The U.S. GRID: Sabotage; Terror; and the pernicious effects of U.S. politics - Part One
The U.S. GRID: Sabotage; Terror; and the pernicious effects of U.S. politics - Part One
Extracted from "I.T. WARS: Managing the Business-Technology Weave in the New Millennium
Preface
Most readers here will not know that I authored a book in 2006, I.T. WARS: Managing the Business-Technology Weave in the New Millennium. The book was self-published and became well-known in the Information Technology/Business community. It became an MBA-text at more than a dozen universities, starting with UofW. It was carried by Barnes & Noble and Waldenbooks, something that less than 1% of submitted self-published books achieve.
With increasing, localized (thus far), power outages and damages to our Grid - many due to reported sabotage - I thought it time to revisit the book’s last chapter, “WHAT’S AT STAKE.”
This chapter was to be serialized, but I have now chosen to put it up extant, all at once. You can revisit it and pick up where you left off, as necessary. If you read this in your e-mail, you will likely receive a truncated version - you will have to go to PlainSenseAndSanity.substack.com to see the entire article. I am leaving it exactly as written in 2005/6, and published in 2006. Two Senators are quoted within; one a Democrat, one a Republican. They are now gone, but their words are still applicable, so they remain.
I urge everyone here to read this. I urge you to share this. Our political class is “prioritizing” Ukraine, CRT, ESG, DEI and other harmful “misdirections” at the expense of real peril and necessary projects. DEI (Diversity, Equity, Inclusion) initiatives in particular are diluting our engineering-class, our scientific-class, our maintenance-class, our bureaucracies, our leadership, and all associated support to advancing the Grid.
You may also wish to keep East Palestine, Ohio, in mind as regards the chapter’s profile of proactivity and prevention.
Lastly as intro, the book’s original Afterword is offered.
First, a quick Introduction, followed by the original Chapter:
INTRODUCTION
Perhaps the following picture is enough of an Introduction. The Grid, largely composed of wires on poles (along with above-ground power-generating stations, substations, and associated software, firmware, hardware… firmament… and let’s not forget people) has not upgraded this wires-on-poles schema in more than 100 years. One has to wonder: Why has not the dispersion of electricity been put underground in EMP-proof, sabotage-proof, etc., conduits? Why was the project not begun in the ‘50s, and funded over time, with rollouts throughout the nation? (Such as the National Highway “grid” - a product of the Eisenhower Administration’s 1956 National Highway Act):
Of course, this garish “grace” of wires on poles is extraordinarily vulnerable to more than uncontrolled motor vehicles. There is no plan for an upcoming Electro-Magnetic Pulse (EMP) event. Whether a product of war, terror, domestic sabotage, or solar flare (such as the 1859 Carrington Event), our entire Grid is exposed. It would seem to be lunacy. We’re more than a hundred years late to the party of a safe, secure, reliable Grid.
Also, and while not a pitch for the book, realize that this chapter makes reference to earlier chapters, and is best understood in the context of the whole book; however, it also stands alone quite well. I caught some acronyms that needed definition (absent those earlier chapters) and placed those. I may have missed BIT: The Business-Implementation Team. Being that it was defined earlier in the book, here, I’ll sketch it thus: This is a specialty team to be grown in each and any organization; comprised of “can-do,” informed people from the tech and business classes who know how to interface with each other inside the team, with specialized knowledge for looking forward, and implementing solutions before bad things occur.
So, here we go with the chapter “What’s At Stake” - (the formatting may not mimic the book):
___
- What’s At Stake -
Lessons of the Business-Technology Weave:
The 4-1-1 on 9/11, Katrina & Beyond…
___
The dogmas of the quiet past are inadequate to the stormy present. The occasion is piled high with difficulty, and we must rise with the occasion. As our case is new, so we must think anew and act anew.
Abraham Lincoln
The most important failure was one of imagination.
The 9/11 Commission Report
The best way to predict the future is to create it.
Unknown
The overall rise of the Business-Technology Weave has enabled all manner of human progress. While not a perfect world, the Weave has advanced our medical care, has granted the ability to communicate with far-away people, and to travel almost anywhere in the world. It has provided immediate access to information in support of better knowledge, has created an ability to dispatch help and services to people in peril and need, etc. Truly, to any modern society, the Business-Technology Weave is a necessary foundation. This means that the modern society has built crucial business and support systems that are almost totally dependent on technology: banking, commerce, communications, national security, transportation, manufacturing, construction, food production, water treatment, distribution, health care, policing, and on and on.
There are some who would argue that the advance and steep of technology into all facets of business and general life isn’t necessarily good. We need not take issue with that here. This is because, whether we like it or not, this advance is unlikely to stop any time soon. However, as in any advance, people have built crucial dependencies on these advancements. Extreme vulnerabilities have mounted over the course of progress. What can the “local” organization observe and learn from all of this? Also, is there a contribution for the local organization to make, in supporting itself, through its support to the larger public security? Let’s set the background:
Understanding What’s At Stake – A Background to Where We Are
Dependencies must be protected and vulnerabilities exposed and managed. There is never a divide between dependency and vulnerability: there is only our protection, efforts of prevention, and postures for recovery, as relates to potentials of harm. The increasing mesh of business and technology has presented extremely large dependencies and vulnerabilities, which in-turn have presented entirely new scales of burdens for management, maintenance, and protection.
These burdens are generally not adequately addressed, and efforts regarding them are found lacking – in stunning ways. This is because there’s more excitement in developing new systems, and more attraction in their implementation for use, than in the routine matters of maintenance or appropriate protection. Absent new awareness, the passion remains with the creation side of systems and enhancements, which leaves maintenance in a continual “catch-up” condition. Too, ‘development’ naturally precedes the establishment of maintenance and protection protocols. Something must exist before you can maintain it. And, it’s only upon true delivery and use of a system whereby all of the necessary supports evidence themselves. By then, resources are already going to the next creation.
