The dilithium crystals could dissolve


For those born after the mini-computer era (co-terminal with the original Star Trek), dilithium is the fuel used to power a warp-core propulsion system needed for interstellar travel.

Dilithium is both natural and rare, and when it melts, due to overuse of the warp core, the ship essentially breaks down. This metaphor makes sense if you keep reading. I could have used “The Russians Are Coming” from the same era, but it might have sounded too much on the nose. So Dilitio is.

Russia recently stepped up the hacking operation that brought SolarWinds to us, and it looks like we’re sabotaging ourselves with insufficient employee-centric software to run some of the biggest tech companies (speaking of you, Amazon). None of these trends / events are good and can be prevented because there are products on the market if only we used them.

Two articles from the New York Times lead this piece. One is about Russia’s recent intensified hacking operation that started as SolarWinds. The other is about Amazon’s embarrassing inability (to the extent that it can be embarrassing) to build the necessary systems to help it manage staff.

The spies will be spies

First, according to Microsoft, everything seems to relate to Russia. After hiding for a while, Microsoft said the Russian security service launched another cyber-all-American attack to steal data and disrupt business and government.

But you may not want to blame all the Russians. John Hultquist, the vice president of intelligence analysis at Mandiant, who detected the previous SolarWinds attack, simply remarked that “The spies are going to spy.”

According to Microsoft over the past three years it has detected over 20,000 attack attempts from the rest of the world, while it said it recently notified more than 600 organizations about 23,000 attempts on their systems from a small number of countries including Russia.

“Spies are about to spy” boils down to a tacit admission that corporate America may not have learned its lesson and strengthened its cybersecurity enough after the latest such events.

It appears that in the rush from the data center to the cloud, some companies may have been under the illusion that their security is now being outsourced to infrastructure providers. It could be assumed that physical security is now someone else’s responsibility, but there are other layers of security that may not be as bulletproof.

IT must participate

All hacking is done without physical aggression. This shouldn’t be an advertisement for Oracle, but if you’re into the industry, you can close your eyes and think back to the latest OpenWorld conferences where CTO Larry Ellison presented the benefits of his company’s Autonomous Database and Autonomous Linux.

Ellison’s schtick would always include the dire warning that the average IT department takes about 13 months to apply a patch once a vulnerability is found and a remedy is made available. You don’t need to be a meteorologist to know which way the wind is blowing, and you don’t need to operate at warp speeds to be able to break systems that take more than a year to stop you.

Spies spy and wolves hunt, but shepherd dogs must also be on patrol. IT must play its part and it seems too many leaders are taking their time or even rejecting advice from Microsoft and others to strengthen their systems. (I almost wrote vaccinate their systems but, again, maybe even on the nose?)

Sure, the articles I’ve read about this hack don’t say a word about Oracle cloud penetration, but maybe it’s just an oversight. Then again, why work hard to overcome Oracle’s security when there are other easier goals?

Amazon’s human resources problems

Not to be outdone, it appears that Amazon is giving unwitting help to bad guys intent on disrupting the business and supply chain. It seems that Amazon’s internal systems, dedicated to managing employee free time, with or without pay, do not seem to live up to the needs of a workforce of well over a million and rapidly growing.

In a way it is the old story of the shoemaker’s children going barefoot. There are numerous examples in the press of underpaid or mistakenly cut off employees and, having run out of reserves, failing, losing cars and pledging valuables, such as their wedding rings, to keep the roof over their heads as they try to fix things.

With such a large workforce you can imagine that when systems like this break down there aren’t enough people in HR to handle the workload, which results in unnecessary difficulties.

In a particularly damaging situation, an Amazon worker in Washington state was fired because Amazon’s unpaid leave policies did not match the legal requirements of his home state.

I’d like to be charitable and say that something like everyone makes mistakes or mistakes is human, but those bromides seem grossly mismatched to the industry and the times we live in. According to the article, the company appears to have devoted its attention to the user experience rather than the nuts and bolts to keep the machine running.

If that’s true, Amazon is far from unique. Recent news also has many articles in the Wall Street Journal and elsewhere on Facebook working to preserve the status quo that best supports its business model rather than making substantial changes to its systems that can protect users.

Final thoughts

We use metaphors like dilithium to explain difficult concepts, and merging is a sure illustration that a system will fail, perhaps catastrophically, if we don’t act.

System security and support for internal business processes don’t make money, at least not directly, but they are the necessary ingredients of the secret sauce. Not dealing with those – and the consequent and preventable failures they cause – is a symptom of the times and the continuing immaturity of the industry.

If any of these resonate, it may be time to upgrade.

The views expressed in this article are those of the author and do not necessarily reflect the views of the ECT News Network.


Please enter your comment!
Please enter your name here