Creative Commons Copyright

Wednesday, October 19, 2016

Story for Anna and Luke: My Old Denim Jacket

I've had this Lee Storm Rider jacket since I was a sophomore at Durango High School, purchased in the fall of 1975. Most every boy in high school at that time, wore a denim jacket. This one is insulated with a flannel liner, which made it very warm in those Durango winters, when winters were deep and cold, not like today.

Dad bought it for me at Basin Co-op. I only wear it about once or twice a year now; don't want it to fall apart. The left cuff has damage from battery acid-- from jump starting our tractor. I remember Dad warning me to clean it thoroughly as soon as possible, otherwise, it would "eat it away like cancer."

The jacket was stolen while I was at a party during college, probably in 1981. About a month after the party, I saw a fellow wearing it in downtown Durango at a bar-- The Sundance Saloon. I politely approached him, though I was pretty tense. He claimed the jacket was his. I said, "I'm pretty sure it's mine and if it's mine, there's a blood stain about the size of a thumb on the left sleeve just below the elbow."

A friend was with him and my friend, Steve Janes, was with me. The fellow lifted his arm up and we all saw the stain. There was about five seconds of awkward staring at each other, then he took the coat off and handed it to me without saying anything. I said thanks, and that was the end of that.

Steve was always much more interested in fighting than me, so he was a great backup, but I was definitely not going to leave without that coat. It had all sorts of sentimental value, especially since Dad had died just a couple of years before, in 1978.

Monday, October 10, 2016

Hacking Into Our Voting Systems

In 1993, Ron Gault and I met with the Federal Election Commission after our NSA-contracted team at TRW identified several very easy ways to hack into the then-emerging computerized voting systems. We warned the FEC about the possibility of election fraud and manipulation. Their response was interesting: (1) We don't regulate or certify voting systems; that's up to each state to manage; and (2) There are always errors in counting votes. We recognize there are inaccuracies but those inaccuracies are small compared to the total number of votes, and would therefore not impact the outcome.

Fast forward to the Gore/Bush runoff in Florida, where a few votes most definitely mattered. Fast forward again to today, and the sophistication of Russian hackers, as described in this Wall Street Journal article, "U.S. Intelligence Chief Suggests Russia Was Behind Election-Linked Hacks."

Our computerized voting systems are still an unregulated, unprotected hacker's dream. Their only saving grace is that they are, for the most part, only partially networked; thus the propagation of an attack is more difficult.

This is going to be a very interesting election.

Thursday, October 6, 2016

Memory for Anna & Luke: October 2011 with Grandma Sanders

I took this picture five years ago to the day, between Dunton and Rico, Colorado.

Oct 6, 2011 was my first day moving back home, after leaving Durango in 1983 for the Air Force. Coming back home was an easy, yet scary decision, not knowing exactly how I was going to earn a living or what it meant to my career. But it turned out to be one of the best decisions of my life. God took over.

This day was the first time that my mom, Ruby Sanders, had been on that road in over thirty years, since my dad, Doyle Sanders, died in 1978. She had lived alone ever since, but was always busy, loving and outgoing. I moved back to spend time with her while she was still healthy. Two and a half years later, she died in her sleep, in her bed, in her home of over 60 years, where our family was raised.

I spent a lot of time growing up, with my dad, hunting and exploring in these mountains, meadows and flats in the west fork of the Dolores River. When Mom and I saw this scene on this drive, it felt like a sign from Dad, "I'm here with you, pardner. You're back home. You're supposed to be here."

Monday, August 22, 2016

One of My First Paying Jobs

This time of year, as a kid, I’d be getting ready to take my steers to the livestock auctioneer in Cortez, Colorado.

Dad would loan me the money to buy 3-4 steers in April, I would put them on pasture-- he would charge me a grazing fee-- then feed them grain the last two weeks of August and sell them in early September, hoping for about a 1.5 lb average gain/day over those months. I would usually make about $400-$500 profit on the whole deal. That was a lot of money at the time-- mid 1970s.

