It breaks my heart to watch all things cyber continue along very corrupt paths associated with a melange of linear thinking, bureaucratic inertia, truly evil covert operations that undermine cyber-security, and of course the persistent lack of accountability.
It was my great privilege to be among the first to sound the alarm on cyber-security, joining with Winn Schwartau in sponsoring the Information Warfare Conference. Although I left that endeavor to focus on Open Source Solutions, Winn and I continue to marvel at how little everyone has learned.
A good starting point for anyone who wishes to understand what we understood in 1988 can be found in Winn’s first two books that remain classics (the first one correctly identified NSA as the enemy): Terminal Compromise, and Information Warfare: Chaos on the Electronic Superhighway.
It was in 1994 that Congress and the White House finally told NSA to be responsible for the cyber-security of US commercial communications and computing, and it was in 1994 — one year after two bus loads of NSA employees attended my hacking sessions at OSS ’93 — that NSA started sabotaging all US commercial communications and computing products with the active complicity of US CEOs among whom Dell, HP, and IBM stand out.
It was also in the 1990’s that we allowed the Israeli’s to totally penetrate not just NSA but the US Government at large as well as US law enforcement and US commercial enterprises, via a variety of tools, the most notorious of which was a software called PROMIS pimped by Robert Maxwell, Israeli super-spy.
Also in the 1990’s CIA decided that it could not process and therefore would not do serious wide-spread cyber-penetrations. Reports officers were walking off the job when handed the “take” from just a day of one such penetration. As with audio surveillance, something I have done, it was taking hours and hours to get to the one minute nugget that a well-placed human asset could have produced on the fly. Sadly, CIA does not do real clandestine Human Intelligence (HUMINT) either, and it has forbidden the Open Source Center from talking to Subject Matter Experts (SME), humans being the “exclusive” domain, at least within CIA, of the sadly inept Directorate of Operations (DO).
An intermediate look might start with Mark Bowden’s book WORM: The First Digital World War, and ideally also Mark Bowden himself — books are pointers to the humans who have not published 80% of what they know. That book would make clear the fact that what expertise exists in this domain is outside the US Government and generally in the minds of people that do drugs and do not have security clearances.
A visit to Best Buy, where one can buy an appliance that converts the electrical system of a home into a router, will demonstrate NSA’s biggest secret, the one it absolutely does not want Congress to know: the Chinese have been riding the electrical circuits into NORAD, NSA, and everywhere else, for over a decade if not two.
If and when Cyber-Command or anyone else is ready to go the advanced level, the work of Robert Garigue (RIP) is earnestly recommended. He died in his sleep in his early 50’s and we lost the single greatest English-language mind in cyber. I have done what I could to collect some of his work and offer it free online. Below is a graphic that Robert and I created — we have never been able to get anyone to think about this.
I miss Robert very much. His integrity was equal to his intelligence; we have too few serving officers of his caliber.
What is to be done? For me this is a simple matter. Apart from the fact that NSA is an administrative executive agency with no foundation in legislation, I believe the time has come for the US military particularly, but the US Government and US commerce generally, to stop farting around on the margins, going through the motions.
The cloud — and in particular the Oracle cloud as opposed to the Amazon cloud or any other cloud — offers an opportunity for major advances in cyber-security that can begin the long hard process of achieving end to end defaulted security (e.g. data at rest encryption such as for all those completed SF-86 forms) something I talked about within the Office of Information Technology at CIA in 1986.
This is also about much more than mere technology. This is about how we connect to the rest of the world, how we harvest the aggregate intelligence of humunity, and whether or not we can start to do what we do not do now: holistic analytics, true cost economics, and open source everything engineering. We should be providing the transparent, truthful, trusted model for the rest of the world.
Everything about our cyber world today is corrupt. We must begin as Bob Seelert, CEO of Satchi and Satchi Worldwide in NYC, suggests:
When things are not going well, until you get the truth out on the table, no matter how ugly, you are not in a position to deal with it.
I understand this problem and I understand how to fix it.
RELATED AT LINKED-IN: