Monday, July 25, 2016

Buck Meets Magpie

I caught this moment behind our house in Durango, July 2015. The magpie came swooping in and landed softly on the buck's butt and sat there. The buck kept eating, head down. The magpie just sat there. Then the buck twitched his tail. Magpie didn't move. Buck raised his head, turned around to look at the magpie, and they met nose-to-nose. The buck went back to eating, and the magpie sat there for a few more moments, then flew off, satisfied that he had accomplished his shenanigans. :)

Sunday, July 17, 2016

Don't Worry, Just Think

For my daughter and son...

This thought came to me this morning: "Don't worry, just think" and the meaning that came with this thought was, "thinking" means you are learning and reflecting and actively involved in solving a problem, if you can solve it, or accepting it if you can't. Worrying means your are digging a hole.

Stop digging. Start thinking.


Saturday, July 9, 2016

My Early Days in Cyber Warfare

I was prompted to write this blog by the release of a new movie, Zero Days, about the US cyber warfare strategy against Iran's nuclear weapons program.

In 1989, I resigned from the Air Force as a C4I officer (Command, Control, Communications, Computers and Intelligence). My specialty in the Air Force was nuclear warfare planning and execution. I was also an airborne nuclear launch control officer; one of a handful of officers selected to fly aboard the Operation Looking Glass airborne command post with the responsibility to "turn keys" and launch all 1,000 Air Force nuclear intercontinental ballistic missiles (ICBM), as well as disseminate coded Presidential orders to launch nuclear armed submarines and bombers. Little known fact: We held all the same codes that the President carries in the "football" and had the ability to issue those launch codes and orders without the approval of the President.

After the Air Force, I took a job with TRW, working for Ron Gault. Ron had a deep background in nuclear weapons surety-- the combined expertise of security and safety, as described in this Department of Defense Directive. He hired me because of my background in nuclear weapons C4I. He had deep knowledge at the engineering level of the weapons-- the warheads, propellant, rocket motors, cryptography, guidance and targeting systems, etc. I had deep knowledge at the national command and control level. Between the two of us, we knew more about the top-to-bottom operation of our US nuclear weapons than any two people in the world at the time. Ron is still in this business and is now known as "The Godfather" of nuclear surety.

We applied our knowledge of nuclear command and control in various ways, working for TRW, the Air Force, Navy, Army, and National Security Agency. In particular, we specialized in very formal and sophisticated risk and threat analysis associated with our US nuclear weapons, making sure that they could only be used as authorized and intended, protecting them from both deliberate hostilities from enemies and terrorists, as well as accidental misuse by US military and civilian personnel. We were responsible for identifying and exploiting any and all vulnerabilities in the US nuclear command and control system, from the President to the warheads. We would dream up every imaginable threat scenario, then try to model it, probabilistically. For some of the more outlandish scenarios, we would collaborate with the national labs, such as Sandia and Los Alamos, to build the technology and implement the scenario. The code words to describe the nuclear incident scenarios that we were most concerned with were Pinnacle, Bent Spear, Broken Arrow, NUCFLASH, and Empty Quiver.

Under the Nunn-Lugar Cooperative Threat Reduction Program, our US-based work eventually led to the same sort of threat analysis but this time applied to the nuclear weapons that were associated with the former Soviet Union. After the collapse of the Soviet political system, so followed the collapse of the military command and control structure of their nuclear weapons, especially those weapons that were stored outside the boundaries of Russia in what are now known as the former Soviet bloc. Virtually every US-hostile country and terrorist group in the world were highly motivated to exploit this breakdown in Soviet nuclear weapons' control. Those hostile forces were literally racing the US to get their hands on those weapons and technology before we did. Under Project Sapphire and other related operations, we won the race.

