What’s the Story Behind World of Warcraft Heirlooms?

A New Way To Level Fast

As you probably know, World of Warcraft is getting larger and larger and the level cap keeps increasing over time. So it’s getting harder for people to have more than one character at level cap. Everyone wants to have their characters of all classes at max level, but it’s really hard to do and takes a ton of time. Most people don’t want to spend all that much time, they want to level their WoW toons fast.

In the Wrath of the Lich King expansion, Blizzard came up with something new to help players level their alts easier. They are called “”Bind on Account” items, or “Heirlooms”. To be able to get Heirlooms, though, you need at least one character at level 80.

More Power Please

First you need to understand why you would want to acquire and use Heirlooms. Heirlooms give you a huge advantage when you are trying to level up some World of Warcraft characters because they scale to your level and keep you powerful so you can complete quests fast. That means as you gain levels, the Heirloom item stats (armor, damage, etc) will increase too. This is really cool because it makes it unnecessary to upgrade most of your gear. Heirlooms have good stats, armor, and damage for your current level.

Experience Boost Saves You Leveling Time

The second, really awesome reason you want Heirlooms is that some Heirloom pieces give you a 10% increase in experience points from killing mobs and turning in quests. If you have 3 Heirloom items that each give you a 10% experience boost, you have overall, a 30% experience boost for your character while you’re leveling it to 80. This could really be a time saver! If it usually takes you 6 months total, to level your alts, you could level the same character in about 4 months! Just having Heirlooms could save you 2 months of your time! That’s really awesome.

Get The Inside Scoop On Heirlooms

The whole point of getting Heirlooms is to save you time so it makes sense that you would want to find the fastest way to get your Heirloom items. There is no question that doing dailies is the most popular way of getting Heirlooms. And it can be done pretty quickly, too, if you know what you’re doing. The easiest way to do it is with a little “insider information” in the form of a WoW guide written by professional gamers that gets dailies done quickly.

My name is Cody Williams. I’m 28 years old and I’ve been playing World of Warcraft since I was 23. I started out as just a casual player but in the last 2 years I have really started to get serious about the game. I’m what you could call a hardcore player, I spend a lot of time playing the game so I guess you could consider me an expert on World of Warcraft, I’ve got a lot to say on the subject!

Why Dealerships Are Going Out of Business – It IS Rocket Science

The first man of the industrial age to record and study workers was Frederick Winslow Taylor. Basically, he studied physical laborers by timing them with a stopwatch and recording data on a clipboard. He observed the “first class man” of the group and found the most efficient way to move heavy iron in a steel mill. What resulted from his findings? Higher wages, happier workers, higher production, and happier managers. Thus, Scientific Management was born. He wrote a groundbreaking book aptly named Shop Management in 1911. Taylor believed that the best of both worlds was possible, but in his time as well as our time, there is rarely harmonious agreement between managers and their underlings. Taylor faced an uphill battle selling his great discovery. These days we have the same problem, but instead of physical laborers we manage salespeople. They interact with customers, which is harder to measure with a clipboard and a stopwatch. But I assure you as a former car salesman the goal is still the same: to move metal.

Like an amateur astronomer using new methods to find and old planet, I have stumbled across the marriage of modern data analysis with old scientific management. I think I have found our modern day Frederick Winslow Taylor, except the stopwatch and clipboard have morphed into a laptop. It is the best of both worlds, and everyone comes out happier, including the customer. The first question that might pop up is why haven’t we figured this out already? The answer is rocket science.

Running a dealership is very complicated. There are several business components to contend with just within the sales department. They include advertising budgets, walk-ins, salesperson consistency, inventory management, car cost, financing, and overhead expenses. There are thousands of sets of data. How do you keep track of these variables? More importantly, how do they relate to one another? Finally, how can managers make better decisions using modern technology? The answer is called Probabilistic Business EngineeringTM, a new system that has trickled down from the aerospace industry.

I hope your brain is warmed up, because it’s time to lay down some heavy three letter acronyms. The easy ones are I.T. and Q.M. Quality Management and Information Technologies are well understood and fairly well utilized. However, within these are old and newer schools of thought. The problem is that for every piece of a known system that is not fully utilized, money is left floating around out there in the bliss of ignorance. First, the old school… Statistical Process Control, Operations Research, Business Process Re-engineering, and Six Sigma have all been around for decades. You can Google them later, but they are the kind of tools that model and organize complex problems. Want an example? How about calculating the effects of an Electromagnetic Pulse from the detonation of a nuclear weapon on the instruments inside of a bomber flying a mission at 60,000 feet? The new school tools will help cool your brain back down.

Enterprise Resource Planning and Employee Engagement Planning are extremely critical to the car dealership that plans on staying in business. ERP manages the flow of data, and EEP manages the flow of people. Not the flow as in traffic, but the flow of communication and agreement. The buzz of the business. Have you ever walked into an energetic business that has noticeable charisma? What about a business that makes you wince and want to slowly back out the door? Car dealerships have the whole spectrum. They all do things differently, from how they greet the customer, to how they present the deal, to how they send you off down the road. But the problem is that variations in the process mean that somebody is doing it wrong. They’re all doing it wrong, to some extent. That’s why the average closing ratio is tirelessly treading water somewhere between 12 and 22%. There is a major problem with the consistency and quality of car salesmen. There is a major problem with defining and logging walk-ins. There is a major problem with comparing the numbers that never lie from the monthly report to the sales managers that lie for a living. There is a problem with dog eat dog salesmen stealing business from those lower on the food chain. Furthermore, a recent study by Better Bytes Business Systems found that dealership management uses less than 50% of the mature and readily available technologies mentioned above.

Buying Foreclosure Houses is Not Rocket Science

People are usually wary of things they do not know much about but all these fears should be put to rest as you can learn everything about foreclosures on your own with the help of the Internet. Buying foreclosure houses and reselling them would have to be one of the more lucrative investment activities anyone can engage in. That is because the options are really wide and the potential for profit is enormous.

Being one of the biggest segment of the real estate industry, practically everyone knows the basic concepts of foreclosures. It occurs when home owners are unable to pay the mortgage on the loan they took out to either build their home or purchase one. The lender who forecloses on the property in mortgage default will almost always put this property back on the market but at a lower price and if you have a sound credit history, the lenders may be willing to give you an easy financing scheme.

The Different Types of Foreclosures

When buying foreclosure houses one should be able to make a distinction between bank foreclosures and government foreclosures. Bank foreclosures can be purchased at n auction, through a real estate agent or directly from the bank. Bank foreclosures are recommended for first time buyers as the bank would have already taken care of appraising the value of the property, evicting its occupants and restoring the home as needed.

Bank foreclosures are also known as real estate owned properties and the value at which they are sold depends on the outstanding balance on the loan, which the bank would try to cover in the sale. Another good thing about bank foreclosures is that the home would be clean of unpaid taxes or liens as the bank would have already settled this.

If you are interested in buying foreclosure houses from the government, you have to know that there are two types of government foreclosures. There are foreclosure homes that have been financed by a government agency. As in bank foreclosures these homes are foreclosed when the borrower falls back on their loan payments.

The other type is the tax foreclosure, which as the name implies are foreclosures where the home owner fails to pay the taxes levied upon the property. The prices at which both these types of properties are sold will be much lower than bank foreclosures because these properties are sold as is and the buyer will have to shoulder the cost of repairs and absorb the obligations still attached to the property.

Research and Inspection

Before buying foreclosure houses it is prudent to educate yourself first on the workings of buying foreclosed property. Using an online foreclosure listings provider is a good first step. Most online foreclosure services will have valuable information about a foreclosed property for sale. The tools and services offered may include a full description of the house, the contact person for the house, a mortgage calculator  and various tips on how to maximize your real estate investment.

While there are free listings, you want a provider that charges a minimal fee for their service as you can be assured that their site is always up to date, especially on the number of foreclosure homes for sale across the country. Once you have spotted the property you would like to purchase, you should conduct an ocular inspection of the property to assess its true value. Buying foreclosure hoses is not that challenging if you have the right attitude and the right set of information.

A Great Short Story of World Records and Olympic Gold

Short stories often capture our imagination and make us feel alive, as if we are intimately involved in the scene along with the characters. A good short story will do this and you’ll know the quality of a story by its ability to put you there. One such short story I recommend for the athlete that needs an uplift or the person who comes up against adversity is;

“Olympic Gold” by Catherine Swift

This story takes us back to the Eighth Olympiad in 1924. Eric Liddell was a sprinter one of the best, still there were others which were just as good that many considered much better.
He sprinted the 100 meter, 200 meter and 400 meter. But it was that third race where he made his mark shattering the world record, a record that was not beat for another 50-years in fact.

Erick Liddell had an awkward running form, and certainly did not appear to be the best runner of all time, and yet, he conquered all that day. When the gun went off he leaped ahead with a 3 meter lead that he held much of the race. As the other runners sped up and advanced he did too. But why was he able to do so good on that day?

Well, some believe it is because of his statesmanship and good sportsmanship, others say it is due to the fact that the band was playing the right song at the right time prior to the race that somehow kicked-off  some hidden inner strength. No matter what it was, not only did he make history, but his heroic efforts had gone down in history as one of the greatest of all times

Management Is an Art – But It’s Underpinnings Are Science

Management is the art of manipulating people, resources, ideas and processes to achieve objectives. In business these objectives generally have a financial component, because the purpose of business is to make money!

The “Soft” Skills

The most important management skills are not technical. While expertise in the areas of accounting, finance, information systems, etc. is undeniably important, these are not at the crux of management and leadership. In fact, the higher you advance, the less important these skills and techniques become. The most critical success factors involve “people skills,” creative and conceptual abilities, and “big picture” thinking. These skills are called “soft” because they generally do not entail facts and figures, specific formulas or techniques, and they’re difficult to define, teach, and learn.

The “soft skills” include personality factors, social skills, communications skills, and interpersonal relationship abilities which comprise the so-called “Emotional Intelligence Quotient,” or EQ. They also include personality traits such as optimism, gregariousness, and dependability.

High EQ people frequently gravitate to the HR, Sales, and management side of the enterprise.

The “Hard” Skills

Hard skills include procedures, policies, operations requirements, administrative practices, computer skills, and so forth. They also incorporate the mathematical, scientific, and technical requirements for the job. Essentially, they provide a baseline competency level but do not ensure success or career advancement. They are more teachable in the sense that they are more definitive. They are considered more “scientific” and objective, in contrast to the softer, more elusive, more personality-based EQ abilities.

People with strong technical backgrounds, preferences, and abilities may be most comfortable and successful in advancing on the technical side of the organization.

To Succeed It Takes Both

Successful business needs the fundamental product, finance, accounting, marketing, legal, tax, production, engineering, or perhaps other/additional talent.

You will not typically survive in business without a basic hard skill set. These are the fundamental characteristics you will emphasize on your resume. Of course, the EQ factors such as “results oriented, proven track record, energetic, creative, or strong interpersonal and communications skills,” may also be showcased. These soft skills will help differentiate you from the competition in landing a job, or advancing your career. They will undoubtedly be detected in the interview process.

Likewise, business will not succeed without a strong soft skill presence, and you won’t either. (Unless of course you’re another Bill Gates, Steve Jobs, or Mark Zuckerberg-but even they seem to be evolving.) And, although it may be easier to master the technical requirements, you can become more proficient at the soft skill set as well.

In the present business world of international competition, multi-cultural workforces and a higher proportion of service sector enterprises, the emphasis is increasingly on soft skill sets, and frequently it’s easier and more cost-effective to purchase the hard skills offshore.

If you consider yourself weak in EQ, you may want to consider, reading, courses or training in communications, interpersonal skills, psychology, sociology, liberal arts, etc. Or you may consider joining social, professional or other organizations to sharpen these skills. This will make you a more well-rounded individual, and generally enhance your organizational value.

An Untold Story From World War II Revealed

One of the darkest periods in human history is World War II.

The sheer magnitude of destruction of human, animal and plant life as well as the complete carnage done to the ecosystem and the quantum reshaping of the natural topography of countries in Europe and Asia by bombings from air raids is something no one would like to remember or relive.

The generation of people that grew up and experienced that world war is naturally on a decline due to their deaths as it has been over 70 years now and even memories from that dark past is fast fading away in the minds of this generation.

