healthcarereimagined

WASHINGTON — When it comes to building teams, few people have more experience than Retired Gen. Martin E. Dempsey. Across his 41-year career, which culminated with being the 18th chairman of the Joint Chiefs of Staff, Gen. Dempsey was known as a Soldier’s Soldier and was revered by those he led. A graduate of the U.S. Military Academy, he also served as the 37th chief of staff of the Army and as commander of both Training and Doctrine Command and U.S. Central Command. We sat down with him to discuss his take on building the Army team for the future.

Q: You held many key leadership positions throughout your career. What were some of the lessons you learned about building successful teams?

A: For leaders at every level, from the lowest tactical level all the way up through the Army’s senior leadership, I think the best approach is to first think about how you influence before exerting your authority. To me, the best kind of leadership establishes a sense of belonging, makes clear that everyone’s contribution matters, and creates an environment where people get the job done because the leader has been persuasive with them.

The way you create high performing organizations that are cohesive and collaborative is by thinking about leadership as influence rather than authority. As soon as you have to exert authority, your leadership has become directive and the team responds differently.

There are obviously times when you have to exert your authority because there’s inadequate time to be influential and persuasive. But in the normal course of events, if you are a leader who believes in getting things done through influence, you’ll build the kind of trust that will allow the unit to respond positively when you do have to exert authority.

Q: How would you describe your leadership philosophy?

A: In the kind of leadership environment we live in, one with ubiquitous information, fragile facts, and intense scrutiny, the way to achieve trust within an organization is by being inclusive. I just coauthored a book, titled “Radical Inclusion,” because I believe this so strongly.

As we transitioned to an all-volunteer force, we made a commitment to ensure it would be reflective of the society it serves. That took us down a path of making sure we had a diverse group of leaders in the formations based on gender, ethnicity, and so forth. I think we really made impressive progress.

But let me make a distinction here. The kind of thing we’re talking about is beyond simple diversity. It’s not just taking stock of whether you have the proper representation of ethnic groups or genders, but, rather, we should be focusing on how inclusive we are. If you’re inclusive, the organization will naturally feel like it is contributing and bringing meaning, not just being dragged around by leadership.

Q: Can you discuss the importance of responsibility as it relates to maximizing team performance and realizing potential?

A: Responsibility is one of the principles of our profession; leaders accept responsibility for outcomes. This means they don’t just simply pass the buck. At every level, leaders need to hold themselves accountable for what they can, and should, accomplish at their particular level, whether it’s something as mundane as maintenance rates or something as abstract as building the Iraqi army. When they don’t have what they need to do so, they have an obligation to make sure the chain of command is informed.

The military can sometimes be criticized for its “can do” attitude. You’ve probably never met an officer who would say, “No, I can’t do that.” But we actually have a responsibility to explain both what we can do and what we can’t. That responsibility is at every level of the organization.

Of all the jobs I had in my career, the one with the least authority was actually when I was chairman of the Joint Chiefs of Staff. All the budgetary authority flows through the service chiefs; all the operational authority flows through the combatant commanders and up through the secretary of defense and the president. So the chairman’s role in some ways is to balance the supply and demand aspects of the force to meet the demands of the combatant commanders to the greatest extent possible, while making sure the service chiefs have the ability to develop forces ready to carry out the combatant commanders’ intent.

But that’s where responsibility comes in. It would be irresponsible to allow that relationship to become out of balance. If we constantly consume the force as it becomes ready, it makes it almost impossible for the service chiefs to organize, train, and equip the force as well as educate it on the responsibilities of the profession, its role in society, and its relationship with the American people. It is the chairman’s primary responsibility to keep all of that in balance.

Q: How important is sustainment to our operations, and how did you ensure our logisticians were integrated into the joint and coalition teams?

A: Absolutely vital. A famous logistician back in the Desert Storm era made the apropos comment that logisticians draw a line in the sand beyond which the operators dare not tread. His point was, generally speaking, logistics will determine the capability, speed, and tempo of operations. While that quote was very famous back in the 1990s, I had a much different view. I felt it was a bit pejorative and negative, suggestive that the logisticians were a limiting factor of what we could do. Throughout my entire career, I instead preferred to look at sustainment and logistics as enabling factors.

To ensure they’re integrated into the team, you have to include them at every point in the planning, preparation, and execution of the mission. As a battalion and regimental commander, I never allowed my staff to concoct an operations plan, get my approval on it, and then toss it over the transom to the logisticians and say, “Figure out how you’re going to support this.” Sustainers had to be on the team from the start so we had diverse thinking about these complex challenges.

I personally think that’s even more important today. The problems we face are so much more complex, especially in deployments, both the kind we’ve already fought and the ones we prepare for but have not had to perform yet, such as establishing a base of operation in Europe. That was one of the things I worried about most as chairman.

We had become exclusively capable at the kind of missions we were running in Iraq and Afghanistan but had let some of our expertise in other areas erode, things like the value and importance of deterrence, the ability to set a theater, and the ability to maneuver over distance with a heavy force and ensure all the enablers could move at the same pace. I think the expertise is starting to be regenerated, but we can never take those things for granted. Those who sustain and those who are storming the hill better be involved in the planning and preparation from the beginning, or in execution it’ll fail.

Q: Can you discuss the role our military spouses and Families play in the success of our total Army?

A: In 2003, I was commander of the 1st Armored Division and was given responsibility for Baghdad. Our mission statement for Task Force Iron was to establish a safe and secure environment in which the duly-appointed government of Iraq could restore basic services and security. We were spread out all over the place with more than 50 combat outposts and forward operating bases, and I had 32,000 Soldiers.

As I told my junior leaders, one of the things we learned very quickly was that contrary to other wars, we really took our Families with us when we deployed. They all looked at me like I had lost my mind, but my point was that we now had Soldiers either texting, Skyping or FaceTiming with their Families all the time. It was, “Oh by the way, I have to go now because I’ve got to take a convoy out; I’ll text or come back up on Skype when I get back.” So family members now had a real-time sense of anxiety about the well-being of their Soldiers.

It was interesting back in those days to try to exert some control over that. Finally, I came to the conclusion — and this gets back to the idea of radical inclusion — that the answer wasn’t to try to control it because it became nearly impossible. Even if you thought you could, you couldn’t. Instead, we actually tried to empower it and to literally make the family members feel like part of the team by sharing information with them about what we were doing and why. It became a very powerful leadership tool.

Initially, we thought the division was going home by Christmas of 2003. That was extended to April, which brought us to one full year, and then we were extended again to July following the Shiite rise. The way we got through that was making sure Soldiers and their Families concurrently understood what was happening and why.

I sent Mark Hertling, a brigadier general at the time, back to Europe, where we were mostly based, to partner with my wife, the U.S. Army Europe commander, and the European installation management director. Together they went from kaserne to kaserne doing hour-and-a-half briefings and taking another hour’s worth of questions so Families understood why our mission was important. Those Families then became part of the solution, not part of the problem.

As a commander at any level, if you think you can just worry about those who wear the uniform, it’s a big mistake.

Q: What was the most challenging team-building experience you had?

A: The most challenging experiences are generally those where units come together on relatively short notice, as we experienced in particular during the first decade of this century with things like the surge in Iraq. Everyone in the Army at the time was trying to figure out how we could more quickly adapt and innovate and how we could become more agile. One of the answers that emerged was modularity.

As we began to go down that path, phrases like “plug and play” came into play. We would take brigade combat teams from various divisions, run them through a mission readiness exercise, and then deploy them. But the cost of this model in terms of team building was pretty high.

Throughout the first 20 or 30 years of my career, I belonged to units that trained together habitually. We were task-organized habitually; we always knew which tank company would go over to the Infantry brigade or which Infantry battalion would come over to the Armor brigade, and we trained that way year-round. We got to know each other; our Families got to know each other. When you have that kind of constant interaction, it builds a bond of trust that runs pretty deep.

Modularity, of course, is kind of the antithesis of that. People come and go based on the needs of a particular mission. It’s the ultimate exercise in task organization. That’s difficult because systems or units only become high-performing when they begin to trust each other, not before. As an Army, I think we have to constantly be conscious of this balance between agility that comes through modularity and the bonding that comes through continuity.

Q: Since retiring from service, has your outlook on leadership evolved?

A: If anything, my beliefs about leadership based on my experiences coming through the ranks have actually been reinforced, especially this idea of trust being the cornerstone of building teams. In today’s environment, political corrosiveness has caused having a pleasant conversation about issues, which was always challenging, to become seemingly impossible. We often talk less about the substantive issues than we do about the narrative that accompanies them. It’s a battle of competing narratives more than a battle of merit on a particular issue. In that environment, it makes leading more difficult. Fortunately, however, it doesn’t make it impossible.

What makes it possible is a commitment to creating a sense of belonging, to make sure people know their contributions matter, and to develop trust. That was how I tried to lead throughout my career, particularly as a general officer where all of the sudden I had influence on the future of the Army and joint force. I’m sure there were individual actions along the way that I would’ve liked to have come out differently, but in terms of how I tried to build teams, I don’t think I would’ve done anything differently.

Q: What is the most important thing a young Soldier should know as part of the larger Army team?

A: The best young leaders, be they enlisted, warrant officers, or commissioned officers, have always had a sense that they were part of something bigger than themselves. I personally believe one of the things that makes the Army special is this ability to recognize the greater good we serve, and that’s probably even more true today in the current environment.

It doesn’t come to life immediately when a young man or woman raises their hand and takes the oath. But if leaders feel that responsibility to continue to educate the force that this is a team of teams, I think we’re going to be okay. We can’t forget we are one joint force, and it’s the American people who are counting on us. If we stay true to our professional ethos, we will succeed.

