation, and GSA will release automation requirements for vendors and agencies to produce more efficient documentation and issue a draft high baseline for non-classified tech systems under the Federal Information Security Management Act (FISMA).

Will Congress Tackle Cyber?

From attacks on Home Depot and other vendors to the exploitation of celebrities’ private photos and the hacking of Sony Pictures, cybersecurity is on everyone’s agenda. But will Congress try to legislate us to a more secure cyber world?

Numerous congressional committees are preparing to tackle cyber, but it remains to be seen what they can do to protect industry and consumers. Insider threats, phishing expeditions, and straight-up hackers all pose their own risks. And the fact is the government is as prone to attack – perhaps more so – as any private party. Congress can’t solve this problem with legislation. But it can help, beginning with setting minimum self-defense standards for industry, promoting general awareness and training in government and nationwide, and encouraging international cooperation in cyber defense and response.

Will the FAA Define a Forward-Looking Drone Policy?

The U.S. government isn’t moving as fast as industry wants it to, and the FAA is facing mounting pressure to govern commercial drone operations. While some foreign governments have already moved on the matter, the FAA remains deeply concerned about the safety implications of adding drones to America’s already crowded commercial airspace. Amazon CEO Jeff Bezos, meanwhile, is playing the international competitiveness card. He argues that the U.S. risks missing out on drone delivery and falling behind economically.

“It’s highly likely that other countries get drone delivery before the U.S.,” Bezos told a conference hosted by Business Insider. “Maybe I’m being too skeptical, but it’s certainly possible.”

U.S. drone makers are the worldwide technology leaders but worry Feds will keep them grounded. They fear a late start in their home commercial market will have them losing out to foreign competitors later on – both abroad and at home.

Will Big Data Rise Up to Defeat Fraud, Waste, and Abuse?

Before 2015, the role of a data scientist/analyst was clear. But the duties and qualifications are blurring as analytics capability rapidly advances.

Data scientists and data analysts have more data than ever to help agencies spot trends and anomalies as they fight an estimated $300 billion a year in fraud, waste, and abuse. Those tools also enable planners to get predictive and more rapidly respond to changing needs in e-government.

Data holds incredible promise and can make Feds smarter, faster, and more efficient. Prescriptive and predictive analytics aren’t reserved for Silicon Valley.

Can Congress Stop Sequestration, Raise the Debt Limit, and Get its Fiscal House in Order?

The clock is already ticking as incoming Senate Majority Leader Mitch McConnell takes his new role and joins Rep. John Boehner as co-leader of a Republican-controlled Congress.

First up is raising the debt limit, which Congress last addressed in February 2014 and which will need to be raised again between now and March 15. Everyone knows they have to do it, but taking on more debt is a theme that doesn’t resonate well with the Tea Party wing of the party. The government’s current borrowing limit expires in March, but the Treasury can use an “extraordinary measures” fund and the standard tax collections in March and April, prolonging the suspense and propelling us toward a summer showdown.

Another fight over military and domestic spending is inevitable before a deal is struck. And then there’s sequestration. Last year’s deal to suspend those automatic across-the-board budget cuts expires September 30. Mark your calendars – but stand by for a series of half measures and delay tactics. Just ecause we’ve seen a change in which party controls the Senate doesn’t mean Congress will alter is predilection for kicking such big decisions a little bit further down the block.

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

FedRAMP Under the Mistletoe?

What does everybody in Federal IT want for the holidays this year? Answers to five FedRAMP questions:

What’s the path forward to get agencies to buy into FedRAMP?

Do cloud providers need a final stamp of approval before agencies buy their cloud services?
Is being in the pipeline sufficient for agencies to buy CSP services – doesn’t that show the CSPs are firmly committed to the process?
How do we accelerate the FedRAMP Authority to Operate (ATO) process?
Are there any rules in the FedRAMP process and/or Federal cloud procurement

Coal in OMB’s Stocking

The Council of the Inspectors General on Integrity and Efficiency (CIGIE) IT Committee’s September report on Federal Cloud Computing considers many of these questions. Some interesting stats: IG’s looked at a sample of 77 Federal commercial cloud contracts valued at $1.6 billion. They found most cloud contracts don’t follow the Federal government’s cloud computing guidelines; three out of four.

Three quarters of agencies don’t even require CSPs to be FedRAMP compliant. CIGIE dug in on 19 agencies’ cloud programs – and found nine did not have a good inventory of their cloud systems. Extrapolate those percentages across all 438 Federal cloud contracts – some $12 billion worth – and it doesn’t take a red-nosed reindeer to see there’s a problem.

CIGIE lays the blame at OMB’s feet. The report notes OMB set up FedRAMP via policy memorandum, established the JAB and PMO office, and imposed the June 5, 2014, FedRAMP compliance deadline. But, OMB failed to establish an enforcement mechanism to police deadlines and hold agencies that fail to comply accountable for their actions.

CIGIE offers four recommendations. It firmly recommends that OMB determine how to best enforce FedRAMP compliance for CSPs and establish a reporting system to ensure agencies require FedRAMP compliance.

What’s Under the Tree?

Rumor has it GSA is readying a two-year FedRAMP roadmap. Could it be under the tree in time? Will it clarify the policy? Will OMB take the leadership opportunity it provides?

Naughty or Nice?

MeriTalk and the Cloud Computing Caucus Advisory Group are being peppered with calls and emails from unhappy CSPs who thought they’d been nice by getting into the FedRAMP pipeline, but now are being told they’ve been naughty. Some agencies won’t buy services from CSPs unless they’re all the way through the FedRAMP process; others are buying, as long as CSPs are on a FedRAMP pipeline with GSA or another agency; still others are looking at where CSPs are on the FedRAMP OnRAMP – documentation, testing, authorization, and the end zone (continuous monitoring). Based on the CIGIE report, a whole pile more of agencies are just sidestepping FedRAMP all together. The Hill is asking questions.

More Elves Please

Matt and Claudio in the FedRAMP PMO at GSA are working long hours in the FedRAMP toy workshop. We launched the FedRAMP OnRAMP with GSA in March of this year. We took a look back at pipeline progress and who’s gained an ATO in the past nine months. Here’s the before and after.

In March there were 10 ATO’d CSPs, with a total of 11 certified solutions – Microsoft had two. Eleven more were in process for ATOs. Nine months later, only three more CSPs are ATO’d, and only 15 solutions are certified – Microsoft and Oracle have two each. Three CSPs haven’t progressed at all – Layered Tech, VirtuStream, and MaaS360 – while Carpathia has set the pace as the fastest-moving CSP in the pipeline. Another 17 CSPs are in the ATO process.

FedRAMP is critical to government adopting cloud. GSA needs reinforcements in the workshop – more elves, please.

The Nutcracker

Curious to know how DoD is doing on cloud? Register for the Cloud Computing Caucus Advisory Group “Defense Goes on Offense” program taking place this February 12 on the Hill. Seems DoD is marching to the cloud in double time.

New Year’s Resolution

As goes FedRAMP, so goes mainstream government cloud adoption. GSA’s working hard to lead the way. Here’s hoping OMB makes cloud part of its New Year’s resolution – or we can kiss mainstream cloud adoption goodbye (yes, that can be under the mistletoe…). What’s on your cloud holiday list?

Watch Out for the Grinch

Federal agencies lose an estimated $300 billion a year to fraud, waste, and abuse. Bad guys are the Grinch – $300 billion could pay a lot of bills. Or pay for better cybersecurity. That’s what agencies want for Christmas.

No agency is safe, according to the esteemed panelists at MeriTalk’s Stealing from Uncle Sam forum.

Lump of Coal
Gary Cantrell at HHS, Dean Silverman at IRS, and Nancy McNamara at FBI discussed the alarming scope of Federal fraud, waste, and abuse.

Health and Human Services, Social Security, IRS – agencies across the board are struggling with identity theft, falsification of financial records, and many other scams.

“There’s more fraud than we are able to address,” Cantrell told the audience.

Avalanche of Data
It’s not all bad news. HHS and other agencies are using analytics and making strides. The IRS has identified and stopped $10 billion in identity theft over the past two years. Take that, Grinches. But fraudsters still get many happy returns from the IRS, and the bad guys are able to pivot quickly.

Many agencies are snowed under by data. The key is to start small. Instead of trying to solve all their problems at once, agencies can use analytics to clean up one program. Then move on.

“It starts with the awareness that you’re constantly under attack,” Joseph Conway, CTO at Fed Centric Technologies, said during the forum’s industry panel.

Tis the Season of Giving
Agencies also need to share data.

“The most effective legislation would provide a framework for agencies to collaborate more openly and effectively,” said Eric Motz, Technical Services Manager at Splunk, the data analytics software firm. “The best defense is visibility into everything so you can go back and trace patterns.”

The private sector succeeded in creating communities where similar businesses could share information to strengthen cybersecurity. But at the Federal level agencies lack standardization and the ability to harmonize so much different data coming at them.

No one should try to crack the code from The Matrix. Keep it basic.

