Monthly Archives: May 2017

The Great Ransomeware Debacle

Or, How the NHS was screwed by free market policy

So here’s the issue: WHY was the NHS so easily attacked by the recent penetration by ransomeware? In order to answer that, let me describe another (relevant) scenario.

Suppose farmers only had ONE strain of potatoes. And suppose those potatoes were grown everywhere in large amounts. Then suppose a virulent strain of potato blight attacked the tatties. What happens? Well, epidemiology would predict that the blight cuts a swathe through the entire potato population, destroying whole crops. There is (at best) a great shortage of potatoes, or (at worst) mass starvation. Perhaps governments then investigate the problem, and decide to blame the farmers (“didn’t secure their crops adequately”) and the potatoes themselves (“too old… we need modern potatoes”). The public laps it all up, not realising that the true issue is staring them in the face: monocultures.

A monoculture has no genetic diversity built-in, and therefore is unable to resist infections, and is inherently ‘unhealthy’ due to its sensitivity to local conditions and the management of the growth environment.

Now let’s return to the computer world. We have an almost identical situation, where Microsoft’s operating systems dominate the world personal and administrative computer domain. This is a software monoculture, which is HIGHLY vulnerable to attack because of its very ubiquity. Since Microsoft is everywhere, sold to you with your computer, taught in schools, used at work, and in our public services, the chances of a single carefully-crafted worm or virus spreading throughout the connected world is very high indeed. It is the monoculture that is to blame for the recent panic-ridden events striking the NHS, not the machines or the people concerned.

Of course, our government will not come clean and say this. They’re so embroiled in the ideology of the free market that to blame Microsoft’s counter-productive business practices is almost beyond their thought. Instead, they advise ‘tightening security’ — which is a stop-gap that cannot defeat a continually evolving threat to the monoculture itself.

A friend recently said to me that “all computers, even Linux ones, are threatened” by viruses (etc.). This is true, but only up to a point. In fact, if you consider computer usage throughout the world it’s because of the very success of Microsoft’s marketing practices (not their software) that we’ve got a problem in the first place. And like junkies, we’re too ‘hooked’ on their systems to realise this. Our very lack of awareness of the political situation is causing the issue we wish to avoid.

There’s a solution: diversity. Don’t simply use what you’re given. Choose a Mac, or a Linux-based machine, or Android, or ChomeOS, or even a Microsoft machine… but for the Gods’ sake, don’t just use what’s given to you! Choose your computer operating system the same way you choose your wallpaper or carpets. Then learn how to use it. I am especially concerned that children (and adults) learn ‘computer’ skills, and not simple ‘Microsoft’ skills. We need to break this corporate monoculture in order to sustain a more secure data environment. This is a role for the education system. Instead of just tinkering around with security advice (like putting your finger in the hole in the dyke!), we need to solve the problem of security at a fundamental level.

And if anyone says to me “it takes time to learn something new” — can I say, didn’t you do just that when you learned to drive?

And if someone says to me “what about exchanging documents and data from one system to another, wont your much-vaunted diversity cause communication problems?” — can I say that we need international data format standards, not absolutely standardised operating systems.

On Democratisation

Bill Williamson is (of course) right that we need strategies to re-democratise our societies. These need to be practical approaches to organisation and participation. I have already stated (elsewhere) that my experience is that ‘flat’ highly-devolved organisations that can respond to local needs and set their own modes of working, are the most beneficial… but also the most efficient.

The trend towards hierarchical control has (contrary to popular belief) resulted in gross inefficiencies. This is because of the build-up of alienation, expressions of negative power, and distrust. Such elements mean that centralised control has to ever-increase its reach, threat measures, interventions, or micromanagement in order to gain a return on its efforts. This in turn leads to worsening connectivity within organisations, the collapse of productive communities of practice, and hence even more control in order to ‘put things right’.

That this doesn’t work should be plain to everyone by now, and the necessary adjustment fairly obvious: relinquish power by restructuring towards highly devolved systems. This isn’t anarchy. This is how complex systems work to their best advantage. One might say, they are a natural part of social behaviour.

The big issue is: convincing those with vested interests in maintaining the status quo that the evidence is clear cut. Tough to do, when they’d rather believe the legend than the truth.

Complex, but not Complicated

Some will know I have been (and am) highly critical of management practice within the FE sector. I’m sure some have said: “Well, of course, it’s easy for you moan Bea, but what would you DO about it?”

Contrary to popular belief, I certainly do have a diagnosis and remedial position in mind. Whether anyone is willing to take any of it on board is (necessarily) a matter of admitting there’s a problem to begin with. That’s a different question.

However, I will say that my position rests on complexity theory, and the assertion that large organisations (anything over 50 or so people) are dynamic systems that go through long periods of stasis, evolving into chaos, and then reasserting a new stasis within different parameters. This is referred to as the Punctuated Equilibrium Model (PEM). PEM is characteristic of human systems where a great number of unpredictable causes and effects are naturally in place. I would go as far as to say this is the nature of human society; we are (by our nature) dynamic and unpredictable.
As part of PEM, organisations (colleges, large AE bodies, national charities…) are complex adaptive systems (CAS). Recognising the natural evolution of such systems means that command-and-control processes have no long-term efficacy. In fact these (usually hierarchical, or pseudo-hierarchical) systems are inefficient, counter-productive, and in fact produce the exact opposite of that for which they are designed: innovative thinking and total-learning cultures. What they often produce is repetitive results, overly-pragmatic thinking, obsequiousness, and a structure-obsessed culture that develops such corrosive phenomena as alienation and negative power.

What is clear, and has been stated many times by those studying CAS, is that extremely flattened hierarchies with localised autonomy is the best way to produce innovative work. In addition, their should be no fear of internal conflict. Indeed, internal conflict is a necessary change-maker in dynamic systems, allowing a culture to grow and develop (and hence create communities of practice which have a life of their own).

Far too often large organisation resist conflict, try to iron it out of systems, and consequently kill the very goose that is laying golden eggs. If you want to judge an organisations dynamic health, ask yourself the question: To what extent is conflict welcomed, and is seen as beneficial to the overall sense of progressiveness? If there’s even the slightest hint of resistance (“peace at any cost”) then you’re in trouble. And remember: this needs a sense of honesty to gain a true evaluation.

If I was speaking to staff in organisations about their long-term future, I’d be saying: abandon your old thinking. Create a natural dynamism that is productive by using change as a normal state of affairs, and not something that is resisted. Make sure change is part of everyday work and welcomed at all levels. Do not obsess over the usual core-vs-periphery approach. Forget it. Trust people’s self-interest to make the best decisions for themselves. Look on all work as equally vital, and subject to chaotic processes, managed by encouraging local responsibility to create their own stasis out of chaotic human interrelations. In particular, allow very large amounts of control over learning systems and methodology to the student body itself. It’s fearful for those who see this as losing their status and power, but ultimately works (as I have found).
A very simple example: Instead of promoting a one-size-fits-all templated lesson planning system, abandon this altogether. Instead, provide a vast array of possible examples of lesson planning and encourage all staff to produce even more. This creates a natural ‘chaos’ out of which comes a culture responsiveness to change by using tools that work for individuals at the ‘chalk face’. In fact, this professionalises staff, as they are empowered to make their own decisions, rather than rely of others to establish a (stultifying) norm.

Complexity theory. It works. You know it makes sense. Or am I talking to myself?