I have to admit being duped by the scheme to make it appear that Arkady Babchenko was dead. I didn’t like it very much, whatever the reasons. The Ukrainians said it was to foil a plot against his life by somebody Russian. OK, that was a good cause. But they have been watching too much television if they believe that would work for very long, especially after the press conference yesterday.
I will never understand the Russians for killing their dissidents. The Chinese just isolate them and put them in jail for periods of time, tamper down their rhetoric, and make their lives miserable. That seems slightly more humane, though just barely, because they include family members in this harassment. But killing dissidents usually makes more dissidents
Thursday, May 31, 2018
Tuesday, May 29, 2018
US Finally Gets WTO Cases with China
It takes forever, and the Chinese know it, to get a case before the WTO, but the US has two now. The first one, and the most obvious to everyone who follows China, is the theft of intellectual property being forced by ownership, control and management policies of China. Reuters has a good story on the ones currently there. It quotes Dennis Shea, the Ambassador to WTO as saying “Fundamentally, China has made the decision to engage in a systematic, state-directed, and non-market pursuit of other (WTO) members’ cutting-edge technology in service of China’s industrial policy.” Yes, we knew that, but it doesn’t hurt to say it out loud now and again, mostly for the benefit of other countries who seem to sit on the sidelines and accept this extortion (the US called it coerison) with a smile. Some US businesses do the same thing.
With this action, the US gets a hearing on the main issue of whether it can enforce tariffs on Chinese goods. One has to wonder why there was not a case before this, since even a high school student knew what China was doing. China usually settles these kinds of cases before they get to arbitration, but maybe they will let this one run its course, thinking it is all part of the negotiation strategy of the US. They may get a surprise this time.
With this action, the US gets a hearing on the main issue of whether it can enforce tariffs on Chinese goods. One has to wonder why there was not a case before this, since even a high school student knew what China was doing. China usually settles these kinds of cases before they get to arbitration, but maybe they will let this one run its course, thinking it is all part of the negotiation strategy of the US. They may get a surprise this time.
Chinese Protest Ships Near Paracels
OK, so the US sent the guided missile destroyer USS Higgins and guided missile cruiser USS Antietam to disputed territory again close enough to the Paracel Islands that the Chinese responsded and “drove them away”. The usual rhetoric followed: We are defending our territory, they say, leaving out the part about that territory being in dispute and claimed by other countries, and the UN Arbitral Commission findings that they are in violation of the UN procedures for sea traffic. Maybe that is too much to put in a press release. The Wall Street Journal summarizes the incident.
Sooner or later, the US is going to have to do more than just send ships into this middle-of-nowhere group of islands. Nobody, Vietnam or Brunei has put troops in any of these islands, built many permanent structures, or put radar and jamming equipment on any of their islands. That is why China has continued down the path of taking over the South China Sea as if it were theirs. Nobody has put up a fight yet, though Vietnam came close. None of the countries involved have done much except the US, and the US is not claiming any territory in that part of the world. The Chinese are trying to put a 12 mile limit around all of the islands, effectively taking on large amounts of space and calling it their own territory. Then, they claim all the territory in the 9-Dash Line. Nobody is buying this bogus claim, but nobody is doing anything about keeping the Chinese from enforcing it. Possession is 9/10ths of the law, they say.
Sooner or later, the US is going to have to do more than just send ships into this middle-of-nowhere group of islands. Nobody, Vietnam or Brunei has put troops in any of these islands, built many permanent structures, or put radar and jamming equipment on any of their islands. That is why China has continued down the path of taking over the South China Sea as if it were theirs. Nobody has put up a fight yet, though Vietnam came close. None of the countries involved have done much except the US, and the US is not claiming any territory in that part of the world. The Chinese are trying to put a 12 mile limit around all of the islands, effectively taking on large amounts of space and calling it their own territory. Then, they claim all the territory in the 9-Dash Line. Nobody is buying this bogus claim, but nobody is doing anything about keeping the Chinese from enforcing it. Possession is 9/10ths of the law, they say.
Friday, May 25, 2018
Russia Blamed for Shooting Airliner
I wondered what the nice Dutch people were doing laying blame on Russia for shooting down MH 17. Just about everyone I know thought it was a Russian missile, maybe not knowing that it was a Russian crew firing it. Then, I saw an article from BBC that shed some light on the subject. This is about liability. The Dutch are saying that the missile was fired by a Russian crew in 2014, and that the Russians are liable for the consequences when the lawsuits start.
Software Reviews May Get Legislation in US
Reuters has an exclusive today that was of interest to anyone with software “sold to the US military”. The story slants its examples to Russian review of some tools used by the US military, but the whole issue of China’s review of source code is far more important. This is a complicated issue and not as easy to interpret as one might hope. That usually spells disaster for most pieces of legislation that are put forward.
What the real issue is about is the fact that some countries like China and Russia do reviews of source code for “national security reasons”, an entirely bogus claim. Countries do reviews of software all the time, but usually without the source code. Russia and China want the source code and have demanded it from just about everyone in their countries. Some businesses have maintained that they can control how that software is reviewed and deny access to the actual code itself during a review. I doubt that. Some give versions of software that are exclusive to the country involved, like Microsoft giving China its own version of Windows 10. Of course, we have no way of knowing if China uses that version in any of its exported products. Source code gives them the ability to insert code that will do exploitation, monitoring, or censorship that would be done on anyone who bought that computer. And who makes most of the computers in the world? China.
So, the first issue to settle is “sold to the US military”. The US military buys Microsoft Office on a grand scale and Microsoft once offered it the chance to have its own version, similar to allowing China to have its own version of Windows 10. They turned down that offer because they had to maintain their own version. All kinds of software are sold to the US military for every purpose imaginable. What we really need to know is if proprietary source code of any kind is supplied to any government for review. That is an export of US technology that should be prohibited.
Second, the prohibition against use is not encompassing i.e. it allows use on unclassified systems. That is a really bad idea, because it is like saying all unclassified information can be given to the foreign government. The end result is they get it if we allow it to be used in any networks in the US.
There are a lot of things in unclassified networks that are still sensitive, and a whole class of information called Unclassified Sensitive that is used only for official purposes and has to be reviewed before public release.
Third, self-reporting seldom works where the reporting causes limits on sales to the agencies of the Federal government. Reporting is damaging to the bottom line of any company that reports. That is not a recipe for success.
Fourth, open source software is a bigger risk than vendor supplied software. Anyone can get open source source code and modify it, then redistributed to those sites that hold the source code. That software is not sold to anyone.
The use of software by the military is a mess that is largely uncontrolled by the Defense Department. It is sparsely regulated, and there is next to no enforcement of what rules are supposed to be followed. This legislation is not going to improve that situation.
What the real issue is about is the fact that some countries like China and Russia do reviews of source code for “national security reasons”, an entirely bogus claim. Countries do reviews of software all the time, but usually without the source code. Russia and China want the source code and have demanded it from just about everyone in their countries. Some businesses have maintained that they can control how that software is reviewed and deny access to the actual code itself during a review. I doubt that. Some give versions of software that are exclusive to the country involved, like Microsoft giving China its own version of Windows 10. Of course, we have no way of knowing if China uses that version in any of its exported products. Source code gives them the ability to insert code that will do exploitation, monitoring, or censorship that would be done on anyone who bought that computer. And who makes most of the computers in the world? China.
So, the first issue to settle is “sold to the US military”. The US military buys Microsoft Office on a grand scale and Microsoft once offered it the chance to have its own version, similar to allowing China to have its own version of Windows 10. They turned down that offer because they had to maintain their own version. All kinds of software are sold to the US military for every purpose imaginable. What we really need to know is if proprietary source code of any kind is supplied to any government for review. That is an export of US technology that should be prohibited.
