The No-IT Disaster

What happens when we get all this cool stuff and it all stops working...

(Recovering from) The No-IT Scenario

We are building a world as layered on high technology as it is on regular infrastructure. What used to be pipes and bricks and electrical lines, now have digital equivalents. Automated elevators, software defined traffic management, electric grids, hospitals, water, shipping and supply chains, IT/OT combinations... But unlike infrastructure, software is deeply fragile.

We say systems never get sick, never get tired, and never call in late... but really that is a lie. All three of those happen and when they happen to a system they have a much larger impact radius than when they happen to a single human. A person can be replaced, even the CEO of a company, but no one picks up tasks when the integration engine is sick.

• Gets Sick - this is obvious. We even call them viruses. But poor programming, technical debt, aging, and many other aspects impact systems with obvious analogies to human sickness, age and thinking biases. And of course the most obvious problem... humans often make software 'sick'. We attack each others infrastructure and it is an act of war... but hacking? Where does that fit?
• Never Gets Tired - My first huge system in deployment just about died under load. It was as tired as I was after building it and fixing it. Systems that are working well don't get tired, but how often are they working well? Yes a system can do more work, but that requires exponentially higher amounts of investment (muscle building).
• Never Calls in Late - What do we do when our software cannot show up for work?

No-IT

A well know author and speaker discussed writing this with me. These were his words:

There is a subject that might be worth an article and it is something nobody that works in a real environment (so not a consultant of sorts) — not even I — will dare to write. That subject is "(Recovering from) The No-IT Scenario". I know for a fact that many large organisations are looking into that, mostly triggered by the risks of ransomware, which has slowly been moving to the core/top management layer as a point of attention. A lot of attention is being paid to prevention (security), but No-IT is getting more traction.

The reason nobody wants to talk about it is because everyone wants to remain out of the spotlight when vulnerabilities are the subject. So, there isn't a lot of discussion and even I do not want to start it off as the attention will go to ????, which naturally also doesn't want that kind of attention. But as a result, there is no public discussion whatsoever.

There are many important aspects to this. In fact, it is one of the subjects where we are seeing how completely business and IT have merged after 50 years of IT revolution. And now suddenly the whole landscape becomes an 'item'. Because you get questions like:?

Can we recover if we have to recover from data >6 weeks old? And how would we replay without actually doing teh same transactions all over again?

Can we recover if all our systems have the last known good data state at different moments in time (and don't forget SAAS here)

Contracts assume permanent availability of IT (e.g. asset management instruments often work on a daily basis, e.g. for collateral) and if that is lost, suddenly a company in No-IT will be in default within days (nightmare: a repeat of 2008)

The "No-IT Scenario" is going to be (I suspect) a trigger for serious discussions about out landscapes as a whole. But nobody (not even ????) wants to be mentioned in this discussion, even if ???? is I think a company that takes this very seriously and are preparing as best as we can. The opinion will not take that into account. So everybody keeps their mouth tightly shut. It is a taboo subject.

So this is what I founded Iasa to achieve. I believe the world needs a level of protection that only a real profession can provide. Governments need to take this very, very seriously. Board of directors need to take this very, very seriously.

Executives are used to thinking about technology as an enabling activity. They are used to thinking of it as a kind of simple infrastructure problem. And the 'big' players are used to being cushioned from the activities of the 'smaller' ones. But now we have connected everything. Our global supply chain is so tightly integrated that breakdowns in completely unrelated fields can change our whole business or country overnight.

We need a global, ethically bound profession to balance this. And we need to give them the ability to protect us from it, while also letting them field the responsiblity of those decisions.

Where would we have been in the pandemic without the practice of medicine? Without the care of professionals? Without decades of investment in proper medical practice and care? The Irish healthcare system melted down for a period of time due to technical problems. What happens when this is commonplace? Who does the public hold accountable when the water doesnt turn on, when the heat doesnt work? When companies crash in a matter of days? When transportation fails? When their stocks plummit?

The world is waking up to technology as a major force of stability, instability or cataclysm.

So this is not the article... this is the appetiser to the article. Over the next few months I will be exploring the idea of NoIT. And reporting back what I find. I will write these with the idea that we CAN begin prevention now. We CAN begin to look at systems of systems and what we need to do to grow safely. So that boards can invest their companies wealth in the right things. I will look at sustainability, long term growth, the loosening of vendor control of technology decisions and the ability to build as effective a technical strategy as we do a business strategy.

Areas of Evaluation

• Infrastructure Vulnerabilities
• Complexity and Fragile Systems
• Financial Contracts Reliant on IT
• SAAS, PAAS and Down Stream Impacts
• Highly Regulated Industries
• Operational Technology, IoT and Other EndPoints

What Can Architecture as a Profession Do?

Professions serve as system-wide leadership of critical and complex topic areas. For example, in pandemics, doctors take the role of counselors, researchers, and critical life-saving services. Organization regulation is actually implemented by these well-trained, ethically-bound individuals. So structural engineers must ensure that buildings are prepared for earthquakes. Doctors research possible pandemics or major health changes in populations. And these findings are rolled back into new professionals learning pathways.

This is true of building architects, structural engineers, and other critical professions. However, technology is completely missing this critical social resource. Our technical staff is varied in its background. Our corporations may be bound by regulation but the implementations are shoddy and prone to error. The regulations themselves are often only what can be implemented now and potentially far away from what would be needed if a technology pandemic strikes our software.

What can a profession do? Everything!

1. We can ensure their are rigorously trained professionals of equal caliber available in all essential countries.
2. We can help to offset the global spending spree that new technologies create, which open up major areas of risk.
3. We can research new methods for delivering sustainable, safe technology at the appropriate speeds.
4. We can ensure that stupid mistakes in secondary and tertiary systems delivery are minimized.
5. We can help guide the world when these catastrophies inevitably do hit.

Welcome to the brave new world!