——————–
Arpi Dilanian is a strategic analyst in the Army G-4’s Logistics Initiatives Group. She holds a bachelor’s degree from American University and a master’s degree from Rensselaer Polytechnic Institute.

Matthew Howard is a strategic analyst in the Army G-4’s Logistics Initiatives Group. He holds bachelor’s and master’s degrees from Georgetown University.
——————–
This article was published in the November-December 2018 issue of Army Sustainment.

Article link: https://www.army.mil/article/213079/radical_inclusion_an_interview_with_retired_gen_martin_dempsey

Top Federal Bureau of Investigation official calls for greater public-private partnership to fight back increasingly sophisticated adversaries and attacks.

By Tom SullivanMarch 05, 201904:21 PM

SAN FRANCISCO — Christopher Wray, the director of the U.S. Federal Bureau of Investigation, struck a cautious tone on Tuesday morning here at RSA 2019 and he called for more cooperation to tackle the cybersecurity problem.

“Today’s cyberthreat is bigger than any one government agency — in fact it’s bigger than the government itself,” Wray said. “The scope, breadth, depth, sophistication and diversity of the threat we face now is unlike anything we’ve had in our lifetimes.”

Wray pointed to multinationals, criminal organizations, hacktavists, insider threats, China and North Korea all as among the most pressing issues as well as the blended threat of foreign intelligence units enlisting the help of hackers.

He said that cyber, perhaps more than any other area, is where public-private cooperation is needed for everyone’s sake.

“The key is having the private sector start to form relationships with field offices because it’s not just prevention but in many cases it’s mitigation and that’s where speed really matters,” Wray explained. Having an existing relationship, in turn, will help with that speed.

Brookings Institution Senior Fellow Susan Hennessey pressed Wray on the thorny issue of cooperating with the FBI in the wake of its incident with Apple. After Apple refused to grant the FBI access to San Bernandino shooter Syed Rizwan Farook’s iPhone in 2015 and the Bureau reportedly worked with a third-party to crack the phone anyway — a move that experts said demonstrated that even encrypted data is not entirely safe from nefarious actors.

“We are not trying to weaken encryption or find back doors. This is an issue getting worse and worse all the time,” Wray said. “It can’t be a sustainable end state that there is a space beyond our access for criminals to hide. I would love to see people come together and try to work toward solutions.”

The threats are not going to get easier or more simplistic.

Cisco Talos VP Matt Watchinski, for instance, said that as our world continues changing, technologies being invented today, including critical infrastructure, will challenge security professionals to keep getting better at what they do.

“At the end of the day,” FBI’s Wray said, “we need each other in a way that is becoming more and more apparent every day.”

Twitter: @SullyHIT
Email the writer: tom.sullivan@himssmedia.com

Article link: https://www.healthcareitnews.com/news/rsa-2019-fbi-director-christopher-wray-says-today’s-cybersecurity-threat-bigger-government

The malware made it possible to take over these systems remotely. Had the intruders disabled or tampered with them, and then used other software to make equipment at the plant malfunction, the consequences could have been catastrophic. Fortunately, a flaw in the code gave the hackers away before they could do any harm. It triggered a response from a safety system in June 2017, which brought the plant to a halt. Then in August, several more systems were tripped, causing another shutdown.

The first outage was mistakenly attributed to a mechanical glitch; after the second, the plant’s owners called in investigators. The sleuths found the malware, which has since been dubbed “Triton” (or sometimes “Trisis”) for the Triconex safety controller model that it targeted, which is made by Schneider Electric, a French company.

In a worst-case scenario, the rogue code could have led to the release of toxic hydrogen sulfide gas or caused explosions, putting lives at risk both at the facility and in the surrounding area.

Gutmanis recalls that dealing with the malware at the petrochemical plant, which had been restarted after the second incident, was a nerve-racking experience. “We knew that we couldn’t rely on the integrity of the safety systems,” he says. “It was about as bad as it could get.”

In attacking the plant, the hackers crossed a terrifying Rubicon. This was the first time the cybersecurity world had seen code deliberately designed to put lives at risk. Safety instrumented systems aren’t just found in petrochemical plants; they’re also the last line of defense in everything from transportation systems to water treatment facilities to nuclear power stations.

Triton’s discovery raises questions about how the hackers were able to get into these critical systems. It also comes at a time when industrial facilities are embedding connectivity in all kinds of equipment—a phenomenon known as the industrial internet of things. This connectivity lets workers remotely monitor equipment and rapidly gather data so they can make operations more efficient, but it also gives hackers more potential targets.

Those behind Triton are now on the hunt for new victims. Dragos, a firm that specializes in industrial cybersecurity, and where Gutmanis now works, says it’s seen evidence over the past year or so that the hacking group that built the malware and inserted it into the Saudi plant is using some of the same digital tradecraft to research targets in places outside the Middle East, including North America. And it’s creating new strains of the code in order to compromise a broader range of safety instrumented systems.

