In July, Wired posted a fascinating article about the security concerns stemming from a new company that uses 3D printing stations and pre-loaded templates to reprint your keys should you lose them. I question whether the existing security paradigm of physical keys is actually coming to an end, but there are two important take-aways from this story. First, it's a powerful reminder that the proliferation of disruptive technologies impacts both digital and physical security. Second, that extends to a reminder that physical security practitioners will increasingly require network security expertise, as reflected by the fact that many facility security management positions now call for industry standard network security credentials.
Last week, SPX published an interesting piece entitled "Ground X Vehicle Program Aims to Break the More Armor Paradigm. One of the key precepts in both the former and current DoD counterinsurgency field manuals is that "Sometimes, the More You Protect Your Force, the Less Secure You May Be". Many organizations, including the DoD, approach security from the perspective that "more is better": more armor, more concrete, and such. Less common is an enterprise risk management approach that considers the likely threat environment, or alternative approaches to security. In some cases, particularly in high profile conflicts or locations, the alienation caused by an armored separation from the local populace can pay negative dividends, as this article from March notes. (I personally consider the MRAP program to have been an overwhelming success, but it's still important to consider both the costs and benefits, and to apply those lessons to future implementation.) I've witnessed organizations that couldn't afford elaborate security technologies or massive walls of concrete, but were able to make progress with good procedures, robust awareness programs, and close coordination with affiliated security organizations. The underlying lesson is that one-size-fits-all solutions to security challenges are not the answer; instead, security practitioners should design their risk mitigation efforts with a defense-in-depth approach that considers multiple approaches to counter their own specific challenges.
Finally, leaning further into the Anti-Terrorism/Force Protection discipline, the BBC ran an interesting piece on Libyan Survival Tips which have been prominent on Twitter during recent violence in and around Tripoli.
Saturday, September 20, 2014
Tuesday, September 2, 2014
Dear Mike: Dhofar, Wikileaks and Declassification
Note: This post began as a private E-mail to a former co-worker, but I've decided to share it because it illustrates some of the oft-overlooked aspects of the information security issues inherent to Wikileaks and its oversight-free release of protected information.
Mike,
I suspect that in your AOR, the topic of such figures as Bradley/"Chelsea" Manning and Edward Snowden must arise frequently. While in Scotland and also online, I've had frequent opportunities to dispute the youthful assertion that these individuals are "whistleblowers" and "heroes" and "men of conscience". I wanted to relate a story that puts their "whistleblowing" - particularly Manning's - into stark contrast.
As you know, one of my major areas of study in the last several years has been the Dhofar Rebellion, a six year counterinsurgency campaign which took place in southwest Oman from 1970 to 1976. The Dhofar War has become an obscure footnote of history despite its valuable lessons for modern warfare. Since 2012, I have collected hard and soft copies of much of the available literature on the Dhofar War with the ultimate intent of writing the magnum opus on the conflict. However, as this "obscure footnote of history" has only been sparsely reported in a variety of long-removed memoirs, I've worked to find as many additional scraps of information as possible.
My effort to find every smidge of data has included many vague and targeted Internet searches, to include scouring such storehouses of corporate knowledge as DTIC and RAND. About a month ago, quite by accident, one of the DTIC documents revealed that Cuba provided advisors to the Dhofari rebels. Upon discovering this, I decided to see what more I could find by doing Google searches for the following search string (without brackets): ["dhofar" "cuba"]. This yielded, among other things, three declassified documents from the Gerald R. Ford Presidential Library and Museum.
This is where it gets interesting. Another participant in the conflict was Imperial Iran, and one of the Iranian task force's key contributions was to secure, construct, and man a barbed wire and land mine obstacle known as the Damavand Line. The location of another Dhofar War obstacle, the Hornbeam Line, was well-documented because it was the purview of seconded British personnel who served covertly in the conflict. When I did a search for (without brackets) ["dhofar" "iran"] or ["dhofar" "damavand"], I was shocked at one of the search results.
Wikileaks.
As you may remember, we were working together in late 2007 when Wikileaks first came to prominence, and I was working on a network security team, placing me in the front echelon of the DoD's attempts to mitigate the damage done by early leaks. By 2010, when much of the data provided by Manning was being leaked daily by Wikileaks and analyzed by a ravenous and opportunistic international news commentariat, I had deployed to the Middle East. Each morning for a matter of weeks, when I walked down the stairs of my villa to leave for work, my housemate and co-worker Harry would greet me with the words, "We've got more wikileaks!" In July of 2013, when Edward Snowden disclosed another massive cache of classified data to Wikileaks (as well as the Chinese and Russian governments), I was in Scotland studying for my master's degree in Strategic Studies. This last location provided me with plenty of opportunities to argue with my coursemates, most of whom had yet to leave the warm cocoon of university life, over the ramifications of the disclosures made by Manning and Snowden.
