The trip is being touted as some sort of game-changer - that last BBC article claims that the trip "charts a new course". I'm not sure it's that significant. India's most prolific arms supplier is Russia, and that's an old relationship that India isn't going to jeopardize. Various players' complex relationships with Pakistan also complicate matters; in December, I posted a link purge in which I linked to this podcast discussing Pakistan, and a few weeks ago War on the Rocks released a podcast entitled Podcast: South Asia Meets East Asia that should also be required listening on the topic of South Asia. I think that the United States and India should be natural partners - both Pakistan and China are of long-term concern to both nations - but it's important not to overemphasize something that's encumbered by multiple significant complications.
Friday, January 30, 2015
Evaluating the Presidential Visit to India
President Obama went to India last week. Here are some articles on the topic.
Sputnik, 22JAN2015: Russia Ready to Supply India With Anaerobic Submarines
BBC, 26JAN2015: China media: India-US ties 'superficial'
BBC, 26JAN2015: Obama in India: Why president's visit is also about China
BBC, 26JAN2015: Media praise India-US nuclear agreement
AFP, 27JAN2015: Pakistan opposes new India-US nuclear deal
AFP, 27JAN2015: Obama wraps India visit with pleas on religion, climate
BBC, 27JAN2015: No US-India deal on climate change
BBC, 27JAN2015: Obama: US and India can be 'best partners'
BBC, 27JAN2015: Why Obama's India visit charts new course
The trip is being touted as some sort of game-changer - that last BBC article claims that the trip "charts a new course". I'm not sure it's that significant. India's most prolific arms supplier is Russia, and that's an old relationship that India isn't going to jeopardize. Various players' complex relationships with Pakistan also complicate matters; in December, I posted a link purge in which I linked to this podcast discussing Pakistan, and a few weeks ago War on the Rocks released a podcast entitled Podcast: South Asia Meets East Asia that should also be required listening on the topic of South Asia. I think that the United States and India should be natural partners - both Pakistan and China are of long-term concern to both nations - but it's important not to overemphasize something that's encumbered by multiple significant complications.
The trip is being touted as some sort of game-changer - that last BBC article claims that the trip "charts a new course". I'm not sure it's that significant. India's most prolific arms supplier is Russia, and that's an old relationship that India isn't going to jeopardize. Various players' complex relationships with Pakistan also complicate matters; in December, I posted a link purge in which I linked to this podcast discussing Pakistan, and a few weeks ago War on the Rocks released a podcast entitled Podcast: South Asia Meets East Asia that should also be required listening on the topic of South Asia. I think that the United States and India should be natural partners - both Pakistan and China are of long-term concern to both nations - but it's important not to overemphasize something that's encumbered by multiple significant complications.
Wednesday, January 28, 2015
Wrapping Your Head Around Current Events in Yemen
There's been a lot going on in Yemen lately. Here are some articles that can help you get caught up on what's been happening.
Foreign Policy: Washington’s $232 Million Question in Yemen
War is Boring: Rebel Putsch Is Trouble for America’s War in Yemen - But the Houthis are also fighting Al Qaeda
Long War Journal: AQAP releases infographics detailing attacks
Long War Journal: President Obama's 'successful' counterterrorism strategy in Yemen in limbo
Al Jazeera: Yemen on brink of collapse, but does anyone care?
AFP Yemen upheaval deals blow to US fight against AQAP
Kuwait Times: Drone targets 'Al-Qaeda' forces in crisis-hit Yemen - Washington to pursue strikes despite unrest
Long War Journal: US drone strike kills 3 suspected AQAP members
BBC: Yemen crisis: Power vacuum puts future into peril
For anyone who's a complete novice on Yemen, here are a few things to know. Yemen has had a very complex history in the last twentieth century. Modern Yemen dates back to 1990, when the People's Democratic Republic of Yemen and the Yemen Arab Republic were unified.
British forces fought a counterinsurgency campaign in South Arabia/the Aden Protectorate from 1963 to 1967, which came to be known as the Aden Emergency. The British withdrawals from Aden (1967) and Bahrain (1971) emboldened the Marxist rebels, who established the People's Democratic Republic of (South) Yemen in 1967, and began actively supporting and agitating the Dhofari rebels in neighboring Oman in 1970.
