Showing posts with label Proactive. Show all posts
Showing posts with label Proactive. Show all posts

August 22, 2014

Smart Electronic Skin

I liked this concept reported on in BBC Technology about using swarms of sensors to create a type of electronic or "smart skin."

Like nerves in our human skin, multitudes of sensors placed on anything that we want to monitor, could create a sensing/feeling and reporting mechanism for evaluating the health or condition of that thing. 

Rather than wait for something to fail or break, we could actively collect information on changes in "temperature, strain, and movement" and other environmental impacts to analyze and predict any issues and proactively address them with countermeasures, maintenance, or fixes. 

As human beings, we are architected with regular monitoring and self-healing biological systems to protect ourselves from daily dangers around us, we can develop homes, factories, transport, robots, and everything important around us with similar properties to be more durable, last longer and be more productive.  

When we emulate in our own development efforts what G-d has created for the good in the world, we are on the right track. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

July 4, 2013

The Five Phases Of Medicine

In many respects, medicine has come a really long way, and yet in other ways it seems like it still has so far to go. 

For example, while antibiotics are used to routinely treat many bacterial infections, there are few antiviral treatments currently available--and we are left with the proverbial, "take two aspirin and call me in the morning."

Similarly, heart attacks, strokes, cancers and so many other ailments still take their victims and leave the bereaving family asking why?

In thinking about medicine, there are five major historical phases:

1. Do nothing: Get hurt or ill, and you're as good as dead. You shudder at the words "There is nothing we can do for you." Average lifespan for folks, 30s.  If you're lucky (or wealthy), you may make it into your 40s or even reach 50. 

2. Cut it: Diseased or damaged limb or body part, chop it off or cut it out surgically.  I still remember when the people in my grandparents generation called doctors, butchers. 

3. Replace it: When something is kaput, you replace it--using regenerative medicine, such as stem cell therapy (e.g. for bone marrow transplants or even for growing new tissue for teeth) and bioprinters (like a 3-D printer) to make new ones. 

4. Heal it: Envision a future with self-healing microbes (based on nanotechnology) in the blood and tissues that detect when a body part is dangerously ill and deploys repair drones to fix them.  There is no need to cut it off or replace it, you just fix it. And perhaps with DNA "profiling"(don't like that word), we'll be able to tell what a person is predisposed to and provide proactive treatments. 

5. Eliminate it: Ok, this is way out there, but could there come a time, when with technology (and of course, G-d's guiding hand) that we can eradicate most disease. Yes, hard to imagine, and with diseases that adapt and morph into other strains, it would be hard to do--but that doesn't mean it's impossible. 

I still am shocked in the 21st century with all the medical advances and technology that we have that the doctors still say for everything from routine colds, to viruses, sores, growths, and more--"Oh, there's nothing we can do for that." 

Yet, there is what to look forward to for future generations in terms of better medicine and perhaps with longer and better quality of life.

My grandfather used to say, "No one gets old without suffering"--let's hope and pray for less and less suffering with future medical technology advances. ;-)

(Source Graphic: Andy Blumenthal)
Share/Save/Bookmark

January 27, 2012

Cyber War - The Art of The Doable

CBS 60 Minutes had a great episode this past June called Cyber War: Sabotaging The System.

The host Steve Kroft lays the groundwork when he describes information or cyber warfare as computers and the Internet that is used as weapons and says that "the next big war is less likely to begin with a bang than with a blackout."

This news segment was hosted with amazing folks like Retired Admiral Mike McConnell (former Director of National Intelligence), Special Agent Sean Henry (Assistant Director of the FBI's Cyber Division), Jim Gosler (Founding Director of CIA's Clandestine Information Technology Office), and Jim Lewis (Director, Center for Strategic and International Studies).  

For those who think that cyber war is a virtual fantasy and that we are safe in cyberspace, it's high time that we think again.  

Here are some highlights:

- When Retired Admiral McConnel is asked "Do you believe our adversaries have the capability of bringing down a power grid?"  McConnell responds "I do." And when asked if the U.S. is prepared for such an attack, McConnell responds, "No."

- Jim Gosler describes how microchips made abroad are susceptible to tampering and could "alter the functionality" of let's say a nuclear weapon that needed to go operational, as well as how they "found microelectronics and electronics embedded in applications that shouldn't be there." 

- Special Agent Henry talks about how thieves were able to steal more than a $100 million from banks in less than half a year, not by holdups but through hacking. 

- Jim Lewis tells of the "electronic Pearl Harbor" that happened to us back in 2007, when terabytes of information were downloaded/stolen from our major government agencies--"so we probably lost the equivalent of a Library of Congress worth of government information" that year and "we don't know who it is" who broke in.  

The point is that our computers and communications and all the critical infrastructure that they support--including our defense, energy, water, transportation, banking, and more are all vulnerable to potentially lengthy disruption.

What seems most difficult for people to grasp is that the bits of bytes of cyberspace are not just ephemeral things, but that thy have real impact to our physical universe.   

Jim Lewis says that "it doesn't seem to be sinking in. And some of us call it 'the death of a thousand cuts.' Every day a little bit more of our intellectual property, our innovative skills, our military technology is stolen by somebody. And it's like little drops.  Eventually we'll drown. But every day we don't notice."

Our computer systems are vulnerable and they control virtually all facets of lives, and if the enemy strikes at our cyber heart, it is going to hurt more than most of us realize.  

We are taking steps with cyber security, but we need to quickly shift from a reactive stance (watching and warning) to a proactive posture (of prevention and protection) and make cyber warfare a true national priority.
Share/Save/Bookmark

April 17, 2010

City 2.0 Makes City Sense

They call it City 2.0—that is cities that are IT enabled with all sorts of sensors and smart technology.

  • Cameras monitor traffic flow.
  • Sensors test water quality and monitor sewage runoff.
  • Smart meters keep track of energy usage.
  • Acoustical systems monitor structural integrity of bridges and other infrastructure.
  • Building management systems control ventilation, lighting, power, fire, and security.
  • Environmental monitoring tracks weather, smog, and even potential natural disasters.

And I think this is all probably still just the beginning…

Governing Magazine, April 2010 has an article entitled “The Sentient City” by Zach Patton” that describes how systems are helping cities “send resources to the street corner where gangs are converging, manage traffic before it becomes congested, and respond to emergencies seamlessly—automatically—before they’re even reported.”

With technology, we are able to be not only more aware of our surroundings, but also be more proactive in managing them.

There are many critical technology elements that come into play for a sentient city:

  • Sensors—for awareness of what is going on
  • Networking—for linking together the sensors with the backend systems
  • Storage—for housing all the incoming city data
  • Business Intelligence—for making sense of it all
  • Alerting—for notifying authorities and citizens of important happenings

According to analyst Rob Enderle, with technologies for a sentient city, “you can run a city cheaper and have happier and safer citizens.” Further, according to the article, the city “becomes a more efficient place for people to live and work. It also means a government can do more with less.”

Obviously, there is significant investment that needs to be made in city infrastructure, systems, and people to make this next generation of city living a complete reality.

But with the investment will come rewards of more and better information for managing all the people, places, and things interacting with each other in the environs.

The flip side of a sentient city is a certain degree of risk to people’s privacy. For example, where cameras and other sensors abound, people’s comings, goings, and doings could become subject to invasive scrutiny.

In this case, a little information can become a dangerous thing without adequate safeguards as to what can be monitored, when, and with how much personally identifiable information. For example, this issue is currently being dealt with at airports full body technology scanners that are programmed to hide a person’s facial identity.

The benefits of sensing and monitoring our environment are great in terms of efficiencies, safety, and security of our citizens, and I believe that this capability will grow from discrete sensing systems into more holistic city management systems that monitors all the city’s functions and operations, feeds this information into dynamic knowledge centers, and provides real-time information for managing day-to-day city living more intelligently and proactively.

As our population grows and our major city centers continue to have to deal with the ever greater potential for overcrowding, traffic, dirt, crime, and other facets of close knit metropolitan life, our need for more and better information for managing these will become ever more critical to support the continued livability and likability of our cities that we call home.


