Thank You To Our Warfighters

Armed Forces

I took a photo of this wonderful sign on this construction truck. 


It says:


“To All The Men And Women Of Our Armed Forces


Thank You!


United We Stand.”


Next week on Wednesday is Veterans Day, but feeling gratitude to those who stand and fight for our freedom is not just a one day a year message. 


Let’s always remember that freedom is not free! 😉


(Source Photo: Andy Blumenthal)

Saving Iraq’s Jewish Scrolls

What a beautiful job by the National Archives and Records Administration (NARA).

In Operation Iraqi Freedom in 2003, our Special Forces looking for WMD instead discoverd thousands of ancient Jewish texts.

The texts dating from 1540 to 1970 taken from the Iraqi Jewish Community were sitting defiled in the basement of Saddam Hussein’s Intelligence HQS molding and decomposing under 4 feet of water.

The U.S. military and NARA rescued these texts and have painstakingly restored and preserved them through freezing, categorizing, condition assessment, stabilization, mold remediation, mending pages, washing, binding, and more.

Pictures of the collection of texts from Iraq before and after preservation can be found here.

The collection includes:

– A Hebrew Bible from 1568

– A Babylonian Talmud from 1793

– A Zohar/Kabbalah from 1815

– A Haggadah from 1902

– 48 Torah scroll fragments

– And much more.

On October 11, NARA will unveil an exhibit in Washington, DC featuring 24 of the recovered items and the preservation effort.

Hopefully, the collection of Jewish religious texts will ultimately be returned to the Jewish community from which it came, so that it can be held dear and sacred once again, and used properly in religious worship and never again held hostage or profaned.

Thank you so much to both the Department of Defense and to the National Archives for saving and preserving these ancient, sacred Jewish religious texts.

You did a beautiful mitzvah! 😉

Balancing Cybersecurity And Citizen Freedom

Balancing Cybersecurity And Citizen Freedom

There is a very interesting discussion of the protection of Federal Networks and the Fourth Amendment in “Cybersecurity, Selected Legal Issues,” Congressional Research Service (CRS) Report for Congress (3 May 2012).

The Department of Homeland Security (DHS) in conjunction with the National Security Agency (NSA) rolled out EINSTEIN, an intrusion detection system (IDS) in early iterations, and later an intrusion prevention system (IPS) at all Internet points of presence (POPs) for the government.

The system works through copying, storage, and deep packet inspection of not only the metadata for addressing information, but also the actual contents of the flow. This handling is necessary in order to identify suspicious malware signatures and behavior and alert the United States Computer Emergency Response Team (US-CERT) in order to block, quarantine, clean, and respond to the attacks and share information about these.

However, the civil liberties and privacy issue with EINSTEIN is that according to the Fourth Amendment, we are protected from unreasonable search and seizures. Thus, there are concerns about the violation of the Fourth Amendment, when DHS monitors and inspects addressing and content of all email and Internet communications to and from federal agency employees and the public–including not only from government email accounts and systems, but also from private email accounts such as Yahoo and Gmail and social media sites like Facebook and Twitter.

The justification for the use of EINSTEIN includes:

1. The government cannot reasonably get warrants in real time in order to safeguard the federal network and systems at the speed that the attacks are occurring.

2. The government places banners and user agreements on all Federal networks notifying users of monitoring, so there is no expectation of privacy in the communications.

3. The monitoring is conducted only for malicious computer activity and not for other unlawful activities—so “clean” traffic is promptly removed the system.

4. Privacy protections are ensured though review mechanisms, including Attorney General and Director of National Intelligence (DNI) reporting to Congress every six months and a sunset provision requiring monitoring reauthorization every four years.

This tension between monitoring of Federal networks and traffic and civil liberties and privacy is a re-occurring issue when it comes to cybersecurity. On one hand, we want cybersecurity, but on the other hand, we are anxious about this security infringing on our freedoms—whether freedom of expression, from search and seizure, from surveillance, or from potentially costly regulation, stifling innovation, and so forth. It is this tension that has stalled many cybersecurity bills such as the Stop Online Privacy Act (SOPA), Cyber Intelligence Sharing and Protection Act (CISPA), The Computer Security Act of 2012 and more.

In the absence of a clear way forward with legislation to regulate and enforce, or incentivize, standards and best practices for cybersecurity, particularly for critical infrastructure protection, as well as information sharing, the White House released Presidential Policy Directive/PDD-21 on Critical Infrastructure Security and Resilience to establish DHS and other federal agency roles in cybersecurity and to manage these on a risk-based model, so that critical infrastructure is identified, prioritized, assessed, and secured accordingly.

While PDD-21 is a step in the right direction, it is an ongoing challenge to mediate a balance between maintaining our values and constitutional freedoms, while at the same time securing cyberspace.

One thought is that perhaps we can model cybersecurity after the Posse Comitatus Act of 1878 that separated federal military from domestic national guard and law enforcement powers. Using this model, we can create in cyberspace a separation of cybersecurity from our borders outward by the federal government, and within the domestic private networks by our national guard and law enforcement.

Thus, we can create stronger security radiating out at the national periphery, while maintaining our important freedoms within, but always working together to identify and neutralize any and all threats to cyberspace. 😉

(Source Photo: Andy Blumenthal)

Getting To Swift Cyber Justice

Destroyed_computer

The first Department of Defense Strategy for Operating in Cyberspace is out (July 2011).

Of course, like the plans that came before (e.g. Cyberspace Policy Review), it emphasizes the imperative for cyberspace protection. Some highlights:
  • DoD is particularly concerned with three areas of potential adversarial activity: theft or exploitation of data; disruption or denial or service of access or service…, and the destructive action–including corruption, manipulation, or direct activity that threatens to destroy or degrade network or connected systems.”
  • Cyber threats to U.S. national security go well beyond military targets and affects all aspects of society.  Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks and systems that control civilian infrastructure.”
  • Every year, an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government departments and agencies.”
The strategies for cyberspace protection in the DoD plan include treating cyberspace as an operational domain; innovation; partnership; and so on. But we need to leverage our strengths even more. 
As the Wall Street Journal pointed out on 15 July 2011: “The plan as described fails to engage on the hard issues, such as offense and attribution.”  If we can’t even identify who’s attacking us, and fight back with precision, then we’re flailing.
Some may express the concern that we would have all-out war by attacking those who attack us. However, what is the alternative besides confronting our aggressors? 
The concept of operations is straightforward: Any computer device that is used to attack us, would immediately be blocked and countered with equivalent or greater force and taken out of play.
This would mean that we are able to get past cyber-bot armies to the root computers that are initiating and controlling them, and dealing with them decisively. This would hold regardless of the source of the attack–individual or nation-state.
The DoD plan acknowledges our own unpreparedness: Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity.”
As in the Cold War, there must be no doubt with Cyber Warfare (as with nuclear) of our ability to inflict devastating second-strike or preemptive attacks with deadly precision. 
Until we have unambiguous hunter-killer capability to identify and locate perpetrators of cyber attacks against us and the ability to impose swift justice, we are at the mercy of our aggressors. 
We can only have peace in cyberspace when we have the strength to stand up and defend it.  
Now we must move with cyber speed to build this capability and stand ready to execute our defenses.
Admiral Mike Mullen was quoted this week (18 July 2011) in Federal Times as saying: “The single biggest existential threat that’s out there is cyber...It’s a space that has no boundaries. It has no rules.”
We must become even better–much better!
(Source Photo: here)

>Common Language for Enterprise Architecture

>

What happens when one set of enterprise architects can’t read another’s enterprise architecture “artifacts”?

This may sound ridiculous, but this is a very real problem at the Department of Defense (DoD) and at many other agencies.

Government Computer News, 1 February 2010, has an article on “Primitives and the Future of SOA” about how “DoD looks to develop a common vocabulary to improve system design.”

Dennis Wisnosky, the chief technical officer at the DoD Business Transformation Agency came face-to-face with this problem:

“We were building a business enterprise architecture when the whole team changed because the contract [that the work was being performed under] was won by different people…The new company came in and, all of a sudden, their people had different ideas for how the architecture should be built…Their way might have been a good way, but we had already invested hundreds of millions of dollars in another way, and it seemed to be a wiser course of business action to get these new people to learn the old way.”

Mr. Wisnosky tackled the problem head-on:

Like the periodic table of 117 core elements that make up everything in our world, Mr. Wisnosky set out to build the DoD architecture using a set of primitives or basic building blocks. “Primitives are a standard set of viewing elements and associated symbols” based in DoD’s case on the Business Process Modeling Notation (BPMN)”—a graphical representation for processes in a workflow. Armed with the set of primitives, DoD was able to get “the business process architecture, so that they are described in a way that the meaning of this architecture…is absolutely clear to everyone.”

Wisnosky aptly compared using a common language (or set of primitives) for EA, so everyone could read and understand it, regardless of their particular EA methodology to how musicians anywhere in the world can read standard music notation and similarly how electrical engineers can read electrical diagrams based on standards symbols.