Yemen's former autocratic ruler, Ali Abdullah Saleh, was a Western ally who was ousted as a result of the Arab Spring. Yemen was in rough shape before the Arab Spring, and hasn't really recovered from any of the turmoil of 2011 and '12.
Yemen is fairly resource-poor, with modest and declining oil reserves. Yemen is also water-poor, and much of its water (about forty percent) is dedicated to the cultivation of khat, a natural amphetamine that's chewed like tobacco.
Yemen has a massive population for its size - around twenty-three million, compared to thirty million for neighboring Saudi Arabia, and between three and four million for neighboring Oman. Nearly all Yemenis are Muslims, sixty-five percent being Sunni Muslims and the remainder being Shiite. Sectarian divides tend to align with political divides, particularly in the case of the Houthis.
The Houthis, who are Shiites, are alleged to receive support and agitation from Iran. While both of Yemen's land neighbors keep close tabs on what's happening in Yemen, the Saudis have actually mounted air strikes against Shiite rebels (in addition to al Qaeda in the Arabian Peninsula.)
And let's not forget that Aden was the site of the USS Cole bombing in late 2000.
In his indispensable (albeit dated) 2006 book, Imperial Grunts, Robert Kaplan writes of his visit to Yemen. A lot has changed since Kaplan's visit as documented in the book, but a lot hasn't changed. Like I said, it's dated, but Kaplan's entire book is worth reading.
Longtime readers of my writings will know that I keep very close tabs on Oman, and have dedicated much of the last three years to the study of recent Omani history, and particularly the 1970-1976 Dhofar Rebellion in Oman's westernmost governorate. The Houthi rebels took a senior Yemeni official hostage, and Oman brokered his release. I was corresponding with a former co-worker last week as well, and in response to his question about Omani-Yemeni relations, I wrote the following:
For anyone who's a complete novice on Yemen, here are a few things to know.
Longtime readers of my writings will know that I keep very close tabs on Oman, and have dedicated much of the last three years to the study of recent Omani history, and particularly the 1970-1976 Dhofar Rebellion in Oman's westernmost governorate. The Houthi rebels took a senior Yemeni official hostage, and Oman brokered his release. I was corresponding with a former co-worker last week as well, and in response to his question about Omani-Yemeni relations, I wrote the following:
It sounds like things as normal in Oman. The Omani media is notoriously sanitized – even though there are four or five news sources in English, I only ever skim a couple of them, and even those ones are usually pretty sterile. I suspect that the border crossing with Yemen will have been pretty tightly controlled for quite a while now, and I wouldn’t be surprised if the SAF and ROP have coagulated along the Yemeni border. This is from a 2005 publication from the Congressional Research Service:Many will boo and hiss (and perhaps rightly so), but if you're interested in the history and shifting geography of Yemen, you can peruse the following articles from Wikipedia, the undisputed and infallible source of all knowledge: Hadhramaut, Colony of Aden, Aden Protectorate, State of Aden, Yemen Arab Republic, South Yemen, Federation of South Arabia, and Protectorate of South Arabia.“Oman has experienced more evident tension with Yemen than with any other neighboring state; these tensions have led to brief armed border clashes on a few occasions over the past two decades. On October 1, 1992, Oman and Yemen ratified a border demarcation agreement that ended a 25-year border disagreement between them; the demarcation was completed in June 1995. Under the pact, Oman relinquished its claim to a vast area bordering its western Dhofar province.”I hadn’t heard that Yemen had ballistic missiles, but I looked it up and it looks like you’re right – Scuds. The Houthi grievances seem to be more political than religious, though there are rumblings that they, like most other agitated Shiites, are being stirred up by Iran. Yemen is an aspirant member of the GCC, and the Saudis have intervened in Yemen in the recent past, and the Saudis have been agitating Iran by driving oil prices down, so I wonder if this latest Houthi uprising stems in part from Iran trying to jerk the Saudis’ (and Americans') chain(s).
