Month: November 2015

ILD 831 WEEK 6 POST – RAY R.

history-of-cyber-crime

Computer Crime

The rapid development of computers and networks, including the Internet, has brought huge benefits to people and organizations around the world. With this development comes a threat, as these systems have become a major target of attackers. Additionally, computers have become a tool and a resource for people who want to attack or commit crimes using computer technology. The world has become an increasingly interconnected. A person with a laptop can sit in a restaurant in Instanbul and pay bills, trade stocks, transfer funds between bank accounts, and chat with friends across the world via the Internet. These are the conveniences that many have become accustomed to with today’s communications technology. People in the same scenario with bad intentions could use a stolen identity to grab funds from a victim’s checking account, hack into the stock exchange, or create and send a Trojan horse to spread around the world to gather private information. These are just a few examples of the benefits growing network technology brings, while also highlighting how this easy access can also be a threat.

To set the stage of this threat, it is important to realize that the world is highly connected. Cisco predicts that 50 billion devices will be connected to the Internet by the year 2020. The company’s analysis claimed that 8.7 billion devices were connected to the Internet in 2012. These devices can range from items for personal use such as a smartphone, tablet, laptop, or desktop computer all the way to an Automated Teller Machine (ATM), military network, computers and machines in a water treatment facility, to the processors controlling our electrical system.

Cyber attacks usually consist of directed intrusions into computer networks to steal or alter information or damage the system. Malicious code, such as viruses or worms, can propagate from computer to computer and disrupt their functionality. Denial of service attacks can bombard networks with bogus data so they cannot function properly. Using these types of intrusions, cyber attackers could target financial institutions, communication systems, energy infrastructure, government operations, hospitals, and many more functions that rely on computer networks to operate. Whereas cyber attacks used to be something that were only a nuisance in the I.T. industry, they now have become something that can disrupt the entire U.S. economy. This would affect individuals across the country as well as endanger national security. The ripple effect of this type of disruption would hit the international community as well.

Due to the nature of networked computers (the Internet), attacks no longer require the perpetrator to be in close proximity to the victim. Cyber attacks can be launched from anywhere in the world, at breakneck speed, and at extremely low cost. Additionally, our current technology makes it almost impossible to predict ahead of time when an attack may occur. Also, since cyber attacks require only a computer and an Internet connection, there is not much of a barrier to entry. This means anybody from teenage hackers in their parents’ basements to terrorist groups to actual country-sponsored terrorism have the capability to wreak havoc. The amount of damage inflicted on the victim mostly depends on the level of defenses and technological skill put in place by the target. This has become such a problem that there have been entire segments of government agencies created or restructured to fight and prosecute cyber crime. One example is the FBI’s Cyber Crime Unit and the U.S. Department of Justice’s Computer Crime section.

There are many different motivations for these cyber attackers and criminals. Some many choose to attack just to practice or prove their skills to others. Some may be intent on stealing credit card information or other personal data. Some may be in it for extortion purposes. Still others could be foreign groups or governments trying to steal military secrets or wanting to cause damage to the U.S. economy, infrastructure, or the military. In some cases we may not even know or understand the motive behind attacks.

Nigeria, an African country often attributed to hosting criminals perpetrating computer crimes around the world, brought stakeholders together recently to discuss how to facilitate information security, reduce security breaches, and steps to contain cyber crime in Africa. At the conference, Dr. Martins Ikpehai, chief executive officer for a security firm, went so far as to say that the third world war might be fought on the computer using different attacks launched through the Internet.

There are a lot of examples of types of computer crimes that are committed, according to Terry D. Willis. Disgruntled employees taking action out of anger, revenge, or even what they may term as harmless mischievousness, is one example. What some may consider mischief can actually be a serious computer crime. A good example given by Mr. Willis is a case of a recently graduated young accounting graduate from a California university. She had been hired by an art gallery to accomplish basic bookkeeping duties. When she learned she would not be promoted to an accountant position, she deleted the customer database and sent a false email to all of the gallery’s clients announcing that the gallery was under investigation by the Internal Revenue Service. She also mentioned in the email that a major upcoming gallery event was cancelled. Due to her actions, the art gallery was unable to successful operate for weeks, and incurred losses exceeding $400,000. This young woman’s dreams of becoming a certified public accountant were cut short when she was arrested and convicted on felony charges.

