In his book "The Machine That Changed the World," Jim Womack, et al. discusses the inception of "Toyota Production System," eventually to become known as lean manufacturing.
The basic concept is simple (ok, for all you lean experts, I know this is an oversimplification, but give me a break), figure out how long it would take to make something and how much material is needed, if everything went according to plan; no delays in assembly, no part shortages, no rework, and so forth. Whatever happens to make that ideal time take longer and use more material is called waste (or muda in Japanese). For example, if I’m making a red Swingline stapler, and I can’t finish an order for a customer because either the red plastic housings were late, or I had to pay an expedite charge to get them on time, or I had to throw a bunch of them out because I ran over them with a forklift, all of that is considered waste.
Waste in a process, any process, is bad; it doesn’t contribute in the least adding any type of value to the thing you’re making. Waste is also inevitable; you simply can’t get around it. So, the basic notion of lean manufacturing is to remove as much waste from a process as is possible. It’s a balancing act, between capacity, quality, and efficiency.
Ok, I said all of that to say this… Over the last 20 years tremendous strides have been made in implementing lean manufacturing concepts in a number of manufacturing settings. What have been lagging behind, dramatically, are similar concepts in “soft” or office processes. Office processes are notoriously wrought with all sorts of waste. When was the last time you had waited on a reply to an email on some issue that required an answer prior to completing some other task? I’m not being self-righteous, I engage in waste myself, and waste is unavoidable because we are human and flawed.
That said small incremental improvements (called kaizen in Japanese) is what is required to move forward. We’re talking evolutionary, not revolutionary. You can’t fix the world all at one time, so how do you, as the cliché goes, eat an elephant? The answer is one bite at a time. That’s what kaizen is all about making small incremental and measurable improvements in processes.
In the referenced article from the Havard Business School, the author Julia Hanna discusses the ideas of bringing lean principles to the office process and services industries. There are so many sectors that need this kind of help, the social services and non-profit sectors are prime candidates for this type of assistance. The non-profit sectors are often overworked, but have people with a passion for what they’re doing, and they’re often doing and re-doing tasks over and over again. I’m involved as a board member of two non-profits and see this as an ongoing problem, and for these organizations to succeed, simplifying processes to minimize labor, material, in short waste, is a key business concept.
Trying to make the connection for the office folks is another story though, it’s often the case that conveying the need for this type of improvement is difficult to effectively communicate if the individuals involved don’t really have a background for it. Also, not all lean principles translate into lean office concepts; some creativity in plying the lean concepts is in order.
This is an excellent article discussing some of the research in implementing lean in an office, and perhaps we’ll see more of it in the social and NPO sectors.
Having JUST posted a message about the NVD from US-CERT, I’m trying
to get back to work and read this feed from Slashdot. It seems that Joe
Stewart, an information security research specialist with SecureWorks
has seen evidence that the massive Storm Worm botnet is being broken up
and the resulting compute cycles are up for sale to the highest bidder.
Not just for pimple faced teens anymore, this represents one of the
first trends of mercenary computing I’ve seen. The Storm Worm network
has been described as the worlds most powerful supercomputer in this
ZDNet article: (Storm Worm botnet could be world’s most powerful supercomputer).
So what does this mean? It means that this isn’t about hacking anymore,
cyber-terrorism is a real threat to government and commercial
enterprise.
I’ve been following this for sometime… This is an important resource of information for keeping up on information relating the vulnerabilities of a variety of technological systems.
We have a pre-disposition to believe that Windows is the only real attack vector in our information infrastructure, but the reality is that, though it is a huge target, other systems sport vulnerabilities waiting to be exploited.
To that end you’ll see on the right hand side of the page, a new list of the recently found exploits as published by the DHS and NIST on systems vulnerabilities.
This is a difficult position, because I hate fear mongering, and hate being the one to shout "the sky is falling!" But if you saw the piece from Wired Science on PBS October 3rd, you’ll see there is some merit to being concerned. "Forewarned is forearmed" as the saying goes.
