It was probably inevitable, but Apple has rolled over to pressure from the Chinese government to limit any semblance of protection for its users in China. They have removed the VPN capability from their apps that are sold in China's already restricted App Store. They are not being given a choice, but it is a long way from principles that Apple follows everywhere else. This is the same company that would not officially help recover information off terrorist's phones, yet helps the Chinese ban VPNs which offer some protection from the prying state eyes. They held out for 5 years, but have given in.
We can argue that the state does not have any say over what commercial companies do, but that would be far, far from the truth. States in general have more restrictions on telecommunications than most any other area of commerce. In most countries of the world, we cannot have secure systems because there are rules allowing the government access -both direct and indirect - to communications. They do this in the name of national security, and that is the Chinese incantation over the infrastructure that is China. There are no secrets in China. They have invented legislation that prohibits it, and companies doing business in China cooperate in a variety of ways to make sure that principle works for them. They cite business reasons for doing it, but it is a matter of principle for the users of those systems. They have no rights to privacy or freedom of expression, except those subtle ways around the censors that I have written about before.
Why do so many of our political and journalistic leaders accept this kind of thing from China but go berserk when our own government takes any kind of step in that direction? We should ask them. We should ask it of every candidate for public office and every business leader who wants to do business with China.
Saturday, July 29, 2017
Friday, July 28, 2017
Decorum
I have worked in business and government and have been part of organizations with leaders who were "candid" with each other so there was no misunderstanding. I have been in meetings where there was heated discussion in debate, but there was no shouting or character issues raised as a part of them. Outside the meeting, it isn't always the same way. But, the one place where there was not a lot of that kind of "frank discussion" was in Congress and the White House. People in both of those places are careful about what they say about each other. It is part of the culture. You don't criticize your own contemporaries in public.
"Never speak ill of a seated Congressman" is part of that tradition. I saw that applied to a fellow contractor and she was gone the same day she criticized Hillary Clinton, forgetting that she was a seated Senator and not just the ex-President's wife. There is nothing wrong with this kind of firing, however unfair it may seem to be. The culture allows work to go on without politics getting in the way - most of the time, since nothing like a tradition can be perfect. Cory Bookers testimony against Jeff Sessions is just one current example.
This week, we see the pains of bringing in people who don't know the traditions and get no training before they start their work on the Hill. Interns, new staff, and first-term Congressmen do. Voters thought it would be a good idea to have businessmen in jobs that can influence Government performance and they may have been right about that. But some of those government people should do better at checking on the standards of behavior before they start lashing out at their fellow workers. Those traditions have been around for a long time, and they exist for a good reason. Politics demands disagreement, but that disagreement should not be allowed to interfere with the good order of the institutions. It is on both sides of the isle, and in camps on the grass of the White House lawn. It is called decorum. It really means that before you make public statements you know the rules of the place where you work. When you have no rules, you lose a lot of the ability of the institution to get work done. That applies equally to business organizations and government offices. Even business leaders should know it.
"Never speak ill of a seated Congressman" is part of that tradition. I saw that applied to a fellow contractor and she was gone the same day she criticized Hillary Clinton, forgetting that she was a seated Senator and not just the ex-President's wife. There is nothing wrong with this kind of firing, however unfair it may seem to be. The culture allows work to go on without politics getting in the way - most of the time, since nothing like a tradition can be perfect. Cory Bookers testimony against Jeff Sessions is just one current example.
This week, we see the pains of bringing in people who don't know the traditions and get no training before they start their work on the Hill. Interns, new staff, and first-term Congressmen do. Voters thought it would be a good idea to have businessmen in jobs that can influence Government performance and they may have been right about that. But some of those government people should do better at checking on the standards of behavior before they start lashing out at their fellow workers. Those traditions have been around for a long time, and they exist for a good reason. Politics demands disagreement, but that disagreement should not be allowed to interfere with the good order of the institutions. It is on both sides of the isle, and in camps on the grass of the White House lawn. It is called decorum. It really means that before you make public statements you know the rules of the place where you work. When you have no rules, you lose a lot of the ability of the institution to get work done. That applies equally to business organizations and government offices. Even business leaders should know it.
Thursday, July 27, 2017
Pay Attention to NKorea Cyber Attacks
Today's Wall Street Journal has an article focused on North Korea's attacks on banks, which amount to state-sponsored bank thefts like the one in Bangledesh and to ones now in South Korea. Previous attacks on South Korea were mostly to disrupt networks and not to make money. The article infers North Korea is trying to get cash to finance its nuclear program which has fallen on hard financial times.
I always watch North Korea because they are a canary in the Chinese coal mine. China does its experimentation with cyber attacks that will cause international concern (like Sony and going after the internal bank network, SWIFT) through North Korea. It is a role they relish and one where retaliation against them does little good. They don't have enough cyber infrastructure to make the attacks worthwhile. Could China stop them if they wanted to? They could but they won't.
China's way of telling the world about the new kind of cyber war they intend to foster is through real attacks by the North on targets that are visible and likely to know who is attacking them. In other words, they have good skills at attribution. It is a warning that says "mess with me and this is what you get" which North Korea probably does a little too often for its own good. They lay claim to a capability to disrupt financial markets and banks ability to transfer money safely between themselves, or suffer losses that are beyond what insurance will cover. We should be listening to this warning because they look like they are developing a growing capability that is used indiscriminately and largely without challenge.
