Category: Observations

Posted on

A Valuable Case Study of a Ransomware Attack on a Credit Union

This morning’s news started with the report of a ransomware attack on the country’s second largest school system in Los Angeles.

The warnings or reports of cyber security threats occur daily.   However, until reading the article below I had not seen an actual account of responding when this happens in a credit union.

The case study appeared  in CUSO Magazine.  It was written by Matt Sawtell, VP of Managed Technology Sales at CU*Answers who had first-hand experience with the event.

Facts are given and lessons learned.  I would urge anyone in this area of responsibility to read this account.

The Anatomy of a Ransomware Incident (And What We Learned)

Following a trend that has been developing over the last ten years, cybersecurity is a topic that is no longer reserved for the dimly lit, garden-level, IT-dwelling teams to consider. It is a topic that is on the minds of those in the boardroom.

As events have garnered ever more concerning headlines, from the Colonial Pipeline incident, which was settled for around $5M in Bitcoin, to the various Microsoft incidents, to the cypto.com hack which saw thieves lift approximately $33M from over 500 user wallets back in January, it’s hard to imagine that no credit union has been affected by an incident in the last few years.

The target that financial institutions have on them is especially large. The attackers believe FIs have the dollars to pay and they possess sensitive member information, which has its own value and adds leverage to a potential payout.

In the last year, we have had the experience of participating in the response to one of these attacks on a credit union. The experience reaffirmed the importance of solid cybersecurity plans and operations as essential, and we gathered some takeaways for others as we worked through the event.

The event unfolds

Friday afternoon, nearly the close of business, our support team received a call from a credit union asking some questions about why their access to data on the network wasn’t working. We followed our normal troubleshooting and escalation protocols. Shortly after digging into this troubleshooting, the bad actor reached out to the credit union to say they had exfiltrated member information out of the credit union and communicated the ransom. Our team escalated this to management, who then advised the credit union to shut down systems and to contact their cybersecurity insurer to begin assisting with the incident.

Cybersecurity insurance is crucial

You have cybersecurity insurance, right? Believe it or not, we have run into organizations recently that do not. We view this as very important coverage, not just because of the financial aspects but also the incident response and forensic and legal resources these insurers can bring to bear in order to minimize the impact of an incident like this.

In this instance the response was swift—a forensic team and case manager were assigned from a firm that specializes in that work. They would quarterback the incident from here through the end. The lead had extensive experience working for a federal agency responding to just these kinds of incidents.

Be diligent, there is a pattern of timing with these events. If you look at the recent rash of events, it seems like the news often breaks on a Friday afternoon, weekend overnight, or before a major holiday. The bad guys know they may have a better go of it when we may have relaxed our guard a bit.

The mitigation work begins

From the initial contact Friday, the case manager was working with multiple parties and coordinating that work on daily (sometimes multiple) calls with all involved. The groups included the forensic team, legal team, negotiator, cybersecurity firm, our CUSO, and the credit union.

We were tasked with a few things at the start, such as determining if we had good backup copies offsite and getting the credit union an alternative way to do some of the daily processing and member work that was needed while the network was shut down. Thankfully, the online and mobile banking systems and audio response were unaffected by this outage so members could still do many of the transactions they needed.

The forensic team was digging in and looking for indicators of compromise (IOCs) as well as any information that might point to a known group of bad actors that pulled off the attack. They used tools, requested hard drives be pulled out of equipment and sent for inspection, and on a daily basis made progress in unraveling the who, when, and how details.

The negotiator was busy interacting with the bad actor and working to negotiate down the initial $5M ransom request. This if nothing else would buy time to decide what the options were over the coming days. The updates from this individual made the whole event seem like a spy movie as much as a cyber incident.

The cybersecurity company utilized tools to start monitoring behavior on the network, process and traffic analysis, and ingress and egress.

The credit union had closed itself to the membership for over a week following the start that Friday. They were present for every call and update, and ultimately made decisions on how all parties would proceed with the work they were doing. In the meantime, they also needed to figure out how to communicate with their members, regulators, law enforcement, and other stakeholders.

Do not overlook a communication strategy

Communication is key. When you have an incident, it is a stressful time. We have all witnessed companies that do a good job of communication and manage the incident well and we have also seen those who… leave room for improvement.

Take for instance the Colonial Pipeline incident. If you lived in the DC/Maryland/Virginia area during this incident, you witnessed panic fuel buying almost overnight. Communication between the pipeline company and the government was not forthcoming where it could have been to calm and inform the public.

On the other side of that are incidents like the Kaseya zero-day from 2021, where the CEO was out in front with regular updates, clients were informed and given IOCs before they were in the news, and the credit union provided transparency and clarity about what to do next.

As a financial institution, one thing to consider is having your incident response strategy and even sample messaging ready to go in advance. Have it cleared through your legal team, management team, and board; keep them in the know on the details and approach. Most importantly, understand that in some cases sharing too little, too much, or speculating publicly can do more harm than good.

You can take this a step further even by conducting tabletop exercises where your team will role-play out various scenarios in order to prepare. Finding someone with experience is a great way to guide the conversation and get the most out of one of these exercises.

Backups and the ensuing recovery

The forensic team started to make headway with their analysis. IOCs were found and pointed back to a foreign group that specialized in gaining access to business networks in the west. They could not tell when that original compromise had happened, but the method they used was sophisticated and had been found at other companies that had similar intrusions.

One of the most interesting things they found was that the state-sponsored group had likely sold access to the credit union network to another, likely an organized crime group that specialized in ransomware. This approach we are told is more common these days as the groups then specialize in their respective areas.

In the meantime, we had validated that offsite backups were not contaminated and could be used to help rebuild the credit union network. The cybersecurity firm had a standard process to create a new, separate, air-gapped network and slowly move machines from the dirty network to the clean one after they had been sanitized. This was painstaking work and took many days to complete. We worked very closely with them and at their direction to ensure the details were followed for each system.

While this was happening, the negotiator continued to haggle with the bad actors over the dollar amount requested. The bad actors had also given proof that they were able to exfiltrate member information, including an AIRES file, from the credit union and were prepared to sell that information on the dark web if their demands were not met. This is a newer tactic to add leverage in the hope of getting a payout.

The credit union was closed for this week while all tech was sanitized. Given they had good backups, and there was no guarantee the bad actors would return the exfiltrated member data, they decided not to pay the ransom, which at this point had been negotiated down to approximately $2.5M. The members who wanted to do in-branch transactions were starting to get frustrated, so re-opening as soon as was safely possible was the highest priority.

A more common and costly occurrence 

Ransomware events of several years ago were not nearly as sophisticated or as costly as they had become. Ransomware events were often slow to propagate the network, easy to detect if they had already been in the wild by traditional endpoint security software and the ransoms were in the tens of thousands, not millions of dollars.

The involvement of both states sponsored and organized criminal groups point to how effective a revenue generator this has become for groups that are sheltered in countries that either directly support or turn a blind eye to their activities. Think about the number of companies you have read about that publicly disclose this because they must…then think about the many multiples more that do not.

The end of an incident

Thankfully, this incident had as good an outcome as could be expected. The following week the credit union reopened its doors to members. The credit union retained most of their members, for whom they were providing credit monitoring for the next year. They opted to retain the cybersecurity firm to supplement their efforts after the incident concluded. The remediation and recovery was an effort that required over 1,000 hours of work from multiple teams. Our Network Security team had over 400 hours in the recovery alone.

What are the key takeaways for your institution?

  • Have a solid plan. It is best to prepare in advance and avoid trying to come up with a response in the stress of the moment. Prepare communications, understand and have contact information for the key players on your incident response team, and make sure everyone knows their roles and responsibilities.
  • Understand the technology and security you have. It is difficult to assess cybersecurity risks and gaps if you do not understand both what your team is doing, what your third parties and partners are doing, and what they are not doing. Make sure you have gone through a detailed assessment of this and that you are comfortable with the residual risk based on your approach.
  • Align with the right partners. Consider seeking out specialized partners for things like 24×7 monitoring through a security operations center or a managed detection and response service. Make sure your insurance coverage is appropriate for your organization.
  • Test, prepare, and practice. People are key in cybersecurity effectiveness and incident response. Make sure you’re training your team on the threats out there, how to use tech safely within the organization and to report suspected incidents as soon as possible. Conduct tabletop incident response scenarios to practice what an event might look like with your team.

 

 

Posted on

Eye Trouble

Since August 1, I have been visually impaired in my reading eye.   I have mono-vision so this means I cannot read, type or the normal close vision functions.

Had surgery last Wednesday which will take a couple of weeks to evaluate.

In meantime will produce limited, if any, posts.

Intend to get back in the saddle as soon as circumstances allow.

Posted on

Deification: The Eighth Wonder of the Cooperative World

(by Jim Blaine)

Must be the high season for letters of recommendation – those succinct summaries of superlatives for men and women of distinction.  This time around the injured party is Maurice Ravelle Smith. The pantheon of choice: The Cooperative Hall of Fame sponsored by the National Cooperative Business Association (NCBA) and its’ international arm, the Cooperative League of the USA (CLUSA).

For those not in the know, NCBA/CLUSA is the 106 year-old trade/advocacy organization for all forms of cooperatives – producer, consumer, worker, purchasing, service, and social cooperatives, including credit unions. At heart the members of NCBA/CLUSA are an eccentric, motley crew of die-hard idealists, with an organizational vision “to build a better world and a more inclusive economy”. Well, they certainly have their work cut out for them!

As you might imagine, NCBA/CLUSA does not accept any run-of-the-mill folks into the Cooperative Hall of Fame. Leaders of the usual sort need not apply, something more is expected – statesmanship, lasting achievement, cooperative advancement, distinct recognition. Exceptional leadership is the standard – the real thing.

“Deifying” the Movement

Maurice Smith is the real thing. While Mr. Smith’s service as CEO of Local Government Federal Credit Union – and in numerous leadership roles at CUNA, Co-op Bank and on the boards of his local university, hospital and church – is remarkable; what is exceptional about Mr. Smith is his success in “deifying” the credit union movement. The Bible has its “Ten Commandments” and until recently the credit union movement had its “Seven Cooperative Principles”. Now it has eight! The fault lies with Mr. Smith.

The eighth cooperative principle for credit unions is: “Diversity, Equity, and Inclusion” (DEI) – a disruptive idea fraught with complex challenges in a world stubbornly fractured by loyalties to clan, tribe, sect, nation, class, and heritage. Suspicion is often the norm. Is this an opportunity or a problem?  Fresh or “woke”?

The path forward, off-road, but on track, is awkward, tense, and uncertain – a tight wire perhaps, without safety net. Who in his right mind would lead us purposefully out over the abyss? Only a man of conscience, a noble and courageous leader, with a strong sense of justice. DEI will definitely challenge most of us, challenge us to cooperate, challenge us to change.

Tack and Tact

One sailing against the prevailing wind must tack, a leader fomenting change must have tact. Always courteous, considerate, and polite, Maurice Smith was able to achieve this revolutionary credit union change without uprising or revolt, because he is trusted by his peers and respected by all for his integrity.

Life is not the way it is supposed to be, it’s the way it is.  Just take a look around. The way you chose to deal with life and people makes all the difference.

It’s unfortunate   our best path forward at this time is DEI. Too bad we can’t simply honor and accept each other for who we are. But at least in the short run, DEI will force us to focus on our differences, in hopes that in the long run we will recognize we aren’t.

You have noticed that all those different colored M&M’s all taste the same, haven’t you?  Perhaps in the future, the eighth cooperative principle will become “dignity, equanimity and intelligence”, which are higher human standards and an apt description of Maurice Ravelle Smith!

Maurice Smith grew up in Southport, North Carolina. I have known him for over 40 years as a colleague and friend. He is a model of good manners. His mother – he still calls her daily! – and his father reared him to honor his roots and to always sow seeds for the future. The success of their lessons is apparent. Maurice Smith is an exceptional human being – the real thing.

Mr. Smith, through his DEI-fication of credit unions, has sowed the seeds for the continued success of our cooperative movement…let’s hope it is a bountiful crop!

And it will be, if you and I cooperate…

 

Posted on

Returning to the Office for Naked Fridays

(from Jim Blaine)

(“Last blush”… for an old favorite!)
 

Let’s go forward courageously; and forthrightly deal with the most important issue confronting the Credit Union Movement. No, it’s not taxation, the banks, CFPB, nor the NCUA. Our most pressing challenge is “dress down Fridays” or “business casual” if you prefer.

Business-casual – actually “business sloppy” is a good bit more descriptive – has become a fashionable idea in some credit union circles. Many progressive Boards and managers, who support the wind whichever way it blows, have adopted this new benchmark for professional attire. The “new look”fits well on the revisionists’  list of “new age” credit union principles – few, of which, are worth dying for.

Proponents assert that the new dress standards create a more relaxed work environment; make employees feel more comfortable; boost morale; and are strongly supported by the membership. Yeah, un-huh! I guess the best that can be said for this type of slender logic is that it’s only mildly “robust”!

It truly comes as a surprise to some of us that we are supposed to feel all “cozy and comfy” at work and should treat our duties in a relaxed, casual manner.

Maybe we have misunderstood all along the realities of the modern workplace.  We really must have things backwards!  False Assumption Number One must be the belief that “our” job actually belongs to the credit union – and its membership. False Assumption Number Two must be the belief that we are employed and paid to do what is necessary and required, not what’s convenient and comfortable. False Assumption Number Three must be that we are engaged in an extremely competitive, take no prisoners service business. And, False Assumption Number Four must be that our members expect, and are demanding, more from us – not less.

Old Fogey! Old Fogey! I can hear you crowing all the way from here! But, let’s compromise. If dressing down is truly good for the Credit Union Movement, let’s really go for it! Let’s take it to the limit with the ultimate Dress Down Day – Naked Fridays! It could work wonders with the membership! For example, Naked Fridays will definitely build member traffic; grousing about long lines will decline; and no one will ever again notice if a teller fails to smile.

This idea was broached recently with our staff.

Their reaction broke down into two distinct groups: those who were indignant and those who were very indignant! There were some surprises, however, among the actual responses. Older employees, figuring they had more to gain than lose, unanimously supported the proposal. Female employees were particularly difficult to convince. They did not object, in general, to the concept; but argued forcefully for a pay differential since they felt they added greater value. Equally disruptive, the female staff adamantly refused to pledge not to giggle around their male co-workers!

One previously ardent advocate for “business sloppy” became particularly incensed when she was asked how she would feel about coming to work on Fridays naked. It was an innocent enough question; but she became enraged; started yelling wildly; and pointed her finger decisively at me. I won’t tell you what she said, nor which finger she was pointing; let’s just say it wasn’t very pretty!“Communications” around the Credit Union were, at least, “really good” for a week or so…

Although a final decision has not been made, we probably will not go forward with the “Naked Friday” idea. There are just too many unresolved questions. Y’know the devil is always in the details. For example, would it be appropriate to ask or comment about a co-worker’s previously unrevealed tattoos?  Does failure to look a co-worker in the eye constitute sexual harassment? Should items dropped on the floor be picked up? It all just gets too complicated!  Besides, the Accounting Department started cautioning about higher heating and maternity leave costs. They’re always so drudgingly practical! The Internal Auditors did feel, interestingly, that the absence of pockets might help improve internal controls.

And, Marketing – bless their hearts – tried to stay upbeat with slogans such as: “We’ll give you the shirt off our backs” and“No Hidden Fees; No Hidden Costs; No Hidden Anything!”

We did have a couple of “King Solomons” who proposed several “simple solutions”. One was the “just blue jeans alternative”. But it was quickly killed, because most of us are of such an age that we are painfully aware of how we now look in blue jeans. We understand that we are the reason that overall denim sales have soared while the number of pairs sold has remained constant.

Another alternative suggested was organization-wide leisure suits (lime green, no less!), but fortunately clearer thinking prevailed.

Others called for “Theme Days”, when we would all dress alike around a common idea. This suggestion held much support until the wags began calling for Lady Gaga Mondays, Tacky Tuesdays, Dress-in-Drag Wednesdays, and No Bath, No Makeup Thursdays. And, lastly, for what it’s worth, I tried not to take it personally when that outraged employee, previously mentioned, called pointedly for “Idiot Days”.

Oh, well, who knows? Maybe we will eventually find an answer. Until that time, I guess we’ll continue to operate as though each of us truly needs our job; as though what each of us does is vital to the success of the Credit Union; as though being fashionably average is not good enough; as though Credit Unions are not a competitively protected class; and as though we’re here to raise the standard, not “lower the bar”.

As to employee morale, it seems you can’t pay those who work for money too little and you can’t pay those who work out of pride too much. Nor can you teach someone to care. Granted, it’s a lot harder to be something more, than to be something less; and life is never going to be comfortable when you’re trying to make a difference.

 

Old fashioned? You bet, ’cause “this ain’t no party, this ain’t no disco, this ain’t no foolin’ around…”

(originally published August 29,2016)
Posted on

Leonardo’s Horse: A Vision Outlasting Its Creator

Sometimes important, well-conceived ideas do not at first succeed. But if they truly inspire, sooner or later the vision will be fulfilled.

Leonardo da Vinci was a Renaissance master, a student of almost every area of knowledge being practiced. A painter, architect, designer of war machines, statues and inveterate keeper of notebooks recording every area his curiosity took him.

In 1482 he was commissioned to create a bronze horse statue by the Duke of Milan to be a gift to the Duke’s father, Francessco Sforza. The statue would be the largest ever cast requiring over 70 tons of bronze and standing 26 feet high.

Leonardo prepared by writing a treatise on horses’ movements, their anatomy and how he might balance a figure in motion, with just two of the four legs on the ground. In 1493 he made a full size clay stature of his design. He developed a unique engineering process recorded in his notes. The statue was to be cast in two halves and then joined together.

Full details of the sculpture.

Unfortunately, his patron gave the bronze collected for the sculpture to the Italian defenders of the city of Milan after it was attacked by an invading French army. The Italians lost, the clay model was used for archery practice by the French, and subsequently destroyed by weathering.

End of Story?

No, 500 years later a United Airlines pilot and art collector Charles C. Dent read about Leonardo’s vision in the September 1977 edition of National Geographic. He founded a non-profit to bring da Vinci’s vision to reality for his hometown of Allentown, PA. He died before the vision could be realized. His nephew took over the foundation and hired an experienced animal sculptor, Nina Akuma, to explore da Vinci’s drawings to create a fully realized instantiation. Two full size casts were made, one placed in Milan, Italy and the second commissioned by Frederik Meijer. (additional details)

It was this second horse I saw  on a visit to the Frederik Meijer Gardens and Sculpture Park in Grand Rapids, MI.

Although based on decades of Leonardo’s artistic work, it is today named the American Horse. The sight is truly majestic with the entire bronze weight supported by only the two opposite hooves. Its monumental standing is accentuated by the grass and tree sheltered green amphitheater which it alone inhabits.

The Promise of a Vision

Today the credit union vision is just over a century old. There have been almost 50,000 state and federal charters issued, of which 4,950 are still active. The challenge as in the artistic effort to recreate Leonardo’s horse, is what is core to the vision today? What is timeless in cooperative design  as it evolves in subsequent environments?

And is the design more than a single expression or does it require a “system” (as in Leonardo’s workshop) to support individual credit unions?

The commission that inspired Leonardo’s vision lasted long after its creator and sponsor left the scene. However the vision was so well conceived, that new artistic pioneers were motivated to fulfill the work, albeit in a contemporary context.

There is I believe a parallel with cooperative design. It is well conceived by founders, but requires contemporary architects  to ensure its relevance and sustainability for future generations.

Posted on

Being a Leader: Where is Kristian Christian When Members Need Her?

Bank Transfer Day.   It was a national headline PR story and marketing tsunami in 2011. The activity was started by a young woman who took action when Bank of America began charging fees because her combined balances were less than $20,000.

The person behind this movement was Kristian Christian.  She stepped up because she believed  bank executives were “out of touch” with their customers.  Her example raises a question: do credit unions need her activism even more today?

The Bank Transfer Day Story

The time was the fall of 2011.   The worst of the 2008/09 Great Recession was over.  Banks were being held to account by regulators.  Customers were paying the price.

Two brief videos that capture this movement’s moment.  The first is a 6:26 minute video from the news program Democracy Now on November 9, 2011.   The report estimates that as many as 700,000 people may have transferred money by the November 5th transfer date in response to Christian’s call to action.

In this news interview Christian also tells how she started  by  just sending a Facebook post to her 500 followers and asking them to join.

The second video from Christian, one year later in November 2012, gives an update on the  results and describes some of the online attacks she experienced.  Her message is for activism to succeed, it requires initiative and courage.

Where Grass Roots Efforts Are Needed Today

In the first video, Christian says banking executives were disconnected from the people they were meant to serve.  She urged her “followers” to seek out a not-for-profit credit union or community bank and transfer their funds to these locally-focused institutions.

Today might Christian see this same situation where  some credit union CEO’s and boards seem totally removed from their own member-owners?

In recent  years  a number of credit union members have experienced the merger of their sound, long serving coop justified with only rhetorical statements about the future.  But also creating immediate benefits and payouts for the initiators.   In several cases the CEO’s promised to stay in leadership roles to oversee their former members’ interests only to bail out within the year.

Here is one member’s comment on a merger vote completed this month:

Have asked several times for the actual voting numbers and have been told that no one has then and if they did they would not share them.
 Have you ever voted and not known the voting results? Employees from SEFCU were asked what they’re shirt sizes were for the new logo well before voting even ended. Also that it would become legal as of August 1 . Again before the end of voting. Whole thing smells !!!!

In another case, the Chair and CEO transferred $10 million dollars of members’ capital to a newly formed private “foundation” under their control as part of the merger.   According to  IRS form 990, the FCCU2 is a private foundation holding assets$11,973,971 at 2021 yearend.  The $2.0 million increase in assets occurred in less than 6 months. There is no mission statement, operational activity or officers listed in the Guidestar (Candid) report from the IRS (EIN: 87-1724276).

The Fix Is In

Credit union boards have ignored or stifled efforts for members to participate in the annual election of directors.  Virginia Credit Union is a well-publicized example because some members  challenged the status quo and submitted nominations.  The credit union turned a blind eye to their efforts and the disenfranchised members went public.

Few credit unions today actively encourage or seek board candidates.   Annual elections have become moot as internal nominations just equal the number of open seats.

The democratic governance model has been converted to a self-perpetuating board oligarchy.

Solution: Credit Union Transfer Day

Christian’s effort shows there is nothing more powerful than an engaged person who wants to change the world.

How might her example empower credit union members who feel overlooked by their coop’s leaders?

Should they identify another credit union willing to open their doors to persons seeking a responsive coop?  Transfer their money?   Refinance their loans or shift their direct deposits?

Christian’s method was simple: vote with your funds. Do something, not just complain.  Let your personal network know what you have done and ask then to support your position.

In 2013, Christian again stepped up by joining over 6,000 credit union supports to sign a petition to the White House to “Choose NCUA leaders who Understand Cooperatives” when making appointments to the Board.

Maybe concerned members should contact Christian to see what she is doing today?

 

 

 

Posted on

Leadership: Woven from a Different Fabric

(from Jim Blaine)

It’s a bit difficult to explain to folks who never met him, what “a force of nature” Ed Callahan was as a person. 

 He had an unusual instinct for listening to difficult issues, considering alternatives and options, and then “cutting to the chase”- clearly, decisively, on-point.


When leaving his position as NCUA Chair in 1984, he wrote a “Farewell Address” to President Regan about his view of the credit union movement. 

For those looking for a defense against unnecessary taxation, a rebuke against inept and intrusive regulation, or a simple, concise statement of the hope and promise of “the credit union alternative”, Ed Callahan’s message still rings true:

“The only threat to credit unions is the bureaucratic tendency to treat them, for convenience sake, the same as banks and savings and loans.  This is a mistake, for they are made of a different fabric.  It is a fabric woven tightly by thousands of volunteers, sponsoring companies, credit union organizations and NCUA – all working together.”

“Credit union boards of directors have made, and will continue to make, individual and collective decisions from their vantage point on the front lines of the marketplace.”

When left alone, they return to what they do best; providing basic financial services to their members on the most convenient and cost-effective terms possible.”

Credit Unions: Woven From A Different Fabric.

(Originally published July 2013)

Posted on

Finding Leaders: Clean Up Hitters

(from Jim Blaine)

This one’s about leadership, but it’ll take you a little while to find that out.  Leadership’s that way quite often.  With leaders, last impressions are usually more accurate than first impressions;  and appearances, unfortunately, can frequently be deceiving.

But if you survive this next little ride you’ll come away with a surefire, can’t miss, “spot the leader” identification methodology. A “new paradigm” for you MBA types.

How this all got started was a mid-week road trip to Kings Dominion with a small herd of high-decibel youngsters, mostly mine. For the in-cognoscenti , Kings Dominion is an amusement park one exit north of Richmond, Virginia.  They would have built in Richmond, but the State Legislature already runs a three-ring circus at that exit.

 The roller coasters were why we were headed to Kings Dominion. They’re the main attraction. Not to say there aren’t many others. One big draw, for example, is the “volunteers from the crowd” karaoke show, which the emcee promises “requires no talent to participate.” The absolute truth of that statement usually becomes pretty obvious rather quickly. Critics in the crowd overheard to remark, “Heck, I can sing that well” probably haven’t really thought through that observation carefully enough .

Chainsaw Carvings

Another major entertainment is good old-fashioned “people watching.” There is always an extremely wide variety of exotic folks at an amusement park. And, usually there is an exotic variety of extremely wide folks, too. But much like risk-based lending, the rabble can be divided into two distinct groups – the have and the have-nots. In this case, that’s not a distinction based on wealth. The division is between those who have enough clothes on and those who have not. Well, the have-nots do, at least, seem to have the more complete tans. Don’t forget your sunglasses!

Carnival Ride

But my favorite thrill – other than the coasters – is the Scrambler. For those of you who haven’t been around much, so to speak, the Scrambler is 12 whirling cars on three separate pods that sling you toward, and spare you from, oblivion at ever increasing speeds. The Scrambler is the ultimate smile machine. The toughest hombre, the dourest Puritan, even the most jaded CPA can’t resist a broad grin when this mechanical marvel spins into action.

As the velocity rises, each rider’s “public mask” gradually weakens, then falls completely away. And for a few brief moments, you can gaze directly into the hidden child heart of another person’s soul. Souls are private places which, when uncovered, search frantically for shelter from the light. But with the Scrambler, only raw happiness – that which is best in each of us – is spun to the surface. And, it’s quite alright, and very reassuring, to enthusiastically stare. If you do take a look, don’t miss the revelation that we’re all very human and, at heart, very much akin – that’s something really worth learning before it’s too late and the ride is over.

Leadership and Roller Coasters

But, I came to tell you about leadership and that’s where the roller coasters come in. Kings Dominion has a bunch of them with names like The Rebel Yell, The Anaconda, The Hurler, The Grizzly, Shockwave and The Avalanche. You can ride these thrills forwards, backwards, over, under, inside, outside, up, down, sitting, standing, or my recommendation, kneeling and praying!

Riding a roller coaster evokes many of the same emotions as running a credit union, rolling out a new marketing campaign, or leading a DP conversion. “Shucks, it can’t be that bad…”  “This is going to be fun…”  “Whose idea was this?”  “Well, at least it can’t get any worse…”  “If I ever get out of this, I promise…” Guess you get the idea.

This time around, on one particular roller coaster ride there was an unfortunate accident. The to-and-fro and up-and-down was just too much for one young’un, who unswallowed his lunch while being closely held in the lap of his mother. When the ride ended, it wasn’t difficult to tell from Mom’s face (and clothes!) that this unexpected extra little thrill was just about “too much.” As opposed to the Scrambler, this is one of those soul-searching moments when it’s only polite to look away!

Carnival Food

The roller coaster quickly emptied, of course, and the waiting throng watched and waited for the “now what” with much anticipation. The rides are operated by teams of young people. I’m sure they are summer help, awaiting the advent of the fall semester at local universities and colleges. It’s apparent that they’ve been chosen with great care, because all are neat, attractive people in their blue knit and pressed tan khaki.

The Leader’s Test

Surprisingly, on this occasion, all the “service team” seemed to have missed “the mess” and to be thoroughly occupied with other duties; though it was difficult to determine exactly what those “other duties” involved. The team members were all desperately looking anywhere other than toward the “scene of the crime.” As time passed and the tension mounted, the feigned ignorance developed into a serious game of chicken. Who would blink first?

Carnival Food

There are certain problems and situations in life that only a leader will handle. Such problems and situations are of a type which should not be avoided and cannot be ignored; and, of a type which only the uncivilized or unjust would try to delegate to others. These are the type of problems that we all can see “somebody needs to do something about that.” Most of us aren’t willing to be that “somebody.”

Next time you have “a little mess” at your credit union, watch for who steps forward to clean it up. Always promote the first person “to grab the mop.” They really are somebody.

And, if your hand is not the first one on the mop, perhaps you should give that a little thought, too….

(March 14, 2011)

Posted on

Lincoln’s Insights for Today: # 5

From the Second Inaugural Address March 4, 1865 to a divided nation.

At 701 words this is the second shortest address given by a President. He invokes God fourteen times, and mentions the Bible four times.  He uses inclusive language to avoid polarizing further the nation’s feelings at the war’s termination.  He talks about forgiveness and reconciliation.  In the style of a preacher from the Great Awakening, he first provides a scriptural injunction and closes with an imperative, therefor we must. . .

Both read the same Bible, and pray to the same God; and each invokes His aid against the other.  It may seem strange that any men should dare to ask a just God’s assistance in wringing their bread from the sweat of other men’s faces (Gen 3:19); but let us judge not, that we be not judged (Matt 7:1).  The prayers of both could not be answered; that of neither has been answered fully.

With malice toward none, with charity for all; with firmness in the right, as God gives us to see the right, let us strive on to finish the work we are in; to bind up the nation’s wounds; to care for him who shall have borne the battle, and for his widow, and his orphan—to do all which may achieve and cherish a just, and lasting peace, among ourselves and with all nations.

Editor’s comment:

This excerpt is  from a lecture by Dr. Ronald C. White (BA, UCLA; PhD Princeton University) an independent scholar and authority on Abraham Lincoln. He is the author of Lincoln in Private: What His Most Personal Reflections Tell Us about Our Greatest President.

Lincoln’s words are timeless, especially as we face  our political divisions today.  They were transformative when first prepared.  They feel even more profound today.

Ronald White’s complete lecture can be heard here.