What You Should Be Reading

Dean breaks down the lying on the left regarding the government shutdown and what the Republicans are trying to accomplish. A small excerpt:

You are suggesting the House Continuing Resolution that passed late last Saturday night somehow defunded or struck down the ACA. This is false. The House funded all government operations and merely delayed the implementation of the individual mandate by one year. If “delayed by one year” sounds familiar, it should because that’s what the President has done for a select few.
. . .
What the House did through the legislative process, the President did illegally through executive fiat.

KTCat has been following the slow motion train wreck that is Japan.  He predicts that government spending and taxing and money printing won't save Japan.  He also advises us to follow the (smart) money.

Poll numbers show the San Diego mayor's race tightening as Faulconer and Alvarez increase their name recognition.  The UCFW Local 135 called the house asking my son to pledge support for Alvarez.

The Head of Iran's cyber warfare program was found dead in the woods with two bullets in his heart.  Is this assymetric retaliation or an Israeli op or both?  An earlier post discussed the Obama's administration complicity in giving Iran cover for its successful attacks on U.S. Navy networks.  We are at war with Iran whether we like it or not, but it is convenient for this administration to deny it from the public.  I look more and more to the foreign press to get accurate reporting on cyber issues, as I don't believe that the U.S. press is willing to give up their comfy spot on Obama's lap.

Cyber War - Anonymous Risks Gitmo Treatment or Worse

The hacker group Anonymous has apparently jumped into the Israeli-Hamas conflict by releasing the names and personal email addresses of five thousand Israeli officials, along with a message declaring cyber war on Israel.  It is Anonymous who used the term cyberwar; so this is not my interpretation of events.  Additionally, but not necessarily related, the Israeli government is combatting tens of millions of cyber attacks on the country's infrastructure and government web sites.

There is no doubt that future armed conflict are going to be accompanied by a complementary cyber war strategy.  What remains to be seen is how much affect non-state actors, like Anonymous, who are not parties to the conflict will influence the outcome.  Let's be clear, hacktivists groups who engage in cyber warfare are in the same legal category as "enemy combatants" who ended up in Guantanamo.  By engaging in cyberwar, they have become combatants, breaching the sovereignty of another nation, but without the protections that would come from working as a lawful combatant of sovereign nation at war.  Like it or not, international treaty does not protect such actors in the same manner as soldiers.

As a consequence, I expect the Israelis to eventually get annoyed enough to take some action.  Hacker groups are not immune from the detective work that trips up any other criminals.  This year, leading members of LulzSec and Anonymous were arrested.  If the Israelis snatch some members off the streets, don't expect them to announce the abductions any time soon.  Further, they might be within their rights to do so, because of the lack of legal protection afforded unlawful combatants.

The Law of Armed Conflict is intended to clearly distinguish between civilians and soldiers so that civilians may be protected.  Soldiers are afforded certain protections, to encourage proper treatment of prisoners of war on both sides.  Civilians are also afforded protection, both in the conduct of war and when they come under occupation.  By hiding in the civilian population, terrorists and hacktivists undermine the legal framework that protects civilians.  In much the same way that Hamas is responsible for the deaths of Palestinians by placing rocket launchers in civilian neighborhoods, so too do groups like Anonymous damage our rights in cyber space by performing criminal acts and unlawful acts of war.

Leaking Stuxnet

The Supermassive blackhole of incompetence that is the Obama administration has unleashed potential serious repercussions because of administration leaks that U.S. was behind the Stuxnet virus.  First, a little background.  The Stuxnet virus is an extremely sophisticated malware payload that targeted Iranian enrichment centrifuges.  What is little known, is that the there appears to be a "man in the loop" to direct the damage that the virus causes.  The virus was first spread through the use of infected USB thumb drives.  (Safety tip: there are multiple reasons you should never use these devices, ever.)  Then the virus spreads to other computers on the infected network and calls home.  It is looking for the signature of a software package used to program a Programable Logic Controller (PLC).  The virus is clearly sending information to a home computer and receiving updated instructions from a "man in the loop."  In this case the the individual controlling the virus went looking for software designed specifically to control the Siemens PLCs to control uranium enrichment centrifuges. You can view a simplified explanation of the process without reference to Iran or Siemens at Symantec.

The man in the loop is a big problem for the U.S., along with the leak that the U.S. was involved in the attack.  From the WaPo:

A damaging cyberattack against Iran’s nuclear program was the work of U.S. and Israeli experts and proceeded under the secret orders of President Obama, who was eager to slow that nation’s apparent progress toward building an atomic bomb without launching a traditional military attack, say current and former U.S. officials.

Is there any doubt that the political purpose of the leak was to enhance the administrations cred with regards to being tough on Iran?  This is the worst administration for politically motivated leaks I have ever seen.  What might be the consequences?

The subject of cyberwarfare is a little murky now, but I have no doubt that the general laws of warfare apply to cyberspace as well.  The Stuxnet attack seemed targeted to a military capability of Iran, avoiding civilian collateral damage.  By itself, the scrupulousness of the attack would make me believe that it was a U.S. product.  However, by leaking our involvement, the administration has left us open to a reprisal by the Iranians, against which we might have little recourse under international law.  International law provides for a proportional response to an attack by a foreign power; especially if that attack lacks sanction under any reasonable rubric of self defense or U.N. resolution.  If Iran respond with a cyber attack of their own, we have no recourse, not even through deniability, because the Iranians can claim proportional response.

Further, the disclosure puts U.S. personnel at risk who were involved in the construction of Stuxnet.  As a legal matter, the keys stolen from a Taiwanese firm that allowed the USB to hijack portions of the Windows operating system, were stolen illegally.  The admission makes the U.S. government a de facto partner or perpetrator of a criminal act that we have signed treaties to prevent.  Conceivably, a lawsuit to prise open information regarding the construction of the virus could follow.

To be clear, I support covert means to derail the Iranian nuke program.  But, the leakers should be punished, except that they have probably been sanctioned the President himself, for selfish political gain.  Damn the country, he needs re-election.  

In case you wanted the basic explanation:

 

Google Faster on Strategic Response to China than U.S.

On my other blog, I posted an article about Operation Aurora, the Chinese hacking effort aimed at Google and other IT service providers. Interestingly, my take on the situation was confirmed in a thoughtful article in the New York Times. If you care about the future of U.S. war fighting in cyberspace, then this is a must read article. A few quotes:

These recent events demonstrate how quickly the nation’s escalating cyberbattles have outpaced the rush to find a deterrent, something equivalent to the cold-war-era strategy of threatening nuclear retaliation.

So far, despite millions of dollars spent on studies, that quest has failed.

....

Participants in the war game emerged with a worrisome realization. Because the Internet has blurred the line between military and civilian targets, an adversary can cripple a country — say, freeze its credit markets — without ever taking aim at a government installation or a military network, meaning that the Defense Department’s advanced capabilities may not be brought to bear short of a presidential order.

.....

That is what makes the Google-China standoff so fascinating. Google broke the silence that usually surrounds cyberattacks; most American banks or companies do not want to admit their computer systems were pierced. Google has said it will stop censoring searches conducted by Chinese, even if that means being thrown out of China. The threat alone is an attempt at deterrence: Google’s executives are essentially betting that Beijing will back down, lift censorship of searches and crack down on the torrent of cyberattacks that pour out of China every day. If not, millions of young Chinese will be deprived of the Google search engine, and be left to the ones controlled by the Chinese government.

An Obama administration official who has been dealing with the Chinese mused recently, “You could argue that Google came up with a potential deterrent for the Chinese before we did.”

This requires deep thought about the asymmetry of the situation in cyber-warfare, where the identity of the enemy may not be initially known. It shows that excellent defense, while necessary is insufficient, I don't think anyone has a greater vested interest in good defense than Google, but they were still hacked. This is a very tough problem, and I wish I had more insight.