WORLDFocus on Healthcare | Winter 2010

CybersecurityDelivering

Confidence

INSIDEOur Social Platform

for Healthcare

NASA Looks Beyond the Clouds

In Practice: Travel & Transportation

Making Power Grids Smarter

KEEP THE BADGUYS OUTAND THE GOOD

BUSINESS SOLUTIONS

TECHNOLOGY

OUTSOURCING

Companies’ sensitive data is increasingly housed on laptops, external drives and smartphones that cross the globe with an increasingly mobile workforce. Theft or loss of even one of these devices can put your proprietary data at great risk. Providing full-disk encryption of entire systems, external drives and USB flash devices, our Managed Encryption Service protects you from the costly consequences of a security breach — while improving your dynamic workforce’s productivity.

Learn more about CSC’s security capabilities: www.csc.com/security.

GUYS IN

D

WINTER 2010 | CSC WORLD 1

SENIOR MANAGER EDITORIAL SERVICES

Theresa Nozick

SENIOR EDITOR

Chris Sapardanis

CONTRIBUTING WRITERS

Jim BatteyJenny Mangelsdorf

CREATIVE DIRECTOR

Terry Wilson

DESIGNER

Deric Luong

ASSISTANT DESIGNERS

Kelly DareMarketing Shared Services — P2

EDITORIAL/SUBSCRIPTION OFFICE

2100 East Grand AvenueEl Segundo, CA 90245-5098 USAworld@csc.com

CSC

www.csc.com

THE AMERICAS

3170 Fairview Park DriveFalls Church, VA 22042 USATel: +1.703.876.1000

EMEA

Royal PavilionWellesley RoadAldershot, Hampshire GU11 1PZUnited KingdomTel: +44(0)1252.534000

AUSTRALIA

26 Talavera RoadMacquarie Park NSW 2113AustraliaTel: +61(0)2.9034.3000

ASIA

20 Anson Road #11-01Twenty AnsonSingapore 079912Republic of SingaporeTel: +65.6221.9095

CSC WORLD (ISSN 1534-5831)is a publication ofComputer Sciences Corporation.

Copyright ©2010Computer Sciences CorporationAll rights reserved.Reproduction without permissionis prohibited.

Comment on what you’ve read in CSC WORLD .E-mail us at world@csc.com.Or write:CSC WORLD2100 East Grand AvenueEl Segundo, CA 90245-5098 USA

The world around us grows more complex every day and businesses face increasing challenges to protect vital data. But a vigilant and comprehensive cybersecurity strategy can help pacify even the most persistent threats. In this issue’s cover story, our chief cyber strategist Sam Visner provides advice to those looking to stay confident in a world of risk.

Our focus on cybersecurity continues with a profile of CSC’s Global Strike-Force team, which travels the globe helping companies and governments avoid cyber disasters. Inside you can read how this team helped protect the cyber assets of the United Nations Framework Convention on Climate Change in Denmark. And in “Digital Detectives Fight Cybercrime” learn how our Digital Investigative Services professionals are indentifying threats and network intrusions for clients.

With U.S. healthcare reform in full swing, healthcare providers are trying to make sense of it all. Many are connecting in our Meaningful Use Community, an interactive and educational online community for learning about the meaningful use of electronic health records (EHRs). The site’s developers and users share their experiences in “Meaningful Use Site Brings Healtcare Community Together.” And one provider in the forefront of electronic healthcare implementation is Vermont’s Fletcher Allen Health Care. We share details of their EHR journey and with them provide tips for implementation success.

The cloud and beyond are on the mind of NASA Jet Propulsion Laboratory’s Chief Technology Officer Tom Soderstrom. In this interview, he discusses the unique and powerful ways he’s enabling the JPL workforce, and the benefits that approach is reaping for both employees and the laboratory. We also feature a case study on the collaborative videoconferencing solution CSC’s Pasadena Innovation Center helped develop for JPL.

This issue’s In Practice section focuses on the Travel & Transportation market. In “CHARTing Success on the Road,” read how for more than a decade, we have helped develop and upgrade the state of Maryland’s intelligent transportation system used for real-time operation of its highway system. And our merger expertise was put into practice for YRC Company, one of North America’s largest trucking companies.

Finally, The Green Corner looks at smart grids, which could help manage the exploding demand for future energy consumption worldwide. And By the Numbers reveals some of the results of our “Eighth Annual Global Survey of Supply Chain Progress.”

We invite you to download this issue of CSC World to your Apple iPad or Amazon Kindle at www.csc.com/cscworld_mobile, or sign up to receive each issue via e-mail at www.csc.com/subscribe.

You can also find us at www.csc.com/cscworld, where we invite you to start or join in the conversation in the comments field provided after each story. If you prefer, you can e-mail us at world@csc.com.

Theresa Nozick Editor, CSC World

Inside CSC WorldWORLD

2 CSC WORLD | WINTER 2010

CSC WORLD | WINTER 2010 | VOLUME 9 | NUMBER 3

14

46

14

10

16

18

World of RiskSam Visner on Cybersecurity’s Impact on BusinessOur chief cyber strategist discusses how organizations can best protect vital information in an increasingly complex world.

A Strike for SecurityCSC’s Global StrikeForce team travels the globe, helping companies and governments avoid cyber disaster.

Securing a U.N. Climate ConventionThe United Nations Framework Convention on Climate Change in Denmark benefits from our Global StrikeForce’s security capabilities.

Digital Detectives Fight CybercrimeWhen a security incident occurs, our Digital Investigative Services professionals respond quickly to analyze and contain the problem.

Protecting Your Industrial BaseAs the first IT company invited to join the U.S. Department of Defense’s Defense Industrial Base Program, we offer a unique perspective on protecting organizations from security threats.

cover story

4

WINTER 2010 | CSC WORLD 3

BY THE NUMBERSEighth Annual Global Survey of Supply Chain ProgressResults reveal that knowing how to use supply chain management to boost your bottom line is more critical than ever.

IN PRACTICE:TRAVEL & TRANSPORTATIONCharting Success on the RoadWe’re helping develop and support the intelligent transportation system the state of Maryland uses to operate its highway system.

CSC Helps Transport Companies Share the Road Our expertise helps YRC, one of North America’s largest trucking companies, merge the networks and operations of two of its subsidiaries.

THE GREEN CORNERIntelligent Grids Power a Smarter FutureAs energy consumption increases exponentially, smart grids – if secure, intelligent and sustainable – can manage exploding demand.

HEALTHCAREMeaningful Use Site Brings Healthcare Community TogetherOur online community is the place to learn, connect, and share information about the meaningful use of electronic health records.

The Digital Hospital: Transforming Care Delivery With E-Health RecordsA patient record and IT management system is putting Fletcher Allen Health Care on the map.

Beyond E-Health Records: Technologies That Enhance Care DeliveryCSC’s Emerging Practice reports on a number of technol-ogies that help enhance and improve inpatient care.

FEATURES Looking Beyond the Clouds: Tom Soderstrom, CTO, NASA’s Jet Propulsion LaboratoryAs one of the laboratory’s busiest times draws near, Soderstrom discusses new approaches and emerging technologies that propel JPL ahead of the curve.

Extreme Collaboration Is (Not) Rocket ScienceA high-definition video conference environment at NASA’s JPL campuses delivers numerous business benefits and brings new life to meetings.

20

22

26

30

32

34

36

38

40

ON CSC.COMOur latest Corporate Responsibility Report (www.csc.com/cr) shows our commitment to global citizenship by ensuring a sustainable environment for future generations.

Interested in moving to the cloud? We deliver the right cloud, the right way. Learn more at www.csc.com/cloud.

Did you know CSC manages one of the world’s largest supply chains? Read how we help the U.S. Army track more than $25 billion in inventory and transactions with some 50,000 vendors (www.csc.com/case_study/lmp).

With our free mobile apps, you can view the latest csc.com press releases, case studies, videos, events, and more. Download at www.csc.com/mobile_app.

20

32

36

38

4 CSC WORLD | WINTER 2010

CYBERSECURITY

WINTER 2010 | CSC WORLD 5

WORLD OF

RISKExpecting your enterprise to be safe today without a comprehensive cybersecurity capability in place is like jumping from a plane without a parachute — it’s flat out dangerous. On any given day, cyber criminals with various agendas are attempting to break into IT systems around the world — and many are successful. That’s why so many organizations turn to CSC. We deliver confidence to businesses and governments by protecting the most sensitive data and critical systems. On the following pages our leading cybersecurity experts discuss the ever-changing world of security, what organizations must do to mitigate escalating risks, and explain some of the ways we safeguard the private and public sectors.

6 CSC WORLD | WINTER 2010

As the world gets more complex and attempts to steal your most precious information become more sophisticated, forecasting your future cybersecurity needs has become increasingly challenging.

For Sam Visner that’s especially true. Visner leads CSC’s cyber strategy, directing a worldwide team responsible for protecting the information infrastructures of our commercial and government clients, many of whom represent some of the world’s leading enterprises and process some of the world’s most valuable and sensitive data. Visner also serves as a member of the global reserve program that supports the U.S. National Intelligence Council on cybercrime, is a member of the U.S. Defense Science Board Intelligence Task Force supporting the Under Secre-tary of Defense of Intelligence, and is an adjunct professor at Georgetown University’s School of Foreign Service, where he teaches a course on the effects of IT on international security.

In a recent interview, Visner shares his broad cyber perspective on how executives can best protect their organization’s most vital information today and into the future.

Where are the public and private sectors in their use of cybersecurity today?

Sam Visner: Some — perhaps too many — agencies and companies today regard cybersecurity as a question of compliance. For example, if you’re a government agency, you have to meet specific cybersecurity requirements, and companies have a responsibility to shareholders, customers, and others to ensure they have adequate security to protect their interests. To a certain extent, many still use this compliance-based approach. But savvier people are now asking what information is really at risk, what that risk represents to their organization, and how cybersecurity can help them manage that risk.

This is similar to when Volvo decided to make safety an intrinsic component of their cars, and not just an “add-on” option. At the time, the auto industry looked at safety as a question of compliance, but it wasn’t a key issue. Then Volvo came along and they owned the word “safety,” and it became a competitive discriminator.

In the private sector, some companies are beginning to question their risk and how cyber can give them a competitive advantage. For example, Boeing is asking how it can use cybersecurity to ensure it knows the origin of each plane part and that its test data is valid, so it can assure buyers and passengers that its planes are safe. Some pharmaceutical manufacturers are also asking how they can use cybersecurity to ensure the validity of their test data and to track the origins of their raw materials. In both cases, this speaks not only to compliance, but also to improving product confidence, which can become a competitive discriminator.

Why would it benefit organizations to look past compliance and focus on risk?

Visner: Right now people realize they need to comply with a certain level of protection of customer data. If they don’t, their customers will be angry and might abandon them, or worse. But what’s really at risk is their intellectual property — the few things that make a company’s goods and services special. If they lose their operational data, they might recover. However if they lose their core intellectual property — their marketing plans, product design, and research and development — they could lose the whole company.

If they don’t understand the risk to their intellectual property, which is the thing of most value, whether or not they can open their factory doors is irrelevant because their adversaries and competitors own their business. To succeed in the future, companies will need to move from compliance to using cyber-security as a competitive discriminator and managing the risk to their intellectual property.

In the federal sector, some savvy agencies are also beginning to understand they need to increase their cybersecurity beyond the minimum requirements. They are realizing an agency that doesn’t have good cybersecurity will lose the confidence of its citizens, who then may decide its services are no longer useful. Government agencies, much like the private sector, compete for business. Today, in the United States, the General Services

Sam Visner ON CYBERSECURITY’S IMPACT ON BUSINESS

WINTER 2010 | CSC WORLD 7

“IN THE PRIVATE SECTOR, SOME

COMPANIES ARE BEGINNING TO

QUESTION THEIR RISK AND HOW

CYBER CAN GIVE THEM A COMPETITIVE

ADVANTAGE.”CSC Vice President and Lead Cyber Executive Sam Visner

8 CSC WORLD | WINTER 2010

Administration is trying to increase its role as the contracting organization of choice for the rest of the federal government and, to do so, its own cybersecurity has to be good.

How would you rate the world’s overall cybersecurity profile?

Visner: In addition to the companies that look at cybersecurity as essentially a compliance-based activity, some companies believe sufficient cybersecurity is baked into whatever informa-tion system they buy, so they don’t worry about it. Then there are organizations that have always been at persistent risk and know it, like financial services firms, and they take cybersecurity fairly seriously.

Then there are the companies whose risk is changing, such as those who own and operate critical infrastructure. Until now they have relied on the fact that the information systems that guide their generators and pipelines have been separate from the public’s systems. But today these systems are being connected through the Internet. In some cases, like the power grid in the United States, they’re being connected to devices that have Internet protocol (IP) addresses, which enable the public to understand and manage the power in their house. As these formerly isolated systems link to public systems, which is now happening for the first time, the risk to these systems is changing from what it was a few years ago. This is something not everybody entirely understands, nor do they understand how they will mitigate these new risks.1

Delivering Confidence in Cybersecurity

Our nearly 2,000 cyber professionals, led by some of the most respected names in global cybersecurity, serve both commercial and public sector clients worldwide providing vulnerability analysis, penetration testing, data loss prevention, managed security, and cyber forensics training and analysis. We also have a global StrikeForce available 24x7 to respond to cybersecurity incidents; a worldwide infrastructure of Security Operations Centers; and the ability to test software’s cybersecurity charac-teristics at our Common Criteria Test Laboratories — the world’s largest installed base — located in North America, Europe, and Asia. We are the first organization to achieve an independent, third-party Software Engineering Institute-Capability Maturity Model (SEI-CMM) Level 3 rating, and have secured a SEI-CMM Level 4 rating for our strength in protecting the integrity of client information.

For more information on our cybersecurity capabilities, visit www.csc.com/cybersecurity.

WINTER 2010 | CSC WORLD 9

Has the risk environment changed and how can organizations respond to new threats?

Visner: It has really changed. New threats like polymor-phic viruses and advanced persistent threats, which can get into a system, look for the information they want, seek out the servers that deal with that information, and remain resident there surreptitiously for a long time, can be difficult to spot. Companies that have taken a low-level compliance-based approach to cybersecurity are vulnerable.

Many information systems were built piecemeal over time and weren’t instrumented well. So they don’t have good enterprise management and tools, which allow a company to study and understand the normal behaviors of the complete enterprise. Most companies are still thinking about that problem. Their systems are segmented into individual stovepipes, and they don’t have the ability at the enterprise level to look across the whole organization. Many organizations simply do not have that kind of understanding. Without that, if a system like this gets infected with these new sophisticated threats, it will be difficult to determine if it has been infected. Organizations need to increasingly pay attention to situational awareness and understand what’s happening inside their company.

In the future, what do you anticipate happening in the world of cybersecurity?

Visner: First, I think threats will continue to become more intense. Global competition for business will include efforts to develop and acquire intellectual property. Therefore intellectual property and intellectual capital — those things that set a company apart —will become more valuable than ever before and the threat to them will rise.

Second, threats will continue to become more adaptive and subtle. Instead of knowing that a threat has a particular signature or fingerprint, it will have a changing signature and set of fingerprints, becoming more difficult to detect.

Third, attention to cybersecurity will rise. Savvier companies realize they need to protect their intellectual property. It won’t be a question of compliance — it will be a question of survival. Today’s auto manufacturing environment is a good example of this where manufacturers are being questioned about their parts’ origins and validity of their test data.

Fourth, nations will increasingly cooperate to improve the global economy’s cybersecurity. They will do this to make it more predictable and less susceptible to cyber terrorism and cyber vandalism, as well as protect the critical infrastructures of

sovereign countries. More and more of this international cooperation will take place. Policies will emerge that relate to global cyber governance. The UK’s Digital Britain report2 is one example.

What cyber innovations do you see on the horizon?

Visner: An important innovation is situational awareness, which will enable companies to understand what’s happening inside their enterprise as well as in the global environment. With situational awareness technology, they will be able to see threats as they evolve before they hit their operations. Another development will be better computer-aided tools that will enable companies to assess more quickly and effectively a threat and select the right defense for it, much like a doctor having a more automated, intelligent, and efficient way of making a diagnosis and selecting the treatment. A third innovation, which we are helping drive, involves securing new architectures, like the cloud. Today organizations are beginning to adopt these architectures because they offer tremendous operational advantages, however they worry about security. With offerings like our cloud security and Trusted Cloud capabilities, organizations will be able to develop secure new architectures.

What cyber innovations will clients see from CSC?

Visner: We are further upgrading our Security Operations Centers so we can even more effectively monitor threats and give clients greater situational awareness of what’s happening inside their organizations as well as the general external environment in which they operate. We are also introducing advanced cybersecurity tools and capabilities, such as iRisk, which will let clients assess risks to their information, including their intellectual capital. We’re doing a lot. If people Google “cybersecurity” and “CSC,” they should say it looks like somebody’s trying to make a point, and we are.

1 For more information on identifying security risks in advanced metering infrastruc-ture and smart meter technologies, please visit www.csc.com/ami.2 “Digital Britain, The Final Report”: http://interactive.bis.gov.uk/digitalbritain/report/

10 CSC WORLD | WINTER 2010

A STRIKE FOR

SECURITY

WINTER 2010 | CSC WORLD 11

Today’s cyber threats and crimes continue to

escalate in sophistication and the danger they

pose. Simultaneously, while organizations’ IT

continues to spread outside the traditional

enterprise, businesses and the public continue

to expect private information to stay private.

For more than a decade, governments

and corporations have turned to CSC’s

StrikeForce team to determine their current

risk, ensure their applications, networks, and

processes comply with security guidelines,

and discover if their systems are secure or

have been compromised.

The need for StrikeForce is real. The list

of companies worldwide that have been

affected by cyber attacks reads like a Who’s

Who. Just in the first quarter of 2010, more

than 325 million “attempts to infect users’

computers in different countries around the

world were recorded” — a 26.8 percent jump

over the previous quarter, according to a

Kaspersky Lab report1.

by Jenny Mangelsdorf

12 CSC WORLD | WINTER 2010

Just as a doctor aims to stack the deck in a patient’s favor by using the appropriate medical tools, so are executives looking to ensure their IT systems will win today’s increasingly complex cyber battles. To help guide these efforts, CSC has released a white paper, called “The Security Stack — A Model for Understanding the Cyberse-curity We Need,” that suggests a four-layer model to visualize today’s cybersecurity challenges and protect systems against attacks.

Proposed by CSC cybersecurity experts Carlos Solari, Dean Weber, and Victor Harrison, the interrelated layers provide an integrated framework to follow. The paper also cites upcoming innovations to look for that will further strengthen an enterprise’s defenses.

The first layer, called “Assured Systems and Content,” speaks to the need for security as a primary consideration at all levels of a network’s design — one that is appropriate to the risk profile. For example, a consumer products retailer would not need the same level of security as a defense contractor. This layer involves a developer’s activities in architecting security and privacy as part of an overall solution, whether it is the software code in an application or the need to ensure that personal information is encrypted.

The second layer, the “Integrated Security Overlay,” defines the need for security-specific technologies, like firewalls, that span both networks and applications, while the third layer, “Intelligence,” defines the correlation

of sensor information and security events to develop a picture of what security-related issues are happening within the network. The fourth layer, “National Cyber Response,” covers how public and private sectors can work together to thwart cyber attacks.

“The industry has not thought of security this way before,” says Solari, CSC vice president, Cyber Technology and Services. “To protect systems, we need to think of security as comprised of these layers, and that all layers need to be present to gain a sufficient level of security in today’s environment.”

Download the full white paper, at www.csc.com/security_stack.

Stacking the Cyber Deck

Operational change increases challengesChanges in how organizations operate compound the challenge. In the past, an executive’s main security concern revolved around disgruntled employees entering a building and accessing the company mainframe. As workforces become more mobile, systems expand past their traditional enterprise, and as applications, services, and storage move online and into the cloud, security issues become more complex.

“Allowing workers to be mobile and use the cloud allows businesses to grow and become more flexible. However this mobility and the move to the cloud means that in many instances they no longer have control of key elements of their infrastructure, or more importantly, their data,” says Graham Logsdon, deputy chief technology officer for CSC’s Security Solutions organization. “And even though critical data assets no longer sit inside of the protected physical domain, they’re still responsible for protecting that data.

“This is a concern because in many instances their liability has increased today – a result of new government and industry regulations pertaining to data loss and compromised data.”

This fact hit home last year for one major financial company that discovered its systems were being hit by data thieves. Executives also discovered that it was possible the thieves had been stealing data for more than a year. Since then, the corporation has entered into settlement agreements totaling more than $100 million.

A complex risk pictureAs executives use business requirements to drive their use of information technology, one predominantly overlooked element is data integrity, says Logsdon. By giving the salesforce laptops that contain client information, for example, businesses need to consider the risk they’re introducing to their organization. If a laptop is stolen, can thieves use the data in it to blackmail the company’s customers? That’s a simple example of what executives might consider when reviewing risk. The risk picture becomes complex when executives have to consider how their systems are connected to other organizations’ IT systems.

“The logical boundaries of the corporate network are being pushed beyond what we traditionally consider them to be, and more and more we see data being gobbled up with real malintent,” says Logsdon.

The problem is made more complex by the fact that many organizations spend the bulk of their cybersecurity resources securing operational data, leaving vulnerable small data sets that contain the organization’s truly valuable intellectual property.

Organized cyber criminalsAs the corporate network evolves, the hacker profile has also changed. Where cyber criminals used to be teenagers reading e-mails and posting embarrassing information on bulletin boards – today’s criminals are increasingly state- sponsored or part of highly organized groups looking to gather intelligence – an organization’s valuable intellectual property – or make money, Logsdon says.

WINTER 2010 | CSC WORLD 13

How data is being used by cyber criminals has also changed. Having embarrassing information put up on a blog today is the least of someone’s fears as it won’t potentially destroy an organization — whereas losing customers’ credit card information or compromising stakeholder trust and brand integrity could. Losing a company’s product and service designs can also be fatal, and make an organization irrelevant in the face of ruthless commercial competition.

For governments, the threat to the systems on which sovereign authority depends, cannot be overlooked. The same is true for the information systems that a nation’s critical infrastructures use.

In the U.S. alone, a February 2010 U.S. Army report2 states, “Unprecedented levels of adverse activity in and through cyberspace threaten the integrity of United States critical infrastructure, financial systems, and elements of national power. These threats range from unwitting hackers to nation-states, each at various levels of competence.”

Attacks grow in sophistication and riskNo longer worried about traditional malware, executives are now concerned about what Logsdon calls “advanced persistent threats.” In this scenario, the attacker accesses data over a long period of time, gathers information about the data, and avoids detection. Even if the hacker is detected, there’s no attribution around the breach. A business may eventually discover some-thing fraudulent is taking place nine months to a year later after it’s been running on the network, as cited in the example above. At that point, however, they don’t know what data has been taken, how long it’s been there or who put it there.

“Its discovery is like a Pandora’s Box of issues for an executive,” says Logsdon.

As organizations’ use of IT becomes less centralized and cyber crime becomes more sophisticated, CSC’s StrikeForce team becomes increasingly valuable. Unique due to its long legacy and track record of helping secure systems, the team offers a full range of vulnerability assessment services, such as code review. In fact, the StrikeForce team authors CSC’s secure coding guidelines.

“There are a lot of organizations that still have legacy code and are very concerned about vulnerabilities,” says Logsdon. “StrikeForce is a great place to start if they want to learn where their vulnerabilities exist and in what priority they want to address them.”

CSC also performs wireless assessments to identify weak spots in an organization’s infrastructure. “We’ll go around a corporate campus to see if someone has set up a wireless access point that no one knew about. We see it every place. Certain verticals are more interested in wireless access. For

example, manufacturers use it to link customer data, supply data, and manufacturing systems in an efficient network. Manufacturing loves wireless, but wireless can also let someone visiting on a sales call pull out a laptop, find a wireless hot spot, and access sensitive information. We see it in retail, banking, and aerospace and defense as well.”

A unique cyber teamIt takes a unique individual to perform StrikeForce’s security assessments. Before joining the team, prospective employees complete a test where they have 24 hours to compromise a set of systems and document their attempts. The StrikeForce team then reviews their results to determine if the potential employee is qualified to become a member of CSC’s elite team.

“Very few organizations have the quality of security professionals we have,” says Logsdon. “We find we have instant credibility with customers based on the rare technical skill set our team has.”

StrikeForce also provides and reviews with clients a compre-hensive executive report that shows what risks need to be addressed, in order of urgency, and how those risks could affect the company’s operations, goals, and strategies.

“Customers experience immediate benefits from our reports,” says Logsdon. “They also like the fact that once StrikeForce identifies those risks and provides a remediation plan, CSC has the knowledge and capability to help fix those problems. Because if you think about it, many times the reason they have those problems is because they don’t have the resources to deal with them. We do.”

1 Information Security Threats in the First Quarter 2010 by Kaspersky Lab; http://www.securelist.com/en/analysis/204792120/Information_Security_Threats_in_the_First_Quarter_of_2010

2 U.S. Army’s Cyberspace Operations Concept Capability Plan 2016-2028, Feb. 22, 2010, http://www.fas.org/irp/doddir/army/pam525-7-8.pdf

CSC’s GlobalStrikeForce Services

CSC’s StrikeForce provides assessment services that evaluate an organization’s technical controls in order to provide visibility on the client’s current risk, threat, and compliance profile. These assessments reveal vulnerabilities that exist within an organization’s applications, networks, or processes. StrikeForce’s services include: security archi-tecture design and review, wireless security assessments, physical security assessments, technology compliance assessments, network and application-based penetration testing, configuration assessments and audits, and network and host vulnerability assessments.

To learn more, visit www.csc.com/strikeforce or e-mail us at strikeforce@csc.com.

JENNY MANGELSDORF is a writer for CSC’s corporate office.

14 CSC WORLD | WINTER 2010

SECURINGA U.N. CLIMATE CONVENTION It could have been a scene from a Tom

Clancy novel. Take representatives of 192 countries, mix strong feelings with serious economics and differing agendas, and it could have spelled disaster. It didn’t.

Last year, CSC’s StrikeForce team was tasked to assess both physical and IT security used for the United Nations Framework Convention on Climate Change in Denmark. The conference’s goal: to reach a binding global climate agreement that would go into effect when the first commitment period under the Kyoto Protocol expires in 2012.

Some 30,000 people, including 15,000 delegates, 7,500 media members, and 7,500 nongovernment participants attended the two-week conference. In addition, protestors, 2,000 of whom were arrested, joined as uninvited guests. Conference floor space, which spread across more than 60,000 square meters, was webbed with almost 1,000 kilometers of network cabling, 5,000 network end points, public and private voice and data networks, and a core network infrastructure that rivaled a large, permanent data center.

A long legacy in security“CSC has a long legacy of successfully handling very complex security issues,” says Stephen Brennan, CSC StrikeForce regional lead in Australia. “In addition, CSC is the largest supplier of IT outsourcing to Denmark’s public sector and our

by Jenny Mangelsdorf

WINTER 2010 | CSC WORLD 15

Client: The Ministry of Foreign Affairs of

Denmark and the United Nations Framework

Convention on Climate Change

Challenge: Conflicting security objectives

and technical challenges for the 15th Annual

Conferences of the Parties, attended by 30,000

delegates, media representatives, and heads of

state from 192 countries.

Solution: Perform a distributed security

assessment of the conference environment,

including testing and validating more than four

gigabits per second of Internet bandwidth,

250 wireless access points, 20,000 ports, and a

core network infrastructure that rivaled a large

permanent data center.

Results: A reduced real world threat profile,

increased availability of key infrastructure and

information systems, improved visibility of

security events historically and in real time,

and a stronger overall security architecture

and segregation between security zones.

Copenhagen data center is one of CSC’s largest. It was a natural step to ask us for help when it became clear, early on in the process, that they needed our StrikeForce team to assess this very complex setup in a political arena with varied suppliers and participating parties.”

StrikeForce began work months before the December 2009 conference, providing security assessment and testing of the entire cyber and physical environment in which the U.N. conference would take place. Risks ranged from espionage against participants to protecting privileged information and infrastructure from outside groups pushing specific, and potentially disruptive, agendas. Danish police were responsible police responsible for external security.

Complex distributed securityDuring the project, StrikeForce worked with numerous participants, including government staff, such as heads of state, police, and intelligence services; U.N. staff; nongovern-ment organizations; media; and IT suppliers. CSC worked with all participants to ensure the highest levels of security were achieved across all areas, including straddling groups that worked independently, but whose actions could have affected security in adjacent areas.

“One of the strengths of our distributed security assessments is that we could ensure that errors made in one domain did not contaminate controls in adjacent domains, which was a real possibility, especially given the complexity of this conference environment,” says Brennan.

For example, if the wiring closets containing switching equip-ment around the conference site weren’t sufficiently protected with physical security controls, it would have been easy for a malicious person to gain access to a trusted, secure network, explains Brennan.

Protecting highly sensitive dataDuring the conference, United Nations staff and delegates accessed voice and data, much of which would have been con-sidered highly sensitive, via internal trusted, external untrusted, and semitrusted networks. During an event such as this, where hundreds of groups have different objectives and agendas, this segregation not only becomes more important, but infinitely more complex.

Everything from voice communications to print jobs needed to be protected from adjacent third parties. Hackers could have intercepted this traffic, says Brennan, by introducing a rogue access point masquerading as a legitimate wireless access point.

“By introducing rogue access point detection technology, it was possible to not only identify rogue access points almost instantly, but determine their physical location within the conference site,” says Brennan. “Throughout the project, our findings and proposed mitigations increased the availability of key infrastructure and information systems.”

Cyber reports and solutionsDuring the project, and after the conference was finished, we provided detailed assessment reports that identified security events as they happened and provided concrete solutions that would eliminate the potential for similar future events so they could be resolved before any damage occurred. CSC also provided a complete historical record of security events enabling users to fully investigate any actions or events that led to a failure of one or more of the security controls.

Each contractor and service provider supporting specific elements of the conference’s infrastructure was responsible for fixing any CSC StrikeForce identified threats or weaknesses. CSC StrikeForce worked directly with each group to determine the most effective and appropriate remediation plan based on the security objectives, time, and budget.

“The most effective approach is not always to throw money at a problem,” says Brennan. “In fact, not one of our findings required the purchase of any additional system or software. By focusing on the real business risks in the actual environment, we managed to have a conference without any IT security disaster.”

JENNY MANGELSDORF is a writer for CSC’s corporate office.

16 CSC WORLD | WINTER 2010

DIGITAL DETECTIVES

FIGHTCYBERCRIMEby Jim Battey

The constant threat of network intrusions makes an already challenging job for technology managers even more difficult. CSC’s Digital Investigative Services (DIS) is a valuable resource for those looking to identify threats and mitigate network intrusions, as well as investigate other crimes facilitated by technology such as intellectual property theft or harassing e-mails.

WINTER 2010 | CSC WORLD 17

Investigative work is performed either at the client’s site or at our computer forensic laboratory. By working collaboratively with our information security professionals, we can identify the components necessary to develop a solution that can be integrated with a company’s existing security architecture.

Legal and HR supportIn the area of litigation support, the DIS team uses legally accepted investigative methodologies and procedures that are supportable and repeatable. The digital forensics process involves a chain of custody that includes the collection, preservation, and analysis of data, while we create extensive supporting documentation that can be used in court. Lewis says, “After reams of information are recovered in the forensics investigation, our experts are able to narrow it down to a relatively small amount of data that can be used by lawyers at trial in practical and effective ways.”

The DIS team also gets involved in human resources-related investigations. For example, if employee misconduct is suspect-ed or a corporate policy is violated, the team can assess and document what violations occurred. This includes investigations of intellectual property theft, unauthorized access to classified data, and computer misuse.

Lewis says dealing with the bad guys remains a constant battle. “It’s a cat-and-mouse game. Anytime you find a way to stop one attack, they find a different way to come at you. You take what you learn and try to strengthen your network to prevent something like that from happening again. The key is finding a solution that is intelligent enough to not only stop what you know about, but also stop what you don’t know.”

For more information, visit www.csc.com/cybersecurity.

Investigating network incidents such as malware attacks is just one of many services offered by the DIS team. We also provide digital forensic analysis and litigation support services, along with data recovery, data collection, and electronic discovery. When an incident occurs, our experienced security professionals respond quickly to analyze and contain the problem, and work closely with network managers to develop a strategy for remediation.

Persistent threatsValuable data in corporate information systems has become a target of choice for malicious individuals and groups around the globe. With a large increase in network intrusions taking place, the need for digital forensic and investigative services has grown significantly.

No enterprise network is completely immune from intrusion. In recent years, companies have had to deal with advanced persistent threats, or APTs, that are continuous attacks directed at companies or governments intended to compromise networks and infiltrate data. Increasingly, APTs are being used by hackers for criminal purposes such as accessing classified information and disrupting businesses.

Stephen Lewis, manager of CSC’s DIS team, says APTs are a big thorn in the side of network managers. “It’s a growing problem. Attackers are getting into corporate networks and trying to extract data out of the network. We come in and help identify the threats and provide recommendations for remediation.”

For example, to analyze a malware attack, the DIS team examines the malicious code to assess its behavior and intend-ed actions. Then, we attempt to identify its geographic origin and those involved in its creation. If needed, we can execute the malicious code in a controlled setting to determine its effects. Finally, we provide strategies to help our clients deal with the attack.

In a recent case, we were asked to help a company that was concerned that their network had been infiltrated after detecting anomalies on several computers. The DIS team took images of the affected computers, and after analyzing them, determined the type of malware that was used and what damage it had inflicted on the system. “Based on our investiga-tion, we offered suggestions on how to remediate the damage as well as what steps they could take to secure their network from future attacks,” Lewis says. “We can identify all the com-promised machines with a relatively high degree of confidence and stop the attackers’ ability to move within a network.”

A constant battleDigital forensics is defined as the investigation and analysis for recovering, authenticating, and analyzing electronic data to reconstruct events related to security incidents. CSC’s DIS helps companies investigate computer security incidents and main-tain compliance with legal requirements or regulatory agencies.

JIM BATTEY is a writer for CSC’s corporate office.

18 CSC WORLD | WINTER 2010

WINTER 2010 | CSC WORLD 19

In the defense industry, manufacturers have built their companies with protections in place knowing thieves and spies would attempt continually to scale their walls and steal their secrets. The same has become true in other industries, such as financial services and pharmaceuticals.

Still other industries are just now feeling an escalating threat to their property. For example, companies who are not mainstream defense contractors, but provide government services as a portion of their business, utilities, collaboration networks, even toy makers are looking to tighten their cybersecurity as thieves become increasingly capable of pulling together seemingly innocent data and compiling it to create insightful information for adversaries and competitors.

“One of the things to think about is how do you take some of the lessons learned by companies who have grown up protecting their data and leverage it as a horizontal concept across industries and sectors in a way that’s applicable to your organization, and then layer vertical silos on top of that that may be

industry specific, may be nation-state specific or type-of-business specific,” says David McCue, CSC’s chief information officer.

CSC has already applied that thinking to help its clients improve security and decrease risk. This insight is also why the company was asked to join the U.S. Department of Defense and other DIB Program members, who are collaborating in response to and to prevent third-party attempts to attack network systems, and use lessons learned to better manage risk to critical network infrastructures. Our experience will help the DIB Program secure the networks that key industries and national critical infrastructure depend upon.

