May 19, 2012

Those In The Know, Sending Some Pretty Clear Warnings

There have been a number of leaders who have stepped up to tell people the real risks we are facing as a nation. 

They are not playing politics--they have left the arena. 

And as we know, it is much easier to be rosy and optimistic--let's face it, this is what people want to hear. 

But these leaders--national heros--sacrifice themselves to provide us an unpopular message, at their own reputational risk. 

That message is that poor leadership and decision-making in the past is threatening our present and future. 

Earlier this week (15 May 2011), I blogged about a documentary called I.O.U.S.A. with David Walker, the former Comptroller General of the United States for 10 years!

Walker was the head of the Government Accountability Office (GAO)--the investigative arm of Congress itself, and has testified before them and toured the country warning of the dire fiscal situation confronting us from our proclivity to spend future generation's money today--the spiraling national deficit.

Today, I read again in Fortune (21 May 2012) an interview with another national hero, former Admiral Mike Mullen, who was chairmen of the Joint Chiefs (2007-2011).

Mullen warns bluntly of a number of "existential threats" to the United States--nukes (which he feels is more or less "under control"), cyber security, and the state of our national debt. 

Similarly, General Keith Alexander, the Director of the National Security Agency (NSA) and the head of the Pentagon's Cyber Command has warned that DoD networks are not currently defensible and that attackers could disable our networks and critical infrastructure underpinning our national security and economic stability.

To me, these are well-respected individuals who are sending some pretty clear warning signals about cyber security and our national deficit, not to cause panic, but to inspire substantial change in our national character and strategic priorities.

In I.O.U.S.A., after one talk by Walker on his national tour, the video shows that the media does not even cover the event.

We are comfortable for now and the messages coming down risk shaking us from that comfort zone--are we ready to hear what they are saying?

(Source Photo: here with attribution to Vagawi)


Share/Save/Bookmark

May 18, 2012

Making Change Probable

An article this week in the Wall Street Journal (15 May 2012) called us "a nation of whiners."

The national insult aside, what was more important was that the author lamented that whining doesn't help, but problem-solving does!

According to the article, whiners can be treated therapeutically by:

1) Mirroring--letting people see/hear themselves in this state of learned helplessness.

2) Challenging--confronting whiners and asking them what they are going to do about their situation.

3) Encouraging--providing positive reinforcement when people make positive steps to taking control of their lives. 

Similarly, there are those who get stuck in a sort of professional rut, complaining about the status quo, but they have trouble working incrementally to try and change things.

A strong leader can help their people move on from the status quo, applying the therapeutic techniques above, but also by doing the following:

1) Inquire--talk with your people and find out what they think is working, isn't, and how things can be improved.

2) Envision--together, set a vision for a better future that addresses people's genuine concerns in the aggregate.

3) Empower--delegate specific actions so everyone can be a part of the solution; give them the authority along with the responsibility to make change possible.

4) Observe--monitor progress and review whether the changes being made are having a positive impact and where adjustments in strategy need to be made.

These are really fundamental leadership skills, but applied to people who are feel helpless, hopeless, or are just plain resistant to change, the key is how we exemplify forward momentum and help others feel they too can make a genuine difference. 

Bad situations are generally not life sentences, if we can but imagine positive change, break it down into incremental steps, and then put one foot in front of the other, and we are on our way. 

(Source Photo: here with attribution to Rifqi Dahlgren)

Share/Save/Bookmark

Meeting Busters, Come On Play Nice

The Wall Street Journal (16 May 2011) had a interesting portrayal this week of the various types of people that tend to spoil meetings. 

From low to high on nuisance level, these were as follows:

1) Jokesters--"cracks jokes, appropriate or not." 

2) Ramblers--goes on and on and often off topic.

3) Dominators--dictates to others with their opinions.

4) Naysayers--derails progress with negativity.

5) Plotters--passive-aggressive undermines decisions.

From my experience, I would add a few others (in no particular order):

6) Politicians--focuses on coming away looking good instead of on resolving issues. 

7) Positioners--vies for a bigger piece of the pie, whatever flavor it is. 

8) Honorees--comes to take all the credit, and politely thank everyone for their support. 

9) Bystanders--shows up, but can't or won't contribute anything of value.

10) Bewildered--unsure even why they are here, but were told to just show up. 

11) Malcontents--they are unhappy and they show it, so who cares anymore. 

12) Socializers--shares personal tidbits and whispers about where they want to go lunch or for happy hour afterwards. 

For all the meeting attendees out there, life is not a box of cherries, but you don't have to make it the pits! ;-)

(Source Photo: here with attribution to Voka - Kamer van Koophandel Limburg)

Share/Save/Bookmark

May 15, 2012

Getting Off The Debtor Highway


I.O.U.S.A. (2008) is the best explanation of our nation's financial problems and the deep severity of these that I have ever seen.

This video is a 1/2 hour condensed version of the full almost 1 1 /2 hour award-winning documentary.

David Walker, the former Comptroller General of the U.S. (1998-2008) is the star of this movie.

The documentary, with Walker's steadfast warnings, describes the 4 ominous deficits that are driving this country to Financial Armageddon:

1) Budget Deficit

2) Savings Deficit

3) Trade Deficit

4) Leadership Deficit

What is incredible is how rather than listening to Walker's exhortation, when the National Deficit was $8.7 trillion in 2007, just 5 years later now, there is a deficit going on nearly double that of $15.7 trillion.

We are facing a financial ticking time bomb that could result in huge inflation, economic stagnation, and the undoing of our economic and national security.

Moreover, towards the end of this year, we are facing the economic one-two punch of rising taxes and reduced national spending that could easily send our economy spiraling into recession or even depression.

Add to that rising interest rates, a financial crisis in the  European Union, a continued housing crisis and high unemployment at home, and a true economic reckoning is at hand.

