Download: by Ed Moyle and Diana Kelley
Download: by Ed Moyle and Diana Kelley
Download: by Ed Moyle and Diana Kelley
Previous Next
Previous
April 2012
Next
Previous
Next
Plus
Previous
Next
Download
Subscribe
Hacktivists and cybercriminals pose the greatest threats to federal agencies, our Cybersecurity Survey shows. The feds are fighting back with continuous monitoring. >> By Ed Moyle and Diana Kelley
informationweek.com/government
Previous
Next
CONTENTS
THE BUSINESS VALUE OF TECHNOLOGY April 2012 Issue 12
3 Down To Business
Federal efforts to cut IT costs dont go far enough
COVER STORY
8 Post-WikiLeaks Security
State Department continues to enhance security in order to prevent data leaks
CONTACTS
18 Editorial and Business Contacts
informationweek.com/government
Previous
Next
Table of Contents
down to Business
Federal IT Savings, Or Old-Fashioned Spending Shuffle?
Federal CIO Steven VanRoekel maintains that over the past three years, the federal government has done much in adopting private sector practices to triage broken IT investments, reduce the IT infrastructure footprint, and innovate with less. But by his own account, it hasnt done enough. So a few weeks ago, VanRoekel and Office of Management and Budget acting director Jeff Zients introduced PortfolioStat (see story, p. 6), a series of annual data-based reviews of agency IT investments (more sweeping than the existing TechStat program), as well as a new requirement for fed agencies to develop consolidation plans for commodity IT services. All goodas long as these measures actually produce meaningful spending cuts rather than just shuffle federal IT dollars around. In a memo announcing the two initiatives, VanRoekel called out the Department of the Interior, which he says will realize $100 million in annual savings (on an IT budget of about $1 billion) from 2016 to 2020 by modernizing IT infrastructure and aligning resources to improve customer service. Furthermore, he estimated that IT spending reviews already carried out at Interior have rendered $11 million in cost avoidance and $2.2 million in redirection. The fact that Interiors fiscal 2013 IT budget is pegged to decline by $28.6 millionby 2.9%compared with the previous years budget is a positive sign. But lets see if the agencys annual IT budget falls by anywhere near $100 million between 2016 and 2020. VanRoekel is quick to note that fiscal discipline is returning to federal IT. After growing at a compound annual growth rate of more than 7% between 2001 and 2009lean years for private sector IT organizationsfed IT spending has come in flat ever since. Still, at about $80 billion, the federal IT budget could use a haircut. Instead, for every IT dollar budgeted to be cut next year at the likes of Interior (down $28.6 million) and Justice (down $102 million), an additional dollar will be spent at the likes of Agriculture (up $79.9 million) and Treasury (up $358.7 million). For all their talk about adopting private sector practices, few in Washington have the stomach or will to make the kinds of hard decisions that companies make all the timethe kinds that
ROB PR ESTON
cut budgets rather than just keep them from expanding. Agency CIOs are apt to take their cues from the politicians and career bureaucrats. Consider the federal budget histrionics of a few weeks ago. As part of his rebuke of the deep cuts proposed by Wisconsin Congressman Paul Ryan, President Barack Obama claimed to have already eliminated dozens of programs that werent working. But according to a Wall Street Journal editorial, the savings from these eliminations amount to less than 0.1% of the budget, or less than $100 million. Not that the Republicans were penny-pinchers during the last administration. Far from it. During President George W. Bushs eight years, the national debt doubled to more than $10 trillion. VanRoekel and his predecessor, Vivek Kundra, have done well to identify $4 billion in cost avoidance and redirection as a result of the TechStat program. Begin to lop those billions and more from future budgets, and well be more impressed. Rob Preston is VP and editor in chief of InformationWeek. You can write to Rob at [email protected].