I sat down after dinner tonight to begin studying for a data analysis assignment I had been putting off when I noticed a story that caught my eye on the new PBS series “WIRED Science.”
The story titled “World War 2.0” talked about the recent botnet attacks by Russian loyalists on the country of Estonia. It seems that after the end of World War II the Soviets drove the Germans out of the country. Now in the 21st century, Estonia is a member of the EU and NATO. In an attempt, Josh Davis, the story’s author points out, to distance themselves from their Soviet past, many ethnic Russians were none too happy about the idea, and took to the streets.
It’s here that the story gets interesting, see some of these ethnic Russians are also consummate computer hackers, and when physical riots didn’t produce the desired effect, they took to cyberspace. Through the use of several botnets, these hackers created an astounding display of cyber-warfare or cyber-terrorism, by launching a large scale distributed denial of service attack at the several high profile targets including the largest bank in Estonia, Hansapank, and one of the leading newspapers Postimees. The affects were devastating, people were cut off from the bank for days, and the country had effectively garrisoned itself from the rest of the wire world. No news, no information, was allowed in or out.
So here’s the point, and a warning; launching an attack like the one that hit Estonia would have little effect on the resources of the United States. But proportionately sized, not out of the question by the way, would cripple the information infrastructure of this country. Now all of a sudden, who needs nukes? Distributed computing, some ingenuity, and a political agenda are all that’s needed to cripple a businesses, county, city, or state agency. And if you think these activities are being executed by pimple faced teenagers with a grudge and a notebook, think again. Several countries in the far east and pacific rim have state sponsored cyber-warfare programs with the specific agenda of disabling national and private infrastructure, it is far more profitable, decimating an economy, without all the… well, dead bodies.
I’ve been listening to "The Power of Now" by Ekhart Tolle, he makes some very good points. Now, while I’m not a "new age" spiritualist, I’m fairly traditional in my monotheistic beliefs, and I do believe he has something to say, primarily that we spend too much time letting our minds rule our lives (an interesting observation given my nickname is ‘Analysis Paralysis’). The aphorism "don’t borrow worry, tomorrow has enough worries of its own" is a good way of putting it; living in the now helps us combat the fears we conjure up in our mind about "worse case" scenarios.
Here’s the funny thing though; through my graduate studies, I have a graduate education in Information Security/Information Assurance and it seems to me that these studies along with the whole notion of security altogether is contradictory to the points Tolle makes in his book. Wendell Phillips oft quoted “Eternal vigilance is the price of liberty,” made in reference to the slavery movement of the 19th century prior to the American Civil War, is used as a mantra for the homeland security, and information assurance disciplines.
I’ve had this nagging voice, all during the time I was attending grad school, saying to me “Are you being a fear monger?” My struggle has been how I reconcile the lessons learned about securing our future with the connecting to peace through the “Now.” Are they mutually exclusive? As I write this, I believe they are not. One becomes a practical function of the other. As a practical matter, insuring we bring peace to our lives through connection with the infinite requires attention to that around us wishing to impose dissonance.
So where is the balance between the “Now” and vigilance? It sits with every one of us along with the recognition that there are those whose motivations for “peace” are only articulated as vigilance. “Quis custodiet ipsos custodes?” as Juvenal puts it requires that WE watch the watchmen. Separation of power insures that NO one holds all the keys to the kingdom, and WE can experience the peace we are all, me included, desperately seek.
I’ve been a listener of Security Now! since Steve Gibson and Leo Laporte since its beginning in August of 2005. I’ve never really been the type of person to "testify" to anyone else, but I do find myself saying frequently saying "let me tell you what my last week has been like."
Such is the case for Security Now! I find myself using it as an ongoing resource for both my graduate studies, and as a resource for my work. Steve Gibson has a way of presenting ver complicated issues in information security in very approachable ways.
It seems to me that I find myself going back repeatedly to refer and catch up on material I’ve missed. I recommend Security Now and all of the TWiT (www.twit.tv) netcasts if you’re involved in technology at any level.
