Richard Seltzer's
home page Publishing home
Articles
about DEC
mgmt memo
.
Volume 8, #2__________________________________________________________
February/March, 1989
Hackers,
Worms
And Information Security In An Open Environment
Digital
Grapples
With Drug Issue
Managing
Chemical
Dependency by Bruce Davidson, manager, Corporate Employee
Assistance Program
Entering
The
Systems Integration Business by Jon Caputo, manager,
Systems Integration Business
Women’s
Issues
& Opportunities: Business Implications For Digital
The
Role
Of U.S. Manufacturing
Worldwide
Advertising
Standards
Mike
Riggle
Elected IEEE Fellow
Changes
Announced
In Field Organization
Child/Dependent
Care
- Lessons Learned And Issues To Be Resolved
Digital
Quarterly
Report Broadcast Over DVN
Two recent incidents highlight the growing
importance of systems management and systems security: the arrest
of Kevin David Mitnick and the recent penetration of Digital’s
Easy- net network by a worm from nodes in GIA and New Jersey.
After a joint investigation by the Federal
Bureau of Investigation (FBI) and Digital’s Network and Corporate
Security groups, Mitnick was arrested on December 9 for allegedly
violating Title 18 U.S. Code, Computer Fraud and Abuse. He is
believed to be responsible for many of the intrusions into
Digital’s Easynet network since 1987. The affidavit filed to
support the complaints says that these intrusions by Mitnick cost
Digital more than $4 million in computer downtime, file rebuilding
and lost employee work time.
Mitnick, who has been indicted by a Federal
Grand Jury, is being held without bail and soon will be tried.
This will be the first prosecution under the 1987 Computer
Security Act — a landmark case.
Another incident, while less damaging, was far
more noticeable to the average Digital employee, who may have had
difficulty accessing the network on Monday, January 16. Someone
probably had broken into a node in a GIA country on Friday night
and inserted a program (a "worm") that proliferated itself
through the network. This program checked a file that typically
lists user names and tested to find accounts where the password is
the same as the user name. When it found such an account, it
mailed the results back to the hacker node in GIA.
Apparently, the hacker had presumed that
Digital is a five-day-a-week operation and planned to get in and
out over the weekend. He or she didn’t realize that people use our
systems 24 hours a day, seven days a week. People working on
weekends spotted unusual activity in the DECnet account and
followed up right away.
"We stopped the original connection very
quickly," says Ed Maguire, manager, Network Security. "But the
hacker was monitoring what we did and shifted his or her base of
operations to a node in New Jersey. This person may have been
sitting anywhere, such as Germany or Hong Kong or Boston — using
telecommunications lines for access.
"Once we detected this activity in the node in
New Jersey, we isolated it and redirected its mail. Then instead
of the hacker, we received all of the mail with information about
weak passwords. As a result, we shut down the point of intrusion
and fixed the weaknesses that this incident brought to light. We
reported the instances where passwords were the same as the user
name to the organizations in which these users work, and those
passwords were changed immediately.
"Using a Videotex file that deals with Security
Training and Awareness, we gave systems managers instructions on
how to prevent this worm from spreading to their nodes (at the $
prompt, type VTX DTEL). We also, in a password-protected Videotex
file, told how to stop the worm once it got started in a system.
In addition, we gave system managers a program to check their
nodes for accounts where the user name is the same as the password
so they could remedy any such weaknesses that may have been
overlooked. Meanwhile, on Saturday, Skip Morris in Educational
Services in Bedford, Mass., wrote a ‘vaccine’ program that sought
out and stopped the ‘worm.’"
By the morning of Monday, January 16, the
situation was under control and all this information had been
disseminated to the over 20,000 system managers on the network.
Some system managers elected to keep their systems down for a
while that day as an extra precaution.
"We do not know this person’s intent. We have
detected no damage to systems or data," adds Ed.
The main weakness was the simplistic passwords
that some people had chosen. "You don’t have to be a champ in
computer science to know that you shouldn’t have your user name
equal your password," Ed notes.
"Passwords are the best available security
tools for most applications," observes Jim Schweitzer, corporate
manager, Information Security. "In general, the longer the
password, the safer it is. Passwords also must not be obvious.
This means no proper names, addresses, job titles, and so forth.
"The password should be something you can
remember, but that other people are unlikely to guess. For
instance, put a non-pronounced symbol between two words
(bank$balance); or use an old address, maybe that of a friend
(1229SixthStreet); or use an old telephone number with a mnemonic
prefix (LO12924)."
"Dictionary words or names are weak passwords
because of the techniques that hackers use," adds Ed. "On Unix
based systems hackers have their favorite 400 words, and then
they’ll try their favorite 40,000, because there is no evasion
detection on Unix. They can just hammer away, using brute force
techniques. VMS software has very good evasion detection features.
However, it is important that our system managers implement
evasion detection
and other VMS security features properly. Its
always important to use strong passwords. VMS software has some
interesting features such as random passwords. In addition to
being very difficult to guess, random generated passwords prevent
password reuse. Also, intruders do not expect to see the VMS dual
passwords. We have never seen or heard of a break-in attempt
involving a dual password."
"If someone has a trivial password, that node
can become a base of attack for the rest of the network," Ed
emphasizes. "If one person is careless in managing their node or
user account security, he or she makes us all vulnerable. Our goal
is to implement a practical base line set of security controls.
These security controls are available on the EASYNET VTX infobase.
One important security control is the use of passwords on dial-up
ports. This can be implemented via server passwords or smart
modems. This will help prevent unauthorized access to our
networks."
Such incidents as these call attention to the
on-going effort to provide appropriate access while maintaining
security - so business can be transacted smoothly and
efficiently, taking full advantage of the capabilities of
networking, without compromising the company’s information assets.
"Traditionally, Digital has been a very ’open’ society," comments
Jim Schweitzer. "Free information flow and retrieval, and ready
access to just about any data is part of the Digital mystique.
