05.01.10
Posted in Cyberterrorism, Extremism at 11:04 am by George Smith
Richard Clarke’s publicity campaign bulldozes the media. Note Google ads for Raytheon and Northrop Grumman cybersecurity business operations tied to it.
From the WaTimes:
A cyber-attack could disable trains, Mr. Clarke says. “It could blow up pipelines … [or] damage electrical power grids. … It could confuse financial records, so that we would not know who owned what.”
From the New York Times in 1999, as sampled by me ten years ago:
“US Monitors Millennium Trouble Spots Around the World” was the title of a Tim Weiner penned piece in the New York Times.
“From now until after the New Year’s holiday, hundreds of FBI agents will be monitoring cyberspace for warnings, like ancients searching the skies for a sign, looking out for electronic assaults by hackers and tracking political extremists by computer.
“Civilian and military officials across the country, worried about an organized attempt to take down government computers, are watching everything from reservoirs to the Federal Reserve.
——
” . . . Richard A. Clarke of the National Security Council, repeatedly warns them that ‘cyberterrorists’ could launch computer attacks ‘shutting down a city’s electricity, shutting down 911 systems, shutting down telephone networks and transportation systems,’ as he said in a recent interview.”
From the Washington Times, in November of 1999, on someone else — not Richard Clarke, peddling a book on cyberwar:
“China could launch a devastating computer-run sabotage operation by attacking U.S. oil refineries, many of which are grouped closely together in areas of Texas, New Jersey and California.”
“A [Chinese] computer attacker could penetrate the electronic ‘gate’ that controls refinery operations and cause fires or toxic chemical spills . . . “
However, in November of 1999, from Richard Clarke, as reported by the Associated Press:
“We could wake one morning and find a city, or a sector of the country, or the whole country have an electric power problem, a transportation problem or a telecommunication problem because there was a surprise attack using information warfare.”
“Clarke compared the reliance [on computer networks] to former drug addicts enrolled in a recovery program,” read the AP article.
“We need to take a lesson from that — at least they know they have a dependency problem. Many of you are still in denial.”
From the Los Angeles Times, in October of 1999:
Richard Clarke: “An enemy could systematically disrupt banking, transportation, utilities, finance, government functions and defense.”
And the granddaddy of all Richard Clarke cyberwar placemat stories — Signal magazine’s “Hidden Hazards Menace U.S. Information Infrastructure,” from August of 1999:
“The greatest threat to U.S. security may come from internal software or hardware trapdoors lying dormant in the nation’s critical infrastructure. The digital equivalent of Cold War moles, these hidden threats would serve as access points for criminals, terrorists or hostile governments to extort money, impel foreign policy appeasement or ultimately launch crippling information attacks on the United States,” stated Signal.
There is “a very real possibility of an electronic Pearl Harbor,” said Clarke to the magazine.
“Without computer-controlled networks, there is no water coming out of your tap; there is no electricity lighting your room; there is no food being transported to your grocery store; there is no money coming out of your bank; there is no 911 system responding to emergencies; and there is no Army, Navy and Air Force defending the country . . . All of these functions, and many more, now can only happen if networks are secure and functional.
“A systematic [attack] could come from a terrorist group, a criminal cartel or a foreign nation . . . and we do know of foreign nations that are interested in our information infrastructure and are developing offensive capabilities that would allow them to take down sectors of our information infrastructure.”
For Signal, Clarke claimed “trapdoors” unspecified and theoretical, “some of which may already be in place, as the greatest potential threat to the information infrastructure. Residing in the operating systems of key networks that support the U.S. critical infrastructure, these trapdoors would provide windows of opportunity for any ill-intentioned adversary to wreak considerable havoc. ‘It is at least theoretically possible that a nation could insert such trapdoors, and then make demands of the United States under threat to our infrastructure.'”
The cyberwar scenario was delivered:
“One possible scenario would feature a demand leveled by a foreign government or terrorist group. When the U.S. government refuses to comply, this adversary demonstrates its capabilities by reducing a region of the United States to chaos. ‘I think the capability to do that probably exists in the hands of several nations,’ Clarke stated. ‘I think it could exist in the near future in the hands of criminal and terrorist organizations.'”
—-
“Envision all of these things happening simultaneously -electricity going out in several major cities; telephones failing in some regions; 911 service being down in several metropolitan areas. If all of that were to happen simultaneously, it could create a great deal of disruption, hurt the economy . . . “
Sources in a longer piece here.
Citations from Google News tab today including “Richard Clarke,” “Cyberwar” and the turning off of the electricity: at least 10
From non-cybersecurity expert, Michi Kakutani, in the New York Times this week:
Blackouts hit New York, Los Angeles, Washington and more than 100 other American cities. Subways crash. Trains derail. Airplanes fall from the sky.
Gas pipelines explode. Chemical plants release clouds of toxic chlorine. Banks lose all their data. Weather and communication satellites spin out of their orbits. And the Pentagon’s classified networks grind to a halt, blinding the greatest military power in the world.
The only things left out: The sky turning the color of sack cloth and cats and dogs fornicating in the street.
Permalink
04.22.10
Posted in Cyberterrorism at 8:48 am by George Smith
Yesterday McAfee issued an anti-virus update that rung up a false positive on the Windows XP operating system core file, svchost.exe.
When DD read it, he laughed.
(If your PC skills are a little duff, to understand why this was bad funny, open the Task Manager — instructions here. Scroll down and you’ll see a number of svchost.exe processes. Imagine if an anti-virus program suddenly took them all away. Big oof!)
It’s nearly the biggest mistake you can make as an anti-virus software developer. And in one fell swoop, it bricked machines nationwide, allowing McAfee to easily surpass North Korea as a cyberpower to be feared.
Why North Korea?
Because Richard Clarke was on the Maddow show last night, dispensing his usual shtick on cyberwar. And Maddow was drinking it all in, captivated by the idea of North Korea as a serious cyberthreat to the US because, infrastructurally, it is so poor and primitive.
Why, all those wily North Koreans have to do is rent a hotel room in China and launch a cyberattack on the US on the 4th of July against government websites hardly anyone visits!
That’s the argument.
USA Today, in reporting on the consequences of the McAfee false positive:
News reports and Twitter chatter suggest thousands of Windows PCs in large organizations around the globe were thrown into fits of rebooting yesterday after antivirus giant McAfee distributed a routine update carrying an egregious error.
Now each one of those computers will have to be manually cleaned. Affected organizations can expect to expend a minimum of 30 minutes of manual labor per PC to get each one back into working order, says Steve Shillingford, CEO of tech forensics firm Solera Networks.
“There’s no way to automate the process,” says Amrit Williams, CTO of security management system company Big Fix. “It will take however long it takes to touch each single machine. The companies affected by this could be dealing with this for days or weeks.”
—-
Solera Networks, a supplier of network forensics technology, says it helped one large U.S. multi-national company quickly determine that the poisonous update from McAfee threw 50,000 of its PCs into a rebooting frenzy. McAfee advised the company that “remediation time is estimated to be 30 minutes per user, ” says Solera CEO Shillingford.
“Estimating $100 per hour, this organization’s lost time alone can be conservatively estimated to cost more than $2.5 million,” says Shillingford. “And that does not factor in lost productivity while users are down.”
Security experts say false positives are impossible to completely eliminate …
Incidentally, here’s a McAfee press release from last year warning about cyberwar, authored by Paul Kurtz, one of Richard Clarke’s lieutenants. Good Harbor, Clarke’s company, was commissioned to write it.
McAfee Inc. Warns of Countries Arming for Cyberwarfare
The United States, Israel, France, China and Russia are Cyberarmed; Critical Infrastructure is at Risk, According to McAfee’s Fifth Annual Virtual Criminology Report
—-
Former White House advisor Paul Kurtz compiled the report on McAfee’s behalf.
The report for the first time provides a model to define cyberwar, identifies the countries involved in developing cyberoffenses and cyberdefenses, dissects examples of politically-motivated cyberattacks and reveals how the private sector will get caught in the crossfire. Government disclosure is also a major issue, as cyber initiatives and information are often classified by the government, hindering cybercrime defense in the public and private sector.
Experts call for a clear definition and an open debate on cyberwarfare. Without an open discussion among the government, private sector and the public, future cyberattacks targeting critical infrastructure could be devastating.
——
Private Sector is the Most at Risk – Critical infrastructure is privately-owned in many developed countries, making it a huge target for cyberwarfare. The private sector relies heavily on the government to prevent cyberattacks. If virtual shooting starts, governments, corporations and private citizens may get caught in the crossfire. Without insight into the government’s cyberdefense strategy, the private sector is not able to be proactive and take the proper precautions. Experts call for a public discussion on cyberwarfare, bringing it out of the shadows.
Et tu, McAfee?
Only kiddin’.
A comment on McAfee’s cyberwar report from last year.
Permalink
04.21.10
Posted in Crazy Weapons, Cyberterrorism, Extremism at 7:39 am by George Smith
Why are you not surprised?
Completely shut out — except on opinion pages and in press releases from the Heritage Foundation — that nugget of the GOP far right known as the Cult of Electromagnetic Pulse Crazy resorted to lobbying Rush Limbaugh.
