What Dan taught me

danOver 20 years ago, I was an unknown graduate student at the University of Vermont with an unpopular research idea.

I was convinced that our increasing dependence on inherently vulnerable critical infrastructure presented an emerging national security issue.

Few others were similarly convinced.

Then I somehow caught the attention of Dan Kuehl at the National Defense University and on a trip to Washington DC he invited me to visit his office. I ended up spending the entire afternoon with Dan who entertained all of my questions, walked me through the halls of NDU, introduced me to all his colleagues, and bought me lunch.

The most critical thing Dan did was encourage me to keep going with my research. Little did I know at the time, but Dan was privy to a classified dialogue at the Department of Defense surrounding DOD Directive TS3600.1 which was raising many of the same issues I was focusing on. Given I didn't have a clearance, he couldn't share the news with me, but instead stacked me up with papers on C3I and other relevant materials. You are on to something he told me. Keep going...

As the story goes I did keep going. My thesis topic rejection was eventually reversed and I published my thesis entitled "National Security in the Information Age". Dan was one of the most prolific distributors of my thesis. Copies wound up in the hands of officers going through his program, DOD leadership, local think tanks, and contractors. Dan even forwarded my thesis to one of the gentlemen that would eventually give me my first job.

When I moved to DC, Dan and I became friends. He continued to introduce me to his network and I started to occasionally lecture to his students at NDU. In 1996 he awarded myself and two colleagues the prestigious Sun Tzu research award for our paper "Information Terrorism: Can You Trust Your Toaster?". As recently as the past year, Dan was still cracking Internet of Things toaster jokes.

Over the past 20 years we've continued to see each other a few times per year. Every time I see Dan, his enthusiasm and energy puts a smile on my face. He is a friend I am always happy to see, even after the 500th time I heard him say "well, I'm a historian, but..."

Following Dan's lead, I've always taken the time to meet with students or folks early in their career to offer advice, encouragement, and even recommendations for employment. It has had a pay it forward butterfly effect that has resulted in hundreds of meetings over the past twenty years and continues to shape the world in important ways. Perhaps I would have taken the time out of my schedule for those meetings regardless, but I like to think it is what Dan taught me.


Virtual Tradecraft Paper outline from 2006

Capturing this here for posterity. A friend in the intelligence community got me interested in Second Life which lead to putting together some thoughts on the intelligence implications of virtual worlds. We were talking about this seven years ago...

Virtual Tradecraft 2006


Kill with a borrowed sword - An Origins Story

If you've seen me speak in the past 15 years, you've seen a slide that looks something like this:

Screen Shot 2013-05-29 at 8.15.43 AM

It was my adaptation of an ancient Chinese stratagem for the information age in which an adversary would use our infrastructures as weapons against us. I originally used it as a reference for information operations, but it turns out it was a good model for the attacks on September 11, 2001 as well. AQ terrorists could never have built missiles that could be delivered with the precision and explosive and incendiary impact as they achieved by hijacking commercial airliners.

In 2001, I also used the concept to promote a capability I'd started advertising in 2000 as an "Information Outcomes Cell" which proposed to use commercial IO capabilities as a replacement for U.S. military Computer Network Attack when our national leaders did not want to reveal "black" attack technologies. The premise was that any infrastructure that could be targeted with a conventional attack could be "taken down" by the Information Outcomes Cell. This would allow for the mission objective to be accomplished, but without revealing secret tools and allowing for the infrastructure to be rapidly reconstituted once friendly forces had control of the land domain. This addressed two critical issues in my opinion; 1) It helped overcome the hesitancy to use CNA because the target "wasn't important enough" to reveal the equivalent of a zero day (e.g. shouldn't use it in Iraq, because we can't use it against more important targets later), and 2) it reduced the impact on the host country's civilian population. They could be without power and telecommunications for months instead of years which would allow them to focus on building societal infrastructure like schools and hospitals.

I even went so far as to put together a Powerpoint deck and shop it around. Here is the ugly circa 2001 cover page:

Screen Shot 2013-05-29 at 8.34.49 AM

Despite lots of vibrant discussion, the capability wasn't utilized back then and others have consistently echoed the need. For example, see Mike Tanji's Buccaneer.com. I won't comment on whether we are any further along today.

Recently, I was listening to the audio book version of Tom Clancy's most recent book "Threat Vector" and Clancy was describing the fictional office environment for the Chinese mastermind of the hacking attacks against the U.S. and other countries. What sign hangs on the wall as an inspiration for the Chinese attack team? The ancient Chinese stratagem "Kill with a borrowed sword".


I am Big Data and so are you

Bob Gourley, former CTO of DIA and current CTO of CrucialPoint LLC was guest lecturing at my Georgetown “Information Warfare and Security” class and was discussing mega technology trends when it occurred to me - the next revolution in big data is going to be about me and you.

We are sitting on a treasure trove of data about ourselves that will be aggregated into big data repositories and analyzed and mined to augment our lives. Quantified self data from your Nike Fuel band, input from your Google Glass, your email, schedule, events you have attended, foods that you ate, times you got sick, searches you conducted, games you played, movies, books, music, social network status, your social graph, news you’ve read, on and on and on....

All this data will be aggregated and mined for our own personal benefit. A few years ago I anticipated the rise of AugBots (software agents that would mine your personal data to predict how they can help you). Imagine that you always call your wife when you are on your way home from work and the AugBot starts anticipating this behavior and when your smart phone indicates you are on your way home (based on GPS data) it asks you whether you want to call your wife. Google Now is pretty close to this level of functionality today and it is only going to get better.

I'm concerned about privacy, but under also understand the advantages of mining this data moving forward. What I want to know is who takes the lead on allowing me to start dumping data into some sort of repository that gets mined for my Google Now results. I'm waiting for when my Google Glass takes a picture of Bob, performs a facial recognition search, identifies who he is, searches my personal big data, and tells me "that's Bob Gourley. You first met him at an event in 1996."

With all the quantified self data, this will be rich health data as well. Evaluate food patterns to identify allergies, diagnose a potential illness based upon proximity - you had dinner with Bob three nights ago, and he reported yesterday on Facebook that he has Strep throat - I noticed you just bought throat lozenges - shall I make an appointment to see the doctor about that sore throat?

Imagine a Nest thermostat that starts raising the temperature because it knows you are on your way home or starts cooling because it knows you are scheduled to be out for the day. A security camera that doesn't alert because it recognizes the faces in your home are from the cleaning service.

Who are the leaders right now? Google, Facebook, Amazon, Apple - in that order.

I expect we'll see start-ups emerge focused on personalized big data. Create your repository, decide who to share with (family, friends, etc), and then decide which APIs can query against it. There will likely be multiple repositories and interfaces between them.

Then we'll see a layer of augmented intelligence interfacing with the data at an application layer.

Of course, security will be a concern, but I'm not sure if security winds up being essential or irrelevant.

And all of this will start happening in the next five years.


State Sponsored Cyber Threats - The Long View

"Thinking about state-sponsored cyber threats over the long term doesn't come easy to Western strategists. This essay takes a look at at the strategic implications of thinking only in the short-term."

Source: OODA Loop - State Sponsored Cyber Threats - The Long View


Tim Cook's Freshman Year: The Apple CEO Speaks

"We want diversity of thought. We want diversity of style. We want people to be themselves. It’s this great thing about Apple. You don’t have to be somebody else. You don’t have to put on a face when you go to work and be something different. But the thing that ties us all is we’re brought together by values. We want to do the right thing. We want to be honest and straightforward. We admit when we’re wrong and have the courage to change."

Source: Tim Cook's Freshman Year: The Apple CEO Speaks - Businessweek


Chinese IW - 1996

Digging through some old files and found this from 1996:

:::::::::::::::::::::

May 10, 1996, Friday

SECTION: Part 3 Asia-Pacific; CHINA; MILITARY; EE/D2609/S2

LENGTH: 308 words

HEADLINE: INFORMATION WARFARE;
China: characteristics of information warfare explored

SOURCE: Source: Jiefangjun Bao', Beijing, in Chinese 16 Apr 96 p6

BODY:
[6] Text of report by Chinese army newspaper Jiefangjun Bao'

At present, information warfare remains a very abstract concept. In order
to clearly understand and master information warfare, we have to conduct a
more detailed analysis of information warfare by dissecting it into a number
of combat forms, each with a unique content, including an all-frequency
electromagnetic war, a computer virus war, a precision war, a small-scale war,
a non-destructive war, a geophysical war, and so on. After categorizing these
combat forms, we can divide information warfare into two major types: the
"visible" information war and the "invisible" information war. Only by
conducting such a detailed analysis of information warfare will we be able to
know clearly about human conceptual and behavioural changes wrought by
information warfare.

