The views expressed here reflect the views of
the authors alone, and do not necessarily reflect the views of any
of their organizations. In particular, the views expressed here do
not necessarily reflect those of Big Medicine, nor any member of
Team EMS Inc.
Unaccustomed as I’ve become to blogging, I
thought this was important enough to do a post…
Watching the coverage of the Maersk Alabama piracy incident, it seemed to
me that conventional responses are ineffective because of the extreme
asymmetrical aspect of the situation
and because conventional treaty-based mutual defense approaches aren’t
relevant on the high seas.
these situations are fluid and fast-moving, so any response has to
have the same fluidity.
real-time, location-based information is critical.
the response needs to be collaborative — reflecting “social
data analysis,” in which a
large number of individuals, each of whom make have some of the relevant
information, can use Web 2.0 tools such as threaded discussions, wikis,
etc. to analyze the situation.The likely result of such a collaborative
analysis (and one, incidentally, in which the cast of characters will
likely be different in every situation depending on who happens to be in
the vicinity and/or has relevant information) is likely to be a more
nuanced, comprehensive and accurate one than if only one analyst or a
small group was involved.
the exact mix of data will vary in each case: in some situations
there may be live, streaming video available to document the situation;
in some, still photos relayed by camera phone, and who knows what other
information may or may not be available depending on variables such as
location, weather and/or Internet access. As long as the relevant
information is relayed in an IP- and packet-based fashion, it an be
shared by an ad hoc network of those who happen to be in the
region at the time.
Given the pirates’ asymmetrical strengths of speed and surprise, ad
hoc communications and decision making through networked homeland
security may be our best countervailing power…
In fact, some of you
may remember the days when I’d try to write 3-4 thoughtful posts a day. I
like to think the result was pretty informative. But that was then, and this
is now. Two things have happened in the six months that mean the blog is
pretty much mothballed for the foreseeable future:
I fell hook-line-and-sinker for Twitter, which
I once poo-pooed as an exercise in narcissistic navel-gazing. By
contrast, I’ve found that not only is it an effective means of
communicating, sometimes on pretty sophisticated topics, but also that
it’s great for the kind of ad hoc emergency communication that
I specialized in. Therefore, if you want to track what I’m doing, your
best bet is to
my Twitter feed.
More important, I’m facing a really tight
deadline, the end of March, to complete a book manuscript,
“Democratizing Data — to transform government, workplaces, and our
lives,” about what I believe is a revolutionary approach perfectly
suited to the combination of circumstances we face today: total loss of
faith in government and business, the need for fewer remaining workers
to do more with less, and to come up with creative solutions to
increasingly complex problems. I believe the democratizing data is the
making our organizations data-centric:
by that I mean instead of laboriously retrieving data from
organizational data bases, adding informative metadata to it with
XML or KML tags, and distributing it automatically through
designing software (open-source is
particularly well suited to this approach) so that all users will be
able to automatically share the data, rather than the past practice,
in which data pasted into applications was then trapped in those
designing a seamless cycling in which
workers (with varying levels of permissions based on their roles),
regulators, and even the public, will have access to this data, on a
real-time basis. Experience from leaders in the field have shown
this can be done while respecting strict privacy and security
The results will include:
giving workers the real-time, often
location-based information they need to do their jobs more
effectively, and to collaborate with those in other offices and
programs who need to share the same data. In many cases, this
will be the first time they have had access to this data
rebuilding public confidence in
government and business through a “don’t trust us, track us”
approach to transparency that provides facts and lets the
public, media and watchdog groups judge for themselves whether
officials are truthful.
even leveraging the “crowdsourcing”
phenomenon to actively involve the public as co-creators of
valuable new services, as was done by the District of Columbia’s
I’m getting great initial reaction to the
approach (probably due in great part to the fact that I was
originally going to co-author the book with Vivek Kundra, the
charismatic DC CTO who is now likely to become the Obama
Administration’s e-government director, in which case it’s likely
he’d have to withdraw from the project. Whether or not Vivek is an
active participant, the book reflects much of his thinking). The
video above (there are 3 other sections, which you can also find on
You Tube — it was a hand-held version shot by an attendee at a
recent O’Reilly IgniteBoston event) will give you a good
introduction to what I’m talking about, as will numerous
So that’s why I haven’t been blogging and
am unlikely to resume doing so in the near future (although look for
a new wiki I’ll be launching in the next week or so to test sections
of the book and solicit crowd-sourcing ideas for it! See you around
is yet another app in the
ever-expanding ecosystem spawned by Twitter
(and to think that critics such as I used to pooh-pooh 140-character
messages as of little importance… mea culpa, mea maxima culpa),
and it makes it possible for authorities in crises such as the
Mumbai attacks to monitor social media including Twitter, FriendFeed,
Flickr, blog comments (from BackType), Yahoo News, blogs, and Google
As I’ve said countless times before (and this
situation underscored), in natural disasters and terrorist attacks, people
can and will use the Web 2.0 apps. and sophisticated mobile devices that
they use every day, so it’s incumbent on authorities to:
instruct us on how to use these devices (especially camera and
videophones) to provide invaluable situational awareness to them (LET
IF YOUR LOCAL AUTHORITIES HAVE GIVEN YOU ANY GUIDANCE ON THIS ISSUE.
DON’T WORRY ABOUT ME: I’M NOT HOLDING MY BREATH WAITING FOR EXAMPLES…)
monitor the social media for said
(thanks Ben!) has taken care of the mechanics of #2 by creating Spy. So
what’s your excuse, government agencies, for not taking action on this vital
Apologies in advance for “shouting.” It’s
just because OUR LIVES MAY DEPEND ON WHAT I’M ABOUT TO SAY.
Also apologies in advance for the snippy tone of some of
this: I’m just fed up with official stupidity and myopia
about the issues that I’ve devoted my life to for the past
seven years — stupidity and myopia that puts all of us at
increased risk and denies them the eyes and ears of
concerned and empowered individuals.
OK, folks, I know that I haven’t been seen in these parts
much in recent months: between my work on
transparency and my near-total switch to
on Twitter, you’ve seen little from me on homeland
security and emergency planning.
In part, frankly, it’s due to the near total distain
within the Bush DHS (with a few noteworthy exceptions: you
guys know who you are, and I’m eternally grateful for your
support..) for empowering the general public to play a
critical role via Web 2.0 apps and, more important, the Web
2.0 ethos of collaboration (if you’re interested,
theoretical summa on the issue). All you have
to do is look at
which has certainly improved over the years but remains
clueless about Web 2.0 (oh yeah, DHS may not get it about
Web 2.0, but the bad guys do:
the Army fears that al Qaeda may use our beloved Twitter to
communicate about attacks).
For all our sakes, let’s hope the Obama Administration
gets with the program: its general technological
sophistication certainly gives one hope that will be the
“…a former senior Yemeni al-Qaeda operative said, the
terrorist organisation has entered a ‘positive phase’,
reinforcing specific training camps around the world
that will lead the next ‘wave of action’ against the
The warning, on the front page of an Arabic newspaper
published in London, Al-Quds Al-Arabi - and
reported widely in the major Italian papers - quotes a
person described as being ‘very close to al-Qaeda’ in
The paper is edited by Abdel al-Bari Atwan, who is
said to have been the last journalist to interview bin
Laden, in 1996.
Bin Laden is himself closely following preparations
for an attack against the US and aims to ‘change
the face of world politics and economics’, (my
emphasis) the report says.”
Put aside for a minute the utter insanity and
tone-deafness bin Laden is showing by contemplating a huge
attack in wake of election of The Most Popular Person in the
Entire World (I’d imagine it would take President Obama
about 10 minutes to put together a Coalition of the Eager
that would roughly contain the entire UN membership to
obliterate bin Laden once and for all!!!).
If he does launch such an attack, this would
be the ultimate test of what I’ve been preaching since 9/11:
that the advent of increasingly sophisticated networked
portable personal communication devices and Web 2.0 apps to
capitalize on them mean that you and I will play a major
role in preparation and response for an attack, WHETHER OR
NOT OFFICIALS WANT US TO (and, as I’ve chronicled since
then, that’s just what has happened during Katrina, the San
Diego wildfires, and this year’s hurricanes).
Here’s what you need to do (what I need to do is a quick
update on new apps and devices that give even more options
for ad hoc emergency communications, so mail to tag:
e-mail me your suggestions on additions, and check back
read the expanded version of the tips I’ve created
under my “21st-century
disaster tips you WON’T hear from officials” (sadly,
that title is still valid: please prove me wrong,
officials…).In the case of things such as downloading
the CUWiN software that would allow you to create an
ad hoc community mesh network if The Internet Tubes
are down, or programming “ICE” numbers on your cell,
do it now.
since no one else seems to remember how the civilian
population was deputized to be on the lookout for spies
durng WW II, check the phenomenal website of
Awareness and Protection site which will not only
tell you what kind of info officials could use about an
impending terror attack, but reminds you of Bill of
Rights and their protection of free speech, something
which may come back into vogue on Jan. 20…)
let your local police and fire departments know
about apps such as Twitter, Qik and Flickr that you and
your friends will use in a disaster and which could
provide them with invaluable situational awareness — if
only they know to look for it (snarky aside: I contacted
International Association of Chiefs of Police,
suggesting they have me speak on this issue at their
conference this month, especially since it’s being held
in San Diego,
mobile social networks really came to the fore during
the wildfires. Why am I not surprised that they
never returned the call? But I digress).
One final request: three years
ago I created a highly-praised series of data bases for
smartphones and PDAs, which allowed you to find detailed
info. about what to do after a disaster in only 3 clicks.
That way, if you lost all communications ability, as long as
one person in a group had the application on their
smartphone or PDA, s/he would be able to help others
respond, and thereby lessen the burden on first responders.
In all modesty, it was a fantastic service, and I always
hope that some agency or foundation would pay me to expand
and maintain it and to make it available for free to
everyone (that would certainly be an indication that
government got it about Web 2.0, eh?). However, no one did,
and the modest sales of the subscription version didn’t
warrant me maintaining it on your own.
If I had a contract in the next week, I could bring it up
to date within a month, and, I hope, also port it to iPhones.
Given how pervasive smartphones and iPhones are today, an
updated, free to download “Terrorism Survival Planner” could
and should be a critical part of a comprehensive terrorism
and disaster preparation and response program.
Please contact anyone you know who could pony
the modest amount of money it would take to make it worth my
while (despite what my wife thinks, I’m not a 501c3…) and
I’ll spring into action.
By way of introduction, these are
“laws” in the scientific, not legal, sense, meaning
“generalizations that describe recurring facts or events in
nature.” Yes, they are definitely true, and shouldn’t be
by anyone, because I said so, and if you don’t play by my
rules, I’ll take my marbles and go home…
#1: find a solution to your problem by thinking of
someone who shares the same problem, but to the nth
degree, because their pain has probably motivated them
to find an answer.
#2: the creators of a truly innovative technology can’t
imagine in advance all the ways users will find to apply
it to meet their own particular needs, so stand aside
and let things evolve.
