Paul Wallbank – Brilliant Communications

Author: Paul Wallbank

  • The power of delegation

    Randall Stross of The New York Times looked at Steve Jobs’ years in the wilderness running NeXT Computers and concluded the lessons he learned were essential to making Apple the success it is today.

    While leading NeXT Jobs obsessed about detail, famously leaving his key customers waiting while he discussed the layout of sprinklers in the landscaped gardens.

    On returning to Apple, Stross points out Apple’s management team has been remarkably stable and this stability, borne out of Jobs trusting his key staff to make the right decisions, is one of the reasons for the company’s success.

    As we move into an era where information becomes a commodity and the old style of manager guarding their sources of knowledge becomes irrelevant, the trust based organisation is going to replace the command and control models of the past.

    This is going to challenge to a lot of managers in private and public organisations. It will be interesting to see how enterprises, government agencies and political parties around the world manage those challenges.

    The style of leader raising today is very different from those of the past.

    Similar posts:

    • No Related Posts
  • The strange story of the Stuxnet worm

    The strange story of the Stuxnet worm

    The tale of the virus infecting Iran’s nuclear program is one of the fascinating stories of the computer world.

    Whoever wrote the Stuxnet worm did a spectacular job in bringing together a number of security problems and then using two weak links — unpatched Windows servers and poorly designed programmable logic controller software — to create a mighty mess in the target organisation.

    The scary thing with a rootkit like Stuxnet is that once it has got into the system, you can never be sure whether you’ve properly got rid of it.

    What’s worse, this program will be writing to the Programmable Logic Controllers the infected computers supervise so plant operators will never know exactly what changes might have carried out on the devices essential to a plant’s operations and safety.

    Damaging Iranian nuclear plants

    A report on the Make The World A Better Place websites over the weekend indicates the Stuxnet Worm may have damaged the Iranian nuclear reactor program.

    The story behind the Suxnet worm is remarkable. It appears this little beast is a sophisticated act of sabotage involving using a number of weaknesses in computer systems as detailed by Computer World in their Stuxnet Worm hits Industrial Systems and is Stuxnet the best Malware Ever articles.

    The risk of unpatched systems

    One of the things that leaps out is how servers running unpatched systems are an important part of the infection process. The Stuxnet worm partly relies on a security hole that was patched by Microsoft two years ago so obviously the Iranian servers were running an unpatched, older version of Windows.

    This is fairly common in the automation industries. I’ve personally seen outdated, unpatched Windows servers running CCTV, security, home automation and dispatch systems. They are in that state because the equipment vendors have supplied the equipment and then failed to maintain them.

    These companies deserve real criticism for using off the shelf, commercial software to run mission critical systems that it was never designed to do.

    Commercial programs like the various Windows, Mac and other mass market operating systems are designed for general use, they come with a whole range of service and features that industrial control systems don’t need. In fact, the Stuxnet worm uses one of those services, the printer spooler, to give itself control of the system.

    Securing industrial systems

    These industrial systems require far more basic and secure control programs, a cheap option would be a customised Linux version with all the unnecessary features stripped out. In the case of Siemens, the providers of the PLCs supplied to the Iranian government, it’s disappointing such a big organisation couldn’t build its own software to control these systems.

    Business owners, and anyone who has computer controlled equipment in the premises, need to ask some hard questions to their suppliers about how secure supplied computer equipment is in this age of networked services and Internet worms.

    Similar posts:

    • No Related Posts

  • A single point of failure

    If anyone had any doubts about the importance of technology to the modern business, they only have to ask one of Virgin Blue’s staff or customers about the last three days of disruption.

    “An external supplier’s hardware failure” is the given reason for the problems and it shows how we all need to be conscious of the key “choke points” in our business processes where a disruption will quickly bring operations to a crawl or stop.

    For any organisation risk arises when those choke points rely on one thing — it could be a person, a computer or a physical widget — for the system to keep running. Should that one item fail, then the organisation stops. In Virgin’s case that thing appears to have been a router or server controlling their booking systems.

    A single point of failure is the Achilles heel of any organisation, anything one item that can disrupt operations has to be identified and contingencies developed so when a failure happens, and it will, the organisation can quickly move to a work around.

    In Virgin’s case it appears they were prepared for a disruption of up to three hours but when the booking system outage dragged on for 21 hours their fallback procedures were simply overwhelmed.

    We often think of these things as technically related but often it’s something more mundane like a burst watermain blocking access to your shop or only one person, who happens to be driving along the Gunbarrel Highway for the next six weeks, has the keys to the fuse box.

    In fact those human points of failure, where only one person in the organisation knows the combination to the safe, the bank account PIN or the password to the company’s servers, are probably the riskiest points of failure of all.

    Another common point of  failure is relying on supplier contracts and service level agreements. Warranties and indemnities are nice to have, assuming they are enforceable when you need them, but they won’t fix the damage to a company’s reputation when a crisis on Virgin’s scale hits.

    Even if you have a guaranteed response time, as it appears Virgin had, you need to have something in place to keep the business running in the meantime. Also “response time” is how long it takes your supplier to start doing something about the problem, not the actual time to fix.

    Regardless of how well we plan and how watertight our supplier contracts and SLAs are, crises happen and that’s when the quality of a business and its management are tested. One sure indicator of a poorly run, bureaucratic organisation is when management hide at the first sign of trouble.

    For Virgin, that’s a good sign. I had to reluctantly call them yesterday to deal with a problem and ended up with a good customer experience.

    The very helpful Ruby not only called me back when the line dropped out but she also revealed she was a PA, not a regular call centre worker and all the office staff, including managers, were manning the phones.

    Ruby turned out to be a real gem, not only quickly fixing my problem but also wiping out the additional charges without prompting.

    That at least is an encouraging sign about their organisation and I hope Ruby and her colleagues get a thank you from the man with the beard when the problems settle down.

    Virgin’s problems though show us that as business owners and managers, we need to understand where the points of failure are in our organisations and how we would deal with them should bad luck strike.

    You might want to walk around your organisation, sit down with your staff and work through where the points of failure, both human and technological, in your organisation may be.

    Similar posts:

    • No Related Posts

  • An appropriate broadband policy

    On Radio National’s Life Matters Paul joins Richard Aedy, Jane Bennett and Peter Cox to discuss what the appropriate broadband policy should be for Australia.

    Our previous discussions on this are covered in our Freeways of the Future article and presentation.

    Some of the topics we’ll be looking at include;

    • if we choose to go with the est $43b broadband fibre to the door policy – does this mean they’ll be coming along digging up the street to lay cables into every yard?
    • if we don’t do this but choose to rely on wireless connection from hubs – what does that mean for reliability of internet connection?
    • how do any of the options compare to the current speeds Australian cities, and rural and remote regions have?
    • are we over-building if we proceed to take fibre to every household in the country?
    • are we simply ensuring that we will be ready for expansion of services on the internet?

    The show is live at 9.00am Australian Eastern time and will podcast on the Life Matters site shortly afterward.

    Similar posts:

    • No Related Posts
  • The innovation smugglers

    The innovation smugglers

    “Sales staff have bought a pile of iPad’s!” wailed a senior executive last week “they didn’t get authorisation through IT, there are all sorts of security and business risks!”

    This echoed the comments I’d heard a few weeks earlier while doing a workshop on cloud computing, that people were running software as a service applications alongside their businesses’ software without telling their management what they were doing.

    All of this is reminiscent of the spread of personal computers in the late 1980s where IT departments, such as they then were, banned the use of IBM compatible or Macintosh computers because they were outside the control of the organisation.

    The prevailing view was that computer systems were the domain of a select few, running the payroll and doing complex calculations in batches at two in the morning. There was no reason why the average worker should need this sort of technology.

    Eventually, managements realised those subversive personal computers running programs like Wordstar and VisiCalc improved productivity and made businesses more flexible. Within five years few businesses didn’t have computers on the desks of every office worker.

    We’re at the same stage now with cloud computing, social media and portable devices as many of today’s managers see them as at best toys and a threat to their organisation’s integrity. Quietly though, groups within are using theses tools to improve their teams’ effectiveness while not letting IT or senior management know how they are doing it.

    These dissenters are an organisation’s innovators and in a perfect world they would be embraced by managers, directors and shareholders alike as the future of the company.

    Many large organisations though don’t see it this way, as their view of the workplace is that innovation and new ideas have to be signed off by seven layers of management after being cleared by legal, HR and the facilities department.

    This is where the opportunity lies for the smaller, smarter companies. These tools make organisations faster and more responsive to threats and opportunities which is perfect for the nimble and flexible enterprises.

    If you have staff who are smuggling in these tools and devices into your business, consider sitting down with them and getting them to show you how these products improve their work. You may be surprised and it may save you some time in writing stern memos which will be ignored anyway.

    The beauty of these tools is you don’t need to throw out your existing equipment and methods as often these new innovations sit happily alongside the legacy stuff. Cloud services are good example of this where services such as Salesforce and Google Apps work with and often plug into the older, established tools.

    Because they play nice with existing business tools it’s easy to introduce or evaluate new systems by encouraging the innovators to set up groups or pilot projects within the organisation, which is probably what they are doing anyway without telling you.

    In a competitive world, your dissenters are one of your greatest assets, by questioning how and why we use the tools we do, these folk are figuring out how businesses will run in the connected economy.

    The question is, do you want your business to be succeed in this new economy?

    Similar posts:

    • No Related Posts