We Are Our Own Worst Enemy

My latest op-ed in SC Magazine:

It is tough being in cybersecurity. Defense is a cost center, and it’s hard to find meaningful metrics to demonstrate success. Interest in security is also cyclical: Major breaches stir action, but as time passes, interest and resources wane, though the threat is still there. Yet the biggest problem with cybersecurity is ourselves. Before we can succeed, all of us must agree to change.

Read the whole thing.

All aboard the cluetrain express

This is classic:


Wiki technology advocates within the intelligence community, known as
intellipedians, were circulating among their colleagues promoting the
use of the collaborative social software to create intelligence
products, the official said.


The general response among the intelligence
technologists the intellipedians approached was “It’s great! Can you
build one for us?,” according to the official. That question indicated
that the technologists had not grasped the intellipedians’ premise that
wiki information sharing should permeate the community, the official
said.

You know your agency’s head geek got his degree from a state-funded diploma mill when he stops you after the second slide of a briefing and says, “What’s this XML you’re talking about?” This was five years ago and apparently little has changed.

As with any sufficiently radical effort (and believe me, this is practically magic to some on the inside) there is a marked difference between the public face and the reality in the cube. Are people using it? Sure. Is it pervasive? Not a chance. Is it widely and solely the way business is done? Dream on. Getting a foot in the door is one thing; closing the sale is another issue entirely.

Have fun storming the castle . . .

An XGW-cyber intel lab?

Beltway Bandits offering up expensive and cumbersome gaming solutions to Uncle Sam: look out!

I was sitting at a picnic table Thursday afternoon talking with a revolutionary who last year bombed an American Apparel store.

I didn’t think she was all that dangerous. As far as I could tell, she was just a big-time radical in the Second Life virtual world.

My Second Life alter ego, Caro Zohari (an avatar who has much
nicer hair than I do), was interviewing a spokeswoman for the Second
Life Liberation Army (SLLA), an “avatar rights” group that has sprung
up in the Linden Lab-created virtual world with the objective of
fomenting a “democratic revolution” to oppose Linden’s supposedly
authoritarian rule.

Couple of things strike me:

  • Assuming SL doesn’t but the kibosh on madness like this, it would be an interesting way to test out a variety of pol-mil-legal responses to terrorist, insurgent, or radical activist activity; not just the sticks but the carrots too. A live political and military science lab if you will.
  • People who are going to dismiss this as just game play are ignoring the potential to radicalize otherwise “normal” people via this medium. There are some people who can’t separate fantasy from reality and the consequences can be grave.
  • Do the normal rules of HUMINT and SIGINT apply in SL? Do we assume everyone in SL is a “US Person” or do we take advantage of the fact that no one online knows you’re a dog and maximize the medium for both the actual take and the lessons learned?

If Linden let’s the activity continue, I could see the need for a weapons toolkit that allows for real-world flexibility but does not impact the underlying system; you want targets to suffer losses for the sake of realism, you don’t want rouge external malcode shutting down the system. Maybe its artificial (ahem) but you want to keep the experiment going as long as possible I would think.

Maybe this is where you get some preliminary answers to questions about the effectiveness of generational warfare.

DIA: getting it

Scooped by Shloky:

The U.S. Department of Defense’s lead intelligence agency is using
wikis, blogs, RSS feeds and enterprise “mashups”
to help its analysts
collaborate better when sifting through data used to support military
operations.

The Defense Intelligence Agency (DIA) is seeing “mushrooming”
use of these various Web 2.0 technologies that are becoming critical to
accomplishing missions that require intelligence sharing among
analysts, said Lewis Shepherd, chief of DIA’s Requirements and Research
Group at the Pentagon.

 

As a recent report confirmed, DIA has not been the most technically astute (among other things) place around at the working level. This is the place that thought that slapping a really crappy HTML front end to a really antiquated database was pushing the bleeding edge.

Indications that they were taking technology seriously came just a few years ago when they hired a CTO that didn’t need a dictionary to know what XML stood for (unlike some senior staff with “information” or “technology” attached to their titles). If anyone was going to make something happen on the tech front, it was going to be Bob.