[Non-DoD Source] Sigh…ber Part 2

What’s up with that kooky title?  Well that’s how all your email coming from outside the “dot mil” domain appears to those inside…As if they are somehow more secure?  I guess this is an attempt to highlight emails coming from us pogues outside the secure boundaries of DoD email and to alert those on the inside that there is danger in communicating outside the domain….non-dodPersonally, I would like all their outgoing email to be marked [DoD Source] so I can choose not to read some of the mountains of stuff that comes out from them…Like the DoD media reports that give us a detailed “Readout of SecDef meeting with the Dali Lama” and the like (See the News section of this web site).  I don’t think I have ever finished one of those “Readouts”, because frankly, there’s nothing of substance in them.  Does anyone outside the Pentagon really care?(and I’m pretty sure only a very select few inside do)   That’s a candidate for [DoD Source] marking so I can avoid it.  And yet, some GS-15 is probably making a lot of money producing them.  There’s also the de rigueur morning DoD press reports of the wildly successful strikes against ISIL targets conducted by our forces overnight.  Yet another candidate to be marked [DoD Source].  I guess I have just become overwhelmed by all the happy talk to the point that I just don’t have confidence that everything I read is really “true.”

Now hold on there you DoD buckaroos!!!!!  I’m not saying that what you put out is not “True”, but I think we can all agree that words can be put together is a way that while they are true, they may not be “truthful.”  I put on an occasional seminar on Ethical Decision Making and in that class I discuss some points concerning “truth.”  truth2  Perhaps the most famous seeker of a definition of truth was Pontius Pilate when he asked, “What is truth?” He didn’t get an answer to his question then and the answer to his question has been  debated for centuries.  In my previous article , Sigh-ber, I touched upon the wisdom of always being completely truthful so I won’t jump into that morass again.  But is always just telling happy truth, and ignoring some of the bad news, being completely truthful?  I think not.  I recall during one session on the Hill when I was asked if we had fully funded the ship maintenance requirement I replied, “Yes Sir.  We have fully funded the ship maintenance line to 75% of the requirement!”  True enough!  Anyway, I digress.

I am somehow offended that DoD chooses to mark my email as [Non-DoD Source].  I suppose I should be grateful that they deign to open my “insecure” emails.  Given the thousands of emails folks receive in the Pentagon, my guess is that they will all become desensitized to that phrase and will ignore it.   But……if someone ever clicks on a [Non-DoD Source] email and causes some sort of bot or bug or worm or virus to be introduced into that bastion of security, the “dot mil” domain, the Cyber-police will descend upon them for ignoring the [Non DoD Source] warning.  I am sure the cyber-Dons within DoD are correct when they believe that this sort of thing can’t happen from within the “dot mil” domain….But somehow I still see echos of Bradley Mannings, Ed Snowdens and a lot of others who had inside access, that could care less about [Non DoD Source], because they were a [DoD Source]!

PS.  My N8 former self can help but wonder how much it cost to mark all non DoD email as [Non DoD Source].

FoundationAnchorLogo  Please help our wounded Sailors and Coast Guardsmen by attending a performance of “A Christmas Carol”, presented by the Little Theater of Alexandria on the evening of December 16th by clicking here.

 

 

Sigh–ber

It’s been a while since I opined on matters I know little about…so I thought I would continue that tradition by putting out a few thoughts about all things cyber.  No doubt you have all heard about cyber-xxxxx until you are becoming immune to the cries of “Danger Will Robinson.”

RobotAnd that is a real problem because cyber crime, cyber snooping, cyber intrusion, cyber war, and all manner of other things is perhaps the most significant challenge to the well-being of the good ole US of A in this century, IMHO.  I’ve attended a series of meetings and had a couple of events in my personal life that have caused me to think a lot about this problem.  But they way, I don’t claim ownership of any of these ideas.  I have heard them in a variety of places from a variety of people.  I just wrote them down in one place.

Nothing chafes me more than getting my credit card rejected, and then finding out that my credit card company has detected the unauthorized use of my card and I must get a new one.   That’s when I realize just what a poor job I have done in protecting myself….I even have a spreadsheet now with all the web sites that I have to visit to update my credit card number.  It has web addresses, user names, account numbers and passwords all laid out so I can spend about two hours on line changing them all…..Am I the only one with this problem??? I’ve started trying to put everything on line through PayPal, but who’s to say that won’t be hacked next?

