Zero Day Exploit targeting Google Chrome, MS Edge, other Chromium browsers – and Emergency Fix
We just learned of a “Zero Day Exploit” targeting Chromium browsers, including Google Chrome MS Edge, and various cell-phone browsers. Google and MS have released patches. This effects computers running MS Windows and Apple Macs running MacOS. It also effects iPads and other tablets running Google Chrome and MS Edge.
It does not effect Mozilla Firefox or Apple Safari as they are not based on Chromium.
To address the vulnerability, install the emergency updates:
* For Chrome, version 99.0.4844.84.
* For Edge, version 99.0.1150.553.
This also effects Chrome and other “Chromium” similar browsers on cell phones.
Safari on a Mac, iPad, or iPhone is not subject to this hack.
How important is Risk Management in Project Management? Military campaigns meet the Project Management Institute’s (PMI) definition for projects. They are meant to be temporary endeavors undertaken to create specific results. Generals, Admirals, and other officers are Project Managers, albeit with other titles. Colossal failures throughout history, including Napoleon’s invasion of Russia in 1812, and the Battle for Stalingrad in World War II, highlight the importance of Risk Management.
Napoleon in Russia
On June 24, 1812 Napoleon led his Grand Army across the Neman River into Russia. His goal was to persuade Czar Alexander I not to trade with Great Britain. The Russian Army retreated before Napoleon’s, leaving a trail of burning farm fields. Napoleon made it to Moscow by mid-September, where he “captured” a deserted and burning city. Napoleon and his army camped out in the smoldering ruins for a month waiting the Czar to sue for peace. But Alexander never did. Napoleon left Moscow on October 19, 1812, following the Russian army, with the Russian winter closing in. Napoleon’s army encountered the Russian army in the Battle of Maloyaroslavets. The battle was militarily inconclusive, but Napoleon’s army, starving and freezing, began its retreat back to Paris. In its retreat Napoleon’s army withstood attacks by the Russian army, Cossacks, and “peasants.”
Only five (5) months after the invasion began barely 27,000 of Napoleon’s forces made it out of Russia alive, crossing the Berezina River in Belarus in November 29, 1812. Then, as he had done in Egypt in 1799, and as he would do at Waterloo in 1815, Napoleon deserted his own army.
Napoleon committed 500,000 men, and lost 473,000, 94.6%, in a failed attempt to achieve his objectives. The Czar lost roughly the same number of men, however, in fending off an invading army and maintaining control of his empire, (including his ability to trade with Great Britain) Alexander achieved his goals.
In Napoleon’s failure in Russia we see a misunderstanding of the following risks:
That the Czar would raise a comparable army to fight the invaders
That this army might, in its retreat, burn farm fields to deprive the invaders of food
That Cossacks and “peasants” would fight foreign invaders to defend their homes
The weather: Russian winter
The risks that the Czar would fight back and that winter in Russia would be significantly colder and harsher than winter in Paris should have been obvious.
Had Napoleon and his Project Managers, aka “officers,” thought deeply about the implications of Russian army burning farms in their retreat, and had they considered the implications regarding supplies and logistics, they might have realized that what they may have initially believed to be an opportunity in the retreat of the Czar’s army and the occupation of a deserted city was actually a strategic move to trap his army 1,545 miles, 2,487 km, from Paris, and a threat to strain their supply chain beyond the breaking point.
Replace Napoleon with Hitler, Czar Alexander I with Josef Stalin, and June to November, 1812 with August, 1942 through January, 1943. The six-month Battle of Stalingrad, in which the Axis and the Soviets each suffered approximately 1.1 million dead and wounded, is generally recognized as the turning point for the Allies in World War II in Europe. There is also speculation that the loss in Stalingrad inspired Nazi Colonel Claus Von Stauffenberg and his co-conspirators to attempt to assassinate Hitler by planting a bomb in a conference room on July 20, 1944.
As with Napoleon, the risks should have been obvious. Even without the failure to learn from history, which is analogous to a PM ignoring Organization Process Assets, we see the same risk management strategy: “Ignore the facts and believe what you want.” And, fortunately for the world, the same result: failure.
PMI on Risk Management
The Project Management Institute, PMI, in the Sixth Edition of the Project Management Body of Knowledge, PMBOK, recognizes Risk Management as a “Knowledge Area,” and seven (7) distinct processes with Risk Management. These include five (5) Planning Processes, one (1) Executing Process and one (1) Monitoring and Controlling process. The Planning Processes include, “Plan Risk Management,” “Identify Risks,” “Qualitative Risk Analysis,” “Quantitative Risk Analysis,” and “Plan Risk Responses.” The Executing Process is “Implement Risk Responses.” The Monitoring and Controlling process is “Monitor Risk.”
Here’s how it works: at the beginning of the project, the Project Manager, (PM) needs to identify all potential risks, threats and opportunities. He or she must evaluate each risk’s likely impact, and plan an appropriate response. As the project progresses, the PM must monitor and periodically identify new threats or opportunities, planning and responding accordingly.
Individual Project Risk and Overall Project Risk
PMI draws a distinction between Individual Project Risk and Overall Project Risk. Individual Project Risk can positively or negatively impact one or several deliverables; Overall Project Risk is the total impact of all risks on the project as a whole. Overall Project Risk corresponds to the exposure to the stakeholders of all Individual Project Risks.
Risk: “Uncertainty that Matters”
– David Hillson
Merriam Webster and the Cambridge English Dictionary define risk, as a noun, as:
“1. Possibility of loss or injury, peril,
“2. Someone or something that creates a hazard,
“3 a. The chance of loss or the perils to the subject matter of an insurance contract,
“3 b. The degree or probability of such loss,
“3 c. An insurance hazard from a specified cause or source,
“4. The chance that an investment (such as a stock or commodity) will lose value.”
And as a verb, “To expose to hazard or danger, as in ‘Risking one’s life.’”
PMI, however, includes in the definition of “Risk” as “uncertain events that may benefit a project.” Opportunities are termed “Positive Risk.” (Personally, I believe that this notion of “positive risk” is counter-productive. I think PMI should define “Risk” and other English language terms consistently with English as defined by the Cambridge and Merriam Webster dictionaries. A non-standard definition of a term especially when it is the opposite of the standard definition of the term only serves to make communications difficult, both with native speakers of English and with people for whom English is a second language.)
The risk that a project will come in early or under budget is generally considered a “Positive Risk.” However, this opportunity should indicate refining the project, via progressive elaboration, that reduces the scope of the project, a reduction in cost of materials, or team members working overtime. This opportunity is likely, for example, when upgrading PCs or workstations, particularly, a phased upgrade of computers over time. It is also likely when migrating physical server environments to “The Cloud.”
In Agile teams the Scrum Master is a facilitator and a guide. He or she makes sure the team members have the tools and other resources that they need in order to accomplish their goals. Like a Sherpa leading an expedition safely back to base camp, rather than a general issuing orders or a Functional Manager assigning tasks and responsibilities, the Scrum Master is described as a “Servant Leader.” This can be effective with software development teams comprised of good and enthusiastic programmers or other teams comprised of focused and dedicated professionals. It also makes sense where Project Managers are contractors or in Functional organizations where Project Managers have limited or no real authority over their teams and are there to develop and then track the items on the “Work Breakdown Structure,” (WBS) against the schedule on a Gantt Chart. However, the most effective Project Managers inspire their teams to deliver the scope of their projects on time and on budget. Servant Leaders can be effective when they have the respect of other stakeholders, when they and the stakeholders put the project and the enterprise before their own ego.
Risk Mis-Management in a Pandemic
Napoleon’s invasion of Russia, the Battle of Stalingrad, other military campaigns, and events throughout human history, show that ineffective Risk Management can lead to catastrophic failure. Today, the COVID-19 pandemic is raging across the globe. Canada, Germany, Japan, South Korea, as well as other countries and various states within the United States have contained the pandemic; first flattening the curve, then reducing the spread of the virus. Brazil, Russia, other countries and states within the United States have not. The key difference appears to be the actions of political leaders and citizens. “Servant leaders” who listened to the doctors and the epidemiologists have successfully contained the virus. Those who ignored the science and the experts, who disregarding what PMI would describe as “Organizational Process Assets,” such as the Federal Government’s Pandemic Response Team and Pandemic Response Plan, have wrought disaster.
“Ignore the facts, ignore the judgement of experts, believe pre-conceived notions” is a Risk Mis-Management strategy which inevitably leads to failure.
As Project Managers, we owe it to our stakeholders, and as professionals we owe it to ourselves, to listen to experts, carefully evaluate risks, threats, and vulnerabilities, understand and present the facts.
Lawrence J. Furman, MBA, PMP, a Project Manager (Contractor) at the VA, has served as IT Director, Project Manager, and Infrastructure Manager in technology companies, law firms, and the financial industry. He is a member of the Project Management team at Ana’s Cloud and can be reached at LarryF@AnasCloud.com.
In 2010, we presented a plan to a law firm to expand its Backup and Disaster Recovery system (DR) into a Business Continuity system (BC). Disaster Recovery enables a business to resume operations after a disaster concludes; Business Continuity allows the business to operate during and after the disaster. Continue reading “By Planning Ahead, Businesses Can Survive Disasters”
Jersey City, November, 2001. It could have been yesterday. I was working for Credit Suisse. “You’re a DBA. A database system is down. Go fix it.” said my boss. On site, I replaced the failed drives – there were two – reconfigured the systems, reloaded from backups, tested and verified functionality, documented my findings, and headed home. Continue reading “Disaster Recovery Without Virtualization or the Cloud”