Home 
Behaviorally Speaking Behaviorally Speaking: Homeland Security "Is CM Really Relevant?"
Behaviorally Speaking Behaviorally Speaking: Homeland Security "Is CM Really Relevant?"
|
| With news of the conflict in the Middle East and renewed concerns about large-scale terrorism, it is difficult to consider CM an important topic. Surely, efforts to prevent anthrax attacks and aid the victims of terror should be our focus. But our work as CM practitioners does impact Homeland security at many levels and it is certainly an appropriate time to reflect on what we do and the relevance of our work in terms of Corporate and Civic responsibilities. Corporate responsibility includes helping the American workforce to be more efficient, including preventing software defects, improving software quality and reuse of code. Read on if you would like to how CM affects the world we live in on both a local and global scale.
In the Army… The military and medical systems have always been at the forefront of Change Control and best practices in CM. After all, with so much technology being dependant upon software, it’s easy to understand why you don’t want your missiles to fire in the wrong direction due to the wrong version of a C++ module! During a job interview, someone once asked me to think about the following scenario. What if your loved one was on a life support system and you were in charge of the source code control (for that complex medical device). Are you that certain that you would never make a mistake that could result in the device having a technical problem? I have often thought about this scenario. As a volunteer Emergency Medical Technician I have had the experience of working with professional EMS, Police and Fire Department personnel to rescue someone who was seriously injured. It is always an inspiration to see these men and women work to save lives on a daily basis. Do I take my work as seriously as these people do when they are rescuing someone who is underneath a train? In Wild Wild West… When I lecture on good CM practices and Software Process Improvement, I always tell people that I work in the Wild Wild West. We don’t have tight Change Control and we don’t want it. We need to create releases fast and we need “thin” flexible processes. The title of my talk is Software Configuration Management in the Wild Wild West. Obviously, Financial systems are important to our economy. A major outage of ATM machines would inconvenience many people, probably stranding many without a way to get home, buy food or obtain medicine. Stopping the world economy The New York Stock Exchange had a minor software glitch a few years ago that effectively impacted (stopped) the entire world economy. There were a number (8) of factors that led up to this event. I was asked to check my work because it was believed that one of my shell scripts (the wrong version that is!) was involved with creating a race condition that caused the one-hour down time. If true, this meant that my mistake had effectively impacted the entire financial world. I was very pleased when my procedures proved that I had, in fact, promoted the correct version of the script and we subsequently, helped find the actual software problem that had caused the crash. Effectively, strong CM procedures had helped manage a difficult situation and it showed that we could easily (under fire!) confirm that we had exactly the right code in Production. It was a good day for CM. Fighting the War in Cyberspace… Our financial infrastructure is obviously important to Homeland security. The FBI and the United States Secret Service have formed the Electronic Crimes Task Force (www.ectaskforce.org) to help raise awareness to the many forms of Electronic Crimes, especially “Cyberattacks”. They have also made available Policy guidelines to help private companies understand when the authorities should be advised of malicious attacks on Corporate Financial Systems. Unfortunately, many security experts believe that it is almost impossible to completely protect computer systems accessible via the World Wide Web. “Cyberterrorists threaten to break into vital networks, from the Pentagon to banks and power plants. Only 20% of U.S. business is prepared for a major cyber attack, and the governments defenses are porous.” Business Week Sept. 16, 2002 (p31) http://www.businessweek.com/ The impact of Cyberterrorism could obviously be very severe. Most software professionals realize just how vulnerable software really is. Articles are easily accessible that explain, in detail, exactly how to penetrate many software systems using vulnerabilities such as code that fails to check returns codes (and can therefore easily be compromised). In fact, it seems almost impossible to completely guarantee that a software system is completely secure. However, Corporate Security Policy and effective surveillance does give us many techniques for spotting that a system has been compromised (see the USSS guidelines in regards). CM to the Rescue… Once it’s been determined that a system has been compromised, how difficult is the effort to make the systems safe again? Most technology professionals realize just how easily systems can be penetrated and then “trojan backdoors” can be left in place to allow for future attacks even after the company thinks that they have cleaned up and fixed the compromised system. For example, someone could hack a Linux system and then replace a system utility (like ls or more) that performs the function and adds a line to /etc/passwd file. The only real solution is to build the system from scratch. As a Unix administrator, I have always created procedures to rebuild the system from the vendor provided CDROM. Throughout my articles we have discussed process issues to guarantee that all of an applications source code is secured (and rebuilt by an independent Buildmeister). We can’t stop Cyberattacks but we can make the inoculation and rebuilding of the systems easy and reliable. Good CM practices are vital to Homeland security. A Cup of Coffee… After September 11, 2001 this writer stopped to help someone having a seizure on the NYC Subway. Volunteer EMTs do this everyday. But it became apparent that a traumatized city had more incidents that could lead to people needing help, so I started wearing my EMT jacket to work and carrying a small strap-on medical bag (yeah, my boss does make jokes about me looking like a telephone repairman). The next morning I stopped at the local Starbucks to get a cup of coffee and the person behind the counter cheerfully gave me a cup of coffee and told me that “my money was no good there”. Apparently, Starbucks had a policy of giving free Coffee to emergency workers. I felt a little like an imposter since I was not even in NYC on September 11, 2001 (it took me three days to get back by bus). But it was also inspiring that a cup of coffee had become a part of the war against terrorism. Deming would be proud. The father of Quality Management wrote that every activity should be done with precision and something as simple as a train running behind schedule can affect other workers productivity. It is interesting to note that the September 9th edition of the Wall Street Journal (p. R11) reported on a survey that indicated that corporate recruiters do not consider “corporate citizenship” to be an important quality when selecting MBA graduates. In fact the article suggested that recruiters might even consider good deeds on a resume as being a negative factor since they may indicate that the candidate is too soft for the tough corporate world. The article goes on to consider that the Enron, Anderson, WorldCom and other corporate scandals may be cause for companies to rethink their sense of values. Basketball Coaching… Many technology professionals are highly skilled people. There are many avenues for us to help others. Recently, this writer got involved with coaching basketball as part of an effort to improve relations between Jewish and Muslim Children in the Brooklyn area. Random Acts of Kindness… After September 11, 2001 many technology professionals used their skills in whatever way they could to help with the relief effort. I remember getting email and calls from Joe Castellano, one of my favorite recruiters, to see if I had an evening to donate to serving meals to relief workers. This person felt that using his vast contacts and abilities to reach others could be best used, at that moment, in helping others. What Have You Done? For me the coffee had a major impact. I thought about having to earn that cup of coffee. On my next ambulance run I continued to treat each patient as if they were a member of my own family. I have gone into fires to rescue people. I still wonder if I would have been able to go into the World Trade Center. But the real lesson is that everything we do is relevant. The week of September 11, we remember those who did their jobs to the best of their ability. Let’s hope that each of can be inspired to both random acts of kindness as well as doing our jobs a little better than we did before. Please join us in the CM Crossroads Discussion Forums for a discussion on this topic. In addition to being a Contributing Editor for CM Crossroads, Bob Aiello is an Associate Director at Bear Stearns & Co. where he is engaged in Software Process Improvement on a large scale basis. He is also on the Board of Directors for the Organizational Development Network of Greater New York (ODNofGNY) and a member of the Steering Committee of CitySPIN in New York. Mr. Aiello has a Masters in Industrial Psychology and a BS in Computer Science. You can reach Mr. Aiello by email at raiello@acm.org
Set as favorite
Bookmark
Email this
Hits: 7165 Trackback(0)Comments (0)
|
| Last Updated on Tuesday, 01 April 2008 11:00 |
TrackBack URI for this entry
Subscribe to this comment's feed