This natural order of things means that there is a divide between that which exists to serve - and the fulfillment of its true requirement for protection. Look again to the levees in New Orleans: they existed, they served; however, they were not managed, maintained, nor protected appropriately (by increasing their strength). And, they were not managed according to standards and values of prevention. New Orleans itself suffered the divide.
If we consider 9/11 under this model, we can see the divide too. We’ve built large buildings, bridges, and all manner of infrastructure and systems. In the face of escalating threats, these must be maintained to standards of prevention from harm. Standards of “recovery” will not always suffice.
Within emerging challenges of priority and scales of effort, there are new burdens of necessary awareness, skill, and action. These burdens continue to change dramatically – and quickly - in today’s world.
A Sobering Reliance: In securing any Business-Technology Weave – which today includes organizations, cities, nations, and our individual lives (they have become Weaves too) - we are forced to rely on many external “givens.” Givens that are fundamental and generally taken for granted.
We need stable external physical infrastructure such as roads, landmarks, and airports; we require steady, reliable utilities for power, availability of water, and removal of waste; we need solid policing of our environment to maintain our safety and our health. Our own security initiatives - that is, our proactive posture for the prevention of problems; our DAPR (note: This was explained in the book’s prior chapter on Disaster, Awareness, Prevention, and Recovery) policies and plans; our business and homeowner’s insurance; our faith that we can handle and overcome any situation - are based on a presumption. That presumption is that we’ll have the larger public environment to help enable and sustain our security. And, when necessary, it will be there to support any recoveries.
We have a rising awareness that specific organizational and individual protection, no matter how perfectly secured at any local level, is increasingly vulnerable to extremely large risks and extremes of catastrophic loss. Potential for catastrophic harm can also include huge geographic areas – even a nation itself – and is managed beyond the organization’s level. These conditions can happen from deliberate attack, or natural forces.
This divide between the organization’s control of internal security - and its relative “non-control reliance” on a larger public security, means that any organization and its people can find themselves quite impotent as concerns their DAPR. How many businesses in New Orleans had disaster recovery plans that were washed away in the flood? How many homes had the “security” of doors, locks, and insurance, but were yet vulnerable within the inadequacies to the larger public protection? A new awareness here is being manifested by a deepening appreciation of the facts: by individual people, as well as an increase in the breadth of individuals who are now grappling with deep feelings of vulnerability, and new understandings of dependencies and divides.
From either an organizational or personal perspective, managing protection from these large forces is outside the “local” scope of direct control. For the average business organization, no DAPR plan can much accommodate a jet bringing down a building, or a flood coming over a levee. We know that no organization’s DAPR plan can match a nuclear bomb going off in its vicinity, or a large-scale release of chemical or biological agents, or even a suicide bomber. Also, business – whether private or public, individual or organization – is vulnerable to the larger economy, which itself is completely dependent on security. This then would seem to be the “Achilles heel” of any organization’s DAPR posture.
New Realities, New Awareness: We need a new, almost provocative awareness: If you’re a person in the next “New Orleans” or the next “Twin Tower,” there is not much use for a standard understanding of security, or disaster recovery. We will attempt to open a path of influence for the individual and the organization. We’ll take the approach that we must, and can, prevent disaster from potential terror attack. At the same time, we must and can mitigate harm from naturally occurring disasters. After the lessons of 9/11 and New Orleans, we don’t have to enable or compound disaster. Nor can we afford to. And, we’ll note that “unaffordability” has taken on a whole new meaning.
There have always been large-scale threats, and delivery on threats, yielding events of horrendous directed harm: world wars, atomic bombs, genocide… we don’t need a comprehensive list for perspective. Also, there has existed for some years the power to deliver large-scale Unrecoverability to a society: comprehensive nuclear attack, for example. However, this power has been within traditional states and systems, which thus far have managed to hold this power in check. Some collective of more-or-less reasonable minds communicated, cooperated, compromised, prevailed, and co-existed.
Too, even in the case of world wars and other cataclysmic events, there was some measure of a surrounding society and civilization that was ready, and willing, to pitch in and help make recoveries to whatever disaster occurred – natural or man.
Today there are uncompromising minds that are acquiring the power to deliver, and are willing to deliver, catastrophe from which there will be no real recovery. For the reader, there can be no failure of imagination here. Conditions of Unrecoverability can be had in any machine or system. A Nation itself can find itself in an unrecoverable posture when disaster is large enough.
A state of Unrecoverability is frequently reached through a condition of Runaway. We can define “Runaway” simply: It’s a condition where an entity and its actions become irrelevant within the scope of an inevitable outcome. Consider that statement carefully: we’ll provide a very simple example of Runaway shortly that will put it into a proper perspective and make it readily understood. We’ll also arrange Runaway and Unrecoverability with some other important concepts from the Weave.
Terror Attack: Today, possibilities of comprehensive national catastrophe (to any nation) are no longer in the realm of Science Fiction, or held in abeyance through MAD (Mutually Assured Destruction, as during the Cold War). We face extremely large harm from asymmetrical sources: Sources that are weaker than their opponents in conventional terms. They can’t compete through strength in numbers: neither by membership; number of conventional arms; or even in the numbers of their sympathizers. Their goals can be anathema to the vast majority.
But these asymmetric forces’ business and objectives (that which they’ll do, in support of their desired outcomes, respectively) are as strong as they can possibly be. In fact, their business trumps any concern for survival of any specific individual of their own. And, their objectives include the stated destruction of whole societies. We must realize too, that with these groups, an effective internal check-and-balance on unreasonable actions diminishes rapidly as the size of the considered group diminishes.
However, tremendous will - even infinite will - means nothing without some form of power. Today, power is moving closer - closing a divide - with this tremendous will of the relative few. Soon, if not now, weapons representing delivery of catastrophic harm will be available to the few - no matter how vile their agenda, no matter how onerous their task in procurement. Our argument here is not the specific “who” – that is not necessary in setting the awareness. For the present, we can emphasize a keen awareness that asymmetric attack forces are closing a divide: Until recently, the achievement of their objectives was denied because of the simple divide between their will to dispense widespread destruction, and their means to do it.
