š° #BigHack and GEs Downturn ā VUCA Observatory #26
Hi there,
glad you could make it.
Iāve gotten tremendous responses to last weekās call for feedback. To everybody who wrote in: thank you. Your feedback is valued and will be incorporated in some form or another.
And with that, onto the update. In this issue weāre going to cover the strange Bloomberg #bighack story, and how that relates to the kerfuffle around Appleās repairabilit and will have a look at GE (itās not doing so well).
So letās jump right in.
#BigHack
Hoo boy. The denials to Bloombergās Big Hack story have come in, and the sound of āNoā is deafening, with Amazon, Apple, the DHS, and the GCHQ all in unison proclaiming: the Bloomberg storyās bogus. So whatās going on?
To recap: Bloomberg published a story detailing upstream supply chain compromise of critical infrastructure in the US. The gist of the story is: the Chinese suppliers of motherboards for US firm Supermicro got infiltrated by Chinese security services and coerced into adding a chip onto these boards (selectively, not wholesale, as apparently there was enough visibility into which boards would end up where), which could alter the boards firmware and allow remote access onto the hardware, hence escaping any intrusion controls built into software running on the boards. The Bloomberg story portrays both Apple and Amazon as potential victims, along with several three-letter US agencies.
And while the denials are atypically strong, the accusations made in the report reverberate across the industry. Of course, Apple and Amazon would deny this, the thinking goes, otherwise nobody would trust their cloud services anymore. And it is striking that Google announced a custom security chip last year, codenamed Project Titan, which seems tailor-made to counter exactly this threat vector. Project Titan and similar approaches speak to the need to embed security even in the hardware. If youāre compromised in hardware, thereās not much you can do in software.
And yet weāre overindexing on one highly-specific scenario which seems targeted enough to not even tough the broad majority of users, while the steps taken to further secure everyday users draw ire due to the trade-offs involved. Case in point: Apple restricting the functionality of its Operating Systems if the hardware has been tampered with.
Apple instituted this policy when it first launched its TouchID authentication system which relies on a custom cryptographic chip called SecureEnclave. To make interception of fingerprint data between the TouchID reader and the secure enclave impossible, these components get coupled at manufacturing time. This means that later repair of replacement of the TouchID sensor results in TouchID not working, as the SecureEnclave doesnāt find its coupled sensor attached to itself. With the SecureEnclave spreading to more Apple platforms, these security precautions do, too.
Security is hard, and usually exploits are found in the software supply chain (back in March '17 we talked about outdated JS libraries which present security issues), or poorly secured IoT devices lateraling into infrastructure, so the intentionality of the #BigHack story almost is refreshing.
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Bloomberg ā www.bloomberg.com The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising Americaās technology supply chain, according to extensive interviews with government and corporate sources.
Apple Insiders Say Nobody Internally Knows Whatās Going On With Bloombergās China Hack Story ā www.buzzfeednews.com āI donāt know if something like this even exists.ā
Google touts Titan security chip to market cloud services | Reuters ā www.reuters.com Alphabet Incās Google this week will disclose technical details of its new Titan computer chip, an elaborate security feature for its cloud computing network that the company hopes will enable it to steal a march on Amazon.com Inc and Microsoft Corp .
Apple's New Proprietary Software Locks Will Kill Independent Repair on New MacBook Pros - Motherboard ā motherboard.vice.com Failure to run Apple's proprietary diagnostic software after a repair "will result in an inoperative system and an incomplete repair."
GE
GE fired its shortest-serving CEO last week. John Flannery, who took over the reins from Jeff Immelt amidst activist shareholder pressure and declining market capitalization held onto his post for just 14 months. Jeff Immelt, on the other hand, served far longer, overseeing a bumpy 17 years at General Electricās helm.
It was Immelt who, not long ago, featured prominently in Michael E Porters attempt to translate his Five Forces into the digital age. It was Immelt who said that every industrial company needs to become a software company, and arguably attempted as much with GEās Predix platform. And yet, GE is failing.
Partly to blame are misguided bets in the energy sector. The long shadow of decarbonization is slowly beginning to hit, and the Alstom acquisition took valuable attention and money away from the fast-growing wind business and diverted it into technology for gas, coal, and nuclear powered plants. In a way, itās the fast moving structural change that so often is discounted early on that broke the back of the GE-Alstom deal.
Iāve long argued that weāre underestimating the speed of change in the energy industry, and that GEās power business is the anchor that threatens to sink the ship seems to validate this notion.
On the other hand, at the core of GE are management techniques that are the pinnacle of the Industrial Age. BCG developed its 2x2 Matrix (can you spell "Rising Star"?) to clean up GEās portfolio and help it prioritize. But the GE model of its centralized planning is ill-fit for a dramatically changing world, and not made for fast feedback loops enabled by digital technologies. Thatās why Predix always felt ill at ease at the blue giant.
But in a way, what GEās doing is a bellwether for many more industries and companies that will follow similar fates. Just as the conglomerate approach was made popular by GE and emulated far and wide, so will the the pendulum swing back in face of structural challenges brought about by digital and energy.
GE: industrial stalwart contemplates a general overhaul ā www.ft.com
After decades of dealmaking, weakness in the power sector is forcing the companyās executives to consider radical changes.
GE New CEO is Larry Culp, Stock Surges - Bloomberg ā www.bloomberg.com General Electric Co. ousted CEO John Flannery just over a year into his tenure and replaced him with a renowned turnaround expert -- a surprise move that stoked the biggest rally in nine years for the companyās depressed shares.
Who Killed the GE Model? ā hbr.org Competitors can still learn from GE, even as it struggles.
Things Happen
Yahoo Japan is shutting down its website hosting service GeoCities ā Quartz ā qz.com Japan is the only country where GeoCities has continued to surviveāuntil March 2019.
Dwarf planet 'The Goblin' discovery redefining solar system | Science | The Guardian Massively elongated orbit suggests object is influenced by theoretical giant Planet Nine in Oort Cloud region
Why the worldās flight paths are such a messs ā multimedia.scmp.com MarcoHernandez If you think flying from A to B is a matter of plotting the most direct path between two places, think again. Security and political issues determine flight paths, and ticket prices far more than considerations about an airlineās carbon footprint
How to Program Your Job - The Atlantic ā www.theatlantic.com When workers automate their own duties, who should reap the benefits?
End Note
Thatās it for this week.
As always, Iād love to hear what you think.
Also, could you do me a favor? Could you forward this newsletter to two people whom you think would enjoy it? This newsletter grows by word-of-mouth, so your recommendations are invaluable.
Thank you, and until next week!
Martin
----------
The VUCA Observatory is published by Martin Spindler (@mjays). Martin is a Senior Strategist at hy - the Axel Springer Ecosystem firm.