The Transformative Nature of Cyber

This month’s blog posting is from Ira E. Hoffman, who is joining us as one of the speakers for tomorrow’s WIT.Connect: CyberConnect-The Intersection of Technology, Law and Law Enforcement. Please see his bio after the blog post.

The Transformative Nature of Cyber

Excerpted from Ira E. Hoffman’s “A PCI Blog Series”

This is the first in a series of blogs on the theme of the transformative nature of “cyber.”  In this installment, we will begin setting the baseline for a dynamic discussion of a wide range of cybersecurity issues, starting with the definition of “cyber.”  We will also provide a briefly annotated list of the statutes that most relate to the cybersecurity issues we will address.  In future blogs, we will cover other sources of U.S. cyber law and policy, and then will turn to the transformative nature of cyber.  Although cybersecurity affects everyone, not just government contractors, and we will address the effects of cyber issues on society, generally, we will always maintain a focus on the effects on government contractors, in particular.

To begin with, we need a working definition of “cyber,” and we derive ours from the National Institutes of Standards and Technology (NIST) definition of “cyberspace.”  Although the term “cyber” is usually used as a prefix in conjunction with words such as attack, incident, security, space, and threat, we will use the term “cyber” broadly, with or without a suffix, to refer to information technology (IT) that is used in connection with “the interdependent network of information systems infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.”  See NIST, Glossary of Key Information Security Terms, NISTIR 7298 (Rev. 2, 2013) (adapted from definition of “cyberspace”).

Now that we have a working definition of “cyber,” we turn to the current state of U.S. law relating to cyber, which can only be described as a “patchwork.”  Since there is nothing in the Constitution about cyber, and even though the courts have recognized a constitutional right to privacy, starting with Griswold v. Connecticut, 381 U.S. 479 (1965), the primary source of cybersecurity law is statutory.

Unfortunately, there is no single, comprehensive, remotely up-to-date Federal cybersecurity statute.  In that light, the following is a list, albeit an idiosyncratic one, of statutes that establish or affect significant Federal cybersecurity requirements.  Since they were passed in response to successive, evolving cyber threats of differing magnitudes, but without having a harmonized statutory scheme as an organizing principle, it is illuminating to list the selected statutes in chronological order.

• Counterfeit Access Device & Computer Fraud & Abuse Act of 1984, Pub. L. No. 98-473 (codified as amended at 18 U.S.C. § 1030) (prohibits attacks on Federal  computers and bank networks in interstate and international commerce)
• Computer Fraud and Abuse Act of 1986 (CFAA), Pub. L. No. 99-474 (codified at 18 U.S.C. §§ 1001 note, 1030) (expanded scope of CFAA of 1984; carved out  exemption for Intelligence Community (IC) and law enforcement agencies)
• Electronic Communications Privacy Act of 1986 (ECPA), Pub. L. No. 99-508 (codified at scattered sections of 18 U.S.C.) (bans unauthorized electronic eavesdropping) (includes the Stored Communications Act, 18 U.S.C. §§ 2701-2712, which proscribes illegal access to stored communications, which now include “cloud” storage of emails)
• Computer Security Act of 1987, Pub. L. No. 100-235 (codified at 15 U.S.C. §§ 278g-3 & 278g-4, 40 U.S.C. § 759) (directed NIST to develop cybersecurity policies for Federal civilian agency networks, except for national security systems used for DoD and the IC)
• Paperwork Reduction Act of 1995, Pub. L. No. 104-13 (codified as amended at 44 U.S.C. §§ 3501-3520) (directed OMB to develop Federal cybersecurity policies) (superseded in part by Homeland Security Act, infra)
• Clinger-Cohen Act of 1996 (a/k/a Federal Acquisition Reform Act (FARA) & Information Technology Management Reform Act of 1996 (ITMRA)), Pub. L. No. 104-106) (repealed portions of Brooks Act by giving agency heads authority to acquire IT; established CIO position at each agency; required agency heads to ensure adequacy of agency cybersecurity policies; exempted national security systems from most provisions)
• Health Insurance Portability & Accountability Act of 1996 (HIPPA), Pub. L. No. 104-191 (codified in scattered sections of 29 and 42 U.S.C.) (amended in pertinent part by the HITECH Act, infra) (required HHS to establish technical standards for protection of Personal Health Information)
• Gramm-Leach-Bliley Act of 1999, Pub. L. No. 106-102 (codified at 15 U.S.C. §§ 6801-6827) (requires financial institutions to protect customers’ personal information)
• Sarbanes-Oxley Act of 2002 (Public Company Accounting Reform and Investor Protection Act), Pub. L. No. 107-204 (codified at scattered sections of 15 & 18 U.S.C.) (requires public companies to report on internal financial controls, including cyber attacks that result in loss of protected information)
• Homeland Security Act of 2002, Pub. L. No. 107-296 (codified at scattered sections of 6 U.S.C.) (established Department of Homeland Security (DHS); included Cybersecurity Enhancement Act of 2002, Pub. L. No. 107-296, Title II, § 225 (codified at 6 U.S.C. § 145 & scattered sections of 18 U.S.C.) and original Federal Information Security Management Act of 2002 (FISMA), Pub. L. No. 107-296, Title X; transferred many cybersecurity functions from other agencies to DHS; directed DHS to provide information on cyber threats to State and local authorities and private entities and assist them in protecting critical infrastructure)
• Federal Information Security Management Act of 2002 (FISMA), Pub. L. No. 107-347, Title III (a/k/a E-Commerce Act of 2002) (codified at 44 U.S.C. §§ 3541-3549) (established broad framework of standards and requirements for Federal IT networks and services; last overarching Federal cybersecurity statute)
• Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA), Pub. L. No. 108-458 (codified at scattered sections of 42 and 50 U.S.C.) (created post of Director of National Intelligence; established cyber responsibilities for certain entities in the IC, homeland security and national security communities; and created a Privacy and Civil Liberties Board)
• Health Information Technology for Economic and Clinical Health Act (HITECH Act), Pub. L. No. 111-5 (2009) (codified at scattered sections of 42 U.S.C.) (updated and expanded HIPAA cybersecurity and privacy requirements for health-care providers)

To be sure, other statutes (and lists of statutes) contain provisions that are related to cyber, see, e.g., Eric A. Fisher, Cong. Research Serv., R42114, Federal Laws Relating to Cybersecurity:  Overview and Discussion of Proposed Revisions (2013), but this list and the blog series will focus more on those sources of law and policy that affect or potentially affect government contractors.

With that in mind, future blogs will cover Executive Order 13536, Improving Critical Infrastructure Cybersecurity, which the President issued in February 2013 to address the growing cyber threat to critical infrastructure, which “represents one of the most serious national security challenges we must confront.”  76 Fed. Reg. 11739 (Feb. 19, 2013).  We will also cover the cyber aspects of the interim DFARS rule on requirements relating to Supply Chain Risk, DFARS Subpart 239.73; the final DFARS rule on Safeguarding Unclassified Controlled Technical Information, DFARS Subpart 204.73; and the final DFARS rule on Detection and Avoidance of Counterfeit Electronic Parts, DFARS Subpart 246.8.  Then, having covered most of the sources of cybersecurity law relating to government contractors, we will turn to U.S. cyber policy, as set forth in, e.g., the NIST Framework and the various National Strategies regarding cyberspace.

Ira E. Hoffman’s Biography

Ira E. Hoffman is a Principal, practicing Cybersecurity, Government Contracts and International Law at Offit Kurman, a multi-state law firm.  He is a member of the CyberMaryland Advisory Board, the Governor's International Advisory Council, and the Board of the Public Contracting Institute. 

He has published several articles on aspects of cybersecurity law and policy, and has been a moderator or panelist at a number cybersecurity conferences, including CyberMaryland (2013 & 2014), the inaugural CyberMontgomery, and the Defensive Cyber Operations & Intelligence (DCOI) annual conference, which is co-hosted by Tel Aviv University's Institute for National Security Studies (INSS) and the U.S.-based Cyber Security Forum Initiative (CSFI). 

Do I dare to follow my dream?

This month’s blog posting is from our own Jane Maliszewski, Chair of WIT’s Programs Committee. This post focus on the upcoming WIT.Connect: Dreaming Big, Growing Big, Thursday September 18th, 6:00-8:30 PM at the Gannett Building, 7950 Jones Branch Drive, McLean. Register at: http://bit.ly/Z5QOOn. Please see her bio after the blog post.

