When You Need To BLUF

Most professional (and even personal) communications should start with…

________________________

BLUF (Bottom Line Up Front).

This means that you start with the ending–in mind, on paper, verbally, and in digital format. 

You provide the conclusion and/or recommendations right up front.

Rather than first wadding through all the details–context, analysis, considerations, assumptions, risks, etc. 

Let the reader know right away what it is you want. 

Generally, this is different than an abstract or summary that provides a synopsis and leading evidence for the argument put forward. 

Tell me what I need to know and get right to the point! 😉

(Source Photo: Andy Blumenthal)

The Trouble With Our Security

So the problem with our security is that we value our openness more than we do our security.

And perhaps, we fear war more than we desire true peace. 

This was a photo from Summer 2015 when the Pope was in DC.

And despite a “massive” security apparatus set up to protect the Pope, the “largest security operation in U.S. history“…

Check out this photo of a colleague who was able to literally run up to the Fiat car where you can see the Pope waving from. 

Our security is full of holes–if this guy had a gun, molotov cocktail, or bomb then the top Christian leader in the world could’ve been taken out, just across the street from the U.S. State Department.

As a democracy, we value openness and freedom to say what we want, do what we want, protest what we want, carry guns as we want, but when is open too open?

Again, whether it comes to cybersecurity or physical security, unless we start to get serious about what massive and large security really means, it is just a matter of time before something really terrible happens, G-d forbid. 

We’ve got to do a better job balancing security and openness. 

No one should be getting right up to the Pope’s car like this!

No one should be smashing windows, burning cars, and attacking police and pedestrians in Washington, DC or anywhere.  

No one should be buzzing our battleships and jets!

No one should be hacking into our sensitive cyber systems, taking down and crippling them and stealing our secrets!

No one should be recruiting, plotting, and carrying out increasing and devastating terrorist attacks right under our noses in this country or elsewhere. 

No one should be using chemical weapons around our red lines in population centers or in airports!

No one (Iran, North Korea, Russia) should be developing, testing, and aiming nuclear ballistic missiles at the West!

War is a last resort, but this is not peace.

It is time to rethink our security posture…it is past time. 😉

(Source Photo: A Colleague)

Countdown To Nukesville

So I keep reading and hearing about Russia preparations for nuclear confrontation with the West and the overall risk rising greatly:

– Investing in new advanced nuclear weapons, such as stealth nukes that can destroy an area the size of Texas or France

– Adding hundreds of new warheads

– Moving nukes to the European doorstep of Poland and Lithuania

– Flying Russian bombers within 40 miles of California coast

– Pulling out of non-proliferation agreements, including producing new intermediate range nuclear cruise missiles 

– Violating security pacts to destroy plutonium stockpiles

– Skipping the nuclear security summit

– Conducting massive civil defense drills

– Threatening asymmetrical and painful actions against the West, including first strike

– Building new bases in Ukraine, Syria, and now eyeing Cuba and Vietnam

– Building dozens of new underground bunkers

– Entering a new arms race with the U.S. 

Well perhaps this is all just saber-rattling bluster and party-rallying political rhetoric.

The real question is if this is all talk, then why all the costly actions being made?

Self defense experts always say never pull out a weapon unless you seriously intend to use it, so are Russia’s intentions to simply counter the West or is it going to go way beyond that. 😉

(Source Photo: Andy Blumenthal)

The Best Cut

So I wasn’t sure I wanted to share this, but my wife encouraged me in an effort to help others going through similar things.

Recently, I went to the Surgeon about my other hip to read my MRI…

After having read the report myself before the appointment, I was convinced I was heading under the knife again with the pain I was experiencing, challenges getting around, and the verbiage in the report like: 

“Significant…”

“Advanced.”

Anyway, my daughter came along because I wasn’t sure I was going to easily get parking in this place…always a challenge there. 

Waiting for the doctor, I asked G-d for a miracle, since after all the hospitalizations this last year, I literally thought that another one at this time could very well kill me.

Low and behold, the doctor comes in and as if G-d is directing his speech for the next 40 minutes or so, he does everything to dissuade me from having the surgery this month, even though he was the one at the last appointment that had already booked me on his surgical calendar. 

So today the miracle unfolded…

First, the doctor read my MRI, but then quickly flipped the screen to an MRI of another patient–a 76 year old–and he showed me the unbelievable progression of the osteoarthritis from near onset to ultimately the complete collapse of the joint over about 9 years time for this lady…the last MRI looked like complete and utter bone devastation–I had never seen anything like it!

