Category Archives: defense policy

Limits to Response

Posted on by
Reply

Massive Hack Blamed on Russia Tests Limits of US Response is the headline of a Wall Street Journal piece on the Russian hack of our government and some infrastructure facilities.

Despite its size, a sprawling computer hack blamed on Russia could leave President Trump and the incoming Biden administration struggling to find the right response, former US cybersecurity officials and experts said.

The Russian hack was an overt invasion of the United Space, just as much in cyber space as it would have been had it occurred in physical space. The only limits on our response—the only real limits—are our capacity to respond, and the mindsets of those with the authority to order the response.

Capacity includes our shamefully limited cyber capability coupled with the much lower degree of Russia’s dependence on cyber in its various facilities (military, political, economic).

Capacity also includes, though, political, economic, and physical response venues.

This attack badly wants a more prompt response than economic sanctions are capable of effecting.

 “It’s a hack. It’s a breach. It’s espionage. It’s not an attack,” said former White House and Justice Department official Jamil Jaffer, executive director of George Mason University’s National Security Institute. “I don’t think some major offensive response is warranted based on what we know now.”

And

…the former officials said the intrusions fell more along the lines of classic digital espionage, however brazen.

This insistence on downplaying the severity of an invasion is a major player in our vulnerability to such attacks is an illustration of the weakness of the mindsets involved, for all that Jaffer is not one of those charged with the responsibility. It increases our vulnerability to physical attack.

There needs to come an end to mental weakness, idle chit-chat, and vapid responses and to get serious about such invasions.

Now.

Couple Rude Questions

Posted on by
Reply

These arise from the SolarWinds hack attack that some experts claim doesn’t rise to an act of war (but that I think might do so*).

Why wasn’t it spotted sooner? This applies to SolarWind as much as it does the IT MFWICs and their staffs at the various government agency and private business recipients. Who inspected SolarWind’s “updates,” how were they tested both before SolarWind disseminated them, and how were they tested before the receiving entities implemented them? Were the recipients actually, with straight faces, allowing a remote entity to enter their systems and install software that was uninspected/untested by those recipients?

What’s being done about the hack now—both defensively and offensively?

On what basis would we be able to believe all of the proximately done SolarWind hackware has been rooted out?

What other software is broadly used in government and automatically updated from outside? What inspecting and testing is being done on that software?

What inspection/testing is being conducted on all the private economy cloud software extant?

More serious, though, are these questions:

Was this hack, which embedded spyware, among other things, all of it? Or was this hack intended to be found as a distraction from detecting other, more hidden, more nefarious software—software that could be triggered later to conduct sabotage of critical systems, insert misleading or outright false data into critical databases and imaging systems, cut off communications between critical government and military leadership entities and between those and their field-operational systems at critical moments of a more overt attack?

Was this hack conducted by Russia? Or perhaps by Iran, while framing Russia, the butcher of Chechnya? Or perhaps by northern Korea, while disguising its own culpability by framing Russia? Or by the People’s Republic of China, which still regards Russia as a foe and now recognizes Russia’s political and military impotence vis-à-vis the CCP and the PLA, and so harming two enemies with one exploit?

*Shameless plug

The Biden Cabinet, So Far

Posted on by
2

In Biden’s own words, as summarized by Howard Kurtz:

  • the first-ever openly gay nominee to lead a Cabinet department.
  • the first ever black secretary of Defense
  • the first ever Latino head of the DHS
  • the first ever Latino head of HHS
  • the first woman…of South Asian American descent to lead OMB
  • the first woman and Asian-American to lead [as] the United States trade representative
  • the first black woman to chair the president’s Council of Economic Advisers
  • the first ever woman to hold Alexander Hamilton’s position as Treasury Secretary

And that’s just for starters.

Notice what Biden is bragging about: the first identity square checked off.

Biden isn’t even picking these folks because they’re politically expedient, or because many of them reprise his BFF ex-President Barack Obama’s (D) administration, an indirect political expedience.

No, Biden is picking these folks in furtherance of his Progressive-Democratic Party’s identity politics imperative—a political expedience of an especially…prejudicial…nature.

Notice, too, what Biden isn’t bragging about: these prospective nominees’ qualifications for the job. In keeping with Party’s identity politics ideology, qualification is centered on identity; actual skill or experience is in the far reaches of the system—if present at all.

Even if these folks could be counted on to put in honest effort, their broad and aggregated lack of qualification, their intrinsic incompetence, will be disastrous for our nation.

Clarity

Posted on by
Reply

Walter Russell Meade, with whom I agree far more often than not, had a piece in Monday’s Wall Street Journal. He titled his piece Can Biden Find Clarity on China and Russia? and he closed it with this:

The global governance issues that many on Team Biden care most about cannot be addressed without the hard-nosed geopolitics that many Democrats reject. The president-elect’s foreign policy will stand or fall on his ability to manage that paradox.

I think the answers to the question, and the fixing of the paradox, stem from Biden’s own words:

The PRC isn’t “a patch on our jeans.”
“[T]hey’re not bad folks, folks.”

Biden’s position on the PRC seems pretty clear to me.

The widow of a Moscow mayor sent Hunter Biden $3.5 million.
On Russia generally, Biden has this: “He [Romney] acts like he thinks the Cold War is still on [and] Russia is still our major adversary. I don’t know where he has been.”

Biden’s Russia position, which remains unchanged in deed, his current words notwithstanding—and the Russian hooks in his family—are equally clear.

A Training Opportunity

Posted on by
Reply

Ramstein AB, Germany, location of USAFE headquarters, got an emergency alarm over the weekend of an in-progress missile attack on the base. The alarm turned out to be false.

There are a couple of ways such a false alarm might be triggered. One is that the alarm was part of an exercise and the exercise label simply dropped or missed. Another is that, as part of a Russian exercise, by happenstance in also progress, missiles were launched at exercise targets inside Russia during that exercise’s final phase, and detection systems acted on the fact and a short time later (but after the alarm had been sent) recognized the launches for what they were and canceled the alarm.

In any event, as “a Pentagon official” said,

It’s important that we find out what happened, for a lot of reasons. We don’t want people getting needlessly alarmed, and we don’t want them to be complacent in the face of a genuine alert.

“Ramstein officials” also noted

Today, the Ramstein Air Base Command Post was notified via an alert notification system of a real-world missile launch in the European theater.  The Command Post followed proper procedure and provided timely and accurate notifications to personnel in the Kaiserslautern Military Community.

And in response to the alarm, those officials said,

Those who heard the warning took it seriously.

Which raises another important aspect of the false alarm: the real-world operational training opportunity the alarm presented to the base and the surrounding Kaiserslautern Military Community. Finding out what happened regarding the transmittal of a false alarm should include a detailed, critical post mortem on the base and community response to the fact of the alarm. That post mortem also should include an assessment of why less than everyone heard the alarm.