 Do I dare to follow my dream?

Guest post by Jane Maliszewski

I met an energetic young woman at a tech event earlier this week and we got into a deep conversation about her career path. She's worked in several areas--HR, facilities, systems, project management--but her real love--I could sense from the intensity in her voice and expressiveness of her eyes-- was Business Analysis/ Business Requirements. 

She was animated as she spoke about how BA is not often done well and so many projects fail to meet customer expectations because the developer side and the customer side aren't talking the same language. As an IT executive for many years, I knew exactly what she was talking about! 

Her most enjoyable projects were the ones where she could serve in this conduit role, linking the customer needs with the product's development. She had even started some small workshops at her company to teach others how to do better requirements analysis. 

In our brief time together we didn't quite get to the point of framing out a dream to follow. But our upcoming WIT.Connect was definitely on my mind and I hope she will be there to gain inspiration and momentum on this passion that clearly drives her. 

On September 18^th WIT will have this amazing panel of successful women sharing the stories of their dreams, what matters to them, how they were challenged, persevered, and where they ended up. Like my new connection, who sees a gap that needs filling in requirements analysis, these women saw something that needed doing and followed that dream. 

Our panel: 

• Michele Bolos, Founder & CEO of NT Concepts, a technology and business solutions company, who has a passion for rewarding entrepreneurship


• Dr. Nicole Close, WIT Leadership Award and Founder & CEO at Empiristat, who carved out a unique niche in the bio-med field and is a serial entrepreneur


• Sabrina Hersi Issa, Founder & CEO at Be Bold Media, who combined her knowledge of technology and passion for advocacy into a conduit for civic engagement


• Jennifer Weiss, former publisher at 1105 Media, who followed her dream into a totally different career field as a salon owner

In coaching, we often encourage our clients to write down and speak out loud the thing they want to change, whether that is a fear to conquer or a goal to achieve. Putting it down on paper and sharing it with others is incredibly empowering. During our networking 'connect' time, everyone will have the opportunity to contribute to the "WIT Wall of Dreams" to share in black & white & color what matters to you, your dream. I hope that will be at least your first step towards making it your reality. 

WIT.Connect: Dreaming Big, Growing Big, Thursday September 18th, 6:00-8:30 PM at the Gannett Building, 7950 Jones Branch Drive, McLean. Register at: http://bit.ly/Z5QOOn.

 

Jane Maliszewski is an Executive Coach and founder of VAULT Associates, a consulting business providing leader development and organization effectiveness services to technology companies. She often works with leaders who want to develop Emotional and Social Intelligence competency to create positive changes in their professional and personal lives. Jane served 27 years as an officer in the US Army. She has Masters degrees in Business Administration and National Strategy, and advanced professional certification in Leadership Coaching, Organization Development, and Knowledge Management. Jane is a WIT Board member and Chair of the WIT Programs Committee. Favorite things -- besides helping people achieve their potential! -- are cooking and adventure travel.

“Easy to Find, Easy to Buy” – Envisioning the Next Step for Cloud Computing on IT Schedule 70

This month’s blog posting is from Mary Davie, you may remember her as one of the speakers on our June 19^th panel for Government Leaders at the Helm. Please see her bio after the blog post.

“Easy to Find, Easy to Buy” – Envisioning the Next Step for Cloud Computing on IT Schedule 70

Excerpted from Mary Davie’s “Great Government through Technology” GSA Blog

GSA has led efforts to create a 21st century government, including introducing cloud to federal agencies. We offer a variety of contract vehicles that help agencies streamline acquisition of cloud technologies, including IT Schedule 70, the Email as a Service and Infrastructure as a Service Blanket Purchase Agreements (BPAs), and Government wide Acquisition Contracts (GWAC) like Alliant and Alliant Small Business.

As the cloud marketplace is maturing, we are seeing an increased focus on IT Schedule 70 as one of the main acquisition vehicles for agencies.

IT Schedule 70 is already the largest, most widely used IT acquisition vehicle in the federal government, and we are continuously looking to improve what it offers. One area we are exploring is looking for ways to help customers find and buy cloud services.