Next he opened his drawer and took out a horror basket of used replacement joints parts that he had removed from patients that needed revision–he showed me the wear and breakage and described in horrible detail how he often has to dig these out of the bones of his patients and how each revision–which everyone will need after about 10-15 years or sooner if they become symptomatic–becomes more complicated and dangerous in terms of infection, blood clots, and recovery. 

Then he told how in the field so many replacement surgeries do not go well and that he sees 3-5 patients a week who come to him because they are UN-happy with the replacements their doctors did. 

This went on and on, and bottom line…he said, “I love to do the surgeries–I really do–but wait as long as you can before getting it [on the other hip], since while it can provide for short term improvements, each revision is worse, and at your age you could need three–on each side.”

Needless-to-say, from this whole thing, I was in utter shock and some disbelief as I had been told these prosthetics can last 20-25 years with the newer models, and I was not aware of what the revisions really entailed in later years or the challenges they brought. 

As he continued to describe the risks in painful vivid details (note, I was his last appointment of the day and he was talking his time here), my eyes were literally welling up in tears.

I looked over at my daughter and she was sitting mouth agape shaking her head at what he was saying. I was deeply sorry that she had to sit through this (what we had thought was a simple MRI reading and confirmation of the upcoming procedure date). 

I left the doctor’s office, of course, canceling the surgery–still in severe pain and with trouble walking–however, “scared straight” to make the best of this for now, but also afraid of what lies ahead. 

I have to have faith that the L-rd who made the miracle to hold off on the surgery for now will continue to guide and protect me through this illness that today has no cure. 

(Source Photo: Andy Blumenthal)

Yes, I Mean No

This is a hilarious video of a social experiment.

This girl–a complete stranger–goes up to random guys and asks “Would you have sex with me?”

On the top there is a running counter–thumbs up or down–for how many of these guys say yes or no.

The final count for this girl and the complete strangers is 50-50!

The reactions of the guys who stumble all over themselves ranges from “Are you crazy?” and someone who actually calls the police on her to “Why not?” and “I will definitely have sex with you!” or how about this guy who offered up a middle of the road approach of “Would you like to hang out with us first?”

In a companion video, they reverse the social experiment, and a guy propositions random girls with the same cavalier question.

In 100 cases, he was rejected!

So are women more discriminating? Are they looking for intimacy while men are looking for a physical hookup? Or are men just driven by their chemistry, evolution, and species preservation to procreate far and wide?

While the girl chosen for this experiment is undeniably attractive, given the risk of STDs and AIDS and also broken relationships and even families, you still have to ask yourself are men’s brains fully wired on right? 😉

Go Safe or Go For It?

I came away with some thoughts on risk taking watching this scene from the movie “Lies and Alibis.”

The girl says: “Simple is boring.”

The guy answers: “Boring is safe.”

The girl responds: “Safe is for old people.”

(Note: nothing personal here to the elderly. Also, hope I didn’t get the who said which thing wrong, but the point is the same.)

Take-a-way: Very often in life we aren’t sure whether to take a risk or not. Is it worth it or is it reckless? And we have to weigh the pros and cons, carefully!

– We have to ask ourselves, where’s the risk and where’s the reward?

We have to decide whether we want to try something new and accept the potential risk or stay stable and go safe with the status quo that we already know.

At times, staying with a bad status quo can be the more risky proposition and change the safer option–so it all depends on the situation.

– We also have to look at our capabilities to take chances:

For example, in terms of age appropriateness–it can be argued that younger people can take more risk, because they have more time to recover in life, should the situation go bad.

At the same time, older people may have more of a foundation (financial savings, built-up experience and education, and a life-long reputation) to take more chances–they have a cushion to fall back on, if necessary.

– In the end, we have to know our own level of risk tolerance and have a sense of clarity as to what we are looking for and the value of it, as well as the odds for success and failure.

It’s a very personal calculation and the rewards or losses are yours for the taking. Make sure you are ready to accept them!

Finally–always, always, always have a plan B. 😉

(Source Photo: Andy Blumenthal)

Understanding Risk Management

Information Security, like all security, needs to be managed on a risk management basis.

This is a fundamental principle that was prior advocated for the Department of Homeland Security, by the former Secretary Michael Chertoff.

The basic premise is that we have limited resources to cover ever changing and expanding risks, and that therefore, we must put our security resources to the greatest risks first.

