Getting To Swift Cyber Justice

Destroyed_computer

The first Department of Defense Strategy for Operating in Cyberspace is out (July 2011).

Of course, like the plans that came before (e.g. Cyberspace Policy Review), it emphasizes the imperative for cyberspace protection. Some highlights:
  • DoD is particularly concerned with three areas of potential adversarial activity: theft or exploitation of data; disruption or denial or service of access or service…, and the destructive action–including corruption, manipulation, or direct activity that threatens to destroy or degrade network or connected systems.”
  • Cyber threats to U.S. national security go well beyond military targets and affects all aspects of society.  Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks and systems that control civilian infrastructure.”
  • Every year, an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government departments and agencies.”
The strategies for cyberspace protection in the DoD plan include treating cyberspace as an operational domain; innovation; partnership; and so on. But we need to leverage our strengths even more. 
As the Wall Street Journal pointed out on 15 July 2011: “The plan as described fails to engage on the hard issues, such as offense and attribution.”  If we can’t even identify who’s attacking us, and fight back with precision, then we’re flailing.
Some may express the concern that we would have all-out war by attacking those who attack us. However, what is the alternative besides confronting our aggressors? 
The concept of operations is straightforward: Any computer device that is used to attack us, would immediately be blocked and countered with equivalent or greater force and taken out of play.
This would mean that we are able to get past cyber-bot armies to the root computers that are initiating and controlling them, and dealing with them decisively. This would hold regardless of the source of the attack–individual or nation-state.
The DoD plan acknowledges our own unpreparedness: Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity.”
As in the Cold War, there must be no doubt with Cyber Warfare (as with nuclear) of our ability to inflict devastating second-strike or preemptive attacks with deadly precision. 
Until we have unambiguous hunter-killer capability to identify and locate perpetrators of cyber attacks against us and the ability to impose swift justice, we are at the mercy of our aggressors. 
We can only have peace in cyberspace when we have the strength to stand up and defend it.  
Now we must move with cyber speed to build this capability and stand ready to execute our defenses.
Admiral Mike Mullen was quoted this week (18 July 2011) in Federal Times as saying: “The single biggest existential threat that’s out there is cyber...It’s a space that has no boundaries. It has no rules.”
We must become even better–much better!
(Source Photo: here)

>The Window and the Mirror and Enterprise Architecture

>

I came across some interesting leadership lessons that can be helpful to enterprise architect leaders in the book Good to Great by Jim Collins.

At the most basic level, Collins says that a “level 5” executive or great leader is a “paradoxical blend of personal humility and professional will.” “Level 5 leaders channel their ego away from themselves and into the larger goal of building a great company…their ambition is first and foremost for the institution, not themselves.”

Furthermore, level 5 great leaders differ from good leaders in terms of “the window and the mirror.”
  • Great leaders—“look out the window to attribute success to factors outside themselves, [and] when things go poorly, they look in the mirror and blame themselves.”
  • Good (non-great) leaders—“look in the mirror to take credit for success, but out the window to assign blame for disappointing results.”

Interestingly enough, many leaders attributed their company’s success to “good luck” and failures to “bad luck”. Collins writes: “Luck. What an odd factor to talk about. Yet, the good-to-great executives talked a lot about luck in our interviews. This doesn’t sound like Harvard or Yale MBAs talking does it?

Collins comments on this bizarre and repeated reference to luck and states: “We were at first puzzled by this emphasis on good luck. After all, we found no evidence that the good-to-great companies were blessed with more good luck than the comparison companies.”

What puzzles me is not only the lack of attribution for company success to global factors, general market conditions, competitive advantage, talented leadership, great architecture, astute planning, sound governance, great products/services, creative marketing, or amazing employees, but also that there is no mention or recognition in the study of good-to-great leaders in the benevolence from the Almighty G-d, and no apparent gratitude shown for their companies’ success. Instead, it’s all about their personal brilliance or general good luck.

Where is G-d in the leaders’ calculus for business success?

It seems that the same good-to-great leaders that “look out the window to attribute success to factors outside themselves,” also are looking down at superstitious or “Vegas-style” factors of luck, rather than looking out the window and up to the heavens from where, traditionally speaking, divine will emanates.

Perhaps, there should be a level 6 leader (after the level 5 great leader) that is “truly great” and this is the leader that not only has personal humility and professional will, but also belief in a power much higher than themselves that supersedes “good luck.”