There is no easy solution to these computer crimes. The prevalence of computers, the relatively low cost of computers and Internet access, along with the high amount of connected devices makes this an area that is ripe for crime and abuse. It would be a rare person reading this blog who has not either already been the victim of some level of computer crime or known somebody who has. Going forward, the end user needs to push more for increased security methods, whereas the corporations, utilities, and other organizations should work together to come up with mechanisms to increase security. It is to be determined whether or not the government can effectively help towards increased security as well. Too much government involvement could become governmental interference. Too little government involvement would make it appear that the government doesn’t care, while also leaving it more vulnerable.

Advertisements

ILD 831 WEEK 5 POST – RAY R.

Networked1

Networked workers bring a lot of opportunities as well as challenges to their organization. One of the biggest advantages is that they always have access to information. In any organization in which I’ve worked over the past 15+ years, I don’t remember a day going by where I didn’t need to access some information via the Internet. It has become a way of life within organizations. We have access to so much information that we didn’t have years ago. In an article about networking, Jarche mentioned that connected individuals can now do what only large organizations once could do. If I want to compare my current organization with other organizations in the same industry, I can do that with a few key clicks and a search engine. Many years ago this required a trip to the library. Even if I did want to visit the library, I can visit it virtually through a web browser. Weinberger mentioned that the economics of sharing have changed. He gave an example that the Library of Congress has tens of millions of items in storage because it is very difficult to display and preserve, let alone share these physical objects.

One big advantage this also brings is that workers can work during off-hours, as needed. I can give my employees the flexibility to leave early and finish working from home, as an example. I can even allow them to telecommute the entire day or multiple days. This gives the worker the flexibility to take care of other things such as doctor’s appointments or school functions while still being able to make up their hours during a different part of the day. The downside of this is that the expectation sometimes becomes that we WILL work during off hours. Sometimes we work our entire normal day and then feel that we need to work additional hours during what previously would have been completely off time. This can lead to greater productivity, but also burnout.  Another advantage is being able to work from multiple locations. I teach college classes both in the physical classroom as well as online. Especially for the online courses, I’m able to work from wherever I may be, as long as I have Internet access. I have graded papers and interacted with students from places as far away as Japan and Russia, without many problems. The disadvantage with this is that I sometimes feel that my trips are not as enjoyable, focused, or productive because I always have to check up on schoolwork during the evening. Years ago I would have not had the ability to be online and therefore would have just hired a substitute to take care of things while I was gone. So the increased productivity sometimes does take its toll.

One challenge with networked workers is that it is often hard for supervisors to know exactly what they are doing. This is especially the case for telecommuters. When I was an I.T. manager I used to think it would be extremely difficult to manage telecommuters because I really wouldn’t know for sure that they worked 40 hours in a particular week. I then asked a fellow manager who was responsible for some telecommuters in his department. He told me that he didn’t care if his telecommuters worked 40 hours. He managed by task or project instead. If he gave a telecommuter a project that should last three months, he expected that it would be done in three months. If the person had to work 50 hours per week in order to get it done, that is what should happen. If the person only had to work 30 hours per week to get the same project done, he didn’t mind, as long as it was done correctly. He went further to say that if a person could get the three-month project completed in two months, he didn’t mind if the telecommuter had a month off (excluding required meetings, status reports, etc.) That really opened up my mind to how work should be measured and how to manage telecommuters. Telecommuters are obviously not for everybody. Marissa Meyer, the CEO of Yahoo, decided a few years ago that telecommuters would not be allowed at her company. This was a controversial decision, as critics say morale will plummet, key people will quit, and efforts to enhance collaboration will backfire. But proponents for her decision point out that employees view work more positively when their bosses are physically present and tend to lie more when communicating virtually as opposed to face-to-face, just as a few examples.

One challenge I’ve seen in the military is with the security aspect of being connected. We are able to check email from outside of work as long as we have a physical reader attached to the computer so we can insert our smart-card and enter our credentials. Since most home computers don’t have a smart-card reader built-in, those of us who want or need this capability must purchase an external reader. That is only the first part of the challenge. There are a variety of smart-card readers and special software and drivers need to be installed, which have proven to be difficult to get to work in the past. Once it can be figured out, it works pretty well. But if a person travels, they must remember to bring their smart-card, their reader, and the computer they have the software and drivers installed. All of this has proven to be a hassle for military members, but the security it provides is definitely needed. Without this in place, the senior leaders would most likely not give people the opportunity and flexibility to do work from outside of the office due to the security risk. The risk of intercepting operational, logistical or personnel details via email is too great.

