Government Technology Top News
In Danbury, Conn., there is an ongoing challenge to provide enough affordable, quality child care to meet demand, according to city officials. This problem has prompted a municipal effort to help unlicensed child-care facilities upgrade to licensed.
As part of this work, a number of stakeholders have come together, including the mayor’s office, the health department and the local chapter of United Way, all with a shared goal of helping unlicensed child-care providers get licensed, thereby increasing the number of options in the city and reducing costs. This collaborative effort has led to Danbury being selected as one of 35 champion cities in the Bloomberg Mayors Challenge 2018, which had an initial pool of 320 applicant jurisdictions. As part of that program, Danbury will soon embark on a six-month testing phase for their work, which officials said will involve a tech component.
That tech component must, of course, be explored further, said Austin Samuelson, a community services coordinator with the Danbury mayor’s office, but part of the testing phase will likely be developing ways to include tech and the use of iPads and Web-based apps that are already available to help link child-care providers to parents.
“We’re very excited to move forward and continue to explore how we’re really going to solve this issue,” Samuelson said. “We have a very good sense of direction at this point, and technology will be a component of our innovation solution.”
The stakes are high for this project. In fact, fueled by a recent grant, a project aimed at addressing poverty rates and unemployment among the immigrant community in Danbury recently found that a recurring challenge for residents was child care and how not being able to get affordable child care of a suitable quality put a strain on families and limited career options.
The exact details of the Danbury project, of course, will remain flexible until idea and testing phases are wrapped up.
This article is the third in a series looking at the innovative ideas of 35 cities, including Danbury, that are currently conducting testing with support from Bloomberg. The ultimate goal for all of these projects is to create a solution that can be scaled by other cities that face similar challenges. With that in mind, these pilots have the potential to have a major impact on the gov tech market. In October, four of these cities will receive an additional $1 million in support, while one grand prize winner will get $5 million to support its idea.
Denver’s project involves developing and implementing a real-time, hyper-local air quality data monitoring system for 10 public school campuses throughout the city.
In a press release announcing Denver’s selection as a champion city, organizers note that “children are particularly susceptible to the acute and long-term health effects of air pollution — including decreased lung function, increased respiratory infections and missed days of school.”
This project, which is being led by Denver’s Department of Public Health and Environment, uses air pollution sensor technology that will be placed on public school buildings. The exact campuses that will receive the sensors have not yet been determined.
The press release, however, did note that part of the goal of this work is to decrease health and financial burdens for vulnerable residents, and that Denver families currently spend an average of $3,100 a year on asthma-related costs, which totals more than $30 million of citywide annual spending.
The sensors will likely collect data about air quality that can be used to inform both policy decisions by the local government as well as the behaviors of the residents themselves.
The project from Hartford, Conn., is also aimed at improving quality of life for young residents, this time by helping public servants that work with children recognize and respond in real time to those who have been exposed to gun violence.
This, of course, is a depressingly timely project, as ongoing gun violence in schools has been in the headlines and debated on the national political stage. Hartford’s project to help those suffering from related trauma is called Alleviating Child Trauma in Our Neighborhoods (ACTION), and in a press release, city officials emphasized its importance.
“In too many communities around the country, young people who are exposed to the trauma of gun violence in their neighborhoods never get the support, treatment, or even the acknowledgement that they need,” said Mayor Luke Bronin in the press release. “Our proposal was designed to help provide timely support and assistance to kids exposed to gun violence in our own community. I’m proud of our team’s innovative proposal, and I’m thankful to Bloomberg Philanthropies for selecting Hartford as a Champion City. Our team is looking forward to developing the proposal further, in partnership with all of our stakeholders, including Hartford Public Schools, the Hartford Police Department, and the Village for Families and Children.”
How the city plans to identify and address those suffering from trauma remains, of course, to be determined by the work it does in the upcoming testing phase.
Pittsburgh’s aging and inefficient housing has earned the city the dubious distinction of being sixth worst in the country in terms of energy burden, which according to a press release from the city results in residents spending more than double the national average on their utility bills.
To combat this, the city has proposed a solution that would increase demand for retrofitting residential properties, accomplishing this through reduced costs via group purchasing of materials, as well as through facilitating do-it-yourself product installations. Ultimately, Pittsburgh’s goal is to reach 100 percent renewable energy sources by 2035, an inherent challenge given the city’s location in fossil fuel-rich Pennsylvania.
In the past, the city has compared this project to group discount platforms such as Groupon, noting that it could aggregate purchasing demand across the city in order to make high-quality efficiency products more accessible at lower costs. These products would be aimed at retrofitting, weatherizing and other achievements that would make homes more energy efficient. The goal would be to create an easy-to-use platform that incorporates offers from regional nonprofits and utility providers. Other potential components include do-it-yourself workshops and a mobile van program that would help make the new platform known and accessible to residents.
The project in Vallejo, Calif., centers around creating a system that can map subsurface pipes in order to boost the city’s ability to improve its infrastructure.
To accomplish this, Vallejo is taking a design-centered approach, one that would potentially use ground-penetrating radar technology to generate data sets to be processed through an image identification process and as well as through a machine learning algorithm. The overall goal would be using technology to learn all that the city can about its pipes and other below-ground infrastructure, as well as to take a data-driven approach to making necessary repairs.
In a press release announcing Vallejo’s status as a champion city, Mayor Bob Sampayan expressed his excitement for the upcoming Bloomberg testing phase, noting that if successful, “This innovation will enhance our ability to assess and monitor critical systems in our community.”
Major city systems remain operational, but Atlanta Mayor Keisha Lance Bottoms again urged those who have done business with the municipality to monitor their online and financial information closely, during a press conference March 23 to discuss the previous day’s ransomware cyberattack.
The situation surrounding the early morning breach March 22 remains somewhat “fluid,” and three federal agencies — the Secret Service, the Department of Homeland Security and the FBI — are continuing to work with the city and incident response teams from Cisco and Microsoft, the mayor said.
That said, systems including watershed management and water quality; public safety and emergency response; human resources, payroll and procurement; 311 and the Hartsfield-Jackson Atlanta International Airport were not been significantly impacted by the attack — though some processes have been altered out of caution.
Notably, an airport spokesman told The Associated Press that its Wi-Fi network had been taken down, and parts of its website temporarily disabled. During the March 23 press conference, which was livestreamed on Twitter, Chief Operating Officer Richard Cox said water meter sales are not currently being processed.
Municipal court defendants arrested by the Department of Corrections will be seen Sunday with manual tickets, the COO continued, and for the time being there will be no online ticket payments. However, Cox said, no “failure to appear” notices will be created “for cases generated during this time,” should confusion arise as a result of any service disruptions.
The Atlanta Journal-Constitution’s John Spink obtained a photograph of an informational handout given to City Hall employees arriving to work on March 23. It described the incident as a “data breach,” warned staffers not to log on to their computers and indicated Atlanta will be “implementing a new employee notification system” to alert them to “critical work-related information.”
The mayor, Cox, and acting Chief Information Officer Daphne Rackley emphasized that while many systems are operational, there were areas and details about the ongoing investigation which they would not discuss.
“We’re working on this in real time, and what that means is information changes really dynamically. We want to be very careful not to make definitive statements because there’s a chance that they may change,” Bottoms said.
Rackley echoed the mayor’s comment, pointing out that the probe is still very much active.
“Again, we’re in deep investigation and incident management mode so we don’t have any details that can be released, but as was articulated by the mayor and the COO, we feel confident that we’re doing the right things and will continue to be transparent,” Rackley said.
Asked whether the attack was ongoing or if it had been stopped, Rackley said: “We’re still in incident management mode, which means that we’re still on the look-out that other threat vector management systems aren’t being compromised. We’re looking at the perimeter, so we’re looking at the network and our customer-facing systems as well as our internal systems.”
The attack, however, has been described by media outlets including Atlanta NBC affiliate WXIA-TV as involving a ransom demand. In an interview on March 22 with Government Technology, Kennesaw State University Professor Andrew Green, who lectures on information security and assurance, said he reviewed screengrabs of information the TV station said it obtained from a “city employee,” and which called for a ransom to be paid in bitcoin.
The demand, Green said, amounted to .8 bitcoins per individual system or device, or 6 bitcoins for a mass encryption key — the latter, equating to around $50,000 based on then-current exchange rates.
Based upon his review of the information, Green said the attack could be based on a virus from the Samas or SAMSAM family, which dates at least to 2015 and, like typical ransomware, encrypts portions of a disc.
When asked whether the city will pay a ransom demand, Bottoms said: “We are continuing to work with our federal partners and other stakeholders who are advising us on how best to manage” the situation.
“This is a very fluid situation and we want to make sure that we are operating in a way that would be best for the city,” the mayor added.
As for when services may return to normal, Rackley indicated the agency is erring on the side of caution. “I can’t give you any definitive timelines, but I will tell you we’re working around the clock,” Rackley said.
Cyberattacks, Bottoms said, are a “threat to our national security” that is “happening across the world” to the public and private sector.
Asked when the city had last performed a full cyberthreat assessment, and whether the breach might highlight deficiencies that originated in the previous administration, she pointed out the necessity of repeating such metrics and the newness of the current incident.
“Even with every upgrade we do, there’s still a threat ahead of us that needs to be addressed. We’ve not done the autopsy, if you will, because right now, we have an immediate threat in front of us that we are addressing . I think we are well aware that there are system upgrades that are needed in the system,” Bottoms said.
Four state legislatures are at varying stages on bills that would allow citizens or businesses to pay taxes with cryptocurrencies. While individuals that have invested in digital currency may be uncertain as to how the IRS will treat their tax obligation, Arizona, Georgia, Vermont and Wyoming are considering proposals to allow citizens to pay state taxes digitally.
The Arizona State Legislature passed Senate Bill 1091, which would allow taxpayers to use a "payment gateway" or cryptocurrency recognized by the Arizona Department of Revenue. Under the plan, the state would hold responsiblity for converting the payments into U.S. dollars at the prevailing exchange rate and would credit taxpayers any difference. The taxpayer would be responsible for any costs or fees related to the conversion.
In Georgia, Senate Bill 464 would amend the tax and licensing fee code to allow the state to accept cryptocurrency as a valid form of payment. The state — specifically the treasurer — holds the responsibility for converting digital payments within 24 hours of receipt.
Meanwhile, the Vermont Legislature has been busy laying out its fintech strategy in Senate Bill 269, which would exempt currency limited liability companies from taxes as long as the company maintains a physical presence in the state or conducts some or all its activities there.
If a company creates or mines cryptocurrencies, it must pay the state a transaction tax equivalent to $0.01, at the then current exchange rate for the digital coin with the U.S. dollar, per transaction for each unit of currency mined or otherwise created, as well as each sale or other transfer of one or more units of currency.
Wyoming has a fairly sophisticated strategy for digital coin and blockchain. Senate Bill 111 would exempt cryptocurrencies from state property taxes. The act would add cryptocurrencies to money and cash on hand, effectively treating it like gold, silver, certified checks and cashier's checks. This proposal places bitcoin in the category of a medium of exchange and not as legal tender.
WHAT LIES AHEAD?
Are there any roadblocks that states want to consider when addressing digital coin and tax payments? Absolutely. Bloomberg speculates that states that enact this type of legislation could emerge as leaders in developing infrastructure like payment gateways.
Any legislation that allows taxpayers to use a digital alternative to dollars for state payment signals openness to new technology, but it is hard to predict how many people would actually use cryptocurrencies to pay their income taxes.
Critics suggest that cryptocurrency also raises concerns about its role in crime, like money laundering. A state might know who paid income taxes in bitcoin — but not who sold the bitcoin to that person.
In a first for the nation, Tennessee legislators have moved two identical bills that would block state retirement funds from investing in cryptocurrencies. House Bill 2093 amends the Tennessee Code, to include "notwithstanding any law to the contrary, the trustees shall not invest in any cryptocurrency."
CITIES TAKE ACTION ON BITCOIN
City regulation, too, is addressing cryptocurrencies when they work at cross purposes to citizen rights. Plattsburgh, in Upstate New York, had to institute a ban on new crypto-mining businesses when the electrical costs jumped as a result of cryptocurrency mining operations setting up shop.
On March 15, in a first for the nation, the city placed an 18-month moratorium on new cryptocurrency mining operations, attracted by the low cost of energy.
According to Motherboard, Plattsburgh gets 104 megawatt-hours of electricity per month from its power source, and if it exceeds its allotment more must be purchased on the open (or spot) market at a significant premium. “We have some unusual circumstances here,” Mayor Colin Read told the publication.
In January, Plattsburgh used too much electricity, and the bills for everyone in town rose. While this has been known to happen in the winter months, the state Public Service Commission (PSC) concluded that the average resident in Plattsburgh saw a $10 increase on their bill in January just because of two cryptocurrency companies.
To prevent more ratepayer pain in Upstate New York, the State Public Service Commission also ruled on March 15 that upstate municipal power authorities could charge higher electricity rates to cryptocurrency companies that require vast amounts of electricity to conduct business.
“We always welcome and encourage companies to build and grow their businesses in New York," Commission Chair John B. Rhodes said in a press release. "However, we must ensure business customers pay an appropriate price for the electricity they use. This is especially true in small communities with finite amounts of low-cost power available. If we hadn't acted, existing residential and commercial customers in upstate communities served by a municipal power authority would see sharp increases in their utility bills.”
A soon-to-open facility in Columbus, Ohio, is taking the sales pressure and car lot feel out of learning more about electric transportation and offering the public an up-close look at some of the region’s smart city technology projects.
The Smart Columbus Experience Center downtown, set to open this summer, is seen as a place that is first, “manufacture agnostic,” and “a place where people can test-drive a variety of electric cars, learn about them, etc.,” said Brandi Braun, Columbus’ deputy innovation officer.
Facilities like the Experience Center can “demystify” electric vehicles by explaining the technology and hearing driver concerns, said Zach Henkin, deputy director of Forth, which opened an electric vehicle education showroom in Portland, Ore., in May 2017.
“Demystifying the technology and helping those who are curious about driving a plug-in is the goal and one of the primary means of encouraging test drives of the electric cars,” said Henkin. “For others, we want to move them along the adoption curve and give them enough information to lead them to google their questions or seek out a dealership where they can talk about next steps for leasing or buying.”
Columbus’ smart city efforts are being powered by a $40 million U.S. Department of Transportation Smart City Challenge grant awarded in 2016 to create a smart transportation system in which vehicles and roads communicate to make travel easier and safer. It also came with $10 million from Vulcan Inc., with a goal of reducing greenhouse emissions and auto commutes. The Experience Center, which will be located in a rehabilitated downtown building, will serve as a headquarters office for Smart Columbus officials and will be funded by the Vulcan grant.
“This puts it smack in the middle of our downtown, where people and residents are congregating and gathering, and it will hopefully create some more exposure,” said Braun.
Much of the plans for the Experience Center are still mostly conceptual, but the idea is to create a space where residents can have hands-on experience with the various projects the city is taking on.
“Maybe it will be a demonstration of a certain type of technology,” Braun said.
However, clearly, the key feature will be the electric cars — a feature that has the potential to “turn the ‘EV curious’ into EV drivers,” said Henkin.
Plug-in, battery-powered electric cars only make up about 1.1 percent of the cars in the United States. However, from 2010 to 2016 the cost of batteries for the vehicles has dropped 74 percent, according to a report by Next 10, a research think tank studying the environment and the economy, based in San Francisco.
Prices are expected to continue to fall, putting the price of an EV on par with many gasoline-powered cars. Also, as charging infrastructure expands, drivers can feel more at ease, knowing there’s less of a chance they will be stuck with a dead battery and no place to charge it.
“By creating the world’s first smart city experience center, we’ll create a global stage to showcase our city’s mobility transformation,” said Alex Fischer, president and CEO of the Columbus Partnership, in a statement. The Columbus Partnership is one of the lead organizations behind the Experience Center.
“We’ll seek input from our residents and perspectives from industry thought leaders that will inform how we pursue growth and change,” he said. “We’ll also share what we’ve learned with cities from around the world, enabling global advancements that will start right here in Columbus.”
The California Department of Technology (CDT) announced this week that it has created a program to test and assess state government departments’ cybersecurity defenses and then grade them periodically — the first state in the nation to devise such a matrix.
The initiative is an outgrowth of the CDT’s emphasis, as outlined in last year’s “Vision 2020” report, to measure performance through objective metrics — “apples to apples,” as Peter Liebert explains it. Liebert is the state’s chief information security officer and director of the Office of Information Security, and in an interview Thursday with Techwire, he discussed the program and its intent.
“This is not designed to name and shame,” he said. “This is designed to provide a tool (to understand) where they are and where they want to go” in terms of cybersecurity.
For months, the CDT’s Office of Information Security (OIS) and other state IT leaders have been devising ways to assess and grade each department’s cyberdefenses — the ability to resist phishing attacks, for example. Chief information officers and agency information officers helped craft the formulas used to assess cyber hygiene. Departments will be given a grade ranging from 0 on the low end to 4 on the high end.
The CDT laid out the program in a Technology Letter issued earlier this week.
“Here’s where we are: We’re baselining and starting that journey,” Liebert told Techwire.
State departments will be audited and their cyberdefenses graded on an ongoing basis “to establish a baseline for maturity,” he said, defining maturity as “where you are in the implementation of the information security program.”
“Just having a (policy) document doesn’t mean you’re actually implementing it. ... This blends policy and implementation.”
Liebert noted that different departments face different threat levels — some are bigger targets because of the nature of the data they handle.
“We’re not saying this is an end-all and be-all,” Liebert said. “Fantastic programs can be very mature, but just by the nature of (their) business ... (risk) still feeds into the equation. But this helps.”
The California Cybersecurity Maturity Metrics is the outcome of dozens of workshops involving state information security officers (ISOs) and CIOs. In all, Lieber said, representatives of about 40 entities contributed to the final product. Significant input came from the “core four” departments that oversee cybersecurity and cybercrime in California: The California Cyber Security Integration Center (Cal-CSIC), part of the state Office of Emergency Services; the California Highway Patrol, which oversees cybercrime enforcement; the California Military Department; and the CDT.
“We looked at industry best practices,” Liebert said. “We didn’t want to make this an ivory tower approach.” The final outcome is a transparent, open source policy that “draws highly” from the National Institute of Standards and Technology’s (NIST) Cyber Framework.
“We borrowed from the best in the industry and combined it,” he said.
Liebert said the state specifically did not want to purchase an off-the-shelf product.
“Private-sector programs are proprietary,” he noted. “We wanted to make sure it was tailored to California. We wanted to retain it and control what we do. It’s open source; it has to be transparent.” He said the policy and its specifics would be made available online to state employees so they fully understand the criteria and the schedule of assessments, which will occur on a rolling timetable, continually being updated as each department gathers new data.
“We only get partial data each year, so as audits are being done, they’re collecting data. As soon as the final report data is back, we update and provide the metric back. The idea is that each year, a portion is updated. ... The next year, the audit group comes out and tests and pulls new metrics. We didn’t want to just score and then walk away. ... We want to really pay attention to folks that are not progressing” in the metrics from year to year.
The reaction among state department leaders?
“There’s always going to be trepidation,” he said, adding, “We had buy-in from the get-go.”
The program will be explained in depth for state IT workers in a series of workshops this spring. Liebert said attendance is “highly encouraged, and I think we’ll have a packed house, so to speak.”
Departments’ grades will be shared internally with department leaders, but security assessments, audit findings and scores will not be made public, Liebert said.
This story was originally published by Techwire.
This analysis, dubbed What Do State Chief Data Officers Do?, is available on Pew’s website and features a map of which states have chief data officers, as well as how those positions came to be. Essentially, the information boils down to whether a CDO gig is required by a law, created by an executive order or appointed at the discretion of state leadership. This new analysis is a sort of elaboration on another report released by Pew last month, How States Use Data to Inform Decisions. Both documents speak to an increasingly vital truth within the gov tech sector: that data work is becoming vital to government at the state level.
To put this all in perspective, the new Pew analysis notes that CDOs first emerged from the private sector in the early 2000s before taking root in state government — the first such position being created by Colorado in 2010. “Since then, 18 states and Washington, D.C., have instituted the position through laws, executive orders, gubernatorial appointment and agency designation to better manage and analyze data,” the analysis notes.
As far as answering the central question of the analysis — what do state CDOs do? — it uses the example of the response to Hurricane Harvey in Texas, which saw data from multiple state agencies contribute quality data that a state data coordinator was then able to draw from in helping to facilitate efficient storm response.
“CDOs create data-driven solutions for intermittent issues like hurricanes and traffic events, as well as for chronic problems like poverty,” the authors of the analysis wrote.
