Recommended Reading
Top billing! Sam Liles – Manhattan project for cyber security
Mr. Lewis Shepherd of Microsoft came to Purdue to give a talk for CERIAS awhile back and he talked about how equating the Manhattan Project to the world of cyber security is completely wrong. I liked his talk quite a bit, and it aligned closely with something I’ve been talking to people about for awhile. Talking to people is important. I know my impact on the world is going to be negligible but I’ve dedicated my life to infecting the youth of the world with a few stray ideas. They call it teaching, and it doesn’t pay much. I think Mr. Shepherd was making a good case that scope, and cause and effect, and process of one program might no align realistically with another program. The secrecy, single mindedness, and type of problem that was the Manhattan project has almost nothing to do with the quite different project of cyber security. Much like I’ll never be able to equate my teaching to Socrates, the cyber security community shouldn’t really think “Manhattan Project”.
….Everything you likely think about defense in depth is wrong. All of the audit and compliance stuff is wrong. The firewall and intrusion detection and prevention technologies are wrong. The autocratic and dictatorial policies of information security are wrong. The underlying theories of robust and resilient programming are wrong. There is nothing about the current information technology infrastructure that is security oriented. The foundations of the technologies are fundamentally at odds with creation of an information secure culture. Now to be honest I didn’t say this. Neumann, Saltzer, Cerf, Bernack, and so many other people said this long before I did. But, maybe you haven’t read their stuff before.
How can I possibly support that they are all wrong and don’t work? Pretty simple. They don’t. Though we can secure systems to some point we are almost always talking about a security absent some failure in the system. There is nothing really secure. This is a huge problem that breaks most peoples “common sense” way of thinking about security. Simply put the way we do things will never be secure and we should stop trying to fix things the way we know doesn’t work.
Read the rest here.
John Hagel –A Contrarian View on Resilience
In a world of growing uncertainty and mounting performance pressure, it’s understandable that resilience has become a very hot topic. Everyone is talking about it and writing about it. We all seem to want to develop more resilience. But I’m going to take a contrarian position and suggest that resilience, at least as conventionally defined, is a distraction and perhaps even dangerous.
….In this context, the conventional view of “bounce back” resilience for enterprises is profoundly dangerous. It simply increases the ability of the institutional status quo to survive when conditions demand a fundamental transformation. It increases the gap between what we are doing and what we need to do. We already face a growing mismatch between the institutions and practices that dominate in business and the needs of the markets and societies that are being re-shaped by the global forces outlined earlier. As long as this mismatch persists, we will face increasing disruptions and stress as struggle to maintain institutions and practices that are no longer viable. We don’t need to bounce back; we desperately need to move forward.
International Centre for the Study of Radicalisation (ICSR) –“Who Matters Online: Measuring Influence, evaluating content and countering violent extremism in online social networks“ by JM Berger and Bill Strathearn
J.M. Berger, author of Jihad Joe (reviewed here by Charles) frequently tackles Islamist militants and various kinds of terrorism at Intelwire but the focus in the above paper is on far Right, white nationalist and radical racist strands of violent extremism
SWJ Blog– (Bunker) Review: Intersections of Crime and Terror and (Sullivan) Spillover/Narcobloqueos in Texas
A new Texas Department of Public Safety Threat Assessment report states that criminal cartels are operating in Texas and are the No. 1 threat to the Lone Star State. Narcobloqueos (narco-blockades) are now being seen north of the border.
Eeben Barlow – Failing to Listen
….Often, the government forces appear to be very well trained in running away
Timothy Thomas – Why China is reading your email
Abu Muqawama (Trombly) – Limits of Proxy Warfare in Syria
GLORIA Center – (Col. Norvel DeAtkine) Western Influence on Arab Militaries: Pounding Square Pegs into Round Holes
David Stockman – State-Wrecked: The Corruption of Capitalism in America
ZeroHedge – List Released With 132 Names Who Pulled Cyprus Deposits Ahead Of “Confiscation Day”
Harvard Magazine –The Humanities, Digitized
Chicago Boyz (Foster) –RERUN–Author Appreciation: Rose Wilder Lane
From BOYD & BEYOND 2012:
Dr. Chet Richards on the work of Colonel John Boyd:
April 4th, 2013 at 2:48 am
The last paragraph of Sam Liles piece states that the proper way to handle cyber security is to assume that your defenses will be breached and to structure your operation so that you can operate effectively in spite of a breach. That seems sensible, but it brings something to mind. If you assume that your system will be breached, shouldn’t you also assume that you cannot predict how badly it will be breached. And if you cannot know how badly it will be breached, it is prudent to assume that it can totally compromised. If it can be totally compromised, shouldn’t you design into the system a capability for total reversion to manual control? I am thinking mainly of things like municipal water systems and the grid. I know the only manual reversion available for something like a B-2 is to punch out, but the power grid was operated quite well long before computers took over as were muni water systems, canal locks, dams etc. Someday we will get into a nasty fight with somebody and they will go after infrastructure control systems, and they will get in. If there is no manual reversion, there will be trouble. Perhaps with this in mind, it would be prudent to go back 30 or 40 years in technology in some respects, heresy though this may be.