Thursday, January 22, 2015
Thoughts on the Death of King Abdullah of Saudi Arabia
King Abdullah of Saudi Arabia has died, aged ninety. I posted on Facebook, "Ohhhhhh, ----. King Abdullah of Saudi Arabia is dead. If things weren't interesting before, they're about to get that way." A friend asked, "How much so, do you think? Wasn't his half-brother already carrying out the day-to-day duties. Kind of like Raul is for Fidel. Or do you mean in a different way?" Here's my response:
ADDENDUM: It's also worth noting that in neighboring Oman, the subject of much of my study, His Majesty Sultan Qaboos - who has reigned as Oman's beloved "Renaissance Man" since July of 1970 - has been undergoing medical treatment in Germany for about seven months for an undisclosed illness that some sources believe to be colon cancer. Sultan Qaboos was only briefly married in the 1970's, produced no offspring, and has no siblings, so his succession has been the subject of regional speculation for years - and may have even motivated the formation of an Emirati spy ring in 2011. Sultan Qaboos appeared on Omani television in early november, looking somewhat fatigued but sounding healthy, to inform his people that while he would be missing the annual national holiday, that his doctors had given him an encouraging long-term prognosis. The Saudis are the big players in the region, but Oman plays an under-reported role as a mediator and intercessor, particularly between Iran and the GCC, or between Iran and the West. I hope that Sultan Qaboos enjoys many years of healthy and successful rule yet to come, as his role in the region has been of critical importance, and because turmoil in Oman could have a disproportionate impact on regional stability.
I've only heard about him being sick for the past couple of weeks. Abdullah's predecessor, Fahd, suffered a severely debilitating stroke in the mid-nineties, so Abdullah's been al Mudir ("the boss") for a long, long, long time. The crown prince may have been administering the kingdom's interests, but he was doing so under Abdullah's guidance. And Abdullah's outlived at least one, and maybe a couple of his crown princes (they're all members of the quickly aging cadre of Abdulaziz ibn Saud's sons). With the Saudis intentionally manipulating the energy market to exert pressure on Iran, Russia, Syria, and ISIS, and with Iran agitating the Houthis and trying to contain ISIS and exert influence in Iraq... There's just a lot going on in the region at the moment, Abdullah was sort of a known entity and a long term player, and his death will leave a vacuum that could make things interesting.King Abdullah's death also comes on the same day that Yemen's President and Prime Minister have resigned. Abdullah's successor, King Salman, is the second member of the highly influential "Sudairi Seven" to accede to the Saudi throne, the Sudairi Seven being a group of seven of ibn Saud's sons from his union with one of his wives, Hassa bint Ahmed al Sudairi. Abdullah's predecessor, Fahd, was the prior member of the Sudairi Seven who occupied the throne. (Notably, the Mauritanian dictator's attendance of King Fahd's funeral in 2005 resulted in a coup, the aftermath of which I followed with great interest for several years.) The relationships in the inner circle of the House of Saud play a significant role in the administration of the country's affairs. This includes the unorthodox division of the Saudi military, with includes the Saudi Arabian National Guard and the Royal Saudi Air Defense. According to Wikipedia, the undisputed and infallible source of all knowledge (citing the more reputable GlobalSecurity.org):
The Saudi Arabian National Guard is not a reserve but a fully operational front-line force, and originated out of Abdul Aziz’s tribal military-religious force, the Ikhwan. Its modern existence, however, is attributable to it being effectively Abdullah’s private army since the 1960s and, unlike the rest of the armed forces, is independent of the Ministry of Defense. The SANG has been a counterbalance to the Sudairi faction in the royal family; Salman bin Abdul-Aziz Al Saud, the minister of defense, is one of the so-called ‘Sudairi Seven’ and controls the remainder of the armed forces.There's a lot going on in the region at the moment (as I've alluded to recently), so it will be very interesting to see how this plays out.
ADDENDUM: It's also worth noting that in neighboring Oman, the subject of much of my study, His Majesty Sultan Qaboos - who has reigned as Oman's beloved "Renaissance Man" since July of 1970 - has been undergoing medical treatment in Germany for about seven months for an undisclosed illness that some sources believe to be colon cancer. Sultan Qaboos was only briefly married in the 1970's, produced no offspring, and has no siblings, so his succession has been the subject of regional speculation for years - and may have even motivated the formation of an Emirati spy ring in 2011. Sultan Qaboos appeared on Omani television in early november, looking somewhat fatigued but sounding healthy, to inform his people that while he would be missing the annual national holiday, that his doctors had given him an encouraging long-term prognosis. The Saudis are the big players in the region, but Oman plays an under-reported role as a mediator and intercessor, particularly between Iran and the GCC, or between Iran and the West. I hope that Sultan Qaboos enjoys many years of healthy and successful rule yet to come, as his role in the region has been of critical importance, and because turmoil in Oman could have a disproportionate impact on regional stability.
Tuesday, January 20, 2015
Houthi Raid in Yemen
Whether you agree with President Obama's foreign policy record or not, this headline stings: Four months ago, Obama called Yemen’s war on terror a success. Now the Yemeni government may fall.. I was anxious about President Obama's campaign plan (it wasn't really a "strategy", per se, but most people don't know enough about strategy to notice), and it appears that I had cause to be anxious. Then again, one high profile attack often says more about public perception than it does about the actual state of security. This will be interesting to follow over the coming days and weeks.
Saturday, January 17, 2015
Blackhat, the CENTCOM Hack, and InfoSec Perception
I highly recommend these two articles from Wired's Threat Level blog, and you should read them in order.
I'm often critical of both policy-makers and, unfortunately, military leaders who are ignorant of strategy. Another topic most of our lawmakers are ignorant of is information security - "cyber security" to the uninitiated. The amount of blather that's been bandied about over the Sony hack has provided ample evidence of this.
I can't count myself among "early Internet users", because the Internet was technically around before I was born, but I can say with some confidence that I was using the Internet before most people had even heard of it - around early 1994, when most households didn't start getting Internet access until around 1997. For years now, I've worried that by attempting to control the uncontrollable, or worse, to tax it to death, Congress would legislate the aspects of the Internet which make it so revolutionary completely out of existence.
Meanwhile, President Obama's post-Sony initiative - discussed at some length in that second article from Wired - came at the same time as United States Central Command's Twitter and YouTube accounts were hacked. When I saw the news earlier this week, I thought to myself, "So?" As the Heritage Foundation's Peter Brookes notes in a recent op-ed:
While CentCom wasn’t disabled by the attack, a misunderstanding of the gravity of the event might prove to be a significant public relations victory for the CyberCaliphate — whoever they are — and for the Islamic State.The whole thing reminds me of an incident a few years ago, immortalized by the class xkcd comic titled "CIA" that's featured above. Even the BBC acknowledges that this is about public relations, not "cyberwar".
Perception is reality after all.
I've mentioned Thomas Rid's book several times lately. I finished it last weekend, and I can't recommend it enough. With this recent series of high profile hacks, I can only imagine how Dr. Rid's media schedule must look at the moment. I suspect that Dr. Rid would identify the Sony hack as a combined act of sabotage and subversion, and mostly subversion in the case of the hack on USCENTCOM's social media feeds. I suspect that he'd agree with Peter Brookes: these hacks are more about manipulating public perception (or, in the case of Sony, probably extortion) than they are about some nebulous concept of "cyberwarfare". Given the complexity involved with information/"cyber" security, I suspect that the ability of hackers and hacktivists to "wag" the proverbial governmental and media "dogs" will remain constant for the foreseeable future. UPDATE: Blackhat has received another endorsement, this time from the BBC. (Technically, the BBC reports that hackers are praising the film.)
Thursday, January 15, 2015
Selections from Clausewitz, Part 2
About a month ago, I posted the first in a series of selections from my ongoing reading of On War by Carl von Clausewitz. Here's the second installment.
More to come.
"Lastly, even the final decision of a whole war is not always to be regarded as absolute. The conquered state often sees in it only a passing evil, which may be repaired in after times by means of political combinations. How much this also must modify the degree of tension and the vigour of the efforts made is evident in itself."We like to think of events - even wars - as finalities. In reality, history continues to unfold, and whether by way of force or through other means, nations will continue to proact and react based upon what Thucydides codified as their "fear, honor, and interest." History is rife with case studies in which nations which have been defeated on the battlefield have continued to react upon their fears, safeguard their honor, and pursue their interests.
