Donald Trump Should Channel Steve Jobs on Security

Donald Trump Should Channel Steve Jobs on Security

We saw yet another government breach last week, and more secrets went out to WikiLeaks. I’m of a mixed mind on this one, because the CIA tools disclosed likely were emulated by others, and WikiLeaks is helping consumer technology companies ensure they no longer work.

I don’t know about you, but I really don’t want any organization spying on me — not even my own government. Given how I often dress around the house, this is as much for their protection as my own.

When Steve Jobs took over, Apple also had a severe leak problem, and he was pragmatic about fixing it. Ironically, he used the U.S. government’s approach as a template. As a side note, Jobs also had a WikiLeaks problem, but whether it really was a leak or was fake news was never determined. Now that is an interesting coincidence, given the topic.

I’ll offer some suggestions about what Trump could learn from Steve Jobs, and I’ll close with my product of the week: the Jetson TX2, an amazing high-speed drone that uses Nvidia’s value-priced digital brain, to ensure that it doesn’t get you into trouble.

Steve Jobs’ Problem

When Steve came back to Apple, he had a massive problem in that he wanted to create excitement around his new products — but only when he actually had them to sell. He knew that product leaks tended to kill sales for existing products and made launches far less exciting because there was no mystery.

He also knew if that sometimes to get a product out the door you had to defeature it, and if folks expected a feature that didn’t show up, they not only wouldn’t be excited but also might avoid buying the product as a result of their disappointment.

Given that the products he started with were crap, in his opinion, he sure didn’t want people to stop buying them until he had replacements in market. At the time, though, Apple was a sieve. People who worked there had developed relationships with reporters, and they used their inside knowledge on coming products to gain status.

Simply telling them to stop really didn’t seem to have the intended effect — but since Apple’s survival was at stake, Jobs went full WWII.

Steve early on developed a reputation for firing people on the spot, often for what seemed to be trivial causes — employees referred to it as “being Steved.” So when Jobs made it clear that anyone caught leaking would be terminated immediately, folks took him seriously.

He also pulled posters out of the old-World War II campaigns, like “loose lips sink ships” and made it clear to the employees that keeping quiet could make the difference between whether Apple survived and prospered or failed.

He looked to others to report anyone they knew was leaking, for the good of the company. (In one instance, this firing thing supposedly backfired badly.)

Finally, Jobs would deliberately include slight alterations about coming products in internal memos, so that if anyone did leak, he could track the leak back to the group that leaked it and then locate the individual.

That not only was sneaky, but also made the leakers less reliable, because the facts they were leaking were inaccurate. It had the dual purpose of locating and discrediting the leaker at the same time.

Saved My Job

While I was at IBM, I ran security for my organization for a short while implemented something similar because I suspected some of my own reports — which were highly sensitive at the time — would be leaked. One was, and the SVP of sales wanted me fired.

Fortunately, I was able to track the leak to that same SVP, and I outlasted him as a result. I’ll likely never forget this practice of altering reports so they can be tracked back, if leaked in whole or part.

Technology Approach

Since the Steve Jobs era, a host of tools that monitor access of information in real time, like Varonis, have emerged. They can send out alerts if people gain access to data outside of their responsibility, start copying or printing sensitive documents, or suddenly show an interest in an area they never before accessed.

These tools address the kind of bulk information theft that the U.S. intelligence community has experienced, by identifying perpetrators so they can be caught quickly and punished. It continues to surprise me that solutions such as these either aren’t in place or have not been implemented properly, even after the Snowden breach.

I agree with Julian Assange that this latest breach showcases a level of incompetence that should be unacceptable in a small private company — let alone one of the most powerful and storied intelligence organizations in the world.

Trump Channeling Jobs

Here is where Trump needs to channel Steve Jobs. When a leak like this occurs, the career bureaucrats responsible for protecting the breached data should be terminated for cause. This would convey the seriousness of the problem. Clearly, if and when the perpetrator is located, that person has to be brought to justice definitively, so that the personal risks surrounding leaking exceed the benefit of leaking.

The government should implement an access-tracking tool like Varonis, and make sure the implementation is comprehensive so that in addition to document access, system access would be tracked, so that any related types of security breaches also would be caught.

Finally, the administration seriously needs to consider a WWII level of organizational attitude readjustment, so that employees recognize they are putting their nation at risk and help to ensure that other employees report any questionable things they observe in a timely way.

Wrapping Up: Taking Security Seriously

I do think there is one other aspect of this that should be addressed, and that is that there really needs to be a better way for employees of the intelligence community to report illegal activities other than leaking them. Much of this looks like an employee saw management do something wrong, and in a fit of conscience — and with no other recourse — leaked it to stop the activity.

I mean if the CIA is planning to take over and crash cars, then at the very least, I’d like that exploit reported and fixed so that they don’t accidentally kill me in the process, or enable someone else to do it on purpose.

In short, I think the Intelligence Community should reprioritize its goal to keep citizens safe and its goal to attack others, putting the “keep us safe” part first again. Or, put more bluntly, if they know of an exploit that puts me at risk, then I’d like them to help fix it rather than keep it secret so they can kill someone else. (By the way this leaking thing doesn’t appear to be stopping the illegal activity at all — something the leakers should reflect on.)

Given that the hacking techniques leaked likely could be used against a sitting president, who is by far a larger target than I am, fixing that priority should be compelling for President Trump. In the end, I think Trump could learn a lot from how Jobs secured Apple, and it would make all of us a lot safer if he did.

One other quote President Trump might want to consider from Jobs: “If you want to make Apple great again, let’s get going. If not, get the hell out.”

Rob Enderle's Product of the Week

I was at the Nvidia Jetson TX2 launch last week and up to my armpits in security technology, autonomous drones, and what looked like a 3D scanning Ray Gun.

However, I saw one thing I had to buy, and it was the new Teal drone, due to ship during the summer.

Teal Drone

At nearly US$1,300 it is not cheap date. Given how successful DJI is in this space, you have to ask yourself why anyone would want an expensive drone with no camera gimbal in the first place. The answer is this puppy is fast.

It goes from 0-60 in 1.2 seconds and has a top speed of 85 mph. The lack of a gimbal means you can fly this with a headset on and actually feel like you are flying. That said, if you hit something at 85 mph it will be expensive, which is where the Jetson TX2 comes in.

Effectively, when turned on, it gives you a capability similar to the guardian angel for self-driving cars. It provides a bubble of safety around the drone, helping to prevent that spectacular crash that could kill your drone and end your flying days for some time.

This thing is amazing. At top speed, it sounds like a howling banshee (which is what I would have named it had it been up to me).

It defaults to your phone as a controller, but it also will use a range of professional controllers if you prefer, and it will broadcast the video to several wireless headsets for that flying experience.

It is modular in design, so that if you break an arm or blade you can replace it. The body is a single streamlined piece without the breakable parts of a typical drone has in this class.

Because it uses an AI engine, things like being able to tell the person it is following is you, along with more advanced features — like followiong complex flight plans while avoiding obstacles — are possible. The Teal is one kick-ass drone. Yes, I ordered one, and it is my product of the week.

Linux Academy Rolls Out New Cloud-Based Training Platform

Linux Academy Rolls Out New Cloud-Based Training Platform

Linux Academy, an online training platform for the Linux OS and cloud computing, on Tuesday announced a public beta rollout of its Cloud Assessments platform, which is designed to let large enterprise firms train and assess their IT workers and prospective job candidates.

Linux Academy Rolls Out New Cloud-Based Training Platform

The academy offers training on a variety of cloud-based platforms, including Amazon Web Services, Open Stack, DevOps, Azure and others.

The Cloud Assessments platform will focus initially on training and testing of AWS, due to the strong demand for that cloud-based computing platform and the large skills gap of existing knowledge among IT workers.

“Since AWS is a leader in the market, companies and individuals are rushing to ensure they can handle these technologies,” said Linux Academy CEO Anthony James.

AWS Demand

The academy’s current focus is preparation and validation for the AWS Certified Solutions Architect Associate level exam, James told LinuxInsider. However, there are other in-demand areas that it is beginning to explore.

Hands-on learning has been very important to professionals who have taken these courses, James said. “We came to understand that not only do people want to learn, but they also want to validate their skills in a way that our industry would recognize.”

Another critical aspect of the Academy’s approach is what it calls “lean learning,” which involves recommending specific training based on a user’s specific performance, he continued. The new training efforts target specific areas that need improvement.

The Cloud Assessments platform offers a different approach to teaching IT professionals by using live servers in existing work environments. Workers actually learn skills they can use on the job in real time. They’re not limited to responding to questions in a test environment.

Individuals also can use Cloud Assessments to earn micro-certfiications for AWS skills.

Linux Academy and Cybrary last month conducted a survey of 6,000 IT professionals, and 35 percent said that micro-certifications would help them get a job or advance in an existing position.

In addition, 85 percent said they would pursue micro-certifications if their employers helped facilitate the training.

Skills Gap

“The launch of this program is another indication of the accelerating adoption of cloud services,” noted Jeffrey Kaplan, managing director of ThinkStrategies, “and there is no question that initial focus on AWS specialists is because of its dominant position in the market at this time.”

As the demand for multi-cloud services increases, the academy’s program likely will broaden to include training courses for additional cloud platforms, he told LinuxInsider.

Certification programs directly from AWS are exam-based, said Paul Teich, principal analyst at Tirias Research.

However, Linux Academy has created a more practical “live assessment” environment in which users are graded on actually using AWS rather than just answering questions correctly, he told LinuxInsider.

“Cloud services really don’t care about certification, but enterprise does,” Teich pointed out. “Enterprise needs these certifications to start implementing hybrid cloud business models. Upleveling certification to demonstrate practical experience should play well with enterprise IT shops.”

Amazon Web Services last year announced an effort to enhance its AWS Educate program to offer additional modules, called “cloud career pathways,” to help educate students about cloud-based skills, as well as connect them with specific cloud-based jobs offered by various employers, including AWS, Salesforce, Cloudnexa and Splunk.