Scott McPherson's Web Presence

Or, Ike for the YouTube generation.

Patrick Thibodeau works quickly!  The Computerworld senior editor was just on the phone with me last night, asking me about Gartner analyst Ken McGee's exasperation at IT's lack of pandemic planning.  I feel his pain.  Here's the link to the Computerworld article:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026179&pageNumber=2

What was left out of his excellent article was my YouTube version of Ike's planning adage.  Dwight D. Eisenhower said, "The plan is useless; it's the planning that's important."  Or, as the YouTubers would say, "Plans suck.  Planning rocks!"

For a guy who had to plan the whole enchilada called World War II in Europe, or more accurately oversee all the planning, we should heed his advice.  Here was a guy, the project manager for the biggest undertaking in world history, and he certainly had his share of ups and downs (anyone who has read Rick Atkinson's superb history of the American Army in North Africa, An Army at Dawn, can see how Ike grew both as a planner and as a leader of men and women).  Ike's point is that plans will fail, but a mature planning process will help you prevail.  An excellent link is this one: http://findarticles.com/p/articles/mi_m3257/is_11_59/ai_n15863428 .

A major State agency recently decided to hire an expensive consultant to write its disaster recovery and COOP (Continuity of Operations) plans.  What a mistake!  Where will this rich and influential consultant be when the winds blow, or the people fall ill, or the building catches fire?  Somewhere in Cancun, probably.  Hiring consultants to write your DR/COOP plans is like hiring mercenaries to fight your end of a civil war.  Where's the skin in the game?  What lessons are learned by your staff?  None and none.

Your people are your greatest asset. Leverage them to write your plan.  Think business processes.  Think how you can innovate your organization's way around those potential showstoppers.  Remain flexible.  But for God's sake, don't outsource your planning process!  Else you will fail.  Certainly use consultants to facilitate the planning process; the meetings; and perhaps use them to scribe the entire process.  But if you use consultants to come in, interview everyone and then write a plan all wrapped up in a pretty little silk bow, you are doomed.  For when that plan begins to unravel (as all plans do to some extent, in wartime and in times of great stress and confusion), then you are absolutely toast.  And so is your organization.

You have heard of the "Fog of War,"  the cloud of uncertainty and doubt that takes place in every battle, when even the most meticulously laid plans begin to wither in the face of uncertainty and stress.  That is precisely what Ike is speaking of.  A mature, robust planning process with veteran decision-makers thinking on their feet -- now THAT is what the process is all about!

I recall a scene in Clint Eastwood's classic film Heartbreak Ridge, when Everett McGill's character orders Eastwood's Gunny Highway to set up an ambush at a specific location.  Sergeant Choozoo, an observer, remarks sardonically, "It's always good to know where and when you'll be hit."

The consultants aren't THAT smart!  Nobody is. 

Good news for fans of the CBS serial drama "Jericho," and to fans of good television everywhere:  The series returns to CBS this week. 

If you are not familiar with Jericho, or the phenomenon that brought it back from the dead, allow me to briefly get you up to speed.  Jericho, Kansas is a fictional town that is caught in the crossfire of a terrorist act, as the terrorists detonate an uncertain number of nuclear bombs across America.  When the Denver nuke explodes, it plunges Jericho into a post-apocalyptic world of uncertainty, rumors, and forced self-reliance.  Where is the government?  What is happening in the adjacent towns?  Who bombed America?

Those thoughts give way to a more pressing and even more deadly situation: One of the adjacent towns, New Bern, has none of the natural resources Jericho has.  Jericho is blessed with an abundance of farmland, fresh water and a huge salt mine.  New Bern is apparently only "blessed" with a paranoid lunatic charismatic sheriff, located somewhere on the false messiah barometer between Jim Jones and Hitler, who has taken the town over.  New Bern's only deliverable appears to be the ability to manufacture crude mortars and ammunition.  And they plan to invade, and conquer, Jericho.