Brand New Toy?
Many panelists urged agencies not to forget about the people behind computers – better training, people with the right skills. It all adds up to better cybersecurity.

Agencies often suffer from near-sightedness – overlooking employees in favor of technology. Advanced analytical tools can detect certain patterns and outliers in sets of information, but it takes skilled workers to program these codes and determine what is relevant.

Some agencies have had difficulty filling the personnel gaps.

“What’s been quite difficult for us is getting the right personnel to do that. We’re developing our analytical cadre, but it’s taking longer than we would like,” McNamara told the audience.

New Year, New Insights
Lots more to come on fraud, waste, and abuse in the New Year, including an interactive research project that will dig deep into the issue. Stay in touch with the MeriTalk Big Data Exchange here. Let us know – does your agency use analytics? Do you have suggestions for others on using analytics to slow fraud, waste, and abuse?

Drew Doggett contributed to this blog

Read Five Ways Big Data Can Fight Fraud, Waste, and Abuse

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

App etite?

Halloween is safely in the rear view mirror – but Uncle Sam’s still wracked by IT nightmares. App glutony’s front and center as we head to Thanksgiving – and a new MeriTalk study, the App Gap, showcases agencies’ eating disorders.

Gobble Gobble

GAO sets the table on stats. With 777 supply chain and more than 600 HR systems – there’s clearly too many calories in our app diet. And, agencies have no plans to reduce their app portions. Seventy percent of Feds expect more apps on the plate – projecting a 19 percent expansion in agencies’ app waistlines.

Eating Disorder

GAO says agencies spend 69 percent of their budgets maintaining systems that are past the sell-by date. MeriTalk pegs the cholesterol count still higher – with 79 percent of agency budgets invested inGeorge Foreman grills. Only one in three Feds say their current infrastructure provides a well-balanced diet to support their agency’s mission.

Food Stamps

As in life, poor folks eat poorly. Seventy-three percent of Feds assert that budget keeps them from updating legacy systems. However, if you look for the soft part in the middle, 36 percent of Fedspoint to politics as the poison – that’s nothing new in D.C. If folks are used to the all-you-can-eat buffet, nobody’ll want a salad.

Peanut Butter Not the Solution

Paying off on the politics, Fed IT pros assert that they’re forced to peanut butter available budgets over too many rotting apps.

Talking Turkey

If freed to take out the trash, 48 percent of Feds would serve up new apps, 43 percent would consume the cloud – and IT pros assert that new virtualization investments would trim the IT fat by $4.5 billion.

Too Many Cooks?

Looking for a recipe for success this turkey day – and a heaped helping of hilarity? Look no further than our Fed IT gourmets’ take on bad lip reading – That’s How You Cook a Bird. Key ingredients – hint of Halvorsen, pinch of Palmer, Barloon broil, Rudnicki roast, butter goes on top.

Now that’s funny…

Enjoy the holiday with your family.

Sink or Swim?

Don’t go boating without a life jacket. And, don’t collect, store, or try to manage data without an Information Governance strategy. That’s IG, but if you don’t have one, you’ll end up all at sea with the another IG – the Inspector General. Turns out many organizations – public and private – have set sail without taking the proper precautions. For too many agencies, information governance strategies, like access and security, are an afterthought.

A recent research study – “Navigating Information Governance: What’s Your Strategy?” – quizzed public- and private-sector attorneys, IT executives, FOIA agents, and records managers about information governance. Everybody agrees information governance is critical to their organization’s mission.

Muddy Waters

But information governance practices are murky. And, government and industry are mostly in the same boat.

Nearly three quarters of organizations have a formal, enterprise-wide information governance strategy, but just one in five says it’s very effective. Organizations understand the problem and the steps to solve it, but information governance programs consistently fall short.

Drowning in Data

How’s this for a rising tide? The digital universe doubles every two years and will reach 40,000 exabytes – 40 trillion gigabytes – by 2020. For context, a single exabyte of storage can contain 50,000 years’ worth of DVD-quality video.

Although some measures and regulations are necessary for data protection and public transparency, many organizations believe they’re fighting against the tide on regulation. When it comes to eDiscovery and FOIA requests, organizations’ biggest technology weaknesses include: data processing and filtering (38 percent), data collection (36 percent), and review (28 percent).

Respondents also say data security and protection is the single largest information governance risk their organizations will face if not addressed, but only 37 percent give their organization an A for data protection.

Missing the Boat?

In contrast to the private sector, Feds say budget’s their most significant information governance challenge. Management needs to know that proper information governance will improve business operations, regulatory compliance, and constituent service across the board.

