Government Business
Article | July 11, 2022
Unless America and China assume joint leadership for global economic recovery, reconstruction of the post-coronavirus world could take years, with unimaginable consequences for the world’s 7.8 billion inhabitants, including unprecedented levels of global unemployment, famine, and even war.
In the pre-coronavirus world, suggestions for a partnership between the world’s two superpowers would have been met with gales of laughter. But now, despite the two leaders’ daggers drawn posture, hundreds of doctors and scientists in the U.S. and China are already working together on clinical trials of potential coronavirus drugs; and one of China’s biggest property developers has funded a five-year $115 million project between Harvard University and the Guangzhou Institute for Respiratory Health.
But the window of opportunity for acting together is short. The Covid-19 pandemic continues to decimate the world’s economies. Unemployment in the U.S. now tops 22 million, a level not seen since the great-depression of the nineteen-thirties; while China’s economy stopped growing for the first time in four decades as half a million small and mid-size businesses, the backbone of China’s economy closed; and Italy, the second largest manufacturing economy in the EU watches helplessly as the pandemic axe dismembers its economy. Were India and Africa were unable to control the coronavirus the results could be catastrophic.
So, are there issues of such import and mutual benefit that they would convince President’s Trump and Xi Jinping to work together? I believe there are. My two cents worth below.
The two superpowers could leverage China’s vast, trillion-dollar global infrastructure project—the Belt and Road Initiative or BRI, that aims to build infrastructure in over 120 countries of Asia, Europe, and Africa. The BRI is designed to act as a conveyer belt to transmit Chinese investment and technology into these countries to improve their economies, and to link them to China. But now Covid-19 has crimped China’s ability to sustain BRI’s trillion-dollar underwriting tab and President Xi Jinping’s grandiose vision is at risk.
On the other hand, the United States, which has been searching for a counter to BRI, has settled on an initiative called the Blue Dot Network or BDN. The idea behind the BDN is the U.S. would rigorously vet infrastructure project applications in developing countries to ensure high levels of transparency, sustainability, and economic viability before seeding them with startup funds from the U.S. Government. The BDN hallmark would then inspire confidence in the projects to attract private U.S. funding.
But the relatively paltry BDN budget of $60 billion (versus China’s 1000 billion or trillion-dollar BRI budget) and developing countries’ skepticism of Western (read U.S.) dominated standards for infrastructure construction have hobbled the BDN.
If the U.S. and China could find a way to combine BRI and the BDN it would ensure a stream of dollars from private U.S. companies into BRI and ensure its projects remain on track to create jobs and raise living standards around the world. The compromises required by America and China to weld BRI and BDN together would ensure the U.S. gets a seat at the table to influence the adoption of standards for starting and executing BRI projects.
Here’s another idea: The U.S. military is especially qualified to help fight natural disasters. In 2004, for instance, 3,000 U.S. military personnel were deployed to West Africa to help combat a deadly Ebola epidemic. Their work included constructing 17 hospitals, field training, and deploying assistance by air to remote villages. Today the U.S. military is being used to rapidly set up hospitals in U.S. cities to handle the burgeoning coronavirus caseload. The People’s Liberation Army meanwhile seems determined to play a more active global role in peace-keeping projects around the world.
Coronavirus-aid projects delivered to less-off countries through joint U.S.-China military teams would double what the U.S. and China could do on their own. And help establish the military to military connections that the U.S. has tried to foster with China for some time. A working relationship between the two nations’ militaries might even lead to a more stable geopolitical balance of power.
The Chinese word for crisis contains two characters. One signals danger, the other opportunity. Presidents Trump and Xi Jinping should boldly find a way to join forces to convert the deadly Covid-19 crisis into an opportunity that would supercharge global economic recovery and might well change the course of the 21st Century. It is a once in a lifetime opportunity that ought not to be squandered.
