January 27, 2012
Cyber War - The Art of The Doable
The host Steve Kroft lays the groundwork when he describes information or cyber warfare as computers and the Internet that is used as weapons and says that "the next big war is less likely to begin with a bang than with a blackout."
This news segment was hosted with amazing folks like Retired Admiral Mike McConnell (former Director of National Intelligence), Special Agent Sean Henry (Assistant Director of the FBI's Cyber Division), Jim Gosler (Founding Director of CIA's Clandestine Information Technology Office), and Jim Lewis (Director, Center for Strategic and International Studies).
For those who think that cyber war is a virtual fantasy and that we are safe in cyberspace, it's high time that we think again.
Here are some highlights:
- When Retired Admiral McConnel is asked "Do you believe our adversaries have the capability of bringing down a power grid?" McConnell responds "I do." And when asked if the U.S. is prepared for such an attack, McConnell responds, "No."
- Jim Gosler describes how microchips made abroad are susceptible to tampering and could "alter the functionality" of let's say a nuclear weapon that needed to go operational, as well as how they "found microelectronics and electronics embedded in applications that shouldn't be there."
- Special Agent Henry talks about how thieves were able to steal more than a $100 million from banks in less than half a year, not by holdups but through hacking.
- Jim Lewis tells of the "electronic Pearl Harbor" that happened to us back in 2007, when terabytes of information were downloaded/stolen from our major government agencies--"so we probably lost the equivalent of a Library of Congress worth of government information" that year and "we don't know who it is" who broke in.
The point is that our computers and communications and all the critical infrastructure that they support--including our defense, energy, water, transportation, banking, and more are all vulnerable to potentially lengthy disruption.
What seems most difficult for people to grasp is that the bits of bytes of cyberspace are not just ephemeral things, but that thy have real impact to our physical universe.
Jim Lewis says that "it doesn't seem to be sinking in. And some of us call it 'the death of a thousand cuts.' Every day a little bit more of our intellectual property, our innovative skills, our military technology is stolen by somebody. And it's like little drops. Eventually we'll drown. But every day we don't notice."
Our computer systems are vulnerable and they control virtually all facets of lives, and if the enemy strikes at our cyber heart, it is going to hurt more than most of us realize.
We are taking steps with cyber security, but we need to quickly shift from a reactive stance (watching and warning) to a proactive posture (of prevention and protection) and make cyber warfare a true national priority.
December 10, 2011
Nuclear Weapons--A Scary Infographic
Unfortunately, I think many of the ones coming out recently are too jumbled, long and complex and read more like a "Megilla" (no disrespect intended).
I was a little surprised to find a infographic on Nuclear Weapons online, but then again it's not a "cookbook" and hopefully those are not being posted.
This one was interesting to me, not only because of the topic of weapons of mass destruction, but also because in 11 factoids, the graphics takes you through a pretty clear and simple overview of the subject matter.
No, its not getting into the physics and nuclear engineering depths of the whole thing, but at the same time, you have starting with the Manhattan Projects in the 30's, some nice history on the following:
- Invention
- Cost
- Types, both fission and fusion
- Testing
- Use
- Inventories, although based on recent articles on the 3,000 miles of Chines tunnels in the Wall Street Journal (25 October 2011) and Washington Post (30 November 2011), the Chinese number may be way too low--the WSJ based on Chinese media reports has it as high as 3,500!
- Even numbers "lost and not recovered"--11!--not comforting, who would've thought?
In the graphic, it would be interesting to see a breakdown by land-, bomber-, and submarine-based, (some nice graphics available for that) but perhaps a number 12 item on the infographic would've been getting too much in the weeds.
Also, a similar graphic for chemical and biological weapons while interesting, would be scary indeed.
