return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ InfoT Public ]

Applying Ackoff's rules of system interdependency, Part I


Anyone familiar with my systems side knows that I treasure Russ Ackoff, whose three rules of system interdependency are never far from hand when approaching any system, human, natural, or mechanical. Any analysis of our own or of an opponent's system calls for them as they immediate flag disconnects and suboptimization. I summarize Ackoff’s rules of interdependency as:

  • Rule One: If you optimize a system, you will sub-optimize one or more components
  • Rule Two: If you optimize the components of a system, you will sub-optimize the system
  • Rule Three: The components of a system form subgroups that obey Rules One and Two

They show why a system can be so maddeningly complex, especially when its parts are examined in isolation to others and to their environment. It is Rule Three that so often brings an expression similar to that of the Sheriff Brody in the film, Jaws, when he turns from the shark to say, "We need a bigger boat." Indeed we do.

Ackoff corrects our commonly held view that a system is the sum of its parts. Instead a system is the product of the interactions of those parts: "…the essential properties that define any system are properties of the whole which none of the parts have." Ackoff likes to cite the automobile's essential property is to transport us from place to place, a property that no single part of the car can perform, i.e., once a system is dismantled, it loses its essential characteristic even if we retain its parts.

Ackoff zeroed in on the need for understanding (of a system or anything else) in "Mechanisms, organisms and social systems":

"One can survive without understanding, but not thrive. Without understanding one cannot control causes; only treat effect, suppress symptoms. With understanding one can design and create the future ... people in an age of accelerating change, increasing uncertainty, and growing complexity often respond by acquiring more information and knowledge, but not understanding."

See Gharajedaghi, J., & Ackoff, R.L. (1984). Mechanisms, organisms and social systems. Strategic Management Journal, Vol 5: 1-15. Note: Few of Ackoff's writings are on the web.  Find its abstract here.

Ackoff extended the DIKW model (data, information, knowledge, and wisdom) to:

  • Data: symbols
  • Information: data that are processed to be useful; provides answers to "who", "what", "where", and "when" questions
  • Knowledge: application of data and information; answers "how" questions
  • Understanding: appreciation of "why"
  • Wisdom: evaluated understanding.

Ackoff believes that of the five, only wisdom deals with the future (an ability to construct a future vision) whereas the others deal with what is known, e.g., things in the past. Ackoff rightly notes that wisdom is not free and requires one to move through the earlier categories. My preference for that progression is the Berlin Wisdom Model.

See Ackoff R.L. (1989) "From Data to Wisdom" Presidential Address to ISGSR June 1988, Journal of Applied Systems Analysis, Volume 16, 1989 p 3-9.

On to Part II

Gordon Housworth

InfoT Public  Strategic Risk Public  


  discuss this article

Directed bot nets: Script to virus to bot to worm


Continuing our theme of attacking the critical path, remote attack tools, called bot software, infect PCs without disabling them so that their users are not alerted while the bots work in background. These bots are already among us, numbering from the hundreds of thousands to millions. One of the newest variants has incorporated open source code to breach virtually every vulnerability on "almost every Windows system sold in the past five years."

These bots can be joined with worms and viruses to create hybrids in which worms are launched from a cooperating bot net. The use of a directed bot net allows the perps to conserve bandwidth in their attack and so avoid much of system noise that a conventional worm attack would generate.

Once the bot net has pre-seeded the desired number of machines, the perps can launch a variety of attacks from an active DDoS to a passive computational attack in which the slaved PCs are used a distributed supercomputer for decryption and password cracking. Spammers are also using bot nets to send bulk mailings that mask the senders' address. In all cases the evolutionary process seems to be script to virus to bot to worm.

We have no real idea how many of these bots and bot nets are now in the wild -- sleepers if you will. As a comparison, Microsoft noted that its update system had patched 9.5 million PCs, vastly exceeding the estimates of the antivirus entities that track such things. A new variant of Agobot may soon show us as it uses a specific port to attack vulnerable systems, and traffic on that port was rising at the end of the week.

Given that these bots are already in place and have a 'Swiss army knife' capability of attack vectors, and, I would surmise, an ability to distribute new exploits as they are disclosed and developed, the bot net owners will be working inside our ability to respond with a proper patch. Every machine should, of course, keep all critical patches current, make more and frequent backups, and have network administrators and/or your firewall check for suspicious outbound traffic.

Alarm growing over bot software
By Robert Lemos
April 30, 2004, 9:16 AM PT

Gordon Housworth

Cybersecurity Public  InfoT Public  


  discuss this article

Accelerating our aid to Trashcanistan


Continuing our theme of Where we care, where we don't, it is instructive to track the aid now pouring into Trashcanistan and its near neighbors, Afghanistan and Pakistan; aid with little expectation that it will move beyond propping up egregious regimes and causing us longer term harm.

Stephen Kotkin coined the term Trashcanistan in the process reviewing the fates of ex-Soviet statelets such as the Ukraine, Moldova, Central Asian and Caucasian republics.  His biting work identified regional features as:

  • Economic collapse
  • "Gangland violence among state ministers"
  • Rising Fascism
  • Rising Islamic fundamentalism
  • Population flight

Jean-Jacques Dethier, Senior Economist, World Bank, later issued a much more detailed report for much of the same area (the "CIS-7" low-income countries of the Commonwealth of Independent States: namely Armenia, Azerbaijan, Georgia, Kyrgyz Republic, Moldova, Tajikistan and Uzbekistan.)

I recommend Kotkin as a good read and Dethier's work as a reference. Dethier identified the key governance issues that led to corruption as:

  • Authoritarianism [and/or] highly unstable competition between factions/parties
  • Capture of the state by local elites and resistance to market-friendly reforms
  • Weak state capacitywhere administrative capabilities were concentrated in the [former Soviet] center
  • Difficulties in nation-building resulting from regional and national conflicts; geo-political factors and the uncertainty over national boundaries

Dethier's results track with Kotkin:

  • Flattened investment climate
  • Harassment of small entrepreneurs
  • Purchase of government jobs
  • Corruption among public authorities
  • Diminished living standards
  • Corruption in the provision of education, healthcare and social services
  • Corruption during privatization

Unfortunately, this aid is flying in the face of World Bank President James Wolfensohn's observations that "aid can make an enormous difference" in nations with good governance and strong policies, but that aid can be ineffective, even counter-productive, in areas of weak governance and bad polices.

Strategic reprioritization in the wake of 11 September is to blame with the US (and the lending bodies with which it has influence), and EU making generous grants, loans and write-offs to such areas even as World Bank was attempting to lift its lending criteria by rating supplicants' policies, institutions and governance, and calling for better targeting of pledged aid and coordination among donors.

I have long made the observation that the 'free world' was the virtual reassembly of the West's colonial empires cemented by resistance to Communism.  Aid that flowed to resist Communism ceased when the USSR collapsed.  It has started anew in resistance to terrorism.  Unfortunately we are again helping the wrong people do the wrong things to their citizens while 'helping' us.

Karimov in Uzbekistan is worthy of Franklin Roosevelt's comment of General Anastasio Somoza that, "He may be a son of a bitch, but he's our son of a bitch." We have returned to a multiplicity of such states while we subvert the improved World Bank lending guidelines. I hope that Wolfensohn is not denied a third term and that we survive our choice of regional allies.

Trashcanistan: A Tour through the Wreckage of the Soviet Empire
Stephen Kotkin
The New Republic
April 15, 2002

Jean-Jacques Dethier
Senior Economist, The World Bank
Prepared for the Lucerne Conference of the CIS-7 Initiative, 20th-22nd January 2003.

World Bank Official Calls For More Capacity-Building Aid
Washington: March 21, 2002

World Bank President Outlines Post-Monterrey Action Plan to Development Committee
Washington, April 15, 2002

Gordon Housworth

InfoT Public  Strategic Risk Public  


  discuss this article

Applying COTS UAVs to military missions


For background, see parts one and two of "Building a COTS (Commercial Off the Shelf Technology) cruise missile" and "COTS cruise missiles get easier yet"

Naval Office of Naval Research (ONR) has taken an essentially COTS R/C model aircraft and added commercially available sensors (visible and infrared), data links, and a PC video game-like command interface instead of the normal R/C toggle/joystick. The added components boost the cost to $50K but a volume cost is assumed to be in the $20K range. If terrorists do not make their own, or use purely COTS elements, they will buy or steal ours or someone else's version.

Called the Silver Fox, this tactical unmanned aerial vehicle (UAV) is designed for small military units as a RISTA (reconnaissance, intelligence, surveillance and target acquisition) tool. This is a 7' wing span, 20 pound unit with a 4 pound payload, thousand foot ceiling, and low signature UAV. It transports in a "slightly enlarged golf bag" (a great civilian cover) and "could operate very easily out of the back of an SUV."

Future versions aim for 24 hour endurance, 1,500 mile range, and a 10,000 foot ceiling. A terrorist's ability to gain "control of the flight deck" gets easier and cheaper with each technology generation. The "glide slope to the desktop" gets increasingly short.

Even simpler UAVs such as the battery powered Pointer "can be assembled, launched, flown and recovered by operators with minimal training and no previous experience operating drones." An onboard camera relays video to pilot and navigator. Pointer is a dual use aircraft in that it can be used for pollution monitoring as well as chemical weapons detection.

See all US air, ground, and sea military robots used in Iraq here and the Association for Unmanned Vehicle Systems International (AUVSI) here.

Gordon Housworth

InfoT Public  Strategic Risk Public  


  discuss this article

Where we care, where we don't -- where oil and AIDS creates a shift


The VOA (Voice of America) is always a treasure to mine. Our Unified military commands show where we care:

  • NorthCom, or Northern Command -- the newest, coordinating military responsibilities in North America, including the defense of U-S territory
  • SouthCom, covering Central and South America
  • EuCom, or the European Command covering East and West Europe including Russia
  • PaCom, responsible for the Asia-Pacific region
  • CentCom, or Central Command, covering the Middle East and Southwest Asia

Where don't we care, or haven't we cared? Africa, no surprise. There is no Africa Command as coordinating military matters there is split between EuCom and CentCom. (CentCom picks up the Horn of Africa where areas such as Somalia and its littoral waters are areas of interest in antiterrorist interdiction.

It is interesting that when the Pentagon Africa chief Michael Westphal appeared before reporters as late as 2002 to discuss the DoD's military-to-military programs, the event was unprecedented. "As one African magazine reporter who attended the briefing said, when he first heard it was taking place, he did not believe it."

But it's changing for two reasons. The first reason is Sub-Saharan African oil and gas production. Fifteen percent of US imported oil is lifted there and will increase significantly. This oil is also known as sweet crude in that it has less low ends and so is more easily refinable.

The second reason is the depopulation due to AIDS which are on the verge of creating ungoverned regions in hollowed-out states. (The military, police, and backbone of trucking, and some state infrastructures are the hardest hit.) Authority and commerce die in a single stroke. I would go so far as to say that AIDS was viewed in some circles as 'their' problem, until the realization struck that AIDS could create swaths of new Afghanistans open to criminal and terrorist intent. The Blood Diamond trade in Central Africa is a readymade partner along with its associated smuggling and money laundering.


Al-Qaeda 'traded blood diamonds'
BBC News Online
By Lucy Jones
Published: 2003/02/20 14:10:04 GMT

Gordon Housworth

InfoT Public  Strategic Risk Public  


  discuss this article

Bribery is a $1 trillion USD annual business - $2.7 billion per diem


Corruption -- the misuse of public office for private gain from whatever source, AIDS, poverty, and famine rank high on my alarm chart for producing dysfunctional or depopulated states that can be exploited for terrorist and criminal purposes. World Bank is putting the direct cost of bribery at $2.7 billion USD per diem, and that does not include embezzlement of public funds or theft of public assets. If the 2001-2002 world economy was properly valued at around USD $30 trillion, we are talking about severe drag.

The co-author, Daniel Kaufmann, writes that "Corruption tends to be more of a problem in developing and formerly communist countries than in high-income countries. Africa and the successor states to the Soviet Union are the regions considered to have the worst corruption problem." Corruption then forces entire segments of a manufacturing economy off-books into hidden "unofficial" activity in order to avoid higher tax rates, bureaucratic corruption, and mafia protection, all of which create a downward spiral in any faith in the court system.

After direct dollars, there are the impacts of inequality, illiteracy, and infant mortality in developing economies. (There is a useful interactive map series by year, Governance Research Indicator Country Snapshot (GRICS), here.):

  • Reduced overall wealth in a country
  • Reduced amount of money the government has available to pay good workers and purchase supplies
  • Distorted manner in how governments use their money
  • Unfairness in allowing those with money or connections to bend the law or government rules in their favor.

Kaufmann stress that "improving governance, rule of law, and corruption control" lead to increased national and personal incomes, be it rich or poor nations. The underlying reason that people get involved in corruption is that government and social systems fail, producing negative incentives in the bargain, i.e., that there is scant chance to be caught out and there are few offsetting alternatives.

Corruption has four drivers in rich or poor countries:

  • Clear opportunity
  • Little chance of getting caught (usually due to a lack of transparency and weak enforcement)
  • Bad incentives (low job pay , job insecurity, or inverse incentives in which jobs are bought with the expectation of taking bribes)
  • Attitudes or circumstances that make average people disregard the law (typically poverty or scarcity of goods, food, and medicine but can include societal values of clans and extended families)

The corruption pie breakout of Georgia is indicative of the many entry paths for criminal or terrorist groups to affect their ends for targeting, transit, or support operations. Note that the customs authority, judiciary, or police have a very high probability for corruption, just the groups that are supposed to be the guarantors of the state.

It may not be headline grabbing but reduction of the drivers and rewards of corruption will go far in protecting our society by interdicting the terrorist supply chain that ultimately lands a device on our shores.

Influence of Corruption on Business in Transition Countries on the Decrease
World Bank, 2004

$2.7bn Bribes Change Hands Daily, Says World Bank
World Bank News, 12 April 2004

Gordon Housworth

InfoT Public  Strategic Risk Public  


  discuss this article

Radical resident Euro-Muslims preach overthrow and jihad


Openly preached in radical mosques in the UK and elsewhere in Europe: Muslims will no longer be restrained from attacking the Western countries that now host them if bin Laden's Euro-neutrality offer is spurned.

"All Muslims of the West will be obliged [to] become his sword"

This traffic rarely makes it to our shores (although there was a burst of it in the run-up to the Iraqi invasion). Save for the sermons of the now imprisoned "blind sheik," Omar Abdel-Rahman, and a few others whose credentials were revoked, we do not have this level of public venom from Muslim sheiks within our borders.

Some of these imams have been inciting youths "to suicidal violence since the 1990's," yet have escaped deportation by working the legal system against itself. Stronger antiterrorism laws have not made a dent, thus authorities have been reduced to mouse-trapping on immigration violations but those efforts often fail due to the liberal nature of such laws in Europe.

One hopes that the authorities are surveilling and photographing these assemblies (many of which occur outdoors) so that we have an 'asset inventory,' but I still find this cold comfort as people can do amazing things under surveillance and can scatter on a signal perhaps to join an attack team coming into the country for an event.

Mainstream Muslims are understandably outraged and rightly fear that entire Muslim communities will be targeted by the authorities and bear increasing resentment from the larger populace. The mainstream wants their own extremists deported.

How can you blame them when Sheik Omar speaks of "terrorism as the new norm of cultural conflict, "the fashion of the 21st century."" That unfortunately sounds like the race wars that I fear as the logical outcome of this affair. How unremitting sad for us all.

Militants in Europe Openly Call for Jihad and the Rule of Islam
April 26, 2004
New York Times

Gordon Housworth

InfoT Public  Terrorism Public  


  discuss this article

Who’s on the National Security Threat List and why?


The FBI's National Security List (NSL) has two parts, the Issues Threat List (activities that get you on the list) and the classified Country Threat List (states whose activities are "so hostile, or of such concern" that investigations are warranted).

The issues list contains:

  • Terrorism (violent acts, criminal violations if committed in US jurisdiction, intimidation or coercion of government or population)
  • Espionage (US national defense info)
  • Proliferation (of WMD and advanced conventional weapons)
  • Economic Espionage (sensitive financial, trade or economic policy information, proprietary economic information, or critical technologies)
  • National Information Infrastructure (facilities, people, information, computers, cable, satellite, or telecom)
  • US Government (government programs, facilities, information, or personnel)
  • Perception Management (manipulating information, communicating false information, or propagating deceptive information to distort the perception of US policies)
  • Foreign Intelligence Activities (anything else not described above)

That broad sweep nets both friend and foe, broad national agendas and quite targeted issues. Former DCI Robert Gates made the understatement of the quarter century in noting:

"Some countries with whom we have had good relations may adopt a two-track approach, cooperating with us at the level of diplomacy while engaging in adversarial intelligence collection."

Few nations are, however, as forthcoming as France. In reference to the activities of Service 7, Pierre Marion, retired Director of the French DGSE, publicly noted that:

"This espionage activity is an essential way for France to keep abreast of international commerce and technology. Of course, it was directed against the United States as well as others. You must remember that while we are allies in defense matters, we are also economic competitors in the world."

The 2000 Annual Report to Congress on Foreign Economic Collection and Industrial Espionage uncloaked to identify six greatest offenders as China, Japan, Israel, France, Korea, Taiwan, and India.

I surmise the temporary Russian absence was due to the disruption from the breakup of the former Soviet Union. Taiwan was greatly exercised by being publicly placed among 13 nations designated as a threat to US national security, "including Russia, China, North Korea, Yugoslavia, Serbian-controlled Bosnia, Vietnam, Syria, Iraq, Iran, Libya and Sudan." More than twenty nations populate the list.

Who doesn't get publicized on the list are our closest allies such as the UK, (then West) Germany, the Netherlands, Belgium, and Canada.

Commercial enterprises and individuals account for the bulk of international industrial espionage activity, roughly three times the percentage due to foreign government-sponsored efforts.  Even developing countries pose a threat as their intel agencies profited from training provided by the USSR, DDR (East Germany), Czechoslovakia, Bulgaria, and even the US and so have created a "reservoir of professionally trained intelligence mercenaries."

US intel agencies do not reciprocate in conducting industrial espionage against foreign companies to the direct advantage of US firms. Intel efforts are designed to support US aims without sharing commercial information with US companies. The US will, however, step in from time to time to confront foreign nations with public disclosure should they not desist. The FBI also routinely briefs corporate security officials of US firms that operate in certain countries, friend and foe alike, and if personnel threats are considered extreme, will offer useful guidance.

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Strategic Risk Public  


  discuss this article

VoIP telephony as susceptible to hacking as pure data networks


Attacks: DDoS (distributed denial-of-service attack), packet reconstruction, and OS attacks from within and without the company.

The only difference is that VoIP hacks are presently few in number but that will change dramatically as the technology builds a critical mass in terms of installed base or critical path users.

The critical first step is to separate voice and data networks with virtual local-area networks (VLANs) to prevent a DDoS attack against your corporate data website from taking down your VoIP network, or vice versa. Reduced costs will not justify the loss of both voice and data should your business's sole connection to the Internet go down.

Then comes encryption (you were going to do that, correct?), switches over hubs, hardwired over software-based phone solutions (much more resistant to hacks), protocol-specific IT expertise, and then the many standard needs of physical access control, firewalls, proxies, antiviral, and backups.

There are solutions but they are not as cheap as a phone line for small(er) businesses if these security needs are factored in. Without the security handling, VoIP is a sitting duck for the taking.

How your phone could be hacked
By Robert Vamosi: Senior Associate Editor, Reviews
Friday, April 23, 2004

Gordon Housworth

Cybersecurity Public  InfoT Public  


  discuss this article

While we're looking the other way -- tunnels?


I continue to be fascinated by the large number of tunnels dug between Mexico and the US in Arizona and California (New Mexico has few border towns to act as a terminus and Texas has the Rio Grande barrier). Tunnels have been used, for example, between Egypt and Palestinian Gaza. I have heard it said that 'anything that a man can hold in his arms' is already in Israel.

The discovery of the Calexico tunnel brought a moment of reflection. As of April 2003, 21 tunnels had been found since 1990 -- a number a thousand feet long. Drug traffickers are relying more on tunnels to avoid tightened US port security following 11 September. Four of the 21 tunnels had cart and rail systems while nine were equipped with lights and ventilation systems. Some had steel rails to support carts to be drawn through. Seven were in the San Diego County region and 14 were in the Arizona region. Twenty were near ports of entry.

Finding these tunnels is not simple. Soil and geological variations in concert with power line interference makes the use of radar, sonar and electromagnetic radiation tools problematic. Examination of likely areas in concert with background checks and property record examinations on persons of interest carry much of the load. Tipoffs and chance are a major boon.

The rising question is whether terrorists could, for a price, be permitted to smuggle weapons, components, and personnel into the US. If illicit drugs and aliens can be brought across, then terrorists or WMD components can also come across.

Tijuana has been a historically popular crossing point for Middle Eastern nations. Lebanese and Chaldeans (and Iraqi Catholic minority) have been well represented along with some Iraqis. (Mexico really began to pay attention after 11 September.)

The Drug Enforcement Administration (DEA) estimates a tunnel's cost between $800,000 and $1 million to build. That cost and the very high value of the cargo transported would seem to indicate that drogistas would not compromise an expensive asset for a one-shot 'rental,' but we have no guarantee. Besides, a clandestine terrorist may not identify themselves or their cargo and so pass through as one more illegal alien.

In the week after 11 September, I told colleagues that al Qaeda would be as hard to eradicate as drugs, in part because of the difficulty in eliminating illicit transnational channels of any kind. Anytime two or more of these channels even approach one another I have concern.

Tunnel is found near the border at Tecate
By Anna Cearley
June 18, 2003

A hole in security?
Border area seems even more vulnerable in the aftermath of 9/11
By Anna Cearley
May 7, 2003

U.S. drills for drug tunnels
Authorities believe they've found another cross-border route to Mexico
By Elliot Spagat
Associated Press
April 14, 2004

Gordon Housworth

InfoT Public  Infrastructure Defense Public  


  discuss this article

Prev 51  52  53  54  55  56  [57]  58  59  60  61  62  63  64  65  66  67  68  Next

You are on page 57
A total of 68 pages are available.

Items 561-570 of 673.

Pages: [1 - 25] [26 - 50] [51 - 68]

<<  |  July 2020  |  >>
view our rss feed