Showing posts with label Checks and Balances. Show all posts
Showing posts with label Checks and Balances. Show all posts

August 16, 2017

Rain Spill On Building

Just thought this was a really interesting photo. 

The way the rain splattered down the side of this building.

The water hitting only on top and then trickling down the side like a big spill. 

"The rain in Spain falls mainly on the plain," but in Washington, D.C., it falls down the side of the buildings in these weird artistic patterns.

When I was a kid, I remember when it rained, my father would tell me positively and jokingly, "Ah, we're getting a free car wash today!"

Isn't it amazing how G-d made the world where it rains, and provides us not only the water to drink and sustain ourselves, but literally a shower to clean our cities and wash away the dirty excesses. 

The ecosystem is just an amazing array of literally everything we need and with checks and balances to keep the goings-on of the world suitable for His children. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

November 5, 2016

Corruption Vs Balance Of Power

Widely reported now in the media is this notion of a shadow government.

There is a difference between a true shadow government and the way our government is set up with two types of leadership.

- Career civil service are the regular public sector (government) employees. 

- Political appointees are the people installed upon a new President by the winning party, and they are the most powerful leaders and policymakers in the government. 

In  a sense, the "winner takes all" and the political appointees become the heads of all the executive branch agencies--viola, that is power!

The vast majority are people of the utmost integrity and deserving of our respect and gratitude for their leadership and what they do for our country. 

There are about 7,000 Senior Executive Service (SES) positions in the federal government, and about 90% are regular career civil service, and the remaining 10% are non-career political appointees. 

Aside from SES political appointees, there are another 3,000 other presidential and confidential (Schedule C) appointees (for a total of 4,000 presidential appointees running the government).

In a normal situation, this works just fine and civil service and politicals work hand-in-hand to advance the interests of this great nations. 

But when a nation becomes highly divided or an election looms and power is "up for grabs," then the leadership can diverge over the issues and perhaps some may even resort to extreme measures. 

If you're a political appointee (and maybe even one confirmed by the Senate), you still sort of by definition represent the interests of one party and their leadership over another--that's the two party system. 

And if your civil service, while you may have your personal leanings, as a professional, you're really there to do the best you can overall, that's your job!

What happens if the run-of-the-mill career civil service leaders have a hypothetical clash with political appointee leaders (such as before an extremely divisive election)?  

Ah, that can be some of the worst of politics and bureaucracy!

On one hand, you could get told (i.e. ordered) to do one thing, but on the other hand, what if partisanship would be getting in the way of function? 

While most of the time, "more is better"--like with the 3 branches of government and a 2 party system that serve as healthy checks and balances--in this unique situation, 2 may be dysfunctional at best. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

August 15, 2015

Answer Injustice With Justice

So what is amazing about government scandals is not that they happen, because of course, they do. 

But what is amazing is that the American public is frequently denied justice--whether committed under Democratic or Republican administrations.


Maybe this is because the Justice Department is headed by the Attorney General a political appointee of the President, rather than being independent.   


The President oversees all the government agencies in the Executive Branch of the government, including the Department of Justice (DOJ).


When any of the government agencies in the Executive Branch do something wrong, what should happen is that the Department of Justice (including the FBI) would investigate and bring the offenders to justice. 


But instead, a politically motivated President can direct a politicized Justice Department to stand down--and in a sense end up being the "Chief Obstructionist."


Obviously every agency is headed by political appointees who serve at the pleasure of the President and who further the administration's vision, but Justice is unique. 


And if you follow the news, I am sure you can think of more than a few examples where Congress has gotten involved to investigate and even request action by DOJ, but yet nothing seems to happen. 


What is disappointing is that we would like to think that every leader is an icon of righteousness, integrity, and propriety, but instead partisan politics can get in the way, and the leader ends up protecting, whitewashing, or covering up the very wrongdoing that needs to be corrected.


The government system cannot work for the people and the country, if it cannot be accountable to them to do the right thing.


The President--no matter what political affiliation--must assure and be perceived as assuring that everyone under his/her watch is doing the right thing. 


And if and when they stray from serving the people of this country, it should be the President who leads the charge to make it right. 


