IT: Getting Ready to Fight the Next War

Corporate Partner Roundtable: SarbOx mandates, not suicide bombers, have dominated five years of IT disruption.

On the fifth anniversary of the Sept. 11, 2001, attacks, eWEEK sought the perspective of several members of our Corporate Partner Advisory Board as they looked back at the disruptive forces that have reshaped the enterprise agenda during that time.

Technology Editor Peter Coffee spoke with Robert Rosen, CIO of the National Institute of Arthritis and Musculoskeletal and Skin Diseases, in Bethesda, Md.; Kevin Wilson, product line manager, desktop and mobile, Duke Energy, in Charlotte, N.C.; and Judy Brown, strategic adviser, University of Wisconsin System, in Madison, Wis.

Our goal today is to look at the adjustments that enterprise IT has been forced to make in the time since the 9/11 attacks. How has 9/11 affected IT operationally? Is there more demand for support for teleconferencing or other remote collaboration because of the greater nuisance of travel? Is there more proactive investment in information security or a growing role of IT in physical security? And has there been any change in the posture as to resource availability for any new roles?

Rosen: What has happened, I think, for the most part, is that people are much more aware of the need for disaster recovery and continuity-of-operations plans. Theyre clearly spending more time making sure that theyre doing these things, doing a lot more inspection and so on. The downside of it is, for most people, theres no additional funding available. We have to be ingenious about doing these things along with everything else.

So, rather than the movie-plot scenario planning, youre seeing more emphasis on readiness for disruption from whatever source?

Rosen: The terrorist scenario or natural disaster scenario provides an impetus, but the smarter people are saying: "If you plan for the previous disaster, the next one will be different. What you have to do is take a step back and deal with disruption regardless of the cause."

/zimages/4/28571.gifIT is still open to terrorist attacks. Click here to read more.

Has there been any increase in demand for remote conferencing or other operational impact on IT infrastructure?

Rosen: Thats more a personal preference. There are people who dont want to travel anymore, and you can understand that because its become such a hassle. We are seeing more questions of what we can do across the Web and what do we have in the way of collaboration software.

The other thing is a lot more in the tele-work arena. We just had a drill last week, saying, "Suppose the campus was shut down—could you work from home?" We had a sizable population testing that.

So, you didnt just send out a survey and ask people if they could do it; you did this as a live fire drill, so to speak?

Rosen: Actual testing.

Were there any surprises that you can talk about?

Rosen: They did an after-action survey, which was good. The percentage of people who had problems was very low, on the order of 1 or 2 percent out of 2,000 people who were testing this. I think that was pretty good.

The problems they had were pretty much what we predicted. Most of it is … a problem between chair and keyboard. Its a matter of training. You really cant just assume that people, because they can read their e-mail from home, can do all the other things from home. More training is needed.

All in all, I think it was a reasonably successful exercise—but it only represented 10 percent of the population. What will happen to IT infrastructure when theres 80 percent remains to be seen, but were taking steps to address that.

Kevin, when we think of you at Duke Energy, we think of critical infrastructure issues of energy production and distribution that have gotten a tremendous amount of attention in the last five years. Is your involvement in that sector an important factor in the way that youve had to think about the last five years, or are your IT operations like any other companys?

Wilson: From our viewpoint as an IT shop, I dont think things have changed as much [due to 9/11] as they have due to [the] Sarbanes-Oxley [Act] and Enron. When you get to physical plant security, thats where youve seen the world turn upside-down. All the garages have barriers, there are more guards, the physical facility looks different.

/zimages/4/28571.gifWhat have we learned from Katrina? Find out here.

Have you had to provide IT support for that, with IT systems for smart cards or other more granular access controls?

Wilson: It seems to be more contractor augmentation, not redesign of the infrastructure. I have not seen IT systems for physical security.

Are your own IT systems getting improved physical security against attacks that might take out a data center rather than a generating plant?

Wilson: Weve been protecting things, yes.

Brown: Were looking at using the collaboration and tele-work technology from home, but Im seeing a lot more lockdowns from corporate IT: Some of the tools, the Web 2.0 tools and Skype and things, users cant install. Its problematic for them to collaborate around the water cooler from a distance.

Next Page: The real attack on IT.