Historians have however tried to keep the memory of the world war alive with documented stories and events that might not have been told at the peak or tail end of the war.

Here is one story that may not have made the headlines of major newspapers back then but it’s significance to the war efforts cannot be undermined.

Colossal Explosion At Soham Railway!

This happened before the infamous D-Day and it is a story about the bravery of a freight train driver named Benjamin Gimbert and his fireman colleague James Nightall.

The two were assigned to the task of transporting bombs that were meant for the USAF that had stationed in White Colne, Essex in the United Kingdom.

It was the 2nd of June, 1944 and the two gentlemen were in a freight train delivering the highly volatile cargo.

Suddenly as they reached a small village located in Cambridgeshire known as Soham, the freight train driver, Benjamin Gimbert spotted that one of the carts was in flames and considering that their cargo consisted of explosives, the sight of the cart on fire was simply shocking.

Benjamin then decided that rather than drive a burning freight train it would be better to have it come to a halt, he put on the brakes and eventually stopped the flaming freight train.

The freight train was just about 420 ft or 128 meters away from the Soham station. James Nightall then proceeded to get down from the train and rather than take to his heels, he went over to the burning cart with the intention of un-coupling it. Their intention was to get the freight train away from the burning cart before the explosives ignited, however time was not on their side and approximately seven minutes after Benjamin had seen the fire and stopped the train the bombs exploded.

Benjamin Gimbert was thrown 600 ft or 200 meters away by the sheer force of the blast. The explosion killed two individuals working for the railway company that were trying to warn other trains that were coming to the station of the danger and the blast completely destroyed the Soham station building that was 420 ft away and left a 20 ft or 6 meter deep craters as a result of the explosion.

Unbelievably because of the importance of the rail track to the British and Allied forces war efforts, it was back functioning perfectly by evening time.

The bravery of Benjamin Gimbert and James Nightall was acknowledged by the British government and they were given the most prestigious non-combat award for bravery known as the George Cross in recognition of their courage and selfless sacrifice.

Today if you go to Soham, two plaques that commemorate their heroic feat can still be seen in honour of these distinguished gentlemen.

Business Basics for Start Ups and Seasoned Online Women Business Owners

Building a business from scratch is a very exciting time in the eyes of a solo entrepreneur. Usually it is something you have been thinking of for quite some time, not something where you woke up one day saying, “Wow, today I am going to start my own business!”

It’s a journey building and sustaining an on line business but I can personally tell you after 25 years of owning my own business it is well worth it. I can also share with you that you will be much better situated if you take the time to do your homework and your due diligence in the early days of your business.

Also, let me toss in here that even if you have been in business for awhile, I find some women got theirs going so quickly with clients right out the gate, that when I came to business basics they kept saying; “I’ll get to that part later, right now I have clients (or I am concentrating on building my website)”. The problem with this is ‘later’ never seems to come.

If this is you, and you have been in business for awhile, please still be sure you have all your basics covered and the pieces in place. There is always time to correct what you may have missed, but I suggest you do it sooner rather than later. This is your money and your future finances at stake here.

So, what are the business basics I keep mentioning?

• Business checking account
• Business checks
• Business credit and/or debit card
• Tax ID number
• Business phone
• Incorporate your business to protect your personal assets
• Malpractice insurance
• Good accountant
• Good lawyer

Don’t let this list overwhelm you, but use it as a guidance checklist. If you have all these in place, wonderful, if not I can’t encourage you enough to get these items completed.

Not only is it because of your own sense of business due diligence, but it will help you out at tax time and……it’s the law. It’s vital you know your rights and responsibilities when it comes to business ownership. This is not rocket science and there is a lot of free and helpful information available.

My coaches request: If there are some of these items incomplete, please get yourself into action within the next week and start crossing completed items off until they are all check marked ‘done.’

Bachelor of Science in Business Administration Degree – What You Need to Know

Also known as a BSBA, this program is completed in four years of study. The general credit requirement for a BSBA is one hundred and twenty hours of study. Like a Masters in Business Administration, a BSBA is a broad examination of all levels and aspects of the business world.

