< Previous| tribalnetonline.com 10 FEATURE | ARTIFICIAL INTELLIGENCE & MACHINE LEARNING | tribalnetonline.com 10 ARTIFICIAL INTELLIGENCE (AI) AND MACHINE LEARNING (ML) SEEM TO BE EVERYWHERE. It’s common to see AI/ML mentioned in commercials and increasingly in technology products. Vendors pitch AI solutions as readily as cashiers at fast food restaurants ask, “Do you want fries with that?” AI will save money, help you hire the best people, increase sales, you name it. AI is currently capable of so much and holds great promise for the future. Although it’s sometimes hard to see through the marketing and industry buzz, as an Information Technology professional you should be thinking about how to use AI in your organization. Motivations to use AI in a corporate environment don’t just come from vendors. Your leadership or stakeholders may ask what you’re doing in that space. You may feel self-imposed pressure to be innovative or have concerns about being left behind. My goal is to allay those concerns by describing a mindset for thinking about the broader topic of AI and ML and how to approach their successful implementation in the workplace. First, I’d like to define AI and ML. This will help you to understand my perspective as I discuss these topics. AI and ML are often conflated. ML is a subset of AI. I really like the definition of AI used by Carnegie Mellon University (CMU): AI must understand the human needs and it must make smart design decisions based on that understanding. Despite the simple definition, though, AI isn’t just one thing. It’s a giant thing, built from technology blocks we call the AI Stack. At Carnegie Mellon, we view it as a toolbox — each block houses a set of technologies that scientists and researchers can reach for as they work on new initiatives. Expertise in all areas? Not required. Instead, we believe you can focus on one area and draw on other parts of the stack for help. Each block depends on the other for support. And AI endeavors that ignore parts of the stack won’t succeed. 1 So, AI is a stack comprised of blocks. Those blocks include things like devices (sensors and components), decision support (helping people to make decisions), and machine learning. Think of this stack as composable rather than sequential. That is, AI’s implementation is reconfigurable and integrates the right elements to accomplish the task at hand — as opposed to being pre-configured or comprised of items that depend on each other in sequence. ML is the part of this AI stack that focuses on creating programs that learn from experience. AI is already in use around you. It’s easy to think of AI in its more futuristic incarnations. But smart thermostats, digital assistants, and recommendation engines for what movie to watch or product to buy are commonplace and all incorporate AI. That leads to my first recommendation for my fellow corporate technologists: Think about your needs and where AI can fit in, not the other way around. Recommendation engines are a great example. A company wants you to consume more of the products and services it provides and get greater satisfaction from them. A recommendation engine fits perfectly with this goal. Think about a streaming media service. ML that learns things such as what you’ve watched in full and how quickly you watched it, incorporates feedback on how you rate those movies or shows, what others with a similar profile have watched and liked… all of that contributes to a better experience. A huge movie catalog isn’t enough. The experience is far better with a convenient and accurate recommendation engine. For example, the recommendation system for Netflix influences a whopping 80% of hours streamed from the service2. The good news is that plenty of companies are successfully using AI to better engage with customers and employees, provide personalization and recommendation engines, and gain efficiency by using chatbots and digital assistants. In the Fall, 2019 issue of TribalNet, Stuart Kerr made a case for the value of Knowledge Graphs3. To build upon this idea with relational machine learning, you could train statistical models on knowledge graphs to predict new facts. AI services and industry-specific solutions that apply aspects of AI are options for those who wish to buy an AI system rather than build their own. But again, proceed in measured fashion. AI is not a panacea. You may be able to gain the insights and information you need from knowledge graphs alone. The Software Engineering Institute describes eleven foundational practices for AI engineering4 and this is number one: Ensure you have a problem that both can and should be solved by AI. Whether you are trying to tackle the problem yourself or dealing with