- Carl von Clausewitz, On War, Book I, section 9
"It is quite possible for such a state of feeling to exist between two states that a very trifling political motive for war may produce an effect quite disproportionate, in fact, a perfect explosion."I read this passage, and immediately thought, "First World War".
- Carl von Clausewitz, On War, Book I, section 11
"But there is still another cause which may stop action in war, that is an incomplete view of the situation. Each commander can only fully know his own position; that of his opponent can only be known to him by reports, which are uncertain; he may, therefore, form a wrong judgment with respect to it upon data of this description, and, in consequence of that error, he may suppose that the initiative is properly with his adversary when it is really with himself. This want of perfect insight might certainly just as often occasion an untimely action as untimely inaction, and so it would in itself no more contribute to delay than to accelerate action in war. Still, it must always be regarded as one of the natural causes which may bring action in war to a standstill without involving a contradiction. But if we reflect how much more we are inclined and induced to estimate the power of our opponents too high than too low, because it lies in human nature to do so, we shall admit that our imperfect insight into facts in general must contribute very much to stop action in war, and to modify the principle of action."Intelligence is a critical and difficult aspect of warfare. One could read this passage and consider how significantly the intelligence estimates about Iraq overestimated its military strength. One could also make some observations about the Cold War "missile gap", or other aspects of deterrence aided by deception. Thus far, my readings haven't covered the Clausewitzian concepts of "friction" or the "fog of war", but this passage certainly alludes to them.
- Carl von Clausewitz, On War, Book I, section 18
"We see therefore how from the commencement, the absolute, the mathematical as it is called, no where finds any sure basis in the calculations in the art of war; and that from the outset there is a play of possibilities, probabilities, good and bad luck, which spreads about with all the coarse and fine threads of its web, and makes war of all branches of human activity the most like a game of cards."I remember hearing General James Mattis, the legendary "Warrior Monk", speak about the shortfalls of Effects-Based Operations (EBO) and other "Military Transformation"/"Revolution in Military Affairs" programs that were meant to cut through the aforementioned "fog of war" by leveraging modern computing power to process unprecedented volumes of information (typically categorized under the "PMESII" rubric: Political, Military, Economic, Social, Infrastructure and Information systems). General Mattis, one of the few competent strategists to grace the ranks of Flag/General Officers in recent years, circulated a much-discussed memorandum (mentioned in that previous post) in 2008 in which he outlined his concerns with this approach and essentially pulled the plug on further development of EBO. As I was reading the passage from Clausewitz, this passage jumped out at me as being directly relevant to the DoD's abortive efforts to dominate the post-Cold War battlefield by performing quantitative analysis upon incomprehensible volumes of intelligence data. Given the outcome of these efforts, it would seem that the late father of strategy had the last laugh.
- Carl von Clausewitz, On War, Book I, section 21
More to come.
Friday, January 9, 2015
Follow-Ups on Recent Items
About a month ago, I published a lengthy post on energy supplies and strategy. I'd been following the story for months, and finally spent a couple of days wrapping all of my materials and knowledge together. A buddy of mine has even requested that I turn it into a lecture for a group he's in.
That was a month ago. This week, the BBC Global News podcast spent around ten minutes on the topic, and it took two analysts to do an overview of the details I posted (with a few additional details). (That link will expire in early February 2015.) On Thursday, Michael Medved spent about an hour of his show discussing the issue with the Heritage Foundation's Chief Economist, Stephen Moore. (That link requires a site membership.) On Friday, Bloomberg posted an article about it, focusing mainly on the hypothesis that OPEC is trying to undercut the American energy boom; it's a hypothesis I don't fully agree with, but the point is that they're talking about it.
Again, I was covering this, in detail, a month ago. Gotta admit, I'm pretty chuffed, even if they're not actually using my own analysis.
In a related story, I posted the following paragraph to Facebook last night:
Moving on from oil: about three weeks ago, I discussed my reservations about attributing the Sony hack to North Korea; I posted an update a few days later, and then another yesterday. Bruce Schneier has offered up another post on the topic, as has Wired. The Wired article concludes with a quote from one particular commentator who compares skeptics of the North Korea attribution to 9/11 Truthers and other conspiracy theorists. I take a lot of issue with this, because it's not a bunch of non-credible non-experts who are raising questions about the assertions from the FBI and the intelligence community - in fact, it's some of the most talented, experienced security experts who are questioning the attribution. It's irresponsible to lump them in with conspiracy theorists in the absence of any conclusive evidence to prove them wrong (as opposed to the 9/11 Truthers, who ignore overwhelming evidence undermining their claims that 9/11 was perpetrated by anyone other than al Qaeda terrorists). If the intelligence and law enforcement communities feel the need to protect their sources and methods, that's all well and good; however, the public dividend of asserting something without providing evidence to that effect will, and perhaps must, be skepticism and even ridicule.
Meanwhile, Sony Pictures CEO Michael Lynton has said that Sony had "no playbook" for dealing with the hack. Unfortunately for Sony, that's an indicator of just how lousy their network management was. U.S. Government networks governed by FISMA utilize the NIST Risk Management Framework, the security controls for which are outlined in NIST Special Publication 800-53. One of the security control families is the IR family, which stands for "Incident Response" - in other words, there are publicly available guides published by some of the best IT folks in the American government that can help private industry to secure their networks. For a multi-billion-dollar company like Sony Pictures, which relies so heavily on intellectual property and public relations for its success, there's really no excuse for such awful information security - regardless of who actually carried out the hacks.
That was a month ago. This week, the BBC Global News podcast spent around ten minutes on the topic, and it took two analysts to do an overview of the details I posted (with a few additional details). (That link will expire in early February 2015.) On Thursday, Michael Medved spent about an hour of his show discussing the issue with the Heritage Foundation's Chief Economist, Stephen Moore. (That link requires a site membership.) On Friday, Bloomberg posted an article about it, focusing mainly on the hypothesis that OPEC is trying to undercut the American energy boom; it's a hypothesis I don't fully agree with, but the point is that they're talking about it.
Again, I was covering this, in detail, a month ago. Gotta admit, I'm pretty chuffed, even if they're not actually using my own analysis.
In a related story, I posted the following paragraph to Facebook last night:
[An] item I check each morning is the BBC News feed for Northeast Scotland, Orkney, and Shetland. Lately, they've been reporting on trouble for the North Sea oil industry, compounded by the 2014/'15 oil glut that I've discussed recently. I also listen to BBC Radio Orkney's Around Orkney program every day on my way to work; this morning, [they] interviewed Orkney Islands Council Convener Steven Heddle, and they discussed the projected Scottish Government budget shortfall from the fall in oil prices. From late 2012 to late 2014, I did my tiny part to try to convince Scottish voters that the secession referendum was a bad idea, and although I doubt I had much impact, I was very relieved when the referendum failed. I was very worried about how a volatile oil market and limited resources might combine with the inability to spread risk across the wider enterprise of the United Kingdom to negatively impact Scotland's long-term economic viability. This morning, I had a thought: how many "Yes!"-voting Scots might have had a severe case of buyers' remorse, or might even be having such thoughts now, due to the oil revenue shortfall and its long-term impact on Scotland's economic prospects upon the eve of its secession? I'm very glad that Scotland will remain insulated from the energy market's volatility by way of its continued role in the United Kingdom's community of nations, and I'm also glad that Oman is likely to weather the eventual decline in the global use of fossil fuels better than some of its less appreciable neighbors.As such, I was rather amused to see this during my Friday morning news review:
Scottish First Minister Nicola Sturgeon has told the UK government to "get its act together" on backing the oil and gas industry, amid falling prices.First Minister Sturgeon, who succeeded MSP Alex Salmond after the decisive failure of their signature goal in September's referendum, campaigned as actively as Salmond did for Scottish secession. She was interviewed by Radio Orkney's Robbie Fraser in September, just a few weeks before the referendum, and was quite obviously dodging and spinning on question after question. In my experience, SNP devotees will conjure any excuse to keep from admitting when Mr. Salmond or Ms. Sturgeon are being disingenuous, but I suspect that both Salmond and Sturgeon look awfully foolish in the eyes of a lot of folks under the current circumstances.
Her comments came as Holyrood ministers outlined a series of measures they said must be taken to support the sector.
The UK government said action was being taken after oil prices dropped by more than half over the past six months.
The SNP's opponents said Scotland had dodged a bullet, given its focus on the oil wealth of an independent Scotland.
Moving on from oil: about three weeks ago, I discussed my reservations about attributing the Sony hack to North Korea; I posted an update a few days later, and then another yesterday. Bruce Schneier has offered up another post on the topic, as has Wired. The Wired article concludes with a quote from one particular commentator who compares skeptics of the North Korea attribution to 9/11 Truthers and other conspiracy theorists. I take a lot of issue with this, because it's not a bunch of non-credible non-experts who are raising questions about the assertions from the FBI and the intelligence community - in fact, it's some of the most talented, experienced security experts who are questioning the attribution. It's irresponsible to lump them in with conspiracy theorists in the absence of any conclusive evidence to prove them wrong (as opposed to the 9/11 Truthers, who ignore overwhelming evidence undermining their claims that 9/11 was perpetrated by anyone other than al Qaeda terrorists). If the intelligence and law enforcement communities feel the need to protect their sources and methods, that's all well and good; however, the public dividend of asserting something without providing evidence to that effect will, and perhaps must, be skepticism and even ridicule.
Meanwhile, Sony Pictures CEO Michael Lynton has said that Sony had "no playbook" for dealing with the hack. Unfortunately for Sony, that's an indicator of just how lousy their network management was. U.S. Government networks governed by FISMA utilize the NIST Risk Management Framework, the security controls for which are outlined in NIST Special Publication 800-53. One of the security control families is the IR family, which stands for "Incident Response" - in other words, there are publicly available guides published by some of the best IT folks in the American government that can help private industry to secure their networks. For a multi-billion-dollar company like Sony Pictures, which relies so heavily on intellectual property and public relations for its success, there's really no excuse for such awful information security - regardless of who actually carried out the hacks.
Thursday, January 8, 2015
Speculation Continues on the Sony Hack
Major media outlets continue to report on the Sony hack, and they continue to cite White House and FBI confidence that the hack was perpetrated by North Korea.
BBC: Sony Pictures hackers 'got sloppy', FBI says
Al Jazeera: FBI chief 'confident' North Korea hacked Sony
AFP: US spymaster dined with N.Korea general reponsible for Sony hack
However, security industry experts remain unconvinced - not unconvinced of potential North Korean involvement, per se, but unconvinced that the publicly released evidence points in that direction. Both Wired.com's Threat Level blog and security expert Bruce Schneier have both questioned how ironclad the FBI's latest revelation - that the hackers "got sloppy" and allowed their allegedly exclusive North Korean IP addresses to be recorded - actually is. While this would count as further evidence, the concensus in the security community is that this is a far cry from the smoking gun that the FBI claims to have. (Some of the comments on Schneier's post make some interesting observations on that topic.)
However, security industry experts remain unconvinced - not unconvinced of potential North Korean involvement, per se, but unconvinced that the publicly released evidence points in that direction. Both Wired.com's Threat Level blog and security expert Bruce Schneier have both questioned how ironclad the FBI's latest revelation - that the hackers "got sloppy" and allowed their allegedly exclusive North Korean IP addresses to be recorded - actually is. While this would count as further evidence, the concensus in the security community is that this is a far cry from the smoking gun that the FBI claims to have. (Some of the comments on Schneier's post make some interesting observations on that topic.)
Tuesday, January 6, 2015
Famous Erroneous Words
"Internet, though not necessarily of much use to intelligence, has recently caught the public imagination as an epitome of this new world of international computer access to data of all kinds."
- Michael Herman, Intelligence Power in Peace and War, 1996
- Michael Herman, Intelligence Power in Peace and War, 1996
Subscribe to:
Posts (Atom)