Category Archives: Security

History, Security

This Day in History: 1781 Battle of Cowpens

Leave a comment

The Battle of Cowpens on this day in 1781 is recorded as a turning point in the American Revolution.

Americans were planning cautiously, dispersing into smaller units and contemplating how to minimize direct confrontations with the British. America’s Continential Brigadier General Morgan knew he was being chased by professional soldiers led by a young British Lieutenant Colonel Tarleton. The British leader had a reputation for aggressive and brutal tactics. Morgan then realized Tarleton was nearing them as the Americans approached a river in Cowpens, South Carolina. The Continental General decided it would be wiser to take a stand against the coming British there instead of being engaged as they tried to cross.

Several important factors were in play when Tarleton headed towards the resting American forces.

The British were exhausted and out of food from non-stop marching through the night and crossing rivers in the cold of winter while the Americans waited. The British were confident in their superior numbers, methods and training while the American General set an unsual trap that reduced Tarleton’s advantage from aggression (it not only was a trap for the British but also for the Americans — no way out may have given volunteers and irregulars confidence to stand and fight).

It was in this context that Tarleton predictably and proudly herded his men straight into the American lines. When the Americans fired and withdrew, according to their plan, the British rushed ahead in expectation of an easy victory. However, instead the British ran into additional lines of Americans and flanking movements. These new lines had been obscured by the first line’s retreat. The withering fire from men standing ahead was coupled with the fact that the retreating men stopped, turned, regrouped, opened fire and charged the exhausted British.

The trained British attackers were decimated and broken. Survivors fell into disarray in the face of Americans orchestrating rearward movements, obscure defensive lines, a double envelopment and bold re-engagement.

It appeared to the British, when Howard’s line fell back, that victory was at hand, and so it would have been, had the line been composed of men less inured to battle than were the Continentals of Maryland and Delaware. There was no delay or hesitation when the order to halt, face the enemy, and fire, was given, and there then occurred in a moment a scene of dumbfounded surprise, confusion, and panic seldom witnessed in battle. The outcome resulted in one of the most gloriously unexpected victories of the Revolutionary War.

Unable to regain control of his men, who were disorganized and confused by the resistance and fast becoming unwilling to fight, Tarleton tried to rally. He failed and instead just managed to escape after shooting the horse out from under Colonel William Washington.

Tarleton and Washington
The encounter between Tarleton and Colonel Washington. by E. Benjamin Andrews in 1895, from the Florida Center for Instructional Technology

British General Charles Cornwallis soon after consoled Tarleton. The loss of nearly 80% of their men at Cowpens was given this assessment:

…total misbehavior of the troops could alone have deprived you of the glory which was so justly your due.

Just ten months later the Revolutionary War would end with Cornwallis’ surrender.

Energy, Security

Are you ready for the data innovation boom?

Leave a comment

The Economist has an interesting write-up on predicting innovation. They see things heating up specifically in manufacturing and user interfaces.

Across the board, innovations fuelled by cheap processing power are taking off. Computers are beginning to understand natural language. People are controlling video games through body movement alone—a technology that may soon find application in much of the business world. Three-dimensional printing is capable of churning out an increasingly complex array of objects, and may soon move on to human tissues and other organic material.

This analysis seems to support my guesses on why Kurzweil would join Google. Removing antiquated and disabling interfaces like the keyboard will enable more people to use more technology. Comparing the productivity of humans required to learn the qwerty keyboard with the potential of those who can use free voice and touch is a no brainer (pun not intended).

As I thought about the Economist’s analysis I started to wonder about an important element that I didn’t see them mention. They focus in a usual way at present IT trends in relation to historic trends. They offer electrification as an example.

…the idea that technology-led growth must either continue unabated or steadily decline, rather than ebbing and flowing, is at odds with history. Chad Syverson of the University of Chicago points out that productivity growth during the age of electrification was lumpy. Growth was slow during a period of important electrical innovations in the late 19th and early 20th centuries; then it surged. The information-age trajectory looks pretty similar…

echoing electrification

With that in mind, the Economist then takes their analysis down the well-worn path of productivity worries in relation to obsolescence and redundancy.

…the main risk to advanced economies may not be that the pace of innovation is too slow, but that institutions have become too rigid to accommodate truly revolutionary changes.

Fair enough, technology has a disruptive force when innovation replaces labor. That brings risk and resistance. I’ve experienced this many times. The voice-recognition project I worked on in 1997 for a hospital was overtly said by the administration to be a way to put their transcriptionists out of work. No surprises there.

But once we move beyond a focus on the balance of labor risk what other risks lurk ahead? I mean it is fascinating to look at how the lightbulb put American whalers (e.g. oil for lamps) out of business. It is even more interesting, however, to think about how inexpensive light transformed our abilities. We can see further and go faster with power.

Back to consideration of today’s tech innovation boom, the part to me missing in the Economist analysis is the sunshine effect of electrification. Electrification was really about innovative ways to create and use power. It shone a light, if you will, into dark areas and remote corners of opportunity. A coming boom in tech innovation led by user interfaces and manufacturing, if we pivot the Economist theory, could in fact be a boom in innovative ways to reach, create and use data. Yet the Economist analysis doesn’t mention data at all!

Here is a simple example of what I mean by a pivot:

Industrialized countries are like the urban areas of electrification that saw power first and saw productivity boom at a large scale. Power eventually reached a wider area on smaller scale and created a boom in productivity and markets. Non-industrialized countries are thus like the rural areas that increasingly were able to create and use power.

More people in more areas making more data and using that data is what may really be the fuel for a boom ahead. The innovation is not only in the interfaces, although that’s a crucial piece of enablement, but what so many more people will produce with those interfaces. Big data is a common phrase to capture what seems to be ahead but we could just as well call it a sunshine-like effect of datafication.

Now if I ask “are your headlights on” hopefully you might think about risk in terms of billions of people shining a bright light into darkness because they now have access to powerful data. Reduction of corruption using better data tools is the kind of innovation that really should excite economists.

Of course this puts immense pressure on the security industry. Access to vast amounts of data becomes “a one-click matter,” as a GoodData developer suggested. How safe will a clicker need to be? And this new level of visibility, like brighter lights we flip on with a switch, can shift our definition of “exposure” and privacy. Recently a “near-global view of the universe of public keys” was used to easily uncover weak random number generators. Should we plan for more risk or less as we push away darkness?

Thus, to extend the Economist analysis that suggests innovation will bring better interfaces and better manufacturing tools, the real boom may come from datafication — the process of making it easier than ever to create, access and use data.

Food, Poetry, Security

Rosasolis

Leave a comment

by Penguin Café Orchestra

In 1972 I was in the south of France. I had eaten some bad fish and was in consequence rather ill. As I lay in bed I had a strange recurring vision, there, before me, was a concrete building like a hotel or council block. I could see into the rooms, each of which was continually scanned by an electronic eye. In the rooms were people, everyone of them preoccupied. In one room a person was looking into a mirror and in another a couple were making love but lovelessly, in a third a composer was listening to music through earphones. Around him there were banks of electronic equipment. But all was silence. Like everyone in his place he had been neutralized, made gray and anonymous. The scene was for me one of ordered desolation. It was as if I were looking into a place which had no heart. Next day when I felt better, I went to the beach. As I sat there a poem came to me. It began ‘I am the proprietor of the Penguin Cafe. I will tell you things at random.’

Food, History, Security

Does your company actually need a security department?

1 Comment

Gunnar Peterson prompted us yesterday in Dark Reading with this provocative question:

Does your company actually need a security department? If you are doing CYA instead of CIA, the answer is probably no

It’s easy to agree with Gunnar when you read his analysis. He offers a false dichotomy fallacy.

Standing up a choice between only awful pointless policy wonks in management and brilliant diamonds found in engineering, it’s easy to make the choice he wants you to make. Choose diamonds, duh.

However, he does not explain why we should see security management as any more of a bureaucratic roadblock than any/all management, including the CEO. Review has value. Strategy has value. Sometimes.

The issue he really raises is one of business management. Reviewers have to listen to staff and work together with builders to make themselves (and therefore overall product/output) valuable. This is not a simple, let alone binary decision, and Gunnar doesn’t explain how to get the best of both worlds.

A similar line of thinking can be found by looking across all lines of management. I found recent discussion of the JAL recovery for example, addressing such issues, very insightful.

Note the title of the BBC article “Beer with boss Kazuo Inamori helps Japan Airlines revival

My simple philosophy is to make all the staff happy….not to make shareholders happy

Imagine grabbing a six-pack of beer, sitting down with engineering and talking about security strategy, performing a review together to make engineers happy. That probably would solve Gunnar’s concerns, right? Mix diamonds with beer and imagine the possbilities…

Inamori had interesting things to say about management’s hand in the financial crisis and risk failures in 2009, before he started the turnaround of JAL

Top executives should manage their companies by earning reasonable profits through modesty, not arrogance, and taking care of employees, customers, business partners and all other stakeholders with a caring heart. I think it’s time for corporate CEOs of the capitalist society to be seriously questioned on whether they have these necessary qualities of leadership.

Gunnar says hold infosec managers accountable. Inamori says hold all managers accountable.

Only a few years later JAL under the lead of Inamori surged ahead in profit and is now close to leading the airline industry. What did Inamori build? He reviewed, nay audited, everything in order to help others build a better company.

An interesting tangent to this issue is a shift in IT management practices precipitated by cloud. Infrastructure as a Service (IaaS) options will force some to question whether they really need administrators within their IT department. Software as a Service (SaaS) may make some ask the same of developers. Once administrators and developers are gone, where is security?

Those who choose a public cloud model, and transition away from in-house resources, now also face a question of whether they should pursue a similar option for their security department. Technical staff often wear multiple hats but that option diminishes as cloud grows in influence.

In fact, once admin and dev technical staff are augmented or supplanted by cloud, the need for a security department to manage trust may be more necessary than ever. This is how the discrete need for a security department could in fact increase where none was perceived before — security as a service is becoming an interesting new development in cloud.

Bottom line: if you care about trust, whether you use shared staff or dedicated services, dedicated staff or shared services, you most likely need security. At the same time I agree with Gunnar that bad management is bad, so perhaps a simple solution is to build the budget to allow for a “beer” method of good security management.

I recommend an Audit Ale

This style had all but disappeared by the 1970s, but originated in the 1400s to be consumed when grades were handed out at Oxford and Cambridge universities…. At 8 percent ABV, it has helped celebrate many a good “audit” or soften the blow of a bad one.