Electrical Cataclysm

Warning from the former director of CIA in the Wall Street Journal...

We are grossly unprepared for an EMP attack on this country!

Dire reports from the EMP Commission from 2004 and 2008 have been "much neglected"!

The threat comes from nation states and terrorist organizations who can detonate a nuclear device above our skies by ICBM, SCUD missile (for example from a freighter near our shores), a space-launched vehicle that lifts satelittes into orbit, and even from low-yield nuclear weapons closer to home. 

Russia and China "have considered limited nuclear-attack options that...employ EMP as the primary or sole means of attack."

North Korea in 2012 orbited a satellite compatible with such a small nuclear warhead "for the delviery of a surprise nuclear EMP attack against the U.S."

Here's the clincher on the damage this could do to us:

"Within 12 months of a nationwide blackout, up to 90% of the U.S. population could possibly perish from starvation, disease, and social breakdown."

But for roughly $2 billion dollars we could protect the national electrical grid with surge arrestors, faraday cages and more. 

However, the bills to authorize this and protect us are stalled.

This is a known threat that our enemies are preparing for and what are we doing sitting on our hands, again? 

Or as the comedian Lewis Black says, "If we're going nowhere as a country, why can't we get there faster?"  ;-)

(Source Photo: here with attribution to Wil C. Fry)

Electrical Cataclysm

Antimissile System for Airlines

Elbit Systems has an antimissile system that can protect commercial airlines from short range, shoulder fired missiles (MANPADs).

The military air fleet of the U.S., U.K., and Australia already have installed such devices to protect them.

Another system by Northrop Grumman is installed for heads of state like on Air Force One and Germany has ordered it for their Chancellor's plane. 

But the Elbit C-Music is being used already on Israel's commercial airlines, El AL and Israir. 

The thermal targeting device of C-Music uses a precise laser to deflect the incoming heat seeking ground to air missiles and save the passengers and plane. 

According to the Wall Street Journal, a bill to mandate such devices for American commercial airlines would cost approximately $43 billion over 20 years. 

While this system would not work against the type of sophisticated multiple launch rocket systems that brought down Malaysia Airlines Flight 17, it would go along way to enhance our anti-terrorism measures and protect Americans and other travelers coming to/from the U.S. 

Please don't shoot down this idea...  ;-)

Antimissile System for Airlines

Risk In The Eye Of The Beholder

Should I do it or is it too risky?

That's a question we ask ourselves many times a day.

- Open our mouths at work or keep a lid on it.

- Run to catch that train or bus or slow down and go more carefully.

- Eat that greasy burger and fries or opt for a salad and smoothie.

- Invest in that highflier stock or put your money in the "G" fund.

The Wall Street Journal presents risk management as both quantifiable and qualitative. 

For example, a MicroMort (1 MM, and sounds like micro fart) is "equal to one-in-a million chance of death."

An average American has a 1.3MMs chance of a "sudden, violent end" on any given day. 

However, climb to the base camp at Mount Everest (at 29K feet), that's over 12,000 MM, base jump at only 430 MMs per jump, parachute 7 MM, and go on a roller coaster at only .0015 MM. 

So there you have it--statistics tell the risk story!

But not so fast, our risk calculations also take into account our qualitative values. For example, we tend to lower the risk in our minds of postpartum depression (10-15% or higher) because we value having a baby. 

Similarly, we tend to think driving (1 MM per 240 miles) is safer than flying (1 MM per 7,500 miles) because we believe we are in control of the automobile, as opposed to a passenger jet flown by a couple of pilots. 

The result, "Scariness of an activity isn't necessarily proportionate to its risk."

That means that you can easily make a mistake and underestimate risk, because of your personality or cultural and social biases. 

Rock climb at your own risk...BUT do you really understand what that risk even is or are you driven to do something overly dangerous and maybe stupid. ;-)

(Source Photo: Andy Blumenthal)

Risk In The Eye Of The Beholder

Slow, Smooth, Fast

A colleague told me a good saying from the Navy Seals. 

"Slow is smooth, and smooth is fast."

The idea is that when we slow down and practice diligently, we give ourselves time and space to heal and to work to perfect our technique, so then when we need to execute, we can do it fast and flawlessly. 

Embedded in this concept is that we do things right the first time, and eliminate risk and having to do them needlessly again...slow down and nail it!

In martial arts and other physical disciplines, this concept is honed by practicing in "motion study" and then "exploding" dynamically in executing upon the enemy. 

Slow, Smooth, Fast--practice makes (near) perfect. ;-)

(Source Photo: Andy Blumenthal)

Slow, Smooth, Fast

SCADA in Pictures

So SCADA are Supervisory Control and Data Acquisition systems.

They are a form of Industrial Control Systems (ICS) that monitor and control major industrial processes from power generation, transmission, and distribution, to water treatment, chemical production, air traffic control, traffic lights, building controls, and more. 

These are part of our nation's critical infrastructure. 

In the lab, we are able to use tools to capture and analyze communication packets and edit and re-use them to: 

- Turn on and off lights

- Open/close perimeter gates

- Control water and gas pipelines

- And even open and close a bridge

This was very scary!

No one, unauthorized, should be able to do this in real life, in the physical world. 

This is a major security vulnerability for our nation:

- SCADA systems should not be openly available online, and instead they should be able to be controlled only either locally or remotely through an encrypted virtual private network (VPN).

- SCADA systems should not be available without proper access controls--there must be credentials for user id and passwords, and even two-step authentication required. 

No one but vetted, cleared, authorized, and trained personnel should be able to monitor and control our critical infrastructure--otherwise, we are giving them the keys to disrupt it, destroy it, and use it for terror. 

We owe our nation and families better, much better. 

(Source Photos from lab: Andy Blumenthal)

SCADA in Pictures

Rejuvenate Like A Starfish

Good video on centralization vs. decentralization.

A spider is the model of a centralized organism or organization--cut of the head and the thing is dead. 

But a starfish is the epitome of one that is decentralized--if you cut off one of the arms (it doesn't have a head) of a Blue Linckia starfish, it just grows another one. And if you cut off all five arms, it grows five new starfish. 

So when it comes to organizations, do you want one like a spider, where all power, decision-making, and talent is concentrated at the top, and if you lose your senior executive(s), you've lost the innovation or operational effectiveness of the entire organization (think what happened when Apple lost Steve Jobs as an example)? 

Or do you want to be an organization that is more decentralized (less hierarchical) like the Starfish--where talent is widely dispersed and work is delegated to the many within. Here the organization's very survival is not threatened when something happens at the top or to somebody. 

In most cases, there is no perfect spider or starfish organization, but more of a hybrid model, where some functions (like HR, finance, communications) are centralized and others are decentralized (based on specific business expertise). 

To me the main point here is that an organization is made up of many individuals, and everyone in the organization is valuable; no one person can do everything and we should leverage each person according to their strengths and help them on their weaknesses. This gives each individual and the organization the best chance of rejuvenation and survival. ;-)

Rejuvenate Like A Starfish

Don't Let Debbie Downer Take You Down

Saturday Night Live has a spoof about Negative Nellie's and they call her Debbie Downer. 

We all know people like this who are the Voice of Doom and the Doctor No's.

Whatever the topic is--they've been there, done it, and have seen it fail--"We tried that before," "That's not the way we do things here," "You just don't understand," "It will never work."

They see danger and bad everywhere and in everything, even in the face of positive and promise. 

These are the people who are obstinate, the naysayers, and are against change at all cost--they fear it or just don't want to deal with it. 

BusinessWeek has an interesting perspective on this--how even these people can be employed to have a beneficial impact on projects--by having them tell you everything that can go wrong, so you can take steps to plan and mitigate against these. 

Some people only want to have positive people around them--"yes men," who only tell them how smart and right they are all the time. 