a vendor or consultant, verify that there isn’t a better and potentially more straightforward solution to your challenge. Numerous challenges must be considered when implementing AI systems. These challenges include — but are certainly not limited to — ethics, verifiability, WOULD YOU LIKE AI/ML WITH THAT? Thinking about Artificial Intelligence in the Enterprise Craig Lewis is the Information Technology Director at the Carnegie Mellon University Software Engineering Institute (SEI). The SEI’s mission is to support the nation’s defense by advancing the science, technologies, and practices needed to acquire, develop, operate, and sustain software systems that are innovative, affordable, trustworthy, and enduring. ABOUT THE AUTHOR BY CRAIG LEWIS INFORMATION TECHNOLOGY DIRECTOR, CARNEGIE MELLON UNIVERSITY SOFTWARE ENGINEERING INSTITUTEtribalnetonline.com | 11 security, and perception. Looking again to the Software Engineering Institute’s foundational practices, the list concludes with this: Treat ethics as both a software design consideration and a policy concern. Ethics permeates the entire CMU model of the AI stack. The decisions that algorithms make or influence are affected by the decisions that people make when AI systems are built. This has important ethical implications. For example, bias may be introduced into AI-influenced hiring decisions based on the underlying algorithms, data models, and so on. Without explainable AI frameworks or insights into the underlying computational decision- making process, the system may become a black box that makes undesirable decisions which run counter to your values. That leads to my second recommendation for corporate technologists: Recognize the importance of ethics when it comes to AI. A useful checklist for ethical AI systems makes several assertions5. To ensure that interactions between humans and AI systems are based on trust, these systems must be: • Accountable to humans. People ultimately bear responsibility for the decisions and outcomes of the AI. Decisions made by the AI should be reversible or able to be overridden. • Aware of risks and benefits. Consider the consequences — intended and unintended — from its use. • Respectful and secure. Systems should incorporate your values, respect privacy and data rights, and incorporate security. • Honest and usable. Decisions made by AI systems should be understandable and transparent, which create trust. I feel very fortunate to work at a research organization with expertise in AI. I get to learn about the directions bright minds are taking their research and the problems AI can address in the domains of cybersecurity and software engineering. Working in a university setting means that I also have access to research journals and guest speakers. Insights and perspectives from these varied sources have both expanded my knowledge and reinforced the value of engagement. This leads me to my third and final recommendation to my fellow corporate information technologists: Seek input from those with domain expertise in AI. This input could come from academic journals, Gartner research, or leading minds in the field. Perhaps you can seek additional input from your peers based on their experiences. But do engage on the topic from reputable sources. These are exciting times to be in the technology industry. Machine Learning and the larger field of Artificial Intelligence are making amazing advancements. But don’t let the hype cloud your judgement. Take the approach of thinking about your needs first. If AI fits in, remember that ethics permeate the entire AI stack and engage with subject matter experts and those with experience in the domain. REFERENCES 1 “About.” Artificial Intelligence, Carnegie Mellon University. [Retrieved 21 Jan. 2020.] ai.cs.cmu.edu/about 2 Carlos A. Gomez-Uribe and Neil Hunt. 2016. “The Netflix Recommender System: Algorithms, Business Value, and Innovation.” ACM Trans. Manage. Inf. Syst. 6, 4, Article 13 (December 2016), DOI:https://doi.org/10.1145/2843948. 3 Kerr, Stuart. “Knowledge Graphs.” TribalHub Magazine, Fall 2019, p.42, www.tribalhub.com/magazine/Fall-2019/#page=42. 4 Horneman, Angela; Mellinger, Andrew; Ozkaya, Ipek. “AI Engineering: 11 Foundational Practices.” Software Engineering Institute, Carnegie Mellon University. September, 2019. resources.sei.cmu.edu/library/asset-view.cfm?assetid=633647 5 “Designing Ethical AI Experiences: Checklist and Agreement.” Software Engineering Institute, Carnegie Mellon University. December, 2019. resources.sei.cmu.edu/library/asset-view.cfm?assetid=636620 TRIBALNET MAGAZINE | SPRING 2020 JABRA PANACAST Engineered to be the world’s first intelligent 180 Panoramic-4k plug-and-play solution* *See facts on Jabra.com/commercial-claims DISCOVER MORE AT Jabra.com/c/us/PanaCastThere's just ONE STEP to avoid making a costly mistake on your next technology purchase or upgrade: Become a TribalHub Member PROUD MEMBER Annual Membership starts at just $795. Learn more at TribalHub.com or contactus@TribalHub.com Membership has so many bene ts- here we are showing you just one of them! ACCESS TO THE TRIBALHUB INDUSTRY INFORMATION PORTAL: Technology Leaders Across All Industries • Training and Education in Native American Organizations • New Build and Expansions • Increase What you know & Who you know • Importance of Networking with other tribes • Who does the tribal technology head report to? • How tribes structure and sta their departments and support teams • The average sta size of tribal technology teams • how tribes create their service and support structure Government Speci c Topics • Telecommunications • Tribal Enrollment/Membership Management Systems • Government ERP Systems • Virtualization Gaming Speci c Topics • Gaming/Slot Accounting Management systems • POS Systems • Utilizing innovation to improve hospitality experience for customers • Title 31 & Compliance Systems • Gaming ERP Systems • Virtualization Get Connected to Today! PHONE: 269-459-9890 • EMAIL: contactus@TribalHub.com • WEB: TribalHub.com The Industry Insight Report is delivered exclusively to our TribalHub Members. Sign Up or Renew today to start receive access to these topics and new ones every month. Those with the best tools and resources will succeed. Would you find value in getting topics such as those delivered to your inbox every month? The TribalHub Industry Insights cover a wide range of industry topics as they relate to tribal organizations across the nation. These reports offer of-the-moment tips, hot industry topic discussion points and snip-its of industry data. • Easily search the portal for tribes, casinos or health centers of similar size or structure • Drill down on what you want to know more about in your search criteria • Find out who is using what, who to talk to at a tribe, casino or health center to find out what's working and maybe more importantly, what's not • Easily search to identify the right point of contact at the vendors you may be considering working with. Knowing the right rep can save you time and ensure they understand the unique needs of tribal organizations. • Find out what technology is in use for your search criteria (over 70 technology categories) With just a few clicks you've got the answers you need! Access to the database gives you endless opportunities to find out more about what's happening in the industry and can save your budget from taking an unnecessary hit. The cost of membership will easily pay for itself.There's just ONE STEP to avoid making a costly mistake on your next technology purchase or upgrade: Become a TribalHub Member PROUD MEMBER Annual Membership starts at just $795. Learn more at TribalHub.com or contactus@TribalHub.com Membership has so many bene ts- here we are showing you just one of them! ACCESS TO THE TRIBALHUB INDUSTRY INFORMATION PORTAL: Technology Leaders Across All Industries • Training and Education in Native American Organizations • New Build and Expansions • Increase What you know & Who you know • Importance of Networking with other tribes • Who does the tribal technology head report to? • How tribes structure and sta their departments and support teams • The average sta size of tribal technology teams • how tribes create their service and support structure Government Speci c Topics • Telecommunications • Tribal Enrollment/Membership Management Systems • Government ERP Systems • Virtualization Gaming Speci c Topics • Gaming/Slot Accounting Management systems • POS Systems • Utilizing innovation to improve hospitality experience for customers • Title 31 & Compliance Systems • Gaming ERP Systems • Virtualization Get Connected to Today! PHONE: 269-459-9890 • EMAIL: contactus@TribalHub.com • WEB: TribalHub.com The Industry Insight Report is delivered exclusively to our TribalHub Members. Sign Up or Renew today to start receive access to these topics and new ones every month. Those with the best tools and resources will succeed. Would you find value in getting topics such as those delivered to your inbox every month? The TribalHub Industry Insights cover a wide range of industry topics as they relate to tribal organizations across the nation. These reports offer of-the-moment tips, hot industry topic discussion points and snip-its of industry data. • Easily search the portal for tribes, casinos or health centers of similar size or structure • Drill down on what you want to know more about in your search criteria • Find out who is using what, who to talk to at a tribe, casino or health center to find out what's working and maybe more importantly, what's not • Easily search to identify the right point of contact at the vendors you may be considering working with. Knowing the right rep can save you time and ensure they understand the unique needs of tribal organizations. • Find out what technology is in use for your search criteria (over 70 technology categories) With just a few clicks you've got the answers you need! Access to the database gives you endless opportunities to find out more about what's happening in the industry and can save your budget from taking an unnecessary hit. The cost of membership will easily pay for itself.FEATURE | TRIBALNETONLINE.COMSPRING 2020 | TRIBALNET MAGAZINE The Cybersecurity and Infrastructure Security Agency (CISA) recently released two major policy and governance products to further advance nationwide public safety communications. The updated National Emergency Communications Plan (NECP) was released in September 2019, and the Next Generation 9-1-1 (NG911) Self-Assessment Tool (the Assessment Tool) was released in December 2019. CISA facilitated the development of the NECP and the Assessment Tool through SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC) with input from all levels of government. The NECP outlines the strategy and implementation plan for strengthening and sustaining nationwide communications and interoperability across all emergency response disciplines. In comparison to previous releases, the updated NECP now addresses emergency communications gaps, advocates for the integration of new technology, and provides guidance for executing, measuring, and reporting against the NECP’s six strategic goals to: • Develop and maintain effective emergency communications governance and leadership across the Emergency Communications Ecosystem • Develop and update comprehensive emergency communications plans and procedures that address the evolution of risks, capabilities, and technologies across the Emergency Communications Ecosystem • Develop and deliver training, exercise, and evaluation programs that enhance knowledge and target gaps in all available emergency communications technologies • Improve effective coordination of available operable and interoperable public safety communications capabilities for incidents and planned events • Improve lifecycle management of the systems and equipment that enable emergency responders and public safety officials to share information efficiently and securely • Strengthen the cybersecurity posture of the Emergency Communications Ecosystem The NECP also addresses congressional and public safety community recommendations and includes input from participating tribes. Tribal input is essential to identifying and addressing their unique communications challenges and ensures accurate tribal representation across the national landscape of emergency communications and public safety. The joint SAFECOM-NCSWIC NG911 Working Group developed the NG911 Self- Assessment Tool as an evaluation mechanism for users to assess the NG911integration progression of their respective emergency communications centers (ECCs) and public safety answering points (PSAPs). The Assessment Tool allows administrators and public safety officials to understand their network’s critical NG911 governance, architecture, and security elements and to identify the transition steps necessary to achieve an optimal maturity state for continued deployment. The Assessment Tool functions as a downloadable checklist of capability assessment prompts by which agency leadership can determine the progress of their own 911 systems according to the six maturity states. The Assessment Tool leverages each response to facilitate the further transition to NG911. Results collected by the Assessment Tool belong to the end-user and are not compiled into a shared database. Stakeholder engagement has been crucial in the development of products that will support emergency communications interoperability and the transition to NG911. CISA welcomes and encourages feedback from tribes regarding the updated NECP, their experiences with the NG911 transition process, as well as the utility and effectiveness of the NG911 Self-Assessment Tool. For more information about the NECP or the NG911 Self-Assessment Tool, please visit www.cisa.gov, www.dhs.gov/safecom, or contact SAFECOMGovernance@hq.dhs.gov. CISA Supporting National Emergency and Public Safety Communications Planning and Next Generation 911 Services AGENCY UPDATE: DHS, CISA DEPARTMENT OF HOMELAND SECURITY (DHS), CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA) AGENCY UPDATE | DEPARTMENT OF HOMELAND SECURITY (DHS) TO LEARN MORE