(Source Graphic: here)
Nuclear Weapons--A Scary Infographic
October 2, 2011
Robots Are Not Just For Fighting
Robots Are Not Just For Fighting
September 10, 2011
Kamikaze UAVs
Kamikaze UAVs
Rising From The Ashes of 9/11
Rising From The Ashes of 9/11
July 24, 2011
SIMON Says Open
SIMON Says Open
June 4, 2011
Armored Skin
Armored Skin
March 9, 2011
Protect Yourself
Obviously, I can't tell you what the "right" thing to do is in any particular situation, but this is perhaps some valuable tips:
"Take 5 minutes to read this. It may save your life or a loved one's life.
In daylight hours, refresh yourself of these things to do in an emergency situation...
This is for you, and for you to share with your wife, your children, everyone you know.
After reading these 9 [actually 10] crucial tips, forward them to someone you care about.
It never hurts to be careful in this crazy world we live in.
1. Tip from Tae Kwon Do:
The elbow is the strongest point on your body. If you are close enough to use it, do!
2. Learned this from a tourist guide.
If a robber asks for your wallet and/or purse,
DO NOT HAND IT TO HIM.
Toss it away from you...
Chances are that he is more interested in your wallet and/or purse than you, and he will go for the wallet/purse.
RUN LIKE MAD IN THE OTHER DIRECTION!
3. If you are ever thrown into the trunk of a car, kick out the back tail lights and stick your arm out the hole and start waving like crazy..
The driver won't see you, but everybody else will.
This has saved lives.
4. Women have a tendency to get into their cars after shopping, eating, working, etc., and just sit (doing their checkbook, or making a list, etc. DON'T DO THIS!)
The predator will be watching you, and this is the perfect opportunity for him to get in on the passenger side, put a gun to your head, and tell you where to go.
AS SOON AS YOU GET INTO YOUR CAR , LOCK THE DOORS AND LEAVE..
If someone is in the car with a gun to your head DO NOT DRIVE OFF,
Repeat: DO NOT DRIVE OFF!
Instead gun the engine and speed into anything, wrecking the car.
Your Air Bag will save you.
If the person is in the back seat they will get the worst of it.
As soon as the car crashes bail out and run.
It is better than having them find your body in a remote location.
5. A few notes about getting into your car in a parking lot, or parking garage:
A.) Be aware: look around you, look into your car, at the passenger side floor, and in the back seat.
B.) If you are parked next to a big van, enter your car from the passenger door.
Most serial killers attack their victims by pulling them into their vans while the women are attempting to get into their cars.
C.) Look at the car parked on the driver's side of your vehicle, and the passenger side...If a male is sitting alone in the seat nearest your car, you may want to walk back into the mall, or work, and get a guard/policeman to walk you back out.
IT IS ALWAYS BETTER TO BE SAFE THAN SORRY. (And better paranoid than dead.)
6. ALWAYS take the elevator instead of the stairs.
Stairwells are horrible places to be alone and the perfect crime spot.
(This is especially true at NIGHT!)
7. If the predator has a gun and you are not under his control,
ALWAYS RUN!
The predator will only hit you (a running target) 4 in 100 times; and even then, it most likely WILL NOT be a vital organ.
RUN, Preferably in a zig -zag pattern!
8. As women, we are always trying to be sympathetic:
STOP
It may get you raped, or killed.
Ted Bundy, the serial killer, was a good-looking, well educated man, who ALWAYS played on the sympathies of unsuspecting women. He walked with a cane, or a limp, and often asked 'for help' into his vehicle or with his vehicle, which is when he abducted his next victim.
9. Another Safety Point:
Someone just told me that her friend heard a crying baby on her porch the night before last, and she called the police because it was late and she thought it was weird...The police told her 'Whatever you do, DO NOT open the door...'
The lady then said that it sounded like the baby had crawled near a window, and she was worried that it would crawl to the street and get run over.
The policeman said, 'We already have a unit on the way, whatever you do, DO NOT open the door.'
He told her that they think a serial killer has a baby's cry recorded and uses it to coax women out of their homes thinking that someone dropped off a baby...He said they have not verified it, but have had several calls by women saying that they hear baby's cries outside their doors when they're home alone at night.
10. Water scam!
If you wake up in the middle of the night to hear all your taps outside running or what you think is a burst pipe, DO NOT GO OUT TO INVESTIGATE! These people turn on all your outside taps full ball so that you will go out to investigate and then attack.
Stay alert, keep safe, and look out for your neighbors!
Protect Yourself
October 6, 2010
A Flying Boat, Machine Gun Included
A Flying Boat, Machine Gun Included
September 26, 2010
Now The Computer War Games Are Real
The Iranian nuclear program hit has been claimed for civil nuclear power but has long been suspected of being a cover for making weapons, and Iran has been unabashedly vocal about its hostile intent to many nations, even going so far as to openly threaten some, especially Israel, with complete “annihilation.”
The technical aspects of Stuxnet as a weapon are fascinating, for this is the first computer program “specifically created to take over industrial control systems.” Another article in U.K.’s The Guardian quotes another source as saying it is “one of the most refined pieces of malware ever discovered.”
This worm works by exploiting Windows operating systems security holes and taking over critical infrastructure SCADA systems (AKA Supervisory Control And Data Acquisitions systems or industrial control systems).
What is maybe even more amazing than the technical feat of Stuxnet, is that for months or years, everyone has been focused on and hypothesizing about when a traditional military strike was going to occur to the ever menacing Iranian nuclear threat. However, instead of conventional planes and bombs making a big bang (remember “shock and awe”), we get a silent but “very sophisticated” cyber worm that no one seems to have expected.
So times have certainly changed and with it warfare. Prior military engagements occurred on land, sea, and air with kinetic “bang/boom” weapons. Today they have a new domain in cyberspace with bits and bytes that are just as impactful. But I think what hasn’t really hit home with most people is that cyber war is not just virtual, like playing a video game (like the SIMS) or acting out in virtual reality (like Second Life); cyberwarfare starts online but has real physical ramifications as we see with the Stuxnet worm. Industrial systems like nuclear plants or hosts of other critical infrastructure (in manufacturing, energy, telecommunications, etc.) can be taken out with cyber bombs just like with real bombs maybe even better, faster, cheaper, and cleaner (less collateral damage).
We had all better be prepared for the fight in this new realm as the potential damage is as real as any we have ever seen before.
Now The Computer War Games Are Real
September 29, 2009
Turning the Tables on Terrorists
Rep. Roscoe Bartlett (R-Md) said that an Electromagnetic Pulse (EMP)—“it would bring down the whole [electrical] grid and cost between $1 trillion to $2 trillion” to repair with full recovery taking up to 10 years!
“It sounds like a science-fiction disaster: A nuclear weapon is detonated miles above the Earth’s atmosphere and knocks out power from New York City to Chicago for weeks, maybe months. Experts and lawmakers are increasing warning that terrorists or enemy nation state could wage that exact type of attack, idling electricity grids and disrupting everything from communications networks to military defenses…such an attack would halt banking, transportation, food, water, and emergency services and might result in the defeat of our military forces.” (Federal Times—September 21, 2009)
The Federal Energy Regulatory Commission (FERC) says “the U.S. is ill-prepared to prevent or recover from an EMP”—they are asking Congress for authority to require power companies to take protective steps to build metal shields around sensitive computer equipment.
It is imperative for us to protect our critical infrastructure so that we are not vulnerable to the devastating effects of a potential EMP blast. We must think beyond simple guns and bullets and realize that our technological progress is on one hand a great advantage to our society, but on the other hand, can be a huge liability if our technical nerve centers are “taken out”. Our technology is a great strategic advantage for us, but also it is our soft underbelly, and whether, we are surprised by an EMP or some hard-hitting cyber warfare, we are back to the stone age and it will hurt.
It also occurs to me that the same tools terrorists use against others can also be used against them.
Turning the Tables on Terrorists
July 18, 2009
IT as a Surrogate Weapon
There is a fascinating controversy going on now over the CIA plans to kill known al Qaeda terrorists. Should we “stoop to their level” and take them out or is this “assassination” style technique out of bounds for a free and democratic society?
Wow. I don’t think too many Americans the day after 9/11 would be asking that question.
We are quickly swayed by the events of the times and our emotions at play.
When 3,000 people—mostly civilians—were killed in a vicious surprise attack on our financial and military hubs in this country; when the Twin Towers were still burning and crashing down; when smoke was rising out of the Pentagon; and when a plane crashed in Pennsylvania—I think most of us would say, these terrorists need to be dealt a severe and deadly blow.
Who would’ve though that just a mere 8 years later, questions would abound on the righteousness of killing the terrorists who planned, executed, and supported these murderous attacks and still seek every day to do us incredible harm—quite likely with chemical, nuclear, biological, or radiological (CNBR) weapons—it they could pull it off in the future.
We are a society with a short-term memory. We are a reactive society. As some have rightly said, we plan to fight the wars of the past, rather than the wars of the future.
We are also a doubting society. We question ourselves, our beliefs, and our actions. And to some extent this is a good thing. It elevates our humanity, our desire to do what is right, and to improve ourselves. But it can also be destructive, because we lose heart, we lose commitment, we change our minds, we are swayed by political currents, and to some extent we swing back and forth like a pendulum—not knowing where the equilibrium really is.
What makes the current argument really fascinating to me from an IT perspective is that we are okay with drones targeting missiles at terrorist targets (and even with a certain degree of civilian “collateral damage”) from these attacks from miles in the sky, but we are critical and repugnant to the idea the CIA wanted to hunt down and put bullets in the heads of the terrorists who committed the atrocities and are unwavering in their desire to attack again and again.
Is there an overreliance on technology to do our dirty work and an abrogation of hands-on business process to do it with our own “boots on the ground” hands?
Why is it okay to pull the trigger on a missile coming from a drone, but it is immoral to do it with a gun?
Why is it unethical to fight a war that we did not choose and do not want, but are victims of?
Why are we afraid to carry out the mission to its rightful conclusion?
The CIA, interrogators, military personnel and so forth are demonized for fighting our fight. When they fight too cautiously—they have lost their will and edge in the fight, we suffer consequences to our nation’s safety, and we call them incompetent. When they fight too vigorously, they are immoral, legal violators, and should be prosecuted. We are putting “war” under a huge microscope—can anyone come out looking sharp?
The CIA is now warning that if these reputational attacks continue, morale will suffer, employees will become risk-averse, people will quit, and the nation will be at risk.
Do we want our last lines of defense to be gun-shy when the terrorists come hunting?
According to the Wall Street Journal, “one former CIA director, once told me that the ‘CIA should do intelligence collection and analysis, not covert actions. Covert actions almost never work and usually get the Agency in trouble.’”
The Journal asks “perhaps covert action should be done by someone else.” Who is this someone else?
Perhaps we need more technology, more drones to carry out the actions that we cannot bear to face?
I believe that we should not distinguish between pulling the trigger on a drone missile and doing the same on a sniper rifle. Moreover, a few hundred years ago the rifle was the new technology of the time, which made killing less brutal and dehumanized. Now we have substituted sophisticated drones with the latest communication, navigation and weapons technologies. Let’s be honest about what we are doing – and what we believe needs to be done.
(As always, my views are my own and do not represent those of any other entity.)
IT as a Surrogate Weapon
August 1, 2008
Robot Soldiers and Enterprise Architecture
Enterprise architecture can plan, but it must also perform outreach to meet stakeholder requirements and get their buy-in and commitment. A plan without acceptance is shelf-ware.
National Defense Magazine, March 2008, reports on Robot Soldiers, where the technology now exists to make them autonomous and carry lethal weapons—a deadly combination—but the military is not ready to accept it (yet).
