Essays in the Category "National Security Policy"
Page 7 of 14
Close the Washington Monument
A heavily edited version of this essay appeared in the New York Daily News.
Securing the Washington Monument from terrorism has turned out to be a surprisingly difficult job. The concrete fence around the building protects it from attacking vehicles, but there’s no visually appealing way to house the airport-level security mechanisms the National Park Service has decided are a must for visitors. It is considering several options, but I think we should close the monument entirely. Let it stand, empty and inaccessible, as a monument to our fears…
It Will Soon Be Too Late to Stop the Cyberwars
The world is gearing up for cyberwar. The US Cyber Command became operational in November. Nato has enshrined cyber security among its new strategic priorities. The head of Britain’s armed forces said recently that boosting cyber capability is now a huge priority for the UK. And we know China is already engaged in broad cyber espionage attacks against the west. So how can we control a burgeoning cyber arms race?
We may already have seen early versions of cyberwars in Estonia and Georgia, possibly perpetrated by Russia. It’s hard to know for certain, not only because such attacks are often impossible to trace, but because we have no clear definitions of what a cyberwar actually is…
3 Reasons to Kill the Internet Kill Switch Idea
Last month, Sen. Joe Lieberman, I-Conn., introduced a bill that might—we’re not really sure—give the president the authority to shut down all or portions of the Internet in the event of an emergency. It’s not a new idea. Sens. Jay Rockefeller, D-W.Va., and Olympia Snowe, R-Maine, proposed the same thing last year, and some argue that the president can already do something like this. If this or a similar bill ever passes, the details will change considerably and repeatedly. So let’s talk about the idea of an Internet kill switch in general.
It’s a bad one…
Threat of "Cyberwar" Has Been Hugely Hyped
There’s a power struggle going on in the U.S. government right now.
It’s about who is in charge of cyber security, and how much control the government will exert over civilian networks. And by beating the drums of war, the military is coming out on top.
“The United States is fighting a cyberwar today, and we are losing,” said former NSA director—and current cyberwar contractor—Mike McConnell. “Cyber 9/11 has happened over the last ten years, but it happened slowly so we don’t see it,” said former National Cyber Security Division director Amit Yoran. Richard Clarke, whom Yoran replaced, wrote an entire …
Should the Government Stop Outsourcing Code Development?
This essay appeared as the second half of a point/counterpoint with Marcus Ranum. Marcus’s half is here.
Information technology is increasingly everywhere, and it’s the same technologies everywhere. The same operating systems are used in corporate and government computers. The same software controls critical infrastructure and home shopping. The same networking technologies are used in every country. The same digital infrastructure underpins the small and the large, the important and the trivial, the local and the global; the same vendors, the same standards, the same protocols, the same applications…
U.S. Enables Chinese Hacking of Google
Google made headlines when it went public with the fact that Chinese hackers had penetrated some of its services, such as Gmail, in a politically motivated attempt at intelligence gathering. The news here isn’t that Chinese hackers engage in these activities or that their attempts are technically sophisticated—we knew that already—it’s that the U.S. government inadvertently aided the hackers.
In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access…
Fixing Intelligence Failures
President Obama in his speech last week rightly focused on fixing the intelligence failures that resulted in Umar Farouk Abdulmutallab being ignored, rather than on technologies targeted at the details of his underwear-bomb plot. But while Obama’s instincts are right, reforming intelligence for this new century and its new threats is a more difficult task than he might like.
We don’t need new technologies, new laws, new bureaucratic overlords, or – for heaven’s sake – new agencies. What prevents information sharing among intelligence organizations is the culture of the generation that built those organizations…
Profiling Makes Us Less Safe
There are two kinds of profiling. There’s behavioral profiling based on how someone acts, and there’s automatic profiling based on name, nationality, method of ticket purchase, and so on. The first one can be effective, but is very hard to do right. The second one makes us all less safe. The problem with automatic profiling is that it doesn’t work.
Terrorists don’t fit a profile and cannot be plucked out of crowds by computers. They’re European, Asian, African, Hispanic, and Middle Eastern, male and female, young and old. Umar Farouk Abdul Mutallab was Nigerian. Richard Reid, the shoe bomber, was British with a Jamaican father. Germaine Lindsay, one of the 7/7 London bombers, was Afro-Caribbean. Dirty bomb suspect Jose Padilla was Hispanic-American. The 2002 Bali terrorists were Indonesian. Timothy McVeigh was a white American. So was the Unabomber. The Chechen terrorists who blew up two Russian planes in 2004 were female. Palestinian terrorists routinely recruit “clean” suicide bombers, and have used unsuspecting Westerners as bomb carriers…
Cold War Encryption is Unrealistic in Today's Trenches
Sometimes mediocre encryption is better than strong encryption, and sometimes no encryption is better still.
The Wall Street Journal reported this week that Iraqi, and possibly also Afghan, militants are using commercial software to eavesdrop on U.S. Predators, other unmanned aerial vehicles, or UAVs, and even piloted planes. The systems weren’t “hacked”—the insurgents can’t control them—but because the downlink is unencrypted, they can watch the same video stream as the coalition troops on the ground.
The naive reaction is to ridicule the military. Encryption is …
So-called Cyberattack Was Overblown
To hear the media tell it, the United States suffered a major cyberattack last week. Stories were everywhere. “Cyber Blitz hits U.S., Korea” was the headline in Thursday’s Wall Street Journal. North Korea was blamed.
Where were you when North Korea attacked America? Did you feel the fury of North Korea’s armies? Were you fearful for your country? Or did your resolve strengthen, knowing that we would defend our homeland bravely and valiantly?
My guess is that you didn’t even notice, that – if you didn’t open a newspaper or read a news website – you had no idea anything was happening. Sure, a few government websites were knocked out, but that’s not alarming or even uncommon. Other government websites were attacked but defended themselves, the sort of thing that happens all the time. If this is what an international cyberattack looks like, it hardly seems worth worrying about at all…
Sidebar photo of Bruce Schneier by Joe MacInnis.