thinkingstring.com

A recent tweet by Monkchips caught my eye; “good question from @tomraftery. regarding smartgrid resilience how will we defend against electro magnetic pulses?”.
Having recently written about smart grids the question of potential security risks is a good one in my view. I got to thinking that the question of whether the vendor spokespeople had anything scripted to say was interesting, and perhaps indicative in a small sample way of the lack of strategic risk analysis in the vendor community. But the really interesting question is the other one; are smart grids inherently more at risk from an EMP incident?

“Compared to what?” is the first response. Compared to the status quo of national and international grids powered by baseload and demand plants fueled mostly by fossil fuels? Compared to individual off-the-grid power generation by the likes of smal PV and wind based renewables? Smart grids and the status quo approaches rely on networked generation, so they both carry the added risk of a cascaded failure, where a failure in one part of the grid unbalances neighbouring zones. Individual power generation failures cannot cascade; all failures are local failures.

Meanwhile smart grids share the same generation methods and technologies that are used in individual off-the-grid generation. A mix of renewable generation techniques including PV, wind, wave, water, thermal tower and the like would be used, as suited to the local environmental conditions. Is such equipment especially vulnerable to EMP? If the vendors Monkchips spoke with are indicative it might be safe to say that EMP shielding is unlikely to be a current design feature on standard, commercially available installations. There is inherently more electronics distributed throughout a smart grid than in the status quo grid, therefore it is fair to say that on a component basis the equipment used in smart grids is damaged more easily by EMP.

In a smart grid, some of those electronic components will be involved in managing the flow of electricity across the grid; controlling and measuring consumption and contribution whilst maintaining a baseload current. So a failure due to EMP would not only knock out local generation in the affected area, it would also knockout the controlling grid management nodes. There is in this case the potential for cascade failure flowing out from the area directly affected by the pulse.

In reality however, the status quo grid is today national and international structure of both radial and interconnected design. Switches between network branches control the flow of electricity, dictated by spot market price fluctuations and efforts to balance the grid to baseload demands. Switch changes are made both manually and automatically. The existing danger of cascade failure was famously demonstrated in the 2003 failure of the grid in the North East of the USA. This article (http://www.newsmax.com/weyrich/emp_radiation/2008/06/25/107194.html) holds the view that the existing grid is already gravely at risk from cascade failure.

Arguably, smart grids might actually be more resilient than the existing switch grid networks in two important ways. Firstly, the modern equipment may detect an up or downstream fault faster, make a decision faster, then enact a switch change faster than current systems. The difference may only be milliseconds, however that may be the difference between cascade or otherwise. Secondly, smart grids are intended to have a more granular switching capability, though they will likely share the same suburban and rural trunk and backbone transmission as is already used today. “Lower” down the food chain from the suburb level subgrid might be street level controlling nodes and so on. The greater granularity of such control nodes may also isolate a cascade faikure within a smaller zone.

So far its a fairly even match. The generation nodes in smart grids and local off-the-grid designs is likely to be less EMP resilient than a coal fired power station. On the other hand both the smart grid and the status quo share a risk of cascade failure. The smart grid design may even be a little more resilient to cascade failure.

But there’s one more thing worth considering; that is the question of whether there is a material risk of an EMP incident anyway. An EMP incident isn’t something that is likely to occur everyday; the detonation of a nuclear weapon high in the atmosphere would do it. There are a few other ways, but all require nothing less than considerable money, skills, madness, and balls. A hostile EMP incident will either be an active of war launched by a nation state, or one of terrorism by an unallied group. There is also the possibility of friendly fire by way of an industrial accident, or the failure of one or another item of ill maintained national critical infrastructure (whether privately or publically managed).

If the EMP incident was as a result of friendly fire then it is highly unlikely that an atmospheric nuclear detonation would occur. If the attack was an act of terrorism then it is on the balance more likely that an EMP pulse could be generated locally to a generation plant or other critical element, and less likely that a nuclear bomb could be procured and exploded in an aeroplane or launched in a rocket to explode over the target company. Again, the affect would therefore be localised and unlikely to result in catastrophic cascade failure throughout the grid.

In the event that a nationwide EMP incident did occur, the country is probably at war. At that point all this discussion is perhaps interesting, but whether we have a smart grid or the status quo grid probably isn’t our biggest problem. Other than the fact of course that it is arguable that there will be more international conflict ahead of us if we continue the status quo approach, fuelled by resource shortages and social disruption resulting from the effects of climate change.

Originally posted in computing.com

CSC this week hosted their EMEA Industry Analyst summit; Innoventure, in Paris. It was never quite explained what exactly an innoventure was but it sounds like a cross between innovation and adventure so perhaps it is like inventing something while dressing up in swashbuckling clothes. This potential for glory mixed with a lack of clarity unfortunately extended also to CSC’s cloud strategy, which the vendor struggled to convincingly explain.

Like several other vendors, including cloud enabling infrastructure providers like VMware, Microsoft and CITRIX, CSC recognises that there are a number of potential approaches to implementing the cloud architecture. CSC refers to cloud architectures implemented for single tenancy within an owned (or internal) datacentre as private clouds, and internet hosted multi tenancy external models as public clouds. The company uses the term hybrid clouds to refer to the mix of internal and external clouds that is really most likely to occur in a production, enterprise environment. While other vendors will interchange the terms “private” for “hybrid” while using “internal” where CSC uses “private”, CSC’s story is pretty much so far so good.

Where it all began to get a lot less clear was when CSC went on to explain that the internal cloud architecture was actually a simple extension of the existing datacentre architecture and therefore something that CSC has actually been doing for decades(!). Furthermore, internal, or in CSC’s parlance “private” clouds are in fact “legacy”. June 23rd 2009 thus goes in this writer’s diary as being the date on which the first use of the term “legacy cloud” was heard. No doubt we will soon hear of “Cloud three-dot-oh” from some overly keen brand hack.

Moreover, CSC’s states that the driving philosophy behind their cloud strategy is “If we’re going to be disrupted, we may as well disrupt ourselves”, inferring a forward looking and proactive strategy. However in relation to the question of how they see adoption of cloud architectures in the market playing out they state, “The market will decide and we will track the market direction and speed (before deciding on our own strategy).” As any backseat driver knows you either need to climb into the driver’s seat and grasp the controls, or you ought to stay in the back and be gracefully taken wherever the vehicle is headed - trying to steer from the comfort of the rear is however just distracting to everyone concerned.

All of which is disappointing, especially given the outsourcing vendor’s clear strength in underlying datacentre infrastructure, courtesy of their extensive portfolio of global and high capacity computing estate. The vendor has no shortage of processing capacity, IT skills, IT enabled business transformation acumen, and a track record of delivering innovative projects to the likes of Zurich Insurance, British Post, SNCF and long list more. Having thus helped disrupt others in a positive way, they might therefore reasonably be expected to demonstrate more real progress toward “disrupting themselves” than they currently show.

The one bright indicator of CSC’s intent is their push for use of the Security Content Automation Protocol (SCAP) as a method for advertising the security and trustworthiness of a cloud based service. SCAP provides for 15 assertions related to security state, and CSC intends to be able to assert capability in all 15 areas. whilst encouraging the use of SCAP as a de-facto standard across the ICT industry for deploying trusted cloud computing services. SCAP assertions can be consumed automatically by a potential cloud services customer, thus providing an initial and ongoing statement of security capability and state, which could furthermore also be tied to a SLA via contractual terms. CSC’s intended reliance on SCAP demonstrates that at least from an info-sec point of view, they have a firm grasp of the minutia involved in actually delivering cloud architecture on a workable basis for the enterprise customer.

CSC’s biggest problem in navigating a successful path around cloud will be to pay the same level of attention to detail to their overall cloud services go-to-market strategy as they are demonstrating toward the details of cloud security and trustworthiness. Cloud is more than technology architecture, it is also a shift in the customer relationship management, in the billing approach, and in the range of services of potential interest to the customer. CSC’s stated intention to “disrupt themselves” is currently likely to be achieved only through inattention to the need to formulate and execute a joined up strategy. Hardly innovative, and hardly a swashbuckling adventure for CSC’s shareholders and customers.

Originally posted in computing.com

Though their lineage dates back to before World War II, ATMs in their modern form appeared widely on the high street in 1973. Since then they have bred like rabbits and spawned numerous cousins in the form of automated ticket dispensing machines and point-of-sale devices. They have also arguably created the payment services backbone that has enabled the “cardholder not present” transaction capability that is internet payment services.

Along the way ATMs have also fundamentally altered the relationship customers have with their banks. Gone are the days of queuing at inconvenient times in actual banks and dealing with real tellers, bank managers and advisors. All replaced with anytime, anywhere banking, in whatever currency of whichever country you’re standing in. Meanwhile branches have closed, and while almost everyone appreciates the convenience, there are many who rue the dehumanising of the bank/customer relationship.

All of this is worth keeping in mind as the NHS, and its international health care counterparts, dabbles increasingly in technology-enabled remote diagnosis and treatment of patients. The efforts of the NHS’ Aberdeen TeleHealth initiative, based in no small part on Cisco’s telepresence technology, have yielded some impressive results.

The NHS trials used high-definition telepresence communications, enhanced with customised cameras, scanners and a wide variety of other electronic diagnostic tools. The patient, normally assisted by a relatively unskilled helper (who may have no more than rudimentary first-aid skills), can be subject to an array of tests as well as being interviewed by the remotely located GP or specialist.

The healthcare service has field tested such diagnostic services in the remote wilds of Northern Scotland, out to the remote North Sea oil drilling platforms and with the communities on the Orkney and Shetland islands. Such communities are remote, sparsely populated, and suffer from a lack of dedicated and local health professionals. If enough trained personnel were to be supplied, they would be underworked - but horrendously expensive to maintain and manage.

The NHS trials have delivered impressive results, with the service reporting that diagnostic accuracy is on a par with in-person capability. While the telepresence approach requires availability of relatively high network bandwidth between the patient location and the remote healthcare professional, as well as a not-insignificant capital cost in technology, it is cost effective compared to providing comparable healthcare to remote communities via traditional means. Telepresence-based medicine makes it possible to more accurately and more rapidly diagnose a patient compared to the service that could be provided by way of the irregular in-person approach that such remote communities have historically suffered.

Such benefits are substantial, and it is clear that remote diagnostics provide important potential benefits in terms of service and cost. That said, it is also critical to remember that effective healthcare ought to be more than just treating patients as “units” to be pumped through an increasingly automated health service factory. Arguably, telepresence-based health services are another step down the path of dehumanising healthcare and turning it into an assembly line for the dispensing of treatments that address mainly the symptoms, and rarely proactively address the causes. The provision of telemedicine to a remote community that previously had no service is better than nothing, but is it the best we can do as a society?

The old bedside manner has to become the new telepresence-side manner. If some of the more mundane reviews and check-ups can be automated out of the health system - such as repeat prescriptions, blood pressure tests and anything else that can be made self service through web interface or remote monitoring - then more time should be freed up for the medical professional to spend in real consultation with the patient. This can then help with preventative treatment, so minimising reactive treatments, and again freeing up more time.

Therefore, technology used correctly can create a virtuous circle - whereas used wrongly can be counterproductive. Let’s ensure that the healthcare beancounters don’t ruin it - and that healthcare professionals can get back to caring more about their patients, and focusing less on the profitability of the service.

Many people would complain already that they are treated as walking wallets rather than individuals by GPs, as they are herded through community clinics in 10-minute appointment increments. We need to be careful as we take this path that we do not end with unintended consequences whereby there is some added convenience to some, at the expense of degraded and dehumanised services to everyone.

Originally posted at http://quocirca.computing.co.uk/

In 2008 when UK retailer Woolworths went bankrupt I observed to a friend, who happens to be an actress, that the defining visual that would instantly anchor any piece of UK film or stage creative work in the desired time would be whether the retailer’s stores in a High Street scene were seen to be open, shuttered, or long abandoned and a distant memory. Of all the rumbling and crashes of that long, grey economic winter that seemed the stomach punch to the British soul. The British may miss their middle class tea shops and wince at record losses posted by BA, but its the death of 99p clearance chains like Woolworths that cut deep.

I am reminded of this today as General Motors files for protection under Chapter 11 bankruptcy laws. America will suck in its collective breath over Merrill Lynch, AIG, a £50,000,000,000 Ponzi scheme and many, many more. But I suspect that it is GM’s humbling that will most of all define the long stumble for the USA, and also provide the clearest indication yet that when all this blows by, the way ahead looks quite different from the view so far. GM will eventually emerge out of Chapter 11 in a new form: GM-II and it will be that manufacturer that will bring to market future products, under a much diminished brand set.

GM’s management failings are many, and a vehicle strategy that was utterly tied to a dependency on cheap oil and little consideration toward pollution was by no means the single largest problem the company had. However a product set that was finally proven to be unfit for the market direction might well have arguably been the final nail in the coffin. Even with all the effort the company has belatedly have put toward their Chevy Volt project a launch date is still the other side of 2009, and that surely doesn’t count any delays incurring from dealing with the Chapter 11 restructuring. Toyota’s Prius will by then be a generation three product with established brand credentials and millions of miles of road use behind them to iron out problems. Not to mention having generated a Yen or two of revenue for Toyota along the way.

Even once GM-II, Ford and Chrylser manage a half decent volume manufactured domestic hybrid, HPEV, or PEV vehicle, they face market challenges for some time. The lack of demand for SUV and similar vehicles is of course one of the market realities that has brought GM to their current state, so we can take the existence of the market’s undesirability for such vehicles as a given. In the short term that has dealt a blow to GM, in the long term there is also a problem of there being a massive stock of existing gas guzzlers already on the road that are depreciating at over the odds rates as people don’t want them either.

Imagine it’s 2010, Mom and Dad have just rolled up in their spanking new GM Volt. They’re proud of the low emissions, they’re proud to buy American, they’re happy they saved money due to federal tax breaks designed to encourage purchasing and use of a low emissions vehicle, oil is at $85 a barrel so the pump price for gasoline is more than they would want to pay anyway. So what are they going to buy for their newly licensed 17 year old kid, Johnny? Well they’re not going to want to buy a second hand SUV, the gas would be a hole in the wallet and the emissions will make little Johnny very unpopular on the hottest dating circuit in town: eco-babes.com. They can’t afford to buy him a brand new Volt of his own (much as they’d like to) - bonuses at work still aren’t what they used to be and redundancies are always on the cards, and there’s a million competitors still out there on the jobs market ready to step in any day. The answer is perhaps a second hand hybrid or HPEV. And that’s going to be a Toyota or bust. So Toyota gets the ongoing parts business, a slice of the services pie, the potential for an upgrade-sell later to an established driver, and meanwhile the value for their second hand vehicles is likely to be strong. GM-II et al, merely face the image of their unvalued old SUV’s being encouraged off the road entirely through a vehicle scrappage scheme similar to the UK’s scheme (see www.vehicle-manufacturers-name.co.uk/scrappage. For example www.fiat.uk/scrappage

GM’s failings therefore serve as testimony to how far many companies have missed the mark as they’ve set their strategies over the last decade, exhibiting an almost feral avoidance of consideration to the needs of the market come a time of rising concern on emissions, together with an end to cheap energy. The transformational nature of such factors is clearly not to be underestimated, while the challenge of effectively dealing with them is multidisciplinary to an almost unprecedented degree. Governing through such transition effectively will bring potential catastrophic market failure if done extremely poorly, allow an organisation to limp through if done middlingly, and place an organisation in a strong to winning market position for the opportunities that lie ahead in a “green economy” if done well. Green, or eco-governance therefore is not simply a trendy turn of phrase, it is a movement that will eventually come define the winners of the green economy.