The Cybernetic State
2012/02/10
“The Cybernetic State” is a book written by Javier Livas and is available as PDF on request from the author. From the preface:
The emergence of a cybernetic State is now a real possibility, and most likely inevitable in the near future. This book sketches this information age organization and the cybernetic management principles on which it is based. As we shall see, many of its features are already present in embrionary form in the modern democratic State.
The description of the cybernetic State relies on the Viable System Model (VSM) developed by professor Stafford Beer and explained in several of his books. This model originates from control theory and the cybernetics of the human nervous system, and has been adopted and validated by management science. In this book the VSM is used to show the nature of the State.
The enormous explanatory power of this cybernetic map will show that Economics, Law, and Political Science, which have mostly been studied separately, actually refer to three different aspects of the same phenomena, namely the State. In this sense, the book attempts a synthesis of ideas that were born disconnected and remained so for a long time. Helpful insights about the evolution of economic, legal and political theory are a byproduct.
[via CYBCOM]
The five most important questions
2012/01/02
It was thanks to this post by John D. Cook on abandoning projects that I got interested in Peter Drucker. So I went to ebooks.com and looked up whether there exist any ebook versions of his works. I bumped into “The Five Most Important Questions You Will Ever Ask About Your Organization” which is focused on non-profit and social organizations. Being a public sector worker, the book seemed a natural candidate.
The book expands on an earlier 1992 version written by Drucker and contains essays by him and other experts in the field of management. All essays are centered around five basic questions which as Drucker writes it is important to ask:
“The most important aspect of the Self-Assessment Tool is the questions it poses. Answers are important; you need answers because you need action. But the most important thing is to ask these questions.”
The five questions are:
- What is Our Mission?
- Who is Our Customer?
- What Does the Customer Value?
- What Are Our Results?
- What Is Our Plan?
Non-profit organizations are about changing lives and these questions are a tool to achieve this. Even without reading the explanatory essays their importance is evident (as is answering them in a sincere way). And while the book itself is not a self-assessment tool for an individual, the questions themselves are a good start.
It is beyond evident to people that know me that the concept of organized abandonment is what I liked most in the book. I’ve been (unsuccessfully) advocating a similar stance within my employer’s organization for years but I had never seen it so clearly articulated until now. Plus this time it is not only me saying this, Drucker said that too, see? IMVHO, organized abandonment is the basic evolution mechanism for organizations (public and private sector).
This is definitely a book I will revisit in six months time. To evaluate its impact on my way of thinking within my own organization and to see whether I managed to pass anything along.
PS: I bought the PDF version of the book by mistake. Normally I try to read ePub versions on my BeBook Mini, but luckily in this case the BeBook rendered the PDF adequately.
A vision so noble
2011/12/14
Vasilis Katos at the 1st Athens Chapter ISACA Conference argued that we do not need cyber security experts, rather we need champions on the multitude of the different and complex areas that this domain encloses. He is not alone in believing this about experts. With the domain being new, hot and with commitment from Governments for financial backing of projects, the landscape is open for expertship claim. And since we are at the infant stages, many try to establish themselves as the strategists who set the pace, no matter how disconnected from reality they may be.
Whenever a new domain is introduced, until it is sufficiently comprehended people try to use analogies to make the connection. It is a no brainer then that since anything colored “cyber” starts to get a military approach, analogies with highly successful strategists of the past and relevant studies of them will appear. Think of it: Sun Tzu seems to fit every subject, from the battle ground, to sports, to (non military) management. I’ve seen efforts for both Sun Tzu (although far from a complete treatment) and Clausewitz and I am sure that others exist too. It is no wonder then that John Boyd and his OODA Loop would receive treatment too.
Since I found the OODA Loop concept interesting I set out to learn a bit more about it. This is not an easy task for a civilian for Boyd did not really leave much written work behind with the exception of a continually refined set of slides that when finalized took about 15 hours to present. To understand the loop, I read “A vision so noble” by Dan Ford. It’s chapter 2 contains a longer explanation of the OODA Loop than Wikipedia does and even includes a hand written sketch of it:
The OODA Loop as John Boyd sketched it toward the end of his life
For a more understandable version of the loop see the Wikipedia drawing and article.
Boyd is mostly an attacker and not a defender and indeed one can find cyber similarites in his work, where in page 40 Ford uncovered from his boxes:
Infiltration
* Blitz and guerrillas infiltrate a nation or regime at all levels to soften and shatter the moral fiber of the political, economic and social structure. To carry out this program, a la Sun Tzu, Blitz and Guerrillas:* Probe and test adversary to unmask strenghts, weaknesses, maneuvers and intentions.
* Shape adversary’s perception of the world to manipulate or undermine his plans and actions.
