Microsoft Corp. committed its expertise to the cause of homeland security when it named Tom Richey as director of Homeland Security for Microsoft Public Sector in November of 2002. Most recently, last month the software giant named former U.S. Department of Homeland Security (DHS) official Michael Byrne as director of Justice & Public Safety for Microsoft Public Sector. Richey and Byrne spoke with eWEEK Senior Writer Darryl K. Taft about Microsofts homeland security strategy, how its products play into that strategy and how Web services stand to play a major role for the software giant in the government space. The interview was one of Byrnes first since joining Microsoft.
Why is Microsoft in this space? Why do you have a Homeland Security office, and what are you doing?
RICHEY: Our No. 1 goal at Microsoft is to help the president, the secretary of Homeland Security, various governors, mayors and county executives achieve all their goals around homeland security. And we feel that were in a good position to do that because we have a significant presence in the federal government with our technology and in state and local governments, No. 1. So theyve made a significant investment in us and in turn weve made a significant investment in their success. And so we share goals along those lines.
A second most important thing is that the future technology requirements that are needed in the world of homeland security, like other lines of business, is increased ability around collaboration. Thats the Microsoft product roadmap alignment. Thats our future and its our customers future. So theres great alignment there. So were excited about that. The last thing I would say is that its important to recognize that the country cannot continue to spend public dollars at the rate that weve been spending and investing in this. We have to find ways to invest smarter, invest wiser for the long term. And we believe that the Microsoft platform and our ability along the areas of Web services in connecting disparate infrastructures will be an incredible force multiplier thats consistent with the goals and challenges around funding the homeland security needs—at the same time aligning with the federal governments goals around e-government in the business service model and the service reference model.
So this is a for-profit initiative by Microsoft?
RICHEY: Yes, but for-profit doesnt mean selling people software they dont need. Its called doing right things right. So its helping our customers invest their public dollars wisely. It doesnt serve Microsofts interests to have our customers buying solutions or technology that dont, one, satisfy their requirement or, two, provide opportunities to build for the future. We want to help our customers be successful in their government goals that the president laid out in the Homeland Security Presidential Directive 5, and that the secretary laid out in the National Response Plan. So thats where our focus is.
What I forgot to say is the most important reason youre talking here today is about Mike [Byrne] and that is important. Mikes position here is a valuable and critical component to our team because we didnt have someone in our organization that had the depth of understanding that we required of the first responders community. Mikes background and depth in his work at DHS and with FEMA [Federal Emergency Management Agency] and with the fire department on the ground and with FEMA on the ground in New York City is a perfect fit for rounding out our team. And were just thrilled that Mike has decided to come to Microsoft to operationalize policy.
Next page: What Byrnes brings to the table.
Byrnes Job
What do you bring to the table? And what are you going to do at Microsoft?
BYRNE: A while ago when Microsoft and I first started talking about this it started to line up in my mind that throughout my career, both in the New York City Fire Department and then at FEMA, Ive always had an appreciation for how the larger organization or structure supports what the guys are doing on the ground. And at this point, especially in the last two years, I was fortunate enough to work with Secretary [Tom] Ridge and within the administration to help work on policy that is in the process of changing for the better the way we view public safety in this country.
Public safety historically has been developed locally, developed in unique ways for the localities, and its created over time an incredible amount of diversity in the local areas. The challenge, with the types of events that were facing now—and not just terrorism events but large natural disasters—is that we find that local resources are not sufficient to meet these requirements. Although this is not new, we see it more. So we end up starting to look at public safety for the entire country as a combined system that needs to integrate and work better together.
And its through the leadership of Secretary Ridge and the administration and in the national strategy for homeland security where that is expressed in terms of the establishment of a national incident management system. And to take that diversity and to get it to where theres a unity of effort, and a system and a process that will allow it to work better together. Looking at that and looking at that major shift in public safety for the country, technologys got to be there to support it. Technologys got to be there to help make it happen. The guys are still going to have to do their job everyday, but the technology should be there to support it.
And looking at Microsoft—and when I was thinking about this, I did some background reading, reading some of the speeches given and the background on the company and the direction its taken, and in particular Bill Gates book “Business at the Speed of Thought.” There were a couple of sections of that book that just grabbed me and made me realize that this company understands the direction that public safety is taking and that the types of technology they want to use is going to really help make things happen.
In particular, theres a section on bad news must travel fast. I cant think of a business where thats more important. When a buildings coming down we need to get the word out fast, or if theres an extra threat that a response is going to reveal itself, we need to get the information up to the guys. Theres another section about when reflex is a matter of life and death, and that is this business. It is a matter of life and death. And our information systems should be designed to support that. At the end of the day, if our technology doesnt get the information to a police officer doing a traffic stop or that firefighter entering either a hazardous material incident or a building on fire, if that person doesnt have every piece of information we can possibly get to them then were not doing our job. And I believe that being here; Im going to be in a position to help make sure that that happens.
Are there any particular Microsoft products that will play a bigger role in this? Or are you making specific versions of the products that are targeted to this community or maybe doing some prepackaged solutions that will target this community?
BYRNE: The things that have caught my attention so far, and lets be clear I just started here and Ive been focused on policy and operations, but the use of Web services and .Net and what Ive read about and talked to the people here at Microsoft about the concepts of trustworthy computing and applying that to the business of public safety. Reliability takes on new meaning. Security takes on new and more important meaning. These things are important for our businesses in the country, but they really are just as important if not more so when lives are at stake.
RICHEY: Let me add to that. One difference between probably our strategy and where it may part ways with other large IT vendors is that our future product roadmap is really driven around Web services and our ability to drive across legacy systems in a scalable, repeatable and affordable way. Thats at the heart of our strategy with homeland security because if you try to build out a national response system and connect all these huge legacy silos that have to connect when an operational commander at DHS is on-site in downtown New York and has to access all these huge databases in order to make well-informed and best-informed decisions, were a far cry from being at that point.
And Secretary Ridge has made public speeches about that. He says its really a 10-year window. That aligns pretty interestingly with our product roadmap in the sense that our future is based on not taking all that stuff in those silos and dumping it into a huge data silo and then figuring out how to pull it out and what to do with it. Its exposing those legacy assets to Web services and doing analytics and business rules on top of it to pull that information out when you need it, at the right time to any device.
OK, I see the parallels with Microsofts products strategy.
RICHEY: Another area were different is Microsoft has hired two operators sitting at the top of their homeland security strategy, not IT guys. Thats a huge difference. And let me define operators: Im not an IT guy either. Mike was a firefighter, was a captain in the New York City fire department and then an operational guy for FEMA on the ground at 9/11 directing that operation. My background is I was a Coast Guard officer for 21 years, at sea, doing counter narcotics interdiction, search and rescue, and maritime law enforcement. So we both make decisions together as a team across the national enterprise from an operators perspective. Were operationalizing the homeland security goals with the power of Microsofts technology and our partners.
Next page: Is Windows secure enough?
Windows Security
The Windows platform has been taking a lot of criticism with all the patches and security problems. Is this platform considered secure enough for homeland security?
RICHEY: The answer is absolutely. Bill Gates and Craig Mundie, our CTO, will talk publicly about the challenges Microsoft faces around security in our platform. But let me just clarify something for the record: Microsofts platform is no less secure and is proportionately more secure than our competitors. Heres where the difference is … our presence in government … 65 percent of the desktops have Windows on them. That makes us the perfect target for those that would do harm to our government and to our citizens. So we get attacked a lot more than our competitors Ill tell you that No. 1
That doesnt mean thats an answer for why we can just slough it off as not important. It is job one at Microsoft. Im sorry, wrong company, I shouldnt say that. But you know what I mean. I mean Bill Gates and the Trustworthy Computing initiative … Bill launched that almost two years ago now. He shut down Microsoft for a period of two months and literally stopped all product development. It cost the company almost $200 million to create the paradigm shift that was required for running secure code. All of our code writers were pulled through a filter of rethinking the way we write and incorporate code into our products. Windows Server 2003 was the first product that was impacted by that change. It wasnt totally impacted. It was probably 78 percent through the product process by the time we had the stand-down. But let me say it benefited. And even with the latest vulnerabilities, Windows Server 2003, compared to its predecessor, has had significantly fewer vulnerabilities. Still at the heart of security is our Trustworthy Computing initiative, which is secure in design and secure in deployment. So we shut the Windows and doors when we send it out to our customers. Then they have to open them if they want them.
But No. 2 is the ability to push down patches. So were working hard with our government customers to work smarter about securing the enterprise because the vulnerability exists between the time Microsoft or one of our partners discovers the vulnerability and the time you deploy the patch. The time between the time we discover the vulnerability and the time we deploy the patch is shrinking at an incredibly dangerous rate. That means we have to get that patch out that much faster. We have prototype systems—enterprise systems—where weve done that successfully, but recognize that the government makes decisions slowly and you have huge disparate infrastructures that have to connect into that capability. And then its a long path for us to get our customers to build those kinds of capabilities. But were focused on it as the primary foundation for everything we do in the world of homeland security.
Next page: Will Linux play a role?
Linuxs Role
Do you expect that you might use any Linux or open-source technology?
RICHEY: Well, no. Well use open standards. Microsoft is a proponent of open standards because thats at the heart of successful Web services interoperability—between our Web services product and Oracles and others. Open source, however, is a different issue. And comparing Microsoft to Linux, my biggest concern is the total cost of ownership. Earlier on I said we owe it to our customers to help them invest their public dollars wisely. I do not believe Linux is the best investment when youre making it from a cost/benefit perspective. The total cost of ownership of Linux because of configuration control and long-term security issues does not stand up to the Microsoft platform.
Is your work there one of Microsofts e-government initiatives?
RICHEY: Microsofts e-government initiatives are consistent with the OMBs [Office of Management and Budgets] e-government initiatives. The OMB owns the federal strategy around e-government. Our goal, our mantra inside the Microsoft homeland security strategy, is that we will not talk to a customer about a Microsoft homeland security solution unless its perfectly aligned with OMB and their goals around e-government.
We applaud their efforts around e-government for a couple of reasons. Were very confident that if our government customers look at the platform that they already own first to adopt change or incorporate new IT policies, then its consistent with our goals in terms of the federal agencies having to make decisions that are consistent with e-government or they get shut down by OMB. So its not in our interest to not understand what our government customers requirements are around e-government. So homeland security is a line of business that rides across the e-government network.
Do you work with any agencies in the intelligence community?
RICHEY: The answer is yes but most of it we cant talk about. Let me just say that we have longstanding productive relationships with the intelligence community. What I can tell you is that Im really proud to say that the director of operations at the CIA has awarded one of our intelligence sharing solutions a protection level three of certification. Thats significant in the intelligence business and in the homeland security business, and were very proud of that. And that drives right to the issue of the security of our platform.