Those enemies of the US have never stopped their attempts at acquiring a nuclear weapon. Sooner or later, those enemies, particularly terrorists, will likely succeed, but not by stealing a weapon or building one. I believe they will acquire a nuclear capability through a state-sponsored third party such as North Korea, Iran, or possibly Pakistan. In this scenario, a terrorist organization will negotiate with one of these nation states that possess a nuclear weapon who is also hostile to the US, or western society in general. Neither North Korea nor Iran will ever use a nuclear weapon directly against the US or a US ally because they know that it would mean the end of their country. They will collude with a terrorist organization that has no nation state, and cannot be directly targeted for retribution by the US.

In the mid-1990s, our threat analyses identified numerous opportunities for hostile nations and ideologies to utilize commercial-off-the-shelf (COTS) software and hardware as a medium for attacking our nuclear command and control system. Commercial software-- such as Windows, Unix, and DOS-- and commercial CPU chips and memory were making their way into the periphery of US weapons systems, including our nuclear command and control. Many of those chips were being manufactured overseas where enemy states and actors could easily insert malicious code into the firmware. We proposed to TRW that we initiate a formal research and development (R&D) program into this growing threat, and it was approved and funded.

Fast forward to 2010 and the Stuxnet virus that targeted Iran's nuclear centrifuges by inserting malware in commercial-off-the-shelf industrial control systems, which was a component of a larger cyber warfare strategy against Iran known as Operation Olympic Games, as portrayed in the documentary, Zero Days.

Ron and I, and our team, were the first on the scene of cyber warfare that exploited COTS software and hardware. It was easy to see then, that this would become a new battleground-- why drop bombs or take more overt measures when you can do much more damage through commercial software to an enemy state, with no attribution to your forces?

As a career, healthcare has been rewarding, but not nearly as interesting or rewarding as working with Ron during this time. I often find myself wanting to return to this line of work, but, of course, it has its downsides and dangers. My 2-year old daughter, Anna, and 6-month old son, Luke, keep me grounded in reality. They more than fill the gap of reward and fulfillment.

Tuesday, July 5, 2016

Returning to the Roots of Clinical Decision Support

Long story short, I was re-reading this paper about the origins of the HELP system at Intermountain Healthcare. I was the Director of Medical Informatics at LDS Hospital from 2000-2004, many years after this paper was published. I was lucky enough to be tutored and mentored by all of the authors. While reading the paper with time to reflect back, I realized that the healthcare industry turned clinical decision support inside out when we almost subconsciously moved from very targeted and specific clinical decision support applications that were clearly benefiting patient care and cost of care, towards EHRs that were simply general data collection tools. We've been trying to squeeze the decision support blood out of the EHR turnip, ever since, to no avail.

When Pryor, Clayton, Gardner, and Warner (and later Classen and Pestotnick), were developing computer applications to support patient care at Intermountain Healthcare's LDS Hospital, they built very specific, target applications. They didn’t use a backend, longitudinal EHR as the basis for their applications. They collected the data that they needed about a patient in a particular clinical state, and they ran computerized decision support against that data. Our smart phones are good examples of specialized applications. We call upon specific applications when the need arises to perform a specific task. In medical informatics, it was these specialized, targeted clinical decision support applications that clearly made a positive difference for both patients and clinicians.

Somewhere along the evolution of computerizing healthcare, we turned all of this success from specific decision support into a general tool we call an EHR (or EMR) that has so far shown almost no value to clinical decision support. Going forward, we will return to the roots of this success. The data collection templates for patients will be tailored specifically for the patient type, and the subsequent computerized decision support will also be tailored specifically for the patient's state. The “EHR” of the future will look more like a smartphone with dozens of applications that support very specific patient types. The data we collect will not be the general data that is currently collected in EHRs, but rather very specific data for a given patient type. We will knit this specific data together, on the backend, to form a longitudinal record.

We (Health Catalyst) are in a good position to make this turn to the future, given that our applications and analytics are very specific to patient types.

Nuclear and Healthcare Decision Making

Nuclear warfare operations was my data-driven decision making environment before the healthcare phase of my career. It was all about recogni...