Cyber event triggered process rethink, says US national lab CIO

Tech chief Mike Bartell also feels IT enablement paradigm particularly relevant for Oak Ridge National Laboratory

A cyber attack caused one of the US Department of Energy's most prominent national laboratories to rethink IT processes and enhance centralisation, according to the facility's technology chief.

Mike Bartell, CIO of Oak Ridge National Laboratory (ORNL), a multi-programme science and energy laboratory based in Tennessee, recollects that at the time of the cyber event in April 2011 its lab systems were not centralised.

"Therefore we had limited visibility into the detailed configuration state of a large number of systems. Using point solutions to try and determine configuration details of the various networked devices, their configuration state and the relationships which existed among systems took much too long and were prone to a high level of inconsistency and error," Bartell told CIO UK last month at the ServiceNow conference.

While ORNL was already seeking a new helpdesk platform, the cyber event accelerated pace of all around improvement.

"We took a step back at this critical juncture, as our priorities quickly changed from merely looking for a new helpdesk tool. The real driver became the need for a discovery and Configuration Management Data Base (CMDB) capability," he adds.

Bartell's colleague Brian Arlington, group leader of service management, and an influencer of the changed approach, says ORNL subsequently joined hands with ServiceNow to create a 'concierge service' of sorts going well beyond IT.

"Previously, our 4,500 employees as well as the general public had to call multiple places to get help with something. So the objective was to offer a broad range of support services spanning many areas of the laboratory - a 'one-stop shop' for any question or problem.

"Today a centralised solutions centre serves as the primary point of call for support and issue resolution. All non-emergency calls are dealt with here and the platform (for integrated support and service) can be used broadly across our enterprise. We quickly followed that with an incident, change and problem management system, and are now implementing our broader IT service catalogue and knowledge base around those services."

However, given the sensitive nature of ORNL's work, as with the deployment of any new platform, a technical and risk review process had to ensure that it not only met the CIO's customisation parameters, but compliance with US FISMA (Federal Information Security Management) and NIST (National Institute of Standards and Technology) security controls as well.

"We do this for every major new system or service we implement, and the same applied to ServiceNow, especially since it was cloud-based," Bartell explains.

While ORNL is more risk aware than ever before, the organisation is not holding back from introducing BYOD to its nearly 4,500 strong workforce and around 3,000 research intake students who work at various offices across the 58 square mile facility.

The CIO says ORNL's approach is "reasonably aggressive" on the BYOD front.

"The spread of BYOD in companies and government agencies is inevitable, and we are no exception. We have a highly mobile workforce and they need to be able to get their work done regardless of location and device. Our strategy is 'Any Time, Any Place, Any Device'. Mobility (including BYOD) is one of our major IT strategies. But, doing so in a secure way is essential.

"We've been doing limited BYOD with personal phones for some time. We are currently planning to expand our BYOD capabilities considerably, but being able to embrace a broader yet secure use of BYOD required a significant commitment and investment in our mobile infrastructure. In our view, BYOD goes well beyond just enabling email on personal devices. It also includes an Apps Store with a broad set of useful mobile applications that can help staff accomplish their work regardless of their location or the device they choose to use."

For the first time, this year's intake of research students would be bringing their own laptops under ORNL's BYOD programme.

Bartell says technology's scope for enablement is visible in every sector, but is especially true at an organisation like his. "One of our core competencies is high performance computing and networking. Technology, more specifically computing at scale, is a key enabler of much of ORNL's research mission."

While the facility's origin dates back to the Manhattan project of the 1940s, over the years ORNL, which is operated by UT-Battelle on behalf of the Department of Energy, has grown to become a hub for research in advanced materials, clean energy, neutron science, nuclear research, supercomputing and global security.

"It's hard to imagine how we could achieve our mission without aggressively leveraging technology. Furthermore, as a research organisation, we see this as a constant work in progress. You'll find CIOs from every sector acknowledging that IT is challenged every day to be more of an enabler to their organisation's mission, from retail to automotive; but it's particularly critical for a leading research organisation such as ours."

Tags securityOak Ridge National Laboratory

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Solutions-GigaVUE-2404

Newgen provides innovative network monitoring and security solutions based upon Gigamon’s GigaVUE-2404

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.