CERT: Make a Difference in this World...

Since the beginning of time, weather has been unpredictable. So has man.

When was the last time you witnessed the aftermath of a natural disaster?

When was the last time you saw the devastation from the Fateh-110 family of short-range ballistic weapons?

The continuous examples of risks to our world could generally be put into two major categories, 1) those we as humans can control and 2) those natural risks that we can’t control and shall have to live with.

Our spectrum of "Operational Risks" across People, Processes, Systems and External Events is vast and endless.

Where do you as a leader in your organization spend most or your time and resources to try and mitigate risks:

• Natural Disasters and Weather (External Events)
• People and Processes

Why?

Do you think that you are able to make a difference with those risks that you might be able to control?

Which is it - A) controlling the weather or B) influencing human behavior. Pick one.

What might happen if we devoted more time and resources to “B”.

How might this investment have a risk reduction impact and reduction in annual loss events to your family, organization, community, college or government?

Complacency or ignorance will continue to plague us and will make the world a more dangerous place to work and live.

Just listen to your own local news for a day. What will you learn?

Now, learn what you might do to make proactive difference.

This is one great place to begin: Community Emergency Response Team CERT.

Similar to the Community concept, why not apply this just cause of continuous training and learning to a Corporation, a Church, a Synagogue, a Campus, a Club or a Cinema.

“The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.” Albert Einstein

Antares: Innovation from Country Roads to Cislunar...

It was early February 1971 and three High School best friends consistently car pooled to do a little early morning “Country Roading”, in the white Pontiac LeMans on the way to school.

This was just a circuitous route down tree lined roads and around vast farm lands in the Midwest USA.

We were always set to arrive in the school parking lot, just in time to make it to our locker and then to 1st period before the bell rang.

Our dialogue on Capital Avenue SW and West on Beckley Road, quickly turned to the prescience of the Apollo 14 Antares Lunar Lander and it’s planned descent to the Moon in a few days time on February 4th.

Country roading this early morning gave us guys a chance to catch-up, then map and sketch out where we would rendezvous to watch together the Apollo 14 coverage of Commander Alan Shepard, Command Module Pilot Stuart Roosa and Lunar Module Pilot Ed Mitchell.

Before we as young teenage students ever knew what true innovation was really all about, we were about to see and read about it in the national news.

And little did we anticipate that when you encounter the “ABORT” signal, you sometimes have to just improvise. Test. Improvise. Test.

“After separating from the command module in lunar orbit, the LM Antares had two serious problems. First, the LM computer began getting an ABORT signal from a faulty switch. NASA believed the computer might be getting erroneous readings like this if a tiny ball of solder had shaken loose and was floating between the switch and the contact, closing the circuit. The immediate solution – tapping on the panel next to the switch – did work briefly, but the circuit soon closed again.”

Software engineering and Software Quality Assurance (SQA) is a continuous cycle of development, testing, errors, changes, testing and deployment. The software teams at MIT knew this first hand.

“A second problem occurred during the powered descent, when the LM landing radar failed to lock automatically onto the Moon's surface, depriving the navigation computer of vital information on the vehicle's altitude and vertical descent speed. After the astronauts cycled the landing radar breaker, the unit successfully acquired a signal near 22,000 feet (6,700 m). Mission rules required an abort if the landing radar was out at 10,000 feet (3,000 m), though Shepard might have tried to land without it. With the landing radar, Shepard steered the LM to a landing which was the closest to the intended target of the six missions that landed on the Moon.”

As our United States continues our next generation of the commercial race to the Moon, we can only anticipate future “ABORT” signals. Prototypes. Testing. Innovation.

After so many years working in global places where Software Quality Assurance was mission critical, you finally will learn as a professional, that it is never finished. It is never perfect.

So what?

Our USA will always be a leader because we have already been there, with humans actually operating on the Moon.

We know what will be challenging and why a hypothesis might end up being changed and adapted.

As our next human race to the Moon continues and our cislunar challenges are encountered, we know that we must continuously improve and innovate.

The same strategy shall also work here for you today on Earth, in your own small town…around your own dinner table each night…

Godspeed!

Analytic Priorities: Crossing the Digital RubiCON...

The governance of information within the government enterprise or the private sector enterprise remains very much the same. Both are subjected to a myriad of laws to help protect the civil liberties and privacy of U.S. citizens. Yet the data leaks, breaches and lost laptops keep both private sector and government organizations scrambling to cover their mistakes and to keep their adversaries from getting the upper hand. Again, the governance of information is the core capability that must be addressed if we are to have effective homeland security intelligence sharing to defeat the threats to the homeland 100% of the time.

The stakeholders in the information sharing environments will say that they have all the laws they need to not only protect information and also to protect the privacy of and liberties of U.S. citizens. What they may not admit, is that they do not have the assets within the context of their own organizations to deter, detect, defend and document the threats related to too much information being shared or not enough. These assets are a combination of new technologies, new education and situational awareness training and the people to staff these respective duties within the enterprise architecture.

Operational Risk Management is a continuous process in the context of our rapidly expanding corporate environments. What is one example? People traveling to emerging markets to explore new business opportunities or new suppliers that will be connected by high speed Internet connections to the supply chain management system. These boundaries of managing operational risk, have not only expanded, they have become invisible.

Ru·bi·con

1. a river in N Italy flowing E into the Adriatic

—Idiom

2. Rubicon, to take a decisive, irrevocable step

This "Digital Rubicon" before us, to take on a more "Active Defense" in navigating the risk across international waters of e-commerce, privacy and legal jurisdictions will forever shape our future. The decisions made on what constitutes an adversarial attack in the cyber domain, will not be as easy as the dawn of the nuclear age. Policy makers today have to weave the potential implications into a sophisticated decision tree that crosses the complex areas of intelligence, diplomacy, defense, law, commerce, economics and technology.

The new digital "Rule Sets" are currently being defined by not only nation states but the "Non-State" actors who dominate a segment of the global digital domains. The same kinds of schemes, ploys, communication tactics and strategies are playing out online and what has worked in the physical world, may also work even better in the cyber-centric environment. Corporations are increasingly under estimating the magnitude of the risk or the speed that it is approaching their front or back door steps.

The private sector is under tremendous oversight by various regulators, government agencies and corporate risk management. Yet the "public-private" "tug-of-war" over information sharing, leaks to the public press and Wikileaks incidents has everyone on full alert. As the government has outsourced the jobs that will take too long to execute or that the private sector already is an expert, operational risks have begun to soar.

As the private sector tasks morph with the requirements of government you perpetuate the gap for effective risk mitigation and spectacular incidents of failure. Whether it is the failure of people, processes, systems or some other clandestine event doesn't matter. The public-private paradox will continue as long as the two seek some form of symbiosis. The symbiotic relationship between a government entity and a private sector supplier must be managed no differently than any other mission critical resource within an unpredictable environment.

Once an organization has determined the vital combination of assets it requires to operate on a daily basis, then it can begin it's quest for enabling enterprise resiliency. The problem is, most companies still do not understand these complex relationships within the matrix of their business and therefore remain vulnerable. The only path to gaining that resilient outcome, is to finally cross that "Digital Rubicon" and realize that you no longer can control it.

The first step in any remediation program, is first to admit the problem and to accept the fact that it exists. Corporate enterprises and governments across the globe are coming to the realization that the only way forward is to cooperate, coordinate and contemplate a new level of trust.