How often during an average week in your role do you make a "Trust Decision"? When you think about the factors associated with what really is going on when you make a decision to trust, it is beyond comprehension. Or is it?
The thousands of "Trust Decisions" that you will make as an Operational Risk Management (ORM) professional this week span every hour of your waking day. The portfolio of decisions to trust involve other people, processes, machines, computers and rules. As these words are typed on this computing machine from Apple, many more decisions have already been made about trust.
A recent visit to a California symposium on "Cyber 2026," looked into the crystal ball on how our society and environment will evolve in the next ten years. Topics included the threat landscape and our levels of machine learning hygiene. The Internet-of-Things (IoT) was mentioned along with the latest on adding more integration with your "Smart Car" and your "Smart Phone". This is just the beginning.
What needs to happen next? The dialogue on digital trust is now becoming a prominent theme with significant effort occurring in the published press and on Amazon. Business units from pwc and Accenture are pivoting people, resources and thought leadership towards the topic for good reason. The next reengineering revolution is ready for prime time.
It has taken us the last ten years since 2006 to evolve with the cloud and the trust associated with handing over our data to a third party. We have migrated vital core software systems to be managed by AWS, Microsoft Azure and Google. These managed solutions provide the Small-to-Medium-Enterprise with the opportunity to scale their business without tremendous capital expenditure.
Yet we continue to find ourselves making daily and hourly decisions to trust, while interacting with computing machines with that back of the mind feeling, can this really be trusted? Should I click on this link in my e-mail? How shall I respond to this LinkedIn message from a person I have never met face-to-face? As humans we are making "Trust Decisions" without even thinking about the science and systems mechanics of what underlies the components and process. We just do it.
The rules. Now think about your daily routine and the "Trust Decisions" you make. How often are your decisions to trust intersecting with rules. Rules codified into laws. Rules codified into software. Rules codified into religion. Our world is about rules and how we either interact or ignore the rules:
A month after a Los Angeles hospital was crippled by crypto-ransomware, another hospital is in an "internal state of emergency" for the same reason. Brian Krebs reports that Methodist Hospital in Henderson, Kentucky, shut down its desktop computers and Web-based systems in an effort to fight the spread of the Locky crypto-ransomware on the hospital's network.Unfortunately, the trust decisions that we make each day can be catastrophic. Whether it be online, or because we are just following the rules in Brussels:
Yesterday, the hospital's IT staff posted a scrolling message at the top of Methodist's website, announcing that "Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web-based services.
Although this nation of 11.2 million has sent more foreign fighters per capita to the Islamic State than any other country in Europe, Belgium has a relatively small security apparatus. Brussels, the capital, is home to 2,500 international agencies and organizations, including NATO and the E.U. headquarters. Yet nationwide, the Belgian federal police have a total force of approximately 12,000.As we accelerate towards 2026 and beyond, it will require us to better design our systems, society and the rules associated with operating our cities, companies and countries. How can we hope to achieve this without understanding the root cause and the outcomes of our trust decisions? How will we reengineer our software to assist the human or artificial intelligence (AI) in writing the rules that shall "Enable Digital Trust of Global Enterprises".
The Belgian police have also been hampered by bizarre rules. According to Belgian Justice Minister Koen Geens, just two days after the Paris attacks Abdeslam was “likely in a flat in Molenbeek.” But because of the country’s penal code, which prohibits raids between 9 p.m. and 5 a.m. unless a crime is in progress or in case of fire, police were ordered to wait until dawn to pursue him. By then, Abdeslam was nowhere to be seen.
The pace of technological change has far surpassed our ability to write the new rules for our next generation and beyond as humans alone. We shall now embark on a purposeful mission to enlighten our leadership and the engineers of our vast digital environments, on how to reengineer our rules, for the safety, security and privacy of a more certain future making our daily trust decisions.