APRIL 2015 VOLUME 34, ISSUE 4

Technology, Tools and Tactics for Public Sector IT

SERIOUS GAMES SCORE IN AGENCY TRAINING PAGE 6 Finding storagethe right

New virtualization techniques and emerging flash technologies baare giving data centeranc operators more control over how theye manage storage systems, speed backups and reduce costs.

PUBLIC SAFETY COMMUNICATIONS: Colorado first responders take FirstNet for a test drive Page 28

0415gcn_001.indd 1 3/30/15 3:13 PM 2015 FEDERAL EMPLOYEES ALMANAC

The Almanac is your one-stop resource on federal policy information — used annually by thousands of federal employees to reference the latest 2015 rules, regulations, and procedures.

NOW IN STOCK - ORDER TODAY! Single copies start as low as $23.95 Federal Soup subscribers save an additional 10%!

FederalSoup.com/FedStore • 800-989-3363 INSIDE

FEATURE BRIEFING 6 Serious games scoring 22 Finding the right storage big in government

balance 7 Who’s online now? New storage technique and technologies are 18F builds web analytics dashboards giving data center operators more control over how they manage storage systems and reduce 8 How to keep legacy costs systems from becoming liabilities BY CAROLYN DUFFY MARSAN 9 NIST funds center to CASE STUDIES model disaster recovery strategies 28 COLORADO TAKES FIRSTNET FOR A TEST DRIVE 10 Cities tap Yelp to improve health inspection process The mobile LTE network supported video, situational awareness, mapping and photo apps 12 DARPA makes strides for first responders searching the ‘deep web’ BY STEPHANIE KANOWITZ 13 Voting technology: Is it secure yet? 31 IRS FLIPS STORAGE SYSTEMS FOR CLOUD SERVICE OFFERING COMMENTARY Unisys acquired IRS’s storage systems, then converted them into a virtualized storage-as-a- 14 CYBEREYE optional art here, OpenSSL audit to squash service offering if available Heartbleed-like bugs BY CAROLYN DUFFY MARSAN 18 INDUSTRY INSIGHTS 32 PLUGFEST PLUS SPEEDS How the Identity of INNOVATION, ACQUISITION Things will streamline the citizen experience The Air Force is testing an acquisition approach that would accelerate the contract award 19 Where to find actionable threat intelligence process BY STEPHANIE KANOWITZ 20 Struggling with Scrum? Try Kanban GCN (ISSN 0738-4300) is published 11 times a year, monthly except Dec by 1105 Media, Inc., 9201 Oakdale Avenue, Ste. 101, Chatsworth, CA 91311. Periodicals postage paid at Chatsworth, CA 91311-9998, and at additional mailing offices. Complimentary 34 EMERGING TECH subscriptions are sent to qualifying subscribers. Annual subscription rates payable in U.S. funds for non-qualified subscribers are: U.S. $125.00, International $165.00. Subscription inquiries, back issue requests, and address changes: Mail to: Lenovo’s AnyPen GCN, P.O. Box 2166, Skokie, IL 60076-7866, call (866) 293-3194, outside U.S. (847) 763-9560; fax (847) 763-9564 or email eliminates the need for a [email protected]. POSTMASTER: Send address changes to GCN, P.O. Box 2166, Skokie, IL 60076-7866. Canada Publications Mail Agreement No: 40612608. Return Undeliverable Canadian Addresses to Circulation Dept. or XPO Returns: P.O. Box stylus 201, Richmond Hill, ON L4B 4R5, Canada.

GCN APRIL 2015 • GCN.COM 3

0415gcn_003.indd 3 3/31/15 11:32 AM Editor-In-Chief Paul McCloskey Vice President, Art and Brand Design SALES CONTACT Scott Shultz Executive Editor Susan Miller INFORMATION Creative Director Jeff Langkau Contributing Writers Kathleen Hickey, Stepanie MEDIA CONSULTANTS Assistant Art Director Dragutin Cvijanovic Kanowitz, Carolyn Duffy Marsan, Patrick Marshall, Senior Web Designer Martin Peace Ted Chase Mark Pomerleau, Brian Robinson Media Consultant, DC, MD, VA, Director, Print Production David Seymour OH, Southeast Print Production Coordinator Lee Alexander (703) 944-2188 [email protected] Chief Revenue Officer Dan LaBianca

Bill Cooper Media Consultant, Midwest, CA, WA, OR (650) 961-1760 [email protected]

Matt Lally Media Consultant, Northeast (973) 600-2749 [email protected] Chief Operating Officer and Marketing Public Sector Media Group President Chief Marketing Officer Carmel McDonagh Mary Martin Henry Allain Vice President, Marketing Emily Jacobs Media Consultant, DC, MD, VA Director, Custom Events Nicole Szabo (703) 222-2977 Co-President and Chief Content Officer Audience Development Manager Becky Fenton [email protected] Anne A. Armstrong Senior Director, Audience Development & Data Chief Revenue Officer Procurement Annette Levee EVENT SPONSORSHIP CONSULTANTS Dan LaBianca Custom Editorial Director John Monroe Senior Manager, Marketing Christopher Morales Alyce Morrison Chief Marketing Officer Manager, Audience Development Tracy Kerley (703) 645-7873 Carmel McDonagh Senior Coordinator Casey Stankus [email protected] Advertising and Sales FederalSoup and Washington Technology Chief Revenue Officer Dan LaBianca Kharry Wolinsky General Manager Kristi Dougherty Director of Sales David Tucker (703) 300-8525 Senior Sales Account Executive Jean Dellarobba [email protected] OTHER PSMG BRANDS Media Consultants Ted Chase, Bill Cooper, Matt Lally, Mary Martin, Mary Keenan MEDIA KITS FCW Event Sponsorships Alyce Morrison, Direct your media kit Editor-in-Chief Troy K. Schneider Kharry Wolinsky requests to Serena Barnes, [email protected] Executive Editor John Bicknell Managing Editor Terri J. Huck Art Staff REPRINTS Staff Writers Colby Hochmuth, Sean Vice President, Art and Brand Design Scott Shultz For single article reprints (in minimum quantities of Lyngaas, Adam Mazmanian, Mark Rockwell Creative Director Jeffrey Langkau 250-500), e-prints, plaques and posters contact: Editorial Fellow Jonathan Lutton Associate Creative Director Scott Rovin PARS International Senior Art Director Deirdre Hoffman Defense Systems Phone: (212) 221-9595 Art Director Joshua Gould Editor-in-Chief Kevin McCaney Art Director Michele Singh Email: [email protected] Washington Technology Assistant Art Director Dragutin Cvijanovic Web: magreprints.com/QuickQuote.asp Editor-in-Chief Nick Wakeman Senior Graphic Designer Alan Tao Senior Staff Writer Mark Hoover LIST RENTALS Graphic Designer Erin Horlacher This publication’s subscriber list, as well as other lists Senior Web Designer Martin Peace Federal Soup from 1105 Media, Inc., is available for rental. For more Managing Editors Phil Piemonte, information, please contact our list manager, Merit Print Production Staff Sherkiya Wedgeworth Direct. Phone: (914) 368-1000 Director, Print Production David Seymour THE Journal Email: [email protected] Print Production Coordinator Lee Alexander Editor-in-Chief Christopher Piehler Web: meritdirect.com/1105 Online/Digital Media (Technical) Campus Technology SUBSCRIPTIONS Vice President, Digital Strategy Becky Nagel Executive Editor Rhea Kelly We will respond to all customer service inquiries within Senior Site Administrator Shane Lee 48 hours. Site Administrator Biswarup Bhattacharjee Email: [email protected] Senior Front-End Developer Rodrigo Munoz Mail: GCN Junior Front-End Developer Anya Smolinski Chief Executive Officer PO Box 2166 Executive Producer, New Media Michael Domingo Rajeev Kapur Skokie, IL 60076 Site Associate James Bowling Phone: (866) 293-3194 or (847) 763-9560 Chief Operating Officer

Lead Services Henry Allain REACHING THE STAFF Vice President, Lead Services Michele Imgrund A list of staff e-mail addresses and phone numbers Senior Director, Audience Development & Data Senior Vice President & can be found online at GCN.com. Procurement Annette Levee Chief Financial Officer Director, Custom Assets & Client Services Mallory Bundy Richard Vitale Editorial Director Ed Zintel E-mail: To e-mail any member of the staff, please use Executive Vice President Project Manager, Client Services Jake Szlenker, Michele the following form: FirstinitialLastname@1105media. Michael J. Valenti com. Long Project Coordinator, Client Services Olivia Urizar Vice President, Information Technology CORPORATE OFFICE Manager, Lead Generation Marketing Andrew Spangler & Application Development Weekdays 8:30 a.m.–5:30 p.m. PST Coordinators, Lead Generation Marketing Naija Bryant, Erik A. Lindgren Telephone (818) 814-5200; fax (818) 936-0496 Jason Pickup, Amber Stephens 9201 Oakdale Avenue, Suite 101 Chairman of the Board Chatsworth, CA 91311 Jeffrey S. Klein

4 GCN APRIL 2015 • GCN.COM

0415gcn_004.indd 4 3/30/15 9:12 AM CALL FOR NOMINATIONS

Nominate outstanding federal and state & local government IT teams who have made significant contributions to the performance of their agencies. Winners will be featured in the October issue of GCN and at the GCN Awards Gala celebration on October 14, 2015.

Deadline for nominations: MAY 22, 2014

Submit your nomination today!

gcn.com/gcnawards [BrieFing]

Serious games scoring big in government

BY STEPHANIE KANOWITZ tools, is driving the proliferation of large- most promise for government, he said, scale games such as the one New York adding that three years ago there were A few years ago, New York City officials played. 16 examples of these worldwide, and turned the challenge of managing In government, games and gaming now more than 80 exist. handicap accessibility into a game, methods have been gaining steam for They use true game mechanics the giving points to people who submitted training, change management and em- way puzzles do, but the work players photographs of, for example, curbs that ployee culture improvement as well as do is called an isomorph, a translation were too high for people in wheelchairs externally to boost citizen engagement. of a real-world problem. “Players are to navigate. “You’re creating an entrée for people playing a game to solve a problem, but “What they started to notice was that that is quite attractive,” Grace said. you don’t really care what the problem people were doing a much better job in “So it’s not, ‘Hey, we just wrote some is. You’re just playing the game,” Grace seeking these [situations] out when they really good policy and all you have to said. started to play with it,” said Lindsay do is read these 630 pages.’ It’s ‘Well, For instance, a space invader game Grace, a communication professor at we have a game that’s going to get you in which players have to figure out what American University. That was despite the fact that the IBM’s CityOne game is designed to reward – more ‘points’ – didn’t have any enable city leaders to simulate ways monetary value. The pay-off came from to apply technology concepts in civic people’s desire to win and test limits. problem solving. “We could give them some [form of] direct transfer and say, ‘Congratula- tions. You earned 100 points, here’s a $10 gift card,’” said Grace, who co-presented a session on govern- ment gaming March 15 at the South by Southwest conference. “The problem with that is it’s a form of work. It’s a form of labor. But if the experience itself is extraordinarily satisfying, then it pays for itself,” he pretty far in understanding. Why don’t doesn’t look right is a great way to train said. “That’s why people do the work you try this first?’” information technology workers on of a marathon or a fun run. They aren’t “Games have been used for eons,” network intrusion detection. necessarily saying, ‘OK, what’s my added Tony Demarinis, director of gam- “If I told you this is work or I told you payout?’ The experience itself is quite ing at Deloitte Consulting, who cited this is a game, you change the way you enjoyable.” lacrosse’s roots as a battle-training tac- frame the problem psychologically,” Government’s use of games is noth- tic. “There are intangible attributes that Grace said. “You’re more driven to ex- ing new, but technological changes require people to put disparate pieces periment, you’re more driven to get the have, well, changed the game. of data together in a unique and cre- optimum solution.” Today’s growth spurt in big data and ative manner to solve problems that you IBM is a company that sees the analytics, combined with the challenge cannot get in any other form or fashion value of game formats for government of getting the producers and consum- but in activities that look like games.” applications and challenges. The firm’s ers of data to engage directly with new Human computation games hold the Smartplay program helps to integrate