Another challenge is with portable devices. The White House has created specific guidelines for government agencies that choose to allow certain devices, to include mobile smart phones. In my most recent job in the military I was required to carry a Blackberry with me. That meant I not only had to carry my personal iPhone with me throughout the day, but also had to be tied to a second smartphone. Since then the Air Force base where I work has converted to using iPhones. For a long period of time, key personnel had to carry their work iPhone as well as their personal smartphone. It was funny to see a person sometimes carrying two iPhones at the same time. Since then I’ve noticed that some who are issued iPhones install personal apps on their work phones, so they don’t need to carry two devices. Even though it could be a hassle to carry two devices, it does give the senior leaders on the base the opportunity to more easily check their military email without having to carry around a card-reader and laptop. Many senior leaders work long hours and from several locations, and having this capability can greatly increase their productivity.

ILD 831 WEEK 4 POST – RAY R.

The Changing Nature of Work

Work

Weinberger discussed the concept of hyperlinked thinking, which I found very interesting. I was a very early computer and Internet adopter, but I hadn’t thought of work in exactly these terms before. I liked his discussion on how years ago, documents and writing were limited to squeezing things onto a piece of paper. Authors and publishers had limited space, so had to decide what the reader already knew and write accordingly. Hyperlinked writing does away with this need, as a single document can have multiple links that the reader can choose to bypass or click on. If I, as a reader, am not very familiar with the topic, I can click on every hyperlink in the document so I can get more of a broad exposure to the topic. If people are already very familiar with all of the ideas and terminology, they can just read the article itself without expanding any of the hyperlinked documents.  At the risk of using too many hyperlinks, I will make it a point in this blog to include a variety of links to web sites to show examples of some that people may choose to click on or not to click on.

I have noticed that the nature of work has also changed due to this hyperlinked thinking and the web. When I worked at United States Strategic Command, I frequently had to brief a General on issues and get permission to launch an asset (airplane or ship/boat) on a particular mission. I noticed that it was no longer good enough just to give the General some background information and my recommendations on what to do. He often would ask for a lot of very detailed information, as he knew that I had access to this through the Web. If I picture a person in my shoes 30-40 years ago, the General would have known the information was not available and would have to make a decision without it. But now, the General knows that we, as the U.S. military, have a breadth of information at our disposal. As an example, I can access up-to-date intelligence reports and comb through the website and information repository of the Combatant Command called U.S. Central Command (USCENTCOM), which is responsible for the Middle East area of responsibility. I can get all of the pertinent details that the General is looking for, and through email, instant messaging, or a phone call, I can actually talk to an expert halfway across the country or world.

Work has also changed because we are always connected. In the military and my most recent civilian jobs (including teaching), it cannot be as easily done without the web. In the military, our scheduling process is web based, our training is web based, as just a few examples. Prior to a deployment, we are overwhelmed with information. We access websites to tell us the weather forecast, notices from Air Traffic Control centers, reports that show runway and airfield conditions of bases and civilian airports around the world, as well as to decide upon our route of flight. Our systems are so interconnected with each other that if the Internet went down, we would have a tough time.

About 5 years ago, as I was getting qualified in a new aircraft, the final item I needed to accomplish was to take an online test. As I was deploying in about three days, I went to the testing office to take the test. Unfortunately the site was down. The test administrator looked at me and said there is nothing he could do. I explained that I was deploying and there was nobody else that could take my place and that I needed to take the test. I asked him if he had a copy of the test printed out that I could take and he could manually score it. He shrugged his shoulders and said he did not. Luckily I had a few days to spare. I came back the next day and the test was still not accessible. By the end of the day, the site was working again and I took the test. But the leadership lesson in this case is that the person in charge should have made sure that there was a backup method in place, especially since this was a critical deployment item. I think it is important for a leader to recognize when there is a single point of failure. In many situations today, I believe the Internet is a single point of failure. This makes me worry a bit when I think that cyber hackers can bring much of our work to a halt. I feel that leadership should consider having backup and manual processes in place if there are any mission critical activities that could be disrupted.

