Monthly Archives: April 2005

Network Science?

Passing by Telcordia last Monday, I learned from Will Leland (who discovered the self-similarity of network performance) about a committee on network science that includes several people I may hve mentioned in this blog before, such as Albert L. Barabasi, author of Linked, and Thomas W. Malone, author of The Future of Work. The committee has members from many fields, ranging from biochemistry to sociology. The subject matter is network science that applies to all those fields.

The committee has a questionnaire to see if respondants think there is a network science, and, if so, what is it?


APWG London

This week I went to London to speak at the Anti-Phishing Working Group meeting. I can’t tell you who else presented or what they said, but I can say I spoke about Visualization for Data Sharing, or,  Seeing the Undead. Botnets, that is: zombie PCs, especially as used for phishing. If we can visualize them, we can see patterns that can help catch the perpetrators.

In the travel section of the Guardian, on the same page as a story about Fiji, was a writeup about Austin. It seems the Guardian sends a correspondant to Austin every year for the SXSW conference, and he thihnks Austin is the kind of place that Britain wants to be. I never knew I lived in such an exotic locale. When I explained about the bats the expressions people got convinced me that maybe I do. But it seems the problems of the Internet are the same everywhere.


Examining Presuppositions

Jared Diamond has written a new book, Collapse: How Societies Choose to Fail or Succeed. The author examines societies from the smallest (Tikopia) to the largest (China) and why they have succeeded or failed, where failure has included warfare, poverty, depopulation, and complete extinction. He thought he could do this purely through examining how societies damaged their environments, but discovered he also had to consider climate change, hostile neighbors, trading partners, and reactions of the society to all of those, including re-evaluating how the society’s basic suppositions affect survival in changed conditions.

For example, medieval Norse Greenlanders insisted on remaining Europeans to the extent of valuing the same food animals and plants in the same order, even though the local climate was not propitious for hogs and cows and grain crops, and the sea nearby was full of fish and seals.  When the climate became colder, their marginal way of life became even more so.  Meanwhile, colder weather led the Inuit to move southwards until they contacted the Norse, who reacted adversely, producing hostile relations. And cold weather stopped the trading ships from Norway. The Greenland Norse never learned to use kayaks, harpoons, ice spears, or dogs. In the end, they all died.

Europeans are capable of learning all these things, as the Danes who rediscovered Greenland several hundred years later demonstrated. The medieval Norse Greenlanders stuck so slavishly to their presuppositions that they doomed themselves. It’s true that they survived for more than four hundred years, which is a long time as civilizations go, but they didn’t have to die; all they had to do was to become a bit more flexible.

Many corporations are larger than the tiny island nation of Tikopia, where the inhabitants are almost always in sight of the sea. Many have more people than the entire population of Norse Greenland. And many corporations operate in cultural strait-jackets as severe as that of the Norse Greenlanders: stovepiped departments, top-down comand-and-control hierarchy, and fast profit instead of long-term investment, to name a few.

To get a bit more concrete, let’s look at a few of the one-liner objections Diamond says he encounters to the importance of environmental concerns.

“The environment has to be balanced against the economy.”
Or risk management has to be balanced against near-term profit. Indeed, no corporation can spend all its profit on risk management, but if it doesn’t spend enough on risk management, it risks there being no profit because there may be no corporation. Plus, risk management can be a competitive advantage. With the London Stock Exchange requiring corporations to have risk management plans to be listed, and the U.S. SEC considering the same thing, at the least risk management is becoming a requirement to play capitalism. The first corporations to have good plans can also gain marketing advantages. In addition, the kinds of information a corporation needs to make a good plan can also be used to improve connectivity, lessen risk, and improve customer satisfaction, all of which should have some positive benefit on the bottom line.

“Technology will solve all our problems.”
This is what corporations have been assuming: buying more Internet security technical solutions will solve Internet security problems. Recent history indicates otherwise. Every corporation needs some forms of technical security, just like every building needs fire control mechanisms, but a building can still burn down and Internet connections can still fail.

“If we exhaust one resource, we can always switch to some other resource meeting the same need.”
This is the attitude I’ve seen with people who think that if the U.S. is attacked via the Internet, we’ll just cut off Internet connectivity at the edges of CONUS (continental United States). Such an attitude ignores the basic fact that there is no way to do that successfully, because there are always more ways in or out than you were keeping track of, not to mention that a great deal of U.S. commerce and even emergency communication measures would suffer. It’s also the attitude of corporate executives who think they’ll find something to replace the Internet so they don’t have to deal with Internet problems; for example, they’ll put up private communication links to their business partners, or they’ll build perfect virtual private networks on top of the Internet.  Both of these approaches have certain applications, but neither of them can replace the Internet as a globally accessible communications medium.

Not all of the one-liners Diamond lists are so obviously parallel with Internet problems and denials, but these three may be suffficient to illustrate the point. The point is that business as usual isn’t enough for Internet business risk management   planning. Traditions need to be re-examined in order to construct and implement new strategies that will work.