The stories along the way were priceless-- all the weird things that would happen while raising those steers and taking care of them-- like the one “crazy” steer—with horns-- that would charge you if you weren’t on a horse. We warned the auctioneer, but that steer charged the handler at the livestock pen, hooked the guy’s pants and threw him over the fence. As a teenage boy, nothing was funnier.

I practiced and practiced until I could do a pretty good version of the auctioneer. I can still do it…I uncork it in the morning when shaving…pretending to sell my razor.

Saturday, August 13, 2016

40-Year Old Matches

My dad carried these matches in the glove box of his truck. He died in 1978 and I've toted them around the world, ever since. The top of the pill bottle was white at one time. It's a nice shade of yellow from age now. We spent a bunch of time in very remote places in the days before cell phones, when southwestern Colorado and the Four Corners weren't nearly as populated or visited as today, and cars and trucks weren't as reliable. You never knew when a campfire or signal fire might be necessary. I have no clue why they are sentimental, but they are... or how I've managed to hang onto them, given how many times I've moved.

These are "strike anywhere" matches, by the way. I don't think you can't buy them anymore. I don't see them at the grocers story, anyway. All you needed to light these was a good rock or, if you really wanted to flash your bad ass wild west colors, you could light them with a fast swipe on the backside of the leg on your Levi's. You can't do that anymore.

Life is fascinating.


Monday, July 25, 2016

Buck Meets Magpie

I caught this moment behind our house in Durango, July 2015. The magpie came swooping in and landed softly on the buck's butt and sat there. The buck kept eating, head down. The magpie just sat there. Then the buck twitched his tail. Magpie didn't move. Buck raised his head, turned around to look at the magpie, and they met nose-to-nose. The buck went back to eating, and the magpie sat there for a few more moments, then flew off, satisfied that he had accomplished his shenanigans. :)

Sunday, July 17, 2016

Don't Worry, Just Think

For my daughter and son...

This thought came to me this morning: "Don't worry, just think" and the meaning that came with this thought was, "thinking" means you are learning and reflecting and actively involved in solving a problem, if you can solve it, or accepting it if you can't. Worrying means your are digging a hole.

Stop digging. Start thinking.


Saturday, July 9, 2016

My Early Days in Cyber Warfare

I was prompted to write this blog by the release of a new movie, Zero Days, about the US cyber warfare strategy against Iran's nuclear weapons program.

In 1989, I resigned from the Air Force as a C4I officer (Command, Control, Communications, Computers and Intelligence). My specialty in the Air Force was nuclear warfare planning and execution. I was also an airborne nuclear launch control officer; one of a handful of officers selected to fly aboard the Operation Looking Glass airborne command post with the responsibility to "turn keys" and launch all 1,000 Air Force nuclear intercontinental ballistic missiles (ICBM), as well as disseminate coded Presidential orders to launch nuclear armed submarines and bombers. Little known fact: We held all the same codes that the President carries in the "football" and had the ability to issue those launch codes and orders without the approval of the President.

After the Air Force, I took a job with TRW, working for Ron Gault. Ron had a deep background in nuclear weapons surety-- the combined expertise of security and safety, as described in this Department of Defense Directive. He hired me because of my background in nuclear weapons C4I. He had deep knowledge at the engineering level of the weapons-- the warheads, propellant, rocket motors, cryptography, guidance and targeting systems, etc. I had deep knowledge at the national command and control level. Between the two of us, we knew more about the top-to-bottom operation of our US nuclear weapons than any two people in the world at the time. Ron is still in this business and is now known as "The Godfather" of nuclear surety.

We applied our knowledge of nuclear command and control in various ways, working for TRW, the Air Force, Navy, Army, and National Security Agency. In particular, we specialized in very formal and sophisticated risk and threat analysis associated with our US nuclear weapons, making sure that they could only be used as authorized and intended, protecting them from both deliberate hostilities from enemies and terrorists, as well as accidental misuse by US military and civilian personnel. We were responsible for identifying and exploiting any and all vulnerabilities in the US nuclear command and control system, from the President to the warheads. We would dream up every imaginable threat scenario, then try to model it, probabilistically. For some of the more outlandish scenarios, we would collaborate with the national labs, such as Sandia and Los Alamos, to build the technology and implement the scenario. The code words to describe the nuclear incident scenarios that we were most concerned with were Pinnacle, Bent Spear, Broken Arrow, NUCFLASH, and Empty Quiver.