This is where the financial community needs to get itself together and throw a couple of warnings back their way - and China's way too, just so there is no misunderstanding about where the threat actually comes from. There are enough countries involved that an agreement between them to attack back and let both of them know what will happen if they go after financial institutions as a part of their war. North Korea may not be as dependent upon computers but China certainly is. Some of the attack vectors used on the South can be equally applied to its neighbors in China. Those ransomeware attacks that don't really collect very much money are one of the ways to get their attention. When North Korea attacks, spread those attacks to the friends of the North that keep them going. They are all connected by computers.
The countries most affected by Wannacry were the United Kingdom, the United States, Spain, Russia and China. If North Korea was really behind Wannacry, somebody may be doing that now, without the focus on the North's best friends. It wouldn't take much to change that into a deterrent that neither China, nor the North, would soon forget.
I always watch North Korea because they are a canary in the Chinese coal mine. China does its experimentation with cyber attacks that will cause international concern (like Sony and going after the internal bank network, SWIFT) through North Korea. It is a role they relish and one where retaliation against them does little good. They don't have enough cyber infrastructure to make the attacks worthwhile. Could China stop them if they wanted to? They could but they won't.
China's way of telling the world about the new kind of cyber war they intend to foster is through real attacks by the North on targets that are visible and likely to know who is attacking them. In other words, they have good skills at attribution. It is a warning that says "mess with me and this is what you get" which North Korea probably does a little too often for its own good. They lay claim to a capability to disrupt financial markets and banks ability to transfer money safely between themselves, or suffer losses that are beyond what insurance will cover. We should be listening to this warning because they look like they are developing a growing capability that is used indiscriminately and largely without challenge.
This is where the financial community needs to get itself together and throw a couple of warnings back their way - and China's way too, just so there is no misunderstanding about where the threat actually comes from. There are enough countries involved that an agreement between them to attack back and let both of them know what will happen if they go after financial institutions as a part of their war. North Korea may not be as dependent upon computers but China certainly is. Some of the attack vectors used on the South can be equally applied to its neighbors in China. Those ransomeware attacks that don't really collect very much money are one of the ways to get their attention. When North Korea attacks, spread those attacks to the friends of the North that keep them going. They are all connected by computers.
The countries most affected by Wannacry were the United Kingdom, the United States, Spain, Russia and China. If North Korea was really behind Wannacry, somebody may be doing that now, without the focus on the North's best friends. It wouldn't take much to change that into a deterrent that neither China, nor the North, would soon forget.
Monday, July 24, 2017
Vietnam Backs Down in South China Sea
This could be called "The Risk of drilling in the South China Sea" because, as the BBC reports today, the leased gas drilling by a company working for Vietnam, has fallen to threats from China who has leased the gas rights to one of its own companies, with the cute name of Brightoil, run by two seniors in the Communist Party.
The Spanish company Repsol announced it discovered gas in the area, which should come as no surprise to anyone. The Spratly Islands have been in contention for a long time because there is oil and gas there, and fishing too. The Chinese want it, but so do a host of other countries. When the Philippines brought action with the UN over it, it won, but China actied like a child with its hands over its ears, going La, La, La, La to drown out the buzz of losing. The UN said they shouldn't be building those new islands and they interfered with the commerce of the Philippines. That is not something China wanted to hear. Vietnam might have an equal case, but might end up the same way. IF China refuses to recognize any position but its own, and now threatens military force, the stakes are raised in the South China Sea. Getting a UN Tribunal to rule does not seem to carry much weight with China, and it very similar to the way it handles its cases with the World Trade Organization. It ignores them, or works around them.
China is increasingly like a detached global maverick wandering around without any care as to what it bumps into. The international norms don't carry any weight with them. North Korea continues its march to nuclear weapons, and cyber operations that threaten us all. North Korea helps Iran in the same endeavor. China says, "Those guys are so hard to control," -right, like they have nothing to say about how North Korea acts. In the meantime, we continue to cycle back and forth with trade deals the nibble around the edges but do very little. Someday we will realize that China doesn't care what we think about their way of operating in the political and economic spectrum. They just do what they want.
The Spanish company Repsol announced it discovered gas in the area, which should come as no surprise to anyone. The Spratly Islands have been in contention for a long time because there is oil and gas there, and fishing too. The Chinese want it, but so do a host of other countries. When the Philippines brought action with the UN over it, it won, but China actied like a child with its hands over its ears, going La, La, La, La to drown out the buzz of losing. The UN said they shouldn't be building those new islands and they interfered with the commerce of the Philippines. That is not something China wanted to hear. Vietnam might have an equal case, but might end up the same way. IF China refuses to recognize any position but its own, and now threatens military force, the stakes are raised in the South China Sea. Getting a UN Tribunal to rule does not seem to carry much weight with China, and it very similar to the way it handles its cases with the World Trade Organization. It ignores them, or works around them.
