Tag Archives: China

Hindsight is Foresight Foregone

It’s not that we can’t see the future; it’s that we don’t bother.

Granted, none of us can predict it, nor do I presume that some magic algorithm applied to some special pile of Big Data can ease the Fog of the Future.

In part, it’s laziness. Here in the USA, we’re predisposed to the here and now and me, and the rest will sort itself out.  As indeed it does.  But often not as we hoped.

In part it is because we know from abundant experience that too many pious prognostications by proselytizers of progress have turned to sink-holes of time, effort and money.  So why bother.

In management we have evolved the discipline of ‘risk management’ which is part institutionalized experience and part pseudo-science.  ‘Risk management’ is somewhat of an oxymoron like ‘military justice’, ‘artificial intelligence’ and ‘virtual reality’. It trades on a figment of truth to create the illusion that it is more than it is.

Risk management has some level of foundation in its effort to deal systemically with known and knowable risks, but today’s world is increasingly subject to unknowable risks for which there is no statistical basis of quantification of either loss, cost of prevention or remediation.   But that’s not the real problem.

Many in my profession of accounting and auditing gravitate to the  ‘risk management’ mantra, and strive to incorporate it into their mission statement. After all, if you can’t be a ‘risk taker’, being a ‘risk manager’ or a ‘risk something’ is the next best thing. It’s sexier than mere accounting and auditing.  And besides, there’s plenty of precedent for the need for ‘risk management’ given the losses that businesses have incurred for themselves, and more frequently for others in their carefully contrived relationships.

But, truth be told, even the growing cadre of risk management acolytes have trouble peddling their wares to the C suite where hype and hope too often trump (no pun intended) reality and even the crudest calculations of probability.

Let’s take a few examples out for a test drive:

  •  Does anyone see any problem with Jeff Bezos and Elon Musk and Larry Paige and the other space cadets filling the skyways and byways with their latest magical brain-farts without benefit of adequate regulation and incubation for proof of concept within laboratory controlled settings, much less in the free-fire environment of that freaky place we call the ‘real world’?
  • Is the latest episode of the Theranos melodrama really a surprise?  Or was it the highly probable outcome of a flaky premise sold to incredibly greedy people willing to believe and suspend critical judgment?
  • And let’s not beat unduly on Theranos. It’s just one of a number of Unicorns in the magical kingdom of Silicon Valley and other tech redoubts where people with more money than brains can throw it at the wall, hope that something sticks in the lottery of high-tech chance,  and praise themselves that their failures are really essential tuition and down-payment for future greatness.  In their magical kingdom, failure is virtue.  In the real-world, failure gets you fired.
  • Where is China going, and where is it taking us?  The West lost that gambit four decades ago with an essential, but ill-conceived opening of relations.  The drive of corporate greed for access to a billion consumers overtook any attempt of western governments to modulate the normalization in a manner that would minimize the foreseeable disruptions we have experienced economically and strategically.  Accordingly, China has grown into an unruly adolescent (in modern world terms, its considerable historical lineage notwithstanding).  Given its desperate economic and environmental constraints, and it’s likely belief that its salvation is in expansion, military conflict with its neighbors and the West seems inevitable in the near to intermediate term.  Trump and China should easily understand each other: a coercive bully that believes he\it has a right to dominance on its terms without obligations to others. I suspect that this is in part an act China has found it can get away with because, unlike with Trump, no one has yet drawn a firm line in the land, the water or the air that they are prepared to defend (although we are beginning to with questionable allied support). Corporate executives are now marveling at how they could possibly have lost their technological edge (which they often willingly gave away in many cases for access to that one-billion consumer market)  and now are losing the market itself in a tightly controlled totalitarian environment where the ‘rule of law’ is more a farce than even a mere political fig leaf of cover.  Who’d a thunk?
  • Was the Shell Oil retreat from the Arctic really a surprise,  or merely unfettered stupidity colliding with reality?  When we have so much evidence of failure to properly engineer and install  and monitor and regulate and mitigate such ventures in much less hostile and much more stable environments, what would make any prudent executive or government think that Arctic exploitation would be just another hole in the ground?  Did BP’s experience give anyone in Shell’s HQ pause for concern?
  • How about them GMOs?  Scientists are complaining that the average clod on the streets is unjustifiably suspicious of the risks of GMOs.  But when we look at the recent history of our ‘conventional’ food supplies, the engineering of obesity, the evisceration of regulatory oversight and quality control, is there not reasonable cause for concern by the public of what will next be foisted upon them in the guise of progress at their ultimate risk and cost?  This is actually a case of the person on the street exercising ‘risk management’ in the suspicion that those in the Corporate suite will not. At least, not in the consumer’s behalf.
  • And then there’s fracking; a mindless grab for resources beyond any exercise of prudence, with costs to society measured only in financial terms to date, with studied ignorance of the collateral environmental, social and economic costs beyond the measure of defaulted securities.

There are a number of simple questions that executive management could ask itself and save a lot of grief when contemplating a new venture or circumstance, or coping with an existing or intractable situation  (like Palestine):

  • Has the situation ever happened before, and what can we learn from it.
  • Are there any parallels, if not direct precedents, to this situation that can give us a clue of dynamics and outcomes?
  • Do we understand the context (historical and present circumstances) of our intended act, and do our assumptions take that context into account?
  • Have we tested our assumptions about what should happen if we take this action?
  • Have we defined performance standards for our expectations that will give us quick feedback if we’re going off the rails of our expectations.
  • Have we asked ourselves how the opposition/competition/stakeholders/regulators are likely to respond, and have we taken appropriate steps to address reasonable concerns.
  • What could possibly go wrong, and what’s the worst that could happen….?
  • ….and if it does, what are we prepared to do about it?

These are so simple, they don’t even deserve to be sexified as ‘risk management’.  They’re basic management, or even common sense.  Yet the frequency with which they are ignored and often even disdained by the supposedly educated meritocracy has numbed us of any sense of amazement.  Rather, it has implanted a cynicism and contempt and suspicion of all forms of authority: legal, moral, scientific, political, religious, social that accounts more for the rise of Trump, Sanders and Br-Exit than any conventional political explanation.

We could go on, but I’ll trust the point is made, if not accepted.  In the corporate, government and personal world, risk-taking trumps risk management more often than not, and often with predictable consequence.

It’s not that our capacity for foresight is so bad.  It’s that we don’t bother to seek answers we know we’re probably not going to like. And when they’re thrust upon us, we often find ingenious ways to ignore them rather than to deal with them.

So, to say that hindsight is 20/20 because we have the benefit of knowledge that is not previously available is at best half the truth.  As often as not, we just don’t give a damn.

*  *   *

Word of the day:  de-escalate.

Onward

20160710

 

Advertisements

Cyberwar’s Pearl Harbor

In the aftermath of the most recent invasion of our national data ecosystem, it might be worth contemplating where all of this might go from here, just in case anyone in a position of responsibility (as distinguished from a responsible person, because the two are not necessarily the same) might care to prepare for the possible, if not the inevitable.
We’ve heard a lot about attacks on our major financial and governmental institutions of late. No bank left behind. Suspicion that the Chinese are attempting to emulate the NSA by building a massive database with which to conduct further espionage, define the power hierarchy, and possibly co-opt key players with blackmail. The same kind of stuff the NSA might do abroad or at home, because, hey…what’s the difference. But I suspect that harvesting information overload is not the prize objective; and China, though never to be discounted, is a major threat, but not the primary threat.
Let’s get a little crazy here and contemplate a worst case scenario from which we can scale back.
First, who are the threats for conducting cyber warfare? The most obvious and capable are Russia, Iran, and China. At the risk of offending the Dear Leader’s self-esteem, we’ll forget about North Korea. Although cyber-vandalism is a game even the kids can play, cyber war takes some real chops, and needs to be scalable to effect, like any good marketing strategy.
And in what order of priority? My vote is Iran, because if the nuclear talks fail, it may be facing what it regards (whether we would agree or not, but that’s irrelevant) as existential threats from an extended embargo. An agreement might take them off that top spot, but they would no doubt continue to hone their options in this arena, particularly given their other ambitions in their neighborhood where we may stand as an obstacle.
Next up: Mad Vlad. Apparently getting more aggressive by the day. If things get out of hand in the Ukraine, or if he provokes further instability in the former satellites in the same manner he has in Georgia and the Ukraine, and if somebody miscalculates in a moment of confrontation (has that ever happened before?) then Vlad could decide to go Big Casino and pull what he considers to be a game changer.
Finally, there’s China. More paranoid than Vlad, and in a far more precarious situation economically and politically than we may know, it may fear that a strategic threat to its seeming dominance (such as the South China Sea) could trigger internal unraveling that would make its vulnerability apparent and invite attack. It may want to have in its back pocket a preemptive capability that can neutralizes strategic risk.
Which gets us to the question of ‘The Prize’. What is The Prize in Cyber Warfare? Is it data? Or dominance? And if it is dominance, how is that defined and achieved?
In nuclear war, dominance is defined as turning strategic areas of an adversary’s war-making capability into giant ashtrays. In cyber warfare, not necessarily. It is much easier and more beneficial to cripple than to destroy.
So, if dominance is the objective, how is it achieved? Not by stealing government HR files, or my medical records, or our bank records,. Rather, by strategically crippling the electric grid and other supporting energy and transportation infrastructure. Next, by crippling critical communications infrastructure.