However, the best leaders don't want kiss ups and brown nosers, but rather value"truth tellers," who will provide them solid advice and guidance on issues, tell them when they think something is wrong or risky, and even take an opposing point of view or play devil's advocate.

I remember when I was asked about whether a certain project was going to meet a very near deadline, and I said point blank, "Do you want me just to say yes or do you want me to tell you the truth?"

I got a big smile to that and the appreciation that I was real and truthful and there to make a difference and not just be another lump on the log. 

The point is not to be a Debbie Downer or a brown noser, but to be an Honest Joe or Jane. ;-)

Don't Let Debbie Downer Take You Down

Getting It In Writing

So this is funny, this company, Knock Knock makes witty office supply products.

This one is a picture of file folders that say, "Useless documents to provide appearance of importance in meetings."

They have another set of folders with, "Papers to shuffle endlessly thereby accomplishing nothing."

These reminded of the importance of getting things properly documented, in writing. 

Otherwise you get the unfortunate scenario that goes something like this when coming to agreements with others:

- Person #1: "If it's okay, can I get that in writing?"

- Person #2: "You have my word. Don't you trust me?"

The end result is an undocumented verbal agreement, and this is invariably followed, at some future time, by a disagreement, as follows:

- Person #1: "Well we agreed [fill in the blank]."

- Person #2: "I don't recall that. Do you have it in writing?"

When someone refuses to give it to you in writing that is a clear warning sign, and bells and sirens should be going off in your head--loudly--that there is a problem.

The lesson is:

- Get it documented in writing, period. 

- Documents are not useless even if some people use them to look important or they get caught in paperwork paralysis. 

- Verbal agreements are a he says, she says losing game. 

- Avoid getting caught without the documentation that spells it all out--and you can put it in one of these cool folders too.  ;-)

Note: This is not a vendor or product endorsement. 

(Source Photo: Andy Blumenthal)

Getting It In Writing

Parole By Analytics

Interesting article in the Wall Street Journal about parole boards using software to predict repeat offenders before letting someone go free. 

What used to be a decision based on good behavior during time served, showing remorse to the parole board, and intuition is being augmented with "automated assessments" that include inmate interviews, age of first arrest, type of crime, and so forth.

At least 15 states have adopted "modern risk assessment methods" to determine the potential for recidivism. 

Individuals are marked as higher risk if they are:

- Young--age 18-23 (and impulsive)
- Offense was drug-related
- Suspended or expelled from school
- Quit a job prior to having another one 
- Single or separated
- Diagnosed with a mental disorder
- Believes that it's not possible to overcome their past. 

Surprisingly, violent criminals (rapists and murders) are actually considered lower risk those guilty of nonviolent property crimes--the thinking being the someone convicted of robbery is more likely to repeat the criminal behavior because the crime is one that "reflects planning and intent."

Honestly, I think it is more than ridiculous that we should rank violent criminals less risky than thieves and release them because they had what is considered an "emotional outburst."

Would you rather have some thieves back on the street or murders and rapists--rhetorical question!

But it just shows that even the best of systems that are supposed to help make better decisions--can instead be misused or abused.

This happens when there is either bad data (such as from data-entry mistakes, deceptive responses, and missing relevant information) or from poorly designed decision rules/algorithms are applied.

The Compas system is one of the main correctional software suites being used, and the company Northpointe (a unit of Volaris) themselves advise that officials should "override the system's decisions at rates of 8% to 15%."

While even a 1/7 error rate may be an improvement over intuition, we need to still do better, especially if that 1 person commits a violent hideous crime that hurts someone else in society, and this could've been prevented. 

It's certainly not easy to expect a parole board to make a decision of whether to let someone out/free in 20 minutes, but think about the impact to someone hurt or killed or to their family, if the wrong decision is made. 

This is a critical governance process that needs:

- Sufficient time to make important decisions
- More investment in tools to aid the decision process
- Refinement of the rules that support release or imprisonment
- Collection of a broad base of interviews, history, and relevant data points tied to repeat behavior
- Validation of information to limit deception or error.

Aside from predicting whether someone is likely to be repeat offenders, parole boards also need to consider whether the person has been both punished in accordance with the severity of the crime and rehabilitated to lead a productive life going forward. 

We need to decide people's fates fairly for them, justly for the victims, and safely for society--systems can help, but it's not enough to just "have faith in the computer." ;-)

(Source Photo: Andy Blumenthal)

Parole By Analytics

Insuring Against Cyber Attacks

More and more, our technology is at risk of a cyber attack. 

In fact, just today the Wall Street Journal reported that Iran has hacked into the Navy's unclassified network. 

While we can fix the computers that were attacked, the damage done in terms of data exfiltration and malware infiltration is another matter.

To fix the computers, we can wipe them, swap out the drives, or actually replace the whole system. 

But the security breaches still often impose lasting damage, since you can't get the lost data or privacy information back or as they say "put the genie back in the bottle."

Also, you aren't always aware of hidden malware that can lie dormant, like a trojan horse, nor can you immediately contain the damage of a spreading computer virus, such as a zero-day attack. 

According to Federal Times, on top of more traditional IT security precautions (firewalls, antivirus, network scanning tools, security settings, etc.), many organizations are taking out cybersecurity insurance policies.

With insurance coverage, you transfer the risk of cybersecurity penetrations to cover the costs of compromised data and provide for things like "breach notification to victims, legal costs and forensics, and investigative costs to remedy the breach."

Unfortunately, because there is little actuarial data for calculating risks, catastrophic events such as "cyber espionage and attacks against SCADA industrial controls systems are usually not covered. 

DHS has a section on their website that promotes cybersecurity insurance where they state that the Department of Commerce views cybersecurity insurance as an "effective, market-driven way of increasing cybersecurity," because it promotes preventive measures and best practices in order to lower insurance premiums and limits company losses from an attack. 

Moreover, according to the DHS Cybersecurity Insurance Workshop Readout Report (November 2012) cybersecurity insurance or risk transfer is the fourth leg of a comprehensive risk management framework that starts with risk acceptance, risk mitigation, and risk avoidance. 

I really like the idea of cybersecurity insurance to help protect organizations from the impact of cybersecurity attacks and for promoting sound cybersecurity practices to begin with.  

With cyber attacks, like with other catastrophes (fire, flood, accident, illness, and so on), we will never be able to fully eliminate the risks, but we can prepare ourselves by taking out insurance to help cover the costs of reconstituting and recovery. 

Buying insurance for cybersecurity is not capitulating our security, but rather adding one more layer of constructive defense. ;-)

(Source Photo: Andy Blumenthal)

Insuring Against Cyber Attacks

Mayim Chaim

You can only live about 3 days without water--that's why protecting our water is so critical.

Emergency Management (May/June 2013) says, "There are numerous ongoing threats to our water supply. Some of them [natural or man made] could be catastrophic."

- Water poisoning: Already in the 1st century, Roman Emperor Nero poisoned the wells of his enemies.  These days you'd need a large supply, like "several dump trucks of cyanide or arsenic to poison a reservoir.  Plus the water system is monitored and has purification protections such as chlorine, so it's not that simple. We can also issue "boil alerts" for people to boil the water before drinking it. Then again, we saw what some radiation did to the Japanese water supplies after Fukushima.

- Blowing it up: The water system infrastructure can be disrupted using explosives, so keeping intruders far away from it is important to keeping it safe.

- Earthquakes/Hurricanes: Much of the water system pipes are old--some built during the Civil War--and these can be destroyed by natural disasters or even a construction crew jackhammer hitting in the wrong place. 

- Electrical outage: If you shut down the electricity, you shut down the water pumps...and even with generators taking over for a while, your up against the clock, if you don't get the juice flowing again soon. 

- Cyber Attack: Our water systems, like other industrial control systems are vulnerable to cyber attack. A hacker that gets control of the systems could overheat it, overtreat it, flood it, or otherwise break it and shut it down. 

Keeping our water infrastructure secure, the water supply safe and potable, the transport pipes intact, the electricity working, and the systems under control--are not little matters--they are the difference between life and death for millions. 

As in The Rime of The Ancient Mariner, when the ship gets blown off course into unchartered waters and the crew is thirsty for water and desperate to survive, the poet states, "Water, Water. Everywhere. And All The Boards Did Shrink; Water, Water, Everywhere. Nor Any Drop To Drink."

In Hebrew, there is a short saying that sums up this topic, "Mayim Chaim"--water is life. ;-)

(Source Photo: Dannielle Blumenthal)

Mayim Chaim

When The Solution Is Worse Than The Problem

Not to be crude, but we had some clogged plumbing over the weekend.

We tried everything to get it working again--plunger, snake, and even some septic tank treatment.

Nothing seemed to work, so at one point, my wife looked up on the Internet what to do, and it said to unwind a hanger and try that.

Well this turned out to be a huge mistake and I must've gotten too close to the chemical fumes--my eyes were burning. 

I ended up in the ER with my eyes being flushed for close to 2 hours. 

Afterwards, being very supportive and sitting with me in the hospital with my eyeballs hooked to suction cups and saline solution, my wife says to me, "This is a case when the solution (i.e. the results of our trying to fix the plumbing ourselves) is worse then the problem (the clog)."

I thought to myself boy was she right, and while it is good to be self-sufficient and try to fix and improve things ourselves, it is also good to know when to leave it to the experts. 

How many times do we foolishly try to do something where "we are out of our league," and actually can end up doing more harm then good. 

In this case, I could have seriously damaged my eyes--permanently--and am so grateful to G-d that everything turned out okay. 

Knowing our limits and accurately assessing risks can help us to know when to proceed ourselves and when to ask for some expert assistance. 

It's good do things for yourself and to try your best, but also value and know when to leverage other people's strengths.

With my eyes irritated and burning and being flushed out for what seemed like an eternity, I had some serious time to ponder what can happen when things go wrong.

Years ago, I learned to "Hope (and pray) for the best, but prepare for the worst," and I want to continue to work and improve on both these. ;-)

(Source Photo: Andy Blumenthal)

When The Solution Is Worse Than The Problem

Seasaw, Yeah It's For Kids

There is an interesting new crowdsourcing application called Seesaw.

And like a seesaw goes up and down, you can take a picture and crowdsource decisions--thumbs up or down for what you should do.

Food, clothes, movies, more--I could imagine people even going so far as to use this for dating--Go out with them or not? Keep 'em or dump 'em?

While the possibility of having others chime in on your everyday life decisions is somewhat intriguing, social and fun...it also seems a little shallow and superficial.

Do you really need to ask your friends about everything you do or can you make simple day-to-day decisions yourself?

And when it comes to big decisions, perhaps you need more than a picture with a thumbs up or down to give the decision context, evaluate pros and cons, think through complex issues, and make a truly thoughtful decision--perhaps some genuine dialogue would be helpful here? 

Finally, many decisions in life come at the spur of a moment--should I or shouldn't I--and you don't have the benefit of saying hold on "let me take a picture and get some of my friends opinions on this"--life waits for no one and timing is often everything!

It is good to get other people's opinions (i.e. the proverbial "second opinion") as well as to do what my father used to tell me which is to "sleep on it," because things look different over night and in the morning.

But while you should consider what others think--in a meaningful way--in the end, you need to trust your inner self and take responsibility for your own decisions. ;-)

Seasaw, Yeah It's For Kids

Cyberweapons Power Up

In you haven't heard of Project Aurora, this is a wonderful segment from 60 Minutes on this cyberwar project. 

Faced with some of the worst case scenarios for cybergeddon, Idaho National Labs set out in 2007 to test what would happen to a 27-ton power generator if the researchers hacked into it from a mere laptop. 

The turbine was sent instructions that would essentially tear itself apart--and in the video you can see what happened--it shudders, shakes, smokes, and ultimately destroys itself. 

The test was a grand success demonstrating our capabilities to conduct cyberwar operations against an adversary.  

Interestingly, Reuters reported the Symantec researchers "uncovered a version of Stuxnet from the end of 2007 that was used to destroy two years later about 1,000 Iranian centrifuges used in their Natanz nuclear uranium enrichment facility for alleged development of weapons of mass destruction. 

The flip side of this cyberwar test is the realization of the potential blowback risk of cyberweapons--where adversaries can use similar technology over the Internet against our critical infrastructure--such as SCADA industrial control systems for the power grid, water treatment, manufacturing, and more--and cause potentially catastrophic events.

As stated toward the end of the video, this is a type of "pre 9/11 moment" where we identify a serious threat and our vulnerability and we need to act to prevent it--the question is will we? 

Cyberweapons Power Up

Chicken Big And The Asteroids

The story of Chicken Little running around yelling that "The sky is falling" has become the epitome of those who "cry wolf" about the world ending--falsely worrying about and predicting catastrophic events.

However, the reverse can be true as well--where people say, "The sky is not falling," when it really is. This is a "Chicken Big" event--where people are afraid "big time" of admitting the truth and so they hide themselves and others from it. Sort of like saying "What I don't know can't hurt me!"

Yesterday was just such as Chicken Big--hide your head in the sand--moment.

Asteroid DA14 passed just 17,000 miles from the Earth--less than the distance from New York to Sydney! It was 140 foot long and 143,000 tons, and possessed the destructive power 700 times that of the atomic bomb dropped on Hiroshima. According to the Wall Street Journal (13 Feb. 2013) it was able to devastate a region the size of the San Francisco Bay area.

While, thank G-d, this dangerous asteroid missed us, just a few hours earlier, a meteor about 55 feet long and 10,000 tons exploded over the Ural Mountains in Russia, with the destructive power of 33 Hiroshima-size atomic bombs injuring 1,000 people and damaging 4,000 buildings.  

Of course, it is a frightening reminder of what could've happened had asteroid DA14 hit as well. 

The Guardian reported that according to The European Space Agency "No link between the events is thought possible," and the Wall Street Journal (15 Feb. 2013) declared that it "was just a coincidence".

Interestingly, the Journal itself states that a meteor event such as that which exploded over Russia yesterday happens "every 100 years," and even more, the chances of the asteroid that passed very close overhead actually hitting Earth occurs "once every 200 to 1,000 years," with the next close pass over earth not expected again until 2046. Thus, these types of events don't happen exactly every day, do they?  

So what are the chances of these 2 events (one exploding overhead and the other a near miss) occurring simultaneously yesterday--just hours apart!

People need to know--deserve to know the truth about the dangers we face--not to cry wolf--but rather to help us as a society and civilization recognize the genuine dangers we face, so we can adequately take precautions and prepare ourselves. 

Interestingly enough, the WSJ states, "We have the technology to deflect these asteroids" with spacecraft to impact into them and "gravity tractors" to change their trajectory--the one thing we need is "years of advance warning."

Let's acknowledge the meteor explosion yesterday in Russia and be grateful that it wasn't over a heavily populated major urban area, where the effect could've been much worse, and of course the same with the near flyby of the asteroid--and resolve to invest in the monitoring, tracking, and defensive technologies to keep us safe from a future catastrophe where the sky really is falling.

Calling the two cosmic events yesterday a "coincidence" is a Chicken Big event--buck, buck, buck. ;-)

 (Source Photo: here with attribution to Sascha Grant)

Chicken Big And The Asteroids

One-Two-Three Punch For Cyber Security

Here are three crafty ideas for improving our cyber security that can be used to protect, prevent, and recover from attacks:

1) Intrusion Deception (not detection)--Mykonos Software aims to protect websites by putting up a virtual minefield--"setting traps to confound hackers." When the software detects hackers trying to infiltrate, it can flood hackers with false information on vulnerabilities that goes nowhere, mess with the hackers computers such as by pop-up flashing maps of their locations and local defense attorneys, and disrupt their connections and slow down their hacking attempts (Bloomberg BusinessWeek).

2) Scamming The Scammers--Notorious email spams such as from Nigeria that look to ensnare victims into wiring money overseas in order to secure some lost fortune costs $9.3 billion in losses in 2009. Psychology professors Chris Chabris and Daniel Simons suggest that we can prevent many scammers from succeeding by raising the cost of their doing business by scamming them with " baiters" that send responses to scammers and occupy them but never actually send any money. They suggest that artificial intelligence could actually be used to create "automated scam-baiters bots" simulating potential gullible victims. These bots could even be programmed to provide phony account numbers and data to scammers to really get them spun up. (Wall Street Journal)

3) Insuring Again Losses--Insurance is a common way to manage risk by purchasing coverage for potential liabilities--this is used to indemnify against losses for everything from auto accidents to home fires, personal theft, and business interruptions. However, according to Bernard Horovitz, CEO of XL Insurance's Global Professional Operations, businesses (and of course, individuals) are rarely are covered by insurance for hacker attacks. Insurance companies are now offering specialty products to recover from the insuring liabilities. Additionally, the insurers will "help with preventing and mitigating cyber crime" through security audits. (Wall Street Journal)

These three cyber security strategies are great examples of how we can make it technically and financially more difficult for cyber attackers to succeed in geting in a knockout punch on their victims. ;-)

(Source Photo: Minna Blumenthal)

One-Two-Three Punch For Cyber Security

Go Safe or Go For It?

I came away with some thoughts on risk taking watching this scene from the movie "Lies and Alibis."

The girl says: "Simple is boring."
The guy answers: "Boring is safe."
The girl responds: "Safe is for old people."

(Note: nothing personal here to the elderly. Also, hope I didn't get the who said which thing wrong, but the point is the same.)

Take-a-way: Very often in life we aren't sure whether to take a risk or not. Is it worth it or is it reckless? And we have to weigh the pros and cons, carefully!

- We have to ask ourselves, where's the risk and where's the reward?

We have to decide whether we want to try something new and accept the potential risk or stay stable and go safe with the status quo that we already know.

At times, staying with a bad status quo can be the more risky proposition and change the safer option--so it all depends on the situation. 

- We also have to look at our capabilities to take chances: 

For example, in terms of age appropriateness--it can be argued that younger people can take more risk, because they have more time to recover in life, should the situation go bad. 

At the same time, older people may have more of a foundation (financial savings, built-up experience and education, and a life-long reputation) to take more chances--they have a cushion to fall back on, if necessary. 

- In the end, we have to know our own level of risk tolerance and have a sense of clarity as to what we are looking for and the value of it, as well as the odds for success and failure.

It's a very personal calculation and the rewards or losses are yours for the taking. Make sure you are ready to accept them!

Finally--always, always, always have a plan B. ;-)

(Source Photo: Andy Blumenthal)

Go Safe or Go For It?

A Little Issue of Trust

When we went to a local DQ and tried to use the restroom, the door was locked. 

Realizing there was no one inside, we went to counter and asked for the key.

The lady behind the counter pulls out this long, heavy chain with this little key on it. 

Apparently, they have had an issue with people walking off with their bathroom key, and they didn't want to trust their key to just any holder. 

But with this mamouth keychain--literally a chain--this was not going to happen to them again. 

Now the problem is what do you do with it when you are in the bathroom? 

Perhaps, this could be a spin on walking and chewing gum at the same time. 

Good luck with this one! ;-)

(Source Photo: Andy Blumenthal)

A Little Issue of Trust

Cloud $ Confusion

It seems like never before has a technology platform brought so much confusion as the Cloud.

No, I am not talking about the definition of cloud (which dogged many for quite some time), but the cost-savings or the elusiveness of them related to cloud computing.

On one hand, we have the Federal Cloud Computing Strategy, which estimated that 25% of the Federal IT Budget of $80 billion could move to the cloud and NextGov (Sept 2012) reported that the Federal CIO told a senate panel in May 2011 that with Cloud, the government would save a minimum of $5 billion annually.

Next we have bombastic estimates of cost savings from the likes of the MeriTalk Cloud Computing Exchange that estimates about $5.5 billion in savings so far annually (7% of the Federal IT budget) and that this could grow to $12 billion (or 15% of the IT budget) within 3 years, as quoted in an article in Forbes (April 2012) or as much as $16.6 billion annually as quoted in the NextGov article--more than triple the estimated savings that even OMB put out.

On the other hand, we have a raft of recent articles questioning the ability to get to these savings, federal managers and the private sector's belief in them, and even the ability to accurately calculate and report on them.

- Federal Computer Week (1 Feb 2012)--"Federal managers doubt cloud computing's cost-savings claims" and that "most respondents were also not sold on the promises of cloud computing as a long-term money saver."

  - Federal Times (8 October 2012)--"Is the cloud overhyped? predicted savings hard to verify" and a table included show projected cloud-saving goals of only about $16 million per year across 9 Federal agencies.

  - CIO Magazine (15 March 2012)--"Despite Predictions to the Contrary, Exchange Holds Off Gmail in D.C." cites how with a pilot of 300 users, they found Gmail didn't even pass the "as good or better" test.

- ComputerWorld (7 September 2012)--"GM to hire 10,000 IT pros as it 'insources' work" so majority of work is done by GM employees and enables the business.

Aside from the cost-savings and mission satisfaction with cloud services, there is still the issue of security, where according to the article in Forbes from this year, still "A majority of IT managers, 85%, say they are worried about the security implications of moving to their operations to the cloud," with most applications being moved being things like collaboration and conferencing tools, email, and administrative applications--this is not primarily the high value mission-driven systems of the organization.

Evidently, there continues to be a huge disconnect being the hype and the reality of cloud computing.

One thing is for sure--it's time to stop making up cost-saving numbers to score points inside one's agency or outside.

One way to promote more accurate reporting is to require documentation substantiating the cost-savings by showing the before and after costs, and oh yeah including the migration costs too and all the planning that goes into it. 

Another more drastic way is to take the claimed savings back to the Treasury and the taxpayer.

Only with accurate reporting and transparency can we make good business decisions about what the real cost-benefits are of moving to the cloud and therefore, what actually should be moved there. 

While there is an intuitiveness that we will reduce costs and achieve efficiencies by using shared services, leveraging service providers with core IT expertise, and by paying for only what we use, we still need to know the accurate numbers and risks to gauge the true net benefits of cloud. 

It's either know what you are actually getting or just go with what sounds good and try to pull out a cookie--how would you proceed? 

(Source Photo: Andy Blumenthal)

Cloud $ Confusion

The iFirefighter

This the the first fire fighting robot and is built by Howe and Howe called the Thermite. 

Key features:

- Moves steadily on treads instead of wheels

- 1 ton of fire fighting power

- Fits through most doorways

- Douses fires with 600 gallons per minutes

- Doesn't tire like a human firefighter 

- Costs about $96,000 per unit

- Useful in chemical, radiological and other hazardous incidents

While I generally like these fire fighting robots, there are a number of  thoughts that come to mind about these:

- If someone is caught in a burning building or otherwise needs to be rescued, I believe that for now we are still going to be on the lookout  for the real human hero to come through the door and save the day. 

- The next advance will be autonomous firefighting robots (firefighting drones that can identify the fire, encircle it, and put the right suppressants to work to put it out quickly and safely.

- Soon it will be drones, drones everywhere--fighting everything from fires to the enemy and we will no longer be just people, performing alone, but surrounded by our little assistants--perhaps pulling the majority of the weight, leaving higher value activities to us humans.

The iFirefighter