Paying the Security Price

An auditing team looking into the Chicago school system's technology operations had an interesting experience last summer: They were able to walk right into a new data center during normal business hours, without an escort and without being questioned, and were even able to get their hands on equipment and data.
by | May 2000
 

WELCOME, INTRUDERS

An auditing team looking into the Chicago school system's technology operations had an interesting experience last summer: They were able to walk right into a new data center during normal business hours, without an escort and without being questioned, and were even able to get their hands on equipment and data.

That wasn't the only problem they uncovered. A report by KPMG, done under the auspices of the Board of Education's Office of the Inspector General, found "weak management practices and a pervasive lack of asset and business controls"--shortcomings that the report said threatened the ability to effectively run the computing operations needed by the school system, the nation's third-largest.

Those findings led the school board in February to send Richard Koeller, the system's chief information officer, packing. At a consultant's fee of $175,000 a year, Koeller was paid $25,000 a year more than the schools' chief executive officer, Paul Vallas.

The security breaches were particularly troubling to Vallas. "It's like playing Russian roulette," Vallas told the Chicago Sun-Times. "No one's gotten shot yet, but it's just a matter of time."

WWW.HACKED.GOV

Physical security breaches aren't the only kind that people who run government IT operations have to worry about. A hacker known as "the fox" broke into the Alabama legislature's home page in March and prevented the public from gaining access to the Web site for almost three days. The legislature called on the attorney general office's white-collar crime division to investigate and installed a three- tiered password system for remote programmers to use to get onto the site. But Don Ladner, administrative assistant to the clerk of the state House, hasn't stopped worrying about Internet security. "We feel like anything out on the Web has a degree of vulnerability," he says.

He doesn't have to tell New Mexico about it. Governor Gary Johnson's official Web site was hacked into at least twice during the same month. Someone using the name "Nemesystm," purported leader of an outfit calling itself the Delinquent Hacking Corp., wrote that he invaded the governor's site because he's opposed to Johnson's support for legalizing drugs, including marijuana and heroin. He replaced information there with his own messages and a link to the DHC site. Some of those messages were violent, says Diane Kinderwater, the governor's press secretary. The FBI has been brought in to investigate, and the site was restored, but with beefed-up security. The souped-up protection cost the state about $20,000 in staff time for more security and firewalls.

HANGIN' AT THE E-MALL

Saving staff time--and money--was the goal of a new online project in Washington State. Purchasers from some 250 state, county and city agencies can now head to the state's e-mall, at emall.dis.wa.gov, and shop for a variety of technology products and services from about 40 different contracts. "We take stuff from all over the place, which you had to be really smart to find, and put it into one portal," says Bob Deshaye of the Department of Information Services.

For instance, the state just joined the Western State Contracting Alliance in a contract for computers from Compaq, Dell, Gateway, IBM and CompUSA. Both large and small government agencies can get the computer prices negotiated under that large contract. That could be a major price savings for the smaller government agencies that might not have been able to buy in volume before the e-mall.

LESSONS FROM FAILURE

If getting complex computer projects to work were as simple as going to an e-mall, California wouldn't have experienced the series of expensive and embarrassing technology-project failures of the past few years. But the state has learned a lot of lessons from those failures, many of which have involved welfare-related systems.

Now, a consortium of 18 California counties is tossing out a 30-year- old system for delivering social services and paying $321 million to replace it with a new centralized system. The consortium signed an 11- year contract with EDS to design, develop and implement the new system, called the CalWorks Information Network, or CalWIN, over a 51- month period.

There are four such county consortia statewide. The goal of CalWIN, the largest system of its kind in the country, is to streamline how 40 percent of state recipients get Medicaid, food stamps, general assistance and other services.

"There will be very significant savings," says Sandra Erbs, manager of the California Welfare Case Data Consortium, from reductions in errors, increased productivity and other operational efficiencies--not the least of which will be the cost of running one system compared with the 18 now operating in the individual counties. There's another reason, she says, for some optimism: The counties, not the state, will be managing this project.

Join the Discussion

After you comment, click Post. You can enter an anonymous Display Name or connect to a social profile.

More from Tech Talk