I S S U E 1 | V O L .8 A P U B L I C AT I O N O F E . R E P U B L I C
T E C H N O LO G Y L E A D E R S H I P I N T H E P U B L I C S E C TO R » F E B R UA R Y / M A R C H 2 0 1 0
ALL EYES ARE
ON LOS ANGELES
CTO RANDI LEVIN
AS CITY DEPLOYS
F E B R UA R Y / M A R C H 2 0 1 0
C O V E R S T O R Y
C ov e r P h ot o b y T e r e nce B r own
In the Spotlight
All eyes are on Los Angeles
CTO Randi Levin as city
deploys cloud-based e-mail.
B y M a t t Wi l l i a m s
F E A T U R E S
additional offices. Postmaster: Send address change to Government Technology’s Public CIO, 100 Blue Ravine Road Folsom, CA 95630 Copyright 2010 by e.Republic, Inc. All Rights Reserved.
Government Technology’s Public CIO (ISSN# 1944-3455) is published bimonthly by e.Republic, Inc. 100 Blue Ravine Road Folsom, CA 95630. Periodicals Postage paid at Folsom, CA and
SUBSCRIPTIONS: Subscription inquiries should be directed to Government Technology’s Public CIO, Attn: Circulation Director, 100 Blue Ravine Road Folsom, CA 95630. (916) 932-1300.
16 28 Checkup
Fire in the Big Sky In massive information technology
Montana Gov. Brian Schweitzer talks
about his ambitious plans for wind transition, U.S. health-care system has
power and growing a new generation less than four years to upgrade disease
of scientists and engineers. diagnosis code sets.
By Ch ad Vand er Veen B y Rus s el l Ni ch ol s
20 IT Fraud
IT fraud in government can be
costly. Here are five ways CIOs can
of the CIO
Insights from the Global Chief Information
prevent and control the problem. Officer Study.
By A lyssa G. Martin B y L y nn Rey es
Paving the Way
Technology is laying the groundwork
for health reform.
By Greg D eBo r and Ro bert W ah
D E P A R T M E N T S
36 Guest Column
Cloud Economics 101
41 CIO Central
News, Reviews and Careers
By Kev in Merritt
38 CTO Strategies
Ready for Your Budget Emergency?
42 Security Adviser
Is the Policy Window on
By D an Lo h rmann Cyber-Security Closing?
B y M ark Weat herf ord
40 Straight Talk
Too Many Chiefs, Not Enough Agencies?
By Liza Lo wery Massey B y Paul W. Tay l or
U P F R O N T
6 Introduction 8 Contributors
2007 MAGAZINE OF THE YEAR 2008 Silver Folio: Editorial Excellence Award
The inside pages of this publication are printed on 80 percent de-inked recycled fiber.
Green Tech: Montana Gov. Brian Schweitzer
describes his state’s efforts to become a leader in green
technology and alternative energy.
Savings: California’s Office of Technology Services
reports savings of $100,000 a month after moving part of
a major data center to a more modern facility.
Infrastructure: Michigan CTO Dan Lohrmann
takes a look at the technology and security preparations
under way for the Winter Olympics in Vancouver.
Cloud Computing: Colorado’s Statewide
Internet Portal Authority seeks contract with a private
cloud computing company to provide hosted services for
state and local governments.
[ INTRODUCTION ]
I n the summer of 2002, campaigns
for 36 gubernatorial races were
beginning to heat up. The economy
was on everybody’s mind in the wake
of the dot-com bust that had left a
the cover. Mark Forman may not have
had the title of national CIO, but he
was then-President George W. Bush’s
point man for the federal government’s
$60 billion IT program. Since the first
leadership. Today’s CIO not only must
understand the complexities of IT, he or
she also must be a great communicator,
relationship-builder and management
guru in order to survive and thrive.
string of bankrupt technology firms issue was published in summer 2003, Despite the relatively low pay and
and lingering questions about the we managed to put the next two federal occasional political whiplash that comes
Internet’s direction and purpose. We CIOs on the cover — Karen Evans and with the job, not to mention the mind-
did the math and realized that a large Vivek Kundra — as well as many state numbing budget constraints, the public
number of state CIO positions would and local CIOs. CIO community continues to attract
be vacant and rookie governors were When we interviewed Forman for the people who want a challenge and want
about to begin new agendas at a time first issue of Public CIO, several of to lead in digital government. That’s
when public-sector IT needed guid- our questions focused on the leading a good thing. Unfortunately many are
ance and leadership. trend: electronic government. It’s hard also leaving the field, making the need
With that as background, e.Republic to believe that just eight years ago e-gov, for new leadership paramount.
CEO Dennis McKenna decided to as many eventually truncated the term, I’ve had the pleasure of editing this
launch a new publication, called Public was so powerful a topic. And as outdated magazine during its first seven years
CIO, dedicated to covering and serving as it now seems, I look back with pride of existence and found the work and
the public CIO community. Despite the that we also covered some topics, such people I covered always interesting.
acute political situation at the state as change management and enterprise Now it’s time to say farewell as I take
level, the goal was to reach the entire IT, that were hardly barn-burner stories up a new position with our newly
spectrum of CIOs, from those who back then but continue to resonate as acquired publication: Governing. It’s
ran IT for gigantic federal agencies issues worth covering for CIOs. been a pleasure serving our readers,
down to modest-sized communities, all Today IT is firmly enmeshed in the and I know that the magazine is now in
of whom needed critical information fabric of government and the public the very capable hands of my colleague
about managing and leading IT opera- CIO’s role and purpose are more impor- Steve Towns. I hope you continue to
tions within government. tant than ever. And just as information enjoy and learn from Public CIO for
With that somewhat ambitious technology has changed a fair amount years to come. ¨
mission statement, we chose to put since 2002, so too has the significance
the nation’s first federal IT leader on and importance of IT management and
BY M AT T W I L L I A M S , A S S O C I AT E E D I TO R
THE HIGH-RISE OFFICES of the Los Angeles Information Technology
Agency (ITA), which manages the IT systems used by 30,000 city
employees, are a model of corporate efficiency — a floor of cubicles
ringed by window-facing rooms. Glass doors define a modest-size
waiting room, where a flat-screen plays the city government TV
channel on loop. A tall trophy case displays the department’s victo-
ALL EYES ARE ON
CTO RANDI LEVIN
ries. An organizational chart shows photos of CTO and ITA General
Manager Randi Levin and her executive team.