ABOUT HOW YOUR TRIBE CAN BENEFIT FROM CISA’S TRIBAL ENGAGEMENT ACTIVITIES AND TECHNICAL ASSISTANCE AVAILABLE TO TRIBES, CONTACT CISA TRIBAL AFFAIRS AT: CISATRIBALAFFAIRS@HQ.DHS.GOV. | tribalnetonline.com 14TRIBAL GOVERNMENT | FEATURE Security. The handbook focuses on helping organizations responsible for elections better understand what to focus on, how to prioritize and sort the large amount of information centered on securing information technology (IT) systems, and how to engage in additional collaboration to address common threats to this critical process. An electronic version of the handbook can be found at the following location: www.cisecurity.org/wp-content/ uploads/2018/02/CIS-Elections-eBook- 15-Feb.pdf Other ISACs exist for various industries and critical infrastructure sectors, but the EI-ISAC focuses specifically on elections. Additionally, many of you may be aware of the effort started at the 2019 TribalNet Conference in Nashville, Tennessee to start a Tribal ISAC-like organization to not only focus on cyber threats like the MS-ISAC but also to assist in all areas vital to our tribal nations, like healthcare, gaming and more. However, you can be a member of whichever organization you feel is best equipped to meet your needs. You can choose one, or be a member of all of them! We simply want to provide as many resources and forms of assistance as possible for our tribal partners. If you or a department in your organization focuses on tribal elections, I strongly encourage you to check out the EI-ISAC. We want to learn more about tribal elections and what types of resources are needed to protect them. In this effort, your input is critical! Election officials work diligently to protect their systems, but like in many other areas of security, we can accomplish more together. Whether the election is taking place at a state, local, or tribal level, we all share the same goal of free and fair elections. If you are using electronic or machine solutions for tribal elections, we want to help. If you are using paper ballots and manual counts, congratulations — you are already that much more cyber secure! However, as tribal nations move to machine tallying to take advantage of increased efficiency and accuracy, the EI-ISAC is here to help with those security concerns. Many tribal governments across the country are already members of the Multi-State Information Sharing and Analysis Center (MS-ISAC) and are taking advantage of the many free resources that we can provide. However, did you know that our parent company, the Center for Internet Security (CIS), also runs a federally funded ISAC to assist organizations that help with or manage tribal elections? States, localities, and tribes have a new center backed by the Department of Homeland Security (DHS) that provides assistance with elections cybersecurity! Since its creation in March 2018, the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) has provided resources and assistance to the elections- focused organizations in our states and local governments around the country. However, these are not the only organizations holding elections or assisting with them. The EI- ISAC can also provide direct assistance, guides and resources to tribal organizations focused on elections. The purpose of this ISAC is to give the more than 9,000 state, local and tribal organizations a dedicated venue to share information about cyber threats and vulnerabilities specific to elections and election security. “The Elections Infrastructure ISAC will significantly improve communications with and among the elections community as well as enhance the cyber defense tools and capabilities available to protect elections systems,” said CIS Chairman John Gilligan in a press release. CIS has years of experience in relationship- building through running the Multi-State ISAC, which provides cybersecurity education, awareness and services to tribal nations all over the country. Now, the EI-ISAC wants to help tribal members secure their election systems as well. The ISAC accomplishes this by providing no-cost cybersecurity incident response, monitoring of public-facing digital assets, alerts on current attacks and threats, best practices guidance, and much more. One particularly helpful existing resource is the CIS Handbook for Elections Infrastructure Andrew Dolan is the Director of Stakeholder Engagement for the Multi-State Information Sharing and Analysis Center (MS-ISAC), a division of the Center for Internet Security. He is responsible for managing all aspects of member relations, working with government associations, and conducting outreach on behalf of the MS-ISAC. ABOUT THE AUTHOR BY ANDREW DOLAN DIRECTOR OF STAKEHOLDER ENGAGEMENT, THE MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER (MS-ISAC) Are Your Tribal Elections Secure? tribalnetonline.com | 15| tribalnetonline.com 16 QUICK PROJECT WINS WITH OPEN SOURCE The following projects can be implemented quickly with minimal investment for a pilot and then to full production with additional infrastructure costs: Asterisk VoIP (FreePBX) FreePBX is a web-based OSS product that manages Asterisk PBX, an OSS communication server. If FreePBX can’t be used as a primary voice switch based on the risk tolerance of the enterprise, it can still be used in a disaster recovery plan or for running supplemental operations. Docker and Kubernetes Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow developers to package an application with all its constituent parts, such as libraries and other dependencies, into one package. In a production environment, one needs to manage the containers that run the applications and ensure that there is no downtime. Kubernetes provides the framework to run distributed systems resiliently. Moodle Moodle is a learning platform designed to provide a single, robust, secure, and integrated system to create personalized learning environments. It is fully customizable to an enterprise’s needs. Ansible Ansible is an OSS used for provisioning, configuration management, and application deployment. It is a cross-platform product and can configure both Windows and Unix- like systems. Nagios and Cacti Nagios and Cacti are both OSS that have been in the eindustry for a long time. They monitor systems, networks, and infrastructure. Both of these products have extensive alerting capabilities that can handle several layers of escalation. Open-Source Software (OSS) and products are all around us. If you have searched Wikipedia for information, you have used a premier open-source platform that averages more than 18 billion page views per month, making it one of the most visited websites in the world. Traditionally, intellectual property laws have allowed companies to control knowledge and have guarded the rights of the innovator — at the expense of industry-wide cooperation. In turn, engineers of new software code are richly rewarded. In spite of the conventional wisdom that innovation is driven by the promise of individual and corporate wealth, ensuring the free distribution of code among computer programmers can empower a more effective process for building intellectual products. In the case of OSS, independent programmers — sometimes hundreds or thousands of them — make unpaid contributions to software which develops organically, through trial and error. IT STARTS WITH COMPANY STRATEGY At its core, a strategy is a long-term plan that a company needs to reach a desired future state. The strategy includes a company’s goals and objectives, the type of products/services that the company plans to build or enhance, the customers who the company wants to sell to, and the markets that the company serves to make profits. A few leading companies including companies in the gaming space have adopted an “Open Source First” strategy, requiring vendors as well as internal developers to use open-source licenses and practices wherever possible. REASONS TO ADOPT OPEN-SOURCE STREAM- LINED OPERATIONS AND COST EFFICIENCY OSS solutions are affordable alternatives to buying off-the-shelf software. Many surveys have indicated that reduced costs are the primary reason why enterprises choose to go with OSS solutions. There are no vendor lock-ins or long-term contracts to deal with. There are also no restrictions on the number of copies one can install with OSS. These OSS advantages can amount to significant savings in the long run. OPTION TO TAILOR CODE TO YOUR NEEDS The ability to customize code to fit your enterprise’s needs can help you differentiate against your competition. OSS provides you with flexibility and adaptability to suit your enterprise environment, which results in customized solutions that are tailored to fit your tactical and strategic needs. INNOVATION ON STEROIDS Enterprises have to innovate to survive in this hyper-competitive market. Adopting Open-Source Software solutions can enable enterprises to rapidly scale, evolve and extend their existing technologies. This can help businesses innovate faster and adjust to market changes quicker. IMPROVED INTEROPERABILITY OSS is designed based on open standards, which in turn fosters compatibility with other standards-based systems and technologies. As a result, OSS makes it easier to share data across systems. IMPROVED CODE BASE AND SECURITY OSS gives organizations access to a vast community of skilled programmers whose expertise drives technological transformations. The solutions are constantly