02.24.10

Cult of Cyberwar: When Booz Allen’s Mouthpiece Attacks

Posted in Cyberterrorism at 2:13 pm by George Smith

Smiling Mike McConnell, one of the most famous salesmen-in-chiefs of the cult of cyberwar. Committed to hiring computer security specialists from the clutches of the government then leasing them back at premium rates for the benefit of Booz Allen business.

From today’s news, Mike McConnell of Booz Allen’s cybersecurity sales unit, again making a putsch/pitch on the coming of cyberwar catastrophe:

If the United States fought a war in cyberspace today it would lose, the nation’s former top intelligence official has told a Senate Committee.

“We’re the most vulnerable, we’re the most connected, we have the most to lose, so if we went to war today in a cyber war we would lose,??? Michael McConnell, who previously served as the director of national intelligence, told the Commerce, Science, and Transportation Committee on Feb. 23.

McConnell told the panel that although the United States has made progress on cybersecurity, the country hasn’t made a national commitment to understanding and securing cyberspace. He predicted a catastrophic event would be needed to move the country toward a pre-emptive posture to mitigate the threat.

“We’re not going to do what we need to do; we’re going to have a catastrophic event [and] the government’s role is going to change dramatically, and then we’re going to go to a new infrastructure.???

This — sampled from GCN — was echo’d in similar form at many other news outlets.

“McConnell joined a number of former government officials who have warned of cyber vulnerability,” reported Businessweek.

“A bipartisan group of ex-federal officials said on Feb. 16 after a simulated cyber attack that the U.S. was unprepared to respond to the real thing.”

In this, the publication was referring to a dog and pony show which ran constantly over the weekend on CNN. A cyberwargame was played, one which the United States lost. Catastrophe descended.

However, long-time readers know that such cyberwar games are always rigged so that we experience catastrophic failure.

Difficult to take seriously, its bipartisan panel consisted of people chosen for name value, a couple even being exceptionally odd in this area because they would not seem to have ever been remotely interested in cybersecurity.

These two: Former White House press secretary Joe Lockhart and a befuddled-looking, even by low US standards, John Negroponte.

“[Negroponte] is currently a research fellow and lecturer in international affairs at Yale University’s MacMillan Center,” says his Wiki bio, perhaps generously written by one of his student interns.

Jason at Armchair Generalist latched onto this earlier today in “Cyber Warfare — It’s the New WMD.”

The CNN farce, called Cyber Shockwave, was delivered with the position that cyberattacks are somehow like WMDs.

How this was so wasn’t really explained except by the claims of cyberwar catastrophe put forward in a number of mock news broadcasts aired for the special.

“I find it somewhat amusing that [Michael Chertoff suggested] we ought to treat cyber-terrorism as seriously as we do WMD terrorism,” writes Sigger. “DHS’s record on preparing for WMD terrorism is really not that good.”

Another quote, furnished all the way from the UK by Tim Stevens here noted the differences in cyberwar peddling in his country and over here:

[Cybersecurity] as an element of national security and a subject of political concern seem to be playing out very differently in the US and its main European ally. Whereas the UK is cautious in projecting concern into the public domain, some elements of the US hierarchy seem very determined to make this a public issue of the highest priority. The discourse is different, and is being mediated in starkly contrasting manner.

Which brings us right back to the way it has been handled in the US.

Just like every other very important national security special interest group issue: Catastophe is predicted, and everything is covered with a thick and obvious crust of exaggeration-from-important-person and manipulation. The media and Congressional hearings are the stage for this natsec theatrical production.

The next table comes from DD’s tabulation on Cult of Cybersecurity narrow sourcing and how just a small number of large corporate computer security business interests drive the debate.

Here is the unscientific master list, taken from a search on cybersecurity/cyberwar through newspaper databases over the past year, current only to January 19:

1. Alan Paller, SANS — 84
2. McAfee — 80
3. James Lewis, CSIS — 47
4. Booz Allen Hamilton — 38
5. Symantec — 31
6. Mike McConnell, BA — 25
7. Paul Kurtz, Good Harbor — 11
8. Richard Clarke, Good Harbor 4

‘Control values’:

1. Gene Spafford, Purdue 25
2. Marcus Ranum 0

In terms of security vendor businesses, the list condenses to a small number of players controlling the debate in 2009: SANS, McAfee, and Booz Allen Hamilton, the latter which jumps to number three on the list with 63 hits in major stories if you add McConnell’s total.

In a country as large and complicated as the United States there are many many computer security businesses. And there are also many computer security experts in the academy — scientists and engineers who have published books and papers on the subject.

Yet in the current national ‘debate,’ they’re all missing or excluded.

The ‘experts’ called upon to shape and dictate the entire discussion can be counted on the fingers of one hand. They hold the keys to all knowledge.

SANS has already been addressed.

It’s a security training business and its director, Alan Paller, is the man who knows everything.

When a newsman wants to know what evil China is up to today in cyberspace, Paller is the man to call. (If he’s busy, one goes for James Lewis of the Center for Strategic and International Studies.)

And this is why DD blog has the Paller-Scope.

In February, the master list condensed even more.

This happened when McAfee, number two on the list, bought the Center for Strategic and International Studies to provide ‘research’ atesting to the belief that cyberattacks are about to result in horribleness everywhere — proven by polling corporate businessmen who read the news about horrible cyberattack everywhere.

One illustrative citation:

Globally, widespread cyberfacilitated bank and credit-card fraud has serious implications for economic and financial systems and the national security, …

Power plants, oil refineries and water supplies increasingly dependent on the Internet are under relentless attack by cyber spies and thugs, according to a McAfee report.

The “Critical Infrastructure in the Age of Cyber-War” analysis by the US-based Center for Strategic and International Studies said the price of “downtime” from major attacks exceeds six million dollars a day.

“If cyberspace is the Wild West, the sheriff needs to get to Dodge City,” concluded the study commissioned by McAfee, which sells computer security software.

From earlier today at PC World:

The Internet was designed as a global commons that polices itself, but that model has failed, [James Lewis of the Center for Strategic and International Studies] added. “Instead, we’ve got the Wild West.”

“The days of the Internet Wild West are over, said James Lewis, a cybersecurity expert and senior fellow at the Washington-based Center for Strategic and International Studies,” reported the Associated Press at the same time.

When messaging, it is always important to have a consistant and well-rigged script. And to not deviate from it.

This was all delivered in the context of legislation which would, theoretically, “require a national licensing and certification program for cybersecurity professionals … it would be illegal to provide some cybersecurity services without being licensed and certified.” (The latter from PC World.)

Two things stand out, aside from the stilted abuse of the Wild West simile.

First, CSIS being pocketed to provide convenient research to McAfee is much like the model of AHIP, the research group put together by the health insurance industry to provide studies on all the things that must be done for the health insurance industry.

Second — legislation which requires “a national licensing and certification program for cybersecurity professionals [making it] illegal to provide some cybersecurity services without being licensed and certified” stands to most efficiently transfer profits to the large corporate businesses furnishing cybersecurity training and services to the government and the rest of the country.

In other words, it cements and mandates the businesses of McAfee, Booz Allen and the rest of our collection of debate drivers from the Cult of Cyberwar.

Some readers may have noticed this business model for fixing things has some common philosophy with healthcare reform which mandates everyone buy health insurance without providing a public option, cost limiting or any guarantees that the purchased new excellence in computer security is actually any different than it is now.

---

Narrow-sourcing and kings of cyberwar quote.

Cult of Cybersecurity — from the archives.

Permalink