Wednesday, December 24, 2014

More on the Sony Hack and Attribution

Apparently I'm not the only security practitioner who's still skeptical about the accusations leveled at North Korea over the recent hack on Sony. I've seen no new evidence implicating North Korea (though the Wired article below cites government sources who claim that some of the undisclosed evidence is more conclusive), but word that security experts question the attribution appears to be spreading.

  • Wired Threat Level: Experts Are Still Divided on Whether North Korea Is Behind Sony Attack
  • In Plain English: Five Reasons Why Security Experts Are Skeptical that North Korea Masterminded the Sony Attack

    UPDATE: The articles keep coming, and security industry folks aren't backing down on their skepticism.

  • Foreign Policy: North Korea’s Non-Denial Denial About Hacking Sony
  • Politico: U.S.: No alternate leads in Sony hack

    The Politico story's headline is deceptive: in fact, the article is about how a major security firm, Norse, analyzed the publicly available data for the FBI and concluded that there was no available evidence linking the Sony hack to North Korea. The FBI maintains that those who have come to this conclusion are doing so based upon limited evidence, but they have yet to release any additional evidence directly linking North Korea to the attack. At this point, my proverbial money remains on the skeptics' conclusion, not the FBI's.

    UPDATE:: I was unaware until today, but Bruce Schneier has been blogging prolifically about the Sony hack, and as usual, his thoughts are cogent and rational. He links to another item by Marc Rogers, whom I cited in my original post on the topic; Rogers has also posted a third item. I've not had the opportunity to review either of Rogers' new articles, but will do so as soon as an opportunity arises. Schneier, a nationally recognized security expert, was recently criticized by Business Insider's Michael B. Kelley in an article entitled "Stop Saying North Korea Didn't Hack Sony". Aside from Kelley's uninspiring head shot, his bio doesn't exactly lend him much credibility to discuss technical matters: a BA in philosophy and a master's degree in journalism, supplemented by some high school sports writing experience and a few months spent studying Buddhism in India. I remain more inclined to consider Bruce Schneier's take on the matter.
  • Monday, December 22, 2014

    Reservations on Blaming North Korea for the Sony Hack

    Late last week, and into the weekend, the international press went absolutely and immediately frenetic at the suggestion that North Korea organized a massive hack against Sony in order to prevent the release of the James Franco/Seth Rogen film The Interview. You can read a bit more about the hack at Wikipedia, plus there's no shortage of news articles.

    Here's the thing: I'm skeptical that it was actually North Korea that orchestrated the attack. I was skeptical even before the story took off as a result of Sony's decision to cancel the film's release. And I'm not alone.

  • Wired.com Threat Level: The Evidence That North Korea Hacked Sony Is Flimsy
  • CBS: Ex-Anonymous hacker questions North Korea's role in Sony hack
  • Marc Rogers: Why the Sony hack is unlikely to be the work of North Korea
  • War is Boring: Everyone Lost Their Minds Over North Korea’s Bullying
  • North Korea Tech: Did North Korea hack Sony? Probably Not
  • Christian Science Monitor: Did North Korea really hack Sony? Cybersecurity pros at odds

    I especially recommend the write-up from Marc Rogers, which provides overviews and links for various aspects of the actual evidence. The Wired article provides similarly elucidating commentary. Less convincing is the analysis by Hector Monsegur/"Sabu", though it's possible that that's a result of the reporting, not of his actual body of work on the issue. Monsegur presents two arguments that, upon further consideration, lose some of their force. The first is the following observation:
    "For something like this to happen, it had to happen over a long period of time. You cannot just exfiltrate one terabyte or 100 terabytes of data in a matter of weeks," Monsegur said. "It's not possible. It would have taken months, maybe even years, to exfiltrate something like 100 terabytes of data without anyone noticing."
    My concern with this observation is that it seems to ignore just how lax Sony's security measures appear to have been. One commenter over at Doctrine Man's Facebook page noted:
    From what used to be Sony Internal Documents, about their IT security situation:

    "'We are definitely not taking advantage of the latest technologies in the way we work. We shouldn't be using an OS that has been released on 2001 anymore... There are new tools out there people, and we don't take the necessary time to exploit them, master them and improve them and that's not how leadership can be achieved... '

    'There is no overall Strategy in the departments of IT. IT is fragmented in the US due to everyone being in different offices/locations. Trust is not seen within the departments either and this needs to be addressed.'"
    Assuming that was the case, it could be entirely possible for someone to have exfiltrated a substantial amount of data, either relatively quickly or relatively slowly, without anyone in the IT department being any the wiser. The U.S. federal government makes a pretty concerted effort to keep up with developments in technical risk, with the actual IT industry consistently ahead of the pack. Most IT users, however - individuals and companies - do an awful job of safeguarding the confidentiality, integrity, and availability of their systems. That tends to be for one or both of two reasons: they see good IT security (even something as simple as anti-virus software) as cost-prohibitive, or they simply don't understand the risks in the first place. In fact, this is common for practitioners in all realms of security and risk management: potential customers tend to mistake successful deterrence for the absence of a threat.* Sony appears to have grossly underestimated the threat to their own proprietary information; in this case, regardless of the attacker, it appears to have cost them in excess of $44 million (the production budget for The Interview). The bottom line is that Sony may not have adequately resourced its IT security department to ensure that they could, in fact, recognize when data was being exfiltrated, let alone to do something about it had they been able to recognize what was happening. So, I'm not sure that Monsegur's point actually absolves (or implicates) North Korea.

    Monsegur's second observation is as follows:
    "Look at the bandwidth going into North Korea. I mean, the pipelines, the pipes going in, handling data, they only have one major ISP across their entire nation. That kind of information flowing at one time would have shut down North Korean Internet completely."

    Monsegur is confident they don't have the infrastructure to carry out this kind of attack.

    "They don't have the technical capabilities," he said. "They do have state-sponsored hackers very similar to China, very similar to Russia and very similar to our good old USA."
    Again, Monsegur is right on the surface, but neglects to mention that many attacks are distributed - for example, Distributed Denials of Service (DDoS) and botnets (the latter typically being used to facilitate the former). So, North Korea's limited data infrastructure is certainly a limiting factor, but one that could be mitigated through fairly straightforward methods- e.g., setting up malware and tools so that they executed from more robust networks than those available in North Korea itself.

    All of that having been said, I prefer to leave analysis of the actual code to those whose work I've linked above - I really don't have anything productive to add to that. What I want to discuss is the reasons why I don't think that the Sony hack actually coincides with North Korea's strategic interests.

    First, the Sony hack is far more conspicuous and/or damaging than prior North Korean saber-rattling. Although North Korea has been known to carry out fairly ambitious hacks, these have typically been targeted at South Korea, and their character has been much different than the Sony hack. Its most aggressive (and fairly recent) saber-rattling (aside from attacks directly against South Korea, such as the sinking of the Cheonan and the shelling of Yeonpyeong Island) was probably the 1998 missile/satellite test over Japan; while the North Koreans continue to test missiles and nuclear devices on occasion, nuclear tests always take place in North Korean territory, and the missile tests have most recently been launched into international air space. Save for the attacks on South Korea, which seem to be efforts at espionage rather than sabotage, North Korean attacks (to include hacking) have been specifically careful to threaten, rather than causing actual damage. Stated differently, North Korea rattles its saber to communicate threats, rather than to invite and/or justify retribution. The Sony hack doesn't fit that model.

    Second, the Sony hack is inconsistent with North Korean internal propaganda. The international community tends to dismiss Kim Jong Un as a heavyset novice who doesn't really know what he's doing, and they dismissed his father, Kim Jong Il, as an eccentric lunatic who was only interested in drinking cognac and making movies. Those characterizations may be somewhat fair, but for their domestic audience, the Kim Dynasty has been intent on maintaining two narratives. First, they set South Korea, Japan, and the United States up as fearsome enemies, dead set on imminently wiping out the North Korean people, which only the Kim Dynasty are powerful enough to keep at bay. To actually carry out an attack this significant undermines that narrative by implying that the Kim Regime can inflict significant damage against these enemies at will, which undermines their opponents' perceived ferocity, the Kim Regime's ensuing centrality to North Korea's defense, and the need for the North Korean people to live in such crippling poverty. (As a corollary, read Michael Totten's May 2009 post Davos in the Desert, which quotes Jay Nordlinger.) Beyond that, the whole thing makes Kim Jong Un seem very petty, rather than wise and benevolent. None of this plays into the longstanding narrative that South Korea, Japan, and America are a ferocious opponent, from which the North Korean people are protected only by the Kim Dynasty and their robust adherence to Marxist-Leninist ideals.

    Third, the North Korean regime tends to use its occasional saber-rattling episodes in conjunction with specific goals: securing additional food or fuel aid from its neighbors, pushing for the easing of sanctions, and such. They use their strategic capabilities in the pursuit of specific strategic goals in a sort of quid-pro-quo involving promises of compliance and aggressive threats. Aside from preventing the release of some silly movie that the North Korean people are unlikely to ever see, there seems to be no actual objective to coincide with this alleged hack. (This concept of marrying strategic ways, means, and ends has evaporated from the Western psyche, but totalitarian regimes tend to remember it far better than their Western democratic counterparts.)

    Fourth, a hack this conspicuous runs contrary to North Korea's recent efforts to improve relations with their southern neighbor. Some may remember that in October, North Korea sent an unannounced delegation of senior leaders to meet with South Korean leaders. While not mutually exclusive, it would be pretty inconsistent of the North to time such an audacious attack to coincide with such an unprecedented conciliatory move.

    At any rate, it's good to see that a handful of credible news outlets are adopting a "Hey, let's take a step back and actually look at the evidence" posture, but most news outlets are merely repeating the "allegations", noting what various organizations are "investigating the possibility of", or just plain parroting the U.S. federal government's talking points as if the talking points themselves are the news.

    In summary, I'm not saying that North Korea didn't attack Sony; but, as the sources cited above suggest, there seems to be more evidence pointing to disgruntled insiders or "hacktivists" than to North Korea. Regardless, I suspect this will be yet another case of a lie making it halfway 'round the world before the truth has a chance to put its boots on.

    Postscript: Between when I wrote this and when I'm posting it, North Korea's portion of the Internet appears to have been knocked offline. As I mention above, it's entirely possible that North Korea was behind the Sony hack, and that its Internet outage results from a semi-justified counterhack. However, my intuition that this incident had little or nothing to do with North Korea, and that any potential counterhack represents an impulsive escalation, the long-term ramifications of which may be more significant than the powers that be may realize.

    * One of my colleagues was dismissed from his job as an overseas facility security manager because the incoming facility manager deemed his position, and the security improvements he had been hired to implement, too costly relative to the perceived threat. This took place less than a year into the Arab Spring. In September of 2012, after the attack on the American consulate in Benghazi, Libya, the facility manager's successor called a meeting to discuss security improvements. Rumor has it that my colleague's supervisor informed the new manager, "Well, sir, we used to have a guy on staff who did that kind of work and could make those recommendations, but your predecessor said we didn't need that capability anymore and he was laid off." The obvious difference between the Sony hack and the Benghazi attack highlight the legitimacy of Thomas Rid's argument, but the principle is the same: both the State Department and Sony decided to assume a great deal of risk, and were unprepared for the potential results.
  • Friday, December 19, 2014

    Selections from Clausewitz, Part 1

    The prophet of strategy was Carl von Clausewitz, a Prussian military officer who fought in the Napoleonic Wars, served in the Prussian and Russian armies, and died in 1831. After his death, von Clausewitz's wife, Countess Marie von Clausewitz (née, Countess von Brühl) collated his collected writings and published them as Vom Kriege - "On War". Although Sun Tzu's The Art of War gets much more press than On War, Thomas Rid - you remember, the guy whose book I gushed about last week - rightly notes that whereas On War offers profound, detailed, complex thoughts on strategy and politics, Sun Tzu's magnum opus "read[s] like a choppy Twitter feed from 500 BC". It's understandable: people love, short, direct, quotable catch phrases because they're easier to comprehend than the very weighty wisdom that von Clausewitz left to the world. I'm reminded of 1 Corinthians 3:2 or Hebrews 5:12: Sun Tzu's comparatively short book of philosophical phrases is milk, whereas Carl von Clausewitz's dense tome is meat.

    I hold a degree in military strategy ("Strategic Studies"). My curriculum exposed me to various Clausewitzian passages and concepts, but the entirety of On War wasn't on the syllabus. It's sort of like getting a master's degree in divinity without ever having been on the hook to actually read the Bible. So, I'm going to try - slowly - to read a chunk of On War each day. I don't know how long it will take me, and I don't really care, but I've already found some interesting passages, and I'm not even through the first chapter. Here are a few I've found interesting.
    "Violence arms itself with the inventions of Art and Science in order to contend against violence. Self-imposed restrictions, almost imperceptible and hardly worth mentioning, termed usages of International Law, accompany it without essentially impairing its power."
    - Carl von Clausewitz, On War, Book I, section 2
    If only Carl von Clausewitz knew... As I noted earlier, he died in 1831. The Napoleonic Wars, and prior wars such as the American Revolution and the Seven Years War, had gotten to the point of relative civility. As industrialization and the beginnings of the Progressive Movement began to influence both government and society at large, Western governments were increasingly of the mind that war could be legislated into civility, and into oblivion, by way of international laws, accords, treaties, and concensus. Below is a list of only the most significant treaties governing war and warfare which have entered into (and, in some cases, exited from) force since von Clausewitz's death.

    1864 - First Geneva Convention for the Amelioration of the Condition of the Wounded and Sick in Armed Forces in the Field
    1868 - St. Petersburg Declaration (precursor to Declaration III of the 1899 Hague Convention)
    1899 - 4 Hague Conventions, 3 Declarations
    1906 - Second Geneva Convention for the Amelioration of the Condition of Wounded, Sick and Shipwrecked Members of Armed Forces at Sea
    1907 - 13 Hague Conventions, 2 Declarations
    1922 - Washington Naval Treaty of 1922
    1925 - Geneva Protocol to the Hague Convention (chemical warfare)
    1928 - Kellogg-Briand Pact
    1929 - Third Geneva Convention relative to the Treatment of Prisoners of War
    1930 - London Naval Treaty of 1930
    1936 - Second London Naval Treaty
    1949 - Fourth Geneva Convention relative to the Protection of Civilian Persons in Time of War
    1972 - Biological Weapons Convention (addition to Geneva Protocol)
    1977 - Geneva Protocol I relating to the Protection of Victims of International Armed Conflicts
    1977 - Geneva Protocol II relating to the Protection of Victims of Non-International Armed Conflicts
    1993 - Chemical Weapons Convention (addition to Geneva Protocol)
    2005 - Geneva Protocol III relating to the Adoption of an Additional Distinctive Emblem
    Between readings from Colin S. Gray and John J. Weltman, I'm convinced that belligerents abide by or violate such treaties, regardless of whether or not they are signatories, based upon their own interests with respect to Thucydides' strategic triad: fear, honor, or interest. A number of these conventions, protocols, and treaties are hilariously outdated, or have proven mostly ineffective - for example, the St. Petersburg Declaration and the Hague Conventions outlawed the use of hollow-point bullets in warfare, and the 1925 Geneva Protocol to the Hague Convention and 1993 Chemical Weapons Convention to the Geneva Protocol haven't actually ended chemical warfare. I'm reminded of one of my favorite essays/speeches, "Aliens Cause Global Warming" by the late Michael Crichton. Regardless of one's view on the actual issues of global warming/climate change, Crichton's thesis should appeal to all: governments have become very fond of wrapping the actual science around policies they already support, regardless of what the science actually says. I suspect Carl von Clausewitz would look back at the effectiveness of these various legal injunctions, snort, and say "Ich habe dir so viel" - "I told you as much."
    Now, philanthropists may easily imagine there is a skilful method of disarming and overcoming an enemy without causing great bloodshed, and that this is the proper tendency of the art of War. However plausible this may appear, still it is an error which must be extirpated; for in such dangerous things as war, the errors which proceed from a spirit of benevolence are just the worst. As the use of physical power to the utmost extent by no means excludes the co-operation of the intelligence, it follows that he who uses force unsparingly, without reference to the quantity of bloodshed, must obtain a superiority if his adversary does not act likewise. By such means the former dictates the law to the latter, and both proceed to extremities, to which the only limitations are those imposed by the amount of counteracting force on each side.

    [...]

    If the wars of civilised people are less cruel and destructive than those of savages, the difference arises from the social condition both of states in themselves and in their relations to each other. Out of this social condition and its relations war arises, and by it war is subjected to conditions, is controlled and modified. But these things do not belong to war itself; they are only given conditions; and to introduce into the philosophy of war itself a principle of moderation would be an absurdity.
    - Carl von Clausewitz, On War, Book I, section 3
    Following from the last passage to at least some degree, von Clausewitz pours additional cold water on the idea of constraining warfare by way of legal injunctions on armaments or methods, but goes a bit further and, in effect, dismisses what we might now call "limited war". In my course, we came to the collective conclusion - guided by our beloved course director - that limited war is a great theory, but that it doesn't actually withstand the tests of history or reality. Apparently, we agreed with von Clausewitz without realizing it at the time.
    "If our opponent is to be made to comply with our will, we must place him in a situation which is more oppressive to him than the sacrifice which we demand; but the disadvantages of this position must naturally not be of a transitory nature, at least in appearance, otherwise the enemy, instead of yielding, will hold out, in the prospect of a change for the better."
    - Carl von Clausewitz, On War, Book I, paragraph 4
    I read this, and immediately thought of President Obama's decision in late 2009 to send a surge of thirty thousand troops into Afghanistan, but on an announced withdrawal timeline. Conservatives criticized President Obama at the time for, in essence, telling the Taliban exactly how long they would need to hold out in order to prevail. It appears that von Clausewitz would have looked with the White House's 2009 plan with great concern.
    "If we desire to defeat the enemy, we must proportion our efforts to his powers of resistance. This is expressed by the product of two factors which cannot be separated, namely, the sum of available means and the strength of the will. The sum of the available means may be estimated in a measure, as it depends (although not entirely) upon numbers; but the strength of volition, is more difficult to determine, and can only be estimated to a certain extent by the strength of the motives."
    - Carl von Clausewitz, On War, Book I, paragraph 5
    This passage is interesting for several reasons. First, the concept of proportionality ties into Just War Theory, although Clausewitz might disagree with St. Augustine and other Just War philosophers with his suggestion that a belligerent can only prevail insofar as they are willing to use at least a slightly disproportionate amount of force relative to the opponent's capacity to resist.

    I'm also reminded of the legendary General James N. Mattis' famous memorandum assessing Effects Based Operations (EBO). I once heard General Mattis speak on the topic, and he related a story from the Iraq War in which Marines were deployed to collect information to feed EBO's information requirements, but that he saw that Iraqi forces' strength of will was unrelated to their "sum of available means" with respect to their capacity to fight to defend their territory. It was a moving anecdote, as evidenced by the fact that I remember it so vividly all these years later. Our recent war efforts have often boiled down to hard, sterile data and what its interpretation suggested that coalition forces ought to do. It seems that Carl von Clausewitz, and indeed James Mattis, would beg to differ with such an approach. More to come as my readings continue.

    Friday, December 12, 2014

    Stream of Consciousness Link Purge

    I check a bunch of news sites most days. Sometimes, I see stuff that doesn't interest me so much, but might interest some of my former Strategic Studies coursemates. I find other stuff that I find pretty interesting, or which connects to some other source for one reason or another. So, in lieu of posting twenty different things to Facebook, I figured I'd wrap them up into a blog post instead. That way, blog readers may run across something they'll appreciate, and I can post it to a wider Facebook audience as well.

