As my father said: From some, you learn what to do; from others, what not to do.
Oh oh – it seems someone is having trouble managing a project, and it’s a big one.
The Social Security Administration (SSA) is presently getting by in a 30-year old outdated facility, known as the National Computer Center (NCC) in Woodlawn, MD. Some of its support infrastructure, such as the UPS, is so old that there are no longer replacement parts available for maintenance.
Nearly $500 million in stimulus funding has been dedicated to building a new data center. As often happens, the project is a year behind schedule and the lag appears that it will get worse. Meanwhile, the old facility is filled with problems. This is no mundane “data center” – it is a facility that delivers annual payments of $700 billion to 56+ million Americans.
Fortunately, the General Services Administration (GSA) has found a location for the new home of a new state-of-the-art data center. It’s rather interesting to note that a significant part of the delay in prepping this new site is a concern over cost of electric power: government auditors “expressed concern” that not enough consideration was given to this cost.
I’m a little confused: Power is power (a kilowatt hour is empirical, no?), a data center is a data center (a proper project knows the size, scope, and power demands… no? Um, well, I guess, “no”), and the project is supposed to manage according to schedule and reality – right? That’s what a project does – that its whole purpose. Otherwise we wouldn’t waste our time shuffling all these schedules, resources and people.
I’m kinda guessing that the new site might be a bit removed from ready-access to efficient, affordable, power: Maybe they need relay stations, or boosters, or who knows what – but this would seem to be a failure of proper survey for where they are – what they really need, and where they’re going and thus resultant trouble in the middle: Getting there.
Kelly Croft, Deputy Commissioner for Systems at the SSA, provided some telling Congressional testimony this past February 11th. She cited the “dire need” for the new data center: “Without a long-term replacement, the NCC will deteriorate to the point that a major failure to the building systems could jeopardize our ability to handle our increasing workloads without interruption.” Further: “Despite all of our best efforts to preserve the NCC for as long as necessary, there is always the potential that a critical facility infrastructure system could suddenly fail.”
Risks and incidents are further illuminated by Croft’s recent testimony:
- There is No True Dedicated Power: “Employee office spaces in other areas of the building share the same power lines and HVAC system as the data center. This design problem means that a potentially isolated issue in an area outside the data center, such as a minor receptacle overload at someone’s workstation, could temporarily shut down some power to the data center and HVAC system.”
- There is an Aging Custom UPS System: “The UPS is not an off-the-shelf product; it was designed specifically for the building. While we have extended our service contract with the UPS maintenance vendor over the years, the vendor recently advised us that it could not guarantee repairs in the near future. The necessary parts are simply no longer available. If the UPS failed, we would have to bypass the system and deliver unconditioned power to the data center equipment, which could quite potentially damage the equipment. Replacing the UPS would require significant downtime at the NCC.
- Critical Cabling Problems: “Tangled cables can block the under-floor airflow that cools our servers, and we cannot work on the cables safely without shutting down the affected systems. Similarly, troubleshooting problems is difficult when we cannot isolate cable pairs easily to determine whether problems exist in the cables or in the IT equipment. There is also an elevated risk of data corruption, because electro-magnetic interference from the electrical wires that are located too close to the telecommunication wires can distort data transmission.”
- Leaking Water in the Data Center: “Last year, our facilities staff noticed water on the floor of one of the large battery rooms in the NCC. They quickly traced the source to a leaking water pipe in the room. Any water in close proximity to high-voltage batteries presents a serious hazard to the building and its personnel. In order to fix the leak, plumbers needed to expose the pipe and cut off the water supply. Unfortunately, without redundant systems, cutting off the water supply to the pipe also required cutting off the water supply to the large air handling equipment that is responsible for cooling our computing space. Since the air handling equipment had to be turned off, we had to actually shut down a portion of our national computing operations while making the repairs.”
Here in the Weave, I hope it’s obvious that there had to have been a failure in an ongoing survey of Where We Are (where they were) for the SSA. Always understand where you are, thus knowing where you need to go, and thus knowing how to get there – sanctioned and known projects, with assigned budget, resources, responsibilities, and sized expectations – all done on time, in time.