Share/Save/Bookmark

March 6, 2010

Overcoming the Obstacles to Cyber Security

There continues to be a significant shortfall in our cyber security capabilities, and this is something that needs our determined efforts to rectify.

Often I hear a refrain from IT specialists that we can’t wait with security until the end of a project, but rather we need to “bake it into it” from the beginning. And while this is good advice, it is not enough to address the second-class status that we hold for IT security versus other IT disciplines such as applications development or IT infrastructure provision. Cyber Security must be elevated to safeguard our national security interests.

Here are some recent statements from some our most respected leaders in our defense establishment demonstrating the dire strait of our IT security posture:

· “We’re the most vulnerable, we’re the most connected, we have the most to lose, so if we went to war today in a cyber war, we would lose.”- Retired Vice Admiral Mike Mullen (Federal Computer Week 24 February 2010)

· The United States is "under cyber-attack virtually all the time, every day” - Defense Secretary Robert Gates: (CBS, 21 April 2009)

· “The globally-interconnected digital information and communications infrastructure known as “cyberspace” underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century.” (White House CyberSpace Policy Review, 2009)

Further, the number of attacks is increasing; for example, SC Magazine 20 November 2009 reported that the number of cyber attacks against the Department of Defense was increasing year-over-year 2009 to 2008 by some 60%!

And the penetration of our critical systems spans our industrial, civilian, and defense establishment and even crosses international boundaries. Most recently reported, these included the following:

· F-35 Joint Strike Fighter $300B program at Lockheed Martin,

· The Space Shuttle designs at NASA

· The joint U.S. South Korean defense strategy

· The Predator feeds from Iraq and Afghanistan and more.

Thankfully, these events have not translated down en-masse and with great pain to the individuals in the public domain. However this is a double-edged sword, because on one had, as citizens we are not yet really “feeling the pain” from these cyber attacks. On the other hand, the issue is not taking center stage to prevent further and future damage.

This past week, I had the honor to hear Mr. James Gossler, a security expert from Sandia National Labs speak about the significant cyber security threats that we face at MeriTalk Innovation Nation 2010 on the Edge Computing panel that I was moderating.

For example, Mr. Gossler spoke about how our adversaries were circumventing our efforts to secure our critical cyber security infrastructure by being adept and agile at:

· Playing strength to weakness

· Developing surprising partners (in crime/terror)

· Changing the rules (“of the game”)

· Attacking against our defenses that are “naïve or challenged”

In short, Mr. Gossler stated that “the current state-of-the-art in information assurance [today] is significantly outmatched” by our adversaries.

And with all the capabilities that we have riding on and depending on the Internet now a days from financial services to health and transportation to defense, we do not want to be outgunned by cyber criminals, terrorists, or hostile nation states threatening and acting in ways to send us back to the proverbial “stone-age.”

Unfortunately, as a nation we are not moving quickly enough to address these concerns as retired Navy vice admiral Mike McConnell was quoted in Federal Computer Week: “We’re not going to do what we need to do; we’re going to have a catastrophic event [and] the government’s role is going to change dramatically and then we’re going to go to a new infrastructure.”

Why wait for a cyber Pearl Harbor to act? We stand forewarned by our experts, so let us act now as a nation to defend cyber space as a free and safe domain for us to live and thrive in.

There are a number of critical obstacles that we need to overcome:

1) Culture of CYA—we wait for disaster, because no one wants to come out first—it’s too difficult to justify.

2) Security is seen as an impediment, rather than a facilitator—security is often viewed by some as annoying and expensive with a undefined payback, and that it “gets in our way” of delivering for our customers, rather than as a necessity for our system to work

3) We’ve become immune from being in a state of perpetual bombardment—similar to after 9-11, we tire as human beings to living in a state of fear and maintaining a constant state of vigilance.

Moreover, to increase our cyber security capabilities, we need to elevate the role of cyber security by increasing our commitment to it, funding for it, staffing of it, training in it, tools to support it, and establishing aggressive, but achievable goals to advance our capabilities and conducting ongoing performance measurement on our initiatives to drive results.


Share/Save/Bookmark

February 27, 2010

Why Reputation Is The Foundation For Innovation

Toyota is a technology company with some of the most high-tech and “green” cars on the planet. But right now Totoya’s leaders seem to lack integrity, and they haven’t proactively handled the current crisis. As a result, everything they have built is in danger.