"But in the modem ‘wired’ society of the 1980s
and 1990s, certain people make claims that all information is in
the public domain. Hence, if they can access it through technical
cleverness, they assert that the information is rightfully theirs.
Other groups have political causes to espouse and see the
electronic information networks as an opportunity to strike out at
whatever ‘enemies’ they perceive. Still another group consists of
computer hackers who find entertainment value in penetrating
networks and computers, and in creating mischief therein.
"This threat is becoming ever more serious as
the numbers of people with capabilities to do harm increases, and
as new international standards eliminate the barriers once set up
by different protocols and software.
"To maintain such an open network environment
probably means that an organization will suffer increasing numbers
of attacks on its resources and attempted penetrations, with
resulting interference with business, potential loss of
information, and perhaps even a temporary denial of access to
network resources. On the other hand, an increase in control
through partitioning or store-and-forward methods would mean less
open communications.
"We need to weigh the risks and the benefits,"
he concludes. "We can never afford perfect security; but we can
afford only a certain amount of insecurity."
In the U.S., changes in federal laws and
regulations as well as changes in the expectations of customers
and society in general are forcing companies to rethink their
policies related to substance abuse.
Digital in the U. S., through its Employee
Assistance Program (EAP), makes various resources available to
employees who may have a drug or alcohol problem. Digital also has
policies that cover situations when employees have performance
problems or violate the company’s expectations of appropriate
conduct. Managers are expected to focus on employee performance.
In addition, Digital has policies that deal
with employee conduct at Digital and customer work sites. The
company expects employees will conduct themselves in a safe and
healthy way. Employees who violate workplace rules are subject to
discipline, up to and including termination. Also, the use,
possession of or distribution of illegal substances on Digital
property or on a customer site could be cause for termination from
the company. And, in the U.S., employees are not permitted to use
or possess alcohol on company or customer permises.
In other words, in the U.S., Digital’s practice
and policy regarding substance abuse has been:
o No illegal drugs are allowed on Digital
property or at customer sites (U.S. Personnel Policies and
Procedures 6.24).
o If substance abuse is suspected of
contributing to a performance problem, managers should focus on
the performance issue (U.S. PP&P 6.21).
o Employees who voluntarily seek help for
chemical dependency problems are given confidential help through
EAP.
o In the event that an employee appears to be
incapacitated, managers are to work with local Digital Health
Services or occupational health resources to seek a safe and
confidential solution. Upon return to work, the employee is
required to provide an explanation and medical documentation (U.S.
PP&P 4.35)
These policies are intended to maintain a
drug-free, productive workplace, which is important for business.
"Our approach emphasizes self responsibility,"
notes Erline Belton, manager, Corporate Employee Relations.
"Digital believes employees should be responsible for their own
behavior outside of as well as within the workplace. Individual
responsibility and trust are basic values of the company. Digital
generally does not attempt to oversee what employees do on their
own time."
However, U.S. government requirements and other
outside influences are now pressuring the company to commmit to
instituting different programs to ensure a drug-free workplace.
Many such requested programs include drug testing of Digital
employees.
In the U.S., state and federal laws and
regulations, and the courts’ interpretations of
them, are in conflict. Legal protections for
individual rights clash with requirements intended to protect
public safety and reduce demand for and traffic in illegal drugs.
The provisions of some state laws and state
constitutions give individuals the right of privacy to varying
degrees and may give people with substance abuse problems the same
sort of protection as people with other kinds of handicaps. But
the federal government, (and the Departments of Defense and
Transportation, in particular) insists that under certain
circumstances drug testing is necessary for the public welfare —
for instance, to ensure that pilots and truck drivers or people
with access to classified information are not under the influence
of drugs.
"At this point, it is impossible to predict how
far federal requirements will extend into the private sector,"
notes Paul Henrion, staff attorney, Personnel Law Group. "We also
cannot predict whether, in the various legal challenges to these
laws and regulations, the courts will rule on the side of
individual rights, or will decide that public safety is an
overriding concern."
Right now, Digital is wrestling with these
issues, trying to develop policies and practices that remain
consistent with the company’s basic values and yet meet these
complex legal requirements.
The Drug-Free Workplace Act of 1988, which is
scheduled to become effective on March 18, 1989, requires that
federal contractors certify to the contracting agency that they
will provide a "drug-free workplace." Some requirements of the law
are:
o publish a drug policy statement notifying
employees that the unlawful manufacture, distribution,
dispensation, possession or use of a controlled substance in the
workplace is prohibited and explaining the consequences of
violation;
o establish a "drug-free awareness program" to
inform employees of dangers of drug use and available treatment
programs;
In addition, the Department of Defense (DoD)
now requires that a "Drug-Free Work Force" clause be added to
contracts involving access to classified information. This clause
also may be included in unclassified contracts where the DoD
contracting officer determines this is necessary. The clause
requires the contractor to institute and maintain a program that
should include: supervisory training, provisions for referral, an
employee assistance program, personnel procedures for dealing
with users of illegal drugs, and provisions for identifying
illegal drug users. It is expected that DoD will require drug
testing on a controlled and carefully monitored basis.
This clause does not apply to contracts for
commercial products unless there is access to classified
information, but it does apply to all applicable contracts for
commercial services. "Digital is working directly and through
industry associations to have all commercial products and services
excluded," says Cyndi Bloom, manager, U.S. Field Employee
Relations. "But it now looks probable that some Digital employees,
who work on contracts that require them to have government
security clearances, may have to undergo some form of drug
testing." The extent of this testing will be determined by a
number of factors, including the nature of the work the employee
performs under a specific contract, and the public health, safety
or national security risk that could result from inadequate
performance.
Similar Department of Transportation
regulations, which apply to pilots and interstate truckers, are
scheduled to go into effect in December 1989.
This complex legal situation is still in flux.