Knowing where you are – the status of systems, their longevity, their safety and security, their update, their schedule for replacement – is a critical factor in any organization’s surety. You must lead change, not mount it in a burst when critical infrastructure is failing: finding that water is not only near critical power sources, but leaking to boot; upon discovery that cables are tangled and unlabeled – what happened to “wire management” here? And so on…
On this day: On February 27th,1967 Pink Floyd released their 1st single “Arnold Layne”
I was introduced to a great bunch of people a few months ago, and I finally made one of their meetings.
In my case, I’m near Columbus, Ohio. I spent close to three hours there this past Wednesday evening – and still wanted more. There was a range of professional people: From academia to private business; from senior management to tech types; and folks of all ages. In taking full stock of technology’s delivery to business, with associated requirements and engagements, you couldn’t have asked for a more diverse, representative, and smart group.
There is simply no substitute for getting out of your own myopic box – that is, your organization, your travails, your granular wins, losses, and pressures – in engaging with intelligent and knowledgeable people. (And, I’m susceptible to “silo’ing” too).
We gain the benefit of hearing about all sorts of experiences, solutions, challenges… methods for persevering; what works and what doesn’t. And, there’s a fair measure of humor to be had… who can’t use that when lifting, sweating, and sometimes dancing in The Business-Technology Weave? :^ )
Kudos to the chapter’s President, Cara, and all involved. If you’re in the Columbus, Ohio area, stop in at the next meeting. Drag along your boss, co-workers, a friend or two from another organization… If you’re “IT,” get a business counterpart to come… and vice-versa for “business” people.
If we’re lucky, we’ll see each other there – I’ll look forward to it. I would like to hear about your solutions… your overall challenges.
The Association of Information Technology Professionals – regardless of location, check out your local chapter.
I think you’ll be very happy you did.
NP: The London Howlin’ Wolf Sessions – Chess LP; 1968 Thorens TD-125 turntable; Shure V15VxRM cartridge, signal chain to die for, Peerless drivers in ’65 Jensen cabs w/ original crossovers… those who know, know. :^ )
We’ve discussed the online perils of social networking on this blog before. Incidents not only continue to increase in number, but seem to involve those of higher profile as time goes by.
You may have missed it, but a CBS chief foreign correspondent, Ms. Lara Logan, was attacked while covering the power struggle in Egypt recently. Quite a few pundits came under fire for inappropriate comments, but journalist Nir Rosen became a high-profile case when he was pressured to resign his fellowship at New York University’s Center on Law and Security.
The story was well-reported by major news outlets. Post-resignation, Mr. Rosen himself weighed in. You can read Mr. Rosen’s rambling account right here, courtesy of Salon.com:
Perhaps this comment from Mr. Rosen is most telling:
“There’s probably some larger lesson about social media to be drawn here, and how its immediacy can be great in its power to connect us, but also a liability because something blurted out and not meant to be serious acquires a greater power.”
There is “probably” some larger lesson…?
I have some advice for Mr. Rosen and all who read this: People in 1747 understood that the written word carried a measure of potential penalty: No facial expressions are available to moderate what is being said when writing; there are no reciprocal facial cues from a recipient to allow adjustment, amendment, or apology for the communication’s style (even in the speed of the online world’s written missives); and there is no inflection in the “voice” of the writer.
Prudency used to dictate, particularly on touchy subjects, that one would write a letter, sleep on it, and review it next day prior to post.
Absent an exigency where speed is of the essence, my suggestion regarding e-mail and social media communication is to draft, review, modify as necessary, and review again… then send or post after a little thought: There is very real danger in a “stream of consciousness” post, and be particularly careful when engaging in live written chat.
Consider the peril that faces anyone: Employers are now stumbling on employees’ social media sites, and discovered disparaging information about them, the workplace, the customers/clients, and how much that employee dislikes the job. Guess what’s next? You’re fired.
Particularly for readers of this blog with children: Sit them down and discuss all perils of the online experience. It’s not just a matter of who is contacting them, or the warnings about keeping their passwords secure, and so forth. It’s also about the content that they place on the web, and the record they are creating that, rightly or wrongly, may cause others to assume negative character traits. Any web trail is hard to scrub.
And for some further perspective, you might want to make those kids aware of things such as this:
As to Mr. Rosen: Sir, you definitely need to grow up. It’s 2011.
On this day: In 1923, transcontinental airmail service begins.
I discovered an interesting article online: New Hacking Tools Pose Bigger Threats to Wi-Fi Users. The accompanying video from Hak5 is also quite interesting (provided for the hard-core tech types).
If you read the article, and watch the first 5 or 10 minutes of the video, you quickly realize today’s necessity for provocative security awareness.
Today, as I’ve stated oftentimes prior, everyone needs to be security conscious… all the time. It has to become second nature. Perhaps “first nature” is more appropriate, as here in the Weave we’re often discussing the need to look at every action and activity through a Security Prism.
The article delivered a realization to me: I was a bit surprised at the vulnerabilities posed by Facebook, and the associated lapse in security involving allied third-party applications and procedures there, as well as other referenced sites and social media. Of course, I’m always careful regarding social media – those are not exactly the arbiter, nor the advance-guard, for security. I maintain a benign presence on social media.
It should be evident by now that increasingly powerful tools for hacking are soon going to be available to the masses – paired with user interfaces that are designed for the same understanding, and ease-of-use, that allows any noob to send and receive e-mail.
Up until now, widespread havoc has been held in abeyance by the fact that most of the folks who harbor the raw skills to go the hacking route, use those advanced skills to hold down fairly lucrative jobs, and they put those skills to positive purpose. However, once the business of hacking comes to any person, regardless of that person’s direction, proclivities, moral compass… then look out: You’d better have very forward-looking security in place. Ah, now we’re starting to understand what I’ve been calling…
…a provocative security awareness.
Here are a couple early posts of mine on Security – worth a revisit:
Ah yes – I can see you’re starting to get it. :^ )
UPDATE: From ZDNet – Pace of Technology “overwhelms” security professionals
NP: INXS – Shabooh, Shoobah – on vinyl, of course. Hadn’t heard this in awhile; stumbled on a NM/NM copy at the local thrift.
I don’t do this too often, but I’d like to recommend a specific whitepaper from ArcSight (Full disclosure: I have no reciprocity with them whatsoever).
It’s available here, and requires registration. The paper is World-class protection for the mid-size organization.
The paper makes valid, timely, points that in a networked world, we suffer threat – if not outright breaches – from malware, viruses, etc. I can throw in malicious botnets, human error, mistakes in judgment, and so forth; all the while, organizations face increasing regulation and associated penalties. The vulnerabilities mount – and will continue to mount. Velocity of risk, anyone?
The article mentions, likely accurately, that most SMB (small-and-medium-business) do not have large dedicated security staffs – and what security staff does exist, is declining. And yet, the SMB enterprise has the same security burdens as their “larger brethren” – the securing of financial information, private customer data, intellectual property… et al., with the same legal and compliancy responsibilities.
I agree with all of that, but I offer something a bit unique (and have done so in the past, and will continue to do so). Make everyone in the organization a security officer. Technically, not an actual Security Officer, but rather people with an elevated awareness of security in general, and with specific knowledge of your organization’s security expectations, practices, regulatory burdens, and so on…
Can you do that? Is it possible to train employees to elevated standards of security?: To the focus, activity, care and results of strict security practices and measures?
The answer is not only “Yes” – the answer is “You have no choice.”
For small business – where money is tight, tight, and also oftentimes tight – find a smart, dedicated and ambitious employee to take on Security as an Additional Duty. Have that person develop a training plan, for awareness and prudent activity, as a start. Then, begin delivering Security Awareness Training – find your “affordable” schedule… monthy? Quarterly? Semi-annually? When and how often can you spare people for training attendance?
For medium business, you really need a dedicated security person, or personnel, with the attendant training and awareness. Larger enterprises already have an infrastructure of a department and associated activity – or you’d better, if you have any clue at all.
But for SMB and large enterprises, the most provocative idea is to make everyone a security officer: It becomes second nature for employees to screen every activity through a security prism: “I’m about to send information: To whom am I addressing it? Are all authorized to see it? Is my conduit for transmission secure enough?” Just as one qualifier of one activity…
Train every employee to have this regularized assessment going on for all activity, all handling of data, every customer touch, every vendor interaction, etc.
Today, the more complex and comprehensive the enablement, the larger any vulnerability’s window and subsequent impact. With new velocity of risk, scales of harm, and delivery of harm, whether deliberate or through human error, problems manifest with much more wide-spread impact.
Vulnerabilities must be managed, in providing protection from harm: In the realm of risk, unmanaged possibilities become probabilities. Probabilities always manifest.
Today’s total business reliance on comprehensive technical enablements requires provocative protection.
NP: Swinghouse – Gerry Mulligan / Chet Baker – Jazz24.org
A provocative article at World Net Daily states flatly that cyber war is imminent.
As any reader of this blog knows, I am very security conscious. I also believe that most organizations lag in their security awareness and associated practices. I see it all the time in my travels and consultancy. The good news is that often my very engagement with these organizations is for purpose of addressing their own, self-motivated, concerns: In other words, they suspect they’re lagging, and they engage me to spec up their systems and practices.
Given my own provocative awareness, I feel that even “cyber war” doesn’t quite go far enough in articulating the ultimate threat – particularly if we’re going to invoke the attack on Pearl Harbor as a parallel. (Review my arguments for replacement of standard Disaster Recovery policies and plans [a reactive brand, for sure] with Disaster Awareness, Preparedness and Recovery – here, and here).
Being that the surprise attack on Pearl Harbor ultimately touched upon the entire nation’s engagement to world war (direct combat, combat support, home-front engagement/sacrifice, etc.), a true Cyber Pearl Harbor would comprise… EMP.
Electro-Magnetic Pulse, delivered via an aerial nuclear burst, would eliminate all electricity, wipe out all data and processing, disable motors, disable all electronic communication, cripple emergency response – and beyond – in a considerable geographic area – up to and including an entire country. Revisit my earlier post on EMP for some good perspective on my thoughts.
Then, not to be a downer, consider this:
Prevention is key. Prevention starts with awareness – one of those Where We Are factors in determining and getting to Where We’re Going. Obviously, we want to go to some destination that we determine, not one that is determined for us… (The up and coming generation is going to have to mount DAPR principles and warnings on a national scale – to a degree not quite yet appreciated).
I think it’s possible to do all of this without being too draconian, and without sacrificing liberty and Constitutional principles… but only if we move ahead of, and guard against, threats.
Chapter 21 of I.T. WARS well-documents the challenges and what is required… now. And…
We must determine the future… before the future determines us.
Stay safe out there… Note to my friends in the Columbus area: Hope you can make it to my upcoming presentation at AITP.
On this day: The first adhesive postage stamps in the U.S. are issued on February 15th, 1842 by a private delivery company, in New York, NY.
Here on this blog we regularly consider a business-technology weave.
But we should recognize too that there’s a human-technology weave (well, I guess that’s obvious: Everything starts, proceeds and ends with humans, after all – at least from any particular human’s perspective!).
The human-technology weave is, among many things, one with heart pumps, artificial knees, and even implants that dispense medicine at regular intervals… (did you think I was going somewhere else with that?). We could go on and on… we influence the brain and mind with meds – and that certainly involves technology.
Human-technology weave? Sure. It exists… and… its potential is limitless. But what of a more integrated personal-technology weave? What if my smart phone’s content was implanted directly into my head for my mind’s ready access, as a tiny piece of firmware… with some sort of physical tethers into my brain? How about “dialing” and accessing a friend just by thinking about it?
Consider this article: http://www.time.com/time/health/article/0,8599,2048138,00.html
And then, have a look at this interesting YouTube clip: http://www.youtube.com/watch?v=X4Neivqp2K4
Speaking of mortality: I don’t feel bad about missing out on immortality: There will still be accidents, natural disaster, terror – the destruction of things; therefore all will still have to die someday.
Then again… I guess it’s likely that we’ll all be backed up! Although, I guess further that a backup would represent an independent “consciousness”… unless maybe a DropBox type affair was invoked (if you’re familiar), with live-time updates of a cohesive consciousness from disparate locations… would that be dispersed residencies for the common-consciousness…? Or would they be independent…? Overlapping…?
But as far as backups go – there might yet not be immortality: There could be simultaneous destruction of live sites and backup sites, and so on: Perhaps the whole universe would collapse in on itself, and destruct everything within… a backup of yourself would have to be in alternate, or parallel, or some further universe(s)… if there’s a possibility of more than one universe, that is – and assuming we’d find it…
You know, this can get complicated! I think I have a headache – please don’t back that up.
NP: Robin Trower, Caravan to Midnight, Chrysalis LP (for you record collectors: Gold-embossed box on cover stating, “Demonstration Only”). Trower’s Hendrix-comparisons were unfortunate – and – I love Dewar’s vocals…
I was having a discussion the other day about organizations and efforts in piloting their way effectively into the future.
Some organizations struggle their way forward and others do it with relative aplomb. The latter not only see to the horizon (with a fair measure of accuracy), they see just beyond the scroll of the horizon: They have people willing to survey the future in harboring a vision… and in making business use of that vision.
Regardless, it is challenging for all; challenge is good and this particular challenge (futures planning) should bring out, and be matched by, our best. No organization should blink in the harsh glare of an impending unfriendly future, due to lack of foresight, planning, and activity – but many do.
Consider high-profile examples: How did MySpace lose dominance in the social media environment to the “upstart” Facebook? How did AOL totally miss the boat regarding the modern social media revolution? (AOL’s largest block of revenue still comes from dial-up subscribers. Oops. Not exactly a plan for longevity).
We’ve discussed BIT before: a team comprising individual business stakeholders who are qualified to discuss the stakes both by virtue of their standing in the organization, and by virtue of their interest and willingness to pedal fast enough to discuss IT on a business basis. Those business folks are matched by IT counterparts who bring common dialog to the table; they lose the junk terms, arcane language, acronyms the business audience doesn’t know – and thus they engage effectively.
In leveraging BIT, however, it is possible to debut important concepts and agree to a “dictionary of terms” for purpose of efficient engagement and discussion. A great example is “RFE.”
RFE is Responsible Forward Edge. Organizations sometimes ask me, “Should we be on a leading edge? Bleeding edge? A prudent lagging edge, to see what works for others?” They want to know when to invest; when to assess new systems; when and what to procure; when to implement enhancements, and so on – and how best to make qualified judgments, with resultant prudent activity, for best business.
I tell them to find their RFE, specifically tuned to:
1) Their budget.
2) Their market challenges:
a. Obligation in serving clients, customers…
b. Pressure from competitors.
c. Overall expectations, given the general level of society’s advance…
3) The capacity of their employees to handle change.
4) The capacity of the senior executive class (and boards, oversight, etc.) to handle change…
a. They must have a measure of understanding technical change and reasons for it.
b. They must sponsor change.
c. They must then support it through the inevitable challenges.
5) Detail some of your own – specific to your organization.
Branding and making powerful shorthand of RFE creates very efficient discussion in the BIT group. And that is but one example. I’ve detailed BIT and what it can do for the organization in I.T. Wars – but you’ll have your own ideas.
Remember: BIT is not a rolling close-steer of specific projects (although BIT should touch those). BIT is a high-level piloting of the organization’s direction in view of evolving, best, technical supports; BIT anticipates and tracks the inevitable “what’s coming next.”
BIT opens the view to the possibilities, and hands off assessments to specific leaders who make the ongoing selection of products; those who engage the vendors and value-added-remarketers (VARs), in sustaining the organization through implementations and enablements – whether that’s a new mission-critical core business system, or a flock of new printers.
Some orgs decry “yet another meeting!” Make BIT annual, or semi-annual, or quarterly… see what happens and where it goes – judge its tune, size, and effectiveness. Also, look for a regularized meeting you can eliminate to free some time. I’ve seen “glad-handing” stuff on the calendar that, while important, can definitely go in making space for something as important as BIT.