We all would respect a leader that recognizes and course-corrects when things go astray and does it with integrity and justice--that makes a truly great Democracy.  ;-)


(Source Photo: Rebecca Blumenthal)

Share/Save/Bookmark

June 14, 2013

No Such Agency (NSA) Listening To No Such Information (NSI)

The National Security Agency (NSA) frequently referred to by the secretive surname of No Such Agency is at the forefront of our signals intelligence (SIGINT) and in protecting America--they are amazing!

Recently, there is a lot of controversy about the PRISM program for sifting through communications looking for terrorist contacts, plans, and imminent attacks to be foiled. 

Is this necessary for security or a violation of our privacy? 

Of course, we value our privacy and generally wish we had more. (For me growing up in the busy and crowded city that never slips, I craved a little more quiet and secluded life and that's how I ended up in the Washington D.C. suburbs).

Anyway, if your an average hard-working Joe or Jane, what do you fear about PRISM?

For me, if "they" are tracking calls or listening--this is what they hear:

- The occasional squabble with my loving wife (yes, we drive each other nuts sometimes).

- My teenage kids hanging up their phone on me, not wanting to hear my brilliant (in my own mind) parental advice and guidance.

- My elderly parents lecturing me and telling me that I should go to synagogue more often.

- The daily life transactions with the plumber, the cable service, and the credit card company. 

If your honest and loyal, and the system works fairly, the way it's supposed to, your communications are just some transmission packets travelling through cyberspace to carry out your life's goings on.

Then again, if you're crooked, a traitor, or planning to or have hurt someone, well then your up against some very powerful technology tools and (hopefully) your going to get caught and get what's coming to you.

The big concern then is not when the system works well and fairly, but when it's used corruptly, fraudulently, or for political ends. 

Then it's not what someone overhears you say or sees you do that's a real concern, but rather, with all the advanced electronics and technology, what can be made up about you to address personal or political gripes, grievances, or just settle a score.  

You don't have to be afraid (generally) of what you do honestly, instead you need to fear the dishonesty of those who can or are apt to misuse the technology for their own ends.

Then what you really did or said, can be taken out of context, exaggerated, edited, spliced, or otherwise doctored to something else entirely. 

This is why the integrity and ethical backbone of those who run the country and our vital institutions are of paramount importance.

With honesty, ethics, and justice--a surveillance system can greatly enhance national security. Without these things, they can be a tool of corruption. The best protection is not unplugging the system, but hooking in lots of internal and external controls to keep it honest.   ;-)

(Source Photo: here by LittleBirth)


Share/Save/Bookmark

January 30, 2010

Diplomacy and the Pitfalls of Dictatorship

Let's say yes to sound governance, and no to absolute power...

Power is a strange thing: the more you have, the more you want – it’s never enough. It’s an addiction of the soul that often results in poor decision-making and project failure.

I remember a teacher in high school that used to repeat to us the maxim that “absolute power corrupts absolutely.” Obviously someone has to be in charge and get things done, but there is more than one way to achieve results:

The first and crudest method that we have seen since the dawn of humankind is dictatorship. This is the aforementioned tendency for those in power to collect it, savor it, and protect it—and to want to wield it alone. Often those with power, not enlightened by the benefits of sharing and “checks and balances,” like to hold decision-making power for themselves. While perhaps made “in consultation” with others, it is their decision and theirs alone to make. Thus, decisions by the individual are more subjective, prone to mistakes, and driven as much by gut, intuition, and personal whim as by real facts. Furthermore, those who have to carry out the decisions do not understand them as well and are not as committed to their success because they weren’t fully part of the process.

A better method is diplomacy, when we work with others to strategize, collaborate, and vet decisions. Working with others in this way may often costs more in terms of time and effort upfront to “work though the issues,” but invariably these result in better and less-costly decisions being made in the long run. Diplomacy works especially well when the group you are working with is diverse and can bring a variety of experiences and perspectives to the table. You end up seeing things in ways that you would have missed otherwise.