China is increasingly like a detached global maverick wandering around without any care as to what it bumps into. The international norms don't carry any weight with them. North Korea continues its march to nuclear weapons, and cyber operations that threaten us all. North Korea helps Iran in the same endeavor. China says, "Those guys are so hard to control," -right, like they have nothing to say about how North Korea acts. In the meantime, we continue to cycle back and forth with trade deals the nibble around the edges but do very little. Someday we will realize that China doesn't care what we think about their way of operating in the political and economic spectrum. They just do what they want.
Saturday, July 22, 2017
When Politics Undermines National Security
We have an instance today where politics is undermining an important area of National Security and both of the political parties in our country know it. It concerns the Committee on Foreign Investiment in the United States [CFIUS] which keeps track of foreign purchases of technologies and industries that are part of the most important industries and capabilities we have. Lately, they have been spending a lot of their time on China. [see U.S. Puts High-Profile Chinese Deals on Ice ]
What has happened to CFIUS is the same thing that happens to all government offices after a political transition. Only this time, we are caught in something called "resist" which means obstruction of any candidate who might help the party in power perform its duties. Apparently that also applies to national security related positions like the political appointments at CFIUS. CFIUS is the only thing that keeps some of the Chinese companies from buying into our technologies and national infrastructure, something they would never allow us to do in their country. We don't even have to think very hard to realize that is a good thing to do.
Sometimes, the politicians in Washington should think about country and then about their own Political agendas. I know that is hard sometimes, since constituents sometimes don't see fine lines between national and local interests. Politicians don't see the fine lines between power and national security interests. This is part of the reason being a Member of Congress does not have a high favorability rating with very many people outside of Washington. They sometimes seem to have no interests other than their personal or Party goals. That isn't what they were elected for, but that doesn't often cross the mind of someone who is told to resist by all means necessary. As the electorate, we need to be doing a little resistance of our own. We need to remind our Congressman more often that they have duties and responsibilities as well as positions. It isn't making America great again; it is just keeping the America we have from being bought up by people who are not our friends. Fill this positions.
What has happened to CFIUS is the same thing that happens to all government offices after a political transition. Only this time, we are caught in something called "resist" which means obstruction of any candidate who might help the party in power perform its duties. Apparently that also applies to national security related positions like the political appointments at CFIUS. CFIUS is the only thing that keeps some of the Chinese companies from buying into our technologies and national infrastructure, something they would never allow us to do in their country. We don't even have to think very hard to realize that is a good thing to do.
Sometimes, the politicians in Washington should think about country and then about their own Political agendas. I know that is hard sometimes, since constituents sometimes don't see fine lines between national and local interests. Politicians don't see the fine lines between power and national security interests. This is part of the reason being a Member of Congress does not have a high favorability rating with very many people outside of Washington. They sometimes seem to have no interests other than their personal or Party goals. That isn't what they were elected for, but that doesn't often cross the mind of someone who is told to resist by all means necessary. As the electorate, we need to be doing a little resistance of our own. We need to remind our Congressman more often that they have duties and responsibilities as well as positions. It isn't making America great again; it is just keeping the America we have from being bought up by people who are not our friends. Fill this positions.
Friday, July 21, 2017
News in the Cyber Realm
In yesterday's news conference at the Justice Department it would have been hard to tell what the purpose of it was, since all the press could ask about was the President's comments the day before about his own Attorney General. Ill timed, and ill advised as those comments were they gave the press an opportunity to avoid talking about the good thing that they were there to announce- taking down two parts of the Dark Web, and doing it in an interesting way.
I had already heard about it from Krebs on Security which described the sequence of events better than the press release from the Justice Department. AlphaBay was a thriving drug and almost anything else illegal, website which was taken down first. When customers started to move their business elsewhere, a good bit of it went to Hansa Market, which for the previous month had been operated by the Dutch Police. This is a classic sting operation.
I remember one of our local car dealers who was caught pushing drugs from his back door. The police caught him and allowed him to operate for another year while the brought in cameras to record buyers and suppliers of drugs. This kind of cooperation bring down a whole network of people who know each other and traffic in things besides drugs- guns almost always come into it - and in that case, stolen cars too. The complexities of drug running became known to us all after the case broke.
There were 200,000 people using this website, which is far from an Amazon-like operation. But, the sting gets users, dealers, and the website operators all at once. For months after the car dealership went public, we were hearing about new drug cases that were being brought from leads that came from the sting. Two-hundred thousand is a lot of users, but tracking down their real names from the addresses on the website (they have to deliver it somewhere) will take a long time. Tracing the dealers themselves is harder, even in the locality where I live. These guys tend to want to not be found. So, months from now, we will be hearing about this or that drug dealer was arrested and we will probably not even know it was tied to AlphaBay.
It shows the basic concept of not hurrying to make an arrest. Patience, which is rare in some prosecutors, is a virtue. This required international cooperation over a long time, and with almost complete secrecy. Several foreign law enforcement agencies were involved. It should have been a good moment for the Justice Department which has not had too many. Too bad the press couldn't focus on the work that was done.
I had already heard about it from Krebs on Security which described the sequence of events better than the press release from the Justice Department. AlphaBay was a thriving drug and almost anything else illegal, website which was taken down first. When customers started to move their business elsewhere, a good bit of it went to Hansa Market, which for the previous month had been operated by the Dutch Police. This is a classic sting operation.
I remember one of our local car dealers who was caught pushing drugs from his back door. The police caught him and allowed him to operate for another year while the brought in cameras to record buyers and suppliers of drugs. This kind of cooperation bring down a whole network of people who know each other and traffic in things besides drugs- guns almost always come into it - and in that case, stolen cars too. The complexities of drug running became known to us all after the case broke.
There were 200,000 people using this website, which is far from an Amazon-like operation. But, the sting gets users, dealers, and the website operators all at once. For months after the car dealership went public, we were hearing about new drug cases that were being brought from leads that came from the sting. Two-hundred thousand is a lot of users, but tracking down their real names from the addresses on the website (they have to deliver it somewhere) will take a long time. Tracing the dealers themselves is harder, even in the locality where I live. These guys tend to want to not be found. So, months from now, we will be hearing about this or that drug dealer was arrested and we will probably not even know it was tied to AlphaBay.
It shows the basic concept of not hurrying to make an arrest. Patience, which is rare in some prosecutors, is a virtue. This required international cooperation over a long time, and with almost complete secrecy. Several foreign law enforcement agencies were involved. It should have been a good moment for the Justice Department which has not had too many. Too bad the press couldn't focus on the work that was done.
Thursday, July 20, 2017
A Chair on the Beach
I was reminded today of the lengths people in China have to go to avoid censorship. The parallel to that is the length censors in China have gone to stop these expressions. Liu Xiaobo's memory has been commemorated with emoji candles and an empty chair on the beach. They can't just put up his picture and say, "Sorry you are gone" or something like that. They have to do memorials in ways that are not likely to get a censor's attention until others have already seen it. It is hard for people in the U.S. to appreciate the intricacies of something so simple as a candle or chair because they are spoiled by a system that allows them to say almost anything in the name of free speech.
There are plenty of people in this country who will say, "I don't agree with you, but I defend your right to say what you did." Then, we have places like Berkeley where someone who does not agree with the faculty does not get to speak on campus. That is censorship of the worst kind -censorship by those who know better. Look at the rest of the world before you make a decision about who to allow to speak on campus. Liu Xiaobo was banned from speaking in China and put in jail to suppress his ideas. I wonder if Berkeley would have found a place for him to speak had he lived long enough?
There are plenty of people in this country who will say, "I don't agree with you, but I defend your right to say what you did." Then, we have places like Berkeley where someone who does not agree with the faculty does not get to speak on campus. That is censorship of the worst kind -censorship by those who know better. Look at the rest of the world before you make a decision about who to allow to speak on campus. Liu Xiaobo was banned from speaking in China and put in jail to suppress his ideas. I wonder if Berkeley would have found a place for him to speak had he lived long enough?
Monday, July 17, 2017
Ukraine Says Russia Behind Ransomware
The BBC has a report today that claims the Ukraine government is blaming Russia for the outbreak of the Petya Worm, a ransomeware attack that seems to not want the ransom. There were a number of skeptics who said it wasn't Russia, reasoning that since the attacks were also launched against Russian businesses. Not many, as it turns out.
If you look at the follow-on report by Symantec you will see that the attack was directed at financial services software widely used in Ukraine. This report also has a chart on the number of infections that is clear on where the target was. Ukraine had a significant number of infections, probably more than the other 20 countries combined. The US has the second highest number of infections.
These kinds of tailored attacks are supposed to limit damage to resources in the originator's country, which they succeeded in doing. Now, knowing the Russians did it will be no small comfort the Ukraine. They can't do much about it, except launch retaliatory strikes against Russian facilities, something they only have a limited capability to do. Europe has done next to nothing to help them. The same can be said for the United States. If you think the Russians were undermining elections around the world, look at what they did to the Ukrainian election. It went way beyond anything they have done to another country. So far, the Russians have been immune to retaliation or retribution for those kinds of actions. No wonder they keep it going.
If you look at the follow-on report by Symantec you will see that the attack was directed at financial services software widely used in Ukraine. This report also has a chart on the number of infections that is clear on where the target was. Ukraine had a significant number of infections, probably more than the other 20 countries combined. The US has the second highest number of infections.
These kinds of tailored attacks are supposed to limit damage to resources in the originator's country, which they succeeded in doing. Now, knowing the Russians did it will be no small comfort the Ukraine. They can't do much about it, except launch retaliatory strikes against Russian facilities, something they only have a limited capability to do. Europe has done next to nothing to help them. The same can be said for the United States. If you think the Russians were undermining elections around the world, look at what they did to the Ukrainian election. It went way beyond anything they have done to another country. So far, the Russians have been immune to retaliation or retribution for those kinds of actions. No wonder they keep it going.
Saturday, July 15, 2017
Apple Fights the Good Fight
Apple is building a new data center to comply with Chinese law on data security. The Chinese want their own data stored in China and not somewhere else. Apple won't even be able to transfer data out of China. According to the article today in the Wall Street Journal, Apple will have control of the encryption keys but a third party, government owned company will store the data. I somehow do not believe this is going to work out for anyone but the Chinese government. They have consistently pointed to complete control over data, from source code that handles it, to VPNs operated by corporations doing business in China. Once they have the data, they can store it forever, or until they steal the keys, or maneuver Apple into giving them up. One of those things is sure to happen, and I doubt that Apple can stop it.
