ht to rf for pointing me to this article.

Five myths about Chinese hackers

By James Andrew Lewis, Published: March 22

http://www.washingtonpost.com/opinions/five-myths-about-chinese-hackers/2013/03/22/4aa07a7e-7f95-11e2-8074-b26a871b165a_story.html

James Andrew Lewis is a senior fellow and director of the technology and public policy program at the Center for Strategic and International Studies.

If you work in Washington — on the Hill or on K Street, at a law firm or at a think tank — you’ve probably been hacked. If you work at a major American company, you’ve probably been hacked, too. The penetration of U.S. computer networks by Chinese hackers has been going on for more than three decades. It’s good that it is finally getting attention, but with that spotlight have come exaggeration and myths that need to be discarded.

1. We are in a cyber cold war with China.

We are not in a war — cold, cool or hot — with China in cyberspace. There have been none of the threats, denouncements or proxy conflicts that characterize a cold war. In fact, the administration appears to have omitted any mention of the Chinese military in recent high-profile speeches on Chinese hacking. After Treasury Secretary Jack Lew met recently with top Chinese officials in Beijing, he told reporters there that cyberattacks and cyber-espionage are a “very serious threat to our economic interests.”

“Cyberattack” is one of the most misused terms in the discussion of Chinese hackers. With very few exceptions, China has not used force against the United States in cyberspace. What it has been doing is spying. And spying, cyber or otherwise, is not an attack or grounds for war, even if military units are the spies. Spying isn’t even a crime under international law, and it wouldn’t be in Washington’s interest to make it so.

Trying to cram Chinese hackers into antiquated cold war formulas doesn’t help, either. America’s relationship with China is very different from the one it had with the Soviet Union, in which contacts were extremely limited and there was no economic interdependence. The idea of “containment” for China is inane. How would you “contain” a major economic partner?

2. China’s hackers are unstoppable cyberwarriors.

The problem isn’t that the Chinese are so skilled; it’s that U.S. companies are so inept. A survey I published last monthfound that more than 90 percent of corporate-network penetrations required only the most basic techniques, such as sending a bogus e-mail with an infected attachment, and that 85 percent went undetected for months — another sign of lax security. (One more sign: They were usually discovered by an outsider rather than the victimized company.)

There is debate within the U.S. intelligence community about whether the Chinese have more sophisticated cyberattackers waiting in the wings or whether we’ve seen the best they can do. But it’s clear that so far, they haven’t had to bring their A-game to break into our networks.

3. China is poised to launch crippling attacks on critical U.S. infrastructure.

Obama’s State of the Union address included a line about how “our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air-traffic-control systems.” Similarly, a recent report by the security firm Mandiant suggested that China’s hackers are increasingly focused on companies with ties to U.S. critical infrastructure.

In peacetime, however, China is no more likely to launch a cyberattack on American infrastructure than it is to launch a missile at us. It has no interest in provoking a war it couldn’t win or in harming an economy it depends on. Even in wartime, China would want to avoid escalation and would be more apt to launch cyberattacks on the Pacific Command or other deployed U.S. forces than on domestic American targets.

China would attack civilian infrastructure only in extremis — if the survival of its regime were threatened.

4. Cyber-espionage is causing the greatest transfer of wealth in history.

This claim has been repeated by the likes of the head of U.S. Cyber Command. It’s a dramatic way to describe the theft, mainly by China, of American intellectual property, but it doesn’t make economic sense.

Putting a dollar value on the loss from cyber-espionage is very difficult, and many estimates are wild guesses. A reasonable assessment would be that it costs the United States no more than $100 billion a year and perhaps much less — what some economists would describe as a rounding error in our $15 trillion economy. This is not death by a thousand cuts. It probably isn’t even slowing the U.S. economy.

Even when China steals intellectual property, it can take years to turn it into a competitive advantage. The right technical skills and manufacturing base are needed to turn advanced designs into high-end competitive products. China is still lagging in many high-tech arenas, such as semiconductors.

The one area where this is not true is military technology. Chinese espionage has led to rapid improvements in that country’s stealth, submarine-quieting, nuclear weapons and sensor technologies. While the economic risk from cyber-espionage is generally overstated, the United States has probably underestimated the damage to its lead in military technology.

5. America spies on China, too, so what can we complain about?

Chinese officials portray their country as a victim of hacking. Meanwhile, some American scholars question whether the United States is in a position to criticize, since it also engages in cyber-espionage. “Perhaps the complaint is that the Chinese are doing better against our government networks than we are against theirs,” law professor Jack Goldsmith wrote. That misstates the issue.

The Internet, poorly secured and poorly governed, has been a tremendous boon for spying. Every major power has taken advantage of this, but there are unwritten rules that govern espionage, and China’s behavior is out of bounds. Where Beijing crosses the line is in economic espionage: stealing secrets from foreign companies to help its own. China also outmatches all other countries in the immense scale of its spying effort, and the United States is far from the only nation to have suffered.

The United States, by contrast, does not engage in economic espionage. As one Chinese official put it in recent talks at the Center for Strategic and International Studies: “In America, military espionage is heroic and economic espionage is a crime, but in China the line is not so clear.”

The United States and other countries need to make that line clearer and discourage China from crossing it.

jalewis@csis.org

via Five myths about Chinese hackers – The Washington Post.

Related articles

• On US, China, cyber espionage, and cyber war (net-security.org)
• Cyber espionage: China and the US look for talks (h-online.com)
• China and the Cyber Great Game (nationalinterest.org)
• Chinese Hack Attack (workingthewebtowin.blogspot.com)
• Intelligence Report: China Targets U.S. with Cyber-Espionage (cio-today.com)
• Cyber espionage: China and the US look for talks (comsecllc.blogspot.com)
• US mulls action against China cyberattacks (foxnews.com)
• Report: Chinese military engaged in ‘extensive cyber espionage campaign’ (money.cnn.com)
• February Cyber Conflict Link Roundup (ctovision.com)
• U.S. Presses China On Cyberattacks (warnewsupdates.blogspot.com)

Diplomacy (Photo credit: rinkjustice)

Here is a typical first conversation I have with everyone I meet who works in the IO field.

“Hi!  My name is Joel, nice to meet you!”

‘Appropriate response’

‘Appropriate small talk’.

‘Appropriate small talk’.

Me: “When you say IO, what do you mean?”

Answer:

• Full spectrum IO
• MISO/Psyop
• Cyber
• Military deception
• Electronic Warfare
• Operations Security
•  Information Assurance
• Civil Military Operations
• Combat Camera Team
• Commando Solo
• Public Affairs
• Special Operations
• Human Terrain Teams/System

Then I meet nice people working in

• Public Diplomacy
• Strategic Communication
• Strategic Communications
• Diplomats
• Marketing
• Advertising
• Cultural Anthropology
• Public Relations
• Lobbyists
• Open Source Intelligence
• Online Investigations
• Physical Security
• Online news
• Radio
• Television
• Newspapers
• Social Media
• Blogs
• Circumvention technology aka Liberation Technology
• SMEs in language, religion, culture, ad nauseum

…and we have a nice conversation.

Okay, okay, let’s ignore the fact that almost nobody says they are a part of IO, even though IO ‘integrates’ everything in the overall information environment, affecting how foreigners and their decision makers perceive us and, therefore, hopefully act in the best interest of US objectives.

Years ago I joined with Dr. Dan Kuehl and we stated that the new definition of IO should not include the word military.  I was informed (almost to the point where I felt naive or was being treated that way) that the ‘powers that be’ stated that political concessions had to be made and the word military had to be included.   “Pshaw” went through my mind.  We were sold out.  According to Clausewitz “war is an extension of politics“, in my mind this also includes preparation for war. IO and training, for instance, should never stop.  Military operations and politics are constantly ongoing on a domestic and an international stage.  Public Diplomacy and Strategic Communication(s) are ongoing, as are foreign adviser programs, defense attache activities, military exchanges, military presence, foreign equipment and military sales (the list goes on, I’m just getting tired of typing).

The United States does not have a master plan for influencing other countries to do what we want, to not stand in the way or to otherwise remain neutral. We have diplomacy.  We have military programs and we have economic programs.  We do not have an information program (remember the I in DIME?) but almost all our Cabinet Departments do, under the label of outreach, public diplomacy, international relations or so on.   Those of us who deal with the information environment, and that, quite honestly, is all of us, usually do not feel as if we are contributing to a bigger, broader unified program of promoting our respective country or at least to increase the understanding by others of the way we think, act, work and harmonize.  If you don’t think you are part of the information environment, stop reading now. The mere act of reading this blog influences you – hopefully so that you might gain a better understanding of how you are part of the bigger picture.  You email a friend, you write on Facebook, your words are read by others who share your good words with others, and eventually someone in another country reads those words.  I receive ‘shares’ and ‘likes’ from all over the world on my Facebook account and get viewers from many countries on this blog.  Welcome to the Global Information Environment.  What we say matters – globally.  Words mean things and they affect others.

In that context when we define Information Operations we need to include the word military, otherwise it is saying that the United States honestly has ‘a plan’.  We may never have a master plan for information dissemination, on how to affect other country’s, region’s or even global perceptions of the US. If we did, we would truly have our act together.  The United States might even be pretty darn good and our government might not be perceived as dysfunctional, broken, counterproductive, inept, incompetent, divisive…

ps. Before I quit. I love conspiracy theorists.  I especially love the ones that claim the government has this master plan for controlling your mind.  Listen, dudes.  If that were the case don’t you think that Congress could actually make a decision?

Related articles

• Pentagon gearing up to fight the PSYOP|MISO war (phantomreport.com)
• U.S. Advisory Commission on Public Diplomacy Re-Authorized – Where the Heck Is It? (diplopundit.net)
• Field manual spells out Army tactics for the PR war (stripes.com)
• The Interagency Working Group on Active Measures (pdnetworks.wordpress.com)
• U.S. trolling fans of Al Qaeda with online campaign (rawstory.com)
• The use of Social Media in Public Diplomacy: Scanning e-diplomacy by Embassies in Washington DC (takefiveblog.org)
• Obama Launches Next Goebbels Era: Pentagon Gearing Up to Fight the ‘PR War’ (21stcenturywire.com)
• The 4th Quadrant of Public Diplomacy (battles2bridges.wordpress.com)
• Why Doesn’t International Relations Pay More Attention to Public Diplomacy? (pdnetworks.wordpress.com)
• Culture Posts: Giving Voice to Publics (battles2bridges.wordpress.com)

Buy your cyber weapon: Selling Excalibur cyber weapon for $1700

Submitted by CWZ on Wed, 03/27/2013 – 03:32

Start your own Cyberwar or Cyberconflict with 1700 dollars. The question for a decent and powerful cyber weapon is rising so I have decided to put my cyber weapon for sale. Do you want to hack SCADA environments? No problem. Do you wish to engage in an cyber conflict? then you need to have the Excalibur cyber weapon in your arsenal. The lame cyber weapons like Stuxnet, Duqu and Flame are nothing compared to the Excalibur cyber weapon. This weapon will take down any defenses and will ignore all firewalls. This weapon is so advanced that it will beat air gapped rooms. The best thing of all – it is not state sponsored!

The Excalibur cyber weapon is made in Python and can be launched from any platform. Below you will see the login page for the new released cyber weapon.

Selling Cyber weapon Excalibur

The picture below shows how the Excalibur cyber weapon can take on any environment. You tell it what your target is – and it just initiates.

Excalibur Cyber Weapon for sale

It only needs one of the following values:

• Name
• Telephone number
• Mobile number
• Blackberry chat id
• Skype id
• Google id
• Banking account
• Home address
• Website url
• IP value

Of course all of this is just made up to get you interested in the world of cyber weapons. The mentioned cyber weapons above are real (Stuxnet, Duqu, Flame) and there are many speculations that some known malware are actually state sponsored cyber weapons. Some target SCADA infrastructures while some are made to silence people on the internet. Creating cyber weapons that are effective needs a lot of research and a group of good programmers. The thing is that this cyberwar thing has been around for decades – but now hackers or hacktivists are starting to see how these weapons are being used.

It will not take long before a group of minds unite and start creating their own cyber weapon that is not controlled by the government. What will then happen with the world when everyone has the ability of taking down infrastructures with a simple click on a button?

via Buy your cyber weapon: Selling Excalibur cyber weapon for $1700 | Cyberwarzone.

Propaganda is usually serious, political or repugnant.  My good friend, Dr. J. Michael Waller, says that ridicule is often an even more effective method of

North Korea Kim Jong-un (Photo credit: Wander Dorneles Mariano)

propaganda.  Austinites must have listened, which has resulted in a coup for the city of Austin.  You can’t buy this kind of marketing for a city for any amount of money while simultaneously throwing pie in the face of the world’s least favorite silly little dictator.

Texans mock Kim Jong Un’s apparent plan to strike Austin

Max Fisher, The Washington Post

22 hours ago

North Korea’s big “U.S. mainland strike plan,” revealed in a photo from Kim Jong Un’s war room, appears to mark the American cities that Pyongyang would attack when it launches its promised war against America. (Note: This plan is almost surely a bluff that would be way beyond North Korea’s technical capabilities and, anyway, the “plan” is probably just for domestic propaganda.) It’s not totally clear, but it looks as if one of the intended targets, among several West and East coast U.S. cities, could be the hip college town of Austin, Texas.

Austin might or might not actually be on the targets list, but all it took was this hint, this whiff of a possibility that Kim might plan on messing with Texas, to set off a fierce reaction among Texans.

The Twitter hashtag #whyaustin, asking why Kim had set his sights on the town, has been producing hundreds of reactions. The trend grew so quickly that even the official Twitter feed for the city government got in on the joke, tweeting “Not to worry Austin we’re prepared” with a link to a 1950s “duck and cover” nuclear safety video. Not all of #whyaustin jokes were funny, but a number were, and there’s nothing like mocking a ruthless dictator to end the week on a high note. Here are some selections:

$10 says SXSW rejected Kim Jong-Un’s short film submission. Only possible explanation for targeting the People’s Republic of Austin.

— Laura Seay (@texasinafrica) March 29, 2013

Austin is home to U.S. strategic BBQ reserves. RT @dblanchard: He just wanted some brisket. #whyaustin #sxdprk twitter.com/dblanchard/sta

— Paul Szoldra (@PaulSzoldra) March 29, 2013

“Forbes rates Austin third most nuke-able city in US. Mayor credits educated workforce, music scene.” #whyaustin

— Shelly Brisbin (@shelly) March 29, 2013

Kim Jong-un’s startup flopped at SXSW Interactive. #whyaustin.

— Sarah Beckham (@sarahlbeckham) March 29, 2013

Kim Jong-un still upset about the Red River noise ordinance #whyaustin

— Joseph Weisenthal (@TheStalwart) March 29, 2013

Because “Friday Night Lights” ended its run and NOBODY puts Connie Britton into a corner. #whyaustin

— Daniel Drezner (@dandrezner) March 29, 2013

Okay Austinites, who was in charge of sending Kim his invitation to Eeyore’s Birthday Party? eeyores.org #whyaustin

— David Wenger (@DavidWenger) March 29, 2013

You know who is angry about missing Prince during SXSW? Kim Jong Un. No Purple Rain = Reign Of Terror. #whyaustin

— Sweet John (@SweetJohn) March 29, 2013

Kim Jong-un taking Austin’s plastic bag ban pretty hard. Why not just write a letter to the editor? #whyaustin telegraph.co.uk/news/worldnews

— Omar L. Gallaga (@omarg) March 29, 2013

CONFIRMED: The reason North Korea wants to bomb #Austin, TX. #whyaustin twitter.com/PaulSzoldra/st

— Paul Szoldra (@PaulSzoldra) March 29, 2013

via Texans mock Kim Jong Un’s apparent plan to strike Austin.

Related articles

• N. Korea Targets Include Austin (hispanicbusiness.com)
• Hilarious Responses To News That Kim Jong-un Wants To Bomb Austin, Texas (businessinsider.com)
• #WhyAustin: Mockery meets Kim Jong Un’s threat to strike Austin, Texas (twitchy.com)
• The Lede: The Internet Loves Kim Jong-un Gags, but Are We Misreading North Korea’s Propaganda? (thelede.blogs.nytimes.com)
• Austin is Added to North Korea’s Targets, Twitter Explodes (newsy.com)
• Questions For An Expert On North Korean Propaganda (fortunascorner.wordpress.com)
• Nkorea: Kim Jong-un to Bomb Dc, La – and Austin? (secretsofthefed.com)
• Strange: Kim Jong-un wants to missile strike Austin, Texas? (bluegrasspundit.com)
• Why Austin? Humor unleashed by North Korean leader’s threat (mysanantonio.com)
• Kim Jong-Un Has Already Hit His Biggest Target (businessinsider.com)

This is one month old but I just wanted to highlight what I consider almost laughable propaganda.  If they don’t have any cyber warfare soldiers, they have

Geng (Photo credit: Araz Photo)

not been following their own doctrine, therefore someone should be forcibly retired from the military.   During my next trip to China, would you please have someone tell me the truth?  C’mon, I know you’re reading what I write.

China has no cyber warfare troops: spokesman

Source: XINHUA  |   2013-2-28  |     ONLINE EDITION

BEIJING, Feb. 28 (Xinhua) — A military spokesman said Thursday that China does not have any soldiers engaging in cyber warfare.

The inclusion of “blue teams” in Chinese military drills is done to enhance the country’s ability to safeguard cyber security and is not related to conducting cyber attacks, said Ministry of National Defense spokesman Geng Yansheng.

In recent years, many countries have been transforming their militaries as the pace of new military revolution is accelerating in the world, Geng said.

The People’s Liberation Army (PLA) is shouldering the dual responsibilities of mechanizing and informationizing the armed forces, he said.

The PLA is working extensively to upgrade its technological capabilities and improve its ability to maintain cyber security, Geng said.

“Compared with military capabilities around the world, however, there is still a gap,” he said.

Related articles

• China has no cyber warfare troops: spokesman – Shanghai Daily | 上海日报 (toinformistoinfluence.com)
• We have no cyber warfare troops: China (indiavision.com)
• China is Entering a New Age of Propaganda (toinformistoinfluence.com)
• China denies engaging in cyber warfare, claims self-defense (wantchinatimes.com)
• The Basics of Cyber Warfare: Understanding the Fundamentals of Cyber Warfare in Theory and Practice (365.rsaconference.com)
• NATO Establishes Rules For Cyber Warfare (warnewsupdates.blogspot.com)
• NATO sets out cyber warfare rules (itpro.co.uk)

The April Fools (Photo credit: Wikipedia)

Today is the first April Fools Day where I didn’t play a practical joke.  This is, indeed, a sad occasion.

A few years ago a friend and I released a mock Joint Publication of cyber terms, as in ‘cyber foxhold’, cyber this and cyber that…   a few people actually read it and believed it.  Until they got into the fifth or sixth page of terms.  Then the definitions became so outlandish that…   I can’t complete that sentence, I’d insult somebody.  Bottom line, I’ve always played practical jokes on someone. My poor ex-wives often became drenched in chicken bouillon or dyed water, found their cell phone glued shut, their keys would fall apart in their hands or something generally childish and immature.

I had all kinds of plans to play on you, gentle readers.  I was going to publish a bogus document.  I was going to quit.  I was going to announce the formation of a ‘national information officer’ at the NSC.  I had all kinds of good ideas but I left them by the wayside.  Shucks.

Instead I’ve had a day of surprises, personally and professionally, that have kept me stepping, hopping and tap dancing.   I’ve been asked to help coordinate a conference on Advanced Persistent Threats, and I’ve accepted.  I’ve been offered a really neat job, which will take me away for a while, let’s see if that one comes through (as with all contracting jobs, they’ve never come through, but I’m keeping my fingers crossed).  I’ve been asked to apply for a grant and write a book, we’ll see.  The list goes on and on.

But I had a meeting today about the Federal Trade Comission (FTC), their standards for cybersecurity and how they enforce those standards.  That was my big surprise of the day.  Bottom line, from what I heard it really looks like David and Goliath, of biblical fame.  Goliath, of course, is the FTC, in this story.  I then had a good friend point me towards some of the FTC pages, but the link appears to be down.

At issue is my personal lack of understanding of the standards by which the FTC judges cybersecurity standards for a business.  I am not personally aware of any standards and if there are no standards, how can the business be judged as lacking?   The other almost conspiracy theory aspect of this is ‘apparent’ arm-twisting by FTC officials to force businesses to grant the FTC access to all their records.  The figure I was offered was 41 cases, none have gone to court, all have been resolved by the business granting access (and the incurred cost of an external auditing firm).  The way it was explained to me sounds like extortion (do it or we’ll drag you through legal hell for years).

If any of you gentle readers has experience with FTC cybersecurity, please contact me?

Related articles

• April Fools (arlenerules.wordpress.com)
• Pranks= APRIL FOOLS!! (emmakristy.wordpress.com)
• The Problem With April Fools’ Day (business-opportunities.biz)
• April Fools’ Day Becomes Another Marketing Tool (voanews.com)
• The Ultimate Roundup of 2013′s Biggest April Fools’ Day Pranks (mashable.com)
• The best and worst of April Fool’s Day on the Internet (today.com)
• Your 2013 April Fool’s Day Prank Spoiler (lifehacker.com)
• April Fool! Is That Any Way To Treat A Street Musician?? (markarmstrongillustration.com)
• April Fool’s Day and Science – Hmm…Now that’s a weird combo !!! (sabeerhassan.wordpress.com)
• April Fools Day! (jasoninwv.wordpress.com)

Globe (Photo credit: stevecadman)

Oh, what sick and twisted minds we have.  Okay, just me.  But I get to spew forth facts and figures which I find fascinating.

Tonight I was taking a shallow tour of all the statistics that WordPress offers me.  Not a lot, really, but tonight I discovered how to get a synopsis of the viewers and from which country they were in.  I mean I’ve had ‘friends’ in China they read my blog every day but I’ll be darned if I ever found an IP address coming from China.  But then I started seeing them more frequently and now it seems to be a daily occurence.  So ‘nee hao’.

So, for grins and giggles, here is a somewhat sanitized list of countries who had people visit this blog.  This indicates to me who has an interest in information operations, information warfare, cybersecurity, cyberwar, public diplomacy and so on.  Of course I see spikes and dips. Most of the spikes occur when I’m writing about cyberwarfare.  Go figure, eh?

Country Views

• United States
• France
• United Kingdom
• Netherlands
• Canada
• Sweden
• Russian Federation
• China
• Germany
• Hungary
• Norway
• Italy
• India
• Finland
• Turkey
• Ukraine
• Australia
• Israel
• Mexico
• Spain
• Greece
• Bosnia and Herzegovina
• Uzbekistan
• Romania
• Brazil
• United Arab Emirates
• Thailand
• Portugal
• Malaysia
• Switzerland
• Chile
• Sri Lanka
• South Africa
• Poland
• Indonesia
• Croatia
• Morocco
• Japan
• Saudi Arabia
• New Zealand
• Republic of Korea
• Malta
• Austria
• Belgium
• Philippines
• Georgia
• Singapore
• El Salvador
• Saint Vincent and the Grenadines
• Ireland
• Armenia
• Peru
• Denmark
• Czech Republic
• Nigeria
• Egypt

Neat list, eh? This is just visitors in the last seven days!

My only regret is no visitors from North Korea.  *sniff*

Related articles

• Where do the most hackers come from? (blogs.gartner.com)
• International Intervention, A Collection of Images (filipspagnoli.wordpress.com)

This old IO guy is… well, old. Or maybe I just feel that way today.  I’ve been ‘doing’ IO since the mid-90s since the phrase Information Operations was first

Lessons Learned (song) (Photo credit: Wikipedia)

approved. I thought it was a fascinating concept and the potential is almost unlimited. I still feel that way today.

More importantly, at least in my opinion, I have learned what Information Operations is not.

What IO is not

Information Operations is not:

• Components.  I’ve seen one IO publication stating that IO was ‘these’ 11 components. We’ve suffered with five components for most of the past decade and now the definition is all about what we do.  Finally.
• Brainwashing. This is usually the stuff for conspiracy theorists, but all too many people think it’s possible for brainwashing to happen on a large scale.
• Scare tactics. Too many people are convinced that IO is all about scaring someone enough from one direction so they’ll move in the other direction. Heck, I’m one of those guys that always volunteered for combat duty first, so fear never worked on me.
• Propaganda. Actually, using Bernay’s 1928 book, propaganda isn’t too far off and often what we put out is labeled as propaganda.  The biggest problem with propaganda, according to the folks at the Broadcasting Board of Governors, is that the audience recognizes it and dismisses it.
• Magical.  Some think the ‘government’ has some magical elixir which we somehow sprinkle something into people’s drinks and it makes them susceptible to some sort of a hypnotic suggestion. If that were the case I would have had a lot of fun on more dates…  just kidding.

