What would the National Security Act Look Like Now?

Several months ago, there was a call for essays on how the National Security Act (originally in 1947) look like now. I submitted my essay, but it did not get to the finalist stack, but I knew I was competing with a ton of people that write essays for a living, so I did not have any expectations. Well, I thought that I would put it in my blog to let readers see it and make their own decision. Any comments on it would be considered and appreciated. Thank you.

BACKGROUND

The National Security Act of 1947 performed myriad adaptations to how the United States acted militarily on the world stage in both an offensive and defensive capability.  First, and probably the one area that needs reiteration when addressing the National Security Act of 1947 was the creation of the United States Air Force.  Quickly reviewing where the United States was in 1947 is critical to understanding why this creation was vital. 

The United States had just made a major contribution to the defeat of Germany in the East and Japan in the West, putting a finish to World War II with the help of allies.  In both situations, it was very evident that the Atlantic and Pacific Oceans were no longer natural barriers to invaders.  From experience, a strong Air Force would provide a dual purpose: (1) To provide intercontinental offensive and defensive capabilities, and (2) provide the medium to carry the new nuclear weapons.  It is important to add that the United States was the ONLY country in the world that possessed (and used) nuclear weapons in a combat situation. 

The National Security Act of 1947 also created a group of organizations that could keep tabs on our foreign enemies to keep them in check: the Central Intelligence Agency and the National Security Agency among them.  Remember that the Soviet Union, an ally during World War II (although more of a “frenemy” than friend), became a major foreign adversary after the War.   They not only maintained their hegemony, but made sure that they would have a buffer against any further attempts to invade their country.  By occupying East Germany; Poland, Bulgaria, Czechoslovakia, Romania, and other Eastern European became possible (and, in fact, real) future targets of Soviet expansion.  The USSR was ensuring an alliance against an impending western alliance, a prophesy that would come in 1949 in the form of the North Atlantic Treaty Organization or NATO. (Editors, 2010). 

Besides a post-war Europe, what was the environment like in the US in 1947?  The dollar was strong at that time (Webster, 2021), and the US was coming off a victory that made them feel invincible (Library of Congress, n.d.).  The US was the only one with a nuclear weapon and their manufacturing was second to none (Pruitt, 2020).  Also, and most importantly, they were the only major ally that did not suffer heavy bombing damage (or any for that matter) during the war, so their manufacturing capability was never really decimated like facilities in Europe.  In addition to all these advantages, there were NO satellites in space at that time (Sputnik was not until 1957) and the space race was more science fiction than science.  From military educational experience, the US established the National Security Act to show the US as a strong, defensible, and loyal ally.  It would be able to defend any US ally with strength; enemies of the US should fear their capabilities.  This was redoubled in President Kennedy’s inaugural address in 1961 (Kennedy, 1961).  The US citizens were well protected and understood that their military was the strongest in the world.

CURRENT EVENTS

The National Security Act of 1947 looked outward to our enemies of which there were few:  the Soviet Union and their allies with their strong military and Communist ideology, and Yugoslavia with Marshal Tito in charge of their Communist ideology.  Communist China did not exist at that time but was taking hold, with Korea and French Indochina (Vietnam) slowly evolving their ideology thanks to Communist leaders that actually helped the Allies defeat the Japanese.  In 2022, the US has a plethora of enemies both internally and externally that would demand the new National Security Act’s attention.  First, internal strife caused by activism from both the far left and far right are causing fissures within the very foundation of the United States.  These fissures, although relatively slight at the moment, could cause massive chasms within the next decade, even affecting the US military.  These weaknesses are no doubt being noted by our enemies, seeing an implosion as much more productive for their ends than any type of external involvement.  Some defense analysts have noted these in their current articles (). Second, enemies are not easy to identify in today’s world environment.  The former Soviet Union at one time perceived the US as a possible enemy, but others see them as a strong possible ally for peace (Nesterov, 2005).  Poland and Czechoslovakia joining NATO put a dent in the buffer of the former Warsaw Pact that helped secure Russia; and Ukraine and Georgia (FSR) are both becoming hot spots because of their resources and their geographic location with regard to oil transport to Russia (Andreas Billmeier, 2004).  In 2014, Russia invaded Crimea in order to get a foothold on the only ice-free ports that were being used by both Russia and Western Europe (Chuma, 2016).  Taking those now gives Russia the ability to transit the Black Sea into the Mediterranean without having to first send ice breakers ahead.  Last, but certainly not least, is the expansive nature of US foreign policy.  The US is involved in most continents of the world militarily.  It has navies on most oceans, and ground representation with virtually every foreign military.  The US Military Schools have foreign military students and the Air Force, Navy, and Army trains foreign military pilots.  In essence, the US has made the world a classroom for ideology, military, and economic expansion. 

With these ideas as the foundation for 2022, the National Security Act should strengthen the following ideas.  First, the National Security Act should make very clear the preamble of the US Constitution (maybe even including it as the first words of the document).  The statement “provide for the common defense” means that the US national security is primarily the responsibility of the US citizens, whose representatives in Congress have two main duties according to the Constitution and one being the national defense.  It is the US citizen that is responsible for the example set to future citizens.  This idea of common defense is something that may not be understood in this era of a well-protected United States.  In fact, US military officers and enlisted take an oath before becoming a servicemember.  The oath begins with “I swear/affirm that I will support and defend the Constitution of the United States against all enemies foreign and domestic.”  As one study showed, there is more of a fear of civil unrest than becoming involved in another world war (Christopher Bader, n.d.).  What these examples would indicate is that the National Security Act of 2022 should be focused on the quelling of the fears about domestic threats and secondarily cover those fears that stem from external threats.  This would mean an expansion of organizations that are currently enmeshed in both external and internal threats to the National Defense.  The Federal Bureau of Investigation (FBI) is responsible for domestic terrorism, but that duty is becoming blurred with the National Security Agency (NSA), who is responsible for foreign terrorism.  Since the National Security Act was passed, only a few more organizations have been created in order to fight the continuing transformation of threats (besides the Air Force).  Creating Joint Commands helped the various arms of the military come together to combat rogue states and factions.  From intelligence experience, part of this creation was a direct result of the failed Iranian Hostage attempt in April 1980.  The formation of the Director of National Intelligence (DNI) was a direct result of the September 11 attacks on the United States.  Interestingly enough, the Director of Central Intelligence (DCI) was formed from the National Security Act of 1947, and could have been transformed into the DNI, but the DCI is also the Director of the CIA, which could result in some conflicts of interest.

