We Are Our Own Worst Enemy

My latest op-ed in SC Magazine:

It is tough being in cybersecurity. Defense is a cost center, and it’s hard to find meaningful metrics to demonstrate success. Interest in security is also cyclical: Major breaches stir action, but as time passes, interest and resources wane, though the threat is still there. Yet the biggest problem with cybersecurity is ourselves. Before we can succeed, all of us must agree to change.

Read the whole thing.

All aboard the cluetrain express

This is classic:

Wiki technology advocates within the intelligence community, known as
intellipedians, were circulating among their colleagues promoting the
use of the collaborative social software to create intelligence
products, the official said.

The general response among the intelligence
technologists the intellipedians approached was “It’s great! Can you
build one for us?,” according to the official. That question indicated
that the technologists had not grasped the intellipedians’ premise that
wiki information sharing should permeate the community, the official

You know your agency’s head geek got his degree from a state-funded diploma mill when he stops you after the second slide of a briefing and says, “What’s this XML you’re talking about?” This was five years ago and apparently little has changed.

As with any sufficiently radical effort (and believe me, this is practically magic to some on the inside) there is a marked difference between the public face and the reality in the cube. Are people using it? Sure. Is it pervasive? Not a chance. Is it widely and solely the way business is done? Dream on. Getting a foot in the door is one thing; closing the sale is another issue entirely.

Have fun storming the castle . . .

An XGW-cyber intel lab?

Beltway Bandits offering up expensive and cumbersome gaming solutions to Uncle Sam: look out!

I was sitting at a picnic table Thursday afternoon talking with a revolutionary who last year bombed an American Apparel store.

I didn’t think she was all that dangerous. As far as I could tell, she was just a big-time radical in the Second Life virtual world.

My Second Life alter ego, Caro Zohari (an avatar who has much
nicer hair than I do), was interviewing a spokeswoman for the Second
Life Liberation Army (SLLA), an “avatar rights” group that has sprung
up in the Linden Lab-created virtual world with the objective of
fomenting a “democratic revolution” to oppose Linden’s supposedly
authoritarian rule.

Couple of things strike me:

  • Assuming SL doesn’t but the kibosh on madness like this, it would be an interesting way to test out a variety of pol-mil-legal responses to terrorist, insurgent, or radical activist activity; not just the sticks but the carrots too. A live political and military science lab if you will.
  • People who are going to dismiss this as just game play are ignoring the potential to radicalize otherwise “normal” people via this medium. There are some people who can’t separate fantasy from reality and the consequences can be grave.
  • Do the normal rules of HUMINT and SIGINT apply in SL? Do we assume everyone in SL is a “US Person” or do we take advantage of the fact that no one online knows you’re a dog and maximize the medium for both the actual take and the lessons learned?

If Linden let’s the activity continue, I could see the need for a weapons toolkit that allows for real-world flexibility but does not impact the underlying system; you want targets to suffer losses for the sake of realism, you don’t want rouge external malcode shutting down the system. Maybe its artificial (ahem) but you want to keep the experiment going as long as possible I would think.

Maybe this is where you get some preliminary answers to questions about the effectiveness of generational warfare.

DIA: getting it

Scooped by Shloky:

The U.S. Department of Defense’s lead intelligence agency is using
wikis, blogs, RSS feeds and enterprise “mashups”
to help its analysts
collaborate better when sifting through data used to support military

The Defense Intelligence Agency (DIA) is seeing “mushrooming”
use of these various Web 2.0 technologies that are becoming critical to
accomplishing missions that require intelligence sharing among
analysts, said Lewis Shepherd, chief of DIA’s Requirements and Research
Group at the Pentagon.


As a recent report confirmed, DIA has not been the most technically astute (among other things) place around at the working level. This is the place that thought that slapping a really crappy HTML front end to a really antiquated database was pushing the bleeding edge.

Indications that they were taking technology seriously came just a few years ago when they hired a CTO that didn’t need a dictionary to know what XML stood for (unlike some senior staff with “information” or “technology” attached to their titles). If anyone was going to make something happen on the tech front, it was going to be Bob.

War: easy when you always win

From Inside the Army (subscription required):

The top civilian and uniformed leaders of the Army told a House committee last week that recent war games have proved the effectiveness of the Future Combat System as a counterinsurgency tool, and pushed for the continued development of the multibillion dollar program.

The committee was told the service is running modeling simulation exercises involving pre-insurgent and insurgent operations that compare actual events in battle to the likely outcome if the service had tapped a future force harnessing the latest technologies such as FCS.

The Army¹s recent exercise looked at an event called Black Sunday in which a platoon providing convoy security in Sadr City, Iraq in April 2004, was attacked by insurgents. Two soldiers were killed. Several humvees were destroyed. A battalion then embarked on a rescue mission.

“It took [the battalion] three hours and three attempts because they couldn¹t find them,” [Army Secretary] Harvey explained. “They didn¹t know where they were. They didn¹t know what streets were blocked. Six more soldiers were killed and 50 more were wounded.”

The modeling simulation involving an FCS-capable unit, however, resulted in “zero soldiers killed, zero wounded. It took one hour, not three hours.”

Wow, we ought to be increasing and not cutting the budget of a program like that, eh?

Not so fast . . .

First of all exercises &  simulations are cr@p. The math/logic behind them is fine, I’m not deriding game theory and related fields, but as they are practiced such events are worth less than nothing because the good guys never lose. The “blue” side always ends up saying that the tactics of the “red”
side are just not realistic; tactics like going insurgent or acting like a terrorist network. You don’t have to take my word for it, ask Lt. General Van Riper, USMC (Ret.)

Playing the bad guy in an exercise called Millennium Challenge Van Riper showed what Saddam a simulated Mid-East military power could do if they had had their act together. Unwilling to accept real defeat in a fake setting, the game was rebooted; the US won and everyone lived happily ever after. Van Riper blew the whistle.

The Army touting FCS – or any technology-heavy solution – as some kind of miracle system that will send US casualties to the basement and make every mission a flawless display of military prowess is something akin to irresponsible. Even if the Black Sunday simulation was an accurate reflection of how FCS might perform, it would not have stopped the ambush from occurring in the first place. Even without FCS we are the most technically advanced fighting force in the world, yet our soldiers are still being killed by weapons bought in a dime store and cooked up in a kitchen.

It is not that advanced technologies are bad, but look at what sort of technology works on the battlefield: UAVs and night vision devices. These are advancements of basic concepts that were put into use during Napoleon’s day (balloons) and Viet Nam (NVGs). The other great technology that works is GPS, which is a space-based way to do what people used to do with a compass and range finder. The defense against all this technology? “Moving through the people like fish through water.”

Enhancing our ability to fight and win against terrorists and insurgents – the more common battles of the future –  should be focused less on ridiculously expensive technological programs (which inevitably fall short of expectations and exceed cost and time estimates) and more on a well-executed communications strategy, multi-disciplined programs aimed and eroding popular support for subversive movements, and the tactile tools that smart men on the ground can use to kill.

Gamers Miss Real World Developments

Gamers quibble over trees while missing a forest:

Was an elite congressional intelligence committee shown video footage from an off-the-shelf retail game and told by the Pentagon and a highly-paid defense contractor that it was a jihadist creation designed to recruit and indoctrinate terrorists?

It’s looking more and more like that is the case.

The bizarre story began to unfold last week when Reuters reported that the House Permanent Select Committee on Intelligence was shown video footage of combat action which was represented as a user-modified version (or “mod”) of Electronic Art’s best-selling Battlefield 2, a modern-day military simulation which features combat between U.S. forces and those of the fictitious Middle East Coalition (MEC) as well as the People’s Republic of China.

Reuters quoted a Pentagon official, Dan Devlin, as saying, “What we have seen is that any video game that comes out… (al Qaeda will) modify it and change the game for their needs.”

The influential committee, chaired by Rep. Peter Hoekstra (R-MI), watched footage of animated combat in which characters depicted as Islamic insurgents killed U.S. troops in battle. The video began with the voice of a male narrator saying, “I was just a boy when the infidels came to my village in Blackhawk helicopters…”

Several GP readers immediately noticed that the voice-over was actually lifted from Team America: World Police, an outrageous 2004 satirical film produced by the creators of the popular South Park comedy series.

In the rush to prove their worth it is entirely conceivable that a contractor ran off without double checking details – the video’s creator does after all go by the nickname “Sonic Jihad” is Moroccan-Dutch and loves the genteel sounds of NWA and Public Enemy – though one has to wonder where the COTR and government project manager were on the days preceding their appearance on the Hill . . .

Regardless, while this particular video may not have been created by Jihadists, its value as a recruiting tool is undiminished. Let us also not forget the broader theme here of terrorists adopting the computer-based training approach, which has been going on for some time.