return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ InfoT Public ]

Hoax spam helps mask the many Battle Cruisers, Death Rays and intergalactic plagues that can get you


Chain letter hoax spam has dangers all their own as they radiate outward absorbing bandwidth without merit and distracting unwary recipients from good practice. Depending upon their content and construction, they are either noise or spurious signals (sprignals) masking genuine threats.

I received the fifth forwarding of just such a histrionic spam sent to me by a Mac user who had not done enough research to learn that the worm in the forwarded note was a Win32 payload targeting Microsoft PCs.

Replying to all in order to try to calm matters and prevent further forwarding I wrote:

Whoa now, lets not get carried away

I feel like Tommy Lee Jones as Agent K in Men in Black when his new partner, Will Smith's Agent J, is unhinging about an incipient alien threat to destroy the Earth in the next thirty minutes:

Agent K: We do not discharge our weapons in view of the public!

Agent J: We ain't got time for this cover-up bullshit! Have you forgotten? There's an alien battle cruiser--

Agent K: There's always an alien battle cruiser or a Korilian death ray or an intergalactic plague about to wipe out life on this planet. The only way people get on with their happy lives is they do... not... know about it!

The threat you are describing - which does not affect Macs - is one of the Warezov variants. They left that out of your scare memo.

Warezov is only one of a few hundred major worms and trojans now circulating, i.e., just one of the many Battle Cruisers, Death Rays and intergalactic plagues that can get you.

If you have robust AV tools, religiously keep them up to date, assiduously avoid opening almost any attachment, and don't go to the dark web where things lurk for which no detection signature has been created, you stand a reasonable chance on non-infection. Add to that, make frequent backups. That's all you get today. No guarantees.

Yes, Warezov is a nasty bit of work, but it has been in the wild for some time. Dwelling on Warezov draws attention away from newer, more interesting attacks like Mocmex which is capable of extremely nasty work but seems to be circulating now as proof of function for a much more potent future attack. Its initial distribution pattern is new however: digital photo frames. Once you return your jump drive back to the mother ship, you're infected, a nice midtech approach off the usual infection path. Mocmex is also a W32 product so Mac users are not affected. I worry more about items such as Disk Wizard (more here), another Win32 attack.

Spotting hoaxes on the fly

While human nature will doubtless continue to propagate hoaxes which share many characteristics with rumors, it is worth the effort to educate. My primary litmus tests for hoaxes is its "too good to be true, too perfect, too pat" property in which you are given both rationale and urgency to act. It is something that people want to be true, and when it is not, they embellish it before sending it on.

Another test is how many comments of that caliber appear in the same fervent message. (Repeated urgency is another test.) One among many sentences in this spam that failed the sniff test was:

Subsequently you will LOSE EVERYTHING IN YOUR PC, And the person who sent it to you will gain access to your name, e-mail and password.

Googling that phrase almost immediately led to an initial 2002 write-up by Symantec titled the Life is beautiful Hoax by George Koris describing a hoax about a supposed virus masquerading as a PowerPoint document. Koris' summary was "Please ignore any messages regarding this hoax and do not pass on messages. Passing on messages about the hoax only serves to further propagate it." And still it lives.

By 2006, the Mail Server Report email with a valid payload in a .zip file began circulating claiming that "a worm was detected in an email you sent. You are asked to use the attached file to install updates that will eliminate the virus it has supposedly detected." The attack payload was a Warezov variant.

By March 2008 a warning began circulating that erroneously linked the 'Mail Server Report' worm with elements of the 'Life is Beautiful' virus hoax and claimed that the resulting amalgam "HAS BEEN CONFIRMED BY SNOPES." The primary element that Snopes was confirming was the amalgamated texts, but that will suffice for the gullible.

The 'confirmation' bona fides in the forwarded item I received now carried two 'certifications,' one ostensibly from Snopes and the second from Truth or Fiction. (This is another hoax characteristic: paste-on embellishments.). One wishes forwarders along the line had done similar research.

Hoaxes are not harmless

I do not consider these hoaxes harmless. I surmise, but do not have proof at hand, that many of the credulous that forward this spam class, thinking that they are doing good, do greater harm by ignoring their update cycle (if they update at all) of their PC software, peripherals and second tier applications in addition to their operating system, mail system and web browser.