For example, we are considering the creation of a single Special Item Number (SIN) for all cloud services that would provide clear cloud technology differentiation for customers and improve ease of access to acquire cloud services. We recently released a request for information, seeking industry input on this idea.

IT Schedule 70 already offers cloud services, and our industry partners have cloud offerings in several SINs, so why create a new SIN?

Through customer dialogue and market research, an integrated team of acquisition, technology, and program experts across the Federal Acquisition Service (FAS) has identified that there would be benefits to creating a Cloud SIN to all parties involved:

·     GSA Customers – Clear differentiation of cloud services vs. non-cloud IT products and services, and empowered cloud buying through better data

·     Industry Partners – Opportunity to market distinctive solutions and offerings on IT Schedule 70

·     Internal GSA Operations – Enable more granular reporting on cloud sales to enable decision making, and help our customers buy better through data

The goal of this new SIN would be to provide clear cloud technology differentiation and ease of customer access through systems such as eBuy and GSA Advantage!

Since SINs create logical categories of services within a Schedule, we envision the creation of a Cloud Computing Services SIN will provide a level of differentiation for customers that would more easily and clearly identify cloud services.  Additionally, GSA could establish a set of qualifying requirements that would help customers in identifying cloud services that meet acceptable standards around security, data, and other characteristics.

We are always looking for ways to make sure that doing business with us is as easy and reliable as possible. We believe that adding a Cloud Computing Services SIN would realign IT Schedule 70 cloud technology offerings to better reflect the current cloud computing market and satisfy customer needs.

The cloud market is sufficiently mature to offer differentiated and vetted cloud services through a single SIN, and this makes sense for both GSA customer agencies and industry partners. We are looking for feedback to make sure we get it right and look forward to the conversation. Read the RFI.

 Mary Davie’s Biography

Mary Davie is the Assistant Commissioner for the Office of Integrated Technology Services (ITS) in GSA’s Federal Acquisition Service (FAS). The Federal Acquisition Service provides buying platforms and acquisition services to federal, state and local governments for everything from office supplies to motor vehicles to information technology and telecommunications products and services.

As the ITS Assistant Commissioner, Mary is responsible for the largest fee-for-service information technology (IT) procurement and services operation in the U.S. government. Mary leads a highly skilled and diverse workforce that manages more than 7,000 contracts, providing access to relevant and timely IT and telecommunications products, services, and solutions to defense and civilian agencies, as well as to state, local, and tribal governments.

Before her current position, Mary served as Assistant Commissioner for Assisted Acquisition Services, responsible for managing the acquisition of $3.5B in information technology and professional services products, services and solutions to federal agencies worldwide.

Mary has also served as the Acting Assistant Commissioner for marketing and business development in FAS. Mary led business development and marketing efforts intended to increase agency awareness and satisfaction with GSA products, services and solutions. She was responsible for developing strategy, planning for new business, and leading teams to develop customer-focused, integrated solutions.

Mary is an active advocate of the use of Web 2.0 and social media tools to improve government acquisition. She was a founding member of the Better Buy Project and has contributed to the Better Buy Blog.

Mary began her career with GSA in 1989. She has two Bachelor of Science degrees in business finance and business management from Virginia Tech, and a Master’s of Business Administration with a focus in technology management from the University of Phoenix.

 

Consolidating IT Infrastructure: Lessons from the Trenches

This month’s blog posting is from Teri Takai, you may remember her as the Keynote Speaker for this year’s WIT Leadership Awards.  Please see her bio after the blog post.

Consolidating IT Infrastructure:  Lessons from the Trenches

A perspective from Former DoD CIO Teri Takai

I am so excited to be initiating the WIT blog! I am a huge supporter of WIT and am always so impressed with the work that you do to provide networking opportunities and scholarships to encourage young women in technology fields. 

As government at all levels is looking at information technology to provide secure, effective, and cost efficient services, the question of improved control through consolidation becomes a popular topic. The challenges in driving consolidation are many. The challenges vary depending on the organization and the current state of information technology. Cost savings can be predicted based on current expenditure but are much harder to realize as the consolidation progresses. It often takes upfront funding with savings realized in out years. It is also difficult in many settings to actually realize the savings in reduced personnel and contractor costs or elimination of facility costs if there are other drivers which keep those costs in place like personnel policies and long term contracts.