And, you can glad-hand at the end of each meeting as you pilot your way into a future that the organization determines:
Define your future – before the future defines you.
NP: Van Cliburn, Rachmaninoff Concerto No. 3, Kiril Kondrashin conducting (Carnegie Hall, May 19, 1958). Original Red Seal RCA Victor LP, LM-2355.
Last evening as I was writing some content, I noticed my internet connection had gone out – my broadband modem indicated that I was offline. Rebooting my modem put me back on… until about 15 minutes later, I was off again. It went like that for a couple hours – naturally, I was corresponding with a client in Bangladesh throughout some critical work.
This morning I was online briefly around 4 a.m. – and then, out completely. Rebooting and monkeying with connections didn’t help.
A call to my friendly internet service provider (ISP) indicated that there were no service outages in my area, and confirmed that I had already tried everything; a service visit was in order – for next day. I politely mentioned that I have international clients and have critical work. When I asked if there would be an adjustment to my bill (“yes”) given my inconvenience, the tech support representative told me that I might wish to consider a business-class line.
I haven’t looked into that. At that moment, I wasn’t interested in an up sell to business-class (undoubtedly more expensive) – but what was really interesting is what happened next – this morning.
I received a call from another tech rep who told me that a technician was in my area and could show at my home between 8 a.m. and 10 a.m. Bring him on.
Turned out there was no problem at the street, and nothing apparent in my home office. However, a splitter in the ceiling of my basement showed itself to be the culprit. The tech said, literally, “They’ve been fluctuating the signal some lately, and about 5 out of a thousand of these old splitters don’t like it.”
Me: “Oh.” And also, “By the way, add to your notes that I want an adjustment on my bill.” All well and good – we’ll see how much it is.
Sooo… maybe I don’t need business-class just yet. And maybe my provider can consider a better management for the weave of their technology to my business, thank you very much. My day is off to a rocky start – it’s catch up time.
If only a few splitters fail to handle a new signal configuration, I guess it’s not too practical to replace an entire population involving thousands and thousands of customers.
But I darn sure don’t need an up sell when I’m offline due to their equipment mismatches and malfunctions.
Thoughts… opinions… stories? Let’s hear ‘em!
February 1st: On this day in 1914, the New York Giants and the Chicago White Socks played an exhibition baseball game in Egypt.
Not too long ago I purchased a Seagate 320 Gb drive. I procured it for comprehensive backups of my business laptop, the very device I’m typing on now.
I like it – it is very, very fast – and the associated software is quite navigable and straightforward. I don’t Sync or do anything particularly special, opting for a simple capture of my entire main drive.
Last evening I had a question regarding the operation of the drive. The agent running on my laptop had a support link, so I jumped out to the web. I was rather surprised to see that I only had 30-days of free support upon registration. Fortunately, I had not registered the drive (I guess), being that I’ve had it for about 6 months. Online support required registration, so I began…
I had to fill two simple fields: serial number (S/N) and part number (PN). I looked on the back of the drive, and there – in a little white sticker – was the information… in about 2 pt. font. (ß in about 2 point font).
My eyes are quite good, but I had to get a lighted magnifier to read the information – and even then, I mistook a “6” for an “8” – it just wasn’t clear. I had to try a couple times to get registered.
The little white sticker with the information I needed (crowded with other extraneous info) was about ½” x 1” in size. The drive itself is about ¼” x 2 ½ ” x 5” – there’s plenty of room for a larger, legible, readable sticker.
I collect vintage audio gear. Generally, Model Numbers, Serial Numbers, Part Numbers, etc. are anywhere from 1/8 ” to ¼” high – quite legible and readable. Maybe we could think of that for future computers and components. I know I would appreciate it.
And as long as I’m talking about my fast, efficient, and much-liked Seagate backup drive… what’s with that limited 30-day support?
NP: Jimi Hendrix, Red House, the 13+ minute live version from the San Diego Sports Arena, often referred to as the “San Diego ‘69” version. A tour-de-force, with incredible soloing, and a real nice downshift into a jazz motif before wrapping things… Reprise LP, “Hendrix In The West.”