Wednesday, November 25, 2015

World Enough and Time

As I back into the Thanksgiving holiday weekend, global risk has never been higher. There is really not a clear beginning to Daesh, the organization that calls itself The Islamic State or ISIS.  We do know that a caliphate was declared in 2014 after the group broke away from others with similar intentions in the Mideast.  Since the caliphate was declared, the threat from Daesh has spread from the Mideast into other parts of the world, most recently into Paris about ten days ago.

We can analyze where Daesh's money comes from, and how sophisticated its use of social media is, but in point of fact we are dealing with terrorists, fanatics whose goal is to reform the world, to remake it free of the perversity, corruption and heretics it condemns with words from Islamic teaching.

In February I published a piece in The Risk Universe suggesting that the NSA and Anonymous team up to take down financial supply chain lines that fuel Daesh's operations.  Formally, only Anonymous has responded, taking down over 20,000 Twitter sites that are used to recruit young people or pass on propaganda of one sort or another.  I know that NSA and other American intelligence operations have stepped up their efforts online in the last week, and hope that the Pentagon is not far behind, despite those overly optimistic "We have contained ISIS" messages that were being sent out by higher ups.

So tomorrow is Thanksgiving.  I wish each of you a lovely day, one with time to reflect on just how very fortunate we are to live in a country that has a constitution and amendments to protect basic human freedoms, of late to protect those freedoms against political ignoramuses.  Blake has a poem called "The Grey Monk," in which he talks about the cycle of tyranny, and how very easy it is to become (a fanatic) what you behold (fanatics, terrorists, hate crimes), and "become a tyrant in his stead."

Ignoramuses abound.  Do we think that all Christians are members of the Klu Klux Klan?

 I'll be writing more on this topic for the December newsletter; and also for a January piece in The Risk Universe.   In the meantime, you might wish to review this excellent article from Continuity Central by my colleague Peter Power, in which he  has excerpted simple "Stay Safe" checklists for everyone. 

Monday, October 5, 2015

"Collective decision-making, extended kinship structures, ascribed authority vested in elders, flexible notions of time, and traditions of informality in everyday affairs." (Barnhardt, 2002)

So I teach one other class this quarter, another new one for me called "Foundations of Information Management," to mid-career students on Friday late afternoon, for three hours.  I'm following most of the readings and many of the assignments created by my colleague, Michelle Carter, who wrote the original syllabus for the course and then updated it this year.

Bighorn Medical Circle, Wyoming

But for the first class I wanted to try something else:  to look at the very first forms of information management by indigenous people in this region.  I used two essays, recommended by Emeritus Associate Dean Cheryl Metoyer, herself a Cherokee.  I could not find an expert in this particular field to be a guest speaker, so I led the discussion myself -- and it actually worked out very well, with robust conversations around both readings.  There are 19 "mid-career" students in the graduate course, which means they already have some notion of how to create a conversation and then extend it.  The multiplicity of backgrounds will make this quarter very interesting.

In the third hour of class, we looked at the issue of email records retention, in part because it's in the news right now, but also because each of the course members works for an institution that has some sort of policy.  The Supreme Court ruled years ago that corporate email belongs to the company, not to the individual.  Because of the demand of our fractured work life, some find themselves forwarding corporate materials to their personal emails so they can work from home on the weekend or in the evening.  What kind of risk does this create for the company?

More on that later.  Let me finish by saying I have never had such a congenial group of students as those in these two courses this quarter.

Tuesday, September 29, 2015

Let the adventure begin!

"The revolutionary idea that defines the boundary between modern times and the past is the mastery of risk:  the notion that the future is more than a whim of the gods and that men and women are not passive before nature.” (1)

"The ability to define what may happen in the future and to choose among alternatives lies at the heart of contemporary societies.  Risk management guides us over a vast range of decision-making, from allocating wealth to safeguarding public health, from waging war to planning a family, from paying insurance premiums to wearing a seatbelt, from planting corn to marketing cornflakes.”  (2)
Both of the quotations above are from Against the Gods: The Remarkable Story of Risk by Peter L. Bernstein, the first couple of chapters of which I am using in the new enterprise risk management course I am teaching to informatics undergraduates this quarter.  I thought it would be a good idea to give them a quick survey of how things stood before 1200, and then to see what Renaissance thinkers improved.  They're reading these chapters (not the textbook for the course) up against the 2014 University of Washington Enterprise Risk Management Report to the Board of Trustees.  

