George Newstrom | Know your vulnerabilities
GCN interview with George Newstrom
'At one time you could control physical security, data security and communications security, but today they have been separated.' George Newstrom
Rick Steele
IN 2002, GEORGE NEWSTROM, now president and chief executive officer of Lee Technologies, became Virginia's second secretary of technology at the request
of Gov. Mark Warner, after 28 years at EDS. Newstrom served both as chief information officer and chief strategist for raising Virginia's visibility in
the global technology marketplace.
He left the secretary of technology position in 2004 to become president and CEO at Wisper Technologies and took the helm at Lee Technologies in October 2006.
GCN:WHAT WERE YOUR
RESPONSIBILITIES AS VIRGINIA'S
SECRETARY OF
TECHNOLOGY?NEWSTROM: Gov. Jim
Gilmore appointed Don Upson
as the first secretary of technology.
I was the second. Going in
with Warner, who was a
business-oriented governor and
treated the commonwealth as a
business, my job was directing
the technology spending of the
commonwealth and restructuring
how technology served the
business needs of Virginia. In
addition, the Center for
Innovative Technology near
Dulles Airport, which is an
incubator for new technology
and biotech ideas, really came to
the forefront.
GCN:WHAT DID YOUR EXPERIENCE
AS SECRETARY AND
WITH EDS TEACH YOU
ABOUT THE CHALLENGES
FACING GOVERNMENT?NEWSTROM: In the federal
government, there is a hidden
emphasis on getting things done
in a structure that is not necessarily
focused on the business of
the agency. It has much more to
do with covering the bases,
making sure they follow all of
the procurement regulations.
Timeliness is not necessarily the
No. 1 issue. In the private sector,
you are faced with monthly
requirements, quarterly requirements
and annual requirements
that you must produce, or your
stock goes to hell.
I'm not suggesting that this is
all negative. In some cases it's
positive because they are trying
to avoid problems that have
been seen in government contracting.
But it's really not an
environment in which you
get the leading-edge solutions.
If the procurement takes
two years to do, technology is
outdated in the first six
months.
The second big thing I see in
the federal sector is the number
of senior workers and knowledge
workers leaving. In the
next few years, there is going to
be a major issue in getting the
skill sets that are necessary to
keep the major programs going.
One study recently showed that
the talent pool for skilled workers
in the technology area is
going to shrink by 45 percent by
2015. That is really onerous for
government.
GCN:WHAT ARE THE GREATEST
CHALLENGES GOVERNMENTS
ARE FACING TODAY IN
IT SECURITY?NEWSTROM: I chair an
organization called the World
Information Technology and
Services Alliance, an association
of associations. Ninety-three
percent of all IT dollars spent in
the world are represented in
this association. There is a
corollary between the issues in
the private sector and any government
' whether it be federal,
state or local across the world
' and that is the security
around networks, communications,
databases and individual
records. That information is
extremely important. If a business
network goes down, they
lose money. If a government
system goes down, in some
cases it's not a big issue. In other
issues, it is very serious. [The
Homeland Security
Department] is very cognizant
of not just data security but the
physical security of this information
stored in government
databases.
GCN: HOW GOOD A JOB IS
BEING DONE IN MEETING
THESE CHALLENGES?NEWSTROM: There are some
agencies that are doing very
well, and there are agencies that
are not doing as well. Maybe it's
because of priorities, maybe
because they don't have a culture
of looking at this. DHS is
one of the departments that
spend a lot of time working on
this subject. The Education
Department is making some
very positive, forward-thinking
changes. Within the
Transportation Department
there are some very positive elements.
Federal government is
such a broad term [that] I
would hate to give one answer
for the whole thing.
GCN:WHAT ONE SUGGESTION
WOULD YOU MAKE TO HELP
BRING LAGGING AGENCIES UP
TO SPEED?NEWSTROM: Inventorying '
in a very honest manner '
where you are, where the vulnerabilities
are and what you
have to do to overcome them. It
doesn't matter whether it is
a database, a network, a communications
device or physical
infrastructure. It is understanding
what your situation is,
where you stand today and how
vulnerable you are. If you have
done that in the last six or nine
months and proactively taken
the action to remedy problems,
even if you are in bad shape,
at least you are moving forward.
If you haven't done that,
the exposure is absolutely
tremendous.
GCN: YOU MENTIONED THE
OVERLAP OF PHYSICAL AND
IT SECURITY. IS THIS AN AREA
THAT IS GETTING MORE ATTENTION
TODAY?NEWSTROM: Absolutely.
Twenty years ago, you had a data
center with a mainframe and
direct connections to dumb terminals.
Then we went to distributed
solutions outside of the data
center. Today we are in a totally
interconnected global network
that in many ways is vulnerable.
At one time, you could control
physical security, data security
and communications security,
but today they have been separated.
In this country, we are
great at protecting ourselves
from viruses. We even know
when a virus outbreak is going to
occur. But in physical security we
have not been as proactive and
not taken the responsibility, with
some exceptions.
DHS is moving data centers,
data storage facilities and other
mission-critical facilities out of
harm's way. Washington, D.C.,
happens to be in harm's way '
it's a major target. It is a physical
security issue, but also look
at the unemployment rate in
the Washington area. It is low
single digits. We don't have
enough skilled workers in government
or the private sector.
Look at energy. If you are on
the eastern grid in the United
States, you are vulnerable. DHS
is looking at places outside the
eastern power grid where there
may be multiple sources of energy
and where there is manpower.
They are being very
proactive about looking after
their infrastructure.
GCN: WHAT EFFECT IS THE
TRANSITION TO IPV6 LIKELY
TO HAVE ON NETWORKING
SECURITY?NEWSTROM: I am not that
familiar with the security
around IPv6. But from a general
perspective, I would suggest
that when new technology
comes along, users have to take
a look at their needs and if the
technology fits in, go forward
with it. I don't think it is any
longer possible for us to accept
a standard ' whether it is an
international standard, a company
standard or a government
standard ' and say, 'I hope it
works.' We have to be diligent
on what the requirements are
for any technology before we go
forward.