Platt Perspective on Business and Technology

Innovation, disruptive innovation and market volatility 36: innovative business development and the tools that drive it 6

Posted in business and convergent technologies, macroeconomics by Timothy Platt on October 15, 2017

This is my 36th posting to a series on the economics of innovation, and on how change and innovation can be defined and analyzed in economic and related risk management terms (see Macroeconomics and Business, posting 173 and loosely following for Parts 1-5 and Macroeconomics and Business 2, posting 203 and loosely following for Parts 6-35.)

I have been systematically working my way through a to-address list of topics points in recent installments to this series, that I repeat here for purposes of continuity. Note that I append reference links to the ends of the points on this list that I have already addressed, indicating where I did so):

1. Innovation and its realization are information and knowledge driven (Part 32).
2. And the availability and effective use of raw information and of more processed knowledge developed from it, coupled with an ability to look beyond the usual blinders of how that information and knowledge would be more routinely viewed and understood, to see wider possibilities inherent in it (Part 33),
3. Make innovation and its practical realization possible and actively drive them (Part 34 and Part 35).
4. Information availability serves as an innovation driver, and business systems friction and the resistance to enabling and using available business intelligence that that creates, significantly set the boundaries that would distinguish between innovation per se and disruptively novel innovation as it would be perceived and understood
5. And in both the likelihood and opportunity for achieving the later, and for determining the likelihood of a true disruptive innovation being developed and refined to value creating fruition if one is attempted.

I began addressing Point 3 of this list, as just noted above, in Part 34, and continued that in Part 35 by raising a set of three issues that I would argue, need to be addressed in order to even just preliminarily resolve Point 3 for purposes of this series:

• A basic assumption as to what types of already-held and routinely used business information would be required in a genuinely disruptively innovative context, as for example might be explored and pursued in an innovation-supporting service, department or more separate facility within a business.
• An implicit financial assumption that runs counter to what would more generally be automatically assumed when innovation, and the research and development that it calls for are considered. I will at least briefly address that “starter” assumption here, offering some references that delve into its issues. And I will offer a basic rationale for justifying this alternative point of view assumption that I offer here for purposes of this series.
• And a fuller reconsideration of timeframes in all of this, where outside forces can easily become the driving shaping factors for all of this but where within-business factors always have to be accounted for too – and where they can be less examined in any planning that takes place.

And I delved into and discussed the first of these sub-issues there. My goal for this posting is to address the second of them and at least start addressing the third and final of them here too. Then when I have addressed all of them, as required in the context of this series discussion, I will continue on to Points 4 and 5 of the main to-address list as repeated above.

And I begin all of this with financial considerations, and a set of points that strikes to the heart of this series, and certainly as organizationally summarized in the starting paragraph here. And I begin that by reframing and reconsidering what applied research and pure research actually are, at least when considered from a more strictly financial perspective.

• Applied research and its most directed practical extreme of specific product development, are channelized in what can be considered at least somewhat tested and validated directions, and with the more product-specific end of that short spectrum quite securely reliable for that. Success there can mean adding new life to an already developed and successful product or product line, and failure: if an attempted upgrade or advancement does not cost-effectively work out, will at least offer practical insight for further next-step product advancement.
• Applied research, as considered here, offers what might be greater uncertainty and definitely when a new, next generation product is being attempted that would call for rethinking, and for manufacturing line retooling. But conversely, this also carries potential for proportionately larger rewards too. In any case, and focusing on that word “applied”: this type of research, like still more focused product development, follows a more linear development change and modification and upgrade pattern and with lower levels of overall risk associated with it, in keeping with the incremental improvements, profit and value creation potential of simply working to create a next generation upgrade.
• Pure research on the other hand, carries more dramatic value creation and loss possibilities, with its potential for developing successful disruptive innovation and game changing new product development ¬ or dead end failure if that does not work out. Yes, sometimes failed pure research does bring insight that can be turned into next attempt success, and often in completely new and otherwise unexpected directions when that happens. But this delayed and alternative success cannot be counted on.

Let’s start addressing the finances of this, with an explicitly stated assumption that can be considered a basic if mostly just presumed mantra, for those who run and lead corporate research and development facilities:

• Appropriately scaled and selected innovation that is kept in focus (no scope creep) can be cost-controlled and within budget.

This, in practice, means balancing the costs and benefits: profit and risk potentials included, of suites of pure and applied research projects and initiatives, with the more secure and reliable of them as found towards the specific product development and improvement end of this, in effect bankrolling the more pure end of this overall effort and certainly for constraining overall risk faced.

I said above, that I would offer an alternative financial model here for understanding and managing overall research for an organization, and I do so with this perhaps-baseline, more standard approach held up for comparison. And I begin this by noting a detail in the above, standard-cant approach that I intentionally failed to acknowledge there, and that tends to be lost in most such policy and practice development: the role of timelines in all of this, and particularly timelines that extend beyond reporting quarters.

• A business that assiduously seeks to pursue stable, risk limiting and controlling safety in how it selects and benchmarks and carries out its research, and in how it seeks to balance its overall books for its research facility, will probably do very well from that in any given short term timeframe. It will probably succeed there in middle-range timeframes too, where short and middle-term are measured in terms of the rate of advancement in their overall industry for new product development, and in their markets for the pace of change in consumer demand.
• But that same business has to assume that pursuing a simpler short-term oriented approach here, will only lead to increased risk, and even what is essentially a certainty of failure long-term. The only way that a business, and certainly one in a rapidly advancing industry that is driven by disruptive change, can succeed long-term and in the face of this ongoing flow of challenge faced, is if it is willing to become more risk tolerant in its own next steps forward, building for its future through research and development.

This is important enough to bear repeating. Businesses that cannot and do not take this leap into the admittedly unknown, ever, might be secure in their current here-and-now for right now and in their immediate and shorter term future. But they also run the risk and certainly longer-term, of being blindsided by their competitors who do innovate and who do support the potential for innovation that their employees can offer.

How can an effectively, efficiently run business manage this and still remain stable and resilient? I offer an at least easy to state possibility here, and a thought point and a starting point for more focused discussion. A business can in fact set up and run a stand-alone research facility in-house and basically in accordance with the above stated research finances mantra with its risk and costs balancing. But it can also support a level of special research projects that might be carried out within this same facility, but that would be separately financed, from a reserves account that would be set up for this purpose. And researchers who were so interested, would compete for these special blue sky research funds and for the necessary space and other resources needed to carry out their projects.

Note: this can mean enlisting and developing research excellence from in-house, but it can also at least include search for new talent and new potential from outside of the business, that could be brought in with contractual promises in writing to support the research that these professionals have been striving to be able to carry out.

And with this, I have at least briefly discussed both of the remaining sets of issues that I cited early in this posting as being necessary in order to complete discussion here, of Point 3 of the basic to-address list under consideration. I am going to turn to consider Point 4 and Point 5 of the basic list from the top of this posting, at least beginning that in my next series installment:

4. Information availability serves as an innovation driver, and business systems friction and the resistance to enabling and using available business intelligence that that creates, significantly set the boundaries that would distinguish between innovation per se and disruptively novel innovation as it would be perceived and understood
5. And in both the likelihood and opportunity for achieving the later, and for determining the likelihood of a true disruptive innovation being developed and refined to value creating fruition if one is attempted.

And yes, I will also offer the reference links that I promised in this posting, regarding research financing, in the next installment too, where they will prove relevant in the contexts of Points 4 and 5 too.

Meanwhile, you can find this and related postings at Macroeconomics and Business and its Page 2 continuation. And see also Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation.

Advertisements

Rethinking national security in a post-2016 US presidential election context: conflict and cyber-conflict in an age of social media 4

Posted in business and convergent technologies, social networking and business by Timothy Platt on September 25, 2017

This is my fourth installment to a new series on cyber risk and cyber conflict in a still emerging 21st century interactive online context, and in a ubiquitously social media connected context and when faced with a rapidly interconnecting internet of things among other disruptively new online innovations (see Ubiquitous Computing and Communications – everywhere all the time 2, postings 354 and loosely following for Parts 1-3.)

I have been discussing the more malicious weaponization of new and emerging cyber-technology in this series. And I have at the same time been discussing the continued vulnerabilities that we still face and seemingly without end, from already known threat vectors that arise from more established technologies too. That second thread to this discussion is one that I have recurringly returned to in the course of writing this blog and unfortunately, it remains as relevant a topic of discussion as ever when considering cyber-security and either locally and within single organizations, or nationally and even globally.

