cute little cypher (i hate that other word) black swans

Cari Machet carimachet at gmail.com
Tue Aug 25 06:45:41 PDT 2015


*Black Swans in a Cyber Forest: ‘FARness’ Needed In Future Information
Technology Acquisition*

http://smallwarsjournal.com/jrnl/art/black-swans-in-a-cyber-forest-%E2%80%98farness%E2%80%99-needed-in-future-information-technology-acquisition

Former Secretary of Defense Robert Gates stated, "Our record of predicting
where we will use military force since Vietnam is perfect–we have never
once gotten it right. . . We need to have in mind the greatest possible
flexibility and versatility for the broadest range of conflict."[1]
<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_edn1&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
U.S.
joint operations rely on consistent access to the cyber domain. It is in
the complexity of the cyber world, and our new found reliance on it, that
cyber black swan events are most dangerous to our security.

The cyber domain is a 'forest' dense with complications and operational
implications. Cyber black swan events will happen; we must prepare to deal
with them. As the United States enters a reality where efficiency may trump
effectiveness, it must be careful not to make cyber infrastructure
decisions today that remove flexibility, adaptiveness, and robustness from
the U.S. military in the future.

The Department of Defense (DoD) is looking at maintaining and improving its
cyber domain access with limited funds. The U.S. Navy, for example, began
reducing the number of data-centers it operates, taking advantage of
virtualization or "cloud-computing" technology.[2]
<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_edn2&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
Virtualization
allows one server to service many customers and the “cloud” is the
networked data center's servers storing and providing access to data from
many locations. These new technologies increase speed and the efficiency of
the operating system by distributing and utilizing processing power across
the network.[3]
<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_edn3&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
,[4]
<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_edn4&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
The
Navy may be underestimating the need for flexibility, adaptiveness, and
robustness (FAR) in its cyber infrastructure. Risk consideration to the
Navy cyber infrastructure appears to be focused toward information and
network security and financial savings than toward the redundancy and
resiliency needed to overcome catastrophic black swan events.

Current DoD acquisition risk assessment methodology uses pattern analysis
and previous experience, but focuses on single-failure scenarios. This
"what if" versus "how can (it happen)" analysis is more often used because
multi-failure scenarios have a low probability of occurrence. Searching for
the black swan scenarios, or "how can" scenarios, as part of the risk
analysis is critical to creating layers of protection that have the ability
to prevent the event, if possible, but recover from it when necessary.[5]
<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_edn5&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
But,
FAR costs money and our quest for economy may be reducing the capacity
needed to overcome black swan events.

The DoD acquisition system is a top-down process that has its own
institutional inertia and sometimes lacks critical thinking, innovation,
and adaptation. The current acquisition process considers low-probability
events and scenario-based planning, but constrains them to what it believes
is plausible and fundable, limiting the inclusion of creative and critical
thinking.[6]
<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_edn6&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
It
is necessary to think “bigger” about the risks.

Defense forecasting, or predicting the future operational environment, is
used in DoD's planning, programming, budgeting, and execution system
(PPBES), and is, "generally static, linear, and reasonably mechanical" in
its approach.[7]
<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_edn7&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
It
focuses on a capabilities versus risk approach.[8]
<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_edn8&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
The
Joint Capabilities Integration and Development System (JCIDS) and PPBES,
one could argue, is similar to the single-failure scenario based analysis
described earlier. It is not necessarily suited toward multiple-failure
scenarios needed for the complex cyber systems of the future.

The future will demand the balance of technology maturity and cost. In the
early stages of the defense acquisition process for cyber technology,
leaders must ensure that a risk management approach and not just a
capabilities approach is used. The cyber infrastructure key performance
parameters (KPP) and key systems attributes (KSA) should represent a
possible future multi-failure and cyber black swan environment.
Additionally, network-ready key performance parameters (NR-KPP) must
measure survivability and recovery, not just operation. Testing of KPP,
KSA, and NR-KPPs will require a new lens from which to develop testing and
assessment methodology.

*Recommendation*

The DoD must accept that black swan events will likely accelerate in the
growing complexity of the cyber domain. The analysis used at the strategic
level to make cyber infrastructure decisions must shift from a
single-failure to multi-failure view. Emphasizing "FARness"–that is
flexibility, adaptiveness, and robustness in acquisition decisions is key.
[9]
<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_edn9&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
To
identify "FARness" attributes, the use of brain-storming and subject matter
experts focusing on developing multi-failure scenarios for a proposed cyber
infrastructure should be used. This "how can" approach creates robust
scenarios approaching black swan type events and can identify ways the
system could recover from a catastrophe–a type of "war-gaming." Identifying
common recovery methods or needed attributes through “how can” scenarios
would help decision makers think about the system within the context of a
future environment and the "FARness" needed to survive.

*Conclusion*

In an effort to become more efficient and save money, the strategic
leadership may not see the potential for black swans hidden in the cyber
domain forest. Layered protections and redundancy are needed to survive a
cyber-black swan event and must be considered in the analysis and decision
making for future virtualization, cloud-computing, and data-center
consolidation. It is with regard to probabilities that decision making
based more on fiscal conservation makes the future force vulnerable. While
history shows that black swan events will occur, it is up to the leadership
to equip the future force with cyber systems that have "FARness"–yet fit
within today's budget.

*End Notes*

            [1]William R. Burns and Drew Miller, "Improving DoD
Adaptability and Capability to Survive Black Swan Events," *Joint Forces
Quarterly*, 1st Quarter 2014, 32.

<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_ednref2&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
[2]Christopher Perry, "Security for Cloud Computing," *DON IT resources*,
May 18, 2010,http://www.doncio.navy.mil/ContentView.aspx?id=1744 (accessed
February 1, 2015).

<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_ednref3&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
[3]Department of the Navy Chief Information Officer, "How Will DON Data
Center Consolidation Cut Costs? Published, March 5, 2012," March 5, 2012,
http://www.doncio.navy.mil/ContentView.aspx?ID=3793 (accessed January 29,
2015).

<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_ednref4&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
[4]Eric Griffith, "What Is Cloud Computing?" *PC Magazine*, March 13, 2013,
http://www.pcmag.com/article2/0,2817,2372163,00.asp (accessed April 17,
2014).

<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_ednref5&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
[5]John F. Murphy, *Beware of the Black Swan: The Limitations of Risk
Analysis for Predicting the Extreme Impact of Rare Process Safety
Incidents* (Houston,
TX: 8th Global Congress on Process Safety, April 1-4, 2012)
http://www.allriskengineering.com/library_files/AIChe_conferences/AIChe_...
<http://www.allriskengineering.com/library_files/AIChe_conferences/AIChe_2012/data/papers/P243053.pdf>
(accessed
February 1, 2015): 2-7.

<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_ednref6&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
[6]Ibid., 34-35.

<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_ednref7&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
[7]Dan Cox and Michael Mosser, "Defense Forecasting in Theory and Practice:
Conceptualizing and Teaching the Future Operating Environment," *The Small
Wars Journal*, January 4, 2013,
http://smallwarsjournal.com/jrnl/art/defense-forecasting-in-theory-and-p...
<http://smallwarsjournal.com/jrnl/art/defense-forecasting-in-theory-and-practice-conceptualizing-and-teaching-the-future-operatin>
(accessed
January 20, 2015).

<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_ednref8&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
[8]Ibid.

<http://t.sidekickopen16.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs1qg55-N5w02yWRbBJdW8q-c7s56dVZzf3drS6C02?t=http%3A%2F%2Fsmallwarsjournal.com%2Fjrnl%2Fart%2Fblack-swans-in-a-cyber-forest-%25E2%2580%2598farness%25E2%2580%2599-needed-in-future-information-technology-acquisition%23_ednref9&si=5459291358625792&pi=45c7c2f1-24d5-481f-a0cc-5e6a8ec12c4f>
[9]Burns and Miller, "Improving DoD Adaptability and Capability to Survive
Black Swan Events,"

-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 22743 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150825/02c24922/attachment-0002.txt>


More information about the cypherpunks mailing list