In this first class, it will be my job to explain also what an "enterprise" is, given that many undergraduates do not seem to be aware of the role that public and private companies play in our society.

Students will also draw out of a hat to determine what historical risk event their team will be responsible for presenting to the rest of the class during the quarter.  See what you think, and whether you think anyone will be falling asleep during class.  I'll report back later this week, when I describe what I'm doing in my graduate course that I've never taught before.  In the meantime, here are the seven events I've selected to go into the hat tomorrow.

 Hurricane Katrina (2005) – November 2

London Transit Bombings (2005) – November 16

Deepwater Horizon oil spill (2010) – November 23

Office of Personnel Management data breach (2015) – Oct. 2

Oso landslide (2014) – October 7

Edward Snowden and Espionage Act violations (2013) – Oct. 12

Destruction of the World Trade Center (9/11/2011) – Oct.19

Friday, August 28, 2015

Where are we now? How do we move forward?

One of two cornerstones of the National Academy of Arts and Science.
This weekend marks the tenth anniversary of Hurricane Katrina, an event so significant that the practice of emergency management by the federal government was changed forever.  Today marks the 54th anniversary of the March on Washington where Martin Luther King, Jr. gave his famous "I have a dream" speech.  It is the 60th anniversary of the vicious murder of a Chicago boy, Emmett Till, when he visited relatives in the South and whistled at a white woman.  Two days ago, a TV reporter and cameraman were shot dead in the head on a morning news program by a killer who then posted video of the murders to social media.  In a 23 page suicide note, the only thing that the murderer left out of his message was the similarity to ISIS acts of terror that also take place in living color and then get posted to social media sites.

While the federal government has completely reshaped its responses to disasters, we can't really pat ourselves on the back where equality and justice that Reverend King was looking for is concerned.  The situation has never been worse in this country where distrust and anger are concerned, and the gap continues to increase between those who have and those who do not.

The situation appears intolerable also where gun control and mental health proposals go unfunded and unapproved.  The National Rifle Association (NRA) continues to have a lock hold on our elected officials where even the simplest forms of information sharing are concerned -- registering guns and sales of guns in such a way that federal and state police databases are interlocked to detect those with criminal or mental health histories.  Why is this passing bare bones legislation that could trap for lowest hanging fruit so difficult?  What do we need to do to be heard?

The interior cornerstone at the National Academy of Arts and Science.
The worst of it in all this is that each episode seems to set off more disturbed people in what are called copycat events.  Just as those who ride trains every day are probably now more aware of their environments after the events of last weekend on the Amsterdam-Paris train, I suspect that every news person will feel their own heightened anxiety for at least the next several months.

Given the flammable nature of public discourse on so many issues these days, especially with presidential politics starting make things worse, I would suggest that we need to find new ways to move the discussion on gun violence forward, to see if it is possible to affect real change on this issue and on the issues involving equality and justice as well.

Wednesday, July 29, 2015

Earthquakes and the Pacific Northwest

We live in one of the most beautiful places in the world.  Most of us don't like to think about earthquake risk on any consistent basis.  Some of us have ensured that our homes are tied down to their foundations; and that we have an emergency supply kit as well as a family plan for how to find one another if our smartphones won't work.  And that we have emergency supplies in our vehicles and our offices as well.
Emergency kit in our home includes basics as well as a spreadsheet of vital information.

Emergency supplies in my trunk.

A little more than a week ago, the New Yorker published an article by Kathryn Schultz that has caused a great deal of panic and anxiety.  She published a second article this week, attempting to refine the ghastly overly dramatic tone of the first piece; and this time to offer some pretty straightforward recommendations on preparedness at

Other perspectives on how prepared we are here in the Pacific Northwest can be found at; or on the website of the Seattle Office of Emergency Preparedness at

I will say that any articles written about preparedness move the bar a bit higher in terms of neighborhood and civic preparedness.  For myself, I'm changing out some emergency supplies now that I no longer eat much else than greens, beans, other vegetables and fruits.  Once this heat spell is past, I plan to be growing more than Walla Walla onions and green peppers.

How prepared is your family to live without services or support for up to a week?

Do what's reasonable, and then relax -- go out and enjoy this, the most beautiful place in the world!

Wednesday, July 1, 2015

Personal risks and rewards

When I teach operational risk courses, I try to stress that life (and business) is full of risks; and that taking risks with confidence moves you forward, whether you are a family or a business firm.  I had a chance last weekend see that premise manifest itself exactly.

Some of you know that I was born in a small town in Northern Iowa, our family of four part of a larger interwoven group of four Irish Catholic families residing among Scandinavian Protestants.  My great-great grandparents had emigrated from Rathkeale a week after being married in 1861.  My grandfather ("TJ" Hayes) was born in Illinois, but moved to Iowa, where he farmed, bought and sold horses, and raised seven children with his wife, Anna Quinn.  Each of these large moves, from Ireland to Illinois, and from Illinois to Iowa, brought forward momentum and better lives.  Though TJ's grandchildren and great-grandchildren have scattered to many parts of the world, 80 of them returned to celebrate their history and close connection at my cousin Jim Hayes' amazing home in Iowa City this past weekend.  This is the eighth such five year reunion that Jim has hosted, which makes it 40 years old.  He spoke movingly of the four families whose lives intertwined from those first days in North Central Iowa:  the Hayes family, of which I am a member; the Morrissey family, connected through Jim's father's marriage to Alice Morrissey; the Newman family, connected through my Aunt Teresa's marriage to George Newman; and the Barrett family, connected through Nita Morrissey's marriage to James Barrett. 

This photo is blurred but will give you an idea of the volume still present of those four families on this earth.

There are roughly 80 of us in the photograph.

Here's one of the first cousins at the reunion.

Again, a blurred photo, but you get the idea.  These are relatives I have known my whole life.  Each of them has extended the momentum started so many years ago back in Ireland.

Finally, for historical context, I wanted to show a circa 1930 photo of TJ and Anna and their children, some of whom had already married by this time. 

 My mother, Margaret Cecelia Hayes Sowers, is sitting fourth from the right in the first row.  Her father TJ is sitting front row sixth from the right.  My Uncle Jim Hayes, father of host James P. (also Jim) Hayes is first row on the left. Grandma Hayes is middle row, second from the right.

I come from generations of risk takers, each finding its own personal rewards in lives well lived.  It probably explains to some extent how I ended up at this point in my life as a risk detective and as a university lecturer on ethics, policy, law and risk.

Wednesday, June 24, 2015

Influencing the next generation of risk managers

We've had a busy spring, with cyber hacks continuing to hit not only the private sector  but the government as well.  The most visible breaches took place at two health insurers -- Anthem in February and Premera Blue Cross in March -- and the federal government, where what looked like one breach in the Office of Personnel Management that was detected this spring has turned into at least two large breaches, the other being of security background check information that has evidently been going on for some years.

I spoke last week at SecureWorld Portland, covering some of this information, but mainly to show how to present requests for cyber project funding to executives and to boards.  That engagement came just after the end of the University of Washington academic year.

This summer, we've got a couple of large projects on the ASA side to take care of.  The first is an upgrade of the ASA website, to better reflect the proportion of time I'll be spending over the next years on research and publishing, with a lesser emphasis on consulting.  We've also got a third volume of the Reflections on Risk series to publish.  And I'm trying to put together my speaking calendar for the next year, especially those portions that involve travel.

I become a full time lecturer at the University of Washington's Information School in August.  I'll be developing syllabi for two new (for me) courses I'm teaching this fall.  The first is the mid-career graduate course called "Foundations of Information Management."  The other is my first foray into teaching undergraduates, in a course called "Enterprise Risk Management."   I am really looking forward to both, since it will give me a chance to review and tweak my two graduate risk courses at the same time.

Part of my work at the university involves committee service, and I look forward to work on enhancing the Master of Science in Information Management (MSIM) program offerings. Here's a photo of me with several of my mid-career students in academic regalia at the iSchool Convocation 2015 program in Meany Hall.

  Left to right:  Andrew Magnusson, Matthew Christian, and Kenny Lee.

I am proud of all my students.  They are the next generation of risk leaders.