While I couldn’t attend the first day of the Open Government and Innovations (OGI) conference, I was disappointed in Day 2. I won’t dwell on my overall feelings; I thought that Jaime Maynard did an excellent job in detailing the problems in her blog. However, I would like to talk about the panel on Securing Web2.0 and Social Media. This is an extremely important topic that has not been addressed in many forums to date. I was looking forward to learning about government initiatives and possible solutions for some pretty big challenges. Unfortunately, the panel did not seem prepared to discuss much of anything leaving it to the audience to discuss. I walked away frustrated by what seemed to be continuing government inertia and in several cases industry arrogance toward audience questions. So I think it is important to provide some thoughts on what I would have liked to see in a panel on “Securing web 2.0 and social media”. I would have liked to see the ODNI rep give a good threat briefing. Some folks are not aware of the implications of social media. Mr. Mark Morrison did mention one fact but that was late into the discussions. If a good threat briefing was needed, DIA recently gave one at the DoDIIS Worldwide conference that has been written up several times (see ciozone.com review or GCN article ). It would need to be expanded to include some stats on things like ddos,phishing attacks and other internet security problems in addition to social media. But that would have been easy to do. And this type of briefing would have set the stage for the next set of discussions hopefully led by NIST on challenges and government actions (e.g. setting standards, the subcommittee under the Federal CIO’s Council chaired by DHS), current government initiatives (e.g.case studies from govt agencies) followed by the industry response with both how industry can support/is supporting and how they are handling their own internal security issues. Then it could have been opened up to the audience to add challenges and their own initiatives, ask questions and suggest ideas. If handled well, the audience could have come away with some lessons learned and perhaps started to develop a roadmap.  Ideally one of the government initiatives would have been to start the equivalent of “security.gov” (similar in nature to data.gov or recovery.gov) as a starting point where both the American public and government could go to share lessons learned, report problems, and look for solutions.

Advertisements