Core Point: Done properly, security enables MORE risk-taking, allows one to do MORE with LESS. In other words, cyber-security policies that are risk-averse instead of risk-enabling are, in a word, retarded and retard the enterprise. Case in point: Wikileaks leading to no more flash drives–what SHOULD be in place is all the flash drives one wishes, but embedded security that prevents or flags abuse of those flashdrives.
Core Point: It is not possible to have centralized cyber-anything if both the human end-users and all of the (multi-media and multi-lingual) data is distributed. This is especially true of security, which is historically several steps behind mission area processes to begin with, and any form of top-down “regulation” that tends to appear after the fact rather than “just in time.”
The issue that Dr. Garigue articulated as well as anyone I have seen is that Information Security is not just security or just information. I have [this] slide printed out hanging above my desk for several years.
Most security people struggle with this concept, and try to separate these two concepts, and if they do, they miss two very important issues. First, they miss the opportunity to look at security as a business enabler. Dr. Garigue pointed out that because cars have brakes, we can drive faster. Security as a business enabler should absolutely be the starting point for enterprise information security programs. One excellent example of this is identity federation, which enables an easier integration across companies and technologies and puts stronger identity credentials on the wire in the process. Secondly, if your security model reflects some CYA abstraction of reality instead of reality itself your security model is flawed. I explored this endemic myopia in a seriesofposts on decentralization and security. JSB and John Hagel taught us that intgeration and friction cannot be separated, attempts to do so lead to confusion and disorder, and this is the heart of the issue Dr. Garigue's work is articulating. If your business and systems are decentralizing with both hands, and your security model is predicated on centralized, iron fisted control, then the only place your security model works is on the whiteboard.
GAO-11-99 December 17, 2010
A catastrophic public health event could threaten our national security and cause hundreds of thousands of casualties. Recognizing the need for efficient sharing of real-time information to help prevent devastating consequences of public health emergencies, Congress included in the Pandemic and All-Hazards Preparedness Act in December 2006 a mandate for the Secretary of the Department of Health and Human Services (HHS), in collaboration with state, local, and tribal public health officials, to develop and deliver to Congress a strategic plan for the establishment and evaluation of an electronic nationwide public health situational awareness capability. Pursuant to requirements of the act, GAO reviewed HHS's plans for and status of efforts to implement these capabilities, described collaborative efforts to establish a network, and determined grants authorized by the act and awarded to public health entities. GAO assessed relevant strategic planning documents and interviewed HHS officials and public health stakeholders.
HHS did not develop and deliver to congressional committees a strategic plan that demonstrated the steps to be taken toward the establishment and evaluation of an electronic public health situational awareness network, as required by PAHPA. While multiple offices within HHS have developed related strategies that could contribute to a comprehensive strategic plan for an electronic public health information network to enhance situational awareness, these strategies were not developed for this purpose. Instead, the offices developed the strategies to address their specific goals, objectives, and priorities and to meet requirements of executive and statutory authorities that mandated the development of strategies for nationwide health information exchange, coordinated biosurveillance, and health security. However, HHS has not defined a comprehensive strategic plan that identifies goals, objectives, activities, and priorities and that integrates related strategies to achieve the unified electronic nationwide situational awareness capability required by PAHPA. The department has developed and implemented information technology systems intended to enable electronic information sharing to support early detection of and response to public health emergencies; however, these systems were not developed as part of a comprehensive, coordinated strategic plan as required by PAHPA. Instead, they were developed to support ongoing public health activities over the past decade, such as disease and syndromic surveillance. Without the guidance and direction that would be provided by an overall strategic plan that defines requirements for establishing and evaluating the capabilities of existing and planned information systems, HHS cannot be assured that its resources are being effectively used to develop and implement systems that are able to collect, analyze, and share the information needed to fulfill requirements for an electronic nationwide public health situational awareness capability.
PART I: The Only Way to Fix the Deficit–Multiply Jobs (William Drayton)
PART II: Nice Ideas But So Is Icing Cover Feces (Robert Steele)
PART III: Create Jobs? As an End In Themselves? To Do What? Why? (Alexander Carpenter)
PART IV: Related Recommended Reading (Robert Steele)
The core take-away (from PART III)
Beyond its inherent merit and explicit substance,William Drayton: The Only Way to Fix the Deficit: Multiply Jobs is a great example of unconscious status-seeking righteousness – well-meaning ineptitude and irrelevance, trapped in the old paradigm of debt-money, growth, and social conditioning. This kind of thinking is exemplary of people who are focused on the superficial “economic crisis,” not going deeper to see that we have a political (and even a social) crisis with, of course, an economic manifestation. This represents the success of the pseudo-science of “economics,” originally created with the intention to get most people to believe that objective “natural” forces are running their lives, not other people, classes, and institutions (Thurmond Arnold, 1937). Good problem-solvers always begin with as much accurate information about the overall problem as possible. It's incompetent – or unconscious self-deception – to assume human nature isn't the core and essence of the problem, and Bill Drayton isn't necessarily incompetent…
“By providing the funding and the policy framework to many concerned and dedicated people working within the non-profit sector, the ruling class is able to co-opt leadership from grassroots communities, … and is able to make the funding, accounting, and evaluation components of the work so time consuming and onerous that social justice work is virtually impossible under these conditions” (Paul Kivel, You Call this Democracy, Who Benefits, Who Pays and Who Really Decides, 2004, p. 122 )
Phi Beta Iota: In Advanced Information Operations (IO) terms, we cannot fix the military until we fix government, we cannot fix government until we fix Wall Street and Main Street, we cannot fix the economy until we fix the society, and all of that requires a firm focus on human nature and the relations among humans. We live is a “whole system” and are mis-managing it by being ignorant and delusional about root causes and actual relationships. Until we get the truth on the table, we cannot deal with it. Good news: all it takes is ONE node able to blend intelligence & integrity, that “spike” will proliferate. The bottom line is that DEMAND creates jobs, and EDUCATION creates the demand for the RIGHT jobs. Taking one example, the US Army, it could apply Advanced Information Operations to create a 180 degree maturation of the mind-set of its personnel, and use that to “eat the old” and create the new. The US Army is going to suffer a nose dive in financial resources (as will the other services); the US Army is the ONLY service that must might be capable of “beating the dive” by re-inventing itself from inside out–starting with Advanced IO being about minds, not technology. Similarly, a single multinational could “get a grip” and re-invent itself overnight–the example will proliferate.
