An intermittent record, if that is what it could be called, of my journey of learning, as I come to grips with the implications of e-Trust.
Tuesday, June 24, 2014
Respect Network is Launched
Monday, June 16, 2014
Challenged to write 750 words on the future of Cyber Security 20 years from now!
The Worm Turns
The prior generation of internet service providers, had used the business model of profiting by personal data acquisition based on the provision of free internet services. The e-trust ecosystem swept away this Service Provider centric approach, that had only really enabled innovation of technologies that made the ISP's more wealthy, though not their users. The new ecosystem enabled an entity centric approach that accelerated and distributed wealth creation, which in turn caused the world economy to burgeon. The expanded wealth creation caused by a surge in innovation was supported by the e-trust eco-system, which had enabled collaboration and co-creation at previously unseen levels. The new economy is referred to as the intention economy, as it is driven by the desires and intentions of individuals and corporations alike.
Digital Agents Reduce Malfeasance
An entities Digital Agent will report it to the COW, if the entity chose to initiate illegal actions that would be sufficiently detrimental to humanity. If however the action would only be of detriment to another entity, their Digital Agent would negotiate the “right fee" with the other entity and pay it. Such transaction fees are very low due to the fact that the e-trust ecosystem enables very high numbers of transactions, and that malfeasance has an extremely low success rate. The offence of SDA Subborning Digital Agents is seen as abhorrent in all societies, equivalent to rape. There is zero-tolerance for such behaviour, and all Digital Agents operate with COW to detect and cleanse Subborned Digital Agents.
Road Safety Improved, Energy Consumption curbed
Smart Cars are happy to drive at their maximum speed, however their drivers are fully aware that while this is totally safe due to the quality and presence of sensors and agents, on the roads and in the cars. it is very expensive as the smart car will report their speed and energy consumption to the road tax sub component of the e-trust ecosystem, and also arrange for real time transfer of funds. A journey taken at 40 Km/h costing £1 would cost £600 if made at 100 Km/h, and £10 if made at the inefficient speed of 25 Km/h. What in the past would have been a traffic jam automatically travels at 40 Km/h.
100th Luddite Tribe found in Norway
Friday, June 13, 2014
OODA not PDCA in an Outside-In World
OODA comprises of 4 decision states;
Observation - Gather Facts
Orientation - Analyse Facts
Decision - Decide on a course of Action
Action - Act!
The most important feature of this decision cycle is the fact that it is designed to operate quickly, the faster one can go around the decision cycle, the more effective the likely outcome. Boyd designed his decision cycle to facilitate defeating an enemy and surviving! His goal was not to achieve a perfect decision.
The traditional business decision cycle PDCA, promoted by the International Standards Organisation and specifically referred to in the ISO 27000 series, and which encourages quality of the outcome. Completion of a PDCA cycles is normally achieved in weeks if not months.
Effective completion of OODA loops decision cycles are achieved in hours, if not minutes.
In the Outside-In world speed is king, and getting inside the decision cycles of your competition is an added real bonus, for in their cycle you can create confusion and doubt.
Is your organisational agility up to this challenge?
What will it take to get an organisation to shift to decision cycles that are completed many times a day?
What processes and communication systems will need to change.
Which types of organisational structures are up to this challenge?
Command & Control or Command & Empower, which will operate best in the Outside-In world, in which contexts?
Does the phase of the battle make a difference? Boyd thought it did, how will this effect your use of the decision cycle in an Outside-In world?
Thursday, June 12, 2014
The important measure!
Imagine that a Formula 1 team that published data on how many crashes they had during the season, with very detailed root cause analysis of each and every one of the crashes; totally ignoring the teams race results, e.g. how many times they won a race, or the position they achieved in a race.
Omitting any data on the impact of the crashes on the car in question.
Their analysis might also detail the effectiveness of the different controls that could have mitigated the different types of crashes.
Such a Formula One team might valuably ask the questions:
How might we link the value of crash avoidance to our final podium position?
How might we link the impact of controls on our final podium position?
For every member of a Formula One team knows the important measure is Podium Position, achieved by consistently attaining the fastest lap times.
In the Infosec world, our maturity in this space is still quite limited. Incident reports are by their very nature very Anti-Clockwise. How can we connect the analysis of this data to the positive outcomes desired by our business or better our customers? For after all the important measurements should always start with the customer's needs and desires.
Imagine that in a bank a positive correlation is made between the implementation of a control and the reduction in customer longevity.
A security control that is helping to retain customers.... Hoozah!
Developing a Clockwise Security mind-set starts with fully understanding the key business measures of success.
What is that measure in your industry?
Perhaps more importantly how do you customers measure success?
Friday, June 06, 2014
Why are we all doing Anti-Clockwise security?
Sunday, June 01, 2014
On Learning and Cyber Agency
1) Unconscious Unconsciousness
Key learning step: Awareness
2) Conscious Unconsciousness
Key learning step: Education
3) Conscious Consciousness
Key learning step: Practise or Automation
4) Unconsciousness Consciousness
or in plain English
1) Not knowing you don't know
2) Knowing you don't know
3) Knowing you Know
4) Not Knowing you Know
These four states can be applied to our ability to attain Cyber Agency, in this context I define Cyber Agency to be the degree of control that an entity has over all the elements of Cyber Space that they interact with, be they; Data, Things or Services.
Current State: We do not know that we are not in control of our Cyber Space
(ie We do not know that we do not have Cyber Agency)
In the world of Cyber Agency the vast majority of the planet's inhabitants are in the first state, and apparently either have little interest in accepting that there is anything in this area that they need to know, or, sadly for some, have no access to cyber space, thus have nothing to be concerned about; for one cannot have control over something one cannot access!
The first step to the next state is likely to be the hardest, for the incumbent service providers are doing all in their power to keep as satisfied with the status quo. They want to suppress Awareness of the importance and value of our being in control.
Here perhaps, the Privacy Advocates are doing us all a dis-service by distracting us from the real issue.
Author shivers and SCREAMS to himself: "IT'S NOT ALL ABOUT PRIVACY!" But sadly the politicians, (at least in Europe) are enamoured with the idea of giving us all the "Right to be Forgotten!"
(I wonder who this right is really aimed at!) Apologies to Ms Neelie Kroes, but I did try and tell you!
(ie We are working hard to achieve Cyber Agency)
This state is probably the most transient and sadly once the average individual understands how much effort it is going to take to achieve and maintain control with current tools and services, they well revert rapidly back to state 2... "Cyber Agency is hard! Who needs it!"
"How to get individuals to the next state?" without them freaking out, will be the most important question to answer. There is likely to be tool and service requirements here...
- Better information; How in control am I?
- Better and easier to use controls; How easy is it to "be in control"?
Target State: Being "in control" of our Cyber Space, with little or no conscious effort.
With the appropriate training and capabilities we can all gain Cyber Agency.
Automation is likely to be key.
e-Trust will be foundational
Cyber Agents that act on our behalf to help us maintain control of our personal Cyber Agency will be common place.
Who will provide them, and how will we be able to trust them?
- You will not know what data you have
- You will not know the import or value of your data
- You will not know the value or capability of your things
- You will not now the limitations of your things
- You will not know when others are controlling your things
- You will not know when others are using your data
- Others will be making money out of your data
- You are likely to lose access to data that is important to you
- You are likely to keep too much rubbish data
- You will know what data you have
- You will know the import and value of your data
- You will know the value and capability of your things
- You will now the limitations of your things
- You will be able to control who controls or uses your things
- You will be able to control who uses your data
- You will be making money out of your data
- You will have access to data that is important to you
- You will have curated your data, keeping only that with value.