Page 41 - Cyber Warnings
P. 41
even make an undetectable attack up to 8 miles away parsing the wi-fi. And it is like listening to
system administrators and electrical engineers assembling thousands of computers for low-
latency tasks to enable penny profits on a stock. But it is infinitely more important here.
No human intervention can take place as it is too slow. The usual options of hide, run, fight, or
negotiate are gone. In cavalry days you might have hours; in airplane days you had an hour with
those four options. In ICBM days you had minutes, but now inside seconds you can’t hide, run,
fight or negotiate. You can’t even intercept your attack and prevent it. It is all down to splitting a
singular second, down to microseconds, milliseconds, nanoseconds. We have never had a war
where the human is totally removed once started; DARPA held a “capture-the-flag” challenge
and it was seven machines against each other---that symbolizes the nation-state cyber war.
Whatever you point to as evidence of human involvement during cyber warfare (I am sure the
military and intelligence agencies would say we’re very “busy” if total war breaks out) is as silly
as pointing to people jogging as the radiation wave spreads towards you after a nearby nuclear
explosion. This is a machine war. All human action is futile; the algorithms will run this war. It will
be machine against machine. Capture-the-Flag. And that puts a lot of pressure on the
programmers to make no mistakes with the algorithms.
We made mistakes with Stuxnet. It was to strike every 27 days the replaced centrifuges we had
destroyed; it was not a one-time attack. It failed because it turned out to be a one-time attack. It
was to be invisible but, instead, became visible as it hit the Natanz, Iranian site via a flash drive.
Created by our best people. What mistakes will be made with the less than the best inside the
relatively new area of concurrency programming (parallel programming multi-core ops) and
transactional memory (calculations are grouped and groups wait, change and/or get dropped)?
I am not dismissing the presence, even escalation, of what Ralph Langner (expert on Stuxnet)
sees as continuous back and forth attacks in cyber space constituting what I call the “simmering
war” nor do I dismiss the assets that may be hardened or unknown by the adversary and are
capable of striking hours to days after we are down at most of our sites. My focus is simply the
“flash crash” of all-out-nation state-cyber war...the first few seconds.
I tried dialoging with USCYBERCOMMAND; not surprisingly, there was no reply. I sent the
forum of DEFENCETALK just one idea where, oddly, it was dismissed. I shared some of my
ideas with the RAND corporation including the people who studied the morality of it all (RAND
Europe). And wanting some induction asked myself, “What have we learned from Binney,
Drake, and Snowden?” I asked this because---for the most part---the nature of the NSA is such
that we are on the outside and no amount of transparency overcomes the necessary secrecy of
what they do and that puts limits on my material and conclusions here.
From WEB available videos of interviews of Binney: metadata of high integrity enabling event
recognition and (higher up) activity recognition creating at the top “inferences”. In short we have
automatic analysis indexing terabytes. We are relying on the programmers, engineers, analysts
who have created “automatic analysis.” Once we do that the human element is removed; the
argument of “freedom vs. security” ends at the doorstep of milliseconds. Again, Binney: volume,
variety, and VELOCITY. Doesn’t that sound like “low latency frequency trading on Wall Street”?
41 Cyber Warnings E-Magazine January 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