Watch I.O.U.S.A. and become proponents for financial discipline for ourselves and for the country.

Share/Save/Bookmark

May 13, 2012

Facebook IPO--Love It, But Leave It

With the Facebook IPO scheduled for this week, valuing the company at as much as $96 billion, many investors according to Bloomberg BusinessWeek (11 May 2012) see this as overvalued.

Facebook will be the largest Internet IPO in history, and would be about 4 times as much as Google was valued at its IPO at $23 billion in 2003.

Further, Facebook could be valued at offering at 99 times earnings.

This is more than the price earnings ratio of 99% of companies in the S&P Index, yet even with some estimating sales of $6.1 billion this year, Facebook would only rank about 400 in the S&P 500.

True Facebook has amassed an incredible 900 million users, but the company's revenue growth has slowed for the 3rd year in a row.

Another article in BusinessWeek (10 May 2012) describes a new social networking contender called Diaspora.

Unlike Google+ which is predominantly a Facebook copycat, Diaspora is bringing something new and major to the table--they are addressing the privacy issues that Facebook has not.

Diaspora is a distributed (or federated) social network, unlike Facebook which is centralized--in other words, Diaspora allows you to host your own data wherever you want (even in the cloud).

Each of these independently owned Diaspora instances or "pods" (dispersed like in the Diaspora) make up a true social "network"--interconnected and interoperable computing devices.

With Diaspora, you own your own data and can maintain its privacy (share, delete, and do what you want with your information), unlike with Facebook where you essentially give up rights to your data and it can and is used by Facebook for commercial use--for them to make money off of your personal/private information.

When it comes to personal property, we have a strong sense of ownership in our society and are keen on protecting these ownership rights, but somehow with our personal information and privacy, when it comes to social networking, we have sold ourselves out for a mere user account.

As loss of personally identifiable information (PII), intellectual property, identity theft, and other serious computer crimes continues to grow and cost us our money, time, and even our very selves in some respects, alternatives to the Facebook model, like Diaspora, will become more and more appealing.

So with social networks like Facebook--it is a case of love it, but leave it!

Love social networking--especially when privacy is built in--and others don't have rights to what you post.

But leave it--when they are asking for your investment dollar (i.e. IPO) that could be better spent on a product with a business model that is actually sustainable over the long term.

(Source Photo: here with attribution to Allan Cleaver)

Share/Save/Bookmark

Stronger, Indeed.


Combine the Seattle Children's Hospital Hemoncology Unit with Kelly Clarkson's song "Stronger," and you have the true essence of bravery and hope. 

Having recently been in the hospital for a short time for my own health issues, I know how difficult it can be--how defeated it feels.

It is amazing when someone brings you just a glimmer of hope, how much stronger you can feel. 

For me, my family with me made a world of difference, but also when they brought me a laptop connecting me back to the world and giving me the ability to write and express myself.

Other hospital visits for other health issues have been longer in the past--and I want to run out the door, and there was a time that I actually did--walking around the grounds in my hospital gown--any way to be free. 

Having the freedom to help yourself, be yourself--and not just lay there--is a true gift.

When I see the little boy racing around the hospital floor in his go-car with the I.V. hanging off the back, I am inspired. 

As when I see the victims singing, dancing, and holding signs of hope and strength. 

May G-d have mercy on our ill and downtrodden and raise them up up to be stronger indeed.

Share/Save/Bookmark

May 12, 2012

It's Not iStuff, It's Your iFuture

There is an editorial in the Wall Street Journal (11 May 2012) called "Make It a Summer Without iStuff."

It is written by David Gelernter, Professor of Computer Science at the prestigious Yale University and I was much dismayed to read it.

With all due respect, Gelernter makes the case--and a poor one at that--for keeping kids away from technology.

He calls technology devices and the Internet, "the perfect anti-concentration weapon...turning a child's life into a comedy of interruptions."

Gelernter states pejoratively that the "whole point of modern iToys...is not doing anything except turning into a click vegetable."

Moreover, Gelernter goes too far treating technology and the Internet as a waste of time, toys, and even as dangerous vices--"like liquor, fast cars, and sleeping pills"--that must be kept away from children.

Further, Gelernter indiscriminately calls en masse "children with computers...little digital Henry VIIIs," throwing temper tantrums when their problems cannot be solved by technology. 

While I agree with Gelernter that at the extreme, technology can be used to as a escape from real, everyday life--such as for people who make their primary interaction with others through social networking or for those who sit virtually round-the-clock playing video games.

And when technology is treated as a surrogate for real life experiences and problem solving, rather than a robust tool for us to live fuller lives, then it becomes an enabler for a much diminished, faux life and possibly even a pure addiction. 

However, Gelernter misses the best that technology has to offer our children--in terms of working smarter in everything we do. 

No longer is education a matter of memorizing textbooks and spitting back facts on exams in a purely academic fashion, but now being smart is knowing where to find answers quickly--how to search, access, and analyze information and apply it to real world problems. 

Information technology and communications are enablers for us do more with less--and kids growing up as computer natives provide the best chance for all of us to innovate and stay competitive globally. 

Rather then helping our nation bridge the digital divide and increase access to the latest technologies and advance our children's familiarity with all things science, technology, engineering and math (STEM), Gelernter wants to throw us back in time to the per-digital age.

With the ever rapid pace with which technology is evolving, Gelernter's abolishing technology for children needlessly sets them back in their technology prowess and acumen, while others around the world are pressing aggressively ahead. 

Gelernter may want his kids to be computer illiterate, but I want mine to be computer proficient.  

iStuff are not toys, they are not inherently dangerous vices, and they are not a waste of our children's time, they are their future--if we only teach and encourage them to use the technology well, balanced, and for the good. 

(Source Photo: here with attribution to "Extra Ketchup," Michael Surran)


Share/Save/Bookmark

May 11, 2012

A Snake, A Fish, Whatever


Cool concert with Hadag Nahash at the Fillmore. 

Their name means fish-snake, but what's in a name?  :-)

They combine hip-hop, rock, and reggae and a mid-eastern flavor.

While the position in the front of the room gave me a good perch for the video, I learned that my ear drums could take only so much speaker-punishment.

Lot's of heart-pounding fun, and there is nothing like being there! 

Hope you enjoy.

Share/Save/Bookmark

May 10, 2012

Oh Deer!

This is an amazing photo by my daughter, Michelle Blumenthal. 

This deer just tried to jump a fence, but got impaled right through its neck--yikes! 

Truly a life lesson--it is good to reach high for what you want, but not to overreach. 

It really is a fine balance and takes self-awareness, discipline, and some good fortune. 

We have to know how much and how quickly to push ourselves to grow past prior limitations, but also recognize just how far we can make it on the next leap. 

Maybe that's one reason an incremental or phased approach is good.

It enables us to move ever forward, carefully planning and navigating our next steps, while hopefully not getting unnecessarily hung up by the life obstacles we must overcome. 

Good luck everyone!

Share/Save/Bookmark

May 6, 2012

Losing Trust In What We Need Most, Each Other

Last month, The Daily Beast (2 April 2012) ran a interesting article on "Why Humans, Like Ants, Need [To Belong] To A Tribe."

Throughout history, people have joined and held allegiance to groups and institutions "to get visceral comfort and pride from familiar fellowship." 

Belonging is a familiar way to get social connection, meaning, and to make the environment "less disorienting and dangerous."
Essentially, what this means it that we stand stronger together than we do alone and apart. 

Today, people search for "like-minded friends, and they yearn to be in the one of the best" groups--from elite fighting forces like our special operations to Ivy League universities, Fortune 500 companies, religious sects, and fraternities--we all want to be part of the best, brightest, and most powerful collectives.

On one hand, tribing is positive, in terms of the close friendships, networks, and associations we form and the problems that we can confront together.

Yet on the other hand, it can be highly negative in terms of bias, distrust, rivalry, outright hostility, and even open warfare that can ensure.

The downside to tribes occurs because their members are prone to ethnocentrism--belief that one's own group is superior to another and is more deserving of success, money, and power, while everyone else in the "out-groups" are deemed inferior, undeserving and worthy of only the leftovers. 

The negative side of tribes can manifest in the proverbial old-boys club at work looking out for each other to people associating hyper-closely with their favorite sports team and their symbolic victories and losses. 

Despite the risks of tribes, we have a strong innate genetic and cultural disposition to groups and institutions and the many benefits they can bring to us, so it is sad to see as The Atlantic reports (21 April 2012), that Americans have "lost trust in one another and the institutions that are supposed to hold us together."

The article states that the reasons for this are that we've been "battered by unbridled commercialism, stymied by an incompetent government beholden to special interests, and flustered by new technology and new media."

The result is that "seven in 10 Americans believe the country is on the wrong track; eight in 10 are dissatisfied with the way the nation is being governed."

So there is now a historical break from trusting in our affiliations, institutions, and government to one represented by the motto of "In nothing we trust."

Instead of turning to each other and bonding together to solve large and complex problems, there is the potential that "people could disconnect, refocus, inward, and turn away from their social contract."

Not having a tribe is worse than working through the difficult issues associated with affiliation--a society of alienated people is not better!

When people no longer feel bonded to institutions and the rules and governance they provide, we have a potential social meltdown.

This should of deep concern to everyone, because no man is an island

We can see this alienation in action as people withdraw from real world social interaction to spending more and more time online in the virtual world

Although there is some measure of interaction on social networks, the connections are at arms-length; when it gets inconvenient, we can just log off.  

One might argue that people are still affiliated with stakeholder-driven organizations and institutions (the government, the workplace, religion, etc.), but unfortunately these are being seen as having been usurped by false prophets and marketing types who who will say whatever it takes to get the popular nod and the job, and by fraudulent leaders who are in it to take far more than they ever planned to give.

What needs to happen now is to re-institute belief in the group by insisting on leaders that have integrity and a governance process underpinned by accountability, transparency, and diversity. 
 
To get out of our web of socio-economic problems, group trust and affiliation is vital to solving problems together


(Source Photo: here with attribution to CraigTaylor1974)

Share/Save/Bookmark

May 5, 2012

Understanding Risk Management

Information Security, like all security, needs to be managed on a risk management basis.  

This is a fundamental principle that was prior advocated for the Department of Homeland Security, by the former Secretary Michael Chertoff.  

The basic premise is that we have limited resources to cover ever changing and expanding risks, and that therefore, we must put our security resources to the greatest risks first.

Daniel Ryan and Julie Ryan (1995) came up with a simple formula for determining risks, as follows:

Risk = [(Threats x Vulnerabilities) / Countermeasures)]  x  Impact

Where:

- Threats = those who wish do you harm.

- Vulnerabilities = inherent weaknesses or design flaws.

- Countermeasures = the things you do to protect against the dangers imposed.

[Together, threats and vulnerabilities, offset by any countermeasures, is the probability or likelihood of a potential (negative) event occurring.]

- Impacts = the damage or potential loss that would be done.

Of course, in a perfect world, we would like to reduce risk to zero and be completely secure, but in the real world, the cost of achieving total risk avoidance is cost prohibitive. 

For example, with information systems, the only way to hypothetically eliminate all risk is by disconnecting (and turning off) all your computing resources, thereby isolating yourself from any and all threats. But as we know, this is counterproductive, since there is a positive correlation between connectivity and productivity. When connectivity goes down, so does productivity.

Thus, in the absence of being able to completely eliminate risk, we are left with managing risk and particularly with securing critical infrastructure protection (CIP) through the prioritization of the highest security risks and securing these, going down that list until we exhaust our available resources to issue countermeasures with.

In a sense, being unable to "get rid of risk" or fully secure ourselves from anything bad happening to us is a philosophically imperfect answer and leaves me feeling unsatisfied--in other words, what good is security if we can't ever really have it anyway?

I guess the ultimate risk we all face is the risk of our own mortality. In response all we can do is accept our limitations and take action on the rest.

(Source Photo: here with attribution to martinluff)

Share/Save/Bookmark

May 4, 2012

Leadership Cloud or Flood Coming?

I came across two very interesting and concerning studies on cloud computing--one from last year and the other from last month.

Here is a white paper by London-based Context Information Security (March 2011)

Context rented space from various cloud providers and tested their security. 

Overall, it found that the cloud providers failed in 41% of the tests and that tests were prohibited in another 34% of the cases --leaving a pass rate of just 25%!

The major security issue was a failure to securely separate client nodes, resulting in the ability to "view data held on other service users' disk and to extract data including usernames and passwords, client data, and database contents."

The study found that "at least some of the unease felt about securing the Cloud is justified."

Context recommends that clients moving to the cloud should:

1) Encrypt--"Use encryption on hard disks and network traffic between nodes."

2) Firewall--"All networks that a node has access to...should be treated as hostile and should be protected by host-based firewalls."

2) Harden--"Default nodes provisioned by the Cloud providers should not be trusted as being secure; clients should security harden these nodes themselves."

I found another interesting post on "dirty disks" by Context (24 April 2012), which describes another cloud vulnerability that results in remnant client data being left behind, which then become vulnerable to others harvesting and exploiting this information.

In response to ongoing fears about the cloud, some are choosing to have separate air-gaped machines, even caged off, at their cloud providers facilities in order to physically separate their infrastructure and data--but if this is their way to currently secure the data, then is this really even cloud or maybe we should more accurately call it a faux cloud? 

While Cloud Computing may hold tremendous cost-saving potential and efficiencies, we need to tread carefully, as the skies are not yet all clear from a security perspective with the cloud. 

Clouds can lead the way--like for the Israelites traveling with G-d through the desert for 40 years or they can bring terrible destruction like when it rained for 40 days and nights in the Great Flood in the time of Noah. 

The question for us is are we traveling on the cloud computing road to the promised land or is there a great destruction that awaits in a still immature and insecure cloud computing playing field? 

(Source Photo: here with attribution to freefotouk)


Share/Save/Bookmark

April 29, 2012

Strategy, Blue and Red and Successful All Over

Recently, I was reading about something called “Blue Ocean Strategy.”

The notion is that in pursuing differentiation, an organization’s aim is “not to out-perform the competition in the exiting industry [and to fight it out turning the oceans blood red), but [rather] to create a new market space or a blue ocean, thereby making the competition irrelevant.”

While I like the ocean’s metaphor and agree with the need for organizations to innovate and create new products and services (“blue oceans”), I think that competition (“red oceans”) is not something that is inescapable, in any way.

In profitable industries or market spaces, competition will enter until supply and demand equilibrium are met, so that consumers are getting more or less, the optimal supply at the requisite demand. The result is that organizations will and must constantly fight for survival in a dynamic marketplace.

Moreover, as we know, any organization that rests on its past successes, is doomed to the trash heaps of history as John Champers, the CEO of Cisco stated: It’s “easy to say we’re the best…we don’t need to change, but that’s exactly how you disappear.”

In essence, while we may wish to avoid a duke-it-out, red ocean strategy, every successful innovative, differentiation-driven, blue ocean strategy will result in a subsequent red ocean strategy as competitors smell blood and hone in for the kill and their piece of flesh and cut of market share, revenue, and profit hide.

To me, it is naïve to think that blue ocean and red ocean strategies are distinct, because every blue ocean eventually turns blood red with competition, unless you are dealing with a monopoly or unfair competitive environment that favors one organization over any others.

The key to success and organizational longevity is for innovations to never cease.  When innovation dries up, it is the moment when the organization begins their drowning decent into the ocean’s abyss.

So as with the lifecycle of all organizations, blue ocean strategies will eventually result in red oceans strategies.  Once this occurs, either the organization will leverage their next blue ocean strategy or bleed red until their body drains itself out and dies off—leaving the superior organization’s blue ocean strategy to carry the day.

Together, blue oceans and red oceans—drive the next great innovation and healthy competition in our dynamic, flourishing market.

(Source Photo: here with attribution to freezingmariner)

Share/Save/Bookmark

April 28, 2012

Governing the Internet Commons

Recently, I've been watching a terrific series called America: The Story of Us (12 episodes)--from the History Channel. 

It is a beautiful portrayal of the the founding and history of America.

One theme though that repeats again and again is that as a nation, we use the common resources and deplete them until near exhaustion. 

The show portrays an America of lush forests with billions of trees that are chopped down for timber, herds of 30 million buffalo slaughtered for their hides, rollings plains of cotton for a thriving clothing industry that is over-planted, a huge whaling industry used for oil that is over-fished.  

Unfortunately, as we know, the story is not just historical, but goes on to modern-day times, with fisheries depleted, whole species of animals hunted to extinction, energy resources furiously pumped and mined to a foreseen depletion, city streets turned into slushy slums, and national forests carelessly burned down, and more. 

The point is what is called the "Tragedy of the Commons"--where items held in trust for everyone is misused, overused, and ultimately destroyed. With private property, people are caretakers with the incentive to maintain or raise the value to profit later. However, with common property, people grab whatever they can now, in order to profit from it before someone else gets it first. 

This phenomenon was first laid out in the Torah (Bible) with a law for a "Shabbath Year" called Shmita mandating that people let fields (i.e agriculture) lie fallow for a full year every 7 years and similarly, the law of Jubilee (i.e. Yovel), that slaves be freed and loans forgiven every 50 years. I think that the idea is to regulate our personal consumption habits and return what the historical 
"commons" back to its normal state of freedom from exploitation.  