Read More
Emerging Technology
Article | July 13, 2022
Federal agencies design a wide range of tools, equipment, vehicles and even rockets. Computer-aided design (CAD) technology allows agencies and users to create digital designs more efficiently. CAD is used for a lot more than designing buildings, but is a basic building block of a more advanced tool known as Building Information Modeling, or BIM. CAD can be used to render 2D digital models of products, equipment and buildings. BIM takes those efforts to the next level and serves as a 3D design tool to “create and simulate how a building would operate,” says Andrew Friendly, associate vice president of government affairs at Autodesk, a leading CAD and BIM firm.
Read More
Emerging Technology
Article | July 16, 2022
“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following:
Executive Order 14028: “Improving The Nation’s Cybersecurity”
M-22-09: OMB’s Zero Trust Strategy M-22-09
NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances
Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility.
The Shift to Zero Trust
At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk. No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in.
Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.”
NIST 800-207 aptly
They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward.
Management Complexities
Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine.
Let’s define a common baseline of enterprise domains seen across traditional IT environments:
Cloud
Data Center
Enterprise Networking
Extended Enterprise (IoT, OT/ICS)
Remote Access
But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach:
We can’t have MULTIDOMAIN POLICY without first achieving fuller
We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN
We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together.
Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency.
Summary and Overarching Goals
In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust.
Establish Visibility (Administration, Telemetry, Assurance)
Define Straightforward Policy Structure and Hierarchy (Auth Chains)
Perform Multidomain Integrations (API Integrations)
Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations)
Establish Sensical Automation Runbooks (Day-2 Operations)
We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.
Read More
Article | July 14, 2020
The COVID-19 virus (C19) pandemic is turning out to be the event of the century. Even World War seems timid in comparison. We are in the 4th month of the virus (in non-China countries) and have gone past the lockdown in many places. Isn’t it time we re-think the approach? What if there is another wave of C19 coming soon? What if C19 is the first of many such events in the future?
Before we get into analysis and solution design, summarizing the C19 quirks:
While a large section of the affected population is asymptomatic, for some it can be lethal
There isn’t clarity on all the ways C19 spreads
It’s known to affect the lungs, heart, and kidneys in patients with weak immunity
It has been hard to identify a definitive pattern of the virus. Some observations in managing the C19 situation are:
With no vaccine in sight, the end of this epidemic looks months or years away
Health care personnel in hospitals need additional protection to treat patients
Lockdowns lead to severe economic hardship and its repeated application can be damaging
Quarantining people has an economic cost, especially in the weaker sections of society
If one takes a step back to re-think about this, we are primarily solving 2 problems:
Minimise deaths: Minimise the death of C19 and non-C19 patients in this period
Maximise economic growth: The GDP output/growth should equal or higher than pre-C19 levels
One needs to achieve the 2 goals in an environment of rising number of C19 cases.
Minimise deaths
An approach that can be applied to achieve this is:
Data driven health care capacity planning
Build a health repository of all the citizens with details like pre-existing diseases, comorbidity, health status, etc. The repository needs to be updated quarterly to account for patient data changes
This health repository data is combined with the C19 profile (disease susceptibility) and/or other seasonal diseases to determine the healthcare capacity (medicines, doctors, etc.) needed
The healthcare capacity deficit/excess needs to be analysed in categories (beds, equipment, medicine, personnel, etc.) and regions (city, state, etc.) and actions taken accordingly
Regular capacity management will ensure patients aren’t deprived of timely treatment. In addition, such planning helps in the equitable distribution of healthcare across regions and optimising health care costs. Healthcare sector is better prepared to scale-up/down their operations
Based on the analysis citizens can be informed about their probability of needing hospitalisation on contracting C19. Citizens with a higher health risk on C19 infection should be personally trained on prevention and tips to manage the disease on occurrence
The diagram below explains the process
Mechanism to increase hospital capacity without cost escalation
Due to the nature of C19, health personnel are prone to infection and their safety is a big issue. There is also a shortage of hospitable beds available. Even non-C19 patients aren’t getting the required treatment because health personnel seek it as a risk. This resulted in, healthcare costs going up and availability reducing.
To mitigate such issues, hospital layouts may need to be altered (as shown in the diagram below). The altered layout improves hospital capacity and availability of health care personnel. It also reduces the need for the arduous C19 protection procedures. Such procedures reduce the patient treatment capacity and puts a toll on hospital management.
Over a period, the number of recovered C19 persons are going to increase significantly. We need to start tapping into their services to reduce the burden on the system. The hospitals need to be divided into 3 zones. The hospital zoning illustration shown below explains how this could be done. In the diagram, patients are shown in green and health care personnel are in light red.
**Assumption: Infected and recovered C19 patients are immune to the disease. This is not clearly established
Better enforcement of social factors
The other reason for high number of infections in countries like India is a glaring disregard in following C19 rules in public places and the laxity in enforcement. Enforcement covers 2 parts, tracking incidents of violation and penalising the behaviour. Government should use modern mechanisms like crowd sourcing to track incidents and ride on the growing public fear to ensure penalty enforcement succeeds. The C19 pandemic has exposed governance limitations in not just following C19 rules, but also in other areas of public safety like road travel, sanitation, dietary habits, etc.
Maximise economic growth
The earlier lockdown has strained the economy. Adequate measures need to be taken to get the economy back on track. Some of the areas that need to be addressed are:
One needs to evaluate the development needs of the country in different categories like growth impetus factors (e.g. building roads, electricity capacity increase), social factors (e.g. waste water treatment plants, health care capacity), and environmental factors (e.g. solar energy generation, EV charging stations). Governments need to accelerate funding in such projects so that that large numbers of unemployed people are hired and trained. Besides giving an immediate boost to the ailing economy such projects have a future payback. The governments should not get bogged down by the huge fiscal deficit such measures can create. Such a mechanism to get money out in the economy is far than better measures like QE (Quantitative Easing) or free money transfer into people’s bank accounts
Certain items like smartphone, internet, masks, etc. have become critical (for work, education, critical government announcements). It’s essential to subsidise or reduce taxes so that these items are affordable and accessible to everyone without a financial impact
The government shouldn’t put too many C19 related controls on service offerings (e.g. shops, schools, restaurants, cabs). Putting many controls increases the cost of the service which neither the seller not buyer is willing or able to pay. Where controls are put, the Govt should bear the costs or reduce taxes or figure out a mechanism so that the cost can be absorbed.
An event like the C19 pandemic is a great opportunity to rationalise development imbalances in the country. Government funding should be channelized more to under-developed regions. This drives growth in regions that need it most. It also prevents excess migration that has resulted in uncontrolled and bad urbanisation that has made C19 management hard (guidelines like social distance are impossible to follow)
Post-C19 lockdown, the business environment (need for sanitizers, masks, home furniture) has changed. To make people employable in new flourishing businesses there could be a need to re-skill people. Such an initiative can be taken up by the public/private sector
The number of C19 infected asymptomatic patients is going to keep increasing. Building an economy around them (existing, recovered C19 patients) may not be a far-fetched idea. E.g. jobs for C19 infected daily wage earners, C19 infected taxi drivers to transport C19 patients, etc.
In the last 100 years, mankind has conquered the destructive aspects of many a disease and natural mishap (hurricanes, floods, etc.). Human lives lost in such events has dramatically dropped over the years and our preparedness has never been this good. Nature seems to have caught up with mankind’s big strides in science and technology. C19 has been hard to reign in with no breakthrough yet. The C19 pandemic is here to stay for the near future. The more we accept this reality and change ourselves to live with it amidst us, the faster we can return to a new normal. A quote from Edward Jenner (inventor of Small Pox) seems apt in the situation – “The deviation of man from the state in which he was originally placed by nature seems to have proved to him a prolific source of diseases”.
Read More