Think about all the bad things that have happened due to cyber crime in the last year or so…..Target gets hacked, the Joint Staff email system is fried, the Pentagon Food Court is penetrated, the OPM debacle.  SF86-doodyBTW I just got my ( less than timely) letter last week from OPM informing me that all the information on my  SF86’s was compromised….that’s efficiency for you!!! (No wonder they got hacked if the timeliness of their notification is any indication of their expertise) How long has it been since we all knew about the OPM fandango???? And yet…..no one has gone to jail on the criminal side and no one has been fired or disciplined ….for any of those things.  And I’ve got to say that in the case of OPM, it seems to me the cure is worse than the disease….Let me get this straight…..I get free monitoring for a couple of years and all I have to do is enter in all the personal information they couldn’t keep secure anyway…They want me to enter driver’s license number, bank account numbers, credit card numbers….What kind of idiot do they think I am?  They gooned it up once……and most likely will goon it up again…There’s no way I’m putting all that info into anything that has anything to do with OPM or the US Government, for that matter…( Isn’t the lowest bidder providing most of the government’s security packages?). They should just ask the Chinese or the Russians for my info, since they apparently already have it………but I digress.

As I have been thinking about cyber security and listening to the experts over the past few months, it has dawned on me that this is a problem like no other we have ever encountered.  And that means it’s going to require some very innovative and unconventional thinking to fix it (and thus the perfect reason why DoD shouldn’t be in charge).  Moreover, this problem is much too serious to be given to the techies to manage.  This is far too important to keep in the IT closets of government and corporate America.  Management and leadership must know this stuff cold and be intimately involved every day, in every way.  Why do I say that? Here are a few unique aspects to the problem:

  • Everyone is an operator.  Except for a few holdouts from America’s Greatest Generation, virtually everyone is slammin’ away at a keyboard or tip-tapping on a touch screen or talking to Siri(for those who are unable to get anyone else to talk to them).  You don’t need a license, or any training, or have any awareness of just how badly you can screw things up to “operate” on the Internet.  You all know people who shouldn’t be allowed on the Internet….the people who actually reply to the email from Mr. H. J. Spankle, Esq. from South Africa telling them that their long-lost cousin has left them a fortune. Or the ones who hit the “reply” button on the email from their bank telling them to update their user name and password……And yet they are all out there spending hours on-line, causing who knows how much damage.  Their vote counts just as much as yours, by the way.   This is why cyber experts will tell you that in most breaches, it’s not technology, but people at the root cause.
  • There are no boundaries. There are no borders to control, no time zones, no hours of operation, no holidays, no boundaries of any type on the Internet.  As a result, it’s not clear where jurisdictions begin and end.  I suppose you could say that firewalls are a type of boundary, but even the best of firewalls eventually get penetrated.  I was recently visiting NAS North Island in San Diego and went to the Mother of all Starbucks, located next to the carrier pier.  I tried to use my smartphone app to pay for coffee, but was told they weren’t allowed to use that feature on the base because of the possibility that using the Starbucks Pay App might cause a cyber-intrusion in the base network…Huh?  If that’s the case on NAS North Island, why isn’t that the case at any Starbuck’s.  They don’t even use the Navy network and yet the Navy is worried about intrusion.  Can that be true?  Do the folks making those decisions really know what they are doing???  I hope so, but it doesn’t make sense to me. This type of mentality reminds me of the old saying in Naval Aviation, ” If safety was paramount, we would never fly!”
  • No one is in control. This relates to the no boundaries problem. Since there are no boundaries, it’s not clear who is in charge.   Of course, there are several organizations that may exercise some moderate influence,  like the Internet Corporation for Assigned Names and Numbers (ICANN) or maybe some of the companies maintaining Authoritative Name Servers (the keeper of the “phonebook” for domains like .com, .net, .org, etc)  Until about 1999, a company known as Network Solutions,Inc. did this function, but now several entities claim this responsibility, along with organizations for domains like .biz and .edu.  The United Nations has been monkeying around with Internet Governance as well, claiming that they don’t want the US in charge (BS IMHO) but in the end there is no single “belly button” in charge.
  • There in no difference between military, government and civilian operations. Everyone is in the same boat.  This becomes a real problem after a hacking event when trying to attribute the attack to someone or something.  Was it a hostile act by an opposing military power or was it a criminal act by some organized crime actor, or was it a terrorist act by a radical group, or was it just a random act of boredom by a “hackivist”  wasting time between Minecraft games?  Who knows?  It all looks the same.  This is a fundamental problem in determining what type of response is appropriate for any given attack.  I have no doubt the US has the capability to “smoke check” every single computer in North Korea….or even turn my own laptop into a time bomb fueled by a “Phaser Overload” in my lithium battery pack, but to what end? Is it our responsibility to be the “Net Police”? Is it DoD, DHS, FBI, FCC, Radio Shack???? I just don’t know (and apparently neither does any of our leadership).
  • All share in the risk.  Just look at the Target incident.  Even though I might have been a completely hygienic internet user with impeccable security habits, all I needed to do was buy a lightbulb from Target using a credit card and BINGO….I’m hacked!!  And think about the problem of someone else using your computer for whatever reason…all they need to do is click on one spam message and you are hacked.  In fact, it takes just one ne’er-do-well on your vastly secure network to plug in one thumb drive, and you are hacked.  You are at risk, even if you chose not to play the game.  This has huge implications.  BTW,  do you all have the new credit cards with the chip that is supposed to enhance security?  You know, the one that doesn’t work in any of the credit card readers?????? As far as I can tell it’s still swipe, swipe, swipe your personal information away!!!!!!
  • Cyber-Health is nonexistent in the masses. Probably an overstatement, but the point is that even very well educated folks are constantly falling prey to all sorts of scams, phishing schemes and electronic theft.  Think about the little device that criminal stick to the ATM card slot that copies all your ATM card info. Or what about the scanners that can cue your smart phone to dump its address book (now we need metal card holders to prevent intrusion, a la the new Pentagon Badge Holders?).  So my contention is that the vast majority of internet “operators” pay about as much attention to cyber-hygiene as they do about the dangers of texting and driving…..Once again, it only takes one to spoil the whole barrel and there are plenty of rotten apples running around out there.

