Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyber event triggered process rethink, says US national lab CIO

Gaurav Sharma | June 4, 2014
A cyber attack caused one of the US Department of Energy's most prominent national laboratories to rethink IT processes and enhance centralisation, according to the facility's technology chief.

A cyber attack caused one of the US Department of Energy's most prominent national laboratories to rethink IT processes and enhance centralisation, according to the facility's technology chief.

Mike Bartell, CIO of Oak Ridge National Laboratory (ORNL), a multi-programme science and energy laboratory based in Tennessee, recollects that at the time of the cyber event in April 2011 its lab systems were not centralised.

"Therefore we had limited visibility into the detailed configuration state of a large number of systems. Using point solutions to try and determine configuration details of the various networked devices, their configuration state and the relationships which existed among systems took much too long and were prone to a high level of inconsistency and error," Bartell told CIO UK last month at the ServiceNow conference.

While ORNL was already seeking a new helpdesk platform, the cyber event accelerated pace of all around improvement.

"We took a step back at this critical juncture, as our priorities quickly changed from merely looking for a new helpdesk tool. The real driver became the need for a discovery and Configuration Management Data Base (CMDB) capability," he adds.

Bartell's colleague Brian Arlington, group leader of service management, and an influencer of the changed approach, says ORNL subsequently joined hands with ServiceNow to create a 'concierge service' of sorts going well beyond IT.

"Previously, our 4,500 employees as well as the general public had to call multiple places to get help with something. So the objective was to offer a broad range of support services spanning many areas of the laboratory - a 'one-stop shop' for any question or problem.

"Today a centralised solutions centre serves as the primary point of call for support and issue resolution. All non-emergency calls are dealt with here and the platform (for integrated support and service) can be used broadly across our enterprise. We quickly followed that with an incident, change and problem management system, and are now implementing our broader IT service catalogue and knowledge base around those services."

However, given the sensitive nature of ORNL's work, as with the deployment of any new platform, a technical and risk review process had to ensure that it not only met the CIO's customisation parameters, but compliance with US FISMA (Federal Information Security Management) and NIST (National Institute of Standards and Technology) security controls as well.

"We do this for every major new system or service we implement, and the same applied to ServiceNow, especially since it was cloud-based," Bartell explains.

While ORNL is more risk aware than ever before, the organisation is not holding back from introducing BYOD to its nearly 4,500 strong workforce and around 3,000 research intake students who work at various offices across the 58 square mile facility.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.