How 9/11 is transforming ITand how to survive the new "decade of security"!
The September 11, 2001 terrorist attacks are transforming information technology, leading to profound and permanent changes. In this book, Ed Yourdonlegendary software engineering expert and author of Decline and Fall of the American Programmerfocuses on the immediate changes IT professionals are already encountering and the long-term changes they must prepare for. Yourdon addresses 9/11's impact on IT at every level: strategic, national, corporate, and personal. Coverage includes:
Yourdon doesn't just present problems: he outlines specific strategy options designed to lead to more effective decision-makingfor IT professionals, projectmanagers and senior corporate executives, government leaders, and citizens alike.
"One of the ten most influential men and women in the software field."
September 11, 2001. The paradigm shift. IT will be one of the likely battlefields of the future. What Assumptions Does the Book Make About You? Who Is This Book Aimed At? Structure of the Book.
Personal Consequences. Corporate Consequences. Recognition of the unpredictability of today's world. Developing early-warning systems of impending change. Learning to change and adapt much more quickly than ever before. Recognizing the importance and vulnerability of their "information assets". National Consequences. "Guns and butter" vs. "guns or butter". Recognition of national "critical infrastructure" issues. Coordination, improvement of existing systems. Impact on privacy. Conclusion.
Basic Concepts. Techniques and Technologies. Identification of users. Authorization and access control. Protection of data in transit across "exposed" areas. Audit of activities and accesses to information. Monitoring of suspected security threats. Paradigm Shift. IT systems are part of the "critical Infrastructure". Threats exist from various levels of players. Operational security vs. software development security. Physical security has changed because of miniaturization. Using the Internet as indirect weapon to support terrorism. The decade of security. Strategic Implications. Government and political leaders. Senior corporate executives. Mid-level IT managers. Technical IT professionals. Citizens.
Basic Concepts. Techniques and Technologies. Establishing a risk-aware culture. Realistic assessment of risks. Ensuring that risks are shared between stakeholders. Developing processes for risk management. Paradigm Shifts in Risk Management. High tech can be threatened by low tech. Kamikaze players. The rise of the "stateless" power. The rapid pace of change. Strategic Implications. Government officials. Senior corporate executives. Mid-level IT managers. IT professionals. Citizens.
Basic Concepts. Benefits of emergent systems and emergent organizations. Characteristics of the emergent organization. Techniques and Technologies. Peer-to-peer communication mechanisms. Tools for collaboration. Modeling and simulation tools. Paradigm Shifts. Strategic Implications. Government leaders. Senior corporate executives. Mid-level IT managers. IT professionals. Citizens.
Basic Concepts. Techniques and Technologies. Familiar techniques. Early warning systems. Mechanisms for rapid change. Paradigm Shifts. Strategic Implications. Government officials. Senior corporate executives. Mid-level IT managers. IT professionals. Citizens.
Basic Concepts. Techniques and Technologies for Developing Good-Enough Software. A utilitarian strategy. An evolutionary strategy. Heroic teams. Dynamic infrastructure. Dynamic processes. Paradigm Shifts. Malevolent threats. Life and death circumstances. Strategic Implications. Government leaders. Senior corporate executives. Mid-level IT managers. IT professionals. Citizens.
Basic Concepts. What is a death-march project? Why do death-march projects exist? Why do people participate in death-march projects? Techniques and Technologies. Negotiations. Peopleware. Processes. Monitoring progress. Paradigm Shifts. The impact of September 11th. The impact of the recession. Strategic Implications. Government leaders. Senior corporate executives. Mid-level IT managers. IT professionals. Citizens.
A Summary of the Paradigm Shifts. Security-related paradigm shifts. Risk management paradigm shifts. Emergent-systems paradigm shifts. Resiliency paradigm shifts. Good-enough paradigm shifts. Death-march paradigm shifts. A Summary of the Strategic Implications. Government officials. Senior corporate executives. Mid-level IT managers. IT professionals. Citizens.
This is not a book I expected to write.
Indeed, it's highly unlikely that I would have written Byte Wars, had it not been for the awful events of September 11th. But even without the attacks on the World Trade Center and the Pentagon, someone should have been writing about the disruptive, chaotic changes we face in the coming yearschanges enabled and facilitated by technology. As it turns out, many scientists, pundits, and gurus have been writing such books in recent years, including some about terrorism and bio-warfare to which we should have been paying much more attention. But most of the recent books dealing with the future of computers and the field of information technology (IT) have focused on the glamorous future of e-commerce and the Internet; ironically, that future appears much less glamorous than it did just a short while ago.
One of the themes in Byte Wars is that a number of changes-not just gentle, incremental changes, but massive, paradigm-shift changeshave actually been underway for the past several years. The events of September 11th have crystallized those changes, forcing us to confront and acknowledge some new realities that we have ignored for too long. For example, anyone who accesses the Internet is aware of the rash of computer-based viruses and worms that have proliferated since the "Love Bug" episode a couple years ago. But we may not have faced up to the terrifying threat of "zombie armies" of powerful home computers with high-speed, always-on Internet connections, computers that can be invaded by hackers and reprogrammed to launch denial-of-service attacks on businesses and government agencies.
It doesn't take a rocket scientist to see that computer technology is going to play a central role in the war on terrorism being formulated by the U.S. government as this book goes to press. Not only are we likely to see billions of dollars invested in a new generation of laser-guided missiles, computer-assisted weapons, but we'll see a vast array of scanning devices, face-recognition devices, and other computer technologies to enhance identification and tracking of suspect individuals. We'll see the development and integration of public-sector and private-sector databases, which will raise a plethora of privacy issues and concerns. And we'll see an enormous increase in the techniques and technologies for protecting telecommunication networks, Web sites, Internet portals, and other computer-dependent aspects of the nation's "critical infrastructure."
Even so, many IT professionals may be predisposed to view these activities as nothing more than a "political" response to September 11th, much like the Cold War was a response to the actions of the former Soviet Union after World War II. As such, the reaction to September 11th is obviously a much less upbeat and cheerful response than that caused by the fall of the Berlin Wall, the reunification of Germany, and the collapse of the Soviet Empire in the late 1980s and early 1990s. Americansincluding not only IT professionals, but everyone else, toomust now confront the discomforting reality that they are no longer protected by two vast oceans. They must confront the reality that some conflicts, especially those that involve deep ethnic and religious disputes, can go on for generations and centuries. And they must confront what they've heard for years, but never really accepted: not everyone appreciates or approves of Coca-Cola, McDonald's, Disney World, MTV, Hollywood, and various other trappings of the American way of life.
I don't have much advice to offer when it comes to politics, religion or ethnic disputes. And the only observation I'll make about Coca-Cola, McDonald's, and Disney World is that our corporate executives might be well advised to re-examine their built-in assumptions that globalization is always a good thing. Perhaps we don't need the same corporate logo on every office building around the world; perhaps we shouldn't be attempting to impose the same standardized payroll and inventory control system on every regional office around the world; perhaps not everyone wants to see the same MTV video clips and the same Hollywood movies. Maybe what our technology has done for us, as Clue Train Manifesto co-author David Weinberger suggests in the title of his forthcoming book, is to make it possible for peaceful coexistence in a global environment consisting of "small pieces, loosely joined."
Or maybe not. The point is that technology is a factor in these choices and decisions. Thus, while many IT professionals may prefer to think about September 11th as nothing but a terrorist attack, and while they may believe that the enormous response to that attack is nothing more than politics and military saber-rattling, their crown jewelsthe most advanced and most sophisticated computer technology that they createwill be at the heart of that response. And that will be true not just for the next few weeks or months; I fully agree with the predictions that September 11th has ushered in an era that will last as long as the Cold War lasted. The fact that it will almost certainly last to the end of my life is only a trifle troubling to me; the fact that it may be the dominant influence on the lives and careers of my children, and their children, is something I don't feel I can ignoreparticularly if that future is influenced significantly by the computer-based technologies that we IT professionals create.
So it's important for us to think about the topics in this booknot just the obvious topics of security and risk management, but also the somewhat less-understood topics of emergent systems and resilient systems, as well as the controversial concepts of good-enough systems and death-march projects. Not everyone will agree with the themes and recommendations I've offered on the following pages. That doesn't particularly bother me, but I do think it's important to remind the relatively young, idealistic IT professionals that existing power structures in corporations and government agencies may do little more than pay lip service to concepts such as emergent systems and resilient systems. Resiliency almost always implies redundancy, and the creation of enough "slack" in a system to withstand unanticipated disruptions; that's hard to justify in today's super-efficient, cost-conscious, lean-and-mean business environment.
And the notion that ad hoc, grass-roots systems can emerge on their own (supported, in many cases, by the peer-to-peer communication technologies that we IT professionals supply) and do a better job of responding to unplanned, disruptive threats is an anathema to traditional top-down, hierarchically managed organizations. It's worth remembering that the U.S. military, with all of its awesome resources, was unable to prevent two commercial airlines from crashing into the World Trade Center, nor a third plane from crashing into its very nerve center in Washington, DC. From that perspective, it's sobering indeed to realize that the only hijacked plane that was prevented from reaching its target on September 11th was United flight 93, in which a group of utter strangers, with no preconceived strategy and no top-down leadership, managed to create an ad hoc, grass-roots plan to take matters into their own hands.
It's customary, in a preface like this, for the author to acknowledge and thank the individuals who provided assistance in the creation of a book. But for me, that would require thanking almost everyone I've known since childhood; I am nothing more than the product of friendship, love, advice, guidance, and mentoring from thousands of friends, family members, business colleagues, former bosses, co-workers, and students.
But my wife and children deserve special thanks for tolerating periods when I would "tune out" in mid-sentence and begin thinking about the chapter I was working on. And my colleagues at the Cutter Consortium deserve special thanks, too, for many provocative and thought-provoking discussions about the future of computer technology. Numerous individuals, including anonymous Internet denizens from all over the world, provided valuable feedback and suggestions as I posted chapters of the manuscript online. And Steve Heller, who always loves to remind me of my 1975 prediction, in Techniques of Program Structure and Design, that "unless you're very rich or very eccentric, you'll never have your own computer," deserves special thanks for reading every word of every chapter, critiquing and challenging everything I wrote. Finally, a high-powered "death-march" team at Prentice Hall, headed up by Kathleen Caren and Paul Petralia, worked valiantly to bring the book out in record time. Of course, any mistakes that remain are my responsibility alone.
New York, NY and
Taos, New Mexico