Slide 1 City of Seattle 8 October 2004 Nine Tough Questions Bill Schrier, CTO, City of Seattle Nine Tough Questions Mayors Should Ask Their Geeks For Mayors’

8 October 2004 Nine Tough QuestionsBill Schrier, CTO, City of Seattle

Slide 1

City of Seattle

Nine Tough Questions Mayors Should Ask Their Geeks

For Mayors’ Technology SummitFox School of Business, Temple University

8 October 2004Bill Schrier, Chief Technology Officer

City of Seattle, [email protected]


Slide 2

City of Seattle

The CIO

Chief Geek, aka CIOChief Information Officer – The person, reporting to the

CEO, who determines the overall strategicdirection and insures business contribution of the information systems function in a business.

Geek, noun, slanga person who is extremely interested and

knowledgeable about computers, electronics, technology, and gadgets; also called gearhead, propellerhead

Propeller-less


Slide 3

City of Seattle

Wi Fi

Phish

ing

XML

VoIP

VirusesInterne

t


Slide 4

City of Seattle

Tough Questions

• Information technology must serve constituents• Information technology and networks:

– an enabler of government– also a dependency, vulnerability– new threats: cyber-attacks, info theft, reputation loss

• How do you know your IT is effective and secure?

• Hard questions to help you - the City’s CEO – insure IT serves you and your constituents


Slide 5

City of Seattle

1. Priorities

• Increasingly, technology enables every department to deliver faster, better, cheaper

• IT works across the government – interdepartmental cooperation, interoperability

• Technology makes your priorities “real”: 24x7 services, web, 311, community notification

• But there is so much to do! And it is costly! How do you decide where to invest $$$ ?

Tough question number 1: Do your geeks (technology staff) know your priorities?


Slide 6

City of Seattle

Mayor Nickels’ Priorities

• Get Seattle moving

• Keep our neighborhoods safe

• Jobs, opportunity for All

• Build strong families and healthy communities

• Make a difference in the lives of people!

Greg Nickels Mayor of Seattle


Slide 7

City of Seattle

2. City Employees

• Effective government depends upon information & communications

• Employees – your greatest asset and vulnerability• Hiring – background checks• Internet, e-mail usage policies• Remote access, security policies, two-factor

authentication

Toughie #2: Are your City’s employees ready and able to secure your information?

• Security awareness – “post-it” note terror• Computer forensics – “personal” computers


Slide 8

City of Seattle

3. CISO

• THE single “go to” official, responsible for information security policy, awareness, resources and programs

• Advises departments on risk, issues, compliance and the law: HIPPA

• A check on too-rapid deployment of technology – the “idea virus”

• Need help? Call my CISO!

Toughie #3: Do you have Chief Information Security Officer?

Kirk Bailey, CISO Seattle


Slide 9

City of Seattle

4. IT and EOC

• Communications are critical in both daily emergencies and disasters

• Radio, telephone, computer networks, e-mail, web, GIS (maps), applications

• Multiple redundant communications • Second responders • WTO, Nisqually Earthquake

Toughie #4: Are your IT staff an integral part of your Emergency Operations Center?

Public Safety Radio Tower


Slide 10

City of Seattle

IT Incident Command

• Worms and viruses and hackers, oh my!

• Sasser, Randex F, MyDoom

• Cyber attacks on utilities, communications

• Alki Vulnerability Exercise

• TOPOFF2 Cyber-Exercise 2003

Toughie #5: Do your geeks know and practice incident command?


Slide 11

City of Seattle

Cyber Wormslayer


Slide 12

City of Seattle

Real Life

TOPOFF2 Cyber @ Washington State EOC6-7 May 2003


Slide 13

City of Seattle

6. Message

• Website• Electronic mail lists, listserv’s• Your TV Channel, emergency messages• Video streaming, library• Broadcasting from your EOC• Backup website, electronic mail

Toughie #6: Is IT ready to broadcast your message?


Slide 14

City of Seattle

What Scares Schrier


Slide 15

City of Seattle

7. Disaster Recovery

• Constituents understand an earthquake• But not water leaks or building fires• Data secured off-site• Backup sites and plans• Not just computers: phones, web, e-mail• All departments – business continuity

Toughie #7: Do you have an IT disaster recovery plan?


Slide 16

City of Seattle

8. Securing Data

• Rigorous policy for new public web applications: hardening, outside review

• Safeguarding names, social security numbers and identity theft

• Privacy policy for your website

• A certain county …

Toughie #8: It is 11PM. Do you know where your constituents’ data are?


Slide 17

City of Seattle

9. Protect Your Brand

• Impersonating, identity theft of your City’s good name

• Integrity and trust

• Phishing – policy “we don’t”

Toughie #9: Can your CIO protect your City’s branding and good name?

• Protecting the “.gov” domain

• Spoofing and e-mail …


Slide 18

City of Seattle

The Bottom LineCity government is about making a difference in

the lives of people.• Information technology:

– enables better constituent service– allows citizens more access to and better interaction

with their government– but is a two edged sword

• Hard questions, sound policies, make for effective, secure information technology

Documents

Slide 1 City of Seattle 8 October 2004 Nine Tough Questions Bill Schrier, CTO, City of Seattle Nine Tough Questions Mayors Should Ask Their Geeks For Mayors’