This degree allows student to pick a specialization in one aspect of business to concentrate on during their final year of study. Each university program has varied specializations, but in general a student can choose form accounting, finance, legal studies, management, marketing, economics, international business, or management information systems.

After earning this degree, all students should have practiced and honed these essential business skills, management, employee relations, policies, finance, and leadership.

Often viewed as the first step to earning a Masters in Business Administration, this degree provides a student with a great foundation and background. It shows the potential employers you are well educated with the business world, and you are often qualified for entry level business office management positions, supervisor jobs, or other types of employee management positions.

Graduates with a Bachelor of Science in Business Administration find themselves with a background and understanding of basic business practice, as well as a specialized concentration of study they choose themselves. What they choose to specialize is a direct indication of what type of work they may end up in after earning their degree. Working for a business can prove to be lucrative, and there is no shortage of jobs in the business field. If you are looking to begin a career within the business sector, this program is one you should consider.

Bachelor of Science in Business Administration Degree FYI

This degree is also referred to as a BSBA, and is similar to a Masters in Business Administration in that it covers the basic generalities of the business world. To attain this degree, you must study for four years and earn a total of 120 credit hours.

In addition to studying the generalities of business, when a student is a seniors they choose one specialization to concentrate on. Which specialization they choose can be a good indication of the type of job they will work once they are done with school, and the list of specializations available vary from school to school. In general, however, students can choose to specialize in finance, accounting, legal studies, management, marketing, economics, international business, or management information systems.

These important business skills and knowledge are often what a student will have after earning graduating with a degree, management and leadership skills, employee relations, policies, a finance know how.

Students looking for a great start on earning their Masters in Business Administration should consider this major. It is a good way to earn base knowledge of the business world, and often graduates can find positions in many fields of management, from managing business offices to supervisory roles.

The Bachelor of Science in Business Administration degree is unique in that the student has a generalized background of business, and has the ability to choose a specialty area of study based on their own liking. Jobs available from the business sector are always growing, and people have the potential to earn a lot of money from working in this field. If you are want a degree that is a good step to enter this world, this degree may be for you.

Complexity Science in Cyber Security

1. Introduction

Computers and the Internet have become indispensable for homes and organisations alike. The dependence on them increases by the day, be it for household users, in mission critical space control, power grid management, medical applications or for corporate finance systems. But also in parallel are the challenges related to the continued and reliable delivery of service which is becoming a bigger concern for organisations. Cyber security is at the forefront of all threats that the organizations face, with a majority rating it higher than the threat of terrorism or a natural disaster.

In spite of all the focus Cyber security has had, it has been a challenging journey so far. The global spend on IT Security is expected to hit $120 Billion by 2017 [4], and that is one area where the IT budget for most companies either stayed flat or slightly increased even in the recent financial crises [5]. But that has not substantially reduced the number of vulnerabilities in software or attacks by criminal groups.

The US Government has been preparing for a “Cyber Pearl Harbour” [18] style all-out attack that might paralyze essential services, and even cause physical destruction of property and lives. It is expected to be orchestrated from the criminal underbelly of countries like China, Russia or North Korea.

The economic impact of Cyber crime is $100B annual in the United states alone [4].

There is a need to fundamentally rethink our approach to securing our IT systems. Our approach to security is siloed and focuses on point solutions so far for specific threats like anti viruses, spam filters, intrusion detections and firewalls [6]. But we are at a stage where Cyber systems are much more than just tin-and-wire and software. They involve systemic issues with a social, economic and political component. The interconnectedness of systems, intertwined with a people element makes IT systems un-isolable from the human element. Complex Cyber systems today almost have a life of their own; Cyber systems are complex adaptive systems that we have tried to understand and tackle using more traditional theories.

2. Complex Systems – an Introduction

Before getting into the motivations of treating a Cyber system as a Complex system, here is a brief of what a Complex system is. Note that the term “system” could be any combination of people, process or technology that fulfils a certain purpose. The wrist watch you are wearing, the sub-oceanic reefs, or the economy of a country – are all examples of a “system”.