(For what it's worth, I'm shamelessly mining Wikipedia in this next paragraph.) In their 2011 book WikiLeaks: Inside Julian Assange's War on Secrecy, David Leigh and Luke Harding report that Manning disclosed at least 250,000 U.S. diplomatic cables, and 500,000 Army reports that came to be known as the "Iraq War logs" and "Afghan War logs". The Australian reports that Australian officials estimated that Snowden stole 15,000 or more Australian intelligence files; the BBC reports that British officials estimate Snowden's leaks at 58,000 British intelligence files or more. Reuters reports that NSA Director Keith Alexander initially estimated that Snowden had copied anywhere from 50,000 to 200,000 NSA documents. According to Bloomberg News, later U.S. government estimates place the size of Snowden's haul at 1.7 million documents.
As either a young member of Generation X, or one of the very oldest Millennials, I'm fairly comfortable with technology. Having spent a number of years in various security positions, I'm also well versed in the U.S. government's policies and procedures for protecting sensitive information. Having been through the initial phase of the DoD's Wikileaks damage control efforts, I was well aware that even visiting Wikileaks' website was essentially verboten.
I thought about the issue for several days. I considered the fact that much of the information that classified networks process is actually unclassified - after all, per publicly available DoD and federal regulations, information can only be classified by a select group of senior individuals granted original classification authority, and if a document contains so much as a single derivative classified paragraph, the whole thing must be handled at that highest classification. Furthermore, even classified information is subject to mandatory review and declassification based upon timelines. (The Dhofar War ended nearly forty years ago, well beyond the threshold wherein information about the conflict would have required continual classification; several of its belligerents have even been devoured by history since the war's conclusion.) On a technical level, I remembered that Google not only collects blurbs of the webpages it catalogs (displayed in plaintext below the link and URL of each Google search result), but also caches many of the webpages in its database.
I wondered if this might give me a way to bypass Wikileaks itself to get an idea of how much information we were dealing with, and whether it had already been unclassified - perhaps skirting just a touch around the letter of the regulations while diligently adhering to their intent.
First, I ran a targeted Google search to see if they were tracking instances of the word "dhofar" on the site in question. This produced pages upon pages of results, some of which were cached, some of which weren't. I did a little research, and learned that in addition to routing searchers instantly through a subsequent Google webpage before sending them to their destination page, Google uses another two-stage process to direct users to cached content.
On a whim, I decided to try Bing. Microsoft's much-maligned search engine occasionally trumps Google. For example, my prior Dhofar Rebellion research taught me that while Bing Maps tends to use slightly older imagery, it's typically sharper than that of Google Maps. I decided to try a couple of similar search strings using Bing, and as it turns out, whether you're downloading Bing's cached version of a webpage or going to the actual website, it's a one-stage process: you're linked directly to Bing's cached HTML document, and you're linked directly to the third party website, rather than being further routed through Bing's system. So, using Bing, I ran another targeted search for "dhofar" and "unclassified", downloaded Bing's cached version of one such document, and had a look at the HTML. I can't speak for all of Wikileaks' Dhofar-related documents, but as I suspected (and had carefully targeted my search to confirm), the item from which I had downloaded the cached version from Bing was already been declassified.
At this point, I began to wonder: what if Bradley Manning had downloaded and leaked a bunch of documents that were already declassified? And what if the declassified items were already legitimately available somewhere else? So, I went back to Google and entered a simple search string: [declassified diplomatic cables]. My search led me to The National Security Archive page at George Washington University, which offered the following headline: "U.S. National Archives Web Site Uploads Thousands of Diplomatic Cables". Manning's disclosure took place in 2010; the National Archives and Records Administration (NARA) released these declassified cables in 2006. I went to the linked website, and a search for "Dhofar" yielded 569 results, with 413 of those results being diplomatic cables for 1974, 1975, and 1976 (the latter years of the Dhofar Rebellion). Another targed Google search produced 160 results (16 pages of 10 results apiece), most of which appear from the Google preview data to be leaked diplomatic cables. A cursory perusal of that preview data below the search results suggests that most or all of these are the same items that the U.S. government has already declassified and made available by way of NARA.
My last experiment was to copy a string of text from one of the NARA-hosted PDFs and run it through a Google search. The search produced only a single result: Wikileaks. That means that even though a legitimate copy of the document is available from the U.S. government, Google only points to the illicit copy hosted by Wikileaks.