But at the same time that I have been delving into this combined, new and old technical side to cyber-attack and to the risk and threat of it, I have been delving into the more human side to this challenge too, and the risks of careless online behavior, and the challenge of social engineering attacks that would exploit it. Cyber-risk and cyber-security inextricably include both technology and human behavior aspects and each shapes and in fact can help to even create the other.

And with this noted, I add the issues of clarity and transparency into this discussion too, and I do so by way of a seemingly unrelated case in point example that I would argue serves as a metaphor for the security issues and vulnerabilities that I write of here:

• I went to see a physician recently for an appointment at her office. And when I go there, I saw only one person working behind the receptionist counter instead of the usual two that I had come to expect. The now-vacant part of the counter that patients would go to when arriving, had a tablet computer in place instead, with basic appointment sign-in now automated and for any scheduled return patients to use. That was not a problem, in and of itself. The problem that I found in this, was that this now automated system was much more involved than any verbal sign-in had ever been, with requirements that every patient sign multiple screens, each involving an authorization approval decision on a separate issue or set of them. Most of these screens in fact represented lengthy legal documents, ranging into the many hundreds and even thousands of words. And at least one of them meant my agreeing to or declining to participate in what turned out to be patient records sharing programs that I had never heard of and that had never come up in my dealings with that physician or with the hospital that she is affiliated with. I objected that this did not give me opportunity to make informed consent decisions, with patients waiting to sign in after me and with my scheduled appointment start time fast approaching. And the receptionist there rolled her eyes and said something to the effect that she was “used to being yelled at” by dissatisfied and impatient people. She briefly tried explaining what those two programs were on that one very lengthy screen but it was clear that she did not know the answer to that herself. So I signed as best I could, unsure of what some of my sign-in decisions actually meant, and then I went to my appointment.

When an online computer user clicks to a link, they might or might not realize that they are in effect signing an information access agreement too, and often one where they do not know that they are doing this and usually one where they do not understand the possible range and scope of such agreements. And this information sharing goes both ways and that fact is often overlooked. Supposedly legitimate online businesses can and at times do insert cookies and related web browser tracking software onto their link-clicking site visitors’ computers, and some even use link clicks to their servers to push software back onto a visitor’s computer to turn off or disable ad blocking software. And they do this without explicit warning and certainly not on the screens that users would routinely click to on their sites: hiding any such disclosures on separate and less easily found “terms of usage” web pages. And I am writing of “legitimate” businesses there. Even they take active and proactive actions that can change the software on a visitor’s computer and without their explicit knowledge or consent.

When you add in the intentionally malicious, and even just the site owners who would “push the boundaries” of legality, that can have the effect of opening Pandora’s box. And my above cited example of businesses that seek to surreptitiously turn off ad blocker apps is just one of the more benign(?) of the “boundary pusher” examples that I could cite here.

The Russian hackers of my 2016 US elections example as discussed in this series, and their overtly criminal cousins just form an extreme end point to a continuum of outside sourced interactivity that we all face when we go online. And this ranges from sites that offer you a link to “remember” your account login on their web site so you do not have to reenter it every time you go there on your computer, to sites that would try downloading keystroke logger software on your computer so their owners can steal those login names and passwords and wherever you go online from then on.

• Transparency and informed decision making and its follow-through, and restrictions to them that might or might not be apparent when they would count the most, are crucially important in both my more metaphorical office sign-in example, and in the cyber-involvement examples that I went on to discuss in light of it.

I have written of user training here in this series, as I have in earlier postings and series to this blog. Most of the time, the people who need this training the most tend to tune it out because they do not see themselves as being particularly computer savvy, at least for the technical details. And they are not interested in or concerned about the technical details that underlie their online experiences and activities. But the most important training here is not technical at all and is not about computers per se. It is about the possibilities and the methods of behavioral manipulation and of being conned. It is about recognizing the warning signs of social engineering attempts in progress and it is about knowing how to more effectively and protectively respond to them – and both individually and as a member of a larger group or organization that might be under threat too.

I am going to turn back to discussion of threats and attacks themselves in the next installment to this series. And in anticipation of that and as a foretaste of what is to come here, I will discuss trolling behavior and other coercive online approaches, and ransomware. After that I will at least briefly address how automation and artificial intelligence are being leveraged in a still emerging 21st century cyber-threat environment. I have already at least briefly mentioned this source of toxic synergies before in this series, but will examine it in at least some more detail next.

Meanwhile, you can find this and related postings and series at Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation. And you can also find this and related material at Social Networking and Business 2, and also see that directory’s Page 1.

Meshing innovation, product development and production, marketing and sales as a virtuous cycle 7

Posted in business and convergent technologies, strategy and planning by Timothy Platt on September 13, 2017

This is my seventh installment to a series in which I reconsider cosmetic and innovative change as they impact upon and even fundamentally shape the product design and development, manufacturing, marketing, distribution and sales cycle, and from both the producer and consumer perspectives (see Ubiquitous Computing and Communications – everywhere all the time 2, postings 342 and loosely following for Parts 1-6.)

I offered two case studies in this series, that were both based on restaurant planning and execution. The first, appearing in Part 3, represented a vicious cycle in which recurring bad decisions acted upon as consequences mount, lead to disaster. The second, appearing in Part 5 represents a more virtuous cycle example where success can lead to further success. But both of the action and consequence cycles that the restaurants of those examples follow, if taken to their logical extremes and without possible deviation, can and do lead to problems. And yes, this holds for the virtuous cycle example too: if their basic business model and strategy cannot be adjusted and even significantly course corrected in the face of the unexpected.

With those examples in place, in order to take subsequent discussion out of the abstract, I offered a to-address list of topic points in Part 6 that I repeat here for purposes of smoother continuity of narrative, where I would:

1. Discuss what businesses respond to, and in the specific context of this series, as they respond in patterns of decision and action, review and further decision and action that can have recurringly cyclical elements to them.
2. And it means addressing how they would respond at a higher level strategic and overall operational level and not just at a day-to-day, here-and-now details level, and certainly if they do so effectively.
3. In anticipation of that point, I cite agility and resiliency as organizational goals – and as buffering mechanisms against the down-sides of change. I have already touched on this third complex of issues (e.g. in Part 5) but will return to further consider it in light of my discussion of the above Points 1 and 2.

I at least briefly discussed Point 1 of that list in Part 6, doing so in terms of those case study examples. My goal for this posting is to delve into Point 2 and its issues. And I begin doing so here, with an at least brief and selective discussion of how Point 2 is worded, and what that implies.

• I raised in Part 6, an important point of distinction between the longer-term and bigger picture understanding of a business, as considered at a “higher level strategic and overall operational level,” and the shorter term and more situationally tactical focus of the “day-to-day, here-and-now details level.”
• My Part 3, vicious cycle example, which I refer to as falling into a “restaurant death spiral” pattern arises because no one there is actually carrying out consistent and inclusive, open minded strategic reviews or analyses to see how courses of action followed, are actually performing. And even when the restaurant owner and their senior staff are all aware that their business is failing, none of them seem able to connect the dots on their own as to how or why that is happening. Or at the very least, none of those stakeholders are able to articulate such an understanding in ways that would lead to remediative change for the business, and recovery.
• My Part 5 example follows a more virtuous cycle approach – but only as long as the conditions that it was initially developed in, continue unchanged and unabated. Disruptive change and challenge to that status quo, hold real potential for problems even then: if that is, this new recovery approach business model (leading a business out of a Part 3 downward spiral and into New), becomes an immutable given and as if set in stone too.
• Ultimately, both business model approaches fail if they are pushed to their logical extremes and left there and regardless of how circumstances change with new challenges and new opportunities arising.

Identifying those emerging changes: positive and negative, and planning and organizing so as to better address them, falls within the realm of strategy and the longer-term that it should be preparing the business for. If you wait until all of this: good and bad is already hitting you and if you only seek to address it tactically as a first response, you can only be reactive in doing so. And you cannot become proactive in this unless and until you step back and start addressing all of what you face and do right now, from a more specifically strategic perspective too.

Ultimately tactical can only succeed long-term if it is grounded in effective inclusive strategy – and that means strategy that is not limited by the types of blind spots that led the restaurant of Part 3 into so much trouble. Ultimately, the best that tactics can accomplish, absent supportive underlying strategy is to seek to arrive at an at least for now least-damaging reactive response, where longer term effectiveness essentially always calls for stepping out ahead proactively too.

I wrote the Part 5 scenario of the farm to table restaurant in terms of that restaurant and its operations and its business success. But I also wrote and discussed it and both there and in Part 6, in terms of larger communities that such an enterprise enters into: there, with local farmers and family owned dairies and related businesses. I stated at the end of Part 6 that I would begin addressing the issues of Point 2 of the above-repeated list, in terms of:

• “Where decisions have to be made that can be grounded in business ethics and related terms and in how a business and its owners enter into and participate in larger communities that only begin with their customers and their potential customer bases.”

I proposed that because those issues were weighing on my mind as I concluded that series installment. I in fact decided to develop some more organizing structure in this narrative, before assaying that set of issues. But I will return to consider the farm to table ethos in my next series installment, and the commitments that businesses make to other enterprises in general in supply chain and related value chain systems. And I will explicitly tie that line of discussion back to the core topical issues of this series as a whole, where businesses need to be change and innovation driven if they are to succeed. Then and in that context, I will finally turn to consider Point 3 of the above list, and:

• “Agility and resiliency as organizational goals – and as buffering mechanisms against the down-sides of change.”

Meanwhile, you can find this and related postings and series at Business Strategy and Operations – 4, and also at Page 1, Page 2 and Page 3 of that directory. And see also Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation.

Innovation, disruptive innovation and market volatility 35: innovative business development and the tools that drive it 5

Posted in business and convergent technologies, macroeconomics by Timothy Platt on September 5, 2017

This is my 35th posting to a series on the economics of innovation, and on how change and innovation can be defined and analyzed in economic and related risk management terms (see Macroeconomics and Business, posting 173 and loosely following for Parts 1-5 and Macroeconomics and Business 2, posting 203 and loosely following for Parts 6-34.)

I have been working my way through a to-address list of topics in the past several installments to this series, that I repeat here for purposes of continuity of narrative (having already addressed specific points from this list in earlier postings, as parenthetically noted below):

1. Innovation and its realization are information and knowledge driven (Part 32).
2. And the availability and effective use of raw information and of more processed knowledge developed from it, coupled with an ability to look beyond the usual blinders of how that information and knowledge would be more routinely viewed and understood, to see wider possibilities inherent in it (Part 33),
3. Make innovation and its practical realization possible and actively drive them (Part 34).
4. Information availability serves as an innovation driver, and business systems friction and the resistance to enabling and using available business intelligence that that creates, significantly set the boundaries that would distinguish between innovation per se and disruptively novel innovation as it would be perceived and understood
5. And in both the likelihood and opportunity for achieving the later, and for determining the likelihood of a true disruptive innovation being developed and refined to value creating fruition if one is attempted.

My goal for this posting, as of when I first wrote Part 34 was to finish discussion of Points 1-3 and of Point 3 in particular here, at least for purposes of this series, and to then at least begin a discussion of Part 4 and its issues. With further thought, I realize that that goal was too ambitious for one posting, so I begin this here with the final thoughts (for purposes of this series), related to the first three Points of the above list. And I begin that by listing three topics points that I raised in passing in Part 34, but never actually discussed there:

• A basic assumption as to what types of already-held and routinely used business information would be required in a genuinely disruptively innovative context, as for example might be explored and pursued in an innovation-supporting service, department or more separate facility within a business.
• An implicit financial assumption that runs counter to what would more generally be automatically assumed when innovation, and the research and development that it calls for are considered. I will at least briefly address that “starter” assumption here, offering some references that delve into its issues. And I will offer a basic rationale for justifying this alternative point of view assumption that I offer here for purposes of this series.
• And a fuller reconsideration of timeframes in all of this, where outside forces can easily become the driving shaping factors for all of this but where within-business factors always have to be accounted for too – and where they can be less examined in any planning that takes place.

I will of necessity begin addressing Point 4 of the above to-address list in dealing with these issues and even if I approach them from a Points 1-3 perspective. Then I will continue on to example Point 4 and then Point 5 of the above list. And with that reorienting note for what is to follow from here, I begin with the basic assumption of the first of the above three bullet points:

• The more innovative an idea is and the more disruptively novel it is in relation to what a business more routinely does, the less it is going to have to draw on the information flow that more conventionally derives from, fits into and supports their business as usual.
• Innovation and particularly novel and disruptive innovation needs to find its own path, and with its own, new types of data and understanding.

According to that assumption, innovation can be walled off from business-as-usual for the most part, with its own separate accumulated body of proprietary data and processed knowledge and without real need of all that much routine business information in place – besides basic information as to where current products or services are breaking down if a New approach would be developed to address that. And even then, the information presumed to be needed might be very circumscribed, and to limit introducing the biases of the past into the creative process if nothing else.

This understanding would fit into and support a simple, basic default confidential and sensitive business information management system that would, for example, limit access to sensitive trade secret manufacturing knowledge to the people in production who have essential need of it. And this would also fit into and support the development of within-business research centers as essentially separate and independently run, if wholly owned facilities too, with their own pools of sensitive and confidential data and processed knowledge too.

It has been a long time now for this, but I have given talks at in-house but separately run and conceived research facilities of this type, and particularly in the pharmaceutical industry from early in my professional life when I was still actively doing basic biomedical research and before I turned professionally towards organizational issues and consulting per se. So I write here of systems that I have seen up-close and first hand, where I have gotten to know the people involved who work at and run them. I still saw myself as a research scientist at the time, but even then I was acutely aware of and interested in the business model implications of that approach to research and development. So I actively studied that aspect of what I was allowed to see in those businesses.

How does this assumption hold up and longer-term? I would argue that it would not, and certainly not in its pure information and knowledge partitioning form. Put slightly differently, and in terms of individual innovative initiatives:

• That assumption would only hold true, if it does at all,
• If and where a new and disruptively-different innovation under consideration does not fit into and contribute to the ongoing business for anything in particular that it has historically done, and even just in a peripherally connected new direction.
• Restated from a different direction, an assumption of validity to an essentially complete walling off of essential information flow between a business’ production systems and its research and development, cannot succeed if the New that would be developed is to be integrated into the business as a whole and into what it does, as a new part of a consistent and coordinated larger whole.

The pharmaceutical research facilities that I got to visit, as cited above, succeeded in bringing developed value to their parent businesses, precisely because the walls there were selectively impermeable where that was needed and selectively porous when that was.

I am going to continue this discussion in a next series installment, with the second of the “clean-up” issues that I am adding here to round out my coverage in this series of Points 1-3 from above.

• An implicit financial assumption that runs counter to what would more generally be automatically assumed when innovation, and the research and development that it calls for are considered. I will at least briefly address that “starter” assumption here, offering some references that delve into its issues. And I will offer a basic rationale for justifying this alternative point of view assumption that I offer here for purposes of this series.

Then I will discuss the third and last of those bullet points and move on to address Points 4 and 5 of the main topics list that I have been working my way through here, as repeated at the top of this installment. Meanwhile, you can find this and related postings at Macroeconomics and Business and its Page 2 continuation. And see also Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation.

Rethinking national security in a post-2016 US presidential election context: conflict and cyber-conflict in an age of social media 3

Posted in business and convergent technologies, social networking and business by Timothy Platt on August 16, 2017

This is my third installment to a new series on cyber risk and cyber conflict in a still emerging 21st century interactive online context, and in a ubiquitously social media connected context and when faced with a rapidly interconnecting internet of things among other disruptively new online innovations (see Part 1 and Part 2.)

I concluded Part 2 of this narrative by proffering a briefly outlined solution to a problem, and in a way that could be seen as highlighting a fundamental conundrum faced. More specifically, I wrote in Parts 1 and 2 of how new and emerging value-creating technological innovations such as online social media and cloud computing create new opportunity for more malevolent use too, even as they create whole new worlds of positive opportunity. And to pick up on just one of the many facets to the positive side of this transformation, that make its advancement inevitable:

• Consider how essentially anywhere to anywhere and at any time, ubiquitous connectivity through small, simple smart phones and tablets has changed the world, reducing friction and barriers and bring people together and even globally,
• And particularly when cloud computing and for both data storage and for processing power, have in effect put always-connected supercomputer, super-communications devices into everyone’s hands. Think of this as ubiquitous connectivity and communications with what can amount to arbitrarily wide computational bandwidth, and equally wide ranging data storage, retrieval and sharing capabilities supporting it.

Now consider how this capability can be exploited by both individual black hat hackers, and by large organizations: governments included, that seek to exploit newly emerging cyber-weaknesses that arise from these new technologies in pursuing their own plans and policies. I wrote in Part 2, at least in brief and selective outline, of how Russia, China and North Korea have done this, as case in point examples. And in the course of that, I noted and at least began to discuss how the vulnerabilities exploited there, always have two faces: technological and human, and how the human side to that can be the more difficult to effectively address.

