it’s not about panic

Everynerds favorite crypto-guru uses both well-worn barrels:

Cyber-extortion is certainly on the rise; we see it at Counterpane. Primarily it’s against fringe industries — online gambling, online gaming, online porn — operating offshore in countries like Bermuda and the Cayman Islands. It is going mainstream, but this is the first I’ve heard of it targeting power companies. Certainly possible, but is that part of the CIA rumor or was it tacked on afterwards?

And here’s list of power outages. Which ones were hacker caused? Some details would be nice.

I’d like a little bit more information before I start panicking.

He joins the voices of other professional contrarians (keep waiting for “Dick Destiny” to sound off) about how this is all rumor, fear-mongering, lies, or worse.


Yelling “hype” is a convenient way to show the pocket-protector sniffers how deep and ponderous your thoughts are. It’s very popular in the “everyone else is an idiot but me” crowd. You’ll note one key factor not addressed amidst all the nay-saying, however: In recent memory, how many active, bona-fide CIA officers have come out and put their names and faces to statements like this? I’ll go out on a limb and say exactly zero.
Why?
If I were a betting man, I would put my money on: “everything we think we know about how bad this may be is wrong: it’s worse.” Not necessarily “worse” like the lights are going to go off tomorrow and won’t come back on until we pay Dr. Evil $1 meeelion dollars but “worse” like “if we keep ignoring relatively small but important things, we are risking having numbskulls play with the lights like they used to play with Web sites.” I don’t know about you but the prospect of a Zone-H archive filled with exploited Dominion Power entries gives me the creeps.
Let’s keep something else in mind here: We’re talking about an agency that thinks nothing of demanding that you classify a newspaper story if you’re going to stick the data from that story into a briefing or report. As an astute Australian colleague put it; “What tw** back home authorizes the classification of the New York Times?”
A disinformation campaign? Sure: the community that can’t keep a secret about efforts directed at foreign adversaries is suddenly in OPSEC lock-down over an effort to fool the US public. Let’s also not forget we’re talking about people (and organizations) that cannot stand to be wrong, which makes a disinfo campaign on SCADA issues entirely believable if you like kool aid.
I know that it is not beyond some people to fake problems to generate false concern. I know there is a lot of money to be made here. But if this briefing ends up giving a boost to the SCADA protection racket that has nothing to do with Tom: his paycheck stays the same. Even if you wanted to get all conspiracy-theory here, is he going to stick his neck out in preparation for a lucrative career in the advice-giving business by talking about something he knows is bulls***?
I mean, I know some CIA guys follow that path, but I wouldn’t recommend it.

3 thoughts on “it’s not about panic

  1. We have trod the same ground, you and I.
    I’m not going to say the hype machine may not be in full effect, but I also put a lot of faith in the system’s strong reluctance to reveal anything of any import or weight in this issue area. That they’ve revealed the smallest slice tells me that – unlike Y2K perhaps – efforts to work behind the scenes has not been as successful as, well, Y2K. A little shame goes a long way.

  2. Why am I skeptical? Because I remember the Y2K NIE. May not have been declassified, but without going into details, suffice it to say that CIA’s technical analysts blew our DOE energy experts (and their Russian colleagues) out of the way, forecasting a high likelihood of a major meltdown in the Russian power grid, specifically in the nuclear power plants. Guess what didn’t happen? Not a whisper, not a tremor. But the degree of near-hysterical assurance and confidence on the part of the Langley Boys back in 1999 was something to behold. At the post-Y2K videoconference wrap-up, chaired by the NIO for Science & Technology, I suggested a public apology was due to one of our people, the S&T Counselor at the Moscow Embassy, who (like the rest of our people) had worked hard with the Russians to remediate known problems, only to be humiliated by CIA’s analysts — who overwhelmed him with classified technical analysis that he was unprepared to refute — at an interagency meeting in the fall of 1999. After suggesting that the NIO and the Agency apologize to this gentleman, I found I wasn’t invited to many parties thereafter. So, Mr. Donahue, hiding behind “sources and methods” makes me tune out. Give us some real information, that can be scrutinized in the light of day.

  3. Not to panic, but definite cause for concern

    The issue: Power networks hacked for extortion purposes in un-named countries outside of the U.S. Michael Tanji looks beyond a technical evaluation to a more personal evaluation of who made the announcement – CIA Senior analyst Tom Donahue. In recent

Leave a Reply