“Our proactive approach to cybersecurity is based on a long history of serving and protecting both the private and public sector,” says McCue.

PROTECTING

YOURINDUSTRIAL

BASEWhether you’re a manufacturer of tanks, electronics, or toys, protecting your intellectual property in the digital age has become increasingly challenging. Our global cybersecurity capabilities and distinction of being the first IT company invited to join the U.S. Department of Defense’s Defense Industrial Base (DIB) Program, gives us a unique perspective on protecting organizations from security threats.

JENNY MANGELSDORF is a writer for CSC’s corporate office.

by Jenny Mangelsdorf

20 CSC WORLD | WINTER 2010

More than half a billion people use Facebook and Twitter each month. Lucy Molfetas isn’t one of them. The director of Clinical Systems at University of Pennsylvania Health System admits she’s not really into social media, but when it comes to work, she’s definitely open to learning.

Following the release of the final rule defining meaningful use of an electronic health record (EHR) last July, Molfetas and more than 1,000 others in the U.S. healthcare industry have connected on CSC’s Meaningful Use Community, an interactive and educa-tional online community for learning about the subject.

The 862-page final rule spells out what hospitals must do by October 2013 to achieve meaningful use of EHRs and be eligible for Medicare and Medicaid funds available in the 2009 Stimulus Package.

In 2009, University of Pennsylvania Health System (UPHS) completed a gap analysis with CSC to assess the research and clinical care organization’s readiness for meaningful use based on the proposed rule. Now that the final rule is available, UPHS, like many hospitals nationwide, has begun working toward compliance.

“There’s really a great need for information on this topic,” says Molfetas, who leads the meaningful use project at UPHS. “We

are a very large organization, so the incentives are attractive to us, but I have many questions, and I’m trying to educate myself.”

Just as Facebook users check their News Feed throughout the day, Molfetas checks in on the community often to see what’s new. “You really want to get every piece of information you can and read the latest from across the country,” she says. “The community is a very good tool. It has valuable information and gives you something to think about.”

The Meaningful Use Community features the latest information about the federal government’s criteria for meaningful use. It describes not only what provider organizations must do to achieve meaningful use, but also strategies for how to achieve each of the objectives for hospitals, ambulatory facilities, and eligible professionals.

Joining the conversationThe community allows members to access a network of peers and experts to discuss opportunities, challenges, and best practices related to achieving meaningful use. Members can ask questions and start discussions with other healthcare profes-sionals and experts who have experience in implementing EHRs.

CSC’s community subject matter experts are knowledgeable in areas such as computerized physician order entry (CPOE), medication reconciliation, physician documentation, performance improvement, physician adoption, organizational change management, health information exchanges, certification, and Health Information Technology for Economic and Clinical Health (HITECH).

MEANINGFUL USE SITE BRINGS HEALTHCARE COMMUNITY TOGETHER

by Chris Sapardanis

HEALTHCARE

WINTER 2010 | CSC WORLD 21

The experts are well-versed in topics to engage members on and helps create a bridge from CSC’s established healthcare thought leadership footprint on csc.com/health_services and other publications to the new collaborative social space.

“Our thought leadership helps people understand the bigger picture of how achieving meaningful use is important, but also how implementing EHRs correctly allows you to improve patient safety and care,” says Lisa Ragusa, director of marketing, CSC Healthcare. “The community is taking this thought leadership to the next level by allowing people to interact with the experts and their peers.”

CSC’s Meaningful Use Community is designed for clinical, administrative and technical executives; professionals; and decision-makers from various health-related organizations at all stages of the EHR implementation process.

Matt Mattox heads product development and marketing at Axial Exchange, which provides interoperability software for hospitals. While researching the different interpretations of the final rule, he joined the community and became involved in discussions. “We definitely wanted to get a sense of what the zeitgeist was on meaningful use,” says Mattox, who wrote a 27-page summary of the final rule, and posted it to the community. “It’s been a great place to get a cross section of perspectives from consultants to providers to vendors like myself.”

As a consultant at a health insurance company, Naveen Rao came across the community while exploring how the meaningful use provisions would impact insurers and posted an open question to the site to learn from members and experts.

“I wasn’t sure if it was a topical question or not, but there were people who were able to help me and direct me to some resources,” he says. “On the site, you can tap into people’s areas of expertise instead of just running a Google search and trying to find answers on your own.”

Socializing business and CRM Companies across all industries are increasingly turning to social business platforms like the Meaningful Use Community to build stronger relationships with customers.

A Forrester Research report states “Social Computing and social media represent a new wave of energy sweeping through business. “Social” holds out the promise of a customer-driven business model, one in which the voice of the customer influences business strategy and where corporate marketing truly responds to customer needs.”1

Claire Flanagan, director of CSC’s enterprise social collaboration and communities strategy, speaks about social business at

JOIN THE MEANINGFULUSE COMMUNITY https://community.csc.com/community/meaningful_use

Meaningful Use Community Objectives: Learn how to quickly and correctly implement meaningful use of an electronic health record system to enhance patient care and benefit from government incentives, Connect with others who have successfully implemented an electronic health record (EHR) for meaningful use, and Share information that helps others successfully imple-ment an EHR for meaningful use.

many industry and global events. “We’re seeing a huge trend in the industry where it’s so easy to get information on social platforms that sometimes what may be more trusted is what comes from one’s own network rather than from materials a company might traditionally provide,” she says. “While the Meaningful Use Community is very much a company-sponsored site, the value here is that healthcare providers can ask ques-tions, share best practices, and learn from other practitioners who may be at other stages in their journey, which can really help someone in a very practical way.

“We’re realizing that our customers expect this type of engagement, wanting the ability to not only co-create and ask the company questions directly, but also to ask and network with individuals like themselves,” Flanagan adds.

Increasingly, communities are becoming a core component in a company’s business, marketing and social CRM strategy. An Altimeter report says “... the rapid adoption of social networks has shifted the balance of power to the customer. Companies and organizations have fallen behind in connecting with customers, and realize that they must find a way to at least participate in the conversation. Some still yearn to regain control of the customer relationship. The reality – this is no longer possible.”2

Customer and prospect communities are one facet of CSC’s overall digital marketing and social business ecosystem. The healthcare community joins other communities in an external-facing portfolio including WikonnecT (http://www.wikonnect.com/public/index.html), the largest social network in the financial services industry, and InTouch (http://www.csc.com/alumni), CSC’s new community for alumni. CSC also has an internal facing, employee-only community.

1 The CIO’s Guide to Social Computing Leadership, by Nigel Fenwick, Forrester Research http://www.forrester.com/rb/Research/cios_guide_to_social_comput-ing_leadership/q/id/56391/t/2

2 Altimeter Report: The 18 Use Cases of Social CRM, The New Rules of Relationship Management http://www.altimetergroup.com/2010/03/altimeter-report-the-18-use-cases-of-social-crm-the-new-rules-of-relationship-management.html

CHRIS SAPARDANIS is a senior writer for CSC’s corporate office.

22 CSC WORLD | WINTER 2010

THE DIGITAL

WINTER 2010 | CSC WORLD 23

CLIENT: Fletcher Allen Health Care

CHALLENGE: Improve hospital

operations and show meaningful

use of electronic health records

to qualify for payments from

Medicare and Medicaid.

SOLUTION: Implementation

of Patient Record and Information

Systems Management (PRISM),

an electronic health record system.

RESULTS: With PRISM, physician

utilization for all orders was 96

percent, near-miss medication

events decreased 60 percent,

daily fall assessments increased

20 percent, and 25 percent

fewer patient charts needed to

be pulled.

by Chris Sapardanis

It’s the beginning of staff nurse Mary Hill’s shift at Fletcher Allen Health Care in Vermont. She confers with Tamara Gomez, R.N., who is ending her shift. Together, they look at a computer monitor at a patient’s bedside. Mary is getting a complete view of the patient’s care history. It’s all there – recent medications, vital signs, allergies, test results, and more – on one screen.

The view is courtesy of an electronic health record system called Patient Record and Information Systems Management (PRISM). The system, which uses application soft-ware by Epic, is putting this academic medical center on the map. By the end of 2010, Fletcher Allen Health Care will be in the top 3 to 4 percent of healthcare organizations in the U.S. that have a fully integrated electronic health record (EHR) system. As part of a clinical transformation project led by CSC, PRISM improves patient care, confidentiality, provider communications, and security, among other benefits, while putting Fletcher Allen on the road to qualify for federal funding within President Obama’s healthcare reform plan.

Under the American Recovery and Reinvestment Act of 2009, hospitals started to qualify for payments from Medicare and Medicaid in October 2010 for the successful implementation and use of EHRs. Hospitals that do not meet federal guidelines by 2015 face reductions in Medicare reimbursements.

With PRISM, Fletcher Allen’s inpatient operations are positioned to meet the requirements established for receiving incentives based on “meaningful use” of EHRs. Once fully implemented in December 2010, the system will serve all of Fletcher Allen’s 45 facilities and clinics, including the approximately 1,100 providers who are credentialed at Fletcher Allen.

“We adopted an electronic health record to improve safety and quality of care for patients,” says Sandra Dalton, senior vice president of Patient Care Services and chief nursing officer at Fletcher Allen. “With CSC’s healthcare expertise and track record in clinical systems implementation and improvement, we have succeeded in completing the first phase of our project on budget, on schedule, and in just 15 months. We hope other hospitals are encouraged by our achievement.”

Moving beyond paper PRISM has transformed clinical care delivery at Fletcher Allen from paper-based processes to a fully electronic system. Since going live in June 2009, staff embraced this new system after realizing the benefits.

TRANSFORMING CARE DELIVERY WITH E-HEALTH RECORDS

HOSPITAL

24 CSC WORLD | WINTER 2010

“Initially, the transition to PRISM was a huge culture change,” says Maureen Tremblay, nurse manager with Shepardson 4, Fletcher Allen’s hematology and oncology unit. “But our staff really worked as a team to learn the new system. It’s a wonderful tool that helps staff pull all the information they need to provide the best possible care, right there at the patient’s bedside.”

Prior to the implementation, most information at Fletcher Allen was written in one of two patient charts. In order to view all of the patient’s information, a nurse would have to locate the charts – one on the door and the other that could be with a physician or another clinician.

PRISM went live initially in Fletcher Allen’s inpatient areas, pharmacy and emergency departments, and a walk-in care center. CSC continues to offer IT consulting services during the second implementation taking place, which includes ambulatory clinics, Beacon Oncology, and MyChart – a feature that allows patients to securely access portions of their electronic health record via the Web.

The system’s capabilities most notably include Computerized Provider Order Entry (CPOE), a process where physicians, advanced practice nurses, and physicians’ assistants enter orders in the system at the point of care. These orders are signed and transmitted through the network to departments responsible for fulfilling the order, such as pharmacy, laboratory, or radiology.

122 Number of clinical transformation improvements PRISM teams designed during the project

96% Computerized Physician Order Entry utilization for all orders, including medications

60%Decrease in near-miss medication events

20%Increase in daily fall assessments

25%Reduction in number of patient charts needing to be pulled

Fletcher Allen By the Numbers CPOE decreases delays in order completion, reduces errors related to handwriting or transcription, allows order entry at point of care or offsite, and provides error checking for dupli-cate or incorrect doses or tests. It also simplifies inventory and posting of charges. Other advantages of PRISM include viewable medication and allergy lists, e-prescribing, clinical documentation, and higher-quality reporting. Health informa-tion exchange is also possible as is electronic submissions to public health agencies and immunization registries.

Transforming a clinical programCSC partnered with Fletcher Allen to complete the clinical transformation side of the EHR project. We handled all the clinical process workflow for the 15-month implementation period, says Jerry Howell, CSC’s client partner for Fletcher Allen.

“Usual implementation cycles for this type of project last 18 to 36 months,” Howell says. “But we’re seeing more and more in the industry that our clients want it done faster to meet all the ‘meaningful use’ dates and requirements.”

