By. Michael J. Corby CCP, PMP, CISSP
The Vision from 1989
Computer systems as we know them were in their infancy in the waning moments of the 1980’s and the early years of the 1990’s. Systems were still largely segregated by manufacturer. IBM shops had no DEC equipment anywhere, and vice versa. HP systems were found in manufacturing plants, and the world of CAD/CAE was dominated by stand alone graphical units that were the engineering versions of the memory typewriter.

As a CIO, my primary responsibilities were to integrate applications, reign in the size of databases and figure out how to integrate the Personal Computer into the work environment productively. Security was being promulgated in the form of model architectures and the “rainbow series”

Bang!

Within the next ten years, we were enveloped in the “dot-com” boom. Technology permeated every aspect of our lives. Billion dollar companies sprinkled the plethora of Silicon Valleys that were created across the country and the world in respectful imitation of their California heritage. What were we envisioning from the Information Security domain?
In many instances, what we were looking to do was revolutionary. We saw that virus code and other malware instances were gaining in popularity and Scott McNealy from Sun Microsystems warned that there is no longer any digital privacy .
So what have we actually done? Sometimes we have seen a revolution, sometimes we have seen a slower crawl forward, something we’ve seen nothing in 20 years. Let’s take a look at what has transpired over the past score of budget cycles:

Human Resources and Staffing
In 1989, security professionals were either writing crypto code for the military or were hanging backup tapes in a data center.
Today we are blessed with more than a dozen ways of measuring the security competence of our staff. We have training programs and conferences up the wazoo and enough credentials to exhaust a box of alphabet soup.
Verdict: Revolution

Network Architecture
In 1989, open systems were beginning to babble to each other. Communications was over leased lines or internal networks. Nobody ever used dial-up public communications for sensitive data (if you knew what data was actually sensitive).
Secure network architecture is now available on the shelf at the office supply store. Data in flight is routinely encrypted over public networks, and a major sub industry to monitor, trace, prevent, and identify rogue communication attempts have flourished.
Verdict: Revolution

Systems Development
The good old five (or six depending on your school of thought) phase approach to designing systems was de rigeur in 1989. Application teams went through stages of Scope, Design, Programming, Unit testing (& System Testing) and Implementation. Once all this as done, someone may have asked: “What about backup and recovery?”
The method is the same. Only some of the questions have changed. The question of compliance with laws and industry standards is now part of the design stage of major applications. Along with the questions come the parameters of secure application architecture. Several models exist, but are employed primarily by those who are up on the latest trends.
Verdict: Evolution

Monitoring and Forensics
In 1989, logs were generated and maybe printed. Tracing events were rare, but also largely unnecessary. Nearly everything could be reproduced or rerun if something bad happened, and only occasionally could people actually commit crimes with computers. (I remember in the mid 80’s in several states, computer crimes existed only when someone hit somebody else with a keyboard.)

Today, compliance laws and industry regulations have tightened the need for monitoring and active event investigations. Not only do you need to print the logs, you also need someone to review them. A log scanning software industry is being born. Can you hear it?
Verdict: Revolution

Business Awareness
Finally, let’s take a look at what the business sees as Information Security. I had a discussion with my company CEO regarding a security policy. We designed and built coal-fired steam-driven power plants. His answer was “Everyone knows that water boils a zero degrees centigrade at sea level. We don’t have any trade secrets.” Obviously national defense and some very creative industries were concerned, but not the average commercial organization.

Business Continuity and Data Privacy concerns are starting to find their way into board room discussions. Hurricanes, floods, terrorism are dominating the discussion of companies concerned about maintaining industry presence. Regulated industries are leading the way at identifying, segregating and protecting data that must be kept private. Laws are replicating like rabbits in a dark room. We are only seeing the beginning.

Verdict: Slow Starting Revolution

Summary
In these and other areas, we have made substantial progress in information security over the past 20 years. There is more to come. Here’s my prediction: over the next 20 years, security will be embedded in all information management technology. Data segregation will be the usual architecture, trace logs and factual responses to “how did that happen” will be commonplace. Hackers and malware will exist but will be just an annoyance.

Hmmm. Didn’t I say that in 1989?

“You have zero privacy anyway. Get over it.” Reported in a blog by Manes, Stephen (2000-04-18). “Private Lives? Not Ours!”. PC World 18 (6): 312. ISSN 0737-8939. http://www.pcworld.com/article/16331/private_lives_not_ours.html. Retrieved 2009-09-29.

By Charles Cresson Wood

Peak oil is a topic that should be of great concern to all business contingency planners and all information systems contingency planners. It will profoundly affect the way that we all do business in the years ahead. If we don’t have enough energy, electricity supplied by the grid may be intermittent or degraded in quality. If we don’t have enough energy, timing-related bottlenecks in the computerized processes that we have designed may be created (some older readers may remember the long lines at gas stations in the 1970s). If we don’t have enough energy, staff may not be able to commute long distances to get to work in personal automobiles, and may therefore be forced to telecommute. If we don’t have enough energy, long-distance business arrangements, such as the use of offshore staff to perform certain tasks, may no longer be economically viable. There are many other contingency planning related impacts, but the nature of these will be specific to each organization, and will need to be illuminated via business impact analyses.

From many different credible and highly placed sources we are today hearing about the dire energy situation that industrialized civilization faces. Industrialized countries have remained dependent on oil for way too long. As evidence of this consider that fully 50% of the energy consumed in the United States comes from petroleum. Even though the notion of peak oil is now frequently discussed in newspapers, magazines, TV shows, we the industrialized nations are not moving to new sources of energy fast enough to avoid serious and painful adjustment problems. Dr. Fatih Birol, chief economist with the International Energy Administration, accurately summed it up when he recently said: “We must leave oil before it leaves us.”

According to statistics from the United States Energy Information Administration, the worldwide production of conventional oil has been on a plateau for the last several years (about 73 million barrels per day). In spite of a dramatic run up in prices culminating with the price of $147 per barrel in July 2008, producers were unable to bring more oil to market. This fact defies a widely-held but erroneous belief advanced by traditional economists, that producers will bring more oil to market as the price goes up. That of course makes sense if there is an unlimited supply of oil, but as the worldwide production statistics indicate, we seem to have reached peak worldwide production, and it is only down from this point forward. It’s time that the economists started adjusting their theories to incorporate the real world of resource constraints.

Those readers who have some passing familiarity with the concept of peak oil have no doubt seen a picture of the traditional statistical distribution known as a “bell shaped curve.” These bell shaped curves make sense to people, because in a world with finite resources, what goes up, must come down. These symmetrical bell shaped curves are however lulling us into an attitude of complacency, leading us to believe that we have decades to move off of oil. This is just not so, and this article discusses five serious reasons why this erroneous perception needs to promptly be abandoned.

The bell shaped curve customarily applied to peak oil was popularized by the late geophysicist Dr. M. King Hubbert. He predicted the total United States production of oil would peak on or about 1970. His prediction was accurate, and this type of curve did relatively well when it came to describing the total production of oil in the United States. But total world production of oil does not have another source that it can draw upon when worldwide supplies dwindle, as the United States did back in 1970. Social and economic panic and upheaval were avoided when the United States hit its internal peak oil because it could easily purchase additional supplies from the world marketplace. The social and economic upheaval that worldwide peak oil will bring about will be marked by hoarding, stockpiling, speculators cornering the market, long-term contracts pushing spot market buyers out of the market, government corruption, widespread rationing, and a host of other problems. These maneuvers will rapidly remove oil from the marketplace, and the intensifying competition for the remaining supplies will cause the price to rapidly go up.

The second reason why the drop off in world oil supplies will be steeper that the increase was involves exports. A very large percentage of the remaining oil supplies, perhaps half, is controlled by countries in the Persian Gulf (Iran, Iraq, Kuwait, Saudi Arabia, and United Arab Emirates). These countries are rapidly industrializing and in the process, as you might expect, their consumption of oil is rapidly increasing. As their production is declining in the years ahead, an increasing proportion of their production will go to meet domestic needs. This means that a decreasing proportion of their already declining production will be offered for export. At some point, there will be no more exports, as these countries will use all available supplies for internal consumption purposes. Countries such as the United States, that are big importers of oil, stand to be quickly cut off from their oil supplies. Thus the available exports of oil will come to a much more rapid end than total world production of oil, which in turn will be much more rapidly decreasing than the symmetrical bell shaped curve would lead us to believe.

The third reason why world supplies of oil will drop off more rapidly than anticipated involves rapidly developing countries, most notably although certainly not limited to India and China. These countries are working hard to be able to support something like an American lifestyle, including high levels of energy consumption. World oil demand has recently been increasing at about 2% per year, but to fuel the recent economic development of these countries, there will be a markedly increasing worldwide demand for oil. For example, Time magazine reports that China’s oil imports have doubled over the last five years (about 12% compounded each year). Thus the world will soon be drawing down remaining oil supplies at a faster rate than we were drawing down supplies in the recent past. This accelerated demand for, and the accelerated consumption of oil means that the downside slope of the peak oil curve is going to be much steeper than we currently anticipate.

The forth reason why world supplies of oil will decline far more rapidly than we anticipate involves modern technology. We are now able to drill for oil in the Artic, more than 10,000 feet below the sea, and in other inhospitable places that we could not economically drill in some fifty years ago. This fact reflects advancements in modern technology, such as computers to model geological deposits of oil. The fact that we have to go to these inhospitable places to get more oil is another indicator that we’re running out of it. But this impressive new technology allows us to accelerate our extraction of oil, in an effort to meet the accelerating demand mentioned in the last paragraph. Imagine the bell shaped curve except it is going to be pushed out on the upper right side. In other words, we will be producing slightly below peak levels for a brief while, on a plateau of sorts, and this will be a plateau created by this modern technology. Using elementary calculus, which assumes that the area under the curve remains the same, in other words assuming we have only so much oil available in the world, we can readily determine that when this area is pushed out, another area must be pushed in to compensate. Since everything to the left of this current peak moment is history, and therefore cannot be changed, the only thing that can be changed is the height of the curve (production) in the future. Said a different way, by sustaining our high-energy consumption lifestyle, we are prematurely consuming the oil that would otherwise be left for future generations. In other words, the bell shaped curve will in reality look more like a wave moving to the right (through time), and the wave is just about to come crashing down.

The fifth reason why world oil supplies will decline considerably faster than we now generally believe involves the fact that we produced the least expensive oil first. It is simply common sense, that oil producers would initially focus on the removal from the ground of the oil that was easiest to get to, that was the least expensive to refine, that was the easiest to handle, and that was the least expensive to pump. Reflecting this reality, we now see producers mining the “tar sands” of Canada in an effort to cook the oil out of these sands. Not only is this effort tremendously environmentally destructive, but it consumes a great deal of energy in order to produce oil. Thus the cost of producing each barrel of oil is going up. At the same time, the quality of each barrel thereby produced continues to go down. Combining these two trends, we see that the world will reach a point where it is no longer economical to produce any oil. Mind you, this occurs considerably before the point where the world runs out of oil, and so the curve of world oil production does NOT reflect the relationship that individuals have with the gas tank in their cars. We can’t just keep going until we run out. A lot of oil will be left in the ground because it simply won’t make sense to produce it. Certain locations will meet this point sooner than others, but as more and more locations do reach this point, they will remove themselves from the roster of the remaining oil producers. This in turn will hasten the descent of available oil supplies.

As these five points argue, the day of reckoning is a lot sooner than many of us would like it to be. We do not have decades to transition to alternative energy. It appears as though we have only a few years. We need to get underway with very serious efforts to transition away from petroleum immediately. Government agencies, businesses, non-profit organizations, families, and individuals should all be thinking hard about what their transition to a post-petroleum world looks like, and then promptly get into action with this transition.

—–
In addition to being an information security consultant, Charles Cresson Wood, MBA, MSE, is a sustainability management consultant with Post-Petroleum Transportation, based in Mendocino, California. His most recent book is entitled Kicking The Gasoline & Petro-Diesel Habit: A Business Manager’s Blueprint For Action (www.kickingthegasoline.com).