Beyond harnessing, synthesizing, and turning information into intelligence, organizations need to be in control of data to meet governance transparency objectives, respond quickly to eDiscovery requirements, manage FOIA requests and internal investigations, and comply with records management regulations.

Land Ho

To ensure effective, enterprise-wide information governance programs, organizations need to focus on people, process, and technology improvements. A whopping 95 percent of organizations have made investments in this area in the last two years. And, over the next two years, organizations will invest further in security software, document management, data loss prevention, and backup.

So organizations should gain visibility, take action, and assume control of their own data. When executed correctly, an all-inclusive approach makes information available to those who need it, when they want it, while reducing storage costs and safeguarding compliance.

Read the full report here.

Is your organization sinking or swimming in information governance?

Weed the People

Pot’s legal in DC (unless Congress steps in and says no to drugs). Nearly 70 percent of voters gave weed the high sign. But that’s not smoke in the sky. Those are clouds because there’s a lot of buzz surrounding cloud computing these days.

Cloud and Data Centers: A Joint Effort
Feds are (trying to) consolidate data centers. But they have to weed through the impact of consolidation on their cloud strategies.

We asked Defense Information Systems Agency Deputy CTO Jack Wilmer to talk about data center consolidation and cloud computing at the Data Center Exchange meeting next week.

DISA has a unique perspective on this. The agency hopes to leverage commercial service providers to support Level 5 and Level 6 workloads. That’s as high as DISA gets – Level 6 represents the top grade of classified and secret government information that can be exchanged through cloud services.

Wilmer will talk about:

Whether cloud hinders consolidation
How DISA is working with commercial providers
Cloud security
Modernizing networks

But wait! There’s more.

Cloud Connect
We asked Jack to stick around and have another conversation with us following the Data Center Exchange meeting.

He said yes!

So we plan to host a half-day event called Cloud Connect. We’ve asked agency CIOs to discuss how they coordinate and manage data across multiple environments – public, private, and hybrid clouds. We know many continue to debate the value of cloud services and struggle with decisions over where best to store data and applications.

Room to Grow
A lot of you saw the report over the summer that said seven agencies surveyed by the Government Accountability Office have moved only 2 percent of their systems to the cloud, up from 1 percent in FY 2012. It also said:

Among those agencies, spending on cloud services increased to $529 million in FY 2014, up from $307 million in FY 2012
Those seven agencies collectively had not considered cloud computing services for about 67 percent of their investments

There’s still a lot of room to grow.

These Smart People Will Attend
At Cloud Connect we’ll have a CIO panel, a panel on private cloud, and a panel on hybrid cloud. David Bray, Federal Communications Commission CIO, Steve Cooper, Department of Commerce CIO, Rick Holgate, Bureau of Alcohol, Tobacco, Firearms, and Explosives CIO, and Richard McKinney, Department of Transportation CIO all plan to attend.

Find Out the Latest Buzz
Register for the Data Center Exchange meeting here.

And register here to attend Cloud Connect. Both are scheduled for Tuesday, November 18. It’s a cloud doubleheader.

(Remember, both events are only for government employees.)

Join us and share your stories about cloud and consolidation. What has worked? What are agencies struggling with? Does anyone else have the munchies?

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

« Previous 1 … 15 16 17 18 19 Next »

Cookie	Duration	Description
AWSALBCORS	7 days	Amazon Web Services set this cookie for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
_pxhd	1 year	PerimeterX sets this cookie for server-side bot detection, which helps identify malicious bots on the site.

Cookie	Duration	Description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.

Cookie	Duration	Description
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.
_gat	1 minute	Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
UID	1 year 1 month 4 days	Scorecard Research sets this cookie for browser behaviour research.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	Google sets this cookie under the DoubleClick domain, tracks the number of times users see an advert, measures the campaign's success, and calculates its revenue. This cookie can only be read from the domain they are currently on and will not track any data while they are browsing other sites.

Cookie	Duration	Description
anj	3 months	AppNexus sets the anj cookie that contains data stating whether a cookie ID is synced with partners.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
GoogleAdServingTest	session	Google sets this cookie to determine what ads have been shown to the website visitor.
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
muc_ads	1 year 1 month 4 days	Twitter sets this cookie to collect user behaviour and interaction data to optimize the website.
personalization_id	1 year 1 month 4 days	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
uuid2	3 months	The uuid2 cookie is set by AppNexus and records information that helps differentiate between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
_mkto_trk	1 year 1 month 4 days	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
__gpi	1 year 24 days	Google Ads Service uses this cookie to collect information about from multiple websites for retargeting ads.