It is reasonable to assume that once closing a divide between will and means, a complete dedication to “business” will be paired with extraordinarily damaging “technology.” One group or another will “pull the trigger” once closing this divide. So, at the risk of getting ahead of our discussion, we need a solution. As we will see, a solution will require a project, and that project will require a proper definition. Let’s briefly consider our other large threat:
Natural Disaster: Let’s look at natural disaster from the perspective of recent events. Natural forces, such as hurricane Katrina, represent further threat to local efforts of protection. But even wrapped in these natural, unpreventable, disasters are oftentimes further disaster of man’s own making: poor recovery plans, delayed help, and inaction on prior preventables.
When we consider the overriding (known) preventable element in the loss of New Orleans (prevention of flooding through the strengthening of levees), sadly, we are able to ask: Who can afford to enable and compound disaster? We can also ask another question: Where is the next Katrina-New Orleans “hiding?”
Today’s Reliance Requires Assurance, Conviction, and Trust: We spoke of a lack of matching public participation to today’s security challenges. In scale to enormous threats, some of which have already been manifested, we merely rely on the expectation that a surrounding public safety and “whole” will exist.
Yet, if reliance is to remain, it is those authorized agencies and individuals – those government elements that have their hands on power and influence - who must now perform and be accountable in a whole new way. This must be a way that satisfies the standards and values of the local stakeholders. To paraphrase from earlier: Government will have to jump, perform, and deliver with an immediacy that wasn’t required 10 years ago, or even five. They must do their jobs in a much more imaginative, rapid, and effective fashion than has ever been done.
At the same time, it is a fair question to ask: “Can government really secure us?” To prevent misunderstanding, this is not an indictment of government, nor will there be one. Absent new thinking, it is fair to examine where we are, and where we’re likely to be. Government is not known for its imagination, efficiency, and quickness (comparatively speaking). Therefore we must know: Can government achieve a necessary agility to match the agility of today’s man-made threat, and today’s considerations of natural disaster?
We will answer the question. In the meantime, you may well ask yourself: “Has government assured me? Has government convinced me? Can I trust government to secure me?”
Qualifying the Discussion: National and International politics is beyond the scope of our discussion here. All that follows is based on an empirical understanding of risk – risk to any nation, society, group, endeavor or person. The author also believes there can be no political liability in a discussion of such universal values as the prevention and elimination of tragic outcomes, and the insured safety of innocents – as long as we are sincere in our effort to move the business of those things forward.
Also, our discussion is for a world audience; and the lessons we’ve noted apply to people in governments, as well as the people who choose, or live under, those representations.
Advancing the Discussion: With our accrual and broadening of awareness, we must realize that risk of harm from with-out has thus far had a corresponding enabling and compounding risk from within. That is, by definition, since there is a risk, there must be some inadequacy within that can enable, or compound, the risk of delivery on a threat (whether directed or naturally occurring).
Post-9/11, Americans have heard from a variety of U.S. political leaders, from virtually all levels and backgrounds, that another large terror strike in America is inevitable. This belief is reflected in polls of the American people. As carefully as we can, we must note that these statements and attitudes are counter to the position of a success culture. They are not very hopeful. There remains hope, however, as these statements and attitudes are in opposition to the prudent position we’ve taken here: that it is possible to secure the safety of business and its supporting technology – and therefore our livelihoods and lives - through proper planning, activity, and results. Given what’s at stake, we too should make allowance for a realization: Statements of “inevitability” are a conceded “loss,” as opposed to a confident posture of a “win.” (This is where the inadequacy of the “within” enables the threat from “with-out”).
But because such statements are made today, and with a seeming lack of challenge, we must face them at the local level.
Closing a Divide: New Thinking for New Realities
- IDRU -
IDRU (Id`-roo) is an acronym:
Inadequacy, Disaster, Runaway, and Unrecoverability.
And IDRU is:
Inadequacy: Inadequacy is manifested as lack of awareness, lack of planning, lack of action, lack of results, and dire consequence. On a local scale, we’re aware of inefficient, ineffective, and inadequate attention, inadequate business, and inadequate technology (or use of it), leading to poor business outcomes.
We needn’t belabor inadequacy’s national influence: in America, we’ve achieved a large yield from inadequacies: 9/11, and the loss of New Orleans, as well as many others.
Disaster: Today, disaster can manifest itself as a relatively new phenomenon: an individual, or small group of individuals, can dispense catastrophic harm through the actualization of Nuclear, Biological, or Chemical elements (NBC). Because relatively small groups now can possess a formerly disproportionate amount of power to harm, already possess the will to harm, and can exploit inadequacy on the part of those they desire to harm, we have a prevailing threat of disaster.
Beyond NBC, there are new threats of disaster so monumental, that their prevention is not just some measure of abeyance in the style of a 9/11; their prevention is necessary to deny a state of total Unrecoverability. A massive, generalized state of Unrecoverability has to be of overriding concern to the collective Business-Technology Weave, of any Nation, group, endeavor and person. To serve our example of IDRU, we will use the most prevailing of these threats. This threat, and its ability to deliver Unrecoverability, is that of EMP: Electro-Magnetic Pulse. We will discuss that in some detail shortly.
Runaway: A simple analogy will serve: You are the driver of a car. You are speeding on a wet and winding road. There are signs, and they are warning: one gives the Speed Limit. One indicates Slippery When Wet. One indicates Dangerous Curve Ahead. Given the nature and conditions of the road, you should have an adequate awareness of danger, and you should have enough information to take action: to slow down, to drive with care, to prevent a bad outcome.
However, you fail to do these things. Your attention, concern, and actions are inadequate. You fail to imagine and plan for the contingency that soon happens: you cannot make the dangerous curve; you break through a guardrail; and you begin a plummet down a cliff. Your predicament was preventable, but now this, for you, is disaster.