Husband’s concept of wirearchy brings to light that more and more work is being accomplished online. Collaboration is becoming increasingly important. Besides the typical strictly defined collaboration, there are also informal methods in place. I learned this back in 1995 when I became a part-time Air National Guardsman and had a full-time job as an I.T. manager. I was used to a strict hierarchically defined structure in the Air Force. I wouldn’t dare go directly to the Wing Commander with a problem, complaint or even a suggestion on how to improve efficiency. I would first bring it up to my supervisor, and if the supervisor thought it was worthy, it would start making its way up the chain. This ensured that only the best ideas make it up all the way to the top of the chain. Unfortunately this is also a system where good ideas can die. If anybody up the chain decided that it wasn’t a good idea, it would wilt on the vine at that moment, never to be seen again. In the I.T. company I worked for, I noticed that lines of communication were blurred. My employees had no problem going directly to my boss or to his boss with ideas and information. At first I found this very uncomfortable, but eventually got used to it. If my boss was an expert in something that I wasn’t as familiar with, perhaps it made sense to go to him directly instead of to me. Although I see the merits of this, I have to admit that I sometimes still struggle with that concept, as I feel that I should be in the loop as a supervisor. What I’ve tried to do since then is to make sure my employees know that I am very approachable and that they should keep me in the loop on those types of things as well, in case my boss has questions for me. That seems to solve the issue, while not stifling communication and ideas.

ILD 831 WEEK 3 POST – RAY R.

Knowledge Management
Knowledge Management

Knowledge Management

As I reflected on Weinberger’s concept that knowledge lives in the network rather than in books or people’s heads, it eventually made sense to me. There is so much knowledge in existence today that there is no way it can all live inside one person’s head. We are living in the era where we don’t need to memorize a bunch of data or facts. We can look them up, as needed. Of course that may make many in academic circles cringe. But I don’t mean that we don’t need to continue learning and even memorizing some material. As I reflect back at the knowledge that was available back in the 80’s, when I graduated from high school, for example, information was not readily available.  If I was curious about a movie that I had seen, reviews for a movie I was considering seeing, or an actor from that movie that I wanted to look up, there was not an easy way to do this. Now, with the advent of the Internet Movie Database (IMDB.com), I can have that information within seconds. Earlier this year when my mom was diagnosed with small-cell lymphoma, if it had happened many years ago I would either have to learn all I could from the doctors and nurses or spend many hours in a library researching exactly what this was and its prognosis. Nowadays within an hour I am able to easily read many articles on the topic and learn a great deal about this type of cancer, assuming I sift correctly through what is fact and what is not.

As Nancy Dixon (2009) discussed, knowledge management takes this a step further and is concerned with how to make use of collective knowledge within an organization. Translating that into my life, I see how organizations have progressed from having small amounts of information years ago, to having a lot of disparate information, to making use of this collective knowledge in some way. I don’t believe many (or any?) organizations have perfected this use of information yet, but we are making strides towards that.

In the Air Force we used to have many, loosely organized, “knowledge management” portals called Community of Practice websites (AFMC, 2006). Many organizations and even subsections of organizations had their own sites and were free to hang any information that the personnel saw fit. More and more organizations were using this method, so a lot of information was out there, but it was very difficult to remember where to go to get it. Over time this network grew to over 19,000 Communities of Practice. In 2010 all users received an internal memo saying that funding for these Community of Practice sites had been terminated and they would be shut down effective May 14th, 2011. Because of this, an alternative was needed. Microsoft Sharepoint quickly became the alternative because it was already bought and paid for by the military. At Offutt AFB the leadership systematically organized the Sharepoint sites so they followed a logical hierarchy and structure, whereas the former Communities of Practice were haphazard and did not follow much of a structure. If people can find and access the Offutt Sharepoint site, for example, they can navigate down to any subordinate organization’s Sharepoint site.

Unfortunately the use of the Community of Practice sites and the Sharepoint sites have not necessarily solved the organization of information in a logical way. Many of the sites have turned into repositories of outdated and irrelevant information. Often the original administrators of the site have left the organization and nobody took over the duties. In other cases, there is too much information on the site and the administrator was not or is not skilled in any kind of website design to make the information flow very intuitive. Additionally, it is hard to know where exactly to go for certain information, which often renders the sites useless. We still have a long way to effectively use knowledge management in many organizations, including the military.

Ray R.