Dr. Kristin Ball Motley, of Health Care Solutions of Delaware Valley, created this video for a virtual MLK Day event about the importance of wearing masks and getting vaccinated. She specifically discusses the impact of racism and mistrust on parents’ decisions to vaccinate themselves and their children.
https://youtu.be/ClGdyu6c75U
Uncategorized
Today, the Office of Management and Budget (OMB) released a Federal strategy to move the U.S. Government toward a “zero trust” approach to cybersecurity. The strategy represents a key step forward in delivering on President Biden’s Executive Order on Improving the Nation’s Cybersecurity, which focuses on advancing security measures that dramatically reduce the risk of successful cyber attacks against the Federal Government’s digital infrastructure.
The growing threat of sophisticated cyber attacks has underscored that the Federal Government can no longer depend on conventional perimeter-based defenses to protect critical systems and data. The Log4j vulnerability is the latest evidence that adversaries will continue to find new opportunities to get their foot in the door. The zero trust strategy will enable agencies to more rapidly detect, isolate, and respond to these types of threats. By detailing a series of specific security goals for agencies, the new strategy will serve as a comprehensive roadmap for shifting the Federal Government to a new cybersecurity paradigm that will help protect our nation. These goals are directly aligned with and support existing zero trust models.
“In the face of increasingly sophisticated cyber threats, the Administration is taking decisive action to bolster the Federal Government’s cyber defenses,” said Acting OMB Director Shalanda Young. “This zero trust strategy is about ensuring the Federal Government leads by example, and it marks another key milestone in our efforts to repel attacks from those who would do the United States harm.”
“Security is the cornerstone of our efforts to build exceptional digital experiences for the American public,” said Federal Chief Information Officer Clare Martorana. “Federal agency CIOs and IT leadership are leaning into this challenge, and the zero trust strategy provides a clear roadmap for deploying technology that is secure by design and responsive to the needs of our workforce so they can better deliver for the American public.”
“It was extremely important for us to work collaboratively with top experts across the government, industry and academia and build consensus around the highest value starting points for a defensible zero trust architecture,” said Federal Chief Information Security Officer Chris DeRusha.“This strategy will serve as the foundation for a paradigm shift in Federal cybersecurity, and provide a model for others to follow.”
“This strategy is a major step in our efforts to build a defensible and coherent approach to our federal cyber defenses,” said National Cyber Director Christopher Inglis. “We are not waiting to respond to the next cyber breach. Rather, this Administration is continuing to reduce the risk to our nation by taking proactive steps towards a more resilient society.”
“As our adversaries continue to pursue innovative ways to breach our infrastructure, we must continue to fundamentally transform our approach to federal cybersecurity,” said CISA Director Jen Easterly.“Zero trust is a key element of this effort to modernize and strengthen our defenses. CISA will continue to provide technical support and operational expertise to agencies as we strive to achieve a shared baseline of maturity.”
“OMB’s Zero Trust Strategy is an important milestone in the President’s effort to modernize the federal government’s cyber security to meet current threats, as outlined in Executive Order 14028,” said Deputy National Security Advisor for Cyber Anne Neuberger. “As OMB Acting Director Young noted, agency leadership plays a key role in making this strategy real, ensuring that agency CISOs have the support they need from their agencies’ financial and acquisition teams to execute this strategy.”
In September 2021, OMB released an initial draft of the strategy for public comment and received additional insights from cybersecurity professionals, non-profit organizations, and private industry that helped inform the final strategy.
###
“There’s no team without trust,” says Paul Santagata, Head of Industry at Google. He knows the results of the tech giant’s massive two-year study on team performance, which revealed that the highest-performing teams have one thing in common: psychological safety, the belief that you won’t be punished when you make a mistake. Studies show that psychological safety allows for moderate risk-taking, speaking your mind, creativity, and sticking your neck out without fear of having it cut off — just the types of behavior that lead to market breakthroughs.
Ancient evolutionary adaptations explain why psychological safety is both fragile and vital to successin uncertain, interdependent environments. The brain processes a provocation by a boss, competitive coworker, or dismissive subordinate as a life-or-death threat. The amygdala, the alarm bell in the brain, ignites the fight-or-flight response, hijacking higher brain centers. This “act first, think later” brain structure shuts down perspective and analytical reasoning. Quite literally, just when we need it most, we lose our minds. While that fight-or-flight reaction may save us in life-or-death situations, it handicaps the strategic thinking needed in today’s workplace.
Twenty-first-century success depends on another system — the broaden-and-build mode of positive emotion, which allows us to solve complex problems and foster cooperative relationships. Barbara Fredrickson at the University of North Carolina has found that positive emotions like trust, curiosity, confidence, and inspiration broaden the mind and help us build psychological, social, and physical resources. We become more open-minded, resilient, motivated, and persistent when we feel safe. Humor increases, as does solution-finding and divergent thinking — the cognitive process underlying creativity.
When the workplace feels challenging but not threatening, teams can sustain the broaden-and-build mode. Oxytocin levels in our brains rise, eliciting trust and trust-making behavior. This is a huge factor in team success, as Santagata attests: “In Google’s fast-paced, highly demanding environment, our success hinges on the ability to take risks and be vulnerable in front of peers.”
So how can you increase psychological safety on your own team? Try replicating the steps that Santagata took with his:
1. Approach conflict as a collaborator, not an adversary.We humans hate losing even more than we love winning. A perceived loss triggers attempts to reestablish fairness through competition, criticism, or disengagement, which is a form of workplace-learned helplessness. Santagata knows that true success is a win-win outcome, so when conflicts come up, he avoids triggering a fight-or-flight reaction by asking, “How could we achieve a mutually desirable outcome?”
2. Speak human to human.Underlying every team’s who-did-what confrontation are universal needs such as respect, competence, social status, and autonomy. Recognizing these deeper needs naturally elicits trust and promotes positive language and behaviors. Santagata reminded his team that even in the most contentious negotiations, the other party is just like them and aims to walk away happy. He led them through a reflection called “Just Like Me,”which asks you to consider:
- This person has beliefs, perspectives, and opinions, just like me.
- This person has hopes, anxieties, and vulnerabilities, just like me.
- This person has friends, family, and perhaps children who love them, just like me.
- This person wants to feel respected, appreciated, and competent, just like me.
- This person wishes for peace, joy, and happiness, just like me.
3. Anticipate reactions and plan countermoves. “Thinking through in advance how your audience will react to your messaging helps ensure your content will be heard, versus your audience hearing an attack on their identity or ego,” explains Santagata.
Skillfully confront difficult conversations head-on by preparing for likely reactions. For example, you may need to gather concrete evidence to counter defensiveness when discussing hot-button issues. Santagata asks himself, “If I position my point in this manner, what are the possible objections, and how would I respond to those counterarguments?” He says, “Looking at the discussion from this third-party perspective exposes weaknesses in my positions and encourages me to rethink my argument.”
Specifically, he asks:
- What are my main points?
- What are three ways my listeners are likely to respond?
- How will I respond to each of those scenarios?
4. Replace blame with curiosity. If team members sense that you’re trying to blame them for something, you become their saber-toothed tiger. John Gottman’s research at the University of Washington shows that blame and criticism reliably escalate conflict, leading to defensiveness and — eventually — to disengagement. The alternative to blame is curiosity. If you believe you already know what the other person is thinking, then you’re not ready to have a conversation. Instead, adopt a learning mindset, knowing you don’t have all the facts. Here’s how:
- State the problematic behavior or outcome as an observation, and use factual, neutral language. For example, “In the past two months there’s been a noticeable drop in your participation during meetings and progress appears to be slowing on your project.”
- Engage them in an exploration. For example, “I imagine there are multiple factors at play. Perhaps we could uncover what they are together?”
- Ask for solutions. The people who are responsible for creating a problem often hold the keys to solving it. That’s why a positive outcome typically depends on their input and buy-in. Ask directly, “What do you think needs to happen here?” Or, “What would be your ideal scenario?” Another question leading to solutions is: “How could I support you?”
5. Ask for feedback on delivery.Asking for feedback on how you delivered your message disarms your opponent, illuminates blind spots in communication skills, and models fallibility, which increases trust in leaders. Santagata closes difficult conversations with these questions:
- What worked and what didn’t work in my delivery?