What I need your help with

Therefore I am asking you IO professionals to email me ‘Lessons Learned”. Please include an above the line part, a line, and a below the line part.  Anything above the line I can use in a blog and share.  Anything below the line is private, just for you and me.  Email it to Joel dot k dot hard at gmail dot com.

I’d especially love hearing from you folks who are downrange or just returned.  I’d especially love to hear from you folks in Afghanistan or who just returned.

Your lessons learned can run the gamut from short to long.  No, I’m not going to publish a 30 page paper but I’d like to see a job description, where you work, your name (as private as you’d like, I won’t share if you don’t want me to).

I’d like you to include a short synopsis of things that worked and things that didn’t.   For instance, a good friend tried to use ridicule on an elder in an Afghan village.  That didn’t work because the source was not part of the elder’s family, so it didn’t register with the elder.  There must be hundreds of those lessons floating around and they certainly shouldn’t all be protected by classification.

This is a call to all of you – for papers.  For good ideas.  For lessons learned.  For the community.

Thanks!

Related articles

• Why Western Democracy Is Mind Control (rinf.com)
• What is Information Operations (toinformistoinfluence.com)
• Let’s Start a Dialogue on Propaganda (toinformistoinfluence.com)

 Originally posted at http://www.liveleak.com/view?i=f12_1365084142

North Korean Propaganda Website Hacked, Apparently by Anonymous

Uriminzokkiri.com, the North Korean propaganda site, was hacked, it seems. As of posting, it is impossible to access the site. It’s gone dark.

What’s more, Uriminzokkiri’s Twitter currently appears compromised and is tweeting, “Hacked” and “Tango Down” for various other North Korean propaganda sites–as noted by websiteNorth Korea Tech. Uriminzokkiri’s Flickr page is now filled with images, including the one above, that seem to indicate others are in control.
The Uriminzokkiri Flickr page also has an image that reads “We Are Anonymous” as well as images depicting the iconic Guy Fawkes mask.

As also noted by website North Korea Tech, the hack was carried out hours after a list of 9,000 registered Uriminzokkiri users was posted online. The list, North Korea Tech adds, contained not only user names, but also their real names, email addresses, dates of birth, and hashed passwords.

Thus, North Korea Tech concludes, if the leaked info, which seemed to include the site’s administrator, was correct, then it would be possible for others to enter and controlUriminzokkiri. That is exactly what seems to be going down.

[url=http://kotaku.com/5981720/north-korea-uses-call-of-duty-and-we-are-the-world-in-truly-bizarre-propaganda]North Korea Uses Call of Duty and “We Are the World” in Truly Bizarre Propaganda[/url]
If those North Korean propaganda games weren’t odd (and unsettling) enough, the country’s … Read…

Uriminzokkiri is based in China, but acts as a Pyongyang mouthpiece. It gained internet notoriety earlier this year after using Call of Dutygraphics and The Elder Scrolls music without permission in North Korean propaganda clips. It’s also home to many crude and crappyflash games.

Uriminzokkiri’s YouTube page, which was hacked in 2011, seems untouched by this latest incident. That is, for now.

Uriminzokkiri, companion websites hacked [North Korea Tech]

Kotaku East is your slice of Asian internet culture, bringing you the latest talking points from Japan, Korea, China and beyond. Tune in every morning from 4am to 8am.

Read more at http://www.liveleak.com/view?i=f12_1365084142#wkc8mZR0AFGZD54w.99

Related articles

• North Korean Propaganda Website Hacked, Apparently by Anonymous (kotaku.com)
• Anonymous Hacks North Korea’s Propaganda Website Uriminzokkiri, Steals 15,000 Passwords (leaksource.wordpress.com)
• Uriminzokkiri, companion websites hacked (northkoreatech.org)
• North Korea’s Twitter account hacked (wptv.com)
• Anonymous takes control of North Korea’s Twitter and Flickr accounts, defaces websites (thenextweb.com)
• Anonymous Claims It Hacked North Korea’s Intranet (But It Probably Didn’t) (democracyandclasstruggle.blogspot.com)
• Anonymous hackers claim to have stolen 15,000 user passwords from North Korea’s Uriminzokkiri site (thenewsinformer.com)
• North Korean Twitter account appears to have been hacked as series of strange messages are posted (dailyrecord.co.uk)
• Anonymous Claims It Stole 15K Records From North Korea (fortunascorner.wordpress.com)
• North Korean Propaganda Artist Escapes and Becomes Satirical Cartoonist Who Lampoons North Korea (21stcenturyscreenshots.wordpress.com)

Writing Stories (Photo credit: Kiet Callies)

A lot of money is spent by the US Department of Department of Defense, and IO offices around the world, to ‘do’ information operations.  Sometimes it is called Information Operations, sometimes it is called Strategic Communication(s), International Relations, Public Relations or even propaganda by detractors.

Thousand of manhours are devoted to developing a set of themes and memes which support an overall objective, say, establishing trust in ISAF forces by indigenous personnel within Afghanistan. With that we would have a set of Measures of Effectiveness, hopefully categorized and established even before initial planning kicks off. Oh, certainly these areas are broken into regions and tribal areas and each would build upon and nest within the themes and memes of their next higher headquarters and most certainly would be coordinated for timing, content and reinforcement.  Dozens of teams of IO personnel, regardless their flavor, would work long, hard hours to scan reports, identify ‘immediate action’ drills needed to counter time-sensitive developing situations, insuring these quick turnaround messages fit within an overall series of themes and memes.  The effort needed to generate an overall product and nesting these products within an overall plan is incredibly delicate, exhausting and consuming.

Now it can all be automated.

Newspaper stories have already become automated, relying on algorithms to scour news releases and other sources of stories, creating a synopsis which includes pertinent points – determined by the reporter.  This is already happening today, according to reports, here and here. Imagine an IO or MISO staff supporting downrange operations receiving an automatically generated report that only has to be tweaked and approved?  It’s already happening and this can potentially save millions, if not billions, of dollars and a incredible amount of time and effort.

Now imagine a boss who is a ‘Grammar Nazi’, you know, the kind who crosses out words and substitutes one inconsequential word for another?  The potential for creating a world class product which proofreads a paper and makes intelligent recommendations for improvement so that one’s boss is suitably impressed by all your products?  Already being done, according to a recent New York Times report, here. The potential for these products is only limited by one’s imagination and finding someone talented enough to write the code.

Now imagine these products applied to social media.  DARPA is already studying this problem, according to FedBizOps announcement here. I met with the PM of the program, he was seeking intelligent programs which could automatically recognize developing memes and themes and automatically generate messages which could assist countering those messages on social media sites.  Much of this program is currently theoretical but the technology was all very possible.

The title of this article is somewhat misleading, therefore.  We are not seeking to completely remove the human from the IO process.  We are seeking to improve speed, effectiveness and improve overall IO efficiency.  Our potential, ladies and gentlemen, is nearly unlimited. The future is ours.

Related articles

• What is Information Operations (toinformistoinfluence.com)
• Seeking IO Lessons Learned (toinformistoinfluence.com)
• Know Your Meme – Harlem Shake iOS Edition [Video] (cultofmac.com)
• President Obama Wants to Get Inside Your BRAIN (blacklistednews.com)
• Beyonce memes: her most unflattering photos (lostateminor.com)
• Memes poke kind fun at new Pope (timesofmalta.com)
• Pentagon gearing up to fight the PSYOP|MISO war (phantomreport.com)
• U.S. Military Members Have New Resource with Stars and Stripes Education Guide (prweb.com)

Directed Energy Weapon on ships successful!

Shipboard lasers pass early tests, but work remains

2:30 PM, Apr 8, 2013 |

Amazing Navy Laser Weapon System Shoots Down Drone: The Laser Weapon System (LaWS) is a technology demonstrator built by the Naval Sea Systems Command from commercial fiber solid state lasers. LaWS can be directed onto targets from the radar track obtained from a MK 15 Phalanx Close-In Weapon system.

Deck guns that go “zap” are one step closer to the fleet.

The Navy says it has developed a laser cannon potent and accurate enough to down drones and disable small boats, and plans to test it as soon as eight months from now in the world’s most contested waters, the Arabian Gulf.

The laser’s beam has downed low-flying drones and torn through small boats in live-fire tests. Developers say it has gone 12-for-12 in these tests, including shipboard tests last August on the destroyer Dewey. The ship’s flight deck was crowded by the giant white pod that shrouds the laser mount and generators to power it.

In an April 4 interview for the system’s unveiling, the chief of naval research stayed tight-lipped about the laser’s range, beam power and effectiveness against other targets. Rear Adm. Matthew Klunder would only say the targets had been shot down at “mission-relevant ranges.”

Long-range ‘blowtorch’

Peter Morrison, the Office of Naval Research program manager for this solid-state laser, compared the weapon’s lethal effect with that of a “blowtorch” and said the Navy’s lasers are able to “put that high-power, burn-through capability to destroy critical elements on the targets themselves.”

Its effectiveness depends on staying locked on the same point — no small feat for a weapon mounted on a ship targeting a moving object. But Klunder said advances have been made to keep the beam steady — advances he called the system’s “secret sauce.”

The Navy has spent an estimated $40 million developing the system over the past six years and each system mounted on a ship is expected to cost $38 million — a fraction of the costs of other military lasers, Navy officials point out. And each shot, or “pulse,” costs less than a buck, Klunder said.

Next tests

The next stage comes in early 2014, when the laser will be mounted on the afloat forward staging base Ponce for what are expected to be months of tests. On Ponce, sailors will control the laser from the combat information center, much as they operate the close-in weapons system, and will have modes for tracking via radar or slewing to targets through the operator’s controls. Officials expect fire controlmen, operations specialists and others who work in CIC may get to fire it.

Significant hurdles remain in keeping the beam focused on its target and concentrated amid all the water vapor at sea. But if it works, the laser could usher in a new era of naval weaponry.

Instead of relying on a variety of systems to track and engage an aircraft, for example, a ship could use its laser as a warning-signal of sorts, pointing it at the plane before dialing up the intensity if the intruder doesn’t change course.

One letdown for “Star Wars” fanatics: unlike Hollywood beams, the Navy’s laser is infrared and can’t be seen by the naked eye.

via Shipboard lasers pass early tests, but work remains | Navy Times | navytimes.com.

Related articles

• Navy Will Make 2013 Its Year of the Laser Gun (wired.com)
• Navy Wants Lasers on Marines’ Trucks to Shoot Down Drones (wired.com)
• Navy Develops New Anti-UAV Lasers for Humvees (dailytech.com)
• Military lasers on fighters in 2014 and ships in 2016 (nextbigfuture.com)
• WITH FRICKIN’ LASER BEAMS: Navy Wants Lasers on Marines’ Trucks to Shoot Down Drones (secretsofthefed.com)

Chosun Ilbo (January 1, 1940) (Photo credit: Wikipedia)

Editorial comment:  Fairly good article, not entirely propaganda.  The warfare of words between North Korea, South Korea and the United States (and the rest of the world) is…  interesting.

N.Korea ‘Confident’ in Cyber Warfare Capabilities

Originally published at: http://english.chosun.com/site/data/html_dir/2013/04/08/2013040801313.html

North Korean leader Kim Jong-un in February expressed confidence in the regime’s cyber warfare capabilities against South Korea. A South Korean official on Sunday quoted Kim as saying at the time, “If we have strong information technology and brave warriors like the Reconnaissance General Bureau, we will be able to break any sanctions and have no problem building a strong and prosperous country.”

The official said the North has reason to be confident in its 12,000 highly skilled hackers, who are able to avoid detection by erasing their traces.

Talented children in sciences in North Korea get intensive computer training at Kumsong Middle School in Pyongyang. They are then raised as “cyber warriors” for three to five years at either Mirim College under the General Staff Department or Moranbong College under the Reconnaissance Bureau.

An estimated 1,000 North Korean hackers work under cover for educational software companies, animation companies and trade firms across China, Southeast Asia, and Europe.

A South Korean security official said, “These North Korean hackers take orders from South Korean criminal networks based abroad to create websites for games and gambling, and are given servers and laptops. They ultimately serve as the infrastructure for cyber attacks against South Korea.”

via The Chosun Ilbo (English Edition): Daily News from Korea – N.Korea ‘Confident’ in Cyber Warfare Capabilities.

Related articles

• N. Korean map shows apparent U.S. targets (upi.com)
• North Korea said readying nuclear test (upi.com)
• Kim Jong-un has dozens of bank accounts in Shanghai: Chosun Ilbo (wantchinatimes.com)
• Security experts: North Korea training teams of ‘cyber warriors’ (mercurynews.com)
• Kim Jong-un beefs up security amid coup and assassination fears (wantchinatimes.com)

HECK (Photo credit: elycefeliz)

Offensive cyber strategy…  Putting together an offensive cyber strategy is difficult if one does not have a military background, know the latest buzzwords and/or have a doctorate in an aspect of offensive warfare in cyberspace (could range from National Security Strategy to Advanced Persistent Threats to Information Technology).  The folks that work at the US Cyber Command are a unique breed in that they have to “moosh” all this together and hopefully some of it will stick.  The formation of a J3 Targeting shop (I don’t even know if there is such an animal) at CyberCom probably bears the signature of someone with a background in (fill in the blank), meaning that (fill in the blank) may not be fully or adequately represented (and therefore we may or may not adequately exploit that weakness in others in the future).  The problem here is that our adversaries and potential adversaries may have a gaping zero day exploit which we do not see and do not exploit for days, years, or even longer – the same goes for us.

Take Moonlight Maze, for instance.  This intelligence investigation was published in the London Times in the summer of 2000, here,  after US Senate testimony peeled back the top layer of that onion, here, so let me use that as an example.  Supposedly US defense systems were being penetrated – badly.  Supposedly it took months to prove someone was in the system, more time to discover and prove what was being taken and even more time to determine how.  Bottom line, a new technique was discovered where we didn’t even know we were vulnerable and a potential adversary took advantage.  Today, guarding against this technique is fairly routine but back then it didn’t even occur to us that we could do that…  again, like 9/11, we hadn’t considered something and suffered because of it. A caution about the Wikipedia account, the timelines aren’t accurate but it is a very nice synopsis.

Saying cyberwar does not an exploit make…  in my worst Yoda imitation. One should (I don’t want to use the word must) consider making a very flexible approach.  There are hundreds, perhaps thousands of possible ways of bringing down a system.  Heck, we might invent some way of manipulating an electron to ‘fuzz up’ the input coming into a system in the near future (or better yet, inside a system), effectively blinding an adversary.  I would say that’s a cross between Electronic Warfare and Warfare in Cyberspace but to my knowledge, it’s not being done. When I mention such stuff to ‘cyberwar’ experts I see the look on their face and I read that thought bubble above their head – “it’s not possible”.  “Dude”, I say, “not only is it most likely possible, it’s probably already being investigated, we just haven’t conceived the idea, so it seems outlandish.”

So…  in writing an ‘offensive strategy’ one should consider one’s words obsolete before they are printed and, therefore, one should give a strategy the flexibility to bend, morph and evolve into literally tomorrow’s technology, tactics, techniques and procedures.  Resist the urge to publish according to today’s standards.   We do not know what will be discovered tomorrow and we should embrace that change is coming and think and write for it now.

My thanks to Max for inspiring this little missive.  After I wrote an email response to a paper he wrote, which has really good potential, I realized others might benefit from these words.  I agonized about one paragraph of this blog, about what I could say and what I could not.  Even though some events occurred some 15 years ago, I still cannot talk about them and, even if I could, I would probably only muck up the facts.

Update:  ps.  An offensive cyber strategy MUST be part of an overall military strategy, which in turn should be part of an overall national strategy.  In my initial response to Max I had stated this emphatically and repeatedly in previous papers.   I think it important enough to add here.

Related articles

• Russia to Create CyberCommand (toinformistoinfluence.com)
• NATO cyberwar directive declares hackers military targets (rt.com)
• US Cyber Command to Take Offensive (hawaiireporter.com)
• NATO cyberwar directive declares hackers military targets (poorrichards-blog.blogspot.com)
• When a Cyber Attack Occurs, the Key to Surviving the Attack, and the Aftermath, is All in How a Business Responds (prweb.com)
• It’s time to bring some reason to all of the cyberwar talk (community.csc.com)
• US Cyber Command Adapts To Understand Cyber Battlespace (eurasiareview.com)
• INFORMATION WARFARE: The American Cyber Warriors Assemble (strategypage.com)
• Welcome to the Malware-Industrial Complex (beyond2012zeitgeist.com)
• US Cyber Command Admits Offensive Cyberwarfare Capabilities, Fundamental Shift In US Doctrine (hothardware.com)

President Barack Obama (Photo credit: Wikipedia)

In the aftermath of the bombing of the Boston Marathon yesterday, 15 April 2013, chaos ensued.  Pictures went up online. Videos were posted quickly.  Within minutes the conspiracy theories started popping up. Accusations were made.  The New York Post withdrew a story of a possible suspect from a foreign nation.  The networks and many other stations/channels provided full time coverage, stating what they knew again and again.  Heroes arose like a phoenix and victims were mourned.  Police, emergency medical personnel, soldiers, firemen, state police, the FBI, doubtless the BATF was there, news flashes via tweets and texts were flowing and prayers saturated the social media.  There was also much flailing about, blaming this group or that, foreign and domestic.  Like 9/11/2001, rumors of more attacks proved to be incorrect and corrections were quickly published and promulgated.

I put out a message to friends and colleagues, stating the most basic facts, urging us to rally around our President, his administration, our government and most of the people and governments of the world and use this as a catalyst for peace.

…and the President was presidential.

At 6:10 pm EST, President Obama spoke on ‘national’ television.   Certain words were avoided in his speech but were later used by designated spokespersons in his immediate staff.  The President appeared to rise above petty accusations, urging calm, providing a unifying position for people reeling in the aftermath of this tragedy and stating our dedication to justice.  Whenever anyone spoke from the government, the message was clear, unified and unwavering.

The administration seems to finally “get it”.

I could end this blog with that decidedly upbeat declarative statement, but I have to now reveal the dark side of people.  A video of the President’s speech was posted on a website in the UK, which has a very international following, where the readers range from experienced professionals to dark and twisted trolls hiding behind anonymity.  Their comments range from extremely progressive to extremely conservative.  The comments range from puppy love to dark and twisted, even criminal.  What is rather unique at this particular website is their rating system, where one can be rated ‘up’ or ‘down’, accumulating points.  These people comment about everything and if they don’t like a position, they will let you know.  The website is LiveLeak.com

Following the posting of the President’s speech I expressed my support for him, noting his job would be very difficult. What floored me was the number of ‘thumbs down’ ratings I received, which are very, very rare for me.  During this time of mourning and international pain, some people are still highly biased against President Obama and the United States in general.  They really hate us.  I was actually called a troll (by someone who publicly admits to being a troll in his profile).

The world is a dark and forbidding place, filled with people of all types.  I believe in the goodness of people but it is the evil ones who bomb the Boston Marathon, causing pain, suffering and death.  We have always had them and always will.

We cannot go back in time, we cannot undo the death and destruction brought upon us.  We can, however, thank our lucky stars that we are being well informed by our government.  Regardless your opinion of our government or our President, this is the time where we must rally together and offer our unwavering support.  It is only human.

Related articles

• Obama: “We don’t know who did this or why” (cbsnews.com)
• Boston Marathon Bombings (josephbrakus.wordpress.com)
• Barack Obama notified about Boston Marathon blasts (thenewstribe.com)
• Boy, 8, one of 3 killed in bombings at Boston Marathon; scores wounded (wtvr.com)
• Three killed, scores injured in Boston Marathon blasts (thehindu.com)
• What’s behind the attacks in Boston? (thimabi13.wordpress.com)
• Obama: ‘We will find out who did this, and we will hold them accountable’ (firstread.nbcnews.com)
• Boston Marathon Bombings – Live Updates (notthesingularity.com)
• Feds seek suspects, motive after deadly twin blasts rock Boston Marathon (globalnews.ca)
• Two other devices found close to scene of Boston Marathon blast in US (belfasttelegraph.co.uk)

2009 Boston Marathon (Photo credit: Wikipedia)

In order to.  Such a small, powerful, necessary phrase.  It is often shortened to “why”.

As a former operational planner we always had to construct a mission statement.  We included the big five: Who, What, Where, When and Why.  By clearly defining those terms we ensured clarity when developing a plan.  We would often revisit this mission statement during the plan, tweaking it, fleshing it out, until finally we would have a mature mission statement as part of the plan.  “This team moves to the village of Pineville and teaches small unit tactics to Pineville forces no later than 15 April 20xx in order to build effective fighting forces to defend Pineville against foreign aggression.”  That is a very simplistic mission statement, so notice the ‘in order to’ phrase (which can be shortened to “to”).

President Obama, his speech writing team and legal advisers did not declare the bombing in Boston an act of terrorism, but later clarification called it an act of terror.  There is an associated nuance between the two words terror and terrorism.  An article in Wired, “When, And Why, to Call a Bombing ‘Terrorism’”, found here, by Spencer Ackerman, covers this topic well and at the end he touches on the “why” of terrorism when he mentions a meme.

When police or prosecutors discuss motive they often talk about simple motivations on an individual basis, such as jealousy or money. Terrorism, on the other hand, is designed to produce terror within a population.  Why?  To instill a lack of confidence in a government, in some cases, so that the population will demand changes.  It is a cheap and easy way to wage war.  A government will then choose to fight the terrorists by whatever means are necessary and/or they may seek to negotiate a peaceful end to the situation.  We say we don’t negotiate but sometimes it actually happens.

The bombing of the Boston Marathon, is difficult because we are confronted with an amorphous “they” or “them” in the “who” part of the mission statement.  On a national basis we can construct policy and doctrine which will increase our security (and give us peace of mind), but until we have a clearly defined “who”, we cannot direct our precious resources against a specific target and we are stuck in generalities.

What we are doing now is trying to defend everything all the time. That is impossible. We are going to have another bombing inside the United States. More people are going to be killed.   They may use bombs, they may use something else.

Unless a group claims responsibility, however, these bombings are a waste of time, valuable resources and effort. Being scared of everything is the net effect without attribution and that is ineffective, as a terrorist group.  To be effective a terrorist group must let people know why they are doing this.

Right now law enforcement, the intelligence community and others are flailing around to find the who and the why.  The American people are demanding to know.  Unless the group or individual reveals themselves and tells us why they bombed the Boston Marathon, their efforts were wasted.

Related articles

• Obama: ‘Any Time Bombs Are Used to Target Civilians It Is an Act of Terror’ (cnsnews.com)
• We Don’t Know Yet If the Boston Attack Was Terrorism (washingtonmonthly.com)
• The Boston Blasts and ‘Terrorism’: A Historian’s Take on What It Means (nation.time.com)
• Obama: FBI is investigating Boston bombings as ‘act of terrorism’ (pix11.com)
• Defining Terrorism Isn’t So Easy (blogs.wsj.com)
• Vision and Mission Statement (everyounceofmystuffing.wordpress.com)
• President Obama Embraces The Word “Terrorism” A Day After (swampland.time.com)
• Obama: Boston attacks being investigated as ‘act of terror’ (politicalticker.blogs.cnn.com)
• Mission Statement Generator (plain3fear.wordpress.com)

Second Draft. The first number drawn was 246, and was picked from the urn by Secretary of War Baker. (Photo credit: The U.S. National Archives)

Doing the paperwork required for a security investigation has always been horrible.  I recall in 1988, while I was stationed in Germany, filling out the paperwork.  I recall being asked questions about things I never knew about, nor, quite frankly, did I care.  But there it was, ‘Birth County’. Well, I was born in Wilmington, Delaware and I’ve not been there since I was four days old.  I recall that day clearly.  Not.  Now how in the heck, in the days before the internet, does one find out that information?  I can’t recall, but I believe it involved a trip to the library on post, calls to my parents back in the States and a lot of swearing.   Standard Form 86, that was the name of the form I had to fill out, even now I have nightmares about that experience.

Fast forward to 2010.  Now I’m considered a Federal Contractor and the Office of Personnel Management is the agency responsible for conducting my security investigation.  They have developed this really neat program called e-Qip, short for Electronic Questionnaires for Investigations Processing.  Oh bliss.  I’m a stickler for detail and secure in my masculinity, so I read the instructions from front to back.  They plainly tell you type in this and do that. I think it’s meant to make men realize that if you don’t read the instructions you will fail.

The really neat thing about a security investigation is contacting members (and former members) of your family and asking for little details that never crossed your mind and were probably not pertinent.  My mother in law’s maiden name.  Ex-wife’s phone number. Best friend’s middle initial. They have this nasty little feature which checks your application form, a GUI database front-end and lists out where you made mistakes or left things out. Oh, it’s good. Darn good.  If I had a gap of one month between home addresses the system reached out and slapped me in the face.

Then in 2012 they introduce the new, IMPROVED, e-Qip.  Now they’ve actually made a few of the pages more intuitive, but in the meantime they’ve really created a nightmare.  This week I had to submit for a new investigation (don’t get me started why). The good news is that the system retained most of the information I’ve previously entered but left out really insidious details.  For my recommended contacts they deleted all the names.  Now, instead of a middle initial I had to fill in the entire middle name.  Now there is a space for a cell phone.  Sometimes it asks for a phone and I don’t know if I should fill in the home phone or work phone, I don’t know if the investigator will call during the day or the evening.  Now there is a space for email.  Same dilemma.

And there is a place for Selective Service Number and it asks me to fill in the blank.  What?  That’s the old draft which I had to register for when I turned 18 but I haven’t seen anything from then since then.  I spent 26 years in the Army after that, and not once did they ask for my Selective Service Number.   So I go to the Selective Service website (thank God for the internet) and call the toll-free number.  “We’re sorry, but our computers are down for maintenance.  Call back tomorrow”.  I call back the next day and try to stay awake through the phone menu.  It finally says to me:  ‘Write to the archives in St. Louis and ask for your Selective Service number.’  What?  This is 2013, I haven’t licked a stamp in about four years and I’d like to turn this form in during the next few days.  So I looked up the page and found a customer service email address and patiently ask if they can do a workaround.   I hear nothing for a few hours and think my email went into the bit bucket. I can only imagine an old lady in tennis shoes hitting the delete button, thinking “Men, don’t they ever read instructions?”  But lo and behold I receive a reply with not only my Selective Service Number but also the identification of my local board.  Wow…   I hope they survive the sequestration, talk about great customer service!

The new system has this really frustrating tendency to check your work every step of the way and at the end there is an overall validation step.  But don’t dare put a space in a telephone number, no parentheses, no hyphen, just numbers.  I actually feel bad for the investigator, it must hurt their eyes with no parentheses, spaces or hyphens.  There are also these damnable little boxes you must check no to, whenever it asks ‘do you have any more information to add’?  At one point I added the same job three times before I figured out to hit ‘no’, there was nothing else to share.

Great, I’m done!  My form validates, I have no errors and I’m ready to submit.  Oh joy!

Wait a second.  I’m reading the form and it says ‘don’t proceed past this point until you can print’.  Oh shoot.  I went paperless in my home about three years ago and have no printer.  I called up my security officer (he must really hate me by now) and ask what to do.  Voicemail.  Email, same thing.  I finally get a return call and he says the words I hate to hear.  ‘Go to a place from where you can print’. *argh* So tomorrow I’m heading down to Kinkos and accessing a computer there that can print (hopefully).  It’s worth it not having a printer taking up a ton of space on my desk.

If you’ve read this far you most likely have a security clearance and you know the joys of e-Qip.  If not, you’re lucky. As a former PM of a coding project, I think there is no way that e-Qip is CMMI compliant.  But every step of the way I thank my lucky stars for the internet.  Looking up a zip code is easy now.  Overall filling out the the form is quick and easy, I was done in three easy days of work.

Life is good.

Related articles

• Ugrent: Bill H.R.748, Call 18 to 24 Year Olds Into Forced Military Selective Service (fromthetrenchesworldreport.com)
• Vivalogue’s Publishing Services Selected Over Print-on-Demand (prweb.com)
• Featured Job: Field Investigator 1 (whnt.com)

Shoulder Strap from an infantry colonel in the Union Army (Photo credit: Wikipedia)

I had a wonderful meeting today with someone who ‘gets it’ when it comes to Information Operations.  Full spectrum, A to Z IO.  Not the old five components.  Not just cyber. Not just EW.  Not just deception or OPSEC or MISO.  IO.  Plain and simple.  IO in all its glory, warts and all.

I once had a conversation with a senior responsible for IO ‘doctrine’, although I am playing fast and easy with the words.  I had traveled to meet with one senior and oh, by the way, since I’m here, let’s talk IO.  He quoted line and verse what the definition was for IO and all the other IO ‘stuff’, but I quickly realized the lights were on but nobody was home.  This was a full bird Colonel and while he could regurgitate what IO is and was he didn’t have an original thought.  He somehow could not take IO in its present form and extrapolate from that, he could not project, could not think outside the very clearly defined box that was IO and he certainly did not understand the shortfalls and wasn’t working to evolve the community as a whole.  He did not ‘get it’.  The good news is this was a few years ago and I honestly can’t remember his name.

Today’s conversation was refreshing. Most times when I talk IO, as I’ve said in this blog, I’m pigeonholed into one niche or another.  This gentleman had just returned from downrange, from having worked a no-crap, hands on, real IO job.  Now me, I don’t care if you’re an E-1 or an O-11 or even *gasp* a contractor, if you “do” IO, you’re golden in my book.

But when someone talks Joint IO, Army IO or even government information activites (because, as we all know, military IO cannot work without all parts of the government involved, without academic and corporate input, cooperating and integrated with the overall strategy), I get a warm and fuzzy all over.

This was especially refreshing because I’ve come to an obvious conclusion: too much time is spent on cyber, whereas it’s only a small percentage of IO.  Cyber is not and cannot be done for cyber’s sake.  Namely, you cannot “do” cyber without it being integrated with the big picture, and that is the job of IO, to do the integration.  One cannot launch a cyber campaign without that being coordinated and integrated into the national military strategy, which, in turn, must be integrated with the national security strategy and so on.

I have more and more people say, lately, that cyber should not be a domain.  But right now cyber is getting all the attention. It’s sexy, it’s well fed and its well funded.

But nothing can and may be done unilaterally.  So please, when you talk cyber, consider the big picture. When you are thinking MISO, think of the big picture.  When you’re thinking EW, think of the big picture.  In my opinion, EW professionals understand they are part of the joint environment, even the combined environment, best.  Most EW folks resent some aspects of IO but they’re resigned to and almost embrace the fact that they must cooperate and be integrated into the overall strategy and integrated into larger campaigns.

It’s nice to meet a fellow IO professional.  It’s even nicer when we both speak the same language.

Related articles

• What is Information Operations (toinformistoinfluence.com)
• Seeking IO Lessons Learned (toinformistoinfluence.com)
• Navy Looking to Use EW as Part of Cyber (blogs.defensenews.com)
• Cyberwar moves up on Pentagon’s priority list (triblive.com)
• OPSEC: National security starts with you (waronterrornews.typepad.com)
• OpSec (thrivelinks.wordpress.com)
• Senior NCO Wisdom (westernrifleshooters.wordpress.com)
• Dishonorable Disclosure: The Silent Professionals Speak Up (waronterrornews.typepad.com)
• The Decade of the CIO is Here – The Beyond CIO Series (forbes.com)

“Do not go gentle into that good night”

-Welsh poet Dylan Thomas

Judge Jeanine Pirro
Image from FoxNews.com

Information Operations, Public Diplomacy and Strategic Communication are usually about quietly sharing the truth, a message or, in other words, gently persuading people of other nations that they want to help the United States, that they should be understanding of our needs, wants, desires and plans or that they should remain neutral in our quest to promote democracy around the world. We provide fair and objective reporting, facts that support our position and coordinate aid for needy people.

…and then I saw this video on LiveLeak, of a clip from Fox News.

http://www.liveleak.com/view?i=8ff_1367140787

I agree with almost everything Judge Jeanine says, with one rather large caveat.  Perhaps it’s a clarification, you be the judge.

