Deterrence Alone Is Not A Strategy

 

High Wire Act.jpeg

So there is a military doctrine that has been in place for decades. 


– MAD – Mutually Assured Destruction 


If you attack the USA with weapons of mass destruction, you’ll get an overwhelming responses that will totally destroy your country. 


This was what supposedly held the USSR at bay during the cold war. 


And even recently, President Trump threatened North Korea that they would be “totally destroyed” if they try anything on us. 


The problem is that the MAD doctrine of deterrence assumes incorrectly that you are always dealing with rational actors and not with madmen.


Let’s face it, their are plenty of crazies out there, and some of whom may be willing to go down in a “blaze of glory” as long as they stand up to the United States and die a heroes death for their radicalized or “subjected” people. 


Whether it’s Iran or North Korea or others–we may not know what we are really dealing with here until it’s too late. 


Life is not everything to these people–remember many a terrorist has died a martyrs death with the promise of 72 virgins in heaven awaiting them. 


To some, as Prime Minister Gold Meir stated:

“Peace will come when the Arabs will love their children more than they hate us!”


Hate by virtue of perceived injustice, required Jihad or “holy war,” brainwashing or threats and the desire for a “glorious death” standing up to the infidels or the “great Satan…any of all of these can contribute to ignoring the consequences. 


Israel has tried to deter horrible homicide bombers/and other mad terrorists from performing their evil misdeeds on the civilian population by for example, demolishing the terrorist homes as a potent consequence that they know going into it, yet many terrorists still wear the explosive vests and detonate anyway.


Similarly, North Korea despite the President’s threat that they “will be met with fire and fury like the world has never seen,” brushed it off and shot off more volleys of ICBMs and threatened to engulf Guam in fire. 


– The point is that deterrence alone is not a strategy!


If our enemies can hit us with a devastating attack–whether WMD, cyber, EMP, or quantum attack— that can inflict immeasurable harm on us–they may actually choose to take their best shot, rather than wait for us to hit them or continue to feel disrespected, subjected, inferior, and hopeless.


To someone on the radical fringes or the mental edge, maybe–just maybe–they will do the unthinkable and surprise us.


What good will our fire and fury counterstrike do us, when our cities are in ruin and our people dead and dying en masse. 


Revenge isn’t so sweet when your family, homeland, and virtually everything you know and held dear is gone.


The only real military strategy is to be able to defend ourselves and AVOID getting a homeland catastrophe!


We need massive investment and expertise in missile defense, bio defense, cyber defense, quantum computing, and expansive hardening of our critical infrastructure.


Unfortunately, as naysayers to the threats abound, we are no where near where we need to be in protecting the homeland.


If one person falls from the high wire and smashes their head, what good is it that the other person falls and suffers similarly or worse. 


The point is not to fall, not to get hurt, not to die, not to have our country and way of life destroyed.


Deterrence does not guarantee this security to the country–especially when dealing with no shortage of radicalized nuts out there. 


Only a genuine defense that can STOP and counter the threats BEFORE a devastating attack happens and hits us is a strategy worth pursuing …and THEN you can punch the other person squarely in their devil’s face!


Without an adequate defensive strategy, get ready, because every high flying act eventually falls to the ground and hits their head hard. 😉


(Source Photo: Andy Blumenthal)

Navy Under Attack

Collision.JPEG

So there was another collision of a U.S. Navy Destroyer.


The Navy destroyer collided early today with an oil tanker off of Singapore. 


10 sailors are missing and there is significant hull damage. 


This is the 4th known accident just this year of our Navy vessels in Asia waters.


And previously I wrote incredulously about the last Navy collision with a massive container ship in June that resulted in 7 dead. 


How do U.S. Navy ships with the most advanced sensors, navigation, weapons, and command and controls systems in the world–that are supposed to be protecting us–just simply collide with other ships like toys in a bathtub?


These Navy ships are a vital projection of U.S. might, and are supposed to be able to keep the worst foes away and keep our dedicated men and women warfighters safe at sea–whether from bomb-laden terrorist attack speed boats to anti-access/area denial missiles and all threats from on, above, or below. 


Yet, they just keep crashing…


There was supposedly some buzz online about a stealthy new cyber weapon that is attacking our ships and making them useless and helpless pieces of (G-d forbid) floating junk at sea or perhaps enabling them to be hacked and electronically commandeered and controlled in order to crash them.


Either way, how many collisions does it take for this to become a concerning problem with our Navy’s ability to manage the ships under their command and be ever war-ready. 


Our ships are a major element of our national strength and security, and loss of control implies a potentially great risk to our nation. 


We need our Navy and their tremendous people, assets, and expertise to safeguard our people, freedom, and democracy.


A few months ago, there was a hackathon to test the Navy’s systems’ security–and most certainly, this is a crucial type of test that we potentially face every day in real life.


These are challenging times for everything cybersecurity, so let’s make sure we have all the capabilities we need and are fully up to the task to defend ourselves and take out our enemies–it’s not just our Navy in the spotlight and at risk. 😉 


(Source Photo: With attribution to CNN and adapted from here)

Driverless Cars – New Beginning or Part of The End

Jet Pack.JPEG

Driverless cars are exciting to so many.


But doesn’t it also seem so boring?


There is a lot to be said for being the driver and doing the driving. 


We control the destination, trajectory, speed, etc.


Occasionally, there is even time to stop and enjoy the view. 


We’ve given up on doing or even knowing how to do so many basic things.


Probably 90% plus of us would fail at any sort of basic survival test. 


You can’t hunt, you don’t know how anything really works, and you don’t even have a green thumb.


You’d be dead in under a week or max three


The only thing you do know how to do is sit at a desk, push papers, go to meetings, and post endless nonsense on social media–congratulations you’re an imbecile!


When Axis of Evil North Korea, Iran, or Russia decide to hit us with an ICBM, EMP, or a massive cyber attack your gonna wish you knew something (anything) real, let alone how to drive a simple automatic. 😉


(Source Photo: Andy Blumenthal)

My Ashley Madison

Lady
So Ashley Madison is now a well-known adulterous website, particularly after hackers stole 37 million records on the site participants, and have released that information to the public.


These tens of millions of users seek companionship for loveless or sexless marriages or perhaps are just plain liars and cheaters–who knows? 


But yikes, now everyone knows!


Huffington reports that divorce lawyers are anticipating a deluge of new clients seeking divorces


And BBC reports that two people have already taken their lives in Canada as a result of the release. 


What is incredible as well are the 15,000 people who used their .gov or .mil accounts presumably to hide their infidelity from their spouses, but now are in potentially huge trouble with their government agencies.


I assume that Ashley Madison prided themselves on their discretion in handling their clients accounts, but lo’ and behold the discretion is for naught compliments of some very naughty hackers. 


Privacy is becoming a very lonely and meaningless word whether you are faithful or a cheater–it’s all open fodder on the net. 😉


(Source Photo: Andy Blumenthal)

The “Real” OPM Data Breach

Stealing
A lot has been made and should be made of the theft of over 21 million federal employees’ sensitive personnel records and security clearances. 



Everyone rightly, although somewhat selfishly, is worried about identity theft and the compromised privacy of their information.



The government is worried about hostile nation states using the pilfered information to bribe or coerce military, intelligence, high-level politicals, and others to turn and work for them or otherwise to use against them. 



But what is grossly missing in this discussion is not what information presumably the Chinese stole and how they will use it against us, but rather what information they inserted, altered, or otherwise compromised into the OPM personnel and security databases when they got root access to it.



Imagine for a moment what could hostile nations or terrorists can do to this crown jewel database of personnel and security information:



– They could insert phony records for spies, moles, or other dangerous persons into the database–voila, these people are now “federal employees” and perhaps with stellar performance records and high level security clearances able to penetrate the depths of the federal government with impunity or even as superstars!



– They could alter personnel or security records taking prominent or good government employees and sabotaging them to have questionable histories, contacts, financial, drug or criminal problems and thereby frame or take-down key government figures or divert attention from the real bad guys out there and tie our homeland security and law enforcement establishment in knots chasing after phony leads and false wrongdoers and villains.



Given that the timeline of the hack of OPM goes back to March and December 2014, this was more than enough time for our adversary to not only do to our data what they want, but also for the backup tapes to be affected by the corrupt data entering the system. 



The damage done to U.S. national security is unimaginable. As is typically the case with these things, “An ounce of prevention is worth a pound of cure.” Instead of investing in security, now we can invest in “credit monitoring and identity theft protection” for a very sparse three years, while federal employees will go a lifetime in information jeopardy, and the federal government will be literally chasing its tail on personnel security for decades to come. 



With the price so low to our adversaries in attacking our systems, it truly is like stealing and much more. 😉



(Source Photo: Andy Blumenthal)

2014 The Bad News Goes On

Bad News

What a 2014 it’s been as the world continues it’s descent into madness.  


If Ebola, the War with Hamas in Gaza, the shoot down of Malaysian Airlines Flight MH17 killing 298 including 80 children and 15 crew, the intransigence of Iran on Nuclear Weapons, employment still near a 30-year low, the National Debt hitting over $18 trillion (and growing $2.43 billion a day!) and the suicide of comedian, Robin Williams wasn’t enough…


– Criminal Records: 1 in 3 adult Americans (i.e. 80 million people) now have a criminal record…hmm, if the average family has around 2.5 people then just about 1 person per household has a criminal record. Are you starting to look around you now?


– Economy: Uber, yes, it’s a online “ride-sharing” (i.e. taxi) service, but after it’s recent IPO, Uber is worth over $41 billion dollars (more than Delta, Charles Schwab, Salesforce.com, and Kraft Foods). Someone’s getting taken for a ride. Is this even surprising considering the S&P is priced over 27 times average 10-year earnings (while the historical average is only 16), the result of pumping the economy with short term easy money policies.  


– Cyber Attacks: After a blithering cyber attack by North Korea, Sony withdraws the release of the movie, The Interview, surrendering to cyber terror, and putting us all at greater risk in the future because cyber crime does pay!


– Islamic Terrorism: While ISIS advances in Syria and Iraq, 132 school children (mostly ages 6-18) plus 9 adults massacred by the Taliban this week in Peshawar, many shot in the head and others lit on fire with gasoline and burnt to death so they are unrecognizable. This only 9 months after the April kidnapping by Boko Haram of more than 280 schoolgirls in Nigeria, which was repeated this week with the kidnapping of another 185 woman and children.


– Russian Militarism: The Great Bear is back with a vengeance as Putin continues driving Russian nationalism and buildup of advanced weapons, including WMD (e.g. nukes), aircraft, submarines, and ICBMs to counter alleged “Western Aggression.” And despite, the rubbles’ massive decline, Putin promises an economic comeback within 2 years–he’ll wait out the West and hold Crimea hostage and spoil it for everything it’s worth


So where are we going next–more hell on Earth or at some point a turnaround towards heaven again?   


(Source Photo: Andy Blumenthal)

Insuring Against Cyber Attacks

Insuring Against Cyber Attacks

More and more, our technology is at risk of a cyber attack.

In fact, just today the Wall Street Journal reported that Iran has hacked into the Navy’s unclassified network.

While we can fix the computers that were attacked, the damage done in terms of data exfiltration and malware infiltration is another matter.

To fix the computers, we can wipe them, swap out the drives, or actually replace the whole system.

But the security breaches still often impose lasting damage, since you can’t get the lost data or privacy information back or as they say “put the genie back in the bottle.”

Also, you aren’t always aware of hidden malware that can lie dormant, like a trojan horse, nor can you immediately contain the damage of a spreading computer virus, such as a zero-day attack.

According to Federal Times, on top of more traditional IT security precautions (firewalls, antivirus, network scanning tools, security settings, etc.), many organizations are taking out cybersecurity insurance policies.

With insurance coverage, you transfer the risk of cybersecurity penetrations to cover the costs of compromised data and provide for things like “breach notification to victims, legal costs and forensics, and investigative costs to remedy the breach.”

Unfortunately, because there is little actuarial data for calculating risks, catastrophic events such as “cyber espionage and attacks against SCADA industrial controls systems are usually not covered.

DHS has a section on their website that promotes cybersecurity insurance where they state that the Department of Commerce views cybersecurity insurance as an “effective, market-driven way of increasing cybersecurity,” because it promotes preventive measures and best practices in order to lower insurance premiums and limits company losses from an attack.

Moreover, according to the DHS Cybersecurity Insurance Workshop Readout Report (November 2012) cybersecurity insurance or risk transfer is the fourth leg of a comprehensive risk management framework that starts with risk acceptance, risk mitigation, and risk avoidance.

I really like the idea of cybersecurity insurance to help protect organizations from the impact of cybersecurity attacks and for promoting sound cybersecurity practices to begin with.

With cyber attacks, like with other catastrophes (fire, flood, accident, illness, and so on), we will never be able to fully eliminate the risks, but we can prepare ourselves by taking out insurance to help cover the costs of reconstituting and recovery.

Buying insurance for cybersecurity is not capitulating our security, but rather adding one more layer of constructive defense. 😉

(Source Photo: Andy Blumenthal)