This is a big step for EA, where traditional architecture artifacts are not as user-centric as they should be and often leave their readers/audience questioning the purpose and message intended. In contrast, the use of a common EA vocabulary and set of symbols is right in line with developing a user-centric enterprise architecture that is easy for users to understand and apply, because once you know the standard set of primitives you can read and understand the architecture better than an architecture based on a proprietary or ever changing vocabulary.

As Wisnosky points out, primitives are also a nice fit with Service Oriented Architecture, because you can use primitives or patterns of primitives to represent standard business processes and these can be used over and over again for the same services that are needed throughout the business.

This use of primitives for business process notation is consistent with the use of the National Information Exchange Model (NIEM) for information notation. “NIEM enables information sharing, focusing on information exchanged among organizations as part of their current or intended business practices. The NIEM exchange development methodology results in a common semantic understanding among participating organizations and data formatted in a semantically consistent manner. NIEM will standardize content (actual data exchange standards), provide tools, and managed processes.”

While, we need to leave a certain amount of flexibility in EA for architects to apply their trade to meet specific agency requirements, there is a huge benefit to standardizing on a common vocabulary, so architects can speak the same language. This concept is all the better when the language and design methodology selected for EA is simple and clear so that even non-EA’s (our regular business and IT people) can read and understand the architecture.

Building EA with primitives and clear and simple vocabulary and design represents a user-centric EA moment that I for one, applaud loudly. Another way to say this is that an EA without primitives is a primitive EA.

>Net-centricity and Enterprise Architecture

>See video on Department of Defense (DoD) vision for Net-Centricity:

http://www.blogger.com/img/videoplayer.swf?videoUrl=http%3A%2F%2Fv14.nonxt8.googlevideo.com%2Fvideoplayback%3Fid%3D6259f916796e74a2%26itag%3D5%26begin%3D0%26len%3D86400000%26app%3Dblogger%26et%3Dplay%26el%3DEMBEDDED%26ip%3D0.0.0.0%26ipbits%3D0%26expire%3D1270317776%26sparams%3Did%252Citag%252Cip%252Cipbits%252Cexpire%26signature%3D58696B425D5829FB7550DAD75100B02F9A6E5877.39CD43AB83FECBE8E4B24F933A9BAC590B7737CD%26key%3Dck1&thumbnailUrl=http%3A%2F%2Fvideo.google.com%2FThumbnailServer2%3Fapp%3Dblogger%26contentid%3D6259f916796e74a2%26offsetms%3D5000%26itag%3Dw320%26sigh%3DJ1zfvCBFKzXFemPBXgpvlEyv0PM&messagesUrl=video.google.com%2FFlashUiStrings.xlb%3Fframe%3Dflashstrings%26hl%3Den&nogvlm=1

Source: Department of Defense

>Lean Six Sigma and Enterprise Architecture

>

Enterprise architecture is one way for an organization to drive business process improvement and technology enablement. Another way is through Lean Six Sigma.

Federal Computer Week, 3 March 2008, reports that “DoD rallies around Lean Six Sigma: The methodology has become the Defense Department’s ‘tool of choice’ for business transformation.”

“Lean Six Sigma is simply a process-improvement method for reducing variability and eliminating waste.” With Six Sigma (developed by Motorola), the idea is to make processes efficient and repeatable, so that there are fewer than 3.4 defects per 1 million. The Lean (developed by Toyota) concept refers to “eliminating any steps that don’t add value.”

In Lean Six Sigma, process improvement is enabled through the following steps:

  1. Define—identify problem and measures
  2. Measure—capture data points
  3. Analyze—discover areas for process improvement
  4. Improve—implement process changes
  5. Control—verify and validate that improvement is attained and sustained

In 2000, Deputy Defense Secretary Gordon England made Lean Six Sigma the foundation for DoD’s continuous process improvement program.

Currently, “about two-thirds of DoD organizations by some estimates are committed to Lean Six Sigma.”

DoD is training their people in Lean Six Sigma and intends to have 5% of its employees attain Green Belt (involves typically a week of training) and 1% reach Black Belt (typically involves approximately two years of training in math and statistics and several years experience working on projects as Green Belts).

However, DoD has been criticized by some for focusing more on the training, than on translating that training into practical on the job know-how to transform the Department.

Yet, by some measures DoD has made improvement. The Army claims to have “completed 770 Lean Six Sigma projects, from which it estimated savings of $1.2 billion in 2007.”

To me it seems like enterprise architects would do well to work in partnership with Lean Six Sigma professionals in order to understand the business processes, improve them, and identify requirements to technology enable those. In User-centric Enterprise Architecture, business drives technology rather than doing technology for technology’s sake. Lean Six Sigma can help business led the way for truly useable and usable technology solutions.