Home 
Behaviorally Speaking Behaviorally Speaking - The Future of CM!
Behaviorally Speaking Behaviorally Speaking - The Future of CM!
|
The future of CM is being shaped by world events that have already had a major impact upon Information Technology, the global economy and even our own sense of safety and well being. This past year has highlighted unprecedented developments including a worldwide fixation on global terrorism, homeland security, offshore (global) software development and governmental responses such as Sarbanes-Oxley. Throughout these world events IT and the Internet have played an indispensable role in both information dissemination and the human response. We, as CM practitioners, need to understand our role in disaster recovery and maintaining the security and integrity of the global information highway. Read on if you want to be prepared for what lies ahead in the future of CM! This week the New York office of the United States Secret Service (NYECTF) held their quarterly meeting on Electronic Crimes with a strong focus on CyberTerrorism. Speakers at this forum included Special Agents from the United States Secret Service, experts in Data Security, Disaster Recovery and representatives from the private sector whose daily responsibilities include maintaining large scale financial services. During the presentations explicit references were make to the desire of terrorist leaders, such as Osama bin Laden, to destroy the economy of the United States either by causing large scale financial disruptions or losses through terrorist incited disasters. Specific terrorist threats included the assertion that our nation’s financial infrastructure could be disrupted via CyberAttacks that could have far reaching consequences. Terrorist's Acts These acts could include attacks on the systems designed to protect our vital services (e.g. water, electrical supply) or simply interrupting electronic funds transfer and/or ATM systems. This author personally experienced the impact of the New Stock Exchange being taken down, unexpectedly, for one hour (through the wrong version of a Unix shell script!). (This incident initially appeared to be Version Control problem and subsequently turned out to an operations error.) Imagine the panic that would ensue if no one could obtain cash because all of the ATMs stopped working at the same time. Imagine if you could not get cash from the bank or use your credit cards for an unknown period of time. Imagine if communication systems (e.g. phone, Television) were interrupted (as occurred on 9/11) or the ever important Internet. The New York City Amateur Radio Emergency Communications Service (www.nyc-arecs.org) prepares for just such an emergency. Our society is ever more dependent upon Information Technology and that dependency is also a growing area of concern to security and disaster recovery experts throughout the world. Much of the military is increasingly based upon technology. In many ways IT is becoming the "battleground" of the future. This impacts CM experts in very specific and important ways. Software Configuration and Release Management best practices are essential for a successful recovery from determined technology related attack! Chasing Down the Virus, Worm or Tojan on Your Computer Anyone who has ever had to run Norton Utilities, McAfee or any of the other virus protection tools, Spyware detection or recovery software knows well just how hard it can be to recover a Windows operating system that has become infected, often with extensive loss of data to the user. In many cases hackers build in registry settings to repair the virus or worm even after the user has run the virus recovery software. A determined hacker can infiltrate almost any system. Each week we read about more and more daring and complex successful attacks on large scale systems that were thought to be well protected. Even experienced incident response experts cannot be completely certain if the virus, worm or Trojan has been completely eliminated. Triage and CM My idea of "relaxing" is spending a few hours of my spare time volunteering on an ambulance or with the Auxiliary Police. I have been to many emergency situations and the experience of working alongside the professionals has caused me to realize that dealing with a serious systems outage is very similar. With a major outage you must survey the scene and quickly determine priorities and their required response. When large scale systems (e.g. life support systems) go down we must triage priorities and quickly develop a suitable response. Today this absolutely includes complex computer systems. CM to the Rescue! What if our only necessay response had to be plugging in a new (clean) machine with the OS built from fresh CDs and the applications built from source code using well established software configuration and release management best practices? What if you were completely certain that you had the exact versions of the required source code needed to support all of your product applications. Suppose that you could easily scan and confirm that you were putting the original apps back online without the danger of the virus, worm or Trojan still lurking somewhere in a systems or application run time directory? This is the response that we had when the New York Stock Exchange went down for one hour. We knew exactly what was supposed to be online and as a result we immediately found the error that caused the outage – and it was still there! Because of solid CM practices we recovered quickly, triaged and prevented another outage with less than an hour of effort. Most importantly our work was based on well established and predictable procedures. No heroic efforts were needed – we just had our act together and the process worked. Sarbanes-Oxley is a regulatory effort to get companies to establish best practices in many areas including CM. Offshore development efforts highlight the economic advantage and, in many cases, the necessity of good CM practices to coordinate code between developers located in remote areas of the world. When the Tsunami hit Madras this author immediately thought of the many friends who had attended CM training given last year. We expressed concern and felt relief that colleagues had appeared to be ok and not directly affected by the tremendous tragedy. From a business perspective our source code was being automatically backed up from India to the US every 15 minutes. Many of these countries have fragile economies that cannot afford the disruption of companies pulling back work due to the natural disaster and the inability of underdeveloped countries to warn and respond to disaster. Good CM practices protected both our companies. There was much sadness in this tragedy and there were some sobering realities. The response systems in these underdeveloped countries could not warn their own people or handle the needed emergency response. This author volunteered a while ago to help the NY Red Cross Logistics group with their IT systems. The tragedy prompted me to pick up the phone and follow up on my application for membership in this organization that has a worldwide reputation for helping people cope with the tragedy of disaster. I am also an NYPD Auxiliary Police Lieutenant, active volunteer EMT and a new member of a CERT Team. I have been helping to develop Civilian Patrols including my beloved UMMA Interfaith patrol in Brooklyn, NY. Admittedly, I am a little overextended, but there is also intrinsic pleasure in helping others. Each of us can and should do more. If Not me Then Who Will do this Work? The world economy is increasingly dependant upon information technology, the global information highway and software systems. We, as CM experts, need to realize that our work is essential in securing global financial services, the information highway, and vital systems (e.g. water, gas, electric). Whether it be terrorist's actions or natural disasters we need to realize that the future of CM is to provide the safety and security that is vital to our future and the future of society as we know it. We need to sharpen our skills on both the technical and the interpersonal front. We need to realize that each of us can choose to use our work to help society. The future of CM is going to be very challenging and exciting. I’m glad that we are sharing this journey together! Bob Aiello is a Senior Editor for Crossroads News and an Associate Director at a major financial services firm in NYC, where he has company wide responsibility for Software Configuration and Release Management best practices. Bob is on the Steering Committee of the NYC Software Process Improvement Network (CitySPIN), where he is also the chair of the CM SIG which meets in Midtown NYC. Mr. Aiello has a Masters in Industrial Psychology from NYU and a BS in Computer Science from Hofstra University. You can reach Mr. Aiello by email at bob.aiello@cmcrossroads.com
Set as favorite
Bookmark
Email this
Hits: 8896 Trackback(0)Comments (0)
|
| Last Updated on Tuesday, 01 April 2008 11:08 |
TrackBack URI for this entry
Subscribe to this comment's feed