Even Death is Censored in China
Liu Xiaobo. Liu Xiaobo death: 'Even RIP is being deleted by censors
That name, Rest In Peace, or an emojis of a candle are censored out in China. That is how China gets rid of ideas that don't fit its narrative of what is good for its people. It goes to such great lengths that one wonders how they could have the resources to keep up. Imagine a billion people using the Internet and somebody trying to screen such small things as RIP. Impossible you say. Not if you apply yourself to it and spend the resources required to achieve the objective. Wipe out the name from public view. Erase the Internet memory. Filter it out.
We should remember that Liu's crime was trying to promote a type of democracy for China. For that, they put him in prison. For that, they let his cancer end his life. No wonder they want to erase any memory of him. See my post.
That name, Rest In Peace, or an emojis of a candle are censored out in China. That is how China gets rid of ideas that don't fit its narrative of what is good for its people. It goes to such great lengths that one wonders how they could have the resources to keep up. Imagine a billion people using the Internet and somebody trying to screen such small things as RIP. Impossible you say. Not if you apply yourself to it and spend the resources required to achieve the objective. Wipe out the name from public view. Erase the Internet memory. Filter it out.
We should remember that Liu's crime was trying to promote a type of democracy for China. For that, they put him in prison. For that, they let his cancer end his life. No wonder they want to erase any memory of him. See my post.
Friday, July 14, 2017
Sanctions on Chinese Banks
Reuters is claiming an exclusive on a story yesterday that says the U.S.will shortly levy new sanctions of some banks trading with some of North Korea's front companies that help them with their nuclear weapons program. The article then goes on to say,
"The targets now being weighed for sanctions would come from a list of firms numbering 'substantially more than 10' that Trump shared with Chinese President Xi Jinping at a Florida summit in April and which U.S. experts have continued to compile for review, according to one of the officials."
This will be a little tricky since China is already making claims that this is unnecessary and the ambassador to the US said they were not acceptable. On its side, the U.S probably thought that giving the list of companies to Xi would result in them stopping what they were doing. The people who believed that are the same ones that thought ZTE would stop violating sanctions with Iran when they were called out on it - and they weren't the only ones violating those sanctions, but the only one identified and fined by the Obama Administration. The other aspect is in naming the companies the banks were doing business with. In order to do that, we have to show that we know the names of those North Korean front companies. Those are state secrets on both sides, though now they are known to everyone involved and so is our knowledge of them. Probably unavoidable if the sanctions are going to be applied.
I'm not a real believer in sanctions. It might have been better to watch these companies and disrupt them where possible. The logical outcome will be that the North will change the names of all the identified companies, causing them some grief and inconvenience, but little else. The Chinese will be more careful about getting caught trading with these new companies. Nothing will change except the names of people and businesses that are used. It just makes work for both sides and accomplishes very little. The Chinese need a better incentive to stop supporting the North's and Iran's nuclear weapons program. Neither of them could survive without Chinese support. Perhaps we could work on that a little more.
"The targets now being weighed for sanctions would come from a list of firms numbering 'substantially more than 10' that Trump shared with Chinese President Xi Jinping at a Florida summit in April and which U.S. experts have continued to compile for review, according to one of the officials."
This will be a little tricky since China is already making claims that this is unnecessary and the ambassador to the US said they were not acceptable. On its side, the U.S probably thought that giving the list of companies to Xi would result in them stopping what they were doing. The people who believed that are the same ones that thought ZTE would stop violating sanctions with Iran when they were called out on it - and they weren't the only ones violating those sanctions, but the only one identified and fined by the Obama Administration. The other aspect is in naming the companies the banks were doing business with. In order to do that, we have to show that we know the names of those North Korean front companies. Those are state secrets on both sides, though now they are known to everyone involved and so is our knowledge of them. Probably unavoidable if the sanctions are going to be applied.
I'm not a real believer in sanctions. It might have been better to watch these companies and disrupt them where possible. The logical outcome will be that the North will change the names of all the identified companies, causing them some grief and inconvenience, but little else. The Chinese will be more careful about getting caught trading with these new companies. Nothing will change except the names of people and businesses that are used. It just makes work for both sides and accomplishes very little. The Chinese need a better incentive to stop supporting the North's and Iran's nuclear weapons program. Neither of them could survive without Chinese support. Perhaps we could work on that a little more.
Wednesday, July 12, 2017
China Extends Reach into Med
In case you missed it, the Chinese ran one of its two aircraft carriers close to Taiwan in a display of military might intended to intimidate the island with no aircraft carriers. The Taiwanese probably don't care much about it, since China has been trying to intimidate them by every means for the past 75 years.
But the Chinese are also having exercises with the Russians in the Eastern Mediterranean, which is not their sea to be in. They are close enough to the Russian bases in Syria for everyone to take note. It was the first time since 2015. That probably got a lot of attention in the capitals of the Mideast and Europe.