In addition to U.S. government laws and
regulations, Digital has to respond to similar pressures from a
variety of major commercial customers, including several Corporate
Accounts, who are getting very selective about who they will
allow on their premises to do work for them. Some such customers
have asked us to do drug testing of Field Service and Software
Service employees to ensure that they are "drug-free." So far, we
have, through negotiation, been able to remove such stipulations
from commercial service contracts, because of our existing
policies and practices and our clear commitment to ensure that
customers get the best possible service.
Another kind of pressure comes from communities
where Digital does business. For instance, in Greenville, S.C.,
and Colorado Springs, Colo., nearly all the major companies in the
area now do do drug testing. "In other words, we’re not just
dealing with changes in federal law and regulations, but rather
with a pervasive change in public attitude," observes Cyndi.
"Drug abuse has been elevated to the position
of a major public problem, and there is a growing expectation that
large companies should help in the overall effort to deal with
it," adds Erline. "This issue will be with us for years to come.
"As a company, we are coming to grips with the
fact that we are now so large that we are a microcosm of society,
with all of the problems of society at large. Also, as one of the
world’s major corporations, we are highly visible and subject to
public as well as government pressure. As we reformulate our
policies to respond to these new conditions, we have to find ways
to sustain our basic values."
In this case, the crossroads in decision-making
is the point where Digital must either change its policies or turn
down important government business. Digital is now trying to
determine what changes we must make and how to implement them
fairly and sensitively. All anticipated changes will be
communicated to employees through Personnel Perspectives, MGMT
MEMO, LIVE WIRE and local newsletters as
quickly as possible. In addition, in Q4, Digital plans to
distribute a Field training package to Field Personnel and then to
Field managers. Later, a Field information package is planned for
employees who deal with customers.
Dealing with an employee who has a performance
problem that may be complicated by personal problems is one of the
most difficult challenges a manager can face. For example, the
illness of chemical dependency — addiction to drugs or alcohol —
can show up at the workplace in the form of performance problems
including absenteeism and tardiness. It can lead to waste, safety
hazards, poor decision-making or disrupted employee morale.
We encourage managers and supervisors not to
try to diagnose the cause of performance problems and not to make
assumptions about people. Rather than guess at drug- or
alcohol-related causes, they need to focus on the performance,
and deal with it through normal problem-solving and
corrective-action procedures. This should be coupled with an offer
of assistance.
Today, an estimated 10-15% of the U.S.
population at large is dependent on alcohol or drugs or both. A
far greater number of people are affected indirectly because of
their closeness and interactions with the substance abuser or
chemically dependent person.
When we come to work, we all bring with us
attitudes and personality styles that relate to our families of
origin and our current family situation. Sometimes people who have
grown up in chemically dependent families, for example adult
children of alcoholics, bring to their work group and to their
environment some of the same styles they experienced growing up,
including dramatic mood swings or difficulty in finishing tasks or
setting limits or overachievement.
People affected by substance abuse need help
for themselves as well as help in intervening in their situation.
Substance abuse is a worldwide problem that,
because of differing cultural norms, each geography in Digital
deals with in its own way. In the U.S. and Canada, Employee
Assistance Programs (EAP) serve as a confidential resource for
Digital employees, their families, and retirees, and provide
assistance for a wide range of problems, including legal and
financial concerns, family problems, aging parents and emotional
distress, as well as chemical dependency.
We make EAP resources available across the U.S.
and Canada, but it is up to the employee to use them. Also,
managers can and do contact their EAP consultant directly to
discuss their concerns and their approach regarding an employee
before making a referral. Managers should suggest that employees
consider contacting the EAP when a change in work pattern or a
performance issue arises. But, under current policy, the
employee’s use of the program is always a matter of choice, not a
requirement.
EAP's role is to to help employees evaulate
whether a personal problem or issue is contributing to a
performance problem. The employee has the opportunity to speak
openly and confidentially with experienced professional
counsellors who will offer support and understanding and give
professional guidance. In cases that are identified as chemical
dependency problems, we can successfully treat the illness, which
will ultimately resolve the performance problem.
There is a real opportunity to help people
recover. From a business point of view, we’re recovering valued
"human assets" — people with training and experience, who can
perform well.
Most of these people do follow through on a a
program of recovery. About 65-75% of the people who undergo
treatment are abstinent at one year after treatment. In about
70-80% of Digital cases, the performance improvement is sustained
during 18 months of followup.
Managers should keep in mind that chemical
dependency is often a progressive illness. The problem typically
develops over a long period of time. Some people are "in training"
in their late 20s and 30s and only become dependent on a chemical
as they hit their late 30s and early 40s. Others using drugs like
cocaine show signs of dependnency in their 20s and 30s. Also,
emotional crises, which are a normal part of life, may contribute
to a person’s progression toward chemical dependency.
People often begin to abuse drugs or alcohol
unknowingly, using them to be sociable, to unwind, to reduce
stress, to sleep, to wake up, to lose weight, to be part of the
crowd, or because of peer pressure. Many people self-medicate,
using alcohol and other drugs, including over-the-counter drugs,
as a way to avoid physical pain or feelings of anxiety, worry,
tenseness, hopelessness, grief or anger.
We have been bombarded with the notion that the
way to deal with stress and pain of any type is to take a
chemical. We have become the "extra strength" generation. One or
two pills used to be enough to deal with a headache. Not anymore.
It’s bigger capsules, bigger pills, and more of them. The
implication is that if you take a little bit more, you’ll feel a
little bit better. If one dose reduces the pain, two doses or
drinks may be even better.
Another class of drugs - amphetamines,
"uppers," and cocaine - poses a particularly difficult problem for
managers. In the early stages, the person using these drugs may
make major contributions at work. These drugs make people feel and
act very powerful, with an enormous amount of energy. For
instance, many cocaine users, in the early stages of use, will act
as leaders, exhibit relentless energy, and be creative and
insightful.