So there are just a few reasons why cyber-related problems are unlike any we have tackled before.  No great revelations here and sadly no solutions.  But I contend that to get to the solution, we must first understand the problem we are fixing. I don’t think we are anywhere near understanding the extent, nature or consequences of living in a world where everything is connected.  To my way of thinking, we have too much of a good thing and that can be bad thing.  I am reminded of a discussion I once had with a prospective bridegroom when I was a marriage mentor.  We were talking about the special relationship between married couples….no secrets, everything open and above board…Then I remembered that sometimes openness and honesty may not always be the best policy when it comes to marriage….I made that mistake early on in our marriage…..I recall coming home just weeks into our wedded life and passing on the blueberry pie the lovely Mrs. Crenshaw has spent many hours preparing (after attending classes all day).  “Just so you know, I don’t like blueberry pie,” I said.  Some four-two years later I regret that moment of honesty every day!!!!!!!!!!blueberry

 

 

Reforming Acquisition Reform

There has been a lot of static on the net lately concerning acquisition reform.  Two notable recent arrivals on the scene have been all the buzz around the Beltway:  First, the release of Better Buying Power (BBP) 3.0, Under Secretary of Defense (AT&L) Frank Kendall’s reincarnation of BBP 1.0 (originally issued by Ash Carter when AT&L, and later BBP 2.0 by Mr.Kendall). DoD CartSecond was the publishing of a report by the Senate Permanent Subcommittee on Investigations, Chaired by Senator Levin, with Senator McCain as the Ranking Member.  The report, entitled “Defense Acquisition Reform: Where Do We Go From Here?, is a collection of essays by 30 experts in the Defense acquisition world about how to improve or reform defense acquisition of things (and to a small degree, services).

Better Buying Power 3.0

One of the things I like most about the concept of the Better Buying Series is the iterative process in improving its focus.  After letting BBP 1.0 run for a while, corrections were needed as the result of some unintended consequences (like an irrational focus on lowest price, technically acceptable contracts) and need for clarification of some of the elements.  BBP 2.0 did just that, directing that more care must be given in defining what is “technically acceptable” for example.  Now, BBP 3.0 has come out to further tweak the elements of BBP.  A couple of previous elements were eliminated because they were considered complete:

  • Institute a system to measure the cost performance of programs and institutions and to assess the effectiveness of acquisition policies
  • Assign senior managers for acquisition of services

