The Derecho Named Cyber

Wednesday, October 10, 2012

Joel Harding


Cyber is new.  Cyber is hip.  Cyber is cool.  All these are relative terms.  Compared with the evolution of the automobile, cyber is evolving at a pace which approaches incomprehensibility.

The term computer was first used in 1613, according to that great and learned resource, Wikipedia, here.  This term, however, referred to a person who performs computations, an all together different meaning from the modern term. 

The first probable computer actually dates back to the second century BC, here. This was a mechanical device, in my humble opinion not at all what we associate with a modern electronic computer, but it did perform basic computations. In the 1930s and 1940s various attempts were made and resulted in some functional computers, some not programmable. 

Collossus was the first computer, in my humble opinion, to do actual work, breaking German codes in World War II, starting in 1943. This was followed by ENIAC in 1946, again for a military purpose.  These used mostly vacuum tubes, but then semiconductors and micro-processors were introduced and computers shrunk in cost and size by the 1970s. 

I wrote my first computer program in 1974, in FORTRAN, the same year I bought my first hand-held calculator for a mere $400 from Sears, complimenting my slide-rule.  Ah, those were the days.  Through the years I always delighted in peeking behind the curtain, at the operating system and figuring out how they worked, why and how I could get the computer to do things it was not designed to do.

In 1989 I bought my first personal computer, even though they were available for over a decade, but they finally fell in price and were almost mandatory for research and professional grade writing. That was the same year I started up a Bulletin Board system, or BBS, in Sierra Vista, Arizona, called The Exchange BBS.  It only ran at night, I had to use the phone during the day.  I had a whopping 20 MB hard drive and was part of FIDONET and I thought the technology was grand. I was amazed that an ‘email’ sent through FIDONET actually crossed the continent in one day! 

I quickly ran out of room on the hard drive and my wife ran out of patience at sharing the phone. I later experimented with CompuServe while stationed in Korea to send and receive correspondence with my wife, but that didn’t last long. I was teaching computer courses while stationed in Korea in 1990/1, the subject was the word processing program called Wordstar.  It’s funny how most of the basic keyboard sequences I taught then are still being used in Word, today, unbeknownst to most computer users.

When I returned from Korea I moved to North Carolina.  And then came the internet, for me.  Using a dial-up modem, it was slow, tedious and frustrating.  At work, however, the military was using UNIX computers, KG-84 encryption systems, had dedicated T-1 standalone networks, sometimes over a satellite connection and everything almost worked seamlessly. In my final job at Ft. Bragg I had to design and coordinate feeds from a very large variety of intelligence platforms, all seemingly using different formats and standards. 

In 1996 I participated in a groundbreaking study of a Blue Force (meaning friendly forces) tracking system named Grenadier Bratt, part of my job was to arrange the national level participation.  I went to Washington DC and participated in a SORS meeting, basically begging for satellite time.  I was frustrated when a sarcastic and arrogant Air Force Captain sneered his doubt that I would get even three minutes of time per day. 

Little did I know my boss, then Colonel Keith B. Alexander, was pulling in favors behind the scenes.  When I returned I discovered I had dedicated 24 hour a day coverage for an entire week!  This exercise was a proof of concept for today’s Blue Force tracking system. 

This demonstrated a need for operational satellites, not relying on intelligence collection systems. This also demonstrated that computers could track enemy forces and also show friendly forces, all properly separated by classification. I also discovered the precious bandwidth constraints on data feeds, we did not have enough bandwidth and could not exchange data and information at desired speeds.

In 1996, when I moved to Washington DC and got a laptop computer as part of my graduate program, I was firmly embedded into the internet, albeit at dial-up speeds. My job at this time included chasing state-sponsored hacker groups and attempting to bust them.  Wow. 

The discussions we had back in the mid-90s are still ongoing, we still don’t have a proper information sharing cybersecurity bill and people still don’t trust the government to maintain their privacy. I also discovered the intelligence community was using multiple OC-48 networks to pass data around the Washington DC area, an amazing leap in data rates.

By the time DSL and cable connections came around, I was running a home network and getting my cyber door knocked on by foreign connections almost every second. Me, Joe Citizen, sitting on my home computer. But we finally have a dedicated effort by the Department of Homeland Security, DHS, to help secure our nation’s computers. We have the US Cyber Command, lead by my former mentor, now General Keith B. Alexander, who is unique in his vision and his capabilities – God help his successor, he’ll need it! 

We have a pending cybersecurity bill in Congress, which is currently tabled.  We have the threat of a cybersecurity Executive Order by the President of the United States, which is most likely a political ploy but it might force Congress to actually do their job when it comes to cybersecurity. We have the release of CCDOE’s Talinn Manual, available in .pdf format here, so the legal community is finally  doing their work on something other than a Wang word processor (sorry, I couldn’t resist the dig). 

The challenge is to bring the laws up to date and update them at the speed of the 21st century (you’re slowing us down, guys).   $13 billion is dedicated to US cybersecurity and reports have indicated that an increase of 1,800 percent (not a typo) is needed to properly secure our networks. 

Please don’t forget, also, about Moore’s Law. Our processing power is still increasing, the technology is improving at an ever increasing rate and we are now processing and passing information at incredible speeds.   I am now routinely seeing 5 MB per second downloads at home and my system says I am actually capable of a 42 MB per second download rate.  I would have filled my first hard drive in less than half a second.  *poof* Done.

In relative terms the rate of increase in technology for both computing and communications is increasing at unbelievable speeds.  Recently Washington DC and surrounding states were hit by a storm called a derecho.  It was fast, it was powerful and it hit the area like a sledgehammer. 

I spent the evening in Pennsylvania, with my family and the storm damage was incredible, then I returned to Washington.  The power was out for millions in the DC area, businesses were ruined and it took weeks for some lives to get back to a semblance of normalcy. 

Cyber is the same way.  Please, members of congress and business leaders, please recognize the world of cyber for what it is, a potential derecho.  Please work on cybersecurity as if our lives depend on it, because we do.


About the last line.  What do you mean “we”, white man, says Tonto to the Lone Ranger when they’re surrounded by warring Indians.  If you don’t get this joke you’re not old enough.

We, as in the cyber community.  Part of the Information Operations community. We, meaning everybody who works on the internet, makes their living with the aid of the internet, or has their virtual life on the internet. You, me, and almost everybody we know.

And no, not literally our lives, but our business life and much of our personal life depend on the internet, the web.

I’m so deeply entrenched in the cyber world as well as the ‘influence and information’ worlds that I tend to think in terms of we.   I constantly remind my wife (no, not the same one mentioned above) that marriage is about we, us and our, not I or mine. It’s a mindset and a figure of speech.

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Security Awareness
Information Security
Government Cyber Security Network Security legislation
Post Rating I Like this!
Doug DePeppe Hi Joel,
Better watch out, or you'll be accused of FUD fear mongering. : )

A comment on the law. I partly agree and partly disagree. I agree that a legal framework is lacking in some ways, and so that's part of the cyber challenge. I disagree, however, that it's part of a root cause.

Law tends to move slowly - necessarily so in many cases. You're talking about law in the macro sense. That is, not a discreet provision that addresses a small area, but rather you're calling (as do I) for a fundamental structural shift. That's a macro change that greatly affects and often changes the societal balance.

We first need policy-makers to do a macro root cause analysis and determine the path of our strategy, then law will fill in with a framework.

This is all so abstract, so let me clarify my meaning. As I wrote last week: Is a Communist or Totalitarian System Preferable in the Internet Age? - the West's system of governance in a capitalist society respects private property rights. Necessarily so. However, that respect translates in practical terms in presenting an information sharing gap between industry and government. That gap undermines situational awareness, of the rapid and robust variety needed at the speed of the Internet. Hence, China and others can and do target that gap. Conversely, those totalitarian societies do not respect private property rights, so they can design better information sharing models for integrated situational awareness.

So, looping back, until we figure out (and empower) the public-private partnership ... as a new strategy in the Internet Era, "we" will be strategically limited in ways other societies are not. Once we push toward this model, the law will fashion a framework. But the Nation hasn't figured this out yet at the policy-making level.

And happy to explain why the "public-private partnership" really doesn't exist today, despite many comments about it. Anti-trust and anti-competition rules won't presently allow it to be fashioned properly. That's a separate discussion.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.