Donald Trump Should Channel Steve Jobs on Security
Mar 13, 2017 10:02 AM PT
We saw yet another government breach last week, and more secrets went out to WikiLeaks. I'm of a mixed mind on this one, because the CIA tools disclosed likely were emulated by others, and WikiLeaks is helping consumer technology companies ensure they no longer work.
I don't know about you, but I really don't want any organization spying on me -- not even my own government. Given how I often dress around the house, this is as much for their protection as my own.
When Steve Jobs took over, Apple also had a severe leak problem, and he was pragmatic about fixing it. Ironically, he used the U.S. government's approach as a template. As a side note, Jobs also had a WikiLeaks problem, but whether it really was a leak or was fake news was never determined. Now that is an interesting coincidence, given the topic.
I'll offer some suggestions about what Trump could learn from Steve Jobs, and I'll close with my product of the week: the Jetson TX2, an amazing high-speed drone that uses Nvidia's value-priced digital brain, to ensure that it doesn't get you into trouble.
Steve Jobs' Problem
When Steve came back to Apple, he had a massive problem in that he wanted to create excitement around his new products -- but only when he actually had them to sell. He knew that product leaks tended to kill sales for existing products and made launches far less exciting because there was no mystery.
He also knew if that sometimes to get a product out the door you had to defeature it, and if folks expected a feature that didn't show up, they not only wouldn't be excited but also might avoid buying the product as a result of their disappointment.
Given that the products he started with were crap, in his opinion, he sure didn't want people to stop buying them until he had replacements in market. At the time, though, Apple was a sieve. People who worked there had developed relationships with reporters, and they used their inside knowledge on coming products to gain status.
Simply telling them to stop really didn't seem to have the intended effect -- but since Apple's survival was at stake, Jobs went full WWII.
Steve early on developed a reputation for firing people on the spot, often for what seemed to be trivial causes -- employees referred to it as "being Steved." So when Jobs made it clear that anyone caught leaking would be terminated immediately, folks took him seriously.
He also pulled posters out of the old-World War II campaigns, like "loose lips sink ships" and made it clear to the employees that keeping quiet could make the difference between whether Apple survived and prospered or failed.
He looked to others to report anyone they knew was leaking, for the good of the company. (In one instance, this firing thing supposedly backfired badly.)
Finally, Jobs would deliberately include slight alterations about coming products in internal memos, so that if anyone did leak, he could track the leak back to the group that leaked it and then locate the individual.
That not only was sneaky, but also made the leakers less reliable, because the facts they were leaking were inaccurate. It had the dual purpose of locating and discrediting the leaker at the same time.
Saved My Job
While I was at IBM, I ran security for my organization for a short while implemented something similar because I suspected some of my own reports -- which were highly sensitive at the time -- would be leaked. One was, and the SVP of sales wanted me fired.
Fortunately, I was able to track the leak to that same SVP, and I outlasted him as a result. I'll likely never forget this practice of altering reports so they can be tracked back, if leaked in whole or part.
Since the Steve Jobs era, a host of tools that monitor access of information in real time, like Varonis, have emerged. They can send out alerts if people gain access to data outside of their responsibility, start copying or printing sensitive documents, or suddenly show an interest in an area they never before accessed.
These tools address the kind of bulk information theft that the U.S. intelligence community has experienced, by identifying perpetrators so they can be caught quickly and punished. It continues to surprise me that solutions such as these either aren't in place or have not been implemented properly, even after the Snowden breach.
I agree with Julian Assange that this latest breach showcases a level of incompetence that should be unacceptable in a small private company -- let alone one of the most powerful and storied intelligence organizations in the world.
Trump Channeling Jobs
Here is where Trump needs to channel Steve Jobs. When a leak like this occurs, the career bureaucrats responsible for protecting the breached data should be terminated for cause. This would convey the seriousness of the problem. Clearly, if and when the perpetrator is located, that person has to be brought to justice definitively, so that the personal risks surrounding leaking exceed the benefit of leaking.
The government should implement an access-tracking tool like Varonis, and make sure the implementation is comprehensive so that in addition to document access, system access would be tracked, so that any related types of security breaches also would be caught.
Finally, the administration seriously needs to consider a WWII level of organizational attitude readjustment, so that employees recognize they are putting their nation at risk and help to ensure that other employees report any questionable things they observe in a timely way.
Wrapping Up: Taking Security Seriously
I do think there is one other aspect of this that should be addressed, and that is that there really needs to be a better way for employees of the intelligence community to report illegal activities other than leaking them. Much of this looks like an employee saw management do something wrong, and in a fit of conscience -- and with no other recourse -- leaked it to stop the activity.
I mean if the CIA is planning to take over and crash cars, then at the very least, I'd like that exploit reported and fixed so that they don't accidentally kill me in the process, or enable someone else to do it on purpose.
In short, I think the Intelligence Community should reprioritize its goal to keep citizens safe and its goal to attack others, putting the "keep us safe" part first again. Or, put more bluntly, if they know of an exploit that puts me at risk, then I'd like them to help fix it rather than keep it secret so they can kill someone else. (By the way this leaking thing doesn't appear to be stopping the illegal activity at all -- something the leakers should reflect on.)
Given that the hacking techniques leaked likely could be used against a sitting president, who is by far a larger target than I am, fixing that priority should be compelling for President Trump. In the end, I think Trump could learn a lot from how Jobs secured Apple, and it would make all of us a lot safer if he did.
One other quote President Trump might want to consider from Jobs: "If you want to make Apple great again, let's get going. If not, get the hell out."
I was at the Nvidia Jetson TX2 launch last week and up to my armpits in security technology, autonomous drones, and what looked like a 3D scanning Ray Gun.
However, I saw one thing I had to buy, and it was the new Teal drone, due to ship during the summer.
At nearly US$1,300 it is not cheap date. Given how successful DJI is in this space, you have to ask yourself why anyone would want an expensive drone with no camera gimbal in the first place. The answer is this puppy is fast.
It goes from 0-60 in 1.2 seconds and has a top speed of 85 mph. The lack of a gimbal means you can fly this with a headset on and actually feel like you are flying. That said, if you hit something at 85 mph it will be expensive, which is where the Jetson TX2 comes in.
Effectively, when turned on, it gives you a capability similar to the guardian angel for self-driving cars. It provides a bubble of safety around the drone, helping to prevent that spectacular crash that could kill your drone and end your flying days for some time.
This thing is amazing. At top speed, it sounds like a howling banshee (which is what I would have named it had it been up to me).
It defaults to your phone as a controller, but it also will use a range of professional controllers if you prefer, and it will broadcast the video to several wireless headsets for that flying experience.
It is modular in design, so that if you break an arm or blade you can replace it. The body is a single streamlined piece without the breakable parts of a typical drone has in this class.
Because it uses an AI engine, things like being able to tell the person it is following is you, along with more advanced features -- like followiong complex flight plans while avoiding obstacles -- are possible. The Teal is one kick-ass drone. Yes, I ordered one, and it is my product of the week.