Managers should be aware of their employees’
normal behavior patterns and notice sudden changes. Some people
work 50+ hours a week and have done that for years. It’s part of
their normal life style. But when someone’s performance radically
changes, when the average performer suddenly becomes a superstar,
putting enormous energy into the job, the manager should be aware
of possible disaster. It is not likely that anyone can sustain
that kind of pace forever, and on the other side of that emotional
high is a deep low. Managers love to see 130% contributions, and,
at first, may not notice the low days between the ups; in so
doing, they could fail to recognize that a crisis may be in the
making.
Managers should also be alert to instances when
people who showed signs of great potential become stagnant and
blase. These employees may never have any serious performance
problems, but they never develop into the contributors you
expected they would. In some cases, these people are chemically
dependent or are victims of chemical dependency, or have other
personal difficulties and are treading water at work while they
try to cope with problems at home.
In all such cases, the manager’s role is to
manage performance, seek input from consultants, and, if
appropriate, encourage the employee to seek assistance.
Systems integration is one of the waves of the
future in the information systems business. As computer systems
get faster and networks more complex, customers want more value,
more complete solutions from their computer vendors. We want a
share of this rapidly expanding business.
Some of our largest, most important customers
have urged us to take on an expanded role as "system integrator."
They want us to manage large, long-term, complex projects from
start to finish. These projects average around $20-25 million over
a three to five year lifetime.
We have done projects like this very
successfully in the past, bringing together the various resources
on an ad hoc basis. The Systems Integration Business (SIB) group
was chartered last summer to set up pilot programs in the U.S. and
figure out how to formalize efforts of this kind.
Our role as systems integrator is analogous to
that of a general contractor or builder in the construction
business. If you build a house yourself, you hire a subcontractor
who has the skill you need - foundation digger, bricklayer,
plumber, electrician, etc. Lots of your time is consumed
coordinating schedules for these subcontractors because you don't
need a bricklayer until you have a frame and you don't frame until
the foundation has been dug. If the weather changes and the
bricklayer can't come, that affects all of the schedules behind
it. In addition, you have to deal with a lot of different
contracts, each with different terms and conditions. Pulling the
pieces together efficiently involves a special set of skills and
experiences. You can learn as you go, but it’s a painful process.
So most people prefer to have a builder or general contractor do
that work for them.
As a supplier of computer systems, we’re a
subcontractor, like the bricklayer or the roofer. As the systems
integrator, we’re like the builder or general contractor. We bring
all the pieces together, providing total solutions to business
problems. For instance, a customer wants to make jet engines
cheaper and faster. That might translate into a need to upgrade
the way the shop floor works, including programmable controllers
and stamping machines. A computer network would be just a
component of such a solution. In the information systems business,
more often than not, our job is to integrate products from a
number of vendors into a single solution based on a Digital
framework.
Each project is assigned a program manager, who
is responsible for pulling all the pieces from Digital and others
into a single program plan that gets the business done for the
customer. The result is a highly formal and disciplined way of
approaching the business.
Our program management methodology, including
checkpoints and milestones, is based on DEC Standard 28 — the
Phase Review Process — modified for customer circumstances. We use
the same consistent, disciplined approach in Los Angeles or London
or anywhere else in the world - a common reporting system, a
common set of program phases, common exit criteria, etc. This
approach also helps program members in different parts of the
world to communicate with one another.
We bid on the total multi-year solution; thus,
the fact that Digital has a product strategy with a common
architecture is a great advantage to us as a systems integrator.
We know that tomorrow’s equipment will be compatible with today’s.
In addition, as a systems vendor, we keep abreast of new product
plans and can factor those into the solution. If we have a better,
faster machine three years from now, that can can become part of
our plan.
Customers ask, "Will you guarantee this will
solve my business problem?" In almost every case, we can. Each
contract is unique. Many include performance bonuses if we come in
ahead of schedule or the solution does the job better than
anticipated. If we come in behind schedule, some contracts have
penalties. That’s the nature of the business.
Pricing is critical. Each contract is custom
priced. Our success in this business depends on estimating the
scope and risk of the job and pricing accordingly.
Organizationally, we report into U.S. Software
Services, primarily because of the experience that they have had
in project management. But this is a cross-functional business
venture. The U.S. SIB team includes representatives from Sales and
Field Service as well as Software Services. In the U.S., we have a
pilot effort in three of the nine Areas, designed to discover how
we can best identify, sell, win and implement these programs at
the Area level in the U.S. Much of what we learn from these pilots
will be applicable across the world.
Almost all of the systems integration is found
in our largest customers — the top 200 accounts. Often we uncover
these opportunities from the relationships that we have as a
company with large customers - the Corporate Account Program, the
Executive Partners Program and Leaders Forums. Right now, we are
focusing on Digital’s five targeted industries: Discrete
Manufacturing, Process Manufacturing, Finance, Telecommunications
and Government.
It is a very complex team sale. People don’t
make $20 million decisions in a hurry. For the most part, these
are mission critical applications for our customers — the
applications that make money for them rather than count the money
that they’ve made. These are the efforts that will give them a
competitive advantage, whether they are a bank trying to figure
out how to get a 10 second edge in trading, transaction processing
or a manufacturer trying to lower the cost of production. They
have to know they are going to get the right solution at the right
time.
Moving into this business, Digital has a lot of
strength to build from, particularly in the area of customer
satisfaction and business ethics. Those qualities are valued
highly by the people with whom we would deal. Using these
strengths as a foundation and using the SIB pilot experiences to
learn and grow, Digital can position itself to take advantage of
this rapidly growing market segment* and, in the process, meet the
needs of some of our largest existing customers. That’s why the
company finds the challenge of competing in the systems
integration arena so exciting - we can enhance our customer
satisfaction levels while moving to package Digital’s resources
and capabilities to respond to a new and demanding environment. As
a result, it is easy to see why Digital regards SIB as one of the
keys to our company’s future growth.
A hundred people concerned about the role of
women at Digital gathered in Marlboro, Mass., for two days this
January to discuss their research and plan future steps. The
symposium the first
of its kind - was sponsored by Corporate EEO/AA/Valuing
Differences, with the intent of bringing together people who had
done research on the experience of women at Digital and had
initiated programs to improve the work environment. It began with
the premise that to meet its long-term business goals, Digital
must maintain a competitive edge in attracting the best people.
From the perspective of the symposium attendees, this means
Digital must improve the opportunties for women and increase their
representation at all levels.
Carol Burke, senior manager, Strategic
Relations, spoke of the need to focus on how women’s issues as
they relate to the business. "These issues are important and need
the attention of the leadership of the company, not simply because
they are women’s issues, but because they are people issues that
are impacting the business - issues such as alternative work
schedules, child care and dependent care.
"As women in business, we need to be leading
the company to a position of ‘being the best’ — with the best
products and servcies. These issues might get in the way of
Digital ‘being the best,’ and we should look at them in that
business context."
While the percentage of women at Digital in the
U.S. has remained relatively steady at about 37-38% for the last
ten years, there has been a shift in the kinds of jobs women
perform, noted Jay Palermo, Research & Development manager,
Corporate EEO/AA/Valuing Difference. Changes in manufacturing
methods have reduced the number of hourly jobs that tend to be
filled by women, but meanwhile the number of women in professional
and managerial positions has increased.
Mary Couming, senior Manufacturing manager,
U.S. Area Manufacturing, reported on research she did as part of a
master’s degree program in Management of Technology at the
Massachusetts Institute of Technology. She interviewed men and
women in senior line positions at Digital, asking them to tell
about the personal and external barriers to advancement they
perceived. Mary described their common experiences and the unique
experiences of women in terms of the "glass ceiling" — the set of
invisible barriers that one faces when moving up in an
organization." Mary concluded that diversity of gender and culture
will become more prevalent in the workplace in the next 10-15
years and business success will depend on making full use of all
human resources. "The successful competitors in our industry will
be the ones who optimize all their resources: technologies, market
resources, financial resources and human resources."
Donna Taylor, MEM AA/Valuing Differences
Manager, reported on the results of an internal study of the
contributors and barriers to women reaching upper level positions
in Digital. She noted that for women and men in Digital the word
"power" means the ability to get things done and have influence.
But twice as many men as women add "control, authority and
position" to their definition of power. She found that men and
women viewed the barriers to their success quite differently, with
an overwhelming number of the women believing there were factors
specific to women that impeded their success: from managers not
being comfortable with women to pervasive stereotypes about women.
She discussed national studies on the differing
attitudes of men and women toward their successes and failures and
potential impact at Digital. Data was also presented on the
differing imput of mentors to men and women. She raised a number
of questions that emerged from the study: "If men and women view
the Digital environment and the road to success so differently,
are women trying to be successful in a culture they don’t truly
understand?" Finally, she observed that different perceptions
could be part of the problem, "What we perceive is what we think
is real and that dictates our actions."
"Being a woman in business is sometimes like
living in another culture and constantly having to translate,"
observed Maureen Harvey, Personnel manager, Open Software/Software
Business. She reported on the results of the Stone Center Task
Force, which was created to put into practice the new theoretical
understanding of women’s psychological development that has been
developed at the Stone Center at Wellesley College. With the
endorsement of Bill Heffner, then vice president, Systems Software
Group (SSG), and his staff, the Task Force used this perspective
to examine the environment for women in SSG and to make
recommendations to management. The Stone Center emphasizes the
importance of trusting one’s ability to build relationships in
which both people feel heard and valued. These qualities are
essential for women’s sense of worth and empowerment. The Task
Force consisted of women who represented each of the ten
organizations in the Systems Software Group.
"There are a lot of women in software
engineering, and we need to create conditions that will maximize
their potential," explained Maureen. "The current environment does
not use some of women’s potential strengths and operating styles.
I believe this results in increased stress that leads to reduced
productivity, turnover and burnout — some of the things that we
characterize as performance problems. Its more subtle effects are
lack of enthusiasm and commitment.
"In Affirmative Action, we have emphasized the
numbers, getting people in. As we’re bringing diverse people into
the work environment, we also need to ask ‘Are we bringing them in
just to make them like everybody else? Or do we bring them in to
use the diversity to enrich the environment?’
"Digital’s success in business is, in part,
dependent upon people’s ability to understand each other and work
collaboratively to achieve results. The paradox is that those
strenths are more developed in women, but are not strengths which
are typically recognized or rewarded," she concluded.
Based on their findings, the Task Force members
submitted a set of recommendations to Bill Heffner in June 1988.
The recommendations responded to recurrent themes that the task
force encountered in its study of women in SSG: basic comfort,
safety, and trust; perceived differential treatment of men and
women; and the often undervalued skills that women frequently
bring to their work. Recommendations targeted management and
Personnel activities in support of improving the work environment.
The recommendations were endorsed by Bill
Heffner and a full-time project leader was hired, who reports to
Kurt Friedrich, group Engineering manager, Systems Software
Engineering and Manufacturing. She will manage the implementation
of these recommendations across the three new software businesses
which include Bill Heffner’s OS/SB group and Bill Keating’s SDT
group.
"Women are here in significant numbers, and
have been for some years," noted Erline Belton, manager,
Corporate Employee Relations. "But we need to do more development
so women can take upper level jobs. Let’s acknowledge the need for
cross-functional, not just individual efforts. Let’s look at the
whole," she advised.
Other speakers discussed the work of other
internal women’s leadership groups, such as the Women’s Advisory
Committee, which played an important role in planning this
symposium.
In breakout sessions, the symposium
participants formulated dozens of recommendations, such as: "count
hours not heads" (eliminating a barrier to flexible and
alternative work schedules); change policies and benefits to
reflect and value the diversity of employee needs; publicize
success stories relating to part-time, job sharing and flexible
work schedules; and publicize to managers the human cost of
recruitment, training and attrition.