Red alert

News of Triton’s existence was revealed in December 2017, though the identity of the plant’s owner has been kept secret. (Gutmanis and other experts involved in the initial investigation decline to name the company because they fear doing so might dissuade future targets from sharing information about cyberattacks privately with security researchers.)

Over the past couple of years, cybersecurity firms have been racing to deconstruct the malware—and to work out who’s behind it. Their research paints a worrying picture of a sophisticated cyberweapon built and deployed by a determined and patient hacking group whose identity has yet to be established with certainty.

The hackers appear to have been inside the petrochemical company’s corporate IT network since 2014. From there, they eventually found a way into the plant’s own network, most likely through a hole in a poorly configured digital firewall that was supposed to stop unauthorized access. They then got into an engineering workstation, either by exploiting an unpatched flaw in its Windows code or by intercepting an employee’s login credentials.

Since the workstation communicated with the plant’s safety instrumented systems, the hackers were able to learn the make and model of the systems’ hardware controllers, as well as the versions of their firmware—software that’s embedded in a device’s memory and governs how it communicates with other things.

It’s likely they next acquired an identical Schneider machine and used it to test the malware they developed. This made it possible to mimic the protocol, or set of digital rules, that the engineering workstation used to communicate with the safety systems. The hackers also found a “zero-day vulnerability”, or previously unknown bug, in the Triconex model’s firmware. This let them inject code into the safety systems’ memories that ensured they could access the controllers whenever they wanted to.

Thus, the intruders could have ordered the safety instrumented systems to disable themselves and then used other malware to trigger an unsafe situation at the plant.

The results could have been horrific. The world’s worst industrial disaster to date also involved a leak of poisonous gases. In December 1984 a Union Carbide pesticide plant in Bhopal, India, released a vast cloud of toxic fumes, killing thousands and causing severe injuries to many more. The cause that time was poor maintenance and human error. But malfunctioning and inoperable safety systems at the plant meant that its last line of defense failed.

More red alerts

There have been only a few previous examples of hackers using cyberspace to try to disrupt the physical world. They include Stuxnet, which caused hundreds of centrifuges at an Iranian nuclear plant to spin out of control and destroy themselves in 2010, and CrashOverride, which Russian hackers used in 2016 to strike at Ukraine’s power grid. (Our sidebar provides a summary of these and other notable cyber-physical attacks.)

However, not even the most pessimistic of cyber-Cassandras saw malware like Triton coming. “Targeting safety systems just seemed to be off limits morally and really hard to do technically,” explains Joe Slowik, a former information warfare officer in the US Navy, who also works at Dragos.

Other experts were also shocked when they saw news of the killer code. “Even with Stuxnet and other malware, there was never a blatant, flat-out intent to hurt people,” says Bradford Hegrat, a consultant at Accenture who specializes in industrial cybersecurity.

It’s almost certainly no coincidence that the malware appeared just as hackers from countries like Russia, Iran, and North Korea stepped up their probing of “critical infrastructure” sectors vital to the smooth running of modern economies, such as oil and gas companies, electrical utilities, and transport networks.

In a speech last year, Dan Coats, the US director of national intelligence, warned that the danger of a crippling cyberattack on critical American infrastructure was growing. He drew a parallel with the increased cyber chatter US intelligence agencies detected among terrorist groups before the World Trade Center attack in 2001. “Here we are nearly two decades later, and I’m here to say the warning lights are blinking red again,” said Coats. “Today, the digital infrastructure that serves this country is literally under attack.”

At first, Triton was widely thought to be the work of Iran, given that it and Saudi Arabia are archenemies. But cyber-whodunnits are rarely straightforward. In a report published last October, FireEye, a cybersecurity firm that was called in at the very beginning of the Triton investigation, fingered a different culprit: Russia.

The hackers behind Triton had tested elements of the code used during the intrusion to make it harder for antivirus programs to detect. FireEye’s researchers found a digital file they had left behind on the petrochemical company’s network, and they were then able to track down other files from the same test bed. These contained several names in Cyrillic characters, as well as an IP address that had been used to launch operations linked to the malware.

That address was registered to the Central Scientific Research Institute of Chemistry and Mechanics in Moscow, a government-owned organization with divisions that focus on critical infrastructure and industrial safety. FireEye also said it had found evidence that pointed to the involvement of a professor at the institute, though it didn’t name the person. Nevertheless, the report noted that FireEye hadn’t found specific evidence proving definitively that the institute had developed Triton.

Researchers are still digging into the malware’s origins, so more theories about who’s behind it may yet emerge. Gutmanis, meanwhile, is keen to help companies learn important lessons from his experience at the Saudi plant. In a presentation at the S4X19 industrial security conference in January, he outlined a number of them. They included the fact that the victim of the Triton attack had ignored multiple antivirus alarms triggered by the malware, and that it had failed to spot some unusual traffic across its networks. Workers at the plant had also left physical keys that control settings on Triconex systems in a position that allowed the machines’ software to be accessed remotely.