Purpose
* To force capitulations when combined with external political, economic and military pressures.or
* To minimize the resistance of a weakened foe for the military blows to follow.
Do not all the above match Cyber Warfare aims? So there exists value in studying Boyd and his tactics, but not a one-to-one mapping as many would hope that would make the transition to a cyber domain easier. The OODA Loop is there, one has to understand that it is not completely linear (OODA means Observation, Orientation, Decision, Action but you are constantly in an observation state that provides feedback) and is valuable.
Boyd believed that People not weapons win wars. Not very far from the observation that a good friend has made that people and not machines get hacked or my belief that people are the actual cyber weapons.
A good 70 page book based on Ford’s MSc Thesis that definitely helps expand our thoughts on the matter.
Off to read “The Dynamic OODA Loop: Amalgamating Boyd’s OODA Loop and the Cybernetic Approach to Command and Control” now.
PS1: An earlier version of Ford’s book seems to be available on Lulu as PDF.
PS2: Boyd on management
Nerves
2011/10/13
Shortly after the Fukushima accident Curt Monash tweeted:
Lester del Rey anticipated #Fukushima-like nuclear reactor crisis, nurse practioners, & some feminism, all in a great 1942 novella Nerves.
Note that Monash made a typo: It is a 1952 novel. Even though it is DRM “protected” I bought Nerves for €4.12. It is a science fiction thriller that takes place in an atomic plant during an accident.Sometimes it tired me while trying to explain science that had to be believable and yet so close to our timeline. The book however does contain useful managerial advice on extreme crisis management (and how to motivate your stuff to perform the impossible) and one of the best definitions of insanity:
He had lived in an impossible world where only absolute perfection counted, and where he refused to accept perfection as possible, even to himself! He had built his hate against the impossible into a constant churning force that whipped every tissue of him during all his life.
As a book it felt more like a late draft, somewhat unfinished.
Figure it out…
2011/09/16
“Figure it out, Cliff, and you’ll amaze everyone”, Dave said.
Or, how a $0.75 imbalance can markedly change your life.
The Cuckoo’s Egg, page 5
Strategic Cyber Security
2011/09/10
“Strategic Cyber Security” (which is available for download) is a book that states from the very beginning that computer security has evolved from a technical discipline to a strategic concept. To this end the author tries to examine four strategic choices: IPv6, Sun Tzu‘s “Art of War“, Cyber Attack Deterrence and Cyber Arms Control. The book is written for those people who read executive summaries. As such it can be seen as a long (very long) executive summary that often repeats itself. I cannot count the times Eligible Receiver is mentioned in the book, but it is now imprinted in my brain.
There is no technical coverage of IPv6 in the book. As such, discussion of IPv6 is limited to the vast address space that it offers which will give the opportunity to eliminate NAT, thus having better attribution capabilities on unauthorized connections. It also shows big faith on IPSec deployment as a means of stopping cyber attacks. The concerns about privacy invasion with the deployment of IPv6 are also mentioned, but not specifically. In fact most such concerns can easily be debunked by now. As a purely technical solution, I feel that IPv6 does not mix well with the three other choices that are examined in the book, given the fact (that the author also notes) that IPv4 will be with us for a long (very long) period of time.
I had thought of drawing parallels between the “Art of War” and cyber security a number of times, the last being when von Clausewitz was mentioned in Daily Dave. Ten specific points are discussed which do not fit to the cyber domain.
Thanks to the book I got to learn a few things about Deterrence Theory. Deterrence is based on two axis: Denial and Punishment. Denial means that those who control the strategic technology will deny you access to it, while punishment means that should you develop said strategic advantage countermeasures for other strategic players will be enforced.
The final choice discussed in the book, is the examination of whether a Cyber Arms Treaty can have some positive results (It so happens that there’s a wikileak relevant to the matter. If others exist, a more systematic treatment of these should take place). To examine the possible success or failure of such an agreement, the highly successful Chemical Weapons Convention is used. From the comparison there seems to be little room for success for limiting the development and use of “cyber arms”.
I found chapter 10 of the book the most interesting. It makes use of the Decision Making Trial and Evaluation Laboratory (DEMATEL) method in order to compare rank the four strategic choices. Unfortunately it is not very easy to locate online material about the original DEMATEL method, however there’s lots of available literature (and a lot of it by the Chinese) on DEMATEL variations used in health, agriculture and other areas.
To me learning about DEMATEL was the one thing I got from the book. The rest of it while interesting, was not equally appealing.
Logicomix για το iPad
2011/09/05
How I came to read “Inside Cyber Warfare”
2011/09/01
From time to time I am privileged enough to attend presentations on cyber warfare that are not so open to the public. In one of such presentations the speaker spoke of Schmitt’s criteria, a set of rules that can help a state decide when dealing with a cyber attack, whether it is an act of war or not.
