I have long been suspicious of the increasing trend towards “centralisation”; be that in networks, Government or services. The root of my suspicion lies not in some fear of a “Big Brother” scenario but rather in the vulnerability of centralised systems.  To put it bluntly both “the bad guys” and natural disasters have an easy target!

Given the onslaught of  “Open-source warfare” (See John Robb, et al), which seems to be permeating the globalised world, and the threat of natural disasters brought about by increasingly violent weather conditions, attributed to Global Warming, it seems nonsensical to continue with these 20^th century ideas of “Command and Control” centres.

During World War I & II it was sensible, given then constraints of the available technology, to create “National Defence” systems: The Maginot Line, the Coastal Defences in The Solent Estuary etc.  In the 21^st century these notions are becoming increasingly redundant; as the enemy is not another nation state or discreet group that has a definable powerbase from which the threat of attack can be extrapolated.  Yet our governments, increasingly, respond to the “terrorist threat” by creating ever more centralised command and control processes.

During the Cold War this was inevitable and probably wise. In the new age, brought about by the Internet and technological revolution of the last 15 years, it seems like continuing to have a “man with a storm lantern” on the Cliffs of Dover to watch for the Napoleonic Fleet (a practise which was upheld until 1910 according to anecdote)!

I spend a lot of my time engaged with public safety agencies who subscribe to the “old world” model and my message is always the same: “Groove is of its time!”   The response, to be honest, varies from group to group; but overwhelmingly sways to the “old world” model.  I must admit to being frustrated, in what I imagine to be the same way that the inventors of the internal combustion engine became when they tried to convince the “Horse & Buggy” manufacturers about the new way forward, must have become.

Let’s go back to basics; the Internet, as we all know, evolved from DARPANET, which was the US Defence departments response to the cold war threat.  It was a multiple redundant set of servers using a connectionless communications protocol (TCP/IP) for connectivity in the event that one server would be destroyed in a nuclear attack by, the now defunct, Soviet Union.

50 years later, we are now, putting all our eggs in one basket by creating these massive data-centres, where we are creating single points of failure in our networks.  Exposed, not only to terrorist attacks, but also to freak weather storms.

The conversations with the organisations that I engage with, public and private, have the same tone: “We need to control everything that happens centrally and we need to monitor everything centrally”.  While I don’t blame my interlocutors, I begin to wonder whether they are more wrapped up in security as a “feeling” as opposed to delivering security as a reality.  The reality is pretty grim; there is no such thing as total security!  And the reason for this is that a ”totally secure” computer system/network is so “locked down” that it is completely unavailable to the user community.  If a PC is unplugged from the mains electricity, and the network, it is probably safe.  I say “probably safe” because someone could steal the hardware device and gain access to the data; given the incentive and access.

Security is about “defence in depth”.  What is your appetite for risk?  What risk are you concerned about?  What steps can you take to mitigate yourself from that indentified threat?

If I were in charge of Public Safety for a broad group of citizens I would be ensuring that the populace could protect itself and look after itself in the event of an attack to its status quo, rather than relying on an antiquated “Command and Control” infrastructure that is not resilient to single point of failure.

I hope that I am starting a debate here.

Check out this link for more information about how we can help with crisis response systems: http://www.microsoft.com/industry/publicsector/government/crisis.mspx