That led me to the quickly outlined “cyber security solution” that I made note of above and that I first offered at the end of Part 2, where I wrote of cyber-defense and security in general as calling for:

• Better computer and network user training,
• Better, more up to date and capable automated systems,
• And usage options channeling systems that reinforce good practices and discourage or even actively prevent bad, risk-creating ones.

Then, after offering that, I added that “technology fixes are always going to be important and necessary in this, but increasingly the biggest vulnerabilities faced come from human users, and particularly ones who are trusted and who have access permissions, to critically important systems.”

I begin addressing that ending point to Part 2 of this series and starting point to this Part 3 by picking up on one of the Russian government sponsored and led examples made note of in Part 2, where the Russian government explicitly sought to influence and even suborn the 2016 elections in the United States, including their presidential election. One of the key attack vectors used was a phishing attack campaign that gave them access to the Democratic Party email server system, used for within-Party confidential communications. This attack helped Russian operatives and private sector participants working for them, to insert malware into those server computers that gave them direct access to them for copying files stored on them, as well as capability for damaging or deleting files stored there. And this gave them the ability to edit as desired, and selectively leak emails so covertly captured too. And this was done and according to a timing schedule that would cause the greatest harm to a Hillary Clinton, Democratic Party presidential campaign while significantly helping Donald Trump to win the White House. This attack required concerted application of weaponized technology, but that in and of itself could never have accomplished anything without help from trusted insiders in the United States Democratic Party leadership, who had legitimate and trusted access to those computer servers, and who clicked to open what should have been suspicious links in emails that they received from what turned out to actually be malevolent Russian sources.

With this noted, let’s reconsider the three “to-do”, or at least “to-attempt” bullet points that I just repeated here from Part 2, as a first-take “cyber security solution”:

• Training only works if people who receive it actually follow through and do what they have been taught.
• “Better, more up to date and capable automated systems” as an operational goal, is always going to constitute a moving target, as both new positive capabilities and the new vulnerabilities that they bring with them arise and become commonplace.
• And the ongoing emergence of this new and different, and particularly of an ongoing flow of disruptively new and different, can make good practice shaping and requiring systems, obsolete almost before they are really implemented – and particularly given the challenges of the first of these three bullet points.

How did the Russians hack into the Democratic National Committee (DNC) confidential email servers that they specifically targeted here? Setting aside the technical side of this question and only considering the social engineering side to it, all that took was one person who was trusted enough to be given access to this email system, who would click to open what probably should have been seen to be suspicious links in an email that they had opened with their standard email software. Then when they went to the DNC secure server with it, they delivered the malware that they had just infected their computer with from this, and the rest was history.

• This is very important. It did not matter if a thousand others had deleted the malware-carrying emails that this one user opened and clicked into, if just that one trusted systems user did open at least one of them and click at least one link in it.

There is a saying to the effect that a chain can be no stronger than its weakest link. Reframing “link” in human terms rather than hyperlink, cyber terms, all it takes is one weak human link in this type of system, among its community of trusted and vetted users to compromise the entire system. And they only have to set aside their judgment and training once, at an inopportune moment to become that crucially weak link.

Let me add one more innovative element to the positive value created/negative vulnerability created from it, paradigm that I have been developing and pursuing this series around: automation and the artificial intelligence based cyber systems that enable it. These smart systems can be and increasingly are being developed and implemented to create automatic nuanced flexibility into complex information and communications systems. They can be and increasingly are being used to promote what many if not most would consider more malevolent purposes too, such as attempting to throw national elections. Automated systems of the type that I write of here are consistent and always follow their algorithmic protocols and processes in place, and they are becoming more and more subtle and capable in doing this, every day. They do not tire or become distracted and they do not make out-of-pattern mistakes. And here, they are pitted against individual human users of these systems, who all at least occasionally do.

Let’s reconsider the three to-do recommendation points that I initially repeated here towards the top of this posting:

• Training only works if people who receive it actually follow through and do what they have been taught.
• “Better, more up to date and capable automated systems” as an operational goal, is always going to constitute a moving target, as both new positive capabilities and the new vulnerabilities that they bring with them arise and become commonplace.
• And the ongoing emergence of this new and different, and particularly of an ongoing flow of disruptively new and different, can make good practice shaping and requiring systems, obsolete almost before they are really implemented – and particularly given the challenges of the first of these three bullet points.

And I match them with the issues and challenges of this posting in mind, with a brief set of matching questions:

• How best can these technology/human user systems be kept up to date and effective from a security perspective, while still keeping them essentially intuitively usable for legitimate human users?

The faster the technologies change that these systems have to address, and the more profoundly they do so when they do, the greater the training requirements that will be required at least by default and according to most current practices in place, and the less likely it becomes that “potentially weaker links” will learn all of this New and incorporate it into their actual online and computer-connected behavior, and fast enough. So the more important it becomes that systems be made intuitively obvious and that learning curve requirements be prevented, to limit if not entirely avoid that losing race towards cyber-security safety. And yes, I intentionally conflate use per se and “safe, security-aware” use in this, as they need to be one and the same in practice.

• Moving targets such as “better, more up to date and capable automated systems” of the type cited in the second above-repeated point, tend to become harder to justify, at least for the added effort and expense of keeping them secure in the face of new possible challenges. That certainly holds true when these information technology and communications systems keep working for their current iterations, and when updates to them, up to now have seemed to work and securely so too. How do you maintain the financial and other support for this type of ongoing change when it succeeds, and continues to – in the face of pressures to hold down costs?

Unfortunately, it is all too common that ongoing success from using technologies, breeds reduced awareness of the importance of maintaining equally updated ongoing (generally expensive) protective, preemptive capabilities in them too. And it becomes harder and harder to keep these systems updated and with support for doing so, as the most recent negative consequence actually once faced, slips farther into the past. And to put this point of observation into perspective, I suggest you’re reviewing Parts 1 and 2 of this series, where I write of how easy it is to put off responding to already known and still open vulnerabilities that have struck elsewhere, but not here at least yet.

And for Point 3 of that list, I add what is probably the most intractable of these questions:

• In principle, non-technology organizations that do not have strength in depth in cyber issues and on how best to respond to them, can be safe in the face of already known threats and vulnerabilities, if that is they partner for their cyber-security with reliable businesses that do have such strengths and that really stay as up to date as possible on known threat vectors and how they can be and are being exploited. But what of zero-day vulnerabilities and the disruptively new? How can they be at least better managed?

I am going to continue this discussion in a next series installment, starting with these questions. And I will take that next step to this narrative out of the abstract by at least briefly discussing some specific new, and old-but-rebuilt sources of information systems risk. Meanwhile, you can find this and related postings and series at Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation. And you can also find this and related material at Social Networking and Business 2, and also see that directory’s Page 1.

Meshing innovation, product development and production, marketing and sales as a virtuous cycle 6

Posted in business and convergent technologies, strategy and planning by Timothy Platt on August 4, 2017

This is my sixth installment to a series in which I reconsider cosmetic and innovative change as they impact upon and even fundamentally shape the product design and development, manufacturing, marketing, distribution and sales cycle, and from both the producer and consumer perspectives (see Ubiquitous Computing and Communications – everywhere all the time 2, postings 342 and loosely following for Parts 1-5.)

I focused in Part 5 on a restaurant example, where that business’ owner had decided to pursue a farm to table approach as the defining vision of their restaurant. Earlier, in Part 3 I offered a restaurant-oriented example of a downward vicious cycle, that fits a pattern that I have come to call a restaurant death spiral, where loss of business leads to cost cutting and corner cutting that in turn drives away customers and creates still greater loss – with that pattern repeating until the restaurant finishes failing. Think of the Part 3 scenario of this series as background and prelude for a Part 5 change of direction recovery here, for the level of urgency and determination that that would bring a business owner to, in order to avoid repeating what might in any way be viewed as returning to a lessons-learned failed path.

• What do the two business model approaches of Parts 3 and 5 have in common? Any realistic answer to that would have to include a rigidity that can create vulnerability and certainly in the face of the unexpected, and increased risk in any case, and certainly when the Part 5 scenario is pushed to its logical pure-play extreme.

And this brings me to the set of issues that I would at least begin address here in this posting, as encapsulated in this following set of bullet points:

1. Discussing what businesses respond to, and in the specific context of this series, as they respond in patterns of decision and action, review and further decision and action that can have recurringly cyclical elements to them.
2. And it means addressing how they would respond at a higher level strategic and overall operational level and not just at a day-to-day, here-and-now details level, and certainly if they do so effectively.
3. In anticipation of that point, I cite agility and resiliency as organizational goals – and as buffering mechanisms against the down-sides of change. I have already touched on this set of issues (e.g. in Part 5) but will return to further consider it in light of my discussion of the above Points 1 and 2.