These were live fire exercises ( they shoot real bullets and rockets ) but the term used to protect the event is proclaimed to keep any other nation from observing exactly what is going on. Live fire is used often in the Russian and Chinese exercises to limit close up views of the ships and tactics being employed. It claims territory for a short time while the exercises are run, and then cedes it back to the international community when they are over. They do this for the good of everyone else in the area, but not because they are particularly safety conscious. They have dominion over the territory for a brief time, and partial secrecy over what actually goes on during the exercises, in case they aren't very successful for reasons they don't want others to know about.
The exercises will not go unnoticed in the US where ships that launch cruise missiles into Syria would be facing some joint forces the next time they decide to deter the Syrian leadership from using chemical weapons. I can't imagine why the Chinese have an interest in preserving the capability to kill children with chemical weapons, but the Russians certainly do. In spite of their assurances that Assad got rid of them all, he continues to find more lethal varieties to use on his own people. The U.S. is not going to be put off by these joint exercises and both Russia and China must know it. They just want to ratchet up the tension, using Syria as stalking horse. On all fronts that is a very bad idea.
But the Chinese are also having exercises with the Russians in the Eastern Mediterranean, which is not their sea to be in. They are close enough to the Russian bases in Syria for everyone to take note. It was the first time since 2015. That probably got a lot of attention in the capitals of the Mideast and Europe.
These were live fire exercises ( they shoot real bullets and rockets ) but the term used to protect the event is proclaimed to keep any other nation from observing exactly what is going on. Live fire is used often in the Russian and Chinese exercises to limit close up views of the ships and tactics being employed. It claims territory for a short time while the exercises are run, and then cedes it back to the international community when they are over. They do this for the good of everyone else in the area, but not because they are particularly safety conscious. They have dominion over the territory for a brief time, and partial secrecy over what actually goes on during the exercises, in case they aren't very successful for reasons they don't want others to know about.
The exercises will not go unnoticed in the US where ships that launch cruise missiles into Syria would be facing some joint forces the next time they decide to deter the Syrian leadership from using chemical weapons. I can't imagine why the Chinese have an interest in preserving the capability to kill children with chemical weapons, but the Russians certainly do. In spite of their assurances that Assad got rid of them all, he continues to find more lethal varieties to use on his own people. The U.S. is not going to be put off by these joint exercises and both Russia and China must know it. They just want to ratchet up the tension, using Syria as stalking horse. On all fronts that is a very bad idea.
Tuesday, July 11, 2017
North Korea - China on All Lips
Almost every newspaper and on-line news service has some story about North Korea and how to solve this old problem. That part is not new, but something else about it is - every one of them is pointing to China as the main reason no progress has been made and the North continues down a path to nuclear weapons.
Some interesting suggestions have come from this discussion, but they start with something more basic - To do anything with the North, you must first deal with China. This leads to speculation about how to do that, from William McGurn's suggestion that we might limit Chinese enrollment in our elite schools until China comes around, to Robert Gates, the former head of the CIA and Defense Department, who suggested there might be a way to make a deal with China over the outcome that would leave the North as a nuclear power, but limit its weapons. Deal with China first, then if need be handle North Korea alone.
What all of these point to is the recognition that China has been behind North Korea all along and no solution can go to the North directly. It has to go through China. So, for all those people who said this had nothing to do with China and the North was a sovereign country that would act on its own no matter what, it seems that myth has finally exploded. North Korea exists because China wants it to be what it is - a saber rattling, boisterous, out-of-control bunch of maniacs who have the rest of the world reacting to it. It is those reactions the Chinese want to see. They watch and plan according to those reactions. It benefits them, and nearly no other country, including the North.
There are two principles we need to remember, reciprocity and accountability. China has no accountability for what the North actually does, and it should have. They are not a passive observer, and North Korea is their child who needs correction. If you were in a store and some children were running around knocking over displays and yelling, you would look for the parents took get them under control. These kids are spoiled beyond belief because their parents don't want them to behave. They want to measure the reaction to the public displays of idiocy. But, we also owe China some reciprocity for actions North Korea takes. David Sanger at the New York Times said that when North Korea attacked Sony, the Obama Administration considered striking China instead. That is the kind of reciprocity we need. They need to be held accountable for their creation, and face the consequences.
China, says the BBC, is pushing back saying "everyone has to do their part" which is slang for "make concessions before any negotiation ever starts". We can remember these words from the first days of missile firings, when President Trump said he would be glad to meet with the North. That was a very unpopular thing in his own country where dealing with the North's is just slightly above a stage four cancer diagnosis in popularity. When someone says they want to drop a nuclear bomb on one of your major cities, you can't treat them like they are kidding. Instead of deescalating the rhetoric, they continue to shoot off missiles with longer and longer ranges.
Some interesting suggestions have come from this discussion, but they start with something more basic - To do anything with the North, you must first deal with China. This leads to speculation about how to do that, from William McGurn's suggestion that we might limit Chinese enrollment in our elite schools until China comes around, to Robert Gates, the former head of the CIA and Defense Department, who suggested there might be a way to make a deal with China over the outcome that would leave the North as a nuclear power, but limit its weapons. Deal with China first, then if need be handle North Korea alone.
