Am Yisrael Chai!

I love the Merkava IV, Israel’s main battle tank. 


The shape, the versatility, the power! 


Complete fighting awesomeness. 


The new “Merkava IV Barak” (scheduled for deployment in 2021) will even have artificial intelligence (AI) for advanced battle management systems. 


I wish we had the Merkava during the Holocaust and could’ve given the Nazi bastards what they rightfully deserved. 

 

Never again! 😉


(Credit Photo: Andy Blumenthal)

Navy Under Attack

Collision.JPEG

So there was another collision of a U.S. Navy Destroyer.


The Navy destroyer collided early today with an oil tanker off of Singapore. 


10 sailors are missing and there is significant hull damage. 


This is the 4th known accident just this year of our Navy vessels in Asia waters.


And previously I wrote incredulously about the last Navy collision with a massive container ship in June that resulted in 7 dead. 


How do U.S. Navy ships with the most advanced sensors, navigation, weapons, and command and controls systems in the world–that are supposed to be protecting us–just simply collide with other ships like toys in a bathtub?


These Navy ships are a vital projection of U.S. might, and are supposed to be able to keep the worst foes away and keep our dedicated men and women warfighters safe at sea–whether from bomb-laden terrorist attack speed boats to anti-access/area denial missiles and all threats from on, above, or below. 


Yet, they just keep crashing…


There was supposedly some buzz online about a stealthy new cyber weapon that is attacking our ships and making them useless and helpless pieces of (G-d forbid) floating junk at sea or perhaps enabling them to be hacked and electronically commandeered and controlled in order to crash them.


Either way, how many collisions does it take for this to become a concerning problem with our Navy’s ability to manage the ships under their command and be ever war-ready. 


Our ships are a major element of our national strength and security, and loss of control implies a potentially great risk to our nation. 


We need our Navy and their tremendous people, assets, and expertise to safeguard our people, freedom, and democracy.


A few months ago, there was a hackathon to test the Navy’s systems’ security–and most certainly, this is a crucial type of test that we potentially face every day in real life.


These are challenging times for everything cybersecurity, so let’s make sure we have all the capabilities we need and are fully up to the task to defend ourselves and take out our enemies–it’s not just our Navy in the spotlight and at risk. 😉 


(Source Photo: With attribution to CNN and adapted from here)

Losing Deadly Control

Skull

So today we hear that there was a horrible mistake in which at least 52 sites (in 18 states here and 3 other countries) were inadvertently sent LIVE anthrax!!!


This after a prior incident in December where ebola had been mishandled and a technician potentially exposed. 


Again last August, they announced that a lab had accidentally cross-contaminated benign bird flu virus with a deadly strain of it. 


And there are at least five other major mishaps just since 2009 including more with anthrax and bird flu as well as with Brucella and botulism–these involved everything from using improper sterilization and handling techniques to inadvertent shipments of deadly live germs. 


Also in July, the CDC discovered six vials of LIVE smallpox in an unused storage room at the NIH.


This is reminiscent of similar gaffes by the military with an inadvertent shipment in 2007 by the Air Force of six nuclear warheads while the crew was unaware that they were even carrying it.


And here we go again (a doozy this time), information was disclosed in 2013 that we nearly nuked ourselves (specifically North Carolina) with 2 hydrogen bombs (260 times more powerful than that exploded on Hiroshima) in 1961. 


Yes, mistakes happen, but for weapons of mass destructions that we are talking about here, there are layers of safeguards that are supposed to be strictly in place. 


After each incident, it seems that some official acknowledges the mistakes made, says sorry, and claims things are going to be cleaned up now. 


But if the same or similar mistakes are made over and over again, then what are we really to believe, especially when millions of lives are at stake?


We have too much faith in the large bureaucratic system called government that despite how well it could be run, very often it isn’t and is prone to large and dangerous errors and miscalculations.


With all due respect for our experts in these areas, we need to spend a lot more time and effort to ensure the safety of our most dangerous stockpiles–be it of nuclear, chemical, biological, or radiological origin. 


We can’t afford any more mistakes–or the next one could be more than just a simple (not) embarrassment.


What good is all the preparation to win against our enemies, if we are our own worst enemy or we have meet the enemy and it is us! 😉


(Source Photo: Andy Blumenthal)

6 D’s Of Cyberwar

Cybersecurity
Popular Science had a interesting article that spelled out the six D’s of Cyberwar:



On the offensive side, you want to destroy, deny, degrade, disrupt, and deceive.



“Unlike World War II code breaking, cyber attacks offer the potential to not just read the enemy’s radio, but to seize control of the radio itself.”



– Step 1: Infiltrate the enemy’s networks and communications and gather/exfiltrate information.



– Step 2:  Compromise the enemy’s information either by:



1) Corrupting the enemy’s information, planting misinformation, sewing erroneous reports, and causing poor decision-making. 

2) Taking control of their networks, disabling or jamming them, and disrupting their command and control or harming their critical infrastructure and causing mass confusion, destruction, and death.



Examples are “not merely to destroy the enemy’s tanks, but to make them drive in circles–or even attack each other” or to cyber attack an enemies control systems for electricity, dams, transportation, banking, and so on. 

With the ability to steal information, sow misinformation, seize control, or even stop the information flow altogether, cyberwar is not just another weapon in our arsenal, but “a tool to help achieve the goals of any given operation.”



On the flip side, you want to defend against the enemy’s use of cyberspace to hurt us.



We need to continue to get serious about cyberwarfare and cybersecurity and become the masters in the information domain, and quickly. 😉



(Source Photo: Andy Blumenthal)

SCADA In Pictures

SCADA In Pictures

SCADA 3 SCADA 4 SCADA

So SCADA are Supervisory Control and Data Acquisition systems.

They are a form of Industrial Control Systems (ICS) that monitor and control major industrial processes from power generation, transmission, and distribution, to water treatment, chemical production, air traffic control, traffic lights, building controls, and more.

These are part of our nation’s critical infrastructure.

In the lab, we are able to use tools to capture and analyze communication packets and edit and re-use them to:

– Turn on and off lights

– Open/close perimeter gates

– Control water and gas pipelines

– And even open and close a bridge

This was very scary!

No one, unauthorized, should be able to do this in real life, in the physical world.

This is a major security vulnerability for our nation:

– SCADA systems should not be openly available online, and instead they should be able to be controlled only either locally or remotely through an encrypted virtual private network (VPN).

– SCADA systems should not be available without proper access controls–there must be credentials for user id and passwords, and even two-step authentication required.

No one but vetted, cleared, authorized, and trained personnel should be able to monitor and control our critical infrastructure–otherwise, we are giving them the keys to disrupt it, destroy it, and use it for terror.

We owe our nation and families better, much better.

(Source Photos from lab: Andy Blumenthal)

Security Is A Joke!

Fascinating video with Dan Tentler on the Shodan Search Engine…which CNN calls the “scariest search engine on the Internet.”

The search engine crawls the Internet for servers, webcams, printers, routers, and every type of vulnerable device you can imagine.

It collects information on more than 500 million devices per month and that was as of last year, so it’s already probably a lot more.

Tentler shows the unbelievable amounts and type of things you can access with this, including our critical infrastructure for the country –from utilities to traffic lights, and power plants:

– Private webcams
– Bridges
– Freeways
– Data Centers
– Polycoms
– Fuel cells
– Wind farms
– Building controls for lighting, HVAC, door locks, and alarms
– Floor plans
– Power meters
– Heat pump controllers
– Garage doors
– Traffic control systems
– Hydroelectric plants
– Nuclear power plant controls
– Particle accelerators
– MORE!!!!

Aside from getting information on the IP address, description of the devices, locations (just plug the longitude and latitude into Google for a street location), you can often actually control these devices right from YOUR computer!

The information is online, open to the public, and requires no credentials.

– “It’s a massive security failure!”

– “Why is this stuff even online?”

Where is our cyber leadership????

>>>Where is the regulation over critical infrastructure?

If there is a heaven for hackers, this is it–shame on us. 😦

Beware of Botnets

Interesting video demonstration of how botnets work and can literally take over your computer.

In essence, your computer becomes a zombie under the command and control of the botnet sender.

Computers get infected through a trojan or worm, and then the sender has you–they control your computer and information.

Generally, they do this to send spam, steal information, or send out other malware, all under anonymity.

Once infected, the sender has complete control over your computer and can exfiltrate, delete, or change your data, turn on the keyboard lights, add a tail to your mouse, and even format your hard drive.

The malware often can even disable your firewall.

The sender can turn on a keylogger and log your keystrokes, and capture your user ids and passwords to banking and financial institutions, and draw out your money.

The video demos an example of botnets with a variant of the Zeus trojan.

Worth a watch.

Makes me wonder whether our adversaries are infecting more and more computers, until they have almost everyone–eventually a virtual army.

Then at the time of their choosing, they can conduct one big massive attack, or incremental ones, logging into peoples accounts, stealing their identities and savings, sending out misinformation, destroying data and computers en masse.

We need to be aware of what’s possible, maybe even probable.

Is your computer infected and you don’t even know it yet?

Under The Beautiful Sea

Under_the_sea

The Defense Advanced Research Project Agency (DARPA) is looking for a place to stash some new military capabilities.

In a DARPA news release (11 January 2013) it states they are looking to support the navy by placing hibernated deep-sea capsules with payloads at under water locations and at the seafloor strategically around the globe–“almost half of the world’s oceans are more than four kilometers deep” providing “cheap stealth”.

The capsules with carry non-lethal payloads for “operational support and situational awareness”–such as command, control, communication, computers, intelligence, surveillance, and reconnaissance (C4ISR). 

Examples of pre-deployed payloads could be unmanned aerial vehicles (UAVs) and probably, unmanned underwater vehicles (UUVs). The release specifically states that this is “not a weapons program,” but you could imagine future evolutions of this.

The initial capabilities sought are for “situational awareness, disruption, deception, networking, rescue, or any mission that benefits from being pre-distributed and hidden.” 

The deep-sea capsules will need to survive under extreme pressure and be able to communicate at vast ocean depths to be remotely awoken and recalled when needed. 

Having capabilities available when and where needed–from the bottom of the sea to forward deployment–potentially mitigating some use of costly and non-stealth land bases.

I think this is an exciting idea especially since China was able to demonstrate its anti-satellite missiles in January 2007 in shooting down its own satellite, and I would think that these new underwater pods being sought may be able to provide some alternatives for sensing and communicating in conflicts where satellites are destroyed or disabled and/or other military muscle in not readily available. 

(Source Photo: here with attribution to Rakel SdPC)

Preparing For All Hell To Break Loose–The “Doomsday Plane”

Diane Sawyer from ABC News has a great piece here on the Flying Fortress, our Airborne Command Center, for the President and a 50-member entourage including the DefSec and the Joint Chiefs, to manage the United States response and retaliation should a worst-case situation happen–such as a nuclear, chemical, or biological attack.
The plane has been referred to as The Doomsday Plane, Flying Fortress, Airborne White House, Airborne Arc, and The E-4B Nightwatch.Located at Offutt Air Force Base in Omaha, Nebraska, this plane is on constant high-alert and ready 24 x 7 x 365–it is airborne within 5 minutes notice!

According to Ideas and Discovery Magazine, there are actually 4 planes–the most-technologically advanced 747s in the world.

Built based on more than $2 billion in research, these planes are the most expensive in the world, fly 40 miles per hour faster than regular 747s, can stay in the air for about 3 days straight with in-air refueling, and are shielded from thermo-nuclear radiation and electromagnetic pulses.

The planes are protected by 60 Air Force special forces troops, have their own on-board maintenance teams, and precision technical communication specialists.

The planes have an area for battle staff to assess the situation and draw up action plans and a technical control facility for managing surveillance and command, control, and communications to issue encrypted commands on “virtually all frequencies” through 67 satellite dishes and antennas on the roof.

They can even communicate with submarines by dropping a 5 mile rope with a transceiver into the ocean below.

These planes stand ready to evacuate the President and his staff in the case of a national emergency.

“The commander-in-chief can then send orders to troops and personnel, communicate with allied governments, or update the American people on the situation.”

While it has far less amenities than Air Force One, this high-tech doomsday plane is very cool indeed.

What I admire the most about this plane is not even the technology per se, but the planning and risk management that go into preparation for something “really bad” happening.

While some people think emotionally that preparing for disaster is almost tantamount to pushing for one to actually occur, really that is an emotional reaction and denial of reality anchored in fear.

Like insurance, you hope you never need it, but are really glad you have it, when all hell breaks loose!

Perhaps, we can all learn something for ourselves here as well, that (disaster) preparedness can be scary and expensive, but we all need to have a plan and make it a good one.

Decloaking The Adversary

Romulan_warbird_decloaking

Yes, we lost a drone in Iran and they won’t give it back–that stinks!

Initially, the word coming out was it was a mishap, an accident, but the Iranians claimed otherwise–that they brought it down.

Who believed that they could actually do that?

Then there was word that the craft being displayed by the Iranians was a fake, a mock-up, only to reversed with a confirmation, as reported in Christian Science Monitor, that the drone “is almostly certainly the one lost by U.S. forces.”

Well now, InformationWeek is reporting (16 December 2011) that Iran really did bring down the stealth drone as well as how they claim to have done it.

First they jammed the communications of the RQ-170 Sentinel, so that with its command, control, and communications (C3) no longer intact, it was forced to go into autopilot and rely on GPS signals to find its way.

Then, the Iranians spoofed the GPS signal making the Sentinel think it was landing at a U.S. base rather than right into hostile territory.

If this is true, then not only is all the captured sensitive technology aboard the craft (such as radar, fuselage, coating, and electronics) in jeopardy of being comprised by reverse engineering, but also as the article states, the Iranians may have demonstrated the means to be able to literally “divert any GPS-guided missiles launched at targets inside its borders.”

Quite a scary thought when according to Reuters reports, Iran is less than a year from going nuclear!

So what is the truth and what is misinformation (PsyOps) to confuse or outwit the enemy and how much does any of that really matter if the Iranians have possession of our advanced technology along with the time and the nefarious partners to study it and use it against us?

Or perhaps, this is a great ruse by us and we intended for the Iranians to get the drone–tick, tick, tick… 😉

We live in a new sophisticated world of electronic and cyber warfare and that combined with nukes makes for some truly dangerous scenarios.

Finally, we should never underestimate the capabilities or intent of our adversaries–surprise may be the the most potent enemy of them all.

(Source Photo: here)