Too often, IT leaders think that their technical competency is sufficient. However, these days it takes far more to succeed. Of course, profitability is a key measure of achievement and sustainability. But if basic integrity, accountability, and open and skillful communication are absent, then no amount of innovation in the world can save you.

Looking back, no one would have thought that Toyota would go down in a flaming debacle of credibility lost. For years, Toyota ate the lunch of the largest American car manufacturers—and two of the three were driven to bankruptcy just last year. Moreover, they had a great reputation built on quality – and that rocketed Toyota to be the #1 car company in the world.

A reputation for quality gave Toyota a significant edge among potential buyers. Purchasing a Toyota meant investing in a car that would last years and years without defect or trouble—it was an investment in reliability and it was well worth the extra expense. Other car companies were discounting and incenting sales with low or zero interest rates, cash back, and extended warranties, and so on. But Toyota held firm and at times their cars even sold for above sticker price. In short, their brand elicited a price premium. Toyota had credibility and that credibility translated into an incredibly successful company.

Now Toyota has suffered a serious setback by failing to disclose and fix brake problems so serious that they have allegedly resulted in loss of life. Just today, the Boston Globe reports that Toyota has been sued in Boston by an individual who alleges that “unintended acceleration (of his Toyota vehicle) caused a single-car crash that killed his wife and left him seriously injured.” The Globe goes on to report that “dozens of people reportedly have been killed in accidents involving unwanted acceleration.”

While nothing is perfect, not even Toyota engineering, in my opinion the key to recovering from mistakes is to be honest, admit them, be accountable, and take immediate action to rectify. These are critical leadership must do’s! Had Toyota taken responsibility in those ways, I believe their reputation would have been enhanced rather than grossly tarnished as it is now, because ultimately people respect integrity above all else, and they will forgive mistakes when they are honest mistakes and quickly rectified.

Unfortunately, this has not occurred with Toyota, and the brake problems appear to be mistakes that were known and then not rectified—essentially, Toyota’s transgression may have been one of commission rather than simply omission. For example, this past week, the CEO of Toyota, Akio Toyoda, testified before Congress that “we didn’t listen as carefully as we should—or respond as quickly as we must—to our customer’s concerns.” However, in reality, company executives not only didn’t respond, but also actually apparently stalled a response and celebrated their success in limiting recalls in recent years. As Congressman Edolphus Towns, chairman of the House Committee on Oversight and Government Reform, stated: “Toyota's own internal documents indicate that a premium was placed on delaying or closing NHTSA investigations, delaying new safety rules and blocking the discovery of safety defects.” (Bloomberg News via the Austin American Statesman)

In other words, Toyota strayed from its promise to customers to put safety center stage. Rather, profit took over and became the benchmark of success.

Even the company’s own managers acknowledge the deep wound that this scandal has inflicted on the company, and have doubts about its leadership. According to the Wall Street Journal, a midlevel manager stated, “Mr. Toyoda cannot spell out how he plans to alleviate consumer worries….it is a recall after another, and every time Mr. Toyoda utters the phrase ‘customer first,’ it has the opposite effect. His words sound just hollow.’” Said another, “The only way we find out anything about the crisis is through the media….Does Mr. Toyoda have the ability to lead? That’s on every employee’s mind.”

Indeed, the Journal echoes these sentiments, noting that under Toyoda’s leadership, there was a focus on “getting the company back to profitability, after the company last year suffered it first loss in 70 years.” In other words, in an attempt to “reinstate frugality,” it appears that CEO Toyoda went too far and skimped on quality—becoming, as the saying goes, “penny wise and dollar foolish.” We will see if this debacle costs Toyota market share and hurts the bottom line over the intermediate to longer-term.

In recent times, we have seen a shift away from quality and credibility in favor of a fast, cheap buck in many sectors of the economy. For example, I have heard that some homebuyers actually prefer hundred-year-old homes to new construction due to their perception that the quality was better back then and that builders take shortcuts now. But somehow Toyota always stood out as a bulwark against this trend. It is therefore deeply disappointing to see that even they succumbed. While the company has a long road ahead to reestablish their credibility and rebuild their brand, I, for one, sincerely hope that they rediscover their roots and “do the right thing.”