Interspersed within this story are many intriguing subplots, some romantic, some involve deceit, infidelity, intrigue and possible treason, and some involving politics.  in other words, something for the entire family!  One continuing subplot involves the once-mayor, Johnston Greene, played in Emmy-caliber fashion by Gerald McRaney.  Greene has been defeated for re-election, partly because he is so focused on keeping the town together, he did not bother to campaign.  The populist themes of his victorious opponent give way to grim realization that Greene has what it takes to lead and the new incumbent does not.  He gives Greene authority to organize and train the Jericho townspeople to defend their territory against interlopers (rogue mercenary types with clear hints at shadowy, Halliburtonesque connections) and, ultimately, against New Bern's invasion force.

Which is where the first season ended:  With chaos, the fog of war, and the hint of some sort of New American intervention to stop the conflict before it gets any more complicated.

And that is where CBS stepped in, said "Nope, show's over, folks, nothing to see here, move along."  Only the people did NOT move along.  People got on the Internet and got busy.  Almost overnight, once CBS revealed it had cancelled the program, viewers rebelled.  Several "Save Jericho" sites sprung up.  Those sites began linking, and collaborating, with each other.  Finally, in a simple masterstroke, someone linked the seminal, pivotal line in the New Bern invasion story thread to the effort.  New Bern's sheriff sends a walkie-talkie to Jericho's leaders.  They demand surrender.  The response:  A history lesson in the Battle of the Bulge, when the American Army's 101st Airborne Division was surrounded by the German army at Bastogne in December 1944.  The German commander called for the Americans to surrender.  General Anthony MacAuliffe responded in one word:  "Nuts."  So says Jericho to New Bern: "Nuts."  And so said Jericho's fans to CBS. 

Thus began the most creative save-the-program effort in American television history.  The Websites linked to a nut company that ships and delivers nuts.  Within a matter of days, the president of CBS Entertainment was buried under 40,000 pounds of nuts, all sent by enraged Jericho viewers.  In her reply to the fans of the series, Nina Tassler, President of CBS Entertainment, said the following:

Jericho is a serious television program for anyone who enjoys good apocalyptic fiction, science fiction, or survivalist fiction.  Anyone in a post-9/11 world who speculates on what life would be like if "The Terrorists Win" should view this program.  Anyone who ever read "Alas, Babylon" will flock to this show like crazy.  And the emergency management types and homeland security types should consider this as a ripping good yarn!

This Friday night, the pilot airs, followed by the "catch up show" before the series was forced to take a break while new episodes were filmed. Then the second half episodes of Season One will air in successive weeks.  Good news for a fine entertainment that was damaged by bad scheduling (it ran against pre-Idol shows on Fox) and premature discarding by a network that should have known better, but was willing to listen and to reconsider. 

With apologies to David Letterman, here is a quick list that you can keep handy and use to win arguments on the likelihood of an influenza pandemic. Feel free to add to this list, but it is written to be easily and quickly understood.

Top 10 reasons why we have not seen a pandemic since 1968:

10. The H5N1 virus has not “made it” around the globe – at least we have not seen high-path H5N1 yet in North America (at least none that any authority is willing to admit).

9. Surveillance of poultry and wildfowl, including aquatic wildfowl, has improved exponentially since 1968.

8. Rapid typing of influenza genetics allows public health officials to quickly make good decisions and move decisively to contain virus.

7. Education campaigns help to better promote awareness, especially in nations where H5N1 is becoming endemic. So when people get sick, or poultry gets sick, people are now a little more likely to report it.

6. Mass culling of poultry has beaten back the virus many, many times around the world. One major influenza researcher even went so far as to state that a pandemic strain of H5N1 has probably already died with a mass cull somewhere in this world.

5. Financial compensation for culled poultry helps convince some farmers to report deaths of poultry to the authorities.

4. The neuraminidase inhibitor antivirals (Tamiflu in particular) have been repeatedly effective in reducing H5N1 symptoms and ultimately in saving patients, but only in cases where a) the virus may not be as lethal, and b) when administered within 24 – 48 hours after onset of symptoms.