Why is the energy network the prize? Because it drives everything else. Bring down energy, and you bring down the military, its supply chain and everything it depends on. Bring down energy and you bring down social stability and cohesion, and you force your adversary to focus inward to restore stability while knee-capping his capacity to project outward.
If the energy sector in general, and the electric grid in particular is the prize, why haven’t we heard more about incursions into their domain, as we have with financial and retail and health services? Precisely because it is the prize. What we know of past incursions in other sectors is that they have occurred gradually, laying penetration infrastructure well before the extraction, probing defenses and responses. It is safe to assume that they are doing the same thing with the energy sector and electric grid.
Logic would suggest that an adversary is not going to reveal its capabilities prematurely with token attacks. That is probably what the banks and Home Depot and Target are good for. Test grounds for generic attacks and to reveal responsive capabilities. Diversions from the real area of interest. Save the best for last.
How might such an attack evolve? Let us consider that Russia, a player on the front line of a warm conflict that could easily go hot, would be the logical first-mover. Consider that Iran, a client state with some degree of strategic dependence on Russia, might be a willing ally in such an attack, since rendering the Great Satan strategically impotent would be a major gain to its own strategic ambitions. And, while not necessarily chummy, Russia and China might agree that denuding the US of short to intermediate term strategic economic capability, and thus military capability, would give them sufficient time to achieve hegemony over their own spheres of influence in Europe and Southeast Asia for the long run.
Of course, there is the question of what capabilities the US has to deal with such an attack.

A. Do we have the intelligence to foresee it in time to prevent it?
B. Do we have the means to prevent it if intelligence informs us in time?
C. IF neither A or B, what is the likely extent of damage that can be done?
D. If nominal or critical damage is done, what is our capability of response?

Ask yourself how well A and B have worked so far, either at the national or private level. At the private level, studies of recent break-ins suggest an appalling degree of managerial incompetence or indifference to knowable and preventable risks by private companies. Not unusual in the history of managing the security requirements of data resources.
And the role of the US Government? Well, if it can’t protect itself, how well can it protect anyone else? And if it could protect anyone else, the typical response from industry seems to be that it regards the US government as much an enemy as The Enemy. This may speak to private enterprise’s fear of revealing to the government things that it desperately does not want the government to know (assuming the government does not know them already).
If damage is likely, what kind of damage can be expected and with what impact? If critical control points of the electric system can be compromised to inflict critical damage on key generation and transmission points, particularly in a coordinated attack that creates cascading failures, one can imagine an unpleasant day in paradise. But we don’t have to imagine. We can recall two Northeast black-outs, as microcosms of what could occur nationally. We can recall the aftermath of Storms Irene and Sandy on communications and energy infrastructure in the Northeast. To the degree that major transformers could be fried, that major rail centers could be damaged by derailments, that major pipelines or their control centers could be done harm, short to intermediate term harm could be accomplished for adversaries to achieve their strategic objectives of crippling our capacity to project or sustain military force in areas of strategic importance. They would not have to fry the entire grid. Just enough to make an impact at critical pressure points.
And what damage could we do in return? No doubt we have the means to inflict comparable damage at some scale. Stuxnet proved that with the Iranian centrifuges. But our society is much more complex and integrated than Russia or China or Iran. In relative terms, it is probable that these potential adversaries would inflict much more relative damage on our day-to-day capabilities than we would on theirs, particularly given their autocratic nature.
Further, they will have neutralized our capacity to operate in their neighborhood far more than we will have neutralized their capacity to operate in their neighborhood. And that is the strategic gamble, the game changer, the prize. China would achieve de-facto control over Korea and Taiwan without firing a shot, and achieve effective allegiance to its will of the entire Southeast Asian rim from Malaysia to Japan. Is that important to us? Russia wouldn’t have to worry about us meddling in Europe, east or west. Do we care? Iran and its surrogates can pick off its adversaries at its leisure, escalating a war of attrition against Israel, to continue keeping the little people’s attention diverted from the real problems at home as they march onward in the name of Allah.
Would such a cyber war cause us to go nuclear? Not likely, and that’s what makes a cyber war a more credible threat. No other means can inflict as much damage with as great a possible payback, and as little risk in return. Not that there’s no risk; but, in the abstract, it is less frightening.
One of the ironies of a cyber war scenario is that the internet, a distributed communication infrastructure originally designed to be survivable to nuclear attack on any number of its nodes, is now the vehicle for attacks that can be simultaneously distributed in source and destination with devastating possibilities. And the core of that irony is that the western nations have used the internet to consolidate control of their operations, making them more vulnerable.in this context.
In such an attack, Google and Facebook would become worthless, no matter how many solar arrays they plant to make their server farms impervious to fluctuations of the grid. Amazon, not far behind. They would become worthless because their market exists on a grid based infrastructure. Their market, their reason for existence, is no greater than the grid its stakeholders depend upon. And in a post-cyber war society, the trivialities of social want that these and other highly centralized companies feed upon for their corporate sustenance will evaporate in the heat of more pressing concerns.
If this is indeed a real threat, what is the cure? Investing in information technology security and training on an unprecedented scale would be a good start. Reconfiguring the grid to be better partitioned for containment and more distributed in source and composition of power generation to diminish vulnerabilities from concentration would also be helpful. This will take a little longer, …like a lot longer. But the sooner we start and the farther we progress, the better. It might be good for all entities which depend heavily on communications and electrical networks to ask themselves how they would operation with either down for a month or two. Not that that would be the time frame of a post cyber attack recovery, but it’s a good start to get one in the mood. This will also compromise some of the economies of scale that companies strive for, but those seem to be elusive at best on a good day, and often more illusion than reality.
Is the scenario I’ve painted plausible? Recent history suggests that we have yet again unleashed tools and strategies for which we have not adequately anticipated and prepared for the blow-back. See ‘atom-bomb’ for historical perspective. Our delusional embrace of our exceptionalism likely induces complacency yet again in our leadership. Not the President necessarily, but the full complement of grand poobahs who must make things happen.
And what would the utilities and national security planners say to my ruminations? “Utter nonsense”. Damage will be nominal, at worst. The utilities are on top of it and have given the threat priority attention. And no adversary would dare launch a major attack on our infrastructure for fear of devastating reprisal. Like 911.
Why didn’t I think of that before? Could have saved a lot of pixels.
Don’t worry. Sleep well.
Onward.
20150607