If that makes the Saudi business sound like a security basket case, Gutmanis says it isn’t. “I’ve been into a lot of plants in the US that were nowhere near as mature [in their approach to cybersecurity] as this organization was,” he explains.

Other experts note that Triton shows government hackers are now willing to go after even relatively obscure and hard-to-crack targets in industrial facilities. Safety instrumented systems are highly tailored to safeguard different kinds of processes, so crafting malware to control them involves a great deal of time and painstaking effort. Schneider Electric’s Triconex controller, for instance, comes in dozens of different models, and each of these could be loaded with different versions of firmware.

That hackers went to such great lengths to develop Triton has been a wake-up call for Schneider and other makers of safety instrumented systems—companies like Emerson in the US and Yokogawa in Japan. Schneider has drawn praise for publicly sharing details of how the hackers targeted its Triconex model at the Saudi plant, including highlighting the zero-day bug that has since been patched. But during his January presentation, Gutmanis criticized the firm for failing to communicate enough with investigators in the immediate aftermath of the attack.

Schneider responded by saying it had cooperated fully with the company whose plant was targeted, as well as with the US Department of Homeland Security and other agencies involved in investigating Triton. It has hired more people since the event to help it respond to future incidents, and has also beefed up the security of the firmware and protocols used in its devices.

Andrew Kling, a Schneider executive, says an important lesson from Triton’s discovery is that industrial companies and equipment manufacturers need to focus even more on areas that may seem like highly unlikely targets for hackers but could cause disaster if compromised. These include things like software applications that are rarely used and older protocols that govern machine-to-machine communication. “You may think nobody’s ever going to bother breaking [an] obscure protocol that’s not even documented,” Kling says, “but you need to ask, what are the consequences if they do?”

An analog future?

Over the past decade or so, companies have been adding internet connectivity and sensors to all kinds of industrial equipment. The data captured is being used for everything from predictive maintenance—which means using machine-learning models to better anticipate when equipment needs servicing—to fine-tuning production processes. There’s also been a big push to control processes remotely through things like smartphones and tablets.

All this can make businesses much more efficient and productive, which explains why they are expected to spend around $42 billion this year on industrial internet gear such as smart sensors and automated control systems, according to the ARC Group, which tracks the market. But the risks are also clear: the more connected equipment there is, the more targets hackers have to aim at.

To keep attackers out, industrial companies typically rely on a strategy known as “defense in depth.” This means creating multiple layers of security, starting with firewalls to separate corporate networks from the internet. Other layers are intended to prevent hackers who do get in from accessing plant networks and then industrial control systems.

These defenses also include things like antivirus tools to spot malware and, increasingly, artificial-intelligence software that tries to spot anomalous behavior inside IT systems. Then, as the ultimate backstop, there are the safety instrumented systems and physical fail-safes. The most critical systems typically have multiple physical backups to guard against the failure of any one element.

The strategy has proved robust. But the rise of nation-state hackers with the time, money, and motivation to target critical infrastructure, as well as the increasing use of internet-connected systems, means the past may well not be a reliable guide to the future.

Russia, in particular, has shown that it’s willing to weaponize software and deploy it against physical targets in Ukraine, which it has used as a testing ground for its cyber arms kit. And Triton’s deployment in Saudi Arabia shows that determined hackers will spend years of prodding and probing to find ways to drill through all those defensive layers.

Fortunately, the Saudi plant’s attackers were intercepted, and we now know a great deal more about how they worked. But it’s a sobering reminder that, just like other developers, hackers make mistakes too. What if the bug they inadvertently introduced, instead of triggering a safe shutdown, had disabled the plant’s safety systems just when a human error or other mistake had caused one of the critical processes in the plant to go haywire? The result could have been a catastrophe even if the hackers hadn’t intended to cause it.

Experts at places like the US’s Idaho National Laboratory are urging companies to revisit all their operations in the light of Triton and other cyber-physical threats, and to radically reduce, or eliminate, the digital pathways hackers could use to get to critical processes.

Businesses may chafe at the costs of doing that, but Triton is a reminder that the risks are increasing. Gutmanis thinks more attacks using the world’s most murderous malware are all but inevitable. “While this was the first,” he says, “I’d be surprised if it turns out to be the last.”

Article link: https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/amp/

The Defense Health Agency joins a growing list of defense agencies moving their data to the commercial cloud

The Defense Health Agency, which supports the delivery of health and medical services to millions of Army, Navy and Air Force personnel worldwide, is Amazon’s newest cloud customer.

Amazon Web Services will now host DHA’s Armed Forces Billing and Collection Utilization Solution in GovCloud U.S. West region, a cluster of data centers built specifically to host some of the government’s most sensitive data.