6 GCN APRIL 2015 • GCN.COM

0415gcn_006-013.indd 6 3/30/15 3:10 PM [BrieFing]

real processes and data into problem- informed by real-world data,” according Another company, BreakAway solving games for the military and to a Motherboard article. Games, created Code Yellow, a game other government agencies. Using its That’s what happened to Achron, a that lets hospitals enter their own data cloud infrastructure and applications to real-time strategy game that was not a to simulate, test and improve their incorporate adaptive analytics, business success with the public but was picked readiness for disaster response. process management, learning man- up by the Pentagon for use in logistics Overall, games are overcoming their agement systems and social business training. stigma as amusement for the couch applications, IBM is developing a num- “The premise here is that we know potato to gain wider audiences, accep- ber of serious games, designed to solve you’ve worked hard to create intellec- tance and uses, Grace said. business puzzles. tual property,” said Phaedra Boinodiris, “If you look at the history of Angry It has two main games: CityOne has Serious Games program manager at Birds – a very popular casual game – it been compared to the popular Sim- IBM, during a game developers confer- basically calculates to 380 years of City game, where players develop a city, ence earlier this month. computation,” he said. “The amount of while Innov8 lets players practice run- “Whether it’s a game, an analytics time that people are solving problems ning a business. engine, a gaming engine, whatever this on Angry Birds is a tremendous amount IBM is also acting as a “second use intellectual property is that you might of cognitive labor. So the idea is why marketplace where game developers have, we see an opportunity to leverage don’t we convert that? If we can get can repurpose what was initially created this as part of a broader ecosystem to even a couple of those hours for people for entertainment and resell it as practi- make games as a service happen for to solve other problems, imagine the cal solutions to complicated problems some of this clientele.” kinds of problems we can solve.” •

Who’s online now? 18F builds empty, uses JavaScript to download JSON data and renders it client-side Web analytics dashboard into tables and charts.” The group took this approach, it said, because it can Marking its one-year anniversary, 18F percent last year. Seasonal services “handle potentially heavy traffic to live unveiled analytics.usa.gov, a public or unexpected events drive people data without having to scale a dynamic digital analytics dashboard for almost to government sites for information, application server.” 300 executive branch government which explains why the IRS has the In the spirit of openness, all the data domains, including every Cabinet most visited site. used in the dashboard can be down- department. Developed by 18F, the digital servic- loaded from a menu below the dash- Like metrics from Google Analyt- es delivery team housed at the General board; code for the dashboard and the ics, the site shows which government Services Administration, analytics.usa. data reporting system is available on pages are most popular and which de- gov was built in two to three weeks, GitHub. vices, browsers and operating systems the team said on its blog. But the In the year since its creation, 18F has people are using. group expects to make improvements developed a number of tools including The White House said it plans to so that the tool can handle dynamic Discovery, the OASIS market research use the insights gleaned from the queries and be easily shared with other tool; FBOpen, a set of open-source dashboard “to focus our digital service agencies. tools to help small businesses search teams on the services that matter most The analytics.usa.gov dashboard for opportunities to work with the U.S. to the American people and analyze is a static website, 18F said, that is government; api.data.gov, a hosted, how much progress we are making.” stored in Amazon S3 and served via shared service that provides an API Among the initial insights are that Amazon CloudFront. Real-time data is key, analytics and proxy solution for 33 percent of all traffic to the gov- downloaded from the Google Analytics government Web services; and Midas, ernment websites that were tracked Real Time Reporting API. According a platform that facilitates came from mobile devices, up from 24 to the team, “The dashboard loads collaboration. •

GCN APRIL 2015 • GCN.COM 7

0415gcn_006-013.indd 7 3/30/15 3:10 PM [BrieFing]

How to keep legacy systems facing systems, the report noted, because many of those applications from becoming liabilities were designed for use only in a secure internal network and not over the BY KATHLEEN HICKEY as whether it aligned to a desired Internet. enterprise technical architecture or And while back-office systems, While plenty of public-sector IT sys- introduced unnecessary complexity to such as core financials, are critically tems are moving to the cloud, legacy overall business processes,” said the important to the state’s day-to-day systems are still the workhorses of report. operations, their visibility is much many agency IT operations. But great- Legacy systems pose a Catch-22 lower, making upgrades a “hard sell,” er computing demand from transpar- for agencies. They remain in use, the the report said. As a result, replace- ency and mobile or big data programs report said, because of the costs as- ment or upgrade of legacy IT systems coupled with frequent technology sociated with migrating the systems to often comes only when enhancements advances can quickly turn a legacy a modern platform. But these systems are made for new business capabili- system into a liability. are also expensive to run, they burden ties or when IT staff has time to make A recent report from Washington the state’s IT infrastructure, and they improvements. state calls for creating an enterprise- carry increased risks for data breach- The OCIO also asked agencies what level modernization roadmap to es, theft or service disruption. criteria they used to fund moderniza- systematically tackle the problem of This is especially true for citizen- tion projects, resulting in a consolidat- updating legacy IT systems. ed list of criteria used by participating The report by the Office of the Chief agencies. The data included mission Information Officer (OCIO) examined How to reduce alignment, public visibility, risk, align- 45 executive branch agencies. Of the ment to enterprise architecture (such 1,983 IT systems in use, 31 percent risk of maintaining as reducing number of platforms or were legacy systems, with 55 percent legacy systems improving data integration), improving of the legacy systems identified as efficiencies and cost savings. mission critical. Most of the legacy Further, the report noted that mod- systems (84 percent) were developed Until agencies can phase out ernizing or replacing IT systems is “a and hosted in-house. Almost half of their legacy systems, the report moving target. A system that may not the legacy systems fell into one of recommended steps IT manag- be considered legacy this year might three business areas: financial man- ers can take to reduce risk: become legacy next year due to the agement, agency specific and licens- • Improve documentation, pace of technological change, shift- ing/permitting. capture system information and ing skill set availability and cost, and The roadmap would be used by the rewrite system code when changing business needs.” state to mitigate current risks from possible. The challenge of maintaining legacy legacy systems. In order to accom- • Provide code developers systems is being felt across the public plish that, the state advises that agen- with training to identify high-risk sector. Last year the Texas Depart- cies stay current on software versions systems and revise or develop ment of Information Resources issued and be able to identify, categorize and new, secure code. its own report and assessment of its analyze their application portfolio as • Stay up-to-date on software legacy systems. well as determine when to modernize versions. The authors made six recommenda- or replace systems. • Use pace-layering to identify tions on how to tackle the problem: Determining what was a legacy different systems and modern- identify and prioritize security risks; system went beyond age and pro- ization strategies. develop a legacy modernization road- gramming language. “Categorizing • Consider migrating to map; establish statewide standards for a system as ‘legacy’ was not sim- software-as-a-service or application development; use com- ply a matter of age or programming commercial off-the-shelf deploy- mercial off-the-shelf solutions, particu- language, but rather a combination ment models. larly cloud-based services; consolidate of views into whether that system • Migrate from legacy systems reporting and analytics into consoli- could be easily updated, resourced/ to shared or enterprise services. dated business intelligence services; staffed, posed security risk or other • Increase standardization. and implement application portfolio

agency-specific determinations such management practices. • OSTERHOUTGROUP.COM

8 GCN APRIL 2015 • GCN.COM

0415gcn_006-013.indd 8 3/30/15 3:10 PM NASA tests smart glasses “ODG’s technology provides an op- portunity to increase space mission effi- for astronauts ciencies, and we are pleased to explore its potential in human spaceflight while BY MARK POMERLEAU line-of-sight checks with digital mark- also advancing its use here on earth.” ers overlaid on machinery, keeping NASA previously partnered with NASA is continuing to build upon its the user’s eyes focused on the task, Microsoft to simulate scientists working plans to harness virtual and augmented according to a release by Osterhout together in real time on Mars’ surface. reality for space exploration. The space Design Group. The HoloLens project uses NASA virtual agency and Osterhout Design Group “As electronic directions and instruc- reality software called Onsight to take announced they are exploring the use of tions replace paper checklists and lon- images from the Curiosity rover and ODG’s Smart Glasses for terrestrial and ger duration missions are considered, project them as three dimensional ho- space-based activities. there is a need for tools that can meet lograms, allowing scientists to simulate ODG’s Glasses allow users to do evolving demands,” said Lauri Hansen, walking on the red planet’s surface. • everything they would also do with a engineering director at NASA Johnson tablet, the company said. They could Space Center. let astronauts remotely access documents and/or charts, decreasing the weight of materials they carry into space and allowing hands-free work. As a NASA spokesperson told Computerworld, commercial airline pilots carry around 15 pounds in manuals, but in space exploration, every pound saved counts. Augmented glasses from Osterhout With the augmented glasses, Design Group focus on government astronauts could conduct and Mil-spec standrds.

to recovering communities in various NIST funds center to model sectors, such as health care delivery, education, social services and financial disaster recovery strategies institutions. “The tools developed by the center BY MARK POMERLEAU extreme weather on communities and will help to further advance the impor- speed recovery. tant goal of disaster resilience from After a large storm system rips through a NIST-CORE, or Community Resil- ambitious concepts to cost-effective community, a quick response time is es- ience Modeling Environment, will be a solutions that communities can imple- sential for saving lives and rebuilding so pivotal piece of the center’s capabili- ment over time,” said Acting Under communities can get back to business. ties for meeting stated goals. Using an Secretary of Commerce for Standards To help communities improve disaster open-source platform, NIST-CORE will and Technology and Acting NIST Direc- response and remediation, the National incorporate risk-based decision-making tor Willie May. Institute of Standards and Technology and enable quantitative comparisons of NIST-CORE will eventually be ca- awarded a $20 million contract to Colo- different resilience strategies, NIST said. pable of performing analysis unlike any rado State University to create the Com- The system will provide scientific met- other disaster-resilience model in the munity Resilience Center of Excellence. rics and decision tools that communities world – learning from one analysis to The center will develop computer will use to evaluate the resilience of a the next. As it continues to be ap- tools and virtual models to help local built environment and its interconnected plied, NIST-CORE’s performance will governments decide how best to invest infrastructure. The models will also inte- be tested alongside data from previous

OSTERHOUTGROUP.COM in resources to mitigate the impact of grate social systems that are essential disasters. •

GCN APRIL 2015 • GCN.COM 9

0415gcn_006-013.indd 9 3/30/15 3:10 PM [BrieFing]