From a clinical point of view, CSC mapped out how Fletcher Allen used technology, from medication management, work flow, users, and future states, to customize PRISM appropriately. We also allocated the right amount of resources to build, test, and bring the system to life, as well as provided additional personnel for training support.

Besides the aggressive timeline, organizational change management was a major hurdle. “The biggest challenge healthcare organizations find when putting in CPOEs is physician resistance,” Howell says. “This is not their normal way of doing things. Fletcher Allen’s senior leadership recognized that early in the process and participated in every stage of the project. They understood that challenge and did many interventions to prepare their medical team.”

“Things are going very well,” says Dennis Woods, M.D., Inpatient Rehab at Fletcher Allen. “We are finding more functionality as we get more comfortable with the system. In the long run, these aspects will save time. And already, we are seeing how we can enhance patient care by being able to have everything open at once – charts, orders, vitals, etc.”

Training was also a major challenge because Fletcher Allen decided to take a big-bang approach to going live. Basically, everyone in in-patient care roles needed to start using the system at the same time.

“They made a decision that they wanted everyone to use it from Day 1 and they had the organization prepared to do that,” Howell adds. “They did a great job, but it was an incredible challenge because you basically have to help everyone at the same moment throughout the entire organization and still take care of patients.”

WINTER 2010 | CSC WORLD 25

Every day, organizations embark on a journey to understand and use electronic health records (EHR). The following tips compiled by Fletcher Allen Health Care and CSC will help ensure a smooth EHR implementation.

1 Leadership: A full and visible leadership commitment to an EHR implementation is critical for success. Without

administrative and medical staff leaders taking the time to participate in implementation efforts, the process is not going to work. At Fletcher Allen, senior leadership — including the chief information officer, chief medical officer, chief nurs-ing officer, and chief quality officer — devoted a significant portion of their time to implementation planning meetings and were present and visible during all events related to EHR implementation.

2 Planning: The more planning done upfront, the less work there will be during implementation. Consider all

aspects of the process, set realistic time frames, anticipate possible roadblocks, and allow opportunity for feedback. Many organizations don’t devote enough time to planning and end up reworking things after implementation starts. Spending the time upfront will allow you to gain user buy-in, identify potential stumbling points, and ensure the process finishes on time and stays on budget.

3 Involvement: In addition to doctors and nurses, organizations should involve therapists, pharmacists, di-

eticians, and other providers who will use the EHRs. Feedback from these participants should be collected before, during, and after the implementation process. They should also be included in the product selection committee, implementation team, and any other workgroups. For example, Fletcher Allen involved 30 clinicians in the EHR vision and vendor selection committee, and 2,500 employees in the program demos.

4 Forecasting: An EHR implementation is complex and if you approach the project with limited resources, you

will probably not succeed. When allocating resources, give clinicians time to participate in planning meetings and imple-mentation efforts, provide resources for education to spread the word about the program and its benefits, offer sufficient training to all users before implementation begins, and ensure there is plenty of funding support during the project.

5 Preparation: The introduction of EHRs will likely change the way your employees work. This is intimidating and,

if not addressed early, can lead to a lack of acceptance and participation. To avoid this, senior leaders must prepare the organization for change. In addition to educating users on why EHRs are necessary and how to use them, sufficient support during implementation must be provided. Fletcher Allen and CSC had 300 people and a help desk trained and available during the project to answer questions about the EHR program.

Five Tips for a Successful EHR Implementation

Succeeding at a new modelFletcher Allen Pharmacy Director Karen McBride, R.Ph., says pharmacists have found several benefits to working in PRISM, such as improved documentation of pharmacy intervention to avert medication errors, an ability to view a complete overview of a patient’s health history and current diagnosis, and better educational opportunities as each pharmacist can pull his or her interventional data and share it.

For example, Fletcher Allen Clinical Pharmacist Wes McMillian, a critical care specialist, uses his own intervention data to develop a curriculum for residents coming through critical care. The data obtained through PRISM offers the opportunity to change behaviors.

Working with the clinical planning group, pharmacy staff is more clearly defining interventions into 37 categories, including dose change, drug change, medication reconciliation, nonformulary to formulary, and renal adjustment review.

“The success of this project proves that EHRs can be implemented quickly and effectively,” says Mark Roman, president of CSC’s Healthcare Group. “The commitment of Fletcher Allen’s senior executive team, including the medical staff leadership, was crucial to its completion. When combined with CSC’s clinical and technical expertise, it enabled Fletcher Allen to rapidly move from a manual process to an electronic system where nearly all medical orders are being entered automatically.”

CHRIS SAPARDANIS is a senior writer for CSC’s corporate office.

About Fletcher Allen Health CareFletcher Allen Health Care serves a dual role as Vermont’s Academic Medical Center, in partnership with the University of Vermont, and as a community hospital. The regional referral center provides advanced-level care to ap-proximately one million people. It is also a training site for about 400 medical students, 550 nursing and allied health students, and 280 residents in training.

26 CSC WORLD | WINTER 2010

BEYONDE-HEALTH RECORDS

TECHNOLOGIES THAT ENHANCE CARE DELIVERY by Fran Turisco and Jared Rhoads

WINTER 2010 | CSC WORLD 27

Hospitals are keenly focused on implementing electronic health record (EHR) systems to capture and share patient information. In the U.S., the implementation of certified EHRs that meet “meaningful use” criteria is the highest priority in the coming years. The incentives are substantial and the long-term benefits to care providers and patients are significant. Beyond EHRs, however, there are a number of technologies that also enhance and improve inpatient care.

This article describes examples of these technologies, all of which have been successfully deployed as part of an overall change initiative that included process workflow redesigns. The informa-tion is taken from a larger research report, titled “Equipped for Efficiency,” that CSC Emerging Practices created for the California Healthcare Foundation.

Making improvements

Enhancement/improvement was defined as a change that increased efficiency, safety, care quality, or streamlined communications. In completing the research, it became clear that some technologies provide benefits in multiple areas, as outlined in Table 1.

To demonstrate the matching of “improvement need” to “technology use” in different situations, two technologies and how they were used in specific hospital settings are profiled for each Improvement Area.

Increasing efficienciesEfficiency improvements include more effective use of resources and redesigned workflows that allow care providers to spend less time on non-care related tasks. In the case of Catholic Health West in Nevada, a three-hospital system, the implementation of a workflow management system allowed them to consolidate management of inpatient flow, staffing, and bed placement to improve overall census (the number of patients staying at a hospital).

• Workflow management systems collect information from multiple sources and integrate it into a single display that highlights key patient and bed management informa-tion, such as room availability, patient wait times, rooms ready for cleaning, and key clinical data. All information is displayed using color-coded icons overlaid onto an image of the nursing unit’s floor plan, or a patient or room list.

TECHNOLOGY

Wireless communication solutions (including alarm/event messaging)

Real-time location systems

Delivery robots

Workflow management systems

Wireless patient monitoring solutions

Interactive patient systems

EFFICIENCY

IMPROVEMENT AREAS

SAFETY AND QUALITY

CARE DELIVERY ASSISTANCE

COLLABORATION/ COMMUNICATION

Table 1. Selected Technologies and Improvement Areas

28 CSC WORLD | WINTER 2010

For Catholic Health, patient census had been very uneven among its facilities, whereby one hospital often experienced many emergency department admissions and long waits for beds, while the other two hospitals had idle capacity. The new enterprise-wide system enabled nurses to offer on-the-spot transportation to other facilities where patients would receive immediate care. Knowing when beds are or will become avail-able helps the staff increase census and bed turns across the three hospitals. The system and change processes took several months to implement and improvements occurred within the first 30 days. Now, more than 260 patients a month are trans-ported to open beds, up from 30, and with better coordination.

At Brigham & Women’s Hospital in Boston, locating medical equipment took time away from patient care and created an environment where equipment hoarding was commonplace. The hospital decided to implement real-time location technology to track equipment so the care team could quickly locate what they needed.

• Real-time location systems (RTLS), also known as indoor positioning systems, are used to locate equipment, patients, and staff. Resources to be tracked are outfit-ted with small tags that communicate with transmitters and detectors located throughout the facility. The system’s positioning algorithms locate assets and display their location online using a map of the unit to indicate where the closest available resource can be found.

During the RTLS implementation, Brigham & Women’s also redesigned roles and responsibilities for equipment tracking, making unit secretaries responsible for locating equipment. Since they coordinate equipment transfers, they know whether equipment should be leaving the area.

Patient safety and quality of careAn inpatient care team handles multiple patients and care management tasks. The result is a complex web of workflows prone to decision bottlenecks and missed or delayed tasks that can ultimately impact patient safety and care quality.

At Beaumont Hospital in Royal Oak, Mich., the analysis of a close call involving a telemetry patient prompted a rethinking of the communications approach between technologists watch-ing the telemetry monitors and floor nurses. The change team redesigned the workflow and decided to replace its pagers with a wireless hands-free Voice over Internet Protocol (VoIP) communication system. • Wireless mobile VoIP communication solutions tap

into the hospital’s wireless local area network as its infrastructure and can be integrated with monitoring systems, bed management solutions, and clinical infor-mation systems. They offer escalation capabilities and group broadcast messaging. There are two types of devices: telephone handsets and wearable badges.

The impact of these process and technology changes on nursing response time to alarms was dramatic at Beaumont, dropping from 9.5 minutes on average to 39 seconds, well under the hospital goal of three minutes. The communication loop is closed 100 percent of the time, compared with the previous 35 percent rate with pagers.

Other important safety concerns are failure-to-rescue cases, which account for 60,000 deaths annually among less-than- 75-year-old Medicare patients, and patient falls, a leading cause of death among people 65 and older. Such patients need to be connected to monitoring equipment or be under close supervision of nurses, which is not possible in a general medical/surgical unit. In response to these needs, a new generation of wireless patient monitors has emerged. • Wireless patient monitor technologies use sensors that

can be integrated into the patient’s bed or mattress pad to provide continuous bed-level vigilance. Some bed-based solutions, for example, feature electronic weight scales, blood pressure monitors, and sensors that measure heart rate, respiration, and body movement during sleep.

At the James A. Haley Veterans’ Administration Hospital in Tampa, Fla., a wireless monitoring bed pad enables continu- ous patient observation. With this solution, patients received care more rapidly. Timely alerts prompted nurses to adjust care parameters to match surveillance needs in at least 10 percent of the cases. In addition, about 2 percent of patients were transferred to a higher level of care due to an alert, often several hours before they were scheduled to be reevaluated. At St. Joseph’s/Candler Hospital in Savannah, Ga, fall rates decreased from five falls to 1.4 falls per 1,000 patient days after the hospital integrated wireless patient monitoring with nurse communication technologies.

WINTER 2010 | CSC WORLD 29

Care delivery assistance Technology can be used to empower patients and others to assume new care delivery roles, thereby making nurses and other care providers more efficient and effective.

For example, Washington Hospital Center in Washington, D.C., introduced robots to take over some delivery tasks previously undertaken by skilled resources.

• Delivery robots can handle a number of fetch-and-deliver tasks. They are more flexible than older solutions, such as pneumatic tube systems, and do not require any struc-tural changes to hospital interiors. Using laser sensors and preloaded electronic drawings of hospital floor plans, and guided by an onboard computer, robots detect beds, water fountains, people, and obstacles, and adjust their route to avoid collisions. They can even call elevators.

At Washington Hospital, two robots deliver routine medication carts to the units, freeing up pharmacy technicians to join the care team, and enabling them to spend more time on new or-ders, one-time orders, answering medication questions, locating missing doses, and stocking the individual nurses’ workstations-on-wheels. The change also freed nurses from locating and retrieving all medications except for controlled substances.

Patient education is often an inefficient time-consuming task for nurses who need to coordinate equipment, educational materials, and patient availability. At Winchester Hospital in Winchester, Va., the implementation of an interactive patient system reduced this burden.