TRAINING

The National Security Act of 2022 should focus on a training agency that will help to inform the Federal and State Agencies about impending and actual threats against the United States.  This training agency would be composed of past and present intelligence operators including those that have seen intelligence use in actual combat.  This agency would be given carte blanche to ALL Federal and State government agencies’ training curriculum to ensure that they have the appropriate information needed to conduct classes on the prediction and exploitation of adversarial information.  The training will be consistent and constant, with updates to current threat information provided much like weather prediction – at least 3 times a day.  Every training agency will have access to the overarching training agency and collaboration will be part of the policy.

Why is training so important?  According to one source, training is the foundation for combat operations (Greer, 2018).  It is the one consistent factor in the success or failure of any operation, military or otherwise.  What this means is that all intelligence analysts would be given the same training, regardless of their environment.  What the goal of the training should be is to teach critical thinking skills and methods to apply this critical thinking.  Along with critical thinking is the ability to think creatively.  In The Tao Te Ching, one area of importance was “Forgetting Knowledge” which states, in part, “He who devotes himself to learning [seeks] from day to day to increase [his knowledge]” (Sun Tzu, 2016, p. 222).  In essence, the training agency would be the front line of prevention for both internal and external threats to US security. 

This is not a new approach.  When military failures occur, there is often a revamping of training in order to modernize the military with respect to this failure.  In other words, the reason for the training is to not make the same mistake again.  The joint venture after the failed Iran Hostage Rescue resulted in a focus on joint operations.  The agency can be called the Federal Training Agency (FTA) and have regional offices located in the same cities as Department of Defense has their regional headquarters.  The Agency would have positions in the training specialties, but have military and civilian that are part of the operational and intelligence areas.  Their jobs would be to train and advise the different Federal Agencies on their training functions.  This could help reduce the training functions of the different military services (such as TRADOC for the Army, Education and Training Command for the Air Force, etc.), but it would not be designed to eliminate those functions.  The pure function of the Training Agency would be to supplement and advise the different training functions of the Federal Government.

How would this be a value-added measure for National Security?   The United States is moving into an unknown time period with regard to National Will and National Power.  Much like we teach our teenagers to drive cars, we also need to train our policy makers to understand the world, not just our enemies.  The Training Agency would be responsible for providing an historical perspective to international intentions.  For example, why does Russia want to conquer Ukraine?  Why do the Israelis and Palestinians not get along?  Why does China want to become a world power?  These are questions that help establish why our National Security exists.  It also helps the policy maker and operator understand it may be a difficult challenge to apply certain methods that were previously effective against adversaries that we do not understand.

DATA

Besides training as a method for preparing the national security decision makers, the idea of data standards and data training has been something that the Federal Government has just recently addressed (Council, 2021).  It is evident that every military service has their preferred software and data repository and the DoD has attempted to corral this type of issue.  However, by having various data methods, it invites adversaries to exploit vulnerabilities.  The US has a Cyber Command that has offensive capabilities with its neighboring National Security Agency as the defensive end of the exploitation arena.  If there is a Cyber Command, why is there not a Federal Agency that has accountability for all the different data methodology in the US Government?  The National Security Act of 2022 should address these data differences and establish a consistent data dictionary that will help the US Government mitigate the vulnerabilities that exist with each agency having their own data definitions, dictionaries, and methodologies.  For instance, the Social Security Administration (SSA), and the Centers for Medicare and Medicaid Services (CMS) are less than 2 miles from one another, but each of them has separate departments for data exchange (Social Security Administration) (Centers for Medicare and Medicaid Services).  Every medical facility has the same personal data (birth date, Social Security Number, etc.), yet patients are constantly filling out forms with those personal data.  The reason is that the data is not available or accessible through a consistent data port. 

In addition to helping the Federal Government set data standards, the Federal Database Agency (or whatever it is named) will be partners with the Cyber Command to ensure that the vulnerability of the Federal Data Bases will be mitigated if not remediated using Federal Standards that already exist within the Federal Government.

Will these changes be met with challenges?  As a former Federal Government Employee and military officer, every change in government is met with some form of “push back” but in the long run, these changes would be done to pare down Federal Government, cajoling standards rather than forcing it through mandate.  From experience, advice and consent is much better than force-feeding the policy.

SUMMARY

In summary, the National Security Act of 2022 will be in sharp contrast to the National Security Act of 1947 in that it will focus internally more than externally.  It will consist of both training and data; training the policy makers on the history and consequences of their decision as well as the standardization of data within the Federal Government.  In this way, national security decisions will be the foundation of the Act, not just a name.  Table 1 shows some of the comparison between these two documents.  The world today is not post-World War II.  It is time we document that fact.   

 National Security Act 1947National Security Act 2022
FocusExternal ThreatsInternal and External
FoundationPos-World War II geography and ideologyThe US Constitution (We the People…)
Main PointsCreation of organizations to counter nuclear threat and adversary forcesTo understand the world as it exists and work to counter threats before they occur
OrganizationsAir Force, IntelligenceTraining, Data

Table 1 – Comparison of National Security Act of 1947 vs National Security Act of 2022

References

Andreas Billmeier, J. D. (2004, November). In the Pipeline: Georgia’s Oil and Gas Transit Revenues. Retrieved from imf.org: https://www.imf.org/external/pubs/ft/wp/2004/wp04209.pdf

Centers for Medicare and Medicaid Services. (n.d.). IRS-SSA-CMS Data Match. Retrieved from cms.gov: https://www.cms.gov/Medicare/Coordination-of-Benefits-and-Recovery/EmployerServices/IRS-SSA-CMS-Data-Match

Christopher Bader, E. D. (n.d.). Chapman University. Retrieved from Wilkinson College: https://www.chapman.edu/wilkinson/research-centers/babbie-center/survey-american-fears.aspx

Chuma, L. J. (2016, December 15). Russia Seeks Ice-Free Ports in Ukraine, Syria. Retrieved from Maritime Executive.com: https://maritime-executive.com/editorials/russia-desires-ice-free-ports-in-ukraine-syria