Cities tap Yelp to improve “dirty” and “made me sick,” for ex- ample) with hygiene violation data. The health inspection process HBS study found that the model could correctly classify more than 80 percent BY KATHLEEN HICKEY ogy to post reviews on Yelp. of restaurants into either the top half or Yelp is not only on the receiving end of bottom half of hygiene scores using only Not only is Yelp helping people find health data. Yelp, along with other review Yelp text and ratings. great restaurants, it’s also helping health sites, could be used to help health de- Yelp data “can predict the likelihood of inspectors target offenders and pushing partments better use their resources by finding problems at reviewed restaurants. restaurants to clean up their act. narrowing the search for violators. Yelp Thus inspectors can be allocated more Today, cities such as Los Angeles, San averaged 139 million unique visitors in efficiently,” concluded Luca and Lowe. Francisco, Evanston, Ill., and Raleigh, the third quarter of 2014, demonstrating In addition to improving public health N.C., have health sanitation scores that the site is a goldmine of information via awareness and improved inspec- posted on Yelp. for those seeking restaurant reviews. tion efforts, there is yet a third way the One of the first initiatives began in Today inspections are random, “which data can be used – by the restaurants 2012, with Yelp partnering with San means time is often wasted on spot themselves. Francisco and New York City to develop checks at clean, rule-abiding restau- Lowe suggested in a February blog the Local Inspector Value-Entry Specifi- rants,” said authors Michael Luca, an that the project could help end food cation, an open data standard developed assistant professor at Harvard Business poisoning by embarrassing restaurants by Code for America that allows munici- School, and Luther Lowe, director of into improving their sanitary conditions. palities to publish restaurant inspection public policy at Yelp, in a Harvard Busi- Results from a 2013 survey found that information to Yelp. The partnership was ness Review article. restaurants informed that their score was announced in January 2013 by San Fran- Researchers developed an algorithm posted on Yelp tended to clean up their cisco Mayor Ed Lee. that analyzed merged Yelp review and act and have higher scores in their next Yet, due to technology issues, not ratings data (looking for words such as inspections, he said. • every city has been able to post scores. In fact, based on research from cloud solutions provider Socrata, a majority of U.S. cities do not yet publish restaurant Chicago hopes to replicate public health inspections, nor do they collect it in a analytics digital-friendly format, Government Tech- One city – Chicago – is already using predic- age of the restaurant, previous inspection nology magazine reported. tive analytics to determine scores, data from sanita- Most of the information is also locked which restaurants are most tion complaints and the up in PDFs or Excel documents, said Ian prone to health viola- occurrence of property- Kalin, Socrata’s director of open data. tions and which to focus based crimes. To address the issue, Socrata recently inspections on based on Its ultimate goal is to announced a partnership with Yelp to use potential violators rather replicate the process Socrata’s Open Data Portal for govern- than random checks. in other municipalities. ments to connect restaurant inspection Chicago CIO Brenna Chicago’s Department of data to Yelp. As part of the deal, Yelp will Berman and Chief Data Innovation and Technology, become a member of Socrata’s Open Officer Tom Schenk com- led by Berman, is develop- pleted a pilot program in ing WindyGrid as a free, Data Network, enabling Socrata govern- Map of Chicago food inspections February to analyze more downloadable open-source ment customers to link data in Socrata’s charts public health compliance, than 15,000 restaurants in business awareness. platform, reported Govern- Open Data Network to Yelp’s LIVE open Chicago and its surround- ment Technology. data format. ing neighborhoods for potential violations, The estimated total cost of the project In addition, Socrata will be offering according to Government Technology. is $3 million, $1 million of which comes free tech support to help its government The team used data from Chicago’s from a grant from Bloomberg Philanthro- clients transition its data to a friendlier, WindyGrid data repository with help from pies Mayor’s Challenge and other funding more accessible format via open data data scientists from AllState Insurance and generated by the city. Chicago would like portals and application programming combined it with data sets from the city’s to release WindyGrid’s code via GitHub and interfaces. San Francisco, a Socrata cus- SmartData analytics platform. other outlets in the fall so it can be used by The city analyzed information such as the other government agencies.

tomer, is already using Socrata technol- DATA.CITYOFCHICAGO.ORG

10 GCN APRIL 2015 • GCN.COM

0415gcn_006-013.indd 10 3/30/15 3:10 PM DOI, USDA open-source Interior Secretary Sally Jewell. Both DOI and USDA have laid the recreational data groundwork for easier access to rec- reational data with the creation of the BY MARK POMERLEAU name of improving access to America’s Recreation Information Database (RIDB) federal lands,” the Interior Department application programming interface, In a joint effort to publicize recreational said in its announcement. which provides all RIDB data in fully environmental data for public use, In 2013, more than 400 million rec- machine-readable and filtered data the Department of the Interior and the reation visits were paid to the national feeds or downloads. Department of Agriculture will be host- parks, wildlife refuges, monuments and RIDB is part of the Recreation One ing the myAmerica Developer Summit other public lands Interior manages. Stop, a program that aims to provide to expand the best ways to make this These visits alone contributed $41 bil- a single source of information such information available to the public. lion to the U.S. economy, supporting as recreation areas, facilities, camp- The April 11- 12 summit will augment approximately 355,000 jobs nationwide, sites, tours and permit entrances on both agencies’ projects and goals by the agency said. federal lands, historic sites, museums bringing experts in technology and out- “Engaging entrepreneurs and en- and other attractions/resources. The door recreation together to collaborate thusiasts to help transform disparate USDA will debut the API platform and on solutions for using data to promote sources of information on public lands the information it has collected at the and protect public lands. into useful, user-friendly formats will in- myAmerica Summit. Summit participants will “develop spire visitors to explore our public lands In addition to resources such as the trip-planning tools, enhance current and resources, while boosting tourism, RIDB, the myAmerica Summit will fea- online resources and cultivate methods outdoor recreation, jobs and economic ture a hackathon to develop additional for sharing data more easily – all in the activity in local communities,” said technological platforms and tools. •

sponsored by:

Special Report CONVERGED SYSTEMS: GAINING STEAM

TOPICS INCLUDE: WHEN MOVING HYPERCONVERGENCE: MAKING THE MOST THE BUSINESS CASE THE DATA CENTER TO A CONVERGED THE NEXT WAVE OF OF CONVERGENCE FOR CONVERGED OF THE FUTURE INFRASTRUCTURE CONVERGENCE INFRASTRUCTURE MAKES SENSE TO LEARN MORE, VISIT: GCN.COM/2015CONVERGEDINFRASTRUCTURE DATA.CITYOFCHICAGO.ORG

GCN APRIL 2015 • GCN.COM 11

0415gcn_006-013.indd 11 3/31/15 1:15 PM [BrieFing]

DARPA makes strides in ers from industry and universities to develop tools to give government searching the ‘deep web’ agencies ways to access these dark reaches of the web. BY MARK POMERLEAU “The goal is for users to be able to In a recent success story in Sci- extend the reach of current search entific American, Memex was used The “deep web,” a concept more in capabilities and quickly and thoroughly by law enforcement officials to help keeping with fiction than science, organize subsets of information based locate a victim of sex trafficking. The gained widespread attention after the on individual interests, according to a Memex system incorporates eight FBI shut down the Silk Road, the In- DARPA report on Memex. different open-source and browser- ternet’s premier international one-stop “Memex also aims to produce search based search and analysis programs to shop for all things contraband. results that are more immediately use- perform data analytics. A so-called “anonymous DARPA is still holding much of marketplace,” the site ran on the Memex technology close to Tor, free software that makes it its vest, but tidbits of informa- difficult to trace Internet activ- “Memex tion have trickled out since its ity by sending traffic through a helps us build inception. worldwide volunteer network of According to the report in thousands of relays. evidence-based Scientific American, DARPA The deep web traversed by prosecutions.… researchers have also made denizens of the Silk Road makes progress in creating tools that up a majority of the Internet In these complex cases, help analysts identify relation- space, according to experts, prosecutors cannot rely ships among different pieces of who assert that the commer- forensic data. cial Internet – the .coms, .nets, on traumatized victims The software also helps .govs, .orgs and .mils typically alone to testify. We need investigators build data maps accessed through mainstream showing visualizations of the search engines – only consists evidence to corroborate.” links in hundreds of these data of about 5 percent of Internet associations. It can identify rela- – MANHATTAN DISTRICT ATTORNEY traffic, according to a report from tionships between a single piece CYRUS VANCE JR. CBS News. of data – an email address, for The other 95 percent has example – and hundreds of proven to be a cyber safe haven websites. for all types of illicit activity, from nar- ful to specific domains and tasks and For instance Memex can create heat cotics trade to illegal weapons. to improve the ability of military, gov- maps that illustrate where other pieces Law enforcement officials have gone ernment and commercial enterprises of forensic data – classified ads, for ex- to great lengths to prevent such illegal to find and organize mission-critical ample – are most heavily concentrated. activity, but if they don’t know where publically available information on the The visualizations help highlight to look in the deep web, such market- Internet.” associations that might otherwise be places can be next to impossible to While DARPA intends for Memex to overlooked, according to the Scientific find. be used in the public market, initially American report. Until now, that is. The Defense it will be used by law enforcement to The New York County District At- Advanced Research Projects Agency combat human trafficking and other torney’s Office said it now uses Memex developed a search engine last year illicit activity by monitoring chat rooms, in every human trafficking case it is capable of searching the deep web. online forums, advertisements, job pursuing. “Memex helps us build ev- DARPA’s goal for Memex, as the postings and hidden services. idence-based prosecutions,” said Man- search engine is called, is to develop One of the complexities of the deep hattan District Attorney Cyrus Vance Jr. the next generation of search tech- web is that much illicit activity is not “In these complex cases, prosecutors nologies and revolutionize the discov- available long enough for search en- cannot rely on traumatized victims ery, organization and presentation of gines to “crawl” them. alone to testify. We need evidence to search results and along the way, shine As part of Memex, DARPA is working corroborate.” •

a light into the deep web. with 17 different teams of research- MANHATTANDA.ORG

12 GCN APRIL 2015 • GCN.COM

0415gcn_006-013.indd 12 3/30/15 3:10 PM Voting technology: Legislators. E-poll books come in either laptop or Is it secure yet? tablet form and go beyond the capabil- ities of paper poll books, which contain BY KATHLEEN HICKEY instead of a black box,” said Miller. a list of eligible voters in the district or But open-source code isn’t always precinct. Some additional functions With the presidential election coming regularly reviewed nor is its security include the ability to redirect voters to up in 2016, many constituencies are verified. Such assumptions can lead to the correct polling location and scan looking to how they can use technol- vulnerabilities, like the Heartbleed bug. a driver’s license to pull up a voter’s ogy to streamline the voting process. In lieu of actual voting technol- information. However, the security of voting sys- ogy, a popular tool being adopted by The technology seems to be gaining tems – both with and without technol- jurisdictions around the country is the momentum as it gets adopted differ- ogy – remains a question. electronic polling book. E-poll books ently across jurisdictions. Recently, One method gaining support is to allow election officials to review and Microsoft also announced that Elec- secure the voting process by moving process voter information but not actu- tion System and Software chose a to open-source software. The Trust- ally record or count votes. Currently 30 Windows tablet (the 10-inch Toshiba TheVote Project wants open-source jurisdictions use e-poll books, accord- Encore 2) for its newest poll books - technology used from the top down, ing to the National Conference of State the ExpressPoll Pollbook Tablet. • in voter registration, voter information services, ballot design, the foundations of ballot tabulation, election results reporting and analysis and elements of auditing. Security expert: Online voting The initiative is the flagship project not ready for prime time of the Open Source Election Technol- ogy Foundation (OSET), which wants While online applications Even so, some champions tion solution for online to have a demonstrable impact on the may add conveniences to of Internet balloting believe shopping. Also, while proxy 2016 elections. the voting process, critics the safeguards that protect shopping is a common oc- “Our nation’s elections systems and aren’t convinced that online shoppers from hack- currence and is not against security and privacy risks ers can also protect the the law, proxy voting is not technology are woefully antiquated. associated with Internet sensitive information and allowed. They are officially obsolete,” Greg voting will be resolved meet the legal regulations “Internet elections Miller, chair of OSET, told the Huffing- anytime soon. associated with voting on- are essentially impos- ton Post. David Jefferson, com- sible to audit, and there’s Three companies — Election System puter scientist in Law- no meaningful way to and Software (ES&S), Dominion Voting rence Livermore National “Internet recount because there Systems and Hart InterCivic — domi- Laboratory’s Center for elections are are no original indelible re- nate the voting machine market and Applied Scientific Com- cords of the voters’ intent have little incentive to update their sys- puting, has studied elec- essentially against which to compare tems, reported Babe. Further, election tronic voting and security impossible to the outcome,” Jefferson data standards are at least a decade for more than 15 years. He audit.” he said. “The only vote believes “security, privacy, records are on the server, old. The result is that election adminis- reliability, availability and and they are highly pro- trators are buying outdated machines. – DAVID JEFFERSON authentication require- cessed electronic ballot Moving to an open-source format ments for Internet voting images that have been would encourage tech-savvy groups are very different from, line. Advocates also believe operated on by millions and individuals to verify the integrity of and far more demanding that Internet voting will of lines of code on the cli- the voting system, assure accountabili- than, those required for increase turnout, cut costs ent device, during transit ty and get more voters to the polls. The e-commerce.” and improve accuracy. through the Internet and idea is that the more widely available In short, voting is more Jefferson refutes these on the server and canvass open software is, the more scrutiny susceptible to attacks, claims by asserting that systems.” it will receive, the more flaws will be manipulation and vulner- there currently is no strong — Mark Pomerleau surfaced and the stronger the code will abilities, he said. authentication or verifica-

MANHATTANDA.ORG be. “Make that machine a glass box

GCN APRIL 2015 • GCN.COM 13

0415gcn_006-013.indd 13 3/30/15 3:10 PM CYBEREYE CYBEREYE

BY BRIAN ROBINSON Massive OpenSSL audit hopes to squash Heartbleed-like bugs

OPENSSL IS BACK AGAIN, open source software overall, pering and coding mistakes. raphy Services audit looks to about a year after it first with other threats such as the According to Gartner, 95 be the most comprehensive made a splash with the now Shellshock vulnerability in percent of all mainstream IT and important of these ef- infamous Heartbleed bug the Linux and Unix operat- organizations will leverage forts. According to the con- revelation. This time around, ing systems and a possible some element of open source sultants that will be running however, it looks like it could SQL injection attack on the software – directly or indi- it, the audit will cover a range be a good thing. popular Drupal content man- rectly – within their mission- of security concerns but will Cryptography Services, a agement system adding to the critical IT systems in 2015. At focus primarily on Transport part of the Linux Foundation’s worries. the scale, introducing vulner- Layer Security stacks and on Core Infrastructure Initia- It’s not as if any of these abilities can be expected. In a protocol flow, state transi- tive (CII), is going to audit major open source resources recent analysis of more than tions and memory manage- OpenSSL security. It’s billed can easily be replaced. 5,300 applications uploaded ment. The audit may be the as an independent audit, even OpenSSL is reckoned to be to its platform, Veracode, largest effort to date to review though the CII has been in- used on up to two-thirds of a security firm that runs a OpenSSL, the group said, and strumental over the past year existing web servers; Linux cloud-based vulnerability it’s “definitely the most pub- in trying to right the OpenSSL and Unix also drives many scanning service, found that lic.” It will help to spot and ship by providing some of the money to get the beleaguered open source software full Open source security is seen as suffering time development help. CII is a multi-million dollar from the same resource that’s considered project housed at the Linux its strength, namely an army of volunteer Foundation to fund open source projects for core developers. computing functions. Inspired by the Heartbleed OpenSSL crisis, the Initiative’s funds servers, and Drupal has third-party components intro- fix bugs such as Heartbleed are administered by the Linux become a reliable and flexible duce an average of 24 known before they become the kind Foundation and directed by option for website operations, vulnerabilities into each web of problem they did last year. a steering group of industry including those at the White application. Preliminary results of the backers. House and other government Admittedly, others think audit could be out by the Heartbleed was a major agencies. all those volunteer develop- beginning of the summer, shock to the cybersecurity Open source software ers can also be a security Cryptography Services said. ecosystem for several reasons: isn’t alone in having security strength, since it puts that It should be eagerly an- Not only is OpenSSL widely holes, of course, as many many more eyeballs into ticipated, as the revelation of used in both public and pri- users of Microsoft, Apple, reviewing code. However, the Heartbleed, Shellshock and vate organizations’ network Adobe, Java and other pro- events of 2014 threw enough other bugs hasn’t necessar- and system security, the cod- prietary software know. But doubt onto the security of ily brought better security. ing mistake that created it ap- open source security is seen open source software that Months after the initial an- parently went undetected for as suffering from the same both industry and govern- nouncement of Heartbleed, several years before it could resource that’s considered ment have been moved to around half of the 500,000 be patched, and no one could its strength, namely an army do something to improve it, servers thought to be vulner- say for certain how many of volunteer developers. On from bills aimed at ensuring able from the bug had not systems had been affected or the one hand that leads to in- the software supply chain to been fixed. And the vulner- what data might have been novation and fast turnaround proposals for controls on the abilities keep on giving, with compromised. of new features that users of use of third-party software Cisco just one of the latest to The crisis created by that open source crave but also to components. say that its products had been bug fed into a concern about more opportunities for tam- At first glance, the Cryptog- affected. •

14 GCN APRIL 2015 • GCN.COM

0415gcn_014.indd 14 3/30/15 9:14 AM Q&A: The Cloud

An IntervIeW WItH

Stuart Fleagle, Alan Boissy, Vice President, Product Manager, vCloud Government Solutions, Government Service, Carpathia VMware Cloud Solutions and the One-Size-Fits-All Fallacy

hile it may be tempting to make have to stay on premise because of upfront work agencies should do to W an all-or-nothing decision security requirements. Because of guide them to the right kind of cloud when it comes to the cloud, it’s not that the varied requirements, we believe for a particular workload. simple. Alan Boissy, VMware’s Product that most government agencies will Manager of vCloud Government end up with some sort of hybrid, It seems like many Service, and Stuart Fleagle, Vice multi-cloud scenario where some organizations President of Carpathia Government workloads will stay on premise, Q Solutions, explain the differences some will have to be in specialized are moving toward between the different types of cloud FedRAMP clouds to satisfy security an enterprise cloud and how federal agencies can best requirements, and some will be a approach—essentially, a determine the right fit for their needs. great fit for the public cloud. “cloud first” approach that steadily migrates as many Are all federal How can an agency data center functions and Qapplications and Qdetermine which applications to the cloud workloads suitable for applications are best- as possible. What is the a public cloud? suited to the public cloud best way to achieve the versus an on-premise or enterprise cloud? Boissy: It’s not that some private cloud? Aclouds aren’t appropriate. It’s more about each workload and its Boissy: There isn’t a single requirements. You can’t look at Fleagle: It completely depends Acloud provider that can check your IT landscape with a mono- Aon the type of application or every box for the many different lithic, homogenous approach. Most workload. For government agencies, types of applications, workloads and applications developed in the past there will be some data and appli- data sets. That’s why organizations several years are web-enabled and cations, especially those deemed are choosing a hybrid approach to modular, so they can take advan- mission-critical, that will never find enterprise cloud. The key is finding tage of the elasticity of the cloud, their way to a public or community a vendor that offers that flexibility, and they are usually the easiest to cloud but will remain behind the fence because it allows agencies to slowly migrate. However, deciding which in an on-premise environment. Then wean themselves off of managed applications and workloads make there are applications that can be hosting and legacy infrastructure sense for a public cloud requires hosted and managed by a secure cloud when and as it makes sense. The an understanding of how each service provider. And finally, there are hybrid approach also provides the application works and what its workloads that are appropriate for a most flexibility, because it enables requirements are. For example, multi-tenant, community cloud envi- agencies to move workloads to the some government systems have ronment. The Department of Defense cloud and back again as required. been around for decades and aren’t (DoD) is a good example of how that designed to scale. That means that would work. In its guidance, DoD de- Is it more cost- it is likely going to be either diffi- fined different categories of workloads effective for agencies cult or cost-prohibitive for them to based on security, impact levels and Q move to the public cloud. Addi- mission impact, and put those use to take an enterprise tionally, some applications may cases in different categories. That’s the approach to cloud? Q&A: The Cloud

Fleagle: It depends. Take the Fleagle: Most agencies have APIs where they can have their data Aexample of an agency that Amade a significant investment in ported into other programs so it can experiences spikes of activity, which virtualization as a way to consolidate be presented in a single view. could happen during tax season, and automate data centers, and that healthcare enrollment season, is something that definitely isn’t lost f you could offer a few or during times of emergency when moving to the cloud. Take the pieces of advice to agen- or conflict at the Department of example of VMware. The vast majority I Homeland Security. During steady- of government has standardized on cies about cloud comput- state times, that agency might VMware, so migrating to the cloud ing, what would it be? be running in a dedicated cloud using VMware vCloud® Government environment where they know Service provided by Carpathia™ does Fleagle: Strongly consider a exactly what they are paying for on a good job of leveraging an agency’s Ahybrid approach. It’s the most a monthly basis. However, when existing technology investment. It can flexible model for government. With spikes occur, they can be easily knock down cost hurdles and agency this model, a cloud service operator switched to a multi-tenant cloud to staff doesn’t have to be retrained or can provide different cloud scenarios take advantage of instant scalability learn new technology. within the same data center, from and on-demand provisioning of private cloud and public cloud to a additional resources. It’s the concept When you have dif- bare metal virtualized environment. of owning the base and renting ferent cloud solutions A hybrid model can connect any the spike, which can be very cost- Q combination of those over a Layer effective. in different departments, 2 connection at a nominal fee, doesn’t management be- with zero latency and maximum Boissy: An enterprise approach come tricky? flexibility. Ato cloud also allows agencies to share resources more easily, which Boissy: Right now, it can be Boissy: There are two reasons can save a lot of money. For example, Acomplicated because many Awhy cloud migrations fail. The an agency may have several divi- solutions have their own monitoring first reason is if an agency leaves it sions, each using its own email sys- tools and alerting tools, and different solely to the IT department to make tem, payroll system and SharePoint user populations use the data the decision. Instead, it should be sites. With an enterprise approach differently. Technical users just want a business decision that includes and a shared services strategy, that to know how much a CPU is spiking input from not only IT, but finance, agency can drive real efficiencies by or whether the SQL database is down, legal, procurement and the executive eliminating duplication. The cloud while the finance people want to see team. The second reason for failure helps achieve this because it allows CapEx and OpEx data, and executives is not understanding your own all divisions to access resources from want to see all of that information at environment. By understanding only a central place. It also frees agencies a higher level. Vendors are starting to what you have, you can get to the from geographic constraints. work toward the “single pane of glass” point where you have a clear agenda approach where everybody will get the of what you are trying to accomplish. What about the huge data they need from one dashboard, If you don’t do that before starting investments agencies but it’s taking some time. Vendors are on your cloud journey, you’re less Q also getting smarter about offering likely to be successful. have made in technology and the skills to implement and manage that technol- ogy? As we get deeper into the cloud era, does this mean that all of those investments are now ob- solete? For more information, visit www.carpathia.com/learn/vmware-vcloud