Chicago’s Cook County seeks a chief data officer
Chief data officer (CDO) positions also appear to be on the rise at the county level.
Cook County, Ill., which is home to Chicago and one of the most prominent county governments in the nation, is currently searching to hire a new CDO. In Cook County, the role provides “organizational governance and policy directives around data usage and leads the effort to ensure that the best information is accessible for facilitating data-driven decision making and innovation across the county,” according to a job posting for the position on the county’s website. The CDO in Cook County is also responsible for managing a team of information management professionals and a staff that handles the technology side of communications, including the county websites, social media, email, video and audio.
This appears to be part of a county-wide trend of committing to open data practices. Earlier this month, Cook County State’s Attorney Kimberly M. Foxx announced the release of more than six years of felony criminal case data via the Cook County Open Data Portal, a first-of-its-kind release for the county.
“For too long, the work of the criminal justice system has been largely a mystery,” Foxx said in a statement announcing that release. “That lack of openness undermines the legitimacy of the criminal justice system. Our work must be grounded in data and evidence, and the public should have access to that information.”
Foxx publicly stated a commitment to open data while running for her position in 2016 at the urging of Chicago’s civic tech group Chi Hack Night, which also went on to urge candidates in the ongoing Illinois gubernatorial race to make such a pledge.
Mayors across the country unite in support of net neutrality
Dubbed Mayors for Net Neutrality, this new effort involves municipal leaders agreeing to a Cities Open Internet Pledge, which is essentially a promise to only do business with Internet providers that decide of their own volition to adhere to a strong set of net neutrality principles. A diverse group of mayors has so far signed on, including those from major cities such as New York, San Francisco, and Minneapolis, as well as those from smaller cities such as Putnam, Conn., Bow Mar, Colo., and Stockton, Calif., among others.
Since Donald Trump won the 2016 presidential election and questions were first raised about whether the FCC’s track record of preserving a neutral Internet would live on, there has certainly been no shortage of government leaders at both the municipal and state levels fighting for the cause. Indeed, the signing of this latest letter is just one more block within a mosaic of work to preserve equitable Internet protections nationwide.
Other efforts have included the governors of Montana and New York signing executive orders requiring Internet service providers to adhere to net neutrality principles in order to remain eligible for government contracts; state legislatures launching bills to preserve net neutrality; and even some cities — namely San Francisco — working to create city-owned fiber-optic networks that require net neutrality.
These efforts to combat net neutrality rollbacks also pre-dated the FCC’s action, with a number of municipal gov tech leaders going to Washington, D.C., in the lead-up to voice opposition.
Austin, Texas’ civic tech group changes meetup name to foster inclusivity
Would a weekly civic hack night be just as civic hacky by any other name?
Civic tech group Open Austin thinks so. In fact, that Austin, Texas-based group thinks a different name could potentially foster more community inclusion and ultimately further its own goals of using tech to improve the quality of life in its community. To that end, Open Austin recently changed the name of its twice-monthly meetup from Civic Hack Nights to Community Action Nights.
Local civic tech stakeholders have taken to Twitter to praise the decision, noting that language and word choice can be vital in welcoming new participants. Austin is not the first place for this to be happening. In fact, last year’s National Day of Civic Hacking Events placed an emphasis on being more inclusive, particularly on attracting participants who may not have a background in technology and might be put off by words like “hacking” all together.
Civic tech groups in locales from Portland, Maine, to Sacramento, Calif., have worked to entice participants who do not think of themselves as technologists. Open Austin is also not alone in taking the word hack out of its weekly meetup branding, with other civic tech groups across the country starting to do the same.
Indiana uses software to connect drug addicts with treatment
As state, county and city governments continue turning to tech to combat ongoing opioid addiction crises in their jurisdictions, Indiana has now become one of the first in the country to use software to connect users with drug treatment.
In a press release, the Indiana Family and Social Services Administration announced a new partnership with a software platform called OpenBeds, which is aimed at helping social workers search for openings at drug treatment facilities in the state. The partnership also involves Indiana 2-1-1, which is a non-profit group that provides health care to those in need. The collaboration brings together OpenBeds tech with 2-1-1’s database of service providers, enabling those in need to find addiction treatment options in real time.
This effort is being funded by money from Indiana’s 21st Century Cures Act, which directs $10.9 million in federal funds to address the ongoing drug epidemic. This use of tech to help addicts more efficiently find treatment is relatively unique in terms of governmental efforts to address the opioid crisis. Other work has focused on using tech to monitor the frequency of drug prescriptions, using data to visualize abuse, and other work.
Indiana is the first to use OpenBeds’ treatment facility connection software statewide, according to local news reports.
Though states appear unlikely to slow down the deployment of self-driving vehicles after one such car killed a pedestrian in Arizona, the incident has nonetheless raised questions about how government will handle the technology moving forward.
From a risk perspective, cities and states who want to host testing programs should proceed with clear plans related to how the testing will unfold, and what to do when an accident occurs, according to Thom Rickert, vice president and emerging risks specialist for Trident Public Risk Solutions.
“Vehicles, pedestrian, motorcycles, bicycles, they will have contact with each other in any real-life operating area. It’s just going to happen. You know it’s going to happen. So lets have a plan,” Rickert said.
The accident involved a self-driving car operated by Uber in Arizona that struck and killed a pedestrian. The incident marked the first time a pedestrian had been killed by a self-driving car, sending shock waves through the nascent — but quickly emerging — autonomous vehicle industry. In the wake of the accident, Uber as well as Toyota have halted testing operations.
The accident in Arizona should not sideline AV technology, said Rickert; but it underscores the need by state and local government to do their due diligence in planning to ensure the changes unfold as safely as possible.
“First of all, let’s determine what actually happened, deconstruct it. What went wrong?” said Rickert. “And how do we respond to that without losing sight that this technology will save lives?”
Before allowing testing, cities ought to set up parameters such as test area, times, speed and other factors, as well as give consideration to other concerns such as infrastructure needs like parking or electric vehicle charging areas, say officials.
“What is it that they believe the future of autonomous vehicles can bring to their city?” said Rickert. “What is the value they see in them, whether it’s mobility, integration with existing infrastructure, easing stress on law enforcement, all of these different pieces. What is it that they’re trying to accomplish? And then the programmatic way of going about, OK, who are we going to allow to do this? What kind of agreements are we going to have with them, contractually? And how am I going to gate the area, with regards to testing?”
Regardless of the due diligence all cities are likely to show when it comes to AV testing, the death in Arizona will surely take some wind out of AVs’ sails, said Rickert.
“Absolutely,” Rickert said. “Because of the fear ... The immediate fear always overrides the future benefit. That’s just the way our minds work.”
It’s not yet entirely clear how much AV brake-pumping to expect in the 21 states, and Washington, D.C., that have passed legislation related to autonomous vehicles.
California recently approved a change to its autonomous vehicle testing rules, namely, no longer requiring that a human driver be in the self-driving cars. The California Department of Motor Vehicles can begin issuing driverless testing permits on April 2, 2018. However, that’s no guarantee the cars will take to the roads.
“The DMV is allowed to begin issuing driverless testing and, or, deployment permits on April 2, but that doesn’t mean a manufacturer will meet the requirements or if we will approve them,” said Jessica Gonzalez, a spokeswoman for the California DMV, in an email.
It’s not yet clear if the state will consider any further rules or regulations around AV testing.
Nevada has been active in its endorsement of AVs and being a leader in technology testing. Las Vegas is in the fifth month of testing an autonomous shuttle downtown. The small electric vehicles stick to a fixed route and include an operator on board.
AAA of Northern California, Utah and Nevada is a sponsor of the shuttle pilot program, with the aim of introducing AV technology “to as many people as possible,” said Sarah Swigart, manager of the Autonomous Vehicle Strategy Group at AAA.
“We at AAA believe that while this autonomous vehicle technology has been advancing very rapidly, we believe that public education, such as this real-life experience can be crucial in improving the broad acceptance and community readiness of this technology,” said Swigert during a March 14 webinar.
The car owners’ membership organization expressed concern following the pedestrian death in Arizona, saying the technology should be strenuously tested before it’s made widely available.
“The tragic incident in Arizona highlights the need for traffic safety to be at the forefront of the development of self-driving technology,” said John Moreno, a manager of public affairs at AAA, in a statement. “As a traffic safety advocate, AAA is working to understand the complexities of the interplay between autonomous vehicles and human road users, and is committed to educating the public and working with industry leaders to ensure these exciting technologies are implemented safely.”
Regretful as the incident in Arizona is, said Thomas Martin, a management analyst for the Management Services and Programs Division at the Nevada Department of Motor Vehicles, “this does not deter Nevada’s progress on moving forward with the innovative technology that we invite onto our roads.”
The state passed legislation last year to strengthen the state’s efforts in AV testing and innovation, and allow for fully autonomous vehicles.
“Assembly Bill 69 allows the opportunity for companies to bring their technology to Nevada for testing purposes,” said Martin, referring to the AV legislation. “It is defined in AB69 that these companies need to have safety measures in place in the case of such situations like what happened in Arizona.”
The group Advocates for Highway and Auto Safety, which has generally advised strong caution when it comes to AV adoption, called the Arizona death a “wake-up call for Congress” to slow the development of AVs.
Officials at the Mcity Test Facility at the University of Michigan, a major AV testing grounds, were reluctant to comment on the future of self-driving car testing.
“Mcity is not prepared to talk about what the long-term impact might be, or should be, of the Uber crash. Too much remains unknown,” wrote Susan Carney, a spokesperson for Mcity, in an email.
What is known, Rickert says, is the technology is still in its infancy and may not be ready for full deployment.
“The technology simply isn’t where it needs to be for totally autonomous, especially in multiple environments and multiple areas,” said Rickert.
Editor's note: This article has been updated to reflect new information, following a city press conference.
The city of Atlanta watched multiple online Web pages and services stop working on March 22 in a ransomware attack that began during the early morning hours and generated a response from two federal law enforcement agencies and two technology companies.
The Department of Atlanta Information Management (AIM) was made aware around 5:40 a.m. Eastern Daylight Time that “various internal and customer-facing applications” had been compromised, Atlanta’s new Chief Operating Officer Richard Cox said during a late-afternoon press conference.
The federal Department of Homeland Security, the FBI, and incident response teams from Microsoft and Cisco are working with the city and AIM to resolve the issues, Cox said.
“However, we are still evaluating the extent of the compromises,” he said.
Mayor Keisha Lance Bottoms urged residents who have done business with the city online to be cautious and monitor their personal data, including their bank accounts. But, contrary to some previously published reports, officials said the city payroll was unaffected and staffers are expected to be paid on schedule.
In a statement via Twitter, the city had earlier characterized the attack as “outages on various customer-facing applications, including some that customers may use to pay bills or access court-related information,” and said it would post updates as they become available.
Public safety, water and airport operations remain unaffected, officials said during the press conference. And while some court-related services may be unavailable, courts are expected to be open on March 23. It remains unclear when affected services will be restored.
An Atlanta Police Department representative said at the press conference that the city’s 911 system and its emergency response remain unaffected, but that out of an abundance of caution, police officers are temporarily filing incident reports on paper.
Asked whether the city would meet any demands, officials declined to comment and said they would look to federal agencies for guidance in this area.
Kennesaw State University Professor Andrew Green, who lectures on information security and assurance, told Government Technology he reviewed screengrabs of information that Atlanta NBC affiliate WXIA-TV reported it obtained from “a city employee.”
Based on that review, Green said it’s likely this attack is based on a virus from the Samas or SAMSAM family, which dates at least to 2015 and, like typical ransomware, encrypts portions of a disc.
Asked how deliberate the attack on Atlanta may have been, Green said: “At this point in time, I don’t think there’s any way to know that, at least publicly. Typically ransomware attacks in general are targets of opportunity.”
Given the number of agencies involved, however, and the extent of the city’s response — including holding a multi-departmental press conference late in the business day — Green said the attack is likely significant. Based also on information provided to him by WXIA, Green said he was able to determine the extent of the demand placed on the city.
Green said the demand was .8 bitcoins per individual system or device, or 6 bitcoins for a mass encryption key. Based on exchange rates on the morning of March 22, the professor said the latter demand equated to roughly $50,000 — but, he noted, current wisdom is to not pay the ransom.
“Current guidance is that you don’t pay, that you simply rely on your internal controls and processes to get you restored back up to some levels of functionality. We’ve seen situations where either A, the promised decryption key was never delivered; or B, it was delivered and didn’t work,” Green said.
An FBI official confirmed that the Bureau is responding to the incident.
“We are aware of the situation and we are coordinating with the city of Atlanta to determine what happened,” said Kevin Rowson, a public affairs specialist in the Atlanta Field Office.
Rowson told GT the Bureau was contacted “right around lunch time here,” between 11 a.m. and 12 p.m. Eastern Daylight Time. He declined to comment on the amount and nature of the ransom demand.
A representative of the Atlanta mayor's office declined to respond when asked to discuss the attack, indicating that her own computer terminal was currently down.
Atlanta Director of Communications Anne Torres did not respond to a request for comment.
Pennsylvania needed to save some money, and in government IT, that often translates to a plan for shared services. Last October at the annual National Association of State Chief Information Officers (NASCIO) conference, Pennsylvania CIO John MacMillan talked about an effort to unite human resources and information technology into one organization.
"Our goal is to reduce our costs, partially on payroll, partially through external spending but mostly through standardization, consolidation and optimization," MacMillan said.
An early pilot yielded some interesting findings, leading the state to adopt a new governance model in an effort to streamline decision-making.
"Basically it’s about getting the right people around the table to make the decisions we need to make to reduce overlapping function and inefficiencies," he added.
Officials in Orange County, Calif., have plans to launch a new service this summer that behaves more like a taxi than a bus.
The Orange County Transportation Authority (OCTA) is set to launch OC Flex, an on-demand, microtransit service that dispatches vehicles to a rider’s home and takes them to a destination. The service, which is expected to be approved by the OCTA board on March 26, would begin July 1.
Like other “on-demand” transit programs popping up in cities across California and other parts of the country, OC Flex will begin as a one-year pilot and will operate in two designated coverage areas, known as “zones.” Each zone will cover about six square miles, according to an OCTA staff report. As it's currently planned, the system will serve the cities of Huntington Beach, Laguna Niguel and Mission Viejo.
OCTA has selected Keolis Transit as the operator, with the contract to be finalized at the March 26 board meeting.
The aim for the project, said Andreas Mai, executive vice-president for market development and innovation at the Keolis Group, is “to provide public transit mobility in those underserved areas, to extend the reach of the OC bus and Metrolink services, but also to reduce the operating costs and capital costs required, and the vehicle miles traveled.”
Mai made the comments during a Meeting of the Minds webinar March 14. Meeting of the Minds is a nonprofit promoting smart and sustainable cities. The Keolis Group is the parent company for Keolis Transit, which is based in Los Angeles.
The $1,150,000 project is structured to provide transit services in areas where there’s little demand or need for full fixed-route service. OC Flex will use a cloud-based system to route and dispatch vehicles to riders. The vehicles will transport passengers to predetermined “hubs” — retail centers, transit stops and other destinations — or to any destination with a coverage zone.
The system is being structured as shared transit, meaning vehicles may transport multiple riders at one time.
OC Flex is being launched to help bolster slipping ridership in Orange County. Ridership on the Orange County bus system fell 22 percent from 2012 to 2016, according to statistics. Though final statistics for 2017 were not readily available, the trend seemed to be continuing. In the summer of 2016, the authority initiated the first of its plan to increase ridership, which is known as OC Bus 360°.
“The idea was that if we don’t change anything, nothing will change. And ridership would continue to sharply decline,” said Eric Carpenter, a spokesman for OCTA.
The agency began surveying riders and holding community meetings to hear from residents to learn why they were abandoning the region’s bus system.
“What we heard repeatedly is that buses need to run more frequently and get riders to their destinations faster,” said Carpenter.
Similarly, the Southern California Association of Governments recently released its own report, a detailed look at declining mass transit use across Los Angeles, Riverside, San Bernardino, Ventura, Orange and Imperial counties — a region home to 18.8 million residents.
The report concluded that an increase in car ownership — particularly among residents who have traditionally been frequent users of public transit — contributed to significant drops in ridership.
In addition to the upcoming OC Flex, transit officials in Orange County have increased bus frequencies and improved travel times, among other improvements. The changes seem to be working; OCTA reported 92 percent of riders saw improved service or no change to their existing service.
“But this also meant making some difficult decisions to reduce or eliminate service in some areas throughout Orange County where buses had low ridership,” said Carpenter. “It didn’t make sense in some places in south Orange County, for instance, that aren’t as densely populated to continue running buses that were close to empty.”
OC Flex will operate in some of those areas where regular fixed route service was reduced or eliminated.
By September 2017, Orange County bus ridership had increased 20 percent compared to where it was at the same time a year before, say transit officials.
The transit authority also introduced technology improvements by launching a mobile-ticketing app in summer 2016 and then outfitting the buses with mobile-ticketing readers in February. More than 76,000 riders have downloaded the app.
“Previously, riders had to show their smartphone screen to the coach operator for verification, which could slow the boarding process,” said Carpenter.
When a government employee creates at a software RFP, it can seem like a tall mountain to climb trying to enumerate every possible requirement the city has for the particular purchase. And long contract lengths can seem laughable — when was the last time in your personal life you got locked into a 60-month contract for software?
The history of government software contracts is long, but it can be summed up quickly. First, contracts were adopted because that’s how other services were purchased at the time. Then they stuck around during the era of on-premise solutions that required cities to have physical ownership of software solutions. Now they’re lasting (somewhat successfully) due to procurement processes in the age of cloud-based applications. The result today is that many cities are frustrated and stuck in an ugly purchasing cycle that only benefits vendors.
This frustration is completely understandable, because contracts for cloud-based software are problematic for a few reasons: They create misaligned performance incentives between vendors and cities; they require buy-in from many stakeholders who may be only peripherally aware of the needs of end users; and they generate large amounts of work in the form of exhausting RFPs. Finally, contracts feel antiquated in a time when other software can be tried risk-free because billing happens on a monthly basis and users can cancel at any time.
Local government offices are composed of some of the most organized, focused professionals out there, delivering amazing services for their communities. They deserve software tools that help — not hinder — their important work. Unfortunately, long-term contracts set vendor incentives against building and enhancing software over time, as they set their sights on new customers rather than retaining existing ones. When contracts are short-term (or even better, month-to-month), vendors are forced to continually improve and evolve their products, or face swift cancellation.
In other words, vendors must earn their customers’ business every single month. When governments start to realize they hold the power in the relationship by holding vendors to a higher standard, it will cause a sea change in software offerings industrywide.
Moreover, in a contracts-oriented process, software buyers (typically procurement teams in cities) aren’t usually the people who will end up using the software being purchased. They are super-experienced negotiators and managers of valuable government finances, but not the individuals using products. They end up building RFPs without translating end-user desires into the requirements that end up being critical during project rollout, frequently because end users are so deep in work that they aren’t able to partner successfully on the writing (after all, their job is to deliver great services to constituents, not design the perfect software solution for their needs).
Without contracts in place, end users can be sold to in a direct manner — they can “taste the goods” themselves, so to speak. This ensures that stakeholder interests are aligned throughout the purchase process, and makes it far more likely that everyone will be happy with the product they now have to use.
Ultimately, this doesn’t just make end users happier — it also saves procurement teams a ton of work in the RFP building process. Many RFPs have hundreds of requirements built into dozens of pages of explanation. While these requirements are detailed and extensive, lack of cooperation from end users or other teams can leave holes even in the best-laid plans. The procurement team then ends up responsible for centrally deciding on software that goes to another team — with a work-benefit analysis to their detriment.
Most importantly, dropping contracts from government software purchasing allows government offices to try software risk-free. In six of America’s biggest cities, individual offices have experimented with my own company’s software with two or three users before rolling out to a larger city deployment. They’ve had the ability to see the proof in the pudding without setting themselves up for a risky engagement with a relatively young vendor. Even better, they’ve been able to truly use it — no holding back, as users tend to do when in a free trial.
Finally, it’s critical to observe that moving from a contracts-oriented to monthly sales model will actually drive more choices of software for governments. Currently, the bar to entry for any vendor is high, given the lengthy contract time and governments’ proper aversion to trying out new vendors with a long-term commitment. Vendors who are willing to sell month-to-month, while putting their business on the line, will see more interest more quickly because of the relatively risk-free nature of engagement.
Moving away from contracts is good for government, good for software providers and good for the constituents who ultimately benefit from productive tools in government.
Nick DeMonner, CEO of Seneca Systems, co-founded the company with the goal of strengthening the vital bond between the government and its people. Today, Seneca's Constituent Services Platform, Romulus, is deployed in city offices across the country, including in Chicago, Houston, Los Angeles, Sacramento and Miami. Prior to Seneca, Nick was a software engineer and early member of the team at Gusto (formerly ZenPayroll). Nick holds a BA in philosophy from Santa Clara University.
Mark43, which offers cloud-based software meant to help streamline paperwork for public safety agencies, has raised $38 million from investors.
The company, featured on the 2018 GovTech100 list, develops software that allows police to collect, manage, analyze and share information over a cloud-based records system. The new funding is set to accelerate software development, sales and deployments.
The Series C funding round was led by General Catalyst and Jim Breyer of Breyer Capital, with returning investments from Spark Capital, Ashton Kutcher’s Sound Ventures, Bezos Expeditions, Goldman Sachs, retired Gen. David Petraeus, Sheel Tyle’s Amplo, Innovation Endeavors, Govtech Fund, SV Angel, and others.
Mark43 has raised $78 million in its six-year run on the market.
“This latest round of funding, coupled with new growth hires, perfectly positions Mark43 to capitalize on the momentum we were able to generate following our Series B and bring new products like digital evidence management to market,” said Mark43 Chief Executive Officer and Co-Founder Scott Crouch in a press release.
Launched in 2012, Mark43 has deployed its core proprietary software, a records management system and computer aided dispatch system, to 13 public safety agencies across the U.S. It expects another 30 to join sometime this year.
Thirteen months after it was announced, Indiana’s first Internet of Things lab will open on March 21 in the burgeoning Indianapolis suburb of Fishers.
Fostering technology and innovation has been a focus for Gov. Eric Holcomb, who visited Fishers in February 2017 to announce the Indiana IoT Lab; and officials close to the project told Government Technology that interest levels are so high that they’re confident it will quickly generate significant value.
Mayor Scott Fadness said the lab’s eight office suites are entirely leased and more than 700 people had RSVPed to attend the opening as of March 16 — an indicator of curiosity that, in situations like this where touring the lab may be the most effective way to communicate its purpose, could also drive future commitments.
Originally targeted for opening as early as the summer of 2017, the 24,562-square-foot lab is designed to house a combination of maker areas, development labs and testing spaces for companies to experiment in designing new IoT devices and applications. It also includes a design thinking studio, where teams and clients will be able to work through the creative process.
The lab is expected to be a major driver of innovation and tech for the city, already home to Indiana’s largest co-working space, and for the state. Holcomb’s Next Level Fund, part of a legislative agenda with the same name, is intended to invest a quarter-billion dollars over the next decade into venture capital, a potential stimulus for startups.
The facility, in the former home of Bates Technology, a maker of honing stones and machine shop tooling, will feature resources including a laser cutter, a 3-D printer, a stereolithography 3-D printer and a pick-and-place printed circuit board maker.
The lab is propped up with a long list of sponsors. It will include a wood shop and a metal shop supported by a Stanley Security sponsorship that includes a donation of DeWalt tools, according to John Wechsler, chief executive officer and founder of the nearby co-working space Launch Fishers.
Another sponsorship from Arrow Electronics, a large distributor of IoT-related components, will likely deliver devices like Arduinos and Raspberry Pis, Wechsler said. Others on the list of 35 sponsors include Indiana University, KSM Consulting, AT&T and Allegion.
That list of sponsorships, which Wechsler said is “well into” six figures, also includes the city of Fishers, which the mayor said contributed $150,000. Going forward, the city will pay for the building’s lease; and Launch Fishers, a 501(c)3 nonprofit, will fund daily operations through memberships and sponsorships. Around 50 members have paid $1,000 each to join, which entitles them to work from the facility.
Tenants include ClearObject, an IoT systems integration business whose CEO John McDonald joined Wechsler and Fadness in guiding Launch Fishers; Flexware Innovations, which centers on what Fadness termed “machine-to-machine IoT”; and Rook Security, which helps companies with IoT challenges guard against cyberattack.
“Then, there’s a lot of additional space in the back for more free space, more open space. And we’re to the point now that it’s so in demand that we’re creating office suites even back there. I’m really excited about the initial group of talent that we’ve aggregated into that facility,” Fadness said.
“We think that if we can create the critical mass of workers and IoT engineers and innovators, we’re going to see not only companies from Indiana but from across the country and probably around the world look to be part of this thing long-term,” Wechsler said, noting that lab officials have already consulted their architect about a possible expansion.
During an interview with GT, the Launch Fishers CEO shared details of an email from a California-based utility that had contacted him to express an interest in using the lab remotely; and contact from a Toronto entrepreneur weighing a move to Fishers.
The mayor said people that have toured the lab include representatives of companies like Chrysler, John Deere, Rolls-Royce, IBM and Eli Lilly and Co. Officials met recently with representatives of a smaller Minnesota company interested in relocating to Fishers.
“They haven’t made their decision on where they’re going to go, but what I do know is without having this IoT lab, Fisher, Indiana isn’t on [the] list. This is an example of, by demonstrating your willingness to build these environments in an intentional way, attracts the type of entrepreneurs you’re looking for in your community,” said Fadness, the city’s first-ever mayor.
Rook Security relocated from California to Indiana in 2009, and CEO J.J. Thompson said he believes it has had the opportunity there to find “the right team with the right talent.” The company is “in line” to get office space in Fishers, the CEO said, and is also a founding dedicated suite member at the lab.
“This is going to be something that changes the way that Indiana’s economy fundamentally operates in the future. We wanted to jump in with both feet and be a part of this from the ground up. For us, it’s going to be all about getting closer to the problems,” Thompson said of the lab, referring to its all-encompassing capability to support problem-solving.
Officials don’t intend to “get in the middle of deals,” Wechsler said. But they do plan to make sure the lab is closely connected to academia and key local producers like southern Indiana’s plastic injection molding industry — not only looping in industrial specialties but also avoiding duplication by using area resources.
Discussions are already happening around potential use cases including an automation challenge from a global automotive company that could become a Master’s-level project for Indiana University students; and later this spring, the lab will host its first hackathon on public safety solutions.
But, the mayor said, this has not been a quick endeavor, and he cautioned other state officials contemplating standing up their own IoT labs to circle in local tech types and businesses, and be deliberate.
“Do not try to create this out of a purely government-based lens. It needs to be led by entrepreneurs,” Fadness said. “This vision of an entrepreneurial city was never going to be a one-and-done project. We’re in this for the long haul.”
In this installment of the Innovation of the Month series (read last month’s story here), we explore the Case Western Reserve University–Cleveland State University Internet of Things Collaborative, a new initiative in the Cleveland area, which is being supported by the Cleveland Foundation to foster the region’s research and development of these technologies.
MetroLab’s Executive Director Ben Levine sat down with members of Case Western Reserve University (Dr. Suzanne Rivera, vice president for research, and Dr. Kenneth Loparo, academic director of the Institute for Smart, Secure and Connected Systems); Cleveland State University (Dr. Jerzy Sawicki, vice president for research, and Dr. Nigamanth Sridhar, academic director of the Center for IoT Innovation); and the Cleveland Foundation (Shilpa Kedar, program director, economic development, and Leon Wilson, chief of digital innovation and CIO) to learn more.
Ben Levine: Could you please describe what the CWRU-CSU Internet of Things (IoT) Collaborative is? Who is involved in the effort?
Jerzy Sawicki (CSU): The IoT Collaborative (IoTC) is focused on leveraging and building the assets of Cleveland’s two universities — CWRU and CSU — to help drive vision and focus for the region as we prepare for the next technological revolution. It is not viewed as a traditional academic “center,” but rather a collaborative that is bringing focus and resources to the universities for the good of the city and region. In January 2018, the Cleveland Foundation awarded the IoTC $1.75 million for its first year to begin building up the organizational capabilities and assets of the effort. These funds will support the initial hiring of faculty, staff and other infrastructure needed to operate as a collective and drive project ideas, build partnerships, and show the region what it might mean to be an IoT city and region. This investment is the first of a multiyear effort to grow the IoTC.
Suzanne Rivera (CWRU): Supporting partners include the city of Cleveland, Cuyahoga County, the Cleveland Foundation, numerous economic development organizations in the region, and both small and large companies. Because of our industry base and geographic location, the IoTC is targeting the Industrial Internet of Things, a focus that looks at the larger physical digital connection to infrastructure as it can be broadly defined: manufacturing infrastructure, urban infrastructure, medical infrastructure and energy infrastructure.
Moreover, we are structuring our effort to not only cross the public-private sector lines, but also the disciplinary lines to allow us to truly be a “TechPlus” effort. This means that in addition to the traditional engineering and computer science disciplines on our campuses, we are involving the business, legal, social sciences, humanities, ethics, education and health-care fields. The Industrial Internet of Things will transform the way we work, the way we interact, the way we learn, and all fields must come together to prepare appropriately.
Levine: Can you describe the history and how this became a priority for those involved?
Shilpa Kedar (Cleveland Foundation): In October 2015, the Cleveland Foundation hired Leon Wilson as its first chief technology and information officer to develop a digital strategy that would guide the investment and grant-making decisions of the country’s second-largest community foundation. This strategy, rolled out in 2017, is called the Digital Excellence Initiative and is focused on five pillars:
Creating a more connected community Supporting digital skills development Improving digital civic engagement Elevating regional digital leadership Encouraging technology innovation for social good
Leon Wilson (Cleveland Foundation): The CWRU/CSU Collaboration was one of the first items supported under this initiative, with a $200,000 planning grant to the team to develop the framework for a regionwide IoT activity (this paved the way to the current $1.75 million investment).
Kenneth Loparo (CWRU): In 2015, the Electrical Engineering and Computer Science Department at CWRU, under advisement from alumni who sit on our Silicon Valley Think Tank and Boston Think Tank, developed a strategic plan that would tie together the various research thrusts of the department with an application for IoT. This plan included required investments in new faculty hires, new laboratories and new curricula. It was given its first shot in the arm in 2016 with a $1.5 million investment by Bob Herbold, alum and former chief operating officer of Microsoft, and the effort became officially known as the Institute for Smart, Secure and Connected Systems (ISSACS). Since that time, the effort has expanded into other disciplines not only within engineering, but also across the campus and into the community. ISSACS is CWRU’s organizational link to the IoT Collaborative.