AS CITY DEPLOYS
It’s all ordinary enough to make one temporarily forget that the
iconic L.A. City Hall building, a tower made famous as a scene-setter in
well known motion pictures, is across the street. Believe it or not, this
Hollywood reference point is tangentially relevant, at least for Levin.
Whether she likes it or not, Levin has become the star of her own
story — partly of her own doing, partly due to forces beyond her
control. Levin’s front-and-center introduction to the mainstream
world came last year, when she led the ITA on a procurement that
will replace the city’s aging e-mail system with a new Web-based
enterprise solution. At the core, Levin had two simple goals in mind:
improve service and save money.
PHOTO BY TERENCE BROWN
LO S A N G E L E S C TO R A N D I L E V I N
L E D T H E M O V E TO A D O P T
G O O G L E ’S G M A I L A S T H E C I T Y ’S
E N T E R P R I S E E - M A I L S YS T E M .
PHOTO BY TERENCE BROWN
When the city picked Google’s productivity tools along like many IT departments, Levin was facing the prospect
with its popular e-mail service Gmail, what initially of shrinking budgets due to the recession’s lingering effects.
was thought to be a run-of-the-mill IT project quickly The problem would only get worse, she thought. On-premises
morphed into something bigger and more complex. The e-mail just wasn’t a cost-effective option anymore, in her mind.
decision stoked a period of intense lobbying from L.A.’s So the ITA put together an RFP with the option of a
existing e-mail provider (Novell) and Google’s biggest software-as-a-service product or a hosted solution. Levin
competitor (Microsoft), rivals who likely saw the city’s said the agency received 10 responses, from the likes of
decision to adopt Google’s hosted services as something Google, Microsoft and Yahoo. After mulling over the deci-
that could potentially crack the state and local govern- sion with an intradepartmental group of IT managers, last
ment market’s inertia when it comes to cloud computing. summer officials chose a proposal that would implement
Levin was unexpectedly pressured from within, as L.A. Gmail on more than 30,000 desktops, and later adopt the
fire and police officials expressed concern that moving Google Apps productivity suite, which includes calendar,
their sensitive data onto Google’s off-site servers could word processing, document collaboration, Web site sup-
pose a security problem. Levin said she has since quelled port, video and chat capabilities, data archiving, disaster
those concerns and the political pressure. recovery and virus protection.
The script, if you will, continues to be written. Los The five-year deal, valued at $17 million, made L.A. the
Angeles is now slowly marching toward a full implemen- first government of its scale to choose Gmail for the enter-
tation of Gmail for the city work force. If successful, the prise — a somewhat surprising bit of information that
project could open the floodgates for other governments made approving the project much more complex.
that are awaiting a successful test case before entering the “We were under the assumption that Washington, D.C.,
cloud computing environment. had already fully implemented Google for its e-mail solu-
tion, which it had, but not in the way we’re doing it. But
A MISSING DATA POINT we didn’t really know that at the time,” Levin said.
Ever since Levin began leading the ITA two and a half It turned out that Washington, D.C., was using Gmail
years ago, she repeatedly heard from employees who for disaster recovery and giving employees the option to
were dissatisfied with the unreliability of the city’s exist- use it as their primary e-mail. During the decision-mak-
ing e-mail system, Novell GroupWise. It had too much ing period, Levin didn’t think L.A. would be the first large
downtime, and users were frustrated by the lack of fea- government to fully adopt Gmail. “Nor did we think it was
tures and the user experience. The product itself wasn’t going to be as political as it turned out to be,” she added.
inherently unreliable, Levin said, but the ITA lacked the That knowledge wouldn’t necessarily have changed the
necessary money or manpower for its proper upkeep. And city’s decision, Levin said, but it would have given the city
a heads-up that lobbying and outside interest from the
public was coming.
The lobbying was “extensive,” said L.A City Council
President Eric Garcetti, who presided over the Council’s
unanimous vote in October 2009 to adopt the plan. As many
as five companies made their presence known in the cor-
ridors of City Hall, he said, as misinformation reigned and
unfounded rumors flourished. Attempts at deal-making
continued until minutes before the Council voted. Levin said
those temptations were never a factor. “We tried to maintain
a very rigorous [procurement] process, and we really wanted
the integrity of the process to stay intact.” LO S A N G E L E S C I T Y CO U N C I L
PRESIDENT ERIC GARCETTI
CRUNCHING THE NUMBERS, SQUEEZING THE BUDGET P R E S I D E D O V E R T H E O C TO B E R
The incessant lobbying spurred troublesome misinfor- 2 0 0 9 CO U N C I L V OT E TO A D O P T
mation, particularly about the solution’s cost and security, T H E C LO U D CO M P U T I N G P L A N .