But - you yet have ‘systems’ at your disposal. You mash the brake. There is no effect. You turn the wheel to the left, to the right - again, your action has no effect. In fact, your fall accelerates. You pull the emergency brake. You are in an emergency and beyond: You are in a condition of Runaway. You, and any action you take, are irrelevant to an inevitable outcome. It is, simply, too late.
Here, prevention wasn’t some part of a disaster plan – it was all of it. Once you begin Runaway, there is no meaningful action to be taken, and - regardless of remaining plan - no executable part of a plan that contains any meaning.
Unrecoverability: Once you’re in the zone of an inevitable bad outcome, you are in a position of Unrecoverability. Our car is in a Runaway condition, and the car and its occupant are now Unrecoverable – they will be smashed and killed, respectively.
Any Business-Technology Weave, and any measure of it, is susceptible to unrecoverable situations. Enron became unrecoverable. The specific case tracking system, VCF, of the FBI’s found itself in an Unrecoverable position. A nation can be Unrecoverable.
Understanding IDRU’s “value”: As we will shortly see, when Unrecoverability imperils nations and societies, there can be no good reason to risk even the beginning of IDRU: Inadequacy. As everything starts with awareness, we must push on in our discussion to remove the inadequacy of awareness: The whole concept of IDRU, and its inclusion in this book, is driven by relatively new mainstays and awarenesses regarding Unrecoverability. Asymmetric threat is aligning itself with the capability to deliver catastrophic harm. There is an infinite, and expressed, will to do this. Further, within IDRU, we must consider:
¨ Unrecoverability can manifest itself across an entire Nation – crashing its basic existence.
¨ Unrecoverability on this large scale can happen in an instant.
How?
The Threat of Electro-Magnetic Pulse (EMP)
Our concept of Unrecoverability aligns with some realities that have already emerged: existing means of accomplishment; the will of those who wish to accomplish it; and inadequate recognition of the threat. Hence, there is no real plan, project, definition, and solution to thwart those who are working at this moment to deliver Unrecoverability. This lack of recognition, and the risk associated with it, falls not only on ‘government,’ but also on each of us. So too will responsibility.
The easiest means of defeating a modern country - a country that relies on a Business-Technology Weave at the highest, lowest, and broadest levels - is through an Electro-Magnetic Pulse attack. An EMP attack could be something as simple as a scud missile carrying a single nuclear warhead. This missile need not be accurate for any specific target. It need only be detonated at a suitable altitude: the weapon would produce an electro-magnetic pulse that would knock out power in a region – all power.
Not only would some measure of a nation’s power grid be out, but also generators and batteries would not work. There would be no evacuation of affected areas: Cars would not work, and all public transportation would be inoperable. Even if trains, planes, and other mass transit were operable, the computers that enable their safe use would not be. This would be due to the loss of all electronic data, rendering all computers useless. There would be no banking, no stock market, no fiscal activity of any kind, and there would be no economy.
Hospitals would fail without power. There would be no electronic communications: no mobile phones, no land phones, no e-mail, no television transmission, nor even radio. There would be no refrigeration of food, which would quickly rot to become inconsumable. Potable drinking water would quickly be expended, and the means to create more would not exist. Fires would rage, since the ability to deliver and pump water would be virtually nonexistent.
No Federal Government would be able to govern – nor would any State or local government command any control over events. No police department could be able to know where events were happening requiring response. Priorities would be non-existent. The only actionable situations would be those in a direct line of sight. The Military would not be able to communicate. Hence, there would be no chain-of-command; no control. Scattered commands and units would soon begin operating autonomously in the vacuum.
The affected society, on all levels, would be sliced and diced into small groups and factions hell-bent on survival – the situation would be an almost immediate chaos. As we’ve seen during New Orleans and other disasters, breakdown of the social order is rapid and deadly. In this circumstance, it would also be prolonged, and possibly permanent – until the arrival of an enemy control. Imagine, if you will, a peak, sustained, Katrina/New Orleans disaster, coast-to-coast.
An American Perspective
A Grim Knowledge: In America’s case, a “burnout” of large scale, created by an extensive EMP attack, would create damage to equipment that takes years to replace. Today, there are massive transformers in our power grid that are no longer manufactured in America. This represents a very wide divide: the conduct of business on a crucial support structure - that has no ready replacement in the event of failure. These transformers can take a year to build – they then have to be transported, delivered, and installed.
At a recent Senate subcommittee hearing on the threat of EMP, scientific testimony yielded this statement: “The longer the basic outage, the more problematic and uncertain the recovery of any [infrastructure system] will be. It is possible – indeed, seemingly likely – for sufficiently severe functional outages to become mutually reinforcing [emphasis added], until a point at which the degradation… could have irreversible effects on the country’s ability to support any large fraction of its present human population.” This should sound familiar. This is Runaway, resulting in Unrecoverability.
Here in America we also have to recognize that a nuclear-generated EMP attack can quite easily be mounted so as to affect the entire continental United States, parts of Canada, and parts of Mexico. An EMP attack would not kill many people outright. However, the comprehensive wallop of systems disablement would ripple and self-reinforce, having been characterized as throwing any receiving nation back to the mid-1800s. But, people in the mid-1800s relied on paper for records; horses and buggies for personal transportation; operated and maintained sewage and water systems without computers; fed themselves largely without refrigeration through local production of food; had not yet built reliance and vulnerabilities on comprehensive, instantaneous communication; and were in the middle of a reasonably ordered, stable, and progressing society.
Throwing today’s America, or any industrialized country, instantly back to the mid-1800s will result in a catastrophic loss of all social order. It will also make that country a “walk-in” for assumption of control by others.
The threat of an EMP attack is a real risk: a part of where we are.
National Security: ‘Where We Really Are’
In knowing where security stands, it is helpful to consider some statements from leading representatives. Congressman Roscoe Bartlett (R-6-MD), Chairman of the House Projection Forces Subcommittee, stated on his website:
…America is vulnerable and virtually unprotected against a devastating EMP attack [emphasis added]. That’s the bad news. The good news is that we can significantly reduce both the threat and impact of an EMP attack with relatively inexpensive steps that can be taken in the next few years [emphasis added].