So, what do my ad hoc efforts teach us?
First, it undermines the portrayal of either as a "conscientious objector" or "whistleblower". International media coverage of Wikileaks' disclosures focuses on the most salacious details, typically taken wholly out of context - for example, a 2007 air strike against Iraqi guerrillas, or an NSA data collection program. However, does anyone actually expect that Bradley Manning wanted to call America out on the carpet for its monitoring of a small war in the early 1970's? The fact that items such as these were included in the massive trove of documents disclosed by Manning suggests that he found a handful of files that caught his interest, at which point he copied swaths of files so vast that he could never have reviewed even a fraction of them before disclosing them. Snowden's disclosure of the better part of two million files is similar. Both men are commonly compared with Daniel Ellsberg, who leaked the Pentagon Papers in the 1970's - a disclosure of a mere (by comparison) seven thousand pages, of which Ellsberg had himself been directly involved, and which were expected to be released to the public later anyway.
Second, it suggests that Manning and Snowden, praised though they may be by some in the commentariat, had no concept of the potential ramifications of their disclosures. One mark of a whistleblower is that they release information specific to a grievance or conscientious objection. (Another is that they do so with the full knowledge of their chain of command in order that the strength of their convictions can be underscored by their willingness to suffer the consequences of their disclosure, but that's another matter for another discussion.) By contrast, Manning and Snowden are veritable berserkers, whose own tactical actions had destructive ramifications that can scarcely have been anticipated by either leaker. For example, two of Manning's cables published by the Guardian were headlined "Saudi king urges US strike on Iran" (The Guardian, 28 November 2010) and "Oman helped secure release of British sailors held by Iran" (The Guardian, 10 December 2010). Assuming that Manning was really opposed to the Iraq War, the idea that he would have intentionally eroded the trust of two American allies that were ambivalent about the conflict fails the logic test. For all of his accolades as a "cyber security genius", Snowden seems not to have even had the presence of mind to predict his indefinite tenure as an involuntary guest of Vladimir Putin.
Finally, my experiment reinforces the notion that, although slow and bureaucratic, the declassification process works. Had the diplomatic cables relating to the Dhofar War been disclosed in the mid-1970's, they would have damaged relations between the United States, the United Kingdom, Imperial Iran, and the Sultanate of Oman, in addition to harming still-adversarial relationships with South Yemen, the Soviet Union, and China. However, as the disclosure would no longer negatively impact American relations with the nations in question - several of which no longer even exist - they were appropriately declassified and disclosed. By contrast, the revelations that Oman acts as an intermediary between Iran and the West, or that the Gulf States are nervous about a nuclear-armed Iran, harm American relations with those governments and make it more difficult to collect human intelligence. In other cases, improperly disclosed cables may have ruined informants' lives or even gotten them killed. Snowden's leaks, which the media takes almost entirely out of context, have undoubtedly hamstrung certain efforts by signals intelligence professionals who work to keep Americans safe. (In July, Mark Stout at War on the Rocks and Benjamin Wittes at the Lawfare Blog wrote excellent analyses of Snowden's leaks.)
As for me, I now have 569 sources on the Dhofar War to review - compliments of the U.S. government - to Wikileaks' paltry 160 duplicates, which arrived to the party four years late. My only regret is that it was Wikileaks that pointed me to those sources in the first place.
Tom
Mike,
I suspect that in your AOR, the topic of such figures as Bradley/"Chelsea" Manning and Edward Snowden must arise frequently. While in Scotland and also online, I've had frequent opportunities to dispute the youthful assertion that these individuals are "whistleblowers" and "heroes" and "men of conscience". I wanted to relate a story that puts their "whistleblowing" - particularly Manning's - into stark contrast.
As you know, one of my major areas of study in the last several years has been the Dhofar Rebellion, a six year counterinsurgency campaign which took place in southwest Oman from 1970 to 1976. The Dhofar War has become an obscure footnote of history despite its valuable lessons for modern warfare. Since 2012, I have collected hard and soft copies of much of the available literature on the Dhofar War with the ultimate intent of writing the magnum opus on the conflict. However, as this "obscure footnote of history" has only been sparsely reported in a variety of long-removed memoirs, I've worked to find as many additional scraps of information as possible.
My effort to find every smidge of data has included many vague and targeted Internet searches, to include scouring such storehouses of corporate knowledge as DTIC and RAND. About a month ago, quite by accident, one of the DTIC documents revealed that Cuba provided advisors to the Dhofari rebels. Upon discovering this, I decided to see what more I could find by doing Google searches for the following search string (without brackets): ["dhofar" "cuba"]. This yielded, among other things, three declassified documents from the Gerald R. Ford Presidential Library and Museum.
This is where it gets interesting. Another participant in the conflict was Imperial Iran, and one of the Iranian task force's key contributions was to secure, construct, and man a barbed wire and land mine obstacle known as the Damavand Line. The location of another Dhofar War obstacle, the Hornbeam Line, was well-documented because it was the purview of seconded British personnel who served covertly in the conflict. When I did a search for (without brackets) ["dhofar" "iran"] or ["dhofar" "damavand"], I was shocked at one of the search results.
Wikileaks.
As you may remember, we were working together in late 2007 when Wikileaks first came to prominence, and I was working on a network security team, placing me in the front echelon of the DoD's attempts to mitigate the damage done by early leaks. By 2010, when much of the data provided by Manning was being leaked daily by Wikileaks and analyzed by a ravenous and opportunistic international news commentariat, I had deployed to the Middle East. Each morning for a matter of weeks, when I walked down the stairs of my villa to leave for work, my housemate and co-worker Harry would greet me with the words, "We've got more wikileaks!" In July of 2013, when Edward Snowden disclosed another massive cache of classified data to Wikileaks (as well as the Chinese and Russian governments), I was in Scotland studying for my master's degree in Strategic Studies. This last location provided me with plenty of opportunities to argue with my coursemates, most of whom had yet to leave the warm cocoon of university life, over the ramifications of the disclosures made by Manning and Snowden.
(For what it's worth, I'm shamelessly mining Wikipedia in this next paragraph.) In their 2011 book WikiLeaks: Inside Julian Assange's War on Secrecy, David Leigh and Luke Harding report that Manning disclosed at least 250,000 U.S. diplomatic cables, and 500,000 Army reports that came to be known as the "Iraq War logs" and "Afghan War logs". The Australian reports that Australian officials estimated that Snowden stole 15,000 or more Australian intelligence files; the BBC reports that British officials estimate Snowden's leaks at 58,000 British intelligence files or more. Reuters reports that NSA Director Keith Alexander initially estimated that Snowden had copied anywhere from 50,000 to 200,000 NSA documents. According to Bloomberg News, later U.S. government estimates place the size of Snowden's haul at 1.7 million documents.
As either a young member of Generation X, or one of the very oldest Millennials, I'm fairly comfortable with technology. Having spent a number of years in various security positions, I'm also well versed in the U.S. government's policies and procedures for protecting sensitive information. Having been through the initial phase of the DoD's Wikileaks damage control efforts, I was well aware that even visiting Wikileaks' website was essentially verboten.
I thought about the issue for several days. I considered the fact that much of the information that classified networks process is actually unclassified - after all, per publicly available DoD and federal regulations, information can only be classified by a select group of senior individuals granted original classification authority, and if a document contains so much as a single derivative classified paragraph, the whole thing must be handled at that highest classification. Furthermore, even classified information is subject to mandatory review and declassification based upon timelines. (The Dhofar War ended nearly forty years ago, well beyond the threshold wherein information about the conflict would have required continual classification; several of its belligerents have even been devoured by history since the war's conclusion.) On a technical level, I remembered that Google not only collects blurbs of the webpages it catalogs (displayed in plaintext below the link and URL of each Google search result), but also caches many of the webpages in its database.
I wondered if this might give me a way to bypass Wikileaks itself to get an idea of how much information we were dealing with, and whether it had already been unclassified - perhaps skirting just a touch around the letter of the regulations while diligently adhering to their intent.
First, I ran a targeted Google search to see if they were tracking instances of the word "dhofar" on the site in question. This produced pages upon pages of results, some of which were cached, some of which weren't. I did a little research, and learned that in addition to routing searchers instantly through a subsequent Google webpage before sending them to their destination page, Google uses another two-stage process to direct users to cached content.
On a whim, I decided to try Bing. Microsoft's much-maligned search engine occasionally trumps Google. For example, my prior Dhofar Rebellion research taught me that while Bing Maps tends to use slightly older imagery, it's typically sharper than that of Google Maps. I decided to try a couple of similar search strings using Bing, and as it turns out, whether you're downloading Bing's cached version of a webpage or going to the actual website, it's a one-stage process: you're linked directly to Bing's cached HTML document, and you're linked directly to the third party website, rather than being further routed through Bing's system. So, using Bing, I ran another targeted search for "dhofar" and "unclassified", downloaded Bing's cached version of one such document, and had a look at the HTML. I can't speak for all of Wikileaks' Dhofar-related documents, but as I suspected (and had carefully targeted my search to confirm), the item from which I had downloaded the cached version from Bing was already been declassified.
