The first modern cyberwar?
The Russian-Georgian conflict is being described as the first time cyber-attacks have accompanied an actual war. Last year, the Russian-Estonian spat was described as the first modern cyber-war. These descriptions over dramatise events and are a distraction from the more prosaic, but more serious, danger these illicit cyber-actions represent. The technology used in these cyber-conflicts has only limited strategic impact, but represents a major threat to one of the most successful engines of human freedom and opportunity – the World Wide Web itself.
The strikes against Georgian government websites, along with last April's attacks against Estonian websites, were distributed denial of service attacks (DDoS) where many computers simultaneously send messages to a website, preventing legitimate traffic from reaching the site. These attacks are relatively easy to launch, but taking a website down does not affect real world infrastructure and competent IT professionals can counter or at least mitigate DDoS attacks. The increasing volume and sophistication of these attacks is a subject much discussed among IT professionals, but its impact is to create an inconvenience.
Theoretically taking down Georgian government sites could have prevented Georgia from publicising its side of the conflict. However, some Georgian sites were migrated to new locations. More importantly, the Georgian government's message was getting out to the world. The problem was that the United States and Nato had limited options for supporting Georgia. In short, the cyber component had no significant known impact.
Advanced economies and militaries rely on sophisticated information networks. Damaging or infiltrating these networks will probably be an important component of future wars. The ability to listen in on or disable an enemy's military communications net could be the difference between victory and defeat. It is also conceivable that information inside these networks could be influenced, or that the networks running critical infrastructure - military or civilian - could be infiltrated and used to cause real-world damage. However the skills and technologies needed for these attacks will be highly specialised, and not akin to the DDoS attacks which a relative amateur can launch.
Russia, home to a sophisticated core of cyber-criminals, undoubtedly possesses some of these capabilities. But, considering Russia's massive military advantage over tiny Georgia, it is unlikely that Russia would have turned to advanced cyber war to guarantee victory, particularly when deploying it would provide potential future adversaries with valuable intelligence about Russia's cyber war strategies and tactics. In addition, much of Georgia's infrastructure is old and consequently not online and therefore invulnerable to a cyber strike. (The Georgians claim that Russia has targeted their phone system, and while that is possible, it is more likely that Georgian phone systems were overwhelmed in the general crisis accompanying the Russian attacks.)
The Russian government may have instigated the DDoS attacks, although the evidence is unclear, and it is difficult to identify the origins of a DDoS attack. It appears that the DDoS attacks were in fact a mass action by regular Russian citizens. For the future of the Web, this is even more worrisome.
DDoS attacks typically use botnets, networks of thousands of compromised computers that, unbeknownst to their owners, are used to disseminate spam. Five years ago DDoS attacks and botnets were the domain of highly skilled cyber-criminals. Now, botnets can be rented online, and rentals come with tech support. The massive DDoS attacks on Georgia included botnets, but ordinary citizens joined in, using simple tools distributed online to join in the attacks. The tools of cybercrime are becoming progressively easier to use.
The Web was established as an open environment, with minimal governance, that puts a premium on individual liberty and initiative. This openness has been essential to the Web's success as a tremendous engine of creativity, opportunity, and liberty. DDoS attacks that take down websites are bad manners and one threat to the open spirit that underpins the Web. But the technology behind these attacks represents even greater threats.
The primary use of botnets is not DDoS attacks, but to perpetrate an ever expanding repertoire of online frauds and distribute malicious software. These activities undermine the physical and moral integrity of the Web. Some estimates are that more than 75% of the emails sent worldwide are spam. With botnets becoming easier and easier to create and manage, the rate of spam is increasing faster than new internet capacity. Spam also represents a moral threat to the Web, as online fraud undermines trust in e-commerce and online communications in general.
Governments can better prepare for specific events, such as international cyberspats. There are a number of improvements that could be made in coordination and in developing early warning systems. But the systemic issues also need to be addressed. Software designs need to be improved to reduce the vulnerabilities that cyber-criminals exploit and the public needs to be better educated about safer online behaviour. Major Web users such as governments, ISPs, universities, and corporations need incentives to better secure their networks, and educate their users. Finally, serious efforts must be made to develop international laws that can prevent increasingly sophisticated cyber attacks and to prosecute cyber-criminals. All of these steps are costly, but without them more draconian efforts that impinge on individual privacy may be needed to keep the Web viable.
The cyber-component of the Russian-Georgian conflict was only a sideshow, but it highlighted the threats facing one of history's great promoters of freedom and innovation - the World Wide Web.
