Daily Archives: 4 June 2018

Private Enterprise and Social Media

Posted on by
Reply

In one of The Wall Street Journal‘s frequent debate articles, this time about whether businesses should allow employees to use social media at work, a couple of comments made by the pro-use debater jumped out at me.

When I first began helping companies use Twitter and Facebook more than a decade ago, every organization started with this question: how can we use social media without compromising our security and privacy obligations?

The answer to this question seems straightforward, yet the debater equivocated.  While a business needs access to social media for its advertising and other communications with current and future customers, the plain fact, made all the more plain with recently revealed misbehaviors of Facebook and Twitter, is that businesses cannot use social media without severe risk of compromising their security and privacy obligations.  The business models of social media like Twitter and Facebook depend on exploiting exactly those privacy data, and those enterprises—and not only Twitter and Facebook—have shown themselves incapable of maintaining security regarding those data.

And this one:

The same kind of risk/benefit assessment applies to the use of personal social-media accounts by employees.

While it is true that companies can reduce risk if they ban personal social-media use during business hours, discourage employees from making any online references to their work and maybe even ban personal smartphones from the workplace, that is a terrible idea for the same reason companies now embrace social-media marketing: you can’t be a successful company in the social-media era unless you accept some level of social media-related risk.

This is just flat wrong.  In the first place, there’s no reason at all an employee should be conducting personal business on company time and company equipment.  Normal breaks and lunch hours answer the first part, but it’s still company equipment.

More importantly, the claim of no success without employees on social media is wrong.  I worked for one of the most successful defense contractors in the world in our niche of the industry.  Along with hundreds of fellow employees I worked behind a cipher lock.  No radios (and so no cell phone), no personal tablets or laptops or the like, we were air-gapped from the Internet.  We survived the isolation.  In fact, we thrived in that environment, and so did our company.  Companies that don’t do classified work still do proprietary work.  There’s no more need for those employees to access the Internet than there was for us.  They’ll thrive, too.  Saying a business just must surrender and accept social media-related risk is nothing but a quitter’s attitude.

And: any company is better off operating short-handed than operating with an employee who will put the company at risk with his own security errors, especially if those errors flow from doing personal business on company time or equipment.

Thirty Days

Posted on by
Reply

That’s when NATO’s newly expanding rapid response force would be ready to act when called upon.

The alliance is planning to establish a pool of around 30,000 soldiers who could be operational within 30 days. They would be armed with several hundred fighter jets and ships, according to high ranking NATO diplomats cited by the paper [Welt am Sonntag]. The new troops would be in addition to the already established NATO Response Force (NRF), which has around 20,000 soldiers.

This would be risible if it weren’t so incompetent.  It took 36 days for Germany to overrun Poland with numerically inferior forces at the start of last century’s WWII.  It took Germany 46 days to overrun France with numerically and technologically inferior forces at the start of that war.

Russian forces may remain numerically inferior, but they’re not technologically inferior.  Beyond that, 21st century forces are much faster and strike with much greater precision and with much greater power.

A “rapid” response force that can’t be ready for 30 days likely won’t find a fight to enter.  Such a response time harks back to WWI and prior wars where mobilization occurred first and took several weeks to complete.  Today’s force-on-force war will begin with a limited mobilization at most and a running start.  And I’ve elided the likely parallel cyber attack that will be fought to the detriment of communications, even impacting the target’s sensor systems’ ability to say that an attack is underway.  That cyber attack will shorten further the response time available.

A nation or a bloc that forms a “rapid” response force that can’t be ready for 30 days isn’t taking the matter seriously.