At the end of the symposium, Alan Zimmerle,
manager, Corporate EEO/AA/Valuing Differences outlined some of the
next steps: prioritize recommendations, share symposium results
with senior managers, focus on upward mobility and opportunities
for people of difference and women in the workplace, and reconvene
the group in a year to discuss what has changed. He also
emphasized the need to build on the excellent work that has been
done in many organizations.
Channels
Marketing Positions Digital As A Leader In Global Markets
by Jack MacKeen, vice
president, Corporate Channels Marketing
Digital formed its first relationships with
Original Equipment Manufacturers (OEMs) in the early 1960s and
quickly learned the value of third parties as providers of
solutions for customers. Today Digital uses a broad range of
channels, including OEMs, to provide the best solutions to all
market segments and accounts. The term we now use for all these
third parties is Complementary Solutions Organizations (CSOs).
CSOs complement and extend Digital’s
capabilities. Recognizing this, Digital provides them with the
richest set of support programs of any computer vendor, with
diverse new products, and with an operating philosophy that
underscores their importance.
Other computer vendors develop "arms length"
relationships with their third parties through a "vendor-centered"
style of channels management. They are mainly interested in using
channels to meet short-term needs in sales of specific products in
specific geographic areas to attain specific volume levels.
With 30 years of experience in channels
management, Digital is different. We use a "total organizational
style" of management, positioning CSOs as an extension of
Digital’s solutions offerings and sales force. This approach is
based on long-term mutual profitability and commitment and a
common focus on end-user customer needs. Digital and CSOs strive
to act as one entity in meeting customer needs.
Our "All Channels
Strategy" is the framework for how we sell with and through
channels. The strategy focuses on how users want to buy, be
serviced, have their problems solved, manage costs and be
educated. We believe that with this focus, over time, we will pull
users to the Digital platform where, directly and through our
CSOs, they will find the best solutions to satisfy their needs.
This strategy recognizes the importance of CSOs
to the growth of our business. Customer demand for application
products, expertise and services is broader than we can develop
alone. CSOs help us extend our portfolio of solutions to address
the very diverse needs of our customers. They allow us to expand
into additional markets, to penetrate various geographies,
industry areas and account sizes.
Digital decides when to sell a solution
directly or to offer a CSO solution. Our objective is to identify
the best solution to solve the customer’s problem, independent of
its source, and to market the product in an efficient manner. We
recognize the CSOs investments and reward our sales people for
introducing and selling the products of CSOs as well as Digital
products.
We share the responsibilities with our CSOs to
better understand what customers need and how they want to buy. We
mutually recognize the need to improve customer satisfaction as
well as anticipate and plan for changes in the marketplace. The
relationship with our CSOs is based on the value contributed by
each party and is strengthened by joint planning and open
communication. When we do compete with our CSOs, we do so openly
and fairly; and the strength of our relationship allows us to
understand each other and overcome occasional conflicts.
For consistency and predictability in our
channels strategy and management, Digital has organized to provide
both a worldwide and a geographic focus. The role of the Corporate
Channels Marketing Group is to lead Digital in the development and
management of worldwide channels relationships, to develop the
overall strategy and to provide business practices and program
designs (templates) that can be adopted or adapted to local needs.
The geographies sharpen the business focus, deciding on the local
sales strategy and program implementation plan, and how the
Digital and CSO sales forces work together in line with the
worldwide strategy.
But what about the future? Our channels
strategy is designed to prepare Digital for the challenges of the
1990s and the globalization of world markets. For example, in
Europe, by 1992 the Common Market plans to eliminate tariffs,
customs delays, barriers to mergers and acquisitions and
government favoritism. European companies will be taking a
Europewide rather than a country-by-country approach to doing
business. That means more opportunities and more competition for
Digital. The worldwide focus of Corporate Channels Marketing will
help us find the best strategic fit for our products and our
third-party solutions.
We’re not just preparing for the 1990s, we’re
influencing and shaping the policies that will affect
international business practices. The competition that we
anticipate in the future is encouraging us to plan and prepare to
compete today, by developing the strategic relationships and
distribution capabilities that will enable us to be a leader in
global markets.
Last summer, Lou Gaviglia was appointed vice
president, U.S. Manufacturing, reporting to Bill Hanson, vice
president, Manufacturing Operations. In a recent interview, Lou
explained the purpose and direction of the new organization:
"My position is comparable to that of Dick
Esten, vice president, European Manufacturing, and Ed McDonough,
vice president, GIA Manufacturing. We report to Bill Hanson, but
each of us has a link to the Area team leader for our respective
geographies — in my case to Dave Grainger, vice president, U.S.
Sales and Services. Not only are reporting relationships similar,
but the work of the organizations is similar. We are actively
working together to make our organizations more effective and
efficient.
"This organization, working closely with its
counterparts, will allow us to give more of a worldwide focus to
product investments and engineering development. Some products
should be sourced elsewhere in the world or funded elsewhere in
the world. Ed, Dick and I are working together to determine how
best to use our resources — to decide what needs to be done where
in support of the business goals."
"While focusing on the support/staff work that
will make up U.S. Manufacturing, we are also spending a
considerable amount of time on the plants’ charters. The roles and
responsibilities of the plants in the U.S. are increasing as we
focus on their ability to be profitable, improve quality, improve
customer satisfaction, have more flexibility, and improve cycle
times. We are thinking in terms of long-term product strategy,
with plants having long-term product alignments and long-term
alliances with Engineering groups.
"This is an aggressive and intense time for us,
but I know we have the right resources and commitment to meet our
objectives."
Lou joined Digital in 1967. He has held several
key positions throughout Manufacturing, most recently as vice
president, Computer Systems Manufacturing.
In this position, Lou is a member of the U.S.