Too often, I believe, the Western world is politically correct, refusing to shout out “this is wrong”, when we might offend someone with a different political, religious or [fill in the blank] opinion.  In this case it is about Jihad that has been overtly declared against the United States, and the US has not and will not conduct a crusade against Muslims. Judge Jeanine, in this video, says “they hate us”, meaning Islamic extremists.  The US, however, is so cowed into submission and political correctness that even though we are confronted by Islamic extremism in this case, our government refuses to accept and declare that we are locked into a religious struggle.  The mother of the two Boston bombers (alleged, another <expletive deleted> PC term) is claiming persecution by the US (my lazy interpretation), whereas she and her two sons were the recipients of our state-required generosity.

This is a secular versus religious war, which is somewhat like two sports teams lining up in a stadium, but one team plays football while the other plays soccer.   In this case the United States is the good guys (for argument’s sake), but our rules and ethics are constricting us. In the information environment we are maintaining a fortress mentality, which allows us to only win within the castle walls.  We have not taken the offensive, we have not established a century’s worth of programs to help the world to evolve.  There is no Marshall Plan.  Heck, we can’t even pass a budget.  Oh, wait, we just passed our first in four years.  Pshaw, we still are spending way too much.   This indicates we are going to lose the long war. We think, plan and execute in terms of days and weeks, not years or millennium.

Our government does acknowledge, through an established program, that Islamic extremism is a problem and we are fighting it.  The problem is even the title has been made politically correct.  Countering Violent Extremism, or CVE, is the name of the program housed at the US Department of State.  The budget for this program is large when compared with programs designed to influence the rest of the world.  While the program is mostly classified, the Modus Operandi is largely the application of Information Operations, but ‘We the People’ aren’t privy to the operational discussions, the operations or the results. And, if one uses the Boston Bombings as a Measure of Effectiveness, we can largely judge CVE to be ineffective.  But that is one small program compared with a ‘Whole of Government’ approach.  The rest of the US Government is quiet. They shot their collective wad in the days following the bombing.

The President had harsh words immediately following the Boston bombings, that placated us in our immediate time of grief, rage and shock.  But there is no follow up.  The United States has been rendered docile through bloviated sound-bites.

I realize that the White House and their spokespeople must be politically correct, but where is the rage?  Have we been neutered?

Do not go gentle into that good night,
Old age should burn and rave at close of day;
Rage, rage against the dying of the light.

Though wise men at their end know dark is right,
Because their words had forked no lightning they
Do not go gentle into that good night.

Good men, the last wave by, crying how bright
Their frail deeds might have danced in a green bay,
Rage, rage against the dying of the light.

Wild men who caught and sang the sun in flight,
And learn, too late, they grieved it on its way,
Do not go gentle into that good night.

Grave men, near death, who see with blinding sight
Blind eyes could blaze like meteors and be gay,
Rage, rage against the dying of the light.

And you, my father, there on the sad height,
Curse, bless, me now with your fierce tears, I pray.
Do not go gentle into that good night.
Rage, rage against the dying of the light.

http://www.poets.org/viewmedia.php/prmMID/15377

Related articles

• Poetry Month: “Do Not Go Gentle” by Dylan Thomas (sandefur.typepad.com)
• A Candle in the Wind (freeatlastww.wordpress.com)
• Top Poems To Read At A Funeral (sandystrachan.wordpress.com)
• Video Game is Latest US Diplomacy Tool (voanews.com)
• The use of Social Media in Public Diplomacy: Scanning e-diplomacy by Embassies in Washington DC (takefiveblog.org)
• U.S. Advisory Commission on Public Diplomacy Re-Authorized – Where the Heck Is It? (diplopundit.net)

This morning I was sent an article by a friend about facial recognition software that was being considered for use by the security people at the Statue of Liberty, here.

Logo of the United States National Park Service (Photo credit: Wikipedia)

Yesterday, as I was writing the blog about security clearances I stumbled across some new security classifications, which made sense.  But now, somehow, it seems the National Park Service may have a classification system all its own.

Unfortunately the only names that pop up in my head is for two levels of classification:  Yogi Bear and Boo Boo.

Apologies, I couldn’t resist the joke.

Bear Related articles

• Will There Be Face-Recognition Surveillance at the Statue of Liberty? (blogs.villagevoice.com)
• Rumored Statue of Liberty face-recognition supplier harasses and threatens journalist (boingboing.net)
• Get to Know Your National Parks During National Park Week 2013 (paramuspost.com)

Classified Information (Photo credit: Repoort)

I’ve been doing a review of unclassified material to see if it should or might be classified.  What a revealing story.

I accessed BUNCH of files dealing with Electronic Warfare.  The files are stored online from EW conferences prior to 2012. I only had to click on the link and download the files.

By themselves, all the slides were cleared by OSD offices, by Service EW offices, with classification reviews, program manager reviews, ITAR offices and intellectual property offices.  They all passed.  So far, no problem.

Many of the conference programs were sponsored, so an advertisement for that sponsor was shown in the program guide.  Additionally, there are sponsors for the overall conference, meeting and for special events.  For people sponsoring an event, this allows a corporation to promote their program. For people attending an event, one becomes familiar with other companies working in their field. This allows teaming, cooperation and…  *gasp* competition.

Many of the slides for the programs are so generic so as to be…  almost useless, boring and generic.  I’ve heard the stories of the most incendiary slides from EW conferences, conventions, meetings and courses, and the only issues usually considered ‘incendiary’ are those which might insult someone from another country.

But let’s talk classification issues.  From an intelligence perspective, none of the files are going to show sources and methods, the most sensitive of intelligence subjects.  Of course nothing operational will be shared in an unclassified setting, so ongoing or planned operations will not be briefed in an unclassified setting.  The only thing left is capabilities and limitations.  When I see an advertisement for an RF transmitter capable of broadcasting from 2 to 200 GHz, I learn a capability, but that is not classified.  When I see this same box being coupled with an RF-123 aircraft (a mythical aircraft, but the C-123 was a great aircraft I used to jump out of), for instance, I learn a capability of that aircraft.  So…  I’m going to learn a company’s name that supplies the equipment, a capability and the associated aircraft.  If two or more companies are supplying equipment to that same platform (aircraft are sometimes called a platform), I create a roadmap for that aircraft.  If I am a foreign country, I will attend avionics shows, shows that provide tires for military aircraft, airplane manufacturer displays, windows, seats, cushions for those seats, machine gun manufacturers, chaff dispensers, flare manufacturers, avionics, jet engine fuels, petroleum, cables, electrical wires, rivets, just everything.  And if someone is going to put files all in one place, I will visit those sites.

But should those sites be classified?

Today I asked the following question at a meeting of EW professionals: Where do I find classification guides for individual aircraft?  I can’t find one for an F-35. I can’t find one for an F-22. Instead, I will find classification guides for individual programs that supply an individual piece of equipment for that aircraft, but no comprehensive guide.

Now…  if I were a foreign country and I didn’t want to waste my time on defense companies that do not have a hand in (fill in the blank) programs or, even better, I wanted to develop a checklist for that platform, that I have my fingers into ‘Company A’, check. Company B, check.  On goes the list until I can ensure I have downloaded all the specs for every piece of equipment in this program.

So… does DSS, who is responsible for classification programs for defense contractors, look at comprehensive classification guides for big programs like the (program A, B or C)?  The answer is “sometimes”.  Should they?   Well…  I’m going to ask the Director of the Defense Security Service, DSS.  We served at Ft. Bragg together…  stay tuned.

Related articles

• Aircraft Electrical & Environmental Systems Market is Growing at a CAGR of 6.50% & to Hit $7.13 Billion by 2018 – New Report by MarketsandMarkets (prweb.com)
• Congress Makes a Law and the Pentagon Redacts It (nsarchive.wordpress.com)
• Mistake in classification led to N. Korea info being revealed (security.blogs.cnn.com)
• Unclassified Document Provides A Timeline On The Growing Guantanamo Hunger Strike (warnewsupdates.blogspot.com)
• About an Offensive Cyber Strategy (toinformistoinfluence.com)
• Cyber Aspects of the Pentagon’s new China report (A2/AD, CNE) (garwarner.blogspot.com)
• China Sees Cyberwar as Reducing U.S. Advantage in Future Conflict (allthingsd.com)