April 2012 3
Register
informationweek.com/government
Previous
Next
Table of Contents
Quicktakes
OPEN GOVERNMENT 2.0
NASA plans to build a new Web architecture that applies cloud computing, open source, and commercial technologies in support of its websites and internal Web ser vices. The architecture is the flagship initiative of the space agencys newly updated open government plan. NASA and other federal agencies have updated their open government efforts in keeping with version 2.0 of the Obama administrations Open Government Initiative, originally launched in 2009. The agencys existing Web infrastructure supports the development and hosting of 140 applications and 1,590 websites, deployed on a variety of systems. Its primary site, NASA.gov, draws 600,000 visitors daily and serves as a hub for more than 250 accounts on social media platforms such as Twitter, Facebook, and Foursquare. The open government plan calls for a single infrastructure to support those apps and a majority of the websites. The agency is looking to use open source, cloud computing, commercial products, and government off-the-shelf technology in lieu of customized technologies. And it plans to make increased use of fast, iterative software development methodologies like agile development. This effort will provide a new agency-wide capability to create, maintain, and manage the NASA.gov Web environment and associated services, which represent what open govern-
QUICKFACT
NASA.gov gets
IT Leadership Forum
InformationWeeks 2012 Government IT Leadership Forum is May 3 at the Newseum in Washington, D.C.
Register
informationweek.com/government
April 2012 4
Previous
Next
Table of Contents
Quicktakes
tion, increase the number of challenges it runs to engage the public in projects, and host events that let users of Facebook, Twitter, and other platforms interact with agency personnel. The agency will launch a pilot program to test the feasibility of using an open source content management system as a replacement for the proprietary system in place. If that goes well, it will consolidate multiple blogging infrastructures to the new content management system within a year. Another nearterm objective is to develop an API for releasing content on NASA.gov. Within two years, NASA wants to move its websites to the new Web infrastructure. Making use of open source was a flagship initiative in NASAs original open government plan, and its now looking to collaborate more actively with the open source development community. NASA already has an open source code repository, Code.NASA.gov. Its open government site is built on the LAMP (Linux, Apache, MySQL, PHP) software stack and an open source content management system. Also, the agency is looking to expand use of technology accelerators, initiatives such as public-private partnerships and innovation mentoring. The agency points to its International Space Apps Challenge and Random Hacks of Kindness volunteer development program as examples of such efforts. J. Nicholas Hoover ([email protected])
Discover IT
LAS VEGAS, MANDALAY BAY // MAY 610, 2012
WORKSHOPS: May 67, 2012 CONFERENCE: May 810, 2012 EXPO: May 810, 2012
EXHIBITORS INCLUDE:
informationweek.com/government
* 25% off discount applies to Flex and Conference Passes. Discount calculated based on the on-site price and not combinable with other offers. Offer good on new registrations only. Proof of IT industry involvement required. Prices after discount applied: Flex: $2,471.25 // Conference: $1,721.25
Previous
Next
Table of Contents
Quicktakes
THE SHARED-SERVICES ALTERNATIVE
PortfolioStat was inspired by private-sector practices as well as by OMBs TechStat program, launched in January 2010 by former federal CIO Vivek Kundra. In the early going, TechStat was used to identify big-budget IT projects that were at risk of running over budget or falling behind schedule, which in turn led to corrective action. TechStat project reviews are now applied more broadly within agencies. The Obama administration says that
TechStat has generated some $4 billion in savings and cost avoidance since 2010. The Dark Corners Businesses have used IT portfolio management for years, and OMB looked to Adobe, OSI Restaurants, and Symantec in drawing up plans for PortfolioStat. VanRoekel, in a blog post, writes that PortfolioStat aims to assess the maturity of agencies IT portfolio management processes and give them tools to look into the darkest corners of the organization to find wasteful and duplicative IT investments. As part of the PortfolioStat sessions, agency deputy secretaries or chief operating officers are required to work with the federal CIO and agency CIOs, CFOs, and chief acquisition officers to sift through and find savings in their IT portfolios. This level of executive sponsorship is a direct reflection of our belief that IT is a strategic asset that can dramatically improve productivity and the way agencies execute their mission, VanRoekel writes. PortfolioStat sessions will delve into comApril 2012 6
Previous
Next
Table of Contents
Quicktakes
modity IT investments, redundant or duplicative systems and services, and investments that are poorly aligned to an agencys mission. OMB outlined a five-step process for the program, beginning with baseline data gathering and concluding with an assessment of lessons learned. The document describing those processes provides deadlines for specific objectives to be completed over the next 10 months. In the early going, agencies must complete a survey of their IT portfolios and a bureau-level information request for specific types of commodity IT investments that will used in assessing the portfolios. That review will be followed by one-hour PortfolioStat review sessions, the first of which must be held by the end of July. Those sessions are supposed to lead to concrete next steps to rationalize an agencys IT portfolio, according to the memo. Agencies are required to create consolidation plans for the commodity IT services they use, with final plans by the end of August. PortfolioStat leaders are to set targets for reducing spending on commodity IT and demonstrate how IT portfolios align with agency missions and business functions. By years end, agencies are expected to transition two commodity IT areas, such as email, wireless services, or productivity tools, to shared services or consolidated J. Nicholas Hoover ([email protected]) purchasing.
informationweek.com/government
Previous
Next
Table of Contents
Quicktakes
[
SECURITY FIRST
who need it, and is planning to implement public key infrastructure on its classified systems by the summer of 2014. Following the November 2010 WikiLeaks breach, the State Department suspended outside access to several of its classified information portals. Those portalsincluding the Net Centric Diplomacy diplomatic reporting database, ClassNet classified websites, and some SharePoint sitesremain largely inaccessible or subject to restricted access from other networks. The agency has also improved its cybersecurity training, and its working closely with the Department of Homeland Security and the National Security Agency on cybersecurity issues. Other Priorities The departments other technology priorities include IT consolidation, mobility, social media, cloud computing, and improved IT governance, Swart said. The agency is also analyzing the tech tools that are available to diplomats and what more may be needed. Any additions will have to be carried out within the context of a lower IT budget. The White Houses proposed budget for fiscal 2013 would decrease
IT spending at the State Department by 4.8%, to $1.35 billion. One high priority is to consolidate the foreign affairs community onto a common network, known as the Foreign Affairs Network. And, like other federal agencies, the State Department is consolidating data centers. In the United States, its going from 14 data centers to four, while classified processing from overseas offices is being done in a handful of regional sites. Under its eDiplomacy initiative, the State Department is ramping up its use of social media and the Internet for diplomacy and operations. The agency currently has 150 employees dedicated to the eDiplomacy mission using the Web and other new communications technologies to further its international relations efforts. Examples of the eDiplomacy projects under way include the departments presence on public social networks, external blogs like DipNote, an internal blogging community site known as Communities @ State, and a wikibased collaborative encyclopedia on diplomatic affairs called Diplopedia thats modeled on Wikipedia. J. Nicholas Hoover ([email protected])
April 2012 8
Previous
Next
[COVER STORY]
FEDERAL GOVERNMENT CYBERSECURITY SURVEY
Table of Contents
informationweek.com/government
C
By Ed Moyle and Diana Kelley
ernment IT Priorities Survey each of the past two years, and you dont
LulzSec, or WikiLeaks to understand why. What are the most dangerous cyberthreats? And how are agencies re-
Cybersecurity Survey to find out. Our poll of 106 federal IT pros in-
April 2012 9
Previous
Next
CYBERSECURITY SURVEY
[COVER STORY]
Table of Contents
Download
asked respondents to rank the threats they face and their readiness to deal with them. We inquired about cybersecurity spending and where agencies are investing. And we probed into the most significant challenges they face. Our survey results show that organized cybercriminals and hacktivists are viewed as the greatest threats to IT security. At the same time, government IT pros say theyre least prepared for leaks that take place through social media. And a crush of competing priorities is the biggest challenge to effective execution. The good news is that agencies feel theyve made significant improvements in cybersecurity. This is the perception of agencies themselves, as well as the assessment of government evaluators charged with monitoring progress under the Federal Information Systems Management Act (FISMA). Despite the progress, attacks are on the rise, and agencies must continue to bolster their defenses. In a report to Congress published in
Implementing continuous monitoring systems Upgrading standard defenses (e.g., firewalls and antivirus) Improving security of agency-issued mobile devices Deploying intrusion-prevention capabilities Implementing technologies and processes to thwart insider threats Deploying PKI-based ID smart cards Hiring and cultivating cybersecurity skills
Data: InformationWeek 2012 Federal Government Cybersecurity Survey of 106 federal government technology professionals, March 2012
March on FISMA implementation in fiscal year 2011, the Office of Management and Budget (OMB) disclosed that the number of computer security incidents reported to the U.S. Computer Emergency Readiness Team (US-CERT)
that impacted government agencies rose 5%, to 43,889. Longer term, federal computer security incidents have risen 650% over five years, according to a report released last fall by the Government Accountability Office. In
informationweek.com/government
April 2012 10
Previous
Next
CYBERSECURITY SURVEY
[COVER STORY]
Table of Contents
explaining that increase, the GAO cited persistent weaknesses in information security controls, due to incomplete implementation of security programs. So clearly, theres room for improvement in how agencies prepare and respond. Step one is raising awareness of cyberthreats and establishing an organizational commitment to readiness. Its imperative that an agencys top leadersnot just chief information security officers and their information assurance teams get behind the effort. Steps to improve security include meeting the FISMA requirements and also understanding the security implications of new technologies such as virtualization and cloud computing. Underscoring the urgency of cybersecurity, the White House and Congress are both involved in national planning. President Barack Obama called cyberthreats one of the most serious economic and national security challenges we face as a nation, and there are two security bills moving through Congress, the bipartisan Cybersecurity Act of 2012 (S. 2105) and the GOP-sponsored Secure IT Act of 2012 (S. 2151). A majority of federal IT pros feel theyre up to the task. When asked about their overall state of cybersecurity readiness, 83% of survey respondents rate their agencies as excellent or good. But are they being overly confident, which could be dangerous? According to OMBs report to Congress for FY 2011 on FISMA policy compliance in several broad areas, including continuous monitoring, trusted Inter-
For more information contact: Josh Furrer, Director of Sales (503)403-3000 ext. 214 [email protected]
informationweek.com/government
Previous
Next
CYBERSECURITY SURVEY
[COVER STORY]
Table of Contents
net connections, and implementation of identity smart cards under Homeland Security Presidential Directive 12 (HSPD-12), agencies were 73% compliant in the areas measured, compared with 55% in FY 2010. Thats progress, but with room for improvement. The other side of the story is 27% noncompliance. To close the gap, agencies are asking for more funding for their cybersecurity initiatives. The Department of Homeland Security requested $769 million for security initiatives in its FY 2013 budget, a 60% increase over the previous fiscal year. DHS seeks to establish broader capabilities in network security, expand research and development, and add support for enforcement of cybercrimes, among other areas of investment. Our survey sheds light on spending plans more broadly. A quarter of respondents say that their agencies will increase cybersecurity spending by more than 5% in FY 2013, and another 29% indicate spending will rise by up to 5%.
On the other hand, cybersecurity spending is expected to be flat at 29% of agencies and decrease at 9%, and thats cause for concern. (Eight percent didnt know or declined to answer.) We understand that overall IT budgets are flat or declining in many agencies, putting pressure on all areas of investment. But IT decision-makers must find ways to adequately fund cybersecurity infrastructure, given the trend toward continuous monitoring, the requirements of FISMA, and the fact that cybersecurity is the No. 1 IT priority across government. FISMA Compliance When it comes to what influences cybersecurity planning in agencies, FISMA is king. In
our survey, FISMA ranks as the most significant influencing factor for cybersecurity strategy, just ahead of the continuous monitoring requirement and US-CERT, which oversees security incidents and the Einstein intrusion-detection system. As any information security practitioner will tell you, FISMA hasnt been an easy road. And critics argue it isnt making agencies more secure. Youre drawing away resources from whats important by taking resources that were focused on real security tasks and focusing them instead on checking the box, says Dave Amsler, president and CIO of Foreground Security. The government has reduced some of the bureaucratic burden through CyberScope, the process for automating FISMA reporting. More than 75% of the agencies reviewed for the Office of Management and Budgets March report can now provide automated data feeds to CyberScope, compared with just 17% that
informationweek.com/government
April 2012 12
Previous
Next
CYBERSECURITY SURVEY
[COVER STORY]
Table of Contents
demonstrated this capability a year earlier. Even so, FISMA compliance fell for more than half of 24 agencies reviewed in the report, which assesses IT security programs in 11 areas, including risk management, configuration management, and identity and access management. Only seven agencies achieved more than 90% compliance in the areas measured. Eight agencies fell into the red zone in the report, meaning they have less than 65% FISMA compliance. The departments of Transportation, Interior, and Agriculture were at the bottom of the list. The Department of Defense didnt provide enough detail on its compliance levels to be included in the report. Much work remains in satisfying the White Houses cybersecurity priorities. As outlined in OMBs FISMA report, the administrations top three priorities for FISMA are continuous monitoring, logical access control (as spelled out in HSPD-12), and trusted Internet connections (TIC v2.0). The priority areas were selected based on the overall impact they have on cybersecurity readiness. Heres how plans to implement those three initiatives are shaping up, as reflected in our survey results. Continuous Monitoring Continuous monitoring is getting the lions share of attention from agencies. The goal is to replace a static, point in time view of an agencys information security posture with near-real-time visibility into system health. Its important not just because its reinformationweek.com/government
Previous
Next
CYBERSECURITY SURVEY
[COVER STORY]
Table of Contents
quired under FISMA, but because it makes good operational sense. Continuous monitoring gets rated as the top cybersecurity initiative in our survey, with 43% of respondents choosing it from a list of 10 possibilities. (Respondents were asked to select their three most important initiatives.) That was followed by improvements to standard defenses (e.g., information security software like firewalls and antivirus), identified by 41%, and mobile device security, at 35%. This tells us that, while federal IT pros recognize the importance of traditional security controls and defenses, they also understand
they likely need to improve continuous monitoring. Continuous monitoring is largely about managing risk, says Ron Ross, senior computer scientist with the National Institute of Standards and Technology (NIST ) and project leader for the FISMA Implementation Project. We start by looking at the risk assessment, based on what adversaries are doing that might be a threat and impact the mission, Ross says. The goal of continuous monitoring is to attempt to evaluate the actual performance of the controls at reducing overall risk. So agencies must understand the risks posed to their systems and networks, and the moni-
10% 7% 25%
58%
Good; some systems, processes, or policies need updating
Data: InformationWeek 2012 Federal Government Cybersecurity Survey of 106 federal government technology professionals, March 2012
informationweek.com/government
toring plans they put in place must shed light on those risks and reduce them. Kelley Dempsey, senior information security specialist with NIST and author of special publication 800-137, Information Security Continuous Monitoring For Federal Information Systems And Organizations, says that getting the risk assessment wrong can undermine continuous monitoring efforts. Everything starts from the risk management framework, Dempsey says. So if that isnt right, everything that falls under it would be at issue. A good continuous monitoring framework will lead you to go back and evaluate control selection, and that in turn will lead you to look for ways to monitor. Whats good monitoring? It requires understanding a few things about each security control: whether its functioning properly and appropriate to the task at hand, and the threat environment within which the control operates. For example, the public websites of federal law enforcement and intelligence agencies have become favorite targets of Anonymous and LulzSec. That leads IT to focus on what data it should collect and not just what it can collect. Agencies will look to automate data collection, but they shouldnt ignore that other important information might only be available through a
April 2012 14
Previous
Next
CYBERSECURITY SURVEY
[COVER STORY]
Table of Contents
manual collection process. Automated metrics may be more cost effective, but those alone could leave you with an incomplete picture of the environment. Pete Lindstrom, research director of Spire Security, warns about becoming slowed by data overload. A jumble of arbitrary data without a frame of reference isnt monitoring; its white noise, he says. A valuable metric is one that tells us something about effectiveness of the control, efficiency of operation, or both. Continuous monitoring needs to be more than just a distillation of what youre currently
collecting. Dave Shackleford, CTO of security research firm IANS, recommends comprehensive whitelisting (granting privileges to trusted users or sites) and file integrity monitoring (keeping a close eye on changes to server files). Monitoring things like antivirus and host-based IDS has some merit but has proven ineffective in countering the more advanced threats seen today, Shackleford says. HSPD-12: Tackling Identity Management Recognizing that a single, trusted source of user identity information is critical to in-
6%
Lack of top-level direction and leadership
8% 10%
35%
31%
Resource constraints
Data: InformationWeek 2012 Federal Government Cybersecurity Survey of 106 federal government technology professionals, March 2012
informationweek.com/government
formation security, HSPD-12 attempts to bring a unified identity management strategy to federal government. The directive requires that all agencies make use of a single, robust credential: a Personal Identity Verification (PIV ) smart card capable of being used for digital signatures and user authentication. In our survey, 23% of respondents identify deployment of PKI-based ID smart cards as one of their top three cybersecurity initiatives. The specifics of the plan to deploy PIV cards are outlined in a White House memo issued in February, titled Continued Implementation of HSPD-12Policy For A Common Identification Standard For Federal Employees And Contractors. Agencies by now should at least have a plan on how to proceed, particularly as it relates to the integration of physical and logical access control systems, a key tenet of the governments identity management plan. According to the Office of Management and Budgets FISMA report, 89% of federal employees and contractors requiring Personal Identity Verification credentials now have them. Moreover, 66% of government user accounts are configured to require PIV cards to authenticate to agencies networks,
April 2012 15
Previous
Next
CYBERSECURITY SURVEY
[COVER STORY]
Table of Contents
up from 55% in fiscal year 2010. Its progress, but the jobs not done. Trusted Internet Connections The third of the White Houses cybersecurity priorities is consolidating traffic under the trusted Internet connections initiative, which aims to consolidate and apply baseline security measures to external network connections, including the Internet. Such controls include network filtering and other capabilities, such as the National Cybersecurity Protection Systems Einstein 2 incident monitoring. That capability is being updated in Einstein 3, which adds realtime packet inspection and applies predefined signatures for threat detection. TIC should be on every agencys radar at least until September, the next critical milestone. By then, all TIC Access Providersdesignated agencies that provide TIC services to other agenciesmust be 100% compliant with the TIC v2.0 reference architecture. Other agencies must achieve TIC v2.0 capabilities by that same date through use of an approved and accredited TICAP for all external connections. Not Ready For Social And Mobile InformationWeeks 2012 Federal Government Cybersecurity Survey shows that ageninformationweek.com/government
1 Completely unprepared
Malware and spyware Phishing attacks on agency employees DDoS Cyberattack by foreign governments Zero-day exploits Leaks through service providers or partners Insider threats Unsecured mobile devices Leaks through social media
Completely prepared 5
(Mean average)
Data: InformationWeek 2012 Federal Government Cybersecurity Survey of 106 federal government technology professionals, March 2012
cies are least prepared for some of the newest threats. When asked to rate their level of readiness, respondents give some of their lowest scores to leaks through social media (with 28% completely or somewhat unprepared) and unsecured mobile devices (18% completely or somewhat unprepared). Federal IT managers are racing to get
ahead of those risks. The U.S. Army, for example, recently warned deployed soldiers that geotagging photos over Facebook and other social media could give away their units location. And the National Security Agency, the Department of Defense, and civilian agencies are evaluating how to secure mobile devices, as more employees
April 2012 16
Previous
Next
CYBERSECURITY SURVEY
[COVER STORY]
Table of Contents
look to use them in their daily work. We also asked respondents to rank threats, from greatest to lowest. Topping the list are organized cybercriminals and hacktivists, a reflection of the emergence of groups such as Anonymous and LulzSec, which have launched denial-of-service attacks against some federal agencies. Insider threats rank second, followed by foreign states. Gen. Keith Alexander, director of the National Security Agency and head of the U.S. Cyber Command, testified before Congress in March on the emergence of China as one such threat. China is stealing a great deal of military-related intellectual property from the United States and was responsible for last years attacks against RSA, Alexander told the Senate Armed Services Committee. We need to make it more difficult for the Chinese to do what theyre doing, he said. In terms of tools and technologies for establishing cybersecurity, the most widely deployed are workaday controls like firewalls (used by 96% of respondents), antivirus software (94%), anti-spyware software (93%), and VPNs (91%). Mobile device security (70%) and cloud services security (52%) are lower on the list of in-use technologies, but theyre the two that will be most in demand
informationweek.com/government
8% 25%
7%
29%
Stay the same
29%
Increase 1% to 5%
Data: InformationWeek 2012 Federal Government Cybersecurity Survey of 106 federal government technology professionals, March 2012
as first-time security technologies in FY 2013. Both illustrate the evolving nature of cybersecurity requirements, as new technologies R are brought into the workplace, forcing security teams to respond. When asked about the most significant challenge to their IT security efforts, survey respondents point first to a familiar problem too many competing priorities and other initiatives, cited by 35%. Thats followed closely by a second, equally familiar issue, resource constraints (31%). Notably, technology itself doesnt seem to be much of a problem. Only 4% of survey respon-
dents cite lack of technical solutions as the single biggest challenge to their IT security efforts. Agencies can ease the resource crunch by redirecting funds from lower-priority initiatives toward their cybersecurity efforts. Given the emphasis that IT pros in government place on cybersecurity, and the attention being paid by the White House and Congress, it would seem that when theres a will, there should be a budget. Ed Moyle is a senior security strategist with Savvis, and Diana Kelley is a security adviser and consultant. Write to us at [email protected].
April 2012 17
Previous
Next
Table of Contents
Chris Murphy Editor [email protected] 414-906-5331 Jim Donahue Chief Copy Editor [email protected]
Business Contacts
Executive VP of Group Sales, InformationWeek Business Technology Network, Martha Schwartz (212) 600-3015, [email protected] Sales Assistant, Salvatore Silletti (212) 600-3327, [email protected]
UBM TECHWEB
Tony L. Uphoff CEO John Dennehy CFO David Michael CIO Scott Vaughan CMO David Berlind Chief Content Officer, TechWeb, and Editor in Chief, TechWeb.com Ed Grossman Executive VP, InformationWeek Business Technology Network Martha Schwartz Executive VP of Group Sales, InformationWeek Business Technology Network Joseph Brau Sr. VP, Light Reading Communications Network Beth Rivera Senior VP, Human Resources John Ecke VP of Brand and Product Development, InformationWeek Business Technology Network Fritz Nelson VP, Editorial Director, InformationWeek Business Technology Network, and Executive Producer, TechWeb TV
Editorial Calendar informationweek.com/edcal Back Issues E-mail: [email protected] Phone: 888-664-3332 (U.S.) 847-763-9588 (Outside U.S.) Reprints Wrights Media, 1-877-652-5295 Web: wrightsmedia.com/reprints/?magid=2196 E-mail: [email protected] List Rentals Specialists Marketing Services Inc. E-mail: [email protected] Phone: (631) 787-3008 x3020 Media Kits and Advertising Contacts createyournextcustomer.com/contact-us Letters to the Editor E-mail [email protected]. Include name, title, company, city, and daytime phone number. Subscriptions Web: informationweek.com/magazine E-mail: [email protected] Phone: 888-664-3332 (U.S.) 847-763-9588 (Outside U.S.)
Copyright 2012 UBM LLC. All rights reserved
Strategic Accounts
District Manager, Mary Hyland (516) 562-5120, [email protected] Account Manager, Tara Bradeen (212) 600-3387, [email protected]
SALES CONTACTSWEST
Western U.S. (Pacific and Mountain states) and Western Canada (British Columbia, Alberta) Western Regional Director, JohnHenry Giddings (415) 947-6237, [email protected] Strategic Account Director, Mark Glasner (415) 947-6245, [email protected] Account Manager, Kevin Bennett (415) 947-6139, [email protected] Account Manager, Ashley Cohen (415) 947-6349, [email protected]
Strategic Accounts
Account Director, Sandra Kupiec (415) 947-6922, [email protected]
SALES CONTACTSEVENTS
Senior Director, InformationWeek Events, Robyn Duda (212) 600-3046, [email protected]
SALES CONTACTSEAST
Midwest, South, Northeast U.S. and Eastern Canada (Saskatchewan, Ontario, Quebec, New Brunswick) District Manager, Jenny Hanna (516) 562-5116, [email protected] District Manager, Michael Greenhut (516) 562-5044, [email protected]
informationweek.com/government
MARKETING
VP, Marketing, Winnie Ng-Schuchman (631) 406-6507, [email protected] Director of Marketing, Angela Lee-Moll (516) 562-5803, [email protected] Senior Marketing Manager, Monique Kakegawa (949) 223-3609, [email protected]
UBM LLC
Pat Nohilly Sr. VP, Strategic Development and Business Admin. Marie Myers Sr. VP, Manufacturing
April 2012 18