Council, F. C. (2021). Data Skills Training Program Implementation Toolkit. Retrieved from resources.data.gov: https://resources.data.gov/resources/data_skills_training_program_implementation_toolkit/

Editors, H. (2010, April 14). History. Retrieved from History.com: https://www.history.com/topics/cold-war/formation-of-nato-and-warsaw-pact

Greer, J. (2018, October 4). Training: The Foundation for Success in Combat. Retrieved from heritage.org: https://www.heritage.org/military-strength-topical-essays/2019-essays/training-the-foundation-success-combat

Kennedy, J. F. (1961, January 20). Inaugural Address, January 1961. Retrieved from jfklibrary.org: https://www.jfklibrary.org/archives/other-resources/john-f-kennedy-speeches/inaugural-address-19610120

Library of Congress. (n.d.). US History Prime Source Timeline. Retrieved from Library of Congress: https://www.loc.gov/classroom-materials/united-states-history-primary-source-timeline/post-war-united-states-1945-1968/overview/#:~:text=When%20World%20War%20II%20ended%2C%20the%20United%20States,paled%20in%20comparison%20to%20any%20other%20major%20bellig

Nesterov, A. (2005, May 21). Russia’s Attitude Toward the U.S.: Ally or Adversary? Retrieved from Worldpress.org: https://worldpress.org/Europe/2085.cfm

Pruitt, S. (2020, May 14). The Post World War II Boom: How America Got Into Gear. Retrieved from History.com: https://www.history.com/news/post-world-war-ii-boom-economy

Social Security Administration. (n.d.). Data Exhange Application. Retrieved from ssa.gov: https://www.ssa.gov/dataexchange/applications.html

Sun Tzu, e. a. (2016). The Art of War and Other Classics of Eastern Philosophy. Peter Norton.

Webster, I. (2021, December 25). CPI Inflation Calculator. Retrieved from http://www.in2013dollars.com: https://www.in2013dollars.com/us/inflation/1947

Why is the Media Using Panic Tactics with COVID?

Recently, a News outlet, NewsNation Now, had this as a headline: “Study: Unvaccinated could catch COVID-19 every 16 months.” (newsnationnow.com)

This is NOT what the study shows – period. In fact, the terms used in the article are flat out wrong. After looking up the study in The Lancet (www.thelancet.com)(“The durability of immunity against reinfection by SARS-CoV-2: a comparative evolutionary study”), this author found that the phrase used in the NewsNation article (, namely that “on average, unvaccinated people should expect to be reinfected with COVID-19 every 16 to 17 months” was patently false. First, the term “average” is not correct, the correct Statistical term was “median” which was used in the study. Hey, Mr. Tanner, median is NOT average, and basically is a better measure than average. However, all that being said, the study showed that “Reinfection…under endemic conditions would likely occur between 3 months and 5.1 years after peak antibody response, with a median of 16 years.” (page 1 of the study under Findings). What this means is there is a 95% chance of getting reinfected with COVID between 3 months and 5.1 years in the future. Also, what is it meant to have “peak antibody response?” Not really explained in the study. As a matter of debate, what is the “proper” amount of anti-bodies? What you get from the vaccine? What about natural immunity? If the natural immunity is more than the vaccine, is that better? Again, no study on this. Shoooot.

This type of prediction is both hyperbolic and generally not useful. If you want to know how this is done, please refer to William Poundstone’s book “How to Predict Everything.” I have referred to this in my Data Analysis classes and even demonstrated it in the classes (I will be putting out a YouTube Video on it soon). You can predict anything using the formula presented in Poundstone’s book.

What has happened to true reporting? This headline is showing up in tickers on major news networks and shown all over the United States. The people who know NOTHING about clinical studies and the limitations of these studies are taking this out of context and using it to panic people into getting vaccinations.

I am NOT an anti-vaxxer! I have my vaccination and getting a booster this week, but that was done on my own volition with no pressure from the news media.

The Media (that includes all political bends of the media – both conservative and liberal and everything in between) need to stop energizing people into thinking one way or another. They need to tell the whole truth and stop these half-measures which in essence is omitting the most important part of the story.

This is a short post, but I felt it was necessary in order to set the record straight on these types of news articles. The best way to get the real story is to reference the study, which the article should cite. That is the one thing the reporters got right in this case. Make up your own mind. Don’t know how to read the study? I will be doing a YouTube Video on this in the future.

Learn/Offer/Value/Educate (LOVE)

http://www.grectech.com

Legal Data Intrusion – Big Risks from Little Action

purplehat

As of 2015, there are a little more than 1,300,000 licensed lawyers in the United States (https://www.americanbar.org/content/dam/aba/administrative/market_research/lawyer-demographics-tables-2015.authcheckdam.pdf).  Also according to this same source, the percentage of lawyers in private practice rose from 68% in 1980 to 75% in 2005.

What this means is that, given that the amount of private practice attorneys have remained constant in the last 10 years, and given that the amount of licensed lawyers have not increased since 2015 (which they really haven’t all that much according to http://www.americanbar.org/content/dam/aba/administrative/market_research/national-lawyer-population-by-state-2016.authcheckdam.pdf), approximately 975,000 lawyers are in private practice.

I did some research and could not find any definitive resource that could show how much data is kept at a law firm, so I thought I would use my experience in IT to come up with a ball park figure to combine with the population figure above.

Let’s assume that a law firm contains 4 people (according to this government source, 1-4 law offices happen more often, almost 128,000 of these offices exist in the US, than larger law offices – https://censtats.census.gov/cgi-bin/cbpnaic/cbpcomp.pl).  Now, let’s further assume that each of these lawyers (or other staff) have at least 1 computer (this could be a dockable laptop or pad which can be mobile), a cell phone (smart phone), and at least one other device that can get access to the internet.  That now means that there are 12 devices that, at any time, can contain (even briefly) client data.  That does not count any “hard copy” files that are carried by the attorney in their automobiles or their homes.  Let’s address each of these areas separately.

First, in my experience any device that has access to the internet is vulnerable every time a user activates that connection.  When the computer is part of a network, that vulnerability expands quickly to other users.  To prove my point, let’s take a formula that is used by project managers to determine communication networks for stakeholders.  This formula is also used in probability, but its use in networks is what we are applying today.

The formula is N(N-1)/2 and is easily calculated using a number of “spokes.”  For instance, let’s say that you have 4 computers that are networked, which means they are connected to each other.  By using the formula, you can calculate that there will be 6 lines of communication between these 4 computers.  This does not look intimidating now, but just increase this by 5, to 9 computers, and you have increased the lines of communication from 6 to 39!  A graph at Figure 1 shows how the increase in spokes can increase lines of communication almost geometrically.

Chart

We present this to make a point.  If you have 4 people in your office and they all have a computer, cell phone, and pad, then we are talking about 12 devices that are interacting not only with internal computers, but EVERYONE on the internet.  This can be overwhelming to anyone trying to protect these devices from intruders.

Let’s take a moment to differentiate intruders from hackers.  Hackers have a connotation of someone in a darkened room, their face illuminated from the computer screen, laughing (“bwa hahaha”) at having taken control of someone else’s computer.  However, hackers are not all bad.  In fact, inventors are hackers, trying to take known processes and improving those processes (Thomas Edison can be called a hacker, for instance).  Computer intruders, on the other hand, have that connotation of bad actors.  In the cybersecurity world, we consider bad actors “Black Hats.”  These intruders may steal for money, celebrity, or just plain because they wanted to intrude.  In any case, intruders are what I will be called the Black Hats, since this is what they do – intrusion techniques for the purpose of achieving one of three things:  Deceive, Deny, or Destroy.  They want you to go somewhere other than where you want to go (on the internet); if they fail at that they will deny you access to the internet (called “Denial of Service” or DOS); or finally they will destroy your data and the machine along with it (by corrupting your hard drive or something similar).

So, let’s review.  You have individuals in law offices that make a living off of social contact with their client.  They bill for services that they do using their mobile devices and make calls and email to their clients.  All this data can be kept on their devices, which puts the data at risk of being stolen, or it can be placed in the “cloud” in order to secure the data.

The cloud is an interesting phenomenon.  The basic concept of the cloud is a place where you can store your data and in case your machine is stolen, destroyed, or damaged, you can always access and download the data that you may have lost from the cloud.   I use the cloud to store some presentations and papers, but I would never trust it for personal data.  I backup my data on a separate drive that I keep in a secure area.

What does all this mean?  Legal offices can have data intrusions.  There, I said it.  In fact, if a law office insists that they have never had an intrusion, I would have a hard time believing that was true.  Even if the office has the BEST automated intrusion detection system, you can see for yourself that even with just 10 employees, you have over 45 lines of communication.  Any one of these lines can be trying to get information from any of these employees; and that does not include email communications which at any time can result in an incident that can lead to malicious software being installed on the employee’s computer.

So, what can be done to prevent these intrusions?   You can educate the users of the computers to protect their credentials (user id, password, pass phrase, etc.).  This is something that is somewhat useful, especially if you make the “training” (ranging from computer based training to in-class instruction) mandatory for every user.  Of course, written computer security policies (including “screen warnings” for users) are good to accentuate the education of those users.

I use the following two phrases in my cybersecurity classes:  Lock the Door, and Check the Stove.

Everyone walks away from their homes at one time or another thinking that they forgot to lock the door.  That may go unnoticed, but forgetting to turn off the stove can lead to a conflagration.  The same is true if you do not have a password, or you forgot to activate your anti-virus or (worse yet) clicked on that attachment that you THOUGHT was from a colleague about next week’s court case when it was in actuality malicious software.  So I thought I would make it simple:  Two things to do – Lock the Door and Check the Stove

Lock the Door consists of the following:

  1. Ensure your password has strength. This does not mean that you put down your favorite golf course or sports team.  This means that you think of two words that have nothing to do with one another (like “beamframe”) and use special characters and numbers to make it more complex.  This helps negate dictionary password breakers and makes the intruder move on to a “softer target.”
  2. Use a laptop when you are getting a coffee at a local coffee spot or on an airplane? Get a polarized privacy screen (they cost around 30-40 dollars, which could be considered expensive,  but can you really put a cost on a data breach?).  In addition, sign up for a virtual private network (VPN) if you do not already get one from your office.  One free VPN is Hot Spot Shield, but there are many others out there, so research the topic and talk to your IT folks.
  3. Be aware of your surroundings. People can be listening to you at an airport or in the seat next to you in a waiting room.  Go outside or outside of ear shot when you are taking a phone call or even texting.
  4. Do you have your cell phone on the desk during an interview with a client? Put in in your desk drawer.  Trust me it is best to keep it in a closed container while you are interviewing the client.  Remember that most cell phones contain a microphone and a camera.  Why would you risk those becoming active?
  5. Remember that the probability of an intrusion is relatively high (in 2013 there was an estimate of 20 MILLION attacks PER DAY according to http://www.deseretnews.com/article/865573798/Cyberattacks-on-Utahs-secure-government-networks-up-dramatically.html?pg=all). As much as you can prevent such a breach, the intruder just needs you to be complacent just once.  You have to be vigilant all the time.  Ensure that you keep the breach to a minimum by implementing good security practices as mentioned in 1, 2, and 3.
  6. Finally, get some training. An intro to cybersecurity for legal professionals is a good thing and can get some great traction once legal professionals understand the risk of their actions.  Remember that an ounce of prevention is better than millions in reputation cost.

This brings into view a new type of “hat” for cybersecurity.  A few months ago, I introduced “silver hat” to denote individuals over 60 that know cybersecurity and share those cybersecurity concepts with others.

Now I would like to introduce “Purple Hats” (currently pending trademark by the US Government). Purple was chosen since it is the color that is worn by those graduating with a law degree.  These individuals will be practicing law professionals (attorneys, paralegals, etc.) that understand cybersecurity principles and share those with others in their profession (and beyond).  By establishing a cohort of individuals that focus on cybersecurity and use those principles to guide their computer use, it is hoped that the amount of breaches that are experienced by legal offices will diminish.

After all this, if you do not believe my take on this (after all, I am NOT a lawyer or legal professional), then maybe you will believe your OWN ABA journal.  According to an article in your journal, less than 17.1% of ALL legal offices have an incident response plan should there be a data breach (http://www.abajournal.com/magazine/article/managing_cybersecurity_risk).  Look at this in relation to the numbers above and tell me it does not give you a moment to think about the consequences of a data breach.  How many billable hours will it take to make up for the reputation costs of just ONE data breach?

More articles on this subject are forthcoming, but suffice it to say that litigation is something that is private and, as such, needs the user to be aware of the possibilities of intrusion at all junctures of computing use.  Just take a look at rule 1.6 in your ABA rules (https://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/rule_1_6_confidentiality_of_information.html).  If this is not a time to pause and consider cybersecurity, then you may be increasing your risk of a data breach.  Your small prevention will help limit any legal intrusion.

Cyberbullying Information = Protection and Prevention

cbfinal

I think that the discussion about cyberbullying is undergoing a tremendous transformation.  The idea of cyberbullying was originally a campaign to identify the concept, but now it is almost solely focused on the prevention of bullying in any form.

I recently had a discussion with a group of middle school students about cyberbullying and they had some great questions about what it entailed.  They asked questions like: “Can I go to jail for cyberbullying?”  and “What is cyberbullying?”

I found through some research that there is an entire web site dedicated to the discovery and definition of cyberbullying called www.cyberbully.org.  The site is not a secure site (HTTPS), but it does not ask for any identifying information, so the information is still useful.  The site has so much information that it would be impossible for me to list everything here.  However, some of the main topics include state legislation that has been passed, or scheduled to be reviewed, in each state, which was a great way for me to answer the questions posed to me by these students.  The very nature of cyberbullying makes it a mandatory topic for discussion at school and at home.  I had to explain that calling a fellow student a jerk one time would not necessarily be cyberbullying, but to enlist others to jointly and consistently call this student a jerk (or comment on their looks, their clothing, etc.) would be considered a bullying incident according to their state law.  I recommended that they discuss this topic with a parent and/or trusted adult to ensure that they are not wandering into illegal activity.

I also went into other cybersecurity issues like not sharing passwords, passcodes, or user ids with other students or other people (other than your parents of course).  The idea of protecting the password helps to protect your information, which if in the wrong hands can cause a problem with identity protection causing possible identity theft.  It also leaves you open to cyberbullying since an individual can make it seem as if a message is coming from YOUR account when in actuality it is THEIR message but they have access to your account!

When asked about cyberbullying, I told the students that ANYONE can be a cyberbully.  You do not need to be stronger, bigger, or smarter, just start a campaign to put the other person down.  By showing the other person in a “low light” it makes the bully feel stronger.  Protecting your information and ensuring you are aware of what cyberbullying entails can help to prevent you becoming a victim.  I urged the student not to focus on the punishment, but to be aware of what they were doing online and stop any online action that could be taken as bullying.  I also gave them the cyberbully.org web site.  In my opinion, that site is one of the best I have seen.

On thing I did not tell them — if you are being bullied, block or defriend these individuals.  No reaction from you means that their messages are meaningless.

Talk to your children (texting does not count).

Learn, Offer, Value, Educate (LOVE)

Overlord – 73 Years and Counting For the Greatest Project Success of All Time!

d-day

You walk into your boss’s office and you find out the requirements for a new project:

  1. You have to form the most powerful armada in the world to travel across a very rough water channel
  2. You must carry troops in this armada to battle the foremost military power in the world
  3. Before the armada launches, you must unleash hundreds of paratroopers into enemy territory to capture bridges in order for the seaborne troops to cross
  4. You do not have cell phones, computers, or any other technology other than very primitive walkie-talkies (line-of-site)
  5. You have to get this done in 6 months
  6. You have to get international support and concurrence and
  7. You have to defeat the enemy or possibly lose your way of life

So, there are the requirements and you are panicking since this has never been done before…or has it?

A little more than 73 years ago that project became a reality as the forces of the Allied Commands fighting the Nazi Forces of Germany landed on Normandy Beach in France to take back territories illegally and brutally obtained by the Forces of Germany and Italy.  The fighting began early in the morning and continued until that night.  The early morning started with paratroopers dropping behind enemy lines in order to take towns and bridges essential for the movement of troops from the several landing sites.  I remember my dad talking about his good friend — we called him “Uncle Petey” although he was not a blood relative — being one of those paratroopers.  Uncle Petey never talked about that day during our social gatherings, but I remember seeing a photograph of him with my father in his Army uniform with his parachutist badge gleaming.  It was not until after I entered the military that I realized that he had one ribbon on his uniform — the Purple Heart, indicating he was wounded in combat.  He was with the 82nd Airborne, but you would never have known it since he never talked about it.  It is the ones that never talk about their role in World War II that seem to have some of the biggest roles in that war.

Today you are the project manager and have at your disposal international communications that you can carry in your hand; computer systems that are much more powerful than the computer that broke the German Enigma Code in World War II.  You can communicate instantaneously with several people at once and can travel by plane anywhere in the world should the project need hands-on management.  You are more powerful than General Eisenhower was in World War II.  What General Eisenhower had that you do not is a “focus on purpose.”  Troops that were carried on board those ships or in those planes had their orders and their purpose.  They knew that if they failed, the shape and content of the world would be different.   Many of them were under 20 years old and this was the first time they had seen Europe, and many of them would make their last stands here, thousands of miles away from home.  They had each other and that, according to many accounts, helped them through the worst of this situation.

As we go about our lives, please take a moment to remember those that fought on that day in June.  Research the Operation Overlord project and see the many complications that could (and did) exist.  D-Day should not just be another day, but a day as thoughtful and purposeful as Memorial Day.  Every year I think of Uncle Petey and thank him for being there for us when we needed him.  It is these unsung heroes that made the success of Operation Overlord, and it will be the unsung heroes on your project team that will do the same.  Give them purpose, as Elie Weisel (http://www.nobelprize.org/nobel_prizes/peace/laureates/1986/wiesel-bio.html) said, and the rest will take care of itself.

Rest in Peace, thy Warriors for Peace.

I apologize for being one day late on this — the impact of the operation is still the greatest ever!

Learn, Offer, Value, Educate (LOVE)

Celebrating Memorial Day? Hardly.

Picture1Celebrating Memorial Day is not the right term to use for such a hallowed holiday.  Being  a veteran during the Cold War, I did not see battle, never drew a weapon to either defend or to defeat, and rarely saw death.  However, there are three times in my career when I became inextricably linked to death of a fellow service member.

The first time was when I first came in the Air Force and they were looking for volunteers as pall bearers for an Air Force officer who had died recently in military jet mishap.  They wanted officers and I put up my hand since I had never really been a part of anything like that in my past.

The day was bright in Southwest Texas and it was hot.  We were in our “Class A’s” with white ascots and silver helmets, our black spit shined boots had white “ladder laced” laces.  We all had white gloves, which would make it difficult to hang on to the casket pall, but none of us were complaining.  The bus ride to the church was very quiet and after the bus stopped we immediately exited and lined up to do our duty.  The captain in charge of the detail gave very specific but simple instructions before we departed the bus.  First, we were not to smile nor make any attempt at levity, this man had died doing his duty and it was up to us to do ours with honor, respect, and dignity.  Second, he had picked out the flag detail who would fold the flag and no one was to interfere with that.  Third, we were at attention at all times and looked straight ahead, even when carrying the casket.  If someone fell, they were to not hang on to the casket, but release it, get up and keep marching again with dignity.

After we escorted the casket to the hearse, we then continued on the bus ride to the cemetery.  We exited the bus again and took our places at the rear of the hearse to accept the remains.  I never realized how heavy a casket was until that moment.  We were on uneven ground and were allowed to use both hands, which we all did.  We carried the remains toward the burial plot and I suddenly realized that there was no ground underneath my one foot.  I started to go forward, but for some reason (to this day I really believe it was the hand of the dead airman) I immediately caught myself and continued on the way to the grave site.  The ceremony went without a hitch, although I have to admit that it took everything I had not to start crying as the flag was passed to the widow.  The hero’s children were asking their mother when daddy would be coming to see this and that made it even harder, but all of us treated the occasion with honor, dignity, and respect.  The fly over for the ceremony took place (although I heard it but did not see it) and we marched back to the bus and headed home, again very silent.  That was 40 years ago and I still remember it as it was yesterday.

The second time that I came face-to-face with death of a fellow service member was when I was appointed a Summary Court Officer for an airman was killed in an accident.  It was my job to identify the body at the site of the accident, escort it to the mortuary and ensure it was treated with respect (this was in a foreign country and they may not understand the importance of this procedure), prepare the effects of the airman and ship them to the family.   I basically was this airman and ensuring that his personal effects were shipped home.  The duty lasted approximately 3 months and again it was almost 40 years ago.  The airman had a child who would be over 40 now.  Some things you just cannot forget.

The final time that I would encounter death was toward the end of my career when I was selected for death notification.  This was about 1 hour away from my home and I was briefed that the individual died on duty as a result of an accident.  I would not have a pastor or priest or any religious representative, but was to go alone to the home and notify the widow.  I was told that I would be the first to notify her.  I drove along very windy country roads until I found the town and the address.  I checked my uniform one more time, took a few deep breaths, and made my way to the front door.  I saw the widow sitting there with her face in her hands, giving me realization that I might not be the first person to notify her of the death.  She made her way to the front door and opened it.  I stepped in, took off my cover, and said the words I had been practicing since I started the drive. (All names are fictitious)

“Mrs Smith, I regret to inform you that your husband, Sgt Smith, was killed while doing his duty in Europe.  On behalf of myself and the United States Air Force, you have our sympathies.”

I then found out the unthinkable.  She had already been called by relatives who had already been notified that her husband had died.  She was almost inconsolable.   I sat with her for about an hour until I felt she was calm enough to make a phone call to have someone sit with her, which she did.  The whole situation took about 3 hours, but it seemed shorter than that.   I just wanted her to know that she would have others that cared about her and her husband.  I left and went home and hugged my wife and kissed my children.

Celebrate Memorial Day?  Not likely.  The closest word that describes what we do on Memorial Day is commemorating it.  We must remember the hundreds of thousands that have died to make this country free.  We must remember that each one had families, futures, and friends that will no longer know the very essence of that person.  A phrase on a headstone of a young soldier that died near Monte Cassino, Italy says it best:

“Those that live in the hearts of the ones they love, will never die.”

A thoughtful Memorial Day to all.

Learn, Offer, Value, Educate (LOVE)

75 Years After The Greatest Military Project Ever!

doolittle

The Doolittle Raid in my opinion is one of the most daring raids in military history.  The fact that bombers are launched from a ship meant to carry and launch fighters just a fraction of the weight of a B-25 is something that has marveled me since I first started learning about flight.

It has been 75 years to the day (this was written on 18 April) that the mission launched.  The project planning that went into this one mission incorporated all the positives about project management, and leadership.

First, the requirement for the mission was probably pretty plain.  According to one site on the subject, the mission was to “attack a number of [Japanese] cities.”  I am assuming this meant that there was a list of targets for the mission.  (http://www.eyewitnesstohistory.com/doolittle.htm)

From there, the type of aircraft was chosen for its range, size, and ability to withstand anti-aircraft, along with long range navigation and fuel consumption.  The B-25 was the perfect choice at the time, but launching it would require training, which was done with hand-picked pilots and crews.  The time table was set, the planes were procured, the crews were picked, and the targets were chosen.  The one area that was left was getting the planes on the carrier (the Hornet was chosen for the task), and the mission was underway.

The secrecy of the mission must have been difficult, since the mission planners had to ensure that the planes were not on the deck when the carrier departed from port, along with ensuring that the pilots and crews were sequestered.  Fortunately, unlike today, there were no cell phones, or cell phone cameras to document a secret mission.  (And the crews, again I am assuming, were probably sequestered with no communication available to them.)

So, let’s review.

  1. A mission to bomb Japan, basically one of the strongest military forces (if not THE most formidable naval force in the area) was implemented
  2. The mission would take a land-based bomber and launch it off a deck of a Navy Carrier, less than half the length of the normal take off runway for the bomber
  3. The bombers would have a full fuel and armament load and, although they have two engines, still have a challenge getting off the deck
  4. The bombers would have to take off, fly low to avoid Japanese detection, then bomb their targets and get to airfields in China (our friend at the time)

And a few things did go wrong.  The Carrier had to sink a Japanese ship and, fearing the ship reported the sighting, had to launch 150 miles further than anticipated.  Many of the planes crashed for lack of fuel, but targets were bombed.  Most of the crews made it back, including Doolittle’s crew.

The one thing that I need to mention is that Doolittle led the raid.  Here was the project manager taking the lead on his project.  He was not just the planner, he was the doer.  He went in and conducted the bombing raid with his crew.  I cannot overemphasize how important this was in the minds of the other crews.  In order to ensure that he was committed to the mission, Doolittle took an active role in the training and implementation of the mission.  It wasn’t called the Doolittle Raid for nothing!

So, the next time that someone gives you a project, and you think you have it tough, just think that 75 years ago, without computers, cell phones, all the software applications that we have today, and with propeller driven aircraft flying low over water and realizing that there is not enough fuel to make it to friendly territory.

And then go plan your project.  The one thing that you can do that would reflect on Doolittle would be to lead your team; feel their pain when things do not go well, as well as their euphoria when things DO go well.  Your leadership will help your team reach their target and recover successfully.

Thank God for the Doolittle Raiders; may the fallen rest in peace.

Learn, Offer, Value, Educate (L.O.V.E.)

http://www.grectech.com

 

What If We Taught People to Drive Like We Teach People to Use A Computer?

drivers computers1I want you to teach a person to drive a car using the following outline:

  1. Teach them where the accelerator is and how to use that
  2. Teach them where the brake is and how to use that
  3. Teach them where the mirrors are and how to use them
  4. Teach them how to turn on the car, how to turn off the car
  5. How to fill the car with gas and where to put it
  6. Where the light switch is and how to turn it on and off
  7. Where the radio switch is and how to operate that
  8. How to read the speedometer

I am sure that I skipped some steps, but you get the drift.  What you want to teach the potential driver is the “buttonology” of the car.  You fail to tell them about the dangers of driving, the rules of the road, how to be courteous and otherwise how to have consideration for others.  What is the probability this “driver” will have an accident the first day they are driving?  I am a statistician and I would take odds on this one!

Let’s segue to computers.  That’s right, computers!

How do we teach computers today? We teach buttonology, how to associate functions with pressing of the buttons.  Want email?  Do this combination of buttons.  Get an app, or get on the internet?  Push this series of buttons.

There are no classes on the rules of the road, the ethics of using a computer or the dangers associated with using a computer.  If that were compared to diving a car, basically what you are saying is that we should all go out to our car and cut the brake lines and then drive the car.  We may make it to our location, but chances are we will crash and burn.  The same is said for operating a computer without the guidance necessary in the area of cybersecurity.

Cybersecurity.  The very name raises images of dark figures hiding in the shadows, plotting the overthrow of a computer network.  Yes, the black hatted individual that spends their days planning to attack a network for a variety of reasons, whether they be money, fame, or maybe rationalization that the attack will right a wrong.  Ah, cybersecurity.  It is meant for people who are the target of the attacker, not for normal people like you and me.

Hmmm.  Then maybe none of us need driver training but the people who operate commercial vehicles, or maybe we can all get pilots’ licenses, after all only commercial airline pilots are meant to REALLY learn about flying a plane!

Maybe this is a little bit hyperbole, but I have talked to a number of people who believe that computer training is one thing, cybersecurity is another.  Ladies and gentlemen,  that is like saying that there are five unrelated fingers on your hand!  Every finger works as part of the whole hand.  The same can be said about computer training and cybersecurity training.  Did you know that your brand new computer comes configured so that ANYONE can have access to that computer from the internet?   A simple configuration change can eliminate that threat.  Did you know that you can be tracked through your cell phone; or that people can access your microphone and video camera from your phone?  Many people realize they can, but fail to correct that situation.  Do you have a passcode on your phone?  Do you have a privacy screen on your phone?  All of this is part of keeping yourself safe while using a device you know the location of buttons.  Without good cybersecurity education, you are putting yourself at risk every time you get online.

The sad part of this whole situation is that our children are using devices at very young ages and do not understand the consequences of their use.  Would you put them in a car without education and let them drive to the store?  Of course not!  Why are continuing to let our children learn functions without learning consideration of their actions?

I teach senior citizens cybersecurity and I wanted to get the word out so I contacted a local paper.  The editor responded that it sounded okay, but they just did an article on seniors learning computers and that it might take a while before something else was done on this subject.

Can you now see what I am discussing here in this article?  If we fail to protect ourselves, we are just placing more people “on the road” without seat-belts and brakes!  Worse than that, we are giving people the ability to get scammed because they “trust” the network they are on at any time.  We do not implement protections and thereby put our loved ones in harm’s way.  We do it inadvertently, but we do it nonetheless.

How can we start to turn around this spiraling of our computer users?  First, look toward the basic cybersecurity courses (there are plenty that are free on www.cybrary.it as well as other sites).  Yes, there are classes in hacking, but there are plenty that show defensive measures to keep yourself safe while using your computer, cell phone, or other technology.  If we fail to keep pace with safety and security, we are contributing to the increasing cyber crime.  After all, what better way to encourage cyber criminals than to place someone on the computer network that does not understand the protections necessary to be secure and safe.  If that is case, take your teenager and give them the car before they get their license and let them drive it wherever they want.

If that be the case, one more fact before I let you go on with your internet surfing.  There are approximately 3.6 BILLION internet users according to http://www.internetlivestats.com/internet-users/ and there are “only” approximately 1 BILLION cars on the road according to http://www.huffingtonpost.ca/2011/08/23/car-population_n_934291.html.  From these numbers, which of the elements – computers or cars – present the most threat?  If I were a criminal, would I want to steal a car or steal a computer network (without you knowing)?  You decide.

That last part made your anxious – admit it.  Let’s all start to educate our users better and keep cyber crime at bay.  Otherwise, you need to get off the grid, because it is about to get ugly (or uglier)!

 

Learn, Offer, Value, Educate (LOVE)

“Silver Hats” founder

Getting to the Heart of the Matter – Data (Part 1)

heart-disease

February is heart (disease) awareness month and it is important that we realize that there are TONS of data that exist where we can find out about heart disease and the consequences that it has on our lives and the lives of others.  The Center for Disease Control (CDC) (www.cdc.gov) has data on how many deaths result from heart related illness (the total has not changed all that much from year to year, approximately 610,000 deaths per year according to https://www.cdc.gov/dhdsp/data_statistics/fact_sheets/fs_heart_disease.htm).  The amount of deaths from heart disease is more than those from suicides, unintentional accidents, influenza, diabetes, and chronic lower respiratory diseases (https://www.cdc.gov/nchs/data/nvsr/nvsr60/nvsr60_06.pdf).  What this means is that heart disease is something that not only needs attention, but is in some ways preventable.  According to the CDC website, almost 50% of Americans have AT LEAST ONE of THREE risk factors that are associated with heart disease.  These three are elevated blood pressure, elevated LDL cholesterol, or smoking (https://www.cdc.gov/dhdsp/data_statistics/fact_sheets/fs_heart_disease.htm).  This is not only troubling, but I felt necessary of further “data diving” to see the association between heart disease and areas where I personally have knowledge, like diabetes or high blood pressure.

The CDC has so much data on the subject that I started at this site to look for some data and found a survey called the Behavior Risk Factor Surveillance System (BRFSS) (https://www.cdc.gov/brfss/).  This data is available to anyone and has a great amount of data that is available for download, or for data analysis using CDC web-based analysis tools.  I  went to the “Surveys and Documents” link and found “BRFSS Prevalence and Trends Data” which gave the user the ability to put in risk factors and find the data according to US State, gender, and a number of other characteristics.  This is much better than downloading the data and having to do the analysis yourself, and also gives you an idea of the areas of the country where people are at more risk of heart disease than others.  It is a great resource for those that want to look at the numbers behind the heart disease issue. If nothing else, it presents an interesting look at how the country’s regions have populations that are more at risk of some diseases and not at risk for others.

I also looked at the BRFSS Web Enabled Analysis Tool (WEAT) that allows you to look at the data from a cross-tabulation point of view.  Here you can place characteristics in a number of ways to compare several factors against the disease.  The tool is very easy to use and contains so many factors that it is hard to determine which ones to choose.  However, for the budding data analyst, this is a great way to learn about data analysis and the multi-factor approach to the analysis.  A screen shot of the WEAT page is below (https://nccd.cdc.gov/s_broker/WEATSQL.exe/weat/index.hsql).

 

weat-page

You can see the “Cross Tabulation” link where you can click and set the numerous factors that can be associated with any of the various factors that the survey contain.  Please do not get overwhelmed!  There is so much data here that I used this for a project that I was required to do for one of my graduate classes in statistics from Penn State.  The data were provided, already collected, and catalogued.  All I had to do was do the various tests on this data.  It amazes me that more people do not know about this data treasure trove.  I realize that this is a phone-based survey, but from what I can tell it is one of the most extensive and intensive surveys in order to get a read on different maladies that pertain to the United States and give data analysts those tools.

Although this article was about gathering and understanding data pertaining to heart disease, the data takes you far beyond just that one malady.  But by understanding some of the factors that heart disease entails, the knowledge will undoubtedly help you to understand heart disease as composed of factors, rather than just something that happens as a result of “genetics” as proposed by some.

Enjoy the CDC site and the various ways of using data to clarify a disease that will be with us for a lifetime (hopefully a LONG lifetime).  To control it, we MUST understand it.

Learn, Offer, Value, Educate (LOVE)

President comparing someone to Hitler?! Is this REALLY Presidential? It’s been said before! By a President!

presidential-speechI, as many others watched the recent presidential news conference, was somewhat surprised at some of the language that the President  used in his monologue.  I, at times, could not believe the tone and type of language that he used, but after some research looked for some Presidential language that could be better.  However, I found the following quotes from a past US President.  Can you identify who said this quote…

“He is a Hitler at heart, a demagogue in action and a traitor in fact.  In 1942 he should have been hanged for treason.  In Germany under Hitler, his deal, in Italy under the great castor oil giver, or in Russia now he would have been eliminated.”(1)

…or this one?

“The White House is open to anybody with legitimate business, but not to that son of a bitch.”(2)

Or the fact that, at one point, this US President was just $10 away from being a member of the Ku Klux Klan?!

“At one point, …he enjoyed meeting with the white-sheeted brotherhood of the local Ku Klux Klan.  Coveting its electoral support, he was ready to join it, even depositing his ten-dollar initiation fee.  They demanded, however, that he support no Catholics in patronage positions.  He drew away — and demanded his ten dollars back.” (3)

He changed his mind, letting his better inclinations overcome his political inclinations. Whew!

It is also interesting that people thought of this President as “unfit, unwise, or just plain out of his depth…”(4)

I point these very real historical events and words to reveal that there are presidents that have spoken their opinions, had brushes with the side of society that we would rather not discuss or acknowledge, and yet have been considered some of the best presidents in our country’s history.  In fact, the US President that said (and did) the above is considered by the American Political Science Association’s Presidents & Executive Politics section as being one of the top 10 US Presidents! (https://www.washingtonpost.com/news/monkey-cage/wp/2015/02/16/new-ranking-of-u-s-presidents-puts-lincoln-1-obama-18-kennedy-judged-most-over-rated/?utm_term=.acae4803997f)

The US President that did and said the above?  Harry Truman!  That’s right, the man who ordered the bombing of the Empire of Japan and ended WWII in the Pacific.  A diehard Democrat, he at one point would not ride the Dumbo Ride in Disneyland because he did not want to be seen riding an Elephant, the symbol of the Grand Old Party (GOP)!(http://disneyparks.wikia.com/wiki/Dumbo_the_Flying_Elephant_(Disneyland_Park)

What does this mean?  It means that history judges differently than the present.  The idea that a person makes statements (or actions) that are unbelievably harsh, or uncompromising, does not mean that person is a bad President, just someone who fails to consider what they said (or did) when they said (or did) it.  I am not saying the current President is right when he said the things in that news conference.  I just urge people to check history and see the  relationship to others in that same office.  It will at least put historical context to the overall discussion.

It is very difficult being in a leadership position, especially THIS leadership position.  You are in the “fishbowl” at all times with people watching your every move.  Speaking your mind is not taken the same by everyone (or anyone for that matter).  However, the data does not match great Presidents with their speaking ability.  It matches it with their actions in office.  This is going to be an interesting 4 years.  I do not envy ANYONE in that elected position.  You lose in the present, but may win in the future.

(1)Kenneth Weisbrode, The Year of Indecision, 1946, Viking Publishers, 2016, page 145 (Truman was referring to Joe L. Lewis, Union Leader).

(2)Ibid., page 146.

(3)David Pietrusza, Harry Truman’s Improbable Victory and the Year That Transformed America, Union Square Publisher, NY, 2011, page 5.

(4)Weisbrode, page 149.

Learn, Offer, Value, Educate (LOVE)