#3: in a crisis, turn communications over to the 15-25
year olds — they know how to route around obstacles
(including adults!), and are most familiar with
exploiting the full capabilities of emerging
#4: build a robust emergency communications system from
technologies and applications used by many people daily
(with particular emphasis on interoperability and
collaboration, because they’re instantly available in a
crisis, evolve constantly, and foster networked homeland
Stephenson’s Law #1: find a
solution to your problem by thinking of someone who shares
the same problem, but to the nth degree, because their pain
has probably motivated them to find an answer. (I
discovered this one back in my enviromental consulting days:
the US nuclear sub fleets were the first to eliminate paper
manuals and go all-digital, back in the late ’80s, since
every piece of paper was a burden in their cramped
“the District of Columbia’s DC
since the DC region, with its combination of federal
offices, two states and the District, plus multiple
local jurisdictions, is most likely to need a seamless,
universal alert system.
Las Vegas is a security pioneer
: “The lure of quick scores has made Sin City the most
vigilant and diligent user of advanced surveillance,
identification, background-checking and security
technologies. If domestic security were prosecuted as
aggressively as casino security, the terrorists that
took down the World Trade Center towers might well have
Stephenson’s Law #2: the creators of a truly
innovative technology can’t imagine in advance all the ways
users will find to apply it to meet their own particular
New Orleans’ citywide free Wi-Fi
this relates back to Law #1: given the severity of the
city’s problems, you can bet that Crescent City
residents will find tons of innovative uses for a free
Stephenson’s Law #3: in a
crisis, turn communications over to the 15-25 year olds —
they know how to route around obstacles, including adults,
and are most familiar with exploiting the full capabilities
of emerging communication technologies.
Stephenson’s Law #4: build
a robust emergency communications system from technologies
and applications used by many people daily (with particular
emphasis on interoperability and collaboration), because
they’re instantly available in a crisis, evolve constantly,
and foster networked homeland security responses.
Government emergency communications systems always seem
behind the times, rely on obsolete technologies, etc., and
are mysteries to the public — who would be forced to learn a
new system during a stressful period when familiarity,
simplicity and ease of use should be emphasized. By
contrast, commercial technologies and related applications
the public uses daily, from camera phones to OnStar to
Google Maps, are familiar because of this daily use,
constantly upgraded, and, because they are increasingly
packet- and IP-based, don’t require a central authority to
operate, and offer the possibility of self-organizing,
self-healing peer-to-peer networks that are more likely to
still operate during a catastrophe. Why not make them the
heart of emergency communications?
reports that the FCC may approve, as early as
today, the technical standards for a nationwide system that
would send text messages to cellphones and other wireless
devices whenever there’s an emergency. The system could be
operational by 2010, and could be used for terrorism,
weather, or child abduction alerts.
That’s great: finally a
recognition that in 2008 most people are likely to be
reached first by a wireless device, and that texting is the
best way to send alerts, conserving bandwidth and increasing
the chance the message will actually reach the intended
According to the story, AT&T, Verizon, Sprint Nextel and
T-Mobile, had said they will “almost certainly participate.”
Initially, the messages would be limited to 90 characters
(BTW, since I’ve come to rely more on
90 characters seems ample, and forces you to come right to
the point!) and would be only in English.
By contrast, SquareLoop automatically
broadcasts to cell phones that happen to be in the affected
area right now, and only to those people,
minimizing panic and allowing much more targeted messages:
for example, those downwind from a chemical spill could get
evacuation notices, while those in the other direction could
get a different message to shelter-in-place.
According to the article:
“Under the planned system, a county, state or federal
first responder would send an alert to a
still-to-be-determined federal agency that would serve
as a clearinghouse. That agency then would relay the
alert to participating wireless carriers.
“The messages would be broadcast on a single pathway
to many users in the affected region, like a radio
signal, avoiding the congestion that now afflicts such
warnings. Few cellphones today can receive such
messages, but most will be able to in three to five
years, says Verizon Chief Technology Officer Tony Melone.
Consumers with compliant phones would receive alerts
unless they opt out.”
Let’s get that system up and operating ASAP.
It’s about time that we relegate the broadcast alert system
to a subsidiary role in recognition of the dramatic shifts
in technology and lifestyles.
As the title (”Data visualization: the under-appreciated
Web 2.0 tool”) suggests with all the subtlety of a sledge
hammer, I believe data visualization is both a tremendously
important tool and tremendously under-appreciated. It
deserves more consideration, alongside wikis, blogs, tags
etc. as ways for corporations and government agencies alike
to encourage collaboration, improve policy discusssions, and
As enthusiastic as I am about directly involving the
public in “transparent government” initiatives to harness
the “wisdom of crowds” in policy debate and analysis, it
made sense to me that the first place to try these
techniques would be behind the firewall, both because it
would help eliminate possible problems with the initiatives
before actively involving the public and because government
employees also need tools and methods that will allow them
to identify program overlaps or — more optimistically —
synergies and to involve and empower all workers.
In the op-ed, I identified a range of benefits that it
seemed to me warranted use of data visualizations within
corporations and government agencies:
Take reams of data you collect but are only
analyzed historically …… Instead, portray them
dynamically, in real time, where they can help make
Facilitate gathering perspectives from others,
especially in free-flowing exchanges that can evoke
the “wisdom of crowds” phenomenon, in which the
final product of everyone’s contributions is more
insightful than the sum of its parts.
Empower younger employees, and/or those with a
special passion about or insights into more obscure
issues, who might be reluctant in more hierarchical,
linear processes to share their perspectives.
Rapidly identify “outlier” data, which may
identify flaws in marketing or product design that
don’t reach these potential audiences.
Relate a wide range of data, such as time,
location and sales volume, that formerly were
treated in isolation from each other but would be
more informative if considered simultaneously.
Consider the relative benefits and drawbacks of
alternative strategies by making it easy to compare
and contrast them.
Understand, through geo-spatial representations,
possible public opposition to siting of new
facilities because of proximity to neighborhoods,
I concluded that those trying to implement internal data
visualization project would encounter the same objections
that are often raised about other Web 2.0 initiatives:
general resistance to new tools from older employees
concerns that data may get distorted by non-experts
However, there’s an aura of inevitability to the change:
after all, younger workers are probably already fooling
around with data visualization on their own, and will do so
with or without official blessing.
I suggested that, rather than trying to impose full-scale
implementation of data visualization company- or
agency-wide, a better strategy would be to allow a small
group of early-adopters already champing at the bit to try
some pilot programs. The success of those pilots, and the
enthusiasm of the participants will probably lead to
pressure from others to become involved, speeding the
wholesale adoption of these great new tools.
As the bumper sticker advises: visualize swirled
Yikes! I’ve been Twittering and sending e-mails about
new Palimpsest service (which hasn’t been formally
announced, but which
Wired wrote about recently, citing sources
within Google), but just realized I hadn’t blogged about it!
Mea culpa, mea maxima culpa — ’cause this is big!
IMHO, this could be the
critical link in achieving the dream I discussed in my
Government” speech (and accompanying
Week op-ed), of actively involving the general
public in public policy discussions, program evaluation,
etc. through a combination of:
data visualization techniques that make vast reams
of data comprehensible
governmental agencies’ willingness to release large
amounts of data (preferably on a real-time
basis) and to encourage the public to use the
visualization tools to examine and interpret the data.
Palimpsest, as Wired previews it, doesn’t
include that “transparent government” component, but it sure
looks as if it has a parallel vision, and, most important,
all the tools and proper attitude:
“.. [Palimsest] will soon provide a home for
terabytes of open-source scientific datasets. The
storage will be free to scientists and access to the
data will be free for all. … Building on the company’s
acquisition of the data visualization technology,
Trendalyzer, from the oft-lauded,
Gapminder team, Google will also be offering
algorithms for the examination and probing of the
information. The new site will have YouTube-style
annotating and commenting features.
“The storage would fill a major need for scientists
who want to openly share their data, and would allow
citizen scientists access to an unprecedented amount of
data to explore.”
Perhaps the most important aspect of Palimpsest in terms
of my vision is the role of the Trendalyzer tools.
“‘… we are excited to announce that we have acquired
Gapminder’s Trendalyzer software, and we welcome the
Trendalyzer team to Google. Trendalyzer generates moving
graphics and other novel effects in the display of
facts, figures, and statistics in presentations. In
its nimble hands, Trendalyzer views development
data—such as regional income distribution or trends in
world of opportunity. Like Google, Gapminder strives
to make information more useful, and Trendalyzer will
improve any function or application in which data might
be better visualized.
“‘Gathering data and creating useful statistics
is an arduous job that often goes unrecognized. We hope
to provide the resources necessary to bring such work to
its deserved wider audience by improving and expanding
Trendalyzer and making it freely available to any and
all users capable of thinking outside the X and Y axes.’”
There are already a number of excellent data
visualization sites that have cropped up over the past year
or so. In addition to my personal favorite,
IBM’s Many Eyes (I like its ease of use, community
building features, and wide variety of visualization
options), there are:
All of them are helpful, and have a variety of great
features — check ‘em out, and take ‘em for a spin!
Having said that, there’s nothing like the mindshare a
Google offering creates to dramatically increase interest in
a field (just think how map-based mashups took off after
Google released its Maps API in June, 2005: from zero to a
skazillion in little over two years!). In addition to the
huge impact of Google Map mashups, and acquiring Trendalyzer,
Google already has a public foot in the data visualization
water with the December release of their
(although, unless I’m missing something, there don’t seem to
have been too many charts generated so far using it. Just
Bottom line: it seems to me Google
already has the key components as well as the mindset needed
to make “public data” a popular Web 2.0 activity that will
benefit the public, corporations, and government agencies,
especially in some of the emerging areas such as homeland
security and pandemic management that concern me.
It’s just a question of putting the pieces together and
using its clout to enroll government agencies. Neat!
NB: A palimpsest is a
manuscript page, whether from
book that has been written on, scraped off, and used
again. The word "palimpsest" comes through
Greek παλιν + ψαω = ("again" + "I scrape"), and meant
Romans wrote on
wax-coated tablets that could be reused, and a passing
use of the rather bookish term "palimpsest" by
Cicero seems to refer to this practice. [from Wikipedia]
own experience while trapped
in what eventually evolved into a 36-hour impasse on I-78 on
Valentines Day — when conventional communications were so
wretched that Gov. Rendell didn’t learn about the mess (and
then, only indirectly) until 9 hrs. after it began — at
which point he went ballistic.
Among the tips that are particularly appropriate to this
Quick like a bunny, go to
download their free mesh networking software and burn it
to a CD. In a disaster, boot from the disk, and you can
organize a neighborhood wireless network to share
The same approach could work for an involuntary,
virtual, linear “neighborhood,” such as the ones created
when thousands of truckers and motorists are stuck in
miles-long jams during blizzards.
