Posts

Wednesday Morning: Ashes to Ashes

It’s your second morning-after this week, this one launching the countdown on Christian calendars to Easter. I’m a lapsed Catholic, but we do observe Lent in my household. My agnostic son resists, but I’ve explained this is an opportunity to be mindful about others’ experience of going without. We are privileged to choose to give up, and we consciously recognize it by Lenten observation. Some choices we make, like giving up meat and sugar, are beneficial for us, but it’s still the luxury of choice when others are forced to simply suffer without recourse.

This year we will be mindful of water. We take it for granted every time we turn on the faucet. Yet our brethren go without in nearby Flint, in spite of water’s essential nature to life. I’ll donate the money I would have spent on 46 days of meat-based meals to Flint’s United Way Water Fund and the Food Bank of Eastern Michigan, as both organizations are helping distribute water and filters to Flint residents. Last night’s Boil Water order issued because of a water main break only underlines the difficulties Flint’s residents will face until the entire water system is replaced.

Dept of Duh: Director of National Intelligence says Internet of Things can be used to spy
NO! Say it isn’t so! Like it never occurred to us that any device attached to the internet, including the growing number of WiFi-enabled household appliances, might be used to spy on us.

Volkswagen recalls cars — and not because of emissions
VW didn’t need more trouble; this time, it’s not the German car makers’ fault. 680,000 VW-branded vehicles are being recalled because of Takata-made airbags which may be defective. TAKE NOTE: Mercedes-Benz models were also recalled yesterday.

Toyota, Honda, Acura, BMW, Nissan, Subaru, GM, Ford, Chrysler, and Daimler also issued recalls over the last two years for the very same reason — defective Takata-made airbags. See this article for a running timeline of events related to the recalls as well as a list of affected vehicles (to date).

Attacking the grid? Try a squirrel first – hacking is much harder
A honeypot mimicking an energy management system demonstrated the challenge to hackers trying to crash a power grid. Dewan Chowdhury, MalCrawler’s founder, spoke at Kaspersky Lab security Analyst Summit about the knowledge set needed to attack energy systems:

“It’s extremely difficult. You’ can’t just be a NSA or FSB hacker; you need an electrical engineer on board to weaponize attacks and figure out what’s going on … When it comes to weaponization, you need a power substation engineering who knows what needs to be done and tested.”

After reading about Chowdhury’s presentation, I have two caveats. The first is the notion that an “electrical engineer” or a “power substation engineer” is required. Many non-degreed workers like electricians and technicians are familiar with computers, networks, and SCADA equipment. The second is this bit:

The groups had access to the HMI, which would allow them to manipulate the grid, but Chinese, U.S., and Russian groups, he said, stick to a gentlemen’s agreement and leave the grid alone. Middle Eastern actors, however, will try to perform control actions to sabotage the grid.

A “gentlemen’s agreement”? When do the gloves come off? When one of these actors align with a Middle Eastern actor?

Global disaster — how would you respond?
In case a mess of squirrels are deployed to take down the world’s power grids, one might need to know how to deal with the inevitable meltdown of services. Johns Hopkins Center for Civilian Biodefense Strategies modeled a global disaster in 2013 by way of a simulation game. The results were predictable:

What they discovered was that the country was ill prepared to cope. Within two weeks there would be enormous civilian casualties, a catastrophic breakdown in essential institutions, and mass civil unrest. Food supplies, electricity and transport infrastructures would all collapse.

International security scholar Dr. Nafeez Ahmed was asked how people should respond; he offered a nifty guide, outlined in six points.

But disaster isn’t always global, and current cases show our gross inability to respond to limited disasters. Flint, for example, already struggles with running water, item number three on Dr. Ahmed’s list. Conveniently, Flint doesn’t necessarily rely on government or law enforcement (item number four) because neither responded appropriately to the ongoing water crisis. What remains to be seen is whether Flint will muster long-term self-sufficiency (item number six) as government and law enforcement continue to let them down.

Speaking of Flint, I wonder how today’s Democratic Steering and Policy Committee hearing on Flint’s water crisis will go, as Michigan’s Governor Rick Snyder declined to appear.

“Don’t necessarily trust the government or law enforcement” in global disaster, indeed.

What to Expect When You’re Expecting a Report From James “Least Untruthful” Clapper

It is a time pregnant with possibilities as the world awaits release of the US report on chemical weapon use in Syria. Today’s Washington Post informs us that we may see the report as soon as tomorrow:

The Obama administration believes that U.S. intelligence has established how Syrian government forces stored, assembled and launched the chemical weapons allegedly used in last week’s attack outside Damascus, according to U.S. officials.

The administration is planning to release evidence, possibly as soon as Thursday, that it will say proves that Syrian President Bashar al-Assad bears responsibility for what U.S. officials have called an “undeniable” chemical attack that killed hundreds on the outskirts of the Syrian capital.

The report, being compiled by the Office of the Director of National Intelligence, is one of the final steps that the administration is taking before President Obama makes a decision on a U.S. military strike against Syria, which now appears all but inevitable.

Wait. What?

Marcy already mused on all the talking heads focusing on how a US response to Assad using chemical weapons on Syrian citizens is all about our “credibility“. If the US response is so tied up with credibility, how on earth can it be that the person charged with compiling the report on which we will base military action is the man whose obituary will be obliged to mention his admission that he lied to Congress, but that we should excuse the lies because he gave the “least untruthful” version possible? That is how the US will convince the world that, unlike when we lied about Iraq having WMD’s before we invaded, this time we aren’t lying about Assad?

Note also that Marcy mentioned yesterday that the US, through John Kerry, tried to prevent the UN carrying out its own investigation into the chemical weapon evidence. That move undercuts US efforts at credibility since outside, independent confirmation of findings would be a huge step in providing assurance that the US is being truthful.

The UN effort continues today, with the delegation of inspectors visiting a different Damascus suburb than the one they visited on Monday. (See the map in this BBC article for the sites at which chemical weapons were accused of being used in the attack.)

We get a bit of information from AP on how the UN team is operating:

The U.N. chemical weapons experts conducted their first field testing in the western Damascus suburb of Moadamiyeh on Monday. They collected samples and testimony after a treacherous journey through government and rebel-held territory. Their convoy was hit by snipers but members of the team were unharmed.

The ability of the UN team to interview victims (which is presumably how they got “testimony”) and then to take their own samples is a key part of making their work believable. Both environmental samples at the sites of attack and biological samples from the victims play a role in identifying whether and what chemical agents were used. See this informative piece from FAS on descriptions of symptoms that the investigators would be looking for when interviewing victims.

When Clapper finally releases the US report, one of the most important aspects in that report will be the provenance of any samples the US subjected to chemical analysis. We don’t have acknowledged “boots on the ground” in Syria, so how did the US get samples? What certifications, if any, are there on chain of custody documentation on those samples? As with most other accounts of the chemical attack, the AP article linked above mentions that Doctors Without Borders has documented the number of dead and injured from the attack. Samples and documentation coming from them would be seen as having a much greater level of independence than samples provided by the rebel groups that control the territory where the attacks are said to have taken place.

Even though their main website has been taken down, reportedly by the Syrian Electronic Army, the New York Times is continuing its reporting on the situation in Syria. An article published yesterday afternoon provides some useful background information on the ability of modern forensic methods to detect chemical agent use long after the fact: Read more