Friday, March 07, 2003

NIMS and HSPD #5 This is in Homeland Security Presidential Directive #5 which was issued last week: To prevent, prepare for, respond to, and recover from terrorist attacks, major disasters, and other emergencies, the United States Government shall establish a single, comprehensive approach to domestic incident management. The objective of the United States Government is to ensure that all levels of government across the Nation have the capability to work efficiently and effectively together, using a national approach to domestic incident management. In these efforts, with regard to domestic incidents, the United States Government treats crisis management and consequence management as a single, integrated function, rather than as two separate functions. With respect to the states, The Federal Government recognizes the roles and responsibilities of State and local authorities in domestic incident management. Initial responsibility for managing domestic incidents generally falls on State and local authorities. The Federal Government will assist State and local authorities when their resources are overwhelmed, or when Federal interests are involved. The Secretary will coordinate with State and local governments to ensure adequate planning, equipment, training, and exercise activities. The Secretary will also provide assistance to State and local governments to develop all-hazards plans and capabilities, including those of greatest importance to the security of the United States, and will ensure that State, local, and Federal plans are compatible. This next item is important in that it defines a system that is supposed to provide a consistent approach for incident management: The Secretary shall develop, submit for review to the Homeland Security Council, and administer a National Incident Management System (NIMS). This system will provide a consistent nationwide approach for Federal, State, and local governments to work effectively and efficiently together to prepare for, respond to, and recover from domestic incidents, regardless of cause, size, or complexity. Most states probably have or are developing their own incident management system, so the question is, will states be expected to use a monolithic national system or will xml interfaces be developed between federal and state systems.  What will be this consisten approach? 2:55:41 PM    comment []

Online Communities Jon Udell writes in Infoworld about online communities, I'm convinced that destination sites and centralized message stores are not the future of online community. Blogs are. They solve a bunch of problems. They also create a few new ones, but these feel like really good problems to tackle. As Bruce implies with his comment about work dynamics, ad-hoc assembly and loose coupling will increasingly characterize both social and technical architectures. In other news, CNN reports that Scientists at the Stanford Linear Accelerator Center used fiber-optic cables to transfer 6.7 gigabytes of data -- the equivalent of two DVD movies -- across 6,800 miles in less than a minute. The center is a national laboratory operated by Stanford University for the U.S. Department of Energy. The transfer rate is a new internet speed record.  Meanwhile, an Oregon legislator has introduced a bill that requires state government to consider using open source software when acquiring new software. In the US, we use Pringles containers, in the UK, they're using dogfood cans. GCN quotes former Georgia CIO, Larry Singer, speaking at the State of the States conference in DC, “Back in the ’90s, e-anything was hot. Everybody wanted government to use technology the way business did. But the idea of being a technology governor has come and gone except for the people who really understand government, and understand that technology is woven into what government does, which is mostly transactions.” 9:35:22 AM    comment []

Compromise of Personal Information Barbara Haven, blogging from California, refers to a major hack of a University of Texas administrative data reporting system which compromised information on 55,000 individuals.  According to Infoworld, the attacker used a "blunt force" technique by programming inputs of millions of Social Security numbers into the system.  Matched records were captured by the intruder. On the last night of the legislative session, the state legislature passed substitute House Bill 105.  Part 4 is now referred to as the Government Internet Information Privacy Act.  This act applies to any state agency that maintains a public website.  For purpose of the bill, personally identifiable information means name, account number, physical address, electronic address (I guess that could mean email or IP address), telephone number, or social security number.  According to the bill, before a government website can collect personally identifiable information, the website must contain a specific policy statement which (among other things) includes a general description of the security measures in place to protect a user's personally identifiable information from unintended disclosure.  I think our standard privacy policy statement addresses the issues as outlined.  We just need to review it to make sure. The bill also requires the IT Commission to study the issue of popup ads.  It would be nice to eliminate them, wouldn't it? I am glad that Google is beginning to address issues associated the security of the Blogger product. 8:42:00 AM    comment []

© Copyright 2003 David Fletcher.