As a first step, Hoax-Slayer has this comment regarding hoaxes that I recommend to all:

Before forwarding a virus warning email, it is always a good idea to check that the information in the message is valid. Virus hoaxes are quite common, and like this one, they tend to circulate for years after they are first launched. In other cases, virus warnings that may have been originally true circulate long after the described virus has ceased to be a significant threat. Virus hoaxes and outdated warnings are no help to anybody. All they do is waste time, cause confusion and needlessly clutter inboxes. Such problems mean that forwarding warning emails may not be the best way to help battle viruses and other computer security threats.

The credulous that forward hoaxes or misplaced warnings consume reader mindset and network bandwidth. Worse, they reduce recipients' ability to pay attention to things that are serious, that will likely cause damage. They become part of the signals, sprignals and noise in the communications environment. From The value of counter-deception and early sprignal detection in political elections:

Roberta Wohlstetter pioneered intelligence warning systems by applying Claude Shannon's telecommunication concept of signals and noise and his design of information systems to send and receive signals amid noise. Wohlstetter's Pearl Harbor concluded that the problem was "too much noise" rather than a lack of data, i.e., it was analysis that failed: "We failed to anticipate Pearl Harbor not for want of the relevant materials, but because of a plethora of irrelevant ones."

Contributing causes were invalid assumptions, faulty appraisal and dissemination of intelligence, and inadequate security measures. Behind these was a lack of war-mindedness at this Pacific base halfway around the world from areas where momentous events were happening. Adm. Husband E. Kimmel, the Pacific Fleet commander, admits to it: "We did not know that in the Atlantic a state of undeclared war existed (Admiral Kimmel's Story, p. 2, New York 1955). The War and Navy departments also shared in responsibility for the disaster, not only by withholding intelligence but by assigning low priorities to critical equipment for ships and units in the Hawaiian area.

Pierre Wack drives home this need of awareness of one's greater surroundings in his discourse on scenarios, what he calls the "gentle art of reperceiving."

In times of rapid change, [companies] effectiveness and speed in identifying and transforming information of strategic significance into strategic initiatives differ just as much [as their skill in turning research into product]. Today, however, such a capacity is critical. Unless companies are careful, novel information outside the span of managerial expectations may not penetrate the core of decision makers' minds, where possible futures are rehearsed and judgment exercised.

As Roberta Wohlstetter points out, "To discriminate significant sounds against this background of noise, one has to be listening for something or for one of several things. One needs not only an ear but a variety of hypotheses that guide observation". Indeed, the Japanese commander of the Pearl Harbor attack, Mitsuo Fuchida, surprised at having achieved surprise, asked, "Had these Americans never heard of Port Arthur?" (the event preceding the Russo-Japanese War of 1904 -- and famous in Japan -- when the Japanese navy destroyed the Russian Pacific fleet at anchor in Port Arthur in a surprise attack).

Barton Whaley used the model in his analysis of Soviet attempts to predict an impending German attack, Operation BARBAROSSA. Whaley's first analysis cited 12 cases of strategic surprise to which William Harris believed that "the Russian warning intelligence challenge in 1941 was to differentiate genuine "signals" of impending invasion from "spurious signals" from deception planners (defensive military preparations and deployments, non-hostile intent, etc.) within the context of other information "noise."" As a "minimum of 8 or 9 of these 12 warning challenges involves deliberate "signals" designed to lull or defeat warning systems," Harris suggested that Whaley "utilize a tripartite model: signals, spurious signals (sprignals), and noise."*

Hoaxes can either be noise or sprignals. Neither is useful in addressing the payload signals.

Chinese hackers would like to introduce you to Disk Wizard and the Mechanical Dog
Published by Heike
The Dark Visitor
March 27, 2008

Virus from China the gift that keeps on giving
Deborah Gage
San Francisco Chronicle
February 15, 2008

Mail Server Report
Example: [Collected via e-mail, 2006]
by Barbara and David P. Mikkelson

Life is beautiful Hoax
Discovered: January 15, 2002
Writeup By: George Koris
Updated: February 13, 2007 11:59:14 AM

Men In Black Script - Dialogue Transcript
Transcript that was painstakingly transcribed using the screenplay and/or viewings of Men In Black

Men In Black
by Ed Solomon

Gordon Housworth

Cybersecurity Public  InfoT Public  Infrastructure Defense Public  Risk Containment and Pricing Public  


  discuss this article

Active and passive telemetry attacks against medical implantable devices


Attacking medical implantable devices, cardiac or otherwise, is long overdue for examination as this device class contains:

Wirelessly reprogrammable implantable medical devices (IMDs) such as pacemakers, implantable cardioverter defibrillators (ICDs), neurostimulators, and implantable drug pumps use embedded computers and radios to monitor chronic disorders and treat patients with automatic therapies.

If the device can be interrogated, adjusted or reprogrammed - as most can be, it can be actively attacked. If you are limited to passive scanning in which the device offers a serial number or patient information, you can know where its wearer is and possibly gain some insight to the stress and physical condition of the wearer; Is the target running, for example?

While the University of Washington computer researchers have not laid out a stepwise attack profile per se, they defined passive and active attacks recognizable to any signals intelligence (SIGINT) practitioner. Furthermore, the countermeasures they put forward are susceptible to spoofing techniques and  counter-countermeasures:

Since health care is a very sensitive and personal subject for many people, we explicitly choose to deviate from standard practice in the academic security research community and do not describe specific scenarios in which an attacker might compromise the privacy or health of a victim. We also do not discuss the potential impact on patients if an adversary were to carry out an attack in vivo. Rather, when discussing attacks we focus solely on the technical properties of those attacks. In addition, in each case where we identify a vulnerability, we propose a solution or technical direction to mitigate it...

Successful passive and active attacks

Notwithstanding the above, the researchers' successful attack vectors would be recognized by a physician:

Passive attacks:

  • Trigger ICD identification (disclosing ICD presence and details about the device)
  • Disclose cardiac data (by detecting ICD telemetry transmissions)

Active attacks:

  • Change patient name stored on the ICD (which a consulting physician might prescribe inappropriate treatment)
  • Reset the ICD clock (changing session timestamps, invoking new programming sessions)
  • Change therapies (the ICD’s responses to cardiac events)
  • Turn off therapies (ICD nonresponsive to threatening cardiac conditions)
  • Induce fibrillation (by invoking surgical implant test modes) even after shutting down all ICD automatic therapies
  • Denial of service attack (battery depletion by forced continuous wireless transmission)

The researchers achieved these results against Implantable Cardioverter Defibrillators (ICDs) with only three classes of adversaries:

An adversary with a commercial ICD programmer, i.e., an external device commercially produced and marketed for use with ICDs. At least for the programmers with which we have experimented, there are no technological mechanisms in place to ensure that programmers can be operated only by authorized personnel.

A passive adversary who eavesdrops on communications between the ICD and a commercial programmer. This adversary can record RF messages output by ICDs and programmers. This adversary might use standard or custombuilt equipment, including oscilloscopes, software radios, amplifiers, and directional antennas.

An active adversary who extends the passive adversary with the ability to generate arbitrary RF traffic, not necessarily conforming to the expected modulation schemes or FCC regulations. This attacker may interfere with legitimate transactions or create spurious ones by, e.g., spoofing a commercial programmer.

For the purposes of this research we assume that ICDs are honest and that they attempt to follow the protocols as specified; we do not experiment with adversarial actions that employ (possibly fake) ICDs to compromise or otherwise adversely affect the operation of commercial programmers.

The authors did not attempt to pursue "attack vectors against IMDs, such as insecure software updates or buffer overflow vulnerabilities," but given that virtually all hardware/software combination appears prone to such flaws, attacks against implantable devices should be possible. They note that use of cryptographic keys will have to balance security with the medical threat of an unavailable key hindering emergency treatment. Encryption mechanisms can also cause excessive power consumption as well as be prone to "spurious wake-ups or a cryptographic authentication process" that intentionally drains power.

The authors three zero-power defense postures strike this analyst as running out of ammunition during a firefight, e.g., if the target is already under attack harvesting induced RF energy to audibly alert the patient of a security event has little merit. As they approach the subject as investigators rather than as SIGINT analysts they do not address spoofing and counter-countermeasures. While proposing a key protocol, the authors then understandably steer around the thorny issue of key management for any encryption strategy.

Operational issues unaddressed

Effective attack range is an issue for the moment, but the same attack profiles used to capture RFID data in passports and credit/ID cards (waiting by the door or portal, walking through a crowd, etc.) are more immediately applicable. (Also here)

Attacking implant devices has the potential of a useful denial weapon to frighten away those who have such devices implanted. (One already sees signs that warn patients that potentially damaging RF signals are likely to be broadcast.) Without warning, it makes an interesting area attack weapon, especially in the vicinity of a hospital.

If an implant wearer is taken prisoner whereby your captors are close at hand with any technology they wish, he or she falls prey to an exquisite torture instrument that leaves no external physical effects.

Misleading, even dangerous press comments

It was startling to read a New York Times reporter out of his depth with this erroneous comment:

The report, to published at, makes clear that the hundreds of thousands of people in this country with implanted defibrillators or pacemakers to regulate their damaged hearts they include Vice President Dick Cheney have no need yet to fear hackers. The experiment required more than $30,000 worth of lab equipment and a sustained effort by a team of specialists from the University of Washington and the University of Massachusetts to interpret the data gathered from the implant’s signals. And the device the researchers tested, a combination defibrillator and pacemaker called the Maximo, was placed within two inches of the test gear.

I read the report and it says no such thing. To a reader with a military signals intelligence (SIGINT) background, the effort to determine phase modulation (differential binary phase shift keying (DBPSK)) and symbol rate (pulse repitition frequency (PRF)) was trivial. An "eavesdropper" (passive intercept unit) was built using the "Universal Software Radio Peripheral (USRP) in concert with the open source GNU Radio libraries." As the authors note, "Even without knowledge of the semantics of the packet format, these data are easily extractable":

The personal data transmitted in cleartext include the patient’s name, date of birth, medical ID number, and patient history. Equally easy to find are the name and phone number of the treating physician, the dates of ICD and lead implantation (which may differ), the model, and the serial number of the ICD and leads. This list is not exhaustive; we observed other items of personally identifying data being transmitted in cleartext. [And] for the fields we manipulated via reprogramming attempts, these fields are sent in the clear from the programmer to the ICD.

The IEEE paper is quite accessible despite its technical content. Reading through the neutral technical verbiage, I got the reverse impression from that carried in the Times. I felt that the researchers were surprised at the ease of their chosen attack vectors. Furthermore:

  • Equipment can be stolen (the researchers provide a shopping list to any researcher that tinkers with hardware).
  • The effort to analyze has been achieved with the report; others have only to cobble together a crude attack platform.
  • A high value target such as VPOTUS Cheney would be worth the effort.
  • Anti-terrorist efforts would tend to be looking for explosives instead of the tools for an RF attack.

The takeaway should be that this is a long overdue exploit vector which should be considered more seriously.

A Heart Device Is Found Vulnerable to Hacker Attacks
New York Times
March 12, 2008

Researchers find implantable cardiac defibrillators may expose patients to security and privacy risks; potential solutions suggested
University of Washington press release

March 11, 2008

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
Tadayoshi Kohno, Kevin Fu, William H. Maisel, Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, and Will Morgan
University of Washington and University of Massachusetts Amherst
Research paper reviewed and accepted for presentation at the 2008 IEEE Symposium on Security and Privacy
March 2008

RFID passports with improper shielding triggers bomb in simulation
Posted by George Ou @ 12:17 am
August 9th, 2006

Gordon Housworth

InfoT Public  Risk Containment and Pricing Public  Terrorism Public  


  discuss this article

Asymmetrical air force opportunities in interstate and intrastate conflict


This asymmetrical air force series rose from a recognition of the operational similarities between the Air Tigers of the Liberation Tigers of Tamil Eelam (LTTE) against the Sri Lankan government and the Biafra Babies of the secessionist Biafran Air Force against the Nigerian government, forty years earlier. Apart from the "convergent evolution" of their operational profiles, there were also important differences in sourcing aircraft, pilots, ordnance and maintenance, not to mention understanding the value of going offensive against a superior power in an audacious, headline-grabbing manner.

The exercise to optimize the best characteristics of these asymmetrical attackers while reducing the retaliatory effect of the superior power leads quickly to Unmanned Aerial Vehicles (UAVs) operating in place of, or along side, manned aircraft.

This first note describes the intrastate conflict environment of the LTTE/Sri Lankan Air Force (SLAF), still ongoing, and Biafran Air Force/Nigerian Air Force (BAF/NAF), 1967-1970. Such intrastate conflict environments create both a demand for asymmetrical air assets and offer certain operational advantages to an asymmetrical player.

This is not to say that an asymmetrical air force could not operate in certain parts of the US. It is quite conceivable for more than one group, say, in south Los Angeles to launch a UAV fleet, execute an attack and even recover aircraft before dispersing. Another case of when, not if. The curiosity is in the payload of that attack.

While I do not believe that al Qaeda has to be the first to launch a UAV assault on US soil, their critical patch focus on the cockpit is instructive to any asymmetric attacker. Writing in 2004:

Our analysis showed that from Mohammed Atta's arrival into the US, the goal was access and control of a flight deck, first with light twin-engine aircraft converted to 'crop dusters,' and only when that approached failed, did Atta and the group shift to commandeering flight decks of commercial aircraft. We have seen that argument extended to freight and cargo aircraft and we have since made the argument that flight deck control can be remote as in UAVs (Unmanned Aerial Vehicles) here and here.

This series should include:

  • Asymmetrical air force opportunities in interstate and intrastate conflict, part I
  • Asymmetrical air force symmetries: Biafra Babies and Air Tigers, part II
  • Asymmetrical air force intersection with Unmanned Aerial Vehicle (UAV) and drone warfare, part III

Author note on standalone value: This segment can stand alone as an overview of the political and economic drivers of ethnic strife, or intrastate communitarian strife. Works cited in the bibliography of this note capture the flowering of critical reevaluation occurring in the late 1990s and early 2000s as to the causes of what had previously been written off with a shrug as 'The natives are restless.' 'Restless natives' are an impossible answer if the analyst is attempting to predict actions on the ground as part of what is known as Indicators and Warning (I&W). These works offer context for constructing a valid event timeline for pattern analysis. This analyst still sees too many journalists operating without this underpinning a decade on. All items cited here are now publicly accessible or mirrored to make them accessible. (Some items remain behind subscription walls or limited distributions and are not mentioned here.)

Drivers and indicators for ethnic strife and civil war

The work of Thomas Szayna, Paul Collier, Anke Hoeffler, and Michael Ross were central to my understanding of the drivers shaping "intrastate communitarian strife" (or "ethnic strife") and civil wars. Their hands are at work is this note and I remain indebted to works such as (and more in the bibliography below):

The post-colonial nation-state

The very nature of state sovereignty in Africa and other post-colonial regions is increasingly at odds with the nation-state of North America and Europe. There is speculation that we are witnessing the end of the state project launched in Berlin with the Congress of 1884-1885, a system that owed its origin to disputes rising over the Congo River basin. It is as if Africa is returning to the 1880s, and the age of the chartered companies, marking out their enclaves in an otherwise disorderly environment.

It is a mistake to apply Western assumptions about the nature of state security in areas such as Africa because the concerns for state survival are subordinated to the personal security and well being of the incumbent leadership. Rulers create a "shadow state," a parallel political authority, where personal ties and controls replace failing institutions. Furthermore, the court system and legal apparatus are appropriated to serve these requirements. The state ceases to be the provider of physical or social security.

These shadow power networks, underpinned by political and economic privilege, are potent enough to frustrate interventions by the international financial and donor community designed to undermine this informal sector and strengthen the structures of the nation-state. This is the environment in which military activities and interventions of state, regional and private security forces must be considered.

Current diplomatic and security arrangements are state-centered and predicated upon states being the primary actors in international affairs. This is just not so in Africa, where regional alliances are formed between private actors or leaders who expropriate the framework of the state to their own ends and in their own private interest. In such environments, the United Nations (UN) and Western states find themselves on soft ground, having to deal with individuals both as the source of power and wealth, and as the origin of ambiguous signals in a rapidly changing environment.

Criminalization of the state by the ruling elite affects both the productive sectors of the economy and the sovereign functions of the state, e.g., maintenance of customs barriers, concession of territories or harbor enclaves to foreign entrepreneurs, internal security and national defense, and peacekeeping. "Informal and illicit trade, financial fraud, systematic evasion of rules and international agreements" become the norm by which many Africans states cope. The conflict zones of Africa are stages where rivals seek to control scarce resources and the manipulation of business links, licit and illicit, to the benefit of entrepreneurs. On the back of these resource wars, vast profits are made in the transportation of items from guns to food.

