Thursday, January 21, 2010

Microsoft 'strongly recommends' customers upgrade web browsers from IE6 to IE8 to solve security issues

In their strongest advisement yet, Microsoft Australia has issued a "strong recommendation" through its Government Affairs Blog that customers upgrade from the nine-year old Internet Explorer 6 web browser to Internet Explorer 8.

This is because the security flaws now being discovered in Internet Explorer 6 are such that they leave organisations more vulnerable to successful co-ordinated hacking attacks - the potential theft of confidential or sensitive information and intellectual property.

The risk isn't from a 17-year old hacker in their bedroom, but from crime syndicates, corporate interests and, potentially, other governments.

Google and at least 33 other companies have experienced co-ordinated attacks, originating from China, in the last week. Google believes these attacks were launched, or at least endorsed by, the Chinese government - although they cannot prove it beyond doubt. However the concern is great enough that the US President has asked the Chinese government to comment on the attacks and Google is considering leaving China.

These attacks exploited a security flaw present in Internet Explorer versions 6, 7 and 8. Microsoft reported that attacks only seem to be effective against IE6. Information out of Google agree with this, as do comments by other security specialists.

This security flaw has no fix at this time and it is unclear when a fix will be available.

Defence Minister John Faulkner was recently quoted in the media (including this Brisbane Times article) as saying that cyber attacks were a worsening global problem. "Cyber intrusions on government, critical infrastructure and other information networks are a real threat to Australia's national security and national interests."

Both French and German governments have advised their citizens to stop using Internet Explorer 6.


In Australia some government agencies are still using Internet Explorer 6 as their standard web browser.

So why do government agencies (and some large commercial organisations) still use a nine-year old web browser with dubious security, that isn't compliant with modern web standards and is soon to no longer be supported by major websites (including YouTube and Gmail owned by Google and Facebook)?

I can't speak for any agencies, however while most modern web browsers, such as Internet Explorer 8, Firefox 3.5, Opera 10 and Chrome are free to users, there are often switching costs for organisations to change even free software on a large scale.

They may have designed internal software around a particular web browser or have costs associated with rolling out new software across thousands of computers.

Switching from IE6 in particular can be quite involved as it has a number of features (developed in ActiveX) that may be exploited by organisations in websites and other software. South Korea in particular built around Internet Explorer 6 and has had difficulties in migrating to modern browsers or operating systems.

There is also the need to test how modern browsers work on a network and ensure that their security models are understood so new vulnerabilities do not arise. This costs time and money - at a time when Australian government departments are expected to save money in IT as a result of the Gershon Report. It's another choice they have to make on where to allocate their limited funds.

Plus as many government agencies block sites like YouTube, Gmail and Facebook, citing concerns over staff wasting time (as previously was the concern over access to personal telephone calls), improving agency capability to engage in social media may not create any urgency to upgrade.

However, given the clear and present dangers linked specifically to Internet Explorer 6 I'm hopeful that 2010 will be the year where many Australian organisations still using this old, less accessible and insecure technology decide to implement modern web browsers.

Read full post...

Wednesday, January 20, 2010

Who are the 'media' anyway? The new reality of media engagement

One of the long established principles in government and big business is that only designated staff are allowed to represent their organisations when speaking to the media.

This is an extremely well-intentioned principle, designed to protect both the organisation and individual staff. The media is frequently more interested in sensation than truth and can twist innocent statements into major incidents. Even when truth and accuracy are the goal, some things may need to be kept secret (at least for awhile) for good reasons - to protect intellectual property, safeguard individual privacy, avoid giving the competition an advantage or to keep complex fast-changing situations from being presented in static and simplistic (or inaccurate) ways.

Professional journalists are, in some ways, trained interrogators (and sometimes executioners). It can take an experienced, well-trained and well-briefed organisational representative to navigate a conversation that will later be reported, dissected and analysed for flaws and inconsistencies.

This limited media engagement approach relies on a single very important factor - that the 'media' is a clearly identifiable group.

In the past it was easy to identify the media. They were the people who owned the media distribution channels - radio stations, television channels and newspapers and magazines.