What all of these point to is the recognition that China has been behind North Korea all along and no solution can go to the North directly. It has to go through China. So, for all those people who said this had nothing to do with China and the North was a sovereign country that would act on its own no matter what, it seems that myth has finally exploded. North Korea exists because China wants it to be what it is - a saber rattling, boisterous, out-of-control bunch of maniacs who have the rest of the world reacting to it. It is those reactions the Chinese want to see. They watch and plan according to those reactions. It benefits them, and nearly no other country, including the North.
There are two principles we need to remember, reciprocity and accountability. China has no accountability for what the North actually does, and it should have. They are not a passive observer, and North Korea is their child who needs correction. If you were in a store and some children were running around knocking over displays and yelling, you would look for the parents took get them under control. These kids are spoiled beyond belief because their parents don't want them to behave. They want to measure the reaction to the public displays of idiocy. But, we also owe China some reciprocity for actions North Korea takes. David Sanger at the New York Times said that when North Korea attacked Sony, the Obama Administration considered striking China instead. That is the kind of reciprocity we need. They need to be held accountable for their creation, and face the consequences.
China, says the BBC, is pushing back saying "everyone has to do their part" which is slang for "make concessions before any negotiation ever starts". We can remember these words from the first days of missile firings, when President Trump said he would be glad to meet with the North. That was a very unpopular thing in his own country where dealing with the North's is just slightly above a stage four cancer diagnosis in popularity. When someone says they want to drop a nuclear bomb on one of your major cities, you can't treat them like they are kidding. Instead of deescalating the rhetoric, they continue to shoot off missiles with longer and longer ranges.
Monday, July 10, 2017
US-Russia Cyber Cooperation
There was a time when Russia and China were hacking each other and interfering in politics. A couple of years ago, they signed 38 agreements, one of them being an agreement to stop hacking for political influence. I doubt that either of them really believed the other would stop doing that, but they did sign an agreement.
So when Marco Rubio says "Partnering with Putin on a 'Cyber Security Unit' is akin to partnering with Assad on a 'Chemical Weapons Unit.' We have no quarrel with Russia or the Russian people. Problem is with Putin & his oppression, war crimes & interference in our elections." he is only stating what to him is the obvious - Russia is not going to change and we can't trust them. I'm sure that was what China thought when they made their series of agreements, but the Russians seem to have behaved themselves since then.
After China said it would cut back on hacking U.S. businesses, they did two things (1) they cut back on exfiltrating data after they hacked into businesses. They still hacked them, and will have the capability to extract data if needed. (2) they moved their offensive collection efforts under a higher level organization with much better capabilities. That would be one that would not get caught as often as the Army klutzes who were not very good at hiding their work. So, do we think those are good things or bad? I think they are normal in the world of cyber security where offensive operations are often hidden and seldom acknowledged.
So, these kinds of agreements may not have the desired result - actually changing the behavior in a way that stops hacking - they may produce some results that are an incremental change towards a better environment between two countries. There is nothing wrong with that, but in a rush to criticize before thinking, we might be throwing out the baby with the bath water.
So when Marco Rubio says "Partnering with Putin on a 'Cyber Security Unit' is akin to partnering with Assad on a 'Chemical Weapons Unit.' We have no quarrel with Russia or the Russian people. Problem is with Putin & his oppression, war crimes & interference in our elections." he is only stating what to him is the obvious - Russia is not going to change and we can't trust them. I'm sure that was what China thought when they made their series of agreements, but the Russians seem to have behaved themselves since then.
After China said it would cut back on hacking U.S. businesses, they did two things (1) they cut back on exfiltrating data after they hacked into businesses. They still hacked them, and will have the capability to extract data if needed. (2) they moved their offensive collection efforts under a higher level organization with much better capabilities. That would be one that would not get caught as often as the Army klutzes who were not very good at hiding their work. So, do we think those are good things or bad? I think they are normal in the world of cyber security where offensive operations are often hidden and seldom acknowledged.
So, these kinds of agreements may not have the desired result - actually changing the behavior in a way that stops hacking - they may produce some results that are an incremental change towards a better environment between two countries. There is nothing wrong with that, but in a rush to criticize before thinking, we might be throwing out the baby with the bath water.
Wednesday, July 5, 2017
Germans Worry About Election Tampering
Perhaps they should worry. It seems the Germans are worried about the same type of election tampering from the Russians that besieged the United States. The Russians seem to want to get their sticky finders into any country with a democratic form of government, and Germany certainly fits in that category. Perhaps they have not been adequately deterred from this kind of behavior.
The French and Germans have something in common with the Balkan states and the US in that all of them have been hacked by the Russians, who seemingly have gotten away with it. There are enough countries now that they need to coordinate a response to Mr. Putin that will make him put his toys back in the box where they belong.
To start, his own election is coming up, and a coordinated response might put a big dent in his arrogance and make him think twice about doing this kind of thing again. The French and Germans have pretty good cyber programs and could make things difficult for the Russians. We have to think the US would be glad to help them out after all the trouble they caused in the US election. That is not something we are going to quickly forget.
We could broadcast pre-election polls that show how unpopular the ruling party actually is. Since it is against the law there, we would have to ignore Russian law, just as the Russians have done in every other country they have attacked.
We could attack the voting systems themselves, just as the Russians did in the Ukraine when they tried to prevent tabulation of votes as they were cast.