    One of my favorite podcasts is the War Studies Podcast from the Department of War Studies at King's College London. The KCL WSD was sort of considered the gold standard while I was at Aberdeen, but for my money, Aberdeen was a much better investment. At any rate, they did a podcast back in October with open source intelligence (OSINT) guru Brown Moses on OSINT. I ended up listening to it on the way back from work one day, and it carried over into a discussion of the Pakistani army by Dr. Christine Fair that I ended up finding very interesting, although it got interrupted by my arrival back at my place, so as I'm writing this, I haven't listened to the end of it yet.

    The Brown Moses interview reminded me of two things I'd read recently: War is Boring published an article entitled Be Very Skeptical—A Lot of Your Open-Source Intel Is Fake. For what it's worth, I linked to Brown Moses' most famous piece, Seymour Hersh's Volcano Problem, back in April.

    The interview with Dr. Christine Fair reminded me of an article I read earlier this week over at War on the Rocks: Explaining Pakistan's Confidence. The War Studies Podcast did another episode last week entitled Pakistani perspectives on Afghanistan, which I haven't been able to listen to yet.

    War Studies' most recent podcast - which I also haven't had a chance to listen to yet - is titled Franklin expedition: myths, archeology & Canadian identity. This, of course, reminded me of CN Slapshot, my Canadian coursemate. (For anyone who missed the memo, Canada announced in September that it had located one of Franklin's ships in September; in October, the Canadian government confirmed that the ship in question is HMS Erebus. (Franklin's lost expedition also had an Orcadian connection, though my friend Rock Sniffer may not have realized it a year ago when she was photographed with Dr. Rae's statue just a few minutes after getting off the ferry in Stromness harbo(u)r.) CN Slapshot may take some interest in that podcast, but I'm sure he'll take interest in an AFP story: No edge for F-35 on most missions: report.

    Another of my cousemates was a jovial, gregarious lad from near Inverness, whom I code-named CN Ness. In 2012 and 2013, CN Ness was a rabid North Korea addict - mainly because of the wide variety of weird stories that came out of the Hermit Kingdom, but also just because of North Korea in general. I presume he's still as interested in North Korea as he was then, so, I've been saving some links for him, and now I'm purging them by posting them.

  • North Korea responds to UN with nuclear test threat
  • Signs N.Korea preparing bomb material amid nuclear test threats
  • N.Korea warns of 'catastrophic consequences' over UN rights ruling
  • North Korean military conducting intensive exercises
  • No sign of imminent N. Korea nuclear test: US think-tank

    OSINT, to Pakistan, to Canada, to North Korea. Not bad for a stream of consciousness post to cull my saved news links, huh?
  • Thursday, December 11, 2014

    MRAPs and ISIS/DAESH

    A few weeks ago, the Duffel Blog - a sort of military version of the famed humor site The Onion - published this article in which a member of ISIS/DAESH thanks an MRAP manufacturer for saving his life in combat. A couple of days ago, the Long War Journal reported that the Nusrah Front used a United Nations MRAP as a vehicle-borne IED. Having worked on the MRAP program, the Duffel Blog article stung. The article about the UN MRAPs is just demoralizing. Ouch.

    Wednesday, December 10, 2014

    Musings on President Nixon's Strategic Accomplishments

    When most people hear the name "Richard Nixon", they think of one thing: the Watergate scandal. Despite his own efforts to rehabilitate his image upon leaving the White House, and despite some careful efforts by President Reagan to restore some of the disgraced chief executive's legitimacy, Nixon remains mostly reviled. His Secretary of State, Dr. Henry Kissinger, remains controversial in some circles, but his reputation has weathered the decades a bit better.

    Aside from my own disdain for the Nixon Administration's actions with respect to the Watergate scandal, going to see the 1999 comedy Dick, and being annoyed that Episode 105 of Chappelle's Show had Chappelle shouting "Why, Nixon!? Why!?" instead of "Why, Johnson!? Why!?", I'd never really paid Richard Nixon much mind. However, while doing some pre-readings for graduate school in 2012, I read World Politics and the Evolution of War by John J. Weltman (Amazon, Google Books), which is one of the best books on military history I've ever read. Before reading Weltman, I was aware of America's mixed results in Southeast Asia - I have always believed that Vietnam was not an outright loss for the United States, although it also wasn't an outright win. Weltman's book introduced me to the wider strategic context: that Nixon and Kissinger learned of a growing rift between the Soviet Union and China, and used disengagement from Vietnam as leverage to open relations with China and, in so doing, deepened the Sino-Soviet rift. (According to Weltman, at one point that rift was in danger of escalating into a Sino-Soviet nuclear war.)

    In recent months, I've enjoyed reading several articles about President Nixon and, to a lesser degree, Dr. Kissinger.

  • War on the Rocks: A New Nixon Doctrine: Strategy for a Polycentric World
  • The New Statesman: Rethinking Nixon: Forty Years After Watergate, Can the 37th President be Rehabilitated?
  • War on the Rocks: Nixon, Kissinger, and the Shah: A Troika of Realists

    With respect to that last article about President Nixon, Dr. Kissinger, and the Shah of Iran, one of my recent posts quoted a couple of sources on the "Nixon Doctrine", in which American allies were empowered to see to their own security needs with American assistance, but without direct American involvement. I cited it in reference to the Dhofar Rebellion - one of my favorite topics, as longtime readers will know. In January of 1975, roughly six months after President Nixon's resignation and less than a year and a half before the official declaration of victory in Dhofar, President Ford hosted Sultan Qaboos at the White House. (You can see PDFs pertaining to the Ford Administration's interaction with Sultan Qaboos and the Dhofar War here, here, and here.) Under the Nixon and Ford Administrations, the "Nixon Doctrine" - this concept of empowering and supporting proxies - showed promise, although that promise was subsequently undermined by the Carter Administration.

    President Ford was, of course, serving out the remainder of President Nixon's term, and only six months into that remainder, he would have had few opportunities to differentiate from the policies established by his disgraced predecessor. The 1976 election produced a close result, and had President Ford avoided this fatal debate gaffe, he might have carried the 1976 election and continued Nixon's approach to foreign policy. Roughly three years into President Carter's term, America's strategic position had badly eroded, two examples of this being the Shah's ouster in Iran and the Soviet invasion of Afghanistan. As Sir Laurence Martin noted in his fourth BBC Reith Lecture from 1981, essentially assessing the strategic landscape that President Carter left to President Reagan:
    The incentives and disincentives to acquire a military capability are many. Prestige plays a role as an incentive and expense as a disincentive. But the most powerful considerations naturally arise from the strategic balance itself. Thus if the Great Powers of the developed world are to discourage nuclear proliferation in the Third World, they will have to play a role in the security affairs of that world. This already happens, of course. When both South Korea and Taiwan reacted to the Indian nuclear test, and to the weakening of American prestige following Vietnam, by moving towards nuclear reprocessing, the United States not only twisted their economic arms to desist, but strengthened its security assurances on the clear condition that the nuclear efforts subsided. President Carter’s plan to withdraw the American garrison from South Korea was shelved.
    Of course, history played out much differently. National disillusionment with the Watergate scandal, combined with President Ford's gaffe and a variety of other factors, led to Carter's narrow victory in 1976, and Carter's subsequent failures led to the resounding victory of Ronald Reagan in 1980. I question whether Republicans could have held the White House through to 1989, let alone to 1993, had it not been for President Carter's disastrous tenure; the prospect of any one party holding America's Executive Branch from 1969 until 1989 or 1993 would have been extremely unlikely. Even so, the groundwork of detente with the Soviet Union and engagement with China which was laid mainly by President Nixon from 1969 through to 1974, with President Ford carrying on until early 1977, sowed some of the very seeds that President Reagan would eventually reap during the 1980's when his administration delivered the long coup de grâce that finally demolished the Iron Curtain by the twilight of President George H.W. Bush's tenure in the Oval Office.

    As such, it's unfortunate, albeit understandable, that President Nixon is known only for a knuckleheaded scandal, rather than the strategic triumphs he and Dr. Kissinger orchestrated during his tenure, and contributed to during subsequent administrations, serving to soften America's memory.
  • Tuesday, December 9, 2014

    Another Burkina Faso Update

    Blaise Compaore's ouster in Burkina Faso has fallen out of the international headlines, but here are some of the additional articles on the topic that I kept track of over the last few weeks. My only note of clarification is that all of these folks who keep calling Compaore's predecessor, Thomas Senkara, "the African Che Guevara" either don't have much respect for Senkara, or don't actually know how feckless a revolutionary Ernesto Guevara actually was.

  • BBC: Burkina Faso crisis: African leaders in army handover talks
  • Al Jazeera: African leaders tackle Burkina Faso crisis
  • BBC: Burkina Faso leaders agree power transition plan
  • Al Jazeera: Burkina Faso military promises transition
  • BBC: Burkina Faso's Isaac Zida dismisses African Union intervention
  • BBC: The 'heroes' of Burkina Faso's revolution
  • Al Jazeera: Burkina Faso factions approve transition plan
  • BBC: Burkina Faso's Lt Col Isaac Zida named prime minister
  • War is Boring: Burkina Faso Made the Pentagon Nervous
  • Al Jazeera: Burkina Faso: Ghost of 'Africa's Che Guevara'
  • Al Jazeera: Burkina Faso: Uprising or military coup?
  • Saturday, December 6, 2014

    Cheap Energy and Strategic Competition in Late 2014

    About a year ago, I wrote a post, mainly a bunch of links, about the recent history of American-Iranian relations. There have been a lot of developments on that topic in the last few months, owing to the continuing nuclear negotiations and the de facto cooperation against ISIS/DAESH in Iraq and Syria. Today, I want to provide some links to educate you, the valued reader, about an ancillary issue: the Oil War.

    Okay, so what do I mean by "the Oil War"? Well, before we start, here are a few more links:

  • Is the oil crash a secret US war on Russia? (BBC, 16 October 2014)
  • Falling oil prices: Who are the winners and losers? (BBC, 16 October 2014)
  • Khafji to pump soon after Amir lightning visit to Riyadh (Arab Times, 29 October 2014)
  • Kuwait, Saudi Arabia in new energy row (Kuwait Times, 02 November 2014)
  • Crude oil at four-year low after Saudi Arabia price cut (BBC, 04 November 2014)
  • Energy security threatened by rising tensions, says IEA report (BBC, 12 November 2014)
  • Are the US and Saudi Arabia conspiring to keep oil prices down? (Stars and Stripes, 20 November 2014)
  • Why is Saudi Arabia using oil as a weapon? (BBC, 02 December 2014)
  • Market may defy prediction as oil wars flare (Kuwait Times, 04 December 2014)
  • GCC nations must prepare for oil, gas ‘post era’: Al-Zayani (Arab Times, 05 December 2014)

    Now that you're caught up on the chatter, let's work together to try to figure out what's going on.

    From where I sit, there are potentially about five parties in this situation: Saudi Arabia, Iran, Russia, the United States, and the amalgamation of all of the other OPEC members that aren't Saudi Arabia or Iran.

    So, let's start with a history lesson about relations between Saudi Arabia and Iran.

    In that post from last year, I linked to a story that discussed the ongoing Saudi-Iranian cold war. Elsewhere, I've written extensively about the Dhofar Rebellion, an obscure counterinsurgency campaign that took place in Oman in the 1970's. A few years after major combat operations in that conflict ended, the Shah was ousted in the 1979 Iranian Revolution. The Iranian Revolution drove the 1981 establishment of the Gulf Cooperation Council, an alliance of the six Gulf monarchies which has served as a direct counterweight to Iran. Some of the international tensions that played into the Dhofar Rebellion eventually contributed to the conduct of the Iran-Iraq War. From my continuing research about the Dhofar Rebellion, here are two passages discussing Saudi and Iranian involvement. The first selection is from page 60 of Oman: The Present in the Context of a Fractured Past by Roby C. Barrett, at Fort MacDill's Joint Special Operations University:
    The Iranian presence also created a beneficial byproduct. The presence of Iranian/Persian Shi’a troops and air units in Oman alarmed Riyadh. Now, the Saudis also began to provide equipment and financial, and perhaps most importantly, diplomatic support to the Sultanate. Riyadh worked to induce Aden to stop supporting the rebels. The Iranian presence in Oman alarmed the Saudis as much or more than that of the leftists in South Yemen. From 1972 to 1979, the Saudis tried to convince Sultan Qaboos to remove the Shah’s troops. The last Iranian soldiers did not leave Oman until after the 1979 revolution.
    The second selection is from page 103 of Determinants of Iranian Foreign Policy: The Impact of Systemic, Domestic and Ideologic Factors by James Kruse, from the Naval Postgraduate School:
    Iran also exerted its influence in the early 1970 when it joined Saudi Arabia, Kuwait Jordan and Great Britain in supporting the government of Oman against the Soviet backed rebels in the Dhofari rebellion. While Oman was strategically important to Iran, located at the Straights of Hormuz, support for the Monarch also served as an opportunity to confront Iran's persistent opponent, Iraq, which was supporting the rebels.
    Just to be clear, "the early 1970" and "Straights of Hormuz" are direct quotes, not mistakes on my part. Regardless, these passages demonstrate the situation: even before the 1979 Islamic Revolution, Saudi Arabia and Iran were strategic rivals in the region. Before 1979, Iran and Iraq were "persistent opponents"; after 1979, the new regime in Iran became more aggressive against that persistent opponent, the latter of which initiated the Iran-Iraq War in September of 1980.

    It's important to remember the context of the time, because it's so easy to forget some of the significant changes in the last thirty or forty years. Sectarian and ethnic differences have always been a significant factor in Iran's relationship with the Arab world, but to some degree, that 1970's conflict between Iran and Iraq stemmed from the nations the two were aligned with. Iraq was a Baathist state: a secular, albeit Sunni-leaning, socialist state aligned to the Soviet Union. By contrast, Iran was a secular, albeit Shiite-leaning, monarchy aligned to the West, and particularly the United States and the United Kingdom. Their conflict with each other and their alignments with the respective superpowers influenced their involvement in the region: Iraq joined the Soviets in assisting the Dhofari rebels, which made it easy for the Shah of Iran to justify Iranian assistance to Oman in fighting them.

    In his 2007 paper for the United States Marine Corps School of Advanced Warfighting entitled Working “Through, With, and By” Non-US Actors to Achieve Operational-Level Security Objectives, Travis Homiak notes (and don't skip the footnotes, which add some clarification):
    The Iranian role in the Dhofar Rebellion in Oman (1962-1975) is an excellent example of the US working “by” another actor. Beginning in 1959 and continuing into the late-1970s, the US worked “through” Iran in an effort to contain the Soviet Union.[14] During this period, America provided the Pahlavi monarchy with significant military assistance against external, notably communist, threats.[15] In 1973, Iran used its increased military capacity—without American prompting—to intervene in the Sultan of Oman’s ongoing counterinsurgency campaign against the communist People’s Front for the Liberation of Oman (PFLO). “Iran’s military and economic support made an indispensable contribution toward turning the tide in Oman.”[16] This case demonstrates working “by,” because the Shah of Iran independently took action against a mutual problem. In fact, America’s previous efforts to build Iranian capacity to counteract regional Soviet influence—activities conducted under a “through” relationship—enabled a subsequent “by” relationship in which Iran achieved US objectives, while pursuing its own interests.

    [14] Cottrell, Alvin J.; Iran’s Armed Forces under the Pahlavi Dynasty: In Iran Under the Pahlavis; Stanford, CA; Stanford University, Hoover Institution Press; 1978; pp. 398, 401; It is also worthwhile to point out that America’s decision to work indirectly “through” Iran can be traced directly to the Nixon Doctrine—itself an indirect strategy, albeit at the strategic-level. Jeffrey Kimball, author of “The Nixon Doctrine: A Saga of Misunderstanding,” identifies the doctrine’s key tenet as America’s reliance on its allies to shoulder the primary burden of defending themselves against Communist encroachment, while America limited its involvement to providing military and economic assistance as well as advice.

    [15] Cottrell, Alvin J.; Iran’s Armed Forces under the Pahlavi Dynasty: In Iran Under the Pahlavis; Stanford, CA; Stanford University, Hoover Institution Press; 1978; 418-415

    [16] Cottrell, Alvin J.; Iran’s Armed Forces under the Pahlavi Dynasty: In Iran Under the Pahlavis; Stanford, CA; Stanford University, Hoover Institution Press; 1978; 407-408; Iran intervened in the Dhofar Rebellion in 1973 at the request of Sultan Qaboos of Oman. According to Calvin H. Allen Jr’s Oman Under Qaboos: From Coup to Constitution 1970-1996, direct Iranian military involvement in Dhofar lasted until 1979. At the height of their involvement the Iranian commitment numbered anywhere from 1,500 to 2,000 men with rotary, fixed-wing, and naval support.
    Referring back to that earlier paper from James Kruse, we also learn:
    Iran had pursued relations with the Soviet Union in part to obtain greater leverage with its American allies. By the middle of the 1970s, Iran had achieved all of the goals of its independent national policy: it was actively participating as the region's policeman in accordance with the Nixon doctrine, it had a free hand in purchasing whatever western arms it desired and it was pursuing rapid industrialization and modernization due to the meteoric rise in oil revenues. The loosening of tensions in the international system gave Iran the freedom to conduct trade and development projects with the Soviets, while at the same time acting in the interests of American in the Persian Gulf.
    So, before 1979, Saudi Arabia and Iran were strategic rivals, though not outright enemies; Saudi Arabia and Iraq were strategic rivals, though not outright enemies; and Iran and Iraq were strategic opponents. After 1979, Saudi Arabia and Iran were increasingly hostile to one another, via proxies and other indirect means; and Saudi Arabia and Iraq remained strategic rivals, though the course of events in the 1980's would force them into a de facto partnership with one another.

    That brings us up to the 1980's. As I alluded to earlier, the Persian Gulf of the 1980's was defined by the Iran-Iraq War. That conflict, which largely mirrored the First World War, involved a number of phases and operational shifts by either side that were aimed at breaking the stalemate and knocking one side or the other off balance in hopes of a strategic victory. If you're interested in a detailed study of the Iran-Iraq War, the Center for Strategic and International Studies has a good (albeit adequately written) book about the conflict that you can download chapter by chapter. Since CSIS hasn't made it particularly intuitive to do so, here are the links to the table of contents, chapters 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, and the bibliography. At any rate, one of the major fronts and/or phases and/or centers of gravity of the war, and one which lasted for several years and eventually drew the United States into the shooting war, is known as the Tanker War. That CSIS book discusses the Tanker War in chapter 7, chapter 8, chapter 9, and with a more focused approach in chapter 14. In that post from last year, I mentioned the American operations: Earnest Will, Prime Chance, Eager Glacier, Nimble Archer, and Praying Mantis.

    The Tanker War involved both Iranian and Iraqi attacks on one another's shipping, as well as Iraqi cooperation with its GCC neighbors to raise much needed oil revenue in order to finance Iraq's struggling war effort. In a nutshell, Iraq circumvented an Iranian naval blockade by coordinating with the GCC states to ship its oil via Kuwaiti ports. Iran then harassed Kuwaiti shipping, and later shipping from other Gulf states, leading to Operation Earnest Will in which the United States re-flagged numerous ships as American and escorted them into and out of the Gulf, skirmishing with Iranian forces in the process. Following the Iranian attack on the U.S.-flagged Kuwaiti tanker Sea Isle City in 1987, the United States launched Operation Nimble Archer in which several Iranian oil platforms were attacked in retaliation. In addition to employing speed boats and other irregular tactics, the Iranians aggressively mined shipping lanes, resulting in damage to both merchant shipping and, eventually, a 1988 mine strike against USS Samuel B. Roberts. That mine attack led the United States to carry out Operation Praying Mantis, which involved air and special operations strikes against Iranian oil platforms and warships.

    The Hussein regime's objective in the Tanker War - and the objective of Saudi Arabia and the other Gulf monarchies in assisting Iraq - was to undermine the Iranian economy, thus undermining Iran's economic capacity to continue the land war. As that CSIS piece notes:
    The tanker war was the most important aspect of the fighting at sea, but it never produced a major interruption in Iran's oil exports. Both for political and military reasons, Iraq never achieved the concentration of force necessary to severely reduce Iran's exports on a sustained basis, and lacked the targeting assets and the ability to use sufficiently lethal weapons to achieve decisive results.
    The rest is history that's mostly been forgotten. Iraq had sustained significant damage in the war, and had borrowed money from the Gulf monarchies to finance what was for them a proxy engagement against Iran. In 1990, with its economy faltering, and following allegations that Kuwait (itself a former component of the Ottoman, later to become the Iraqi, Wilayet of Basra) was slant-drilling into oil fields on the Iraqi-Kuwaiti border, the Hussein regime annexed Kuwait. Several months later, the Persian Gulf War led to the eviction of Iraqi forces from Kuwait, severely degrading Iraq's military capabilities in the process, and cemented Saddam Hussein's status as an international pariah. The issue continued to smolder, but any hope that Hussein had of rebuilding Iraq to its former strength evaporated in 2001 when the 9/11 attacks focused attention back on to the Hussein regime for a variety of reasons which remain controversial to this day. Meanwhile, Iran has largely confined itself to covert and proxy operations since 1988. Its cold war with Saudi Arabia, significant campaigns of which include the Tanker War and both nations' sponsorship of opposing groups in Iraq and Syria, continues.

    So, that may seem like a lot of background, and it is, but stick with me, because it will come around soon.

    The other element of the Tanker War that's less obvious is what was happening on the wider, global geopolitical stage. By the 1980's, while Iran and Iraq were at war, three other things were happening. The first is that in late 1979, shortly after the Islamic Revolution, the Soviet Union invaded Afghanistan. In 1980, the disastrous domestic and foreign policies of the Carter Administration led to President Carter's defeat by Ronald Reagan, who was openly anti-communist and fiercely dedicated to the eventual demise of the Soviet Union. Third, by the mid-1980's, with Russian industry lagging further and further behind that of its Western competitors, political weaknesses in the Soviet system were beginning to appear. In the early- to mid-1980's, there were growing expectations in the West that these and other factors might force the Soviet Union to moderate its foreign policy and domestic policies; the extent of Soviet weakness was underestimated by most analysts until weeks or even days before its collapse in late 1991.

    The Soviet - now Russian - economy leans very heavily on its energy exports, which have occasionally given a disproportionate boost to its finances, as well as serving as an important tool of economic leverage that Moscow uses to influence friend and foe alike. In the 1980's, the Reagan Administration used a multi-pronged strategy to undermine the Soviet Union. While all of these prongs acted in concert, three were intimately interrelated:

    1) The Reagan Administration used its influence abroad to boost global oil production, undercutting the very oil revenues that the Soviet Union needed to survive.

    2) The Reagan Administration initiated a number of defense programs, most notably the Strategic Defense Initiative, that the Soviet Union was obligated to try to emulate, but for which it had neither the finances nor the technical expertise.

    3) To a lesser degree, the Reagan Administration's sponsorship of elements of the Afghan Mujahideen was meant to undercut Soviet military strength while simultaneously straining Soviet finances.

    So, interfering with one another's ability to export oil was a tactic employed with minimal success by Iran and Iraq in their war against one another, and boosting oil output to decrease its price was employed with (eventually) devastating success by the Reagan Administration against the Soviet Union. In both cases, this played into cold/proxy wars between Saudi Arabia and Iran on the one hand, and the United States and the Soviet Union on the other.

    So, now let's look at today's situation.

    Vladimir Putin's Russia has taken its most adversarial posture against its Western rivals since the 1991 collapse of the Soviet Union. In recent years, the Russian Federation has resumed deterrent bomber patrols and other provocative military operations; provided military and potentially/allegedly WMD assistance to rogue states such as Iran and Syria; violated or vacated treaties such as the Budapest Memorandum, Conventional Forces in Europe treaty, Intermediate Nuclear Forces treaty, and its participation in the Cooperative Threat Reduction Program; and invaded Western-allied states in Russia's sphere of influence (Georgia in 2008 and Ukraine in 2014). While an objective strategist will acknowledge that such moves may be consistent with Russia's strategic interests, the same objective strategist will acknowledge that these moves run contrary to the interests of America and its worldwide allies, and that many of them are questionable or outright illegal under international law or treaty obligations.

    And meanwhile, there's Iran. Iran is no less adversarial now than it has been for the last thirty-some-odd years, though America, its allies, and Iran do appear to be experiencing a rare confluence of interests in the ISIS/DAESH crisis in Iraq and Syria (Iran's contribution to the rise of ISIS/DAESH notwithstanding... ). Regardless, the Iranian regime remains defiant and evasive about its controversial nuclear program, which many experts on nuclear technology and weapons of mass destruction agree to be unequivocally military-focused despite Iranian claims to the contrary. In late 2013, the Obama Administration hailed a supposed tentative deal in the ongoing nuclear negotiations, which really wasn't: in exchange for a rather significant (albeit temporary) relaxation of the ongoing sanctions, the Iranians agreed to a handful of comparatively minor (and also temporary) curbs on its nuclear activities, with both sides agreeing to continue the negotiations in lieu of a deadline that was about to be reached. Save for the recent agreement to resume talks in 2015, the recent round of talks have resulted in no new Iranian concessions. Meanwhile, Iran, its allies (notably Syria), and its tentative partners (notably Iraq) are under pressure from ISIS/DAESH and, in Syria's case, other insurgent groups; and its economy remains stagnant.

    And what about America and its Western partners? They have a strategic interest in seeing their resurgent rival, Russia, falling back in line with international norms. They also have a strategic interest in preventing Iran from becoming a "nuclear armed state" (this in contrast to the five "nuclear weapon states" recognized by the Non-Proliferation Treaty), as a nuclear-armed Iran would be significantly more dangerous to international stability under what's known as the "Stability-Instability Paradox". In Iran's case, that means that the international community (and particularly the United States) would need to worry not only about the more complicated nuclear deterrent posture required to dissuade Iran from using nuclear weapons in an operational capacity; but, conversely, about the strategic insulation that a nuclear strike capability would lend to Iranian adventurism in the Middle East and elsewhere. As such, America and its allies would really prefer to maneuver Iran into a nuclear deal before Iran's nuclear ambitions produce a situation which requires a more military answer (even if that "military answer" is wider central and extended deterrence postures).

    As for the Saudis and their allies, they remain extremely nervous about Iranian nuclear ambitions, particularly in light of the deterrent insulation it would provide to future Iranian covert and proxy operations in the region. (Again, Iran's role in the rise of ISIS/DAESH isn't lost on the Saudis or their regional partners.) As part of their Wikileaks coverage, The Guardian reported in late 2010 that Saudi Arabia had urged the United States to attack Iran's nuclear facilities. In February of 2013, the Center for a New American Security released a study entitled Atomic Kingdom: If Iran Builds the Bomb, Will Saudi Arabia Be Next?, in which the authors argued that it was unlikely that the Saudis would seek to purchase or develop their own nuclear weapons; as far as I'm concerned, the data they cited makes exactly the opposite case. Later in 2013, the BBC Newsnight program reported that Saudi Arabia has nuclear weapons "on order" from Pakistan, whose nuclear program may have been funded by Riyadh. There have even been various reports (Haaretz, The Daily Telegraph) - I think I began hearing rumblings as long ago as 2007 - that the Saudis and the Israelis have come to an understanding about cooperating with one another against Iran.

    So the Saudis, the Americans, and their collective partners have a variety of concerns with Iran and Russia. Russia and Iran work in concert with one another, and the economies of both nations are extremely sensitive to the global price of oil because neither have been able to mitigate such risks through market diversification. With limited direct diplomatic leverage against either, the Saudis have had every interest in pressuring their OPEC partners to keep production high in order to prevent prices from rising. I don't expect the Saudis to state it outright - unlike many Western nations, the Saudis have shown themselves to be much better at playing their proverbial cards close to their chest, and at carefully using information as an implement of manipulation. There's also the inconvenient matter of ISIS/DAESH financing their operations in Iraq and Syria with black market oil sales - keeping prices low undermines their revenue stream as well.

    So, we've discussed Saudi Arabia, Iran, Russia, and the United States. Earlier in this post, I talked about a fifth player: the other collective members of OPEC that aren't Saudi Arabia and Iran. Most OPEC members' economies are every bit as singularly fixated upon oil as are those of Iran and Russia. These other nations are also feeling the pain of low prices, but contrary to Iran or Russia, and owing in no small part to the added pain of sanctions on Iran and Russia, these other nations are better poised - within reason - to tolerate an added degree of financial risk. Even so, the collapse in oil prices is causing anxiety among those other OPEC members - particularly Venezuela, whose welfare state reportedly relies upon a $120-per-barrel oil price. This week, the Arab Times (of Kuwait) featured two articles of note: ‘Oil prices drop to affect projects’, and More than $150 billion worth of oil projects face the axe in 2015. The Saudis have been able to use their leverage within the organization (and the additional wrinkle of ISIS/DAESH), and to capitalize upon other Arab OPEC members' anxiety over Iranian adventurism, to keep oil prices low.

    So, is it working? Well, Russia is feeling the pain, and President Putin's popularity among his constituency appears to be slipping, albeit slightly. Negotiations between Iran and the P5+1 states continue, and although there's plenty of cause for pessimism about prospects for a substantive deal, the fact that the negotiations continue at all may be cause for optimism.

    There's also the question of attribution. The Saudis are certainly involved. Some news sources seem to be labeling the situation "Obama's Oil War on Russia". I'm personally skeptical as to whether the Obama Administration is involved in orchestrating the whole thing. In both word and deed, the Obama Administration has consistently maintained a "green" agenda, to include allowing high energy prices to encourage innovation and discourage fossil fuel consumption. The Obama Administration also has a fairly consistent record of taking credit for any development that might afford it political capital, and doing so immediately - for example, immediately announcing the death of Osama bin Laden, when strategic prudence might have delayed such action pending the exploitation of the trove of intelligence collected by the raiders. That said, the Obama Administration has also kept quiet about alleged American involvement in Stuxnet - another covert effort aimed at Iran's nuclear program. The Obama Administration's silence - again, if it's involved - may also be a confluence of the two imperatives: on the one hand, consistent with President Obama's ideological convictions against nuclear proliferation; and on the other, the political imperative of safeguarding the domestic political support of American environmentalists.

    As for whether the whole endeavour will be as strategically ineffective as the Tanker War, or as strategically devastating as President Reagan's plan to collapse the Soviet oil revenues, only time will tell.
  • Friday, December 5, 2014

    Let's Get Excited About Thomas Rid's Book

    Let's Get Excited About Thomas Rid's Book The other day, while stuck on an airplane, I began reading Cyber War Will Not Take Place by Thomas Rid. It's an expansion of this essay, which Rid discusses here. It's available on Kindle for $9.99. You can read a review of the book at Schneier on Security, here.

    Rid presented at Nato Live in 2013, and you can download that speech here. Rid is a Professor of Security Studies at King's College London, was formerly associated with KCL's Department of War Studies, and has appeared on the department's War Studies Podcast thrice: here, here, and here.

    So, why am I making such an effort to familiarize you with Dr. Rid and his work? Simple: I agree wholeheartedly with it. Having spent a great deal of my career working in "cyber security"*, I've become increasingly wary of the dire predictions about "cyber war", and I believe that those predictions make it harder to institute relevant and effective defenses against legitimate attacks. Digital security is a sufficiently complex challenge as it is, and trying to frame it unnecessarily in military terms confuses things like which authorities and methods should be employed for preventative and corrective measures.

    At any rate, I'm looking forward to the rest of the book, because even if I end up having concerns about Rid's arguments, it's been great food for thought and provides a lot of grist for the intellectual mill.

    * Dr. Rid dislikes the word "cyber", particularly when it's used as a noun by people who don't actually understand the issue. I dislike the word as well. A buddy of mine who (without having read any of the book) disagrees with Dr. Rid's conclusion, without prompting, mentioned that he "hates this term". I've tended to describe that work as "network security", and a few months ago I heard the term "tech risk", which I also prefer over "cyber security" or just plain "cyber".