Tag Archives: Sir Iain Lobban

January 15, 2014 · 02:44

My £13,000,000 invoice!

I got a ‘nice’ wakeup call just now, as I was reading an article in the guardian. It is at www.theguardian.com/uk-news/2014/jan/14/ministry-of-defence-failed-computer-system. The title “Ministry of Defence ‘wasted millions on failed computer system’” got my attention. The UK is riddled with IT people trying to get a decent job. This article implied with quotes like “The recruitment partnering project, a £1.3bn scheme intended to enable the army to recruit online, is almost two years behind schedule and will not be fully operational until April 2015 at the earliest, the Times said.

Now, I understand that the MoD does things a little different and that this online approach takes a little time and money, but the fact that the cost of this system is more than the personnel costs of an entire regiment for 50 years (take into account that most IT solutions are usually set for a lifetime span of no more than 10 years) gives weight to the issue that it is time to go public. The additional quote “the problems are so serious that defence secretary Philip Hammond is considering spending nearly £50m on a new solution.” gives weight to my response “You pay me 10% of that and I will assist in getting the issue sorted

You see, any IT project is basically simple.

  1. What must be done and by what date?
  2. What must it cover?
  3. What are you willing to spend?
  4. Document the agreement and sign it by all parties!

The rest is usually political manoeuvring. (I apologise for oversimplifying the problem)

The fact that the article implied that the costs were a billion plus, gives the impression that the entire military network system got overhauled. This leaves us with the thought that there is a decent chance that Sir Iain Lobban of GCHQ is laughing himself to death reading about these events, so perhaps the loud honing laughter will move Defence to take a harsh look at themselves in the cold light of these events.

Do not get me wrong. I know that IT solutions tend to cost, and things get delayed, but this is about recruiting people, the price is implied to be set at thirteen hundred million pounds and it is already 2 years late. So, why was any amount paid in regards to a failed system? It is of course likely that those who delivered had a quality ironclad contract in place, yet the mentioned amount is extremely out of proportion compared to the non-working delivery.

The next quote is also one that opens debate “If the ICT hosting solution is not put in place then the MoD risks not gaining the appropriate number of recruits needed. Given recent criticism of army recruitment … and the use of reserves, this would lead to further negative media reporting and reputational damage for MoD.” So, the 2 year delay was not a clear indication of issues? I reckon that the spending of well over a billion on a non-working system is more than enough for laughter, ridicule and reputation damage for the MoD for a long time to come.

To put this all in perspective take a look at this quote from the Guardian made in August 2013 (at http://www.theguardian.com/world/interactive/2013/aug/01/gchq-spy-agency-nsa-edward-snowden). The quote is “GCHQ now has liaison officers working inside MI5, MI6 and the Soca, the serious and organised crime agency. It takes the lion’s share of the £1.9bn budget for Britain’s intelligence services” so basically, the MoD blew on a non-working recruitment option, the amount that GCHQ needs to keep it completely operational (for a year).

Seems a little out of whack, does it not?

Now for some other fun facts! Recruitment is all about creating interest. Now consider that the cost to make a multiplatform next-gen video game is £15-£25 million pound. So, the youthful player could get introduced to all kinds of positions, challenges, military functions and so on. The development is when compared to what is wasted less than 2% of those costs. More interesting, it could be sold at the newsagent for £5. The MoD could break even, or even make some money too (which would definitely be a nice change). It is a game and it might not have all of the information, but together with an information website loaded with PDF’s, application information and a registration bank should never have exceeded £80 million, from what I envision at present (including the game development). Why was this solution not hosted via GCHQ? The people at the MoD might know of the place, it is in Cheltenham and it looks like a massive donut (Yummy!). It has better security and more options for facilitation than most secure banks can dream of (GCHQ is not to be confused with the NSA, where you can copy all data to a USB stick at your own convenience).

So, do I have a case here? Actually, it was not me, but The Times, who started it, and the Guardian for giving it the visibility that goes far beyond the UK borders.

I must try to be neutral in these matters and very likely the article is missing key elements considering the amount involved, but seeing how 1 in 7 in the UK lives below poverty on one side, whilst on the other side a billion plus is wasted to this degree is extremely upsetting. I have proudly worked in IT since 1981 and seeing events like these, just do not cut it with me and it should not cut it with you, the reader either.