This notion was echoed by ecologist Garrett Harden in the journal Science in 1968, where he described European herders overgrazing common land with their cows to maximize their short-term individual profits at the expense of longer-term term societal benefits. Harden suggested that regulation or privatization can help to solve the "Tragedy of the Commons." 

In the 21st century, we see the modern equivalent of the commons with the Internet, which is an open, shared networking resource for our computing and telecommunications.Without protection, we have the Wild West equivalent with things like spam, malware, and attacks proliferating--clogging up the network and causing disruptions and destruction, and where some people use more than their fair share 

Here are some examples of the Tragedy of the Internet:

- Symantec reports that even with spam decreasing with the shutdown of spam-hosting sites, in 2011, it is still 70% of all emails.

- McAfee reports that malware peaked as of the first half of 2010, with 10 million new pieces.

- Kaspersky reports that web-based attacks were up to 580 million in 2010--8 times the amount of the previous year.

- Verizon Wireless reports 3% of their users use 40% of their bandwidth.

If we value the Internet and want to continue using and enjoying it, then like with our other vital resources, we need to take care of it through effective governance and prudent resource management.  

This means that we do the following:

1) Regulation--manage the appropriate use of the Internet through incentives and disincentives for people to behave civilly online. For example, if someone is abusing the system sending out millions or billions of spam messages, charge them for it!

2) Privatization--create ownership over the Internet. For example, do an Internet IPO and sell shares in it--so everyone can proverbially, own a piece of it and share financially in it's success (or failures). 

3) Security Administration--enhance security of the Internet through public and private partnership with new tools, methods, and advanced skills sets. This is the equivalent of sending out the constable or sheriff to patrol the commons and ensure people are doing the right thing, and if not then depending on who the violating actor(s) are take appropriate law enforcement or military action.

Only by managing the Internet Commons, can we protect this vital resource for all to use, enjoy, and even profit by. 

(Source Photo: here)

Share/Save/Bookmark

April 27, 2012

Securing The Internet: A Historical Perspective

This week, I had the opportunity take a great class in Cyber Security / Information Assurance.

As part of the class, we had to do a team project and my part was to present a brief history of the Internet and how this best positions the Federal Government to take the lead in securing the Internet.

Here is my part of the presentation:

Good morning. I am Andy Blumenthal, and I am here to talk with you today about the wealth of historical experience that the U.S. Federal Government has with managing the Internet and why we are best positioned to govern the security of it in partnership with the private sector and international community.

As you’ll see on the timeline, the U.S. Government has played a major role in virtually every development with the Internet from inventing it, to building it, and to governing it, and it is therefore, best prepared to lead in securing it.

It all started with the invention of the Internet by the government.

Starting in 1957 with the Sputnik Crisis, where the Soviets leaped ahead of us in putting the first satellite in Earth’s orbit—this caused great fear in this country and ultimately led to a space and technology race between us and the Soviet Union.

As a result of this, in 1958, the U.S. Government established the Advanced Research Projects Agency (or ARPA) to advance our technology superiority and prevent any future technology surprises.

In 1962, ARPA created the Information Process Techniques Office (IPTO) for enhancing telecommunications for sharing ideas and computing resources.

Finally in 1964, the concept of the Internet was founded with the publication by RAND (on contract with the Air Force) of “On Distributed Communications,” which essentially invented the idea of a distributed computing network (i.e. the Internet) with packet switching and no single point of failure.  This was seen as critical in order to strengthen the U.S. telecomm infrastructure for survivability in the event of nuclear attack by the Soviets.

The Internet era was born!

The U.S. government then set out to build this great Internet.

In 1968, ARPA contracted for first 4 nodes of this network (for $563,000).

Then in 1982, after 8 years of antitrust litigation, the U.S. government oversaw the breakup of AT&T into the Baby Bells in order to ensure competition, value, and innovation for the consumer.

In 1983, ARPANET split off MILNET, but continued to be linked to it through TCP/IP.

In 1987, the National Science Foundation (NSF) built a T1 “Internet Backbone” for NSFNET hooking up the nation’s five supercomputers for high-speed and high capacity transmission.

And in 1991, the National Research and Education Network (NREN, a specialized ISP) was funded for a five-year contract with $2 billion by Congress to upgrade the Internet backbone.

At this point, the Internet was well on its way!

But the U.S. government’s involvement did not end there, after inventing it and building it, we went on to effectively govern it. 

In 2005, the Federal Communication Commission (FCC) issued the Internet Policy Statement (related to Net Neutrality) with principles to govern an open Internet—where consumers are entitled to choice of content, apps, devices, and service providers.

And now, most recently, in 2012, we have a proposed bill for the Cybersecurity Act to ensure that companies share cyber security information through government exchanges and that they meet critical infrastructure protection standards.

You see, the government understands the Internet, it’s architecture, it’s vulnerabilities, and has a long history with the Internet from its invention, to its building, and its governance.

It only makes sense for the government to take the lead in the security of the Internet and to balance this effectively with the principles for an open Internet.   

Only the government can ensure that the private sector and our international partners have the incentives and disincentives to do what needs to be done to secure the Internet and thereby our critical infrastructure protection.

Thank you for your undivided attention, and now I will now turn it over to my colleague who will talk to you about the legal precedents for this. 

(Source Graphic: Andy Blumenthal)

Share/Save/Bookmark

April 24, 2012

Cyberwar--Threat Level Severe

!
This video is of an incredible opening statement by Rep. Michael McCaul (R-TX), Subcommittee Chairman on Oversight, Investigations, and Management on the topic--Cybersecurity Threats to the United States.

Some of the highlights from his statement:

- America's computers are under attack and every American is at risk.