Under the Nunn-Lugar Cooperative Threat Reduction Program, our US-based work eventually led to the same sort of threat analysis but this time applied to the nuclear weapons that were associated with the former Soviet Union. After the collapse of the Soviet political system, so followed the collapse of the military command and control structure of their nuclear weapons, especially those weapons that were stored outside the boundaries of Russia in what are now known as the former Soviet bloc. Virtually every US-hostile country and terrorist group in the world were highly motivated to exploit this breakdown in Soviet nuclear weapons' control. Those hostile forces were literally racing the US to get their hands on those weapons and technology before we did. Under Project Sapphire and other related operations, we won the race.

Those enemies of the US have never stopped their attempts at acquiring a nuclear weapon. Sooner or later, those enemies, particularly terrorists, will likely succeed, but not by stealing a weapon or building one. I believe they will acquire a nuclear capability through a state-sponsored third party such as North Korea, Iran, or possibly Pakistan. In this scenario, a terrorist organization will negotiate with one of these nation states that possess a nuclear weapon who is also hostile to the US, or western society in general. Neither North Korea nor Iran will ever use a nuclear weapon directly against the US or a US ally because they know that it would mean the end of their country. They will collude with a terrorist organization that has no nation state, and cannot be directly targeted for retribution by the US.

In the mid-1990s, our threat analyses identified numerous opportunities for hostile nations and ideologies to utilize commercial-off-the-shelf (COTS) software and hardware as a medium for attacking our nuclear command and control system. Commercial software-- such as Windows, Unix, and DOS-- and commercial CPU chips and memory were making their way into the periphery of US weapons systems, including our nuclear command and control. Many of those chips were being manufactured overseas where enemy states and actors could easily insert malicious code into the firmware. We proposed to TRW that we initiate a formal research and development (R&D) program into this growing threat, and it was approved and funded.

Fast forward to 2010 and the Stuxnet virus that targeted Iran's nuclear centrifuges by inserting malware in commercial-off-the-shelf industrial control systems, which was a component of a larger cyber warfare strategy against Iran known as Operation Olympic Games, as portrayed in the documentary, Zero Days.

Ron and I, and our team, were the first on the scene of cyber warfare that exploited COTS software and hardware. It was easy to see then, that this would become a new battleground-- why drop bombs or take more overt measures when you can do much more damage through commercial software to an enemy state, with no attribution to your forces?

As a career, healthcare has been rewarding, but not nearly as interesting or rewarding as working with Ron during this time. I often find myself wanting to return to this line of work, but, of course, it has its downsides and dangers. My 2-year old daughter, Anna, and 6-month old son, Luke, keep me grounded in reality. They more than fill the gap of reward and fulfillment.

Tuesday, July 5, 2016

Returning to the Roots of Clinical Decision Support

Long story short, I was re-reading this paper about the origins of the HELP system at Intermountain Healthcare. I was the Director of Medical Informatics at LDS Hospital from 2000-2004, many years after this paper was published. I was lucky enough to be tutored and mentored by all of the authors. While reading the paper with time to reflect back, I realized that the healthcare industry turned clinical decision support inside out when we almost subconsciously moved from very targeted and specific clinical decision support applications that were clearly benefiting patient care and cost of care, towards EHRs that were simply general data collection tools. We've been trying to squeeze the decision support blood out of the EHR turnip, ever since, to no avail.

When Pryor, Clayton, Gardner, and Warner (and later Classen and Pestotnick), were developing computer applications to support patient care at Intermountain Healthcare's LDS Hospital, they built very specific, target applications. They didn’t use a backend, longitudinal EHR as the basis for their applications. They collected the data that they needed about a patient in a particular clinical state, and they ran computerized decision support against that data. Our smart phones are good examples of specialized applications. We call upon specific applications when the need arises to perform a specific task. In medical informatics, it was these specialized, targeted clinical decision support applications that clearly made a positive difference for both patients and clinicians.

Somewhere along the evolution of computerizing healthcare, we turned all of this success from specific decision support into a general tool we call an EHR (or EMR) that has so far shown almost no value to clinical decision support. Going forward, we will return to the roots of this success. The data collection templates for patients will be tailored specifically for the patient type, and the subsequent computerized decision support will also be tailored specifically for the patient's state. The “EHR” of the future will look more like a smartphone with dozens of applications that support very specific patient types. The data we collect will not be the general data that is currently collected in EHRs, but rather very specific data for a given patient type. We will knit this specific data together, on the backend, to form a longitudinal record.

We (Health Catalyst) are in a good position to make this turn to the future, given that our applications and analytics are very specific to patient types.

Sunday, June 26, 2016

I Feel Like a Fake

I wrote this blog as a public declaration of what I suspect haunts others, privately, in hopes that all of us can find an emotionally comfortable place to manage these emotions in a positive way; and as a record for my young daughter and son so that they can hopefully find comfort knowing that their father struggled with many of the same things that they will probably struggle with, too.  By the way, I'm not hoping to alleviate the emotional struggle described below, only manage it effectively and positively. I never wish for the relief from hardship, because hardship makes me stronger. I only wish for the strength that comes from it.

By most measures, I’ve had a life that has been blessed with an abundance of adventure and experiences. My LinkedIn profile summarizes the professional adventures, but doesn’t mention the many personal adventures and experiences that have come my way, which, to me, are equally full of blessings and personal growth, if not greater. For the most part, I think my contributions to life and the lives of others has been generally positive. There’s no doubt that I’ve stepped on toes and made my share of offenses, but most of the time, the wake has been constructive.  You'd have to ask others to get the real truth. Many of these opportunities, and whatever success I had with them, had nothing to do with me or my skills. They were simply the luck of life and opportunity placed within grasp; so I grabbed them, just like anyone else would. 

You would think that I could just accept all these blessings and be thankful for them… try to share them with others... and hope that they keep coming and that I can keep giving back.

But, I can’t… or at least I can’t without struggle.

Quite often, as was the case yesterday, I’m asked to give lectures and speeches that, for the most part, always end up being a summary of my life’s lessons learned, up to that point. They are a mixture of my professional and personal observations about life, usually centered around a particular topic. Yesterday, the topic was “Machine Learning, Big Data, and Population Health Analytics.” A mouthful of buzzwords, for sure. My goal with that lecture was to inform the audience of mostly healthcare executives and physicians so that they could make better decisions about the technology that is having such a big impact on their lives and careers.

All of these lectures are about advice and guidance. I’ve given over three hundred of these in the last 30+ years. While I’m always honored to give a lecture or presentation, and share my life’s lessons, it pains me to do so. I’m a nervous wreck-- before, during and after. While lecturing, it’s not uncommon for me to nearly faint from nervousness-- I manage to avoid it and hide it from the audience.  If anyone approaches me after the lecture to offer a compliment, I break into a nervous sweat. On the one hand, I am enormously thankful for their compliments, but on the other hand, I feel enormously undeserving. Of course, I’d much rather have the compliments than the alternative, but no matter how many compliments I might receive afterwards for a lecture, I always feel undeserving and false, and the more compliments I receive, the worse I feel, emotionally.

These emotions are all rooted in a duality of confidence and insecurity. On the one hand, I can acknowledge the accomplishments and experiences in life that are, on some level, unique and some would say impressive. For example, not many people have had the responsibility of turning keys to launch all 1,000 nuclear ICBMs in the US arsenal. That's a pretty big deal and it's fairly common for people to be interested in learning more about my experiences in that realm. But on the other hand, the older I get, the more I realize that there are countlessly more impressive achievements and responsibilities that people who are never recognized... never complimented... accomplish every day. And if they were trained and placed in the same positions as mine, they would do exactly what I've done, and probably do it better.

Though I have confidence in the knowledge that life has bestowed upon me, there is nothing about me that is particularly wise or capable. I’m one of the most average, bell curve people you’ll ever meet. The only thing that might not be average is the enormously good luck and diverse opportunities that have come my way.  I feel disingenuous to receive compliments from people who have worked much harder, and have much greater lessons, knowledge and advice to share than me. Who am I to stand in front of an audience and portray my life or knowledge as anything noteworthy?

I keep going back to the well, again and again, trying to find the water of comfort with this awkward situation…trying to find a way to be comfortable with simply sharing the blessings of life’s experiences that have been placed upon me, in hopes that the sharing will inform and inspire others. I keep trying to be comfortable with all of it, but the older I get, the more I realize how much I don’t know, and the less deserving I feel. The older I get, the worse the emotions and feelings trouble me.

I wish I knew how to make sense of it all, and how to turn these emotions into something positive. Until I can figure it out, I’ll keep facing it down. 

Saturday, June 18, 2016

Fathers' Day Tribute to Amos Doyle Sanders

He was born in 1920 and raised a cowboy-- a real cowboy-- in the panhandle of Texas along with his elder cousin, Gene Autry. At age 10, he worked in the fields at night with his brother, Ray, cutting hay, riding on the backs of a two-horse team, holding a lantern to light the way while Ray ran the mower. Uncle Ray would tell me later, "I was worried sick that your Dad would fall off those horses and I was going to run over him with the mower and cut him to pieces." At age 14, his family, our grandparents, lost their farm and ranch to the effects of the Dust Bowl and Great Depression.

At 18, he left home for the "Gold Rush of the 1930s" when the federal government opened large swaths of western forest to logging. He and his brother, Ray, worked in the logging camps of southwestern Colorado-- in The Glade-- and lived in Dolores and the now-gone logging town of McPhee.

He was an artillery and field infantry soldier in World War II, mopping up the Nazis in France at the Battle of the Bulge and capturing the world's largest underwater submarine docks at Keroman Submarine Base, Lorient, France. On Christmas Eve, 1944, he was crossing the English Channel with 4,000 other troops on two transports, while Silent Night played on the ships' loudspeakers. He would tell me later, "There wasn't a dry eye on those ships. I sure was missing your mother." The sister ship to his transport that night, the SS Leopoldville, following immediately behind, was torpedoed by a Nazi U-boat and sunk, killing over 800 soldiers, the second largest single loss of US life in World War II, behind Pearl Harbor. He would tell me later, "I guess it wasn't my time to go, but it sure was for a lot of other guys."

After the war, we was a private pilot, when flying small aircraft over the Rocky Mountains was not exactly commonplace or safe. He told me about a time when his wings iced-up while flying over Soldier's Summit, Utah and he was forced into an emergency landing on a dirt road. On that same dirt road at the same time was a farmer on a tractor, with his back to Dad's oncoming landing. Dad said, "Airplanes don't have horns, so I was barreling down on this old farmer with no way to warn him. I had my window open, yelling and banging my hand on the side of the airplane. At the very last second, he turned around and saw me and this airplane with its propeller turning, coming down on him, and he drove his tractor off into a ditch on the right side of the road. When he went into that ditch, my right wing went right over the top of his head."

He grieved the loss of a daughter at 18 months and a son at 18 years, and ultimately, he died of a broken heart. One of my most vivid memories as a young child of four years old, is crawling into his arms at the kitchen table, trying to console him, while he sobbed uncontrollably after learning about the death of our brother. I could not understand why Dad was crying.

He was a chronic explorer and adventurer, with zero lack of confidence... and his self-confidence was well-deserved, born and honed in his life's experiences. He drove a manual transmission, long-bed, two-wheel drive Chevy pickup with tire chains over Black Bear Pass, Colorado, three different times. He made Mom and me get out of the truck on the tight corners, "just in case." Actually, he didn't have to make Mom get out. She refused to ride and got out on her own, saying, "What are we going to do if you go over the edge, Doyle??!" to which Dad replied, "Pick me up at the bottom. And don't remarry."

He was a beautiful singer and whistler. He was a practical joker. He was a champion cribbage player-- the chess match of cards. He was an environmentalist and son of Mother Nature, made of her dirt. He could cast a fly to an unsuspecting rainbow trout with the grace of an artist's brush and precision of a surgeon's knife. He considered any other form of fishing as uncivilized and wouldn't let me fish any other way. One time, I bought a Zebco bait casting fishing outfit... and he made me return it. He was a "one shot" hunter. If he couldn't kill a deer, elk, or otherwise with a single, humane bullet, he wouldn't pull the trigger. And we was an expert marksman. I never saw him take more than one shot, including the times when he would shoot the head off a grouse for "camp meat" during elk and deer season, with a 30.06 rifle. Not exactly a bird gun.

He was a skilled poker player when gambling was still a mark of the Wild West. He owned the best bar and was married to the most beautiful woman in town. He served his country in the Air Force during the Korean War. He was involved in the Cuban Missile Crisis...the Vietnam War...the USS Pueblo Incident.

In retirement, we was a cowboy again, returning to the San Juan mountains he loved so much, in Southwestern Colorado. In death, his grave looks over those same mountains, the La Platas, alongside our Mom, the love of his life, and our brother, Gene, and sister, Linda Sue.

He was our father of six.

Thursday, May 12, 2016

Twitter Denies Access to Intelligence Agencies

As reported in the Wall Street Journal this week, Twitter barred the US intelligence community from using a Twitter-centric analytics service. The WSJ article is here. In essence, Twitter is trying to put distance between itself as an surrogate agent of the US government, and the public's perception of privacy.

A friend, KM, on Facebook asked me for my thoughts on this. Here is that dialogue:

KM: "Dale, as a former government analytics high security guru, what are your thoughts on this? I'm pulled in both directions."

Me: "I can see their concern, but Twitter is naive in their attempts to deny access to the intelligence community. This is not like tapping a private phone line. There is no semblance of privacy in the use of Twitter, other than the privacy settings in your personal preferences. If NSA were going behind these privacy configurations with a hack, that would be a different story, but they aren't. NSA will just write their own analytics service instead of using third parties... or they will buy the third party. Twitter can't control or govern all the analytics that takes place on their publicly available data streams-- they can't keep up with it... and where do they draw the boundary about what's appropriate analytics and what's not? In the end, Twitter is gullible and this is a foolish gesture on their part. They've never been particularly smart with their business or operating models, and this is just another example. The genie is out of the bottle. They can't control what people or government agencies do with the Twitter data that is publicly accessible."

KM: "Makes complete sense. What about examples of actual privacy issues like with the iPhone unlocking and all? What are your thoughts on those?"

Me: "Conceptually, I feel that vendors like Apple should have the ability to unlock devices and decrypt data when a court order justifies it. There are all sorts of procedural and technical means that would allow that to be done safely and without it violating privacy or other rights. We already do that sort of thing with wire taps and other surveillance when approved by the court. But, technically, it's hard to hold a vendor like Apple accountable for that because very sophisticated encryption has become a public commodity now. I can encrypt data in ways that no one, including Apple, can crack, except me, so forcing Apple to comply is a short term victory and Apple's resistance to the government is a lame argument-- this is not about government intrusion. That precedence already exists. This is about the futility of trying to keep up with publicly available technology, which neither Apple nor the government can do anymore. At NSA, we would spend all sorts of time evaluating what are known as "National Technical Means." In essence, we would dream up scenarios or build technology then ask ourselves, "What other countries have the national technical means to pull this off?" If the country was Britain, we wouldn't worry. If it was Iran, we would worry. But, the knowledge that's available on the internet and through distributed computing has placed what was formerly National Technical Means into the hands of the public, which is what makes ISIS so capable. It's not about nations anymore, it's about software, knowledge, and ideologies with no boundaries. Technology makes nations matter less and less."