A new threat called - "Stuxnet"

Stuxnet is a computer worm which is made to destroy industrial control system. It was first found in the month of June in Belarus (Eastern Europe) by VirusBlokAda, a security firm. A computer worm is self-replicating malicious software which causes congestion in the network by spreading in the system. They can delete files, send unauthorized mails and can encrypt any data into an unknown format, thus rendering the data meaningless.

Stuxnet is not an ordinary worm. It is designed to perform some very specific task which can cause damage of higher magnitudes than caused by other worms. It has been found by Microsoft that more than 45,000 computers were affected by Stuxnet of which 60% were in Iran, 18% in Indonesia and around 8% in India. It seems that this worm has been created specifically to attack nuclear facility in Iran. It is because Stuxnet has been found in its Bushehr nuclear plant, and few of the centrifuges were dropped last year in its nuclear refinery at Natanz.

It is good that this worm doesn't target all the industries, as 15 plants around the world had been infected, but it didn't stopped the proper functioning of the systems and the worms were removed, according to Siemens (a German Engineering conglomerate). On the other side - they target to specific project, plant or an organization. This worm enables its creator to change the control mechanism, stop the plant, increase or decrease the rate of injection of nuclear elements; and make many undesirable changes. If this happens, it would be a great threat to the whole society. Moreover, it can not be determined from where the worm was originated and who controls it. 

It is believed that creating Stuxnet has been supported by a strong financial and a big know-how of some government. It is not the work of regular hackers or any cyber-criminal who do it for money, curiosity or pleasure.

It is believed that Stuxnet uses 2 compromised security certifications – one from the firms of Taiwan and the second from Windows when it had security loop-holes. This helps Stuxnet to gain access within the system without any permission and can breach the security easily. 

Sometimes companies and security agencies do not connect their systems to the Internet, but Stuxnet can spread easily through gizmo's like memory card, pen drives, PDA's, etc... It can also spread through the shared networks. It is very difficult to impose a check on it every time.

So, it’s the time when the government, firms, institutions, and security agencies keep a tight security check on their systems. I hope that Stuxnet doesn’t cause any catastrophe.

Why mangers overrun time and budget

You might have heard that mangers often run out of time and budget. It is not that they don’t know how to manage or they lack skills. It is often the uncertainty which comes in the way of the project being undertaken. 

Some major mind storming decisions to be taken are -

1. Ask a question to yourself – how much time it takes you to go home from your office. The answer you will give is a standardized one, say 20 minutes. Consider the following scenarios –

• You get a traffic jam way back home,
• You get a flat tire,
• It was a hot weather and you didn’t got any traffic
• You met an old friend and went to CCD or Barista

In such cases the time could range between 10 minutes to 30 minutes, or probably an hour. So, what you answered is correct, but a general one. If a Project manager answers this way and takes a project, then he would be able to complete the project with the grace of God!! The point is you need to keep some safety in between. How much safety is required?

    2.   Every project has a start date and an end date and there is one critical path (which takes the maximum   time to complete). Now it is the call of the manager, when to start the remaining tasks? If all the tasks are started simultaneously in the beginning then the manager would lose focus, and if all the tasks are started later i.e. at the completion of slack time, every task would become critical and delay in one task would increase the scheduled time and above all the manager would lose control over the project. 

Let us first understand what actually a project is. A project in simple term is a non-routine, complex task to be undertaken which is to be completed within a given time frame, resources, and budget; with the desired quality. It has a start date and an end date.

A project is not only confined to IT industry, it is viable for every service industry as well as manufacturing industry. There are some loopholes in every organization, due to which the problem of overrun occurs. 5 such reasons are listed below –

1. Student’s syndrome - Students take a week’s time to complete their work which can be completed in 2 days, and still fail to complete it. The 5 extra days here is the safety they have introduced.
2. Hierarchy of the Organization - The more the depth (no. of levels) of the hierarchy, more will be the safety (in terms of time) introduced at every level.
3. Ambiguous Scope - Many a times the scope, i.e. the base-lining the project is not done properly. As a result a clear picture as to what needs to be done is missing.
4. Dependencies - There can be many inter-links or relations between the tasks, which restricts the other tasks to start or complete without them.
5. Multi-tasking – Manager can plan many things to be done in parallel. Suppose project A and project B are to completed and they are being carried in parallel. Say A takes 20 days to complete and B takes 25 days to complete. If after every 5 days the manager works interchangeably, then Project A will be completed in 35 days and Project B will be completed in 45 days. So, multi-tasking has its own pros and cons.

 To eliminate these loop holes we should follow the following standard steps as described in the book – “The Critical Chain”- by Eliyahu M. Goldratt –

1. IDENTIFY – First identify the constraints or the areas which needs special attention
2. EXPLOIT – Try to eliminate and mitigate them as much as possible
3. SUBORDINATE – Find the substitutes available for the critical task to avoid delays
4. ELEVATE – If the task require more resources (labour, equipment, machine, etc…), then deploy them
5. ANALYZE – Check the system again for these critical tasks and follow the above steps again in order to solve the issue

Apart from these steps, a few more things could be done to improve the working efficiency and completing the projects before the due-date.  The following steps could be considered in some of the areas –

1. No fixed time - Often we tell the workers to complete the task in x no. of days. So the worker works at that pace and works slowly so that the work is not completed before time. Instead of fixing time, try to make them understand that the project needs to be completed as soon as possible and is critical. Then they would work at their actual pace and the task would be completed well before it is scheduled.
2. Negotiation - Try and negotiate with the local vendors on the time in which they could supply the raw materials or semi-finished goods or services.
3. Reward for early completion - Give rewards to the vendor for early delivery of goods. State the reward in the tender for early completion along with the penalty for delaying the completion of the contract.

"Smart people learn from their mistakes, while wise people learn from others' mistake".

I hope this blog describes some of the major problems faced and some measures taken by the managers to curb them. Please add more insights to add value to this discussion on Project Management.