Working through the decision process with others on a governance body (councils, boards, committees)—with individuals representing the universe of our stakeholders—provides a solid mechanism for all perspectives to be heard and for decisions to be scrutinized and challenged before being implemented. This is what good governance is all about.

Of course, there are occasions when diplomacy may fail and governance bodies may become dysfunctional. When groups fail to work together, dictators can sweep in and take over or, on the other hand, there can result endless bickering, a state of analysis paralysis, and no decisions being made at all. This is why governance must be well defined, structured, have an end-to-end process, and clear roles and responsibilities.

Although sometimes dictators can be brilliant and effective in getting things done and we can all think of business leaders who fit this style, too often these individuals can become drenched in their own “absolute power”—falling victim to ego and selfishness, and making decisions that are not in the best interest of the organization. This is a condition that must be countered with solid, structured organizational governance, in which decision-makers work with others collaboratively and share in the decision-making process, and the collective interests and those of the organization as a whole are put above those of the individual. In this way, diplomacy protects us from the whims and errors of dictatorship.

This is one of the nice things about our system of government, where despite the many strong differences of opinion and results that we may not always agree with, the system of checks and balances results in governance by the people for the people, where everybody has a chance to participate and be heard.


Share/Save/Bookmark

February 25, 2009

Security Architecture Q&A

Recently, I was interviewed on the subject of Security Architecture and was given permission to share the Q&A:

In general, what kinds of information security issues does an organization face?

The overarching information security issue in any organization is one of communication, collaboration and the need for transparency vs. the need to protect information from being compromised. Information security is about more than just "stopping leaks." It is also about making sure that people don't intercept, interject or otherwise manipulate agency information for their own ends.

A related issue has to do with protecting the agency's critical IT infrastructure from physical or cyber attack. It's the age-old conflict: If you lock it down completely, then you're protecting it, but you also can't use it. And if you open yourself up altogether, then obviously it won't be long before somebody takes aim.

Finally, the largest threat to an organization's information is clearly from insiders, who have the "keys to the kingdom." And so one must pay great attention to not only the qualifications, but also the background, of the employees and contractors entrusted with access to IT systems. Additionally we must institute checks and balances so that each person is accountable and is overseen.

How do leaders demonstrate security leadership?

Leadership in the area of security is demonstrated in a variety of ways. Obviously the primary method for demonstrating the importance of this function is to formalize it and establish a chief information security officer with the resources and tools at his or her disposal to get the job done.

But security leadership also means building an awareness of risk (and countermeasures) into everything we do: education, awareness, planning, designing, developing, testing, scanning and monitoring.

When new applications or services are being planned and rolled out, does security have a seat at the table?

I can't imagine any organization these days that doesn't consider security in planning and rolling out new applications or services. The real question is, does the organization have a formal process in place to provide certification and accreditation for IT systems? By law, federal agencies are required to do this.

Would you say that information security is generally tightly integrated into organizational culture?

I think that a security mindset and culture predominate in professions where security is paramount, such as law enforcement, defense and intelligence, for obvious reasons.

But the larger question is, how would other organizations make the transition to a culture of greater information security? And this is actually a really important question in today's age of transparency, social networking, Web 2.0, etc., where so much information is freely flowing in all directions. One approach that I have adopted as a culture-changing mechanism is to treat key initiatives as products to be marketed to a target audience. The IT security professional needs to be a master communicator as well as a technical expert, so that employees not only grudgingly comply with necessary measures, but are actively engaged with, and support, their implementation.

At the end of the day, the organization's information security is only as strong as its weakest link. So security has to be as deeply ingrained into the culture and day-to-day operations as possible.

Is information security an inhibitor to new initiatives?

Information security is one of many requirements that new initiatives must meet. And of course there will always be people who see compliance as an inhibitor. But the reality is that security compliance is an enabler for initiatives to achieve their goals. So the key for IT security professionals is to keep educating and supporting their stakeholders on what they need to do to achieve success and security at the same time.


Share/Save/Bookmark

September 19, 2008

Three Branches of Government and Enterprise Architecture

The constitution, as we all know, sets up a wonderful form of government with three branches--the legislative, executive, and judicial--which function holistically and with checks and balances.

Architecture and Governance Magazine, Volume 4, Issue 2, has an article called “IT Architecture in Action” by Richard Reese that compares the major steps of architecture to the branches of our government, as follows:

  • The legislative branch—“sets the policy [and] establishes technical direction” To me, the legislative aspect of architecture is carried out by the EA program. The program develops the methodology, framework, policies, and processes, and develops the architecture blueprints for our organizations. Of course, EA does this based on the requirements of the organization, just as congress sets direction based on the needs and wishes of their constituents (i.e. this is the way it is supposed to work).
  • The judicial branch—“creates and runs the ‘governing body,’ which manages compliance and recommends changes to policy and standards.” This is clearly the EA board (EAB) and Investment Review Board (IRB). The EAB reviews new and major changes to IT projects, products, and standards and provides findings and recommendations to the Investment Review Board, which issues decisions on authorizing, prioritizing, and funding the IT projects.

While the article does not address the executive branch, I would add it in to the analogy like this:

  • The executive branch—implements the EA through day-to-day management of business and technology. This is done by the line of business program/project managers and IT professionals! They ensure the business requirements and technical solutions align to and comply with architecture. They implement the letter and spirit of the target architecture and transition plan by implementing segment and solutions architectures for the operation of the business and it technology support

Just as the three branches of government cannot function without each other, so to the functions of an enterprise architecture program cannot be successful without the others. The EA program sets the overall architectural policy and direction; the EAB and IRB vets and adjudicates the IT investments in accordance with the architecture; the business and technical professional executes or carries out the architecture with programs and projects to meet the business strategic, tactical, and operational needs.

Similar to the three branches of government, the EA program, boards, and business/technical professionals are each separate, but work together and counter balance each other to establish architecture direction, interpret it on a project by project basis, and execute those projects to modernize and transform the organization.


Share/Save/Bookmark

April 2, 2008

Hacker Camps and Enterprise Architecture

One of the perspectives of the enterprise architecture is Security. It details how we secure the business and technology of the organization. It includes managerial, operational, and technical controls. From an information security view, we seek confidentiality, integrity, availability, and privacy of information.

Who are we protecting the enterprise from in terms of our information security? From hackers of course!

How do we protect ourselves from hackers? By teaching our security professionals the tricks of the trade—teach them how to hack!

The Wall Street Journal, 1 April 2008, reports that “Hacker Camps Train Network Defenders: Sessions Teach IT Pros to Use Tools of the Online Criminal Trade.”

“In such sessions, which cost about $3,800, IT pros typically spend a week playing firsthand with the latest underground computer tools. By the end of the week, participants are trained as ‘ethical hackers’ and can take a certification test backed by the International Council of Electronic Commerce Consultants.”

Overall more than 11,000 people have received the ‘ethical hacker’ certificate since 2003; nearly 500 places world-wide offer the training.”

Why do we need to teach these hacking tools to IT security professionals?

They need to understand what they’re up against so they can more effectively plan how to protect against the adversary. Know thy enemy!

How large is the IT security issue?

The average large U.S. business was attacked 150,000 times in 2007…the average business considered 1,700 of these attacks as sophisticated enough to possibly cause a data breach. In addition, the number of unique computer viruses and other pieces of malicious software that hackers tried to install on computers and IT networks doubled to 500,000 last year from 2006…[and it’s expected] to double again in 2008.”

It’s great that we are advancing the training of our information security champions and defenders, but what about those who take the course, but are really there to learn hacking for the sake of hacking? How many of the 11,000 ‘ethical hackers’ that have been trained are really ethical and how many are using their newfound knowledge for more nefarious ends?

From an enterprise architecture standpoint, we need to ensure that we are not giving away the keys of the kingdom to anyone, including our own IT security staff—through hacker training. Also, we need to be careful not to rely on any one individual to maintain the security order of things. We need to plan our security using a system of checks and balances, just like the constitution lays out for the governance of the nation, so that even the chief information security officer (CISO) is accountable and has close oversight. Finally, we need to institute multiple layers of defense to work best we can to thwart even the determined hackers out there.
Share/Save/Bookmark