Birther Frank Gaffney spoke with Limbaugh who told it this way:
People are utterly unprepared to live and to deal with circumstances that were the norm for humanity up to a hundred years ago. Stop and think about that. I interviewed Frank Gaffney, defense policy expert during the Reagan years, for the next issue of the Limbaugh Letter. I talked to him on Friday. One of his big concerns is that the Iranians could load up a small little nuclear device on a boat and start trolling the East Coast of the United States, there are some 2,000 ships a day out there, how do you know which one is the mullahs cruise ship? They launch a little nuke and detonate it in the atmosphere and cause an EMP, electromagnetic pulse. He said if they took out our electric grid, if they took out our ability for electricity, do you realize the number of mass deaths that would happen very quickly? So dependent are we on all these — What got me to thinking about this is that we live at a time where we’ve had all this modernization, all of these terrific advancements that have enhanced life, improved the quality of life, and lengthened the span of life.
We are being pestered by a bunch of people who have friends in this regime who want to roll all of that back and take us back to the times where life was much more primitive. Now, people did not die en masse because there wasn’t electricity. Life was harder. Nighttime was really dark. You had to have your torches out there or what have you, and that was, you know, only after somebody figured out how to create fire, about which they made a movie. Imagine if that guy had been able to patent it. Can you imagine if that guy had a family, they’d be the richest people in the world, the guy that invented fire, had the patent on it. Every time a fire happened, this guy got the royalty. But they didn’t think about things like that back then. You have all these scions out there like the Sulzberger guy at the New York Times, you’ve got the people from the old Firestone Tire and Rubber, you got the Ford, GM, the Mellons and so forth, and now you’ve got all these fourth and fifth generation offspring that have no idea what their families did to create it living off of it.
Hmmm. So let’s see if DD understands this. Iran could take US back to the time of the movie The Man Who Shot Liberty Valance and the Obama administration also wants to take us back to a time “when life was much more primitive.”
Also, the people who control fire at such a time get all the royalties. And the Sulzbergers, “old Firestone Tire and Rubber … the Mellons and so forth,” plus the New York Times, they’re sort of the firemakers now, so they’d benefit. Or something like that.
Therefore, the mullahs and the current US “regime” are somehow connected in this desire.
“All of liberalism is a giant hoax,” Limbaugh concludes.
There’s also some jabber about the volcano and airplanes.
Cult of EMP Crazy is the best sobriquet, don’t you think?
DD was once popular with Rush Limbaugh because I had written something he found convenient.
It would be remiss of me not to mention one of the chieftains of the Cult of Cyberwar in this post. That’d be Richard Clarke, who is currently flogging his newest book on … cyberwar … at least the second on the topic, the last one being fiction.
Here one observes stiff competition for the meme of who will turn out our lights. It could be Iran or China using hackers. Or it could be Iran, employing electromagnetic pulse.
Iran has a lot of options, apparently. I’m afraid, aren’t you?
Writes the instapundit guy at the Wall Street Journal:
Over the past few decades, American society has become steadily more wired. Devices talk to one another over the Internet, with tremendous increases in efficiency: Copy machines call their own repairmen when they break down, stores automatically replenish inventory as needed and military units stay in perpetual contact over logistical matters—often without humans in the loop at all. The benefits of this nonstop communication are obvious, but the vulnerabilities are underappreciated. The Internet was designed for ease of communication; security was (and is) largely an afterthought. We have created a hacker’s playground.
Worse yet, computer hardware, usually made in China, is sometimes laced with “logic bombs” that will allow anyone who has the correct codes—the Chinese government comes to mind—to turn our own devices against us. [Richard Clarke] and Knake are particularly concerned with risks to the electric grid
Here the enemies, as usual, are Iran and China. A couple months ago it was North Korea.
Clarke’s book — Cyberwar: The Next National Security Threat and What to Do About It — was said to have claimed North Korea was a cyberwar power to be feared because it was primitive and poor. The reasoning being that it was invulnerable to cyber-retaliation. Because it was poor and primitive and so on.
(Clarke repeated the substance of this for Maddow again tonight. Because North Korea is infrastructurally a cybernobody, it’s a cyber superpower).
“Worrying about threats to the electric grid is all the rage these days, with anxious planners troubled by electromagnetic pulse attacks or even solar superflares that could melt down the power net for months or even years, bringing civilization to a halt,” argued the instapundit.
“But Richard Clarke … [warns] in ‘Cyber War’ that if such a calamity occurs, the culprit behind it might not be a high-altitude nuclear burst or strange solar weather but a computer hacker in Beijing or Tehran.”
Permalink
04.09.10
Posted in Cyberterrorism at 1:21 pm by George Smith
Today, speaking for itself:
Several Republicans have criticized President Obama for placing new limits on the use of U.S. nuclear weapons, but Rep. Michele Bachmann, R-Minn., raised eyebrows among liberal foreign policy observers by suggesting during a Wednesday rally with Sarah Palin that the American nuclear arsenal is needed even to deter cyber attacks.
“If in fact there is a nation who is compliant with all of the rules ahead of time and they’ve complied with the United Nations on nuclear proliferation, if they fire against the United States a biological weapon, a chemical weapon or maybe a cyber attack, well then we aren’t going to be firing back with nuclear weapons,” Bachmann said. “Doesn’t that make us all feel safe?”
“No!??? shouted the crowd of thousands in Minneapolis.
Steve Benen of the Washington Monthly seems surprised by the outburst here.
He shouldn’t be.
When prime media real estate like 60 Minutes and the Washington Post’s editorial pages have been given over to one person — Mike McConnell — screeching about how the US either is losing or would lose a ‘cyberwar,’ it’s unsurprising when a famously stupid person from the GOP says such a thing. After all, one of McConnell’s favored tropes is that a cyberwar on Wall Street would be worse than 9/11.
I covered this years ago when no one was interested in the subject. Institutional memory is in short supply. However, idiotic statements never have been. And they always have more leg.
Cult of Cyberwar — from the archives. Boy, that’s a lot of stories.
Permalink
03.26.10
Posted in Cyberterrorism at 1:27 pm by George Smith
Everyone in the political class and mainstream media acts like the current news about cyberattack on the nation is unique.
It’s not.
There was a paroxysm on it back in 2003 when the first strategy to secure cyberspace was unveiled.
At the time, I was asked to comment on an old article addressing it in the National Academy of Science’s Issues in Science & Technology magazine.
Here’s the thing:
“Cybersecurity: Who’s Watching the Store?” is a very welcome appraisal of the nation’s de facto laissez-faire approach to battening down its electronic infrastructure. Authors Bruce Berkowitz and Robert W. Hahn’s examination of the National Strategy to Secure Cyberspace is timely and accurate in the assessment of its many shortcomings.
Less delicately stated, the strategy does nothing.
It is curious that it turned out this way, because one of its primary architects, Richard Clarke, had worked overtime since well before 2000 ringing alarm bells about the fragility of the nation’s networks. At times, Clarke’s message was apocalyptic: An electronic Pearl Harbor was coming. The power could be switched off in major cities. Cyber attacks, if conducted simultaneously with physical terrorist attacks, could cause a cascade of indescribable calamity.
These messages received a considerable amount of publicity. The media was riveted by such alarming news, but the exaggerated, almost propagandistic style of it had the unintended effect of drowning out substantive and practical debate on security. For example, how to improve after-the-fact, reactive, and antiquated antivirus technology on the nation’s networks, or what might be done about spam before it grew into the e-mail disaster it is now never came up for discussion. By contrast, there was always plenty of time to speculate about theoretical attacks on the power grid.
When the Bush administration’s Strategy to Secure Cyberspace was released in final form, it did not insist on any measures that echoed the urgency of the warnings coming from Clarke and his lieutenants. Although the strategy made the case that the private sector controlled and administered most of the nation’s key electronic networks and therefore would have to take responsibility for securing them, it contained nothing that would compel corporate America to do so.
Practically speaking, it was a waste of paper, electrons, and effort.
GEORGE SMITH
Senior Fellow
Globalsecurity
Pasadena, California
The most recent iteration of this is the Cybersecurity Act of 2009 which just passed in the Senate Commerce, Science and Transportation Committee.
I’ll talk about it in more detail in a future post, but a couple things immediately jump out. They revolve around what the Congressional committee is said to have ‘found.’
The ‘findings’ are simply requotes from the chieftains of the Cult of Cyberwar.
I’ve written about this repeatedly during the year and the Senate deviates not one iota from the script delivered by the cult. (For background see here on the practice in which only a few select ‘experts’ dominated the entire national discussion on the topic, as well as here and here more recently.)
The same people that comprise the Cult of Cyberwar make up the frontispiece of the legislation: Mike McConnell, James Lewis, Alan Paller and a partner of Richard Clarke’s, Paul Kurtz.
Here are the salient pieces:
Paul Kurtz, a Partner and chief operating officer of Good Harbor Consulting as well as a senior advisor to the Obama Transition Team for cybersecurity, recently stated that the United States is unprepared to respond to a ‘cyber-Katrina’ and that ‘a massive cyber disruption could have a cascading, long-term impact without adequate co-ordination between government and the private sector.’
Alan Paller, the Director of Research at the SANS Institute, testified before the Congress that ‘the fight against cybercrime resembles an arms race where each time the defenders build a new wall, the attackers
create new tools to scale the wall. What is particularly important in this analogy is that, unlike conventional warfare where deployment takes time and money and is quite visible, in the cyber world, when the attackers find a new weapon, they can attack millions of computers, and successfully infect hundreds of thousands, in a few hours or days, and remain completely hidden.’
According to the National Journal, Mike McConnell, the former Director of National Intelligence [and the head salesman for Booz Allen Hamilton’s cybersecurity unit], told President Bush in May 2007 that if the 9/11 attackers had chosen computers instead of airplanes as their weapons and had waged a massive assault on a U.S. bank, the economic consequences would have been ‘an order of magnitude greater’ than those cased by the physical attack on the World Trade Center. Mike McConnell has subsequently referred to cybersecurity as the ‘soft underbelly of this country.’
The Center for Strategic and International Studies report on Cybersecurity for the 44th Presidency concluded that (A) cybersecurity is now a major national security problem for the United States, (B) decisions and actions must respect privacy and civil
liberties, and (C) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure. The report continued stating that the United States faces ‘a long-term challenge in cyberspace from foreign intelligence agencies and militaries, criminals, and others, and that losing this struggle will wreak serious damage on the economic health and national security of the United States.’
This one above is deceptive because it’s James Lewis incognito. One wagers his name was not included so that readers will conclude their was more variety and depth to the research than there actually was. Lewis is cited a second time in the very next finding.
The selection of Congressional ‘findings’ is remarkable for how narrow-sourced it is.
The question is not whether or not the state of security on the Internet is fragile and often totally lacking. And because of this country’s daily transaction with it, the issue is deserving of serious work and attention. It is.
The more accurate observation is that the United States is a really big country with many, many cybersecurity experts in academia and in the private sector.
And they’re not present in this selection of staged material. The remedies and problems are described by a smaller number of people than the fingers on one hand. As a thought exercise, one can contrast this with the over year-long process of securing healthcare reform, and the national debate over it, such as it has been.
The failure of the first strategy to secure cyberspace was that the government took no role. It was designed to be this way.
Everything was left to the market. And Richard Clarke and James Lewis were two guys who were instrumental in that.
Now it’s seven years later and there’s much lip service paid to the realization that it was worthless. And so there is now an aim to make government conduct some kind of leading role.
However, the current state of the legislation is generally vague on how this is going to be done, or how it even departs from regular practice. Except for some trival areas, so far.
If one reads the bill closely there is also an insistence on “creating a market for cybersecurity risk management, including the creation of a system of civil liability and insurance (including government reinsurance).”
Only heaven and the staffers know what this means. However, when one talks about creating a ‘market’ for cybersecurity risk management, it sounds suspiciously like what exists now. Very little government role or regulation but cybersecurity risk management furnished by big corporate cybersecurity vendors, who assess and manage risk independently and according to what best suits their profit margins.
All for now.
The bill is here.
Permalink
03.22.10
Posted in Cyberterrorism at 5:15 pm by George Smith
The Paller-Scope’s gaze looks upon journalists and hackers alike, in much the way Cerebro is used by Professor X to keep a watchful eye on good and evil mutants.
Paller is kind of a real-life version of Professor Charles Xavier, the X-men comic-book character who heads a school designed to find and nurture young mutants with supernatural powers. — Newsweek
“Journalists are among the most important people in cyber security because until the public fully understands the threat, the nation will never act to solve the problem,” said Alan Paller, the SANS Institute’s director of research. SANS sponsored the awards and is considered the largest and most trusted source of information security training and certification in the world. — a SANS press release about ‘journalism awards’ handed out by Alan Paller
Among those who are pushing this [hacker] recruitment drive is Alan Paller, co-founder of Sans Institute cyber-security school. Alan initiated a Cyber Challenge last year in which participants were required to hack into servers. Some of the participants were hired by National Security Agency, while the FBI and Air Force too decided to offer internship to future winners.
A potential flip side to such competitions is that, the skills they learn could be turned against the law. However, Alan, while admitting it as an inherent risk, says that its worth it in the face of a shortage of experts and defending the country from incessant cyber attacks. — some vendor conference
Disobeying a standing rule is often adequate grounds for dismissal, said Alan Paller, director of research at the SANS Institute, a security certification and training organization. But the question that also needs to be asked here is why the state of Pennsylvania has not publicly disclosed the security incident that Maley spoke about at the RSA conference, Paller said.
Rather than try and keep a lid on the incident, “public officials have the responsibility to tell the world [about such events],” Paller said. — Computerworld
Attention, amateur hackers: Uncle Sam wants you to help fight cyber-crime — and he’s getting pretty desperate, too. As cyber-attacks become more complex and virulent, the U.S. government has poured billions of dollars into securing our nation’s digital borders. Problem is, it’s facing a severe shortage of manpower. Out of the roughly 20,000 “elite??? cyber-experts that the U.S. needs, there are only about 1,000 currently fighting the good fight. Faced with this dearth of expertise, and with a national training program that’s proven to be flawed, governmental agencies and private companies alike have broadened their recruitment wingspan in an effort to dig out whiz-kid diamonds in the rough.
One of the people spearheading this revamped recruitment initiative is Alan Paller, co-founder and research director of the Sans Institute cyber-security school, and who, according to Newsweek, is “kind of a real-life version of Professor Charles Xavier.??? — some miscellaneous apple-polisher perhaps angling for an award next year
The Paller-Scope — from the archives
Permalink
03.18.10
Posted in Cyberterrorism at 10:19 am by George Smith
Montgomery County school officials have not yet closed gaps in their computer system that allowed students at a high-performing Potomac high school to change dozens of grades using a device that can be bought from Amazon.com for $69. And other school systems, including Fairfax County, remain just as vulnerable, school officials said Tuesday.
At least eight students at Winston Churchill High School are believed to have used the readily available device to obtain teachers’ passwords for the school system’s grading system. The school system, Maryland’s largest, has determined that the grades of 54 students were improperly changed in 35 teachers’ records.
From the Washington Post here.
“That’s the first hack that every kid who becomes a criminal has done,” Alan Paller, “director of research at the SANS Institute,” told the newspaper. “Right now, attack software is so good that the average user in a small business or a school cannot protect himself and still get his job done.”
Previously in the Paller-Scope — from the archives.
Permalink
Posted in Cyberterrorism, Extremism at 9:45 am by George Smith
One of the headmen of the Cult of Cyberwar, James Lewis of the Center for Strategic and International Studies, admits the cult has overdone it in recent months.
This in a short essay, “The Cyber War Has Not Begun,” here.
Lewis writes:
No nation has launched a cyber war or cyber attack against the United States … Pronouncements that we are in a cyber war or face cyber terror conflate problems and make effective response more difficult.
This is a bit like seeing the town whore swearing she’ll attend regular meetings of the Church Universal and Triumphant. One can’t help but be impressed — but only in a jaundiced way — wondering how long this ‘conversion’ will last.
Lewis, readers have seen, has been one of the chieftains of the Cult of Cyberwar. And DD blog’s survey of citations of his name, and a few others, in media databases over the past few months shows his footprint clearly.
Here is the unscientific master list, taken from a search on cybersecurity/cyberwar through newspaper databases over the past year, current only to January 19:
1. Alan Paller, SANS — 84
2. McAfee — 80
3. James Lewis, CSIS — 47
4. Booz Allen Hamilton — 38
5. Symantec — 31
6. Mike McConnell, BA — 25
7. Paul Kurtz, Good Harbor — 11
8. Richard Clarke, Good Harbor 4
‘Control values’:
1. Gene Spafford, Purdue 25
2. Marcus Ranum 0
Here, we don’t split hairs over the precise syntax used by each of the Cult of Cyberwar’s chieftains. Lewis cannot escape that he was one of the major contributors to the bad state of affairs to which he now says nay.
If readers have followed this specialized topic, they know this in response to US cyberczar Howard Schmidt’s recent statement to Wired that the United States was not in a cyberwar. And this was in the context of Booz Allen Hamilton’s Mike McConnell, who had been in the mainstream media repeatedly over the past few months — from 60 Minutes to the editorial pages of the Washington Post — mercilessly pimping the idea that the country was in a cyberwar and that it was losing.
DD has written about this a number of times, most recently here and here.
A couple things lend themselves to helpful repeat use:
In the case of Mike McConnell’s list of citations, one remarkable feature [was] that not a single reporter writing these things identified him as the chief salesman of Booz Allen’s cybersecurity business operation. It’s a computer security business which rides on stories about looming cyberwar and the national shortage of computer security workers, to be trained on the taxpayer dime and then poached so that they can be leased to the government by Booz Allen and its competitors.
All this, even though the big aimed-at-the-US-government consulting and contracting business gleefully flogs McConnell and whatever he’s saying or doing on its homepage daily.
And here:
What could be better than to have a VP on 60 Minutes telling everyone about the lurking menace of cyberattack, being able to feature that on your homepage right next to your links for cybersecurity job staffing for positions like “Defense Intelligence Critical Infrastructure and Homeland Defense Analyst” or “Iranian Cyber All-Source Analyst”? In case that country is planning to cyberattack us.
“Booz Allen Hamilton, a leading consulting firm, helps government clients solve their toughest problems with services in strategy, operations …” reads the website.
One sees the work afoot here. It could not be more obvious. One has the right to make a good living and there is no better place to present a sales pitch refined into a story of national menace then at 60 Minutes.
As for the James Lewis’s Center for Strategic and International Studies, it sold itself to one of the country’s biggest computer security vendors recently, for the sake of providing ‘research’ on the universal menace of cyberattack throughout the country.
And this was encapsulted in another vignette taken from the archives of recent national news:
Globally, widespread cyberfacilitated bank and credit-card fraud has serious implications for economic and financial systems and the national security …
Power plants, oil refineries and water supplies increasingly dependent on the Internet are under relentless attack by cyber spies and thugs, according to a McAfee report.
The “Critical Infrastructure in the Age of Cyber-War??? analysis by the US-based Center for Strategic and International Studies said the price of “downtime??? from major attacks exceeds six million dollars a day.
“If cyberspace is the Wild West, the sheriff needs to get to Dodge City,??? concluded the study commissioned by McAfee, which sells computer security software.
The Wild West analogy is one of James Lewis’s favorites. And while there may be truth in it, it’s purpose has been to merely feed hyperbole on the subject.
Well sorry, the man can’t have it both ways now.
James Lewis can complain that the manipulative hyperbole on cyberwar on the media isn’t helpful and that the US is now not in a cyberwar. But he should also have mentioned that he’s been one of the primary contributors to the hype. And that the selling of the services of the think tank shop one works out of to a large computer security vendor, for the purpose of furthering the message of cybercatastrophe, is also not much in the way of a confidence builder.
So why is the US not in danger of being crippled in a a cyber-ambush staged by another country?
Lewis answers this question in his essay, but even that is a fairly obvious revelation.
We’d start bombing the hell out of them. With or without ironclad proof of some other country’s complicity has never been an impediment to violent action in recent history.
Permalink
03.08.10
Posted in Bioterrorism, Crazy Weapons, Cyberterrorism, Extremism at 5:54 pm by George Smith
“It is always easy to find people who will pontificate about these matters and blow smoke in everyone’s ears … It’s a fancy idea lab, but the ideas are not that good.” — Me
“Electromagnetic pulse guns, genetically designed killer diseases and swarms of miniature self-guided missiles — if these sound like the products of a mad scientist, they should,” reports the Washington Times here. “They are among the threats predicted during the U.S. Army’s 11th annual Mad Scientist Future Technology Seminar (no, really) in Newport News, Va.”
“It is only a matter of time before there is a significant high-tech surprise awaiting U.S. military forces” … is this bullshitters paradise’s motto, reads the newspaper.
Refreshingly, DD was asked to deliver a dash of ice-water to the face.
“The summary lists five ‘significant findings’ of the seminar, concluding that ’emerging biological technology … especially in the hands of non-state actors, has the greatest potential to catch the Army unprepared in the short term’ by allowing the creation and delivery of new diseases for which there is no cure,” continues the Times. “The summary states that this capability likely will be available to U.S. adversaries ‘as early as 2015.'”
“The seminar concluded that ‘EMP weapons will become available to potential adversaries in mortar and artillery rounds soon … blending technologies necessary to generate an EMP with advances in miniaturization could produce a hand-held EMP gun before 2020.”
EMP guns lagging behind custom-made plagues? You don’t say, Misters Science Fiction Men! How about turning people into living shrapnel bombs, like they did in an episode of Fringe last year?
George Smith, a defense technology analyst and a senior fellow at GlobalSecurity.org, said in an interview that he was skeptical about the value of such exercises … They have been predicting some of these things for 20 years,” Mr. Smith said about some of the advanced threats discussed in the summary.
That’s just a fact. Electromagnetic ray guns have been promised for as long as DD has been in cyberspace. It’s the weapon that’s always coming but never quite arriving, despite much hoping and wishing.
And a few times a month DD gets querulous mail from people wishing to show me their EMP guns or impugn my character for writing stuff like this here.
What’s changed most, however, is the need for the Army’s ‘mad scientist’ picnic.
There isn’t any.
Anyone who follows national security affairs knows there’s no shortage of predictive analysis rank bullshitting about the many enemies the US is likely to face. Potential foes and their fancy weapons and plans lurk everywhere! MacGyver-like terrorists will make Facebook and bags of high-tech dirt into existential threats.
“[Adversaries] are likely to try to bypass the military, shifting ‘toward a focus on disrupting transportation, banking, and government infrastructure within the United States’ by exploiting malicious use of the Internet and other computer networks, ‘generating greater stress in an increasingly vulnerable U.S. homeland,” says some alleged director of Army intelligence analysis named Tom Pappas.
Nope, you certainly don’t hear that everyday now.
Brilliant stuff, lads, just brilliant! Tis a shame the taxpayer has to underwrite it. I sure could use a year of free lunches.
Permalink
03.05.10
Posted in Cyberterrorism, Extremism at 2:58 pm by George Smith
This week the Cult of Cyberwar was out in force at the RSA convention. At such a security con one expects a good deal of hot air meant to serve the corporate and government cybersecurity business infrastructure.
But even by the really lax Americans standard for cyberwar/cyberterror hype, this was an excessive exhibition.
If one can trust the Associated Press’s sampling of it.
Some quote:
“Every major company in the US and Europe has been penetrated — it’s industrial warfare … All the little cyber devices that the companies here sell have been unable to stop them. China and Russia are stealing petabytes of information … Nation states have created cyber-warfare units. They are preparing the battlefield … We have the governments of China and Russia engaging in daily activities successfully that the US government and private industry are not stopping and they are stealing anything worth stealing.” — Richard Clarke
Clarke was mentioned earlier in the week, here coincidentally, in a flog for his April-skedded book on the menace of cyberwar.
In that piece, it was said our most backward enemy, North Korea, is a deadly menace because the very nature of their backwardness renders them immune from our cyber-retaliations.
“White House Internet security coordinator Howard Schmidt on Tuesday at RSA released a declassified version of a Comprehensive National Cybersecurity Initiative,” informed AP.
The Federation of American Scientists posted a copy of that here.
To call that an underwhelming contribution to public knowledge on the government’s cybersecurity strategy is to do a disservice to the definition of underwhelming. By reasonable standards, Schmidt and the White House could have done nothing at all and the end result would be indistinguishable.
DD blog posted on Howard Schmidt being dubbed a ‘rock star’ of cybersecurity on Monday here.
It was a ludicrous statement then. Now it’s even more so, if such a thing is possible.
More quote, from FBI head Robert Mueller:
“As you well know, a cyber-attack could have the same impact as a well-placed bomb … In the past 10 years, Al-Qaeda’s online presence has become as potent as its in-world presence … Al-Qaeda uses for the Internet range from recruiting members and inciting violence to posting ways to make bio-weapons and forming social-networks for aspiring terrorists, according to Mueller,” informed the AP.
This material has been debunked so often it’s not worth going into detail over why it’s so pandering. Suffice to say, DD has looked at virtually all al Qaeda recipes for bioweapons.
They can’t make them from their Internet-distributed recipes. Period.
Mueller knows this, or some certainly do at the FBI, very probably those who just closed the case on a real bioterrorist, Bruce Ivins, the anthraxer.
Bruce Ivins did not use Internet recipes to make anthrax mail that killed five and terrorized the country. He used a gold standard flask of anthrax spores accumulated in his laboratory at Fort Detrick. Plus his lab skills as one of the foremost experts on anthrax in the country.
And DD wrote about that, too, earlier in the week.
All this does is point out the obvious: That you can say anything you want in the US, no matter how devoid of content, substance or full of stuff handcrafted for an audience of unquestioning fools and get away with it all the time. As long as you’re vetted as an allegedly sane authority figure.
And that goes double and triple for the Cult of Cyberwar.
There is one thing the Cult of Cyberwar and its fuglemen never allow in stories.
That would be comparisons from the real world. That’s because incoveniently bringing up Bruce Ivins when someone is babbling about al Qaeda passing around bioweapon recipes on the Internet is a real show-stopper.
Another such show-stopper was posted by Paul Krugman earlier this week. Krugman is a Nobel laureate. Richard Clarke, Howard Schmidt and Robert Mueller are not Nobel laureates.
Krugman knows how to use data and statistics graphically to make a point.
In his “Great Failure” blog post, Krugman put up a plot showing a projected one trillion dollar loss in real goods and services in the US as the a result of the economic collapse brought about by Wall Street.
Not hackers and nation-states prepping the battlefield against us for cyberwar.
“It’s crucial to realize that the trillion dollars’ worth of goods and services we could have produced this year, but won’t, is a loss we’ll never make up,” wrote Krugman on Monday. “And that doesn’t count the suffering and damage to our future inflicted by the non-monetary costs of mass long-term unemployment.”
It certainly puts the Cult of Cyberwar in perspective.
Alert readers will have noticed that recently DD began throwing Cult of Cyberwar stories into the ‘extremism’ category. That’s because that’s what the public message on the subject now amounts to.
Cult of Cyberwar — from the archives.
Permalink
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »