China

Loose (Data) Sinks Ships — OpSec for the Information Age

More than a year ago I attended an on-line seminar for businesses that do business with federal agencies.  The speaker, in a refrain now heard quite often said:  “There are two types of businesses; those who have been hacked by the Chinese and those that don’t know they have been hacked by the Chinese.”  While there is a bit of hyperbole in that statement, it does make a valid point, and it is that all data with which we work in this new interconnected age of the internet and social media is vulnerable to being exposed to those who do not have a need to know if we don’t institute the right countermeasures.

And the issue isn’t just related to Chinese ambitions, though their efforts are significant.  For example, the semi-autonomous Red Hacker Alliance consists of a hacking army of at least 300,000 members.  Plus there are other state actors, terrorist organizations, and other equally dangerous threats among the run-of-the-mill identity and information theft hacking community.

Exhibit one along these lines has been floating in the news for a few weeks now and is the hacking of the servers at the Democratic National Committee by Russia.  Exhibit two is the hacking of election databases in Illinois and Arizona by the same hackers.

The infrastructure built around the cult of personality of Vladimir Putin in disrupting the political and international institutions that he views as a threat to his rule and international ambitions is both well documented and expansive.  For some time now Russia has been clandestinely funding extreme parties in Europe as part of its project to undermine faith in self-government and democracy there.  It is now clear that he has also set his sites on the United States electoral process as well.

With assistance from Fifth Columnists like alleged rapist Julian Assange of Wikileaks, who is still hiding out from Swedish due process in the Ecuadorian Embassy awaiting the statute of limitations to run out, Russian hackers have been selectively releasing e-mails, most mundane (John Podesta’s risotto recipe anyone?), but some embarrassing when removed from context, over the course of the current presidential campaign.

But this is headline news.  For those of us in the information management and software industry, what we should know is that just about anything is fair game to hackers beyond the sport of manipulating democracy, due process, and the free world, including privileged, proprietary, competition sensitive, and classified information.  Any system without a robust physical firewall or strategic areas that have an air gap from the network is vulnerable to hacking.  The infamous Chinese hack of the Office of Personnel Management (OPM) data breach demonstrates this clearly, even on what ostensibly appears to be the most secure data repositories.

So what does this tell us?

First, that data streams and data lakes must be reduced so that, aside from the economic benefits, data and information found in those repositories can be traced, categorized, and properly compartmentalized.  This suggestion does not preclude redundant backup systems to eliminate the danger of destruction, but it does keep bits of intelligence from being collected from different, ostensibly unrelated, sources.

Second, that the golden age of putting everything in the Cloud was a bad idea from the start.  I would go as far to say that most hosted, but especially HTML-based applications, at this point have so many security vulnerabilities, regardless of the assurances of software publishers and companies, that industry and government consumers should avoid them for their most sensitive data.  The criteria of the type of data this entails is that which, when given a data breach, would render the system or project completely compromised and represent an existential threat to the organization, or to the national security of the United States, or to its allies.

Third, computer hardware devices should have the same restrictions that we apply to access of data by individuals.  If the device does not support a need to know, then that device should be restricted from certain data.  Data networks should employ encryption, and using a VPN when accessing the internet or working remotely will help to provide a secure connection.

Fourth, where interfaces with the internet are integral to business operations, such as e-mail and data sharing, a minimum of 256-bit encryption should be deployed in transit and storage of communications and data.  Furthermore, two-step login authentication, user login salting and hashing, and other measures will also reduce the value of any hack if it occurs.  For example, the 2012 DropBox hack, which only became completely known last month, was auctioned on the Dark Web at only two bitcoins because the value of the user information was rendered almost valueless because of these very measures instituted by the company.

I would consider these four measures the bare minimum.  Note, however, that if a state sanctioned actor is involved, the chances are that they are going to employ several methods to obtain your data.  The most reasonable approach to take is to invoke the approach from the Second World War that “Loose Lips Sink Ships”.  Simply don’t volunteer operational information regarding your company, organization, or agency to those without a need to know.

Sunday Contemplation — Finding Wisdom — Barbara Tuchman

ituchma001p1

 

“An event of great agony is bearable only in the belief that it will bring about a better world. When it does not, as in the aftermath of another vast calamity in 1914-18, disillusion is deep and moves on to self-doubt and self-disgust.”– Barbara Tuchman

Barbara Tuchman was an earnest historian.  She began her career as a journalist and worked assignments in Japan during the Shōwa period and witnessed the rise of nationalism and the military state there.  Afterward, she became an editor at The Nation, working as a war correspondent covering the Spanish Civil War.  Thus she bore first hand witness to and recorded the history that unfolded before her during one of the most tumultuous and tragic periods of human civilization.

Later in life she turned her full attention to history, and it is there that her full talent revealed itself.  She is known for a trilogy of books about different topics concerning the period prior to and during the First World War.  These are The Zimmerman Telegram, The Guns of August, and The Proud Tower.  She also penned a comprehensive history of China’s convulsive period from 1911 until the end of the Second World War conjoined with how these events were seen through the eyes of an energetic U.S. Army officer in the book Stilwell and the American Experience in China, 1911-1945.  For both The Guns of August and Stillwell she was awarded the Pulitzer Prize.  Other books of note include A Distant Mirror:The Calamitous 14th Century, The March of Folly: From Troy to Vietnam, and The First Salute.  She received the National Book Award for A Distant Mirror on its paperback release–a strange practice of revisiting worthy but overlooked books on their initial hardcover release that has since been discontinued.

For me the books that focus on the period leading up to and including the First World War–the trilogy listed above–combined with Stilwell serving as epilogue, provide the most intelligible record of a largely incomprehensible period of human history.  These books speak to us on many levels for not only do they record specific events and times, they also explore the depth of the bottomless well known as human folly.  Like Hannah Arendt, she approached history and tragic events in an unconventional manner, applying irony–much criticized lately–as an effective device in highlighting the foolishness of human actions and the frailty of human existence.  For example, in noting the epic tragedy of the First World War with its endless trench warfare and blind charges into fortified positions that produced such horrific results she observed:  “Human beings, like plans, prove fallible in the presence of those ingredients that are missing in maneuvers – danger, death, and live ammunition.”

More immediately, it has become increasingly clear since the fall of the Soviet Union in 1991, that the politics, social upheavals, and decisions made during this period continue to loom over entire parts of the globe today.  It is almost as if the bipolar post-World War II Cold War construct had been but a constraining and moderating blanket which, when lifted, allowed all of the built-up hatreds, ethnic and religious animosities, nativism, anti-democratic economic oligarchies, and nationalistic and jingoistic ambitions to rise to the surface once again.  We have seen, as a result, tragedies in our own times from these poisons rising to the surface: the dissolution and unraveling of Yugoslavia leading to the ethnic cleansing in Bosnia, Herzogovina, and Kosovo; the widespread upheavals across the Arab world and the Far East, the rise of fundamentalist and militant sects in almost all areas of religious faith, wars of genocide in central Africa, the reemergence of animosities between China and its neighbors, and the rise of Russian imperialism in Europe under a new banner.  Here at home, as in other Western nations, we have seen the rise of political movements and economic elites that would turn the clock back to 1914 and before.  Given such developments it is here too that Tuchman informs.  “Learning from experience,” she wrote, “is a faculty almost never practiced.”  But learn we must, and apply the experience of other generations to allow us to avoid in our own times errors and follies whose consequences, given the ability of modern technology to extinguish human existence, would be much more tragic.

If we begin with The Proud Tower we enter a world in which we trace the strains on civilization that eventually led to the tragedy of 1914.  Beginning its narrative in 1890, the book illustrates the period in unexpected ways through the fog of time.  In the words of the author: “(this is not) the book I intended to write when I began. Preconceptions dropped off one by one as I investigated. The period was not a Golden Age or Belle Epoque except to a thin crust of the privileged class. It was not a time exclusively of confidence, innocence, comfort, stability, security and peace. . . . Our misconception lies in assuming that doubt and fear, ferment, protest, violence and hate were not equally present. We have been misled by the people of the time themselves who, in looking back across the gulf of the War, see that earlier half of their lives misted over by a lovely sunset haze of peace and security. It did not seem so golden when they were in the midst of it.”  Ms. Tuchman’s admission to having to strip herself of her preconceptions of the period is no mean feat.  This is the essence of intellectual honesty and, as a result, we find insights and honesty throughout its observations and conclusions.  Thus, we learn much about the past and are left to draw our own lessons from it–a period in history that was in rapid transition that few of its leading citizens outside of the arts seemed to note.

Ms. Tuchman’s magnum opus is The Guns of August.  Here she traces all of the trends and personalities involved in the disastrous decisions that led the world to war.  She begins her narrative with the funeral of Edward VII of England in May of 1910.  World leaders met to pay their last respects to the son of the queen whose own rule was short compared to that of his mother–Queen Victoria.  What we see is that so many of the major powers of the world are still ruled by kings, queens, czars, and emperors–a world very much different from the one we know today.  This knowledge informs our perspectives in reading other histories of the 20th century, particularly as it relates to Europe, in understanding that even in the 1920s and 1930s, in the wake of the Great War, that many people had narrowed their choices between competing authoritarian and totalitarian ideologies: Communism and Fascism.  Coming away from the funeral in 1910, former U.S. President Theodore Roosevelt came away from his visit, having seen the strains and ambitions expressed by the assembled leaders, convinced that Europe was on the brink of war.

Roosevelt, more than anyone, was an astute observer and an historian in his own right.  By 1910 the Eurasian nations were aligned through pacts–some secret and some not so secret–established for the mutual protection of the parties involved.  The Proud Tower chronicled the ceremonial hand waving at the peace conferences prior to the Great War that were attempts to establish an international security framework in lieu of military alliances.

Furthermore, the nations of Europe had developed some deep-seated prejudices and assumptions about their neighbors.  The Germans, for example, had successfully invaded France in the Franco-Prussian War.  It is this war that led to the unification of Germany under Bismark, social upheavals in France, and French designs to retake its lost territory of Alsace-Lorraine.  The French had constructed fortifications along the corridor of the previous Prussian invasion, causing the German general staff to develop a plan to go around those fortifications by attacking France through Belgium.  This plan did not take into account Great Britain’s historic guarantee of Belgian sovereignty.  The French for their part believed that “elan” and Napoleonic daring could overcome the firepower and bullets of modern weaponry.  The Germans also viewed Russia as a weakling and its leadership incompetent.  This view was reinforced by its losses to Japan in 1904-05.  Austria-Hungary, which viewed itself as the bulwark of western civilization against the east, had designs to expand its influence, particularly in the Balkans.  Russian for its part still smarted from its humiliations.  As with every repressive regime, it looked to foreign enemies to quell its internal instability.  It found these enemies in Europe and espoused a pan-Slavic ideology to claim areas of influence over large swaths of Eastern Europe, the Balkans, and the Baltic states.  Add to this the colonial holdings and ambitions of the major European powers, as well as Great Britain’s role as enforcer of the world order, and you have the ingredients for world war.

Thus, the Germans backstopped the Austrians and viewed itself encircled by enemies in France and Russia, France and Russia guaranteed the security of the other, Russia was allied with Serbia, Austria-Hungary felt secure in its alliances with Germany and Italy, and Great Britain and its Commonwealth was obligated to support Belgium and France.  It was this system of pacts, alliances, hostilities, and prejudices that Roosevelt observed and which set the dominoes in motion after being given a push.  For any high school student paying attention the assassination of Grand Duke Ferdinand in Serbia was that push.  Automatically and without thought, the parties acted as if they could not intervene in their own unfolding events.  When the war, particularly along the Western Front, ground to a stalemate the parties involved refused one after another to stop the carnage that was to consume an entire generation for another four years.  Tuchman tells this story in gripping detail, all the while keeping her eye on the facts and larger events.  Her literary style, and narrative voice keep the reader engaged in understanding the otherwise confusing motivations and actions.  It is this ability that defines the book as a magisterial work.

In The Zimmerman Telegram, Ms. Tuchman traces the U.S. entry into the Great War.  The book traces the discovery and release of a telegram from German Foreign Secretary Arthur Zimmermann to Germany’s Ambassador to Mexico, Heinrich von Eckardt in 1917 to convince Mexico to engage in war with the United States in order to keep the country out of Europe on the side of the Allies.  As unlikely as this situation seems to modern readers, the history of relations between the United States and Mexico were very strained, particularly during this time.  Mexico had undergone a series of revolutions beginning in 1910, one unauthorized overthrow even being fostered in 1913 by the U.S. Ambassador to Mexico with the instigation of U.S. industrialists who had invested in the country.

As a result, tensions between the countries rose, especially when President Woodrow Wilson attempted to undermine the dictator Victoriano Huerta, who had been installed by the U.S.’s own rogue ambassador.  Tensions continued to rise as Emiliano Zapata launched a revolution to the south and Pancho Villa waged a revolutionary war in the north along the U.S. border, creating chaos throughout Mexico.  Hoping to destabilize Huerta, President Wilson launched a naval occupation of Veracruz upon the unauthorized arrest of American naval personnel in Tampico and Veracruz.  American forces eventually ceded Veracruz back to Mexico.  But another American incursion occurred after Pancho Villa crossed the border and attacked and pillaged the New Mexico town of Columbus in order to resupply his forces after a devastating defeat.  From March 1916 to February 1917 General John Pershing launched a punitive expedition into Mexico with the intent of capturing Villa, which it did not do.  But U.S. forces did manage to destabilize Villa’s forces in the north and secure the border.

Against this backdrop of impending war with Mexico, the Zimmerman Telegram emerged, and with it the attention of United States public focused on the actions and machinations of Germany.  Germany’s Foreign Secretary’s proposal, which Wilson released to the U.S. press, had an explosive effect, especially when it was suggested that in the resulting peace that Mexico would be given back its lost territories of Arizona, New Mexico, and Texas.  While historians have argued, since the book’s publication in 1958, that the U.S. likely would have gone to war with Germany in any event for its unrestricted submarine warfare and the loss of American and civilian lives that resulted, the Zimmerman telegraph probably pushed President Wilson to break his 1916 pledge to keep out of the war and negotiate a peace among the parties.  It also resulted in a number of immigration and other discriminatory legislation being passed against both Mexican and Japanese immigrants.  Ms. Tuchman outlines the cryptographic details, German duplicity and arrogance, and the resulting ramifications in her signature lucid and honest prose.

Finally, in Stilwell and the American Experience in China Tuchman hints at the frustration and regrets of American shortcomings that would increasingly frame her later writing.  Through the eyes of General Joseph “Vinegar Joe” Stilwell, staff officer to the American Occupation Zone in Shanghai and America’s roving intelligence officer in China from 1934-1940, she traces the American fascination with and idealization of China as an emerging democracy shaking off the binds of colonialism.  Central to Stilwell’s activities are his support for Chiang Kai-shek as the inheritor of Sun Yat-sen’s dream of a Chinese republic.  In particular, his efforts focused on the China-Burma theater in establishing logistical operations to aid the Chinese army in resisting the Japanese invasion.  In the end, however, Stilwell was given the minimal amount of support, both logistical and political, and so could neither provide enough support to make Chiang’s army effort nor to force Chiang to change his corrupt ways.  In the end Stilwell’s mission is a failure and Tuchman expresses all of the disillusionment and disappointment that can be mustered when an opportunity is allowed to pass.  It would not be long before the new post-war American right wing would be looking for scapegoats for “losing China.”  Tuchman’s book, however, shows that it was never ours to win or lose.

Taken together, the common theme throughout Tuchman’s books is how individuals and nations delude themselves into believing a narrative that parts with reality.  As she would write in A Distant Mirror, “When the gap between ideal and real becomes too wide, the system breaks down.”