Return-Path: <sentto-279987-1383-993744976-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 28 Jun 2001 09:17:07 -0700 (PDT) Received: (qmail 22842 invoked by uid 510); 28 Jun 2001 15:17:56 -0000 Received: from b05.egroups.com (208.50.144.96) by 204.181.12.215 with SMTP; 28 Jun 2001 15:17:56 -0000 X-eGroups-Return: sentto-279987-1383-993744976-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by b05.egroups.com with NNFMP; 28 Jun 2001 16:16:17 -0000 X-Sender: Ross.Leo@csoconline.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_1_3); 28 Jun 2001 16:16:16 -0000 Received: (qmail 2042 invoked from network); 28 Jun 2001 16:14:41 -0000 Received: from unknown (10.1.10.27) by l9.egroups.com with QMQP; 28 Jun 2001 16:14:41 -0000 Received: from unknown (HELO csoc-fire1.csoconline.com) (140.169.2.142) by mta2 with SMTP; 28 Jun 2001 16:14:40 -0000 Received: from csoc-mail-imc.csoconline.com by csoc-fire1.csoconline.com via smtpd (for mta1.onelist.com [208.48.218.7]) with SMTP; 28 Jun 2001 16:14:35 UT Received: by csoc-mail-imc.csoconline.com with Internet Mail Service (5.5.2653.19) id <MRAL6KQ5>; Thu, 28 Jun 2001 11:14:17 -0500 Message-ID: <72222DC86846D411ABD300A0C9EB08A156FC00@csoc-mail-box.csoconline.com> To: "'iwar@yahoogroups.com'" <iwar@yahoogroups.com> X-Mailer: Internet Mail Service (5.5.2653.19) From: "Leo, Ross" <Ross.Leo@csoconline.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 28 Jun 2001 11:14:29 -0500 Reply-To: iwar@yahoogroups.com Subject: RE: [iwar] Me spreading hysteria about Cyberwar Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit IMHO: I believe that certain functions of any organization (from that group of things an organization has historically done for itself within itself) can be outsourced. Likewise, there are certain functions that should not be, AND there are certain organizations that should not outsource anything. Reality is that all these decisions should be based on risk management principles - whether the risk is to financial capital, human capital, supply chain, or whatever. I have no problem with the Military outsourcing certain operations to civilian suppliers - they have done that for a very long time in many areas. Most often they do it without consideration for the risks involved - either because the are in question is one they are directed to outsource (an historically "contractor"-type job), or because the function is not one they want to tie up the "standing force" to do (by keeping that function and its administrative burden in-house). The Military has publicly stated that each branch is going to put together an "Info warrior" force, one dedicated to addressing the obviously increasing threat to what they are calling "information operations" or "battlefield information superiority". Good thing. They are however starting (at least, this is what they have indicated publicly) with the week-end warrior reserve force, and not with the mainstream regular G.I. Not-so-good thing, but probably benign in the end. I had written about 300 more lines on this topic, but decided against including them here. I think it boils down to a couple of simple points: regardless of what the Military contracts out, they cannot contract out the Management responsibility, accountability, and ownership. Others may do the work, but these others do not own anything, and as such they will never be fully responsible or fully accountable. The world is different, the risks are different and greater than before, and the whole concept of "trust" has taken on a new importance. And while the basic role of the Military remains the same, it has taken on new definition and aspect. The Military is often slow to recognize such changes and their portents. Espionage is not dead (just ask the FBI), and the geography and goal of warfare has changed. The Military must change its models of risk assessment and response to include those risks the Information Age has brought to the fore. Ross Leo -----Original Message----- From: Blader Robert G DLVA [mailto:bladerrg@nswc.navy.mil] Sent: Monday, June 25, 2001 09:48 To: 'iwar@yahoogroups.com' Subject: RE: [iwar] Me spreading hysteria about Cyberwar I agree with Mr. Ross's statement "...I have no doubt that the NSA/DoD have looked/are looking into this, from both offensive and defensive perspectives." In fact is this not the purpose of the National Infrastructure Protection Center (www.nipc.gov)? Question I'd like to throw out to iwar readers is how do you feel initiatives such as Navy Marine Corp Intranet will affect the iwar landscape? My understanding of what is happening is that Navy/Marine Corp are basically outsourcing much of its networking needs. I have my opinions and observations but am curious what others in the know might be thinking regarding this matter. Rob Blader -----Original Message----- From: Leo, Ross [mailto:Ross.Leo@csoconline.com] Sent: Monday, June 25, 2001 10:13 AM To: 'iwar@yahoogroups.com' Subject: RE: [iwar] Me spreading hysteria about Cyberwar I find this interesting. I don't know about the hysteria part, though. Or the Monkey-Man either. (?!?!) We should never forget that the spreading of disiniformation is also a part of war, cyber and otherwise. IMHO - Blitzkrieg is a piece of this. (Just stop and think about it for a moment). I have no doubt that the NSA/DoD have looked/are looking into this, from both offensive and defensive perspectives. It would be their normal role to do so, and they would be remiss not to investigate such potentialities. WRT Chaos Theory: Any time power transfers (Law of Physical and Social Entropy), folks get nervous. There are a lot of "practical Chaoticians" out there. The proliferation of cheap computers through-out the world constitutes a power transfer into the hands of folks like this. And what makes me nervous (not very, really) is not the ones we hear about. Given the way humans and Governments learn and react, it will take a large-scale, serious event from a hostile source to really wake them up. I spend 10 hours a day working on answers to problems like cyber warfare and directing others doing the same thing, so that my clients are not caught napping. It is the same with them, and unless and until organizations get with it, the damage will be done first without benefit of preparation or mitigation. (T'was ever thus...). As for the MonkeyMan, what sort of Cyber warrior is he/it, and why do we even care? -----Original Message----- From: Ravi V Prasad [mailto:r_v_p@yahoo.com] Sent: Sunday, June 24, 2001 05:22 To: iwar@yahoogroups.com Subject: [iwar] Me spreading hysteria about cyberwar An article in vmyths.com by George Smith attacking me and accusing me of spreading hysteria about cyberwar. Ravi Visvesvaraya Prasad ============================================= Rantings Mumblings of monkey-men mock moderation by George C. Smith, Ph.D. LOCAL LOS ANGELES TV news anchormen had a great time with the monkey- man of India -- an allegedly fierce creature fond of attacking the destitute while they slept. I bet yours did, too. Thanks to a strategically placed news story in the Los Angeles Times and subsequent legs on the Times-Post newswire in May, everyone was laughing it up over this story of queer beans emanating from the subcontinent. "Look at those backward perishers in Gobble-Wallah," was the smug subtext. "They don't know ---- from shinola!" "Leading Hindu nationalists insisted that the military intelligence agency in Pakistan had sent the monkey-man in a sinister plot to destabilize India. Several members of Parliament demanded that the government send in crack paramilitary units to catch the ape-man." -- from a May 2001 story in the Los Angeles Times on the hysteria surrounding a recent urban legend of India However, our myths are just as good. We just spackle them over with a snobby, less proletarian techno-veneer. The monkey-man would have been fine for America in the early-70's, around the time of the filming of "The Legend of Boggy Creek," but now that we've invented the Internet, "digital Pearl Harbor" and "information warfare" derivatives are better socio-cultural fits. So infatuated was I by the tale of the monkey-man of New Delhi I went in search of more news on the Internet and in so doing discovered that one of our special monkey-men had wandered away and merged with the cyber-lore of foreign lands. It was said in the Los Angeles newspaper that an analysis in the Hindustan Times wrestled with explaining the belief in the monkey- man. Desperation and hard times was what it boiled down to, according to the Times -- superstition cooked up by "poor people" driven to aggravation by 10-hour power black-outs and water shortages. Looking for the Hindustan Times on the Web for further copy, however, got me sidetracked onto another article published by the newspaper. In a piece from the June 8, 2000 edition, journalist Ravi V. Prasad mulled over "cyber-terrorism and the threat to India" in the wake of the KillerRésumé and ILoveYou computer viruses. Prasad quoted R. James Woolsey, former director of the CIA, as an expert on computer viruses. In the Hindustan Times, Prasad alleged Woolsey had claimed the existence of "an entirely new class of viruses which he termed instructive viruses" during a talk given to a Washington-based think tank. "An instructive virus can instruct [which would seem inarguable] critical computers to shut down vital infrastructure," went the story. The Hindustan Times also claimed the National Security Agency had developed a "virus called Blitzkrieg ... based on research in quantum electrodynamics and chaos theory, which can destroy networks of entire nations ... the equivalent of the deadly human Ebola virus..." "While there is no significant reason to suspect that the US may use Blitzkrieg or instructive viruses against India, we should be on our guard," continued the newspaper. "Because the monkey-man reportedly attacked only sleeping people in the dead of night, actual sightings were hard to come by." -- "...Sinister Simians Roam," the Los Angeles Times, May 2001 U.S. CYBER-MONKEY-MEN HAVE much in common with the New Delhi species. Sightings of terrorists plotting to douse the lights from the refuge of an offshore cyber-bunker or Russian henchmen downloading precious U.S. Department of Defense intellectual treasure are often cited but occur only in the American equivalent of very dim moonlight: hearsay of classified goings-on or vague but stunningly grandiose mumblings delivered by parties who speak under the shields of secrecy and anonymity. With the case of the NSA Blitzkrieg virus, the legend concerning it was already just about two years old when come upon by the Hindustan Times. In April of 1998, SIGNAL, the magazine organ of the Armed Forces Communications and Electronics Association, a publication notable for jargon-riddled articles on the repeatedly alleged utter supremacy of Department of Defense digital widgetry and a servile regard for the details of Pentagon contracting, ran a cover story on it. Like many news items which take on the proportion of myths, this story concealed a small nugget of truth -- in this case, word of a still-in-development piece of commercial computer network security software -- within a billowing cloud of grandiloquent, often common- sense-defying huffing and hooting. "A growing echelon of chief technology officers are likening the stealthy [Blitzkrieg] virus to the digital equivalent of Star Wars technology," alleged a sample. Yet another segment of the now mythic story referred to an apparently very excitable but unnamed CIA computer security specialist who claimed Blitzkrieg virus to be "potentially more dangerous than nuclear weapons." Mostly, all the magazine's blustering was aimed at getting the interested to attend an annual high tech conference sponsored by AFCEA. And, in the fullness of time, that was pretty much the end of it. No "Star Wars" computing technology gained supremacy. Despite a great deal of wishful thinking on the subject, no digital "nuclear weapons" appeared. Virus-writers made ILoveYou and Melissa and Kournikova and a few thousand others of no account. Cyber-World Wars were said to be started and stopped, won and lost, lost and won, stalemated, checkmated, fool's-mated and deadlocked. It was Serbia vs. NATO, India vs. Pakistan, Arab vs. Israeli, Chancre Jack China vs. Commie China, Commie China vs. America, Lick-Spittle vs. the Cyber- Pantywaist, cats vs. dogs, a dozen or so I've forgotten, and Me vs. You -- you crusty botch of nature! Are you beginning to grasp where your editor is going with this? "One man who claimed that he had looked the monkey-man straight in the eye said the beast immediately turned into a cat and ran away." -- from the Los Angeles Times If one takes the wide-angle view, it becomes painfully obvious that it doesn't really matter if the songs we sing to each other are based on nothing at all. If enough believe the myths have merit then subsequent public discussions and national policy can and does arise as a response to them. In this specific case, empty-headed talk -- tales of monkey-men -- of U.S. origin about network blitzkriegs and instructive viruses is taken as an indication, by a foreign country's Washington Post, that the American military has taken a lead in development of cyber- weapons and that it might be rational to think about devising balancing forces. IRONICALLY, THIS IS not the view from the cyber-trouble front typically presented in the American mainstream. Instead, the US- centric view, which in and of itself is a rather selective myth, is best explained in connection with the Department of Defense buzz- term -- "asymmetric threat." Invoked ad nauseum since the middle of the past decade by Pentagon- wonks, "asymmetric threats" are "weapons [like 'instructive viruses'] and tactics that relatively weak enemies ... use to foil [U.S.] technological supremacy." Or, for another common example, they can be explained as features of "a war where [the adversary] will strive to fight electronically" instead of irrationally attacking the U.S. military head on. Always in accompaniment is the vaguely-defined received wisdom that such menaces arise more or less spontaneously in foreign powers or agencies crazy-mad bent on attacking America in the future. The heretical idea that an "asymmetric threat" might not actually be so, that it might just be a sign of symmetry -- a refection or reaction stemming from a perception that the U.S. military has an aggressive interest in the same type of offensive warfighting -- is not entertained. In other words, the myth of the asymmetric cyber-threat will generally appear in our national news media as a reported condition in which American infrastructure is always said to be the target of foreign operations or plans in development. And it will present in a vacuum in which examples from the foreign perspective (of which there are now, unsurprisingly, quite a few) are excluded. One never expects to see mention of an article from the New Delhi (or any foreign capital's) newspaper suggesting the need for cyber-war agencies as a response to a presumed corresponding and quite possibly precedent American build-up. The exception to the rule is one in which such an article is filtered through a government, military or private sector source who paraphrases only the portion where information warfare agencies are recommended -- not the context in which it is delivered. "If he's a monkey, I'm ready for him." -- a New Delhi man "now in the monkey management business" waiting and hoping for a call to take on the monkey-man However, this is not all bad news! Rampant confusion and mass insanity can be good for the economy. The multiplication of monkey- men myths creates job stimulus. Professionals recruited to prevent "instructive viruses" or network Blitzkriegers can be thought of as our more technologically informed variety of monkey-man managers. Indeed, they can spawn even more jobs and goods, creating "synergies" with strategic forecasting services or threat warning and information sharing networks. Anyone can get in the game, from federal agencies like the National Infrastructure Protection Center or the National Security Council to the private sector. Better still, the work is inexpensive and can turn a substantial profit upon mark-up prior to delivery of the finished product. You see, the dirty little secret of monkey-man prediction is that it is the technological equivalent of unskilled labor. That is, unless you consider daily Web-surfing and the collection of electronic gossip tasks requiring scholarly rigor. --06/05/01 ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:19 PDT