• An interactive patient system provides two-way communication and delivers multimedia content at the bedside. The system delivers patient education videos, enables communication with the nurse and support personnel, handles patient requests, and pro-vides a range of entertainment and Internet services.

Winchester Hospital’s system prompts patients to view videos on topics such as hand-washing and fall prevention at preset intervals after admission and records completion. Other videos can be added or deleted from the queue based on their rele-vance to particular patients and their diagnoses. Within the first month of system implementation, patient use of educational videos increased 15 percent, freeing up nurses’ time for patient care.

Collaboration and communicationInpatient care is provided by a team of professionals and support staff that rarely meets as a group, but needs to be in constant communication. They also respond to requests for information and assistance from patients, family members, physicians, and ancillary services. Wireless communications as described above has been used successfully to streamline both direct communications and group collaboration.

At Children’s National Medical Center in Washington, D.C., wireless communication improvements were significant. Response to patient calls dropped from 4 minutes 45 seconds to 1 minute 22 seconds. The mean response time for alarms dropped from 3 minutes 10 seconds to 34 seconds. In addition, nurses reported fewer interruptions, better continuity of care, and improved workflow.

Hospitals have found that regularly checking online workflow management system displays eliminates the need for direct one-on-one communications. At Oakwood Hospital in Detroit, the solution decreased the number of calls for bed management by 35 percent within weeks of implementation. It also eliminated the need for the twice daily bed meetings with the nursing staff. Housekeeping at Monongalia General Hospital in Morgantown, W. Va., checks the system displays to determine which rooms are ready to be cleaned, reducing calls to housekeeping by 50 percent and calls back to the bed manager by 20 percent.

SummaryTechnology solutions have the potential to create a better working environment for nurses and other care providers. While not an exhaustive list, the selected technologies mentioned above are in use, have demonstrated their value, and represent both leading-edge technologies that offer great potential as well as advances in mainstream solutions.

To access the full report, which was named a CSC Leading Edge Forum “2010 CSC Papers Winner,” visit http://tinyurl.com/equipped-for-efficiency.

FRAN TURISCO is a research principal and JARED RHOADS is a senior research analyst for Emerging Practices in CSC’s Healthcare Group.

30 CSC WORLD | WINTER 2010

JPL is entering its busiest era ever with 19 spacecraft and nine instruments in orbit, and five more scheduled launches in the next year or so. How are you addressing anticipated increases in infrastructure demand?

Soderstrom: We have done things that will make future launches much easier. For instance, we’ve upgraded our infrastructure so more meetings can occur concurrently with remote par-ties, supplementing this with an online meeting capability. We’ve also become ‘the cloud’ for our users. We just have to figure out how much capacity we need.

Having to grow and shrink is key. We’re not all the way there yet, but we should be in a year. We’re also beefing up wire-less and storage at JPL. The first layer is on the laptop, then the cloud, then JPL’s supercomputers and then to (NASA) Ames’ supercomputers. This will give us capacity wherever it’s needed.

Agility is also going to be huge because you don’t know what’s going to happen. And nothing ever runs perfectly, which mirrors today’s environment.

What advice do you have for CIOs about agility?

Soderstrom: The cloud is agility, so I would say, “Get started now.” Try it on noncritical issues. And don’t think securi-ty is an obstacle. It’s not an obstacle at all because you have so much data in your organization that’s not secure: test data, testing algorithms, load testing, spinning temporary computers up for people who come in to do a temporary job for you, and collaborating with partners.

Another one would be to try and tap into the ingenuity of your end users. It’s going to be different for every organization. Really make that a priority, and I think everyone will be surprised.

Also, don’t be afraid to try things, including challenging policies. That’s something that we’re doing continuously. The only way you will know if a policy makes sense is to try to do something. Do small versions of the end goal.

You have talked about transparency, participation, and collaboration as key drivers for companies today. How is JPL using technology to achieve gains in these areas?

Soderstrom: This is President Obama’s mantra, which is echoed and pushed by Vivek Kundra, the U.S.’s first chief information officer. We think it’s a fan-tastic message.

Two years ago we identified consumer-ization of IT as one of our key trends. We realized that innovations were coming from the consumer space, not from the traditional IT organization, and dis-covered that we either had to get out of the way or get in front of it. We decided to take it one step further by letting the consumers, our end users, help govern and help decide how and what we do when.

So we created platforms like JPL Wired, which is essentially a very specific Wiki-pedia for engineers at JPL, and JPLTube, which is really YouTube inside JPL. We also created “Project Capture,” where, for example, people who need photographs of a spacecraft are uploading it and handling it themselves.

LOOKING BEYOND

THE CLOUDSTOM SODERSTROM

CTO, NASA’S JET PROPULSION LABORATORY

Tom Soderstrom, NASA Jet Propulsion Laboratory’s chief technology officer, often refers to himself as the lab’s “chief toy officer.” As a proponent of the theory

that today’s toys are tomorrow’s tools, he’s funded his employees’ passion for the latest consumer gadgets,

seeing JPL’s scientists turn them into viable, innovative tools. As he looks toward the future, which will be one of the laboratory’s busiest times, he explains his view

on new approaches and emerging technologies that he predicts will provide the opportunity to get ahead of

the curve — both in space and on Earth.

30 CSC WORLD | WINTER 2010

FEATURES

WINTER 2010 | CSC WORLD 31

We are also using wikis and SharePoint blogs to collaborate with our partners. We’re partnering more than ever. Nobody can afford to go into space alone anymore.

For us, transparency is about letting everybody know what we’re doing so we can get their input. Traditionally you may want to hide some news and just show the good news. But we don’t do that because the bad news leaks out anyway. Instead, we try to attack an issue together and get the benefit of every-body’s ideas on how to solve it. You have to have a fair amount of IT infrastructure for JPL’s projects. What technologies or trends are you looking at adapting or adopting?

Soderstrom: There are quite a few, but the most important one is the cloud. Two years ago we said cloud computing, and now we’re saying pervasive cloud. The cloud is not just data centers; we’re also augmenting our high-performance computing strategy with cloud high-per-formance computing.

The future will be the ability to work with anyone from anywhere, using any device. At JPL, the data needed for testing is coming from the cloud, where we can use a public cloud for the gross images we need, and then, as we drill down in detail, use a private cloud. We have examples of this running on the iPad, and that is amazingly brilliant. And it didn’t come from me; it came from our IT consumers, the scientists.

The underlying infrastructure is the net-work. Without it, the cloud and all these remote devices don’t work. So our Wi-Fi needs to be upgraded. For our wideband technologies, we’re looking at all kinds of approaches ranging from consumer devices to relationships with big vendors.

Big data is also a trend that will be the biggest cost driver of anything we do. People are collaborating more, and now the machines are starting to collaborate. You’re going to have sensors and desktop kiosks automatically communicating with each other. JPL will have optical

communication to the spacecraft and those data streams will dwarf what we have today.

You said “Today’s toys are tomorrow’s tools.” How is JPL using technology to encourage ingenuity?

Soderstrom: About two years ago we looked at the industry trends that were driving IT. We talked to partners, like CSC, Lockheed Martin, universities, other NASA centers, federally funded research and development centers, and startups. We asked where they thought these trends were going. We wanted to study them to make sure we were investing in the right technology.

We also wanted to see what’s coming so we could prepare, get ahead of it, and have it up and running before it became a critical need.

We identified several trends that we wanted to focus on. Then we began IT innovation seminars where we asked ev-eryone what they thought of those trends and formed working groups. With those groups, which are a cross-collaboration between the missions people at JPL — discovering new planets, walking on Mars, etc. — the IT department and our industry partners, we were able to taste-test these new trends. What’s the difference between innovation and ingenuity?

Soderstrom: At JPL, we’ve been fostering people’s ingenuity, and from that comes innovation.

If you focus on innovation you’re focusing on the wrong thing. If you focus on how you can get end users to help you innovate, then you will get the innovations. So fostering people’s ingenuity really meant having an IT structure that enables them to play, to try, to evaluate and to get the credit.

With the wiki infrastructure we created, instead of somebody hiding from the ‘IT police,’ we invited them to try the wiki, and we posted for them, taking care of the cost. This allowed them to innovate,

tell us what they wanted to do, and that was successful.

We also looked at the iPad and asked, “Is it secure? Can we support it?” and the answers were “yes.” We then asked, “What can this be used for? Is it useful or not?” We realized this wasn’t really for us to answer. So we had a contest and asked people for ideas on what they would use the iPad for. None of the ideas dealt with calendar or e-mail; they were all about using the iPad for the JPL mission.

The CIO technology advisory board helped us select the contest’s winners, who we then gave iPads so they could try out their winning ideas.

Can you give us an example of one of these ideas?

Soderstrom: When we send a spacecraft up in space it has to be super clean, no bacteria, nothing. So we use a clean room where people in white suits prepare the spacecraft. If you introduce paper, such as assembly instructions, the room becomes “dirty.” However, an iPad could be used instead of paper to show how to assemble the spacecraft, go through a checklist, and call up specifications for all of the pieces. When the iPad gets a camera they can even replace the consumer cameras they currently use. Another example is the use of the accelerometer, which is available only on the iPad. It can be used to control equipment by tilting it to drag forward or sideways. Right now we have an iPhone app driving our Mars Rovers, and we could do that on the iPad. You can also see all the test results and telemetry coming in directly on the iPad as a graph. This eliminates the need to walk across the room each time a test is done.

WINTER 2010 | CSC WORLD 31

32 CSC WORLD | WINTER 2010

EXTREME COLLABORATION

IS (NOT) ROCKET SCIENCE

by Todd Lucas

CLIENT: NASA’s Jet Propulsion Laboratory

CHALLENGE: Implement an economical,

remote, high-definition video technology

that combines the convenience of remote

collaboration with the positive dynamics

of face-to-face meetings.

SOLUTION: CSC selected and helped implement

LifeSize Room at multiple JPL locations.

The solution works in conventional offices

and conference rooms, and uses the Internet

instead of costly dedicated lines.

RESULTS: JPL employees are enthusiastic about

participating in remote face-to-face meetings,

resulting in improved collaboration and reduced

travel costs.

WINTER 2010 | CSC WORLD 33

EXTREME COLLABORATION

IS (NOT) ROCKET SCIENCE

Nestled in the foothills of the San Gabriel Mountains in Pasadena,

Calif. NASA’s Jet Propulsion Laboratory (JPL) has the feel of a bus-

tling college campus, with dozens of buildings spread across many

acres. While a beautiful setting, it is not the most convenient one

when it comes to conducting impromptu face-to-face meetings with

colleagues. A five-minute meeting can require an hour’s time when

factoring in a minimum 20-minute “commute” each way.

To improve productivity and enhance the essential close collaboration among its 5,000 employees and contractors scattered across the globe, JPL decided an advanced video communications solution would be necessary. With CSC’s assistance, JPL chose the LifeSize Room high-definition video conference (HDVC) environment, which delivers numerous business benefits and brings new life to meetings.

Scientists at workJPL is in the business of deep space exploration. As Tom Soderstrom, JPL’s IT chief technology officer, says, “We have the benefit of a lot of smart people at JPL. Not only can they put Rovers on Mars, but they can also do IT.” To broaden and expand the capabilities of its highly intelligent workforce, JPL stresses “extreme collaboration.”

That means frequent meetings among remote personnel and across several cultures. The LifeSize Room solution has full HDVC capabilities, providing a true-to-life experience. It enables eye-to-eye contact, which, says Soderstrom, establishes trust among colleagues, and lets participants experience the nuances of body language, contributing to a livelier group discussion. This improved telepresence is resulting in more effective collaboration for JPL and greater commitment among meeting participants.

The integrated LifeSize Room system features an embedded high-definition multipoint control unit that works securely over the Internet, eliminating the need for costly dedicated lines. Compatible with most HD displays, it works in conference rooms of all sizes. Due to its relatively low cost, JPL can deploy the technology at a wide range of locations, including key subcontractor and partner sites. Already more than 40 video conference systems have been installed at JPL, and more than 100 across NASA.