Commonly journalists identified themselves based on the media outlet they were from - except when going undercover - and a good organisational media representative could relatively easily identify and, over time, build productive relationships with the leading journalists covering their topical material.

However with the introduction of the internet this changed. We now have a virtually free global distribution network topped by ubiquitious access to publishing devices - including video and photos (via mobile phones) - and usage rates in excess of 90% of western populations.

Every internet user is able to break news to every other internet user - via blogs, citizen news sites, social networks, chatrooms, forums, newsgroups, microblogs and other online media channels.

This news can then be picked up and redistributed by other internet users and may also be picked up by 'traditional media' - those radio stations, television channels, newspapers and magazines (who are thirsty for cheap content).

This makes the question 'who are the 'media' a moot point. The 'media' is now 'the public' - no longer a small group of large conglomerates controlling information distribution channels but every single person with access to a mobile phone and internet connection.

This poses a challenge for government and private sector organisations who traditionally limit media engagement by staff. All of their customers and stakeholders are able to produce, publish and distribute media news. So can their employees.

So if the rules of the past no longer apply, what can organisations do?

The first choice is to ignore the changes in the environment and try to enforce the rules that worked in the past.

This approach is enormously risky as it can lead to many gray areas and blind spots - plenty of room for inappropriate and inconsistent enforcement. Individual managers (or in the government, agencies) could interpret the scope of the 'media' differently - creating discrimination and a rising tide of dissatisfaction and legal controversy.

The second choice is to educate all of an organisation's staff on how to engage appropriately in public arenas.

This is a signficant, but not impossible, undertaking. In fact Telstra is in the process of doing this right now (regarding social media engagement), as are the US Defense forces and some government agencies and large companies around the world. This approach recognises that the media environment has changed and organisations must change with it.

The third choice is to - well I can't think of a third choice. Organisations can either recognise the realities of the world and accommodate change, or they can attempt to hold back or even reverse them.

The next few years will tell us which approach organisations have chosen - and how well they have worked out.

Read full post...

Monday, January 18, 2010

Australian Gov 2.0 isn't a spectator sport - get involved in 2010

I've had an extended break from blogging over the holiday period to think about the direction of Gov 2.0 in Australia for 2010.

Now that the Gov 2.0 Taskforce has disbanded, it's time for the budding Gov 2.0 community to begin taking on more responsibility across Australian governments to support each other, share knowledge and build a more interactive and supportive community.

To play the self-interest card, it is also good for peoples's future careers to be involved - building their professional expertise and networks.

There are already several groups beginning to form and a number of individuals across Australian government becoming more active in Gov 2.0. However more involvement by more individuals will be needed to build momentum for 2010.

Gov 2.0 isn't a spectator sport - it's all about participation. So if you're involved, even peripherally, in the area, get involved in events and groups like those below.

At the moment the (free to attend) events below are all in Canberra. If you have one coming up in your state, let me know with a comment. I'll put them all into a calender of Gov 2.0 events for Australia.

Upcoming events
Gov 2.0 dinner
When the Gov 2.0 Taskforce kicked off last July a lunch gathering took place in Parliament House with the Taskforce Chairman, Dr Nicholas Gruen, to introduce him to Canberra's Gov 2.0 community and to provide some initial thoughts on the process.

Having reached the end of the Taskforce's road (in its present form), I've organised a Gov 2.0 dinner on Friday 22 January at Ottomon Restaurant in Canberra. Dr Gruen will again be in attendance and I'm sure the discussion will both reflect on the Taskforce process and on the path ahead.

Please RSVP quickly if you wish to attend as most of the booked spots are already filled - at http://egovau.eventbrite.com/

BarCamp Canberra
What's a BarCamp? An ad-hoc conference where anyone can choose to speak or discuss a topic they are passionate about (usually related to design, technology and the internet).

As Canberra is heavily weighted towards public servants, BarCamps in Canberra tend to feature a large number of public servants and feature wide-ranging discussion on Gov 2.0, as well as many other fascinating topics. People interested in speaking for 15 minutes on a topic close to their heart are particularly welcome.

The third BarCamp Canberra is being held on Saturday 6 February at the ANU. Entry is free, but you must RSVP at http://bcc2010.eventbrite.com/

Australian Community Managers Roundtable
The Australian Community Managers group formed several years ago as a community of practice for people involved in managing online communities focused on user-generated content.

