Cyberwarfare – a real threat or an over reaction?

There’s been a flurry of resurgent interest in cyberwarfare in the last couple of months. It’s clearly a topic that we as citizens should take seriously, but there’s a strong temptation to dismiss it as science fiction. But as architects it is a topic we should perhaps take very seriously indeed.

Like most people of my generation war has passed me by. It’s a matter for professional soldiers, not for the man in the street. But Cyberwarfare introduces a fundamental shift insofar as the war is more likely to be waged against a nation’s infrastructure, its banks, power and water utilities, logistics infrastructure and so on; quite possibly waged by anonymous perpetrators whose aims are to seriously destabilize another society.

My interest was sparked by the Economist article of May 24^th (Cyberwarfare, Newly nasty. Defences against cyberwarfare are still rudimentary. That's scary). By sheer coincidence a couple of weeks ago I picked by Michael Dobbs book The Edge of Madness. I like Dobbs’ highly realistic political thrillers, and this one is no exception.

The Daily Telegraph said “Dobbs, best known for his political trilogy House of Cards, and for being a former adviser to both Margaret Thatcher and John Major, is a master at seizing straws in the wind and building a bonfire with them. He has found enough straws lately to ignite civilisation's funeral pyre. An unexpected entry on his wife's credit card statement, suggesting she'd been gambling on the internet, propelled him towards The Edge of Madness, his 13th novel. . . . You don't need the wiles of a computer hacker to see that Michael Dobbs may be on to something with his fictional prediction of a cyber-war in which one nation - in his scenario, China - reduces every other to economic rubble by tampering with the global electronic life-support systems.”

This led me to reflect that our de facto approach to security architecture is obsessed with access – identity, authentication, permissions, rights. In the SOA world many have moved beyond the fortress model, but the primary advance made is to apply the same old checks at a finer grained level. So what’s to stop an intruder able to get past the screens wiping bank balances en masse; scrambling demand and supply data for power grid supply, publishing personal details of prison officers, corrupting aircraft maintenance records and so on. The scary thing is that the motive is not profit, it’s simply to destabilize and cause terror. For how many weeks will your civilization persist without electricity, gas/diesel/petrol, food supplies and money?

If we are to take this threat seriously we have to rewrite the book on security. We have to work on the basis that threat assessment is not based on criminal intent, rather on calculated attempts to cause chaos.

Of course the service architecture is inherently suited to this purpose. We tend to promote separation as a means to enable agility, but it “could” also be a key defensive strategy.

Over the years CBDI has identified a number of patterns that perhaps show us the way.

- I have advised numerous banks over the years on real time, independently provisioned pre and post conditional audit operations.

- we also developed the idea of a disruption tolerant service network, where meta data is collected independently to track the status of say a logistics system, in order to advise end user on the real system status

- a couple of weeks ago we came across the concept of forensic operations. The idea of, again independent operations that collect meta data that can be used to investigate abnormal events.

This class of pattern, and once we put our mind to it we will surely discover many more, is clearly not used systematically by many organizations. Perhaps the time has come for one of more independent businesses to provide such services. But without a clear and present danger will anyone spend money on prevention. The cynic may say, "the banks have already done a good job of screwing up our society, why would other countries bother?"

Yet, the requirement for this form of defensive architecture is actually increasing. We are all aware of the event driven, smart systems architecture, many applications of which are focused on critical infrastructure such as power and water.

I am reminded of the devastating floods that occurred last November in Cork City. Faced with unprecedented rainfall upstream, the Electricity Supply Board were forced to open the Inniscarra and Carrigadrohid dams to release large volumes of water which, with little warning, inundated the city. In this case the dam was operated under manual control, but there is strong interest in automating systems such as these in order to better manage the flows. Just imagine if hidden code were placed by a developer, perhaps to be executed years in the future when particular water conditions arise, in which dam managers are provided with erroneous information that caused them to repeat the disaster? In Dobbs fascinating novel he uses this pattern extensively – not complete, immediate systems failure, rather a divergence of reported data and reality.

I would be very interested to hear others experiences and views. Tell me you already scan inhouse, outsourced, offshore developed code for hidden bugs; that you have self checking operations that prevent malicious operations . . . .

Cyberwarfare, Newly nasty. http://www.economist.com/node/9228757 [note this is premium material.]

The Edge of Madness', by Michael Dobbs (Simon & Schuster 2008)

Outsourcing Madness

Recently I wanted to alter the regular premiums of a pension policy I have with a very well known company; a simple transaction you might think. After 4 months of delay and much correspondence, I received a letter from the said company saying “their systems were not working because of their offshore partner, and they were unable to do even the most simple transactions.” They apologized profusely and promised to fix as soon as they could. Three months later they have now solved the problem as far as I am personally concerned, however my guess is that as a company they are still completely screwed up. Certainly to admit internal problems in this manner suggests at the very least a failure of policy and management.

It just so happened that by sheer coincidence I consulted to this very same company a couple of years ago. At that time the engagement, to assist in establishing SOA reference architecture and process, was curtailed because the organization was in complete chaos. They were offshoring huge chunks of their core business in what looked like a mad panic in order to radically reduce costs. My observation was that uninformed business managers, over promoted because of their aggressive management style were riding roughshod over highly experienced professionals and managers and demanding results in impossible timescales; handing their problems over to naïve overseas companies who were happy “to bite off more than they could chew” because they didn’t understand the awesome complexity of the core business systems.

In this process the company destroyed years of organizational intelligence and knowledge.

Is this situation unusual? Not in my experience. Over the past couple of years I have observed numerous companies taking extraordinary decisions of this nature. Perhaps the most incredible was the one that eliminated an entire EA function because it delivered no short term ROI and the offshore partner would be able to undertake project architecture as required!

Yet outsourcing has become for perhaps a majority of larger enterprises, the de facto business operating model. A couple of years ago I wrote up the insightful experience presented by Denis Hageman[i], in which he described how his then company ABN AMRO grew their outsourcing capability over many years. In that process they discovered that outsourcing is a complex management task and required dedicated attention to deliver on what often looks like easy cost savings. He described a journey, not a quick fix.

For all these reasons I was interested to discover that Carnegie Mellon and its spin-off company ITSqc have created a capability model for what they refer to as eSourcing. CBDI members will know we have long been advocates of capability management as a means to managing complex change and the eSCM[ii] (eSourcing Capability Model) is a valuable contribution to this discipline.

This month I have published an article on eSCM. In the report I draw the conclusion that the eSCM is a useful model, but that it is probably too generic and too broad for most organizations because it attempts to provide a generalized model that can cover all forms of IT enabled outsourcing. I wonder how the challenges of call center outsourcing can be similar to IT program and service delivery? They can be at a very superficial level of abstraction, but a useful model needs more granularity, and therefore tighter domain focus.

In my report I explore how eSCM might be extended and detailed by integration with core aspects of SAE and ITIL which I believe can create useful practice guidance. This is an exploratory work and I will be pleased to hear members’ views and particularly any experience with eSCM for IT services delivery.

Outsourcing is not an inherently flawed strategy. Quite the reverse. But used as a tactical strategy, in the wrong hands; without due care and attention, outsourcing may be a highly dangerous strategy. We badly need better practices to make it work reliably and to provide a benchmark for providers to certify themselves and client organizations to make assessments and manage the relationship.

---

[i] How to Stay in Control of Outsourcing, Denis Hageman, ABN AMRO

http://www.cbdiforum.com/secure/interact/2008-06/enterprise_architecture_europe_conference_notebook.php#session_2

[ii] eSCM http://www.itsqc.org/