There were some carry overs as well, mostly with refined language.  I won’t list them all here, but the ones that I think represent the most significant change are:

  • A recognition that capability must be considered in evaluating cost by changing the focus from “Control Costs Throughout the Product Lifecycle” to “Achieve Dominant Capabilities while Controlling Lifecycle Costs”
  • Expanding focus on incentivizing productivity and innovation by breaking out into separate areas with following additions:
    • Increase prototyping and experimentation
    • Emphasize tech insertion and refresh in program planning
    • Use of modular, open architecture systems
    • Provide tech requirements to industry early
  • Increasing ability of acquisition leaders to understand and mitigate technical risk.
  • Increased support for Science, Technology, Engineering and Mathematics (STEM) education

Here’s a link to the BBP 3.0 overview.  All in all I think it represents a good step forward in the BBP series and will certainly help in trying to understand all the things going on in the world of acquisition reform……..BUT,

Many of the themes that emerged in the second recent arrival, the Senate study (Complete study can be found here) were not really addressed in the BBP 3.0 document.  To be fair, the report had yet to be released prior to putting BBP 3.0 on the street, but I would have hoped for more overlap.

The Senate report pulled out four overarching themes from the musings of the 30 experts contributing to the report:

  • A cultural change is needed in the acquisition workforce, including more effective incentives
  • Training and recruiting of the acquisition workforce must be improved
  • Realistic requirements definition are critical
  • Accountability and leadership throughout product life-cycle needs improvement

The report also makes two observations which I will quote here:

“First, among all those factors that have been identified as contributing to dysfunction in the defense acquisition system, cultural change is among both the most important and the least amenable to legislation and policy changes. It is, rather, a function of leadership throughout the chain-of-command and an incentive structure that threads through both the government contracting and acquisition workforce and industry that assigns a premium to cost-control and the timely delivery of needed capability.

Second, continued “sequestration” of the DOD’s budgets will undermine any savings that could be achieved through even the most successful acquisition reform.”

Well, to me that says, 1.  It’s more of a DoD problem than a legislative problem and 2. sequestration will nullify ( or at least severely impact) all acquisition reform efforts.   The last thing we need is even more regulation in the acquisition process.  I would offer that in my opinion sequestration is not necessarily the enemy here.  I still think we have too much waste in DoD, too many pork barrel projects, too many pet projects and too many cooks in the kitchen.  What is the enemy is the uncertainty in the budget process over the last several years….Continuing Resolutions, multiple budgets, Overseas Contingency Funds abuse and a foolish focus on equity in Service budgets have all undermined our ability to reform how we buy things.  In the end, it is a indeed a legislative problem….The failure to pass budgets on time, regardless of  the funding levels.  Life would be so much easier and efficient in DoD acquisition with regular and predictable budgets, passed in a timely fashion and accurately executed.

One final observation:  I would like to see the Senate produce a similar document on acquisition reform, but using 30 PRACTITIONERS of acquisition at the grass roots level: Project Managers, PEOs, and Contracting Officers.  A view from the top is always useful, but without a view from the bottom we will never really fix what is wrong with acquisition culture. They are the ones that make up the culture, not the poobahs at the top.  A little more focus on them would be helpful…I’m not sure that after a contacting officer reads BBP 3.0 they will do anything different.

Motivate me!

I just finished plowing through the 2014 Performance of the Defense Acquisition report published by Office of the Under Secretary of Defense, Acquisition, Technology, and Logistics (AT&L).  ATL Report width= I was prompted to look at it when I saw this article in the Washington Post on what motivated contractors, according to the report.  Pardon my suspicion at a report bragging about how well the current crowd at AT&L is doing, but I’m suspicious.  First….there’s a lot of statistics included and my experience is that statisticians can twist the numbers to say anything.  As evidence, I note there wasn’t much bad about the JSF (perhaps the worst performing program of all time) in the report.  Oh sure, it appears, but if one were to just glance at the charts and graphs where JSF is mentioned, you get the impression that it’s just a middle-of-the pack program…..lots of programs perform worse, a few perform better.  EXCUSE ME?  This baby is already $160 Billion behind schedule and 10 years late in delivery (and still counting by the way, especially given the disastrous fire at Eglin Air Force Base last week). How DoD can publish a report on performance of the Acquisition system without including a chapter on why the JSF program is so gooned up is beyond me.  It’s like the YouTube video when the gorilla walks through the basketball game.  Am I the only one who noticed?