Cameraphones let individuals provide valuable
“situational awareness” to authorities — this works much
more effectively in the handful of communities that now
have formal processes to handle citizen pictures and
videos submitted along with 911 calls (to my knowledge,
NYC still hasn’t implemented its promised system of this
The point of the article is a really good one. User
self service and collective intelligence shouldn’t just
be limited to consumer applications! This stuff has real
utility for government disaster response. Unfortunately,
governments tend to be late adopters of new
BTW, while the details haven’t been worked out, so I’m
not at liberty to say any more at this time, I’m pleased to
let you know that I’ll be creating a nationwide program this
year on smart use of emergency communication devices in
"Transparent government," which combines Web 2.0
applications such as Google mashups with government data --
preferably released by agencies on a real time basis --
transforms citizens from mere recipients of government
services into effective partners in their creation,
improvement and evaluation. While some citizens have
launched these programs on their own (without official
blessing), agency participation will result in new insights,
improved operations, and greater public support for
Reston, VA -- E-gov strategist W. David Stephenson said
Thursday "Web 2.0 applications plus government data released
on a real-time basis transforms citizens from mere
recipients of government services into effective partners in
their creation, improvement, and evaluation."
Stephenson said that individuals have seized the initiative
with transparent government (also called Google Government
or data liberation) by taking data that otherwise might
remain "meaningless numbers locked in obscure databases
within remote agencies" and making the statistics
informative and interesting by interpreting them and/or
creating visualizations using Web 2.0 tools such as Google
mashups. He cited examples including:
Chicago Crime, which displays crime data from the
Chicago Police on Google maps to identify crime hotspots
and identify crime trends
Neighborhood Knowledge Los Angeles, which overlays
city data about 7 indicators of urban decay, such as
code violations and unpaid property taxes on maps to
identify declining areas in time for city agencies to
illegalsigns.ca, which illustrates how someone with
a passion for a single issue (in this case, illegal
billboards in Toronto) can combine data, photos and
Google maps to call attention to the problem and assist
government agencies with enforcement.
Stephenson said government agencies can increase
transparent government's benefits by releasing data on a
real-time basis. He cited the District of Columbia's
Citywide Data Warehouse, which uses RSS, XML, and Atom
feeds to release data from 150 sources, ranging from crimes
to pothole reports. Interpretations by public activists so
far include a "mashup" showing where potholes have been
reported (and whether they've been repaired: an example of "sousveillance,"
in which people hold government accountable by visibility),
and a variety of features on the "Ballpark and Beyond" site
covering Southeast Washington. The DC government also has
benefited internally from the program, improving operating
efficiency and data sharing between agencies.
Stephenson detailed steps agencies need to take to make
transparent government a reality, including four that
agencies haven't taken so far:
creating an attractive web site where people could
post and share projects (sharing encourages others to
add their own and to critique and improve others)
creating an easy-to-use tutorial that would guide
the public through the "transparent government" process
publicizing the program to encourage participation
creating a built-in review process to encourage
agencies to review the citizen-participation projects
and insights they may provide.
Stephenson concluded that while "transparent government"
may worry agencies because of the potential loss of control,
citizen initiatives such as Chicago Crime show the trend
will continue anyway, and that the more agencies become
active participants, the more likely they will be to benefit
from citizens' insights and to avoid errors caused by faulty
or misunderstood data.
More than 5 years
suggested that the single most important win-win step the US
could take to simultaneously improve security
was to lead a global initiative to
(because it would not only improve information exchange
between terrorism and other criminal justice data bases, but
also foster global economic development), it looks as if
we’re getting somewhere.
Some go-getters in the criminal justice
field had already begun to switch to the
federally-approved Global Justice
XML Data Model (GJXDM) schema in the near past. Then DOJ and
DHS put the brakes on, saying they were creating a more
comprehensive schema, NIEM.
Ordinarily, I might be on their
backs, because XML is such a valuable tool for sharing data
bases that I’m in favor of quick deployment. However, the
original intent for XML was to keep the number of
industry-specific schema to a bare minimum, so that basic
XML would be as univeral lingua franca as possible.
As a result, having a broader standard that would cover a
wider range of fields, including criminal justice and
homeland security affiars such as disaster management,
emergency response and screening people and cargo, was,
IMHO, worth the wait.
The feds recently released the second production model
(sounds more like a 2008-model car) of
On first blush, the
NIEM website looks like a good tool for bringing possible
NIEM users up to speed, with features such as:
used to categorize content include my favorite, the Common
Alerting Protocol, used for emergency messages. As with
other XML schemas, the tags use to classify content have
common-sense names, such as “hair color,” or “US county
code,” which makes it easier to code data without special
According to Paul Wormeli,
executive director of the Integrated Justice Information
System Institute, which released the standard,
projects already using NIEM include:
The FBI’s new
National Data Exchange program, a national repository of
criminal incident information.
The Sentinel project, an automated case management
system for federal law enforcement agencies.
Justice’s Regional Data Exchange.
States already embracing it include New York, Texas, and
Florida, which has established the Florida Law Enforcemt
Exchange (FLEX) project to map data
and establish new regional information sharing systems.
NIEM will play an integral role in FLEX
“‘The state quickly realized that we needed a way to
share data statewide, given that we had over 400
agencies to accommodate once you include police and
sheriffs’ departments,’ said Mike Phillips, FLEX project
“’NIEM will give us a common translator for basic
queries on suspicious persons, vehicles or local
warrants,’ Phillips said. ‘Ultimately, NIEM will help
provide us with seamless workflow since there will be
one point of entry instead of redundant rekeying.’”
Please read the full article for details on NIEM and how
it will work. Meanwhile, let’s start putting it to work!
The Andrew Speaker TB case is a
graphic reminder that, no matter what kinds of policies we institute
to screen people at the borders, it still comes down to human
factors. Just as many of the security guards interviewed by AP for
the story on chinks in the DHS armor weren’t adequately trained
and/or didn’t recognize a threat when they saw it, the border
crossing guard at Lake Champlain who let Andrew Speaker cross
“because he didn’t look sick” — even though he was clearly listed on
the quarantined list — managed to obviate all those policies due to
his own ignorance, lack of training, poor judgment — you name it.
And while we’re on human factors, if some stupid guy decides that
he’s not bound by an explicit order and takes all sorts of devious
steps in order to return to the US, just think what can happen when
a cunning terrorist puts his/her mind to circumventing our policies?
It’s not unlike corporate computer security, where techs are told to
ignore the “CEO” who calls in on a Sunday morning, ranting about how
he has lost his password and has to get into the system because of a
critical meeting Monday morning. He might be the CEO, or he might be
a devious hacker: it’s better to err on the side of enforcing the
laws strictly than to have the whole system collapse because of
If there’s anything good to come from this situation, it’s the dumb
luck that at least Mr. Speaker (who, irony of irony, is married to
the daughter of a CDC TB researcher: she should have paid a little
more attention at the family dinner table when dad talked about her
work, and/or put her foot down when her new hubby hatched his
scheme. Can this marriage be saved???) didn’t have H5N1 — this
should really be a heads-up that we need a stem-to-stern review of
policy, training, and decision-making when it comes to border
Last year, I was
traveling at the end of the year, so a 10 Homeland Security
Technologies to Watch in 2006 went by the boards. It's back for 2007, using
the same criteria that I used for the list two
years ago, because the
networked homeland security
approach primarily relies on commercial communication technologies
that can adapt instantly to provide emergency information in a terrorist
attack, pandemic, natural disaster, etc., and that foster collaboration
(because that's critical in an emergency and because collaboration in turn
is a precondition for emergent behavior/swarm intelligence, in which a
higher level of collaborative action results than could be predicted from
the abilities of individual members of the group):
also having day-in-day-out
applications so that they will both be familiar in an emergency
(i.e., not requiring users to have to learn something new when they're
already stressed) and will have economic and/or social benefits so their
purchase and deployment are more easily justified. Those that use
commercial applications and devices benefit from a virtuous circle, in
which new features and capacity in the devices sparks new applications
to exploit those improvements -- far more rapidly than would be the case
in government-only communication systems and devices.
decentralized, so they are
less likely to be rendered inoperative by attacks on a centralized
switching facility, etc.
in the hands of the general public,
so they leverage technology that is already in use (and, given the
inevitable cost and procurement limits of government technology, more
current) and that people are likely to have with them when disaster
strikes, so they can get up-to-the minute information.
location-based, so that we
can get away from lowest-common denominator evacuation and response
plans that are likely to cause their own problems such as traffic jams.
empower the public, because
authorities may themselves be incapacitated and our fate will be in our
own hands, and because we may be more likely to listen to trusted
friends and/or neighbors than distant authorities.
two-way, so that the general
public and/or responders who may be the first to come upon an emerging
problem can feed information back to authorities.
redundant, because various
technologies have distinctive strengths and liabilities that may render
them unusable, or, make them crucial fall-back options.
allow dissemination of information
in advance so they can be quickly activated and/or customized in
an emergency (instead of requiring massive data-dumps in the midst of a
IP based, because
packet-based information will require less bandwidth in a situation
where conserving it is crucial.
because multiple agencies and jurisdictions may be involved and will
need to share information from a wide range of sources on a real-time
And now, the envelope please:
new uses, such
as storing encrypted medical and family financial records, plus detailed
emergency response information, for USB thumb drives, which now cost
next to nothing. My current favs: either one of the sushi drives or the
stuffed croc (although, if someone's smart, they'll create one in the
shape of a locket (complete with picture of the grandkids), which your
tech-phobic granny can wear around her neck.
an increasing number of cell-phone-based social networking apps,
Mologogo joining my old
capitalizing on the trend of cell-phones including GPS and cameras, to
provide location-based, real-time info.
While even ad-hoc groups are capable of emergent behavior (the Flight 93
passengers being exhibit A), it's more likely to occur among those who
already know each other, so apps that people routinely use to link their
virtual and physical social networks will be that much more valuable in
Similarly, more neighborhood-based blogs and web sites such as
Neighbors for Neighbors, JP
in Boston's Jamaica Plain neighborhood or the
one in New Orleans, which use online virtual neighborhoods to strengthen
bricks-and-mortar ones, again building a sense of community that can be
invaluable in a crisis.
Sorry I have to be coy about this one, but it involves a product
that won't be formally rolled out for several weeks, so I had to promise
to not identify it at this time: a system built around "presence"
applications that instantly polls all of a person's communication
devices until it is able to connect (critical in a crisis, when you may
not be at your desk and some infrastructure may be compromised): a
secure messaging system that would allow sharing of real-time,
location-based info, polling of users through simple response options
that are inside the message, such as yes/no, selection lists, or fill-in
text boxes (in an emergency, that could answer vital questions about
whether, for example, various neighborhoods have water supplies,
electricity, or fuel), and, where the recipient has broadband access,
receiving real-time video, etc.
Disruption-tolerant networks (DTN),
mobile nets that continue to work even if there are "... broken links
and long delays." They aren't quite as efficient as fixed networks, but,
in a crisis, some network is better than none.
that can provide helpful information both in normal times and a
disaster. One candidate (hear about this on
in its end-of-the-year predictions for the Web), is
which uses a wiki combined with Google Earth to allow people to describe
local landmarks, natural attractions, etc.