Intelligence

Intelligence has two distinct definitions. It can refer to the possession of information, or the possession of the capacity to use it effectively. The two do not necessarily cohabit; most certainly, not often enough.  Like the time we outsourced the liquidation of a monster in the caves of Tora Bora to locals of ambivalent motivations. 

Continue reading

Got Reality? Climate Change, Energy and Public Policy

And so it begins, the unraveling of 'concerted ignorance' by random pulses of reality.

Two interesting articles appeared in the online edition of The Economist last week. The first, Why Don't Americans Believe in Global Warming? sought to understand why the U.S. is persistent in failing to come to grips with the reality of Climate Change. 

The second, Are Economists Erring on Climate Change?  ,explored the discomfort of economists in coming to grips with an issue that defies the logic and comfort of their statistical foxholes.

Continue reading

Got Energy?

This has been an interesting week on the energy front.

The price of energy has jumped due to a confluence of temporary events including:

– unusually cold weather including the week's major storm across the US which left only one state untouched by snow;

– record flooding in Australia which has crimped its coal production and jeopardized its major customer, China;

– a leak and temporary shut-down of the Alaska Pipeline;

– an unseasonal persistent increase in the price of gasoline, and the impact of energy costs in general on the consumer price index.

These were the 'tactical' issues on the energy front.  Some of the subtler ones are more strategic, and of greater long term concern.

Continue reading

Great Expectations…

…are not always good expectations. The word 'significant' might be more appropriate in the current circumstances.  Here are a few thoughts on the prospects for the year ahead, and the decade it heralds.

The year and decade ahead will be one of transition. It will not necessarily be worse, and will not likely be better, but it most definitely will be different, cutting both ways with opportunities and threats of equal magnitude. Generally, we do not do transitions well, but that, like many items below, is a subject for future blogs.

Let's take this platitude down to specifics.

Continue reading

Climate, Energy, Economics and Policy Entropy

Copenhagen is concluded.

Hamlet's question has been answered with respect to Global Climate Change policy: not to be.

If Kyoto can justly be ridiculed as commitment without accomplishment, Copenhagen must be considered a step back from that.

I do not blame President Obama for this, as many are more than willing to do.  The failure is so large that no one leader or nation can fairly bear it alone.   The question is: where to from here?

Continue reading