Friday, August 22, 2008
Wednesday, August 20, 2008
Transnational Jihad, Supremacism, and Cold War Tactics by Jeffrey Imm
This summary is not available. Please
click here to view the post.
Tuesday, August 19, 2008
Resilient Community: Malcom's Platform by John Robb
Resilient communities aren't built through one-off projects/efforts, good will, and lifestyle changes. Instead, they are a vibrant ecosystems of activity, that are innovative, robust, and efficient. The key to growing ecosystems that exhibit these qualities is to build platforms that span everything from electricity to food to security. Here's a short story about Malcom McLean to get your head around the idea of what a platform is (this is for my upcoming book on Resilient Communities) and why they are so powerful:
Malcom's Platform
In 1937, during a commercial delivery trip carrying North Carolina cotton bales to the port in Hoboken, New Jersey, Malcom McLean became frustrated at the wait he experienced to unload his cargo at the port facility. He later remarked, “I had to wait most of the day to deliver the bales, sitting there in my truck, watching stevedores load other cargo. It struck me that I was looking at a lot of wasted time and money. I watched them take each crate off the truck and slip it into a sling, which would then lift the crate into the hold of the ship.” This thought was carried forward seventeen years, when at the helm of a company with 1,776 trucks and 37 transport terminals (on the Eastern Seaboard) he gravitated to the idea that long haul routes would be better accomplished through sea transport.
However, to accomplish this, he needed to remake the shipping industry from the ground up. In other words, he needed to build a shipping platform for the shipping industry. What is a platform? At a high level, a platform takes related activities that are complex, unique, and variable and turns them into activities that are simple, universal, and standard. Here's how Malcom built his (and now our) shipping platform:
* First, he created a shipping container that could be detached from a truck and stacked on a ship without unbundling the contents.
* He followed this with new wheel systems to quickly attach containers to trucks.
* Finally, he developed container ships that allowed easy roll-on/roll-off and container stacking.
The new containerized system he developed simplified shipping by pushing the complexity of packing and unpacking cargo to the edges of the shipping network. Second, it made interconnection with the network easy, since containers were inexpensive and of a standard set of sizes. Finally, it lowered/standardized costs, reduced theft, and limited damage.
The debut of his new system was with the maiden voyage of the Ideal X, a converted oil tanker that loaded fifty-eight containers at Port Hoboken, New Jersey and unloaded them in Houston, Texas to his waiting trucks for delivery. The success of this innovation led him to radically expand his business into a powerhouse called SeaLand Industries that had twenty seven thousand containers and thirty-seven container ships by the end of the 1960s.
Obviously, it didn’t end there. The advantages in speed, cost, and flexibility were so compelling that the entire shipping industry was transformed as companies, ports, and governments adopted his containerization process. By 2000, nearly 90% of the world’s shipping was accomplished using containers in support of a vast global ecosystem of manufacturers and retailers made possible by Malcom's shipping platform.
Malcom's Platform
In 1937, during a commercial delivery trip carrying North Carolina cotton bales to the port in Hoboken, New Jersey, Malcom McLean became frustrated at the wait he experienced to unload his cargo at the port facility. He later remarked, “I had to wait most of the day to deliver the bales, sitting there in my truck, watching stevedores load other cargo. It struck me that I was looking at a lot of wasted time and money. I watched them take each crate off the truck and slip it into a sling, which would then lift the crate into the hold of the ship.” This thought was carried forward seventeen years, when at the helm of a company with 1,776 trucks and 37 transport terminals (on the Eastern Seaboard) he gravitated to the idea that long haul routes would be better accomplished through sea transport.
However, to accomplish this, he needed to remake the shipping industry from the ground up. In other words, he needed to build a shipping platform for the shipping industry. What is a platform? At a high level, a platform takes related activities that are complex, unique, and variable and turns them into activities that are simple, universal, and standard. Here's how Malcom built his (and now our) shipping platform:
* First, he created a shipping container that could be detached from a truck and stacked on a ship without unbundling the contents.
* He followed this with new wheel systems to quickly attach containers to trucks.
* Finally, he developed container ships that allowed easy roll-on/roll-off and container stacking.
The new containerized system he developed simplified shipping by pushing the complexity of packing and unpacking cargo to the edges of the shipping network. Second, it made interconnection with the network easy, since containers were inexpensive and of a standard set of sizes. Finally, it lowered/standardized costs, reduced theft, and limited damage.
The debut of his new system was with the maiden voyage of the Ideal X, a converted oil tanker that loaded fifty-eight containers at Port Hoboken, New Jersey and unloaded them in Houston, Texas to his waiting trucks for delivery. The success of this innovation led him to radically expand his business into a powerhouse called SeaLand Industries that had twenty seven thousand containers and thirty-seven container ships by the end of the 1960s.
Obviously, it didn’t end there. The advantages in speed, cost, and flexibility were so compelling that the entire shipping industry was transformed as companies, ports, and governments adopted his containerization process. By 2000, nearly 90% of the world’s shipping was accomplished using containers in support of a vast global ecosystem of manufacturers and retailers made possible by Malcom's shipping platform.
Sunday, August 17, 2008
A Reflection: U.S. Army + Roy Mitsuoka + Apple (About 1 Year)
Spending on military research and development has increased to levels not seen since the Reagan Administration and not seen since to a certain extent World War II. At the same time, military research and development has run into cost overruns and long delays never experienced before.
The culprit, in my view, to military research and development stagnation or lack of innovation by military research and development is management related. Note, what I mean by stagnation or by innovation, is the lack of or ability to create and/or refine and/or package ideas into reality that increase intelligence and situational awareness that enhances force projection, force protection, and force survivability with greater lethality and accuracy. Even so, management is not required to operate in a framework that requires a high degree of efficient and effective interactions and actions. At the same time, individuals with geek credit will be put off by, have been put off by, and loose the innovative and creative spirit by the multi-layer management associated with defense research and development. The increasing nature of military research and development becoming more and more protracted is also a professional death sentence for individuals with geek credit and merit that want to be in sync with the latest technological advances.
Even worse, military research and development has been and is being transferred to contractors for oversight responsibility that often lack sufficient geek credit. As such, military research and development management has become a conventional business that lacks "authentic business" and spends around 80% on marketing and stagnation and around 20% on human resources and innovation. In other words, instead of military research and development resulting in ideas becoming reality based upon what the forces down range need (similar to business model of Apple,) military research and development is telling the forces down range what they need (similar to business model of Microsoft.)
Military research and development must become innovative. They must leverage existing resources (public sector, private sector, and open source sector) based upon efficient and effective interactions. At the same time, create and/or refine and/or package ideas into reality that increase intelligence and situational awareness that enhances force projection, force protection, and force survivability with greater lethality and accuracy based upon down range needs and goals. Military research and development, in the end, must be an enabler that allows the forces down range to increase intelligence and situational awareness that enhances force projection, force protection, and force survivability with greater lethality.
We have to get back to what made this military research and development great that won World War II and sent a man to the moon, and that is to have the geek credit, merit, courage, curiosity, and commitment, to do things that have not been done before.
The culprit, in my view, to military research and development stagnation or lack of innovation by military research and development is management related. Note, what I mean by stagnation or by innovation, is the lack of or ability to create and/or refine and/or package ideas into reality that increase intelligence and situational awareness that enhances force projection, force protection, and force survivability with greater lethality and accuracy. Even so, management is not required to operate in a framework that requires a high degree of efficient and effective interactions and actions. At the same time, individuals with geek credit will be put off by, have been put off by, and loose the innovative and creative spirit by the multi-layer management associated with defense research and development. The increasing nature of military research and development becoming more and more protracted is also a professional death sentence for individuals with geek credit and merit that want to be in sync with the latest technological advances.
Even worse, military research and development has been and is being transferred to contractors for oversight responsibility that often lack sufficient geek credit. As such, military research and development management has become a conventional business that lacks "authentic business" and spends around 80% on marketing and stagnation and around 20% on human resources and innovation. In other words, instead of military research and development resulting in ideas becoming reality based upon what the forces down range need (similar to business model of Apple,) military research and development is telling the forces down range what they need (similar to business model of Microsoft.)
Military research and development must become innovative. They must leverage existing resources (public sector, private sector, and open source sector) based upon efficient and effective interactions. At the same time, create and/or refine and/or package ideas into reality that increase intelligence and situational awareness that enhances force projection, force protection, and force survivability with greater lethality and accuracy based upon down range needs and goals. Military research and development, in the end, must be an enabler that allows the forces down range to increase intelligence and situational awareness that enhances force projection, force protection, and force survivability with greater lethality.
We have to get back to what made this military research and development great that won World War II and sent a man to the moon, and that is to have the geek credit, merit, courage, curiosity, and commitment, to do things that have not been done before.
Subscribe to:
Posts (Atom)