Share/Save/Bookmark

January 9, 2010

Architecting A Secure Society

Once again, we are confronted with the basic security question of how much is the right amount?

It’s a classic catch-22 that requires us to architect security to meet opposing ends: we expect security to be as much as necessary to stop the terrorists, but as little as possible to ensure efficient travel and trade and maintain people’s privacy and equality.

In the last decades, we have behaved schizophrenically, calling for more security every time there is an attempted attack, only to withdraw and demand greater privacy protections, speedier security processing, and only random checks when things cool down.

The Wall Street Journal reported in the January 9-10, 2010 edition that the U.S.’s handling of security nowadays is an ever-losing proposition. The article calls it a virtual game of “Terrorball,” in which we cannot win, because there only two perpetual rules:

· “The game lasts as long as there are terrorists who want to harm Americans; and

· If terrorists should manage to kill or injure or seriously frighten any of us, they win.”

Based on the above, I believe that we can only win the game by changing its rules. Rather than being reactive to every terror scare, we are prepared with one approach—one that delivers an optimal level of security based on the current level of risk.

I recall when Michael Chertoff was Secretary of Homeland Security. During that time, he was a strong advocate for a risk-based approach that was multilayered, strong yet flexible enough to accommodate changing circumstances. From that perspective, which I think made a lot of sense: security decisions are made on the basis of objective criteria. These include technical feasibility, maximum effect, cost-benefit analysis, and so on.

A risk-based approach, or what I call “optimal security,” clearly makes a lot of sense. Yet it is tempting, when a security situation actually occurs, to let emotions get the better of us. On the one extreme, sometimes hysteria takes place and everybody seems a potential threat. Other times, we get angry that anyone at all is subjected to scrutiny or questioning.

In order to save the most lives and change the terror game, we have to decide to become more rational about the threat that faces us. This doesn’t mean being cold and calculating, but rather rational and proactive in developing a security architecture and governance that seeks to protect the most with the least negative impacts—but not trying to plug every possible hole at all costs.

In optimal security: sure, there is the ideal where we want to protect every American from every possible threat. However, there is also the reality where, because of competing priorities and scarce resources (to address everything from the deficit, health care, education, social programs, energy, science, defense, and more) we cannot—no matter how much we genuinely want to—prevent every terror instance.

So the terror playbook can and should be transformed. We can recognize there will always be terrorists—enemies of the state—who want to harm us and given enough attempts, no matter how optimal our security, they will occasionally get a sucker punch in on us—and we must be prepared for this. Moreover, rather than “freaking out” about this the terror threat, we can grow and commit to doing the best we can and accepting that we will increase security when information is there to support that need, and we will relax when that becomes possible.

Bottom line: We must move away from hysteria and any other factor that prevents us from being objective and make rational choices to deploy protections that are most effective and simultaneously safeguard our liberty.

“Life, liberty and the pursuit of happiness” captures the security debate well. We want to safeguard lives, but at the same ensure liberty and we want to be happy and not afraid all the time.

To accomplish this balance, our optimal security realization should be based on highly effective intelligence, supported by the very best technology, and a security platform that adjusts to threats in real time.

While our intelligence continues to strengthen and our technology continues to improve, the greatest challenge is our ability as a nation and as individual human beings to cope with the distress caused by terrorism.

We are ambivalent emotionally about the threat and what needs to be done to combat it. However, once we look inside and understand the emotions that this issue raises, and come to terms with reality we face, we will as a nation be more at peace and less likely to jump from one extreme to another in terms of our demands and expectations from those who protect us every day.


Share/Save/Bookmark

December 29, 2009

What Hollywood Can Teach Us About Fighting Terrorism

U.S. law enforcement officials have thwarted about two dozen known terrorist plots since 9/11 and there are probably lots more that haven’t made the papers. Some of them, like this month’s “Underwear Bomber” have nicknames, like the “Shoe Bomber” (2002), the “Lackawanna Six,” (same year), and the “Virginia Jihad” (2003). Others are known by geographical location, such as Fort Dix (2007) and the foiled plot against synagogues in the Bronx (2009). But one thing they all have in common is their determination to threaten and even destroy our freedom and way of life.