The group meets in-person regularly (see this post about a previous meeting) and also discusses the topic online (naturally) at Facebook and in a Google Group. If you're involved in managing one of the growing numbers of government sites incorporating user-generated discussions this group is a valuable source of shared knowledge.

The next Australian Community Managers Roundtable is in Canberra on Friday 5 March and is now open for RSVPs - though limited to only 20 attendees. RSVP for the event at the Facebook group.

Read full post...

Wednesday, December 23, 2009

Australian Gov 2.0 Taskforce publicly releases final report - and most project reports

On Tuesday afternoon the Gov 2.0 Taskforce released its final report, Engage: Getting on with Government 2.0.

As stated in their blog post, the Taskforce handed the report to the responsible Ministers who immediately authorised its public release - a sign of great confidence in the report!

The report generally followed the recommendations and included the content from the draft, released for public comment two weeks ago, with some reorganisation and clarification to improve readability. If you read the draft there are no surprises, however it is worth re-reading for the tighter and clearer language and structure to ensure you understood the original context.

Alongside the report, the Taskforce has publicly released the reports for most of the 19 projects it has contracted out over the last 6 months. This adds up to a lot of reading, which I expect to be wading through over the next few weeks.

As currently the Taskforce site requires people to visit multiple web pages to individually download the project reports, I've provided quick links to download the RTFs and reports below. I also included links to the project pages as they all contain a brief on the project from the authors and allow public comments and feedback on the project reports.

I strongly recommend reading and commenting on the reports that resonate with you.

ProjectProject Brief RTFProject Report
Project 1: Enhancing the discoverability and accessibility of government informationProject 1 Brief RTF (43k)Project 1 Report DOC (643k)
Project 2 and 3: Identify key barriers within agencies to Government 2.0 and survey of Australian Government Web 2.0 practicesProject 2 Brief RTF (45k)
Project 3 Brief RTF (54k)
Project 2 and 3 Final Report DOC (1266k)
Project 4: Copyright Law and Intellectual PropertyProject 4 Brief RTF (55k)Project 4 Report (592k)
Project 5: Early Leadership in Semantic WebProject 5 Brief RTF (48k)Project 5 Final Report (3623k)
Project 6: The value of Public Sector Information for cultural institutionsProject 6 Brief RTF (56k)Project 6 Report DOC (116k)
Project 6 Additional Technical Paper (82k)
Project 7: Whole of Government Information Publication SchemeProject 7 Brief RTF (75k)
Project 7 Report DOC (563k)
Project 8: Online Engagement Guidance and Web 2.0 Toolkit for Australian Government AgenciesProject 8 Brief RTF (92k)Project 8 Guidelines (1726k)
Project 8 Toolkit Blueprint (1389k)
Project 9: Preservation of Web 2.0 ContentProject 9 Brief RTF (79k)Project 9 Report DOC (260k)
Project 10: Framework for Stimulating Information Philanthropy in AustraliaProject 10 Brief RTF (77k)Project 10 Report (743k)
Project 13: Government 2.0 Governance and Institutions: Embedding the 2.0 Agenda in the Australian Public ServiceProject 13 Brief RTF (75k)Project 13 Report DOC (451k)
Project 14: Social Media for Emergency ManagementUnavailableProject 14 Report (6217k)
Project 15: ALRC Family Violence Consultation ProjectUnavailableProject 15 Report (1769)
Project 16: OpinionWatch AnalysisUnavailableProject 16 Report DOC (2461k)
Project 18: Whole of government video service scoping studyUnavailableProject 18 Report (3707k)
Project 19: Online Engagement ReviewUnavailableProject 19 Report DOC (212k)
Project 19 Report PDF (5116k)

Read full post...

Monday, December 21, 2009

Gov 2.0 in Australia podcast from Gov 2.0 radio now available

I've just finished chatting to Adriel Hampton & Steve Ressler on Gov 2.0 radio about some of the great Gov 2.0 initiatives in Australia.

You can now listen to the discussion online at Gov20Radio.com or get it on iTunes.

Read full post...

Bookmark and Share