Great Ideas... and Great People

Our members tell us that one of NCMS' great benefits is the refreshing and broadening connection to new people and new ideas. Like a classical forum, NCMS is a place where people gather to do business and learn from each other. This is our special place to show others what we have learned.

This is a proactive extension of the Mfg.Trust and Corner.Office features. Great Ideas... and Great People will feature hot new initiatives from our membership and friends (see Editorial Policy) that align with the NCMS and NCMS InfraGard Manufacturing Industry Association's (IMIA) missions. Your ideas and contributions are most welcome. 

Contents:

Canada's Office of Critical Infrastructure Protection and Emergency Preparedness
Report of the Heritage Foundation Homeland Security Task Force
Cybercrime, Cyberterrorism and Security, The Legal Perspective
Cyber Attacks During the War on Terrorism: A Predictive Analysis
Anticipatory Failure Determination®
SecureID Card – Biometric based SmartCard with processing on card

Editorial Policy

Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP)

<top> A bravo to the Canadians! The OCIPEP seems to produce great products and make them available in a timely manner which will really enhance information assurance. In keeping with their mission, OCIPEP focuses on all the critical infrastructures, not just information technology. From their backgrounder...

"Canada's critical infrastructure is found in the energy and utilities, communications, services, transportation, safety and government sectors. This critical infrastructure constitutes the backbone of our national economy and fabric, and is essential to the health, security, safety and economic well-being of Canadians and to the effective functioning of governments."

An example: See their "Teacher's Corner" for a wealth of grade school resources. 

Report of the Heritage Foundation Homeland Security Task Force

<top> The Heritage Foundation Homeland Security Task Force was formed days after the September 11 attacks to meet need to define new means to strengthen the security of the homeland. This comprehensive study incorporates the recommendations of the Task Force for securing a vulnerable America.

All chapters are available in Adobe Acrobat 5.0 Portable Document Format (PDF). Download sections here.

<top> Robert A. Hudson of Butzel Long uses the Computer Security Institute’s 2001 Computer Crime and Security Survey very effectively to set the stage for why you need to pay attention to computer crime and security breaches, your duty to adopt security measures, the legal risks, the need for a security plan and an incident response plan. His coverage of responding to crime, and legal recourse through criminal proceedings, civil remedies, and/or insurance issues is an eye opener. Review this viewgraph presentation here.

<top> Just as the terrorist attacks of September 11, 2001 defied what many thought possible, cyber attacks could escalate in response to United States and allied retaliatory measures against the terrorists responsible for the attack. This paper examines case studies of political conflicts that have led to attacks on cyber systems, such as the recent clashes between India and Pakistan, Israel and the Palestinians, and NATO and Serbia in Kosovo, and the tensions between the U.S. and China over the collision between a Chinese fighter plane and an American surveillance plane.

This excellent informative paper is written by Michael A. Vatis, Director, Institute for Security Technology Studies at Dartmouth College. Michael Vatis is the former Director of the National Infrastructure Protection Center (NIPC). Download report here (.pdf, 428KB). Reproduced with permission. Disclaimer. Other documents are available at ISTS, including Dr. Vatis' recent testimony to the US Congress. 

<top> Here’s a subtle and powerful tool for identifying potential routes of failure for systems, processes, or products or to post analyze failures when the root cause is not known.  The process is simple to visualize:

1. State the problem  ("The system, product, whatever is not working or failed.")

2. Invert the problem ("I want the system to fail.")

3. Exaggerate the inverted problem ("I want the system to fail ALL THE TIME.")

4. Ask, “How would I do that?”

5. Look for resources necessary to accomplish the ideas generated in step 4

6. Solve the newly stated problem.

For example:
What are the things that get in the way of good communication in our large company? Convert to "How would I make sure that NO ONE in this organization ever finds out anything that is going on around here?" 

What are the items I need to worry about in getting prompt delivery to a customer? Convert to "How do I make sure that nothing we ship ever gets to the customer on time as ordered"? 

This piece of machinery is breaking down all the time and all the checklists and inspections can't find the problem. Convert to "How would I make sure that this machinery NEVER ran properly?" 

And of course, you could do the same kind of thinking airport sabotage, airline hijacking, drug smuggling, etc. 

“This process and way of thinking sounds incredibly simple, but the psychological effect of switching the question from ‘What could go wrong?’ to ‘How can I make it go wrong?’ is simply amazing to watch in a group problem solving session.  Our brains go into a different quadrant and will identify many ways to sabotage a system or cause it to fail than ANY checklist process you are currently using. The process is especially powerful when the participants have expert knowledge. These inside experts would KNOW EXACTLY HOW TO MAKE IT FAIL, but just don’t think that way every day,” says Jack Hipple of Innovation-TRIZ, Inc.

This process is the reverse of a TRIZ process that comes from a Russian “theory of inventive problem solving.” TRIZ has been slowly gaining acceptance in the US. The key underlying principle to TRIZ is that all systems, over time, evolve toward ideality through the resolution of contradictions in design, performance, etc. This typically occurs through the use of underutilized or unrecognized resources. This "reverse" TRIZ tool has been used for bank fraud, food contamination routes, as well as for determining corrosion and product failure routes. Contact Jack Hipple at Innovation-TRIZ, Inc to learn more and compare reverse TRIZ with other failure determination processes.

Anticipatory Failure Determination® is a trademark of Ideation International

The SecureID Card – A Biometric based SmartCard with Processing on the Card

<top> The SecureID Card is similar in appearance to all other smart cards but for one distinguishing feature. That feature is a crypto chip that stores biometric information such as fingerprint of facial scans, along with processing instructions necessary to verify a match or mismatch in real time. This data is encrypted and stored in read only memory (ROM) on the crypto chip so it is protected from outside access. SecureID provides a mechanism for positive identification.

The practical aspect of this approach is that with SecureID Card, finger print verification can be accomplished with a $100 reader/scanner interfaced to a PC anywhere, at any time. No connection to an online database is required, and no personal biometric data need be transferred. Basic identity verification can be accomplished in a remote corner of the world, at a border patrol or police car, as well as in an urban office setting.

The technology underlying the SecureID Card uses standard IC crypto-processor chips manufactured by leading European producers. There are over 20 million cards deployed in Europe. A white paper (.pdf, 21KB) provides additional information and contact details.

<top>