Keith Alexander: Armageddon for Thee But Not for Me
The other day, I noted how in an essay touting his cybersecurity approach, Keith Alexander claimed that approach had permitted the US to be plundered like a colony.
Hardly a selling point.
I want to return to Alexander’s essay, but first, consider Bruce Schneier’s conception of the Internet as an increasingly feudal society.
I have previously characterized this model of computing as “feudal.” Users pledge their allegiance to more powerful companies who, in turn, promise to protect them from both sysadmin duties and security threats. It’s a metaphor that’s rich in history and in fiction, and a model that’s increasingly permeating computing today.
Medieval feudalism was a hierarchical political system, with obligations in both directions. Lords offered protection, and vassals offered service. The lord-peasant relationship was similar, with a much greater power differential. It was a response to a dangerous world.
Feudal security consolidates power in the hands of the few. Internet companies, like lords before them, act in their own self-interest. They use their relationship with us to increase their profits, sometimes at our expense. They act arbitrarily. They make mistakes. They’re deliberately—and incidentally—changing social norms. Medieval feudalism gave the lords vast powers over the landless peasants; we’re seeing the same thing on the Internet.
[snip]
Most people, though, are stuck in the middle. These are people who have don’t have the technical ability to evade either the large governments and corporations, avoid the criminal and hacker groups who prey on us, or join any resistance or dissident movements. These are the people who accept default configuration options, arbitrary terms of service, NSA-installed back doors, and the occasional complete loss of their data. These are the people who get increasingly isolated as government and corporate power align. In the feudal world, these are the hapless peasants. And it’s even worse when the feudal lords—or any powers—fight each other. As anyone watching Game of Thrones knows, peasants get trampled when powers fight: when Facebook, Google, Apple, and Amazon fight it out in the market; when the U.S., EU, China, and Russia fight it out in geopolitics; or when it’s the U.S. vs. “the terrorists” or China vs. its dissidents.
[snip]
Without the protection of his own feudal lord, the peasant was subject to abuse both by criminals and other feudal lords. But both corporations and the government—and often the two in cahoots—are using their power to their own advantage, trampling on our rights in the process. And without the technical savvy to become Robin Hoods ourselves, we have no recourse but to submit to whatever the ruling institutional power wants.
Where we’re headed, Schneier says, particularly in the face of cybercriminals whose power is vastly magnified through technology, is increased servitude to both private corporations and governments, but that offers little protection when our pledged lords fight each other.
Now back to Alexander’s pitch that his approach to cybersecurity is best.
We need to embrace it, General Alexander suggests, because of the threat of Armageddon, the possibility that malicious actors will carry out a systemic attack that will result in a kind of Armageddon.
The features that allow all these infrastructure sectors to link together in cyberspace, however, also make them accessible to intruders from almost anywhere at a comparative minimum of cost and risk. The cyberdimension, therefore, adds an unprecedented degree of complexity and vulnerability to the task of defending ourselves against a modern-day “Armageddon” strategy.
The century-old dream and nightmare of crippling a modern society by wrecking its infrastructure—or just by disturbing its synchronization of functions—is now a reality others are dreaming of employing against the United States. We do not know how effective such a strategy would be against the United States in practice, but glimpses of global financial panics in recent years should raise concern about even partial “success” for an adversary attempting such an attack. [my emphasis]
Frankly, Alexander’s mention of the financial crash is a tell. He’s right that the damage Wall Street did reveals how damage accelerates in this globalized world, the possibility of an Armageddon. But no one (well, except for me!) has ever suggested NSA use its considerable power to guard against similar bankster-caused systemic disruptions in the future. Until such time as we decide to use this considerable surveillance power against banks — probably the most dangerous entities in the world right now — or admit that such surveillance really incurs too much cost even against such a grave threat, we simply are picking and choosing where and whom we want to surveil, and right now it’s not the most dangerous threats we’re surveilling.
Now consider how Alexander portrays USCYBERCOM to function in his vision of cyberdefense.
The Pentagon is moving to reduce significantly the number of its networks and limit the points where those networks touch the Internet. Its new joint network—the JIE—is inherently more defensible than the fifteen thousand disparate enclaves that currently exist in the Department of Defense. USCYBERCOM is involved in efforts to leverage cloud-computing technology to dramatically increase the ability to safely and securely store and access data.
[snip]
We are developing a force capable of defending the nation in cyberspace, operating and defending Department of Defense information networks, and providing direct support to Unified Combatant Command plans and operations. These forces must be able to defend our national-security networks, providing a vital sanctuary from which we can operate even while under attack. Having such an assured capability will not only defend Department of Defense and national-security functions, but also help government and civilian networks by convincing adversaries that an “Armageddon” strategy will not succeed against America. [my emphasis]
Alexander describes pulling our defensive forces substantially off of the public Internet where these malicious actors roam, building a sanctuary — a medieval fortress! — in which the defensive establishment will still be able to function in the event of Armageddon.
But consider the logic: that means the rest of us — who Alexander is demanding must sacrifice our privacy in the name of mutual defense — will be stuck outside the sanctuary, still at the mercy of those malicious actors.
This defensive plan will only work then, if the malicious actors are sufficiently deterred (and acting with sufficient consciousness and rationality, even given the likelihood of unintended consequences in a globalized system) by that “defensive” force holed up in the sanctuary to decide not to attack the world outside the sanctuary. If they’re not, then we’ll all still be exposed to Armageddon. The defensive establishment will survive to fight the malicious actors, but we may not.
That is, Alexander is describing that same feudal structure Schneier is, in which we’re just peasants who must sacrifice for the common defense, without, however, being invited inside the sanctuary he intends to keep safe.
So to sum up what Alexander is offering: a system that has already resulted in plunder on a massive scale (though largely from those whose riches are measured digitally), and the promise that in case of Armageddon, his “defensive” troops will be safe in the sanctuary to fight back.
Looks like Darpa knew what it was doing all along. not.
quote”So to sum up what Alexander is offering: a system that has already resulted in plunder on a massive scale (though largely from those whose riches are measured digitally) Ah yes…digitally. whudda thunk. Just wait till you’re required by “law” to carry a smartphone.
Speaking of coming back to bite you in the ass, anyone who buys a “SmartTV” is a fucking idiot. Of course, Alexander already knows this. Why do you think he has a 22′ screen. Oh, and about those “financial” plunders. Ever heard of EMI weapons? You will soon. Armageddon is a massive understatement. And it can’t happen soon enough.
At least the feudal lords tried to protect the serfs outside – those were their source of food and labor.
I don’t think Alexander and his BFFs understand that their comfy fortress depends on the people outside.
This assumes that necessity will not result in new innovations. We probably said we were doomed when the media companies started consolidating in the 80s/90s. We didn’t foresee the internet becoming an alternate source of information.
The internet is getting really crowded and dangerous. Something else will be built to satisfy at least some of the need, I hope. There are things in the works but I don’t know enough about them.
Protecting against the wrong threats — I agree with that heartily. But listening to Alexander, he doesn’t see the banks as the enemy at all. If he does, he hides it well.
i am so tired of these national security bureaucrats dreaming up boogey-men.
armageddon?
how about a volcanic eruption in yellowstone? guaranteed to happen since it one of the world’s four supervolcanoes. the last time i think it involved something like 700k sq miles.
how about a volcanic eruption to reduce sunlight worldwide for a decade?
how about a corn fungus or rice fungus or wheat fungus destroying most of the crop worldwide?
how about an influenza virus causing a severe pandemic?
how about 20 years of extreme drought from iowa west to the pacific, texas to north dakota?
how about a series of earthquakes from s. cal to alaska?
how about a 200mph hurricane stalled over south texas lousiana coast?
as for individuals:
how many of our 360 mill population have something stolen from their car or yard or house each year?
how many are mugged of robbed?
how many lose a job and can’t find work?
how many lose health insurance where it is badly needed?
in other words, this scare talk about cyber- boogies is just like that about terrorist-boogies following the airplane bombing of the wtc.
a bad scene but less than die in two months of traffic accidents in this country every year.
bad things are always happening to some of us, but they don’t get talked up by natsec bureaucrats trying to scare money and authority out of congress.
boogey-man creation by government security officials is just the literary part of their job description –
“must have experience writing very-very-scary scenarios to frighten populace into compliance”.
I am repeating myself, again and General Alexander agrees with me. A Computer Network is designed to share and use information. It is not designed for keeping secrets because any computer can and will be hacked, (Godel’s Theorem). Any information on a network is declassified automatically because it can not be protected. (Snowden’s Theorem).
Classified information can only be protected with 24 hour armed guards, and a secure metal safe. Effectively, with all the spy secrets on SIRPNET and others, there is no way to guarantee it has not been stolen. Computers have taken away the privacy of individuals and the privacy of the Spies. (Hayden’s Theorem)
– “The century-old dream and nightmare of crippling a modern society by wrecking its infrastructure—or just by disturbing its synchronization of functions—is now a reality others are dreaming of employing against the United States.”
And all of our cities will become ghost towns because zombies ate our brains.
What.The.Fuck. A reality others are dreaming of employing against the US is because firebombing 1/2 of European cities and turning Nagasaki and Hiroshima into wastelands 70 years ago and have yet to rise from the ashes gives them pause or inspiration. Christ, the wet dreams these guys must have as they wake to write down the 10 most sexy tech words PUA’s use to get someone to take off their clothes.
@orionATL:
a Richter-9 earthquake off Washington State would do wonders for the economy, in terms of crashing it. The other place you don’t want a big one is the currently-locked section from San Bernardino to Parkfield, which is about 30 years overdue for a 7-plus.
woah. 30 yrs overdue? not where i’d want to have my farm.
believe it or not, i’ve read that one of the most likely places in the u.s. for a serious earthquake is off-shore of charleston, s.c.
let me tell you, that would be one hell of a nasty surprise to people who think earthquakes are for californians or japanese.
shake ma grits ‘n shrimp!
How does all of this NSA crap eventually end? Are we ever going to be able to dismantle these folks down to a manageable size if there is such a thing?
Castles went out of style when gunpowder enabled the creation of mobile artillery capable of breaching the best defenses. Alexander is building his fortress even though artillery is widely available, inexpensive, and rapidly evolving.
He’s not an idiot. Does he believe this B.S. or does he just use it to get more money out of his civilian “bosses”?
@orionATL:
They don’t have that much to worry about in SC. They’re not that high-risk.
(Farms would be fairly safe, actually: open space.)
@William Ockham:
nice analogy from history which called to mind another, the maginot line:
https://en.wikipedia.org/wiki/Maginot_Line
@PJ Evans:
but think about the dairy cattle, man. you can only sell so much butter :)
and i’m not so sure about farms being safe. i read that cottonfields near bakersfield were turned into u-shapes during (i think) a 1950’s quake.
@William Ockham: HIs strategic advisor was a co-author.
This fucking clown is confusing a protection racket with protection. These feudal lords were not Sir Galahad they were thugs that held their claims by brute force.
@orionATL:
Not really; people tend to think that big quakes to all kinds of upending and breaking the ground like the ground is ceramic or something similar, but it doesn’t work that way. What you get is rows that are not quite straight any more, and offsets in roads, where they cross the faults; vertical movement happens, but it’s smaller. (August 1952. We were living in Long Beach, on former riverbed, and my mother said the cribs banged against the walls. I got her to file a did-you-feel-it report – the seismologists actually do collect backtime data.)
@par4:
Eh, not really. Feudalism is a BS form of government by today’s standard, but its common rise all over Europe and in parts of East Asia (Japan, most notably) at relatively the same time period in history suggest it was the most favored government model for the time. As well, organized crime was a nuisance back then, too.