The Congressman’s website does not detail a solution to the threat of EMP; rather, noting that we must develop “insurance” against the threat, and to “reduce” its impact once already occurring. There is no suggestion of a mission or a project here. Prevention is absent.
There are also those in government who propose guarding sensitive equipment from EMP attack by building some equipment to new “EMP proof” standards. For example, Senator Jon Kyl (R-AZ), Chairman of the Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security, states:
Fortunately, hardening key infrastructure systems and procuring vital backup equipment such as transformers is both feasible and – compared with the threat – relatively inexpensive, according to a comprehensive report on the EMP threat by a commission of prominent experts. But it will take leadership by the Department of Homeland Security, the Defense Department, and other federal agencies, along with support from Congress, all of which have yet to materialize [emphasis added].
Here we may sense a “false solution,” as explained shortly.
The Best We Can Do? These statements seem representative of the Federal government’s posture. Recognize that these are the government representatives who are proactive, and leading, voices on EMP (comparatively speaking). In other words, they represent our best at the moment. What can we glean from these statements?
¨ The limit of hardening “key” infrastructure: Some infrastructure is left out of EMP protection. Just as during New Orleans, there will be the perception that certain areas were left off the protection grid according to some devaluation of human life, or through a prioritization of certain regions’ protection over others. Indeed, some areas will be left out, partly based on prioritizing others, in order to protect food stores, water, larger populations vs. smaller ones, and so on. In any event, the difficulty will be how we set the standards for whom and what gets protection, and whom and what do not. Recognize that following an EMP attack, “key” priority infrastructure assets will be like unstrung beads: some areas will have power, many won’t – and all that goes with that.
¨ The threat has been characterized by people in government, as well as Science, as being now. The “solution” could be ready in “the next few years” (assuming immediate start, and a perfect project). Government’s estimation of the threat and ‘solution’ yields a divide that is difficult to exaggerate.
Because the divides are so large, and the consequence so dire, let’s direct our focus to this: there is a tremendous inadequacy here on government’s part in the face of this threat, and our current response to it. Given the stakes, we are already too far into IDRU.
Where We’re Going: Unmanaged Possibilities become Probabilities
Government has shown that it has difficulty handling emerging threats, where they are most “affordable,” and where the lever is on the side of efficiency, effectiveness, and prevention. Government typically handles threats on the “back side” – post-catastrophe. Even if we consider the war on terror to be proactive, we have to acknowledge that the war’s existence is a response - a post-trauma event. There was no overarching proactivity that escalated, moved ahead of, and thwarted, the gathering threat of 9/11. Further, the creation of the Department of Homeland Security did nothing to help secure New Orleans: pre- or post-Katrina. Will this repeat? Consider:
¨ Government’s current ‘solution’ to EMP requires coordination between agencies that have so far failed to demonstrate adequate leadership, standards, and cooperation – in spite of escalating disasters. Even a new agency, specifically designed and tailored to overcome these failings, has itself failed recently - that of Homeland Security. Congressmen Kyl and Bartlett’s statements, and the conclusions of the EMP commission, tell us that government knows of a dire, manifest, and fatal threat, but leadership and support has not materialized within the primary government bodies for taking action against this threat.
¨ The ‘solution’ does not prevent EMP attack, nor discuss prevention as a desirable, a considerable, or a possible. Because prevention is discounted, or dismissed, it has been devalued. We have crippled our chance to “zero-out” risk right at the starting gate. There is talk of “reducing” the threat (not eliminating it), and talk of reducing the “impact” of EMP.
Going forward, we must also ask: Is it affordable to trust loose standards and the dubious “success” in reducing threats and impacts (whatever that may mean), to a general populace’s uninvolvement? We don’t even know when these diminished “successes” are to be delivered on their behalf.
When we talk about prevention here, we must truly know the stakes: As in the loss of New Orleans, a “cleanup” after EMP will be exponentially more difficult, expensive, and in that case potentially impossible – as compared to the simple act of prevention. In the case of a large EMP burst, there would exist no national or large geographic unity. Society would plunge into war between those divided: Ones with power, food, water, shelter – and those without. It is quite possible that all would be without.
No Shortage of Divides
On the Precipice of a Runaway: New York City took action recently to warn the public of a possible subway attack. They also boosted their transit security based on intelligence they received regarding this potential impending attack. Based on this same intelligence, the Department of Homeland Security did not agree that a public warning was necessary, and did not find the threat “credible.” This divide is stark. We must have an adequate awareness that the divide between Federal, State, and local authorities continues to evidence itself.
In the course of the recent New York subway action, it was reported that New York City has its own “CIA.” New York maintains a foreign intelligence agency, with agents in over a dozen countries. This represents inefficiency and a huge divide – although that’s not to say that this isn’t necessary at the moment. New York may have good reason to budget and staff its own “CIA.” However, this is an overlapping mission with the nation’s Central Intelligence Agency. There can be no good reason for New York to have its own foreign intelligence agents, other than the divide of mistrust: NYC does not trust that the Federal Government can collect and impart the necessary intelligence in order to help New York remain secure.
Whether New York’s agents are “empowered” to take action beyond intelligence gathering is not known here. However, given what we do know, we have an extreme risk of competing, duplicitous systems. If New York City feels that they cannot rely on Federal resources to do the job overseas, how will they trust them, share information with them, and prevent protectionism and jealousy? How can Federal and City agents pursue the same sources, and not step on each other’s toes? Realize too that NYC tax dollars that are supposed to apply locally, are now being applied against the same requirements that Federal tax dollars are. This overlap is an inefficient use of resources all around.
When we consider that NYC and the Federal Government each have foreign intelligence agencies, and when we examine such things as the FBI’s challenge in tracking and leveraging information regarding terror, we can readily see efforts that are not efficient. Government efforts are not producing the best return on investment, and we are entitled to examine whether or not we can really afford that. In the present model, America is just a few disasters away from a condition of ever expanding efforts, and ever diminishing returns – perhaps only one.
Government is deliberative: it moves with deliberation and caution. While this deliberateness is a strength in most circumstances, it is not a strength when facing impending, agile, threats.
Today, government is spending an inordinate amount of time and resource “going back” to fix the last failure - removing precious time, attention, and resource from the imagination and proactivity of going forward. With both the implied and stated discount for prevention, we can only assume that an escalating set of attacks will ensue, with the attendant “look back” to see what went wrong. When this is paired with increasing recovery efforts to ever-greater impacts, we can fairly predict the ensuing stagger in attempting to move forward in a meaningful state of security.
This model of address presents a very readily seen gateway to Runaway. Without the adequate awareness and activity on the front edge of threats, we can easily “connect dots” and see that Unrecoverability could be right around the corner.
True Understanding of ‘Where We Are’ Yields the Right Question
– and An Answer
We know where we are, and based on that the right question is this:
“How do we create an avenue to results, as delivered by collective common sense, for purpose of collective security?”
This is an interesting question. It can have different versions (Just as our “Does this move business forward?” question did: “Does this have business value?” etc.). For the individual, it translates as “What do I do, and where can I do it?” For the organization, the question is, “How do we exercise meaningful DAPR in a volatile world?”
We must fully understand the need for the above question (and its versions), in determining the correct answer for getting to where we need to go. The necessities for the question, its answer, and resultant action are well exemplified by any government’s inherent inadequacies:
Government alone cannot secure us in today’s world. Government has already asked each individual person for his and her help. Security now is a sustained, progressive, grassroots force that is an obligation to be leveraged by all who would be secured.
The Real Responsibility: As we project the loss of New Orleans, for example, onto the screen of a maximum national drama, the finger would have to point back at you, the reader, and me. Therefore, we must now recognize that there is not a one of us who can afford to risk a society’s Runaway and Unrecoverability to some half-measure of awareness – on anyone’s part.
Poorly managed governmental, or any other, half-measures are the Inadequacies and run-ups to Disaster that will precipitate Runaway and Unrecoverability in today’s world.
An Answer
One answer may well be a network of teams. We’ll call each team a Business Security Team, or BizSec. In addition to BIT-like attributes, and awareness of success culture values and standards, plus deep appreciation of security requirements, BizSec will need a public profile, and true influence. BizSec will be proactive, and preventative.
The Stake: We, as individuals, have at our disposal ‘the organization.’ As individuals, we may not feel that we have much leverage in our current discussion. However, our places of business can and will. Because any organization’s security is wrapped in the larger public vulnerability (just as the individual’s), the organization - every organization – has a stake in the security of its public surroundings. Appropriate individuals can make contribution to their organization’s larger BizSec contribution.
The Qualification: Too, the organization has been forced in recent years to accommodate the safety of its personnel in a whole new way: some have ‘safe rooms,’ some have stockpiles of food and water, and organizations are exploring their burden and liability in advising personnel on actions during emergencies (whether to stay put, or leave, for example). Most have plans for staffing during emergencies. Increasingly, the organization must know how, and must maintain the means, to communicate as best they can with civil authorities during emergencies, so as to best advise employees.
These sorts of qualifiers for the organization’s interest and activity regarding public security correspond with existing models and means for all kinds of other activity: Unlike any individual, the organization has tremendous resources in outreach, liaising, constructing and reporting. The organization has contacts in governments and other organizations; has ability to plan, to schedule and to administer meetings; and has the ability to weigh and judge results based on business needs and associated metrics. These abilities translate to many parallel things within large scale security.
A Voice: Every organization needs to consider having some kind of “security voice,” and therefore influence, at a larger table. This table is external to the organization, and is made up of representatives from other organizations in a defined locality. It should have as its focus and agenda an overriding objective for helping to define public security requirements and solutions, while at the same time holding people accountable whom are charged with the public’s protection from harm.
A Team: This almost surely has to be a new team, as recent and past evidence suggests that local security’s vulnerability to large-scale harm is not being addressed in accordance with true needs; either locally, at State, or National levels. The consolidated concerns and best ideas, as collected and developed at the table, from this team of organizations would roll up to a city or county agency, or commission, that is tasked with disaster prevention and preparedness. Ultimately, these concerns and ideas would roll up to State and Federal level awareness, helping to define and evolve a National DAPR posture (in accordance with IDRU-driven considerations). Accountabilities would be determined for each level of BizSec effort and anticipated results.
An Influence: Your organization’s representation ensures that your economic and physical security concerns are represented, and leveraged with other organizations’ concerns. At the same time, you bring the requirements, leverages, and lessons of the Business-Technology Weave to bear at that table. BizSec is a diverse set of people, from various backgrounds and experiences, from diverse organizations.
BizSec
BizSec will help us to our destination by closing a divide: BizSec will help to create a comprehensive public security system that matches the local organization’s DAPR.
In order to make a difference, any BizSec that we’re defining here will need to move the business of security forward in a real sense, constantly and consistently. All of the things we’ve discussed in maintaining Business-Technology Weaves will apply. We should not need to re-examine those here, but simply realize that a BizSec team will be patterned after the BIT model that we’ve established for any organization – in order to bias energy toward closing divides, directing purpose, and achieving results.
However, where BizSec will differ is that it will need a public profile, so as to assume a mantle of public power and influence. Local BizSec teams can announce themselves to local newspapers, so as to gain exposure through a featured article. They should gain television exposure, and will. Local BizSec teams, once structured and positioned, should have leverage and influence because they are the business community: that is significant stake influence, and power. They can align themselves into a National Association of BizSecs. This is the self-interest of business: to secure public safety on behalf of its own safety – therefore BizSec, once existing, can make a difference.
BizSec will be efficient in that it will only require a few hours a month from its participants, as the agenda is planned and exercised. What would BizSec do? Let’s consider the New Orleans BizSec, and the job it “did” in the winning of New Orleans’ security against Katrina and negligence. Far from a 20/20 hindsight exercise, many people knew about New Orleans’ peril.
