Truth About Computer Security Hysteria
Advance to the rearGeorge C. Smith, Ph.D., Editor-at-large
Friday, 27 July 2001
"There seems to be something wrong with our bloody ships today."
SIR DAVID BEATTY'S notorious quote on May 31, 1916 is one of the high moments of understated cool in extremis in the history of military action. In the time it takes to brew a cup of tea, it seemed like everything had gone south for him. A few minutes prior to the loss of the Queen Mary, another capital ship in Beatty's lead squadron at Jutland, the Indefatigable, had caught fire and broken in two.
But who remembers tough coots like Sir David Beatty? He's dead and what did he know about digital combat anyway? Nothin,' that's for sure! He wouldn't even be fit to work the cafeteria of the United States of America's mighty Joint Task Force for Computer Network Defense! Plunging fire from German battleships of the High Seas Fleet was as a summer rain to Code Red worms. Thirteen hundred men dead in five minutes on Queen Mary? Bah! Code Red might have infected ... a lot of computers, I tell you!
"Due to the release of a highly destructive virus on the Internet, the Commanding General, Joint Task Force for Computer Network Defense has ordered that Department of Defense block all web traffic generated from the Internet attempting access to any military installation web sites," quoth one missive from the American military and, so, DoD conducted a 180-degree battle turnaway and disengaged from the Web en masse late Thursday, July 19. (And stayed off-line.) There was something wrong with our bloody software, as usual, it was said.
But porn sites remained up. So did Google, Geocities/Yahoo, MSN.COM, your Aunt Minnie and just about everyone else, too. If one chose to actually believe that DoD's actions were motivated by good guidance, everyone else just had to have been too plumb stupid to not know when to come in out of the rain.
Even though there was some initial argument, the British won the Battle of Jutland. Beatty's superior during the engagement, admiral of the Grand Fleet, Sir John Jellicoe, was said to have been the only man who could have lost World War I in an afternoon. It is a claim that alleged Net actions have yet to rival despite blandishments to the contrary.
Disregard the lamentations of public information officers, the paranoids in computer security and their flugelmen. The U.S. military deserted the field when merely threatened with the Battle of Code RedLand. They sure don't make 'em like they used to.
Audace, audace, toujours audace. Historically illiterate chowderheads are invited to consult "The Price of Admiralty" by John Keegan for a cracking good read on Jutland, naval combat, and the costs of rotten leadership.
And the Freedom of Information Act must be amended to strengthen cyber-security. JEC recommended this, so it must be excellent advice.
At the rate of about once a week, sometimes even more, the Chinee will be accused of doing something vague but bad in the mainstream press.
The Sunday, July 22 edition of the Washington Times rolled out a general from Chancre Jack China to accuse Commie China of planning to use weapons that have never been demonstrated to exist — "Electromagnetic pulse missile warheads that can disrupt the electronics of weapons systems by creating an electronic shock," computer viruses, which do exist, but which allegedly "can be unleashed against both military and civilian computer networks, such as banking and stock market systems, to cause social unrest and create chaos," and the always popular sleeper agent, or spy "who could sabotage computer networks in wartime." The primary target: Chancre Jack China. But America is in for its share of trouble, too, warned the Taiwanese fugleman.
(That's fugleman, not quite the same as flugelmen — your Editor-at-Large.)
The U.S. geo-political climate now more or less dictates that the designated enemy is China. How much substance is in the claims, even if there is any at all, is beside the point. It's the system-wide weather.
For example, the conservative U.S. News and World Report stated in a recent issue that the National Intelligence Council (NIC) was engaged in cooking the book on the threat axis, pressuring RAND Corporation to furnish a paranoid assessment of the Chinee menace. When RAND analysts balked, the think tank was dismissed from the classified project, claimed the magazine.
In practical terms this translates to the fact that threat analysis on the subject is dictated by whatever cant is in the wind, so degraded intellectually, that a donkey could supply it. All that it is necessary to do is to blame the Chinee for ... writing viruses, developing electromagnetic pulse bombs, planting spies, trying to destabilize the U.S. economy in cyberspace, pilfering nuclear weapon designs, defying the rule of law, rudely smashing our spy plane, infiltrating high schools with sleeper agents. As it stands, the media will largely report this as true or completely refrain from commenting on the more ridiculous aspects of the process.
Since Vmyths.com has discussed the Joint Economic Committee's China-bashing as institutional group behavior: at its worst, the equivalent of brainless suspicion of anything "yellow" (Senator Bob Bennett was definitely in attendance in 1997 when the conspiratorial claim about Chinese sleepers infiltrating American high schools in order to "unfairly" compete against U.S. boys and girls was delivered in JEC session — no one even faintly questioned this); at best, simple exaggeration not based on carefully-considered judgment. The hunch arises that reasoning for the amendment of FOIA in the name of cyber-security in this contemplative environment, and the term is meant loosely, is, like the steady painting of Commie China as the arch-Fiend, also based upon little but crap.
Senators Bob Bennett and John Kyl will introduce their bill to change FOIA either late this week or in the next. It will join another virtually identical bill, called the "Cyber-Security Information Act," already in process in the House of Representatives under guidance by Congressmen Tom Davis and Rick Moran. This duplicates a two-pronged effort mounted during the last year of the Clinton administration which came to naught.
Beltway lobbyists for FOIA amendment like the Information Technology Association of America, a group that represents a slice of the computer security industry as well as fronting a speaker's bureau for it, regularly suggest the measure is needed to encourage corporate American to "share information" on computer security trouble without fear of losing it to the wrong hands. How a FOIA amendment would ensure this is not explained to any real degree.
However, your Editor-at-Large can draw upon an example which may be of same use in the current discussion. As of late July, Enron, a giant Texas-based power generator, was fined and found in contempt in California state Senatorial meetings for "refusing to disclose top secret business records" during an investigation into price manipulation in the state's electrical energy market — this from a report in the Los Angeles Times.
The paper writes, "Enron and other generators argued that their most closely guarded trade secrets would be put at risk of exposure if they were given to the [Senatorial] committee, even under confidentiality agreements proposed by the panel." Enron and seven other corporate generators had their records subpoenaed by the California Senatorial committee. All defied the subpoenas until contempt threats were made.
Vmyths.com argues that big corporate security breaches, of the kind the U.S. government would be interested in learning of through "information sharing" agreements, are inherently traumatic to the corporations which endure them. Much like a state-inspired senatorial investigation. And that even with extended guarantees of confidentiality (which, allegedly, amendment of FOIA is supposed to supply), there is absolutely no guarantee that "information exchange" will occur and some strong evidence to indicate there would be non-compliance under such a plan with no manner of legal protections making much of a difference.