Nigamanth Sridhar (CSU): Cleveland State University is an urban public university that is committed to a philosophy of engaging our students inside the classroom, throughout the community and around the globe. CSU’s involvement in the IoT Collaborative was sparked by two efforts: a CSforAll program led by faculty in engineering and teacher education in partnership with the Cleveland Metropolitan School District; and the establishment of the Center for Cybersecurity and Privacy Protection through our school of law. As we introduced the IoT Collaborative concept across campus, we have developed an organizing structure called the Center for IoT Innovation (CITI). CITI is CSU’s organizational link to the IoT Collaborative.
Rivera: There are various layers of local government involved in this effort and several examples of activities. Within the city of Cleveland, we are in the midst of developing a smart solution to issues associated with the water department’s underground pipes. With the Cuyahoga County government, various departments and groups are working with a CSU/CWRU highly interdisciplinary faculty team (engineering, urban studies and law) to consider the first steps in managing the opioid crisis using a range of technology. With a local inner-ring suburb, Lakewood, the team is using city vehicles for a groundwater sensing project.
Local government officials and IoT Collaborative researchers on a field trip with the local water department to discuss IoT technologies. Courtesy of Nick Barendt, CWRU
Sawicki: The incentive behind our industry partners to engage with the IoTC is preparedness — what does IoT mean to our business models? If we are a small company, how do we scale technology? Multiple industry partners are engaged in either projects and/or discussions about how to move forward. A few examples: Eaton Corporation and Intwine Connect are working with the IoT Collaborative on a project focused on energy management with IoT-enabled systems. We also have a group of 10 to 12 small manufacturers working to figure out how to prepare for the industrial IoT and what that means to their community from an educational/workforce development standpoint.
Levine: Can you describe what this project is focusing on and what motivated your respective institutions to address this particular opportunity?
Rivera: In Northeast Ohio, we see alignment around connected devices and big data as a common interest across academics, industry, health care, public-sector operations and services to citizens. We also see a strong research base that can be cultivated to establish Cleveland as a leader in IoT and data analytics. Specific projects that are coming forward include a range of disciplines, from those working to just organize and connect data streams (those first steps toward realizing the Internet of Things) to others testing specific IoT ideas.
Establishing a point-of-care sickle cell disease and malaria screening platform Virtual advocate: Giving voice to the unheard Smart fire-fighting in urban and suburban environments User-driven elder care technologies within a nursing home facility Military-based clinical theater assistant The HATCH Study: Halt Asthma Exacerbations Through Connected Health Care
Using interactive media and an augmented reality app to increase access to community spaces for children with mobility and sensory impairments Development of a mobile app/website for matching drug addiction treatment services Development of a Web-based system for supporting home-based care and treatment of children with autism spectrum disorder Cyber-physical security in an IoT-enabled microgrid Security and privacy of IoT devices A multimodal sensing platform for behavior and emotion monitoring Smart cities and data bricolage: How the Internet of Things and crowdsourcing can be leveraged to improve city management
Levine: How will the initiative organize the IoT ecosystem?
Sawicki: From a basic standpoint, we are using iotcollaborative.org as the front door (currently it is only a landing page, but being populated with content). We intentionally are not building a separate organization/nonprofit between the universities, but rather integrating and leveraging existing assets (ISSACS at CWRU, CITI at CSU), developing procedures and protocols for interacting seamlessly. With the $1.75 million award from the Cleveland Foundation, we are hiring staff who will interface with industry and the public sector, as well as positions within each university that will reach across the institutions. These individuals are building up advisory groups that are organized around industry, economic development/startup support community, local government and academic partners (community colleges, liberal arts colleges, etc.). These individuals are pulling together public-private teams around topics such as health care, manufacturing and energy with the intention of responding to grant proposals or building curriculum or hosting community events. We have hosted various community gatherings and will continue this year to build connections between and among all of our partners, including special sessions to engage local citizens.
For the external community, they will be able to enter the collaborative “front door” and be able to access a wide variety of disciplines and talent associated with both universities. Whether that is students who are developing IoT-related companies or faculty performing research in IoT-related ethics or research labs to test out ideas, they don’t have to worry about engaging two separate institutions, but tapping the wealth and resources of the collective.
Levine: How will the tools developed in this project impact planning and the built environment? What does it mean for Cleveland, Cuyahoga County, and the region?
Rivera: There will not be one set of tools developed, but multiple sets. We can imagine tools and devices from the simple and routine, such as finding open parking spaces and knowing which garbage cans to empty; to the convenient, such as improving movement using smart and open transportation systems, smart lighting, spatial recognition to inform users of events, entertainment, and educational opportunities; to the complex, such as better informing city operations of infrastructure needs, lead in pipes, algae on lakes, point-in-time pollution, safety, crime, and connecting personal data to readily available public and private services.
Levine: What are the next steps for the initiative?
Sawicki: Our next step is to continue building up the infrastructure of IoTC so that we can serve the needs of the region and city. This includes developing a highly visible demonstration project that touches industry, government and citizens to show the possibilities of IoT. It also includes a faculty hiring initiative that will continue to bring research talent to the region, talent with an interest in a “tech-plus” approach as well as a translational approach to realizing IoT. It includes hosting or participating in events that bring the city and region together, such as Data Days on April 5-6 and Tech Week April 16-20. Finally, it includes efforts to tie all activities to the entrepreneurial ecosystem that has developed in Cleveland, helping students and faculty to move their IoT knowledge into partnering companies or starting their own.
Rivera: We are building a movement in Cleveland. While our anchor academic institutions are driving the movement, it is an all-in effort that engages all of our region.
About MetroLab: MetroLab Network introduces a new model for bringing data, analytics, and innovation to local government: a network of institutionalized, cross-disciplinary partnerships between cities/counties and their universities. Its membership includes more than 35 such partnerships in the United States, ranging from mid-size cities to global metropolises. These city-university partnerships focus on research, development and deployment of projects that offer technologically and analytically based solutions to challenges facing urban areas, including: inequality in income, health, mobility, security and opportunity; aging infrastructure; and environmental sustainability and resiliency. MetroLab was launched as part of the White House’s 2015 Smart Cities Initiative. Learn more at metrolabnetwork.org or on Twitter @metrolabnetwork.
San Francisco Chief Innovation Officer Jay Nath, a key architect of its groundbreaking Startup in Residence (STiR) program, has left City Hall to focus more exclusively on leading the fast-growing civic-tech sector collaboration, now in its fourth year.
Nath confirmed to Government Technology that he was in his second week on the job as co-executive director at the City Innovate Foundation, a San Francisco-based nonprofit focused on helping local governments develop user-centered products and services.
Deputy CIO Krista Canellakis has been named the city's new chief innovation officer, a change recently reflected on the website for the Mayor's Office of Civic Innovation (MOCI).
Canellakis started with MOCI five years ago in the first cohort of Mayor Edwin Lee’s Innovation FeIlowship program, she said via email. In 2014, she led the creation of the Living Innovation Zones (LIZ) program in partnership with the city planning department, aimed at catalyzing creative interventions in the city’s public spaces.
“My passion throughout my experience in government is around building a community of civic entrepreneurs, both inside and outside of government, who are exploring fresh ways of tackling problems together,” said Canellakis, who described MOCI as “full steam ahead.”
“An important focus of our work for the next chapter is how we institutionalize innovative practices and mindsets into the DNA of city government and strengthen our city staff’s ability to collaborate and problem solve in new ways,” she said.
STiR, which connects young tech companies with government to address public-sector issues, began as a San Francisco in-house pilot in 2014 — an “experiment,” as Nath termed it. It has since grown exponentially, expanding nationwide to 12 jurisdictions in 2017, with participants as far flung as Boulder, Colo.; Miami-Dade County, Fla.; and Washington, D.C.
The program has also inspired at least one variation, CivTechSA in San Antonio; and some of the developers who have participated have built products that have reshaped government work. Binti, for example, has created a program to streamline foster-care applications that is now being used in an increasing number of jurisdictions.
2018 Startups in Residence
The 2018 Startups in Residence cohort began in February and will wrap in June — but not before a demonstration day May 22 as part of Bridge SF 2018, from May 22 to 24 in San Francisco.
The fourth annual conference convenes cities, startups, academia, enterprise companies and venture capital in an effort to bridge the gap between public and private sectors.
In July 2017, the City Innovate Foundation took a leadership role amid STiR’s expansion though San Francisco remained heavily involved, contributing resources including a federal Department of Commerce grant of $500,000 that ends this June.
The Foundation’s Executive Director Kamran Saddique described STiR’s future then as one of "huge potential," and said its separation from City Hall would facilitate its scaling up. The nonprofit has been successful recently, Nath said, in securing “the same grant” for nearly $500,000 over three years as a new primary funding source.
Nath, who announced his departure internally in February and left the city during the latter half of the month, said he’ll always be grateful to the late Mayor Edwin Lee, who created MOCI, and to current Mayor Mark Farrell “for their unwavering confidence and support of my work,” especially with respect to STiR and their “broader commitment to cross-sector collaboration.”
But after 11 years of public service, Nath said he had decided his “commitment to improving government” is best served by focusing his energy and time on growing “the late Mayor Lee’s Startup in Residence program.” Joining the Foundation, he said, will allow him that opportunity.
“That’s something that’s always excited me, is the fact that cities are working collaboratively towards making better cities, and that we’re not competing and that we can share what’s working, what’s not working. When I think about the ability to make [an] impact, Startup in Residence, I think, is a great lever,” Nath said, noting that improving residents’ access to their governments can restore trust.
“And I think that if we can create a government that is more responsive, that is more effective, that we’re going to rebuild that trust and start getting people more involved,” he added.
Nath’s departure is a significant one. He’s held his position since January 2012, when Lee first established MOCI and tapped Nath to lead it. Nath had been with the city since 2006 and had previously served as its director of innovation. One of the first to have a chief innovation officer job at the city level anywhere in the United States, he quickly became one of the most prominent municipal gov tech executives in the country.
Work done under Nath in San Francisco often served as a bellwether, creating benchmarks and examples for public-sector tech leaders in other cities. When discussing new projects with CIOs in any city hall, it was not uncommon to hear them say they’d been inspired by programs that were started in San Francisco.
Nath contributed significantly to the city’s work on open data, leading its effort to be the nation’s second municipality to launch an open data portal. He founded Civic Bridge in 2015, which recruits private sector pro bono assistance on critical local government issues, and spearheaded the city’s universal Internet project, which he said is “very close” to becoming a reality and “hopefully establishing a new model for municipal broadband.”
“Civic innovation is about more than technology — it’s about bringing fresh approaches to civic challenges,” Canellakis said.
The city’s FiberforSF project, led by Farrell and Chief Information Officer Linda Gerull, who heads the sponsoring agency, has gone further than “any other major U.S. city,” Canellakis said, toward “creating an Internet utility that serves every home and business with gig-speed Internet.”
“The fiber network will provide all San Franciscans an equal opportunity to access educational and employment resources, participate in civic and social life and use online digital government services,” she said, adding that its net neutrality and privacy protections have been praised by FCC Commissioner Mignon Clyburn, and covered by national civil liberties groups including the Electronic Frontier Foundation and New America Foundation’s Open Technology Institute.
Nath also worked diligently to simplify how public agencies find and purchase technology, innovating within the often-fraught government procurement process. Creating an easier, automated process that encouraged innovators to work with government has been an evolving focus of the office during his tenure with the city.
But asked which of his accomplishments he is proudest of, Nath pointed to San Francisco’s work around “structured collaboration models” like STiR and its sister program, Civic Bridge.
The former CIO declined to speculate on what the future holds for MOCI, with unknowns of the June 5 special election to fill the unexpired term of Lee, who died unexpectedly on Dec. 12. Farrell, who was appointed temporarily to the post by the San Francisco Board of Supervisors, will not be running.
But Nath said the office has left “an indelible mark on San Francisco and a number of other cities that we’ve worked with,” namely, its pivot to cross-sector collaboration.
“That shift in perspective, I think, is really the hallmark of the work that we’ve done, and I’m sure that will continue under any future leader. It’s something that I think is core to the values of San Francisco and the values of many other cities,” he said.
Riders in Chicago now only need to look up at the digital advertising screens on Chicago Transit Authority platforms to find the latest travel information.
CTA, through its partnership with Intersection — the company that manages the digital station advertising — now runs a “Passenger Information Bar” at the bottom of the screen, with arrival and departure information. The information bar — which CTA officials are calling the “flip” — will include real-time data, complete with alerts like service disruptions.
“We are pleased that we’re able to leverage our expansive collection of digital displays – which have improved commuting significantly — to increase the amount of helpful information we’re providing to CTA riders,” said CTA President Dorval R. Carter Jr., in a statement.
The system providing this data is known as IxNConnect, and was developed by the New York City-based company that specializes in smart cities technologies and works with a number of transit agencies. Much of that work revolves around managing the display and digital advertising in transit stations and equipment.
“Over the last couple of years, Intersection has really focused not just on bringing in revenue for the authorities, but also bringing them new technology, and sort of smarter cities type of technology, to help them really revolutionize the way that they interact with their customers,” said Scott Goldsmith, president of Cities and Transit at Intersection.
One of the key issues Goldsmith hears from transit partners has to do with transit’s inability to connect with riders in real time. This modification to the standard digital advertisement does just that.
“They [transit agencies] have the information,” said Goldsmith, referring to arrival and departure times, as well as other issues that can affect travel such as construction on the transit system.
“This is really valuable information that their customers really want to know about,” Goldsmith added.
The company plans to bring a similar system to the Southeastern Pennsylvania Transportation Authority, as well as New Jersey Transit, which operates rail and bus service in New Jersey, New York and Philadelphia, a region spread across 5,325 square miles.
The system in Chicago is particular to the rail network, said Irene Ferradaz, a spokeswoman for CTA.
“All the digital screens show train info. CTA has a separate group of signs at hundreds of bus stops that show bus arrival times,” she explained. “They are part of a different — non-Intersection — screen network.”
The real-time platform is now available on the 195 screens located on the outside of station entrances. More screens will be rolled out this year, bringing the transit status information to about 400 screens in the CTA network, said Goldsmith.
“The hardware was designed for transit authority use, both indoor and outdoor. And then, our transit team built the IxNConnect platform, built the software to match up to the displays,” said Goldsmith. “So we worked very closely with CTA to build that software.”
One of the key features of the software behind the IxNConnect system allows transit authorities to have one place to manage the communications across the digital network of displays.
“What IxNConnect does is brings all those displays under one system,” said Goldsmith.
“What’s really great about this is, CTA has really led the way, and worked collaboratively with us here,” he added. “We can provide software, and we can provide digital displays. But unless we work very closely with the authority … it’s very hard to understand how we can best help customers."
Intersection delivers the advertising, and that revenue paid for the system upgrades.
“The entire endeavor is done at zero costs to the CTA,” said Goldsmith.
About one-third of major IT systems that state governments use today are old and broken, and child support systems are especially in trouble.
That’s simplifying things a bit, but it’s true, according to data from the Center for Digital Government.* The center has internally released some results of an analysis it ran on five types of IT systems in place in every state in the U.S. The analysis looked at how many of those were “legacy” systems.
In this context, a legacy system is defined as “a business-critical system that was implemented prior to Oct. 25, 2001, and is currently unable to meet user demands.”
Of the 250 IT systems the center studied, 33 percent met that definition. Another 14 percent were going through a modernization process, and the center was unable to categorize 11 percent.
That leaves 42 percent of systems that are working and younger than 17 years old.
The data doesn’t cover all IT systems used at the state level, and obviously ignores those in use by local governments, but since it covers 250 systems it is a pretty good picture of the state of government IT systems overall.
The five types of systems included in the analysis were child support systems; department of motor vehicles systems for things like vehicle registration and titling; integrated eligibility systems; Medicaid management information systems (MMIS); and unemployment insurance systems.
There were marked differences in how many of each type of system were considered to be legacy. About 68 percent of child support systems are old and broken, compared with just 28 percent of MMIS systems.
*The Center for Digital Government is owned by Government Technology's parent company, e.Republic.
The Federal Communications Commission is poised to make a directive on 5G, the next-generation, high-speed wireless standard, that could significantly affect local government control of infrastructure. Two cities, San Jose, Calif., which lies in the heart of Silicon Valley, and Lincoln, Neb., an innovative university and capitol city, both could be profoundly affected if the FCC decides to “cut red tape” with modifications to small cell antenna deployment rules.
On March 22, the FCC will meet to eliminate unnecessary regulations to “provide better broadband, connect underserved areas and create jobs,” according to FCC Commissioner Brendan Carr. This move by the federal agency is supposed to save Americans $1.56 billion and create more than 17,000 jobs, according to industry statistics. “Our infrastructure rules were written for the hundred-foot 3G and 4G towers, not backpack-sized 5G deployments,” said Carr in a speech at the Consumer Technology Association in February. “It’s the regulatory equivalent of requiring a commercial pilot license to fly a paper airplane. The result? Small cell deployments cost too much, and the regulatory approval process takes too long. Left unchecked, this will be the bottleneck that prevents us from leading the world in 5G — that prevents the investments, innovation, and jobs associated with 5G from being realized here in the U.S.” But local officials argue the regulatory process serves an important purpose. “By removing the historic and environmental review, and taking away local control, it won’t allow cities to make sure that 5G is deployed in an equitable manner for citizens,” said Shireen Santosham, the chief innovation officer for the city of San Jose. San Jose is the tenth largest city in the U.S., the largest in Silicon Valley and has a median income that is over $90,000, but has approximately 9.5 percent of the city’s 1 million residents living below the poverty line. “Currently there are more than 100,000 people in our city who do not have broadband,” she said. “Small (5G) cells will not solve the digital divide; we need to know that there will be service to rural and low-income areas,” she said. Santosham sees the FCC moves as a cynical way of taking away local control of the infrastructure deployment while promising to cover those who do not already have connectivity. “It is important that we have the conversation about those people who are not already wired and do not have access at home,” she said. “We need a holistic conversation on digital access for all Americans.” The city currently has a partnership with Facebook called Terragraph, which will bring free gigabit-speed Internet to the city’s downtown public sometime this year. “This year, we launched an effort to bring autonomous vehicles to San Jose — our initial call for proposals garnered 30 submissions from leading companies around the world. We are currently evaluating a short list of companies,” she said. This technology will require 5G capability as well. David Young, fiber infrastructure and right of way manager for the city of Lincoln (pop 277,346 and home of the state’s largest university), has a similar view of the FCC’s directive. The city began its journey to 5G coverage in 2012 when Mayor Chris Beutler invested $700,000 in a conduit system for fiber optics that has since grown to over 300 miles. Because the state has banned local governments from offering municipal services such as electricity or telecommunications, Lincoln has worked hard to put together some very innovative ideas to attract private-sector investment. “The plan is to make our process fast, easy to understand and repeatable to attract investment,” he said. They have been so successful the city has managed to partner with 12 private-sector companies to keep them connected. Early in the process, Young began working with Valmont Industries, a city pole designer, to construct a functional pole that would make it easy for private companies to deploy 5G hardware. “They developed a pole that will deploy for 95 percent of their users (in other towns),” he said. The city also developed a master license agreement with the manufacturer. “It was important to get in on the ground floor with the pole company to set a standard for 5G infrastructure throughout the city,” he said. In the Internet service provider (ISP) industry, time is valuable. “If you can shrink time for the carrier, it helps the city’s partnerships,” said Young. The design process also saved the city money. “The poles cost us nothing, except my salary,” he said. “The manufacturer is selling my design to other cities.” Lincoln has a licensing agreement for 100 poles downtown and expects to install 400 in the next few years. While this is only part of the enterprising development Young has made, he says all of this will be for naught if the FCC rules bypass city control. “If the FCC takes away control and assets bought by the local taxpayers,” he said, “it will be very challenging.” Young said the city has worked very hard to streamline services for wireless providers. “We are business friendly. We have a 10-day permitting process,” he said. All standards are already online, and if the FCC rules to take away local control, it would cause deployment of the infrastructure to stop. The city has worked 100 percent with private partners in its infrastructure build-out. “Why are we not at the table with the FCC?” he asked. Like Lincoln, San Jose has embraced 5G and what it will allow the public to do in the future. “Ushering in a gigabit future will no doubt have wide-ranging benefits — from enabling new advances like connected and autonomous vehicles, unlocking augmented and virtual reality and creating other new markets,” Santosham said. But, two critical issues need addressing. The technology is in its infancy, and how it will be deployed matters to citizens. “We still will need to see proof points around the technology,” she said. “While it delivers lightning fast speed in labs and early trials, there are real-world problems of scale still to overcome.” Making drastic changes to how a city historically manages its public rights-of-way to accommodate one, yet unproven technology may not be a smart move, according to Santosham. “A piecemeal approach where service providers can pick and choose where they service a city also has another unintended consequence,” she said. “It results in the wealthier, denser and more profitable areas getting service first, and more traditionally digitally excluded neighborhoods serviced last if they have services at all.” If city government is not going to be allowed to control, permit and charge fees for access to the public right of way, this will also take away the ability to incentivize companies to build out into low-income or marginalized areas, argues Santosham. “Most of the legislation today is unfortunately too one-sided with the industry asking for the benefits of a public utility without the obligations,” she said. “Aesthetic concerns matter to local communities and bills that are overly permissive in equipment size and scale are shortsighted. No community will want thousands of refrigerator-sized equipment placed throughout their city with no say in the process.” Finally, private companies will not act on, nor know the communities’ interest, according to Santosham. “No one company or industry will act in the overall interest of the community in the way a local government can act — and rightfully so. Companies are incentivized to maximize shareholder value, not public value.”