DHA joins the Army, U.S. Transportation Command and other defense agencies moving increasingly large—and sometimes highly sensitive—data sets to commercial clouds.

The cloud migration, executed by Virginia-based defense and technology contractor General Dynamics Information Technology, marks the first time DHA has migrated an Impact Level 4 workload—which includes sensitive unclassified data—to AWS.

“GDIT has reached a significant milestone by successfully navigating DHA’s workload to AWS GovCloud (US-West) Region,” said vice president Kamal Narang, head of GDIT’s Health Sector. “Our strong relationship with AWS and intimate knowledge of our customer’s needs made this challenge a reality and will usher in a new era of cloud agility for DHA.”

GDIT will continue its relationship with DHA following a $56 million, five-year task order awarded by the agency to operate and sustain the cloud-based Armed Forces Billing and Collection Utilization Solution.

The move to cloud reflects a growing trend within the Pentagon and across civilian agencies. Some analysts predict the Defense Department will spend as much as $2 billion in cloud-related services in the coming year. The Pentagon is also expected to award two cloud contracts—the Defense Enterprise Office Solutions and Joint Enterprise Defense Infrastructure contracts—potentially worth a total of $18 billion.

Article link: https://www.nextgov.com/it-modernization/2019/03/another-defense-agency-migrates-data-amazon-cloud/155699/

By Michael Chui, Nicolaus Henke, and Mehdi Miremadi

An examination of more than 400 AI use cases revealed the two areas where AI can have the greatest impact, write the authors in Harvard Business Review.

While overall adoption of artificial intelligence (AI) remains low among businesses (about 20 percent upon our last study), senior executives know that AI isn’t just hype. Organizations across sectors are looking closely at the technology to see what it can do for their business. As they should—we estimate that 40 percent of all the potential value that can be created by analytics today comes from the AI techniques that fall under the umbrella “deep learning” (which utilize multiple layers of artificial neural networks, so-called because their structure and function are loosely inspired by that of the human brain). In total, we estimate deep learning could account for between $3.5 trillion and $5.8 trillion in annual value.
However, many business leaders are still not exactly sure where they should apply AI to reap the biggest rewards. After all, embedding AI across the business requires significant investment in talent and upgrades to the tech stack as well as sweeping change initiatives to ensure AI drives meaningful value, whether it be through powering better decision making or enhancing consumer-facing applications.
Through an in-depth examination of more than 400 actual AI use cases across 19 industries and nine business functions, we’ve discovered an old adage proves most useful in answering the question of where to put AI to work: “Follow the money.”
The business areas that traditionally provide the most value to companies tend to be the areas where AI can have the biggest impact. In retail organizations, for example, marketing and sales has often provided significant value. Our research shows that using AI on customer data to personalize promotions can lead to a 1 to 2 percent increase in incremental sales for brick-and-mortar retailers alone. In advanced manufacturing, by contrast, operations often drive the most value. Here, AI can enable forecasting based on underlying causal drivers of demand rather than prior outcomes, improving forecasting accuracy by 10 to 20 percent. This translates into a potential 5 percent reduction in inventory costs and revenue increases of 2 to 3 percent.

While applications of AI cover a full range of functional areas, it is in fact in these two cross-cutting ones—supply-chain management/manufacturing and marketing and sales—where we believe AI can have the biggest impact, at least for now, in several industries (exhibit). Combined, we estimate that these use cases make up more than two-thirds of the entire AI opportunity. AI can create $1.4 trillion to $2.6 trillion of value in marketing and sales across the world’s businesses, and $1.2 trillion to $2 trillion in supply-chain management and manufacturing (some of the value accrues to companies, while some is captured by customers). In manufacturing, the greatest value from AI can be created by using it for predictive maintenance (about $0.5 trillion to $0.7 trillion across the world’s businesses). AI’s ability to process massive amounts of data, including audio and video, means it can quickly identify anomalies to prevent breakdowns, whether that be an odd sound in an aircraft engine or a malfunction on an assembly line detected by a sensor.

Another way business leaders can home in on where to apply AI is to simply look at the functions that are already taking advantage of traditional analytics techniques. We found that the greatest potential for AI to create value is in use cases where neural network techniques could either provide higher performance than established analytical techniques or generate additional insights and applications. This is true for 69 percent of the AI use cases identified in our study. In only 16 percent of use cases did we find a “greenfield” AI solution that was applicable where other analytics methods would not be effective. (While the number of use cases for deep learning will likely increase rapidly as algorithms become more versatile and the type and volume of data needed to make them viable become more available, the percentage of greenfield deep learning use cases might not increase significantly, because more established machine learning techniques also have room to become better and more ubiquitous.)

