Summary: President Obama shows that he knows how to lead Americans, giving a speech based on stories of successful cyber-attacks. Just as Bush demonstrated with his speech about Iraq’s nukes, American Presidents can spout any nonsense to their subjects. In turn we smile and genuflect before our betters. Bowing is not an appropriate posture for citizens.
This analysis does not say that cyber attacks have not occurred, that they are not a serious threat, or that better defenses are needed. After all, Bush’s false statements about Iraq’s nukes does not mean that there are no atomic bombs, or that their use is not a serious risk. But if America is to survive — let alone prosper — in the 21st century, we must fix our observation-orientation-decision-action loop (the OODA loop).
Demanding some evidence from our leaders’ about their big claims is IMO a necessary step. This speech has even less supporting evidence than President Bush and Secretary of State Powell gave for the invasion of Iraq. As yet we have no way to know if these claims are any more accurate than those about Iraq.
Contents
- The President’s speech
- Public information about his claims concerning cyber attacks
- Afterword and For More Information
(1) The President’s speech
Remarks by the President on Securing Our Nation’s Cyber Infrastructure by President Obama, 29 May 2009 — Excerpt:
We meet today at a transformational moment — a moment in history when our interconnected world presents us, at once, with great promise but also great peril.
… It’s the great irony of our Information Age — the very technologies that empower us to create and to build also empower those who would disrupt and destroy. And this paradox — seen and unseen — is something that we experience every day. It’s about the privacy and the economic security of American families.
But every day we see waves of cyber thieves trolling for sensitive information — the disgruntled employee on the inside, the lone hacker a thousand miles away, organized crime, the industrial spy and, increasingly, foreign intelligence services. In one brazen act last year, thieves used stolen credit card information to steal millions of dollars from 130 ATM machines in 49 cities around the world — and they did it in just 30 minutes. A single employee of an American company was convicted of stealing intellectual property reportedly worth $400 million. It’s been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.
In short, America’s economic prosperity in the 21st century will depend on cybersecurity.
And this is also a matter of public safety and national security. We count on computer networks to deliver our oil and gas, our power and our water. We rely on them for public transportation and air traffic control. Yet we know that cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness.
(2) Public information about the President’s claims concerning cyber attacks
To the best of my knowledge, the only basis for the President’s claim in the public record is a statement released at the 2008 SANS Security Conference in New Orleans. See this for information about the SANS (SysAdmin, Audit, Network, Security) Institute.
“CIA Confirms Cyber Attack Caused Multi-City Power Outage“, SANS NewsBites, 18 January 2008 — Excerpt:
On Wednesday, in New Orleans, US CIA senior analyst Tom Donahue told a gathering of 300 US, UK, Swedish, and Dutch government officials and engineers and security managers from electric, water, oil & gas and other critical industry asset owners from all across North America, that
“We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet.”
According to Mr. Donahue, the CIA actively and thoroughly considered the benefits and risks of making this information public, and came down on the side of disclosure.
Some questions about this statement in “Obama (!) spouts an urban legendin his cybersecurity speech“, Rob Rosenberger, posted at Vmyths, 29 May 2009 — Excerpt:
It’s an urban legend because no one knows any details whatsoever. To be specific:
- Who plunged entire cities into darkness with the click of a mouse? No one knows.
- When did these cyber-terrorists plunge entire cities into darkness with the click of a mouse? No one knows.
- Where are these cities that plunged into darkness with the click of a mouse? No one knows.
- Why did the cyber-terrorists plunge these cities into darkness with the click of a mouse? No one knows.
- How widespread were these cyber-terror blackouts? No one knows.
- Whose power grid Internet connection did the cyber-terrorists exploit? No one knows.
- How many victims perished in these cyber-attacks? No one knows.
- What did it cost to clean up after these cyber-terror attacks? No one knows.
- Does Interpol want to extradite a U.S. citizen so he can stand trial on charges of cyber-terrorism? No one knows.
Listen to me, folks. Cyber fearmongers crave this kind of information. They crave it like a drug. And yet none of the cyber fearmongers has ever come forward to say “this city got hit on this date by this terror group using clandestine funds from this nation for this purpose, plunging this many people into darkness and killing this many hospital patients who lost power to their life support systems.”
It’s an urban legend, folks. It doesn’t make it any more real when it flows from the lips of the president of the United States.
Rosenberg provides some background about the President’s claim that “that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.” See “Obama part 2: where did his “$1 trillion” guesstimate come from?”, Rob Rosenberger, Vmyths, 29 May 2009 — Excerpt:
Let me remind you what I said back in February. Obama’s top intelligence advisor, Dennis Blair, “all but admits the entire U.S. intelligence community lacks data concerning one of the five most important threats America now faces. The mighty Blair himself can do nothing more than quote wild dollar values spouted by two companies — one of them not even involved in economic assessments.”
If America’s top intelligence official can’t produce an economic cyber-damage estimate, then how on earth can Obama do it? And why is it such a “clean” number like $1 trillion?
Answer: Obama had no choice but to use someone else’s wild guesstimate. Without attribution.
I’ve railed for at least a decade on the utter lack of metrics in the computer security industry. “The average high school keeps statistics on its girl’s softball team,” I sneered in 2005, yet “the average computer security expert keeps no statistics on virus infections. What’s wrong with this picture?”
Hysteria thrives in computer security because the experts rely on superstition, not metrics. “President 2.0″ now supports their goal to frighten Americans with superstition. Again, what’s wrong with this picture?
About the author
From the “About” page of Vmyths:
Rob Rosenberger edits Vmyths and writes as a columnist. He is one of the “original” virus experts from the 1980s, and the first to focus on virus hysteria. Red Herring magazine describes him as “one of the most visible and cursed critics in computer security” today, and PC World magazine says he “is merciless with self-appointed virus experts and the credulous publications that quote them.” Rosenberger was one of only a dozen industry experts invited to the White House’s first-ever antivirus summit meeting in December 2000.
From a profile in Wired (6 August 2001):
Rosenberger is not just a random ornery writer with a website and a bone to pick. He’s an experienced programmer, a systems administrator and a man of mystery with high-level CIA security clearance. Information about Rosenberger’s status with the CIA was confirmed by an inquiry to a government office, and Rosenberger understandably refused to verify or even discuss the issue.
For more information from the FM site
To read other articles about these things, see the FM reference page on the right side menu bar. Of esp interest are:
Posts about America’s broken OODA loop:
- News from the Front: America’s military has mastered 4GW!, 2 September 2007
- The two tracks of discussion about the Iraq War, never intersecting, 10 November 2007
- Diagnosing the eagle, chapter I — the housing bust, 6 December 2007
- Another cycle down the Defense Death Spiral, 30 January 2008
- Quote of the day: this is America’s geopolitical strategy in action, 26 February 2008
- What do blogs do for America?, 26 February 2008
- Everything written about the economic crisis overlooks its true nature, 24 February 2009
- The housing crisis allows America to look in the mirror. What do we see?, 9 March 2009
- Globalization and free trade – wonders of a past era, now enemies of America, 16 March 2009
- A note on the green religion, one of the growth industries in America, 17 March 2009
- Poor peak oil research, more evidence of a serious problem with America’s vision, 5 May 2009
- We’re ignorant about the world because we rely on our media for information, 3 June 2009
It would be false to allege that the possible existence of Iraqi nukes [actually WMDs, to include chemical weapons, which the regime had used previous] were the only given reason for the invasion of Iraq. Surely you are aware of this.
.
.
Fabius Maximus replies: Let’s go to the tapes!
FM: “This speech has even less supporting evidence than President Bush and Secretary of State Powell gave for the invasion of Iraq.”
I don’t see the words “only”, “nukes”, or “WMDs”. Surely you are aware that your statement does not fairly represent what I said.
There were 2 formal statements of casus belli for the invasion> United Nations Security Council Resolution 1441, mentioned only WMD’s, prohibited weapons, and payments to Kurwait. The other, the Iraq War Resolution of 2002), gave a far wider range of justifications. The primary evidentiary reasons were the WMD’s and Iraq’s support of terrorists. The evidence for both of these has been largely disproven.
The 2002 congressional resultion mentioned other reasons of a non-evidentiary nature given by the Bush Administration, such as
* Iraq’s “brutal repression of its civilian population.”
* The Iraq Liberation Act of 1998, a US policy goal was to remove the Hussein regime and promote a democratic replacement.
Fabius, have you read Dan Brown’s ‘Digital Fortress’? This popular novel contains the patently false notion that you need something like a supercomputer to break encryption algorithms.Unfortunately, much of America’s elite military leadership share that notion as well. String a set of computer ‘boxes’ together, install Linux on them, and what do you get – a veritable parallel processing system known to the geeks as a “Beowulf Cluster”. The Beowulf cluster is at the heart of google’s success. It’s also at the heart of the secrets stolen from the US Government by foreign militaries and intelligence agencies. The assumption that you need something like a Cray, either directly bought from the US, or locally manufactured – to do parallel computing – has led to this. Supercomputing is just parallel computing – as long as you can get adequate performance from a cellar full of boxes strung together on the open source – you can manage without a major budget and a high-visibility supercomputer installation. A Beowulf cluster’s performance is never as good as an actual supercomputer. But it’s good enough to hack the average diplomat’s Email system.
Rosenberger is right in the fact that this is drumming up the fear, but unlike Iraq, this rally will be to seek additional funding towards cyber-security efforts in the National security and Law enforcement apparatus. Much like how rosenberger points out the 1 trillion dollar is a clean and fictitious number, cyber-security on a technical level is a catch all word. It is particularly alarming that diving down a level in this lexicon brings us to offensive and defensive cyber-security capabilities and operations. Such actions on a technical level bring up privacy and sovereignty concerns that make the bush wiretapping look like an insignificant infraction.
Just wondering Fabius – have you read/skimmed “Unrestricted Warfare” by Chineses Colonels Qiao Liang and Wang Xiangsui?
.
.
Fabius Maximus replies: I read it years ago, and have often cited it on this site.
Re : Unrestricted Warfare. Overrated book, IMHO. How on earth is a country like China who primarily depends on foreign exports gonna get away with usin’ one of ’em cookbook methods to undermine a major power like the U.S.? The Chinese’ll probably alienate ’emselves from the rest of the world. World opinion is essential for a growin’ economic entity that still relies on friendly ties with other powers, particularly the U.S.
.
.
Fabius Maximus replies: While I doubt that China is a threat to the US, this is wrong on several grounds. First, China does not “primarily depend on foreign exports”. Exports are an important part of their economy, but not “primary” in any sense. Second, the peak of international integration (before now) was in the early 20th century. The nations of Europe were tightly linked in every way. This was cited as a reason that war was impossible (such as “The Great Illusion” by Norman Angell). WWI happened anyway.
“…this rally will be to seek additional funding towards cyber-security efforts in the National security and Law enforcement apparatus.”
True. It could be that Obama, in stepping back to a law enforcement paradigm vis combatting terrorism, sees cybersecurity as the ‘smarter, better’ way to go about that. Unfortunately, that could promote blind spots.
Most of these comments miss the point of this post
The subject is not cyber-security, or cyber-threats. Those are important subjects, extensively debated by experts — as noted in the opening paragraph.
The subject is America’s broken OODA loop, the specific aspect examined is the ability of US Presidents to lie. To boldly go far beyond the available facts. And our sheep-like response to these speeches.
Mass war fought by modern state requires mobilization of the peons. Throughout history elites have used fear as an easy and effective tool to do so. The following widely-cited bit of cold war apocrypha captures a key element of the fear-mongering characteristic of early Cold War. Obama’s speech shows the same dynamic at work today.
Thanks for the links, it was informative. Not surprised that Obama used the tactic, it’s unfortunately all too common in politics. He’s a politician, and will use common political tactics.
The money figure is particularly entertaining to me — it reminds me of “cost savings” numbers that come up in “six sigma” activities. Without merit and over-inflated.
I fully agree with your comment above, FM. The issue is our Presidents’ ability to lie, and our tendency to believe them (we can be excused partially because the MSM does little if anything to challenge official statements.)
A useful corrective for citizens is to remember that the main purpose of most public announcements is not to convey information but to inculcate an attitude. The listener’s response should always be “what are they trying to sell, and why?”
.
.
Fabius Maximus replies: Thanks for noting the role of the MSM in this process. That the MSM uncritically accepts the words of both Republican and Democratic Presidents shows that the theory of the “leftist MSM” is an oversimplification. Their response to the pre-war speechs of Bush and his officials is powerful evidence of this.
From Thomas Sowell’s book, The Vision Of The Anointed
Our President is very articulate. I really think people will, I hope, get tired of this soon. Whether it’s cyber attacks, global warming, or any other made up fear to overwelm other information. Next thing he’ll start saying how many jobs he’s saved. Oh thats right he’s already said that too. SSDD same stuff different day and we wonder why foreign countries don’t take us seriously.
Somehow the government (via the Ad Council) can come up with a million dollar ad campaign to tell high school kids not to say ‘dude that is so gay!’ And yet they cannot do the same thing to say ‘hey n00b, run ur automatic updates’ or ‘12345? Sounds like the password an idiot would use on his email.’ Instead we must come up with yet another government agency complete with nice offices in Washington to deal with the scourge of annoying spyware.
Sigh. I should stop coming here. I fear that every entry I read has a deleterious effect on my health.
.
.
Fabius Maximus replies: The FM site has a wide range of material. Perhaps you should look at the post on the FM reference page Good news about America, a collection of articles!
It’s hard to see why the whole country is supposed to have an OODA loop. The OODA loop argument assumes that the whole nation is a living, breathing entity, held together as one great organism. In reality most of the common people in America just live a simple life for themselves. The results of the latest baseball game might be more interesting to them than the truthfulness of the Presidential speeches.
.
.
Fabius Maximus replies: It’s a metaphor, or pehaps an abstraction. The US is, of course, not a unitary entity. We speak of it as one for easier analysis and discussion. In fact, as you note, there are 300 million individual OODA loops. It’s only our actions that can be meaningfully seen in aggregate.
Re: Unrestricted Warfare. I noticed the authors labeled Soro’s a “financial terrorist”, yet he still walks free. Then the current insurance and investment banking crisis where the same label could apply to some, and again nothing.
.
.
Fabius Maximus replies: On an international scale there is little law and less order. Soros might be a terrorist to SE Asians, but not according to US law. Ditto for most of the financial sector actors who got us into this mess. Not every “bad guy” in a moral sense is a criminal in a legal sense.
The broken OODA loop was around during the Y2K scare of the nineties also. This whole cyber security issue seems to be awfully familiar to Y2K. Perhaps the Obama administration has manufactured it as a cyber “stimulus” package for Microsoft et al.?
Bravo Indian Investor. In I believe 1955, about 20% of Americans did not know who Eisenhower was, Life reported!! We are not less well informed. But we are much less well governed, over centralized, choking on the nanny state. Our infrastructure and planning is dying from centralization, responsibility being pushed further and further away. Freedom we have, its democracy and the Republic we are losing and, as always, its the lawyers who are taking it from our willing hands. We have multiple OODA loops, few of which intersect. We need to restore federalism or to borrow a phrase, let a hundred flowers bloom! If some state wants to support plural marriage, another wants same sex marriage, fine! If Kansas wants to ban evolution so that it can raise its children to be fit for housework and laundry, it should be their choice. But I am not paying for remedial education when the fools awaken to what they have done. We have to break the power of the Fed and restore State Houses, reduce Congress. Impose term limits so that people can go to Congress who have served in the State legislatures, and do not stay there more than 3 or four terms!
.
.
Fabius Maximus replies: I don’t believe some of this is correct.
(1) “In I believe 1955, about 20% of Americans did not know who Eisenhower was, Life reported!”
Do you have any links or evidence for this? It seems unlikely IMO.
(2) “We are not less well informed.”
There is a massive body of evidence that this is not correct. Esp if one focuses on the middle class.
Re:14 Providence deliver us if Microsoft gets tapped to help with cyber-security . . . ;-)
There is a long tradition of using inflated threats to get the public to acquiesce in using government funds to finance high-technology research, or to build up offensive capabilities under the guise of defensive ones. The “missle gap,” Star Wars 1.0 and 2.0, WMD, Homeland Security, etc. etc.
This post aptly demonstrates Obama’s continuity with this tradition, and the ongoing complicity of the media in failing to ask critical questions. Of course, in this case someone else (Rosenberger) has done the work asking the critical questions (the remaining 4 W’s of Journalism 101), and all that would be necessary would be to report or cite the questions. Apparently even that is too much to ask.
Not only can the media not be bothered to mount any kind of inquiry beyond their role of court stenographers, but they are perfectly eager to alter history as recorded by their own stories. I’m thinking of the withdrawal of UN inspectors (for their own safety) prior to Operation Desert Fox. Recorded in countless news articles at the time, and a few years later in it became “Saddam kicked out the weapons inspectors.” I used to post corrections about this to MSM sites all the time, to no avail.
“We have always been at war with Eastasia . . .”
Obama wants a centralized electronic health records database as part of his health care reform initiative. This would require electronic confidentiality.
The present Internet infrastructure is not properly designed and implemented for optimum security. There’s been a push for an Internet 2.0 infrastructure, i.e. a complete redesign. This would be the “stimulus” package for Cisco, Microsoft, Google et al.
Y2K ended up helping software companies sell new Y2K compliant software, along with consulting/servicing contracts to corporations with legacy in house Cobol/Fortran applications. Remember, the Internet “bubble” burst in 2000-2001.
Recall all the doomsday predictions of Y2K. Obama is using the same script.
.
.
Fabius Maximus replies: That’s just good sense on Obama’s part. Why not use a proven successfuly tactic? Sheep tend to respond the same way, no matter how bad the outcome for them. That’s what makes them sheep.
What on earth are mission critical computers that control a power station doing with an internet connection in the first instance, we might ask? Unplug the ADSL lead. Replace it with a private optical fibre based wide area network if there is a need for communication amongst the power stations. Nothing to hack … no more hackers.
.
.
Fabius Maxmius replies: Does anyone have any evidence that power stations in fact have their control computers linked to the Internet?
Please google the sad case of Gary McKinnon {see his Wikipedia entry}, who hacked into the Pentagon computors and is facing extradition from UK to US , threatened with life imprisonment . His family and doctors tell us he has been diagnosed as having Aspergers , was obsessed with aliens and was looking for little green men . We assume he did not find them . However , when he found a site he could hack , he left large messages pointing out their poor security – annoying for users , but hardly the action of a terrorist .
.
.
Fabius Maximus replies: He was arrested in 2002, and diagnosed with Aspergers in 2008. Not everybody finds this credible or estimable.
“U.K. Hacker Gary McKinnon Plays the Asperger’s Card“, Wired, 28 August 2008 — Excerpt:
“Aspergers Does Not Make Computer Hacking Acceptable“, posted at The Aspergers And Autism Website, 27 September 2008 — Excerpt:
FM: “Second, the peak of international integration (before now) was in the early 20th century. The nations of Europe were tightly linked in every way. This was cited as a reason that war was impossible (such as “The Great Illusion” by Norman Angell). WWI happened anyway.”
Much truth in that, FM. I concur. Especially if “mass war fought by modern state requires mobilization of the peons. Throughout history elites have used fear as an easy and effective tool to do so.”
Thanks for remindin’ me ’bout nations goin’ to war in spite of close economic ties. The follies of nationalism…Too bad most dudes are only interested in the scores of baseball leagues than what ’em politicos are doin’.
The cyber-attack scare is like the Year-2000 scare. As the New-Yorker caption wrote the other day:”The End is STILL near”
“We have always been at war with Eastasia . . .” (phageghost @ #16, quoting Orwell)
An apt quotation! How close are we to the state of 1984? Well, we have “always been at war” with someone during my lifetime — first the nazis, then communism (45 years!!), then unfriendly or anti-democratic governments, now terrorism (tacitly, Islam.) Is the world really that dangerous a place, that we have had to be at war for 70 years? Or is it rather that “being at war” is a necessary condition for a democracy of our size — an economic necessity and a political one as well, in order to insure that the citizenry remain docile, obediant and willing to believe that there is something greater than themselves which requires a state of continuing sacrifice?
I raise this only because I wonder if there is even any point in talking about Presidential lies, or MSM failure to question official statements and preserve history, in a country where war seems to be a permanent condition of its well-being.
I will dig out the Eisenhower comment. It is not made up. Everyone thinks the
“past” was better — because it is over and we were young. Why waste time debating something that cannot be demonstrated when we know that our system of government is killing us — literally. I wish to associate myself with 22, except to point out that the system of permanent war is an important source of our decline in many areas as well as the source of systemic corruption of our politics.
Re: #22 and 23:
A phrase popped into my head late at night — not sure from whom. “You can have empire, or you can have democracy — but you can’t have both.”
I explained to my wife this means that empire (or whatever you call our extensive military and economic presence around the globe) requires an immense diversion of resources from the home country to the periphery. This robs the citizens (through taxation) of the resources that should properly be devoted to their own well-being. In a true democracy, operating on free discussion and informed consent, the citizens would eventually recognize this theft, and replace the government. But that would mean the end of empire. That is why we can only have sham democracy, where the candidates and policies are chosen for us ahead of time, by the “real” rulers who benefit from empire.
Correct. I will point out that while Great Britain is experiencing terrible turmoil now, its citizens never lived as well as they did when they finally got out from under their Empire. Now they struggle with the remnant of imperial delusion because for several decades after ww2 there was unrestricted immigration from the Commonwealth. We are a nation of immigrants, which was guaranteed by the Civil War which destroyed the Anglo-Saxon state in a kind of war that only ScotsIrish warriors could imagine and carry out. This produced the miracles that were Lincoln and Walt Whitman and opened the borders to people with names like mine, Singh, Luigi and even Churchill if they wish to come. Bring our soldiers home, close all the foreign bases, make Guam a state, restore the Navy to its grandeur, establish Freedom of the Seas as the foundation of our national security, (destroy North Korea tomorrow, cut our dues to the UN by 90%, reform immigration and triple or quaduple the number of student and resident visas available, take on Chinese theft of our intellectual property, their unrestricted espionage in America, and most important revive America by restoring federalism.
.
.
Fabius Maximus replies: While the people of the UK never benefited much from its Empire, I don’t see the basis for this statement —
“its citizens never lived as well as they did when they finally got out from under their Empire.”
The Empire burned to the ground in the decades following 1914. The 1914-1980 period was one of repeated economic crisis for the UK, with severe under-performance vs. its peers.