Owing to the increasing internationalization of information technology
development and the integration of social, political and economic development,
people now have to employ stealthier, more indirect and more "surplus" combat
means when applying war means to resolve bilateral political contradictions.
This means that along with the development of information technology and the
constant perfection of information warfare, "visible" information wars are
going to be reduced in scale so that it will be more difficult to predict when
and where a "visible" information war will break out and what type of a threat a
"visible information war will create. As " invisible" information wars are going
to be waged like "the water and the sky blended in one colour" , it will be
especially hard to know their "true faces" . Thus we should reach this
conclusion: Information wars in an information era are going to be small-scale,
difficult to locate, short and quick wars known for multiple and tremendous
threats.


Siri – the Augmented Intelligence Agent

My latest thinking about Siri over at TechGrid…

"Siri does not represent a foray into the realm of artificial intelligence, but rather a necessary stutter-step in that direction which can be more accurately referred to as Augmented Intelligence. Despite an ability to engage in limited natural language processing, Siri is only capable of augmenting the capabilities of an iPhone in ways that were pre-defined by her programmers. This augmentation will only be improved upon with future iterations of Siri and some day soon, she may become more context aware.

For example, ask Siri to play a game and she’ll trigger on the word “play” and look for a song or playlist that match the remainder of the interpreted words “play a game”. Tell her you really want to get drunk and she’ll offer to call you a cab, not find you a bar. As an augmented intelligence, Siri can be pretty helpful, but here are some ways we expect her to improve in the near-term.
"

Source: Siri – the Augmented Intelligence Agent | TechGrid


Dronegate: The First Casualty is our Cybersecurity Paradigm

Out of respect to the original blog, my comments on this article can be found by following the link below the excerpt. These are important issues and we should be examining and debating them in detail.

"As of yet, there is no definitive narrative of the virus that hit the U.S. drone fleet at Creech Air Force Base in Nevada this September. Original reports stated that drone cockpits had been infected with a keylogger virus and, while there was no indication that classified information had been stolen or that missions had been compromised, the virus has proven tenacious, resisting efforts to disinfect machines and forcing the Air Force to wipe entire hard drives. Sources said that officials at Creech never informed the 24th Air Force, the central authority on cyber for the Air Force, about the breach until the 24th read about it online. Yesterday, however, in its first official statement on the infection, the Air Force explained that the virus was actually credential stealer and insisted that the virus was only a nuisance that was easily contained. It claimed that the 24th AF had known about the breach since the 15 September. The Air Force also disputed that cockpits were affected, stating that only ground control systems were breached."

Source: Dronegate: The First Casualty is our Cybersecurity Paradigm


Facebook devours Twitter - a simple strategy...

Facebook is about to eat Twitter for lunch. I'm slowly recognizing that more and more of my activity is migrating from Twitter to Facebook. I've also been wondering if Apples upcoming IOS 5 integration with Twitter is a strategic mistake on Apple's part? What will it take for Facebook to finish Twitter off? Here's my lists of recommendations of what to do and not do.

Give me a separate "subscribed" news feed - I want to be able to toggle back and forth between people I am subscribed to and people I am friends with in my newsfeed. An integrated view is nice, but sometimes I just want to see my friends and vice versa.

Public Subscribe Button - I already have a button for follow me on Twitter and a button to friend me on Facebook. What we need now is a Subscribe to my public Facebook feed button. It should allow folks to easily subscribe vid Facebook.

Default responses to site discussions via Facebook to "public" - Imagine the community engagement when people bring their subscribers to the discussion via promotion through their public feed.

Stop Auto-generating friend lists - I like the ability to generate custom lists to categorize my friends, but honestly I really only feel the need right now to have two lists. Friends and subscribers. That said, I'm overwhelmed at all the lists Facebook has auto-generated for me. I want to shut that feature off. I don't need lists for where I live, where I went to school, where I've worked. It is almost like getting flogged for having too diverse a social graph.

Search baby, search - Real-time and historic search of my newsfeed and the overall public stream equals absolute killer feature. Facebook will have Twitter (which has never managed search well) and Google trembling.

Integrate subscribe concept into Pages - I'd like a more discreet ability to add page content to my newsfeed. Currently, you can "like" a page and it will show up in your stream, but it also shows up in your profile. It would be nice to have an ability so subscribe to a page without public disclosure or (implied) endorsement of the page.