Saturday, June 21, 2014

Cyber Part I: Wiki-Matters and Cats

Review by Bill Doughty

"Cyberspace" is a word coined by science fiction writer William Gibson* in his mindbending novel, "Neuromancer."
In "Cybersecurity and Cyberwar" by P. W. Singer and Allan Friedman, a new read on the CNO's Professional Reading Program, we learn about the online domain of cyberspace -- how it was created, how it is evolving and why the future of the Internet depends on interoperability, openness and trust.

"The takeaway for cybersecurity is that the entire system is based on trust." 

President Ronald Reagan famously advised in another context, "trust but verify." The authors say, "Ignorance is not bliss when it comes to cybersecurity." This is a topic that is now "a command responsibility" to understand.

Cats on YouTube can prove "the best defense is a good defense."
Part I of this book is loaded with definitions and explanations of terms and acronyms like: DARPA, IP, AS, ISP, URL, HTML, TSP, CA, ICANN, HTTP, PETF, OPSEC, hash, phishing and spearphishing, worms, botnets, APT and more. This is a book not only about computer terms but also about the history of the Internet. The authors reflect on how in 1989 a young senator from Tennessee, Al Gore, authored a bill to bring about quicker privatization of the Internet to democratize and popularize the Web.

Cats and cat video memes are important, too. In fact, there are 8 references to cats in this book, compared with only 6 about Edward Snowden.

Part 1 and Part II set the stage for solution-oriented approaches in Part III, solutions that may rest with self-regulation wikis and cooperation on the Web to protect common interests. According to Singer and Friedman, when it comes to cyberspace this is what matters: knowledge, people, incentives, the crowd ("all of us"), nation states (especially U.S. and China), and cats.
Before laser pointers, mirrors. Barefoot Sailors aboard USS Olympia play with their cat in 1898.
By the way, while putting together this post, I found a gem of a page from U.S. Naval Institute, "Cats in the Sea Services," including photos of cats throughout history with Marines, Coast Guardsmen and Sailors.

Those YouTube videos of cats are important, after all; fun has its place. "Google researchers have noticed an explosion of cute goat and cute Panda bear videos" as the Internet comes to sub-Saharan Africa and China.

Before we can truly have fun, though, we have to allay our fears -- of attack, loss of privacy and loss property or identity.

W. Edwards Deming, the father of quality management, said organizations need to drive out fear as a first step for employees to succeed. The authors of "Cybersecurity and Cyberwarfare" advocate for driving out fear in how we deal with the cyber world. The goal is to understand that openness and even "whimsy," not authoritarian control, help determine standards.

But so does comprehension, understanding "choke points," keeping data secure, ensuring information is not changed without authorization, and being able to use the system as anticipated -- to prevent the "blue screen of death."
"As threats evolve, so too must our responses to them. Some can be mitigated with small changes in behavior or tweaks in code, while whole classes of vulnerabilities can be prevented only by developing and implementing new technologies. Other vulnerabilities are simply a structural consequence of how we use the system. As we explore in Part III, how we navigate these challenges comes down to accepting that bad guys are out to exploit these vulnerabilities and then developing the best possible responses that allow us to keep benefiting from the good parts of the cyber age."
Finding balance and perspective becomes the next step in a Wiki-environment as "each of us, in whatever role we play in life ... make decisions about cybersecurity that will shape the future well beyond the world of computers."

That brings us to Part II of this essential book.

*Gibson, creator of the cyber-punk genre of fiction, won the Hugo Award, Philip K. Dick Memorial Award, and the Nebula Award for "Neuromancer" exactly 30 years ago, in the Orwellian year of 1984. He is credited not only with coining the term "cyberspace" but also, behind mirror shades, with envisioning the Internet and virtual reality before either existed.

Saturday, June 14, 2014

Cyber Part II - Fear, Beagle-punching, profits

by Bill Doughty

President Eisenhower famously warned against a military-industrial complex. The authors of "Cybersecurity and Cyberwar" ask if a cyber-industrial complex is developing, especially since 9/11/2001. 

As fear grows so does the profit motive.

But authors P. W. Singer and Allan Friedman contend that cyberthreats are not all created by a great conspiracy or political and profit incentives. 

They ask that threats "be put in their proper context and understanding." 

And they show how the pieces can fit to provide greater security and less fear.

The authors define and differentiate types of attacks using the "CIA triad": Confidentiality, Integrity and Availability. They examine:
  • how terrorists use the Web, 
  • why North Korea (which they call a "cyber pygmy") is less vulnerable to a Web attack, 
  • what Stuxnet did to Iran, 
  • how China steals trade secrets, 
  • what Israel's Operation Orchard did to network operations in Syria, and 
  • why "the best defense is a good defense," with parallels to the aftermath of the assassination of Archduke Franz Ferdinand in 1914.
"Cyber Security and Cyberwar" is between "Leading with the Heart" and "Neptune's Inferno."
It's thought-provoking history and context, with references to Mark Twain, Thoreau, von Clausewitz, President Truman, the Khan Academy and Tom Cruise and the Church of Scientology. 

Iraq and the rule of unintended consequences come up several times.

In 2007 several soldiers in Iraq, using their smartphones, took pictures of U.S. Army helicopters and uploaded them to the Internet, not knowing the photos had geotags that identified their precise location; insurgents destroyed four of the helos in a subsequent mortar attack. In another incident, Army officers took down an enemy computer network facilitating suicide bombings but inadvertently shut down 300 servers in the U.S., Europe and Middle East. And, at one point, insurgents in Iraq hacked into the feeds coming from drones using over-the-counter software. They were then able to watch themselves being watched by us. 

Part II of this book is all about why it's important to learn "What Everyone Needs to Know."  While this book is engaging as an instructional manual of sorts, focused on accomplishing its goals, there are moments of what the authors call "fun" and "whimsy." 

Just as Clay Shirky did about a lost cell phone in "Here Comes Everybody," Singer and Friedman talk-story about organic self-correcting online justice. Their anecdote is about beagle punching.

When "hacktivists" saw an undercover video of workers in a testing lab doing acts of animal cruelty they took matters into their own hands. Employees who punched beagle puppies in the face (no, I don't know what they were testing) were targeted for cyberjustice by hackers who used "both new hactivism and old-school civil disobedience." While the hackers' reaction may have been overboard -- publishing names, addresses and embarrassing personal information of employees -- the effects were startlingly effective. "Cybersecurity and Cyberwar" gives the details and brings up other examples of social media activism, including the "Arab Spring."

The authors call for perspective in the face of fear when considering how much damage can actually be done, noting that "the computer used as a military weapon is just a tool. Just as the spear, the airplane, or the tank, it simply aids in achieving the goals that are part of any military operation." We're reminded that box-cutters are tools, too, and in 9/11 in the hands of Islamist religious fundamentalists some box-cutters brought about massive destruction.

Learning the threats and strategies for defense: cyber security class at the U.S. Naval Academy.
The insights of U.S. Naval Academy Professor George R. Lucas Jr. are brought up several times in this book. Lucas says, "The threat of cyber terrorism is greatly overblown." And, "To be blunt: neither the 14-year old hacker in your next-door neighbor's upstairs bedroom, nor the two- or three-person al Quaeda cell holed up in some apartment in Hamburg are going to bring down the Glen Canyon and Hoover Dams."

Singer and Friedman show one example of the profit motive and growth related to cyberfears: In 2001, only four firms were lobbying Congress about cybersecurity, but in 2012 that number had risen to 1,489 companies seeking to influence public policy or otherwise lobby for their interests.

"With that money comes the risk of bias and even hype," the authors warn.
"The most important takeaway, then, is that we must avoid letting our fears get the better of us, or even worse, let others stoke our fears and thus drive us into making bad decisions. How we respond to this world of growing cyberthreats will shape everything from our personal privacy and the future of the Internet to the likelihood of regional crises and even global wars."
So the challenge is finding balance and perspective between security and privacy/freedom, face the hard choices, and make good decisions. That brings us to Part III, "What Can We Do." 

Saturday, June 7, 2014

Cyber Part III - Trust, War of 1812 and China

by Bill Doughty
Part III of "Cybersecurity and Cyberwar" has one of the book's best aha moments. The authors link piracy and privateering in the War of 1812 with an insight into U.S. relations with China and then examine what can be done to strengthen security and prevent Internet War.

Subtitled, "What Everyone Needs to Know," P.W. Singer's and Allan Friedman's work calls for a global standard with built-in resilience to ensure network security and protection.

Resilience, the ability to adapt to adverse conditions and overcome attacks, should be preceded by inoculation. The authors recommend a comparison with the Centers of Disease Control rather than the Cold War. They are skeptical of hyped warnings of an imminent "cyber Pearl Harbor" as long as governments, private industry and citizens adopt "vaccination" against attack. 
During and after the War of 1812, maritime piracy ran rampant, and patriot privateers assisted in fighting the pirates, damaging the British economy. The authors report that two hundred years ago there were 517 American privateer ships compared with U.S.Navy's fleet of 23 ships.

When it came to maritime piracy, "As in cyberspace today, one of the biggest challenges for major powers was that an attacker could quickly shift identity and locale, changing its flags and often taking advantage of third-party harbors with loose local laws."

Just like today, nations depended on a network of treaties and norms and the rule of law to preserve peace. Less than fifty years after the War of 1812 and just before the Civil War, both pirates and privateers were considered pariahs, and a global code of conduct was established.

No wonder this book was recently added to the CNO's Professional Reading Program's essential list. Consider the Navy's commitment to keeping sea lanes open and the global commons free.

Here's that "aha moment":
"The cyber parallel today, again, is that all netizens have a shared global expectation of freedom of action on the Internet, particularly online trade, just as it is ensured on the open ocean. If you knowingly host or abet maritime pirates or privateers, their actions reflect back on you. The same should be true online. Building those norms will motivate both states and companies to keep a better check on individual hackers and criminals (the pirate equivalent). It will also weaken the value of outsourcing bad action to patriotic hackers (the latter-day privateers).
"In addition to encouraging new accountability, this approach also offers opportunities for what are known as 'confidence-building measures,' where two states that don't get along can find ways to work together and build trust. After the War of 1812, for example, the British Royal Navy and nascent U.S. Navy constantly prepared for hostilities against each other, which made sense since they had just fought two outright wars. But as the network of norms began to spread, they also began to cooperate in antipiracy and antislavery campaigns. That cooperation did more than underscore global norms: it built familiarity and trust between the two forces and helped mitigate the danger of military conflict during several crises. Similarly, today the United States and China are and will certainly continue to bolster their own cyber military capabilities. But like the Royal Navy and new American Navy back in the 1800s, this should not be a barrier to building cooperation. Both countries, for instance, could go after what the Chinese call 'double crimes,' those actions in cyberspace that both nations recognize as illegal."
A similar insight comes from World War II. This past week was the 72nd anniversary of the Battle of Midway, turning point of the war in the Pacific against Imperial Japan and a victory for cryptology mathematics (codebreaking) and intelligence analysis. Today, Japan is our strong ally and friend, with a good self-defense force thanks in large measure to forward-thinking leaders like Adm. Arleigh Burke, Gen. Douglas MacArthur and Fleet Adm. Chester Nimitz.

So, when it comes to cybersecurity, can people look beyond short-term selfish gain and take a long view toward future good? 

Nations have come together in the past to agree to universal standards and rules. They have agreed on ways to use new technologies without imposing restrictive regulations or giving up privacy. An example the authors give is the telegraph and adoption of Germany's version of Morse Code. By the way, this week was also the 70th anniversary of D-Day, and today former enemy Germany, like Japan, is a bulwark of democracy and freedom in its region.

The next questions, then: Can we trust government, industry and each other? And, whether we can trust or not, can we come up with the mechanisms and arrangements to reach agreement?

Despite recent and not-so-recent examples of mistrust and distrust, there are many success stories about self-regulation and cooperation on the Web to deal with bothersome spam, dishonest scams and the evils of child porn.

The authors applaud opportunities for nations to train together, conducting cyber exercises and simulations. Such events have been sponsored by think-tanks from Beijing and Washington with the State Department and DoD participating, along with China's counterparts.  "The hope is that in the long run such exchanges will help build trust and reduce the likelihood of miscommunication during a real crisis or under poor assumptions." 
President Barack Obama and President Hu Jintao of China greet guests on the south lawn
of the White House, Jan. 19, 2011. (Official White House Photo by Pete Souza)
When you read "Cybersecurity and Cyberwar," you'll see the authors' conclusions for what's ahead.  You'll learn about where jobs are in the field and be reminded why it's imperative to promote STEM (science, technology, engineering and mathematics).

The authors include a thorough set of notes and an informative glossary.

Admiral James Stavridis, U.S. Navy (Ret), former Supreme Allied Commander at NATO, calls this, "The most approachable and readable book ever written on the cyber world."  P. W. Singer is author of "Wired For War," reviewed on Navy Reads in 2010.

Sunday, June 1, 2014

'Take a Look, It's in a Book'

by Bill Doughty

LeVar Burton was Kunta Kinte in the 1977 televised mini-series of Alex Haley's "Roots," a story about life-and-death struggles of an earlier generation (from the book by Alex Haley, a former chief journalist in the U.S. Coast Guard). Burton also starred as Geordi La Forge, wearing a prototype/future version of Google Glass in "Star Trek: The Next Generation." For this  21st-century generation, Levar Burton is known as the face and voice of "Reading Rainbow."

That wildly successful PBS series ran for 23 years starting in 1983 and lives on in Burton's various initiatives to promote books and reading for families, schools and libraries.

Burton and daughter Mica
Burton, an author, actor and activist, is bringing online reading and imagination-education to "a new generation of digital natives, launching a tablet-based children’s reading service in 2012 with hundreds of quality books and new educational video field trips," according to rrkidz, "the app quickly became and remains the #1 educational app, with over 13 million books read and videos watched in the first two years."

“Over 131,000 books a week are being read by children using our service in 47 countries across the world including China, India, South Africa, Israel, and Japan," Burton said.

This past week, Burton launched a Kickstarter campaign to further expand what he calls the "love, adventure and passion" of reading. He allotted 35 days to reach a goal of one million dollars, but hit that mark in the first day -- $3M in three days -- a testament to the support for Reading Rainbow and Burton's commitment to "changing the world, one children's book at a time."

Burton explains, “Reading Rainbow [is] on a mission to make a difference in the lives of children, families and schools around the world.” The Kickstarter campaign will help provide universal access to a web-based version of Reading Rainbow, an educator-specific version with teacher tools, and free access to the service for the nation's neediest schools.

Reading Rainbow represents another avenue for deployed service members who want to read to their children, alongside United Through Reading and similar initiatives by community libraries.

Writers LeVar Burton and Alex Haley.
LeVar Burton was born in to a U.S. Army family at Landstuhl Regional Medical Center, West Germany. 

Like Alex Haley, who was a photojournalist in the Coast Guard, Burton's father, Levardis Robert Martyn Burton, was a photographer, but he served in the Army Signal Corps. LeVar's mother, Erma Jean, was a social worker, administrator and educator.

In the Star Trek TV series, Burton was Lieutenant Junior Grade La Forge, in the movies he'd been promoted to lieutenant commander.

Fun fact: Burton's favorite storybook character, he says, is Spot from the classic children's book, "See Spot Run."