At this point, I began to wonder: what if Bradley Manning had downloaded and leaked a bunch of documents that were already declassified? And what if the declassified items were already legitimately available somewhere else? So, I went back to Google and entered a simple search string: [declassified diplomatic cables]. My search led me to The National Security Archive page at George Washington University, which offered the following headline: "U.S. National Archives Web Site Uploads Thousands of Diplomatic Cables". Manning's disclosure took place in 2010; the National Archives and Records Administration (NARA) released these declassified cables in 2006. I went to the linked website, and a search for "Dhofar" yielded 569 results, with 413 of those results being diplomatic cables for 1974, 1975, and 1976 (the latter years of the Dhofar Rebellion). Another targed Google search produced 160 results (16 pages of 10 results apiece), most of which appear from the Google preview data to be leaked diplomatic cables. A cursory perusal of that preview data below the search results suggests that most or all of these are the same items that the U.S. government has already declassified and made available by way of NARA.
My last experiment was to copy a string of text from one of the NARA-hosted PDFs and run it through a Google search. The search produced only a single result: Wikileaks. That means that even though a legitimate copy of the document is available from the U.S. government, Google only points to the illicit copy hosted by Wikileaks.
So, what do my ad hoc efforts teach us?
First, it undermines the portrayal of either as a "conscientious objector" or "whistleblower". International media coverage of Wikileaks' disclosures focuses on the most salacious details, typically taken wholly out of context - for example, a 2007 air strike against Iraqi guerrillas, or an NSA data collection program. However, does anyone actually expect that Bradley Manning wanted to call America out on the carpet for its monitoring of a small war in the early 1970's? The fact that items such as these were included in the massive trove of documents disclosed by Manning suggests that he found a handful of files that caught his interest, at which point he copied swaths of files so vast that he could never have reviewed even a fraction of them before disclosing them. Snowden's disclosure of the better part of two million files is similar. Both men are commonly compared with Daniel Ellsberg, who leaked the Pentagon Papers in the 1970's - a disclosure of a mere (by comparison) seven thousand pages, of which Ellsberg had himself been directly involved, and which were expected to be released to the public later anyway.
Second, it suggests that Manning and Snowden, praised though they may be by some in the commentariat, had no concept of the potential ramifications of their disclosures. One mark of a whistleblower is that they release information specific to a grievance or conscientious objection. (Another is that they do so with the full knowledge of their chain of command in order that the strength of their convictions can be underscored by their willingness to suffer the consequences of their disclosure, but that's another matter for another discussion.) By contrast, Manning and Snowden are veritable berserkers, whose own tactical actions had destructive ramifications that can scarcely have been anticipated by either leaker. For example, two of Manning's cables published by the Guardian were headlined "Saudi king urges US strike on Iran" (The Guardian, 28 November 2010) and "Oman helped secure release of British sailors held by Iran" (The Guardian, 10 December 2010). Assuming that Manning was really opposed to the Iraq War, the idea that he would have intentionally eroded the trust of two American allies that were ambivalent about the conflict fails the logic test. For all of his accolades as a "cyber security genius", Snowden seems not to have even had the presence of mind to predict his indefinite tenure as an involuntary guest of Vladimir Putin.
Finally, my experiment reinforces the notion that, although slow and bureaucratic, the declassification process works. Had the diplomatic cables relating to the Dhofar War been disclosed in the mid-1970's, they would have damaged relations between the United States, the United Kingdom, Imperial Iran, and the Sultanate of Oman, in addition to harming still-adversarial relationships with South Yemen, the Soviet Union, and China. However, as the disclosure would no longer negatively impact American relations with the nations in question - several of which no longer even exist - they were appropriately declassified and disclosed. By contrast, the revelations that Oman acts as an intermediary between Iran and the West, or that the Gulf States are nervous about a nuclear-armed Iran, harm American relations with those governments and make it more difficult to collect human intelligence. In other cases, improperly disclosed cables may have ruined informants' lives or even gotten them killed. Snowden's leaks, which the media takes almost entirely out of context, have undoubtedly hamstrung certain efforts by signals intelligence professionals who work to keep Americans safe. (In July, Mark Stout at War on the Rocks and Benjamin Wittes at the Lawfare Blog wrote excellent analyses of Snowden's leaks.)
As for me, I now have 569 sources on the Dhofar War to review - compliments of the U.S. government - to Wikileaks' paltry 160 duplicates, which arrived to the party four years late. My only regret is that it was Wikileaks that pointed me to those sources in the first place.
Tom
Subscribe to:
Posts (Atom)