3. The WHO and global health authorities are ready to fly in supplies and “stamp out” outbreaks quickly. The August, 2006 “Tamiflu blanket” of 2,000 Indonesian villagers in four separate hamlets serves as evidence of the ability of public health authorities to combine Reasons #9, #8 and #5 into a coordinated action plan.

2. The Hong Kong government’s 1997 action to cull every bird in the city as the first suspected human-to-human transmission of the “new” H5N1 virus probably saved the world from a pandemic. Saved, or at least delayed the pandemic.

1. Global seasonal flu vaccine programs -- and the WHO's trying to pick the "Super Bowl winner" of three viruses (two Influenza A's and one B for the trivalent formula) in the February before the upcoming flu season -- have proven pretty accurate.  They miss the B formulation more often than they miss the A, but still it has helped reduce the amount of seasonal flu, which helps reduce the potential for a pandemic.  After all, each of us is a potential "mixing vessel" for a reassortant pandemic strain..

co-#1: We are damned lucky.

Top 10 Reasons why, despite all these efforts, we will still have a pandemic one day and probably soon.

10. H5N1 is becoming endemic in many parts of the planet, especially where people live in close physical proximity to poultry.  It is a mutating fool and cleverly defies attempts to kill it.  It is a supremely adept player at "King of the Mountain," which is the game all influenza viruses play.

9. Financial compensation for culled poultry helps somewhat, but the amounts paid usually are far short of actual losses incurred. If farmers do not feel that reporting avian flu losses are worth it in financial terms, they may (and already do) decide not to report the infections – unless their own family members become infected.

8. Smuggling of poultry, exotic birds and fighting cocks continues to accelerate. While not likely to be a principal source of spread of the disease, smuggling can nonetheless cause new outbreaks (ask the Vietnamese about their own “Ho Chi Minh Trail” issues along their border with China).

7. Modern industrial farming practices may actually and inadvertently encourage the spread of virus. Even a tiny particle of virus, trampled underfoot and brought into a poultry shed by a worker or farm machine, can kill thousands of poultry. And if left unchecked, even a “low path” avian flu can incubate, recombine with itself and emerge as a lethal, highly pathogenic influenza virus.

6. Despite the best 21^st Century medicine and technology, avian flu of all types continues to spread and the frequency continues to accelerate. Witness the recent outbreaks of H7N2 in the Delmarva (Delaware, Virginia and Maryland) peninsula of the United States (2004), the H5N2 outbreak in West Virginia (2007), the outbreak of H7N7 in the Netherlands and other parts of Europe which killed a veterinarian and infected at least 89 people via human-to-human transmission and possibly hundreds more (2003), and the outbreak of H7N2 in Wales which also infected 17 humans (2007).

5. Globalization has also inadvertently encouraged the spread of virus. Witness the Bernard Matthews disaster of early 2007. Hungarian-raised poultry, shipped to England for processing, carried high-path H5N1 with it. This was introduced into one shed, and then workers carried the virus to three adjacent sheds. In the end, over 160,000 turkeys had to be killed and disposed of. The Hungarian poultry were contaminated, in all likelihood, by wildfowl droppings laden with H5N1 virus that were carried into turkey sheds.

4. Migratory wildfowl continue to transport the H5N1 virus, along with every other flu virus known to Humankind, in their bellies. Migratory wildfowl are the custodians and reservoir of avian influenza. As they shed virus, it either dies or is picked up by other creatures.

3. H5N1 has jumped the species barrier. In Indonesia, a study postulated that up to 20% of all stray cats in the archipelago nation showed antibodies to high-path H5N1. That means cats can be asymptomatic carriers of the most potentially lethal virus ever seen. The Indonesian television videos of Army regulars accompanying healthcare workers into residential neighborhoods to swab the mouths of housecats is chilling.