- How did it feel to hear this message?
- How could I have presented it more effectively?
For example, Santagata asked about his delivery after giving his senior manager tough feedback. His manager replied, “This could have felt like a punch in the stomach, but you presented reasonable evidence and that made me want to hear more. You were also eager to discuss the challenges I had, which led to solutions.”
6. Measure psychological safety.Santagata periodically asks his team how safe they feel and what could enhance their feeling of safety. In addition, his team routinely takes surveys on psychological safety and other team dynamics. Some teams at Google include questions such as, “How confident are you that you won’t receive retaliation or criticism if you admit an error or make a mistake?”
If you create this sense of psychological safety on your own team starting now, you can expect to see higher levels of engagement, increased motivation to tackle difficult problems, more learning and development opportunities, and better performance.
Laura Delizonna, PhD, is an executive coach, instructor at Stanford University, international speaker, and founder of ChoosingHappiness.com.
JAN. 19, 2022 |BY C. TODD LOPEZ, DOD NEWS
A modern-day cell phone packs quite a wallop when it comes to computing technology and capability. But most cell phones barely come with a “quick start guide,” let alone an instruction manual that spells out how to use all the features.
Cell phone companies have mastered the interface between humans and technology, making their use entirely intuitive and rendering thick instruction manuals a thing of the past.
The same thing should be happening for weapons systems used by servicemembers, Heidi Shyu, who serves as the undersecretary of defense for research and engineering, said. During a virtual discussion today with the Potomac Officers Club near Washington, D.C., she said intuitive, easy-to-use human/machine interfaces is something that’s a priority for her and the Defense Department.
“When I [served as an executive for the] Army before, one of the experiences I learned is with a lot of our weapons system, you really have to have a manual and go through weeks of training, if not months and years to be proficient, which is ridiculous,” she said. “[Weapons systems] ought to be designed with the appropriate ease-of-use human/machine interface, so it will become much more intuitive.”
As the Defense Department’s chief technology officer, Shyu said she’s interested in developing better ways to simplify the way service members use the technology they are given in order to reduce the training burden and learning curve.
“I really would like to see how we can change our weapons systems’ human/machine interface to be a lot more intuitive, to ease the amount of training that’s required,” she said.
For most service members, combat means use of a weapon such as a rifle, an aircraft that can drop a bomb or launch a missile, or a ship or tank that fires a large gun that requires a round to be loaded. All of these kinetic weapons systems fire solid projectiles which need to be carried along with warfighters, and which may eventually run out. But a new generation of weapons systems, which uses directed energy rather than expendable ammunition or ordnance, is on the horizon, Shyu said.
“In the area of directed energy, we’re … finally at the cusp of developing laser technology,” she said. “After 30 years, we’re finally getting to the point of fielding the prototypes. So I’m thrilled. Army and Navy are [both] fielding laser systems. I’m really happy to see that. We’re also developing high-power microwave systems as well.”
The Optical Dazzling Interdictor, Navy program, or ODIN for short, is a nonlethal weapons system used to confuse and perhaps render harmless an enemy drone — rather than shooting it down.
The ODIN system is already installed on multiple Arleigh Burke-class guided-missile destroyers within the Navy’s fleet, and there are plans to install additional systems as well.
The Army is also developing several directed energy systems. One of those is the Directed Energy Maneuver-Short Range Air Defense, or DE M-SHORAD system, which involves a 50kW-class laser to protect divisions and brigade combat teams from unmanned aerial systems, rotary-wing aircraft, and threats from rockets, artillery and mortars.
The department is also interested in the development of advanced materials, Shyu said.
“I’m certainly interested in materials that can handle higher heat, higher temperature, next-generation hypersonic materials,” she said. “I’m interested in material that’s stronger, but lighter weight. It certainly can help us reduce the logistics burden; and also materials that can have higher efficiency — materials that can potentially change properties. [There are] a lot of different areas within advanced materials we need to continue to push the research in.”
The department is also doing its part to bring the manufacture of microelectronics back to the U.S. to improve supply chain reliability, Shyu said.
“You guys have all heard about the situation that we’re in with the supply chain, where 70% of our chips are coming from Asia,” she said. “That poses a supply chain risk. You can see there’s a lot of interest on the Hill in terms of helping out the microelectronics foundries to try to onshore some of the capabilities.”
Shyu said the Defense Department is working closely with the Department of Commerce and with foundry companies to make that happen.
“We also work very closely with intelligence communities to make sure we understand all the needs and figure out how we can leverage commercial processes which can evolve at a much faster rate than just the defense-unique foundry,” she said.
Finally, Shyu said, the department is interested in having the U.S. take the lead on the development of 5G technologies — and the advancement of the next-generation of radio communications as well.
“I call it the ‘next G’,” she said. “Namely, beyond 5G. What I don’t want to happen is for us to take our eyes off the ball and play catch-up. I’m interested in making sure we’re developing technologies on 6G and 7G, so we, the U.S., can shape the standards, as opposed to some other country shaping the standard and us playing catch-up.”
BY: LISBETH PEREZ
Jan 14, 2022
For 2022 the United States Army is once again zeroed in on its digital transformation, specifically focusing on six key areas – cloud, cyber, data, application modernization, network, and service delivery and user experience.
Dr. Raj Iyer, the Army chief information officer (CIO), joined other Army officials on Jan. 13 for AFCEA’s Army IT Day to overview the Army’s key fiscal year 2022 efforts to advance the Army Digital Transformation Strategy (ADTS).
The Army released the ADTS in October 2021, representing another significant component of the branch’s overarching technology modernization effort. The ADTS was established to lead the Army through changes in technology, processes, and overall culture, in response to the rapid evolution of digital and modernization programs.
“Digital transformation is about how you fundamentally change how you run your business operations while leveraging these digital technologies,” Iyer said. For the new year, the Army points to six key efforts that will help advance ADTS efforts, he added.
The first is cloud; the Army will focus on various cloud initiatives such as hybrid cloud, cloud Service Management, and cloud cost optimization. The second key objective for 2022 is cyber, where the Army plans to focus on initiatives such as cloud-based internet isolation, software-defined networking, and auto red teaming. The third objective is data, and this includes a focus on implementing initiatives such as enterprise decision analytics framework, army standards assessment program, common operating environment data model.
In 2022, the Army will also focus on application modernization to advance the ADTS. This includes focusing on initiatives like application rationalization, DevSecOps, and implementing a software factory. The fifth key effort is network, focusing on initiatives such as voice modernization, data center optimization, and implementing a proper mission partner environment. And lastly, the Army will also focus on service delivery and user experience initiatives such as creating a service catalog, IT service management, and virtual desktop infrastructure
“It’s about how we can fundamentally change how we operate as an Army through transformative digital technologies, empowering our workforce, and re-engineering our rigid institutional processes to be more agile,” Iyer said.
Article link: https://www.meritalk.com/articles/army-cio-adts-key-objectives-for-2022/
By Chris HughesJanuary 24, 2022Updated:January 21, 2022
There’s no denying that we’re living in a time where the cybersecurity threat landscape is increasingly dynamic and complex. The landscape includes cloud-native environments, Infrastructure-as-Code (IaC), containers, secrets management, remote work—and that’s just to name a few.
These new technologies and practices logically require security tooling to help address potential vulnerabilities and respond to threats and incidents when they do occur. However, there is a cost associated with the increased tool introduction and use.
Studies have shown that despite the rampant growth in security tooling, there are some concerning metrics that suggest the tools aren’t having the desired impact. For example, Ponemon reports that organizations on average have over 40 security tools, with team members admitting they don’t know how well they are actually working. And a study from Market Cube points out that teams are adding tools faster than they can effectively use them. And, ironically, the burden of tool maintenance is compromising threat response and ultimately security postures.
There’s no single thing to blame for this reality. One factor is the well known cybersecurity talent shortfall. Organizations and the industry as a whole don’t have the number of qualified and competent cybersecurity professionals necessary to meet their security needs. Another is the never-ending onslaught of vendor pitches that IT and security leaders are facing, coupled with their need to scramble to try and cover the ever-increasing threat landscape. There’s also the issue that many of these tools aren’t very interoperable and often require their own unique implementation, along with dashboards and outputs.