The executive’s AI playbook

Explore the interactive

We don’t want to come across as naïve cheerleaders. Even as we see economic potential in the use of AI techniques, we recognize the tangible obstacles and limitations to implementing AI. Obtaining data sets that are sufficiently large and comprehensive enough to feed the voracious appetite that deep learning has for training data is a major challenge. So, too, is addressing the mounting concerns around the use of such data, including security, privacy, and the potential for passing human biases onto AI algorithms. In some sectors, such as healthcare and insurance, companies must also find ways to make the results explainable to regulators in human terms: why did the machine come up with this answer? The good news is that the technologies themselves are advancing and starting to address some of these limitations.

Beyond these limitations, there are the arguably more difficult organizational challenges companies face as they adopt AI. Mastering the technology requires new levels of expertise, and process can become a major impediment to successful adoption. Companies will have to develop robust data maintenance and governance processes and focus on both the “first mile”—how to acquire data and organize data efforts—and the far more difficult “last mile,” how to integrate the output of AI models into workflows, ranging from those of clinical-trial managers and sales-force managers to procurement officers.

While businesses must remain vigilant and responsible as they deploy AI, the scale and beneficial impact of the technology on businesses, consumers, and society make pursuing AI opportunities worth a thorough investigation. The pursuit isn’t a simple prospect, but it can be initiated by evoking a simple concept: follow the money.
This article originally appeared in Harvard Business Review in July 2018.

About the author(s)
Michael Chui is a partner of the McKinsey Global Institute and is based in McKinsey’s San Francisco office, Nicolaus Henke is a senior partner in the London office, and Mehdi Miremadi is a partner in the Chicago office.

Article link https://www.mckinsey.com/business-functions/mckinsey-analytics/our-insights/most-of-ais-business-uses-will-be-in-two-areas

By Lee J Miller and Wei Lu
February 24, 2019, 9:00 AM EST

• Iceland, Japan, Switzerland round out top five; U.S. is 35th
• Health index looks at life expectancy, environmental factors

Maybe it’s something in the gazpacho or paella, as Spain just surpassed Italy to become the world’s healthiest country.
That’s according to the 2019 edition of the Bloomberg Healthiest Country Index, which ranks 169 economies according to factors that contribute to overall health. Spain placed sixth in the previous gauge, published in 2017.

Four additional European nations were among the top 10 in 2019: Iceland (third place), Switzerland (fifth), Sweden (sixth) and Norway (ninth). Japan was the healthiest Asian nation, jumping three places from the 2017 survey into fourth and replacing Singapore, which dropped to eighth. Australia and Israel rounded out the top 10 at seventh and 10th place.

The index grades nations based on variables including life expectancy while imposing penalties on risks such as tobacco use and obesity. It also takes into consideration environmental factors including access to clean water and sanitation.
Spain has the highest life expectancy at birth among European Union nations, and trails only Japan and Switzerland globally, United Nations data show. Spain by 2040 is forecast to have the highest lifespan, at almost 86 years, followed by Japan, Singapore and Switzerland, according to the University of Washington’s Institute for Health Metrics and Evaluation.
“Primary care is essentially provided by public providers, specialized family doctors and staff nurses, who provide preventive services to children, women and elderly patients, and acute and chronic care,” according to the European Observatory on Health Systems and Policies 2018 review of Spain, noting a decline the past decade in cardiovascular diseases and deaths from cancer.

Researchers say eating habits may provide clues to health levels enjoyed by Spain and Italy, as a “Mediterranean diet, supplemented with extra-virgin olive oil or nuts, had a lower rate of major cardiovascular events than those assigned to a reduced-fat diet,” according to a study led by the University of Navarra Medical School.
Meanwhile in North America, Canada’s 16th-place ranking far surpassed the U.S. and Mexico, both of which dropped slightly to 35th and 53rd. Life expectancy in the U.S. has been trending lower due to deaths from drug overdoses and suicides.
Cuba placed five spots above the U.S., making it the only nation not classified as “high income” by the World Bank to be ranked that high. One reason for the island nation’s success may be its emphasis on preventative care over the U.S. focus on diagnosing and treating illness, the American Bar Association Health Law Section said in a report last year after vising Cuba.

South Korea improved seven spots to 17th while China, home to 1.4 billion people, rose three places to 52nd. Life expectancy in China is on track to surpass the U.S. by 2040, according to the Institute for Health Metrics and Evaluation.
Sub-Saharan economies accounted for 27 of the 30 unhealthiest nations in the ranking. Haiti, Afghanistan and Yemen were the others. Mauritius was the healthiest in Sub-Sahara, placing 74th globally as it had the lowest death rate by communicable diseases in a region still marred by infectious mortality.

Methodology

Bloomberg evaluated health variables and risks ranging from those of behavioral nature to environmental characteristics. Final index only included nations with at least 0.3 million population and sufficient data. 169 WHO states met the criteria to be included.

To access the Bloomberg 2019 Healthiest Country Index data set for all nations, click HERE.