Of course, that location-specific information can also be helpful to
terrorists looking for targets, but the cat's out of the information
bag, isn't it, so we'd better be exploiting the tools available to the
Bad Guys, shouldn't we?
More use of wikis, similar to
to share group wisdom before, during and after a pandemic, terror
attack, or natural disaster.
Do-it-yourself tech-based activism for disaster preparation similar
Preemptive Media Project
to survey pollution levels in Manhattan, perhaps using technology hacks
an "online tool for generating and sharing mobile phone reports. The
site enables people to collectively report in real-time using mobile
phones or digital cameras and computers."
More states to follow
South Dakota's lead with its statewide radio
system, the first
statewide trunked communication system to utilize digital VHF. Because
it's IP-based, it can route around obstacles and uses less bandwidth. It
can also carry information as well as voice, allowing all public safety
officials able to talk to one another.
It's a subject
near and dear to my heart. Partially, that's because Hal Newman and
I have a joint venture,
(hey, a bad pun never hurt anyone, did it?) in which we write what
we consider to be (and clients tell us are) extremely realistic,
well-researched, and non-formulaic scenarios. It's also because I've
suffered through some exercises (I don't think I'll ever be able to
expunge one stinkeroo last April from my memory) that were
definitely a waste of time and money.
Phillips' article, here are the yin and yang of scenarios and
the results will be more valuable if you allow independent analysis:
"Rigorous and independent evaluation is needed to ensure that exercises
provide an accurate portrait of response capabilities and deficiencies."
not-so-sexy after-action report is critical (something the military
stresses: field commanders are required to file "lessons
reports after an engagement -- and those reports are factored in when
they're under consideration for higher ranks). Phillips points out that "FEMA
canceled much of the follow-up work - including answering questions about
moving emergency evacuees from short-term housing at the Superdome - for
lack of funds," after the Hurricane Pam exercise in 2004 (lack of funds
seems relative, now, doesn't it, in light of the billions spent for
welcomed trend, IMHO, toward sharing of the lessons learned, and
evaluation of the exercises themselves:
RAND has been
contracted to create a searchable
Public Health Preparedness
covering "nearly 40 simulations of terrorist attacks and infectious
disease outbreaks. Each drill is graded on five elements."
DHS has hired a
contractor to evaluate its exercise program.
HHS is evaluating
emergency drills for several states.
probably the most
helpful resource is the "Lessons
Learned Information Sharing"
site, "which gives registered users access to substantial
preparedness information, including after-action reports on various
important, the feds are attempting to create standardization for
design, conduct and evaluation of exercises, through the
Homeland Security Exercise
and Evaluation Program.
Phillips reports that "DHS, HHS and the CDC reportedly are beginning
to require use of this model before funding exercises. 'If all three
of them are requiring the same exercise format, that's an enormous
shift,' [according to the
New England Center for
Kerry] Fosher... 'It forces people to build a standardized cohort of
folks who can build exercises in their state using a common
There's a tendancy to -- surprise -- plan for
the kind of disaster we want, i.e. one that proves we've prepared
well. "'Exercises are not all created equal,' says Michael Wermuth,
homeland security programs
at the nonprofit RAND Corp.
'There are a lot of different kinds of exercises, a lot of different
methodologies used to conduct exercises. There are exercises that
sometimes seem to be destined to ensure success or at least a
successful outcome in the exercise.'"
The annual Top
Off (Top Officials) exercises continue to draw most criticism,
partially because the cost is so high, and partially because they're
announced months in advance, so that everyone can look their best.
According to Wermuth,"'If the main purpose is to really engage what
the name is supposed to indicate -- to engage top officials in
sitting down and having to make hard decisions about desperate
situations -- I'd say it's unnecessary to have this level of
attention, this scale of an exercise and particularly the
expenditure of many, many millions of dollars.'" And,
when the chips were down,
the supposed lessons learned from the large-scale exercises clearly
exercises seem assembled cookie-cutter style: "'If you're a
consultant, it's pretty easy to go anywhere with these templates on
[Microsoft] Word and scratch out 'Boise, Idaho,' and put in
'Orlando, Fla.,' " says Eric Noji... director of the Pandemic Avian
Influenza Preparedness program at the Uniformed Services
valuable lessons are learned from actual emergencies: if you're an
emergency manager and aren't combing the post-mortems from Katrina
and other emergencies of all types, both here and abroad, shame on
Phillips concludes that perhaps the most
important benefit of the simulations is the opportunity for
emergency planners to connect names and faces before The Big One
relationships are paramount, because the official plan often gets
jettisoned in the heat of a disaster, Noji says. Of the 82 disasters
he was involved in, he never saw the formal plan used. 'I was the
disaster director at [Johns Hopkins University Hospital], and I
didn't even know it,' he says. 'These things are the size of phone
That squares with
my experience, and is an important factor in fostering the "emergent
strategy argues is needed in a crisis where circumstances unfold
that no one could have predicted or practiced for in advance. While
effective emergent behavior can be found even among perfect
strangers (i.e., the Flight 93 passengers), research has shown that
it's more likely among groups who have worked together in advance.
BOTTOM LINE: disaster
exercises are necessary, and are improving over time, but no one can
rest easy even if they've learned lessons and applied them:
disasters have a nasty habit of evolving according to their own
et al.: my Boston Globe op-ed sparks
discussion of virtual regionalism
06]--Always like to play the agent
on how Gov.-elect Deval Patrick can and must make creative use of
the web a critical tool in simultaneously delivering on his promises
for things ranging from increased local aid (BTW,
flinty Scot that I am, I'd argue that the dollar amount of local aid
doesn't necessarily have to be increased
if the effect of the current
aid was increased through a combination of reduced costs of doing
business by local government, seamless delivery of that aid, and
increased efficiency of operation on the state's side. I'm sure that
argument will have the likelihood of a snowball in hell of
prevailing ....) seems to be kicking up some comment and discussion:
I got a nice
email right after it ran from my old boss Michael Dukakis, so at
least past governors read it, and from a number of state
One of my
favorite commentators on the nitty-gritty of governing,
syndicated columnist Neal
was intrigued by my call for "virtual regionalism" to overcome the
inherent problems of New England's home-rule tradition. Peirce wrote
me, "It does seem most likely that carrots and sticks to bypass home
rule, rather than some frontal assault, have by far and away the
best chance of success." One of my personal government IT gods, Phil
Windley, Utah's CIO under now-HHS Sec. Mike Leavitt, also mentioned
the "virtual regionalism" concept in his
(BTW, I love Phil's ominous slogan: "Organizations get the IT they
one state staffer, Director Christian Jacqz of
the Mass. Office of Geographic and Environmental Information,
pointed out to me that the Commonwealth is taking the lead in one
area of innovation: its
web mapping services
were honored as an
"Exemplary System in
Government" in the 2005 URISA competition's Enterprise Systems
The services are available to communities, regional planning
authorities, and state agencies, and the tech support include a wiki
(kewl: 50 extra points, guys and gals!). It supports kml (the
language for Google mashups)
with a mapping engine called Geoserver as well as a richer and more
sophisticated xml-based protocol put out by the
Open Geospatial Consortium
(didn't know about them -- neat!) -- add another 50 points each for
xml and open source! Among other uses, Jacqz says MassGIS lets
communities and state agencies build their own map-enabled web sites
to display locations of interest (e.g., closest state office
offering a given service) and also to collect data (such as exact
facility locations from knowledgeable individuals, plotted on top of
imagery -- that sounds particularly relevant to homeland security in
terms of critical infrastructure protection). He also told me that
commercial on-line mapping applications use MassGIS' orthophotos
(e.g., what Google calls "satellite" images) and the office is also
in a public-private partership to improve the completeness of the
digital road map and the "hit rate" on geocoding.
Nice job, folks -- and my apologies for the
broad-brush slap at Massachusetts' web strategy or lack thereof --
there are definitely some pockets of excellence that should be
supported and applauded!
Prof. John Peha, who
wears two hats at Carnegie-Mellon, in both engineering and public
policy, argued at a forum sponsored by the
America Foundation this
week that we need a centralized information system for emergency
communications. According to the
Congress Daily story:
said that after the disastrous communications failures on Sept. 11,
2001, and during Hurricane Katrina, he could "not see why we should
tolerate" the current decentralized emergency-response system, which
gives the flexibility of local "first responder" agencies precedence
over standardization and regional cooperation."
If we had a centralized, top-down communications system,
control-freaks such as Sec. Chertoff would no doubt be pleased, but we'd
still be waiting for relief to reach New Orleans -- 'cause when
centralized systems fail, they fail totally. This recommendation runs
totally the opposite direction from the trend toward web-based,
decentralized, networked communication that dominates everything today.
It was precisely because people on the ground cobbled together crude
but effective networks (I'm just reading Douglas Brinkley's
The Great Deluge
. In addition to praising the Coast Guard for being the sole exception
to the organizational paralysis -- because,
as the GAO put it,
the CG's operating "...principles promote leadership, accountability,
and enable personnel to take responsibility and action, based on
relevant authorities and guidance," he also details the completely ad
hoc "Cajun Navy," which was put together totally by word of mouth. While
the authorities fiddled and diddled, the motley flotilla of Cajuns saved
4,000) that there was any action at all.
Since Peha also talked about the communication problems on 9/11,
think about the only effective response: the Flight 93 passengers, who
got "situational awareness" from their relatives' phone calls, and
acted. Meanwhile, the president of the United States, at the top of the
information chain, sat reading a children's book for 15 min., while his
aides tried to find out what happened.
Sorry, professor, but I suspect the engineering mentality (apologies
to my readers who are engineers, but I've worked closely with many
engineers for the past 25 years, especially nuclear engineers, and it's
been my experience that for every
there are 50 extremely left-brained types who freak out at the kind of
ad hocracy that I call for in
predisposes you to think in terms of tightly-control, top-down
We'll give the last word in this case to Mark Wolf, in
about the Portland Connect & Protect enhanced 911 system:
"If national safety -- the ability to respond to hurricanes,
terrorist attacks, earthquakes -- depends on the execution of
explicit plans, on soldierly obedience, and on showy security
drills, then a decentralized security scheme is useless. But if it
depends on improvised reactions to unknown threats, that's a
different story. A deeply textured, unmapped system is hard to bring
down. A system that encourages improvisation is quick to recover.
Ubiquitous networks of warning may constitute our own asymmetrical
advantage, and, like the terrorist networks that occasionally carry
out spectacular attacks, their power remains obscure until they're
called into action."