Second, the prohibition against use is not encompassing i.e. it allows use on unclassified systems. That is a really bad idea, because it is like saying all unclassified information can be given to the foreign government. The end result is they get it if we allow it to be used in any networks in the US.
There are a lot of things in unclassified networks that are still sensitive, and a whole class of information called Unclassified Sensitive that is used only for official purposes and has to be reviewed before public release.
Third, self-reporting seldom works where the reporting causes limits on sales to the agencies of the Federal government. Reporting is damaging to the bottom line of any company that reports. That is not a recipe for success.
Fourth, open source software is a bigger risk than vendor supplied software. Anyone can get open source source code and modify it, then redistributed to those sites that hold the source code. That software is not sold to anyone.
The use of software by the military is a mess that is largely uncontrolled by the Defense Department. It is sparsely regulated, and there is next to no enforcement of what rules are supposed to be followed. This legislation is not going to improve that situation.
Thursday, May 24, 2018
Yemen Hits Cargo Ship with Missile
There was an article in Reuters today that mentions an important event sermingly ignored by the majority of press outlets. A Turkish ship carrying Russian wheat was hit by a land based missile. The reporting sources say this was likely not intentional which seems odd. There are not too many guided missiles that hit targets accidentally. The missile didn’t fire without someone having a target locked on. If that ship wasn’t the target, what was?
The Houthis are the usual suspects, but they will not last long in this world firing missiles at ships in international waters. There is too much oil floating around in that area to allow them to sink one of them. It is enough that they fire at the Saudi Aramco facilities.
Iran will not be able to help them if the continue down this path. Nobody messes with big oil. Everyone needs it and there is not enough to go around. Any group that thinks it can disrupt those supplies will find themselves in trouble.
The Houthis are the usual suspects, but they will not last long in this world firing missiles at ships in international waters. There is too much oil floating around in that area to allow them to sink one of them. It is enough that they fire at the Saudi Aramco facilities.
Iran will not be able to help them if the continue down this path. Nobody messes with big oil. Everyone needs it and there is not enough to go around. Any group that thinks it can disrupt those supplies will find themselves in trouble.
Wednesday, May 23, 2018
Congress Fights White House ZTE Plans
The US Congress has decided to engage on the sanctions against ZTE. The President sent to it an ill-advised Tweet on the subject indicating ZTE would be back in business soon. Sanctions were levied on ZTE for good reason. That was a national security reason, not some trade issue over sale or marketing for its products. Congress now wants to consider limiting the ability to reverse those sanctions. Yes, the sanctions were severe and may have had some unintended consequences, but what ZTE did was to bypass sanctions on Iran, probably at the behest of the Chinese government. They were not the only company that did.
Whether the Congress can do what they are attempting to do is speculation. This is within the President’s authority. All Congress can do is say “please don’t “ which is not going to go far.
New Form of Identity Theft
In a recent case outlined by the Wall Street Journal today a new kind of identify theft seems to have creeped into the comments made on pending legislation in the US. Policies have a review period where members of the public can comment and it seems that some of the comments being made are not made by the people they purport to represent. This has happened before in only a few cases, but it needs to be stopped. Somebody is submitting comments in the name of leaders, in this case, two US Senators, and those comments do not reflect their position on the issue.
I have been on both sides of this, having to review those comments, and making them. When reviewing, we used to group the comments into categories and try to answer as many of them as we could with one comment, never checking to see that the comments were actually made by the people they were supposed to come from. I’m not sure I know how to do that in a reliable way. When making comments, one does not even think about trying to authenticate the comments to prove the source of them.
So, we get mostly lobbying firms who use the names of some of the people who are their associates submitting false comments. That part is not new. But, that also should not be as hard to identify, if someone really wanted to. It will be work, but it might be worth it to identify the source of some of this kind of nonsense. Randomly pick some policy project like net neutrality, get a contractor to look a the data on the submissions, and trace them back to the point of origin. If they are fake submissions, refer them to the Justice Department and let them figure out what the charges will be. It must be illegal.
I have been on both sides of this, having to review those comments, and making them. When reviewing, we used to group the comments into categories and try to answer as many of them as we could with one comment, never checking to see that the comments were actually made by the people they were supposed to come from. I’m not sure I know how to do that in a reliable way. When making comments, one does not even think about trying to authenticate the comments to prove the source of them.
So, we get mostly lobbying firms who use the names of some of the people who are their associates submitting false comments. That part is not new. But, that also should not be as hard to identify, if someone really wanted to. It will be work, but it might be worth it to identify the source of some of this kind of nonsense. Randomly pick some policy project like net neutrality, get a contractor to look a the data on the submissions, and trace them back to the point of origin. If they are fake submissions, refer them to the Justice Department and let them figure out what the charges will be. It must be illegal.
US Sanctions Iran Over Yemen’s Missiles
Just in case a very small number of you might have thought Yemen was really producing those missiles they are firing at Saudi Arabia, the US announced sanctions against people in Iran who work for the Islamic Revolutionary Guard Corps. So, there is little doubt now that Iran was supplying those missiles - even though most of us knew that anyway. Iran might be surprised at the way the sanctions were made.
In a widely circulated story today the sanctions were levied against five individuals. There is an old saying about making people responsible by personalizing their risk. That is what these kind of sanctions do. They don’t make some vague organizations responsible for the transfer of the missiles; they make specific individuals responsible. That personalized the risk for anyone else who might think about doing the same thing. In a place like Iran, that may not do very much good in the short run, but it plays better when travel, financial, and communications restrictions apply to more and more of the leadership.
In a widely circulated story today the sanctions were levied against five individuals. There is an old saying about making people responsible by personalizing their risk. That is what these kind of sanctions do. They don’t make some vague organizations responsible for the transfer of the missiles; they make specific individuals responsible. That personalized the risk for anyone else who might think about doing the same thing. In a place like Iran, that may not do very much good in the short run, but it plays better when travel, financial, and communications restrictions apply to more and more of the leadership.
Tuesday, May 22, 2018
China’s Spies
There is an interesting article today in the Wall Street Journal which is a reminder that the Chinese still spy on the US in a conventional way. They recruit spies and put them to work getting sensitive classified material from the government. I had forgotten that there were three on-going cases, as this article outlines.
The story today is of Kevin Mallory, who people thought was a great guy who loved his country and his God. He worked for both CIA and the Defense Intelligence Agency. Good spies need to fit into the neighborhood and have lots of friends. He did. But before those neighbors run to his defense, I suggest they read the rest of the story, especially the part where he calls his wife and asks her to get an SD card out of a drawer at their house. That SD card had seven classified document on it. On the surface, that does not sound like a guy who loved his country.
The other two spies are a State Department employee and one from the CIA. We can hardly blame the Chinese for wanting to recruit spies in those agencies since they are places that have information they would want.
This has caused parts of the Chinese-American community to question if the Chinese are being targeted in this country. Targeting might be the wrong word here, since it seems that the Chinese have targeted ethic Chinese to spy for them for commercial and non-commercial benefits. If the Chinese target ethnic Chinese, it is a tough argument that they are being picked on when we are scrutinizing that group. I have heard this claim before from others who have been “targeted” and it always sounds the same.
MS-13 gets targeted now and again. Russian gangs get targeted too. In espionage, it is the Russians and Chinese. This is the kind of targeting that makes sense. There is nothing “fair” about targeting in espionage or organized criminal behavior. Law Enforcment and Intelligence look where the activity seems to be centered, and they usually find that focus is justified.