Article link: https://www.bloomberg.com/amp/news/articles/2019-02-24/spain-tops-italy-as-world-s-healthiest-nation-while-u-s-slips

CMS Office of the Actuary Releases 2018-2027 Projections of National Health Expenditures

National health expenditure growth is expected to average 5.5 percent annually from 2018-2027, reaching nearly $6.0 trillion by 2027, according to a report published today by the independent Office of the Actuary at the Centers for Medicare & Medicaid Services (CMS). 

Growth in national health spending is projected to be faster than projected growth in Gross Domestic Product (GDP) by 0.8 percentage points over the same period.  As a result, the report projects the health share of GDP to rise from 17.9 percent in 2017 to 19.4 percent by 2027.

The outlook for national health spending and enrollment over the next decade is expected to be driven primarily by:

• Key economic factors, such as growth in income and employment, and demographic factors, such as the baby-boom generation continuing to age from private insurance into Medicare; and
• Increases in prices for medical goods and services (projected to grow 2.5 percent over 2018-2027 compared to 1.1 percent during the period of 2014-2017).

Similar to the findings in last year’s report, the report found that by 2027, federal, state and local governments are projected to finance 47 percent of national health spending, an increase of 2 percentage points from 45 percent in 2017.  As a result of comparatively higher projected enrollment growth in Medicare, average annual spending growth in Medicare (7.4 percent) is expected to exceed that of Medicaid (5.5 percent) and private health insurance (4.8 percent).

Selected highlights in projected health insurance enrollment and national health expenditures by sector and payer include:

Health Insurance Enrollment: Net enrollment gains across all sources are generally expected to keep pace with population growth with the insured share of the population going from 90.9 percent in 2017 to 89.7 percent in 2027.

Medicare: Medicare spending growth is projected to average 7.4 percent over 2018-2027, the fastest rate among the major payers.  Underlying the strong average annual Medicare spending growth are projected sustained strong enrollment growth as the baby-boomers continue to age into the program and growth in the use and intensity of covered services that is consistent with the rates observed during Medicare’s long-term history.

Medicaid: Average annual growth of 5.5 percent is projected for Medicaid spending for 2018-2027.  Medicaid expansions during 2019 in Idaho, Maine, Nebraska, Utah, and Virginia are expected to result in the first acceleration in growth in spending for the program since 2014 (from 2.2 percent in 2018 to 4.8 percent in 2019).  Medicaid spending growth is then projected to average 6.0 percent for 2020 through 2027 as the program’s spending patterns reflect an enrollment mix more heavily influenced by comparatively more expensive aged and disabled enrollees.

Private Health Insurance and Out-of-Pocket: For 2018-2027, private health insurance spending growth is projected to average 4.8 percent, slowest among the major payers, which is partly due to slow enrollment growth related to the baby-boomers transitioning from private coverage into Medicare.  Out-of-pocket expenditures are also projected to grow at an average rate of 4.8 percent over 2018-2027 and to represent 9.8 percent of total spending by 2027 (down from 10.5 percent in 2017).

Prescription Drugs:  Spending growth for prescription drugs is projected to generally accelerate over 2018-2027 (and average 5.6 percent) mostly as a result of faster utilization growth.  Underlying faster growth in the utilization of prescription drugs, particularly over 2020-2027, are a number of factors including efforts on the part of employers and insurers to encourage better medication adherence among those with chronic conditions, changing pharmacotherapy guidelines, faster projected private health insurance spending growth in lagged response to higher income growth, and an expected influx of new and expensive innovative drugs into the market towards the latter stage of the period.

Hospital:  Hospital spending growth is projected to average 5.6 percent for 2018-2027. This includes a projected acceleration in 2019, to 5.1 percent from 4.4 percent in 2018, reflecting the net result of faster expected growth in both Medicare (higher payment updates) and Medicaid (as a result of expansion in five states), but slower projected growth in private health insurance as enrollment declines slightly due to the repeal of the individual mandate.

Physician and Clinical Services: Physician and clinical services spending is projected to grow an average of 5.4 percent per year over 2018-2027.  This includes faster growth in prices over 2020-2027 for physician and clinical services due to anticipated rising wage growth related to increased demand from the aging population.

The Office of the Actuary’s report will appear at: http://www.cms.gov/Research-Statistics-Data-and-Systems/Statistics-Trends-and-Reports/NationalHealthExpendData/NationalHealthAccountsProjected.html
An article about the study is also being published by Health Affairs and is available here: https://protect2.fireeye.com/url?k=529199bd-0ec4906d-5291a882-0cc47a6a52de-97641bdac742d461&u=http://www.healthaffairs.org/doi/abs/10.1377/hlthaff.2018.05499

Article link: https://www.cms.gov/newsroom/press-releases/cms-office-actuary-releases-2018-2027-projections-national-health-expenditures

Get CMS news at cms.gov/newsroom, sign up for CMS news via email and follow CMS on Twitter CMS Administrator @SeemaCMS, @CMSgov, and @CMSgovPress.