Management Committee, in addition to being a member of the
Corporate Manufacturing staff. He makes and executes supply
commitments on behalf of U.S. Manufacturing resources. He places
particular emphasis on reducing manufacturing costs as a percent
of the total U.S. systems business revenue and on improving
customer satisfaction. An important part of this effort will be
the development of a more integrated U.S. supply-and-demand plan
that more accurately reflects market opportunities for Digital in
each product segment.
To project a consistent image for Digital while
encouraging cultural differences, Corporate Advertising has
worked with Digital representatives from Europe, GIA, and the
U.S., and major advertising agencies around the world, to develop
and implement advertising standards and guidelines globally.
Through these standards, Digital can now
present a reinforcing image across all boundaries and at the same
time offer each country or area the flexibility to develop ads
that they feel will reach their particular audiences.
"In Europe, it is important to have ads that,
despite language barriers, have a consistent format and message so
that customers can get a clear picture of Digital," explains Toni
Mansali, manager, European Advertising and Sales Promotion.
"Consistent advertisements will help solidify
Digital’s image as a global company," says Henry Heisler, manager,
Corporate Advertising. "Digital must have an identity that will be
more readily recognized in newspapers, magazines, and other media
by customers, employees, vendors and the general public around
the world."
The guidelines for ads include the use of
larger photos, a single typeface that is available worldwide, the
Digital logo underlined on the upper right hand side, followed by
advertising copy that runs on that same side. Ads also may utilize
the quotes of customers, which would be positioned between the
advertising copy and the photo.
Digital will continue to use the "Digital Has
It Now" as a common "tag line" or slogan for the company, but will
phase out the older ads that run with the same tag line in the
U.S., and the "Imagine" ads in Europe.
Peter Jancourtz, manager, Corporate Marketing
Communications, comments, "The new ads will simply share the
benefits of Digital, its products and people, by highlighting what
our products do for customers. The ads will be used to communicate
marketing, recruitment and corporate messages."
The four types of ads that will utilize these
guidelines are: quality/image community involvement,
issues/criteria, testimonials and product/service announcement
support.
Mike Riggle, senior corporate consultant, has
been elected a Fellow of the Institute of Electrical and
Electronics Engineers (IEEE). Mike was honored for his
contributions in storage architecture, advanced error control and
correction, and leadership in the design and development of
high-density magnetic storage products. The grade of "Fellow"
recognizes "unusual distinction" in the profession. It is
conferred only by invitation of the IEEE Board of Directors.
Mike and his team have been responsible for
much of the development of the advanced technology and
architecture base for Digital’s magnetic disk, tape, floppy
products and DSA subsystem products. They also did advanced
product development for the RA80 series of disk drives, RC25 disk
drive, UDA50 disk controller, HSC50 disk/tape cluster controller,
and RRD50 optical disk drive.
Mike joined Digital in 1976. He has been
responsible for Storage Advanced Development and Architecture,
where he has concentrated on magnetic memories and storage
subsystems, including data base systems. He became senior
corporate consultant in 1985. Before coming to Digital, Mike was
director of engineering for Storage Technology Corp, and was
general manager of hardware engineering for Control Data Corp.
Several changes have been announced in the
Field organization. Dave Grainger has been named vice president,
U.S. Sales and Services, reporting to Jack Shields, senior vice
president. Don Zereski has been named vice president, Field
Service, also reporting to Jack. Rich Nortz has been named U.S.
Field Service vice president, reporting to both Dave and Don.
In his new position, Dave is responsible for
the achievement of the financial and customer satisfaction goals
within the United States.
Said Jack, "To further the significant growth
and customer acceptance of Digital, it is critical that we
continue to improve integration across the functions. Dave will
ensure that this integration simplifies our ability to deal with
each other and with customers and achieves our profitability
goals."
The U.S. Management Team will report to Dave,
in addition to their respective functional reporting
relationships.
Dave has been with Digital since 1969, and
became a vice president in 1984. He has been regional manager,
Northern Europe; regional manager, Mid-Atlantic States; and U.S.
Field Service manager. Most recently, he was vice president, Field
Service. Dave is a graduate of Eastern Ontario Institute of
Technology in Ottawa and the Harvard Business School Program for
Management Development.
Don Zereski will be responsible for managing
the worldwide Field Service organization. He joined Digital in
1962 and became a vice president in 1986. He served as manager of
U.S. Field Service and Field Service Europe. Prior to that, he
spent 10 years as manager, GIA Field Service, managing numerous
subsidiary field service start-up operations while directing this
international field service organization. From 1968 to 1974, Don
was responsible for Digital’s worldwide mid-range systems
support. He has completed the Program for Management Development
at Harvard Business School and the School of Industrial Management
at Worcester Polytechnic Institute.
Rich Nortz will be responsible for total Field
Service business in the United States. He joined Digital in 1973
as a Field engineer. He held several management positions in Field
Service before being appointed U.S. Field Service Business Support
group manager in 1985. Most recently, he was vice president, Field
Service Corporate Accounts. Rich is a graduate of the University
of Pittsburgh Management Program for Executives.
Bob Carty has been appointed manager of the
Events Center for Expertise, reporting to Ed Kamins, Corporate
Communications manager. In this role, Bob will lead the Corporate
Events Team and develop an integrated events plan, including a
long-range strategy for DECWORLD. BobwastheU.S. DECWORLD manager
for DECWORLD ’88 and prior to that, the Stategic Programs manager
for Networks and Communications Marketing. He has been with
Digital for nine years.
Tom McEachlin has been named group controller,
GIA Manufacturing and Engineering, reporting to Ed McDonough,
vice president, GIA Manufacturing Operations. Tom has been with
Digital for two years. He was previously the GIA group FP&A
manager, responsible for providing finance support to GIA
Manufacturing managers. Prior to joining Digital, he spent 11
years at Xerox Corp., most recently as controller, Materials
Management Group.
Today in the U.S., women represent nearly 40%
of Digital’s workforce. Many face the difficult task of juggling
work and family responsibilities. Support that helps them deal
with family responsibilities can help them perform to their full
potential at work. Also, with increasing numbers of women entering
the workforce, support programs such as child care are becoming
increasingly important to attract the best new talent — whether
male or female.
Digital's Child Care Resource and Referral
Program, started in January 1988, is a first step in that
direction. It has provided data about the child care needs of
employees, the acute shortage of child care openings at various
sites, and the kinds of additional programs that employees would
value.
"Given the acute child care shortage in so many
communities, if more women with young children are going to be
able to come back to work, resource and referral is obviously only
going to be one component of the support they need. Alone, it
simply isn’t enough. So we are actively investigating what else
Digital might be able to do to help," explains Laurie Margolies,
manager, Corporate Employee Relations Programs.
"Over the first nine months of the Resource and
Referral Program, about 2000 families used it. That’s about 2.5%
of U.S. employees between age 25 and 50 - a good usage level for a
program of this kind," notes Erica Fox, Child Care Program
manager.
About half of all users were looking for care
for children under one year of age. Almost three-quarters of all
the requests we received were for children under three. The vast
majority of those who have used this service (84%) have asked for
care for just one child.
"It is very likely that mothers with two, three
or more children are less common in the Digital workforce,
presumably because of the high cost and logistic complexity of
finding satisfactory care for more than one child," says Erica.
While the service is available for children
from infant to age 15, there were very few requests for children
aged nine to 15. "One reason for this may be that parents do not
believe a ‘child care’ service will have appropriate programs for
children in this age group," says Erica. "In fact, there is a
severe shortage of school-aged programs across the country. Many
children in this age group are left to care for themselves or
check in with neighbors and relatives."
The service, run for Digital by Work/Family
Directions, Inc., and its agencies, operates on a case-by-case
basis. The counsellor works with a parent until a satisfactory
outcome occurs, providing first three referrals and then more, if
necessary.
Sixty percent of Digital users reported
significant problems in their child care search. Fifteen percent
of all people who contacted the service ultimately decided not to
seek
child care, many because they couldn’t find an
acceptable arrangement. The three main problems reported were:
supply and availability for the age of child that they had, cost
of care, and quality.
One of the functions of Work/Family Directions
and its network of resource and referral agencies is to develop
and enhance the supplies of child care in communities that have
shortages. For example, in Southern New Hampshire the supply was
not adequate to absorb projected employee demand. So they
conducted an intensive recruitment campaign. The recruitment drive
helped bring about a 41% increase in applications for licenses as
family daycare providers in that area. These people will care for
children in their home, the kind of setting that the vast majority
of parents who have children under the age of three prefer.
"Despite some progress, efforts like that in
New Hampshire are relatively insignificant compared to the large
and growing shortages. The gap between demand for and availability
of care is likely to widen as more children are being bom (the
under six population is increasing for the first time in several
decades) and more mothers enter the workforce during their child’s
first year," observes Erica. "At the same time, the number of
18-24 year olds is shrinking, causing shortages especially in
early childhood education. Digital employees are experiencing
first hand the national child care shortage. Locating quality,
affordable child care is a key cause of employee stress.
"We’re also looking at a consortium model
where, with a community agency functioning as the organizer,
businesses and the public sector pool resources. There’s a very
successful consortium of that kind in Charlotte, North Carolina,
in which 20 companies are involved. Through their efforts about
150 new child care jobs and about 1000 child care spaces were
created in the Charlotte area over two to three years.
"We are actively investigating the issues of
on-site and near-site child care," notes Erica. "And we are trying
to determine how Digital can participate in current government
efforts to impact child care legislation and funding.
"The solution will be multi-faceted — not just
information and referral or on-site or near-site child care or tax
breaks for child care from the government. It’s a complex problem
and families are different. We intend to help provide a variety of
choices.
"The Resource and Referral Program is a good
research tool," adds Laurie. "People who really need child care
are the ones who respond; so we aren’t just getting people’s
general opinions and wishful thinking. These are people with a
real need. They obviously don’t represent all of our employees who
are looking for child care, because not everybody has used the
service; but it is a first step. And the strategies that we
develop from this effort should eventually include not just child
care, but other forms of dependent care as well, such as care for
the elderly."
A pilot television program, broadcast over the
Digital Video Network on February 3, 1989, provided information
about key business and employee relations issues. Sponsored by
Corporate Employee Communication, "Digital Quarterly Report" also
gave employees an opportunity to see and hear some of the people
who are managing those issues for the Company.
In the business update section of the program,
Ken Olsen, president, gave an overview of Digital’s computer
products and how they fit into the product strategy. He also gave
his perspective on Digital’s Q2 financial performance, "When the
U.S. computer market collapsed after the stock market collapse in
October 1987, we told people we were investing in the future. We
had a line of products that were exciting and we were not going to
slow down development or cut investments. When investors saw the
products come out, the sales increase and the expenses down, they
believed us."
Dom LaCava, vice president, Low End Systems,
provided an overview of Digital’s desktop strategy and the
importance of the desktop market. "If you take a look out at
1991," Dom explained, "40% of worldwide revenues are going to be
in the desktop and its associated products. That’s almost $60
billion in revenue." Dom went on to explain that January’s desktop
product announcement could put Digital in a position to be the
leading supplier of desktop solutions.
Erline Belton, manager, Corporate Employee
Relations, and Paul Henrion, attorney, Personnel Law Group,
discussed the steps the company is taking to comply with new
federal substance abuse regulations that will take effect
beginning in March. (See related article pp. 4 in this issue.)
Peter Hawker, manager, Corporate Benefits, and Kathleen Angel,
manager, Health & Welfare Benefits Planning, discussed new
options in the medical benefits program resulting from soaring
medical costs. (Employees have received enrollment information and
must make their choices by March 24).