I just finished a bit of a whirlwind trip, during which I
was chased out of Miami by Ernesto, and thought I would share with you the
potpourri of ideas that came out of some of my recent discussions with
colleagues.
The topic I first wanted to bring to your attention came to
me as I was lifting off from Miami one day ahead of what—at the time—was a
possible category 1 hurricane. IÂ’m sure you are thinking that I am about to
lecture on disaster recovery and preparedness, but IÂ’m not. Well, maybe in a
sideways kind of way. I want to talk to you about insurance. LOLÂ…that sounds
like I want to sell you some, but in
fact, many government entities are “self insured.”
If those words donÂ’t give you the heebee jeebies, they
should. Have you added up the cost of equipment in your data center lately? If
you havenÂ’t, you should. More importantly, have you gone through the exercise
of determining what it would cost you to replace everything in your data center
at todayÂ’s prices? That is another exercise that you should perform. Then take
both of those numbers to your CFO, or Risk Manager, and ask if they are
prepared to fork out those kinds of dollars, in addition to consulting services,
to get your organization back up and running. Remind them that at the same time
you will be asking for these funds, every other department in your government
organization is most likely going to be asking for money at the same time.
And if you think FEMA is going to bail you out of the above
predicament, you better think again. Getting money FAST and FEMA usually donÂ’t
go together in the same sentence.
I bring this up because there are local and even state
governments out there whose cash reserves, often known as “rainy day” funds, are
woefully under funded. Thus, they would not be prepared to handle your whopping
bill up front. This leads me to suggest creating a leasing agreement with a large
vendor such as HP, IBM, or GE Capital that would provide the hardware and help
to re-create a data center in the event of a catastrophe. Anyway, it’s something
for you to think about as part of your disaster planning.
On a different topic, letÂ’s talk about CALEA. Oh you know,
the Communications Assistance for Law Enforcement Act – everyone’s favorite
subject. I say this partly with tongue in cheek, because I think that some
local and state governments wrongly believe that they are not required to
comply with the recent FCC rulings regarding CALEA compliance. However, there
are a growing number of state and local governments who are dipping their toes
into the provision of Internet access to the general public, either through
wireless, broadband, dial up, or providing use through shared facilities.
If your organization falls in this category, you are more
than likely going to have to be CALEA compliant, particularly if you are
providing unauthenticated access to the Internet.
Now what does it mean to be CALEA compliant? Well, by the
FCCÂ’s definition, that is clear as mud. The FCC has not clearly stated what it
means to be compliant – they just set a date by which you have to BE compliant.
DonÂ’t you just love it?
Many of the CIOÂ’s that I know are sitting down with their
legal counsel now, looking at the FCCÂ’s rulings on CALEA, and attempting to
decide if they probably will need to comply or probably wonÂ’t. If they decide
that they probably will—they are letting their CFO and administration know that
they are probably going to need a hundred thousand dollars or so to become
compliant. That way, no one gets blind sided come compliance time, which by the
way, is MAY 14, 2007.
Changing subjects again, I canÂ’t seem to get the disaster
that happened at Bluegrass Field in Kentucky out of my mind. Having flown out
of there on COMAIR flights myself on occasion I feel lucky not to have been on
that particular flight and my prayers go out to the families of those who lost
loved ones in the crash. However, doesnÂ’t this whole scenario sound like it
could have been prevented if the right technological solution had been in
place? You would think that with all the position finding equipment that is
available these days, that there would be a way to ensure that these types of human
errors could be avoided. Given that the FAA is strapped for controllers, one
would turn to technology as a way of making up for the shortfall in people,
donÂ’t you think?
Lastly, I heard on the radio this morning that AT&T had
their online store hacked and people who purchased DSL equipment had their
customer information stolen, including credit card information. If this proves
to be true, I can only shake my head and mutter, “encryption, encryption, and
encryption.”