Daniel Ryan and Julie Ryan (1995) came up with a simple formula for determining risks, as follows:

Risk = [(Threats x Vulnerabilities) / Countermeasures)]  x  Impact

Where:

– Threats = those who wish do you harm.

– Vulnerabilities = inherent weaknesses or design flaws.

– Countermeasures = the things you do to protect against the dangers imposed.

[Together, threats and vulnerabilities, offset by any countermeasures, is the probability or likelihood of a potential (negative) event occurring.]

– Impacts = the damage or potential loss that would be done.

Of course, in a perfect world, we would like to reduce risk to zero and be completely secure, but in the real world, the cost of achieving total risk avoidance is cost prohibitive. 

For example, with information systems, the only way to hypothetically eliminate all risk is by disconnecting (and turning off) all your computing resources, thereby isolating yourself from any and all threats. But as we know, this is counterproductive, since there is a positive correlation between connectivity and productivity. When connectivity goes down, so does productivity.

Thus, in the absence of being able to completely eliminate risk, we are left with managing risk and particularly with securing critical infrastructure protection (CIP) through the prioritization of the highest security risks and securing these, going down that list until we exhaust our available resources to issue countermeasures with.

In a sense, being unable to “get rid of risk” or fully secure ourselves from anything bad happening to us is a philosophically imperfect answer and leaves me feeling unsatisfied–in other words, what good is security if we can’t ever really have it anyway?

I guess the ultimate risk we all face is the risk of our own mortality. In response all we can do is accept our limitations and take action on the rest.

(Source Photo: here with attribution to martinluff)

Cyberwar–Threat Level Severe

!This video is of an incredible opening statement by Rep. Michael McCaul (R-TX), Subcommittee Chairman on Oversight, Investigations, and Management on the topic–Cybersecurity Threats to the United States.Some of the highlights from his statement:- America’s computers are under attack and every American is at risk.

– The attacks are real, stealthy, persistent, and can devastate our nation.

– Cyber attacks occur at the speed of light, are global, can come from anywhere, and can penetrate our traditional defenses.

– In the event of a major cyber attack, what could we expect? Department off Defense networks collapsing, oil refinery fires, lethal clouds of gas from chemical plants, the financial systems collapsing with no idea of who owns what, pipeliness of natural gas exploding, trains and subways derailed, a nationwide blackout. This is not science fiction scenarios. (Adapted from Richard Clark, former Senior Advisor of Cyber Security)

– It is not a matter of if, but whena Cyber Pearl Harbor will occur.  We have been fortunate [so far]. (Adapted from General Keith Alexander, Director of the NSA).

I believe we must address these threats and our vulnerabilities in at least five main ways:

1) Increase research and developmentfor new tools and techniques–both defensive and offensive–for fighting cyberwar.

2) Establish a regulatory frameworkwith meaningful incentives and disincentives to significantly tighten cybersecurity across our critical infrastructure.

3) Create a cybersecurity corpsof highly trained and experienced personnel with expertise in both the strategic and operational aspects of cybersecurity.

4) Prepare nationwide contingency plansfor the fallout of a cyberwar, if and when it should occur.

5) Create a clear policyfor preventing cyberattacks by taking preemptive action when their is a known threat as well as for responding with devastating force when attacks do occur.

With cyberwar, just as in conventional war, there is no way to guarantee we will not be attacked, but we must prepare with the same commitment and zeal–because the consequences can be just, if not more, deadly.

Where Is The Outrage?

This past week a self-professed Al Qaeda jihadist, trained in the militant camps of Pakistan and Afghanistan murdered in cold blood three Jewish children and a teacher (who happened to be the father of the two boys killed, ages 3 and 6).

The 8-year old girl pictured above was the beautiful daughter of the school’s headmaster and was yanked by hair while the killer reloaded his gun and then shot her in the head, point blank.

A fifth victim, another student, a boy age 17 is critically wounded in the hospital.

The Killer, Mohamed Merah had just the prior week, in two attacks, murdered 3 black French solders as well.

So why did he do it?  He tells us it was to avenge Palestinian children and for the French foreign interventions, as he said on the video “you kill my brothers, now I kill you.”

So now this terrorist with an extensive rap sheet (as many as 18 prior acts of violence) is dead, and yet insanely, the terrorists consider him a martyr.

And while condolences are heard to all victims, is there sufficient outrage at the murder of innocent school children and terrorists’ complete disregard for human life and societal norms?

