Peter Cochrane: WannaCry? I wanna understand what's going on

Peter Cochrane examines the common problem between the WannaCry outbreak, the BA breakdown and the NSA malware tools leakage - managers

One badly configured breed of ransomware (WannaCry), known of and warned about for six months, locks up 220,000 computers worldwide, shutting down hospital services and even a telco.

Weeks later, one of the world's biggest airlines, British Airways, is totally grounded over a bank holiday weekend by an IT failure.

Nearly every big IT project I have been involved with (outside the tech sector) has been managed by ‘managers' - people with little or no expertise in IT

Secret documents from the intelligence services of the most powerful nation on the planet (the US, who else?) are leaked onto the internet. Meanwhile, many software tools developed by security the services of numerous countries available on the so-called dark web.

The big question is, what on Earth is happening?

I don't think this is about bad design, technology, or even bad security. But it is almost certainly about ignorance and bad management. Nearly every big IT project I have been involved with (outside the tech sector) has been managed by ‘managers' - people with little or no expertise in IT. Some have been semi-innumerate, as well, and unable to fully grasp the scale and implications of simple things like storage capacities, computing powers and communication bandwidths.

Two notable examples always come to mind:

First was a female IT department head in a large organisation, who was so out of her depth that she would open her laptop, log-on, grab her mail, and log-off as quickly as possible. Then she would process the email offline, log-on, and upload, only to quickly log off again. Browsing was also a no-no - and all down to security paranoia.

The second was a male IT manager at a large retail organisation with a massive global turnover. During a meeting addressing the shopping habits of groups and individuals, with a view to implementing focused marketing and selling, he asked the question: "Can't we get people to do this? Do we really need all this technology?"

Let me spell it out: these were the heads of IT departments. If they barely have a clue, what hope is there for the rest of their organisations?

These are exceptional examples, perhaps, but symptomatic of a popular meme: ‘Managers manage, and they don't need to know anything about technology'.

This is dangerous, to say the least, and even more evident at corporate-board level. Finance and human resources have the seats and big controlling voices, the chief technology officer (CTO) or CIO may have seats, but quieter voices - and there is never a seat for the chief information security officer (CISO).

So a CIO, CTO and CISO may be up before the board to make a case for some equipment, network or service upgrade investment, and the eyes before them rapidly glaze over. Everyone in front of them also has investments for their own department in mind, too, which would help them expand their empires.

And then the killer question is asked: "We have never had a significant security, operating, or delivery system problem before, so why should we be spending all of this money now?"

Alternatively, there is a grudging acceptance, but the budget is cut back by 30 or 40 per cent, and/or the roll out is delayed or extended.

The consequences of all this hits the headlines almost daily, and the event sizes and scale of the damage appear to be getting bigger. If I now turn this picture around 180 degrees, I meet very few CIOs, CTOs, or CISOs who are good at communicating on technical issues to a lay audience, and even if they are, their task is very challenging.

For example, the most jaw dropping question put to me: "Can you tell us how a mobile phone works in three minutes?"

Well, I could have, but the degree of bastardisation necessary to get it down to just three minutes would have meant that the explanation would barely have been useful.

Now for the good news. The crusty, old managers and boards are dying off (almost literally) to be replaced by a new breed of more tech-savvy managers. These youngsters may have done a computing degree and then move on to a MBA. A few, meanwhile, may have taken one of the new hybrid MBA/MSc degrees that combine management and technology content.

Even those that haven't, will have grown up with technology becoming an ever-greater and more important part of their lives.

To me they all look like the cavalry riding to the rescue, but only just in time… I hope!

Peter Cochrane OBE is the ex-CTO of BT, who now works as a consultant focusing on solving problems and improving the world through the application of technology