PS: Looking at the techies on
this foundation's board
-- Eric Benhamou, James Fallows, Eric Schmidt -- I'm surprised they'd
see this as the kind of ".... exceptionally promising new voices and new
ideas to the fore of our nation[base ']s public discourse" that they
stand for -- especially since they also have a "Wireless
Guess so: it looks as if The
Establishment, in this case, CSIS, is getting the word -- long understood by
readers of this blog -- that innovative technologies and applications such
as wikis or tags can be critical ways of not only sharing information, but
actually transforming the work of rebuilding countries after disasters or
Their new report, Wikis, Webs, and
Networks: Creating Connections for Conflict-Prone Settings introduces
policy makers to the many ways that these new technologies can be used in
dealing with what they term "collapsed and fragile states," especially since
they are prone to problems with communication and connectivity. In
particular, they can be critical to applying lessons learned from one
problem in dealing with the next (as I blogged about the
tsunami wiki and those that followed it),
or communication among many international governments and agencies that are
involved. The report's lofty goal is to use better connectivity "... to
enable local populations to prevent and mitigate conflict and help rebuild
The report is based on 4 principles that can improve connectivity in
conflict prone areas -- and otherwise. It's worth repeating them:
effectiveness.... Connectivity allows for, but does not
guarantee, frequent and meaningful interactions, which can help diverse
actors develop a common operating language, plan and conduct joint
exercises, and integrate operations during crises.
Openly sharing new ideas, innovations,
and information is better suited to fast-paced, chaotic environments
than is the traditional practice of closely managing information flows
through established hierarchies. (my emphasis because it applies
equally, IMHO, to homeland security).
Community generates content.
Relying on the community to generate, share, and interpret content makes
the best use of resources and minimizes constraints in conflict
settings. These settings demand flexibility and adaptability on many
levels. User-driven content, in which all individuals contribute
information, share concepts, and evaluate resources, is the practical
choice for environments with conflicting and unreliable data.
Lead users drive the market.
By identifying and promoting the practices of lead users (those at the
top end of the bell curve), the effectiveness of the entire
international community can be enhanced."
Based on these principles, CSIS recommends three strategic guidelines to
encourage the new communication technologies and empower users: design the
architecture for participation, strengthen social and knowledge networks (in
recognition that communication is more of a social problem than a
technological one), and use all available means of communications.
While acknowledging institutions' fears about errors in wikis, etc., the
report speaks truth to power: "... in many cases, the daily benefits of open
information systems outweigh the potential threats." Wow....
The study is a relatively quick read -- 30 pages. I urge you to do so,
because it shows consciousness of the transformative power of network
technology is reaching inside the Beltway.
The common thread? All of
these are applications you can use every day, but, in a crisis,
could be used to provide valuable
real-time, location-based information
that would help you and your family and friends cobble together
ad hoc emergency
response plans (capitalizing on the
possible when formal or ad hoc
groups come together).
You're now duly authorized to add to the list of Permissible
Disaster Planning Preparation Activities (PDPPAs) interactive
adventure gaming, a
derivative created by
of Boston. Their new
Ghosts of Liberty
game looks like a real hoot!
Created by Nicholas Tommarello because "I can't stand being on a
tour bus," Urban Interactive games let you learn history while
playing a collaborative game (7.3 extra PDPPA points awarded
because it's collaborative, fostering emergent behavior).
Teams are transformed into secret agents (ah, maybe we'll award
an extra 1.22 PDPPA points because it fosters thinking like a
secret agent -- or terrorist...) who get a cellphone programmed
with the clues (an automatic 4.23 points because of the
location-based information), an ultraviolet pen, a map of our
fair city's historic North End, and a folder to open in an
emergency (i.e., if lost).
Once on the streets, the cell phones yield critical information:
digital maps, SMS messages from the mysterious "Director Finch,"
and "'voice mails from a ghost-channeling psychic.'"
Winning teams can choose between a Xbox 360, $300 iTunes gift
card, or a dinner for 4 at the Strega restaurant.
How cool is that???
Parent firm Conditor will create custom games for clients "...
that can tailor the world of our games to just about any
requirements you can think up. The only limits are your budget
and such pesky rules as the law of gravity. So feel free to get
creative; we can include any activities you require, and even
theme the stories around your own corporate culture."
The predesigned games allow 6-50 players. Events can be outdoors
or inside, and past settings have included museum galleries,
college campuses, public gardens, historical monuments, and
urban shopping complexes. They supply the hardware, currently
Nokia 6630 smartphones.
aside, folks, I'm calling Urban Interactive as soon as I post
this, to discuss the possibility of creating a game that would
highlight possible terrorist threats and actually make preparing
for a terrorist attack or natural disaster fun and
collaborative. Ghosts of Liberty has all the elements: advanced
personal, mobile tech, digital maps, interactivity,
collaborative activity, etc. that would make it just the
framework for disaster or terrorism prep that would overcome all
the normal factors (i.e., its boooring...) that keep the general
public from wanting to prepare. Kewl!!!
Congress enacted a law last
week, as part of the package of homeland security bills passed just
before it recessed, setting minimum qualifications in terms of
emergency management experience for future FEMA directors in light
of former Director Michael Brown's lack of qualifications and
selection on the basis of political cronyism. The new law requires
the president to nominate someone who has "... a demonstrated
ability in and knowledge of emergency management" and "...not less
than five years of executive leadership."
As with his past signing statements, Bush made no mention of his
reservations about the FEMA restrictions when he signed the package
last week in Arizona. Then, according to Savage:
"...hours later, he issued a
signing statement saying he could ignore the new restrictions.
Bush maintains that under his interpretation of the
Constitution, the FEMA provision interfered with his power to
make personnel decisions.
law, Bush wrote, ".. purports to limit the qualifications of the
pool of persons from whom the president may select the appointee in
a manner that rules out a large portion of those persons best
qualified by experience and knowledge to fill the office."
Purports to limit the
qualifications of the pool? No, it damn well DOES limit the pool of
persons -- for good reason, as we saw in spades during Katrina (and,
for the record, Sen. Susan Collins pointed out that Congress has
passed a number of similar laws in the past, setting standards for
posts ranging from Solicitor General to the director of Fisheries
As I've written before,
as important as the FEMA bill is in its own right, the pattern set
by these signing statements is far more important because it
undermines the Constitution's separation of powers:
Bush is able to claim
credit for signing a popular law, without having to make his
position clear during the legislative process.
he does not have to
engage in compromise and negotiation with Congress, as would
happen if he were to veto a bill and send it back
Congress is denied its
right to pass the bill again over the president's objections,
because it was actually signed
Congressional intent is
thwarted because the executive branch does not enforce the law.
The contrast between the
highly-visible signing ceremony and (literally)
under-cover-of-darkness release of the signing statement was stark
proof the White House knew its process wouldn't stand scrutiny:
"Bush's remarks at the
signing ceremony were quickly e-mailed to reporters, and the
White House website highlighted the ceremony. By contrast, the
White House minimized attention to the signing statement. When
asked by the Globe on Wednesday afternoon if there would be a
signing statement, the press office declined to comment, saying
only that any such document, if it existed, would be issued in
the 'usual way.'
'The press office posted the
signing-statement document on its website around 8 p.m.
Wednesday, after most reporters had gone home. The signing
statement was not included in news reports yesterday on the
probably wouldn't have mattered if the signing statement had been
more visible: Savage stands alone among the DC press corps in
tenaciously following the bigger story. Where is the rest of the
Let me conclude by simply
quoting the last five grafs of Savage's story, which total up the
sorry score: the Cheney/Addington "unitary
800+; Article 1 of the Constitution of the United States: 0 :
Bush's use of signing statements has attracted increasing attention
over the past year. In December 2005, Bush asserted that he can
bypass a statutory ban on torture. In March 2006, the president said
he can disobey oversight provisions in the Patriot Act
all, Bush has challenged more than 800 laws enacted since he took
office, most of which he said intruded on his constitutional powers
as president and commander in chief. By contrast, all previous
presidents challenged a combined total of about 600 laws.
the same time, Bush has virtually abandoned his veto power, giving
Congress no chance to override his judgments. Bush has vetoed just
one bill since taking office, the fewest of any president since the
"Earlier this year, the American Bar Association declared that
Bush's use of signing statements was 'contrary to the rule of law
and our constitutional separation of powers.'
"Last month, the nonpartisan Congressional Research Service
concluded that Bush's signing statements are 'an integral part' of
his 'comprehensive strategy to strengthen and expand executive
power' at the expense of the legislative branch.'"
You may remember that
I called for use of the Neighborhood America
program after Katrina to
help preserve and strengthen neighborhood cohesion among those evacuated
from New Orleans. Sadly, the city hasn't done that (it's not too late,
Mr. Nagin), but several New Orleans evacuees have taken matters into
their own hands, creating blogs to help neighbors keep in touch with
each other and to weigh in on important issues about the city's future.
Highlighted in this article was Karen Gadbois'
NorthWest Carollton blog,
which she and other residents of that neighborhood used, among other
things, to successfully fight Walgreen's attempted land use variance.
It's inspiring to read their mission statement:
a Post Katrina organization formed to celebrate the fact that
postKatrina we still had neighbors and to advocate for our historic
neighborhood and its people. We feel it is important to address all
issues of planning, recovery and building. We revel in the diversity of
our neighbors and the diversity of our historic housing stock. We have
homes for every taste and income level. We have been gifted with
commercial neighbors who respect the fact that they border our historic
"'We are the next coolest neighborhood in New Orleans.'"
With that kind of spirit, we don't
doubt it, Ms. Gadbois.
"'I use my blog to put a human
face on what's going on in New Orleans,' said Homan, a theologian at
Xavier University, 'so that friends and family and (residents)
scattered around the country can see what's going on. It's also very
cathartic. I get a lot of support from people who read it.
"'But I also use it get and
share advice,' he continued. 'I've had people from all over the
country contact me and exchange information about engineering
reports and insurance companies."
"The blog pulls Homan and his
readers into the city's reconstruction.
"'The rebuilding of New
Orleans becomes a great way for us to keep tabs, as a system of
checks and balances, on these fat cats,' he says, referring to city
leaders and developers. 'Blogging gives us a voice.'
"'The potential,' Homan said, 'is
incredible. We haven't even scratched the surface.'" (my
"Modern life has created a
world where people don't have as much face-to-face interaction as
they have in previous decades. Blogging, while a solitary activity
involving one person and one computer at a time, has allowed people
"'It's helping create
communities of interest,' he said, 'and that's what we're seeing
Reporter Ray Bragg also includes
extensive quotes from
on the significance of action-oriented blogs, including this:
are at a significant crossroads,' says media critic Howard
Rheingold, who contends the Internet is poised to become as
important to civilization as the alphabet and the printing press.
"'The advent of the Internet
and the availability of many-to-many publishing, via cell phone,
text messaging and other devices, has lowered the threshold for
I've now learned that Lombardi, an art historian by training, didn't become
an artist until he was in his 40s (sad to say, given my professional
interest in social networks, he and I were probably at Syracuse University
at the same time, he as an undergrad, and I as a grad student. Even though I
visited the art school's gallery frequently, we didn't connect, and that I
profoundly regret), and was a fascinating blend of artist and investigative
his New York
Times obit explains:
to say that his drawings were probably best understood by the newspaper
reporters who had covered the scandals he diagrammed.
measuring as much as 10 feet across, these drawings nonetheless had
tremendous visual verve, delicately tracing the convoluted unfoldings of
contemporary morality tales like the savings and loan scandal, Whitewater,
Iran-contra and the Vatican bank scandal.
circles in his drawings identified the main players -- individuals,
corporations and governments -- along a time line. The arcing lines showed
personal and professional links, conflicts of interest, malfeasance and
lines traced influence, dotted lines traced assets and wavy lines traced
frozen assets. Final denouements like court judgment, bankruptcy and death
were noted in red.
Lombardi, who was born in Syracuse in 1951, received a bachelor's degree in
art history from Syracuse University. After graduating from college he moved
to Houston, where he worked briefly as an assistant curator at the Museum of
Lombardi ran a small gallery while making abstract paintings on the side. He
began making his drawings in 1993, inspired by a doodled diagram he had made
while talking on the phone to a banker friend about the savings and loan
several newspapers a day, he culled his information entirely from published
sources, keeping track of the articles with a card file that eventually held
over 12,000 cards."
As Ken Johnson wrote:
the United States invaded Iraq in what seemed to many a puzzlingly indirect
reaction to Al Qaeda's 9/11 terrorist attacks, questions about the Bush
administration's real motivations have been a matter of debate and
speculation. Was the purpose really to spread freedom and democracy, or were
there other unacknowledged plans? Many people who knew Lombardi and his work
have wished he were still around to connect the dots. But that misses the
larger point of his art.
the experience of Lombardi's drawing is a kind of narrative thrill, not
unlike that of novels by Thomas Pynchon and John le Carre. Discovering the
shadowy interconnectedness of what you would have thought were totally
unrelated people and agencies can induce paranoia, but it is also curiously
satisfying; the world starts to make a kind of cosmic sense.
Lombardi's works are near-perfect weddings
of aesthetic form and worldly content. (my emphasis)
drawings leave out a lot of information, and they raise as many questions as
they answer. Their broad, untouched areas of white paper are metaphorical as
well as literal: You have to fill in the blanks for yourself. So the viewer
is thrown into a philosophical quandary: Is the truth out there, a
discoverable empirical order? Or do we project the truth by means of our own
stories and fantasies and according to our aesthetic predilections onto an
otherwise chaotic reality?
9/11, that philosophical quandary took on a more than theoretical urgency.
Lombardi did not predict the attacks on the World Trade Center and the
Pentagon or the US invasion of Iraq, though you get the feeling that had he
lived he would not have been surprised by either. What he left for the
future was an exemplary method for making sense of the bewildering and scary
new world so tragically ushered in by the events of Sept. 11, 2001."
You can say that again!
Lombardo's work speaks to me on two
levels: selfishly, as
Hal Newman of Team EMS
and I prepare to launch our social network mapping service to companies,
it's a reaffirmation of how a social network map can illustrate connections
far better than a dry narrative. As a world citizen, it's a reminder that,
even if George W. Bush forgets it, we are all interconnected already and
we'd damn well better find solutions to complex issues that reinforce those
ties for mutual advantage rather than to pursue short-sighted politicies
that fray them.
You won't find these tips
about how to capitalize on those devices and applications on
or other federal, state, and/or local preparedness sites. In some cases it's
because the services described below are private sector ones that government
agencies can't endorse. More likely, most government agencies are clueless
that these services exist (for example, it wasn't until I told them about
DCERN that DHS officials realized it existed, even though it operates
literally in their own backyard).
So here are ten 21st
century disaster and preparedness tips from
Stephenson Strategies that you
won't see on the official lists of things to do to prepare for a disaster or
terrorist attack, but that you and your neighbors should implement
NOW, so that
you'll be prepared to act intelligently and calmly if you find yourselves on
now that thumb drives cost less
at Staples this week), put your family's medical records (if you can get
them from your physician in digital form) and other vital documents on
them and attach it to your keychain so you'll have them with you at all
times (encrypt them with
buy a pair of family-radio (FRS)
walkie-talkies (under $20 at discount stores) for emergency
communications. Use them to set up a volunteer, self-organizing
community emergency communications network similar to the
one in Washington DC
add your FRS emergency network to
National SOS radio, which
links local FRS networkswith ham operators for a comprehensive,
low-power emergency communications network.
download the free
network software and burn
it to CDs to share with your neighbors, so you can create a
self-organizing, self-healing mesh network with neighbors even if your
Internet access is lost in an emergency.
Ch. 148; Boston/Philly, 149; LA, 150; Chicago/St. Louis, 151; Balt/DC,
152; Atlanta/Miami, 153; Dallas-Ft.Worth/Houston, 154;
Detroit,Pittsburgh, 155; SF/Seattle, 156; Orlando/Tampa-St. Pete, 158)
Satellite Radio (Boston,
Ch. 210; NYC, 211; Philly, 212; Baltimore, 213; DC, 214; Pittsburgh,
215; Detroit, 216; Chicago, 217; St. Louis, 218; Minneapolis, 219;
Seattle, 220, SF, 221; LA, 222; San Diego, 223; Phoenix, 224; Dallas/Ft.
Worth, 225; Houston, 226; Atlanta, 227; Tampa, 228; Orlando, 229; Miami,
230) provide real-time, location-based weather and traffic channels for
your area, subscribe. XM has a special emergency channel, 247, that's
activated in an emergency.
Use the structure and information
as the starting point to establish a self-help wiki before the hurricane
hits, and add to it as the situation evolves
Get all your family and friends
Pheeder. In a crisis,
you'd only have to send a single phone message to let them know you're
can do the same thing via SMS message, but only serves a few cities at
After a disaster, cobble
a Google mashup similar to
using your cameraphone, to alert authorities to where there are
elderly/disabled persons who need extra help.
A 1996 study, The Advent of Netwar, showed terrorist groups are loosely
linked instead of hierarchical, so the Defense Department's anti-terrorist
strategy now matches that threat. As the study said, "Logically, fighting a
networked enemy requires the US to form networks to fight networks, and
decentralizing operational decision-making authority."
However, Katrina showed DHS was inflexible, lacked redundancy, reacted
slowly to changing conditions, and, when chain of command was interrupted,
individual components couldn't adapt and become self-directed. So why does
the Department of Homeland Security still emphasize top-down,
command-and-control strategy at home a year later, especially if, as the
Administration argues, we may face the same terrorist groups here (plus
natural disasters exhibiting the same unpredictability and disproportionate
impact on the most vulnerable)?
Convergence of 3 social and technological network trends: networked enemies,
the new science of networked social behavior, and widespread adoption of
networked personal communication, make a networked anti-terror and disaster
strategy as or more relevant at home, particularly to productively involve
The science of networked behavior is the least understood of these trends.
Studies of ant and bee behavior discovered more sophisticated synergistic
behavior by a colony or hive "emerges" than is predictable from individual
organisms' abilities. Now, management consultants say we can and must foster
the same phenomenon in human society, stimulating flexibility, robustness,
and self-organizing – 3 qualities missing in Katrina and terrorism
Remember 9/11. The only effective response was the epitome of emergent
behavior: total strangers spontaneously coalesced on Flight 93. Similarly,
individuals came together via the Internet during Katrina, providing
invaluable and reliable information and services to victims while government
The final factor is the rapid spread of increasingly networked (especially
peer-to-peer) personal communications devices, including camera phones, GPS
devices, and 'mesh' laptop networks linking automatically (even without an
Human nature dictates that people can and will use them in a disaster. Those
who knew to send text (not voice) messages could still communicate in
Manhattan and New Orleans during the disasters: text uses little bandwidth
and routes around disruptions. People already spontaneously send cameraphone
photos of crimes to police in time to apprehend suspects. Some new real-time
traffic alert systems rely on digital reports from users' cars at an
However, having many individuals with communication devices does not assure
emergent behavior: they must interact. Collaborative software programs, such
as wikis, and social networking services foster interaction, and people are
already familiar with them, so they could instantly switch to sharing
emergency information in a crisis.
Networked homeland security is feasible today, cheaper and quicker to deploy
using existing technology than dedicated government emergency communications
systems. By facilitating those qualities needed in a crisis -- flexibility,
robustness, and self-organizing -- it would transform the general public
from victims, waiting for aid that may never come, into self-reliant
components of the response.
So why doesn't the government embrace networked homeland security? In part,
it probably is because officials fear they would no longer control
information flow, or people's response.
However, given networked personal communication devices and the science of
emergent behavior, government probably has already effectively lost control
of information flow in a disaster. It can either capitalize on this
phenomenon, finding innovative ways to treat the public as full partners in
both anti-terror and disaster preparation and response -- or we will simply
take matters into our own hands.
I've advocated networked homeland security for several years, but find that
decision makers are now more willing to consider it in the wake of Katrina.
As one former DHS official said, we're more willing to consider creative
approaches having seen how badly conventional ones failed.
We'll debate the specifics of what went wrong for years, but what's clear
is that conventional thinking failed miserably during Katrina. Shamefully,
Americans died needlessly as the result, and an entire region still suffers.
In one of his first postmortems, Sec. Chertoff acknowledged this failure,
saying that "the unprecedented nature of the disaster makes it necessary for
Washington 'to break the mold' and create a new mold."
Mr. Secretary, you're right that we need to break the mold. You're wrong
when you say that we need to create a new mold.
Molds work fine for jelly, but when it comes to fast changing, unpredictable
situations, whether they be terrorist attacks or global commerce, molds
constrict your ability to react quickly, to turn on a dime when one tactic
fails and try something else. We need to let that jelly ooze!
Coming from New England and being a history buff, I'm reminded of an event
in my area during the spring of 1775 in which a few brave men broke all the
molds (and were roundly criticized for it, by their gentlemanly adveraries,
for not playing by the supposed rules). This time around, I'm afraid
we're the ones marching in
formation and following the "rules." Its our opponents, be they
Qaeda, Katrina or the looming
flu pandemic, who, like the Minutemen, are networked, elusive, and quickly
regroup and try something different.
This is a lesson the US military has already learned in dealing with
John Arquilla and David Ronfeldt, starting back in
1993, have steadily refined the concept of netwar.
They write that the information revolution is "altering the nature of
conflict across the spectrum." It often gives small groups who communicate,
coordinate, and conduct their campaigns in an networked manner, without a
precise central command, an advantage over hierarchical forms. Logically,
Arquilla and Ronfeldt say that it takes a networked defense to fight a
networked offense. Their approach is now an accepted part of Pentagon
Yet, as we saw during Katrina, the other portion of our defense against
terror, homeland security, doesn[base ']t seem to have learned the netwar
concept. Their approach was centralized and hierarchical, didn't seem to
sense that the circumstances on the ground required a change in tactics, and
was unable to redeploy forces rapidly.
It's time to apply the networked approach to homeland security as well. The
time is right, because of the convergence of three important aspects of
First is the situation we confront. Whether the "opponent" is a terrorist
group, natural disaster, or a flu pandemic, they share several
characteristics: their behavior is hard to predict from past experience,
they're opportunistic, strike particularly at the most vulnerable, and,
invariably, draw in the general public.