CSC worked with LifeSize to obtain three evaluation HDVC systems, which were installed at three different JPL facilities in Pasadena. Says Soderstrom, “We needed it to be easy to use and quick to connect — 10 seconds, not 10 minutes. It also had to be affordable enough so we could install it in many places, because if [one dedicated conference room] was always occu-pied, it didn’t do the users any good. It also had to be close to where the users were.”

TODD LUCAS led the HDVC project with JPL while director of CSC’s Pasadena Innovation Center and is currently director of CSC’s Huntsville Conference and Innovation Center in Alabama.

Once tested and selected, the LifeSize system also proved to be a portable solution, allowing JPL to extend its environment to launch sites. “We can ship the LifeSize camera and codec to the site, and connect to a regular TV,” adds Soderstrom. “They just plug in and in 20 minutes they’re talking to JPL face-to-face.”

CSC Innovation CenterIn late 2007, CSC opened its Pasadena Innovation Center, which, along with other innovation centers in the United Kingdom, Denmark, India, Australia, and Chantilly, Va. — allow clients to explore and prototype new IT solutions and business processes. JPL tapped into our Pasadena Center. Once LifeSize was cho-sen, our experts analyzed the Lab’s specific videoconferencing requirements and designed custom solutions to meet those needs. For example, we made recommendations to improve lighting, audio and other environmental factors based on the characteristics of each conference room. We also helped set up multiple live demonstrations and created customized user guides to help spur user adoption.

JPL employees are enthusiastic about participating in remote face-to-face meetings that are as productive and dynamic as live in-person meetings. Participants are finding that the high definition, virtual presence of remote team members energizes meetings and enables more meaningful dialog and group participation.

Virtual meetings, reduced travelSince the introduction of the LifeSize solution, JPL has reported more frequent and timely meetings. They also met their goal of leveraging the Internet for secure teleconference communica-tions instead of having to rely on proprietary technology.

Another benefit has been reduced travel costs. Direct and indirect benefits include significantly lower environmental impacts from meeting-related travel. Hours previously spent traveling are now spent collaborating and accelerating projects to completion.

34 CSC WORLD | WINTER 2010

As companies try to bounce back from the economic downturn, knowing how to use supply chain management (SCM) to boost bottom lines is more critical than ever, according to The Eighth Annual Global Survey of Supply Chain Progress.

The CSC survey concludes that supply chain management has matured and a majority of respondents see it as being of core importance to business. SCM not only helps offset customer demand for lower prices, it can also be used to find cost reductions and increased revenue. But it is mostly the supply chain leaders that are taking advantage of SCM’s busi-ness benefits.

Chart 1: During the past 12- to 14-month economic downturn, what happened to the emphasis on supply chain improvements?

Chart 2: Over the past three years, what has been the overall impact of your supply chain initiatives on revenue and costs?

Chart 3: Over the past three years, what has been the overall impact of your supply chain initiatives on revenue and costs?

THE 2010 GLOBAL SURVEY OF SUPPLY CHAIN PROGRESS QUERIED:

199SUPPLY CHAIN MANAGEMENT EXECUTIVES

41%FROM $1 BILLION-PLUS SIZED FIRMS

25%

FROM FIRMS WITH MORE THAN10,000 EMPLOYEES

DEMOGRAPHICS

SUPPLY CHAIN

LEADERS OUTLAST

TOUGH TIMES

BY THE NUMBERS

WINTER 2010 | CSC WORLD 35

ment.” Refreshing category strategies was seen as a primary area of focus for supply chain managers (see Chart 5).

In short, the survey found that the ingre-dients for success and superior perfor-mance start with establishing a strong supply chain strategy that is linked directly to business results. The 2010 survey attracted close to 200 respon-dents from 20 industries in every major geographic region of the world. The survey was conducted by CSC, Supply Chain Management Review, and the Eli Broad Graduate School of Management at Michigan State University, with assis-tance from the Council of Supply Chain Management Professionals and Supply Chain Europe magazine.

Download the full report at: www.csc.com/2010SCSurvey.

Rising in importanceThe survey found that the supply chain is more business sensitive than ever and needs to be a primary area of focus for manufacturers and retailers. Companies need to use SCM to right-size their cost structures and inventory to service their customers at the desired level.

“If I’m trying to reduce my costs, I have to go into the supply chain,” says Brad Barton, managing director of CSC’s Sup-ply Chain Practice. “The bottom line is companies are turning to supply chain management to find cost reductions and inventory reductions, as well as provide a sales uplift.” Telling indicator in the sur-vey was that more than three-quarters of respondents felt that the supply chain increased in importance during the eco-nomic downturn (see Chart 1).

Despite the advantages effective SCM brings, fewer firms reported the upper ends of cost and revenue benefits, while a much larger percentage of respon-dents in 2010 said they found no savings or were not able to report such ben-efits. More than half of the respondents said that SCM either had no impact or increased revenues from 1 to 5 percent (see Chart 2).

Among the key business trends noted in the survey was that to reduce costs, business leaders went directly to their supply chains, working with key suppli-ers to reduce cycle times with their best customers and to increase revenues. At the same time, it appears buyers were able to get bargains as reduced costs were reported on the buy side.

Leaders vs. followersThe 2010 survey showed a sharp differ-ence in performance between firms that consider themselves to be leaders in supply chain competence and others, the followers. Supply chain leaders and fol-lowers generated about the same levels of cost savings from their investments, however leaders reported twice as much revenue gains (see Chart 3).

The survey reports some shifting in the customer base for firms, with leaders

Chart 4: During the downturn, what happened to your market share?

Chart 5: As we begin emergence from the recent economic downturn, what are your primary focus areas?

concentrating on shoring up market shares by satisfying the best customers, apparently taking market share away from less adept competitors. Supply chain leaders were more likely to gain market share in the down economy (see Chart 4).

Supply chain leaders share common attributes, including the presence of a supply chain officer, a greater global con-trol and functional span, and the use of modeling techniques to improve network designs. Among leaders, a common SCM solution is to deploy inventory replenish-ment techniques to reduce inventory levels and free up cash.

Managing the supply chain is integral to managing the overall business, Barton asserts. “Supply chain is the key lever be-cause that’s where all your assets reside, and that’s where your property, equip-ment and inventory all go, so everyone is really zeroed in on supply chain manage-

36 CSC WORLD | WINTER 2010

Whether you are the frightened parents of an abducted child or someone simply trying to make it through a winter storm to get to work on time, the ability to quickly post Amber1 Alerts or determine Maryland’s fastest, safest roadway is priceless. For more than a decade, CSC has helped develop and upgrade the intelligent transportation system (ITS) Maryland uses for real-time operation of its highway system.

Managed by the Coordinated Highways Action Response Team (CHART)2, the program’s launch marked Maryland’s early entry into the ITS arena in the mid-1980s. The program has since evolved into a statewide advanced traffic management system covering more than 500 miles of roadway. The system improves highway safety and operating efficiency and enhances existing system operations, the movement of goods, and emergency weather operations and environmental quality.

CSC has worked with CHART since 1997 when it provided a comprehensive telecommunications analysis of the initially deployed CHART system. Since then, we’ve supported the system’s development, enhancement, and implementation. CSC was the lead developer of the system’s operational software, as well as provided systems engineering as CHART overhauled the traffic management system’s communications network. We

continue to provide CHART with software and business area architecture development, requirements analysis, and validation. We also provide systems analysis and administration, systems engineering, and integration activities for the traffic management system, which was one of the first statewide ITS deployments in the U.S.

Intelligent transportation systems When CSC first helped deploy the redesigned CHART system, we established our reputation for innovation in intelligent transportation systems. CSC used asynchronous transfer mode technology to transfer data in packets over the network and provide multicasting video delivery to State Highway Administration locations. This lets operators view and operate CHART’s closed-circuit television (CCTV) traffic surveillance cameras and destination monitors from multiple traffic operation centers throughout the state.

“At the time, CHART was one of the first ITS systems in America to use video multicast capabilities, which let people in different cities view video from cameras located throughout the state,” says Darrell Shahin, CSC’s CHART principal engineer.

Ten years later, CSC redesigned the video delivery system to use Internet Protocol multicasting over the Maryland Depart-ment of Transportation’s statewide Gigabit Ethernet enterprise network, which CSC also designed and deployed. CHART now manages more than 200 controllable CCTV cameras, 80 stationary cameras, 90 speed detectors, 150 dynamic message signs, more than 40 highway advisory radios, and two local media video exchange interfaces. It also imports weather and road surface condition data from the state’s weather/pavement sensor station system. Additionally CHART distributes video to 300 video monitors/feeds at more than 80 statewide opera-tions centers, which belong to more than 35 operating agencies.

By distributing digital CCTV video, messaging, system alerts, and data to Maryland’s Statewide Operations Center, which runs 24x7, and satellite centers, operators can evaluate and post road and weather conditions, provide emergency response, manage traffic flow, and provide travelers with real-time infor-mation. CCTV video is also streamed to the CHART Web site, www.traffic.md.gov.

CHARTINGSUCCESS ON

THE ROAD

CLIENT: State of Maryland’s Coordinated

Highways Action Response Team

CHALLENGE: Improve real-time operations of

Maryland’s highway system.

SOLUTION: Develop, enhance, and support

one of the first statewide intelligent transportation

systems in the U.S.

RESULTS: A statewide, advanced traffic

management system that improves highway

safety, operating efficiency, the movement of

goods, existing system operations, emergency

weather operations, and environmental quality.JENNY MANGELSDORF is a writer for CSC’s corporate office.

by Jenny Mangelsdorf

36 CSC WORLD | WINTER 2010

IN PRACTICE:TRAVEL & TRANSPORTATION

WINTER 2010 | CSC WORLD 37

Integration with existing systems key“A key hallmark of CHART’s network architecture and software was our inte-gration of the client’s existing systems,” says Shahin. This lets CHART add new technologies to the system and network, while maintaining compatibility with existing infrastructure. This also fosters interagency cooperation by giving the system the flexibility to integrate with systems deployed by other state and county agencies.

To further broaden CHART’s data sharing capabilities, the system captures expanded travel time and neighboring-state data via third-party public-private-partnership systems and data.

“Maryland’s CHART system is a national leader in regional highway traffic data sharing,” says Shahin. “Most intelligent transportation systems were initially deployed on a regional basis, and tended to be isolated from each other. Today there’s a growing awareness that we need to share data and coordinate operations between systems, both at the inter- and intrastate level.”

In Maryland, the I-95 highway runs through Maryland, Virginia, and Delaware. A bad traffic accident in northern Virginia can impact traffic flows in Maryland and vice versa. A future key improvement, called the data exporter, will enhance the system’s ability to make data even more accessible to other organizations using standard Web-based XML data transmission protocols.

“From day one, our goal was to ensure both highway data and video were available to other agencies and the public,” says Richard Dye, CHART Systems Administrator. “Today, in fact, we probably share more video with other governmental and private sector first responders than any other traffic system.”

From the beginning, CHART also planned on sharing lessons learned from the system’s development and all of its design documents — from high-level to detailed design, to the actual source code itself.

“It’s available to anyone who requests it,” says Dye. “In fact several states have already used our code, including one that has modified part of it, which we then have taken back and used ourselves, saving us development time and money.”

Decreasing congestion, increasing revenueIn an effort to decrease traffic congestion and capture revenue, state transportation agencies are looking to high-occupancy and express toll lanes. In Maryland, administrators plan to use CHART’s ability to interface with the state’s electronic toll collection system to obtain toll rates and display them on dynamic message signs. This will also let operators vary toll rates depending on the amount of congestion in these lanes. (Read the white paper “CHART Systems Engineering Approach” at www.csc.com/CHART.)

Operators already use CHART to auto-matically post travel times on dynamic message signs, helping motorists make informed, alternate-route decisions and decrease road congestion. Previously, all messages required direct operator intervention.