With the introduction of each tool comes an increase in the overall cognitive load placed on a team of individuals. It takes time to learn the tool, provision and configure it, and then monitor it to make actionable use of its telemetry.
So, where can we as security leaders begin to address these challenges and let our security teams operate more effectively, and ultimately be better positioned to address organizational risks?
Cognitive Load
One topic that is beginning to gain more traction is the recognition that technology teams have cognitive load limitations. Cognitive load recognizes that individuals can only hold and handle so much information in their brain at a given time, and this applies to teams that are collections of individuals.
This applies to your security team as well. You cannot continue to throw an indefinite amount of tooling and technologies at a fixed set of team members and expect them to fully master and operationalize them, due to the reality that cognitive load limitations do exist. If you are a security leader that continues to add security tooling to your security program and enterprise environment without considering a parallel growth in the number of people required to operate and maintain the tooling, you may be setting yourself and your organization up for failure.
As studies have shown, that approach ultimately leaves organizations less secure in the long run. It also leads to team burnout and attrition, resulting in the need to bring in new folks to learn the tools again. It can become a vicious rinse and repeat cycle.
Tool Rationalization
We’ve acknowledged that there is a valid need for new security tooling. Whether it is being driven by advances in technologies that you must secure or by more modern and robust tooling with new features and automation, the demand can be real.
However, as you look at your portfolio of tooling and introduce tools, you should also be looking to rationalize and retire tooling where appropriate. Failing to do so leaves the team with an outsized portfolio of tools to maintain and distracts them from the most relevant threats and alerts. The reality is that some security vendors simply haven’t kept pace with modern threats and technologies, in which case those tools may need to be put out to pasture.
Vendor Recommendations
If you’re on the vendor side of the scenario, you can be assured that security leaders are increasingly going to be asking about your application and products’ ability to integrate with others.
Does your application have robust APIs where it can be queried and pulled into other tools or destinations, such as a security data lake, SIEM, or others? Perhaps they want a method where the information can be queried and aggregated without the need to have the team access yet another UI. If you’re a security leader considering vendor solutions, you can also ask these questions to help drive the organizational and industry change necessary to mitigate tool sprawl.
Lastly, there are vendors gaining attention who have set out to address this issue through Unified Vulnerability Management solutions, such as Nucleus Security and others. Their goal is to create unified assets, vulnerabilities, and associated data, making it easier for teams to understand their risk posture and make actionable security decisions.
Chris Hughes is an Acceleration Economy Analyst focusing on Cyber Security. Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry Working Groups such as the Cloud Security Alliances Incident Response Working Group and serves as the Membership Chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and Cybersecurity leaders from various industries to assist their organizations with their Cloud migration journeys while keeping Security a core component of that transformation.
Article link: https://accelerationeconomy.com/cyber-security/cybersecurity-tool-sprawl-can-lead-to-team-overload-and-lower-impact/
Lennart Maschmeyer | 01.24.22
The prospect of cyberwarfare continues to haunt defense planners, policymakers, and the public. Earlier visions of cyberwar, in which opponents hurled cyber weapons and logic bombs at each other at the speed of light, have mostly subsided. Yet fears of a strategic cyberattack causing a “cyber Pearl Harbor” remain acute. And even if cyberattacks remain below the intensity of armed conflict, many argue that their unrivaled effectiveness expands the value of “hybrid warfare,” opening a new space for strategic competition. Cyber operations, in this view, will allow states to shift the balance of power and attain strategic gains in ways that were previously impossible without going to war. In other words, by staying in the gray zone states can get more for less.
If true, this development would herald no less than a revolution in strategic competition. The reality is more prosaic. In a recent article in International Security, I show that current expectations about the strategic potential of cyber operations focus on the promise of technology, while neglecting key operational challenges. As has often been the case with new and ostensibly revolutionary military technologies, the way actors use them at the operational leveldetermines their strategic utility. And a closer look at the operational challenges in cyber conflict— including Russia’s five major disruptive cyber operations in the Russo-Ukrainian conflict—suggests that its strategic value will be modest.
Cyber operations are not novel instruments of power, but instruments of subversion. Like all such instruments, cyber operations hold great strategic promise but falter all too often in practice. The reason is an operational trilemma between speed, intensity, and control: cyber operations cannot have all three properties at once. In theory, cyber operations offer rapid and stealthy options to sow mass disruption capable of shifting the balance of power. In practice, however, they tend to be too slow, weak, and volatile to deliver on that promise.
Subversion and its Promise
Subversion is a common but understudied mechanism of power familiar mostly to intelligence scholars and practitioners in the context of nonmilitary covert operations. The distinctive characteristic of subversion is its reliance on the secret exploitation of vulnerabilities in adversary systems. Exploitation involves identifying flaws in a system, and then using these flaws to infiltrate the system to produce unexpected outcomes for the victim.
Traditional subversion uses spies to infiltrate organizations or groups and manipulate them. For example, a spy could attain employment at an industrial facility under a false identity, exploiting insufficient background checks. The spy could then gain access to sensitive machinery, before sabotaging it by exploiting weaknesses in security protocols. Since humans are fallible, any human-made system of rules and practices is vulnerable in principle.
Subversion can produce a wide range of effects: it can influence policy and public opinion, sabotage infrastructure, disrupt the economy, and foment unrest—it can even overthrow governments. As a result, subversion is a nearly irresistible option: it is cheaper and lower risk than warfare, yet still capable of significantly weakening adversaries.
Subversion’s Pitfalls: An Operational Trilemma
But the same characteristics that enable this strategic promise also often prevent its fulfillment. Subversion promises low risks and low costs because of its secrecy and its exploitation of adversary systems. These operational characteristics are not a given, however, but require significant efforts to achieve and maintain. Secrecy requires stealth and adaptation. Exploitation requires reconnaissance of systems, identification of vulnerabilities, and development of means of manipulation—all under the constraints of secrecy. These challenges limit operational speed, intensity of effects, and control. Moreover, increasing one variable tends to create corresponding losses across the remaining ones.
First, speed is constrained because reconnaissance, identification of vulnerabilities, and development of exploitation techniques all take time. Since an increase in speed means less time to develop and refine exploitation techniques, it correspondingly tends to reduce the intensity of effects and the degree of control over an operation.
The second variable in the trilemma, intensity of effects, is constrained by adversary systems and the need for secrecy. The properties of the target system determine the maximum intensity of effects—for example, if economic disruption is the aim, the target system must in some way affect the relevant economic processes. Even if the target system is capable of such an effect, however, the process of manipulation must stay hidden until the effect is produced. Otherwise, the victim can neutralize it—typically, by arresting the spy involved.
Finally, subversive actors never fully control a target system, and usually have only incomplete knowledge about its design and functioning. Because of this limited control, manipulation may fail to produce the intended effect or lead to unintended consequences. This trilemma means that subversion is typically too slow, too weak, and too volatile to provide strategic value.
The Subversive Nature of Cyber Operations
Cyber operations share this operational trilemma. The core mechanism of cyber operations is hacking—exploiting vulnerabilities in computer systems to make them behave in ways not intended by their designers, owners, and users. These systems are of a different kind than the social systems targeted by traditional subversion, but the mechanism of exploitation involved follows the same functional logic: identifying flaws in a system and then using them to manipulate it.
Hacking targets two types of vulnerabilities. First, it can target flaws in the design of the technology itself, such as software code, to make systems behave in ways neither their designers nor users intended or expected. Usually, this means granting access and control to the hacker. But it can also exploit flaws in hardware design.
The second type of vulnerability targets users and security practices. Phishing emails offer a classic example, leveraging weaknesses in human psychology to trick users into installing malware or revealing access credentials. Regardless of the vulnerability exploited, cyber operations then use the targeted system to inflict damage upon an adversary. As in the case of traditional subversion, hackers turn these systems into instruments of the sponsor’s interests. In a second parallel, hackers also proceed stealthily, establishing access to, and assuming control over, targets without alerting the victim to their presence.
Hacking can achieve similarly diverse effects as traditional subversion, ranging from influencing public opinion to disrupting the economy to the sabotage of critical infrastructure. In modern societies a growing portion of social, economic, and physical processes are computerized. This computerization produces vast efficiency gains, but it also creates new liabilities. Current expectations about the strategic potential of cyber operations are correct in identifying this promise.