The story today is of Kevin Mallory, who people thought was a great guy who loved his country and his God. He worked for both CIA and the Defense Intelligence Agency. Good spies need to fit into the neighborhood and have lots of friends. He did. But before those neighbors run to his defense, I suggest they read the rest of the story, especially the part where he calls his wife and asks her to get an SD card out of a drawer at their house. That SD card had seven classified document on it. On the surface, that does not sound like a guy who loved his country.
The other two spies are a State Department employee and one from the CIA. We can hardly blame the Chinese for wanting to recruit spies in those agencies since they are places that have information they would want.
This has caused parts of the Chinese-American community to question if the Chinese are being targeted in this country. Targeting might be the wrong word here, since it seems that the Chinese have targeted ethic Chinese to spy for them for commercial and non-commercial benefits. If the Chinese target ethnic Chinese, it is a tough argument that they are being picked on when we are scrutinizing that group. I have heard this claim before from others who have been “targeted” and it always sounds the same.
MS-13 gets targeted now and again. Russian gangs get targeted too. In espionage, it is the Russians and Chinese. This is the kind of targeting that makes sense. There is nothing “fair” about targeting in espionage or organized criminal behavior. Law Enforcment and Intelligence look where the activity seems to be centered, and they usually find that focus is justified.
Sunday, May 20, 2018
China Puts Long-range Bombers in SCS
China put the 3500 km range bomber the H-6k on runways in the Spratly Islands in the South China Sea. The Chinese news states this like it is an everyday occurrence, but it isn’t. These are long enough range to reach most of the countries with claims to those islands, though they would not be much of a threat against US fleet ships in the area. China seems content to escalate the war for the South China Sea, and at the same time, presses the rest of the world to not make any
statements that make Taiwan an independent state. One day, we have to decide if the Chinese get their way on Taiwan and the rest of the South China Sea. If they don’t, a little more than ships cruising around in that space will be required. We can’t have China as a friend in trade and an enemy everywhere else, but the Chinese seem determined to have their own way. It will not come to a good end.
statements that make Taiwan an independent state. One day, we have to decide if the Chinese get their way on Taiwan and the rest of the South China Sea. If they don’t, a little more than ships cruising around in that space will be required. We can’t have China as a friend in trade and an enemy everywhere else, but the Chinese seem determined to have their own way. It will not come to a good end.
Friday, May 18, 2018
Poles Battle Russians
There are several news outlets carrying stories about Poland expelling a Russian woman and banning a few more from the country. As an example, the Washington Post carried the story today.
The Russians are accused of doing what they have done many times before, trying to influence the beliefs of individuals by manipulation of information. The Russians still call this Information War, which is the right term in this case. The Post says the Russian woman was accused of “non-military but subversive tactics” which included spreading views of history that would provoke conflicts between Poland and the Ukraine. That included World War II, where Poles were killed by Ukrainian nationalists. I imagine this was quite a bit more complex than just views of history.
The US Congress has released some Russian Facebook ads that were doing the same kind of thing by supporting issues that were divisive in the US during the 2016 national election. Sometimes, they supported both sides of these issues, which is just a way to create tension between two political groups. They didn’t really want to resolve an issue; they were trying to perpetuate the divisions and foster distrust. They invented some pretty good ways to do that, and have obviously found success. And, they haven’t stopped doing it, even though the election is long over. The groups that did the actual work were based in Russia, but fraudulently used identities of real people in the US.
This kind of warfare is very hard to stop because it doesn’t look like war. In my new book, a rewrite of The Chinese Information War, I used some Russian examples to show how this can be successful. The Facebook ads were only a small part of what the Russians were doing. The selective release of stolen Democratic National Committee email about the activities of the Clinton campaign disrupted the election, but you can bet the Russians are still dividing he country by campaigns that perpetuate divisions between political parties and reduce the ability of White House to govern the country. That has been very successful so far, and there are plenty of people willing to help them keep those issues going. Poland and Ukraine should both be looking for the deeper kinds of disruptions that this expulsion has brought to the front. Credit to the Polish Intelligence services for disrupting this operation.
The Russians are accused of doing what they have done many times before, trying to influence the beliefs of individuals by manipulation of information. The Russians still call this Information War, which is the right term in this case. The Post says the Russian woman was accused of “non-military but subversive tactics” which included spreading views of history that would provoke conflicts between Poland and the Ukraine. That included World War II, where Poles were killed by Ukrainian nationalists. I imagine this was quite a bit more complex than just views of history.
The US Congress has released some Russian Facebook ads that were doing the same kind of thing by supporting issues that were divisive in the US during the 2016 national election. Sometimes, they supported both sides of these issues, which is just a way to create tension between two political groups. They didn’t really want to resolve an issue; they were trying to perpetuate the divisions and foster distrust. They invented some pretty good ways to do that, and have obviously found success. And, they haven’t stopped doing it, even though the election is long over. The groups that did the actual work were based in Russia, but fraudulently used identities of real people in the US.
This kind of warfare is very hard to stop because it doesn’t look like war. In my new book, a rewrite of The Chinese Information War, I used some Russian examples to show how this can be successful. The Facebook ads were only a small part of what the Russians were doing. The selective release of stolen Democratic National Committee email about the activities of the Clinton campaign disrupted the election, but you can bet the Russians are still dividing he country by campaigns that perpetuate divisions between political parties and reduce the ability of White House to govern the country. That has been very successful so far, and there are plenty of people willing to help them keep those issues going. Poland and Ukraine should both be looking for the deeper kinds of disruptions that this expulsion has brought to the front. Credit to the Polish Intelligence services for disrupting this operation.
Thursday, May 17, 2018
Kaspersky Goes Swiss
An interesting story yesterday in the Wall Street Journal brings up the subject of business reputation in any business, but in this case a cyber security business. The article tells how Kaspersky has decided to move parts of its operations to Switzerland to fend off government decisions to not use their software. That reluctance seem to come from the belief that the Russian government used Kapersky software to identify classified tools used by an NSA contractor and subsequently stole them.
There are a few things that come up in cyber that can damage a business reputation forever and one of them is a widespread belief that the software or hardware made by a company has government sanctioned backdoors or extracts information for intelligence purposes. From studies done at the University of Toronto, we know of several Chinese browsers that to the latter, extracting things that would never be needed by the vendors of that software but would be useful to identify a unique individual - things like the hard drive serial number or networks in range of a device, for example.
Governments always want help with intelligence collection and they sometimes asked for that help from contractors. The Chinese don’t ask. The contractor has two considerations here, profit and reputation. If they come up with a method to extract intelligence and it is not exposed, they can make a lot of money. It is the “not exposed” part that can be trouble. Exposing these methods can damage a reputation for a device or a whole business. Not even Chinese businesses want to be caught, because as the Kaspersky case shows, there is very little that can be done to reestablish a reputation. An old security poster said it this way: A reputation of 1000 years can be undone in a few minutes.
ZTE and Huawai are both on the list of companies with bad reputations and we have next to nothing about why those reputations are as they are. It has cost them millions of dollars and they have tried many public moves to get it back. That was largely to no avail. For us, the problem is the intelligence that tells us why is classified and has not been released, downgraded or sanitized so it can be discussed in public. The Chinese know why and so do the governments involved outside of China. Kaspersky and the Russians know why too, with greater accuracy and detail than any of us will ever know. These are secrets worth keeping, and in most of these cases, they were kept well.
So, do we think Kaspersky will be helped by moving to Switzerland to get away from its Russian connection? Not likely.
There are a few things that come up in cyber that can damage a business reputation forever and one of them is a widespread belief that the software or hardware made by a company has government sanctioned backdoors or extracts information for intelligence purposes. From studies done at the University of Toronto, we know of several Chinese browsers that to the latter, extracting things that would never be needed by the vendors of that software but would be useful to identify a unique individual - things like the hard drive serial number or networks in range of a device, for example.