2. The only continents where H5N1 does not have a strong foothold are the Americas, Australia and Antarctica. H5N1 can be found from sub-Saharan Africa to the Middle East, most of Europe, Asia, and Indonesia. Only in Europe has human death not yet occurred from H5N1. Unfortunately, that statistic can be wiped out with a single transcontinental or transoceanic airplane flight.

1. History is against us. In the past 300 years, no fewer than ten influenza pandemics have ravaged the world. Some, such as 1918’s Spanish Flu and the pandemic from 1562–1568 were extremely lethal. The 1562 pandemic may have had a death rate higher than 1918’s, which is almost unthinkable. Others, such as 1889’s, had a less lethal but still severe effect on the planet.

The events of the past two weeks reminds us that H5N1 is the virus that will not go quietly into that good night.

A quick trip around the globe reveals new human infections in Indonesia and Egypt, and further research shows us that suspected influenza infections in both nations are many times higher than the official reports of confirmed H5N1.  Whether these are just precautionary tests ordered by suspicious and diligent health care workers, or truly worrysome symptoms from possible victims, or both, the simple fact is that across much of Asia and the Middle East, people are scared.

But the biggest news of the past two weeks is undoubtedly coming from the Czech Republic and Germany.  Wild birds and poultry in the Czech Republic are testing positive for H5N1, and German swans are dying again.  Unfortunately, some of those swans are dying in a lake in the middle of downtown Nuremberg!  Leipzig city workers are also finding dead wild birds.

Scientists speculate that Germany may become a host nation for H5N1, if the disease is not already considered endemic to the region.  It is only a short flight from the locations of the two cases to points in the Czech republic and Hungary, which has also had its share of H5N1 in wild birds and poultry this year.

The takeaway from this latest series of incidents is the incredible pervasiveness of the Qinghai strain (clade 2.2) of H5N1.  In just two short years, from its discovery in the thousands of dead birds at Qinghai Lake in China this time in 2005 to the present day, Qinghai has moved west across Asia where it infects poultry and kills humans regularly, to the north and the suburbs of Moscow where it infects poultry, to the Middle East where it infects poultry and kills humans regularly,  to sub-Saharan Africa where it infects poultry and has killed humans in Nigeria, and now returns to Europe, where an outbreak in poultry in France, Germany, and other nations in 2006 was especially worrysome.  What an amazing travelogue.

This virus is not going away. It is stretching itself further west and south, and it defies efforts to contain and eliminate it. 

You know, you gotta love the Department of Homeland Security.

Anyone who has ever had intergovernmental dealings with Washington knows that the Federal government has a tendency to, well, to talk down to everyone.  I have had many, many dealings with "the Feds" over the years, from cybersecurity to the Census to you name it, and their collective attitude is astounding.  I don't know if it is endemic Washington culture, or some belief that the Federal fecal matter does not stink, but it is amazing that an entity that tells state and local governments how to run their business apparently cannot run its own business.

Two recent stories -- completely separate subjects -- collectively speak to this dysfunctionality in the agency charged with the responsibility of protecting We, the People.  First was the revelation that Mister Self-Important XDR-TB guy with the Hottie Wife actually was let back into the United States, despite every attempt to keep him out.  The DHS border guard who deliberately ignored the flashing computer screens (For God's Sake, Don't let This Guy In!) and waved him across, saying later "Duh, he didn't look sick!", shows that for all its hubris, DHS apparently can't guarantee we are intercepting important messages and acting on them quickly.

Then comes this juicy little ditty, listed below.  Whenever I attend IT conferences, the panelists always seem to include an array of Federal IT "geniuses," strolling onto the stage with supreme self-assurance, and I am reminded of the line from Bowie's classic line from China Girl, "I stumble into town, like some sacred cow."  Building a cult of personality and protecting turf are far more important, apparently, than protecting the public and the public interest.  The Feds are always quick to administer advice, but are the last to take it. 

PS, the only guy running for president who even addresses these issues is Fred Thompson.

Lawmakers assail DHS cybersecurity

The Homeland Security Department’s IT security posture came under fire from lawmakers after the Government Accountability Office found “systemic and pervasive” problems.

At a hearing yesterday, House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology members grilled DHS chief information officer Scott Charbo about the state of the agency’s cybersecurity, including the U.S. Visitor and Immigrant Status Indicator Technology (US-Visit) program.

“[I]nformation provided by DHS suggests that the CIO is failing to engage in defensive best practices that would limit penetrations into DHS networks,” said Rep. Jim Langevin (D-R.I.), subcommittee chairman. “The department’s failure to implement the Einstein program, contracts with Sprint and MCI where the carrier has misconfigured the firewall, and other problems are quite disturbing.”

Charbo said the agency’s cybersecurity posture is getting better, but could not answer a lot of questions around the problematic configurations of DHS’ systems.

When Langevin questioned whether Sprint, MCI or even DHS’ National Cyber Security Division has audited the ISP providers, Charbo said while he is ultimately responsible for the security, the issue of auditing contractors is not a decision any CIO could make. Charbo said it needs to be addressed from a higher authority.

Charbo also couldn’t answer how long the vulnerabilities in the ISP have been open and when the last audit of the data network occurred.

Langevin once again called Charbo’s lack of response disturbing.

“It was a shock and a disappointment to learn that the Department of Homeland Security … has suffered so many significant security incidents on its networks,” the congressman said. “DHS reported to the committee that it experienced 844 cybersecurity incidents in fiscal 2005 and 2006.”

Langevin pointed out these included workstations infected with Trojans and viruses, a workstation infected with a Trojan scanning for port 137, which demonstrates that “individuals attempting to scan DHS systems through the Internet,” and PCs containing suspicious beaconing activity and a botnet that lets a hacker control the compromised computer.

GAO’s chief technologist Keith Rhodes said Charbo’s claim about auditing the ISP is incorrect.

“The Centers for Medicare and Medicaid audited their telecommunications contractor,” he told lawmakers. “We have reviewed the [ISP] at CMS, identified vulnerabilities and made recommendations.”

Charbo countered by saying just because there was an incident doesn’t mean there is success in breaking into DHS systems.

“We monitor routers on the edge,” he said. “If we find suspicious activities, we track it on our network and take care of it immediately. We do forensic analysis if we identify malware too.”

Rhodes said a lot of these problems could be fixed by improving DHS network configuration of specific hardware devices or software.

“There are zero cost fixes,” he said. “DHS has made some fixes, but there are others they could do.”

Rep. Bennie Thompson (D-Miss.), chairman of the full committee, asked Charbo whether the lack of cybersecurity for U.S. Visit made it vulnerable to hacking. Charbo said there was no evidence of any breaches.

But Rhodes said DHS does not have the controls in place to protect the system had there been an intrusion.

“If someone was smart enough to get in, they could get out and no one would know about it?” asked Rep. Bob Ethridge (D-N.C.)

Charbo said DHS has made some fixes to immediate problems, but they still are working with GAO. He said one example GAO recommended would be to encrypt their LAN, but he believes that wouldn’t be necessary.

“We encrypt the data going out of the network, but not while it is in the network,” Charbo said. “We will mitigate the risks and if there are easy controls we will sit down with GAO and discuss them.”

But Alan Paller, director of research for the Sans Institute, said Charbo’s rationale for not encrypting data on the LAN is faulty.

Paller, who attended the hearing, said one successful spear phishing attack would wreak havoc on the LAN.

“Spear phishing eliminates the perimeter defenses,” he said. “It could create a rogue tunnel out of the system through Port 80.”

GAO will issue a report on DHS cybersecurity problems in July, said Greg Wilshusen, the watchdog agency’s director of information security issues.

© 1996-2007 1105 Media, Inc. All Rights Reserved.