The Subversive Trilemma and the Strategic Limitations of Cyber Operations
Yet the exploitation required to fulfill this promise involves the same operational challenges as in the case of traditional subversion, and therefore produces the same trilemma. As a result, in practice cyber operations offer similarly limited strategic value.
Contrary to prevailing expectations, cyber operations face key constraints when it comes to speed. Hacking requires reconnaissance, identifying suitable vulnerabilities, and developing the means to exploit them, such as computer viruses. All of this takes time. If operational speed is required, there is less time for reconnaissance and development which means that the tools and techniques deployed are less likely to achieve large effects and significant control over the target system. And hacking, like traditional subversion, also requires stealth. Upon discovery, victims can delete malware and patch vulnerabilities, so hackers must proceed with caution—constraining the intensity of effects that can be produced.
Conversely, increasing the intensity of an operation tends to slow down speed and decrease control. The greater the desired scale of impact, the more reconnaissance and development time will be required to achieve a corresponding degree of control over a target system capable of producing the desired effect. The more capable the system, the more likely it is to be well protected, raising the risk of discovery. With the increase in scale, the likelihood that something goes wrong also tends to increase—unless one invests even more time in reconnaissance and development.
Finally, as in the case of traditional subversion, control in cyber is also limited. Access to target systems usually remains incomplete, and some parts of these systems remain unfamiliar. Even those parts that hackers have access to may behave differently than expected in response to manipulation. The same fallibility that produces logical flaws that enable exploitation may also apply to the hackers themselves. For example, in the 2016 sabotage operationagainst Ukraine’s power grid, the infamous Sandworm hacking group had developed a program that was capable of physically damaging power circuits by overloading them. Yet the hackers had missed something: the industrial control systems they targeted reversed IP addresses. As a result, the malicious commands went nowhere, the capability failed to produce any effects, and the victims neutralized the outage in little more than an hour.
In sum, the trilemma predicts that an increase in one of speed, intensity, or control will tend to produce a decrease in the other two. And increasing two variables at once tends to produce corresponding “double losses” in the remaining variable. For example, high-speed and high-intensity operations will entail an extremely high risk of losing control.
The Strategic Value of Cyber Operations: Expectations versus Evidence
This subversive trilemma defangs cyber operations in most circumstances. Contrary to expectations, cyber operations cannot be fast, intense, and anonymous—or at least not all at once. In practice, cyber operations are usually too slow, too weak, or too volatile to contribute to strategic goals.
My research into the use of cyber operations in the Russo-Ukrainian conflict—a paradigmatic example of cyber-enabled gray-zone conflict—confirms these conclusions. In contrast to expectations about the integral role of cyber operations in hybrid warfare, cyber operations have been mostly irrelevant to the military dimension of the conflict. And Russia’s five major disruptive cyber operations against Ukraine failed to produce strategic value—in large part because of the operational constraints laid out above. Even the one operation that produced strategically significant effects, the 2017 NotPetya operation that disrupted businesses across much of the world, ultimately supports this theory: the reason for its wide spread was a loss of control. The hackers had no way to control the malware’s spread, and thus no control over the scale of its disruption—which, based on forensic evidence, spread far wider than intended. The operation had a measurable strategic impact since it reduced Ukraine’s GDP, but its uncontrolled spread also produced additional costs as several Western countries levied sanctions against Russia in response, reducing the attack’s net strategic benefit.
This last point highlights an important distinction between strategic impact and value. Cyber operations can produce significant impacts by spreading widely, but their uncontrolled spread limits their strategic value. And because of the trilemma, the greater the scale of effects, the greater the risk of losing control tends to become.
In most circumstances, then, the subversive trilemma significantly limits the value of cyber operations. Their track record in Ukraine confirms this assessment. Of course, actors may occasionally get lucky and manage to achieve strategic goals despite taking exceptional risks. Yet such rare scenarios should not dominate threat assessments and strategy development. In theory, it is possible to juggle three balls while sprinting one hundred meters at competitive pace without dropping a single ball. In practice, few—if any—will be able to achieve this feat.
Article link: https://mwi.usma.edu/the-myth-of-cyberwar-and-the-realities-of-subversion/
Lennart Maschmeyer is a senior researcher at the Center for Security Studies at ETH Zurich. You can follow him on Twitter @LenMaschmeyer.
The views expressed are those of the author and do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense.
Soldiers and tanks may care about national borders. Cyber doesn’t.
By Patrick Howell O’Neillarchive page
January 21, 2022
Russia has sent more than 100,000 soldiers to the nation’s border with Ukraine, threatening a war unlike anything Europe has seen in decades. Though there hasn’t been any shooting yet, cyber operations are already underway.
Last week, hackers defaced dozens of government websites in Ukraine, a technically simple but attention-grabbing act that generated global headlines. More quietly, they also placed destructive malware inside Ukrainian government agencies, an operation first discovered by researchers at Microsoft. It’s not clear yet who is responsible, but Russia is the leading suspect.
But while Ukraine continues to feel the brunt of Russia’s attacks, government and cybersecurity experts are worried that these hacking offensives could spill out globally, threatening Europe, the United States, and beyond.
On January 18, the US Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure operators to take “urgent, near-term steps” against cyber threats, citing the recent attacks against Ukraine as a reason to be on alert for possible threats to US assets. The agency also pointed to two cyberattacks from 2017, NotPetya and WannaCry, which both spiraled out of control from their initial targets, spread rapidly around the internet, and impacted the entire world at a cost of billions of dollars. The parallels are clear: NotPetya was a Russian cyberattack targeting Ukraine during a time of high tensions.
“Aggressive cyber operations are tools that can be used before bullets and missiles fly,” says John Hultquist, head of intelligence for the cybersecurity firm Mandiant. “For that exact reason, it’s a tool that can be used against the United States and allies as the situation further deteriorates. Especially if the US and its allies take a more aggressive stance against Russia.”
That looks increasingly possible. President Joe Biden said during a press conference January 19 that the US could respond to future Russian cyberattacks against Ukraine with its own cyber capabilities, further raising the specter of conflict spreading.
“My guess is he will move in,” Biden said when asked if he thought Russia’s President Vladimir Putin would invade Ukraine.
Unintentional consequences?
The knock-on effects for the rest of the world might not be limited to intentional reprisals by Russian operatives. Unlike old-fashioned war, cyberwar is not confined by borders and can more easily spiral out of control.
Ukraine has been on the receiving end of aggressive Russian cyber operations for the last decade and has suffered invasion and military intervention from Moscow since 2014. In 2015 and 2016, Russian hackers attacked Ukraine’s power grid and turned out the lights in the capital city of Kyiv— unparalleled acts that haven’t been carried out anywhere else before or since.
The 2017 NotPetya cyberattack, once again ordered by Moscow, was directed initially at Ukrainian private companies before it spilled over and destroyed systems around the world.
NotPetya masqueraded as ransomware, but in fact it was a purely destructive and highly viral piece of code. The destructive malware seen in Ukraine last week, now known as WhisperGate, also pretended to be ransomware while aiming to destroy key data that renders machines inoperable. Experts say WhisperGate is “reminiscent” of NotPetya, down to the technical processes that achieve destruction, but that there are notable differences. For one, WhisperGate is less sophisticated and is not designed to spread rapidly in the same way. Russia has denied involvement, and no definitive link points to Moscow.
NotPetya incapacitated shipping ports and left several giant multinational corporations and government agencies unable to function. Almost anyone who did business with Ukraine was affected because the Russians secretly poisoned software used by everyone who pays taxes or does business in the country.
The White House said the attack caused more than $10 billion in global damage and deemed it “the most destructive and costly cyberattack in history.”
Since 2017, there has been ongoing debate about whether the international victims were merely unintentional collateral damage or whether the attack targeted companies doing business with Russia’s enemies. What is clear is that it can happen again.
Accident or not, Hultquist anticipates that we will see cyber operations from Russia’s military intelligence agency GRU, the organization behind many of the most aggressive hacks of all time, both inside and outside Ukraine. The GRU’s most notorious hacking group, dubbed Sandworm by experts, is responsible for a long list of greatest hits including the 2015 Ukrainian power grid hack, the 2017 NotPetya hacks, interference in US and French elections, and the Olympics opening ceremony hack in the wake of a Russian doping controversy that left the country excluded from the games.