The cost and potential savings confused outside observ-
ers and elected officials because the ITA wanted to accu-
rately reflect the city’s deteriorating economic condition,
Levin said. That meant the projections were changed more
“It became more and more important to focus on cash the difference between ROI and cash savings, she said. By
as opposed to a true ROI [return on investment],” she the time the numbers were made clear, some people inac-
explained. This changed the numbers. The ITA had, at dif- curately believed Gmail would be more expensive than the
ferent times, estimated savings of $8 million to $30 million. existing solution. Although, in a limited sense, that was
“From the cash perspective, we looked at what software true because the city will pay for both GroupWise and
and hardware would be removed as we went to a new Gmail for one year as the migration occurs. (Ironically the
solution — what wouldn’t we have to buy anymore or pay ITA will offset the added cost by using money from a prior
maintenance on.” anti-trust settlement with Microsoft.)
Levin felt it was important to do an “apples-to-apples” After a few attempts at numbers crunching, the city esti-
comparison. Unfortunately some people didn’t understand mated $5.5 million in hard-cost savings from the Google
adoption, and an additional $20 million
‘GEECS’ SQUAD savings in soft costs due to factors like
better productivity. The ITA expects appli-
Prior to the Gmail pilot, a working group from within the Los Angeles Informa- cations like Google Docs will help reduce
tion Technology Agency (ITA) began testing the feel and functionality of the solu- some of the redundant paper pushing that
tion. The group — nicknamed “L.A. GEECS,” a.k.a. the Google Enterprise E-mail and plagues bureaucracies, and it hopes some-
Collaboration System — isn’t short on work. day to utilize Gmail’s mobile functionality
There’s a laundry list of new issues that must be addressed, several of them and ease-of-use to drive further savings
unique to government usage on the Google platform. The group must hash out through increased collaboration.
how to provide enough customizable options for the city’s 44 departments, Moving the city’s data to Gmail will
while still maintaining consistency and control. Tasks include: let the ITA reassign and/or cut nine
• Writing policies for when chat and video may be turned on and off, employees who were working internally
in order to fulﬁll e-discovery requirements. on the GroupWise system, Levin said, and
• Determining how Freedom of Information Act requests will be handled it will eliminate 92 servers from the city’s
through Google’s search and archiving capabilities. data center — a sprawling basement-level
• Building in customization so that individual departments may allow facility in the ITA building. Those savings
their employees to make cosmetic tweaks, like changing the skin of are significant, she said, because as of
the Gmail interface.
mid-November the ITA faced the prospect of losing 60 or migration. Google employees who have access to L.A.’s
70 employees to early retirement, as well as additional cuts data will be certified by the state Department of Justice.
to the 800-person ITA organization. Google, for its part, is building a segregated “government
“We have servers of every shape, size, brand and year cloud” that will house data owned by public-sector cus-
here,” Levin said. “And with diminished staffing, we’re try- tomers, like Los Angeles. The government cloud will be on
ing to figure out where’s the best use of our resources, and servers located somewhere within the contiguous 48 states,
although L.A. won’t know exactly where its data is — the
unknown location is part of Google’s security model.
“WE’VE WRITTEN [THE CONTRACT] The government cloud will be up and running “sometime
AS IRONCLAD AS WE CAN. WE’VE ALSO in 2010,” according to David Mihalchik, business develop-
ment executive for Google federal. Crawford said he’s been
WRITTEN INTO THE NONDISCLOSURE told the new cloud will be ready by June, in time for L.A.’s
THAT THE DATA BELONGS TO US IN full implementation. The company also is in the process of
securing Federal Information Security Management Act
PERPETUITY; IT WILL OUTLIVE THE (FISMA) certification.
CONTRACT ITSELF.” L.A.’s agreement with Google is written so that it’s clear
the city owns the data at all times, Crawford said. “That’s a
KEVIN CRAWFORD, DEPUTY CTO, LOS ANGELES very big deal for us. We’ve written [the contract] as ironclad
as we can. We’ve also written into the nondisclosure that the
we think it’s really more in the applications area — in public data belongs to us in perpetuity; it will outlive the contract
safety related to their radio systems and some of their other itself,” he said. That means if the city wants to switch to
applications, and also for the other departments’ Web sites another vendor after the contract ends, the city will be able
— doing a lot in terms of transparency and getting data out to recall its archived data. Officials also negotiated unlimited
to the public, and more self-service.” and liquidated damages in the event that there’s a breach of
SECURITY FEARS, RELIABILITY CONCERNS Crawford said the bottom line is that Google’s security
Data security was another contentious issue. The public apparatus is far superior to the ITA’s for the simple fact
at large continues to debate the security of cloud comput- that the company has the resources to devote many more
ing and hosted services, particularly as it relates to putting people to it. In Google-speak, L.A.’s data will be “sharded,”
the public’s data — which may well include addresses, meaning it will be shredded into multiple pieces and stored
Social Security numbers and other sensitive information on different hard drives — a security encryption method
— on servers in unknown locations that are managed by a the ITA can’t do from its in-house data center. Garcetti too
corporation. said he’s comfortable with the security of cloud computing:
After some officials from the L.A. police and fire depart- “At the end of the day, I trust Google’s security as much as
ments expressed worry that their departments’ sensitive any individual city, town or village to protect themselves
data would be vulnerable if stored on off-premise servers, because [Google] is that much more experienced.”
the ITA worked hard to ensure that the security parameters Of course, reliability is part of security. Crawford said
met California Department of Justice requirements, said Gmail had only about 10 percent of the downtime in 2009 as
Kevin Crawford, Levin’s deputy in charge of the Gmail the city’s current e-mail. And if disaster strikes — L.A. sits
C O N T I N U E D O N P A G E 37
SELLING THE PLAN
According to Los Angeles City Council President Eric Garcetti, there was a valuable lesson to be learned from how L.A. presented its
Gmail adoption to the public and internal stakeholders: Address human issues as well as technical concerns.
