Stocking stuffers

Geographic information systems have been around for well over a decade, though 2006 is certainly the year agencies started to get their hands on cheap geospatial capabilities, thanks to free and open-source offerings by Google Inc., Microsoft Corp., Autodesk Inc. of San Rafael, Calif., and MetaCarta Inc. of Cambridge, Mass.Google Maps, for instance, offers a free application programming interface that others can link to from their own applications. Developer Adrian Holovaty created the Web site Chicagocrime.org by pulling crime data from the city of Chicago's own Web site and placing the locations of the crimes on a Google map.Elsewhere, the Defense Intelligence Agency picked up MetaCarta's GeoTagger for its User Knowledge Environment Information Management System. GeoTagger analyzes documents for geographic references and then creates coordinates for those references that can be placed on maps.Other offerings also show promise for creative geomapping. Microsoft upgraded its Virtual Earth 3D online map and data service that compiles photographic images of cities and terrain, which can be used to generate textured, photorealisitc 3-D models with engineering-level accuracy. Autodesk integrated several of its mapping programs with Google Earth's geographic information system capabilities.XXXSPLITXXX-Web 2.0 certainly wins the buzzword of the year award, but behind the hype lies some promising technologies for government agencies. The term is shorthand for a wide and sometimes shifting range of Web technologies, including wiki (collaboration software), Ruby on Rails (rapid Web application deployment software) and Ajax (a scripting technology that makes Web pages more interactive).In a nutshell, how these technologies make Web 2.0 different from the plain old World Wide Web we all know now is that they all can offer richer online interactions for the user, allowing you to better use agency services or even to communicate with like-minded individuals. 'Web 2.0 is a decentralized mode of organizing communities of practices,' said Eric Sauve, CEO of Washington-based Tomoye Corp., which makes Web collaboration software used by the Army and other agencies.Smart government leaders actually caught on to Web 2.0 early'before the buzzword was even coined, in fact. Last year, when the Federal CIO Council's Architecture and Infrastructure Committee revised the Federal Enterprise Architecture Data Reference Model, it used two wikis to hash out the specification.CIM Engineering Inc. of San Mateo, Calif., supplied the wikis through an existing contract with GSA. The CIA has already compiled about 12,000 wiki pages scattered throughout its top-secret network, said D. Calvin Andrus, the chief technology officer for the CIA's Center for Mission Innovation. The open nature of wikis lets analyst augment and update existing material a lot more quickly. Other agencies could well find similar benefits.XXXSPLITXXX-Bots, or compromised computers under the remote control of a hacker, have been around for years. But botnets'networks of compromised machines under the control of a single evil overlord'have grown into a significant problem over the past year, as hacking has moved from a vanity hobby to profit-driven organized crime.Targeted computers typically are infected en masse by self-replicating worms that exploit unpatched vulnerabilities. Once infected, the new bot is directed to contact a server and download malicious code that puts it at the disposal of a controller. If this is done quietly, a single controller can amass an army of thousands of compromised machines, which can be rented out to the highest bidder for purposes such as extortion through denial-of-service attacks, phishing, distributing spam, hosting malicious or contraband software, and infecting more bots. In addition to malicious activities, botnets also can consume network resources.Spikes in the number of suspected bot clients were seen in June and have continued to increase through the end of the year. Not coincidentally, spam has been a persistent problem despite the growing use of filters to block it.Network intrusion prevention systems, from companies such as Cisco Systems Inc., Juniper Networks Inc. and McAfee Inc., are getting better at identifying and blocking this traffic. False positives, which can wrongly block legitimate traffic, have been the bane of intrusion prevention, but maturing technology has made the tools more effective. Unfortunately, huge botnets can be assembled, used, disposed of and replaced quickly, so that the fight continues unabated.XXXSPLITXXX-Government information became a hot commodity this year. In January, the General Services Administration relaunched FirstGov.gov, the official government search site, after hearing endless groans about the older system. The agency used Vivisimo Inc.'s clustering technology and Microsoft Corp.'s MSN search tool. 'When FirstGov got started, we crawled, but as more and more agencies put information on the Web, we had to provide more service, and we had to scale to manage this,' said Mary Joy Pizzella, former associate administrator of GSA's Office of Citizen Services and Communications, who left in June for Google Inc.Coincidentally, Google relaunched its own government-specific search site, Google U.S. Government Search, which carves out all the .mil and .gov sites from its voluminous index of the Web. In the fall, Google representatives started visiting agencies asking them to index their database content, so it could also be retrievable through the search engine.The good news is that while the search giants duke it out over which gets to be the premier gateway to government information, agencies themselves can benefit from the new technology such a battle inevitably brings about.Vivisimo, for instance, has updated its Velocity 5.0 enterprise search software, based on the work it has done with GSA. It features visualization, document aggregation and the ability to connect different types of documents.XXXSPLITXXX-To veteran mainframe systems administrators, virtualization is nothing new, and open-source enthusiasts have been slowly building on the technology over the past few years. This year, however, it broke into mainstream enterprise computing in a major way.Virtualization enables one complete operating system, plus associated applications, to run within another OS. Because many applications use only a portion of a server's resources, more applications could run on a server'and thanks to virtualization, all those applications don't have to be all running under the same OS.Virtualization can happen on multiple levels. Products from XenSource Inc. and VMware Inc., both of Palo Alto, Calif., can virtualize a complete operating system. Desktop virtualization, often linked to thin-client computing, comprises a complete server-hosted environment that's accessed remotely. Companies such as Citrix Systems Inc., Sun Microsystems Inc. and VMWare offer variants of this architecture. Single applications may also be virtualized, through the use of products from Altiris Inc. of Lindon, Utah, as others.Dennis Clem, CIO of the Office of the Secretary of Defense and the Pentagon, deployed virtualization to consolidate a large number of servers within the Pentagon. 'It solves the space problem, and it reduces the cost of buying replacement hardware,' Clem said.XXXSPLITXXX-The new Personal Identity Verification card mandated by Homeland Security Presidential Directive-12 could usher in an era of public-key-infrastructure-enabled transactions, improved network security and interagency trust models. But it won't happen anytime soon.Judith Spencer, chair of the Federal ID Credentialing Committee, said the new interoperable smart ID card is 'in many ways, just a key.' How that key will be used will depend on the agency using it.The October HSPD-12 deadline was largely a formality. Agencies had to demonstrate minimal ability to issue the cards. Most agencies are a long way from fully implementing a PIV card program. They have until 2008 to actually get the cards into the hands of all employees and contractors, and even that is an ambitious schedule.Using the cards as anything more than a picture ID will require technical infrastructure and new business processes. In the near term, federal IT administrators probably will have too much on their plates moving their networks to IPv6 to give much attention to enabling PIV cards.To date, agencies, along with the Office of Management and Budget and the National Institute of Standards and Technology, have focused on the technical standards and issuing process. These are necessary and important pieces of the PIV puzzle, but it will be some time before we have ubiquitous smart-card readers, PKI-enabled applications and reciprocal trust arrangements between agencies.XXXSPLITXXX-The past year saw a steady parade of security breaches exposing sensitive personal data to possible abuse. One of the biggest was the theft in May of a Veterans Affairs Department notebook PC containing records on more than 28 million individuals.It is unclear whether the problem of loose data is getting worse or we're just hearing more about it. Data breaches first became an issue in the wake of the 2003 California law requiring public notification of breaches. Since then, 28 states have passed similar laws. But it is undeniable that as data becomes more mobile it becomes more vulnerable to loss and misuse. Notebooks, personal digital assistants, cell phones and tiny USB drives are becoming increasingly powerful and connected.The problem is too broad and the vulnerabilities too various for any single solution. Data encryption is emerging as a broad canopy for many problems. Last summer, Baltimore-based SafeNet Inc. offered government clients free downloads of its ProtectDrive encryption after the Office of Management and Budget ordered agencies to encrypt all data that seemed in potential danger of being lost or stolen.Enforcing agencywide encryption policies and managing the technology on a large scale can be difficult. In the end, a broad range of physical security, identity management and access control tools is needed to ensure a reasonable level of security for sensitive data, regardless of where it resides. XXXSPLITXXX-Major IT companies, most notably IBM Corp., have increasingly embraced open source over the past several years. But this year saw an unprecedented interest by the IT clan of the Fortune 500.Most notably, Microsoft Corp. signed a partnership deal with Novell Inc., in order to have Novell's Linux platform work more easily with Microsoft Windows. Although the deal soon fell into dispute over patent protection issues, the message was clear: Microsoft had to recognize the growing use of open-source software (or at least of Linux as a server platform).This wasn't the first capitulation by Microsoft. Last summer, the company started to help develop a software tool that would let Microsoft Office users open and save documents in the Extensible Markup Language-based Open Document Format, the format used by the open-source Open Office suite, a competitor to Microsoft Office.Microsoft is not alone in courting open-source users. Oracle Corp. started reselling, as Oracle Unbreakable Linux, a rebranded Red Hat Enterprise Linux. And Sun Microsystems Inc. has released the source code to its widely used Java programming language. 'Commercial entities that embrace open source may find it leads to a greater market for other things,' said Bruce Sunstein, a lawyer who covers open-source issues for Bromberg and Sunstein LLP of Boston.XXXSPLITXXX-Could 2006 be remembered as the year that the Defense Department finally declared war on its lumbering software development process? In February, James Finley had taken the helm as the new deputy undersecretary of Defense for acquisition and technology and shortly thereafter started looking for ways to expedite the process of getting software to DOD's systems.Defense has taken heat for several large IT-related projects of late. The Government Accountability Office and Congressional Budget Office have criticized the Army for how well the Future Combat Systems program is progressing. In November, the Senate lambasted the Defense Travel System for cost overruns and poor performance, among other things. Also that month, the Defense inspector general reported that, in a sampling of procurements, it had found numerous instances of inadequate quality assurance oversight and acquisition. Software is only part of the problem, Finley admitted, but a sizable one.Finley now is actively soliciting ideas from program managers and contractors on how to better and more quickly engineer software for fighter planes or tanks and other unique military systems. The key, he said, lies in the acquisition process. 'If there is one thing that I've heard that has been consistent, it is that the systems aren't broken. The decision-making process is broken,' Finley said.Over the next few years, Finley hopes to introduce changes to the procurement process based on this feedback. Even the most basic assumptions will be questioned and, if found faulty, removed. 'If I'm going to go from A to B, do I need a Cadillac, or a jet fighter or a horse-drawn buggy? Historically [with the Defense Department] it has been meeting requirements at all costs. In this day and age, I think we need to be more mindful of our taxpayers' pocket books,' he said.XXXSPLITXXX-A year ago, IPv6 was an unfunded mandate; a project offering few short-term benefits and with little in the way of motivation except directives to have the new version of Internet Protocols working on government backbones by 2008.Today, agencies have begun developing written plans not only for how they will implement IPv6, but how they will integrate it into their core missions. In a recent survey of IT officials, nearly half of civilian agencies see the transition as important to supporting IT goals. The percentage was even higher within the Defense Department, which has had a two-year head start on the transition.Acceptance of the new networking protocols has not come easily. Agencies have a huge investment in infrastructure, manpower and training in the existing IPv4 protocols on which the current generation of the Internet is based. Despite limitations, the current version is working well enough that many administrators would prefer not to have to move to IPv6, especially because they will also have to maintain IPv4 traffic on their networks for the foreseeable future.But repeated efforts, often by the networking vendor community, to educate administrators about the potential benefits of IPv6 have begun to bear fruit. A lot of work remains to be done and the transition still poses headaches, as well as opportunities, for years to come. But administrators are beginning to think about how to use IPv6 features such as end-to-end performance, peer-to-peer security, autoconfiguration and improved collaboration.XXXSPLITXXX-At this year's SC06 supercomputing conference in Tampa, Fla., Top500.org organizer Erich Strohmaier suggested adding a new metric to the ones he uses to evaluate the world's most powerful computers: power efficiency.For years, data center managers did not have to worry about how much power their servers gobbled up'after all, the electricity bill went straight to accounting. With processors taking up ever more wattage'and electric rates spiking'the issue hit a critical threshold this year.At the High Performance Computing and Communications Conference in Newport, R.I., Thomas Zacharia, associate lab director at the Energy Department's Oak Ridge National Laboratory, outlined ORNL's plans to build the world's first petascale computer, which will be built from 24,000 microprocessors. The laboratory will need a 170-megawatt substation to support this project.Fortunately, the industry has taken notice. Intel Corp. rolled out a new line of Xeon processors, originally codenamed Woodcrest, that the company claims can ultimately boost performance by 80 percent while reducing power consumption by 35 percent. Introduced late last year, the new UltraSPARC T1 from Sun Microsystems Inc. also works at a lower wattage while offering the ability to execute more threads simultaneously.The government is paying attention, too. Perceiving a lack of solid power-to-performance metrics for increasingly electricity-hungry data centers, the Environmental Protection Agency's Energy Star efficiency program has turned its efforts to the server market. This fall, the program released a set of metrics that can be used for measuring server energy efficiency.XXXSPLITXXX-Readers can follow these links to GCN's 2006 coverage of a variety of information technologies, and how they could affect operations in the years to come.