Governments always want help with intelligence collection and they sometimes asked for that help from contractors. The Chinese don’t ask. The contractor has two considerations here, profit and reputation. If they come up with a method to extract intelligence and it is not exposed, they can make a lot of money. It is the “not exposed” part that can be trouble. Exposing these methods can damage a reputation for a device or a whole business. Not even Chinese businesses want to be caught, because as the Kaspersky case shows, there is very little that can be done to reestablish a reputation. An old security poster said it this way: A reputation of 1000 years can be undone in a few minutes.
ZTE and Huawai are both on the list of companies with bad reputations and we have next to nothing about why those reputations are as they are. It has cost them millions of dollars and they have tried many public moves to get it back. That was largely to no avail. For us, the problem is the intelligence that tells us why is classified and has not been released, downgraded or sanitized so it can be discussed in public. The Chinese know why and so do the governments involved outside of China. Kaspersky and the Russians know why too, with greater accuracy and detail than any of us will ever know. These are secrets worth keeping, and in most of these cases, they were kept well.
So, do we think Kaspersky will be helped by moving to Switzerland to get away from its Russian connection? Not likely.
Protecting Classified Information in Industry
I worked in an area of security for 10 years that not too many know. It is called Industrial Security, the oversight of contractor measures to protect classified information provided to them by Federal government agencies. It was interesting work that got me into hundreds of businesses that make things for government use. That work is done, or not done today, by the Defense Security Service. I just read a GAO report that had a lot in it that many government employees might pass over without another thought. It was a bad repot on an agency that has gone rapidly downhill. [The first 10 pages are background that is not needed for anyone that has any knowledge of Industrieal Security].
We used to do an inspection of large contractors twice a year, and no company went longer than a year. This report says in 2016 DSS did not conduct security reviews in 60% of its facilities. That is a disgrace. What happens when these reviews are not done is managers who do not value security in their own facilities, will stop doing much of the work that protects classified information. There are about 5% of the 12,000 facilities that are difficult inspections because management does not like to do security. I had one of them tell me to take all the classified material back to our office and not come back, but he found that he could not perform on the contact without it. I had one that repeated fired his security staff every time there was a bad inspection, and the majority of them were bad. The problem was not his staff; it was him. I had one that hired a principle officer who was a foreign national and could not be cleared, after I told him that would invalidate his facility clearance. It did, and it cost them over $100,000 to compensate the person hired and hire another person. The employees are rarely the problem - senior managers are.
This GAO report says DSS has not done much to correct its own deficiencies, or lay out plans that establishes a basis to budget for correction. This is a basic management responsibility. It does not have the resources it needs to meet the requirements and has not done what it needs to do to get them.
The second part of this report deals with Foreign Ownership Control and Influence which is a small, but important part of security. It is a specialized area that requires review to prevent foreign ownership of contractors working on government programs. When it is not done correctly it can lead to pressure by foreign firms on how performance on those contracts is done, or disclosure of classified information to foreign nationals at Board meetings. This is an area that needs more attention for good reason, with China buying up everything in sight.
It is sad to see DSS in such a state. It is even more sad that the Defense Department let the get to such a state by doing nothing about improving their capabilities. If Defense is going to manage the program it needs to fund it.
We used to do an inspection of large contractors twice a year, and no company went longer than a year. This report says in 2016 DSS did not conduct security reviews in 60% of its facilities. That is a disgrace. What happens when these reviews are not done is managers who do not value security in their own facilities, will stop doing much of the work that protects classified information. There are about 5% of the 12,000 facilities that are difficult inspections because management does not like to do security. I had one of them tell me to take all the classified material back to our office and not come back, but he found that he could not perform on the contact without it. I had one that repeated fired his security staff every time there was a bad inspection, and the majority of them were bad. The problem was not his staff; it was him. I had one that hired a principle officer who was a foreign national and could not be cleared, after I told him that would invalidate his facility clearance. It did, and it cost them over $100,000 to compensate the person hired and hire another person. The employees are rarely the problem - senior managers are.
This GAO report says DSS has not done much to correct its own deficiencies, or lay out plans that establishes a basis to budget for correction. This is a basic management responsibility. It does not have the resources it needs to meet the requirements and has not done what it needs to do to get them.
The second part of this report deals with Foreign Ownership Control and Influence which is a small, but important part of security. It is a specialized area that requires review to prevent foreign ownership of contractors working on government programs. When it is not done correctly it can lead to pressure by foreign firms on how performance on those contracts is done, or disclosure of classified information to foreign nationals at Board meetings. This is an area that needs more attention for good reason, with China buying up everything in sight.
It is sad to see DSS in such a state. It is even more sad that the Defense Department let the get to such a state by doing nothing about improving their capabilities. If Defense is going to manage the program it needs to fund it.
Wednesday, May 16, 2018
No Map Detail Goes Unpunished
There is a story today about China and its enforcement of its One China policy, which means Taiwan is part of China, no matter what any other country might say. The logic of this kind of approach is easy to see, but harder to do anything about. Start thinking about what can be done.
In today’s story, the Gap Inc, a US company, has transgressed by making a T-shirt with an imprint of the outline of China but not including Taiwan. The Gap apologized for this seemingly major mistake, because they make a billion or so from China sales every year. I can’t blame them for saying they were sorry, but I respect them for not taking the shirt off the market. They have a right to sell this shirt anywhere in the world except China, but we can’t let China influence what we do in other parts of the world. This is economic extortion, something China is very experienced with. What they are not experienced with is the rest of the world fighting back. I want one of those T-shirts and will actively seek one out to wear every day. None of my friends would have any idea why I liked it so much.
Every time China makes a fuss about something like this, there should be a consequence to the government. When they complained about Taiwan not being part of airline bookings for China, we should have moved all the operations of Taiwan ticketing to domestic terminals rather than international. They can’t have it both ways. They are making this a national initiative to make every communication about Taiwan to be made as if Taiwan were part of China, which it is not. China can devote as much of their resources to complaining about this kind of thing, but it won’t change the basic fact that Taiwan is not part of China. No way, no how, to quote the Wizard of Oz.
The airlines, Gap, Zara, Mercedes, and Marriott International need to look at what they are doing by capitulating before they address the US market. The customers here do not think Taiwan is part of China.
In today’s story, the Gap Inc, a US company, has transgressed by making a T-shirt with an imprint of the outline of China but not including Taiwan. The Gap apologized for this seemingly major mistake, because they make a billion or so from China sales every year. I can’t blame them for saying they were sorry, but I respect them for not taking the shirt off the market. They have a right to sell this shirt anywhere in the world except China, but we can’t let China influence what we do in other parts of the world. This is economic extortion, something China is very experienced with. What they are not experienced with is the rest of the world fighting back. I want one of those T-shirts and will actively seek one out to wear every day. None of my friends would have any idea why I liked it so much.
Every time China makes a fuss about something like this, there should be a consequence to the government. When they complained about Taiwan not being part of airline bookings for China, we should have moved all the operations of Taiwan ticketing to domestic terminals rather than international. They can’t have it both ways. They are making this a national initiative to make every communication about Taiwan to be made as if Taiwan were part of China, which it is not. China can devote as much of their resources to complaining about this kind of thing, but it won’t change the basic fact that Taiwan is not part of China. No way, no how, to quote the Wizard of Oz.
The airlines, Gap, Zara, Mercedes, and Marriott International need to look at what they are doing by capitulating before they address the US market. The customers here do not think Taiwan is part of China.