In very simple terms, a Complex system is any system in which the parts of the system and their interactions together represent a specific behaviour, such that an analysis of all its constituent parts cannot explain the behaviour. In such systems the cause and effect can not necessarily be related and the relationships are non-linear – a small change could have a disproportionate impact. In other words, as Aristotle said “the whole is greater than the sum of its parts”. One of the most popular examples used in this context is of an urban traffic system and emergence of traffic jams; analysis of individual cars and car drivers cannot help explain the patterns and emergence of traffic jams.

While a Complex Adaptive system (CAS) also has characteristics of self-learning, emergence and evolution among the participants of the complex system. The participants or agents in a CAS show heterogeneous behaviour. Their behaviour and interactions with other agents continuously evolving. The key characteristics for a system to be characterised as Complex Adaptive are:

  • The behaviour or output cannot be predicted simply by analysing the parts and inputs of the system
  • The behaviour of the system is emergent and changes with time. The same input and environmental conditions do not always guarantee the same output.
  • The participants or agents of a system (human agents in this case) are self-learning and change their behaviour based on the outcome of the previous experience

Complex processes are often confused with “complicated” processes. A complex process is something that has an unpredictable output, however simple the steps might seem. A complicated process is something with lots of intricate steps and difficult to achieve pre-conditions but with a predictable outcome. An often used example is: making tea is Complex (at least for me… I can never get a cup that tastes the same as the previous one), building a car is Complicated. David Snowden’s Cynefin framework gives a more formal description of the terms [7].

Complexity as a field of study isn’t new, its roots could be traced back to the work on Metaphysics by Aristotle [8]. Complexity theory is largely inspired by biological systems and has been used in social science, epidemiology and natural science study for some time now. It has been used in the study of economic systems and free markets alike and gaining acceptance for financial risk analysis as well (Refer my paper on Complexity in Financial risk analysis here [19]). It is not something that has been very popular in the Cyber security so far, but there is growing acceptance of complexity thinking in applied sciences and computing.

3. Motivation for using Complexity in Cyber Security

IT systems today are all designed and built by us (as in the human community of IT workers in an organisation plus suppliers) and we collectively have all the knowledge there is to have regarding these systems. Why then do we see new attacks on IT systems every day that we had never expected, attacking vulnerabilities that we never knew existed? One of the reasons is the fact that any IT system is designed by thousands of individuals across the whole technology stack from the business application down to the underlying network components and hardware it sits on. That introduces a strong human element in the design of Cyber systems and opportunities become ubiquitous for the introduction of flaws that could become vulnerabilities [9].

Most organisations have multiple layers of defence for their critical systems (layers of firewalls, IDS, hardened O/S, strong authentication etc), but attacks still happen. More often than not, computer break-ins are a collision of circumstances rather than a standalone vulnerability being exploited for a cyber-attack to succeed. In other words, it’s the “whole” of the circumstances and actions of the attackers that cause the damage.

3.1 Reductionism vs Holisim approach

Reductionism and Holism are two contradictory philosophical approaches for the analysis and design of any object or system. The Reductionists argue that any system can be reduced to its parts and analysed by “reducing” it to the constituent elements; while the Holists argue that the whole is greater than the sum so a system cannot be analysed merely by understanding its parts [10].

Reductionists argue that all systems and machines can be understood by looking at its constituent parts. Most of the modern sciences and analysis methods are based on the reductionist approach, and to be fair they have served us quite well so far. By understanding what each part does you really can analyse what a wrist watch would do, by designing each part separately you really can make a car behave the way you want to, or by analysing the position of the celestial objects we can accurately predict the next Solar eclipse. Reductionism has a strong focus on causality – there is a cause to an affect.

But that is the extent to which the reductionist view point can help explain the behaviour of a system. When it comes to emergent systems like the human behaviour, Socio-economic systems, Biological systems or Socio-cyber systems, the reductionist approach has its limitations. Simple examples like the human body, the response of a mob to a political stimulus, the reaction of the financial market to the news of a merger, or even a traffic jam – cannot be predicted even when studied in detail the behaviour of the constituent members of all these ‘systems’.

We have traditionally looked at Cyber security with a Reductionist lens with specific point solutions for individual problems and tried to anticipate the attacks a cyber-criminal might do against known vulnerabilities. It’s time we start looking at Cyber security with an alternate Holism approach as well.

3.2 Computer Break-ins are like pathogen infections

Computer break-ins are more like viral or bacterial infections than a home or car break-in [9]. A burglar breaking into a house can’t really use that as a launch pad to break into the neighbours. Neither can the vulnerability in one lock system for a car be exploited for a million others across the globe simultaneously. They are more akin to microbial infections to the human body, they can propagate the infection as humans do; they are likely to impact large portions of the population of a species as long as they are “connected” to each other and in case of severe infections the systems are generally ‘isolated’; as are people put in ‘quarantine’ to reduce further spread [9]. Even the lexicon of Cyber systems uses biological metaphors – Virus, Worms, infections etc. It has many parallels in epidemiology, but the design principles often employed in Cyber systems are not aligned to the natural selection principles. Cyber systems rely a lot on uniformity of processes and technology components as against diversity of genes in organisms of a species that make the species more resilient to epidemic attacks [11].

The Flu pandemic of 1918 killed ~50M people, more than the Great War itself. Almost all of humanity was infected, but why did it impact the 20-40yr olds more than others? Perhaps a difference in the body structure, causing different reaction to an attack?

Complexity theory has gained great traction and proven quite useful in epidemiology, understanding the patterns of spread of infections and ways of controlling them. Researchers are now turning towards using their learnings from natural sciences to Cyber systems.

4. Approach to Mitigating security threats

Traditionally there have been two different and complimentary approaches to mitigate security threats to Cyber systems that are in use today in most practical systems [11]:

4.1 Formal validation and testing

This approach primarily relies on the testing team of any IT system to discover any faults in the system that could expose a vulnerability and can be exploited by attackers. This could be functional testing to validate the system gives the correct answer as it is expected, penetration testing to validate its resilience to specific attacks, and availability/ resilience testing. The scope of this testing is generally the system itself, not the frontline defences that are deployed around it.

This is a useful approach for fairly simple self-contained systems where the possible user journeys are fairly straightforward. For most other interconnected systems, formal validation alone is not sufficient as it’s never possible to ‘test it all’.

Test automation is a popular approach to reduce the human dependency of the validation processes, but as Turing’s Halting problem of Undecideability[*] proves – it’s impossible to build a machine that tests another one in all cases. Testing is only anecdotal evidence that the system works in the scenarios it has been tested for, and automation helps get that anecdotal evidence quicker.

4.2 Encapsulation and boundaries of defence

For systems that cannot be fully validated through formal testing processes, we deploy additional layers of defences in the form of Firewalls or network segregation or encapsulate them into virtual machines with limited visibility of the rest of the network etc. Other common techniques of additional defence mechanism are Intrusion Prevention systems, Anti-virus etc.

This approach is ubiquitous in most organisations as a defence from the unknown attacks as it’s virtually impossible to formally ensure that a piece of software is free from any vulnerability and will remain so.

Approaches using Complexity sciences could prove quite useful complementary to the more traditional ways. The versatility of computer systems make them unpredictable, or capable of emergent behaviour that cannot be predicted without “running it” [11]. Also running it in isolation in a test environment is not the same as running a system in the real environment that it is supposed to be in, as it’s the collision of multiple events that causes the apparent emergent behaviour (recalling holism!).

4.3 Diversity over Uniformity

Robustness to disturbances is a key emergent behaviour in biological systems. Imagine a species with all organisms in it having the exact same genetic structure, same body configuration, similar antibodies and immune system – the outbreak of a viral infection would have wiped out complete community. But that does not happen because we are all formed differently and all of us have different resistance to infections.

Similarly some mission critical Cyber systems especially in the Aerospace and Medical industry implement “diversity implementations” of the same functionality and centralised ‘voting’ function decides the response to the requester if the results from the diverse implementations do not match.

It’s fairly common to have redundant copies of mission critical systems in organisations, but they are homogenous implementations rather than diverse – making them equally susceptible to all the faults and vulnerabilities as the primary ones. If the implementation of the redundant systems is made different from the primary – a different O/S, different application container or database versions – the two variants would have different level of resilience to certain attacks. Even a change in the sequence of memory stack access could vary the response to a buffer overflow attack on the variants [12] – highlighting the central ‘voting’ system that there is something wrong somewhere. As long as the input data and the business function of the implementation are the same, any deviations in the response of the implementations is a sign of potential attack. If a true service-based architecture is implemented, every ‘service’ could have multiple (but a small number of) heterogeneous implementations and the overall business function could randomly select which implementation of a service it uses for every new user request. A fairly large number of different execution paths could be achieved using this approach, increasing the resilience of the system [13].

Multi variant Execution Environments (MVEE) have been developed, where applications with slight difference in implementation are executed in lockstep and their response to a request are monitored [12]. These have proven quite useful in intrusion detection trying to change the behaviour of the code, or even identifying existing flaws where the variants respond differently to a request.

On similar lines, using the N-version programming concept [14]; an N-version antivirus was developed at the University of Michigan that had heterogeneous implementations looking at any new files for corresponding virus signatures. The result was a more resilient anti-virus system, less prone to attacks on itself and 35% better detection coverage across the estate [15].

4.4 Agent Based Modelling (ABM)

One of the key areas of study in Complexity science is Agent Based Modelling, a simulation modelling technique.

Agent Based Modelling is a simulation modelling technique used to understand and analyse the behaviour of Complex systems, specifically Complex adaptive systems. The individuals or groups interacting with each other in the Complex system are represented by artificial ‘agents’ and act by predefined set of rules. The Agents could evolve their behaviour and adapt as per the circumstances. Contrary to Deductive reasoning[†] that has been most popularly used to explain the behaviour of social and economic systems, Simulation does not try to generalise the system and agents’ behaviour.

ABMs have been quite popular to study things like crowd management behaviour in case of a fire evacuation, spread of epidemics, to explain market behaviour and recently financial risk analysis. It is a bottom-up modelling technique wherein the behaviour of each agent is programmed separately, and can be different from all other agents. The evolutionary and self-learning behaviour of agents could be implemented using various techniques, Genetic Algorithm implementation being one of the popular ones [16].

Cyber systems are interconnections between software modules, wiring of logical circuits, microchips, the Internet and a number of users (system users or end users). These interactions and actors can be implemented in a simulation model in order to do what-if analysis, predict the impact of changing parameters and interactions between the actors of the model. Simulation models have been used for analysing the performance characteristics based on application characteristics and user behaviour for a long time now – some of the popular Capacity & performance management tools use the technique. Similar techniques can be applied to analyse the response of Cyber systems to threats, designing a fault-tolerant architecture and analysing the extent of emergent robustness due to diversity of implementation.

One of the key areas of focus in Agent Based modelling is the “self-learning” process of agents. In the real world, the behaviour of an attacker would evolve with experience. This aspect of an agent’s behaviour is implemented by a learning process for agents, Genetic Algorithm’s being one of the most popular technique for that. Genetic Algorithms have been used for designing automobile and aeronautics engineering, optimising the performance of Formula one cars [17] and simulating the investor learning behaviour in simulated stock markets (implemented using Agent Based models).

An interesting visualisation of Genetic Algorithm – or a self-learning process in action – is the demo of a simple 2D car design process that starts from scratch with a set of simple rules and end up with a workable car from a blob of different parts: http://rednuht.org/genetic_cars_2/

The self-learning process of agents is based on “Mutations” and “Crossovers” – two basic operators in Genetic Algorithm implementation. They emulate the DNA crossover and mutations in biological evolution of life forms. Through crossovers and mutations, agents learn from their own experiences and mistakes. These could be used to simulate the learning behaviour of potential attackers, without the need to manually imagine all the use cases and user journeys that an attacker might try to break a Cyber system with.

5. Conclusion

Complexity in Cyber systems, especially the use of Agent Based modelling to assess the emergent behaviour of systems is a relatively new field of study with very little research done on it yet. There is still some way to go before using Agent Based Modelling becomes a commercial proposition for organisations. But given the focus on Cyber security and inadequacies in our current stance, Complexity science is certainly an avenue that practitioners and academia are increasing their focus on.

Commercially available products or services using Complexity based techniques will however take a while till they enter the mainstream commercial organisations.