Colin Powell Rouses IT Pros on Cybersecurity and Leadership -- Redmondmag.com

The Schwartz Report

Colin Powell Rouses IT Pros on Cybersecurity and Leadership

Former Secretary of State General Colin Powell is best known for his tenure as a one-time top diplomat and his role as chairman of the Joint Chiefs of Staff during Operation Desert Storm a quarter century ago. But he told an audience of several thousand IT pros yesterday that he's no luddite when it comes to enterprise technology and cybersecurity.

During a one-hour keynote address yesterday closing out this week's Citrix Synergy conference in Orlando Fla., Powell shared his IT credentials and his encounters with cybersecurity challenges over the years. Powell also emphasized the importance of strong leadership and the need to recognize the issues dealing with immigration and the diverse cultures, issues quite germane to any IT organization.

While Powell steered clear of weighing in on the current investigations into charges that the Russians hacked e-mail systems in an effort to steer the outcome of last year's presidential election, he weighed in on the private e-mail server that Democratic nominee Hillary Clinton used when she served as Secretary of State and how it brought attention to his use of personal e-mail serving in the same top diplomatic role.

"Hillary had a problem," Powell said, which stirred extended laughter and applause. "They came after me. They said: 'If Hillary did it, Powell must have done it.' So, they chased me around. And they subpoenaed my AOL account and I said 'go ahead, be my guest.' And they looked at it and discovered there was nothing there."

While he didn't dwell on Clinton's e-mail server during the talk, Powell gave this view: "Hillary really didn't do anything wrong," he said, a position he has shared in the past. "It was not done well, but the was no criminal intent or criminal act there, and that's what ultimately was discovered. But what we have to make sure of from now on is that we manage these systems the proper way."

If an 80-year-old decorated military general and former diplomat who served four U.S. presidents might seem an unlikely candidate to offer insights on the state of cybersecurity and IT management today, he pointed to why the audience should take him seriously. Early in his military career, the U.S. Army told Powell they were sending him to graduate school, though not to get a master's in foreign policy or political science. Instead, he was directed to get an MBA in data processing.

"I went there, and I graduated two years later, had a straight-A average, and of the 5,300 people here, this morning, I am probably the only one left, who knows how to program in Fortran, Cobol and to deal with 80-column punch card machines," he said.

"The reality is, as most of you I hope know, that a lot of what you have done and mastered over the years came out of the military," he added. "I was on the DARPAnet [Defense Advanced Research Projects Agency Network, the building block of today's modern Internet] 40 years ago, and information and technology and communications have always been an essential part of my military career of my life and any success that I have had always rested on the ability to move information around rapidly, effectively and make sure it gets to where it's supposed to be."

Powell said the highlight of that came more than two decades ago during the Persian Gulf War in 1990 when Powell and Field Commander General Norman Schwarzkopf Jr. had to move 500,000 troops from the U.S. to Saudi Arabia for the war, then known as Operation Desert Storm. "When it was time to issue the order to start the conflict, we had one of the most perfectly secure means of doing it," Powell recalled. "Not something you might think of now, but it was a fax machine. And by using that secure fax machine, I knew the order only went to one person. It wasn't a table that could spread around all over the organization. So, cybersecurity was always a major part in war planning."

At the same time, Powell recognized that if security was too tight, spreading critical information to key people in the field could stymie an effective outcome. Or worse, it could have put soldiers in harm's way. "I didn't want our security to be too tight ... and those down at the lower level weren't going to get information they needed to get because it was secure, it was secret. And I found early in my career and during this period of Desert Storm that we have to always triage information. There's a lot of information to give out unclassified because no enemy can react fast enough to it. It was a tactical situation."

That would come to play a decade later in 2001 when Powell became Secretary of State under President George W. Bush. "One of the challenges we are all facing now, and I faced when I became Secretary of State, is how to make sure you have an information system that is getting the information to where it has to be, when it's needed in order to be actionable. And make sure you are not cluttering the whole system by overclassifying things."

When Powell took over the State Department, one of his first actions was to make sure the 44,000 employees all had Internet-connected computers on their desks. While employees locally and in every embassy throughout the world now had connectivity, they were internally secured systems.

"That would allow you to send e-mails to the guy next door but you couldn't get the Internet outside to see what was going on in the rest of the world," he said. "I had to change that, so I got new software and hardware and then I had to change the brain-ware. I had to change the thinking within the State Department."

Powell did that by sending unclassified messages from his AOL account to State Department employees. "They knew Secretary Powell was liable to send an e-mail, so they said 'I better have my system on.' Now there [was the question] -- should you be using your AOL account that way? It was unclassified information [and] I had a secure system when I was dealing with secure material."

Nevertheless, he saw it as a critical step toward encouraging better communications at the time. "All I had to do was grease the wheels, grease the engine. I had to make sure these people understood the power of the network, the power of the information systems, and the only way to do that was for me to lead and set an example and get it going," Powell said.

Indeed, that worked, though it came back to haunt him when Hillary Clinton's use of personal e-mail dominated her entire presidential campaign.

Posted by Jeffrey Schwartz on 05/26/2017 at 1:12 PM

Featured

Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.
Using Microsoft Office to Build a Network Diagram, Part 1

Keeping documentation is a great way to ease your future hardware refresh and have what you need for insurance purposes.
Microsoft Claims Breakthrough in Quantum Computing Reliability

A new paper details Microsoft's recent progress in quantum computing -- specifically, its development of a system that is both significantly less prone to errors and better at correcting them.