Do you know how sometimes - when you are riding your bike and you start skidding across sand, or when you miss a step and start tumbling down the stairs - you have those long, long seconds to know that you are going to be hurt, and badly? - Jodi Picoult, My Sister's Keeper
The only relevant test of the validity of a hypothesis is comparison of prediction with experience. - Milton Friedman
As I watch the meltdown of Obamacare, I am reminded of the old “duck and cover” commercials in the US during the peak of the Cold War. Duck and cover was a program providing people, especially children, with advice and guidance regarding the “right” things to do in the event of a nuclear explosion.
For those of you not old enough to remember the program, here is one of the commercials. It is pretty disturbing to watch in its overly simplified response to the challenges of nuclear war.
Officials have since admitted that the duck and cover program was designed to provide people with peace of mind (idiotically downplaying the danger of a nuclear bomb while playing up the survivability of something that “could give you a serious sunburn”) and that it did absolutely zero to help people survive a nuclear war.
However, the program was useful because it helped people live in ignorance to the danger around them and the inability of their government to protect them from the danger.
What does this have to do with Obamacare?
Announcements today that the healthcare marketplace (a key foundational component of Obamacare) is only 30% complete after billions of dollars have been spent should disturb a lot of people.
People should also be disturbed by the news that the marketplace has already had its security compromised or is in imminent threat of being compromised.
I find it especially disturbing that post mortems indicate that proven best practices in the areas of software architecture and design, project management, project oversight, project communication and just about everything else were ignored or violated in creating the nightmare that the President is trying to make his way through.
After all, for those of us who have worked on much larger systems in terms of transaction volume, concurrent usage, security requirements and the like (where we were fined heavily by the government if we didn’t deliver as required), healthcare.gov is a relatively simple system to implement.
Of course none of this was known publicly until it was time to turn it all on and it didn’t work ….. at all.
Truth be told, there were plenty of warnings communicated by a lot of people that the system wouldn’t work.
But hey, why disrupt a perfectly good gravy train for a lot of IT folks by disturbing the fantasy with a few claims of reality? After all, there is nothing more of a nuisance than cries of “the emperor is not wearing any clothing” coming out of the wilderness.
Which leads me to more important things ….
When I think of a simple IT system that can’t be architected, designed, implemented or deployed properly, I wonder about REALLY complicated problems.
Problems like a response to terrorism.
After all, reacting to an event with thousands (or millions) of people, all reacting in different ways, all having different needs, etc. (basically a machine with millions of moving parts) is MUCH more complicated to figure out than a simple little healthcare marketplace.
In addition, unlike the needs of the healthcare marketplace which are fairly static and well defined, responding to a terror event would be very fluid, changing by the minute.
Because of the complexities involved, an emergency preparedness plan that addresses terrorism presents a very sharp double-edged sword.
1. You can’t reveal your response strategy in advance because it plays into the hands of terrorists who alter their own plans as a result.
2. You can’t reveal that if an event happens, most of it will be trial and error because you don’t want to panic the public (think “duck and cover”) and such an admission further emboldens those who wish to strike at our freedom.
3. In fairness to bureaucrats, you simply can’t invest in every possibility since the costs will quickly get out of control, you might tip your hand, people will complain about freedom infringement, etc.
4. Have you ever tried to practice a response with ten thousand (or a million) people who have no formal emergency preparedness training? We’d probably injure or kill quite a few in the process (not withstanding the tremendous cost and complexity of successfully staging such an event).
With all of that in mind, people put together a few things and cross their fingers that they never have to face such a scenario. If they do have to face such a scenario, they stumble through a response, sacrifice a few people when the event has passed (blame matters in political circles) and then quickly march out the political rhetoric of how we all rose to the occasion.
For many of us who lost friends and family on 9/11, we would rather have those people back in our lives rather than be praised for “rising to the occasion”.
So I was curious ….
I was curious about what emergency plans were in place for a particular place that is highly susceptible to an attack that, if successful, would have a major impact ecologically, economically and on the human capital in the area and for the nation.
I recognize that sensitive information wouldn’t be shared with me but I was curious as to what, if anything, I should do as a citizen to do my part before, during and after such an event since the likelihood of a successful terrorist event is high for the location in question.
Here is the response (redacted to prevent identification of the source):
The █████████ Emergency Plan (████) is a strategic plan that defines the Public Safety System, identifies the roles and responsibilities of stakeholders and very broadly details the procedures for coordination of emergencies in █████████████. It is not an operational plan, nor is it a hazard (specific or all-hazard) response plan. Within the ███ the department of the ███████ and ██████ (now joined with the department of ██████ to form a new department known as █████████) has responsibility to monitor, implement and maintain the █████████ Counter Terrorism Crisis Management Plan. This plan, which is naturally a restricted distribution document, provides the operational and tactical framework for addressing human-induced intentional threats.
Which means that, like Obamacare, we won’t know what the plan looks like (or what our roles within it are) until we see it and the master architects of it won’t know if it even works until they throw the switch.
If the implementation of Obamacare, FEMA’s response to Hurricane Katrina or similar large-scale solutions are any indication of what we can count on when things matter, it reminds me yet again of the importance of self-preparedness.
After all, confidence in government’s ability to solve such problems relies on an organizational principle known as rationalized myths to sustain such confidence. Specifically, we rely on logics of confidence:
Avoidance – barriers are placed between the information holders and the information seekers and the less information (especially bad news) that leaks out, the more confident that we are that things must be under control. Translation: If it’s under control, I don’t need to do anything myself.
Discretion – we trust a few experts who say that everything is under control and therefore we don’t need to examine things more closely. Translation: If he/she says it’s all good, then it must be and so I don’t need to do anything.
Integrity – the integrity of appearances are assumed, meaning that people or organizations with this much time, energy, money and knowledge assume that anything they do will be right and so they overlook their own weaknesses and mistakes. Translation: We are confident in our ability to deliver quality solutions, therefore you can be confident of the same and need not do anything to help us.
If that’s all I have to go on (and with all due respect to the many great people who are saddled and burdened with trying to find answers to many complicated scenarios) I think we need to do more to help ourselves so that if any significant event comes along, either at the hands of man or Mother Nature, that we are prepared.
The Affordable Care Act marketplace is not just a piece of poorly implemented technology. It’s a sign that whenever anything complicated needs to be built by modern governments in relative secrecy, we may not know if we can rely on it until we need it and by then it may be too late.
Well .. with the exception of military hardware of course. We have mastered the ability to kill others but are less adept in other areas.
It is for this reason that duck and cover came to mind today.
Have you done your best to help yourself, your family, your loved ones, your community and yes, your government (including first responders) when it comes to preparedness for events that governments believe are a “when” and not an “if”?
Are you sure?
How do you know?
In service and servanthood,
Harry
Addendum – The Complexities of Our System
Here is a 50,000 foot view of how technology is implemented in one part of the US Government.
Consider that each box has many boxes of its own contained within – hundreds and in some cases, thousands of them.
Consider as well that not only is communication difficult to maintain laterally and vertically between the boxes but in many cases, the boxes are actually competing with each other and are quite happy to see another box fail if their box has an opportunity for success – measured in budgets, accolades or other rewards.
Is it any wonder that things are so hard to deliver?
I would posit that anyone who can successfully navigate such a minefield and produce a useful result should be up for a Nobel Prize for “something”.
What do you think?
Addendum 2 – A Real Threat … Right Now
This video shows the state of the Fukushima reactor and what could happen if the fuel rods are removed incorrectly. As one expert indicates in the video, if things “go wrong” with the clean up of the fuel rods or if containment building 4 collapses because of an earthquake, she is evacuating her family from Boston, a city 6,560 miles away, as the northern hemisphere will be significantly contaminated by radiation.
Adding complexity to this is the recent announcement that the Japan Atomic Energy Agency has been cited for security failures at other facilities in Japan.
The question is this ….
What happens if someone decides to “make things go wrong” at Fukushima?
What would / should we do if an accidental or purposeful event occurs in Fukushima that significantly contaminates the northern hemisphere?
I don’t know what the answers are.
Do you?
In case you’re thinking that that’s a long way from home and too far away to be of concern, consider this report - U.S. nuclear reactors vulnerable to terrorist attack.
Then there was the debacle with the Stuxnet worm developed by the west to target Iranian nuclear installations and which I noted in June of 2012 in my post Viruses, Politics and Slippery Slopes would come back to haunt us. Later in 2012, US power plants were disabled by malware not identified as Stuxnet but problematic all the same. Russian power plants have also been attacked by Stuxnet.
When you are told that security procedures keep US nuclear power plants secure from cyber attack, keep this little ditty in mind – Homer Simpson would be proud: Nuclear regulators crack firewalls to access porn.
So the system is unable or unwilling to protect the people it serves.
How does that make you feel?
Do you even care?