China takes the lead in supercomputing while America sleeps

Summary: The Apollo program demonstrated America’s superpower status in the 1960’s. Today’s contests are more diffuse, such as the race to build the most and largest supercomputers. China has moved into the lead in this, another milestone in its quest to again become the Middle Kingdom. Helping in their quest is America’s unwillingness to invest in itself, preferring to fund the 1%, a massive military, and foreign wars.

Sunway TaihuLight Supercomputer

China’s New Supercomputer Puts the US Even Further Behind

By Brian Barrett, Wired, 21 June 2016 — Excerpt.

“This week, China’s Sunway TaihuLight officially became the fastest supercomputer in the world. The previous champ? Also from China. What used to be an arms race for supercomputing primacy among technological nations has turned into a blowout.

“The Sunway TaihuLight is indeed a monster: theoretical peak performance of 125 petaflops, 10,649,600 cores, and 1.31 petabytes of primary memory. That’s not just “big.” Former Indiana Pacers center Rik Smits is big. This is, like, mountain big. Jupiter big.

“TaihuLight’s abilities are matched only by the ambition that drove its creation. Fifteen years ago, China claimed zero of the top 500 supercomputers in the world. Today, it not only has more than everyone else — including the US — but its best machine boasts speeds five times faster than the best the US can muster.

“…Its 10.6 million cores are more than three times the previous leader, China’s Tianhe-2, and nearly 20 times the fastest U.S. supercomputer, Titan, at Oak Ridge National Laboratory. ‘It’s running very high rates of execution speed, very good efficiency, and very good power efficiency,’ says University of Tennessee computer scientist Jack Dongarra. ‘It’s really quite impressive.’  {Its peak power consumption under load (the HPL benchmark) is 15.37 MW, or 6 Gflops/Watt. It would have taken the #2 spot on the November 2015 Green500 list.}

“…TaihuLight is faster than anything scheduled to come online in the US until 2018, when three Department of Energy sites will each receive a machine expected to range from 150 to 200 petaflops. That’s ahead of where China is now — but two years is half an eternity in computer-time.

“…The other significant TaihuLight achievement stings US interests even more, because it’s political. China’s last champ, Tianhe-2, had Intel inside. But in February of 2015, the Department of Commerce, citing national security concerns — supercomputers excel at crunching metadata for the NSA and their foreign equivalents — banned the sale of Intel Xeon processor to Chinese supercomputer labs.

“Rather than slow the rate of Chinese supercomputer technology, the move appears to have had quite the opposite effect. ‘I believe the Chinese government put more research funding into the projects to develop and put in place indigenous processors,’ Dongarra says. ‘The result of that, in some sense, is this machine today.'”

—————————- End excerpt. —————————-

The operating system is a Linux-based Chinese system called Sunway Raise. Bloomberg gives more detail about this remarkable achievement by China.

Read more

Advertisements

The new frontier: Even Developing Nations Do Cyber Spying

Summary: Revolutions in military technology allow rising powers to supersede the old ones, not just because the new tools provide asymmetric advantages, but because the military leaders of dominant love their obsolete big toys. As do military experts in general; compare the coverage of new carriers and aircraft vs. cybersecurity. Will this pattern play out in cyberspace? Emilio Lasiello explains how emerging nations aggressively exploit this new terrain of conflict. {1st of 2 posts today.}

Video Wall
A 21st century equivalent to the Battleship.

Even Developing Nations Want Cyber Spying Capabilities

By Emilio Iasiello from DarkMatters, 27 August 2015
Posted with his gracious permission.

Although governments like China and the United States are seeking to establish norms of behavior for nation states in cyberspace, there is increasing literature indicating that there is mounting interest in acquiring cyber espionage capabilities, even among less technologically advanced countries. An October 2015 report by Citizen Lab, a Canadian-based organization, found 33 likely customers of FinFisher – malware able to read encrypted files, e-mails, and listen in to voice over Internet Protocol, and activate webcams. Client information was exposed in a data breach that targeted Gamma International Ltd, a Munich-based company that made FinFisher and sold it exclusively to governments and law enforcement organizations.

These developments come at a time when governments are seeking to curb the volume of hostile activity occurring in cyberspace. Revelations of suspected U.S. global surveillance and China’s rampant commercial cyber espionage have brought talk of creating a baseline for accepted actions for governments to take in cyber space. China and Russia, as well as the United Nations Governmental Group of Experts on Information Security have developed proposals addressing these very concerns.

Adding to this trend for nation state responsibility, in April 2015, the United States established “cyber sanctions” that granted authority to the Department of Treasury to sanction “individuals or entities” that pose a cyber threat to the “national security, foreign policy, or economic health or financial stability of the United States.” In a landmark agreement in November 2015, governments of the 20 leading global economies – including China – pledged not to engage in cyber-enabled commercial espionage for profit.

Read more

Russia’s Propaganda Trolls become a power in cyberspace

Summary: Cyberspace is not just a means to steal information and wreck systems, but also a means to touch people’s minds and change how they see the world. The tech is new, but the methods are old. Russia has a long history of playing this game well. Here Emilio Iasiello explains how they have aggressively exploited this new medium.

Soviet propaganda

 

Russia’s Propaganda Trolls
Make an Impact in Cyberspace

By Emilio Iasiello, 27 August 2015
From DarkMatters: superior attack intelligence

Posted with their gracious permission.

 

Russia’s propaganda machine in action

Recent reporting reveals that the Russian government may be using online propagandists in order to project a positive Russian image to the global community, while attacking those perceived to be a threat to Russian government interests.

Two individuals that used to work for an organization called the “Internet Research Agency” exposed the propaganda machine whose objective was to influence public opinion, and in some instances, discredit specific targets.

The Internet Research Agency is an organization that employees hundreds of online “trolls” – individuals whose job it is to create online discontent.

Located in four floors of a building in St. Petersburg, these trolls logged twelve-hour days supporting the Russian government while attacking perceived enemies – the United States, political oppositionists, for example – on social networks, blogs, and comment areas for social media sites (“One Professional Russian Troll Tells All“).

These online operators created personas and blogs in order to disseminate propaganda to the wider Internet audience. Techniques ranged from blatant attacking content to leveraging more subtle techniques in attempt to discredit the West. According to one former “troll,” the operations were tightly controlled and closely supervised. Assignments were handed out to the propagandists, each focusing on a theme and a list of key words to be used in online content. (“My life as a pro-Putin propagandist in Russia’s secret ‘troll factory’“.)

Some of the more prevalent topics included the situation in Ukraine, the Syrian conflict, and stories related to U.S. President Barak Obama. For this they received a monthly salary of approximately $750 (“Woman who sued pro-Putin Russian ‘troll factory’ gets one rouble in damages“).

Read more

Determining guilt in cyberspace: difficult now, but there’s hope for the future

Summary: We see the nature of modern America in our response to cyberattacks. The government quickly points to one of the usual suspects, and Americans believe. Reminders of past government lies have no effect, nor do experts’ warnings that attribution in cyberspace ranges from difficult to impossible. For a change of pace, today cybersecurity expert James Palazzolo explains why this might not always be so. Law and order might someday come to cyberworld.   {1st of 2 posts today.}

Guilty!

The Complexities of Attribution in Cyber Space: An Overview

By James Palazzolo, 25 August 2015
From DarkMatters: Providing superior attack intelligence.
Posted with their gracious permission.

Seeking attribution

The challenges with attribution and Cyber Space are a study of both social and political aspects that directly relate to the overall technical architecture of the Internet as a whole.

Rid and Buchanan argue that attribution is not a matter of technology but a matter of want; meaning: attribution in Cyber Space is determined by the importance for states to want accurate high confidence attribution with regards to cyber systems. If this want is not realized than little kinetic effort will be spent on the process of attribution.

The challenges of attribution are a well-known argument from a technical studies perspective, but it still does not help to answer: what can organizations do in the short term when looking for high degrees of confidence in attribution? If high degree confidence technical attribution is possible how long will organizations (that utilize cyber systems to conduct business) have to wait until states globally accept levels of concrete identity over the Internet for all systems? From an analogous perspective the wait for an answer to the question is the ‘gorilla in the room’.

There is a good possibility that consistent high confidence attribution of cyber systems will never be achieved. From a covert operations viewpoint the lack of high confidence attribution benefits states’ Intelligence communities.

The ability to launch political campaigns with almost complete anonymity is too convenient for states to ignore (Alyia Sternstein in Defense One). It can be argued that social applications have cemented this stance as these applications are able to reach millions of individuals rapidly and typically cost the end user nothing to use.

Therefore, why would states want to engage other states in creating policy that reflects the technical gaps surrounding attribution in Cyber Space?

Additionally, there is no monetary incentive from a private industry stance to push the conversation closer towards high confidence attribution for cyber systems. With billions of dollars already invested in offensive and defensive cyber systems there is no need to reel in development costs and towards developing systems that offer high degrees of user and host attribution.

Read more

Fight the hysteria about the hack of OPM’s files. It’s probably not a big threat.

Summary:  We’re told the OPM hack will have horrific consequences for America. Just as we have been told so many times since WWII, almost always falsely. I expect this too will prove to be a wet firecracker. Here are the reasons why, obvious things few journalists have told you. {1st of 2 posts today.}

China cyberattack
Know fear, America, that you might be easily ruled. Graphic from Third Certainty.

Contents

  1. OPM, our latest bout of hysteria
  2. An alternative forecast
  3. Why so much hysteria so often?
  4. Other posts about the OPM hack
  5. For More Information

(1)  OPM, our latest bout of hysteria

We were confidently told that the revelations of Private Chelsea Manning would cause countless deaths of American soldiers (example). But they never materialized. US authorities confidently predicted even more horrendous results from Edward Snowden‘s revelations. Again, nothing big happened (unfortunately, that “nothing big” includes reforms of the NSA). These are just the most recent in the long list of scary stories the government has told us since WWII.

The latest nighttime story concerns the hack of the Office of Personnel Management database (see the posts at the end for details). A wide range of information has been stolen on tens of millions of Americans, as the OPM announced on July 9

Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details. Some records also include findings from interviews conducted by background investigators and fingerprints.

What could someone do with this treasure trove? Anonymous government officials, private experts, and amateurs have let their imaginations run wild. Both Left and Right go wild, predicting horrific results. See how fear-mongering brings America together. Here’s my favorite, from Naked Capitalism on July 27.

Read more

How would Sun Tzu defend computer systems? Poorly. A new era needs new thinking.

Summary:  The theft of the Federal government’s personnel data has brought information security back to the front pages. Along with the usual cries of “off with their heads” for the guilty and promises of Total Information Security in the future, as the signal to noise ratio in the media drops towards zero. To help restore our sense of proportion, here’s an article from the past by two well-known experts discussing the difficulty of e-defense in the 21st century.

This is a follow-up to About the theft of the Federal government’s personnel records: sorting fact from fiction, another in a series about a new age of conflict in which the old ways no longer work.  {1st of 2 posts today.}

“As we shall show, defense is a stronger form of fighting than attack. … I am convinced that the superiority of the defensive (if rightly understood) is very great, far greater than appears at first sight.”
— Clausewitz, On War, Book 1, Chapter 1

The Art of War
Available at Amazon.

 

InfoSec, Sun Tzu
& the Art of Whore

By Steve Tornio and Brian Martin.
At Attrition, 2 July 2010.

Posted with the authors’ permission.

 

Lately, you can’t swing a dead cat without hitting someone in InfoSecurity who is writing a blog post, participating in a panel or otherwise yammering on about what we can learn from Sun Tzu about Information Security. Sun Tzu lends the topic some gravitas and the speaker instantly benefits from the halo effect of Ancient Chinese Wisdom, but does Sun Tzu really have anything interesting to say about Information Security?

In The Art of War, Sun Tzu’s writing addressed a variety of military tactics, very few of which can truly be extrapolated into modern InfoSec practices. The parts that do apply aren’t terribly groundbreaking and may actually conflict with other tenets when artificially applied to InfoSec. Rather than accept that Tzu’s work is not relevant to modern day Infosec, people tend to force analogies and stretch comparisons to his work. These big leaps are professionals whoring themselves just to get in what seems like a cool reference and wise quote.

“The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.”  { The Art of War}

This seems to make sense on its face. If you focus on making your systems and networks invulnerable to attack, then you don’t need to worry about attackers. So, on any modern network where people actually need to get work done, can you make systems invulnerable to attack? If not, does this particular advice tell us anything useful? Maybe Sun Tzu was trying to say that we need to spend more and more money on IPS/SIEM/firewalls/antivirus, even if we don’t see a particular need to upgrade or improve those areas.

Information security is not warfare (leaving aside actual warfare, of course). The bulk of security practitioners are working to protect private and public networks and do not strike back against any enemy.

Read more

About the theft of the Federal government’s personnel records: sorting fact from fiction

Summary: We’re into the phase of the OPM records breach scandal where the US public policy crisis process predictably breaks down into finger pointing and aggressive guessing. Here is a brief on what little we know, and pointers on what we certainly don’t know.  {2nd of 2 posts today.}

cyber war

Contents

  1. How was it done?
  2. What was taken?
  3. Who was at fault?
  4. Who did it?
  5. Panic!
  6. For More Information

(1)  How was it done?

We can learn the bare bones about this series of attacks from the statement by Office of Personnel Management (OPM) Director Katherine Archuleta (bio here) to the House Oversight and Government Reform Committee. For an easier to read version see this typically excellent ars technica article by

Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network.

Beyond this we hear mostly guesswork.CyberEspionage

(2)  What was taken?

Lots of high-volume guessing in the news. The best answer might be: lots was taken. The Director’s statement says “we have not yet determined its scope and impact”. For a more precise answer see…

Read more