Hultquist is also looking out for another group, known to experts as Berserk Bear, that originates from the Russian intelligence agency FSB. In 2020, US officials warned of the threat the group poses to government networks. The German government said the same group had achieved “longstanding compromises” at companies as they targeted energy, water, and power sectors.
“These guys have been going after this critical infrastructure for a long, a long time now, almost a decade,” says Hultquist. “Even though we’ve caught them on many occasions, it’s reasonable to assume that they still have access in certain areas.”
sophisticated toolbox
There is serious debate about the calculus inside Russia and what kind of aggression Moscow would want to undertake outside of Ukraine.
“I think it’s pretty likely that the Russians will not target our own systems, our own critical infrastructure,” said Dmitri Alperovitch, a longtime expert on Russian cyber activity and founder of the Silverado Policy Accelerator in Washington. “The last thing they’ll want to do is escalate a conflict with the United States in the midst of trying to fight a war with Ukraine.”
No one fully understands what goes into Moscow’s math in this fast-moving situation. American leadership now predicts that Russia will invade Ukraine. But Russia has demonstrated repeatedly that, when it comes to cyber, they have a large and varied toolbox. Sometimes they use it for something as relatively simple but effective as a disinformation campaign, intended to destabilize or divide adversaries. They’re also capable of developing and deploying some of the most complex and aggressive cyber operations in the world.
In 2014, as Ukraine plunged into another crisis and Russia invaded Crimea, Russian hackers secretly recorded the call of a US diplomat frustrated with European inaction who said “Fuck the EU” to a colleague. They leaked the call online in an attempt to sow chaos in the West’s alliances as a prelude to intensifying information operations by Russia.
Leaks and disinformation have continued to be important tools for Moscow. US and European elections have been plagued repeatedly by cyber-enabled disinformation at Russia’s direction. At a moment of more fragile alliances and complicated political environments in Europe and the United States, Putin can achieve important goals by shaping public conversation and perception as war in Europe looms.
“These cyber incidents can be nonviolent, they are reversible, and most of the consequences are in perception,” says Hultquist. “They corrode institutions, they make us look insecure, they make governments look weak. They often don’t rise to the level that would provoke an actual physical, military response. I believe these capabilities are on the table.”
Article link: https://www.technologyreview.com/2022/01/21/1043980/how-a-russian-cyberwar-in-ukraine-could-ripple-out-globally/
January 20, 2022 | Podcast
By David Baboolall and Gretchen Berlin
A recent McKinsey survey found that more than 30 percent of nurses are thinking of leaving direct patient care. What can be done to inspire them to stay?
DOWNLOADS
Open interactive popup
Many nurses are reevaluating their commitment to direct patient care given the demands of the coronavirus. Now, during a time of unprecedented need, what can health systems and other employers of nurses do to prevent losing this backbone of the healthcare workforce to the Great Attrition? Hear from Gretchen Berlin, a registered nurse (RN) and McKinsey senior partner, on the state of nurses and on specific suggestions to improve their work experience, practically and emotionally. After, McKinsey associate partner David Baboolall joins us to discuss the recent findings of the McKinsey Quarterly article “Being transgender at work.” An edited version of the conversations follow.
The McKinsey Podcast is hosted by Roberta Fusaro and Lucia Rahilly.
Segment one: Nurses are under great strain
Lucia Rahilly: Today, we have Gretchen Berlin on the show, a registered nurse and senior partner in our healthcare practice. Gretchen, welcome to the podcast.
Gretchen Berlin: Thank you.
Lucia Rahilly: It’s great to have you here. Nurses have been on the front lines of the COVID-19 crisis for nearly two years now. Infection rates are surging. What are you hearing on the ground about how nurses are feeling now?
Gretchen Berlin: Nurses are not a monolithic group, and it varies quite significantly across the country. In general, demands on nurses were high even before COVID-19. Across the country and across the world, we have an aging population. We have a population that’s getting sicker and needs more care.
Now, fast-forward to today: a lot of those nurses are tired. In any crisis situation, you’re running on adrenaline and trying to get through to the other side. What has become clearer as the months have gone by—with Delta and now Omicron—is that there may not be a magical end of the tunnel, and that is a very different world to be facing.
It’s a lot of pressure, a lot of day-to-day, and then month-to-month, demands and potentially not a lot of relief in the near-term future.
A few factors driving nurse fatigue
Lucia Rahilly: And we see resignation generally in the zeitgeist in the wake of the pandemic. Quitting is up across the board in different industries, and McKinsey’s own “Great Attrition” research shows that the intent to quit continues to be heightened. How do nurses stand in that area? Are there factors that are specifically driving nurses out the door?
Gretchen Berlin: Nurses are no exception to our research on the likelihood of people leaving their professions. We ran a survey in early 2021 that showed about 20 percent of folks were looking to leave. [Editor’s note: This figure rose to 32 percent in a McKinsey survey conducted in November and December of 2021.]
What we’ve seen in the healthcare market in recent months is massive competition through things such as retention bonuses, attraction bonuses for new hires; frankly, in a way, that is largely unsustainable.
I think the more troubling piece is that nurses are exiting the profession altogether. It’s not just a challenge that the US is facing; we hear it from health systems around the world.
To answer your question as to what drives them to leave: we see a lot around compensation, and, yes, we need to pay nurses adequately for the services and value that they’re delivering. But at the end of the day, a lot of it comes down to the support and recognition that they feel in their workplace, from their leaders, their managers, their team, and through ensuring there’s sufficient staffing, sufficient respite, and gratitude.
Lucia Rahilly: Presumably, there’s variability in care settings, but are you seeing extremities of workload, insufficient staffing, or an emotional toll on nurses right now as the pandemic drags on?
Gretchen Berlin: Yes, you can almost draw a timeline of the pandemic. It started at this crisis moment where many health systems were flexing staff in a variety of ways. You had nurses who were historically nurses in the OR [operating room] becoming ICU [intensive-care unit] nurses or nurses who were accustomed to running ventilators moving over onto COVID-19 units.
You had nurses in the outpatient settings moving into inpatient. We had nurses crossing state lines and operating in health systems they had never operated in before. All of that was happening, with most non-COVID-19 care being delayed.
Health systems have been doing everything they can to ensure sufficient staffing, but it has been a challenge to meet the need, to say the least. It’s had to be met by contract labor and additional support, which is extremely expensive and can often be challenging to integrate into the regular care team.
Because of those staffing challenges or the variability in the workload, we haven’t yet hit a new normal in the health system. We continue to see reports coming out about the impact of delayed care, and that still hasn’t fully run its course through the system.
We have done surveys of health systems every quarter, and they’re still projecting that surgical backlogs and preventative backlogs are not yet through the system.
The mental health of nurses
Lucia Rahilly: It feels like nurses have always been required to be incredibly resilient. They are expected to behave heroically, but nurses are also human beings, and we’re seeing a rise in clinician burnout across the board.
Is mental health a new issue for nurses, or have they been suffering under the radar for longer than many of us might have suspected?
Gretchen Berlin: I don’t think mental health is a new issue in nursing at all. In general, mental health is an underappreciated, underdiscussed issue in the entire population, and nurses are no exception to that.
Many parts of care have provided support and respite for clinical teams. For example, pediatric hospitals will allow rotations between cardiac ICU step-down units and outpatient settings, allowing nurses to avoid being in the most critical, upsetting care settings day in, day out, in perpetuity.
We haven’t really built in that decompression space for a lot of healthcare. And it’s interesting that you use the word “burnout”—there are a lot of sensitivities around that word in healthcare. And rightly so, as some believe that it implies that the clinicians themselves aren’t resilient enough to deal with what is happening. When, in reality, what is happening is an untenable situation for anyone to individually survive in, let alone thrive in.
We, as a society, need to lift up these professions. In the last two years, we’ve had probably ten different parades for different professional sports teams who have won championships. And, yes, these events bring great joy to society. But where is that kind of support and recognition at the community level for what our frontline heroes are doing day in and day out?
Lucia Rahilly: Right, it’s a really good point. I live in New York City, and at the beginning of the pandemic, we used to stop what we were doing and clap at seven in the evening for the essential workers. And it was such an amazing outpouring of gratitude.
But now, lo these many months later, that appreciation may reside in all of us, but it’s much less visible.
Gretchen Berlin: Exactly. The nurses and clinicians have not stopped seeing the patients, the firefighters and police have not stopped answering the calls for patients in respiratory distress that may or may not have COVID-19. The level of stress that individuals are dealing with is going to have massive implications on everyone’s well-being, which then will put more strain back on the healthcare system through mental-health needs, cardiac needs, et cetera.
The level of stress that individuals are dealing with is going to have massive implications on everyone’s well-being, which then will put more strain back on the healthcare system.
Gretchen Berlin
Lucia Rahilly: Seems also that since family members are not allowed to visit bedside in many healthcare settings, this could add to the emotional work of nurses?
Gretchen Berlin: I think that’s absolutely right. Nurses are dealing with a lot at the bedside, in terms of helping patients die and helping families. To your point, many patients, especially at the start of this, had only the nurses with them for those final moments, and I’m not sure that we’ve provided the decompression space for what that does to an individual who has to see that and support people through that over and over again.
How to improve nurse working conditions
Lucia Rahilly: Let’s talk about what we should be doing to make this better. You’ve written that we should move away from thinking about a rebuild and shift instead toward an entirely new build of our nursing workforce. And specifically, Gretchen, you mentioned several areas: workforce health, workforce flexibility, reimagining care-delivery models, and strengthening talent pipelines.
Let’s start with workforce health and well-being, both of which feel exigent right now. How can those areas be improved?
Gretchen Berlin: I think the areas of workforce health and well-being can be improved in a couple of ways. Some of it is societal recognition and celebration. When you hear that someone is an astronaut, the reaction often is, “That is so cool; tell me about that.” How do we make that be the narrative for our frontline caregivers?
The second form of recognition in our society often comes financially through compensation for the role that nursing plays.
There’s other financial recognition that can be provided, too, and has happened over time in terms of loan forgiveness from states, from the federal government, from various nonprofits in support of these roles, which different parts of the community can get involved in.
And then I think there’s recognition in the workplace. A lot of health systems do it in spades, but genuinely doing it means doubling down on the basics of leadership recognition, being on the floor with nurses to understand the simple and the complicated fixes to make their lives easier—things such as making sure supplies are there on time, and eliminating unnecessary documentation so that they can spend more time at the bedside.
Lucia Rahilly: What about workforce flexibility? Many nurses must already work shifts. What does workforce flexibility look like in the nursing context?
Gretchen Berlin: Workforce flexibility takes a few flavors. Some of it is flexibility in the care setting. So, a bit of what we discussed earlier: allowing folks the ability to have the intense experience in the ICU when they want it, but also to have the ability to go elsewhere to get different experiences—obviously all within appropriate licensure and clinical standards—depending on what’s going on with them individually or with the rest of their lives.
Health systems are often doing this through regional float pools or other team-based models, but more and more of this can and should happen.
Lucia Rahilly: The pandemic obviously accelerated digital adoption in all kinds of areas, including telehealth. How might telehealth affect future care delivery and nurses’ roles in it?
Gretchen Berlin: Well, I think telehealth is an example of flexibility, and more nurses now say that they would like to continue to participate in telehealth.
The other thing that happened during the pandemic that was interesting was the more digital ways of providing patient monitoring and care. Many facilities moved a lot of the patient monitors out into the hallway to avoid unnecessary donning of PPE [personal protective equipment] and going into the room. And that actually allows for more patient monitoring at any one time.
So how do you translate that into a new model? Some parts of patient care you’re never going to get rid of—for example, the human interaction. You need to do physical assessments. You need to administer medications. But how do we take what worked in a moment of crisis and institutionalize it further in our systems and in our technology?
Lucia Rahilly: Is there a possibility of hybrid work for nurses? And if so, what would that look like?
Gretchen Berlin: I think there is the option of hybrid working for nurses in the future.
Often when we think of telemedicine, we think of a parent at home worried about their kid’s fever, and if they should bring them in or not, and getting a telemedicine visit. But telemedicine and teleconsultations are used for a lot more complex things. Especially in rural hospitals—for example, if you have a patient coming in with a stroke, they’ll have more of a virtual consultation, with higher specialty service elsewhere.
We’re doing that for tele-ICU, et cetera. And individuals could operate across these care settings. Again, of course, all within license requirements, to provide flexibility. And we are seeing that nurses are more interested in doing telemedicine going forward.
Lucia Rahilly: It’s interesting to think of telehealth not just as a convenience but also as potentially a model that improves the cadence and the quality of care through more frequent monitoring or monitoring for folks in rural settings who might not otherwise make it all the way into the doctor on a more routine basis.
Gretchen Berlin: I think it can be very effective, especially for more rural settings.
The promise of technology
Lucia Rahilly: You talked about fungibility in care settings and regional float pools and so forth. Gretchen, you yourself went to nursing school. Are the skills that nurses need to do their jobs successfully changing?
Gretchen Berlin: We continue to ride the curve of technology.
In the past 20–25 years, there has been a lot of technology adoption in care delivery. A lot of these technologies often don’t fully replace how something is done, which adds to nurses’ workloads. How do you then use technology to declutter what a nurse does and help get the signal through the noise of all of the alarms and all of the vitals and all of the documentation to actually help clinicians practice at the top of their license and focus on what truly matters?
I think that is very exciting, and that is the promise of redefining how the clinical workforce can go into the future. There are longer-term systemic things we can and should do in terms of strengthening the talent pipeline: encouraging students to engage in science, engage in medicine.
It will also require expanding schools and clinical-training spots. And we see health systems doing that directly because they recognize the need and aren’t willing to wait for others in the ecosystem to do it. And these things are all needed to rebuild our talent pipelines and skills for the workforce of the future.
But in the meantime, we need to flip the operating models that we have for our workforce now, so that we’re able to bridge the gap. Otherwise, I worry, we’re going to have more than a decade of pretty turbulent times, where we have a lot of clinical demand and a very turbulent workforce.
People find purpose in nursing
Lucia Rahilly: My niece is in high school, and she recently surprised me by raising the possibility of getting an RN degree.
It occurred to me when she was talking about this that we hear so much now about the importance of purpose, particularly vis-à-vis Gen Z. Do you think the pandemic has in any way created pull into the nursing field because it has surfaced as so vital and so high stakes?
Gretchen Berlin: Yeah. It’s a really interesting point.
In some ways, I think the pandemic has shone a light on the purpose, as you said. But also, we have seen in our own research that some nurses are more likely to stay in the profession now than they were before.
We haven’t surveyed to see if that translates into more folks interested, but we do see an increase in applications to schools going up. And I think some of that is because of the importance of purpose, and some of it is because the profession is changing, and nursing can be much more flexible than your traditional office job.
In a lot of ways, the criticality of the role has been elevated for people. A lot of people want nothing more than to support society and individuals on the biggest challenge of the day, which right now is COVID-19 and meeting the pent-up demand that it has caused.
An optimistic view of the future
Lucia Rahilly: Acknowledging that access to quality nursing care is, in part because of COVID-19, such a high-stakes and collectively vital issue, are you optimistic about the potential for positive change, both for the sake of nurses and for all of us?
Gretchen Berlin: I am quite optimistic. I think there are a lot of really bright minds trying to solve this. There are a lot of committed health systems, employers, and societies trying to invest and fix it. I think more than anything, there’s a really committed workforce who’s excited to innovate, who has shown tremendous flexibility and resilience already and will continue to do that going forward.
Lucia Rahilly: Any suggestions for keeping this issue on the front burner, assuming COVID-19 starts to recede?
Gretchen Berlin: I think that there are ways we can continue to recognize as a society. I think that’s part of the power of conversations like these. We have National Nurses Week in May. There are obviously national companies that run nurses campaigns. There are ways that each of us as individuals, or our small businesses, or our large businesses, can draw attention to our first responders and our clinicians in general but our nurses especially through celebrations, promotions, and accolades.
Lucia Rahilly: Let’s close there. Gretchen, that was a fascinating discussion. Thanks so much.
Gretchen Berlin: Thank you. I hope we all have a better 2022.
Lucia Rahilly: Roberta, so many of us have had the experience of relying elementally on nursing care. My daughter, who is now a happy, coltish, and—knock on wood—healthy six-and-a-half-year-old girl, had respiratory surgery at birth and spent almost two weeks in the surgical NICU [neonatal intensive-care unit]. And those NICU nurses were just invaluable.
During that experience, our family will never, never forget them. They were vital not just to her survival but also to our own emotional stability and well-being. At that time, it was incredible.
Roberta Fusaro: I feel the same way, Lucia, and I’ve had the complete opposite life cycle experience of dealing with in-home nurses for my mother when she refused to move out of the house that she had been in for, you know, some 70 years.
The fact that we felt comfortable enough to have people come into our house to take care of my mother made the final months of her life that much more comfortable, which gave us a lot of comfort too.
It’s horrible to see such flux within the nursing workforce. And there’s another cohort of people that are at risk of quitting, in part because they don’t feel valued at work. It’s our transgender colleagues. We’re about to hear from David Baboolall about our recent article: “Being transgender at work.”
Segment two: Being transgender at work
Lucia Rahilly: David, thanks for joining us today.
David Baboolall: Lucia, thank you so much for having me. I’m very excited that we’re having this conversation.
Lucia Rahilly: Acknowledging the range and the variety of experience within the trans demographic, what has our research taught us about what it’s like to be trans in today’s workplace?
David Baboolall: I’d like to start off with just a few facts around unemployment, if that works with you. Unfortunately, I’ll start quite stark.
Only 73 percent of transgender adults are actually in the workforce compared with 82 percent of cisgender adults. Our survey, which we ran across a number of trends over this past year, shows that trans individuals are two times more likely to be unemployed than cisgender people, which is kind of crazy.
And in the US alone, almost two times as many trans people report being recently out of work. The scarcity and precarity of transgender employment can lead to loneliness, instability, and alienation from the rest of the workplace. When we look at wages, candidly, the situation is equally as stark. Transgender people make far less money than cisgender people do.
The average household income of a transgender adult is about $17,000 less than that of a cisgender one. And our survey showed that transgender individuals are almost 2.5 times more likely to work in places such as retail or food, which, as we know, in large proportion are entry-level-paying jobs, paying the minimum wage in the US.
Then, when we take it one step further to intersectionality, when we look at folks who are marginalized in addition to being trans—for example, people of color—the figures are worse. Seventy-five percent of Native American trans people and 43 percent of Hispanic trans people make less than $25,000, with that figure only equating to 17 percent for White cisgender people.
Lucia Rahilly: That’s a dire picture, and it sounds like an urgent need to take action. The stakes are high. What are some examples of the specific challenges—the trends employees confront daily in the workplace?
David Baboolall: In the corporate push for more diverse workplaces, especially since the racial reckoning last year, the transgender population candidacy is unsupported. And this is more than just a matter of career progression, promotion, or climbing to the top of the ladder.
Whereas other populations strive to feel included in the workplace, transgender workers want to feel safe. For members of the trans and gender-nonconforming community, safety is top of mind—safety from physical harm, mental harm, or emotional harm. And what we’re seeing in our data is that less than half of transgender adults are comfortable being fully open about their gender identity at work.
For members of the trans and gender-nonconforming community, safety is top of mind—safety from physical harm, mental harm, or emotional harm.
David Baboolall
And when we take that a step further, two-thirds are uncomfortable being out with their customers and their clients. And being in a client-facing role myself, Lucia, the inability to be out with folks that I’m talking to not only on a monthly but also a weekly—if not hourly—basis is a lot to grapple with, especially if you’re in client service.
Lucia Rahilly: Safety is obviously fundamental. I mean, that’s Maslov’s hierarchy of needs, right? That’s basic. Besides ensuring that employees feel safe and are able to bring their full selves to work, what can leaders do to help at the enterprise level?
David Baboolall: I think step one is education and awareness. That’s my biggest goal with this report and this research. I’m hoping corporate leaders and leaders of different sectors will take this report and say, “I have a reference to learn.”
I have a glossary that we put together to discern different words that are used in the trans community. And then I think you can go across the employee life cycle and be intentional in recruiting. How can you connect with potential trans new hires or participate in specific recruiting events? Signal to those that are coming to your firm that you are excited to be a workplace where trans individuals thrive.
I think the second step is to think about offering trans-affirming benefits. And this doesn’t just mean medical benefits, gender-affirming surgery or hormone therapy. It also involves thinking about whether you have mental-healthcare support for a community that is disproportionately affected by mental-health issues.
The third step is about other policies and programs, such as reviewing company dress codes, eliminating gender-specific language, offering diversity trainings that are nuanced to gender identity. And I think the last step is adopting an overall inclusive culture—are the forms and documents that you ask your employees to fill out on a weekly, annual, or half-annual basis asking for personal pronouns? Are they asking for preferred names? Does your office have gender-neutral bathrooms?
Lucia Rahilly: You mentioned language and a glossary in the report, which seems vital, particularly because fear and confusion over language can hold colleagues back from talking about some of these issues. What are some small steps that all of us in the workforce might take to signal support for our transgender colleagues and potentially improve their daily experience directly?
David Baboolall: My teams actually practice it at McKinsey. When we kick off a new project at McKinsey, we do team introductions. And within those sort of simple five to ten introductory questions—What’s your name? Where are you from? Where did you grow up? How did you join McKinsey?—there’s the question of what are your personal pronouns? What is your preferred name? Those two simple questions signal to any person in the trans community, “Hey, this person seems like an ally.”
Lucia Rahilly: Are there any examples from your own career of allyship?
David Baboolall: I think personally there have been a number of instances over the last year where folks have noticed my pronoun change—clients have come to me, I’ve had senior individuals at McKinsey come to me, I’ve had people in my building when I would wear work name tags back home. They see my pronouns, and they’re inquisitive, asking, “Hey, is everything OK? How can I be supportive? Is there anything that you’d like to talk through? How can I become educated?” And that’s been great. I think that that has been an opportunity for folks to engage because I’m very open about my personal pronouns, and I use those for every introduction that I actually have.
Lucia Rahilly: Any thoughts for leaders on the best way to know that they’re making progress?
David Baboolall: I think the more it comes up in conversation, the more you’re likely doing things right. We tend to avoid conversations when it comes to topics of diversity that we’re not used to, that make us uncomfortable, that we’re nervous about getting wrong.
So the more that these topics are being brought up, the more ideas that are being brought to senior leaders—such as “Hey, maybe we should do this for our trans colleagues? Maybe we should do this in terms of gender identity? Have we thought about offering this healthcare benefit? Have we thought about changing this policy? Have we really thought through placing a gender-neutral bathroom at our factory site?”—the better it is. As those ideas are flourishing, as folks are being more vocal about it, you’re doing something right. And they’re open to having the conversation to advance change.
Lucia Rahilly: David, fascinating. Thanks so much for being with us today.
David Baboolall: Thank you so much for having me.
Article link: https://www.mckinsey.com/industries/healthcare-systems-and-services/our-insights/nurses-and-the-great-attrition?cid=app
ABOUT THE AUTHOR(S)
David Baboolall is an associate partner in McKinsey’s New York office, and Gretchen Berlin is a senior partner in the Washington, DC, office. Roberta Fusaro is an executive editor in the Waltham, Massachusetts, office; and Lucia Rahilly, global editorial director of McKinsey Global Publishing, is based in the New York office.
During an exercise in the California desert in October 2021 a special operations forces team hit the jackpot. Beneath the team’s observation post were almost a hundred enemy vehicles rolling through a refueling point. The team had eyes on target and fires on call. It should have been a decisive moment in the exercise, the kind of opportunity that so much modern doctrine strives to capitalize upon. Alas it was not to be.
Unlike the decades-long wars following 9/11, in which NATO forces fought in small formations with few constraints imposed by enemy fires threatening supporting infrastructure and little interference from electronic warfare, this force-on-force exercise replicated a congested battlespace and a contested electromagnetic spectrum. In the face of insufficient nodes in their communications network, saturated headquarters, and enemy jamming, the kill chain for the fire mission took four hours to complete. It killed some enemy logisticians, but the opportunity had long passed.
Today, staff officers the world over are heralding the dawn of an interconnected battlefield in which data can move seamlessly between air, land, maritime, space, and cyber forces in real time. PowerPoint and CGI presentations promise commanders continual access to pervasive and perpetually relevant situational awareness. Senior officers lap it up because it is what they have always dreamed of. The ability to access the data from any battlefield sensor across a force and share it with the most appropriate shooter holds out the prospect of maximizing a force’s lethality and efficiency while denying the enemy the opportunity to achieve surprise.
But for the technicians trying to build these architectures and the soldiers, sailors, aviators, guardians, and marines trying to maintain and use them in the field, the gap between theory and practice remains wide—and risks becoming wider still. The problem is not that an interconnected battlefield is impossible, or that it isn’t advantageous. The problem is that so much of the conceptual bloviation on the subject evades any serious appreciation for the friction involved, which is all too often dismissed with the claim that artificial intelligence will function as a cure-all. By pursuing the goal of connecting everything, all of the time, military leaders are avoiding hard choices about what data to prioritize and who on the battlefield should have the most assured access to it under pressure. Policymakers need to start thinking harder about these decisions if the pursuit of connectivity is to bear fruit.
The Limits of Convergence
The conventional narrative of a connected battlefield is of an any-sensor-to-any-shooter network. In this vision of combat, data is transferred seamlessly between units, command posts have real-time situational awareness from every available source, artificial intelligence rapidly generates optimized courses of action, and the fog of war dissipates. To realize this vision, sensors from all of the military services must be connected, with data able to flow through any available path.
The ability to transfer data between units from different services, so that aircraft, ships, and armored vehicles can communicate with each other, will improve the effectiveness of the joint force. But there are limits to this vision of an interconnected command-and-control system spanning every domain of war. This is because of fundamental differences between the domains. Ships and aircraft tend to have access to a great deal of power and large directional antenna, and they operate in formations comprising a comparatively small number of nodes with which they must exchange data. What’s more, they tend to operate within line of sight of one another. The result is that through free-space optical links and other high-bandwidth transmissions naval and air forces can transfer large volumes of data in real time.
These conditions do not pertain to land forces. Where a naval task force might comprise up to a dozen vessels, a division consists of thousands of vehicles, each of which is highly constrained in its available power and can generally only carry a small antenna without sacrificing mobility. Moreover, sensors and shooters will rarely be in line of sight of one another, so passing data around the force often requires transiting key bottlenecks in a network. Nodes that are elevated or dedicated transmitters with more energy will stand out in the electromagnetic spectrum and risk being targeted. There is therefore a practical and tactical emphasis on minimizing signature to maximize survivability.
Given these disparities, the seamless transmission of data between domains along any available route must have one of two consequences. Either it must restrict air and naval forces into only sharing data packets of a size that land forces can support, or air forces in particular will perpetually saturate the available network of the land forces beneath them. The first approach would massively restrict the performance of key naval and air systems, including cooperative engagement capabilities. The latter approach would suppress land forces’ access to their own communications.
There are examples of multi-domain networks that are often touted as proving that the concept works. Many are in Israel. Others sit on testing sites in various NATO countries. Often the reports that emerge from these testing sites describe single engagements in which a single platform in one domain passes data to a platform in a different domain. The problem with these tests is that many of the testing sites—and Israel—have access to a huge amount of fixed infrastructure, including the civilian internet, that bypasses military networks. The United States and its allies are unlikely to have access to such infrastructure in a future confrontation with a peer adversary. Secondly, single tests of multi-domain data transfer fail to replicate what happens when large formations are trying to utilize a network. Simply avoiding fratricide with one’s own communications becomes difficult given the number of nodes trying to share data simultaneously, even without the effects of enemy jamming.
The Bandwidth Bottleneck
The challenge is getting harder, not easier. To be sure, bandwidth across military networks has steadily improved over the past three decades. The exact capacity of military systems is classified, but transfer rates have advanced generation by generation. Unfortunately—with the exception of some niche and not universally useable systems—the gap between available bandwidth and data is expanding as the size of files and the number of transmitters increases geometrically.
A high-resolution image likely comprises several megabytes of data. A multispectral image comprising electro-optical and thermal layers, radar overlays, and topographical information becomes orders of magnitude larger. Military sensors have massively improved in their fidelity over recent years. The result is that platforms now hoover up terabytes of information. Further exacerbating the pressure on networks is that as sophisticated sensors are added to more and more platforms there is also a higher volume of high-fidelity, multispectral data points, all competing for bandwidth.
The Department of Defense has heralded space-based communications as a way of circumventing the constraints imposed by a lack of line of sight between units. The problem with space-based communications is that the infrastructure is exceedingly expensive, often visible to the enemy and therefore able to be suppressed, and in any case imposes significant delays on the network. Since most satellites move in orbits, they can only receive data while above a unit wishing to transmit and cannot then push the data down until they are above the desired receiving base station. Sharing data between satellites is possible, but every additional link in the network imposes more delays between transmission and receipt.
As a result, there is no conceivable manner in which all of this data can be accumulated in real time. Aircraft and other systems can plug in and download what they have captured upon landing, but as more and more data is generated it will take a long time to sift and disseminate it; the tempo of distribution will remain a long way from the promised panopticon. Indeed, the volume of data gathered vastly exceeds the capacity of the crews collecting it to monitor, meaning that there is little effective means of identifying incidental detections and manually prioritizing their transfer to interested parties. Bandwidth constraints are not just a reality of networks; the sheer volume of data is saturating human capacity to monitor it, let alone analyze and understand what is being captured.
AI Is No Panacea
It is at this point that the phrase artificial intelligence inevitably enters the discussion. All too often it is with this ritual incantation that the discussion ends. Humans may not be able to work their way through the data, but the computer can, and by only selecting what is relevant the computer will thereby only transmit what is needed, alleviating the pressure on the network.
This is true, insofar as artificial intelligence, when integrated into the platforms (often described as being at the “edge” of the force to distinguish it from AI analyzing data in a central headquarters), will allow systems to identify specific kinds of return within the vast quantity of data they are collecting. The relevance of what these systems find, however, will depend entirely on what they have been programmed to look for, and so long as there is a constraint upon bandwidth there are only so many returns that a system can offload. The key question, therefore, becomes defining what is relevant.
The problem with the vision of a commander’s data-driven panopticon is that it conveys the aspiration that commanders and analysts do not need to prioritize. Although mission data files can be updated periodically the reality is that edge-based processing systems will have a set of mission data files with which they operate when deployed. Those files will include the priority stack—the preprogrammed order in which information is transmitted—that in a system with limited available bandwidth will determine what gets through and what does not. Further mission data files in each point within a network will need to sort incoming data and prioritize what to pass on if there is too much to be transmitted immediately.
The building of priority stacks is therefore the fundamental prerequisite for moving the desired data quickly around the multi-domain battlespace. This requires commanders to determine what is important, when it is important, and to whom it is relevant. To understand this, it is necessary to understand how the force wants to fight, where it seeks advantage, and where it will accept vulnerability. Commanders need to understand the vulnerabilities generated by the priorities—and therefore blind spots—they have programmed into their systems and develop training, tactics, and procedures for how to mitigate these inbuilt risks.
Some priorities are easy. Ballistic missile track data is likely to be high on anyone’s list. But when analysts start to consider the trade-off between an F-35 prioritizing the transmission of detected artillery fires versus the position of an enemy tactical radar, they run into very different risks and rewards between the services, and questions regarding who is dependent upon the F-35 as opposed to the other assets at their disposal. The priority stack therefore drives where the force needs resilient or redundant deployed capability. It literally shapes force design.
If an interconnected battlefield is going to be realized then commanders must accept that while the aspiration is any sensor to any shooter the reality in the field will always be some sensors to some shooters, some of the time. If commanders refuse to accept this then they will avoid the critical decisions that need to be made to deliver genuine advances in capability—and the interconnected battlefield will remain little more than a mirage.
Article link: https://mwi.usma.edu/the-mirage-of-the-interconnected-battlefield/
Dr. Jack Watling is research fellow for land warfare at the Royal United Services Institute in London.
The views expressed are those of the author and do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense.
Image credit: Staff Sgt. Clay Lancaster, US Air Force
healthcarereimagined 