- The attacks are real, stealthy, persistent, and can devastate our nation.

- Cyber attacks occur at the speed of light, are global, can come from anywhere, and can penetrate our traditional defenses.

- In the event of a major cyber attack, what could we expect? Department off Defense networks collapsing, oil refinery fires, lethal clouds of gas from chemical plants, the financial systems collapsing with no idea of who owns what, pipeliness of natural gas exploding, trains and subways derailed, a nationwide blackout. This is not science fiction scenarios. (Adapted from Richard Clark, former Senior Advisor of Cyber Security)

- It is not a matter of if, but when a Cyber Pearl Harbor will occur.  We have been fortunate [so far]. (Adapted from General Keith Alexander, Director of the NSA).

I believe we must address these threats and our vulnerabilities in at least five main ways:

1) Increase research and development for new tools and techniques--both defensive and offensive--for fighting cyberwar.

2) Establish a regulatory framework with meaningful incentives and disincentives to significantly tighten cybersecurity across our critical infrastructure.

3) Create a cybersecurity corps of highly trained and experienced personnel with expertise in both the strategic and operational aspects of cybersecurity.

4) Prepare nationwide contingency plans for the fallout of a cyberwar, if and when it should occur. 

5) Create a clear policy for preventing cyberattacks by taking preemptive action when their is a known threat as well as for responding with devastating force when attacks do occur. 

With cyberwar, just as in conventional war, there is no way to guarantee we will not be attacked, but we must prepare with the same commitment and zeal--because the consequences can be just, if not more, deadly.

Share/Save/Bookmark

April 22, 2012

I Hate Paper

Paper has been around for approximately two thousand years, since it's invention in China, and it has served as the medium of choice for recording and sharing information ever since. 

However, enter the age of information technology and we are now able to capture, process, and store far more information, quicker, cheaper, and more efficiently than we ever could with paper. 

Combine that with the environmental impact and the need to conserve, and we have numerous federal laws calling for the reduction or elimination of paper, to the extent practical.

1) The Paperwork Reduction Act (1980) calls for the Office of Management and Budget (OMB) to regulate collection of information and establish information policies to reduce the paper handled by the government. 

2) The Government Paperwork Elimination Act (1998) mandates the use of electronic forms, filings, and signatures for official business with the public. 

3) E-Government Act (2002) requires use of the Internet to improve citizen access to information and services. 

All three are a recognition of the need to move from costly paper-based processes and the management of maintenance of mountains of paper records to instead leverage information technology to re-engineer and improve the way we perform information management. 

It's funny, but for me it's almost become a personal crusade to make better use of information technology to perform our mission and business of government more effectively, and I personally keep as little paper records, as possible--instead choosing to manage predominantly online--and it's great.   

Aside from having a cleaner office--no paper files, I enjoy all the benefits of electronic filing, search, and the ability to quickly share files with others in the office without having to rummage through a stack of papers 3 feet deep! 

Working in some areas that are still paper intensive for case management and so on, I have taken on the mantra, which I frequency cite of "I hate paper!" 

No, I don't really hate it, but in order to change decades old manual and paper intensive processes, we need to exaggerate a little and tell ourselves and other we hate it, so we can help change the inefficient and costly status quo. 

You can only imagine how surprised I was to read in The Atlantic (20 April 2012)--that "Paper: [Is] The Material of the Future."

Essentially, the article touts the new developments with paper using nanotechnology to make it water-proof (although you can still write on it), magnetic, fluorescent, and even anti-bacterial. 

Imagine paper that you can stick to your file cabinet, spill coffee on, light up the room with, and even keep you from getting sick--yes, that's fairly impressive!

However, while these new features are wonderful indeed and will increase the usability of paper as well as improve records management of them, I do not want to see us get complacent with reducing our use of paper and making better use of technology.  

Even with these cool nano-tech improvements to paper coming our way, I am still going to say, "I hate paper!"

(Source Photo: here with attribution to Earthworm)

Share/Save/Bookmark

April 21, 2012

Don't Throw Out The Pre-Crime With the Bathwater

The Atlantic (17 April 2012) has an article this week called " Homeland Security's 'Pre-Crime' Screening Will Never Work." 

The Atlantic mocks the Department of Homeland Security's (DHS) Future Attribute Screening Technology (FAST) for attempting to screen terrorists based on physiological and behavioral cues to analyze and detect people demonstrating abnormal or dangerous indicators.

The article calls this "pre-crime detection" similar to that in Tom Cruise's movie Minority Report, and labels it a  "super creepy invasion of privacy" and of "little to no marginal security" benefit.

They base this on a 70% success rate in "first round of field tests" and the "false-positive paradox," whereby there would be a large number of innocent false positives and that distinguishing these would be a "non-trivial and invasive task." 

However, I do not agree that they are correct for a number of reasons: 

1) Accuracy Rates Will Improve--the current accuracy rate is no predictor of future accuracy rates. With additional research and development and testing, there is no reason to believe that over time we cannot significantly improve the accuracy rates to screen for such common things as "elevated heart rate, eye movement, body temperature, facial patterns, and body language" to help us weed out friend from foe. 

2) False-Positives Can Be Managed--Just as in disease detection and medical diagnosis, there can be false-positives, and we manage these by validating the results through repeating the tests or performing additional corroborating tests; so too with pre-crime screening, false-positives can be managed with validation testing, such as through interviews, matching against terrorist watch lists, biometric screening tools, scans and searches, and more. In other words, pre-crime detection through observable cues are only a single layer of a comprehensive, multilayer screening strategy.

Contrary to what The Atlantic states that pre-crime screening is "doomed from the word go by a preponderance of false-positives," terrorist screening is actually is vital and necessary part of a defense-in-depth strategy and is based on risk management principles. To secure the homeland with finite resources, we must continuously narrow in on the terrorist target by screening and refining results through validation testing, so that we can safeguard the nation as well as protect privacy and civil liberties of those who are not a threat to others. 

Additionally, The Atlantic questions whether subjects used in experimental screening will be able to accurately mimic the cues that real terrorist would have in the field. However, with the wealth of surveillance that we have gathered of terrorists planning or conducting attacks, especially in the last decade in the wars in Iraq and Afghanistan, as well as with reams of scientific study of the mind and body, we should be able to distinguish the difference between someone about to commit mass murder from someone simply visiting their grandmother in Miami. 

The Atlantic's position is that  terrorist screening's "(possible) gain is not worth the cost"; However, this is ridiculous since the only alternative to pre-crime detection is post-crime analysis--where rather than try and prevent terrorist attacks, we let the terrorists commit their deadly deeds--and clean up the mess afterwards. 

In an age, when terrorists will stop at nothing to hit their target and hit it hard and shoe and underwear bombs are serious issues and not late night comedy, we must invest in the technology tools like pre-crime screening to help us identify those who would do us harm, and continuously work to filter them out before they attack. 

(Source Photo: here with attribution to Dan and Eric Sweeney)

Share/Save/Bookmark

April 20, 2012

Robot Guard Thyself


The Asian Forum of Corrections in South Korea has developed this 5' tall robot for patrolling prisons.

But rather than restraints and weapons, this prison guard carries a suite of technology:

- 3-D Cameras for monitoring safety and security

- Recording devices for capturing activity

- 2-way wireless communications between corrections officials and prisoners

- Pattern recognition and anomaly detection software for differentiating normal behavior from problems

While this sparks the imagination for where this might go in the future, I'm not quite sold on this. 

Firstly, how well can these robots really recognize and interpret human behavior, especially from those who may be fairly adroit at hiding or masking their activities, day-in and day-out. 

And maybe more importantly, without some serious defensive and offensive tricks up its robot sleeve, I have a feeling that many a prisoner with a two by four, would put this million dollar robot in the junk yard pretty fast, indeed. 

I'd rate this as not there yet! ;-)

Share/Save/Bookmark

April 17, 2012

Let's Come Clean About The Cloud

An article in Federal Times (16 April 2011) states that "Experts See Little Return For Agencies' Cloud Investments."

The question is were the savings really achievable to begin and how do you know whether we are getting to the target if we don't have an accurate baseline to being with. 

From an enterprise architecture perspective, we need to have a common criteria for where we are and where we are going.

The notion that cloud was going to save $5 billion a year as the former federal CIO stated seems to now be in doubt  as the article states that "last year agencies reported their projected saving would be far less..."

Again in yet another article in the same issue of Federal Times, it states that the Army's "original estimate of $100 million per year [savings in moving email to the DISA private cloud] was [also] 'overstated.'"

If we don't know where we are really trying to go, then as they say any road will get us there. 

So are we moving to cloud computing today only to be moving back tomorrow because of potentially soft assumptions and the desire to believe so badly. 

For example, what are our assumptions in determining our current in-house costs for email--are these costs distinctly broken out from other enterprise IT costs to begin? Is it too easy to claim savings when we are coming up with your own cost figures for the as-is?

If we do not mandate that proclaimed cost-savings are to be returned to the Treasury, how can we  ensure that we are not just caught up in the prevailing groupthink and rush to action. 

This situation is reminiscent of the pendulum swinging between outsourcing and in-sourcing and the savings that each is claimed to yield depending on the policy at the time. 

I think it is great that there is momentum for improved technology and cost-savings. However, if we don't match that enthusiasm with the transparency and accuracy in reporting numbers, then we have exactly what happens with what the papers are reporting now and we undermine our own credibility.  

While cloud computing or other such initiatives may indeed be the way go, we've got to keep sight of the process by which we make decisions and not get caught up in hype or speculation. 

(Source Photo: here with attribution to Opensourceway)

Share/Save/Bookmark

April 15, 2012

Beating Social Media Isolation

There is a debate called the "Internet Paradox" about whether social media is actually connecting us or making us more feel more isolated.  

I think it is actually a bit of both as we are connected to more people with time and space virtually no impediment any longer; however, those connections are often more shallow and less fulfilling.

There is an important article in The Atlantic (May 2012) called "Is Facebook Making Us Lonely?" that lends tremendous perspective on information technology, social media and our relationships.
The premise is that "for all this [new] connectivity, new research suggests that we have never been lonelier."

The article is very absolute that despite all the technology and communication at our fingertips, we are experiencing unbelievable loneliness that is making people miserable, and the author calls out our almost incessant feelings of unprecedented alienation, an epidemic of loneliness, and social disintegration.

Of course, there is a lot of anecdotal evidence that almost everyone can share, but there are also numerous studies supporting this, including: 

1) Study on Confidants (2004)--showed that our average number of confidants shrunk by almost 50% from approximately 3 people in 1985 to 2 people in 2004; moreover, in 1985 only 10% of Americans said they had no one to talk to, but this number jumped 1.5 times to 25% by 2004. 

2) AARP Study (2010)--that showed that the percentage of adults over 45 that were chronically lonely had almost doubled from 20% in 2000 to 35% in 2010.

Some important takeaways from the research:

- Married people are less lonely than singles, if their spouses are confidants.

- "Active believers" in G-d were less lonely, but not for those "with mere belief in G-d."

- People are going to mental professionals (psychiatrists, psychologists, social workers, therapists, and counselors) as "replacement confidants." 

- Loneliness is "extremely bad for your health."

- Our appetite for independence, self-reliance, self-determination, and individualism can lead to the very loneliness that can makes people miserable. 

- Using social media, we are compelled to assert our constant happiness and curate our exhibitionism of the self--"we are imprison[ed] in the business of self-presenting."

- Technology tools can lead to more integration or more isolation, depending on what we do with them--do we practice "passive consumption and broadcasting" or do we cultivate deeper personal interactions from our social networks?

Personally, I like social media and find it an important tool to connect, build and maintain relationships, share, and also relax and have fun online. 

But I realize that technology is not a substitute for other forms of human interaction that can go much deeper such as when looking into someone's eyes or holding their hand, sharing life events, laughing and crying together, and confiding in each other.

In January 2011, CNBC ran a special called "The Facebook Obsession," the name of which represents the almost 1 billion people globally that use it. To me though, the real Facebook obsession is how preoccupied people get with it, practically forgetting that virtual reality, online, is not the same as physical, emotional, and spiritual reality that we experience offline.

At times, offline, real-world relationships can be particularly tough--challenging and painful to work out our differences--but also where we find some of the deepest meaning of anything we can do in this life. 

Facebook and other social media's biggest challenge is to break the trend of isolation that people are feeling and make the experience one that is truly satisfying and can be taken to many different levels online and off--so that we do not end up a society of social media zombies dying of loneliness. 

Social media companies can do this not just for altruistic reasons, but because if they offer a more integrated solution for relationships, they will also be more profitable in the end. 

(Source Photo: here with attribution to h.koppdelaney)

Share/Save/Bookmark

April 14, 2012

Reading With Technology Is Fundamental

For it's 45th anniversary, the non-profit organization, Reading is Fundamental (a.k.a. RIF) came out with a new logo and brand this past November.

RIF's vision is "a literate America in which all children have access to books and discover the joys and value of reading."

Their new logo--can be seen in comparison to the prior version at Brand New--and is supposed to re-energize RIF, which according to its own press release has lost its public awareness and almost $25 million in Congressional funding.

While the logo is bolder with the yellow and blue and a more rounded and open book, I think that RIF has really missed the mark here in terms of being contemporary and in tune with the times. 

Most kids, like their adult mentors, are doing more and more reading not in traditional paper books, but rather online and through mobile applications. 

Whether using tablet readers like the iPad, Nook, or Kindle Fire or just going online and surfing the Internet for news, information, research and more, technology is changing the way we read. 

At a time when the largest book stores are closing down--Borders is already gone and Barnes and Nobles is experiencing financial problems as well, and the publishing industry is in trouble and continuing to lose subscribers and ad dollars, the shift to technology is jarring. 

While RIF does mention in their press release--4 bullets in--that they want to increase mobile applications to "create mobile literacy experiences for children and families to enjoy while on the go," RIF is definitely missing the bigger picture here--which is that reading is moving to technology platforms and is not just just another supplemental vehicle for people anymore.  

On their site store, RIF sells monogrammed iPhone and iPad cases, but why not actual computers, book readers, and learning software--perhaps donated, recycled, or even subsidized models for families in need. 

Additionally, RIF can become more environmentally-friendly by promoting use of energy-efficient technology and reusing, recycling, and reducing thereby helping us move toward a more efficient, thrifty, and paperless society. 

Don't get me wrong, I love books, newspapers, and magazines, but the time that I spend with a hardcopy in my hands these days, is maybe 20% of the time that I am reading and writing online.  

To serve American families in driving literacy, RIF firsts needs to be relevant and another book logo just doesn't get them where they need to be technologically and environmentally.

(Source Photo: here with attribution to Michael Monello)


Share/Save/Bookmark

April 13, 2012

Be Who You Are

I watched an interesting TED video presented by Brene Brown, who has a doctorate in social work and is a author many times over--she talked about one book in particular called The Gifts of Imperfection: Letting Go of Who We Think We Should Be and Embracing Who We Are (2010).

She said that from all her studies and research, what she learned is that purpose and meaning in life comes from the connections we make and maintain.

But what gets in the way is shame and fear--shame that we are not good enough and fear that we cannot make real connections with others.
To move beyond shame and fear, we need to feel worthy as human beings--true self acceptance--and say "I am enough."
 
However, she points out that as a society there is a lot of numbing going on (i.e. plenty of shame and fear) and that is why we are the most in debt, obese, addicted, and medicated society in history.  I liked this presentation and thought about how hard we are on ourselves--we are never good enough.

  • All our lives we pursue signs of advancement from that gold star in grade school to collections of degrees, awards, promotions, material goods, and even relationships.
  • We constantly push ourselves further and faster on the treadmill of life--in part to learn, grow and be better, but also to try to achieve our sense of self-worth and -acceptance.
Yet, as Brown points out those that are successful with relationships and have a strong sense of love and belonging are those that feel they are inherently worthy. They have self-esteem without having to achieve any of these things.

That sense of self-worth and confidence, Brown says, enables you to achieve three key things in life:

  1. Courage--This is the courage to be yourself and to tell others who you are with a whole heart (i.e. they don't hide in shame).
  2. Compassion--That is compassion for others, but also for yourself first--you accept yourself.
  3. Connection--Getting to solid relationships in life is a result of our own capacity to be authentic.

When you have that self-worth and confidence then you can embrace your vulnerabilities and make them beautiful, rather than numb yourself to constantly try to cover the disdain you feel for your frailties and weaknesses. 

From my perspective, our growth and contributions to the world are good things--leave the world better than you found it!

However, the proving ourselves and amassing "things," while milestones in life, are not a measure of a person's true worth. 

Sometimes it is fine to get over it all--accept yourself, be yourself, and stop worrying that your never good enough.

In the Torah (bible), when Moshe asked G-d his name--G-d replies in Exodus 3:14: "I am that I am."  


To me, this is really the lesson here--if we but try to emulate G-d, then "we are what we are."

That is not defeat or giving up on bettering ourselves, but acceptance of who we are, where we came from, and where we want to go in our lives.

We don't have to beat ourselves up for being those things or for making good faith mistakes along the way. 



 (Source Photo: Andy Blumenthal)
Share/Save/Bookmark