I begin with Point 1 of that list, and with the point that the two just-referenced case study examples hold in common: their inflexibility and what it is grounded in.

• Business owners who pursue a Part 3 scenario or analogous approach to running their business, generally seem to be pursuing known and easy more than anything else, and with a goal of limiting risk from avoiding forays into what for them would be the unknown and unfamiliar.
• Business owners who pursue a more purely Part 5 scenario or analogous approach to running their business, do so with a goal of never, ever again risking falling into a known failed pattern: a once followed easy but long-term dangerous trap like the restaurant death spiral. And when I posit a Part 5 approach as a break-away from that downward spiral and with all of the pain that it had caused, the pressures to pursue their new course can be very intense.

Rigidity and the resulting fragility that it can engender, arise in both of these scenarios. And addressing the questions of what businesses respond to, and both one-off and as a matter of developing cyclically recurring processes, has to begin with a deeper understanding of goals and priorities and of what really should be added into the basic business mission and vision where that has to be fundamentally reconsidered.

Let’s consider the farm to table, local-only sourcing restaurant of Part 5. They started out pursuing this approach after what their owner came to see as a near death experience for their restaurant dream and for their own personal financial wellbeing too. And they began to see some real success from this as their business began to flourish. Then they hit a wall in the form of locally sourced supplies limitations that arose from really challenging weather and crop loss for the farms they would buy from. And this leads me to a fundamental question.

• Does this restaurant owner seek to run a locally sourcing farm to table restaurant only and with that their one and only mission defining goal?
• Or do they seek to provide the best food possible from the best ingredients possible where that might usually mean buying and using local and from specific partner business farms – but where they would selectively deviate from that when necessary for maintaining both quality of food and the variety that they would want on their menus?
• What, ultimately, are their operational and process-based priorities there?
• And what are the actual priorities of their customers and of their potential customers who would be drawn to quality, and even if they see value in farm to table and local sourcing where possible?

Transparency and openness are important here, in what such a restaurant offers its customers and in how it describes and explains and markets itself. And the same can be said for openness in how this restaurant maintains connection with and support for the local farms and dairies and other largely family owned and run enterprises that they began turning to when first becoming a farm to table restaurant. It is important to note here that farm to table restaurants do not just approach a within-organization business model and its requirements when pursuing that approach. They join a community with their family owned small farm and dairy providers that can become both mutually supportive and mutually rewarding and for all involved.

I am writing about marketing and communications here, but more importantly I am writing about a rethinking of what a business does and how, and with the necessary selectively expressed flexibility needed to address and surmount challenges. And yes, this might even mean buying premium quality canned Italian tomatoes or buying distantly grown ones – whichever would best meet the restaurant’s quality criteria and needs, until locally grown can be freshly available again. (I noted in Part 5 that elements of this scenario are now dated by the improvement of long-distance transportation, and even for ripe produce and at good costs at point of delivery. But I offer this example and continue developing it here because basic decisions with their competing alternative resolutions still arise and will continue to do so, as change and the unexpected force reconsideration and decisions, and in ways that might be novel to the business model in place. And the farm to table ethic of buying local and supporting local producers where ever possible, has to be taken into account here too.)

I am going to continue this discussion in a next series installment with Point 2 of my above-repeated topics list. And in anticipation of that, I note here that I will begin that line of discussion where I finished this posting, at a point where decisions have to be made that can be grounded in business ethics and related terms and in how a business and its owners enter into and participate in larger communities that only begin with their customers and their potential customer bases. I will discuss this in the context of meeting strategic and operational needs within a business, to keep it viable and profitably robust. Meanwhile, you can find this and related postings and series at Business Strategy and Operations – 4, and also at Page 1, Page 2 and Page 3 of that directory. And see also Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation.

Innovation, disruptive innovation and market volatility 34: innovative business development and the tools that drive it 4

Posted in business and convergent technologies, macroeconomics by Timothy Platt on July 25, 2017

This is my 34th posting to a series on the economics of innovation, and on how change and innovation can be defined and analyzed in economic and related risk management terms (see Macroeconomics and Business, posting 173 and loosely following for Parts 1-5 and Macroeconomics and Business 2, posting 203 and loosely following for Parts 6-33.)

I began Part 33 of this by repeating a to-address list of points that I am now working my way through. And I repeat this list here for smoother continuity of narrative, as I continue systematically addressing its issues:

1. Innovation and its realization are information and knowledge driven.
2. And the availability and effective use of raw information and of more processed knowledge developed from it, coupled with an ability to look beyond the usual blinders of how that information and knowledge would be more routinely viewed and understood, to see wider possibilities inherent in it,
3. Make innovation and its practical realization possible and actively drive them.
4. Information availability serves as an innovation driver, and business systems friction and the resistance to enabling and using available business intelligence that that creates, significantly set the boundaries that would distinguish between innovation per se and disruptively novel innovation as it would be perceived and understood
5. And in both the likelihood and opportunity for achieving the later, and for determining the likelihood of a true disruptive innovation being developed and refined to value creating fruition if one is attempted.

I at least initially dealt with Point 1 of this list in Part 32, and its Point 2 in Part 33. And I turn here to consider the above restated Point 3 in that same vein. And to be more specific here, I used Points 1 and 2 of this list to at least briefly sketch out a fundamental problem:

• A fundamental challenge that businesses face when they simultaneously seek to safeguard sensitive and confidential proprietary business information,
• And still remain open to the possibilities of developing and capitalizing on innovation, and even disruptively novel innovation where new communications patterns and information sharing allowances might be needed in order to effectively bring the right combinations of expertise together for that.

Rules based information access systems, of necessity are always built and implemented in terms of a business’ current here and now, and in terms of current information sharing needs – assuming of course that they are kept that up to date. Innovation and disruptive innovation in particular can demand new and novel there, as previously unconsidered combinations of personnel and unconsidered combinations of expertise and experience that they could offer become essential if their business is to develop its next step-forward future.

And this brings me directly to the above Point 3, and implementation. And it also brings me back to a specific business organization approach to making an enterprise more effectively innovative in practice, that I initially offered in my 2012 series: Keeping Innovation Fresh (see Business Strategy and Operations – 2, postings 241 and following, and in particular, see its Part 7 and following where I discuss transition committees.)

• A well organized and run transition committee serves the business that it operates in by helping to identify innovation opportunity that is being developed in-house, that holds potential for offering value to the business if further developed into fully practical implementation. And such a committee helps to facilitate this transition from proof of principle and concept, to practical realization. It bridges the gap between research and conceptualization and its output, and practical implementation that can be brought to market.
• For purposes of this series, consider that a second step to a larger and more comprehensive overall process and system of them that any successful in-house innovation has to traverse if it is to succeed and become a value creating part of the business that it first arises in. My focus here is on what precedes that step, in bringing the personnel and other necessary resources together to make development of initial innovative potential possible. And bringing together both the necessary people and the necessary information that they would develop New from, is crucial there.

In practice, the same people who comprise a transition committee might also find themselves responsible for championing the initial first step in the creation of potential new innovation too, from the initial idea stage. And having such an innovation-supportive group within a business is all but certain to at least help in that direction. But in practice, no single group of employees and managers can do all of this alone, and with anything like the reach into their business that they would need for that and across the full sweep of their table of organization. Keep in mind here that some of the most creative and ultimately valuable initial innovation ideas, can and do come from unexpected directions in an organization.

Making the first half of this system of processes work: making the first initial innovation identifying and supporting and enabling step work, calls for participation by both lower and middle managers who those creative hands-on employees report to, and participation from the risk management people who set and administer information access and sharing policy and their rules-based implementation.

I have said this before in this blog; this means supporting employees and managers who would step out beyond their routine day-to-day to attempt new, and this means senior management allowing for and being tolerant of failure, where not all attempts at developing innovative new possibilities work out successfully.

• The more actively and far-reaching a business seeks to be as an innovator in its industry and sector, the more formal structure is probably going to be needed to make this work and consistently so – and the more important it is for them to actively pursue this.
• A certain amount of overall organizational scale in this is probably going to be needed in order for a business to even have an organizational structure such as a transition team in place. Though I add, participation in this type of endeavor can be part-time and only be called upon on an as needed basis and as first step processes identify innovative potential for them to help promote and further develop. And, of course, the people who would do all of this have to be supported in their being allowed time and other resources to work on this too, along with their more usual workplace responsibilities.
• Note that I did not start out with cost considerations here and that was for a reason. As an initial step, the important goal is usually a proof of principle validation that there is something that might be of value if developed in a practical implementation direction. If this is done carefully, costs can in general be minimized and even if their inclusion on a budget might be notable. That raises the question of what budget and what line in the business’ accounting this would be charged too. And selecting there can require financial gatekeeper support too.
• Then taking that next step beyond basic proof of principle, takes effort and funding too and even with a focused prototyping effort. This is where the transition committee of my earlier series: Keeping Innovation Fresh, actively enters this narrative.

What is the single biggest challenge that seems to arise and throughout all of this, and particularly for successful, profitable businesses?

• Taking off the blinders that success can put in place, and looking past the currently successful and profitable, and in new directions
• And when the current bottom line for that business, and when the demands of its markets, are not already asking for new and different,
• And when the due diligence security of tried-and-true and fiscally known and at least for-now safe, would seem to mitigate against pursuit of research and new product development, and innovative change.

Businesses that cannot and do not take this leap into the admittedly unknown, ever, might be secure in their current here-and-now for right now and in their immediate and shorter term future. But they also run the risk and certainly longer-term, of being blindsided by their competitors who do innovate and who do support the potential for innovation that their employees can offer.

And with this I divide risk and benefits according to timeframes considered, and as a direct consequence of considering the How of actually carrying out the above list’s Point 3.

I am going to add some more to that line of discussion in my next installment to this series, and will proceed from there to address Point 4:

• Information availability serves as an innovation driver,
• And business systems friction and the resistance to enabling and using available business intelligence that that creates, significantly set the boundaries that would distinguish between innovation per se and disruptively novel innovation as it would be perceived and understood.

Meanwhile, you can find this and related postings at Macroeconomics and Business and its Page 2 continuation. And see also Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation.

Rethinking vertical integration for the 21st century context 17

Posted in business and convergent technologies, strategy and planning by Timothy Platt on July 23, 2017

This is my 17th installment to a series on what goes into an effectively organized and run, lean and agile business, and how that is changing in the increasingly ubiquitously connected context that all businesses, and that all individuals operate in (see Business Strategy and Operations – 3 and its Page 4 continuation, postings 577 and loosely following for Parts 1-16.)

I focused on symmetrical and asymmetrical power and control relationships between businesses in supply chain and related collaborative systems in Part 14, Part 15 and Part 16 of this series. And I have build that flow of discussion around three case in point examples: FedEx (in Part 14), Eastman Kodak (in Part 15) and Apple, Inc (which I have recurringly turned to and discussed throughout this series.) Those three business enterprises serve as the leading and even dominating participants in the business-to-business collaborations that they have entered into, and essentially without exception throughout their histories.

Then at the end of Part 16 I stated that I would conclude this series here, with a discussion of:

• Alignment and divergence in what participating businesses seek to achieve in business-to-business collaborations, and in how they would pursue their perhaps diverging goals there.

I also stated that I would reconsider Apple, Inc. in this context too and I will do so. But before I do that, I want to reconsider a point that I raised and then questioned in Part 16, readdressing it here in an explicitly international context.

Certainly for long-term collaborations and ones that have proven mutually beneficial and to all businesses concerned, you would most generally expect all partner businesses involved to see value in continuing these arrangements, as proven sources of value to them. Decisions and actions that would challenge these relationships by reducing their value to trusted and reliable partner businesses there, would create risk, and risk that would probably not be off-set by a compensatory gain in value received. And with this, I postulate a stable win-win game theory scenario as a path towards maximized value received and all around, and minimized risk created and once again for all businesses involved in these systems.

I then at least briefly made note of how a more within-collaboration, win-lose or at least win-indifference strategy might arise. Rethinking these business-to-business arrangements in the more general terms that I offer in my series: Some Thoughts Concerning a General Theory of Business, starting with its Part 12, these less mutually supportive strategic and operational approaches can arise for a variety of reasons, including time limitations for how long a collaboration can continue and a variety of other sources of uncertainty (see Section VI of Reexamining the Fundamentals for that series as a whole.

What are some of the specific forces that can lead participating businesses away from a more entirely win-win approach, and particularly in an international and transnational context? And I add to that: when alignment of aims and goals among business-to-business collaborative partners gives way to divergence and a more win-lose approach, is it always the overly larger and most dominant business in these systems that drives that? I begin addressing these two questions with a set of concluding remarks that I will then go back to explain.

• Outside governmental forces and the agendas that shape and drive them, as an increasing important source of this divergence, can create overt disjunction of goals and aims between collaborating businesses, and can create what in key respects can become win-lose scenarios, for businesses that those governments can see as foreign. I write here of protectionism when this is carried out in order to help home-based businesses in general, but this type of government policy and practice approach can also serve to advance overall national economic goals as well as promote specific business enterprises.
• And yes, a business that would seem to qualify as being more subordinate in a business-to-business collaboration and according to all three criteria offered in Part 16, can find itself driving these win-lose disjunctions from how they conceive mutual long term benefit, and even when all businesses involved seek to maintain these collaborations very long-term.

One of the governments that I have in mind here is that of the People’s Republic of China, the (seemingly) dominant collaborative partner business in this is Apple, Inc., and the smaller and (seemingly) more subordinate businesses involved here are China and otherwise foreign-based enterprises that provide parts and subassemblies and even significant production capabilities to Apple as that company seeks to manufacture its marketable, Apple-branded products as economically as possible. Apple in fact primarily manufactures both its iPhones and iPads in China in factories such as a Pegatron Corp. facility located just outside of Shanghai. Note that Pegatron is headquartered in Taiwan, but they do a lot of their manufacturing in mainland China, and particularly just outside of Shanghai, so a second government in this story is the “breakaway” government of the Republic of China (Taiwan).

Just considering the People’s Republic of China in this narrative, one of their primary requirements that they impose on foreign companies that operate in China, is that they must partner with a Chinese company for all that they do there. And a second requirement that they just as adamantly insist upon is that these foreign companies transfer technical knowledge to their Chinese partner business, (and through them to Chinese government and Communist Party owned and controlled enterprises as well, as the Chinese government sees fit.) Basically, China takes a long-term perspective here and with a goal of requiring that foreign businesses that seek advantage now, only gain it at the long-term cost of creating what can become their most challenging next generation competitors.

I picked a controversial and I add extremely complex example here, intentionally. The allure of China’s cheap labor and the allure of its massive marketplace with its sales potential have proven to be more than enough as a source of incentive, to bring foreign businesses and even strategically well run ones to enter into these agreements. Some of them have come to see the longer-term consequences of this for their potential downside as they have in fact created profoundly challenging competitors out of what had started out as “simple” collaborative partnerships. And to take that out of the abstract, I cite what is currently the largest railroad rolling stock manufacturer in the world now: the Chinese manufacturer CRRC Corporation, LTD. They and their immediate predecessors in China entered into business-to-business collaborations with a number of foreign rolling stock manufacturers and acquired best of breed technology solutions from all of them. Then CRRC combined the best of all of this under one roof and in ways that these technology providers could not do directly and to their own advantage, and still avoid antitrust action in their court systems. And CRRC grew and grew and is now the biggest and most dominating business in this entire industry.

With that cautionary note and the always-present potential for at least smaller scale variations on it, I turn back to the initial core area of discussion of this entire series, which I reconsider in the light of this and the preceding 16 installments to it: vertical and I add horizontal integration as it is and can be developed towards in-house, and the risk and benefits dynamics of that. And I reconsider Apple Inc. again in this: the case study that I began this series with and that I have in large part built this series around.

• Are Apple and I add other smart phones and related ubiquitously connectable devices in the process of creating what might become their very own next generation CRRC, as Chinese businesses, operating under China’s skewed copyright and patent protection laws, decide how the technology they acquire from their foreign business partners can be repurposed?

And this brings me to a final thought that I will end this posting with, and this series as well. International trade agreements are currently coming under intense fire and particularly from more technologically developed countries such as the United States. And one of the clarion calls leading the charge against them is the prospect of “foreign interference” in national legal systems. The focus there is on how a foreign business from a signatory nation with less stringent environmental protection or worker’s rights laws, might force their partner nations’ governments to pay hefty fines for imposing protective laws that are “in restraint of trade,” and that cause treaty violating avoidable loss of income and profitability from that. But the one area of law where challenges would in fact most likely arise would be in how foreign governments do or do not protect intellectual property and trade secrets and related sources of business-defining value – of a type directly challenged in my above-cited rolling stock example.

• As long as businesses see risk and uncertainty from entering into collaborative relationships with other businesses, and particularly in foreign countries where adequate safeguards are not in place, the pressure will be on to do more and more in-house and through in-house vertically integrated systems, horizontally integrated ones or both in order to safeguard business defining sources of value.

This is becoming increasingly important in our increasingly interconnected global community and marketplace.

I am ending this series here but I will definitely return to this set of issues in postings and series to come. Meanwhile, you can find this and related postings and series at Business Strategy and Operations – 4, and also at Page 1, Page 2 and Page 3 of that directory. And see also Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation.

Rethinking national security in a post-2016 US presidential election context: conflict and cyber-conflict in an age of social media 2

Posted in business and convergent technologies, social networking and business by Timothy Platt on July 1, 2017

This is my second installment to a new series on cyber risk and cyber conflict in a still emerging 21st century interactive online context, and in a ubiquitously social media connected context and when faced with a rapidly interconnecting internet of things among other disruptively new online innovations (see Part 1.)

I stated at the end of Part 1 that I would turn here in its follow-up to at least briefly consider how Russia used cyber-weapons to influence and even disrupt the 2016 elections in the United States including the presidential election there. And I will do that here, widening my perspective on the issues raised by that one event to also consider, for example, Russian meddling in the United Kingdom’s Brexit referendum and recent European elections too, as well as other internationally impactful cyber-attack incidents.

I begin this posting and its narrative by citing some recent news stories concerning at least some of these cyber offensives, as specifically orchestrated by and led by agencies of the Russian government:

UK Officials Now Think Russia May Have Interfered with the Brexit Vote.
Russian Meddling and Europe’s Elections.
FPI Conference Call: Russian Interference in Foreign Elections.

And I also cite this Wikipedia piece:

Russian Interference in the 2016 United States Elections.

and this public release version of an official US government intelligence community assessment report on the 2016 hacking of United States elections by the Russian government and by groups organized and led by them in that:

Background to “Assessing Russian Activities and Intentions in Recent US Elections”: The Analytic Process and Cyber Incident Attribution.

Officially, nation states only develop cyber-warfare capabilities for defensive purposes, and as a deterrent from others using this type of weapon offensively against them. If they admit to having cyber elements in their militaries at all, it is always for strictly defensive purposes and never with intent to proactively, offensively use them.

North Korea and China have deployed cyber-weapons in pursuit of their national interests and so have the United States and others and in a variety of arguably non-defense roles. All three, and other nations as well, have actively used these capabilities in order to clandestinely gather in secret and sensitive information from national governments. And for China and North Korea this has also actively included gathering sensitive and confidential information from private businesses too. And a variety of countries have at least occasionally used these capabilities in more overt manners too, besides just seeking to surreptitiously gather information through cyber-espionage.

As a specific and well known example of that, the North Korean government very specifically cyber-attacked Sony Pictures and their computer network in retaliation for their producing and releasing a movie: The Interview, in which a buffoon representing Kim Jong-Un was targeted for assassination. See:

U.S. Said to Find North Korea Ordered Cyberattack on Sony and
N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say.

And North Korea under Kim Jong-Un has become particularly active in using cyber-weapon capabilities offensively. They have used their cyber-capability to attack banks and private businesses in South Korea, and to attack the South Korean government itself. And as a very recent, as of this writing, example of this policy and practice, consider their use of ransomware as a means of bringing in foreign currency “income” and from multiple sources globally, to help prop up their economy.

North Korea’s economy has always been weak at best but it has spiraled downward from weak to worse under sanctions imposed because of their recent nuclear weapons and ballistic missile tests. See:

• This Wikipedia piece on North Korea’s far-reaching WannaCry Ransomware Attack and this news story about it:
More Evidence Points to North Korea in Ransomware Attack.)

I have to add that even countries that have largely limited their development and deployment of cyber-warfare capability to defensive use have found themselves at least occasionally resorting to them in offensive initiatives. I cite the use of the Stuxnet computer worm as an example of that type of cyber-offensive approach as the United States and Israel specifically sought to impede Iran’s effort to develop and produce nuclear weapons as a particular limited, targeted use of this type of capability.

I have to add that offensive and defensive are in the eye of the beholder. I think it safe to state that the United States government would claim that it carries out cyber-surveillance on the computer networks and systems of countries such as North Korea (as noted above) for strictly defensive purposes. And the same could be said of their alleged use of cyber-weapons to impede North Korean ballistic missile tests “left of launch” – on the ground and before those missiles can take off. They would claim that these are all defensive measures taken to deter the grave risk that an always unstable at best North Korean leadership might have nuclear weapons and ballistic missiles that they could deliver them with in a devastating attack. The North Koreans, and I add others might see this type of action differently and as representing something other than defense-only.

And of course Russia has recently gone on the cyber-offensive and very actively, and globally in attacking and seeking to suborn elections and referendum votes in multiple nations that they see as being at least potential adversaries, as noted in the above references on that. And they have cyber-attacked neighboring countries in a variety of ways over the years too (e.g. in preparation for their physical incursion into the Ukraine.) And I add that they have prominently deployed social media and related resources as weapons in much of this, as touched upon in more abstract terms in Part 1 of this series and as noted, by way of example, in the news pieces pointed to in the above-offered links.

New technologies and new ways to use already established ones create both new positive-side possibilities and new, negative-side vulnerabilities. And the more disruptively significant a New is, the greater both the positive and negative side to it can be for impact achieved. This holds for social media and the emerging internet of things, and it applies to cloud storage and cloud-based application programs and related distantly located and managed functional capabilities. This applies to essentially every new and every next-step technology that emerges, and certainly online where an attack can be launched and sent out at close to the speed of light and with largely effective masking as to where an attack actually came from.

• These new and emerging technologies are usage neutral in this regard, in and of themselves. Their societally positive and negative values arise in how they are used and in what ends they are used to achieve.
• And information systems security: an increasingly vital face to national security and on all levels and for all nations, is increasingly a matter of thinking outside of the box of past and even current practices, and beyond the scope of past and even current possibilities, to imagine what a potential adversary: local and individual, or national and more comprehensively scaled might do or try to do next. (See Stuxnet and the Democratization of Warfare for a brief orienting discussion of the roles that even single individuals can play in this.)
• Then the next step in this risk assessment and remediation conceptualization arises and it is the most difficult one of all to actually design for use and to put into effect – getting people and organizations: both businesses and governments included there, to actually prepare for what might come, by installing and using protective systems that are developed in light of realistic threat assessments, and that include in them proactive protective elements.

I keep finding myself thinking back as I write this, to a fundamental challenge that is implicit in the ongoing real-world information security experience publically shared by the Open Web Application Security Project (OWASP) in their Top 10 threat assessment and identification project. Many of the most serious and prevalent risk vulnerabilities that this widely known and respected organization has published about, have been included in their recurringly updated Top 10 risks list for years now, and even from the beginning of that organization and from the first edition of this list. Widely accessible ways are available for both identifying where these vulnerabilities are in systems that exhibit them and for remediating them, patching and removing them. But so many businesses and even government agencies do not effectively address even long-known vulnerabilities, let alone new and emerging ones.

When I wrote of the emerging cyber-security risks inherent in the internet of things, in Rethinking Online Security in an Age of the Internet of Things: the more things change, the more they stay the same, I did so with this human usage and management vulnerability in mind. And with that noted, I return in this discussion to the Russian hacking of the United States Democratic Party server computers, leading up to the 2016 elections there, and how they used confidential emails and other documents illegally obtained from them, out of context at the very least to interfere with those American elections. I have been writing of these events and about the vulnerabilities that they represent here, in terms of technology. But in a fundamental sense they are human user challenges too, and fit as threat vectors into the social engineering paradigm, and even when channels such as social media are not involved.

Ultimately, the only way that the Russians could hack those Democratic Party computer servers was by coaxing humans with legitimate access to those systems to take actions that would install malware on them, primarily by coaxing them to click to links in emails that would prompt the downloading of malware onto their secure network connected email server computers. And this brings me to three basic categorical corrective responses, for at least limiting the possibility of a next similar attack from working. And here I write in terms of cyber-defense and security in general:

• Better computer and network user training,
• Better, more up to date and capable automated systems,
• And usage options channeling systems that reinforce good practices and discourage or even actively prevent bad, risk-creating ones.

Technology fixes are always going to be important and necessary in this, but increasingly the biggest vulnerabilities faced come from human users, and particularly ones who are trusted and who have access permissions, to critically important systems.

I am going to continue this discussion in a next series installment, with that set of possibilities and that observation. And I will offer at least a brief set of thoughts as to how the above bullet pointed information systems security approaches might be implemented in a rapidly, disruptively changing computer and information technology context. And as part of that, I will at least briefly discuss some of the positive tools and capabilities that have emerged in the last few years, as of this writing, and how they can be exploited, turning them into sources of security vulnerability too.

Meanwhile, you can find this and related postings and series at Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation. And you can also find this and related material at Social Networking and Business 2, and also see that directory’s Page 1.

Meshing innovation, product development and production, marketing and sales as a virtuous cycle 5

Posted in business and convergent technologies, strategy and planning by Timothy Platt on June 19, 2017

This is my fifth installment to a series in which I reconsider cosmetic and innovative change as they impact upon and even fundamentally shape the product design and development, manufacturing, marketing, distribution and sales cycle, and from both the producer and consumer perspectives (see Ubiquitous Computing and Communications – everywhere all the time 2, postings 342 and loosely following for Parts 1-4.)

I have been discussing virtuous and vicious cycles in businesses, as they alternatively pursue proactive and reactive approaches to change (see Part 2, Part 3 and Part 4.) And at the end of Part 4, I stated that I would more fully discuss the paths to change that these businesses would respond to and in both its evolutionary and disruptively revolutionary forms.

• This means discussing what businesses respond to, and in the specific context of this series, as they respond in patterns of decision and action, review and further decision and action that can have recurringly cyclical elements to them.
• And it means addressing how they would respond at a higher level strategic and overall operational level and not just at a day-to-day, here-and-now details level, and certainly if they do so effectively.
• In anticipation of that point, I cited agility and resiliency as organizational goals – and as buffering mechanisms against the down-sides of change.
• And I indicated that I would return to my restaurant example of Part’s 3 and 4 to add in another complicating factor there. I initially presented this case study example in negative terms, and in term of what I have come to call the “restaurant death spiral” scenario: an unfortunately real phenomenon that I have seen play out a number of times, and for its basic form in more than just restaurants. I then turned that scenario on its head and away from that initial vicious cycle pattern, to illustrate how a restaurant in precisely the same situation that launched my Part 3 vicious cycle pattern, could instead pursue a success creating virtuous cycle response (in Part 4.) My goal here is to add in a new contingency (that I add here is based on fact but that might I admit seem a bit historically dated now), that in effect stress tests that virtuous cycle approach with an unpredictable adversity. The question there, is one of exactly how robust this business has made itself as it seeks to redevelop itself through its virtuous cycle of change and improvement, and next step change and improvement. And this is where agility and resiliency enter in, as noted in the immediately preceding bullet point.

I am going to begin this overall thread of discussion with the specific case in point example of that last bullet point, and then address the first three points at least in part in terms of this example, as a means of taking my overall narrative here out of the entirely-abstract.

I suggest you’re at least briefly reviewing Parts 3 and 4, for their discussion of this restaurant example, and Part 4 in particular as I turn to consider a more positive and productive approach to restaurant turn-around and recovery. But in brief, this case study example involves a failing restaurant that turned itself around by among other things switching from easier to procure canned and otherwise processed ingredients, to a more knowledge and labor demanding local fresh and farm to table approach.

Local in-season produce and I add locally sourced eggs and dairy, meat, fish and poultry can be both better quality and more appealing to the customer for what you can do with them. And they can be less expensive for the restaurant at the same time. It is just that these locally sourced and farm-to-table fresh ingredients require a lot more knowledge of how and where to locally source, and this requires a great deal more effort and in networking to local sources and building relationships with them, and in making purchases from a much more widespread and diverse range of sources. Picking up on that last point, this means not being able to turn to one or a few wholesaler middlemen as a means of food ingredients sourcing simplicity. But along with buying and being able to cook with fresher, this also means cutting out middleman businesses that can and do add to costs paid as they add in markups to cover their expenses and to bring in a profit for themselves too. I repeat the up-side of this here. Now I toss in that complication that I warned I would add to this happy, virtuous cycle success story:

• Consider the potential consequences of weather-related crop failures.

Late heavy frosts and freezes in places like the Northeast in the United States can essential destroy crops for a season that would normally be starting their growth cycles early. This year, in the Northeast, as a very specific case in point, essentially all of the trees that produce fruit with stony pits, such as peaches or nectarines were hard-hit and overall crops for a lot of growers were essentially devastated by this. Weather related losses of this and a variety of other types can hit corn or tomatoes or essentially any other produce crop. And that type of loss impacts on both the growers who can lose significantly from what should be their year’s peak income seasons, and on their customers: wholesalers and other resellers, and customers such as farm to table restaurants definitely included.

What should a restaurant such as the one of this series’ example do if they suddenly find that crop failure has really seriously impacted on a significant range of the locally sourced ingredients that they would now normally turn to and require? I answer that by raising at least a few of the first round questions that such a restaurant owner would start asking:

• As a set of questions to the farmers who are now their regular providers of produce and other ingredients for their kitchen: How severe is this loss? How much of your expected crop if any, is going to be available this year and at what price? How much of that and of what I need at my restaurant can be made available to me and my business?
• If appropriate for the type of crop failure in question and the timing involved: Can you replant and have a later harvest run, and if so, when and with what delays? Some types of produce routinely can be grown for more than just one crop yield per year, so a late frost for example, might simply mean that type of product arriving at the restaurant later than usual for a first crop, though possibly at higher per unit price then.
• As a set of questions for consideration inside the restaurant: Should we try buying fresh for at least some ingredients that we see as more indispensable and even if that means buying non-local, or should we try making perhaps radical changes to our menu to stay locally farm to table? And where should we take each of these two approaches in our purchasing and menu planning considerations?
• And of course, what will this do to our restaurant’s finances, and both from having to buy rarer commodities that are more expensive now as a result, and from possible loss of customers if the menu cannot be kept as appealing to them? Consider an Italian restaurant that suddenly cannot buy fresh local tomatoes that it has been planning on for seasonal pasta sauces that absolutely require them?
• In that case, consider specific Italian tomato varietals such as Costoluto Genovese, or San Marzano. Only tomatoes of these types that are grown in Italy and in their specific areas of origin can be identified as such, in the same way that a number of wine varieties can only be called by their traditional names if they are produced in their traditional domains: their traditional growing and production regions (e.g. Chianti in one of the eight so called Chianti districts in Tuscany, Italy.) But many of these traditional varietals are also grown outside of their sites and regions of origin and sold under different names, and locally fresh.
• Should this restaurant buy from more distant sources and get tomatoes that were perhaps picked earlier and greener for travel, or should they very selectively go back to canned again, for high quality canned Italian San Marzano tomatoes, for example? Note: tomatoes can be harvested and shipped green and even fully green and ripened off of the vine – but they never taste the same when they are as when they are ripened on the vine. And this can have real impact on any food prepared with them and its taste and quality.

If the owner of this restaurant – here imagined as an at least largely Italian one, is now really firmly committed to farm to table and away from canned anything, but the fresh tomatoes they can get from more distant sources just do not meet their quality standards, this would put them in a real quandary. Fresh tomato and basil sauce would be out of the question however this decision were resolved, at least until locally gown higher quality tomatoes could be made available again. What should be done?

I realize that people who have never worked in or with a restaurant of this type, might see this as a trivial and artifactually contrived case in point example (unless that is they are real foodies, to use a current term of choice.) But for the owners of this restaurant or ones like it, the type of challenge that I have tried to present here, can be consequential and it can strike to the heart of what they seek their restaurant: their dream to be. And decisions made and follow through actions taken lead to next round decisions and actions too.

Picking up on the third of the four bullet points that I have been focusing on here, and with my above discussion of the fourth of them in mind, building for agility and resiliency can call for making difficult decisions. And it can mean thinking through and preparing for scenarios and possibilities that would be anything but comforting, and that might even be very disturbing as sources of possible emerging challenge.

I am going to continue this discussion in a next series installment where I will start at the top of my four bullet point, to-address list and more fully consider the first three:

• This means discussing what businesses respond to, and in the specific context of this series, as they respond in patterns of decision and action, review and further decision and action that can have recurringly cyclical elements to them.
• And it means addressing how they would respond at a higher level strategic and overall operational level and not just at a day-to-day, here-and-now details level, and certainly if they do so effectively.
• In anticipation of that point, I cited agility and resiliency as organizational goals – and as buffering mechanisms against the down-sides of change.

Meanwhile, you can find this and related postings and series at Business Strategy and Operations – 4, and also at Page 1, Page 2 and Page 3 of that directory. And see also Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation.

%d bloggers like this: