9/11 - A Lesson In Risky Business

Corresponding to the 10th anniversary of 9/11, Bloomberg BusinessWeek (5-11 Sept 2011) has a great article on risk management called The G-d Clause.

When insurers take out insurance--this is called reinsurance, and reinsurers are "on the hook for everything, for all the risks that stretch the limits of the imagination"--that's referred to as The G-d Clause--whatever the almighty can come up with, the "reinsurers are ultimately responsible for" paying for it.

And obviously, when insurers and reinsurers don't well imagine, forecast, and price for risky events--they end up losing money and potentially going out of business!

Well when it came to 9/11, insurers lost fairly big financially--to the tune of $23 billion (it is in fact, the 4th costliest disaster since 1970 after Japan's tsunami, earthquake and Fukushima nuclear disaster ($235B), and hurricanes Katrina ($72B) and Andrew ($25B) in the U.S.)

Even Lloyd's "that invented the modern profession of insurance [and] publishes a yearly list of what it calls 'Realistic Disaster Scenarios,'" and while they had imagined 2 airlines colliding over a city, even they failed to anticipate the events of September 11, 2001.

According to the article, even insurers that make their living forecasting risks, "can get complacent."

And the psychology of the here and now, where "people measure against the perceived reality around them and not against the possible futures" is the danger we face in terms of being unprepared for the catastrophic events that await, but are not foretold.

In a sense, this is like enterprise architecture on steroids, where we know our "as-is" situation today and we try to project our "to-be" scenario of the future; if our projection is to far off the mark, then we risk either failing at our mission and/or losing money, market share, or competitive advantage.

The ability to envision future scenarios, balancing reality and imagination, is critical to predict, preempt, prepare, and manage the risks we face.

Post 9/11, despite the stand-up of a sizable and impressive Department of Homeland Security, I believe that our achilles heel is that we continue to not be imaginative enough--and that is our greatest risk.

For example, while on one hand, we know of the dangers of weapons of mass destruction--including nuclear, chemical, biological, and radiological devices--as well as new cyber weapons that can threaten us; on the other hand, we have trouble imagining and therefore genuinely preparing for their actual use.

Perhaps, it is too frightening emotionally or we have trouble coping practically--but in either case, the real question is are we continuing to proceed without adequate risk-loss mitigation strategies for the future scenarios we are up against?

Frankly, living in the suburbs of our nations capital, I am fearful at what may await us, when something as basic as our power regularly goes out, when we get just a moderate rain storm in this area. How would we do in a real catastrophe?

In my mind, I continue to wonder what will happen to us, if we proceed without taking to heart the serious threats against us--then the tragic events of 9/11 will have unfortunately been lost on another generation.

Like with the reinsurers, if we do not open our minds to perceive the catastrophic possibilities and probabilities, then the risky business that we are in, may continue to surprise and cost us.

(All opinions my own)

(Source Photo: here)

9/11 - A Lesson In Risky Business

Ten Years After 9/11

This video on the 9/11 memorial in NYC opening on 9/11/11 speaks for itself.

Enjoy and remember!

Ten Years After 9/11

G-d Bless America

Great job by the Silhouettes last night on America's Got Talent.

An inspiring remembrance for upcoming 10-year anniversary of 9-11.

Truly, the land of the free, brave, and talented.

G-d Bless America

IT as a Surrogate Weapon

There is a fascinating controversy going on now over the CIA plans to kill known al Qaeda terrorists. Should we “stoop to their level” and take them out or is this “assassination” style technique out of bounds for a free and democratic society?

Wow. I don’t think too many Americans the day after 9/11 would be asking that question.

We are quickly swayed by the events of the times and our emotions at play.

When 3,000 people—mostly civilians—were killed in a vicious surprise attack on our financial and military hubs in this country; when the Twin Towers were still burning and crashing down; when smoke was rising out of the Pentagon; and when a plane crashed in Pennsylvania—I think most of us would say, these terrorists need to be dealt a severe and deadly blow.

Who would’ve though that just a mere 8 years later, questions would abound on the righteousness of killing the terrorists who planned, executed, and supported these murderous attacks and still seek every day to do us incredible harm—quite likely with chemical, nuclear, biological, or radiological (CNBR) weapons—it they could pull it off in the future.

We are a society with a short-term memory. We are a reactive society. As some have rightly said, we plan to fight the wars of the past, rather than the wars of the future.

We are also a doubting society. We question ourselves, our beliefs, and our actions. And to some extent this is a good thing. It elevates our humanity, our desire to do what is right, and to improve ourselves. But it can also be destructive, because we lose heart, we lose commitment, we change our minds, we are swayed by political currents, and to some extent we swing back and forth like a pendulum—not knowing where the equilibrium really is.

What makes the current argument really fascinating to me from an IT perspective is that we are okay with drones targeting missiles at terrorist targets (and even with a certain degree of civilian “collateral damage”) from these attacks from miles in the sky, but we are critical and repugnant to the idea the CIA wanted to hunt down and put bullets in the heads of the terrorists who committed the atrocities and are unwavering in their desire to attack again and again.

Is there an overreliance on technology to do our dirty work and an abrogation of hands-on business process to do it with our own “boots on the ground” hands?

Why is it okay to pull the trigger on a missile coming from a drone, but it is immoral to do it with a gun?

Why is it unethical to fight a war that we did not choose and do not want, but are victims of?

Why are we afraid to carry out the mission to its rightful conclusion?

The CIA, interrogators, military personnel and so forth are demonized for fighting our fight. When they fight too cautiously—they have lost their will and edge in the fight, we suffer consequences to our nation’s safety, and we call them incompetent. When they fight too vigorously, they are immoral, legal violators, and should be prosecuted. We are putting “war” under a huge microscope—can anyone come out looking sharp?

The CIA is now warning that if these reputational attacks continue, morale will suffer, employees will become risk-averse, people will quit, and the nation will be at risk.

Do we want our last lines of defense to be gun-shy when the terrorists come hunting?

According to the Wall Street Journal, “one former CIA director, once told me that the ‘CIA should do intelligence collection and analysis, not covert actions. Covert actions almost never work and usually get the Agency in trouble.’”

The Journal asks “perhaps covert action should be done by someone else.” Who is this someone else?

Perhaps we need more technology, more drones to carry out the actions that we cannot bear to face?

I believe that we should not distinguish between pulling the trigger on a drone missile and doing the same on a sniper rifle. Moreover, a few hundred years ago the rifle was the new technology of the time, which made killing less brutal and dehumanized. Now we have substituted sophisticated drones with the latest communication, navigation and weapons technologies. Let’s be honest about what we are doing – and what we believe needs to be done.

(As always, my views are my own and do not represent those of any other entity.)

IT as a Surrogate Weapon

Decentralization, Technology, and Anti-Terror Planning

Given that 9/11 represented an attack on geographically concentrated seats of U.S. financial and government power, is it a good enterprise architecture decision to centralize many or all government headquarters in one single geographic area?

Read about Decentralization, Technology, and Anti-Terror Planning in The Total CIO.

Decentralization, Technology, and Anti-Terror Planning

Decentralization, Technology, and Anti-Terror Planning

Even though there hasn’t been a successful terrorist attack against the United States since 9/11, we are all aware that terrorists continue to seek ways to harm us. Of course, we have assets deployed nationally as well as internationally to protect our interests. However, there is always more that can be done. And one thing that immediately comes to my mind is decentralization.

The concept of decentralization is very simple. Rather than concentrating all your vital assets in one place, you spread them out so that if one is destroyed, the others remain functional. The terrorists already do this by operating in dispersed “cells.” Not only that, but we know that very often one “cell” doesn’t know what the other one is doing or even who they are. All this to keep the core organization intact in case one part of it is compromised.

Both the public and private sectors understand this and often strategically decentralize and have backup and recovery plans. However, we still physically concentrate the seat of our federal government in a geographically close space. Given that 9/11 represented an attack on geographically concentrated seats of U.S. financial and government power, is it a good enterprise architecture decision to centralize many or all government headquarters in one single geographic area?

On the one hand the rationale for co-locating federal agencies is clear: The physical proximity promotes information-sharing, collaboration, productivity, a concentrated talent pool, and so on. Further, it is a signal to the world that we are a free and proud nation and will not cower before those who threaten us.

Yet on the other hand, technology has advanced to a point where physical proximity, while a nice-to-have, is no longer an imperative to efficient government. With modern telecommunications and the Internet, far more is possible today than ever before in this area. Furthermore, while we have field offices dispersed throughout the country, perhaps having some headquarters outside DC would bring us closer to the citizens we serve.

On balance, I believe that both centralization and decentralization have their merits, but that we need to more fully balance these. To do this, we should explore the potential of decentralization before automatically reverting to the former.

It seems to me that decentralization carries some urgency given the recent report “World At Risk,” by The Commission on the Prevention of Weapons of Mass Destruction Proliferation and Terrorism—it states that “terrorists are determined to attack us again—with weapons of mass destruction if they can. Osama bin Laden has said that obtaining these weapons is a ‘religious duty’ and is reported to have sought to perpetuate another ‘Hiroshima.’

Moreover, the report goes on to state that the commission “believes that unless the world community acts decisively and with great urgency, it is more likely than not that a weapon of mass destruction will be used in a terrorist attack somewhere in the world by the end of 2013.”

Ominously the report states “we know the threat we face. We know our margin of safety is shrinking, not growing. And we know what we must do to counter the risk.”

Enterprise architecture teaches us to carefully vet and make sound investment decisions. Where should we be investing our federal assets—centrally or decentralized and how much in each category?

Obviously, changing the status quo is not cheap and would be especially difficult in the current global economic realty. But it is still something we should carefully consider.

Decentralization, Technology, and Anti-Terror Planning

Preventing Another 9/11 and Enterprise Architecture

From the tragic events of 9/11 came the Intelligence Reform and Terrorism Protection Act, the findings of the 9/11 Commission in 2004, and the Presidential memoranda in 2005 and 2007 to better share information.

ComputerWorld Magazine, 26 May 2008, reports that “nearly seven years after 9/11, information-sharing problems that hobble law enforcement are just beginning to be solved.”

What is the information sharing problem in law enforcement?

There are “20 federal agencies and 20,000 state, county, local, and tribal enforcement organizations nationwide.” The problem is how do you get this multitude of varied law enforcement organizations to share information to identify the bad guys?

While 75% of police agencies use automated systems to manage incident report data, only 25% of those systems are capable of sharing that information.

What’s being done to fix the problem?

First (not mentioned by ComputerWorld), the Office of the Director of National Intelligence (ODNI) is establishing common terrorism information sharing standards (CTISS) to drive and enable information sharing among Law Enforcement, Homeland Security, Intelligence, Military, and Diplomatic information domains.

Additionally, the Department of Justice is developing a data dictionary/schema to establish a “common vocabulary and structure for the exchange of data.” First, this took the form of the Global Justice XML Data Model (GJXDM) in 2003, and later took form in the National Information Exchange Model (NIEM) in 2005 that extended the effort from “law enforcement to other areas of justice, public safety, intelligence, homeland security, and emergency and disaster management.” (Note: Defense and the Intelligence Community have a comparable data standard initiative called U-CORE.)

This past March, DOJ and the FBI’s Criminal Justice Information Service (CJIS) division “began rolling out the National Data Exchange Initiative (N-DEx), a NIEM complaint database and data sharing network.” N-DEx provides “federated search capability across incident reports residing in state and local record management systems nationwide while allowing those records to be updated and maintained by their local owners.”

The goal is to have “the majority of the country participating” by 2009. The biggest obstacle is that many agencies’ systems have been so customized that integration is now challenging and expensive.

According to the FBI’s website, NDEx will be accessible via the internet and “includes several basic but vital capabilities, including searching and correlating incident/case report information and arrest data to help resolve entities (determining a person’s true identity despite different aliases, addresses, etc.). N-DEx will also create link analysis charts to assist in criminal investigations and identify potential terrorist activity.”

According to the NDEx brochure (available online at the FBI website), law enforcement agencies who participate in NDEX will:

• “Sign an operational Memorandum of Understanding (MOU)
• Identify and map incident/case data to the N-DEx Information Exchange Package Documentation (IEPD)
• Obtain network connectivity through an existing CJIS Wide-Area Network (WAN) or connect over the Law Enforcement Online (LEO). “

The architecture concept here is summed up nicely by Linda Rosenberg, Director of the Pennsylvania Office of Criminal Justice: “Now you don’t have to go back and build these data warehouses and totally redo your entire infrastructure.”

Instead, you plug in to the NDEx and share information that’s been mapped to the common data standards. NDEx provides the target infrastructure, while NIEM provides the data exchange standards. Together, we can share information for better achieving our law enforcement mission—protecting the American people.

Preventing Another 9/11 and Enterprise Architecture