I set off to learn more on Schmitt’s criteria and eventually found out that they are coded in “Computer network attacks and the use of force in International Law”. I contacted Professor Schmitt asking for a copy of the paper and he directed me to HeinOnline. It seemed that I should pay $30 for 24 hours of access on HeinOnline in order to download the paper. Serious books cost less than that!
So I decided to contact the person who gave the presentation from which I learned about the criteria. He recommended that I should read “Inside Cyber Warfare“. The ebook cost $30. It also happened that the very same day O’Reilly was running a special offer campaign to help the Japanese Red Cross and their Fukushima efforts, so I even bought it for less.
Whose is the loss now HeinOnline?
I cannot stress enough how much I loved “Inside Cyber Warfare”. The author analyzes recent Cyber War incidents, talks a lot about Project Greygoose and the insight that it offered to analysts. It details the three major cyber doctrines and strategies (Russia, China and the US) with lots and lots of references. It contains an analysis on the Law of Armed Conflict and how it correlates to cyberspace and in my humble opinion, it predicts both stuxnet and the RSA hack.
Jeffrey Carr (@jeffreycarr) tweeted to me that a second edition is in the works. I am eagerly waiting for it since the first one covers cyber conflicts up to 2009. And for the third. And for the rest of the editions to come. For this is a continuous book; a lifetime’s work. The landscape is changing rapidly and Jeffrey Carr has positioned himself as one of those few who can accurately and objectively depict it anytime.
PS: For those who want to read about Schmitt’s criteria, Denning’s “The Ethics of Cyber Conflict” is a good place to start:
When Does a Cyber Attack Constitute the Use of Force?
Not all cyber attacks are equal. The impact of a cyber attack that denies access to a news website for one hour would be relatively minor compared to one that interferes with air traffic control and causes planes to crash. Indeed, the effects of the latter would be comparable to the application of force to shoot down planes. Thus, what is needed is not a single answer to the question of whether cyber attacks involve the use of force, but a framework for evaluating a particular attack or class of attacks.
For this, we turn to the work of Michael Schmitt, Professor of International Law and Director of the Program in Advanced Security Studies at the George G. Marshall European Center for Security Studies in Germany. In a 1999 paper, Schmitt, formerly a law professor at both the US Naval War College and the US Air Force Academy, offered seven criteria for distinguishing operations that use force from economic, diplomatic, and other soft measures. (Schmitt, 1999) For each criterion, there is a spectrum of consequences, the high end resembling the use of force and the low end resembling soft measures. The following description is based on both Schmitt’s paper and the work of Thomas Wingfield, author of The Law of Information Conflict. (Wingfield, 2000, 120-127)
1. Severity. This refers to people killed or wounded and property damage. The premise is that armed attacks that use force often produce extensive casualties or property damage, whereas soft measures do not.
2. Immediacy. This is the time it takes for the consequences of an operation to take effect. As a general rule, armed attacks that use force have immediate effects, on the order of seconds to minutes, while softer measures, such as trade restrictions, may not be felt for weeks or months.
3. Directness. This is the relationship between an operation and its effects. For an armed attack, effects are generally caused by and attributable to the application of force, whereas for softer measures there could be multiple explanations.
4. Invasiveness. This refers to whether an operation involved crossing borders into the target country. In general, an armed attack crosses borders physically, whereas softer measures are implemented from within the borders of a sponsoring country.
5. Measurability. This is the ability to measure the effects of an operation. The premise is that the effects of armed attacks are more readily quantified (number of casualties, dollar value of property damage) than softer measures, for example severing diplomatic relations.
6. Presumptive Legitimacy. This refers to whether an operation is considered legitimate within the international community. Whereas the use of armed force is generally unlawful absent some justifiable reason such as self-defense, the use of soft measures are generally lawful absent some prohibition.
7. Responsibility. This refers to the degree to which the consequence of an action can be attributed to a state as opposed to other actors. The premise is that armed coercion is within the exclusive province of states and is more susceptible to being charged to states, whereas non-state actors are capable of engaging in such soft activity as propaganda and boycotts.
Sandworms of Dune
2011/08/31
After suffering the shock of reading “Hunters of Dune”, the final book in the saga was a lot better. Almost as good as the House Trilogy. It still is no match to Frank Herbert’s brilliance, but it proves that had Brian Herbert and Kevin J. Anderson devoted their time and effort to create just the final chapter of the Dune saga instead of creating a cash-cow, they would have achieved something comparable.
I guess I am not a talifan after all. Just disappointed.