Logically, as with the netwar concept, to be effective, we need a response
that has the same characteristics as these situations.
Arquilla and Ronfeldt noted in the early '90s that the information
revolution favored networked strategies. That is even more the case today.
The second aspect of the evolution of networks arguing for a networked
strategy is the nature of the communications technology that you and I
increasingly use on a daily basis, from cell and camera phones to Wi-Fi
laptops and GPS in our cars. Unlike the mass media, these devices are
increasingly based on Internet Protocol and are packet-based. That means the
resulting networks are decentralized, self-organizing and self-healing --
they don't depend on central authorities or facilities and are less
dependent on fixed infrastructure that might be damaged in a disaster.
This common format also means that information from them can be blended and
combined, into new hybrid forms of rich information. And, as the growing
number of Google Map "mashups" shows, communication is increasingly
providing actionable information in a real-time, location-based format. That
can be critical in a crisis, when it's vital for authorities to know what's
happening and where --right now-- not what they'd predicted
might happen in planning exercises.
Finally, unlike government communications networks that are only upgraded
sporadically, these personal devices are constantly upgraded. Each time that
they are, smart entrepreneurs find new applications and services to exploit
that new power. Instead of having to create a stand-alone emergency
communications system, we can leverage those private sector solutions, with
whom the public is already familiar, in a crisis.
Finally, the third component of networks
-- and the least understood --
is the growing body of science about the sociology of group behavior made
possible by networks. In a social network, individuals are free actors,
they're not controlled by a hierarchy, but loosely linked. And, the power of
a network increases exponentially, because of the number of subgroups that
can form within the larger one. Particularly important is research at the
Santa Fe Institute and other places on "emergent
behavior." First observed in
ant hills and bee hives, we now know humans are also capable of emergent
behavior: a higher level of collective behavior -- and combined
intelligence -- that can't be
predicted from individuals' behavior: the group becomes a highly-capable "superorganism."
All these aspects of social networks mean the general public can be a potent
and effective asset that in homeland security or disaster response.
Combined, these 3 elements of networks:
the need to combat a networked
enemy with a network
the growing power of
self-organizing, self-healing personal communications networks
the understanding of the
synergistic power of networks
constitute the ideal solution to the
problems we saw during Katrina: the potential to turn the public from pawns
to be herded about into full partners in preparation and response. And, to
add some immediacy to the situation, we have the unprecedented threat of a
flu pandemic. As I wrote last week in
only an unprecedented use of collaborative technology and an unprecedented
level of collaboration will get us through this looming crisis.
Due to our time constraints, I can't explain precisely how this kind of
system would work. If you go to my blog,
can learn more about the technology and the sciene of emergence and how the
network would come together. However, let me give you just a few examples of
how such an ad hoc, networked
system might work in practice, to demonstrate that it is practical today and
would be ideally matched to the challenges we face.
While government debates the next
generation of emergency communication, a grassroots network here in the
District of Columbia,
has blanketed the region with a no-cost, self-organizing emergency
communications network using $15 walkie-talkies. Even better, they've just
merged with a national group of ham operators to create the
SOS Radio Network-- which can function even when
broadcasters and other expensive fixed communications systems fail.
There is a growing number of
location-based, real-time information
providers such as
a social networking service;
XM Radio's Emergency Alert 24/7,
and, my personal favorite,
a Google Maps mashup that helps New York City residents find usable
furniture off the street. In an emergency, all of these services could
switch to providing valuable, location-based information that would
eliminate the need for one-size-fits all evacuation plans such as the ones
that snarled Houston traffic during Rita. Equally important, ad hoc groups
could use these tools to fend for themselves on a
neighborhood-by-neighborhood basis, and communicate with other ad hoc
Let me conclude with a warning to
government: there really isn't a choice whether to embrace this kind of
networked homeland security system. Given the power of networked
communications and the science of emergent behavior, government has already
effectively lost control of the flow of information during emergencies. We
the people have the power at our fingertips to network
-- and human nature dictates that
we'll use it in an emergency. Also polls have shown that the public has lost
faith since Katrina in government's ability to protect us and,
simultaneously that we're taking more steps to prepare to help ourselves.
Bottom line: government can either
capitalize on networks and treat the public as full partners in prevention
and response, or we will simply take matters into our own hands and
In fact, that's already happening as we prepare for a flu pandemic.
When governments worldwide failed to plan ahead in time, an
ad hoc team of volunteers took
matters into their own hands and created
It quickly became the world's most comprehensive source of information on
the issue, as well as a forum for concerned individuals to help each other
prepare. The fact that it's self-organizing and anyone can post to it means
that inevitably, FluWiki contains some erroneous information. However, other
individuals are also empowered to correct those mistakes quickly, without
having to go through a convoluted agency approval process. In a situation
that is evolving as rapidly as this one, that could literally mean the
difference between life and death.
Networked homeland security has the
potential to overcome the public's
skepticism about government, to make the public powerful auxiliaries to
first cresponders -- real partners instead of pawns -- and to provide the
flexibility and "collective
intelligence" needed to cope with
fast-changing, unprecedented threats, from terrorists to disasters. Now the
only question is whether government will capitalize on it -- or be swept
aside as the people take things into their own hands.
What I have to say about my background may
leave you thinking that you're attending the wrong conference. Bear with me
-- I think you'll see why how I think and what I've done, and the types of
insights that people similar to me bring to the cybersecurity issue, may
alert you to some aspects of it that are typically not the focus of
traditional security programs -- but which I argue must be as we face
networked enemies in a networked age.
Now for those three things about me that may
make you look at your challenges differently.
The first is that I'm an
The second thing is that I am a
The third thing is that I'm
right-brained and intuitive.
Before you get too worried, let me explain why
these things relate to your work.
First, truth to tell, I'm not quite as ardent as an environmentalist as I
was earlier this winter -- especially when it comes to recycling! That's
when some good soul at the Worcester
Telegram and Gazette decided to do the right thing and put some paper
from a faulty data run on Boston Globe
subscribers' bank or credit card records in the recycling box. That paper
ultimately was used to bind copies of the Sunday
T & G, which meant that thousands
of us unwittingly had our credit card and/or bank account information
exposed to potential identity thieves. The papers had all sorts of elaborate
data protection systems in place, but ultimately one well-meaning individual
undid them, putting us at risk. As a result, many of us who hadn't been
affected by Bank of America, Citibank, Mastercard, DSW, Wells Fargo, and
Washington Mutual -- to pick only a few of the past few year's data security
scandals -- have now joined those victims in losing faith in the private
sector's ability to protect our privacy and our financial information.
87% indicated that they had asked a
company to remove their information from a marketing database.
65% had declined to register at an
e-commerce site because of privacy concerns.
Secondly, as I said, I'm a political liberal.
One of the ways that manifests itself
relating to cybersecurity is in my outrage that President Bush, on one hand,
trumps the Constitution by unilaterally authorizing domestic wiretaps
without going to the FISA Court for authorization. As we found out last
week, on the other hand, he can unilaterally declassify information in
order to leak it for political reasons.
That, combined with my suspicion that one
of America's most recognizable politicians, Sen. Ted Kennedy, was put on
the No-Fly list, and had a heck of a time getting off, has eroded my
confidence in the objectivity and protections in government data collection
64% believed that federal agencies were
intruding on Americans' privacy rights in investigating terrorism.
44% were worried that the Bush
administration would go too far in compromising constitutional rights in
order to investigate terrorism.
Combined, these manipulations of data mean
that, beyond the objective challenges you face to improve cybersecurity, you
now have an additional burden that's not in your job description: convincing
many of us that cybersecurity isn't highly fungible, subject to threats
ranging from unintentional sabotage by well-meaning recyclers to sloppy
management practices to political manipulation at the highest levels that
make a mockery of lofty statements such as the National Strategy to Secure
Even worse, in the eyes of the general
public, these incidents are cumulative. The real differences between
improper use of personal financial data by industry and governmental data by
security agencies are blurred if not forgotten. One breach becomes the same
as another, and everyone gets tarred with the same brush. Is that fair? No,
but you must deal with it.
Now, for the third thing about me that relates
to your mission. I was attracted to the homeland security field after 9/11
for reasons quite different from most of you.
I want the people who analyze data that
might be relevant to national security and critical infrastructure
protection to be like you: detail-oriented, methodical -- and willing to
keep at it day in and day out, year after year.
By contrast, I'm
not a demon for process, procedure
and accuracy. What attracted me to this field was the concerns raised soon
after the terrorist attacks about "failure to connect the dots," to find
patterns between seemingly unrelated information, find holistic solutions to
complex problems that interweave many seemingly dissimilar threads. That's
something that, because of my right-brained, intuitive approach, is second
nature for me. In fact, I had connected the dots for
Fortune 50 companies during many
years as a private sector crisis consultant. I suspect that, just as what
you do day in day out is black magic to me, you might find what I do to be
of little or no interest -- or just plain mysterious.
So why are the differing ways that I
suspect you and I process information relevant to your challenges? Four
years ago, after speaking at a homeland security conference in DC, I found
myself sitting at lunch with 8-10 veteran civilian DoD analysts. At some
point during the lunch -- don't ask me why: maybe the chicken was bad --
their conversation turned to Myers-Briggs personality profiles.
It was not surprising to me at all to find
that, with only minor variations, these men and women were almost all the
same Myers-Briggs profile: Introverted, Logical, Thinking, and Judging, or (ILTJ)
-- ideal personality types for analysts and detail-oriented challenges. I
suspect that many of you, if you've had a Myers-Briggs, found that your own
thinking styles were similar to theirs.
By contrast, it's no wonder that the
physical and cyber security fields don't have many people like me -- the
ILTJ's polar opposites: ENFPs: Extroverts, iNtuitive, Emotional and
Perceiving. One description of ENFPs will give you an idea of the problem:
"ENFPs may find it difficult to work within the constraints of an
institution, especially in following rules, regulations, and standard
operating procedures. More frequently, institutional procedures and policies
are target to be challenged and bent by the will of an ENFP".
So, why the heck are my quirks relevant to the
Center for Reliable Information Systems and Cyber Security's mission of
"fostering collaboration between researchers from different colleges,
building partnerships with industry and other colleges, and reaching out to
the community to increase knowledge, awareness and education in cyber
Because we face challenges
unlike any we've faced in the past. We must respond in different ways, ways
that will require the ILTJs and ENFPs, the political liberals and
conservatives, the security skeptics and the security hard-liners.
Think about the current security threat.
It's not a group of programmers in a 1960's-style Soviet gulag working in
lockstep to break our codes because their very lives depend on it. Instead,
a motley crew of teenage hackers in
bedroom communities whose motivation is the intellectual challenge of
cracking a system
organized crime rings in Eastern Europe
Islamic fundamentalists with an
ideological zeal to bring the Great Satan to its knees.
and many others
The fact that they aren't tightly integrated
in a hierarchical chain of command, and, in fact, may be as contemptuous of
each other as they are of us, is irrelevant. It is the cumulative impact of
these self-organizing, self-directed networks that makes them so effective.
In part that's because a networked enemy can not only use a technology
network such as the web to communicate between themselves, but also is more
effective than a hierarchy could be in bringing down that very network,
because they don't concentrate on a single point of failure, but on multiple
points at the same time.
realized the transformative role of networks in the 1990's, due to the work
of two Rand Corporation researchers, John Arquilla and David Ronfeldt. In
1993, they coined the term "netwar."
Arquilla and Ronfeld wrote that the
information revolution is "altering the nature of conflict across the
spectrum." Communications technology gave small groups who communicate,
coordinate, and conduct their campaigns in a networked manner, without a
precise central command, an advantage over hierarchical forms. Logically,
Arquilla and Ronfeldt said that it takes a networked defense to fight a
networked offense. Their approach is now an accepted part of Pentagon
The second aspect of the evolution of networks
arguing for a networked cybersecurity strategy is the nature of the
communications technology that you and I increasingly use on a daily basis,
from cell and camera phones to Wi-Fi laptops and GPS in our cars. These
devices are increasingly IP- and packet-based. That means the resulting
networks are decentralized, self-organizing and self-healing -- they don't
depend on central authorities or facilities. It also means that they are
increasingly ubiquitous, combining more types of information into a unified
whole, and therefore a more inviting target to hackers and terrorists,
because disrupting them will affect every aspect of our lives. And, the more
disparate elements are interwoven into the network, the more opportunities,
especially at the fringes, present themselves for disruption, hence the
growing concern about cell phone viruses, PIN thefts, and related threats
outside the firewall that can trigger problems behind the firewall.
The final networked component, and the one that I hope becomes a key
strategic focus of the Center for Reliable Information Systems and Cyber
Security, is networked behavior.
argue that the key to robust security in a networked age is networked
thinking, and that's where melding the diverse talents, insights and
priorities of the intuitive and intellectual, liberal and conservative, must
come into play.
We must replace the old hierarchical,
topdown model with a bottoms-up one dominated by smart swarms.
case you haven't heard the term, it is the outgrowth of research at the
Santa Fe Institute -- home of much of the pioneering work on chaos and
complexity theory -- on emergent behavior, first observed in lowly ant
hills and bee hives, and now found in human society as well.
Emergent behavior is a phenomenon in which a higher-level of behavior and
thinking spontaneously emerges from the acts of a large number of individual
actors -- action that is more than the sum of its parts.
happy to report that emergent behavior is already playing a critical role in
saw a dramatic example of this phenomenon just last week.
Coverity (a firm that does automatic analysis of code to quickly identify
defects that might cause catastrophic crashes), Symantec, and Stanford have
a contract with the Department of Homeland Security to analyze defects in
open source products such as Linux, Apache, and my SQL. Why? Because these
programs are so widely used today, so flaws in their code might be exploited
In the first seven days after it was
publicly announced, more than 200 open source developers registered to
gain secure access to the online defect database that Coverity had
This smart swarm of independent
developers fixed more than 900
defects during the first week, more than 5 bug fixes per hour.
Samba, a widely used open source program
used to connect Linux and Windows networks, showed the fastest developer
response, reducing software defects from 216 to 18 in the first seven
Perhaps the most dramatic example was
the Amanda backup and recovery software project. During that week, its
developers eliminated all software defects that Coverity had found. In
fact, they quickly released a major version, 2.5, to mark the fact that 0
outstanding defects remain.
Contrast that rapidity of response with what
would seem on surface to be a much more easily-revised program: Windows.
After all, Microsoft has many more coders on its staff and it can order them
to make changes or lose their stock options rather than having to cajole a
bunch of free agents and free spirits with only pizzas to offer as
inducements, as is often the case with open source projects.
evidence is incontrovertible: Smart swarms improve cybersecurity.
In the new security paradigm, not only will we
use smart swarms to improve the security products themselves, but the
resulting software will also encourage smart swarms when they are applied,
It's too bad that Charles Jennings of Swan
Island Networks couldn't be here to describe in depth the work they've done
in this regard. It ain't no coincidence that one of the company's two
primary products is called SWARM: Jennings is very much a pioneer in
applying emergent behavior to software.
SWARM® is an
over-the-Internet communication system that allows a central authority to
maintain persistent control over highly sensitive information, rich media
(text, audio, video, dynamic mapping, etc.) and alerts while distributing it
to trusted users on a real-time basis. SWARM also introduces robust security
features for non-repudiation and security monitoring -- all within a
dynamic, components-based security framework.
Perhaps most innovative is a unique "poison
pill" content erasure feature -- not unlike the Mission Impossible
self-destructing tapes, making it ideal for coordinators during an emergency
to, for example, give short-term, limited access to classified information
to individuals who don't have security clearance but who must have that data
at that precise moment to cope with a situation. The issuing authority can
impose limits on whom, if anyone, the recipient can share the information
with, and how long they can possess it -- at which point the data vanishes.
Each SWARM includes a closed-loop, highly
secure "last mile" connection to a unique community of known users, making
it easy for individual swarms to federate with each other, and to exchange
information in standard data formats.
Fighting terrorism or disasters requires
rapidly evolving collaborative action among players who may, under normal
circumstances, be separated by organizational, jurisdictional, and IT
boundaries. SWARM can actually provoke higher-level, smart swarm behavior by
enhancing communication pathways among members of these ad hoc, yet trusted,
communities of users. It does this by adhering to a few simple rules about
information access and targeting, by integrating rich feedback loops from
individual members, and by issuing new software releases every 90 days,
co-evolving with its users.
called a visionary, but I'm also a realist.
Building the kind of smart swarm approach
to cybersecurity that I've described won't be easy. We right- and
left-brained people see the world, and our jobs, in fundamentally different
ways. We process information differently, and we speak differently. We don't
always understand each other.
Yet, I argue that we have no choice but to
collaborate and overcome our differences. The nature of the networked enemy
we face requires the best of both of us: your attention to structure and
detail, and our attention to how those dots fit together. The threats will
change constantly, as will the tools both we and our opponents will use.
Only through a flexible, dynamic and robust networked strategy will we be
able to counter the flexible, dynamic and robust network enemy we face.
I, for one, look forward to the challenge,
and to working with you.
W. David Stephenson is a
leading homeland security and crisis management strategist and theorist. He
created the "Pandemic
Flu Survival Guide" as well as the "Terrorist
Survival" suite of programs that put all the information
necessary to prepare for and/or respond to a terrorist attack in an easy-to-use data base for handheld devices. He also
* innovative use of technology, especially to leverage the billions of
dollars of mobile communications technology, from cell phones to Wi-Fi
laptops, that is already in individuals' hands
* how to create "smart mobs" that can fend for themselves
* community education and empowerment
* win-win collaborations between government and the private sector that
provide both security and economic benefits
* bio-terrorism preparation
Stephenson is a frequent speaker on "outside-the-box" thinking at national
and international homeland security conferences. He taught courses in
security management and issues in technology and criminal justice in the
Criminal Justice Department at UMass-Lowell, and before that, taught
internet strategy in the continuing education program at Bentley College.
Stephenson's expertise also includes organizational transformation through
the Internet, corporate issue management, and new economic and environmental
His articles on homeland security, crisis management, new economic
paradigms, and advanced technology have appeared in publications including
Federal Computer Week, Network World, The New York Times, The Journal of
Homeland Security, Tech Central Station, The Boston Globe, MassHighTech,
Profit, and Collaboration, and The Los Angeles Times. He previously wrote
the "Future File" column for the MetroWest Daily News.
Before entering the homeland security field, Stephenson provided
award-winning crisis management, community relations, and public
relations/marketing services in the environmental and renewable
energy/energy conservation fields. Stephenson created Web-based strategies
for companies and organizations in the energy, health care, education,
development and environmental fields.
Stephenson served on the boards of MassNet, 1000 Friends of Massachusetts,
Urban Solar Energy Association,the Charles River Watershed Association, and
the Massachusetts Residential Conservation Service. He drafted and won
passage of the Massachusetts law requiring labeling of plastic packaging to
encourage its recycling.
Stephenson began his career as an associate producer and writer of
award-winning documentaries at WCVB-TV. He was speech writer, assistant
press secretary and press secretary to former Governor Dukakis, and the
Lahey Clinic's communications director. He was vice-president and director
of public affairs at one of New England's largest public relations firms.
Later, he was a director of strategy services at several leading web
strategy and services firms.
Stephenson won awards for New England's best campaigns of the year in public
affairs, politics, and crisis management. He earned a B.A. from Haverford
College, and a M.A. from the Newhouse School at Syracuse University, where
he was a University Fellow.
I know you’ve all been
waiting with bated breath, so the wait is over: it’s time for
another “21st century disaster tip you WON’T hear from officials.”It
ain’t feelin’ like Spring here in the Hub of the Universe today —
cold and with high winds — but the calendar says it’s Spring, so
that means it’s time to put some ICE in your cell phone (BTW: if
that sentence made an ounce of sense to you, you’re going to have to
repeat Logic 101 next semester.).ICE, you see, is an acronym for In
Case of Emergency.
1. put several ICE listings in your cell directory ICE-1, ICE-2,
2. under each of them put the phone # of another family member or a
friend who you’d want called in case of emergency.
If there is an emergency and you’re unable to communicate, first
responders will (we hope: the concept is voluntary, so part of your
homework, boys and girls, is to let your local officials know about
it, so they can make certain police, fire and EMTs know to check the
listings) check your ICE listings and then until they’re able to
reach one of your emergency contacts, tell them about where you are
and your condition, and ask whether you have any particular chronic
conditions and/or medications that should be considered in caring
So put some ICE in your cell phone, tell your family and friends to
do the same!
Sprint has just announced its
Sprint Family Locator
service is now usable on all Web-enabled Sprint phones. It allows
family members to locate other family members — especially children
and the elderly. The contacted phones don’t have to be Web-enabled —
more than 100 other non-Web enabled phone models sold by Sprint can
The system uses GPS to locate the other phones. For
example, according to Sprint’s news release,
“Parents can login on their phone or a PC to
locate a child on an interactive map, even when the child is
using their phone to make a call or send a text. The service
also gives the address, surrounding landmarks and accuracy of
the child’s location within a specified radius, along with the
ability to click to call or send a text to the child directly
from the service. Additionally, the service enables a parent to
set Safety ChecksSM at certain landmarks such as a school, home,
or relative’s house, at specified times. The parent is
automatically notified whether the loved one is near the
specified landmark at the set time, providing “hands-off” peace
of mind. “
The feature costs $9.99 per month.
Even though this service is proprietary to Sprint,
I think it merits inclusion in my list of “21st-century
disaster tips you WON’T hear from officials”,
because it fosters use of social networks in an emergency, offers a
texting option that’s more likely to get through when bandwidth is
limited and because it offers real-time, location-based information
that can be critical in a rapidly-changing situation — and could
foster collaborative response by a family to a crisis, encouraging
“wisdom of the crowd” to emerge. I expect other carriers will offer
similar programs in the future.