When US Tech is Used for Bad
Sometimes the technology sold by anyone in the world can be “misused” by countries that buy it. The recent example in today’s Wall Street Journal shows how self righteous that can be. A few US Congressmen have decided China’s use of DNA testing equipment sold by Thermo Fisher Scientific Inc, based in Massachusetts, means the US should ban the use of this technology to China. That is not very rational thinking.
We have seen this kind of thing over the years with military technology that is also used in commercial spaces, the “dual use” of such things. Rocket motors, aircraft engines, metals resistant to damage, etc. can all be used for military and civilian uses and that complicates their sale. This is a little different. The concern with DNA testing is not related to military applications. It is used for surveillance. Cameras, banking software, fingerprint and facial recognition systems, thermal imaging equipment, AI software can all be used for surveillance and that is both good and bad, depending on how you look at it. I’m pretty happy with my surveillance cameras and my GPS location services but both of these track my movements and, occasionally, those of my neighbors. There is no big hue and cry about selling iPhones in China even though they can do quite a bit of surveillance and probably do. Singling out DNA equipment does not make sense.
The fact is, our export laws recognize restrictions on dual use by civilian and military but not by a State for surveillance unless that comes from a satellite or some other intelligence gathering method. DNA fits nowhere into that kind of equation, and trying to apply it here is breaking new ground that doesn’t need to be broken.
We have seen this kind of thing over the years with military technology that is also used in commercial spaces, the “dual use” of such things. Rocket motors, aircraft engines, metals resistant to damage, etc. can all be used for military and civilian uses and that complicates their sale. This is a little different. The concern with DNA testing is not related to military applications. It is used for surveillance. Cameras, banking software, fingerprint and facial recognition systems, thermal imaging equipment, AI software can all be used for surveillance and that is both good and bad, depending on how you look at it. I’m pretty happy with my surveillance cameras and my GPS location services but both of these track my movements and, occasionally, those of my neighbors. There is no big hue and cry about selling iPhones in China even though they can do quite a bit of surveillance and probably do. Singling out DNA equipment does not make sense.
The fact is, our export laws recognize restrictions on dual use by civilian and military but not by a State for surveillance unless that comes from a satellite or some other intelligence gathering method. DNA fits nowhere into that kind of equation, and trying to apply it here is breaking new ground that doesn’t need to be broken.
Tuesday, May 15, 2018
Portugal’s Power to Chinese
There is a Story today that tells about something that is Portugal’s business, but the concern of many outside that country. A Chinese state-owned company, China Three Gorges Corp, is buying Energia de Portugal - the utility company in Portugal. Most countries have National Security policies that prohibit this kind of takeover, but it appears Portugal does not.
I have quite a few readers in Portugal and wonder what their countrymen are thinking about letting China buy their power conglomerate. It doesn’t take a lot t of thought to see that this purchase is not a good idea. We have determined in the past year that when a state- owned enterprise buys something, it is China’s government buying it. Who would sell a utility that is key to the economic well being of a country to any other country, let alone China?
Think about having your electricity controlled by China. They can do what the did to Google and limit or disrupt supplies any time they disagree with a policy. Google got tired of trying to compete in a market that was grossly biased in service to its customers. The politics are even more dicey and China is known for its links with policy and economics. Soybean inspections just happen to go up when policies aren’t agreed to. That can taint any relationship. If I were you, I would give this some more thought. It makes no sense to have another country controlling and part of key infrastructure - power, rail, networks, et al. Think about it.
I have quite a few readers in Portugal and wonder what their countrymen are thinking about letting China buy their power conglomerate. It doesn’t take a lot t of thought to see that this purchase is not a good idea. We have determined in the past year that when a state- owned enterprise buys something, it is China’s government buying it. Who would sell a utility that is key to the economic well being of a country to any other country, let alone China?
Think about having your electricity controlled by China. They can do what the did to Google and limit or disrupt supplies any time they disagree with a policy. Google got tired of trying to compete in a market that was grossly biased in service to its customers. The politics are even more dicey and China is known for its links with policy and economics. Soybean inspections just happen to go up when policies aren’t agreed to. That can taint any relationship. If I were you, I would give this some more thought. It makes no sense to have another country controlling and part of key infrastructure - power, rail, networks, et al. Think about it.
Monday, May 14, 2018
ZTE Saved But No Less Guilty
For the second time in the past 5 years ZTE is going to be saved by US Presidents who established sanctions against the company for sanctions violations in Iran and North Korea. The first was President Obama who left sanctions against ZTE for about a week, and now President Trump does the same thing over a month, adding “Too many Chinese jobs lost.” There is something wrong with this decision.
Nobody doubts that ZTE was behind sanctions violations, weeks after China voted for them in the UN. They used shell companies and front companies to get around export controls of other countries but especially the US. They even told their employees how to do it in detailed instructions. The hypocrisy of China could not be lost on a grade school scholar.
But the other aspect is the belief in government circles that ZTE is a “threat to national security” and that led to looking closer to its enforcement of the agreement with the US over punishing ZTE officials who violated the Iran deal. How that stacks up against the loss of Chinese jobs is a mystery that does not make sense. Since when does China’s loss of jobs overcome a national security threat to the US?
Nobody doubts that ZTE was behind sanctions violations, weeks after China voted for them in the UN. They used shell companies and front companies to get around export controls of other countries but especially the US. They even told their employees how to do it in detailed instructions. The hypocrisy of China could not be lost on a grade school scholar.
But the other aspect is the belief in government circles that ZTE is a “threat to national security” and that led to looking closer to its enforcement of the agreement with the US over punishing ZTE officials who violated the Iran deal. How that stacks up against the loss of Chinese jobs is a mystery that does not make sense. Since when does China’s loss of jobs overcome a national security threat to the US?
Friday, May 11, 2018
The Mystery at Symantec
Today’s Wall Street Journal had a small article about a posting they noted in Symantec’s quarterly report. It was not easy to find, being “tucked in” the report. It noted that a former employee “raised concerns” but didn’t say about what or when that occurred. The stock had dropped just under 30% in one day, so the market doesn’t like this kind of thing, and that was before we even know what this is about. Too much secrecy makes investors nervous.
Thursday, May 10, 2018
How to Say No
I watched the confirmation hearings for Gina Haspel yesterday and noticed something unusual for a person in such a role she will play when confirmed as Director - she says “no” when responding to questions that need that answer. I know that is odd, but very few Washington people do it, and she did it more than once.
When Senator Feinstein asked her if she was the person referred to in a popular book as a former operations officer who took a leading role in interrogations of prisoners, I knew what answer Feinstein was looking for. When Haspel said “No”, and she is trained to say little more than that unless asked more, I could see the Senator look up like she wasn’t sure she heard the reply correctly. But the difference here is that the Senator went on with the same line of questioning even after she was told her answer, and the additional information that the author of that book had weeks ago changed that story and admitted he was wrong. She was desperate for a different answer.
Other Senators asked the same question a different way, tacitly admitting they were not listening to the answer to the previous question. Unlike Haspel who seemed to have the facts well documented in front of her, the staffers for the Congressional offices did not have the same level of preparation. Shame on them.
When Senator Feinstein asked her if she was the person referred to in a popular book as a former operations officer who took a leading role in interrogations of prisoners, I knew what answer Feinstein was looking for. When Haspel said “No”, and she is trained to say little more than that unless asked more, I could see the Senator look up like she wasn’t sure she heard the reply correctly. But the difference here is that the Senator went on with the same line of questioning even after she was told her answer, and the additional information that the author of that book had weeks ago changed that story and admitted he was wrong. She was desperate for a different answer.
Other Senators asked the same question a different way, tacitly admitting they were not listening to the answer to the previous question. Unlike Haspel who seemed to have the facts well documented in front of her, the staffers for the Congressional offices did not have the same level of preparation. Shame on them.
Cyber Job at White House
In Politico today is an interesting story about the senior cyber advisor to the White House. Politico says it is about to be abolished and decries that it will be when we are worried about other attacks by Russians in the midterm elections in November. Don’t even take time to read these claims.
In the Obama Administration the position was almost worthless and did nothing to coordinate or consolidates positions for the White House. The article says Obama created this position, which is far from the truth. It is also not a position that was established to deal with threats like the Russians or Iranians meddling in U.S. Elections. We have a National Security Agency to do things like that.
If the White House position were abolished today nobody would care. It was never used for the purpose it was originally established — coordinating between government and commercial entities in the infrastructure to make those computer systems more secure. It hasn’t written a policy document worth reading in the last 10 years. It certainly has not had a hand in securing the electoral systems in any of the states, which is Homeland Security’s role, though they must be “invited in” to do it. Most states don’t want Federal help in this area and they proved it when the Russians tried to get into state systems in 2015-2016. Very few of those states asked for help. This is the kind of role the White House should have been engaged in, but didn’t.
There were plenty of chances to get into the infrastructure security issues. China is stealing code-signing certificates and using them to establish fake networks. Some businesses are having counterfeit network devices sold as their own. ZTE and Huawei are being banned from some US sales for reasons we seem to not know. The Russians were into social media exploitation and the White House was not exactly leading the way on trying to find out how or why that was going on. It wasn’t opportunities that led to the idea that there was no longer a need for a person to lead Cyber in the White House. It was the lack of leadership on issues that were important that brought us to where the Politico article says we are today.
In the Obama Administration the position was almost worthless and did nothing to coordinate or consolidates positions for the White House. The article says Obama created this position, which is far from the truth. It is also not a position that was established to deal with threats like the Russians or Iranians meddling in U.S. Elections. We have a National Security Agency to do things like that.
If the White House position were abolished today nobody would care. It was never used for the purpose it was originally established — coordinating between government and commercial entities in the infrastructure to make those computer systems more secure. It hasn’t written a policy document worth reading in the last 10 years. It certainly has not had a hand in securing the electoral systems in any of the states, which is Homeland Security’s role, though they must be “invited in” to do it. Most states don’t want Federal help in this area and they proved it when the Russians tried to get into state systems in 2015-2016. Very few of those states asked for help. This is the kind of role the White House should have been engaged in, but didn’t.
There were plenty of chances to get into the infrastructure security issues. China is stealing code-signing certificates and using them to establish fake networks. Some businesses are having counterfeit network devices sold as their own. ZTE and Huawei are being banned from some US sales for reasons we seem to not know. The Russians were into social media exploitation and the White House was not exactly leading the way on trying to find out how or why that was going on. It wasn’t opportunities that led to the idea that there was no longer a need for a person to lead Cyber in the White House. It was the lack of leadership on issues that were important that brought us to where the Politico article says we are today.
Wednesday, May 9, 2018
A Different Slant to Iran
If you want to see the direction Iran is going with its missile program, you don’t have to look very far from Iran itself. The US press, some of our European allies, and lots of countries with no stake in anything Iran does, have decided the Iran nuclear deal should have stayed where it was even if it was a bad deal for everyone except Iran.
Look at Yemen. That little country is a proxy war for Iran and Saudi Arabia. It shows what Iran is doing with ballistic missiles, getting Yemen to pretend it has a domestic manufacturing capability for these things, when everyone knows they come from Iran. They were so bad at disguising the point of origin that parts were labeled with Iranian company logos. The Yemen “rebels” were firing those missiles at Saudi Arabia. One was intercepted over the capital last night. I said before that it might be better for everyone concerned if some missiles were fired Iran’s way instead of all of them coming the Saudi’s way. They would think twice about this kind of thing if some of those missiles landed in their cities. That would be much harder to do if Iran had nuclear weapons.
For those who think the Iran nuclear deal was such a great thing, I hope you look more closely at what the likely outcome will be if this kind of tactic is used more often. Iran has proxies in Lebanon, Yemen, Iraq, Syria and a number of North African countries. It will not be long before some of those countries will be launching the same kind of missiles at some of our best friends. They launch plenty of them now, particularly against Israel, so peace is not the objective here. This is not the kind of thing we want to spread around.
We can’t ignore Iran’s terror sponsorship, or its ambition for the use of longer range missiles to achieve its objectives. Trade with Iran is not that important. We have to stop this kind of aggression. It is too late when a missile contrail is arching over a city you live in. Even if you have some missile defenses like the Saudis, some of them get through.
Look at Yemen. That little country is a proxy war for Iran and Saudi Arabia. It shows what Iran is doing with ballistic missiles, getting Yemen to pretend it has a domestic manufacturing capability for these things, when everyone knows they come from Iran. They were so bad at disguising the point of origin that parts were labeled with Iranian company logos. The Yemen “rebels” were firing those missiles at Saudi Arabia. One was intercepted over the capital last night. I said before that it might be better for everyone concerned if some missiles were fired Iran’s way instead of all of them coming the Saudi’s way. They would think twice about this kind of thing if some of those missiles landed in their cities. That would be much harder to do if Iran had nuclear weapons.
For those who think the Iran nuclear deal was such a great thing, I hope you look more closely at what the likely outcome will be if this kind of tactic is used more often. Iran has proxies in Lebanon, Yemen, Iraq, Syria and a number of North African countries. It will not be long before some of those countries will be launching the same kind of missiles at some of our best friends. They launch plenty of them now, particularly against Israel, so peace is not the objective here. This is not the kind of thing we want to spread around.
We can’t ignore Iran’s terror sponsorship, or its ambition for the use of longer range missiles to achieve its objectives. Trade with Iran is not that important. We have to stop this kind of aggression. It is too late when a missile contrail is arching over a city you live in. Even if you have some missile defenses like the Saudis, some of them get through.
Tuesday, May 8, 2018
Not Buying That
I think the Chinese think we don’t talk to one another. The Wall Street Journal laid out today The story of what lengths China will go to to make policy go their way is extraordinary. China has told airlines that they have to show the destination Taiwan as part of China and not a separate country. As the Journal astutely points out, domestic flights fly out of domestic terminals but the Chinese fly flights to Taiwan out of the international terminal.
The Chinese seem willing to look stupid to achieve their objective, in this case making Taiwan part of China. They don’t even realize how stupid they look when they take steps like this. We have to start pushing back on such dumb things and getting our businesses to tell them to pound sand. The Chinese are not the only people with principles.
Taiwan is not part of China and nothing they do will make it one. The Chinese invented and perpetuate a One China policy like it was the will of the other countries of the world. Half of those countries could care less so will go along to avoid controversy. The other half have heard this kind of stuff so often they try to ignore it. We need more countries to do neither of those things. We can stop any country that treats Taiwan as part of China will be called out on it. Publish the company name and let business know that the behavior will not be tolerated or accepted. Then, let’s sell more weapons to Taiwan for “self defense”, and keep doing that until China drops the requirement it out on our airlines. China’s demands sound like small children trying to get their way by crying. Most of us know what to do when that happens.
The Chinese seem willing to look stupid to achieve their objective, in this case making Taiwan part of China. They don’t even realize how stupid they look when they take steps like this. We have to start pushing back on such dumb things and getting our businesses to tell them to pound sand. The Chinese are not the only people with principles.
Taiwan is not part of China and nothing they do will make it one. The Chinese invented and perpetuate a One China policy like it was the will of the other countries of the world. Half of those countries could care less so will go along to avoid controversy. The other half have heard this kind of stuff so often they try to ignore it. We need more countries to do neither of those things. We can stop any country that treats Taiwan as part of China will be called out on it. Publish the company name and let business know that the behavior will not be tolerated or accepted. Then, let’s sell more weapons to Taiwan for “self defense”, and keep doing that until China drops the requirement it out on our airlines. China’s demands sound like small children trying to get their way by crying. Most of us know what to do when that happens.