being enhanced and security holes are more rapidly brought to light. This ensures a rugged environment able to withstand varied security threats and flaws. BETTER TALENT POOL Universities prefer to use OSS for cost advantages and research opportunities, so fresh graduates coming out of institutions are well-versed in OSS technologies. FEATURE | GAMING INNOVATION INNOVATE WITH Open Sourcetribalnetonline.com | 17 Python and R Python is an interpreted, high-level programming language. The design philosophy emphasizes code readability and follows an object-oriented approach. Data science practitioners need a wide set of skills like data mining, data analyzing, and visualizing and building machine learning models. Python offers extensive libraries that make data science tasks much easier. R is a language similar to Python but is better-suited for statistical learning, modeling, and analysis. Pre-compiled binary versions are readily available for various operating systems. R and its libraries implement a wide variety of statistical and graphical techniques, including linear and nonlinear modeling, time-series analysis, classification, and clustering, among others. HAproxy HAProxy is free software that provides a high availability load balancer and proxy server for TCP- and HTTP-based applications. The proxy spreads incoming requests across multiple servers thereby providing redundancy and resiliency. Hadoop (HortonWorks/Cloudera) Apache Hadoop is a collection of software utilities that facilitates using a network of many computers to process massive amounts of data and computations. It also provides a software framework for distributed storage and processing of big data, using the MapReduce programming paradigm. Hardware resiliency is built into the Hadoop architecture. Wireshark Wireshark is a packet analyzer that is used for low-level debugging of network issues. Wireshark is a cross-platform tool that uses the Qt widget toolkit for the user interface and uses PCAP to capture packets. TensorFlow/Keras/Knime TensorFlow is an OSS library used for data flow and differentiable programming across a wide range of tasks. It is used for machine learning applications such as neural networks. Keras runs on top of TensorFlow and other toolkits to enable fast experimentation with neural networks. Knime is a data analytics, reporting, and integration platform. It integrates various components for machine learning and data mining through its modular data pipelining concepts. Neo4j Neo4j is a graph database management system with native graph storage and processing. Neo4j is highly optimized for queries on the relationship among the customer’s data. With Neo4j, one can map, store, and traverse networks of highly connected data to reveal new contexts. CONCLUSION The production and use of Open-Source Software have matured tremendously over the past decade. Thousands of companies use OSS, including many gaming companies in our midst. With some adjustments and revisions, every size company — from a 5-person IT outfit to a 100-strong IT shop — should be able to leverage OSS to its advantage. OSS solutions should be based on the merits of the software and what it can offer the enterprise. As mentioned before, having a strategy in place is key. Working without a strategy can lead to undermanaging OSS projects. Finally, in OSS projects even though the software is free, it does need a dedicated effort to get it off the ground. Once you have a successful project under your belt, you can move on to building bigger and better projects. I would like to end here with a quote from John Steinbeck: “Ideas are like rabbits. You get a couple and learn how to handle them, and pretty soon you have a dozen!” Go ahead, innovate and put a ding in the universe! Ram has over 25 years of experience in IT and has worked at Bell Labs, Compaq, Exodus Communications, and AT&T wireless. He is the recipient of the 2010 InfoTech Exec of the year and TribalNet Technology Award. Ram holds an MBA from Monmouth University and a master’s degree in EE from Stevens Tech. He is a certified PMP and CISSP. ABOUT THE AUTHOR BY RAM PATRACHARI CHIEF INFORMATION OFFICER, VIEJAS ENTERPRISES TRIBALNET MAGAZINE | SPRING 2020FEATURE | TRIBALNETONLINE.COM | tribalnetonline.com 18 OVERCOME DATA MANAGEMENT & REPORTING CHALLENGESOVERCOME DATA MANAGEMENT & REPORTING CHALLENGES ⇒⇒ Standard ModulesStandard Modules ⇒⇒ Customizable PlatformCustomizable Platform ⇒⇒ Proven SuccessProven Success WITH SOFTWARE FOR TRIBAL SOCIAL AND JUDICIAL SERVICESWITH SOFTWARE FOR TRIBAL SOCIAL AND JUDICIAL SERVICES RiteTrack is a web-based information management system o ering standalone modules for a single program— and Tribes can implement multiple modules across programs to support wraparound initiatives. RiteTrack helps sta perform more e ciently, simpli es statistical reporting, and improves case management which, ultimately, improves the quality of services provided to members. e modules can be customized to meet the speci c requirements of any tribal department. Handel provides superior project management and support to ensure every implementation is successful. www.handelit.com 307-742-5555 info@handelit.com RITETRACK MODULES • Enrollment • ICW/CPS • Foster Families • Tribal Court • Treatment Services • Financial Assistance • Tribal TANF • Employment & Training Check out what RiteTrack can do for your Tribe Contact us for more information or to schedule a demonstration of any of our solutionstribalnetonline.com | 19 Today’s technological environment makes medical data accessible across a broad range of devices and to a broad range of professionals, including healthcare providers, insurers, and medical device support staff. This accessibility is made possible only by connecting medical devices to the Internet, but doing so can also create an opportunity for hackers to steal highly desirable protected health information (PHI). According to the Healthcare Information and Management Systems Society (HIMSS), hospitals and similar healthcare organizations typically have 300% to 400% more medical equipment than IT devices. Every day, new medical devices are brought online at the Indian Health Service (IHS) unbeknownst to the cyber professionals tasked with securing the network. More importantly, this is often done without the knowledge or consent of IHS’s 2.3 million patients and could put these patients’ PHI at risk. Such unannounced or unidentified medical devices are not monitored for security compliance and therefore create prime vulnerabilities for hackers to exploit. Hackers can use PHI obtained from unsecured devices for ransom, medical insurance fraud purposes, and more. Therefore, we are obligated to begin conducting an inventory of medical devices as we would any other IT asset because we cannot secure assets if we do not know what they are. The inventory of medical devices must be the cornerstone of our medical device cybersecurity and privacy effort. This requires an efficient asset identification and asset management program. The Food and Drug Administration (FDA) encourages medical device manufacturers to actively secure their devices. The agency has provided guidance for doing so in its publication, “Postmarket Management of Cybersecurity in Medical Devices. In order for the IHS to do its part by creating security baselines for deployed medical devices, we must have a comprehensive exchange of asset knowledge between those tasked with keeping the devices operational (biomed) and those tasked with securing them (cybersecurity professionals). Asset management (i.e., conduct inventory) allows us to open our eyes to the scope of our security mission and how we must work to secure our network and sensitive patient data. As IT professionals, we must do our part to mitigate the ramifications of unsecured medical devices, such as Health Insurance Portability and Accountability Act (HIPAA) violations ($5,000 per lost/ stolen record), in order to ensure that vital funding is not taken away in our pursuit of the IHS mission. The Importance of an Inventory for SECURING PATIENT DATA HEALTH INFORMATION TECHNOLOGY | FEATURE Wendy Andrews has worked within the Division of Information Security for eight years, developing cybersecurity governance and awareness campaigns that promote secure online behaviors. Her award-winning security awareness products can be seen in IHS’s annual cybersecurity awareness training as well as materials delivered every October for National Cybersecurity Awareness Month. Nathan “Nate” Jones is the Interconnections Security Lead and Endpoint Detection Response Information Systems Security Officer for the Indian Health Service (IHS) in Rockville, MD. He has worked at IHS for over three years. Prior to his federal civilian service, Mr. Jones spent eight years on active duty in the U.S. Air Force. Along with his Bachelors of Science in Cybersecurity, Mr. Jones holds several IT security certifications including (ISC)2, Certified Information Systems Security Professional (CISSP), and Certified Authorization Professional (CAP). ABOUT THE AUTHORS BY NATHAN “NATE” JONES, CISSP, CAP FORMER DIVISION OF INFORMATION SECURITY | OFFICE OF INFORMATION TECHNOLOGY INDIAN HEALTH SERVICE | HEALTH AND HUMAN SERVICES BY WENDY ANDREWS POLICY ANALYST, PMP IT SECURITY PROGRAM SUPPORT SERVICES INDIAN HEALTH SERVICE (IHS), DIVISION OF INFORMATION SECURITY (DIS) CONTRACTOR, CHICKASAW NATION INDUSTRIES (CNI)Next >