The level of nation-state sponsored cyberattacks against civilian businesses crossed a dangerous new threshold this week.
In a series of briefings, press releases and well-timed reports, the United States accused Russia of cyberattacks on our power grids and other critical infrastructure facilities:
“The US government has accused Russia of remotely targeting the US power grid, as part of its newly unveiled sanctions on the country.
The Department of Homeland Security released details Thursday of what it called a multi-stage effort by Russia to target specific government entities and critical infrastructure.”
Here are a few of the other related headlines with related reports from different news sources:
Bloomberg News: Russian hackers attacking the US power grid and aviation, FBI warns Free Beacon: DHS, FBI Warn Companies of Ongoing Cyber Attacks on Critical Infrastructure Newsweek: Russian Hackers Attacked U.S. Nuclear, Aviation and Power Grid Infrastructure, FBI and DHS Warn
Why Is This An Escalation In Threats?
As reported by SC Magazine UK: “The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) took the unusual step Thursday of issuing an alert naming the Russian government for targeting US critical infrastructure with cyber-attacks.”
While there have been numerous reports, surveys discussions about foreign infrastructure being hacked, and quiet back-room discussions amongst cyberpros that these activities have been going on for a while, never before has this level of detail been revealed to the public.
I really like the interviews and analysis of the situation offered by TheCipherBrief.com. They called the Russian targeting of critical infrastructure our “Achilles Heel."
Here are some of the noted experts and their comments:
“What I read out of the DHS note is that it’s a pretty broad effort to get into a number of critical infrastructures: energy; nuclear; commercial facilities; water; aviation; critical manufacturing—there’s almost nothing off the list. So the Russians are doing a fairly broad penetration.
“There is no question that the Russian cyber activity as reported Thursday, but observed for years, should be interpreted both as preparation of the battlefield and as a message to the U.S. of Russia’s cyber capabilities, and possible use of kinetic cyber activity in response to a U.S. action such as, for example, a strike against Syrian leader Bashar Assad.”
“In the Cold War, Russia and the U.S. floated reconnaissance satellites over each other to identify targets for attack. This cyber reconnaissance is the same thing. It identifies targets and sends a threatening message.”
These announcements come the same week when the United Kingdom (UK) expelled 23 Russian diplomats for over ex-spy’s poisoning, and U.S. officials supported the U.K. regarding this incident.
The situation is so heated that some countries are threatening a 2018 FIFA World Cup (Soccer) boycott.
Meanwhile, the Washington Post reported that the US is getting tougher on Russia with new sanctions. "In its toughest challenge to Russia to date, the Trump administration accused Moscow on Thursday of an elaborate plot to penetrate America’s electric grid, factories, water supply and even air travel through cyber hacking. The U.S. also hit targeted Russians with sanctions for alleged election meddling for the first time since President Donald Trump took office. …”
Finally this week, a new report coming from Blackhat Asia revealed that 70 percent of security professionals expect a major attack to bring down critical infrastructure in their region in the next two years. You can download the full report Cybersecurity Risk in Asia, here: blackhat.com/latestintel/03122018-cyber-risk-in-asia.html
More Background on Cyberattack Reports on Critical Infrastructure Over the Past Year
Earlier this year, Inc. Magazine reported that 2018 will be a year that cyberattacks on critical infrastructure soars. “There was a stunning cyberattack on a critical Middle Eastern infrastructure site recently and it hasn't gotten the public scrutiny it deserves. Triton (a.k.a. Trisis), a new strain of malware, was discovered last month via intelligence sharing reports provided by the security vendors FireEye and Dragos. The news was the latest in a series of public disclosures about progressively more sophisticated energy plant hacks.”
Earlier this year, I posted this blog on cybersecurity for energy’s critical infrastructure which highlighted a U.S. Senate Energy and Natural Resources Committee hearing on March 1, 2018, on efforts to improve the resiliency and reliability of critical energy infrastructure.
That piece closed with these thoughts: The hearings and experts seem to think that smaller regional outages are very possible, and perhaps even probable over the next few years. Their emphasis on reliability and resiliency is constant, and they point out that weather-related electricity outages happen all the time.
However, the feeling of most of the experts seems to be that a nationwide “major grid outage” is very unlikely. They say: “Great work is ongoing. However, many of the smaller utilities have a long way to go.”
And other reports on hacking critical infrastructure accelerating go back several years. Still, these new reports detailing Russian hacking this week point to a major acceleration beyond anything reported previously.
Three Actions for State and Local Governments
So what should state and local governments be doing now — given this new cyberthreat environment?
1) Read US CERT Alerts issued this past week — First, in Alert (TA18-074A) “Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors”, the US CERT lays out the various ways that Russian “government actors” have recently targeted US critical infrastructure, from US government entities to key industries like “energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”
Here’s a high-level excerpt: “Since at least March 2016, Russian government cyber actors — hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, the report Dragonfly: Western energy sector targeted by sophisticated attack group, released by Symantec on September 6, 2017, provides additional information about this ongoing campaign.  (link is external)
This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks, referred to as “staging targets” throughout this alert. The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. NCCIC and FBI judge the ultimate objective of the actors is to compromise organizational networks, also referred to as the “intended target.”
2) Work with owners/operators on coordinated plans — Once your organization has a good understanding about what actually happened this past week, federal agencies and state and local governments need a response plan. There are a number of excellent options from NIST, The National Association of State CIOs (NASCIO) and states like Michigan that are detailed in this article from late last year entitled: How to Recover From Cyber Incidents in Government. The federal government is certainly reaching-out to the affected critical infrastructure owners and operators who were hacked, so government officials need to be a part of that conversation. I recommend reaching-out to law enforcement in your area to learn more.
3) Finally, you need to be testing your government plans with private sector owners and operators of critical infrastructure. Using a cyber range, is certainly one important piece of the cyber defense puzzle. Several public and private sector organizations have been running tabletop exercises going back several years, but this is a new concept for many. Also, ensure that your communication plans regarding cyber are up to date.
The events of the past week point to much more cyber trouble ahead. My personal opinion is that for the US CERT and others in government to reveal this amount of specific information, more serious attacks are likely occurring now (that they are not revealing). In other words, our vulnerable situation is actually worse than previously reported.
The trend towards critical infrastructure disruption is now clear, and nation-state actors have the ability to cause substantial harm. This cyber situation is no longer about a rogue country or some random hactivist group. We now have examples of Russian cyberattacks against civilian critical infrastructure, and they will use this attack capability when the time is right.
We can hope for the best, but we must prepare for the worst. Cyberprotection efforts must be stepped-up.
Our cyber temperature just got hotter for critical infrastructure. What are you doing to prepare?
In recent decades, public labor strikes have become rarer, especially those that unite workers statewide, but experts say this may now be changing, fueled by economic conditions and the use of social media as both a convening tool and an amplifier for stories of struggle.
One prominent example of this is the recently-settled teacher’s strike in West Virginia, according to David Madland, a senior fellow at the Center for American Progress. During the strike, every teacher in the state spent nine consecutive days out of classrooms before the union eventually received all that it asked for, including 5 percent pay raises.
Teachers walked off the job because of rising health-care costs and low pay, with many telling stories of working second jobs at fast food restaurants just to get by. The teachers, who don’t have a labor contract with the state, had not had an across-the-board pay raise in four years.
What happened in West Virginia is notable for a couple reasons. First, teachers in the state were among the lowest-paid in the nation, ranking 48 out of 50 states and Washington, D.C., according to Madland. Second, the size of the strike was unusual. It included every public school in West Virginia.
Labor organizers had to connect two unions spread throughout 55 counties of West Virginian terrain, which, with its valleys and mountain roads, made organizing difficult. To overcome this problem, the teachers unions spread stories of the dire economic situations they faced with the social media hashtag #55strong.
By crowdsourcing what was a grass-roots effort using social media, teachers were able to sustain the strike and win the pay raise they demanded, according to The New York Times.
“The big thing was they had a shared grievance that the economic conditions were really bad,” Madland said. “The political system wasn’t responsive to them in any other way, and so they felt backed into a corner and had to take dramatic action. Once they got to that point of feeling that way, social media helped them reach out to others, understand others were feeling the same way and then help organize their efforts.”
Now, that model is spreading to other states where teachers’ pay has been squeezed by reductions in education budgets, creating the same economic conditions faced by teachers in West Virginia. Teachers in Oklahoma, where schools are the most poorly-funded in the country, have set a strike date for April 2, and are also using social media as a tool to build a movement and post informational videos.
Teachers in Arizona have also turned to social media to build momentum around labor grievances. On Wednesday March 7, thousands of teachers wore red clothing to school in a show of solidarity (teachers in West Virginia also wore red during their strike), said Joe Thomas, head of the Arizona Education Association. Thomas said this was largely organized on social media via the hashtag #RedForEd.
Throughout the day, teachers, aids and students posted pictures of themselves wearing red, and later in the week many of them returned to social media to post videos and stories of the dire economic conditions they face, which Thomas said were comparable to West Virginia’s.
“It’s reaffirming to know that you’re not the only one thinking or feeling what your experience is,” Thomas said. “You can see there are other people across the state struggling to meet their bills, or who have class sizes where they can’t meet the needs of all their students.”
The personal stories and legitimate grievances of the public employees are a foundation upon which social media tools can be used to build a house of collective effort and support. Madland said there’s been a sharp decline in strikes across the country in the past 60 years, and “this might be a signal of a resurgence in strikes.”
“Underlying conditions have been bad for quite some time, and it does take a little spark,” Madland said. “I think West Virginia helped provide some of that spark to other states.”