The New Orleans BizSec Team: The New Orleans BizSec team has identified the levees’ problem in simple, stark terms. The levees’ inadequacies have been well-known, but the information has been ignored through the years, and “sheltered” by those who would rather not address the problem.
But now this overriding security breach has been well positioned in that locality’s collective consciousness through the BizSec Team’s due diligence, in accordance with their charter: A BizSec report is available on the web, is in local libraries, has been in the newspaper along with relevant reportage, has been profiled on radio and television, and the citizenry are well-informed. Because this is a “Sword of Damocles”-type issue, of impending, complete, and guaranteed catastrophic harm people are waking up, thinking: “this levee thing is making me very uncomfortable. What can I do?”
In this climate, the BizSec team and their allied resources make it their primary business to lobby and call to account their local, State, and Federal representatives - until the levees are the top priority construction project, and underway. In this manner, people – any and most people – are spurred to some kind of action in order to remove an escalating discomfort - in order to prevent a catastrophic disaster. Whether that’s lobbying, letter writing, a vote, talk-show appearances, establishment of public address forums, or other involvement, we can see that activity will “level” itself according to the quality of awareness and size of the threat – once there is a supporting structure to deliver concerns and force action on the part of those in seats of power, influence, and trust.
In New Orleans, a BizSec team would have defined New Orlean’s overall security as virtually non-existent. Further, it would have been in Business’ interest, and everyone’s, to juxtapose a proactive $30 billion levee upgrade project against a $400+ billion recovery of a lost city. Hopefully, too, this team would feel an overwhelming obligation to a simple value: that of human life.
Further Value in BizSec: To truly understand the value of this, and the need, let’s examine something else: It’s interesting to note that no one has asked why the Department of Homeland Security hadn’t “connected the dots” before the New Orleans disaster and facilitated a solution to its vulnerability. All factors were known well for decades, and we can safely presume that a major American city, in an ongoing, precarious, security posture – at risk for total loss – would be a large profile target for a Department of Homeland Security.
Perhaps we can make allowance that DHS was concentrating on terror vulnerabilities – and yet – New Orleans was lost. It was lost just as surely as if it had been blown up. Here it should be easy to see that a local team of BizSec would make no distinctions of threat’s source: Security is security.
Here, we should pause to say that BizSec’s purpose is not to sustain a permanent state of “scare.” To the contrary, BizSec’s purpose is to bring peace of mind through the established state of best possible security. A solid BizSec posture will bring confidence by delivering the means to control and emplace true-value security. When we define actions for purpose of directing outcomes, we lower stress. However, in achieving peace of mind, BizSec cannot collude in a false peace of mind. It is in circumstances of plainly understood threat, with readily seen solution, that BizSec must go after.
Furthering BizSec: Another powerful aspect to BizSec can be its ability to rate a local state of security on a scale, according to established categories of safety. This can help businesses to size their insurance, and their various scales and balances of organizational preparedness. BizSec can stay abreast of law and rulings regarding Business’ obligations to employees in the face of disaster, and can help businesses plan their own DAPR postures.
A community’s BizSec team can collect the public records of any agencies and persons who inhabit positions of public trust, and assemble their relevant stance on community security. Relevant agencies will benefit from a public oversight, and any agency or individual in a fulcrum position regarding public security should be rated against all others.
This way, BizSec can rate communities according to their present security postures and awarenesses by collecting and assessing this information. All of the information collected by BizSec will represent managed content. This is where our understandings can leverage to tremendous purpose: any concerned party can access information concerning their community’s overall position and participation regarding security, and they can measure any functionary’s or agency’s awareness and activity against any security issue. BizSec can make this information available to the public on its website, through reports accessible in local libraries, and in public forums, such as community meetings. Therefore, we can leverage any general public’s concern through the lever of a collective of organizations.
BizSec = Privatization? In helping government, BizSec could almost have the mantle of privatization. However, there would be no direct profit component; BizSecs in and of themselves are not profit-making entities. Government wouldn’t be ceding the ownership of anything, other than certain responsibilities. Government would possibly extend greater information and levels of control to qualifying BizSecs. The profit would come to government in offloading a certain amount of the burden for creativity, agility, and efficiency in addressing all of the pieces of national security’s aggregate local components. BizSec’s profit would be a direct influence on the nature and level of security resources to be dispensed to the region, based on qualified, locally identified threats and conditions. Depending on BizSec’s ultimate operational role and scale of participation, this could be a powerful Weave across a nation’s security requirements.
BizSec Is Not A Panacea
BizSec teams are not a total ‘answer’ to society’s security. They may be the final 5% emphasis that’s lacking in putting the picture in place, and in securing the whole. Or, they may simply be a fertile ground from which springs a nation’s best hope for generating entrants to public office and other areas of service who possess proper awareness (and will do something real about today’s security divides).
We also have to realize that there will be issues of security that will, when properly addressed by government and society at large, put a “tax” on business, so to speak. There may also be issues within certain security needs that go against the political grain of some organizations and individuals. Issues like those may be resisted by certain organizations within specific BizSecs. However, if we seek the most diverse representation possible within our BizSecs, we stand the best chance of a fair evaluation of risks, threats, and solutions. At the very least, we can certainly get all facets of issues into a focus of awareness. That awareness alone helps; eliminating inadequacy of awareness is the first step to a more comprehensive security posture for the at-large Business-Technology Weave.
Today’s Adjustment in Thinking – If Business and Technology Lead, We All Follow
If your business were moving from the middle of the country to a hurricane zone, you would hopefully consider altering and tailoring your security awareness and activities. Any enterprise would have to provide protection to its business against a new standard of threat. You would have to now consider a new scale of potential wind damage. Would this influence the sort of building you’d inhabit? You would have to consider and enact flood control around your premises where possible. Would you make special accommodations in equipment for the increased risk for the loss of power, and for the sustained loss of power? Would you perhaps begin to participate in your locality’s larger, surrounding, security efforts – ones that would help protect and guard your community, and therefore your business? Would you contact BizSec for information and help?
All of us are moving into a “hurricane zone.” That hurricane zone is one of directed threat from extraordinarily large forces, wielded by the relative few. The “weather” is changing rapidly, and we need to strengthen our shelter. It is beyond prudent - it is a looming responsibility for the individual and the organization to become involved in the new security realities that have direct bearing on individual, organization, and nation alike.
No Nation can afford to mount the grandest False Solution imaginable.
An expectation for a government solution is faith in a ‘false solution.’ Government has already asked for our help: our “vigilance,” and our reportage of suspicious activities. Therefore - if we don’t help government - we straddle the divide of reliance without corresponding assurance, conviction, and trust.
Until now, public questions and even public blame have not contributed to a solution to today’s ‘what’s at stake.’ It poses no solution to point the collective public finger at the comprehensive diversity in those who failed during New Orleans: Homeland Security. FEMA. Republicans. Democrats. Black representatives. White representatives. A President, a Governor, a Director, and a Mayor. And, whomever else the public squares in its sights, while somehow hoping for better outcomes.
These represent a broad spectrum of the specialists and representatives charged with the resources and power to deliver success. Regardless who populates these agencies and positions, we risk failure right up until, and through, our exposure to the maximum national disaster – unless - a grassroots effort addresses the present inadequacy.
¨ The World Trade Center was bombed in 1993. It was destroyed in 2001.
¨ It took four days for delivery of Federal aid to Florida after 1992’s Hurricane Andrew. It took even longer in post-Katrina New Orleans.
No Divide: Comprehensive Failure, on Comprehensive Cycle: Because today’s security-awareness and associated burdens are so different, and changing so quickly, we cannot fault government, per se. Blaming ‘government’ for its cumbersomeness relative to today’s fast-breaking world realities would be like blaming the desert for having no water: it’s the immutable nature of the situation. Thus, we must recognize that as things stand now, these same agencies and systems will fail us again: no matter who populates them, and no matter what we call them:
We need improvement on security to be a one-way ratchet – ever better, ever more comprehensive. Security cannot be a one-step forward, one-step back outcome. In fact, in determining where we truly are, we should consider this question regarding EMP that casts today’s situation in bare terms:
Representative Roscoe Bartlett, R-MD, has asked,
“Will government and industry heed the recommendations of the EMP commission? Or will the pattern of America’s growing vulnerability and collective denial by our leaders repeat, until, as with Pearl Harbor and 9/11, an unimaginable catastrophe teaches us the hard way?”
Here we ask: Teach us how to live in an 1800s society?
Or worse?
Repurposing Past Examples
From past examples, we know that we can do many things thought “impossible” by the many. When the few stand up, stand firm, and work to expand their numbers, we succeed. We can mine these past examples as “content,” and repurpose that content: We can look to lessons from the Civil Rights Movement; we can look to the Wright Brothers; we can look to the moon landing. What we take from these lessons is that objectives that were deemed by the majority to be unlikely or impossible, were achieved.
We should be able to look to how those people of the past brought about changes in hearts, minds, and systems – and now leverage that knowledge for today’s challenge. As America’s past has shown, and many others, any stated goal that is ethical, meritorious, and of supreme importance, is achievable. The goal or objectives do not have to be convenient.
- AfterWord -
___
The Big Conundrum – The Simple Solution
___
T
he Conundrum is this:
Unrealistic - But Necessary - Expectations.
This statement seems to be contradictory. However, those four words describe business very accurately in many organizations. How?
All business environments, at all times, find themselves in positions of need. The needs generate expectations: of fulfillment. However, many organizations find that they cannot realistically deliver on these needs in an effective way: they have not built and maintained the standards necessary to deliver.
Needs now pop up faster, in ever-greater volume, and needs will require ever-quicker fulfillment than they did in the past. Most organizations are qualified to deliver on the last set of needs; in accordance with their past “character,” and as things existed at the time of the last “major initiative.” As the unqualified organization struggles to deliver on expectations for emerging needs, it often finds that it fails, and starts over – any number of times as are necessary to getting things right.
To the organization that doesn’t maintain its Weave appropriately, or even understand what the Business-Technology Weave is, this reality has the appearance of an unmanageable acceleration. Going back to the FBI: they failed to qualify and emplace appropriate IT leadership, and they failed to process business and technology planning in an effective arena. They failed to maintain their infrastructure, their standards of project management, and their overall understanding of technology’s fit to business. They had no combination of vision and pragmatism. Within that “where they were,” they mounted their VCF initiative: They could not have understood where they were trying to go, because they had a broken route. They were not qualified for change, thus their expectations of success at the outset of VCF were unrealistic. Yet, their expected “change” was absolutely necessary. A condition of very ‘necessary’ but wholly ‘unrealistic’ expectations.
Like many organizations, they did know that they had to go “somewhere.” The present was not working according to today and tomorrow’s needs. For any of your organizations, we know that without a strong Business-Technology Weave, your present will begin to fail today and tomorrow’s needs. We can see potential pain, futility, and danger in what is the ultimate divide – one that is in fact, infinite: Unrealistic, but Necessary, Expectations. This divide leads to Runaway and Unrecoverability. In these circumstances, waste just might waste you.
We can plainly see divides now, and we can understand what makes so many business-technology endeavors go wrong. We also know what makes them go right. Everything in the chapters above supports and helps you to maneuver to an appropriate Business-Technology Weave, and to its best maintenance going forward.
I hope this book helps those who find themselves struggling to align business and technology, and to weave it to best purpose. Weave it to real world standards and values. The sooner you get a comprehensive handle on all areas of the Weave, the sooner you can employ the principles in this book to closing divides within areas, between areas, and the sooner you can maximize the entire woven environment’s return for best outcomes.
Find out what you need in your organization, and join the larger collective of the true Business-Technology Weave.