“There was an assumption by some of the IT professionals that this would sell itself or that people would trust them because the
IT professional is recommending this,” he said. But IT ofﬁcials shouldn’t be expected to sell change for an integral system like e-mail,
Garcetti said. Instead, they should rely upon public communicators, which include the elected members of the City Council, to make
“The stakes are high, and people will be lobbying one way or the other,” he said. “But people have to think it through not just from
the technology side, but from the human side.”
CLOUD COMPUTING: FOUR QUESTIONS TO ASK YOUR VENDOR
Data location, access and security are crucial to cloud computing contracts. BY STEVE TOWNS, EDITOR
AS CLOUD COMPUTING INITIATIVES take hold in government, agencies points that are worthwhile to negotiate. It’s very important to have
need to consider the contracting implications of this new technology a vendor that can actually respond to a subpoena. They need to pull
model. Managing a relationship where government data could reside only the information relevant to the subpoena and not put other
on privately owned computing infrastructure located anywhere in cloud-based information at risk.”
the world demands that agencies ask some crucial questions of cloud Also, ﬁnd out how much your vendor intends to charge for
vendors before they close the deal. responding to a FOIA or e-discovery request. “That can be a very big
Daren Orzechowski, an intellectual property attorney who special- surprise,” he said. “You may even want to prenegotiate the rate for
izes in IT and outsourcing issues, said government agencies need that type of work when you do the initial contract.”
answers to four fundamental questions before they choose a cloud
3 How secure is my data?
Cloud vendors need to satisfy two types of security require-
1 Where is my data?
Server virtualization technology allows cloud vendors to opti-
mize their use of computing hardware and other IT resources. That
ments: physical and logical.
Your agency may have speciﬁc physical security requirements.
Background checks, ﬁngerprinting or drug tests may be required for
can cut costs, especially as the volume of cloud computing customers staff working in data centers that house your data. Make sure your
grows and vendors achieve economies of scale. But virtualization cloud computing vendor understands and can comply with these
also has a downside. rules. Luckily vendors are becoming more accustomed to meeting
“Your data could be broken up — or the instance of your appli- these requirements, Orzechowski said.
cation could be broken up if it’s a platform provider — so your data Large cloud computing providers also are becoming more trans-
and software could be in a lot of different places. In the government parent about their logical security processes, and they’re typically
space, I think this is particularly important to have a handle on,” subject to regular security audits and penetration testing. Still,
said Orzechowski, a partner in the New York City law ﬁrm of White cyber-terrorism and hacking represent the biggest threats to cloud
& Case. “On one hand, you have to recognize that the provider gets computing, especially in the government space, Orzechowski said.
an economic beneﬁt from being able to break up the data and store “As you have more and more customers going to certain cloud
it in different places, or virtualize it. At the same time, depending on providers, and those providers become bigger and are housing more
the sensitivity of the data, the government needs to know where that data, they’ll become bigger targets for hackers and terrorists,” he said.
information is.” “What will happen the ﬁrst time there’s a real big hit, especially if there’s
Keeping your data within the United States should be a key require- government data housed with that vendor? A terrorist or major hacker
ment, he said. attack is a test that in the back of everyone’s mind may be coming.”
“When you look at what people’s expectations about their rights
are, they come at it with a very American-centric view. In a lot of places
that are popular for offshoring — like India and China — your rights
may not exactly be what you think they are. So there’s a comfort level
4 How portable is my data?
The last point to cover during contract negotiations is what
happens when the deal is over. How will you get your data out of one
with keeping data within the U.S. borders.” vendor’s cloud and into another, or back into your own data center?
“There’s been talk among some of the big players on having data
2 How do I access my data?
Cloud computing involves accessing remote applications and
data through a client interface, typically a Web browser or perhaps a
standards for the cloud space. As a consumer, you probably are very
interested in that,” Orzechowski said. “You want to have your data
in a form that can easily be ported over to a new vendor. It may not
mobile device. Government cloud customers should consider nego- always be in your current vendor’s interest to allow for this because
tiating service-level agreements for routine access and system they want to keep you captive.”
uptime. The key is to avoid being held hostage, he said.
In addition, agencies need to understand how their cloud vendor “This is something to think about when you’re negotiating. What is
will help them respond to specialized data requests. the template, what are the data sets and how are the ﬁelds deﬁned?
“What happens if there is litigation?” Orzechowski said. “What Get a sense of this and understand it,” Orzechowski recommended.
happens if there is a subpoena? Or since we’re talking about govern- “From there, negotiate for migration assistance. Find out how the
ments, it’s very possible you’ll have a FOIA [Freedom of Information vendor will help you move to someone else, and how much they’ll
Act] request. How will the vendor pull this data for you? These are charge to do that.”
FIRE IN THE C H A D VA N D E R V E E N
A S S O C I AT E E D I TO R
TALKS ABOUT HIS
FOR WIND POWER
AND GROWING A
W hat’s the biggest problem with alternative energy?
The simplest explanation is that burning coal
and oil for electricity generation is supported by
existing infrastructure, while clean energy sources like
wind and solar aren’t. Specifically alternative energy has
In Montana, one of the country’s windiest places,
Gov. Brian Schweitzer is trying to solve that transmission
and storage challenge by adopting the “build it and they
will come” approach. Wind farms are popping up across the
state, and Schweitzer believes it’s only a matter of time
a built-in hurdle — how do you store solar power when the before the technology follows.
sun isn’t shining and how do you transmit wind energy Schweitzer is passionate about transforming Montana
when the wind isn’t blowing? into a renewable energy leader. In a recent interview, he
Some nascent technologies may provide the answer. But discussed this and other issues important to Montana’s
by and large, the storage and transmission technology future, such as the Real ID Act and how to foster a new
that would make these energy sources more feasible generation of students who are interested in math, science
doesn’t exist. and engineering.
YOU WANT MONTANA TO BE A LEADER IN ALTERNATIVE We do need to add to our transmission capacity, and that’s
FUELS AND ENERGY SOURCES. HOW DO YOU MAKE THOSE why Montana leads the entire world in digitally cataloging
GOALS A REALITY? our wildlife corridors. So when people are deciding where
According to recent studies, Montana has the second-best they’re going to build transmission lines, we already know
wind energy resources in the country and some of the best on where the antelope, bears and elk need to move — and we
the planet. We have 30 percent of the coal in America — 10 build those transmission lines so that we’ll be able to main-
percent of the coal on the planet. We’re increasing our oil pro- tain our quality of life and a transmission system that deliv-
duction at the fastest rate in the country. We have many energy ers Montana wind power to California cars.
resources that can be cleaner and greener.
Whether we’re talking about capturing car- YOU’VE ADVOCATED FOR SYNTHETIC FUELS,
bon dioxide from existing coal-fired plants IN ADDITION TO WIND AND OTHER ENERGY
or creating new kinds of coal-capturing SOURCES. CAN YOU EXPLAIN WHAT SYN-
devices for new kinds of plants, we’re excit- THETIC FUELS ARE AND WHY THEY’RE NOT
ed about developing our coal. And we’re A LARGER PART OF THE ENERGY MARKET?
excited about developing our wind. I’m most excited about crops that pro-
The most important thing is we have duce oil for biodiesel — crops like canola
to develop storage technology. We actu- and camelina in Montana, and jatropha in
ally have an unlimited supply of energy, the tropics. All told, they could be 5 or 10
whether it be tidal, wind or solar. But the percent of our fuel supply. Ethanol is inter-
wind isn’t blowing all the time, and the sun esting because most of the ethanol plants
isn’t shining all the time. As consumers, we were built in the Midwest and the fuel was
demand electricity when we want it, not corn. Most of the future ethanol plants are
just when the sun is shining or the wind is likely to be in the West — and the energy
blowing. So that means the most important source will be trees. In Montana, we have
technology of our time — and for the next about 3 million acres of dead and dying
decade — will be storage technology. trees from a pine beetle kill. These are
To give an example, if every car, light great sources of energy that can be used to
truck and SUV in America had a battery that could get the make ethanol or some kind of biomass to create electricity. So
first 40 miles on a charge before it switched to another source you have trees that are dying and they become a fuel source,
of energy, we could eliminate two-thirds of the oil we import. either for a liquid fuel or for an electricity supplier.
Those cars exist today. What we don’t have is the resolve to
buy those cars and put them on the highways. YOU’VE TALKED ABOUT “CLEAN COAL,” A CONCEPT THAT CAN BE
DIFFICULT TO UNDERSTAND. WHAT IS CLEAN COAL?
WIND FARMS ARE BOOMING IN MONTANA. BUT ISN’T THE COST The first cleanup of coal was to remove the sulfur, mer-
OF BUILDING TRANSMISSION LINES ALWAYS BROUGHT UP AS cury and nitrogen. But more recently, we’re concerned with
A REASON NOT TO BUILD THEM? HOW DO YOU OVERCOME the CO2. There’s approximately two tons of CO2 produced
THAT OBJECTION? for every ton of coal we burn. Many of us believe CO2 is
Part of the solution to transmission is storage. We need to contributing to the greenhouses gases that are contributing
build more transmission so we can get the electricity to those to climate change. If we can capture a portion of that CO2
who are using it. But understand — we build transmission immediately, it starts to make coal cleaner. And if we use coal
for peak demand. For example, in California at 10 a.m. on gasification — plants that are already built around the world,
a Tuesday they have peak demand. But by Friday night at including in our region, that capture 100 percent of that CO2
2 a.m., they’re only using half as much electricity. So if we — and then if that CO2 is pumped back into the earth, either
could build a transmission system that had storage on the for enhanced oil recovery or for storage geologically in some
other end — so that consumers with batteries in their cars deep saline formations, or even to be made into bricks as a
could either be buying electricity in the middle of the night fuel source for making more biodiesel, that means we capture
or selling it back into the grid at 10:00 in the morning — we the CO2, sulfur and mercury. And if coal is zero emission,
would need less transmission. that’s clean coal.
IS COAL GASIFICATION SIMILAR TO PLASMA GASIFICATION, THE And that’s true of most children. We’d like talented young
PROCESS OF USING A PLASMA TORCH TO REDUCE WASTE DOWN people to aspire to designing a ball, not hitting a ball; to
TO ITS ELEMENTAL STATE? aspire to creating new sound systems, not playing rock ‘n’
It’s very similar. The traditional way of producing ener- roll guitar. If we can get more of these young people to aspire
gy from coal is you ignite the coal; it makes a ball of flame, to be engineers and not journalists, we think we can change
which you direct onto a water source. That water becomes the world one scientist at a time.
steam, which turns a turbine and generates electricity.
With coal gasification — think of a Thermos jug, the kind HOW DO YOU MAINTAIN STUDENTS’ INTEREST IN MATH AND SCIENCE?
steel workers used to carry. Now think of a Thermos that’s We pound it in. We continually talk about how cool sci-
150 feet high and 40 feet in diameter. The top comes off, ence is. We have Montana science trading cards. Elementary
you dump 30 tons of coal into it, and you screw it back school kids can trade these cards that have cool science facts
MONTANA’S JUDITH GAP WIND MONTANA GOV. BRIAN SCHWEITZER
FARM, WHICH BEGAN OPERATING SAYS GRADE SCHOOL IS THE TIME
IN 2005, GENERATES 135 MEGA- TO INTEREST KIDS IN MATH AND
WATTSP T I O EMPLOYS 10 PEOPLE.
C A AND N SCIENCE.
on. Then you heat it. And with high temperature and high about Montana. You have a governor and first lady who
pressure, methane gas — or natural gas — and CO2 actu- continually talk about how cool science is, who continue
ally comes off the coal. You separate the CO2, pump it back to give accolades to the best science and math teachers
into the earth where it came from, and then that natural — those teachers who bring math and science to life — those
gas can run your cars, heat your homes or make electricity. are the people we like to reward.
That’s coal gasification 101. It’s a controlled environment
so there are no emissions. There is no smokestack with LET’S TALK ABOUT THE ROCKY MOUNTAIN SUPERCOMPUTING
this process. CENTERS IN BUTTE. IN WHAT WAYS WOULD YOU LIKE TO
LEVERAGE THAT TECHNOLOGY?
IS YOUR VISION FOR MONTANA AS A HUB FOR ALTERNATIVE Look at the remarkable geology of Montana: God has
ENERGY THE REASON YOU WANT TO GET STUDENTS INTERESTED blessed us with some of the best resources for hydrocarbons.
IN TECHNOLOGY, SCIENCE AND MATH INITIATIVES? We have the only platinum and palladium in the Western
My wife Nancy and I are scientists, and we want more Hemisphere. We have copper, silver and gold. When you
young people to study science and math. She and I were are trying to map the earth’s strata, it’s three-dimensional.
talking about the channel that sent us into science: It wasn’t Montana is the size of New York, Pennsylvania, Ohio and
in college or even high school; it was fourth or fifth grade. three of those other little states combined, so you have a
large area to map geologically. The supercomputer can help and people who had committed no crime, who were sim-
us with that. ply German immigrants or who spoke German, or those
It can help us when we are injecting CO2 8,000 to 10,000 who were critical of the war effort were rounded up and
feet deep into these geologic structures to geologically put in jail.
store it so we can measure the pressure at 10,000 feet, 5,000 This card, simply stated, would have allowed the federal
feet, 4,000 feet. It can help us as we attract bioengineering government — in a digital way — to follow every place you
to Montana. come and go. When you get on a plane, it would have stored
Everybody gets an opportunity to rent a little space on that information forever so that everyone would know where
that supercomputer. This isn’t just for scientists working you went, how you got there and how you got home. That
in a laboratory, but also for applied research and science isn’t the way you treat free citizens — and in Montana we
across Montana. It gives an opportunity to the 950,000 value freedom above anything else.
AND FIRST LADY NANCY
SCHWEITZER BOTH HAVE
BACKGROUNDS IN SCIENCE.
GOV. BRIAN SCHWEITZER, SHOWN
HERE TOURING A MONTANA COAL
MINE, ADVOCATES DEVELOPMENT
OF CLEAN COAL TECHNOLOGY.
people of Montana to share the supercomputer. Businesses A NEW BILL, PASS ID, IS WORKING ITS WAY THROUGH CONGRESS.
large and small can rent a space on that computer and help SOME CALL THIS JUST A REBRANDED OR WATERED-DOWN REAL
their business grow. ID ACT. WHAT DO YOU THINK?
The devil will be in the details. If Pass ID will allow
MONTANA WAS AMONG THE FIRST STATES TO OPENLY OPPOSE Montana residents to cross the border into Canada without
AND EVENTUALLY OPT OUT OF PARTICIPATION IN THE REAL a passport, that would be OK. If the federal government has
ID ACT. WHY? no capability of collecting digital information of private
There are several reasons. They told us the reason every- citizens’ travel or how many times they went to a federal
one in America has to carry a card that’s standardized is so courthouse, that would be OK. So we’ll wait and see what
that we can stop another 9/11 from occurring. But we know the rules are. If it’s helping citizens through a common iden-
that virtually every one of those hijackers and the other tification system without infringing on their civil liberties,
terrorists we’ve caught would have qualified to have this we can support that. ¨
so-called Real ID.
Second, while the federal government isn’t bad, we
know it has abused individual civil rights before. We
know that during World War I, it passed the Sedition Act,
IT Fraud IT fraud in government can be costly.
Here are five ways CIOs can prevent
and control the problem.
BY ALYSSA G. MARTIN | WEAVER AND TIDWELL
water department cashier extracts residents’ personal information from a
database and then sells that data. A municipal court employee improperly
accesses the system to alter values for citations issued.
Everyday reliance on technology makes it possible for so many fraudulent
schemes to unfold. The Computer Security Institute (CSI), an educational
organization for information security professionals, conducted its 13th Annual
Computer Crime and Security Survey in 2008. The survey found that financial
fraud ranked as the costliest type of IT incident, with an average reported cost of
$500,000 per incident.
In its 2008 Report to the Nation on Occupational Fraud and Abuse, the Association of
Certified Fraud Examiners (ACFE), a national society of fraud investigation profession-
als, reported that government organizations were the victims in 18 percent of 959 fraud
cases its members investigated between February 2006 and January 2008.
Technology presents many opportunities for fraud. Fortunately it also offers many
capabilities for combating these crimes. In a preventative role, technology enforces
defined segregations of duties. It restricts IT access and limits functions individuals
Technology also helps officials more promptly detect and respond to potential inci-
dents. The ACFE reports that a typical fraud scheme goes undetected for two years. As
a result, much is lost and never recovered. Continuous monitoring technology, however,
alerts managers whenever any suspicious IT-related activity occurs, thereby limiting the
IT systems deployed in public-sector entities vary monitors provisioning within Windows server systems.
immensely, but the following universal concepts aid in AS 400, IBM and other server platforms incorporate simi-
addressing and combating technology-related fraud. lar oversight through the distribution of access.
When someone attempts to sign on for any IT function,
GENERAL FRAUD PREVENTION CONTROLS access is granted or denied, based on the login, password
By continually emphasizing the importance of ethical and user provision information in the IT directory.
behavior, public officials create an internal culture that values
maintaining trust and safeguarding public assets. That culture 2. CHANGE MANAGEMENT
sustains all fraud prevention concepts and controls. Public To commit fraud, someone may install unauthorized
CIOs can control and prevent IT fraud in the following ways: software or make unapproved changes to an existing net-
work component, essentially compromising or disabling
1. LOGICAL SECURITY security settings.
How easily can an individual gain unauthorized IT access Sound change management policies must direct any
to manipulate or extract data? Logical security measures IT installations or modifications. File integrity agents
address that concern. detect all file changes, and not just recent modifica-
Firewalls and software for blocking spyware and viruses tions. Regularly comparing those findings to an autho-
provide network perimeter security against common rized change log helps administrators more easily detect
external attacks. Virtual private networks (VPN) and improper alterations.
various whitelist approaches that allow only authorized
applications to run on any hardware provide additional 3. DATABASE ADMINISTRATION
malware defense. Databases house crucial information that can lead to
Within the network, authorization and authentication immense losses when altered or stolen. Database admin-
policies that go beyond standard login/password practices istration controls define and enforce individual action,
provide greater security for crucial files and applications. object and constraint rights.
Passwords and logins should require regularly updated An action includes insert, read, modify or delete
alphanumeric and special character combinations that responsibilities. Granting authorization only for work-
cannot be easily guessed. required actions could deter a state transportation
department’s regional supervisor from inserting a record
for a nonexistent vendor.
VARIOUS METHODS OF DATA ENCRYPTION ASSURE Object limitations restrict the types of database records
THAT CRUCIAL INFORMATION REMAINS IN AN someone can access. With object restrictions, a public
hospital administrator, for example, could not access
UNUSABLE FORMAT IF ACCESS CONTROLS FAIL. individual patients’ records.
Constraint restrictions assign limitations for authorized
Personal authentication practices provide an additional actions. Based on assigned constraints, a public utility
layer of protection. Authentication measures include chal- employee would face dollar restrictions in crediting a resi-
lenge questions, smart cards or portable electronic tokens dent’s account.
that store a PIN, digital signatures, fingerprints or other
form of unique identification information. That information 4. DATA STORAGE
transmits to a desktop PC, laptop or mobile device via a card Where does critical data reside? Is it on a workstation or
reader, RFID, USB port or Bluetooth wireless technology. laptop hard drive, a secure or unprotected server, within a
User provisions define what IT access rights individu- data warehouse or in an offsite repository?
als need to perform work-related duties. Those provisions Data storage considerations must reflect the data’s
encompass specific application functions and modules, nature, with more crucial information requiring more
and enable organizations to enforce defined segregations secure storage and tighter access restrictions. Police 911
of duties as they relate to IT needs. calls and ambulance response reports should reside on a
IT directories maintain employee groupings and IT secure file server in a searchable directory.
access levels granted to each individual, based on assigned A register of deeds office may hold thousands of build-
user provisions. Microsoft’s Active Directory manages and ing permit files. A secure data warehouse may be the best
location for those records. Data that needs to be archived, Various methods of detecting inappropriate or unexpected
such as death certificates from past decades, should reside activity exist. Exception reports identify data anomalies or
in an offsite storage repository. Nonpublic information changes to protected data. Data analysis compares data sets
that isn’t needed for future purposes should be properly to identify transactions — based on rules — that indicate
disposed of to alleviate data security concerns. incongruent or inappropriate activity.
5. DATA ENCRYPTION SEGREGATION OF DUTIES IS A CRUCIAL FRAUD
Various methods of data encryption assure that crucial
information remains in an unusable format if access con- PREVENTION CONCEPT. A CIO OR CHIEF
trols fail. For online transmissions, secure sockets layer INFORMATION SECURITY OFFICER MUST ALIGN
(SSL) encryption is commonly used to keep intercepted data
from being read. ACCESS RESTRICTIONS WITH SEGREGATED
Within the network, data encryption technologies let- WORK ROLES AND RESPONSIBILITIES.
managers protect vital information while retaining common
file management practices. Data encryption, for example, Newer technologies also incorporate instant detection and
secures driver’s license numbers while maintaining the notification capabilities. Database activity monitors (DAM),
metadata and existing file system view. for example, continuously oversee all database activity and
Such general IT controls provide a first line of defense issue alerts whenever uncommon or improper activity occurs.
against fraud and are supplemented by automated detec- Security information and event management (SIEM) sys-
tive systems that immediately call out or suspend ques- tems also automatically send notifications whenever unusual
tionable IT-related activities. transactions, security infractions or other suspicious activi-
ties happen. That SIEM oversight may cover a lone applica-
THE POWER OF SEGREGATION tion or numerous programs, as well as other IT components.
Segregation of duties is a crucial fraud prevention con- Administrator-defined business rules and standards of
cept. A CIO or chief information security officer must normal IT activity determine when DAM or SIEM systems
align IT access restrictions with segregated work roles and provide alerts. An alert may occur when someone spends
responsibilities. This allows managers to most effectively too much time viewing a read-only file containing stu-
deploy application controls and other automated, preventive dents’ Social Security numbers. Managers may also get
measures. alerts when the monthly volume of closed traffic citations
User provisions provide the foundation for establishing exceeds normal averages, or when a public safety officer’s
and enforcing segregation of duties within IT systems. The work shift hours exceed the legally allowed limit.
user provision incorporates the least privilege concept, Screenshot files and audit trail features document activity
which restricts a person’s IT access rights to components sequences. Some systems also immediately suspend user
required for defined, segregated duties. activity whenever suspicious actions unfold. Such imme-
IT directories maintain employee groupings and each diate detection eliminates the costly time lags and other
individual’s IT granted access levels. When someone logs potential difficulties associated with manually evaluating
on to any IT element, access is granted or denied, based on IT logs to detect anomalies or exceptions.
login, password and user provision information.
In conjunction with the IT directories, user provisions MAINTAINING CONTINUAL VIGILANCE
automatically ensure that segregation of duties remains in The public sector faces constant internal change in per-
place for all processes requiring IT access. sonnel, processes and the IT systems it uses. Keeping pace
with such change and providing optimal fraud protection
DAM: GOOD DETECTION requires continual vigilance.
Even with the best preventive measures, individuals may Sustaining that vigilance takes money and time, but those
still find ways to commit fraud. Preventive IT controls cumulative costs are generally less than the expenses associ-
can’t fully protect against collusion. Someone may misuse ated with just one fraud discovery incident. The resources com-
granted authorization or share access information, while mitted to preventing and detecting fraud function as a form of
another individual may devise means to circumvent pre- insurance, a form of insurance that saves significant potential
ventative controls. taxpayer expense and provides immediate peace of mind. ¨
IS LAYING THE
BY G R E G D E B O R A N D R O B E R T WA H | C S C
O ver the next five to seven years, major federal health-care
initiatives will offer new and significant industry direc-
tion and funding for health IT investment.
STATES MUST ACT QUICKLY
Providers, the federal government and the states are coming
together, in many cases for the first time, as a result of health
The American Recovery and Reinvestment Act will pump IT efforts — specifically about health information exchange
billions of dollars into health IT through the act’s Health (HIE). The federal Office of the National Coordinator for
Information Technology for Electronic and Clinical Health Health Information Technology issued a request for proposals
(HITECH) provisions. These provisions offer an estimated in August 2009 for states, territories and nonprofit organiza-
$2 billion in seed funding and $45 billion in incentives for tions to participate in the State Health Information Exchange
the “meaningful use” Cooperative Agreement Program. All eligible states and ter-
of electronic health ritories applied for funds in October 2009 and received pre-
records (EHRs), as liminary budget determinations ranging from approximately
defined in recent reg- $4 million to $40 million in federal funds over the next four
ulations proposed by federal fiscal years (through October 2013).
the U.S. Department States will use these funds to plan and implement exchange
of Health and Human capabilities designed to enable EHR systems in provider
Services, payable organizations, and state and federal agencies, so they are
through the Centers for interoperable and share data for specific purposes. HIE funds
Medicare and Medicaid are essentially a down payment on providers earning their
Services (CMS). portion of the larger CMS incentives. In fact, HIE funding
At the same time, represents the first small wave of health IT investment that’s
major health-reform legislation at the federal level relies expected over the coming years — to be followed by a larger
on health IT to implement payment reforms, new capabili- investment in EHRs and, finally, an even larger wave of invest-
ties and cost savings. Although many aspects of the reform ment in a fully wired and reformed health economy that would
debate and federal regulations for health IT adoption remain be capable of providing population health analysis, manage-
unresolved, there seems to be one issue that all participants ment and decision support.
and policymakers — from government to employers, health The new responsibilities require states to have high levels of
plans, providers and consumers — tend to agree on: Health organization, expertise and support, but states are currently all
IT is a foundational and essential element of health-care over the map in their plans for HIE. Some, like New York, have
reform. been investing in their own for years. Others have been plan-
ning for investment, but their plans may not be aligned with
HISTORIC OPPORTUNITY the federal guidelines detailed in the national coordinator for
Guided by this new federal policy push and its associated health IT’s RFP The majority, however, have only begun plan-
funding, health IT investment over the next few years will ning as a result of the RFP and are now crafting an approach
likely have three main focal points: for investment, implementation and operation that takes
Health-care providers will use federal impetus and funding into account the five areas of concentration directed by the
to move their business plans and agendas forward. Recovery national coordinator for health IT: governance, finance, tech-
Act funds are significant, but only available for a short time nical infrastructure, business and technical operations, and
and will have the desired effect of getting the private sector to legal/policy. The states are encouraged to incorporate public-
begin moving toward adopting health IT. private investment and representation into their plans and to
Federal agencies will look to use broader IT capabilities in “leverage existing regional and state level efforts and resources
health care to streamline processing and payment of benefits that can advance HIE,” including regional health information
— and to track the nation’s health and improve health out- organizations and their Medicaid Management Information
comes through programs and policy. Systems infrastructure.
States and territories will provide an important multiplier To continue to qualify for HITECH implementation fund-
effect for federal efforts and a critical concentration point for ing, states have three to eight months to complete their plans,
providers seeking assistance and connection to federal efforts. depending on where they are in the process. They have heavy