On Goals, Part 1: Statement of Values

2013-02-02 13:26:46 by chort

One of the things I don't do well, that I feel is characteristic of the InfoSec discipline as a whole, is setting goals. I'm talking about relevant, worthwhile, and attainable goals. In their absence, it's easy to busy ourselves with tactical issues.

When thinking about goals, it makes sense to first define your values, so you can choose goals that align with or advance your values. One of the values I hold dearly is building a future that my offspring have the opportunity to enjoy. That means many things, but one that I think about frequently is the global economic situation and where the Western world, particularly the United States of America fits into it. I think far too many people have allowed instant gratification to confuse tactical decisions with strategic decisions. If we're serious about giving our kids the opportunities we had, we need to make sure our nation and democratic values are strongly positioned in the global market.

If this all sounds very grand and abstract, that's because it is. Please be patient, since it's a necessary foundation for the rest of this post, which gets into very actionable and practical steps. It has everything to do with Information Security and how we live our daily lives.

So we want to be competitive globally, not just now, but in the future. What can we, as individuals do about that? There are a lot of things that go into it; better education for all, particularly in STEM, more focus on vocational education, less class stratification, willingness to abandon faith-based systems in favor of data-driven decisions, etc.

There also needs to be a realization at a strategic level what global economics really entail: There are winners are losers. If you don't have a plan to be a winner, you're a loser by default. If you haven't proven your plan against likely adversaries, or worse yet, haven't correctly identified your adversaries, you're a loser. Similarly, if you haven't identified long-term allies, those who hold similar values and whose long-term interests align well with your own, you're a loser.

Business, sales, and competition have always been based on information asymmetry. That basically means when the seller has more information than the buyer, the seller can make free profit above what the buyer would have paid, had their awareness been equal to the seller's. Some call this "value-based pricing," but they aren't talking about the value created by the seller, they're talking about the value the buyer places on the goods. That valuation is based on the information the buyer has available, so if the seller can conceal or manipulate the information, they can create artificial value. There are some people, such as Daniel Pink who argue in this information age, such asymmetry is disappearing, because buyers have access to Google, Yelp, and other online sources of information.

I take the opposite view. I think the recent financial crisis as a result of hyper-financialization of markets demonstrates that, more than ever, the sellers are able to use extremely complex systems and mountains of data, much of which is irrelevant noise, to manipulate and deceive buyers worse than ever. Buyers only benefit from available information if they're able to effectively analyse it and distill it down to something that improves their decisions over a coin-flip. This also assumes that the public data is all the data that exists, or that it is nearly as accurate as information obtained privately from insiders. Again, I think the financial crisis proves that's not the case. Some hedge fund managers were able to (apparently) collude with financial institutions to massively profit from information only they had.

So what does that detour have to do with global economics, and more importantly how does that tie back to our values, or drive goals? The connection is information. The value of information is enormous and it's increasing every day. Those who have information and the means to process it are drawing ever father ahead of those who don't. That artificial value is going up for everyone using it, and the suckers who aren't clued-in are losing out. You can apply this to social classes (rich vs. middle-class/poor), but also to nations and their economic output.

For all the flaws that state-owned enterprises have in terms of efficiency, leadership, etc, they do have a few important advantages that should be noted. Since the states own these businesses, it's in the states' interest to supply them with educated workforces. In some nations the state has a firm grip on the education system, so they can dictate that students are taught skills that are useful to the state enterprises. Since the states are providing financing for the businesses, it's very important that the states are adept in financial markets, which gives them a big incentive to apply state resources to studying and gaming financial systems. Last, since the states have a direct channel to the businesses, that allows easy hand-off of information obtained through state-[sponsored|encouraged|tolerated|ignored] espionage to the SOEs.

That last point is extremely relevant to anyone in Information Security today (whether you're in a nation that is heavily invested in SOEs or not). For those of us living in countries that don't directly pass industrial secrets obtained through espionage to business, we need to recognize how fundamentally unfair the game is becoming. We're employed by companies who are losing an information war they don't even acknowledge is taking place. The transfer of information from private companies to nation-states and their sponsored businesses is destroying value every day. The situation isn't going to substantially change unless we change tactics, and to change our tactics we need a shift in strategic vision.

I propose we, as the Western/democratic/free-market adopt some values to guide our strategic efforts, that can be passed down through the hierarchies to apply every tactical decision being made. WIthout further ado:

1.) We hold personal freedom, privacy, and human equality to be sacred.

2.) Societal value is expressly not derived from social class, ancestry, or party membership, but rather through actions and results.

3.) Value should be measured over centuries, not decades. When evaluating the soundness of ideas, consider the next generation's benefit, not your own.

4.) Prosperity of future generations depends on the health of society as a whole; prosperity achieved to the detriment of one's own countrymen can never be sustained for long.

5.) Societies, like everything, evolve. We shouldn't cling to the past where it harms our future.

6.) Just as surely, change for the sake of change must be treated with healthy skepticism.

I didn't pick these values arbitrarily. They're all designed to capture the spirit of meritocracy and exploit weaknesses in societies built on rigid lines of succession and narrow-minded thinking. Focus is absolutely essential to success, but focus should be achieved through well-founded confidence in a course of action. Confidence should be derived from rigorous thinking, not blind faith in tradition. Confidence without provable facts isn't confidence at all, but blissful and willful ignorance. We shouldn't seek to short-cut self-esteem through baseless self-congratulation, but rather pride ourselves in superior results through superior execution.

Let us never forget: These United States were founded by people fleeing monarchical governments, rigid religions, and out-of-touch aristocracies. Our values should capture the pioneering spirit and scientific pursuit that got us where we are today. To fall back into a system of ruling families, religious repression of science, and highly-stratified society would be a catastrophic mistake.

I've decided to split this blogpost into a two-part series, since it was getting long. In closing here I'd like to summarize that for actions to be useful, they need to be directed at goals. For goals to be meaningful, they need to be in furtherance of values, and for values to be determined requires hard thinking about what their benefit is and whether the benefits are sustainable. In the next post I'll show some concrete examples of where our value -> goal -> action chain is breaking down in Western society and things every one of us can do to change that.

Add a comment:




max length 1000 chars