Another item I thought was interesting was the conclusion that although Firm Fixed Price (FFP) contracts do perform better and generally exhibit less cost growth, the report concludes it’s because most of those contracts are lower risk anyway.  Oh by the way, the evil part of FFP contracts is that the vendors who do a good job of managing cost and performance of their programs are probably making more profit and therefore gouging the Government.  I can hear the conversation in the Pentagon now, “That darn contractor actually delivered on-cost and on-time, so we must have given him too much money!”  That substantiates my belief that the Pentagon has the uncanny ability to take from good performing programs to pay for the sins of poor performing programs, thereby dooming all programs to some level of common mediocrity.

One other point I thought was interesting….there’s no mention of contracts that were awarded on a lowest price, technically acceptable (LPTA) basis.  Some in industry contend that DoD is so bent on doing things on the cheap, that quality has suffered when contracts are awarded on an LPTA basis. I don’t know if that is just sour grapes from the expensive losers or truth.  No one seems to care…….about the quality any way.

Back to the title…..What were the conclusions?

  • Not all incentives work. In order to work they have to be used, be “significant, stable and predictable,” and they must be tied to DoD objectives.
  • Cost-Plus vs Fixed Price contract debate is a “red herring.” It’s incentive-based contracts that matter.
  • Incentive Fee contracts work best.  The big plus here is that using them allows the Government to limit contractor profits. (My personal opinion is that DoD should spend less time wringing their hands over profits and more time on getting the requirements right to begin with.)
  • FFP contracting requires knowledge of costs.  (Once again, this one refers to limiting contractor profits)
  • Programs which realize better profits in production incentivize vendors to move quickly through the development phase (Of course, this implies that the Government does not change requirements in the development phase….Good luck with that!) and saves money in the end.

So there you have it.  My little list of what incentivizes contractor to perform better goes like this:

  • Well written Requests for Proposals which are clear on requirements.
  • No requirements creep during the process.
  • Regular and reliable funding streams…none of this Continuing Resolution, furlough, of OCO stuff (Oh, how I’m tempted to use a different word here).
  • Full and Open competitions
  • Procurement professionals who spend a lot of time on improving government processes and less on monkeying around with industry processes.
  • A Government that honors multi-year procurement deals.  No canceling in mid-stream.

To be fair, I think that there have been improvements in the acquisition process and those in the driver’s seat deserve a pat on the back.  But in the end,  the fundamental problem is that the requirements process never gets it right and we spend lots of time and money recovering.  Congress doesn’t help things with its inability to pass a budget either.

 

Beware the Cyberwock

JabberwockyIn a previous article, Cyber-Too Big Not To Fail, I provided some comments on the recently signed Improving Cybersecurity and Resilience through Acquisition .  This document lists six recommendations for doing just that.  As I mentioned in the article, it’s very hard for a “cyber-outsider” to understand much of what it is saying (which is part of the problem IMHO).  It does however prioritize the recommendations and pushes for tackling Recommendation 4 as a first step.  Recommendation 4 is this: Institute a Federal Acquisition Cyber Risk Management Strategy.  Here is a link to the draft of the plan to implement Recommendation 4.  I had a chance the other day to have a look at a draft document which is in support of implementing Recommendation 4 entitled “Appendix I, Category Definition, Prioritization, and Overlays.”

This document is trying to show how Federal dollars are spent on cybersecurity and then provides a proposed structure on how to characterize the types of cyber acquisitions, based on Product and Service Codes.  I just have to provide a quote to demonstrate just how confusing documents like this are to me (and I suspect to most of us non-geeks). Here it is,”..[This document]..is intended to provide a starting point for the collaborative, stakeholder-centric development of a method for categorizing similar types of acquisition that achieves the goals of recommendation number four…..”  Can anyone tell me what the heck a “collaborative, stakeholder-centric development” means? (Now’s a good time to review my article on Self-Licking Ice Cream Cones.)  I know it’s a complex subject, but geez-louise can we at least use plain English?  It seems to me before we start diving into the pool we ought to see how deep the water is.  By that I mean, I strongly believe that we should spend some time first developing a set of principles to guide us through the process.  These principles should be simple, easily understood and brief.  Once we get the principles right, all the other stuff is easy.  So you heard it here first: Crenshaw’s Cyber Acquisition Guiding Principles.

 

  1. Government and Corporate data must be protected.
  2. Access to data must be controlled at all times.
  3. Risk to Government and Contractors should be considered.
  4. How the information is being used is as important as what hardware is being used to handle the information.
  5. Rules must be consistent with existing rules and regulations to minimize confusion.
  6. Leverage existing rules and regulations before inventing new ones.
  7. Rules must be executable by all, from  the smallest 8A, SDVOSB, Hub Zone firms to world-wide corporations.
  8. Contracting Officers must have enough knowledge in cyber to make reasonable judgments when drafting RFPs
  9. Rules and Regulations must be verifiable with reasonable effort and minimum time (In other words, no 5 year long DCAA audits)
  10. Incident response responsibilities must be clear and incentivized.

OK.  Now that we understand that, perhaps we can get down to putting something on paper that we can work with, not “a collaborative, stakeholder-centric approach”, whatever that means?

Dinosaurs and Dead Reckoning

I’d like to think that I’m fairly open-minded when it comes to the use of technology.  As I mentioned a few days ago, the changes in lifestyle brought about by technology are mind-boggling.  The same is true for war fighting.  I was with a group the other day touring a US Navy guided missile destroyer and my ears perked up during a  briefing on the Bridge by the ship’s navigator.  This young officer was enthusiastic and obviously proud of her position as the Navigator.  I was pleased to see an electronic navigation system over her plotting table on the Bridge, but when she said that she was qualified to only use electronic navigation I took note.  She continued that her goal was to become qualified in paper navigation at some point.  I know that going to electronic navigation can save the Navy a ton of money by eliminating the need for lots of paper charts, to say nothing about the manpower needed to keep them up-to-date.  It brought back memories of my third-class year at the Naval Academy and the year I spent learning basic navigation and celestial navigation.  I even remember a brief section in the textbook, Dutton’s Navigation and Piloting, regarding the advent of LORAN-C, a new radio aid to navigation (you needed a degree in electrical engineering to make it work!).  I struggled through endless P-Works (navigation exercises) in the Navigation Loft of Luce Hall.  Luce Hall was also the place where we learned to read flashing light and signal flags.  I endured a whole semester of celestial navigation, sun lines, local apparent noon, and latitude by Polaris calculations.  As I recall, using planets to navigate was particularly difficult because those suckers were always moving around! Inevitably,  I would wind up with a fix that was a triangle that put me somewhere in a 50 square mile spot in the ocean ( or worse yet, a point fix 25 miles inland!)

As an A-6 Bombardier/Navigator I  experienced the same thing.  As a junior officer the best we could do was write down the ship’s position about 45 minutes before we took off and hope that the ship didn’t go too far.  Once airborne, the first thing you had to do was figure out where you were by finding a landmark on the radar.  Then you had to find your target,  hope the pilot could follow the steering directions and while you guide your bomb to the target (assuming you were using a laser guided weapon).  Then you had to go back and find the ship and land.   Now all that is done by GPS, the bomb guides itself to a target you never have to find.  How sweet is that?

USS LaMoure CountySo is relying on state-of-the-art electronics a good thing or a bad thing? One would think that using GPS has got to make things easier, yet ships continue to run aground even with GPS in working order.  I seem to remember that the USS LaMoure  County ran into the continent of South America using GPS several years ago. USS San FranciscoThe  submarine USS San Francisco was using an electronic map when it hit a seamount  in 2005.  So clearly, electronic systems are not infallible (although there’s always an element of human error).  One could argue had there been less reliance on technology and more reliance on the tried and true methods of navigation those events might not have happened.  On the other hand, using these systems reduces manpower requirements (and cost), saves time and can enhance safety when used properly.  Heck, without technology a pilot could never fly an F-18 and accomplish the mission because of the complexity of the aircraft and weapons systems.

So I’m not sure I know the answer to the question, “Should I rely on technology or tradition?”  This is a classic dilemma that Dr. Rushworth Kidder addresses in his book, How Good People Make Tough Choices.  Both choices are have merit and could be considered correct.  I think this one falls into the category of the “trilema” mentioned in the book, which suggests there’s a third answer and that is to seek a balance.  So when you are faced with deciding between technology and tradition, carefully consider the facts and seek a balance.  With that thought, it’s time to take the slide rule out of my desk.  I’m sufficiently comfortable with the calculator app on my iPhone that I think that piece of tradition is no longer needed.