Making tasks easier for operators, who could be under extreme stress, is an additional feature of CHART that CSC developed.

By building a universal interface for all of CHART’s systems, operators only have to access one main menu as opposed to other systems that use a dashboard approach that then directs operators to manufacturer-unique utilities, each with their own brand of controls.

“When we hired CSC, we were contracting a process as much as contracting a com-pany,” says Dye. “We wanted to ensure that the company that won the contract would do more than simply look at our requirements, but also tell us if we could build our system better.

“We’ve been more than satisfied with the quality of CSC’s software development,” Dye adds. “Just as importantly, we have a partner who has totally embraced the process, to the point that they have taken on CHART’s responsibility as if they were state employees. We really appreciate that.”

1 AMBER (America’s Missing: Broadcast Emergency Response) Alerts are emergency messages broadcast when a law enforcement agency determines that a child has been abducted and is in imminent danger.

2 The Coordinated Highways Action Response Team (CHART) is a joint effort of the Maryland Department of Transportation, Maryland State Highway Administration, Maryland Transportation Authority, and the Maryland State Police in cooperation with other federal, state, and local agencies.

38 CSC WORLD | WINTER 2010

To provide its customers with greater value, YRC Worldwide, the largest less-than-truckload carrier in North America, decided it was time for two of its subsidiaries — Roadway Express and Yellow Transportation — to share more than the highway. Through merging the networks and operations of two of the most recognized transportation carrierson the road, a new powerhouse brand — YRC — was born.

Less-than-truckload carriers transport goods weighing less than 10,000 pounds from several shippers loaded onto one trailer. YRC wanted to gain new efficiencies during the economic downturn. Recognizing that its two carriers used different processes, systems, networks, and brands, YRC looked for a company to help integrate and launch a newly branded carrier.

With our 15-year history of supporting more than 200 merger and acquisition projects, CSC was ready to help. We provided counsel on merger strategy, contingency planning, program

CLIENT: YRC Inc., a leading transportation

company

CHALLENGE: Integrate subsidiaries — Yellow

Transportation and Roadway Express.

SOLUTION: CSC’s in-depth merger-related

expertise, methodology, and tools.

RESULTS: One company, brand, physical net-

work, and one set of processes, all supported

by one IT system.

management, and governance and organizational change management. The CSC team also advised specific functional areas, including operations, sales and marketing, IT, revenue management, and finance and accounting.

“We helped manage the entire program — both the business side and the IT,” says Stu Diamond, CSC North American Merger and Acquisition practice lead. “In this case, we actually made sure that technology was off the critical path. I think that’s one thing that makes CSC different in this market. While we have deep technology expertise, we don’t make hardware or software, so we don’t have to sell it. For YRC, technology was involved, but it was not the key enabler.”

Accelerating the integrationOne of CSC’s major contributions to the integration project occurred as we provided counsel on YRC’s integration direction. Initially, the project timeline was set at 18 months. But when it became apparent the economic recession was deeper and longer-lasting than anticipated, the company decided to significantly accelerate the integration. CSC helped YRC cut 10 months off the project schedule and approximately $20 million in associated costs.

Another contribution came from our Business Impact Assess-ment (BIA) tool, which is part of CSC’s Catalyst methodology. As a key component of Catalyst’s Organizational Change for Enterprise Resource Planning toolkit, the BIA change planning tool gets practitioners off to a rapid start, enabling them to think about process changes and the steps needed to accom-plish their goals. Because of BIA’s flexibility, CSC was able to tailor the tool, enabling YRC to evaluate 535 different processes and comprehensively plan to the activity level all of the changes that would occur once Yellow and Roadway merged.

YRC was extremely sensitive to the magnitude of change that the integration would require. Throughout the project, and with CSC’s help, the company communicated its benefits to both employees and customers, focusing on the fact that it was creating the most comprehensive transportation network in the industry. Feedback from customers was positive, which created a sense of confidence that this was the right strategy.

From a training perspective, CSC used BIA to identify at the task level what the differences were between tasks — old and new — to allow targeted training.

For the integration, CSC also led the project management office and provided counsel on a variety of areas, including:

• Risk mitigation strategies• Program planning, coordination, and issue resolution• Change management, communication, and training advice• Process analysis and comparison• Day-by-day and hour-by-hour detailed cutover planning• Conception, design, and implementation of

an integration support center (ISC)

CSC HELPSTRANSPORTCOMPANIES SHARE THE ROADby Mary Reitter

IN PRACTICE:TRAVEL & TRANSPORTATION

WINTER 2010 | CSC WORLD 39

It was critical to have a strong project management office as the scope of changes due to the merger was huge, and the cutover, which was to occur over one weekend, was complex.

“I’ve worked mergers before and let’s say we’re going to go live on January 15th and we decide we need a few more weeks — usually, no big deal,” says Diamond. “But for YRC, this wasn’t a merger of just back-office processes. There were in-transit shipments on the road and when the two companies merged, we had to ensure shipments from the old system were in the new one and were correct. If we messed this up, people would not get their deliveries. The stakes were so much higher; there was no margin for error.”

SWAT teams formedTo handle the approaching cutover, CSC created the ISC — which ran 24x7 up to, through and post-cutover — to give supervisor-level personnel and above the ability to get ques-tions directly answered by core functional SWAT teams. The center also enabled the YRC-CSC team to track all of the 356 activities directly tied to the cutover, ranging from IT systems to validation that propane tanks in each of the terminals had been returned.

This was a unique process for YRC. For example, when either of the two pre-merged subsidiaries shut down a facility, they would usually do it over a couple of weeks. For the cutover, they shut them down overnight. The process began at 12:30 a.m. on a Saturday. Trucks had to be renumbered and of the more than 100,000 shipments en route, 60,000 had to be renumbered and accounted for in the new system.

As a result of extensive employee training, YRC field employees were prepared when the new network was put in motion. Thanks to a special team effort to maintain shipment visibility, the cutover exceeded expectations, with 11 percent of ship-ments being temporarily lost compared to a projection of 15

percent. Service returned to near-normal levels within 30 days of the cutover and continued to trend in a positive direction.

“The ISC played a huge role in the success of this project,” says Mike Naatz, YRC Worldwide executive vice president and chief information and service officer. “Today, thanks to CSC’s merger expertise, their flexibility and the hard work of YRC employees, we have an integrated company confidently and efficiently de-livering shipments for our customers throughout North America every working day.”

For more information on our mergers, acquisitions and divesture services visit www.csc.com/mergers_acquisitions.

About YRCA subsidiary of YRC Worldwide Inc., YRC specializes in re-liable solutions for the heavyweight shipping of industrial, commercial and retail goods in North America. YRC is a Fortune 500 company and one of the largest transporta-tion service providers in the world.• Holding company for a portfolio of successful brands• More than 500,000 customers worldwide• Operations in more than 1,200 locations around

the world• Global logistics services in and among more than

80 countries• Industry-leading expertise in heavyweight shipments

and flexible supply chain solutions• Largest, most comprehensive network in North America

MARY REITTER is a writer for CSC’s corporate office.

40 CSC WORLD | WINTER 2010

INTELLIGENT GRIDS POWER A SMARTER FUTURE

THE GREEN CORNER

by Meir Shargal

Regardless of who you ask, the forecast is often the same: in the next two decades, the world’s demand for energy will essentially double. Simultaneously, CO2 regulations and reduction goals — be it for utilities or consumers worldwide — will also explode. Smart grids, which use information technology to help deliver, manage, and monitor electricity for utilities, could provide the capabilities we’ll need.

The International Energy Agency estimated in its Energy Technology Perspectives 2010 report that the global deployment of smart grids can help reduce CO2 emissions by between 0.9 and 2.2 gigatonnes annually by 2050, which is equivalent to the annual emissions of between 300 and 730 mid-sized power plants.1

If you use information-enabled energy, by turning the data you collect from the grid into intelligence, you can create more power with fewer resources.

However, while many are embracing the concept of smart grids, issues ranging from managing renewable energy to ensuring high levels of security still need to be resolved. For example,

currently the U.S. National Institute of Standards and Technology is “taking aggressive action to

respond to this critical national need” of developing smart grid standards.2

Energy from different sourcesAnother issue is the integra-

tion of renewable energy, such as solar and wind

power, into a utility’s main grid. With tradi-tional operations, such as coal-fired plants, utilities built their systems to manage reliable, consistent energy that comes from one source. With renewable energy, those

resources are inter-mittent and never

guaranteed. They also enter into a utility’s grid

at different places, unlike the traditional single source,

such as coal being burned at the utility plant.

You need both eyes and ears to be able to control when to take advantage of renewable energy. Incorporating grid manage-ment is key when you move from centralized generation, such as coal plants, to distributed, renewable energy generation.

To create a smart grid, utilities basically combine their electric grid with a communications network that, through sensors and other devices, gives them intelligence on what is happening on their grid. They can then use that intelligence to make energy decisions and enable consumers to better manage their power usage.

How a utility will manage the large amount of data these smart grids generate is another key issue. Traditionally, utilities generate bills based on monthly meter readings. With smart meters in place and linked to the grid, each meter can send a reading every 10 minutes. Add that new influx of meter data to the flood of data sent by sensors and other devices on the smart grid network, and utilities risk being swamped by a huge wave of data.

To achieve the greatest efficiencies, much less ensure systems aren’t overwhelmed, utilities will need to increase their back office systems’ scalability and reliability. Then they have to integrate that data with their legacy systems in order to turn it into intelligence.

A new level of riskSecurity is another concern when creating smart grids. As utilities link their traditional energy grids to communications networks, new vulnerabilities emerge on transmission and distribution networks that need to be protected from cyber attacks. This presents a completely new level of risk that utilities need to consider when building their smart grids.

A smart grid will vary from utility to utility. Each will focus on different requirements and take advantage of different tech-nologies. To succeed, however, they will all have to be smart, secure, and sustainable.

Today CSC provides industry-relevant business solutions and services to help execute smart meter and smart grid programs worldwide for utilities who together supply energy to more than 58 million customers. For information on CSC’s perspective on how smart grids will enable the new energy economy, go to www.csc.com/smartgridPOV.

1 www.iea.org/techno/etp/index.asp2 www.nist.gov/smartgrid/index.cfm

MEIR SHARGAL is CSC’s Smart Utility practice lead.

WINTER 2010 | CSC WORLD 41

BETTERINFORMATIONFOR BETTER

BUSINESS SOLUTIONS

TECHNOLOGY

OUTSOURCING

Around the world, we are transforming healthcare. Our solutions revolutionize the way physicians deliver services, governments manage public health, experts conduct breakthrough medical research, and institutions provide coverage.

Learn more at www.csc.com/health_services.

DECISIONS

D

Worldwide CSC Headquarters

The Americas3170 Fairview Park DriveFalls Church, Virginia 22042United StatesTel: +1.703.876.1000

EMEARoyal PavilionWellesley RoadAldershot, Hampshire GU1 1 1PZUnited KingdomTel: +44(0)1252.534000

Australia26 Talavera RoadMacquarie Park, NSW 21 13AustraliaTel: +61(0)29034.3000

Asia20 Anson Road #11-01Twenty AnsonSingapore 079912Republic of SingaporeTel: +65.6221.9095

About CSCThe mission of CSC is to be a global leader in providing technology-enabled business solutions and services.

With the broadest range of capabilities, CSC offers clients the solutions they need to manage complexity, focus on core businesses, collaborate with partners and clients, and improve operations.

CSC makes a special point of understanding its clients and provides experts with real-world experience to work with them. CSC is vendor-independent, delivering solutions that best meet each client’s unique requirements.

For more than 50 years, clients in industries and governments worldwide have trusted CSC with their business process and information systems outsourcing, systems integration and consulting needs.

The company trades on the New York Stock Exchange under the symbol “CSC.”

Copyright © 2010 Computer Sciences Corporation. All rights reserved.

BUSINESS SOLUTIONS

TECHNOLOGY

OUTSOURCING