TechnologyPaul McAleer

Kicking the dog at Christmas

TechnologyPaul McAleer

This post was anonymously written as part of Blog Secret Santa. There's a list of all Secret Santa posts, including one written by Paul McAleer, on Santa's list of 2014 gift posts.

The kids are asleep. Tired parents settle in with wine and instructions that would slay an Ikea engineer. Do we even HAVE D-cell batteries? The bicycle instructions assume a foreman's toolbelt - these will never be ready! Dozing by the fire, the family dog senses the mood, and discreetly pads upstairs, away from the tensing primates.

One way to spot dysfunction in a family may be to gauge how the pets are treated by the humans. I was going to say children, but animal abuse crosses generations. Frustration and an inability to cope leads to lashing out against something more within the control of the angry and frustrated human. These are profoundly unproductive strategies in dealing with stress, not to mention criminally horrible for the animal.

Today's reason for typing, however, has nothing to do with animals or dysfunctional families - but a topic of recent interest: cybersecurity. Dermot Casey opined on Twitter that the recent hack on Sony involving the (likely insipid) movie "The Interview" was 'a Snowden moment for the private sector.' Profound, that. Consider. The private sector now understands how a business can be disrupted, utterly, when a hack targets deep secret programs and - unique in this Sony case - persons. 

Storytime! 

Once upon a time, a federal agency deployed a portal for one of their divisions. Entirely within the firewall, as most portals were then, which always made it difficult to show prospective clients examples of portal work. "Can you show me a live example of one of your portals?" "No, because they are all behind firewalls and it would be illegal." The answer should have started with the ethical barriers, but the physical ones always came to mind first. 

Unfortunately, this particular agency suffered a potential loss of information when a contractor's laptop was stolen out of his vehicle. The contractor was supporting an entirely different division, worked for a company other than the one who helped assemble the portal - but the loss of citizen Social Security Numbers was a scandal that demanded a response. Among the first responses: an order to shut down that portal. The portal located entirely within the firewall, that had no evidence of compromise. As related to the laptop theft as Justin Beiber is to the dynasty of Lesotho. A frustrated kick to an utterly unrelated project.

The response to the public sector "Snowden moment," and the Wikileaks moment before it, includes questioning the information sharing initiatives that were launched across the intelligence community and the Department of Defense following 9/11. If we return to stove-piped information silos (a.k.a. "cylinders of excellence"), then the next Pvt. Manning or Snowden would not be able to wreak their levels of cross-agency damage. There may be some minimal truth to this, so perhaps the dog-kicking reference is frayed here - but such regression is ultimately self-defeating. The legitimate rationale for information sharing survives, and reversing these initiatives must be justified against the 9/11 Commission Report findings.

In the new world of work, connectedness and transparency provide competitors and malcontents with weapons previously unknown. We have come a long way from the resistance to early intelligence efforts in the beginning of the 20th century - “gentlemen do not read one another’s mail.” Now, with information the currency and data the lifeblood of organizations, everyone’s mail will get read by unexpected parties. However, returning to a risk-averse, build-the-wall-higher mindset appears to be a doomed strategy. There is too much to be gained through information theft, and motivation to scale the walls will persist. Returning to some 20th century strategies that predated global connectivity sounds like someone trying to sell a better buggywhip to Henry Ford. Many dogs will be kicked, I fear, before we settle on an effective practice of security in the new age. The new age calls for new thinking - old security tropes will not suffice against new threats.

So this Christmas, let the sleeping dog lie. Reject the knee-jerk response (pun intended), and consider creative responses to the challenges that lie ahead.