Karl Marx in China
There are two stories today about Marx and China, one in the Wall Street Journal, and one in the Financial Times, each with a different look at the same subject. China has decided it owes something to the works of Karl Marx. The Times tells the story with a statue that was to be made in China and displayed in Germany. The Germans had second thoughts about the size of the statue, and a China-Germany state summit at the time of the 200th celebration of Marx’s birth. As the article points out, Xi’s Marxism is absent any mention of class or capitalism. The Journal says Xi actually led the Politburo in a study session of The Communist Manifesto, which must have put everyone on the edge of their seat.
The main reason for this return to Marxism seems to be the appeal of it to shaping one-party, one leader in such a big country. It gets away from history using only Chinese thought leaders, and puts Marx and his approach out front. China is increasingly centralized, and the Times article points out that this is not necessarily good for China’s overall economic development. China is Communist and true to its roots, yet large parts of its economy are based on principles Marx might find out of step with his philosophies. Those rich people driving Audis and BMWs may be looking over their shoulder more with this kind of approach at the top.
The main reason for this return to Marxism seems to be the appeal of it to shaping one-party, one leader in such a big country. It gets away from history using only Chinese thought leaders, and puts Marx and his approach out front. China is increasingly centralized, and the Times article points out that this is not necessarily good for China’s overall economic development. China is Communist and true to its roots, yet large parts of its economy are based on principles Marx might find out of step with his philosophies. Those rich people driving Audis and BMWs may be looking over their shoulder more with this kind of approach at the top.
Monday, May 7, 2018
Patent Pending
There is a really interesting story in the Wall Street Journal Today About patent filings. It seems the Chinese have been filing enough patents to flood the processing capacity of the Patent & Trademark Office. The file multiple patents for goods that look to be the same item, and have bogus information in the application.
This seems to come from investors in Shenzhen who are paying individuals and company for patents being filed. This sounds like the ultimate in Patent Trolls who will parlay those filings into cash in lawsuits in the US.
This is something for the trade negotiators to take up. The Chinese like to use our legal system against us, and this filing of bogus applications is the ultimate in doing so. China is operating more like a criminal state than a legitimate trading partner. They steal technology rather than invent; they manipulate business agreements inside China to steal access to technology, and now, they start the world’s largest patent trolling operation. How do we continue to buy from these people?
This seems to come from investors in Shenzhen who are paying individuals and company for patents being filed. This sounds like the ultimate in Patent Trolls who will parlay those filings into cash in lawsuits in the US.
This is something for the trade negotiators to take up. The Chinese like to use our legal system against us, and this filing of bogus applications is the ultimate in doing so. China is operating more like a criminal state than a legitimate trading partner. They steal technology rather than invent; they manipulate business agreements inside China to steal access to technology, and now, they start the world’s largest patent trolling operation. How do we continue to buy from these people?
What is Going On in Russia?
Putin has already won his landslide victory with 80% of the vote, so I am wondering why there are such large crowds coming out to protest that win. Statistically, if 80% of the electorate voted for one candidate, you would not think there would be many protestors out on the streets, or any reason to detain critics.
It is harder to get protesters out in numbers than most of us realize. I spent time on the Hill and coordinated some of our activities with the Capitol Hill Police who run the event security. Groups were always overestimating the numbers of people they could get to turn out, and it isn’t nearly as hard to stage events in the US as it is in Russia. It seems like the 20% that didn’t vote for him must all be out on the streets, impossible as that is to believe.
Take a look at some of the pictures that news services have posted and you can see crowds that are pretty good size in many cities in Russia. Sixty cities had protests. St. Petersburg and Moscow had quite a few people gathered for these. It kind of makes you wonder if that 80% figure was fudged to cover over the underlying problems with Putin’s popularity. Putting street thugs out to beat up the protesters was not a politically savvy thing to do. Everybody will know where they came from and how it is that a leader can get 80% of the vote.
See also my post last week
It is harder to get protesters out in numbers than most of us realize. I spent time on the Hill and coordinated some of our activities with the Capitol Hill Police who run the event security. Groups were always overestimating the numbers of people they could get to turn out, and it isn’t nearly as hard to stage events in the US as it is in Russia. It seems like the 20% that didn’t vote for him must all be out on the streets, impossible as that is to believe.
Take a look at some of the pictures that news services have posted and you can see crowds that are pretty good size in many cities in Russia. Sixty cities had protests. St. Petersburg and Moscow had quite a few people gathered for these. It kind of makes you wonder if that 80% figure was fudged to cover over the underlying problems with Putin’s popularity. Putting street thugs out to beat up the protesters was not a politically savvy thing to do. Everybody will know where they came from and how it is that a leader can get 80% of the vote.
See also my post last week
Saturday, May 5, 2018
Putin Forever, or Until He Dies
Reuters has a good story about demonstrations in Russia that show there is still some resistance to the long reign of Vladimir Putin. When someone can get 1000 people to show up in a place like the Urals city of Yekaterinburg, then there has to be an underlying sentiment that is bigger than the Kremlin would want the world to believe. He is still going to be dictator for life, but he may just not be loved for it.
Friday, May 4, 2018
Chinese Raise Heat in South China Sea
The Chinese are putting anti-ship missiles and jammers in the middle of the South China Sea, but in an article today the Wall Street Journal says they are aiming military grade lasers at US aircraft around Djibouti, where both countries have military outposts. A couple of aircrews have been injured by having these lasers in their faces.
These are military lasers and not the pocket kind that kids try to paint on airplanes that land at commercial facilities. The US is going to have to target these pretty soon to stop that kind of dangerous behavior. I’m not exactly sure how it is the Chinese think this kind of thing is OK and there will be no repercussions.
These are military lasers and not the pocket kind that kids try to paint on airplanes that land at commercial facilities. The US is going to have to target these pretty soon to stop that kind of dangerous behavior. I’m not exactly sure how it is the Chinese think this kind of thing is OK and there will be no repercussions.
Thursday, May 3, 2018
More Sanctions on Huawei and ZTE
there is speculation in the Wall Street Journal today that the US is planning more sanctions on Huawei and ZTE. This is said to be discussed as an Executive Ordrer that will limit what the US can buy from either one of them. Both companies deny any potential for being a risk to national security. The rest of the world is starting to catch onto something and must know why these two have been singled out. There is hardly any outcry from the Chinese.
Wednesday, May 2, 2018
Extortion
I got a notice from Western Digital yesterday that they were changing their privacy policy. It also said that continuing to use their NAS would constitute my consent. There is no option to refuse to consent. That is not consent; it is extortion. Agree to our terms or don’t use our device. You have no choice. An agreement cannot be made on these terms. If you don’t agree, you are supposed to stop using a product that you have every right to use for this he purpose it was purchased for. Where are the regulators when you need them?
We found with Facebook that we had “agreed “ to various uses of data nobody could remember ever being discussed. Consent was a little thin and vague. We have been taken for a ride by vendors who think they can treat data like it was theirs when it is ours. This is one of the reasons we need regulation in this long ignored area.
We found with Facebook that we had “agreed “ to various uses of data nobody could remember ever being discussed. Consent was a little thin and vague. We have been taken for a ride by vendors who think they can treat data like it was theirs when it is ours. This is one of the reasons we need regulation in this long ignored area.
Security Clearance Abuse
I know it sounds like an impossible theme, but people actually are abusing the security clearance process to eliminate government employees who don’t share their political views. It is the worst kind of lawlessness, and criminal in its own right.
There are two sides to this story, but the one in the Wall Street Journal Opinion Section today is a curious one because it involves the Defense Department which has a centralized security clearance review process. One part of the Agency should not be involved in making a suspension or revocation decision without going to review. This is a case about a Defense Department lawyer who questioned a contractor’s performance for Chelsea Clinton’s “best friend”. He quickly found himself accused of all kinds of things and his clearance was suspended. Very few people know what that means.
There are three things that can happen to a security clearance. It can be suspended, as in this case, denied while it is being processed before being granted, or revoked for really bad things that a person might do - almost always when a person goes to jail. Suspension means you can’t have access to classified information in the course of your work, which for many workers in the Pentagon means you can’t have access to your own office or workplace. That isolates anyone from working on anything but unclassified things, so they may be able to continue to work.
In most of the cases I was involved with, a person could be accused of a lot of things and not get the clearance suspended or revoked. Just as an aside, you almost have to kill someone in a public place to get it revoked. I have seen married alcoholics engaged in multiple sexual encounters with people inside and outside the office who did not get their clearance suspended. They face a lot of other actions, but not that.
On one occasion I did see a person in a management position solicit negative comments from contractors about the performance of one of his employees. That information was to be used to bring this kind of action against the employee, but it backfired when the employee got an email from one of the contractors with his attached request for those comments. The employee went to the Director of the Agency and he resolved it. That was the only time I ever saw anything close to what is described in the Journal piece. It can be resolved in a day, since it does not take long to review, but in a case like this, it might be beneficial to have a hearing and require all those who brought the charges to have to testify in open court (there are administrative courts just for this). A little sunshine on this kind of behavior might have a beneficial effect.
Many people who have this kind of thing happen to them just sit and wait for the review action to take place - tough it out. But, if this piece is accurate, something more needs to be done. Get the review over with, and get this person out from under the supervision of people who are so politically motivated that they cannot make clear judgements. The people who brought the charges are the ones who should have their clearances suspended, then revoked.
There are two sides to this story, but the one in the Wall Street Journal Opinion Section today is a curious one because it involves the Defense Department which has a centralized security clearance review process. One part of the Agency should not be involved in making a suspension or revocation decision without going to review. This is a case about a Defense Department lawyer who questioned a contractor’s performance for Chelsea Clinton’s “best friend”. He quickly found himself accused of all kinds of things and his clearance was suspended. Very few people know what that means.
There are three things that can happen to a security clearance. It can be suspended, as in this case, denied while it is being processed before being granted, or revoked for really bad things that a person might do - almost always when a person goes to jail. Suspension means you can’t have access to classified information in the course of your work, which for many workers in the Pentagon means you can’t have access to your own office or workplace. That isolates anyone from working on anything but unclassified things, so they may be able to continue to work.
In most of the cases I was involved with, a person could be accused of a lot of things and not get the clearance suspended or revoked. Just as an aside, you almost have to kill someone in a public place to get it revoked. I have seen married alcoholics engaged in multiple sexual encounters with people inside and outside the office who did not get their clearance suspended. They face a lot of other actions, but not that.
On one occasion I did see a person in a management position solicit negative comments from contractors about the performance of one of his employees. That information was to be used to bring this kind of action against the employee, but it backfired when the employee got an email from one of the contractors with his attached request for those comments. The employee went to the Director of the Agency and he resolved it. That was the only time I ever saw anything close to what is described in the Journal piece. It can be resolved in a day, since it does not take long to review, but in a case like this, it might be beneficial to have a hearing and require all those who brought the charges to have to testify in open court (there are administrative courts just for this). A little sunshine on this kind of behavior might have a beneficial effect.
Many people who have this kind of thing happen to them just sit and wait for the review action to take place - tough it out. But, if this piece is accurate, something more needs to be done. Get the review over with, and get this person out from under the supervision of people who are so politically motivated that they cannot make clear judgements. The people who brought the charges are the ones who should have their clearances suspended, then revoked.
Tuesday, May 1, 2018
China Buys Dominican Repubic
Reuters is carrying a piece today that says Taiwan has complained that China paid the Dominican Republic $3.1 billion to stop trading with Taiwan. The deal is loans and grants that pay to cut ties with Taiwan, which China says has no right to parlay trade agreements with other countries. Panama had such a deal too (the article failed to mention the Philippines arrangement that accomplishes the same thing).
So, can we buy them back? This is absolute corruption that does not benefit the Republic, but does serve to economically isolate Taiwan. The amazing thing is the Chinese can do this in the open with no complaints from anyone. We should stop buying tobacco from the Dominican Republic (why do we buy $653 million from them?), which we certainly don’t need, and let that serve as a warning against selling political loyalties. Let the Chinese buy that tobacco. I’m sure they would.
By the way, China announced this week that it was opening up diplomatic relations with the Dominican Republic. They are best of friends now.
See also my post on China squeezing Taiwan.
So, can we buy them back? This is absolute corruption that does not benefit the Republic, but does serve to economically isolate Taiwan. The amazing thing is the Chinese can do this in the open with no complaints from anyone. We should stop buying tobacco from the Dominican Republic (why do we buy $653 million from them?), which we certainly don’t need, and let that serve as a warning against selling political loyalties. Let the Chinese buy that tobacco. I’m sure they would.
By the way, China announced this week that it was opening up diplomatic relations with the Dominican Republic. They are best of friends now.
See also my post on China squeezing Taiwan.
Election Defense Against Hacks
There was an interesting story in the Financial Times Weekend about the US election hacking and working on defenses for preventing the same kind of thing. It was curious that when I went for the link to the story, I found several others (even Hacker News had one) that used the same examples and word-for-word descriptions of some of the events. Whoever did the distribution of this story line tried to reach a number of different outlets with a canned story. The reporters may have attended, but it is rare for them all to use the same examples and wording to describe an event like a training session. The Times seems to have done more rewriting than some of the others. The story is about education of representatives who manage election functions in state governments. The Defending Digital Democracy Project seems to be leading this training.
In general, state computer people are not the easiest people to work with because they focus on their own state and not the rest of the country. Elections face international threats and states are not good at defending against that kind of thing. Homeland Security is supposed to be training them on how to do that, but each state has to request help to get it. I have seen nothing on the quality or focus of this type of training.
This effort seems to be more awareness oriented, running table-top exercises with technical and non technical people who have been hacked, notably those from the Hillary Clinton camp. People who have been hacked are usually good to have around because they failed to defend their systems. Ones who did keep the hackers out are boring.
The leader of the group, Eric Rosenbach, emphasizes in the beginning of the exercises that this is in no way an indication that the elected President was not legitimately elected. A curious statement to set the scene for an exercise like this, and relevant only if there was some tampering with voter tallies. The official report on election concerns does not indicate any such thing. If you really want to raise awareness about defense of computers, that is normally not the place to start.
In general, state computer people are not the easiest people to work with because they focus on their own state and not the rest of the country. Elections face international threats and states are not good at defending against that kind of thing. Homeland Security is supposed to be training them on how to do that, but each state has to request help to get it. I have seen nothing on the quality or focus of this type of training.
This effort seems to be more awareness oriented, running table-top exercises with technical and non technical people who have been hacked, notably those from the Hillary Clinton camp. People who have been hacked are usually good to have around because they failed to defend their systems. Ones who did keep the hackers out are boring.
The leader of the group, Eric Rosenbach, emphasizes in the beginning of the exercises that this is in no way an indication that the elected President was not legitimately elected. A curious statement to set the scene for an exercise like this, and relevant only if there was some tampering with voter tallies. The official report on election concerns does not indicate any such thing. If you really want to raise awareness about defense of computers, that is normally not the place to start.
Subscribe to:
Posts (Atom)