More than a decade after the tragedy of 9/11 with nearly 3,000 murdered, followed by almost 6,400 U.S. soldiers killed in Iraq and Afghanistan, we still cannot fully come to terms with the enemy we face and the threats they pose.

The people killed in terrorist attacks around the world–whether in a school yard in Toulouse, a luxury hotel in Mumbai, train attacks in London and Madrid, a nightclub attack in the Philippines, a plane flight over Lockerbie Scotland, a truck bomb at the U.S. Marine Barracks in Beirut, a homicide attack at a pizza parlor in Jerusalem, and countless others around the world have stained our consciences with the blood of innocents, so that the girl pictured, killed this week with a bullet to the brain is no longer special to anyone except her family, friends, and people who loved her.

The blood of the victims of terrorism is not cheap and neither is that of Jewish children–it is high time for outrage at the enemy that takes human life so gleefully.

(Source Photo: here)

 

A Race To The Future

This last week, we learned of the new defense policy that shifts the U.S. from a full two war capability to a “win-spoil” plan, where we have the ability to fight one war, but still disrupt the military aspirations of another adversary elsewhere.

While we would all like to have unconstrained capabilities for both “guns and butter”, budget realities do not permit limitless spending on anything or anytime.

The Wall Street Journal (7-8 January 2012) had an interesting editorial that cautioned against reduced military spending and latched on specifically to focusing too much on the Asia-Pacific region and somehow neglecting other danger spots around the globe.

Basically, the author says it is dangerous for us to put all our proverbial eggs in one basket. As he writes, this single-focus approach or “strategic monism” is predicated on our ability to accurately predict where the trouble spots will be and what defensive and offensive capabilities we will need to counter them.

In contrast, the author promotes an approach that is more multifaceted and based on “strategic pluralism,” where we prepare ourselves for any number of different threat scenarios, with a broad array of capabilities to handle whatever may come.

What is compelling about this argument is that generally we are not very good at forecasting the future, and the author points out that “the U.S. has suffered a significant surprise once a decade since 1940” including Pearl Harbor (1941), North Korea’s invasion of the South (1950), the Soviet testing of the Hydrogen bomb (1953), the Soviet resupply of Egypt in the Yom Kippur War (1973), the Iranian Shah’s fall from power (1979), the Soviet Union collapse (1991), and the terrorist attacks of 9-11 (2001).

Similarly, Fortune Magazine (16 January 2012) calls out “the dangers inherent in…long-term forecasting” and points how almost comically “the 1899 U.S. patent chief declares that anything that can be invented has been.”

The Fortune article goes on to say that a number of the experts interviewed for their Guide To The Future issue stated that “cyberterrorism, resource shortages, and political instability around the world are all inevitable.”

In short, the potential for any number of catastrophes is no more relevant now in the 21st century, than at any other time in history, despite all our technological advances and maybe because of it.

In fact, Bloomberg Businessweek (19-25 December 2012) actually rates on a scale of low to high various threats, many of which are a direct result of our technology advancement and the possibility that we are not able to control these. From low to high risk–there is climate change, synthetic biology, nuclear apocalypse, nanotechnology weaponry, the unknown, and machine super intelligence.  Note, the second highest risk is “unknown risks,” since they consider “the biggest threat may yet be unknown.”

So while risks abound and we acknowledge that we cannot predict them all or forecast their probability or impact accurately, we need to be very well prepared for all eventualities.

But unfortunately, being prepared, maintaining lots of options, and overall strategic pluralism does not come cheaply.

In fact, when faced with weapons of mass destruction, threats to our homeland, and human rights abuses is there any amount of money that is really enough to prepare, protect, and defend?

There is no choice but to take the threats–both known and unknown seriously–and to devote substantial resources across all platforms to countering these. We cannot afford to be caught off-guard or prepared to fight the wrong fight.

Our adversaries and potential adversaries are not standing still–in fact, they are gaining momentum, so how much can we afford to recoil?

We are caught between the sins of the past in terms of a sizable and threatening national deficit and an unpredictable future with no shortage of dangers.

While everyone has their pet projects, we’ve got to stop fighting each other (I believe they call this pork barrel politics) and start pulling for the greater good or else we all risk ending up on the spit ourselves.

There is no option but to press firmly on the accelerator of scientific and technological advancement and break the deficit bounds that are strangling us and leap far ahead of those who would do us harm.

(All opinions my own)

(Source Photo: here)