INDUSTRY INSIGHT

BY DANIEL RASKIN How the Identity of Things streamlines the citizen experience

IDENTITY IS A CRITICAL via acquisitions. ties to build out new online software triggers additional component of compliance and This made for unwieldy government services, while security precautions such as federal privacy policy. “product suites” that were also preventing government asking security questions or Without a sound and com- overly complex, with redun- data from falling into the texting verification codes to a prehensive identity strategy dant and incompatible capa- wrong hands. Key features of user’s cell phone. – and the tools to deliver it bilities. Niche IAM players an IDoT platform include: – agencies have no way to en- created streamlined solutions • Real-time context to help PRACTICAL force regulatory compliance, to address specific problems, an agency make access and APPLICATIONS FOR IDOT secure systems or monitor us- but without any overarching security decisions New smart city initiatives are ers’ online behavior – whether identity solution, agencies • A persistent identity of the the prototypical example of it is through a laptop, mobile had no way to quickly and user across the organization IDoT in action, using technol- phone, tablet or wearable easily build and manage per- • Personalized services ogy and data to implement device. sistent user identities across based on real buying habits more cost efficient, sustain- Yet traditional identity departments. • A common identity able services and information management vendors are IDoT requires a unified platform for authorizing how in transport, healthcare and still having one-dimensional identity model. Its core tenet data is shared across apps, environmental protection. conversations focused on yesterday’s challenge, the internal user. And identity The Identity of Things creates a single, management continues to be persistent, panoramic view of a citizen based on monolithic plat- forms that use static rules to across every department, reducing time to make decisions and are not designed to easily integrate roll out services from years to weeks. with new applications. However, Identity of Things is that identity should be ex- devices and things That’s where IDoT platforms (IDoT) platforms are now posed in a single, repeatable • Modular and flexible can help, allowing citizens to emerging to provide device- way that makes it easy to roll architecture, to facilitate re- securely access city services agnostic access, handle large- out to any connected device peatable business processes, quickly and efficiently while scale populations and make or thing. The goal behind this accommodate millions of also making their lives better. decisions based on context. principle is to provide new concurrent users and devices IDoT can also alleviate Large and small govern- public services quickly, reduc- and reduce typical deploy- security and efficiency woes ment organizations alike are ing the delivery time from ment times. when it comes to filing taxes, adopting IDoT for its ability to years to just weeks. In addition to making paying parking tickets, man- manage the digital identities At its core, IDoT uses identi- public services more ef- aging welfare services and of employees while keeping ty to create a single, con- ficient, IDoT will help solve health information, applying citizen users secure. sistent panoramic view of a online security issues as part for schools and student loans, citizen across every agency. It of a robust, multi-layered and conducting a wealth of ACCELERATING ONLINE also uses data to build profiles security model. Real-time other routine activities. SERVICES that will help agencies engage contextual clues in addition When citizens are empow- Today, identity manage- with citizens more effectively to credentials help govern- ered with quick, easy and ment platforms must cater and efficiently. Understand- ment agencies vet whether to secure self-service, they ulti- to the pace of user demands. ing who these citizens are give access and how much. mately come away satisfied, Unfortunately, government helps governments deliver For example, when a system the ultimate destination for agencies have relied on tra- more relevant services and detects a login attempt with an IDoT-driven agency. • ditional identity and access products. correct credentials, but from — Daniel Raskin is vice management (IAM) systems All of this makes for satis- an unrecognized IP address or president of strategy for for years, cobbled together fied citizens and opportuni- at an atypical time of day, the ForgeRock.

18 GCN APRIL 2015 • GCN.COM

0415gcn_018.indd 18 3/30/15 4:14 PM INDUSTRY INSIGHT

BY (ISC)2 ADVISORY BOARD EXECUTIVE WRITERS BUREAU, DAN WADDELL Where to find actionable threat intelligence

IN TODAY’S WORLD of potential threats to national honeypots, IP addresses that A disgruntled user who was ongoing data breach cycles, security. “phone home” to command just fired may want to exact federal agencies struggle to Taking these definitions and control servers operated revenge but may be limited in keep up with the threats that into account, it’s clear that by the criminals. capability. A system adminis- loom over systems that hold sources of threat information Hard drives: Perform trator in the same scenario has sensitive data – everything are found in a variety of places forensic analysis on infected both capability and intent. from personally identifiable both internal and external machines, looking for attack • Take inventory of the data information and protected to an organization – and cer- patterns, targeted files and sources of threat information health information to design tainly not limited to technical data. needed to help identify the plans for the latest stealth sources such as network moni- Logical/physical access biggest threats to the agency. aircraft. toring logs, firewalls, intru- system logs: Analyze login • Go one step further and The problem is now receiv- sion detection and prevention attempts, check swipe access determine how many of those JUNIT ing attention at the highest systems, malware analysis logs into the datacenter or data sources can be compiled levels of government. For some time now, the White House has considered the idea The key to identifying threats is to start of a federal government-led fusion center for coordinating planning now. Once a system is breached, threat intelligence, but it only there’s no turning back the clock. recently became official when the White House announced the formation of the Cyber tools, honeypots, phishing server room – wherever the by individual staff members Threat Intelligence Integra- traps and so on. most sensitive data resides. and which others require tion Center. The phrase “any circum- Look for odd or unusual pat- additional effort in order to So how can organizations stance or event” could also terns in both. collect data. For example, provide actionable threat mean heightened activity on a Performing analysis on this does the current service- intelligence in an effective and Dark Web forum (the deepest, magnitude of data is no small level agreement (SLA) with efficient manner? darkest parts of the Internet task. As a result, IT managers the agency’s cloud service First, it’s important to accu- where underground cyber need to develop a solid data provider allow the IT manager rately understanding the term criminals discuss and conduct analysis strategy that incorpo- access to logs that may hold “threat intelligence.” illegal activity), a post on so- rates people, processes and, data critical to help track Threat (as defined by NIST) cial media or an attack against most definitely, technology. down attackers? is any circumstance with the a government ally in a differ- Automation is absolutely para- Finally, the key to identify- potential to adversely affect ent part of the world. mount when dealing with this ing threats is to start planning organizational operations Just these few examples volume of data. The following now. Time is the most valuable and assets, individuals, other show how much work is high-level outline provides a asset in the event of an attack. organizations or the nation required to sift through all of simple starting point: Once a system is breached, through an information these data sources. • Conduct a risk assess- there’s no turning back the system via unauthorized ac- So where should agency ment based upon the agency clock. Agencies must rely on cess, destruction, disclosure, personnel begin in identifying mission. thorough preparation and modification of information data sources that will result in • Identify the threats that analysis of threats in order and/or denial of service. actionable threat intelligence? pose the most danger to the to stay one step ahead of the Intelligence (as defined by Some potential sources exist mission. Who wants the data? attackers. • the FBI) is information that in the existing IT environ- Why? Consider both insider — Dan Waddell is (ISC)2 Di- has been analyzed and refined ment: and outsider threats. rector of Government Affairs so that it is useful to policy- Local data logs: Review • After compiling a good and EWB member and lead makers in making decisions system logs, packet captures, list of potential threats, assess author of this peer-reviewed – specifically, decisions about malware, incident data, local their capability and intent. article.

GCN APRIL 2015 • GCN.COM 19

0415gcn_019.indd 19 4/1/15 9:38 AM INDUSTRY INSIGHT

BY NEIL CHAUDHURI Struggling with Scrum? Try Kanban for IT projects

OVER THE LAST DECADE, ing model espoused by the The Kanban board demon- Tom Poppendieck identified many have written about “Toyota Way,” Kanban is in a strates unequivocally where seven wastes of software what agile software develop- way a superset of Scrum. everything is in the workflow development analogous to ment offers to government IT. Depending on whom you and reveals potential bottle- wastes in manufacturing. Effective practices for making ask, Kanban has five proper- necks. The board can even Those familiar with Scrum agile work in the federal ties or six practices, but I reveal steps you weren’t even know source control, test- government were outlined in prefer to follow the example aware exist. ing, continuous integration, report from the Government of Marcus Hammarberg and cross-functional teams and Accountability Office and Joakim Sunden and focus on LIMIT WORK IN PROCESS splitting work into manage- in the U.S. Digital Services three objectives. Queuing Theory offers able, similarly-sized chunks Playbook. insight into reducing the eliminate waste. The Kanban Yet while government IT VISUALIZE WORK cycle time for an item in board helps identify blockers has improved, it has a long Analogous to the Sprint Back- your workflow. In particular, as cards accumulate in vari- way to go. We witnessed log in Scrum, a Kanban board Little’s Law states cycle time ous columns. the spectacular failure of is an information radiator is the quotient of work in Also avoid open-ended the initial rollout of Health- that conveys the workflow process and throughput. In commitments. Deadlines Care.gov, and many far less in an explicit way. Each item other words, to speed up the make you focus. In Scrum, visible failures happen all of work is represented by an flow, you need to limit work timeboxes are built-in with the time. One reason is that index card or Post-it color in process and/or increase fixed sprints during which not enough government IT coded to the type of work productivity. The latter will the team delivers the highest- projects are agile. Another is that Scrum, the most popular agile framework, is hard. IT managers struggling with the rigor of In fact Scrum is so hard Scrum should focus on optimizing workflow that the primary duty of the ScrumMaster is to serve as directly and give Kanban a try. its guardian. Although I am certified in Scrum and teach (e.g. new feature, bug, etc.) happen with automation, priority features. Kanban has a Scrum course, I am not so with a short description, a training and familiarity with no sprints, but you should dogmatic as to ignore how deadline, the team member the work. Meanwhile, you impose timeboxes in the form hard it is to execute effec- who has pulled the work and should make sure as few of deadlines and service-level tively. Thankfully, it isn’t our other pertinent information. items as possible are in pro- agreements. only hope. As Yoda once said, The work items are ar- cess at the same time. Large Scrum is just as focused on “There is another.” ranged in columns indicat- chunks simply bog down the meeting these three objec- Let’s examine why Kanban ing where they fall in the whole system. tives, but it takes a formal- may in many cases be a better workflow. A typical column When you force the team to ized, sprint-centric approach choice for government IT set from left to right might tackle too many tasks simul- to address flow. Scrum also projects than Scrum. have these columns: ToDo, taneously, it leads to context focuses more on team inter- Scrum is a process. Kanban Analysis, Development, Test- switching, mistakes, more action when doing the work is more of a metaprocess, as- ing, Acceptance, Deployment work to correct those mis- than on the work itself. serting key principles without and Production. takes and ultimately delays. Perhaps those in govern- prescribing how to accom- A Fast Track column could ment IT intimidated by the plish them. There is nothing be added for urgent work MANAGE FLOW rigor of Scrum should focus about sprints, Product Own- items that arise. Another Limiting work in process is a on optimizing workflow di- ers, formal planning meet- useful tidbit might be criteria key component to managing rectly and give Kanban a try. • ings or any of the ceremony for exiting a stage in the flow, but a related element is — Neil A. Chaudhuri is associated with Scrum. Based workflow. For example, what eliminating waste. founder and president of on the lean manufactur- makes code ready for testing? Lean experts Mary and Vidya.

20 GCN APRIL 2015 • GCN.COM

0415gcn_020.indd 20 3/30/15 11:31 AM Where you need us most.

Mobile Tablet Desktop Print storageFinding the right

For agency data center managers looking to balaNew virtualization nimprove the economyce of their data centers, one of the best options for savings lies in the techniques and emerging how storage is managed. Thanks to new virtualization techniques and emerging flash storage technologies, flash technologies are data center operators now have ways to control how they deploy storage systems to giving data center operators speed backups and reduce costs. “Data centers [operators] should be introspective and look at how their storage more control over how they is being accessed and find ways to customize storage solutions for each different work- manage storage systems, load,” said Jason Hick, head of the Storage System Group at the Energy Department’s National Energy Research Scientific Comput- speed backups and reduce ing Center (NERSC). “There are a variety of emerging storage costs. technologies. Using all of them for what they do best is key,’’ Hick added. “You need to BY CAROLYN DUFFY MARSAN understand flash, disk and tape and come up with the best mix based on your internal op- erations. It pays huge dividends for us when we balance our workloads well.’’ GCN talked to operators of several cutting- edge government data centers to find out which new storage technologies they are deploying and what best practices they are using to keep their costs steady and their performance escalating. Here are their recommendations:

22 GCN APRIL 2015 • GCN.COM

0415gcn_022-027.indd 22 3/30/15 3:57 PM balance

GCN MARCH 2015 • GCN.COM 23

0415gcn_FEAT.indd 23 3/30/15 9:29 AM STORAGE OPTIONS

1. CONSIDER FLASH Massachusetts universities working on government-funded research projects such as climate change modeling, ge- Flash memory is more expensive than said Katie Antypas, deputy for data nome sequencing and security analysis. disk drives or tape, but it can be a good science at NERSC. “This will be another The center uses flash for temporary choice for performance-intensive ap- layer of storage that our users will have storage when the supercomputer is plications because of its speed. access to.” working on a problem. The DOE’s NERSC in Berkeley, Antypas explained the Center’s “Flash gets you a lower latency. When Calif., deployed flash for its file system different storage tiers: “ Now we have you’re working with a dataset where metadata in August. Hick said flash is scratch, project and archive,” she you need to grab a large number of working well in this key application, said. “Scratch data we keep for up to very small chunks of data out of a very which affects all 6,000 of the center’s 12 weeks. Project data we keep for a big data set, flash is very good choice,” users for services such as logging in to couple years, and our archive goes back Goodhue said. “As the size of flash 40 years. Flash will drives goes up and the cost goes down, store data for hours the affordability of flash is improving “There are certain cases or days. The trade-off over time.” where it makes a lot of is that it offers really Even so, Goodhue said sometimes sense to substitute flash high bandwidth.” regular disk drives are better than John Goodhue, ex- flash. even at an increased cost ecutive director of the “You need to think hard about the because the performance Massachusetts Green cost of flash and where it is really going benefits are there.” High Performance to benefit you because it is very prob- — JASON HICK Computing Center lem-dependent,” Goodhue said. “Flash (MGHPCC), has simi- isn’t going to lift all boats, but it is going lar views about the to lift a lot of them. Make sure that the the supercomputer. potential for flash. speed really matters. Often, disk is just “Backing up our critical file system MGHPCC is a joint venture of five as good and is less expensive.” • was taking 12 hours. Users noticed because the file system became slow and unusable,” Hick explained. “After deploying flash, the backups are down 2. MAKE SURE THE NETWORK IS POWERFUL to three hours … I’m not sure we have ENOUGH TO SUPPORT CLOUD STORAGE any complaints now. I don’t think the users even know we are backing it up.” The MGHPCC has adopted a cloud-based right next to the compute resources,” Hick encourages data center opera- approach for the many petabytes of he said. “Instead of moving the data to tors to conduct a careful analysis of scientific data it stores in a two-year-old the scientist’s computer, we’re moving flash memory and determine the trade- facility in Holyoke, Mass. the compute to where the large dataset offs for each application. MGHPCC has several tiers of stor- is stored.” “There are certain cases where it age. Scratch, for short-term data, Goodhue said network speed is makes a lot of sense to substitute flash provides 10 terabytes of temporary critical given that MGHPCC is located even at an increased cost because the storage for computers that are work- in Western Massachusetts while the performance benefits are there,” Hick ing on a problem. High-performance researchers it supports are in Boston said. “If you can get four-times ben- parallel file systems store petabytes and other parts of the state. To work efit in performance and reduce user of data after it has been processed these digital distances, MGHPCC has complaints down to zero, I would say and network-attached storage systems 10G links to its university partners and it’s worth it.” handle the most critical files, includ- plans to upgrade to 100G links. NERSC is so happy with how flash ing home directories. “We pride ourselves on looking like is working with its file system meta- “We use a cloud strategy for our a local resource to our users,” Goodhue data that it plans to have a layer of storage,” Goodhue said. “That’s why we said. “It’s important from a networking flash technology built inside of its next place a huge emphasis on high band- and storage management point of view supercomputer. width and very efficient networking.” that it is very fast and very easy to move “The flash will be on [an] intercon- “What you’re seeing in a facility like data from a workstation in Harvard out nect inside the supercomputer to store ours is a large amount of data stored to Holyoke and back.” data for the duration of a simulation,”

24 GCN APRIL 2015 • GCN.COM

0415gcn_022-027.indd 24 3/30/15 3:57 PM

STORAGE OPTIONS

Goodhue pointed out that having a “There are protocols that are good keep data in sync between two storage high-speed network connection doesn’t at moving data over high-bandwidth pools because the protocols that we had necessarily mean that data will transfer links, and protocols that are not good been using were either too sensitive at a fast rate. He recommends data at that,” Goodhue says. “We’ve had to latency or very sensitive to high-bit center operators consider the network several instances where we had to re- errors.” • protocols that they use, too. think how we connected to locations to

3. DON’T BE AFRAID OF TAPE, migrated to the new National Support ESPECIALLY FOR ARCHIVES. Center, it will have 30 petabytes of raw DASD, the agency said. SSA is deploying virtual tape systems NERSC has a total of 72 petabytes of the performance and capacity to handle from Oracle and EMC, which will provide data stored on tape systems, some for our backup requirements, while using the performance and capacity to handle long-term archival purposes and some significantly less data center floor space backup requirements using significantly to support ongoing projects. Although compared to magnetic tape media,” SSA less data center floor space compared to it is an older technology, tape is cost- said in a written response to GCN ques- magnetic tape media. effective, Hick said. tions about its storage systems. “Virtual tape provides all of the advan- “Tape is often reported to be dead SSA’s commitment to virtual tape tages of modern disk-based storage at a or about to die,” Hick said. “One of is significant, as it has 27 petabytes of price that is cheaper than magnetic tape our newest users, the Joint Genome raw deduplicated virtual tape and ap- media,” SSA said. The bottom line? “By the Institute, didn’t use tape at all, only disk proximately 50 petabytes of raw Direct end of 2016, when our Electronic Vault be- storage. They were struggling with how Access Storage Devices (DASD) storage comes fully operational, SSA will no longer to store all of their data, and their bud- in three data centers. When SSA has fully have physical tape,” the agency vowed. • get was out of control. Yet they were very skeptical about why we would use tape. We have a lot of experience with 4. BOOST EFFICIENCY WITH tape, and we taught them about it. STORAGE VIRTUALIZATION. “Tape is not all great,” said Hick. “But in the end it solved their data growth and SSA is embracing virtualization across SSA said. budget problem for storage.’’ all of its media – including tape – as it At the same time, SSA is deduplicating Hick said tape offers significant cost migrates to a new 300,000 square-foot its data to reduce the amount of storage and capacity advantages over disk sys- National Support Center in Urbana, required for backups. For example, tems and is a viable solution for govern- Md., which opened last September. SSA is seeing a deduplication reduction ment data centers that are not keeping The agency has already virtualized factor of 18:1 for tape backups on its an archive because they think it is too much of its open system data stores, open system platforms and 9:1 for the expensive. which are attached to HP, Oracle Solaris, mainframe virtual tape subsystem. “I talk to a lot of government sites that VMware and Windows servers using SSA said deduplication is giving the don’t have an archive. They are in com- storage-area networks and network- agency a significant environmental pliance for email, but beyond that they attached storage. Mainframe subsystems advantage. “Our continued migration don’t understand the value of retaining from EMC and IBM are virtually provi- from physical to virtual tape is provid- data,” Hick said. sioned and auto-tiered, too. ing improved energy efficiency, reduced The Social Security Administration, SSA says virtualization is improv- footprint and enhanced business resil- which has little choice about whether to ing storage system usage and energy ience,” SSA said. retain data or not, is looking toward a efficiency. SSA also virtualizes and auto-tiers its new approach to storage in the next year. “The virtualization and automated mainline DASD subsystems to support its SAA will migrate its mainframe backup tiering of mainline mainframe and open I/O needs and slash its physical and en- and recovery operations from magnetic systems storage subsystems have al- vironmental footprint. SSA said heavily tape media to disk-based virtual tape. lowed us to service the increased input/ accessed data will reside on solid state The Electronic Vault system will come output (I/O) demands of the servers drive (SSD) media while high capacity online by the end of 2016 to support the while consolidating data onto higher data will reside on high-density Serial agency’s new National Support Center. density media. This reduces both the ATA (SATA) media. “Modern virtual tape systems have physical and environmental footprint,” The agency said government data

26 GCN APRIL 2015 • GCN.COM

0415gcn_022-027.indd 26 3/30/15 3:57 PM centers will reap significant rewards by Data centers that are adopting storage a storage infrastructure supporting high- exploiting storage virtualization along virtualization should deploy resource performance, high-availability workloads with automated tiering and data de- management and performance manage- with a given staff efficiency,” SSA said. duplication. “These technologies are ro- ment tools, SSA recommended. They become even more critical when bust and maturing rapidly,” SSA noted. “These tools are essential to managing virtualizing and tiering storage. •

5. OPTIMIZE THE TRANSFER give the data a permanent identifier, which allows the researcher or institu- VERY LARGE DATASETS tion to curate it in a way that makes sense for them.’’ Many leading-edge data centers are Goodhue said Globus makes the One of the advantages of Globus grappling with how to transfer massive transfer “simple, fast and transparent for is that it allows the end user to man- datasets of 10 terabytes or more from researchers to move big datasets from age, move and share very large data one location to another. To handle the one place to another.’’ sets without involving IT department massive transfers, they are adopting ser- The Globus service has been available personnel. The model has uses for vices such as Globus, developed by DOE’s for five years and includes 30 federal enterprise data as well as scientific data, Argonne National Laboratory. laboratories and universities as its cus- Vasiliadis said. Globus is a cloud-based data transfer tomers. “We’re handling the administra- service that supports the sharing of Argonne offers other services that tive burden and letting our users take large datasets in a way that carefully takes advantage of the transfer technol- advantage of the high-performance manages bandwidth and improves reli- ogy, including a data publication and storage systems we have in place,” ability. discovery service that allows researchers Vasiliadis said. “Transferring data is “We started as a high-performance to share their data with others through a really time consuming and error-prone, secure file transfer service,” said Vas Vasili- cloud-based platform. and it shouldn’t be that way. We give adis, director of products, communications “We give them the mechanism to de- the user a simple browser tool, and they and development for the Computation scribe their data using metadata and to can move terabytes of files and forget Institute at the University of Chicago’s assemble it and spread it across multiple about it. They don’t have to babysit the Argonne National Lab. “If you want to systems for storage,” Vasiliadis said. “We transfer.” • move terabytes or petabytes of data from a national lab back to your campus, we are a service that will act as a third-party 6. PROTECT DATA ARCHIVES WHEN THE mediator or controller to make sure the DATA CENTER IS BEING RENOVATED. data transfer completes. We recover errors automatically and notify you when we’re done.” The National Energy Research Scientific said, adding that his team learned how The Massachusetts Green High Per- Computing Center learned the hard way to protect its tape archival system from formance Computing Center is one user that data centers need to protect their dust. of the service. MGHPCC’s Goodhue said tape-based archival systems when the A few years ago, NERSC had to hire an the software has an interface that’s easy building is under construction. environmental remediation company to for scientists to use without needing IT NERSC has 45 petabytes of scientific migrate valuable data from dusty tapes support. The benefit of Globus is that it data stored in its archival tape system, onto clean tapes. Now NERSC wraps its optimizes the way a large file is transmit- which dates back 40 years. Unfortu- tape systems in a bubble to protect them ted across the network. nately, the archive suffered from what when construction occurs. “Globus figures out the speediest way Hick called a “dusty tape problem” due to “We have to build a bubble with a to get the file from here to there,” he said. regular construction at the center. filtration system around the tapes. It’s “It has a set of performance monitoring “We’re frequently doing construction cleaner than normal,” Hick said. The cen- tools to periodically check those paths and to prepare for new techniques of cool- ter built three of them to avoid putting make sure nothing is hindering the trans- ing, or removing walls to get a bigger user data at risk. fer rate. You can think of it as an overlay supercomputer system,” Hick said. “The reason I’m sharing this is that on the Internet that is very careful about “That activity is not good for storage, in it’s an issue most sites won’t talk about, the paths it chooses and also tests those particular the dust involved in con- Hick said. “But there are solutions. Dusty paths to make sure the transfer rates can struction. I’m talking about particles tapes are not a catastrophe. You just have be very high.” down to the submicron level,” Hick to be smart about this risk.’’ •

GCN APRIL 2015 • GCN.COM 27

0415gcn_022-027.indd 27 3/30/15 3:58 PM INTEROPERABLE COMM FIRSTNET

Colorado takes FirstNet for a test drive

The wireless LTE network supported responders’ video, situational awareness, mapping and photo applications

BY STEPHANIE KANOWITZ

hen a vehicle turned up in an effort to build the first high-speed, did degrade just due to multiple thou- where it shouldn’t have dur- nationwide wireless broadband net- sands of people in a one block square W ing a ski competition in Col- work dedicated to public safety. Con- radius, we saw the public safety net- orado in February, new mobile broad- struction of the network requires each work remain stable, and we were able band technology made the difference state to have radio-based networking to provide good communications from between a scramble by police to locate gear that can connect to FirstNet’s net- Beaver Creek to Vail, which has histori- the vehicle and a quick, more targeted work core. cally been a challenge.” search from first responders. In Vail, first responders were test- The Eagle County, Colo., Sheriff’s Using new LTE technology set up for driving a range of applications support- Department and the Vail police and the event, an officer put a marker on a ed the wireless LTE network, including fire departments were involved in the map noting the vehicle’s location broadband test, which was au- and then sent a screenshot of the thorized for non-mission-critical map to about 200 other safety of- “One of the key uses. Meanwhile, networking ficials in the area connected to firms brought in various compo- the network via mobile devices. takeaways, from my nents of the network. “We had officers from out of Sonim Technologies, a supplier the city area helping us, and perspective, is that this of ultra-rugged mobile solutions rather than having to ask di- technology is pretty provided 35 ruggedized devices rections on the radio or look at for use in the demo, while up to their Google maps and figure out much a need-to-have 200 responders and public safety how to get there, they had that officers used their personal de- map sent over the LTE network right now.” vices to access the network via and were able to respond to the – BRIAN SHEPHERD, Wi-Fi hot spot. scene,” said Jennifer Kirkland, COLORADO OFFICE OF IT In addition, four 2-by-3-foot operations support supervisor General Dynamics eNodeB boxes at the Vail, Colo., Public Safety were integrated into the nodes of Communications Center. “It saved time video surveillance, situational aware- a distributed antenna system that wire- and resources.” ness and photo applications. less infrastructure firm Crown Castle The event in Vail was the 2015 Inter- In fact, the network proved to be criti- had recently deployed in Vail. national Ski Federation’s Alpine World cal to public safety officials’ ability to do “We essentially just integrated the Ski Championship, where Colorado their jobs when commercial networks Band Class 14 infrastructure into the public-safety agencies gathered to test faltered in handling the digital crush of current distributed antenna system drive the First Responder Network Au- more than 150,000 people at the event. that Crown Castle owns and operates,” thority’s (FirstNet) 700 MHz Band Class “The [LTE] network performed ex- Shepherd said. “Our goal was just to get 14 Public Safety Long Term Evolution ceptionally well,” said Brian Shepherd, devices into hands of end users and test (LTE) Demonstration Network. broadband program manager at the the overall technology through the two- The FirstNet wireless broadband net- Colorado Office of Information Tech- week-long event.”

work was created in 2012 by Congress nology. “When commercial networks For the first time, responders were IMAGES FRANK MAY/AP

28 GCN APRIL 2015 • GCN.COM

0415gcn_028-030.indd 28 3/30/15 9:36 AM Getting wireless cellphone coverage in the ski resort towns of Vail and Beaver able to use enhanced video surveillance Creek, Colo., has always been a challenge. This winter when 150,000 extra from five surveillance cameras on Band people arrived for the Alpine World Ski Championships, FirstNet Colorado Class 14, as well as upload photographs and its partners tested a dedicated LTE broadband network using FirstNet- and conduct situational awareness and licensed 700 MHz spectrum. Over the course of the event, users – including mapping. local police, federal law enforcement agencies, the FBI, National Guard, FEMA and public safety support personnel – sent and received 1.96 terabytes of To provide capacity at the race’s fin- data using rugged cellphones with capabilities for voice, text, GIS, video and ish line in Beaver Creek, a remote area push to talk. The extended coverage and increased capacity and speed let first that sits 8,000 feet above sea level in responders access vital information in real time. a topography known for poor network communications, the team deployed a mobile cell on wheels. Push-to-talk was also integrated with Typically, local public safety managers spective. “It was great to be able to see the land mobile radio network that all use automatic vehicle location on their where our responders were on a map. responders accessed so the two net- computer-aided dispatch systems, but It was nice to be able to push to talk to works could communicate. that shows only vehicles’ position, Kirk- them if I needed to. From a dispatch “They really liked the push-to-talk land said. perspective, knowing where the officers functionality, which essentially turned “In this event, the officers were on and responders were and having that a smart phone into almost a two-way foot for the vast majority of the time, so situational awareness was fantastic.” radio,” Shepherd said. we had an awareness of their location Training first responders to use the First responders also liked the situ- that we wouldn’t have had without it,” devices was easy, and they were up and ational awareness application enabling said Kirkland, who enabled her person- running quickly, she added. “The end

FRANK MAY/AP IMAGES FRANK MAY/AP them to locate each other on maps. al device for use from a dispatcher’s per- users – our police and firefighters – re-

GCN APRIL 2015 • GCN.COM 29

0415gcn_028-030.indd 29 3/30/15 9:36 AM INTEROPERABLE COMM FIRSTNET

ally, really enjoyed it.” the demonstration network is the im- Internet,” Coleman Madsen said. Dwight Henninger, Vail’s police chief, mediate need for this,” Shepherd said. Another area for further investigation that it’s usually difficult to make a sim- “I think a lot of us in the states have is how this technology could replace ple phone call from the race site. “What been talking for a while about how this current voice communication among we’ve been able to accomplish this week type of network would be a nice-to-have first responders, she said. “We had re- with really having great, comfortable thing. I think one of the key takeaways, ally positive feedback wanting to use technology that we need to share data from my perspective, is that this tech- the technology in place of their mission- back and forth…has been really posi- nology is pretty much a need-to-have critical voice, which we would not en- tive,” he said. right now.” courage or support at this point.” The idea for the demonstration first Still, some kinks would need to be Right now, the ball is in FirstNet’s arose from Vail’s police chief in June worked out. court, Shepherd said. In January, the 2014, and the green light for it came For instance, police officers can’t per- state attended a FirstNet Initial Consul- from FirstNet and the Federal Com- form crowd control duties while look- tation Meeting at which 120 represen- munications Commission, on Oct. 16. ing at a smart phone, said Kim Coleman tatives met with FirstNet officials to talk Strategy work began in November, and Madsen, FirstNet Colorado public safety about planning the nationwide public “we really stood the network up in about broadband manager. Instead, two offi- safety broadband network (NPSBN). two to three weeks,” Shepherd said. cers would be needed: One to watch “My overall takeaway is that Colora- Looking ahead, Shepherd said he wants the crowd and the other the phone. Not do is dedicated and committed to mak- to get approval from FirstNet to make Col- to mention the negative response the ing the NPSBN a success in their state,” orado’s special temporary authorization public would have to officers staring Dave Buchanan, the authority’s director to use the Band 14 permanent. at mobile devices, she added. “The as- of state consultation, wrote in a blog “One of the key things we saw from sumption is maybe he’s looking at the post. •

up on auditory cues, she Eagle County ready for text-to-911 added. “You just don’t have the same relationship with a Since January, people in parity of access to 911, a visual alert then opens a text,” Kirkland said. Eagle County, Colo., have where they don’t have to chat session on the PSAP Currently, the county’s been able to send text call a relay service or use a worker’s web browser. Staff text-to-911 program messages to emergency TDD machine. They can just can reply by typing on the supports only data that responders through a new access 911 like any other keyboard or selecting a comes in by Short Message text-to-911 service. Now citizen.” pre-written message from a Service, not videos or officials are just waiting for The county worked drop-down menu. photos. It’s accessible the first emergency texts to with TeleCommunication “It works just like any via any device that uses start trickling in. Systems’ Geospatial other text relationship that the major carriers AT&T, “We wanted to offer Emergency Manager 911, a you might have with a friend T-Mobile, Verizon and Sprint. that functionality to our web-based hosted solution, or a relative,” Kirkland said. No one has sent 911 citizens because it was so no additional technology “The first text we send back a text yet, Kirkland said, something that was already was needed. The system is when we receive one says, perhaps because people expected,” said Jennifer accessed via a website, and ‘A voice call is best, but aren’t conditioned yet to Kirkland, operations support each person must sign in to go ahead with your text if think to do that. supervisor at the Vail Public receive texts. you’re unable to call, and Also, “I think most people Safety Communications When someone texts 911, what is the location of your actually prefer to call than Center. “It’s also something TCS routes the message emergency?’” text,” she said. that we wanted to offer for to the correct Public Safety “Text-to-911 is ideal for — Stephanie Kanowitz the deaf and hard-of-hearing Answering Point (PSAP), some situations, but a voice community. It gives them or 911 center. A chime and call lets call takers pick

30 GCN APRIL 2015 • GCN.COM

0415gcn_028-030.indd 30 3/30/15 9:36 AM CLOUD STORAGE AS A SERVICE

IRS flips storage for cloud service offering

Unisys converted the IRS’s storage systems into a virtualized storage-as-a- service offering that allows the agency to only pay for the capacity it uses

BY CAROLYN DUFFY MARSAN

he IRS is on track to slash its stor- in hours. Very large requests for storage – ing that and moving the data to the right age costs by 30 percent and speed more than 75 terabytes – take a month or tier,” McCarthy added. T the time it takes to deploy new more to deliver. One of the challenges of the contract storage systems from months to days, “Because the time to deploy new disk was developing a billing system that en- thanks to its Enterprise Storage Acquisi- drives and new arrays was very lengthy, sures the IRS only pays for the storage ca- tion contract. program managers tended to buy more pacity it uses. The 10-year contract, awarded to Uni- than they needed. That led to a lot of “The IRS business model has changed sys in 2012, could be worth as much unused capacity in their environment” with this contract,” Gallagher said. “Be- as $139 million if all options are exer- cised. Under the terms of the deal, Uni- sys acquired all of IRS’s storage systems “We help the IRS manage their data. located in seven IRS data centers and As application needs change, we’re facilities. Unisys then converted those systems monitoring that and moving the data into a new private cloud-based storage- as-a-service model that allows IRS to pay to the right tier.” for storage capacity as needed. – KEVIN Mc CARTHY, UNISYS “Virtualization of storage allows you to not have an overcapacity of storage and to said Kevin McCarthy, vice president for fore, individuals from the IRS were in- not have stovepiped storage, but to man- Infrastructure optimization solutions at centivized to purchase as much storage age storage as a single entity,” said Peter Unisys. “With virtualized storage, we’re as they needed for a project. [Now] we’re Gallagher, group vice president for Unisys able to maximize capacity usage and incentivized to limit the amount of stor- Federal Systems. “There are huge oppor- align the performance of the data with age … We have people trying to minimize tunities to save if you treat storage as an the application.” and optimize the footprint.’’ enterprise resource.” Unisys has deployed storage systems McCarthy said the IRS contract offers Unisys said it has migrated more than from IBM, NetApp, EMC and others in two key lessons to data center opera- 90 percent of relevant IRS data to the the private cloud it uses to support IRS. tors. First, you need to have well-defined private storage cloud it operates for the The company provides IRS with four processes for storage as a service. Sec- agency. The firm said it has more than 6 performance tiers of data storage, from ond, you have to be very careful when petabytes of usable allocated storage in high input/output, low-latency down you build a cloud-based storage system the private storage cloud available to the to lower speed disks, depending on the around legacy equipment. IRS. application. “It takes a lot of coordination, a lot of One advantage of the contract is that Unisys has also developed management migrating and testing, to make sure you IRS can deploy storage systems in a mat- processes that were recently ISO 20000 get the performance you are promising ter of days, instead of six to eight months. certified for moving data around the stor- the customer,” McCarthy said. “If you Because Unisys has created a virtual- age systems to drive up utilization. don’t have a large storage environment, ized storage pool with buffer allocations, “We help the IRS manage their data. As the business case may not be there for a IRS can provision some storage requests application needs change, we’re monitor- private cloud.” •

GCN APRIL 2015 • GCN.COM 31

0415gcn_031.indd 31 3/30/15 9:48 AM TEST & EVALUATION BEST PRACTICES

PlugFest Plus aims to speed tech innovation

The Air Force is adapting an approach for testing software and equipment interoperability to help speed the contract award process

BY STEPHANIE KANOWITZ

he Air Force is testing a new ap- “So, the notion is taking an industry CONS3RT cloud management software. proach to acquisitions that would best practice – a PlugFest– and coupling Recently, the Air Force announced it T enable vendors to have contracts in that with an Other Transaction Authority would pursue a Plugfest Plus approach to hand just weeks after demonstrating their (OTA) acquisition instrument. As a result the Multi-Releasable Intelligence Product potential solutions. The approach comes in of the testing done in the virtual envi- Generation project, to help expedite re- the form of PlugFest Plus (PFP), an event ronment, [the Air Force] can determine leasabilty rules for intelligence analysts. similar to other PlugFests but with one ma- jor difference: the contracting angle. “Regular” PlugFests give companies a “Under our new PlugFest Plus a chance to test equipment or software in- vendor could walk away with a teroperability against standards and pres- ent live demonstrations of their existing contract just a few weeks after an technical capabilities. They also provide essential feedback to both agencies and event.” the vendors whose products are tested at – AIR FORCE SECRETARY DEBORAH LEE JAMES the event. PFP is a component of the Air Force’s whether they might want to further fund By combining PlugFests with OTAs, the Bending the Cost Curve Initiative, which some prototype developments.” acquisition process moves faster. “It speeds aims to improve dialog with industry so Congress has approved the Defense De- things up by converting what is generally it, “can better understand how processes, partment to use OTAs “to expand the de- considered to be a government acquisi- procedures and some of the choices we fense supply base through non-traditional tion through a neutral third party into a make can inadvertently contribute to ris- contracts for research, development, test- commercial acquisition so that things are ing costs, the stifling of innovation and ing and evaluation (RDT&E) activities,” not as bureaucratic and can happen much slow processes,” said Air Force Secretary according to AFEI. more quickly,” Chesebrough said. Deborah Lee James in a speech at the At- “OTA contracts are not subject to federal At this first PFP, about 150 attendees lantic Council. acquisition regulations (FAR) or any other perused the showcases of 10 vendors and “Under our new PlugFest Plus approach, body of regulation. This flexibility is in- a team of GMU students. “The Air Force we will put in place a mechanism whereby tended to enable the Defense Department generally liked it,” Chesebrough said. On a vendor could walk away with a contract to overcome bureaucratic barriers that the vendor side, some are skeptical of just a few weeks after an event,” James said. often prevent non-traditional defense con- working outside the traditional acquisition “They’re trying to expand their access tractors from pursuing government work.” processes, while others view this as an op- to talent and to innovation through non- The Air Force used PFP for its Distrib- portunity for innovation. traditional means and through nontra- uted Common Ground System, which “They were just sort of testing the wa- ditional defense companies,” said Dave produces intelligence information from ter,” Chesebrough said. “I think their re- Chesebrough, president of the Association sensor-collected data. Vendors can virtual- action was primarily positive, but they’d for Enterprise Information (AFEI), which ly test their solutions by registering to use like to see whether the Air Force is able to hosted the first PFP on Jan. 20 at George the Hanscom milCloud, an instantiation of make good on this whole idea of a PlugFest Mason University in Fairfax, Va. the Defense Information Systems Agency’s environment.” •

32 GCN APRIL 2015 • GCN.COM

0415gcn_032.indd 32 3/31/15 1:50 PM ADVERTISER INDEX

Carahsoft Technica Corporation www.gcn.com/2015convergedinfrastructure ...... 11 www.technicacorp.com/CMaaS ...... 36

Carpathia Hosting, Inc. Tegile Systems, Inc. www.carpathia.com/learn/vmware-vcloud ...... 15-17 www.tegile.com/government ...... 25

Federal Employees Almanac 2015 Visual Studios Live - San Francisco www.federalsoup.com/FedStore ...... 2 www.vslive.com/sf ...... 35

GCN Award Nominations Vmware www.gcn.com/gcnawards ...... 5 www.gcn.com/2015convergedinfrastructure ...... 11

This index is provided as an additional service. The publisher does not assume any liability for errors or omissions.

MEDIA CONSULTANTS PRODUCTION COORDINATOR

Mary Martin Bill Cooper Matt Lally Ted Chase Lee Alexander (703) 222-2977 (650) 961-1760 (973) 600-2749 (703) 876-5019 (818) 814-5275 [email protected] [email protected] [email protected] [email protected] [email protected]

GCN HAS GONE MOBILE. Go to gcn.com/tablet and download the tablet app today!

Your mobile gcn.com experience — optimized. Visit gcn.com from your smartphone and enjoy the easier navigation and new sharing options

© Copyright 2015 by 1105 Media, Inc., 9201 Oakdale Ave., Suite 101, Chatsworth, CA 91311. All rights reserved. Reproduction of material appearing in Government Computer News is forbidden without written permission. The information in this magazine has not undergone any formal testing by 1105 Media, Inc. and is distributed without any warranty expressed or implied. Implementation or use of any information contained herein is the reader’s sole responsibility. While the information has been reviewed for accuracy, there is no guarantee that the same or similar results may be achieved in all environments. Technical inaccuracies may result from printing errors and/or new developments in the industry. CORPORATE HEADQUARTERS 9201 Oakdale Ave., Suite 101 Chatsworth, CA 91311 www.1105media.com

GCN APRIL 2015 • GCN.COM 33

0415gcn_033.indd 33 4/2/15 2:06 PM EMERGING TECH CYBEREYE

BY PATRICK MARSHALL Lenovo’s AnyPen eliminates the need for a stylus

ONE REASON I bought a extra-cost option. version that didn’t have start to write, no “ink” was Microsoft Surface Pro was But again, what makes the AnyPen.” deposited. But this was rare so that I could jot notes at device really interesting is The pen, pencil – or any and was easily corrected meetings without having the new AnyPen technology. other object – that is to be by starting another stroke. to attach the keyboard and While Lenovo is keeping used as a stylus has to be at Also, take note that AnyPen distract others by typing details about the technol- least 1 millimeter thick and doesn’t support pressure- clacking away. And, truth be ogy close to the vest, Jeffrey needs to have conductive sensitive drawing. told, the device works great Witt, director of the compa- material, such as metal or But overall I was im- – as long as I remember to ny’s product review group, graphite, in the tip. pressed with how precise slip the battery-powered said the device uses custom Also, users are advised and responsive the AnyPen stylus into my pocket. All sensor layers and software not to use excessive pres- system is even when I wrote too often, I forget. that filters out noise. “This sure or sharp objects since or drew with a paper clip. That’s what caught my eye allows the tablet to detect the screen is vulnerable to And what a benefit for fleets when I saw the press release small graphite or metal scratching. In normal use, of mobile workers to know on Lenovo’s Yoga Tablet 2. points as well as palm rejec- however, I didn’t experience that they can use the tablet’s It claimed to allow users to tion on the LCD panel,” said notice any scratching of the writing capabilities without use virtually anything – a Witt. display. having to have a proprietary pen, pencil or even a paper “There’s no special panel I found the Yoga’s AnyPen – and easily misplaced – clip – as a stylus. So I asked involved,” said Witt, “This technology to be not quite stylus at hand. • for a review unit. is why we were able to keep as reliably responsive as The Yoga Tablet 2 has a the cost low and only add the stylus accompanying lot going for it, especially for between $20 and $30 to the Microsoft Surface Pro. a device with a base price the price over the previous Occasionally, when I’d of only $299. I received the 8-inch version running Windows 8, though there’s also a 10-inch version and Android is an option. YOGA TABLET 2 Weighing in at just under 1 pound, the Yoga Tab- ANYPEN let 2 sports a dual-band Base price: $299 802.11abgn Wi-Fi adapter, front and rear 8-megapixel Weight: 1 lb. cameras, and up to 32 giga- bytes of internal storage. Mobile: Dual-band And despite being limited 802.11abgn WiFi adapter to 2 gigabytes of system memory, the Yoga Tablet Camera: Front and rear 2 is a computer on which 8-megapixel you can do all but the most memory-intensive or visu- System memory: 2G ally demanding work. It is, after all, running full Internal Storage: 32G Windows, and you can install productivity appli- I/O feature: AnyPen cations such as Microsoft Office. You can also attach a keyboard, though it is an

34 GCN APRIL 2015 • GCN.COM

0415gcn_034.indd 34 3/30/15 9:49 AM vslive.com/sf JUNE San Francisco 15 - 18 THE FAIRMONT, SAN FRANCISCO, CA

CODE BY THE BAY Visual Studio Live! returns to San Francisco June 15 – 18 for the first time since 2009! Bring on the cable cars, Chinatown, Pier 39, Alcatraz, and the Golden Gate Bridge. We can’t wait to Code by the Bay! Join us as we explore the latest features of Visual Studio, JavaScript/ HTML5, ASP.NET, Database Analytics, DEVELOPMENT and more over 4 days of sessions REGISTER BY TRACKS INCLUDE: and workshops. Code with industry ➤ Visual Studio / .NET experts, get practical answers to MAY 13 AND ➤ Web Development your current challenges, and immerse SAVE $200! ➤ Cloud Computing yourself in what’s to come on the ➤ Mobile Client .NET horizon. ➤ Database and Analytics ➤ Windows Client

Scan the QR code to register or for more event details. Use promo code SFMAY1

SUPPORTED BY PRODUCED BY

magazine vslive.com/sf

VSL_SF15_1-pg_ad_May_f.indd 1 3/25/15 3:42 PM