But the greatest challenge is people and what I call 'organizational inertia' - it is hard to move from an operational organization to one which buys/gets services from someone else. There are very valid concerns about who is responsible for the level of service that the customer demands. There are also concerns over what it means to current personnel.

So why consolidate at all? Are the cost savings really worth it? While cost savings are important, security of networks and data is becoming one of the primary drivers. Organizations are finding that securing their current distributed and diverse infrastructure is not possible. The other driver is the ability to introduce new technology applications faster - we can no longer build an infrastructure from the 'data center up' for every new customer demand. Mobile and cloud technologies are teaching us that.

So, what next? Is the value of consolidation worth it? Are the inhibitors greater than the reward? No - it just means that it is hard and it cannot be driven only from the top down. While the direction must come from the top, it is the implementation from the 'bottom up' that will ensure that the consolidation objectives are met while ensuring operational stability and customer service are maintained and improved. In the end, it is patience, persistence and a dedication to the outcomes that will ensure success.

Teri
 

Teri Takai’s Biography

Teri Takai served as the Department of Defense Chief Information Officer (DoD CIO) until May of 2014, after being appointed in October 2010. In this capacity, she served as the principal advisor to the Secretary of Defense for Information Management/Information Technology and Information Assurance as well as non-intelligence Space systems, critical satellite communications, navigation, and timing programs, spectrum and telecommunications. She provided strategy, leadership, and guidance to create a unified information management and technology vision for the Department and to ensure the delivery of information technology based capabilities required to support the broad set of Department missions.

Prior to this federal political appointment, Ms. Takai served as Chief Information Officer for the State of California. As a member of the Governor's cabinet, she advised the governor on the strategic management and direction of information technology resources as the state worked to modernize and transform the way California does business with its citizens.

As California’s CIO, Ms. Takai led more than 130 CIOs and 10,000 IT employees spread across the state’s different agencies, departments, boards, commissions and offices. During her tenure as State CIO, Teri pursued an agenda that supports viewing California’s IT operations from an enterprise perspective, including: Forming a Project Management and Policy Office, release of the California Information Technology Strategic Plan, passage of the Governor’s IT Reorganization Proposal, establishing a Capital Planning Process and directing agency consolidation activities.

Prior to her appointment in California, Ms. Takai served as Director of the Michigan Department of Information Technology (MDIT) since 2003, where she also served as the state's Chief Information Officer. In this position, she restructured and consolidated Michigan's resources by merging the state's information technology into one centralized department to service 19 agencies. Additionally, during her tenure at the MDIT, Ms. Takai led the state to being ranked number one four years in a row in digital government by the Center for Digital Government.

Additionally, in 2005, Ms. Takai was named "Public Official of the Year" by Governing magazine. She is also Past-President of the National Association of State Chief Information Officers and currently serves on the Harvard Policy Group on Network-Enabled Services and Government.

Before serving in state government, Ms. Takai worked for the Ford Motor Company for 30 years, where she led the development of the company's information technology strategic plan. She also held positions in technology at EDS and Federal-Mogul Corporation. Ms. Takai earned a Master of Arts degree in management and a Bachelor of Arts degree in mathematics from the University of Michigan.

Natural Disasters and Green Tech

Monday, April 15, 2013

Natural Disasters and Green Tech

Natural Disasters and Green Tech

By Angela Orebaugh, Booz Allen Hamilton Cyber Fellow

Over the past year, we've seen a number of destructive natural events from the June “derecho” that struck the Metro DC area to Hurricane Sandy. These storms caused billions of dollars in damage to buildings and infrastructure, including mass disruption of electrical service. On more than one occasion, electrical crews from dozens of neighboring states were called upon to help repair power lines and restore service to customers. This isn't something I remember seeing much of in the past, but as the population grows and cities and towns expand, the same outdated electric grid is expanding and serving more and more people by the day. During power outages, many without generators flock to the stores in hopes of finding one. Generators provide a temporary crutch until the main power supply is restored, but generators require fuel, often in the form of gas or propane. As we are seeing in New York and New Jersey in the aftermath of Sandy, the gasoline supply is becoming scarce (or inoperable due to lack of power) and rationing and long lines are the current norm.

Green technology cannot lessen the natural impact of the wind and water of these events, but it does have the ability to lessen the impact of the power outages on households, businesses, and infrastructure. Using green technology such as solar panels would provide enough electricity for the basics (or at least cell phone charging) without the need for gas. The Smart Grid may make the electric grid more storm proof by providing decentralized, redundant microgrids and islanding of energy generation and distribution. The benefit of green technology was demonstrated during Japan's blackouts after the 2011 earthquake and tsunami, as Tohoku Fukushi University maintained power due to its microgrid of distributed generators and batteries. With the right kind of grid installed, batteries in electric vehicles may be used to provide power to homes during power outages.

Green technologies such as these have yet to be fully adopted; however, green technology products and services could see an increase in demand if events like the derecho and Hurricane Sandy become more frequent. At a minimum, I know I’m going to purchase a solar cell phone charger soon.

~~~~~~~~~~~~~

Angela Orebaugh is a Senior Associate with Booz Allen Hamilton and acts as a technology futurist and thought leader with a focus in cybersecurity. She synergizes her 18 years of strategic and technical experience within commercial, academic, and government environments to advise clients on next generation technologies and disruptive innovation. Ms. Orebaugh evangelizes social media and mobile technologies by highlighting the powerful ways in which these technologies are changing business, communications, and information sharing. Ms. Orebaugh educates clients on the security and privacy implications of constantly changing and emerging technologies and provides guidance on applying the appropriate measures to protect the organization and its assets from security incidents.

Ms. Orebaugh is an internationally recognized author of best selling technology books including, Wireshark and Ethereal Network Protocol Analyzer Toolkit, Ethereal Packet Sniffing, and Nmap in the Enterprise. She has also co-authored the Snort Cookbook, Intrusion Prevention and Active Response, and How to Cheat at Configuring Open Source Security Tools. She is an invited speaker at a variety of cybersecurity conferences and technology events including the SANS Institute and The Institute for Applied Network Security.

Spring Cleaning and Electronics

Monday, April 29, 2013

Spring Cleaning and Electronics

Natural Disasters and Green Tech

By Angela Orebaugh, Booz Allen Hamilton Cyber Fellow

Spring has sprung, the weather is warming, and the time has come to start cleaning out closets, cabinets, and drawers. You may have electronics that you no longer use or no longer work. For the ones that no longer work, find an electronics recycling event in your area. These aren’t easy to come by, but my local Whole Foods Market is having one this spring, so check around. For the electronics that still work, consider donating them to charity. Some organizations to consider for donations include:

• iPads. Apple stores collect used iPads to donate to Teach for America, allowing teachers in the neediest areas to have iPads.
• Computers. Used computers can be donated to Computers with Causes and World Computer Exchange for classrooms in the U.S. and overseas. Computers with Causes even offer a free vacation voucher with donation. World Computer Exchange takes working computer parts.
• Cell phones. Many organizations, including Cell Phones for Soldiers, EcoCell, and March of Dimes accept used cell phones. Sprint and Verizon offer take-back programs for donating used phones to charity. Many Booz Allen locations have regular cell phone collection boxes or drives. Check with your local Green Office Team or Facilities Offices Services team to see if your office has a program.
• Other Electronics. Recycling for Charities accepts many types of electronics including cell phones, MP3 players, and cameras. It allows you to select the charity to receive your donation.
• Printer Cartridges. In addition to electronics, Cartridges for Kids accepts all brands of laser and inkjet cartridges and donates the proceeds to the school or charity of your choice.

Make sure to check with the organization about tax incentives-your donation may be tax deductible. Happy cleaning!

The Good and Bad of Technology by Angela Orebaugh

Friday, May 31, 2013

The Good and Bad of Technology by Angela Orebaugh

I live in a high-tech world and my passion is the environment. Recently, I’ve been doing some reading and thinking about how technology can both help and harm our environment. I have addressed this issue indirectly through a number of my articles in this column, including suggesting the consolidation of electronic devices on your smart phone (i.e., combining phone, camera, video, GPS, and games); weighing the green aspects of the Apple iPad versus the resources that it still takes to make one; recycling e-waste; and countless other areas. This article is more direct: how is technology helping or harming our environment? 

Helping:

• Saving Natural Resources: Tech products like computers, smart phones, tablets, and e-readers lessen the need for paper for books, magazines, newspapers, and even document signing. Not only does email save trees, but it also saves fuel used by snail mail carriers and delivery services. Web and teleconferences have saved fuel by enabling remote connectivity and teleworking. Technology has enabled the development of hybrid and electric vehicles saving on fuel and reducing carbon emissions.
• Reducing Energy Consumption: High-efficiency appliances and building systems have saved fuel and reduced energy consumption. Home automation systems can save energy by informing the user of consumption best practices, programming heat and air for maximum efficiency, and turning off lights and electronics when not needed.
• Reducing Consumption: Services like streaming music and movies reduce the need to produce CDs and DVDs. E-commerce has also lessened the need for big box stores that take up space and resources.
• Enabling Better Environmental Planning: Technology, including computer-aided design and visualization programs, has enabled more efficient planning of roadways, cities, and buildings—lessening their impact on the environment.

Harming:

• Creating Pollution: E-waste is a big problem because people don’t recycle their electronics. Electronics fill landfills with hazardous waste from the metals, batteries, and other toxic substances they include.
• Causing Overconsumption: There are too many electronic devices available on the market and they sometimes have redundant features, and all of them are using electricity and putting a strain on our outdated electrical grid. Many new high-tech electronic devices have an “always on” mode for remote connectivity. Even when in idle or energy savings mode, most electronic devices are still using power, called “vampire power.” Consumers feed the harmful effects of overconsumption by purchasing the latest and greatest gadgets as they are released.
• Taxing Manufacturing Resources and Generating Waste: It takes stuff to make stuff. The manufacturing of electronic products takes energy and resources, and results in waste products. Often rare earth elements are stripped from mines and then wasted as electronics are not recycled. Manufacturing also creates pollution from chemicals used for production.
• Increasing Energy Consumption at Large: Not only are all those electronic devices in your home using energy, but technology companies are huge consumers of energy. Think of data centers and other Internet service providers. Some companies have made steps for alternative power and energy efficiencies but still consume enormous amounts of energy.

I’m hoping in the future more technology products will be made from recycled technology products, and may even include compostable components as well. It would be great to continue to see manufacturing companies embrace alternative energy, waste reduction, and other sustainable practices. Until then, do what you can to enjoy the convenience of living in a high-tech world while lessening your carbon footprint and impact on the environment.

 

Angela Orebaugh is a technologist, researcher, educator, and author with a broad spectrum of expertise in cybersecurity.  She synergizes her 20 years of hands-on strategic and technical experiences within industry, academia, and government to perform leading edge research and advise clients on cybersecurity strategy, management, and technologies.  Dr. Orebaugh is currently performing research in the security of cyber physical systems and the Internet of Things.

As a Fellow and Chief Scientist at Booz Allen Hamilton, Dr. Orebaugh leads several cybersecurity initiatives and emerging technology areas for the National Institute of Standards and Technology (NIST), including authoring technology Special Publications (800 series), the National Vulnerability Database (NVD), Security Content Automation Protocol (SCAP) project, and secure eVoting.

Dr. Orebaugh is an Adjunct Professor for the University of Virginia where she is developing and teaching the Internet of Things Security course.  Formerly, as an Adjunct Professor for George Mason University, Dr. Orebaugh developed and taught the Intrusion Detection and Forensics course, a core requirement for the Masters in Computer Forensics in the Department of Electrical and Computer Engineering (ECE).  She completed her Ph.D. at George Mason University with published papers in the areas of behavioral biometrics, attacker profiling, authorship analysis, and cyber forensics.

Dr. Orebaugh is an internationally recognized author of best selling technology books including, Wireshark and Ethereal Network Protocol Analyzer Toolkit, Ethereal Packet Sniffing, and Nmap in the Enterprise.  She has also co-authored the Snort Cookbook, Intrusion Prevention and Active Response, and How to Cheat at Configuring Open Source Security Tools.  She is an invited speaker at a variety of cybersecurity conferences and technology events.