We could steal letters the oligarchs have been sending back and forth with the government and expose all the corruption and double dealing that the opposition parties are trying to raise as issues. Helping them would be nice.
We could expose the Russian press stories that are nothing like "fake news" reported elsewhere. There is no element of truth to some of their stories and debunking them is much easier than anywhere else.
Lastly, just for fun, we should get the help of the other countries to deny the little dictator any use of computers. Instead of monitoring him, Sabatoge his computers and cell phones and attack any network he uses. It is called personalization of risk. I can't imagine how he believes he can get away with trying to undermine the democratic processes of so many countries without having retribution against him. It's not like our leaders have more to hide than the Russian leaders. It's not like the Russians are better at these kinds of things than the combined resources of the democracies. Is it?
The French and Germans have something in common with the Balkan states and the US in that all of them have been hacked by the Russians, who seemingly have gotten away with it. There are enough countries now that they need to coordinate a response to Mr. Putin that will make him put his toys back in the box where they belong.
To start, his own election is coming up, and a coordinated response might put a big dent in his arrogance and make him think twice about doing this kind of thing again. The French and Germans have pretty good cyber programs and could make things difficult for the Russians. We have to think the US would be glad to help them out after all the trouble they caused in the US election. That is not something we are going to quickly forget.
We could broadcast pre-election polls that show how unpopular the ruling party actually is. Since it is against the law there, we would have to ignore Russian law, just as the Russians have done in every other country they have attacked.
We could attack the voting systems themselves, just as the Russians did in the Ukraine when they tried to prevent tabulation of votes as they were cast.
We could steal letters the oligarchs have been sending back and forth with the government and expose all the corruption and double dealing that the opposition parties are trying to raise as issues. Helping them would be nice.
We could expose the Russian press stories that are nothing like "fake news" reported elsewhere. There is no element of truth to some of their stories and debunking them is much easier than anywhere else.
Lastly, just for fun, we should get the help of the other countries to deny the little dictator any use of computers. Instead of monitoring him, Sabatoge his computers and cell phones and attack any network he uses. It is called personalization of risk. I can't imagine how he believes he can get away with trying to undermine the democratic processes of so many countries without having retribution against him. It's not like our leaders have more to hide than the Russian leaders. It's not like the Russians are better at these kinds of things than the combined resources of the democracies. Is it?
Tuesday, July 4, 2017
North Korea Repeats Itself
The press would have us believe that we are nearly at World War III and the ground is being laid by North Korea's firing of a ballistic missile that could probably hit Alaska if everything goes well.
I want to take you back to 1997 when the same thing - exactly the same thing - was being discussed by the press and various Congressional and White House politicians. They were in a panic and debating a serious question about whether or not North Korea's new missile could reach the United States. I remember this better than most because I was in the Ballistic Missile Defense Organization and it was our job to express to all sides what the real issues were in defending ourselves from "rouge states" like North Korea. I remind you that North Korea could reach both Alaska and Hawaii but the issue by the Clinton Administration was how much money to spend on missile defense. It chose to say North Korea could not hit the continental United States, which was often repeated in Congress as "cannot hit the United States". It upset the delegations from Alaska and Hawaii who considered themselves a part of the USA. We are saying the same words 18 years later, and it makes me wonder what missile development was being done over the years. Are they no better today than then?
I might also add that we spent a good part of $80 Billion building a missile defense system to counter that threat. I'm not sure what happened since I left in 2000, but I'm pretty sure that missile system is still up there and functioning. We might want to ask the Army if it actually works, or have they done something to make it less reliable or accurate. In the meantime, we have THAAD which is an area defense system that was not operational in 2000. It has hit some targets too and is a pretty good thing if you are wanting to shoot down a missile.
So, we might ask why everyone seems to be in a panic over the North testing a long range missile capable of hitting Alaska? Maybe there is something more to this than meets the eye.
I want to take you back to 1997 when the same thing - exactly the same thing - was being discussed by the press and various Congressional and White House politicians. They were in a panic and debating a serious question about whether or not North Korea's new missile could reach the United States. I remember this better than most because I was in the Ballistic Missile Defense Organization and it was our job to express to all sides what the real issues were in defending ourselves from "rouge states" like North Korea. I remind you that North Korea could reach both Alaska and Hawaii but the issue by the Clinton Administration was how much money to spend on missile defense. It chose to say North Korea could not hit the continental United States, which was often repeated in Congress as "cannot hit the United States". It upset the delegations from Alaska and Hawaii who considered themselves a part of the USA. We are saying the same words 18 years later, and it makes me wonder what missile development was being done over the years. Are they no better today than then?
I might also add that we spent a good part of $80 Billion building a missile defense system to counter that threat. I'm not sure what happened since I left in 2000, but I'm pretty sure that missile system is still up there and functioning. We might want to ask the Army if it actually works, or have they done something to make it less reliable or accurate. In the meantime, we have THAAD which is an area defense system that was not operational in 2000. It has hit some targets too and is a pretty good thing if you are wanting to shoot down a missile.
So, we might ask why everyone seems to be in a panic over the North testing a long range missile capable of hitting Alaska? Maybe there is something more to this than meets the eye.
Subscribe to:
Posts (Atom)