Strategy, Not Knee-Jerk

Today a lawmaker who was briefed on the Federal Office of Personnel Management breach of employee data leaked that the incident is far worse than originally reported. Not 4 but maybe as many as 14 million records of federal employees, past and present, are in the hands of the bad people. Very disturbing.

OPM Seal Small
hese record sets are what is known as “fulls” or “fullz” in the hacker lingo. They are full sets of information. Names, addresses, phones, social security numbers, pay, health records, military service records, and – most damaging – security clearances. Think of the opportunities. Think of the damage. Think of the outrage from the victims that their very safety and personal property has been exposed.

Plus it may have come from China.

But what bothers me most is the knee-jerk reaction from the Congressional hawks. They want a response. They want to declare war. They want to go to the alleged perps servers and destroy data. John McCain is almost shouting for a “preemptive strike.”

It’s another example of governmental leaders making quick decisions without thinking through the implications or consequences. Cyberwar is nothing trivial. Not only could it unleash a storm of “weaponized code” – as my clients in the information security world call it – but it may not come only from from a few sources like China or North Korea. The entire hacking community could get involved. That’s a lot of enemies. The implications are chilling.

McCain spoke about the ability to shut down the US power grid from abroad. If the US declares cyberwar we can probably expect exactly that type of action. The hawks will have guaranteed it. Often the government takes action without thinking through the unintended consequences.

Stuxnet, the malware developed to attack Iran’s centrifuges concentrating nuclear material, turned out to be reverse engineered and various versions were dropped back into US systems and weapons systems.

Let’s not forget that the Snowden incident was a game-changer. One person was able to create an entirely different perception about government collection of data on upstanding citizens. He revealed the capabilities of the NSA and the US Cyber Command. Cybersecurity is an area where one person can create significant damage.

It is never good strategy to reveal your thinking to your enemy. “What’s wrong with you Santino? Never let someone outside of the Family know what you’re thinking.” Is it really a good idea to rattle sabers if you don’t have a prepared strategy to back it up. We can almost guarantee that one does not exist.

The smart way to approach this problem is with a two-pronged effort. One is the ratification of US and worldwide law that provides severe penalties for these actions. That’s what McCain should be backing and initiating with his history of taking brave political initiative. But the other prong should be a robust but clandestine plan to penetrate, invade, creatively disable enemies and deal with as many resulting contingencies as possible.


The true melting pot of California might not be the metro centers of its cities. I believe it’s the state’s Department of Motor Vehicles.

I’m a new resident. Everyone coming into the state, transferring title on a vehicle, or required to renew a license in person has to come to a few offices. My city, San Diego, only has a few despite being the third largest city in the state and one of America’s top 20 metro areas.

You see everyone at the DMV. Everyone. It’s not like your neighborhood or the grocery store or the freeway where most people are behind tinted windows or even the voting precinct that is limited to a geography. Your fellow citizens are right there in line or in a chair inches away. Here are some observations about the most populous, and arguably legendary, state in the Union.

It’s really diverse here. Really diverse. As an old white guy I stood out as different, a distinct minority. Latino, Asian derivations, Eastern Europeans, blended races of all varieties are the heritage of my neighbors. I heard at least 8 different, distinct languages during my hour and a half in the maze.

Everyone is polite and personable. Although there are obviously language differences we all were able to make ourselves understood. The situations were great levelers of class distinctions. I think of myself as a middle class American. I was standing in one line between what I perceived to be a very well-off Latino mother and her teen-aged son and a woman I believe was a Bosnian-American who spoke broken English. We were all enchanted by the DMV employee who was thoughtfully giving people second, third, and fourth chances to get a better driver’s license photo. We chatted, smiled, and joked while we waited. Coming into the maze at the beginning of my visit several people pointed me in the right direction.

Everyone is patient. This is bureaucracy at it’s finest. Forms, fill-ins, obscure instructions, confusing lines and groups, piles of paper, opaque procedures. I didn’t hear a cross word. The patrons handled advice in many instances because the workforce is overwhelmed.

As I waited for my test results and temporary license I wandered the facility, observed the patience, politeness, and personal interactions. And I couldn’t help thinking that it would be preferable if our nation’s governance could work together as effectively as this melting pot of strangers in a strange place.

Not Your Average Feds

I spent an interesting and spirit-raising day with senior executives of the Social Security Administration recently. I delivered learning experiences on “Vigilant Leadership” – sessions on how to look into the future, forecast, prepare flexibly, and take action.

I work with federal agencies from time to time. GSA, NASA, and the National Credit Union Administration are all past clients. Federal agency leadership gets a lot of bad flack in the media, from legislators, and from the general public.

What I saw, heard, and experienced in Baltimore with their top tier of SSA professionals differs from what one sees and hears in the press. These are smart, imaginative, and well-informed managers. They’re some of the best I’ve seen in 25 years of doing this work.

When I’m doing an executive education seminar at least half the session time is interaction about the future. Whether it’s question and answer or small group activity this important part of a learning experience is approached differently by every group with which I work. In the SSA’s case the eagerness to tackle foresight, emerging issues, and inevitable challenges was some of the most keen I’ve ever seen. It was even more encouraging to see it come from these very senior groups that included the number two person in the agency.

The management is pragmatic and realistic. They know they’re administering a system under huge demographic and economic pressures. But they also recognize and are anticipating social change, generational differences in interaction, shifting workplace habits, privacy concerns, and the long term impact of current deficit spending.

I was impressed.