Cyber Doctrine

Cyber Doctrine: Towards a coherent evolutionary framework for learning resilience, ISRS, JP MacIntosh, J Reid and LR Tyler.

A large booklet that provides a critical contribution to the Cyber debate. Here I provide my initial reactions: the document merits more detailed study.

Topics

Scope

Just as financial security is about more than just defending against bank-robbers, cyber security is about more than just defending against deliberate attack, and extends to all aspects of resilience, including freedom from whatever delusions might be analogous to the efficient market hypothesis.

Approach

Innovation is key to a vibrant Cyberspace and further innovation in Cyberspace is vital to our real lives. Thus a notion of security based on constraint or resilience based on always returning to the status quo are simply not appropriate. 

Resilience and Transformation

Resilience is defined as “the enduring power of a body or bodies for transformation, renewal and recovery through the flux of interactions and flow of events.” It is not just the ability to ‘bounce back’ to its previous state. It implies the ability to learn from events and adapt to be in a better position to face them.

Transformation is taken to be the key characteristic. It is not defined, which might lead people to turn to wikipedia, whose notion does not explicitly address complexity or uncertainty. I would like to see more emphasis on the long-run issues of adapting to evolve as against sequentially adapting to what one thinks the current needs are. This may include ‘deep transformation’ and ‘transformation in contact’ and the elimination of parts that are no longer needed.

Pragmatism 

The document claims to be ‘pragmatic’: I have concerns about what this term means to readers. According to wikipedia, “it describes a process where theory is extracted from practice, and applied back to practice to form what is called intelligent practice.” Fair enough. But the efficient market hypothesis was once regarded as pragmatic, and there are many who think it pragmatic to act as if one’s beliefs were true. Effective Cyber practice would seem to depend on an appropriate notion of pragmatism, which a doctrine perhaps ought to elucidate.

Glocalization

The document advocates glocalization. According to wikipedia this means ‘think global act local’ and the document refers to a variant: “the compression of the world and the intensification of the consciousness of the world as a whole”. But how should we conceive the whole? The document says “In cyberspace our lives are conducted through a kaleidoscope of global and local relations, which coalesce and dissipate as diverse glocals.” Thus this is not wholism (which supposes that the parts should be dominated by the needs of the whole) but a more holistic vision, which seeks a sustainable solution, somehow ‘balancing’ a range of needs on a range of scales. The doctrinal principles will need to support the structuring and balancing more explicitly.

Composability

The document highlights composability as a key aspect of best structural practice that – pragmatically – perhaps ought to be leveraged further. I intend to blog specifically on this. Effective collaboration is clearly essential to innovation, including resilience. Composability would seem essential to effective collaboration.

Visualisation: Quads

I imagine that anyone who has worked on these types of complex issue, with all their uncertainties, will recognize the importance of visual aids that can be talked around. There are many that are helpful when interpreted with understanding and discretion, but I have yet to find any that can ‘stand alone’ without risk of mis-interpretation. Diagram 6 (page 89) seems at first sight a valuable contribution to the corpus, worthy of further study and perhaps development.

I consider Perrow limited because his ‘yardstick’ tends to be an existing system and his recommendation seems to be ‘complexity and uncertainty are dangerous’. But if we want resilience through innovation we cannot avoid complexity and uncertainty. Further, glocalization seems to imply a turbulent diversity of types of coupling, such that Perrow’s analysis is impossible to apply.

I have come across the Johari window used in government as a way of explaining uncertainty, but here the yardstick is what others think they know, and in any case the concept of ‘knowledge’ seems just as difficult as that of uncertainty. So while this motivates, it doesn’t really explain.

The top ‘quad’ says something important about conventional economics. Much of life is a zero sum game: if I eat the cake, then you can’t. But resilience is about other aspects of life: we need a notion of rationality that suits this side of life. This will need further development.

Positive Deviancy and Education

 Lord Reid (below) made some comments when launching the booklet that clarify some of the issues. He emphasises the role for positive deviancy and education in the sense of ‘bringing out’. This seems to me to be vital.

Control and Patching

Lord Reid (below) emphasises that a control-based approach, or continual ‘patching’, aren’t enough. There is a qualitative change in the nature of Cyber, and hence a need for a completely different approach. This might have been made more explicit in the document.

Criticisms

The main criticisms that I have seen have been either of the recommendations that they wrongly assume John Reid is making (e.g., for more control) or appear to be based on a dislike of Lord Reid. In any case, changes such as those proposed would seem to call for a more international figure-head or lead institution, perhaps with ISRS in a supporting role.

What next?

The argument for having some doctrine matches my own leanings, as does the general trend of  the suggestions. But (as the government, below, says) one needs an international consensus, which in practice would seem to mean an approach endorsed by the UN security council (including America, France, Russia and China). Such a hopeless task seems to lead people to underestimate the risks of the status quo, or of ‘evolutionary’ patching of it with either less order or more control. As with the financial crisis, this may be the biggest threat to our security, let alone our resilience.

It seems to me, though, that behind the specific ideas proffered the underlying instincts are not all that different from those of the founders of the UN, and that seen in that context the ideas might not be too far from being attractive to each of the permanent members, if only the opportunities were appreciated.

Any re-invention or re-articulation of the principles of the UN would naturally have an impact on member states, and call for some adjustment to their legal codes. The UK’s latest Prevent strategy already emphasises the ‘fundamental values’ of ‘universal human rights, equality before the law, democracy and full participation in our society’.  In effect, we could see the proposed Cyber doctrine as proposing principles that would support a right to live in a reasonably resilient society. If for resilience we read sustainability, then we could say that there should be a right to be able to sustain oneself without jeopardising the prospects of one’s children and grandchildren. I am not sure what ‘full participation in our society’ would mean under reformed principles, but I see governments as having a role in fostering the broadest range of possible ‘positive deviants’, rather than (perhaps inadvertently) encouraging dangerous groupthink. These thoughts are perhaps prompted more by Lord Reid’s comments than the document itself.

Conclusion

 The booklet raises important issues about the nature, opportunities and threats of globalisation as impacted by Cyberspace. It seems clear that there is a consequent need for doctrine, but not yet what routes forward there may be. Food for thought, but not a clear prospectus.

See Also

Government position, Lord Reid’s Guardian article. , Police Led Intelligence, some negative comment.

Dave Marsay

Advertisements

Out of Control

Kevin Kelly’s ‘Out of Control‘ (1994) sub-titled “The New Biology of Machines, Social Systems, and the Economic World” gives ‘the nine laws of god’which it commends for all future systems, including organisations and economies. They didn’t work out too well in 2008.

The claims

The book is introduced (above) by:

“Out of Control is a summary of what we know about self-sustaining systems, both living ones such as a tropical wetland, or an artificial one, such as a computer simulation of our planet. The last chapter of the book, “The Nine Laws of God,” is a distillation of the nine common principles that all life-like systems share. The major themes of the book are:

  • As we make our machines and institutions more complex, we have to make them more biological in order to manage them.
  • The most potent force in technology will be artificial evolution. We are already evolving software and drugs … .
  • Organic life is the ultimate technology, and all technology will improve towards biology.
  • The main thing computers are good for is creating little worlds so that we can try out the Great Questions. …
  • As we shape technology, it shapes us. We are connecting everything to everything, and so our entire culture is migrating to a “network culture” and a new network economics.

In order to harvest the power of organic machines, we have to instill in them guidelines and self-governance, and relinquish some of our total control.”

Holism

Much of the book is Holistic in nature, The above could be read as applying the ideas of Smuts’ Holism to newer technologies. (Chapter 19 does make explicit reference to JC Smuts in connection with internal selection, but doesn’t reference his work.)

Jan Smuts based his work on wide experience, including with improving arms production in the Great War, and went on to found ecology and help modernise the sciences, thus leading to the views that Kelly picks up on. Superficially, Kelly’s book is greatly concerned with technology that ante-dates Smuts, but his arguments claim to be quite general, so an apostle of Smuts would expect Kelly to be consist, but applying the ideas to the new realm. But where does Kelly depart from Smuts, and what new insights does he bring? Below we pick out Kelly’s key texts and compare them.

The nine Laws of God

The laws with my italics are:

Distribute being

When the sum of the parts can add up to more than the parts, then that extra being … is distributed among the parts. Whenever we find something from nothing, we find it arising from a field of many interacting smaller pieces. All the mysteries we find most interesting — life, intelligence, evolution — are found in the soil of large distributed systems.

The first phrase is clearly Holistic, and perhaps consistent with Smuts’ view that the ‘extra’ arises from the ‘field of interactions’. However in many current technologies the ‘pieces’ are very hard-edged, with limited ‘mutual interaction’. 

Control from the bottom up

When everything is connected to everything in a distributed network … overall governance must arise from the most humble interdependent acts done locally in parallel, and not from a central command. …

The phrases ‘bottom up’ and ‘humble interdependent acts’ seem inconsistent with Smuts’ own behaviour, for example in taking the ‘go’ decision for D-day. Generally, Kelly seems to ignore or deny the need for different operational levels, as in the military’s tactical and strategic.

Cultivate increasing returns

Each time you use an idea, a language, or a skill you strengthen it, reinforce it, and make it more likely to be used again. … Success breeds success. In the Gospels, this principle of social dynamics is known as “To those who have, more will be given.” Anything which alters its environment to increase production of itself is playing the game … And all large, sustaining systems play the game … in economics, biology, computer science, and human psychology. …

Smuts seems to have been the first to recognize that one could inherit a tendency to have more of something (such as height) than your parents, so that a succesful tendency (such as being tall) would be reinforced. The difference between Kelly and Smuts is that Kelly has a general rule whereas Smuts has it as a product of evolution for each attribute. Kelly’s version also needs to be balanced against not optimising (below).

Grow by chunking

The only way to make a complex system that works is to begin with a simple system that works. Attempts to instantly install highly complex organization — such as intelligence or a market economy — without growing it, inevitably lead to failure. … Time is needed to let each part test itself against all the others. Complexity is created, then, by assembling it incrementally from simple modules that can operate independently.

Kelly is uncomfortable with the term ‘complex’. In Smuts’ usage a military platoon attack is often ‘complex’, whereas a superior headquarters could be simple. Systems with humans in naturally tend to be complex (as Kelly describes) and are only made simple by prescriptive rules and procedures. In many settings such process-driven systems would (as Kelly describes them) be quite fragile, and unable to operate independently in a demanding environment (e.g., one with a thinking adversary). Thus I suppose that Kelly is advocating starting with small but adaptable systems and growing them. This is desirable, but often Smuts did not have that luxury, and had to re-engineer systems such as production or fighting systems, ‘on the fly’

Maximize the fringes

… A uniform entity must adapt to the world by occasional earth-shattering revolutions, one of which is sure to kill it. A diverse heterogeneous entity, on the other hand, can adapt to the world in a thousand daily mini revolutions, staying in a state of permanent, but never fatal, churning. Diversity favors remote borders, the outskirts, hidden corners, moments of chaos, and isolated clusters. In economic, ecological, evolutionary, and institutional models, a healthy fringe speeds adaptation, increases resilience, and is almost always the source of innovations.

A large uniform entity cannot adapt and maintain its uniformity, and so is unsustainable in the face of a changing situation or environment. If diversity is allowed then parts can adapt independently, and generally favourable adaptations spread. Moreover, the more diverse an entity is the more it can fill a variety of niches, and the more likely that it will survive some shot. Here Kelly, Smuts and Darwin essentially agree.

Honor your errors

A trick will only work for a while, until everyone else is doing it. To advance from the ordinary requires a new game, or a new territory. But the process of going outside the conventional method, game, or territory is indistinguishable from error. Even the most brilliant act of human genius, in the final analysis, is an act of trial and error. … Error, whether random or deliberate, must become an integral part of any process of creation. Evolution can be thought of as systematic error management.

Here the problem of competition is addressed. Here Kelly supposes that the only viable strategy in the face of complexity is blind trial and error, ‘the no strategy strategy’. But the main thing is to be able to identify actual errors. Smuts might also add that one might learn from near-misses and other potential errors.

Pursue no optima; have multiple goals

 …  a large system can only survive by “satisficing” (making “good enough”) a multitude of functions. For instance, an adaptive system must trade off between exploiting a known path of success (optimizing a current strategy), or diverting resources to exploring new paths (thereby wasting energy trying less efficient methods). …  forget elegance; if it works, it’s beautiful.

Here Kelly confuses ‘a known path of success’ with ‘a current strategy’, which may explain why he is dismissive of strategy. Smuts would say that getting an adequate balance between the exploitation of manifest success and the exploration of alternatives would be a key feature of any strategy. Sometimes it pays not to go after near-term returns, perhaps even accepting a loss.

Seek persistent disequilibrium

Neither constancy nor relentless change will support a creation. A good creation … is persistent disequilibrium — a continuous state of surfing forever on the edge between never stopping but never falling. Homing in on that liquid threshold is the still mysterious holy grail of creation and the quest of all amateur gods.

This is a key insight. The implication is that even the nine laws do not guarantee success. Kelly does not say how the disequilibrium is generated. In many systems it is only generated as part of an eco-system, so that reducing the challenge to a system can lead to its virtual death. A key part of growth (above) is o grow the ability to maintain a healthy disequilibrium despite increasing novel challenges.

Change changes itself

… When extremely large systems are built up out of complicated systems, then each system begins to influence and ultimately change the organizations of other systems. That is, if the rules of the game are composed from the bottom up, then it is likely that interacting forces at the bottom level will alter the rules of the game as it progresses.  Over time, the rules for change get changed themselves. …

It seems that the changes the rules are blindly adaptive. This may be because, unlike Smuts, Kelly does not believe in strategy, or in the power of theory to enlighten.

Kelly’s discussion

These nine principles underpin the awesome workings of prairies, flamingoes, cedar forests, eyeballs, natural selection in geological time, and the unfolding of a baby elephant from a tiny seed of elephant sperm and egg.

These same principles of bio-logic are now being implanted in computer chips, electronic communication networks, robot modules, pharmaceutical searches, software design, and corporate management, in order that these artificial systems may overcome their own complexity.

When the Technos is enlivened by Bios we get artifacts that can adapt, learn, and evolve. …

The intensely biological nature of the coming culture derives from five influences:

    • Despite the increasing technization of our world, organic life — both wild and domesticated — will continue to be the prime infrastructure of human experience on the global scale.
    • Machines will become more biological in character.
    • Technological networks will make human culture even more ecological and evolutionary.
    • Engineered biology and biotechnology will eclipse the importance of mechanical technology.
    • Biological ways will be revered as ideal ways.

 …

As complex as things are today, everything will be more complex tomorrow. The scientists and projects reported here have been concerned with harnessing the laws of design so that order can emerge from chaos, so that organized complexity can be kept from unraveling into unorganized complications, and so that something can be made from nothing.

My discussion

Considering local action only, Kelly’s arguments often come down to the supposed impossibility of effective strategy in the face of complexity, leading to the recommendation of the universal ‘no strategy strategy’: continually adapt to the actual situation, identifying and setting appropriate goals and sub-goals. Superficially, this seems quite restrictive, but we are free as to how we interpret events, learn, set goals and monitor progress and react. There seems to be nothing to prevent us from following a more substantial strategy but describing it in Kelly’s terms.

 The ‘bottom up’ principle seems to be based on the difficulty of central control. But Kelly envisages the use of markets, which can be seen as a ‘no control control’. That is, we are heavily influenced by markets but they have no intention. An alternative would be to allow a range of mechanisms, ideally also without intention; whatever is supported by an appropriate majority (2/3?).

For economics, Kelly’s laws are suggestive of Hayek, whereas Smuts’ approach was shared with his colleague, Keynes. 

Conclusion

What is remarkable about Kelly’s laws is the impotence of the individuals in the face of ‘the system’. It would seem better to allow for ‘central’ (or intermediate) mechanisms to be ‘bottom up’ in the sense that they are supported by an informed ‘bottom’.

See Also

David Marsay

Regulation and epochs

Conventional regulation aims at maintaining objective criteria, as in Conant and Ashby. They must have or form a model or models of their environment. But if future epochs are unpredictable or the regulators are set-up for the short-term, e.g. being post-hoc adaptive, then the models will not be appropriate for the long-term, leading to a loss of regulation at least until a new effective model can be formed.

Thus regulation based only on objective criteria is not sustainable in the long-term. Loss of regulation can occur, for example, due to innovation by the system being regulated. More sustainable regulation (in the sense of preserving viability) might be achieveable by taking a broader view of the system ‘as a whole’, perhaps engaging with it. For example, a ‘higher’ (strategic) regulator might monitor the overall situation, redirect the ‘lower’ (tactical) regulators and keep the lower regulators safe. The operation of these regulators would tend to correspond to Whitehead’s epochs (regulators would impose different rules, and different rules would call for different regulators).

See also

Stafford Beer.

David Marsay

Scientists of the subprime

‘Science of the subprime’ is currently available from BBC iplayer.

Overview

Mathematicians and scientists were complicit in the crash. Financiers were ‘in thrall to mathematics’, with people like Stiglitz and Soros ‘lone voices in the wilderness’. The ‘low point’ were derivatives, which were ‘fiendishly complicated’, yet ‘mathematical models’ convinced people to trade in them.

The problem was that liberalisation led to an increase in connectedness, which was thought to be a good thing, but that this went to far and led to a decrease in diversity, which made the whole system very fragile, eventually crashing. This was presented by Lord May from an ecological perspective.

Perhaps the most interesting part was that Lord May had tackled his lunching partner Mervyn King before the crash, and that in 2003 Andrew Haldane had independently come up with a ‘toy model’ that he felt compelling, but which failed to gain traction.

After the crash, none of the mainstream mathematical models gave any insight into what had gone wrong. The problem was that the models concerned single-point failures, not systemic failures [my words]. Since then Haldane and May have published a paper in Nature showing that structure matters.

The new activities are to generate financial maps, much like weather maps and transport maps.

One problem is diversity: the solution is

  • To ensure that banks suffer the consequences of their actions [no ‘moral hazard’].
  • To ’tilt the playing field’ against large players [the opposite of what is done now].

Another problem is the expectation of certainty: it must be recognized that sensible models can give insights but not reliable predictions.

In summary, the main story is that physics-based mathematics led decision-makers astray, and they wouldn’t be persuaded by Lord May or their own experts. There were also some comments on why this might be:-

Gillian Tett (FT) commented that decision makers needed predictions and the illusion of certainty from their models. A decision-maker commented on the tension between containing long-term risk and making a living in the short-run [but this was not developed]. Moreover, policy makers tend to search for data, models or theories to support their views: the problems are not due to the science as such, but the application of science

Comments

  • This broadly reflects and amplifies the Turner review, but I found it less appealing than Lord Turner’s recent INET interview.
  • Gordon Brown ‘at the top of the shop’ shared these concerns, but seems unable to intervene until his immediate post-crash speech. This seems to raise some interesting issues, especially if the key point was about financial diversity.
  • The underlying problem seems to be that the policy-makers and decision-makers are pragmatic, in a particular sense.
  • Even if the complexity explanation for the crash is correct, it is not clear that this is the only way that crashes can happen, so that pragmatic regulation based on ‘carry on but fix the hole’ may not be effective.
  • The explanations and observations are reminiscent of Keynes, Stiglitz, Soros and Brown have all commended Keynes pre crash, and many have recognized the significance of Keynes post-crash. Yet he is not mentioned. Before the 1929 crash he thought the sustained performance of the stock market remarkable, rather than taking it for granted. His theory was that it would remain stable just so long as everyone was able to trade and expected everyone else to be able to trade, and the central role of confidence has been recognized ever since. The programme ignored this, which seems odd as the behaviourist are also quite fashionable.
  • Keynes underpinning theory of probability [not mentioned] is linked to his tutor’s, Whitehead’s, process logic, which underpins much of modern science, including ecology. This makes the problem quite clear: if mathematicians and scientists are employed by banks and banks are run as ordinary commercial organisations then  they will be focussing on the short-term. The long-term is simply not their responsibility. That is what governments are for (at least according to Locke).  But the central machinery doesn’t seem to be up to it. We shouldn’t blame anyone not in government, academia or similar supposedly ‘for the common good’ organisations.
  •  There were plenty of mathematicians, scientists and economists (not just Lord May) who understood the issues and were trying hard to get the message across, many of them civil servants etc. If we don’t understand how they failed we may find ourselves in the same position again. I think that in the 90s and 00s everything became more ‘commercial’ and hence short-term. Or can we just kick out the Physicists and bring on the Ecologists?

See Also

General approach

Dave Marsay