There is however a little more. “This leaked report points to the latest series of catastrophic failures at the Ministry of Defence on David Cameron’s watch.” is a quote I have an issue with. The fact that it is 2 years late means that this was supposed to be finished late 2011. When was the project started? Who were the people starting this, who was involved? It is of course possible that this was all on the conservative watch, yet, that must still be verified. The mention in the article of “after failing in 2011 to challenge a MoD policy” on the article gives rise to the thought that this has for a large part been an internal MoD failing. In addition “The project management team was inexperienced and under-resourced and the army failed to take charge when delays started and put in a suitable contingency plan.” gives way to my four step issue. The first two steps, as I mentioned it, also cover resources, the fact that this was not met means that the failing was on more than one level. Who at the MoD was involved? Was this person aware of the required skillset?

All questions that should have risen with any senior decision maker before the project was accepted and the checklists should have tripped several ‘alarms’ as the project was going forward. The fact that the large amount had been ‘lost’ indicates that none of these issues were factually dealt with.

The article raises a few more questions, but the horror should be clear. It will keep on costing more for now and before Labour starts ‘calling’ for botched jobs, they should take a look at the issues we saw in 2010 (at http://www.independent.co.uk/news/uk/politics/labours-computer-blunders-cost-16326bn-1871967.html). From that part we get the clear idea that infrastructure and policies alone are not getting IT choices done. Knowledge is likely to fix that; you just need to make sure the right person is on the job.

With the amount that has been spent, I feel comfortable sending them with my 13 million pound invoice.
(Payment within 30 days for this consult would be appreciated, as I have to pay my bar bill).

Leave a comment

Filed under Finance, IT, Military, Politics

Tagged as , , , , , , , , , ,

November 8, 2013 · 20:00

Is SIGINT a joke?

The news has been rampant on several levels these last few days. Whether it is revelation 16 (roughly) by the traitor Snowden, whether it is the historic event that the top three in British intelligence were in one line, as requested by British parliament, or the fact of revelations we read in the press, whilst (former) press members find themselves prosecuted for blatant and indiscriminate invasion of privacy. The list goes on and on and on.

There is a lot more, but let us confine ourselves to these three events.

For the Commonwealth the event in Parliament was likely the ‘important’ one. Was it truly about the events there? Some might want to question the questions, the answers and what follows. I, with my sense of perspective wondered about the choice of the green tie that Sir John Sawers was wearing. Does it matter? It is all as trivial as choosing pancakes for breakfast!

Yes, we all think we know it, we all think we have an inkling of an idea. I did have an idea, but that was almost 29 years ago. Now, I still have an idea from my specialised view of data, data technologies as well as data collection techniques and none of that falls with MI-6 (only a small part of it). The gem of the event was with Sir Iain Lobban, director of GCHQ, which gave us the part we need to care about. You see, as the press was so willing to give out the details as the people had a right to know, as we have allowed our wrists to get cut because the press is all about advertising profits, gang bang sensation and visibility, it was willing to sacrifice safety and progress for PR and visibility. To go deep and give both criminals and terrorists the information on how to avoid certain paths of detection we see the limits of their use. These same reporters that are part of a group listening in on voice mails to get the scoop, who will sanctimoniously proclaim freedom of the press, will not hesitate to sell their neighbour down the drain for the commission of another column of text, paid per letter.

From my point, if I had the option of making the killing shot ending Edward Snowden’s life I would, even if that gets me 20 years in prison, because traitors do not deserve consideration of any kind. The entire situation of laughable as an American ran to their Communist opponent and almost 50% of the American population considered it a good thing. In addition, if in light of the revealed information a child of Guardian editor in chief Alan Rusbridger would get molested, then he would blame the system on the front page of his newspaper immediately. I do not wish anything bad on him or his family ever! He is not likely to be worried as his four hundred thousand pound a year job allows for secure private schools, but what about the other children? Those children who are not that safe environment, possibly in danger to be at the mercy of predators, whom now with knowledge of longer avoidance and as such pose even more danger to innocent victims. What about them?

It is a level of what I see as utter short-sightedness. An assault on three groups that have lived in a world of ambiguity to get their work done, now that world is in turmoil, especially as some traitor comes with information that is for the most non confirmable, too much goes from the air of ‘Snowden told us, so it must be true’. Several questions are not dealt with on many levels, especially by the press. It just drains the gravy train as it sells more and more news (papers).

The second part is directly linked to all this. Two news messages:

1. Snowden persuaded other NSA workers to give up passwords (at http://mobile.reuters.com/article/idUSBRE9A703020131108)
2. Snowden has stolen 50,000 to 200,000 Classified Items from NSA.

The second had no verifiable source and as such there is no way to tell how correct that is, the first one is more of an issue. How stupid are Americans? That is of course if there is any truth in that part.

YOU NEVER GIVE OUT THAT INFO!

You can leave your partner/spouse/lover at some university frat party to have all the sex he/she needs, you give your credit card to your kids to buy all the toys they want, giving out login information is beyond utterly stupid. Snowden would not have needed it. As an IT person he either has rights to make changes, or he does not. If he did not, then giving out login info is the worst anyone could do. If this ever went to court then he could blame the original account holder. It is a level of non-repudiation!

So were the people at the NSA born stupid and stopped evolving after birth? That remains to be seen! The point is that the press is not that trustworthy either! The second part in regards to the classified items was from a non-disclosed, but also non verifiable source. There is no way for me to know. The question from this part is the one you do not see discussed openly on the news. How did all this info leave the building? Who was in charge? Issues that are also in play for Sir Iain Lobban! How vulnerable is GCHQ? What is in play to prevent this to happen in the UK? Even though Booz Allen Hamilton was cleared as they are the official boss of Edward Snowden, yet how was the clearing process? What are the checks in place for civilian contractors? The Washington Post published a large article questioning civilian contractor issues, from this part we wonder if it was deep enough. Even more, why were these issues not looked at more than a YEAR before the Snowden issues started?

If it was up to me (Sir Iain Lobban is likely secure in the knowledge that this is the last option that should ever happen), then I would like to make a small change at GCHQ. I would add a new inner circle, consisting of a Law Lord and two members from both MI-5 and MI-6 to watch the watchers. My only worry is that whoever oversees GCHQ internally is part of the ‘problem’ (no illegal or negative inclination implied). It does not harm for a set of cleared fresh eyes to look at the system to see if there is a danger. Something similar would need to happen at the NSA, but with their systems and such it might be a different source of people (like members of cyber command FBI and cyber command military).

There is too much info out there supporting the idea that US intelligence (and other governmental departments) seems to be oblivious to the need for Common Cyber Sense (at present with the amount of published info, it is unlikely that my thought on this is wrong).

Here is the third part, the PRESS part!

Their phone hacking was all about exploitation, revenue, profit and personal gain. The Intelligence community is about keeping people safe. There is a massive difference. If you wonder about these events, then consider the fact that because of greed and revenue, no steps have been taken on a global scale to see who buys your personal details and who has them. It could influence your insurance premium, your credit rating and your financial options. No one seems to be on par to get that properly regulated, because in America, Cash is king and the president to the United States is simply a number with a possible temporary status elevation, the rest is data cattle, sold at a moment’s notice. This risk is very real in the UK and Europe too. A consumer is nothing more than a customer number with an address and with a possible shipment of goods under way, that is their value and only for as long as they need products. To some extent the Washington Post covered this a week ago at http://www.washingtonpost.com/opinions/michael-chertoff-what-the-nsa-and-social-media-have-in-common/2013/10/31/b286260e-4167-11e3-8b74-d89d714ca4dd_story.html

what is less known is that they are one of the few who took a decent look at it (the Washington post), the rest remains on the Snowden gravy train, not informing anyone, they simply re-quote a Reuters line. Seems a little wrong doesn’t it? The article by Michael Chertoff sees the gem no one properly questions half way through where he wrote “there is no assurance that what is disseminated has context or news value“.

The true part, the real smart and the questionable art! The intelligence world is ALL about disseminating information and giving proper weight to the information acquired. It is about finding the bad guys, without that weight it is all media gossip used by the press and as we saw, the disciples of Rupert Murdoch have truly dented that group’s reliability, perhaps for a long time.

So is today’s SIGINT a joke? I hope not, because if so, the questions had been phrased at the wrong people. At some point parliament gets to answer the questions asked by the innocent and the victims on how parliament asked all about data and left corporations to do whatever they liked with our personal details. How many UK companies have had a backup data server in the US?

Consider this quote by Salesquest “The Siebel Customer Intelligence List consists of 265 Fortune 1000 or Global 500 companies that have deployed Siebel in their enterprise application environment. The first tab in the spread sheet lists the 265 Siebel customers, industries, corporate headquarter addresses, phone numbers, and web site addresses.” (At http://www.salesquest.com/resources/siebel-customer-list/)

How many of those are backing up their data to some server park in San Antonio? Consider those places, all their customer data, their financial data and forecast information. In some cases, the data will come from over a dozen nations. It is nice to ask where their data is, but what about the data dumps, the logs and the backups, where were they kept?

Let the intelligence community do what it needs to do, if not, then neither we nor the press gets to point fingers at them when things truly go very wrong.

Leave a comment

Filed under IT, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , ,