The Impact of September 11 on Information Technology
My aim is to put down on paper what I see and what I feel in the best and simplest way.
Ernest Hemingway
September 11, 2001
During the late 1980s and early 1990s, I made several business-related trips to Japan to work with some of the leading computer companies in the country. One of those trips took place in early December 1991; at the end of a long, busy work-week, I awoke in my Tokyo hotel room on a Saturday morning, and realized with a shock that it was December 7th.
December 7tha date, as my parents had been informed by a somber President Franklin Delano Roosevelt, that would forever live in infamy. And this was not just any run-of-the-mill December 7th, but the 50th anniversary of the attack on Pearl Harbor that launched America into the second World War. I am one generation removed from that event, and was not even born when it occurred; but I couldn't help feeling tense and nervous as I left my hotel room to stroll around the streets of Tokyo on that quiet, gray Saturday morning. How will people behave? I wondered. What will they say to me? How will I respond?
I tried to anticipate a number of different attitudes and interactions from Japanese citizens that I expected to encounter in the hotel lobby, on the streets, and in the shops. I anticipated seeing thoughtful editorials in the newspapers, and earnest spokesmen on the television news programs; and I tried to sort out my own feelings about a date that had taken on mythic proportions throughout my entire life. But the one attitude and reaction that I did not expect, and that I saw consistently throughout the city of Tokyo that day, was: nothing. No remorse, no belligerence, no moment of quiet reflection, no jingoistic speeches of pride for the Japanese military forces, no mention whatsoever. Nothing. Nada. Zip. Everywhere I went, I was surrounded by a young generation of earnest, well-groomed, polite Japanese men and women who were completely preoccupied with the day-to-day tasks of shopping, or taking their children to the park, or (as they do so often in Japan, even on Saturday) hurrying into their offices to put in a full day of work. Pearl Harbor, for all its significance to me, apparently meant nothing to them.1
And perhaps a grandchild of mine, 50 years from now, will have the same experienceand perhaps that experience will be magnified, as it was for me, by the unexpected coincidence of celebrating the 50th anniversary of September 11, 2001 on the streets of Kabul or Kandahar. But as I write these words, just a few short weeks after the attack on the Pentagon and the World Trade Center, it's hard to imagine that anyone could ever forget the horror, and also the significance, of that Tuesday morning in New York City and Washington. It was, as Obe Wan Kenobee remarked in the original Star Wars movie, when he sensed that one of the rebel planets had been obliterated by Darth Vader's Death Star, a "disturbance in the Force."
More than just a disturbance in the Force, September 11th represents a paradigm shifta fundamental transformation in our understanding of how things work, and why things happen. Part, though by no means all, of that paradigm shift will involve the field of information technology (IT); and the details of the IT paradigm shift are the subject of this book.
The paradigm shift
The term "paradigm shift" was popularized by the late Thomas Kuhn in a classic book, The Structure of Scientific Revolutions. My Microsoft Word dictionary says that one of the definitions of "paradigm" is "a generally accepted model of how ideas relate to one another, forming a conceptual framework within which scientific research is carried out." And a paradigm shift occurs when the existing framework requires so many exceptions and special cases, and when it fails to address so many important problems, that it literally collapses under its own weight and is replaced by a new, simpler, more persuasive paradigm.
It's reassuring to know that, in the aftermath of September 11th, the paradigms of the physical sciences, which we all learned in high school and college, still seem intact; even though I feel disoriented and confused much of the time these days, I know that the law of gravity still holds. Indeed, even though most of us were so astounded by the real-time experience of watching the World Trade Center collapse that we whispered, in awe and terror, "This can't be happening!", the architects and engineers who replayed those awful videos over and over again have convinced themselves that the buildings did obey the laws of physics and thermodynamicsand that, in many ways, they did exactly what they were intended to do, when subjected to a sudden and catastrophically violent shock.
But in addition to paradigms of physics and astronomy and mechanical engineering, there are also business paradigms and political paradigms and social paradigms that we've become accustomed to. And those political/social paradigms have a great deal of influence on the plans, strategies, andwithout meaning to overuse the word completelythe paradigms of the information-technology (IT) profession to which I've devoted my career. Those paradigms have indeed shifted; and while we may need to wait for several more months or years before our politicians and philosophers can understand and articulate the quantity and quality of the social/political paradigm shift, we should start doing our own thinking about the IT ramifications.
For example: Many of us were gratified by the success of the ad hoc communication networks that were stitched together by desperate family members and business colleagues in the hours immediately following the WTC attack; they were grass-roots, bottom-up, and emergent (as opposed to pre-planned, and hierarchically managed) in nature. Independently of what corporations and their IT departments might plan, by way of an effective post-9-11 environment, I firmly believe that individual citizens and corporate employees will put more and more faith in these ad hoc networks in the coming months, as they continue to cope with the sluggish, ambiguous, contradictory, and sometimes untrustworthy flow of information from "official" channels.
If things like this were only taking place at the individual level, it might not be worth writing about. But it's not just individuals, and not just corporate IT departments, who might be thinking about such issues: the military is taking it seriously, too. In an article by Leslie Walker entitled "Uncle Sam Wants Napster!" (Washington Post, Nov. 8, 2001), we learn that the Pentagon is looking at peer-to-peer (P2P) file-sharing and collaboration tools like Napster and Groovenot because they want to download pirated music, but because the classic top-down, hierarchically-developed communication systems often turn out to be incompatible (e.g., Navy communication systems can't talk to Army communication systems), and too cumbersome to cope with the chaotic, fast-moving world of terrorist warfare.
If this is relevant for the military community, could it be relevant for corporate IT environments too? And even if corporate executives think it isn't, is it possible that their front-line workersthe sales reps, and field-service technicians, and work-at-home telecommutersmight disagree? Is it possible that the urgent, time-critical need to communicate will cause them to completely abandon and ignore their company's high-security, firewall-protected email systems, and resort instead to SMS-messaging on their cell phones, and AOL instant messaging on their Palm Pilots? Even if it's against company policy, is it possibleperhaps even likelythat they'll do it anyway? And if they're going to do it anyway, because they believe they absolutely have to, does it make sense for companies to design their systems to support ad hoc, emergent, P2P communications in the first place? Apparently, the U.S. Defense Department thinks it's worth considering; perhaps other companies should, too.
In addition to thinking about communication networks, there are numerous other paradigm shifts that IT organizations will have to accommodate in the coming years. For example, within a week after September 11th, IT industry journals reported that Ford Motor Company was seriously rethinking the lean inventory system that its IT organization worked so hard to enable;2 after all, the likelihood of chaotic disruptions necessitates a more resilient supply chain, with more "buffers" and more inventory. In the weeks since then, I've heard about numerous other companies which are also re-thinking their inventory systems, and re-thinking the assumptions upon which their entire supply chain is based.
Similarly, the whole notion of globalization is being called into question: If tensions increase and various parts of the world become more hostile and isolationist in nature, it might be far too risky to present a homogeneous corporate image in a hundred different countries. But if there is a strong move, within today's multinational companies, towards autonomy and heterogeneity, what does that imply for the integrated Enterprise Resource Planning (ERP) systems that our IT organizations have been grappling with for the past decade?
Interestingly, some of these paradigm shifts were already underway before September 11th; after all, terrorism was already a fact of life, and many corporations were already concerned about security. And beyond the obvious and direct threat posed by terrorism, more and more companies have been realizing that changecompetitive change, regulatory change, technological change, market-preference change, etc.is occurring at an ever-increasing speed, and in ever more disruptive forms. To cite just one non-terrorism example, consider Napster: Without any warning or fanfare, one individual college dropout was able to create an Internet-based music-sharing technology that threatened to wreak havoc upon the mammoth music industry.
Napster and the September 11th terrorists share a characteristic that corporations and government agencies are likely to see more and more often in the future: disruptive threats caused by "stateless actors," whose technology makes them disproportionately powerful. In the past, nations expected to face threats from other nations; corporations expected competition from other corporations. But now, if the official reports are accurate,3 a handful of individuals, armed with box-cutters and funded with less than a million dollars in "seed money," has managed to wreck four commercial airplanes and cause over a hundred billion dollars in physical destruction. And one college student, whose only objective seems to have been the achievement of a "cool" technology for sharing music with his friends, nearly brought the recording industry to its knees. This is indeed a new world.
As it turns out, Napster has probably been put out of business by the legal counter-attack posed by the recording industry; but the battle may go on for years into the future, as rebellious teenagers use Gnutella, LimeWire, and a dozen other derivative technologies to circumvent the "legitimate" practice of buying CDs and tape cassettes in stores for their listening pleasure. As for the World Trade Center attack: The President, the Secretary of Defense, the Secretary of State, and numerous other high officials have told us that we are engaged in a war that will go on for years, and possibly decades. The established order of things has been upset by new paradigms, and we're being told that we should expect them to continue being upset for years into the future.
There is one other aspect of the paradigm shift that is exemplified in a particularly stark fashion by the World Trade Center attack, but also by the Napster phenomenon and many of the other disruptive changes we're facing today: The war is no longer "over there," it's here. In the past, our military forces expected attacks upon the United States to emanate from other parts of the worlde.g., in the form of Russian ICBM missiles flying over the North Pole to attack us via Canada, or by enemy submarines popping up in the middle of the Atlantic and Pacific Oceans and lobbing missiles at our cities. Meanwhile, our publishers typically expected their copyright threats to emanate from China, or Russia, or Third-World countries where copyright laws were ignored, or flouted openly. But Napster was created by an American student at Boston University; and the World Trade Center, along with the Pentagon, was attacked by commercial U.S. airlines piloted by individuals living in the U.S. on student/tourist visas.
IT will be one of the likely battlefields of the future
The battlefield between Napster and the recording industry was the courtroom; and, as this book is being written, the battlefield in the war against terrorism exists largely in Afghanistan. But in a larger sense, information technology (IT) is the battlefield upon which many of the conflicts are likely to be fought in the next several years.
Some of these conflicts will be obvious and direct, in terms of their association with IT; "cyber-warfare" is the catch-all term that's being used to describe various forms of hacking, viruses, physical attacks on computer centers or the Internet backbone, etc. In some cases, the attack may not be on the computers per se, but on the ability of computer systems to support such critical functions as telephone switching centers, stock-market trading systems, air-traffic control, etc.
It's also important to realize that IT is involved indirectly in almost every other aspect of hostility we're likely to face in the coming yearsincluding the "hostile competition" that private-sector organizations face, even without the terrorism associated with September 11th. One of the stumbling blocks in implementing a more comprehensive air-travel security system, for example, is the lack of adequate information systems to identify potential terrorists before they get on the airplane. And one of the concerns that the health-care community has, in the face of potential anthrax/smallpox attacks, is that it lacks the kind of real-time tracking systems that UPS and Federal Express use to monitor the movement of packages through their organizations.
On a somewhat more subtle, philosophical level, information technology determines the degree to which we live in an "open" versus a "closed" society. It may seem overly melodramatic to suggest that the September 11th attack launched a war between the "open" society of the United States and the "closed" society of the fundamentalist Taliban movement. But it definitely is true that a large dimension of the American response to that attack has been a reassessment of the very openness that allowed terrorists to enter the country and board civilian airlines with little or no trouble. Now we find ourselves discussing and debating such questions as: what information does the government have a right to know about citizens and visitors to this country? What information is it obliged to disclose, when it monitors and eavesdrops upon citizens and visitors, and when it arrests them for suspected terrorist activities? What information are citizens allowed to access and publish on the Internet? What rights do we have to encrypt the private messages we wish to send our personal friends and business colleagues? What obligations do our banks, our hospitals, our tax-collection agencies, and numerous other private-sector and public-sector organizations have to maintain the security and privacy of personal information they collect about us?
Obviously, questions like these are not going to be answered exclusively by IT professionals or computer companies like IBM and Microsoft. On the other hand, IT professionals are likely to have a more realistic assessment of the feasibility and practicality of various privacy and security policies and regulations being contemplated by government authorities. Furthermore, government and the legal profession tend to be reactive rather than proactive; and their time-frame for reacting to problems and opportunities is measured in months or years. Meanwhile, the private sectorand, in particular, the high-tech startup companies in places like Silicon Valleyis proactive, opportunistic, and fast-moving. If you're concerned about issues of privacy and security, you'd better start talking about it with IT professionals now, because companies like Microsoft and Sun and Apple are likely to do something tomorrow to exploit whatever opportunities they see available.