“An armed robot with body armor could walk into an ambush, ‘coolly find target, and prioritize them, without getting scared, without making a mistake…In a constricted environment you don’t want to go one on one with a computer controlled weapon system. You’re not going to win that one. The robot is going to get you before you get him.’”
These soldier robots have come a long way. In World War II, the Germans tele-operated 8,000 Goliath suicide robots to blow up bonkers or tanks. Now these robots are autonomous meaning they need little to no operator intervention. “A reconnaissance robot, for example, can be sent into a bunker without any radio link, and come out with a complete map populated with icons showing the location of people, weapons, or evidence of weapons of mass destruction.”
Additionally, robots can now carry lethal weapons, including guns and rocket launchers or non-lethal weapons such as pepper-ball guns, and they have various sensors “to help them navigate rooms and avoid obstacles,” and track friendly forces. They can protect themselves against tampering, conduct explosive ordnance disposal (such as in Iraq), patrol installations, and bring the fight to the enemy. The robot soldier can accompany a real-life soldier—it can follow and keep pace—and when the soldier picks up a weapon and points it at something, so does the robot. A handy companion indeed when you’re about to get into a firefight!
Yet, despite how capable these robot soldiers are, barriers to acceptance remain. Outfitting an autonomous robot with a lethal weapon to use against humans is a big step and one that many in the military establishment are not ready to accept. But is it just a matter of time, especially if our enemies are developing these capabilities too?
It’s interesting that technology can get ahead of our ability to accept it, integrate into our norms, cultures, and way of life. An enterprise architect’s job is not just to identify and introduce new technologies (and business process improvements) to the organization, but to actually help manage the change process and adapt the new technologies to meet the mission.
In the case of robot soldiers, the acceptance and culture change will need to be met with many safety precautions to ensure that even robots functioning autonomously can be managed safely.
Robot Soldiers and Enterprise Architecture
May 2, 2008
Cyber Warfare and Enterprise Architecture
Security is a cross-cutting perspective in Enterprise Architecture, but I treat it as its own EA perspective because of its importance. And this is especially true in a law enforcement and defense readiness organization.
While security in EA is generally of a defensive nature, we must remember that as a nation, we must be ready to not only defend ourselves, but also to launch offensive operations and take out the enemy.
According to Military Information Technology Magazine, 9 April 2008, in an interview with Major General William T. Lord, the Department of Defense is standing up a new Cyberspace Command in the U.S. Air Force.
Why do we need this new Cyberspace Command?
There are many threats to us that emanate from cyberspace that include:
- Cyber-criminals—looking to steal your identity or your money
- Cyber-terrorists—“wants to disrupt, dissuade, or deter us from doing something
- Nation States—“some of which are out to interrupt U.S. interests anywhere in the world.”
Cyberspace is a dangerous place, especially if you’re DoD; they “get about 3 million attempted penetrations” a day!
This is why defense in depth is so important, so that if an enemy manages to get through the perimeter of our network security, we can still stop them at the second or third tiers of our defensive capabilities.
In terms of offensive capabilities, sometimes you have to take the battle to the enemy. At times, it is necessary to “disrupt an enemy prior to the conduct of kinetic combat operations, [so] that the enemy could not figure out what its command and control system was, had false data, could not see an attacking force, and was making decisions based on information systems that been manipulated in advance of combat operations.”
To architect the defensive and offensive cyberspace capabilities necessary to combat our enemies, it is imperative to continuously build information sharing and partnership between the parties involved, such as the Departments of Defense, Homeland Security, Justice and the Director of National Intelligence. This is a core tenet of user-centric EA.
Just as we invest in the latest and greatest kinetic weapons to defeat our enemies, we must also invest in non-kinetic weapons including “our electronic warfare, space systems, and cyber-systems. As Major General Lord, stated: “it’s not always about destroying things, but about changing behavior, so that an enemy concludes that the costs of whatever they had in mind is too great and will stop. [Then again,] sometimes you have to be able to whack somebody in the nose.”
Cyber Warfare and Enterprise Architecture