As a person who is deeply dedicated to America’s safety and security, both personally and professionally, I worry about the rise of terrorism that has sprung up in the past few decades. Terrorists are relentlessly determined to destroy our lives even if it means taking their own lives to do it. But what is even more frightening is that despite all the actions we have taken to fight terrorism, our culture remains deeply reactive. Can we really stay one step ahead and lucky forever?

The best example of our relative complacency in the face of a deadly threat is the policy of taking off our shoes for screening only after the case of the Shoe Bomber came to light. Now again, we waited for an Underwear Bomber before talking seriously and publicly about full body screening for all?

There is a saying that you can’t drive a car by looking in the rearview mirror, but unfortunately that seems to be the way our culture approaches the fight against terrorism. The focus should not be on stopping the last threat, but on anticipating and countering the future threat before it ever materializes.

To do this, we need to think like the bad guys do as well as conduct more exercises to expose our own security weaknesses (red teaming), rather than be surprised when the terrorists find our next Achilles heel.

In the particular case of the Underwear Bomber, it was particularly shocking that we knew this person was a threat. His own father warned us, yet we didn’t put him on the terrorist watch list or revoke his visa (as the British did). And just today I read that this individual told investigators there are literally hundreds more just like him, all waiting to strike.

Think about that for a second. There are seemingly endless terrorists out there, and they can have a 99% failure rate and still be “successful.” Yet U.S. and global law enforcement can’t fail at all—not even once—without dire and deadly consequences on a massive scale.

However, instead of gripping that unbelievable reality and treating it as the dire situation it is, there is actually talk about “rehabilitating” the terrorists. As if we have succeeded at rehabilitating “normal” criminals…now we are going to try and “deprogram” people who are religiously “inspired” to commit their diabolical deeds?

To adequately manage the new reality we face today, we must not only stay ahead of known threats, but also proactively envision new potential attack scenarios, prepare for them, and thwart them before they become potentially lethal.

A great place to start would be Hollywood; our entertainment industry has done a pretty good job of imaginatively exposing potential attack scenarios—in dozens of films from Air Force One to The Sum of All Fears, Executive Decision to The Peacemaker, and Arlington Road to The Siege, and many more.

There are also television shows like 24, with now seven seasons and counting, that keep Americans riveted to their seats week after week with terrorism plots that play out before our very eyes. We seem to generally view these as serious threats that are possible in our time.

I respect the President for openly acknowledging the "systematic failure," but it is going to take all of us to commit and follow through with ongoing security measures. It is not a one month or one year event (or even an 8 year event post 9/11), but rather a complete new security mindset that stays with us always.

We can and should learn from the visionary talent in our vibrant entertainment industry and from wherever else they may reside, and adopt creative and proactive thinking about terrorism and make this a regular part of our security culture. I understand that there are many forces at play here, and that most of us are not privy to some of the more sophisticated ways that we fight terrorism every day. But what I am talking about is our collective, public culture, which still seems to shrug off the seriousness of threats against us. For example, just today, I saw a sign in an airport that directed wheelchairs through security screening. It seemed almost an invitation to sew explosives into a wheelchair (although I understand that these are actually screened).

I have the deepest respect for the men and women who serve to protect us every day. But as a culture, it is long past time to wake up. We don’t have the luxury of collective denial anymore. We must embrace security as a fact of life, fully and in an ongoing manner.

Further, as we approach 2010, let us resolve to learn from the most imaginative people in our society about how we may think out of the box when it comes to combating terrorism.

In the real world, we must act now to quickly deploy new, more advanced screening technologies to our airports, marine ports, and border crossings, and employ our most creative minds to “outwit, outplay, and outlast” the terrorists who plot against us—whether in their shoes, their underwear, or wherever else their evil schemes might lead them.


Share/Save/Bookmark

December 7, 2009

Let's Not Understate the Cyber Threat

Wow. I read with some surprise and consternation an article in Government Computer News, 4 December 2009. In this article, the author portrays the fears of a “digital Pearl Harbor” or overwhelming cyber attack on the United States as overblown—almost as if it’s of no real possibility or significant impact. In short, the article states:

“What good would it do an attacker to take down the vital U.S. networks? While the damage to this country could be great, the benefit to an attack would be nil if it could not be followed up. The real threat of cyber warfare is not in stand-alone attacks, but in attacks coordinated with military action.”

While, I agree that a coordinated attack is obviously more dangerous than a cyber attack alone, the threat and potential damage of a cyber attack could potentially be devastating—with or without military action.

Let’s think for a second about how the military traditionally projects force around the world through conventional warfare—taking control of the air, land, and sea. Control the sea-lanes and you have power over 90%+ of international commerce. Control the land and you have power over people’s daily lives—including their ability to satisfy even basic needs for food, clothing, and shelter, their personal safety, and even their ability to govern themselves. Control the air and you control freedom of movement on the ground, people’s basic comings and goings. Traditional military power can affect just about every facet of people’s lives including ultimately the taking of life itself i.e. paying “the ultimate price.”

Now think for a second, about what a massive cyber attack could potentially do to us. At this stage in history, we have to ask ourselves not what elements could be affected by cyber attack, but what elements of our lives would not be impacted? This is the case since virtually our entire civil and elements of the military infrastructure are dependent on the Internet and the computers that are connected to them. If you “pull the plug” or corrupt the interconnected systems, “watch out” seems apropos.

The same areas that are vulnerable to traditional military attack are threatened by cyber attack: Commerce, Energy, Transportation, Finance, Health, Agriculture, (Defense)…are all deeply interwoven and dependent on our interconnected computer systems—and this is the case more and more.

Think e-Commerce, online banking and finance, manufacturing production systems, transportation systems, food production and safety, the energy grid, electronic health records, C4ISR, and so on.

While thank G-d, we have been spared a really devastating attack to date (if you exclude the massive data compromised/stolen in recent cyber attacks), we would be derelict in responsibilities for ensuring safety and security if we thought that was it.

Further, while unpleasant as it may be, we should consider the impact in terms of potential for physical harm or loss of life in the event of a serious cyber attack?

While many brush aside this possibility, there is certainly the potential. Even putting aside the potential public panic/chaos and ensuing loss of life and property that could occur in a serious attack, how about just taking out a single, major facility—like a dam, power plant, reservoir, electrical hub, transportation system, and so on. This is an important focus of efforts to ensure critical infrastructure protection, a public-private sector partnership initiative.

Rep. Lamar Smith, R-Texas said "Until we secure our cyber infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives.”

Sure, a severe and consequential attack would require ample skills, knowhow, resources, and sophistication—it is no small feat—but with the hosts of cyber criminals, terrorists, and hostile nation states out there increasingly trying to hack our systems, there is valid cause for concern.

This recognition of what’s possible does not mean it is probable or imminent. However, the awareness and understanding of our increasing dependence on the Internet and related systems and the acknowledgement that there are those out there—as in 9-11—who seek to do our country harm, should not blind us with fear, but rather spark us to constructively deal with the challenge and take proactive actions to secure the ever expanding realm of cyberspace.

The Executive Summary in the CyberSpace Policy Review that was conducted by the White House in 2009 sums it up, this way:

“The globally-interconnected digital information and communications infrastructure known as “cyberspace” underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century.”

We should not and cannot understate the possible threats against our nation, but rather we need to act responsibility and rationality, with resolve to protect our nation, before and not only after. As the CyberSpace Policy Review states:

“The Nation’s approach to cybersecurity over the past 15 years has failed to keep pace with the threat. We need to demonstrate abroad and at home that the United States takes cybersecurity-related issues, policies, and activities seriously.”

Fortunately, our nation has recognized the potential threat and is acting, as Security Focus reported on June 24, 2009: “The U.S. Secretary of Defense ordered the military to create a unified command to act as the nation's central hub for cyber capabilities and commanded the Pentagon to develop a policy framework for cyberspace operations.”

On a personal note, I am grateful for the many good, hardworking people in our military, civilian and private sector that are working to secure cyberspace for us, and believe we need to do this with vigor and resolve. It’s necessary in order to safeguard our future that is ever reliant on technology.


Share/Save/Bookmark

September 23, 2009

Realistic Optimism and Enterprise Architecture

Optimism can be a key to success in your personal and professional life!

The Wall Street Journal reported in Nov. 2007 that optimism leads to action and that “if even half the time our actions work out well, our life is going to turn out for the better…if you are a pessimist, you are unlikely to even try,” says Dr. Phelps an NYU neuroscientist. Similarly, Dr. Martin Seligman of the University of Pennsylvania observes that “optimists tend to do better in life than their talents alone may suggest.”

So while optimism is often “derided as a naïve, soft-soap disposition that distorts the realities of life,” Duke University researchers found that optimists actually lead more productive and by some measures, successful lives. For example, they found that optimists “worked longer hours every week, expected to retire later in life, were less likely to smoke and, when they divorced, were more likely to remarry. They also saved more, had more of their wealth in liquid assets, invested more in individual stocks, and paid credit-card debt bills more frequently.”

At the same time, overly optimistic people behaved in a counter-productive or destructive fashion. “They overestimated their own likely lifespan by 20 years or more…they squandered, they postponed bill paying. Instead of taking the long view, they barely looked past tomorrow.”

Overall though, “the influence of optimism on human behavior is so pervasive that it must have survival value, researchers speculate, and may give us the ability to act in the face of uncertain odds.”

Optimism coupled with a healthy dose of realism is the best way to develop and maintain the organization’s enterprise architecture plans and governance. Optimism leads the organization to “march on” and take prudent action. At the same time, realism keeps the enterprise from making stupid mistakes. An EA that is grounded in “realistic optimism” provides for better, sounder IT investments. Those investments proactively meet business requirements, but are not reliant on bleeding-edge technologies that are overly risky, potentially harmful to mission execution, and wasteful of valuable corporate resources.


Share/Save/Bookmark

June 22, 2008

What Not to Tell Your Boss and Enterprise Architecture

ComputerWorld Magazine, 20 June 2008, tells us five things you don’t want to tell the CIO and which I believe tracks closely with the enterprise architecture function and goals, as follows:

  1. “All about the technology -- and nothing about the business”—just like enterprise architecture is about business driving technology, rather than doing technology for technology’s sake, so too the CIO is interested in aligning business and technology. So don’t just go to the CIO talking technology solutions unless you have a clear understanding and can articulate the business requirements.
  2. “There's only one solution”—in enterprise architecture and IT governance, we validate requirements against the architecture—the baseline, the target, and the transition plan. It is especially important to check if there are existing systems, products, and standard that can be used to meet user requirements, rather than building or acquiring something from scratch. There is rarely only a single technology solution for a business problem. Therefore, we need to evaluate the proposed new IT investment in terms of the return on investment, risk management, strategic business alignment, and technical compliance. Additionally, we need to review the analysis of alternatives to make sure we are effectively managing our scarce IT resources.
  3. “Bad opinions about your colleagues”—EA planning and governance makes information transparent and enables better decision making. With EA information, vetting of IT investment and collaborative decision making, there is no need to point fingers at each other over failed IT projects. Instead, through sharing information and bringing IT project stakeholders together, we all have input into the decision process and share the project risk.
  4. “There's no way”—With enterprise architecture, rather than say there’s no way to achieve enterprise goals or overcome technical challenges, we develop a target and plan for how we will do it. No, the goals are not achieved overnight, but rather by following a meticulous and vetted plan, usually over a period of three to five years, we can transform the enterprise.
  5. A surprise”—Bosses don’t like surprises. In a professional setting, we usually like rational thinking, process, structure, and planning, so that we can effectively deal with the chaotic world out there. EA planning and structured governance helps the organization stay on course and not get surprised or thrown. The planning process itself involves looking at our strengths, weaknesses, opportunities, and threats, and makes us more self-aware and proactive as an organization, so there are less surprises waiting to ambush us.

EA helps us to NOT have to tell our boss, the CIO, things he doesn’t want to hear, because we are proactive in our approach to planning and governance.


Share/Save/Bookmark