While the lapse of bipolar confrontation was thought to improve the chances of post-colonial states by reducing the political and military incentives for outside powers to intervene on the continent, the opposite is the case. These states can no longer rely on outside assistance to end local wars that are no threat to vital foreign interests. Outside powers have less influence on the conduct, termination and outcome of these local conflicts. Driven by their remoteness and insignificance from world centers, Africa's local rivalries and antagonisms are given freer rein.

Neither precolonial states nor colonial administrations felt the need to justify their existence in terms of meeting the needs of security and welfare of individuals or to have some concern for individual liberty. This heritage of inattention to the security and welfare of its citizenry has been passed on to almost all post-colonial states.

Characteristics of these states need to be understood as different and needing risk management, rather than being bad and requiring flight:

  • Economic sovereignty diluted by transnational economic and financial actors able to shift operations almost at will, answerable to no one nation's political masters.
  • Kinship and allegiance remaining rooted in the local communities without a parallel at the national level.
  • Challenge to the state by regional groupings, often seeking to evade or ignore the state's claims to authority.
  • Growing intrastate conflicts of seeming racial, religious or ethnic origin.
  • Ethnic and racial cleansing combined with religious extremism, intolerance or pure criminality.
  • Increasing numbers of civilians becoming involved in violence for no obvious political reason.
  • External non-state actors have stepped into the void left by the international community, either as proxies or independent agents, able by virtue of their wealth and expertise to influence events to their local and often short-term advantage. International firms operating in marginal areas are increasingly providing enough of the apparatus usually supplied by the state in order to carry out their businesses in relative safety. (Shell Oil in the Nigerian Delta is an example.) Concerns focus more on competition among their rivals and co-opting whatever parts of the state's political apparatus remain viable.

Changing security environment in postcolonial and developing world

Security and security management can no longer be seen only in military terms. Various other threats such as crime, poverty, resource scarcity and disease must also be included as virtually any socio-economic ill may spill over into conflict, especially in areas like Africa where social and democratic development have been stunted. This has significantly impacted the kinds of threat environments that face potential adversaries.

Using Africa as a model for underdeveloped regions, some key characteristics of the emerging threat environment are:

  1. Conflicts are increasingly intrastate in nature, i.e., one internal faction against another -- although potential for spillover remains high.
  2. Conflicts are becoming increasingly unconventional in nature, as they are fought more often in developing countries with limited conventional forces.
  3. Rules of engagement are increasingly vague and diffused, often being tailor-made to suit specific operational requirements.
  4. Warfighting patterns are becoming nonlinear as parties advantage themselves with the greater availability of sophisticated weaponry on the world's arms market irrespective of the opponent's capabilities.
  5. Early warning is becoming increasingly difficult to obtain, especially among less technologically developed opponents (due to the unconventional nature of doctrines involved in combat, and the non-traditional triggers which often initiate conflict).
  6. Increasing pressure is being exerted on developed countries to become more aggressively involved in peace support operations.

Intrastate wars are increasingly assuming gray area characteristics, finding their origins in areas such as conflicts over scarce resources, ethnic and religious conflict, transnational crime (with links to terrorism and insurgency), migration and illegal immigration, border disputes, famine and state collapse. The instability and fluidity of the situation makes for a very hostile environment. Such conflicts manifest themselves primarily under the banner of low intensity conflict (LIC).

This analyst sees the following characteristics carrying through the next decade and perhaps longer:

  1. Conflict on the continent will remain endemic, a fact of "everyday" life, as the nature of Africa's problems are too systemic to disappear overnight.
  2. While many of Africa's interstate conflicts have been minor in size due to the lack of forces and sophisticated equipment, the effect on the affected populations has been, and will remain, devastating.
  3. The potential for spillover may rise along with the increasing interdependency between states due to an improved communications infrastructure, travel opportunities and economic ties. It will be difficult to contain conflicts in a region where artificial borders cut across ethnic, religious and ideological unities.
  4. Local military force compositions will reflect an increasingly confusing and difficult-to-predict mixture of old and new equipment as each passing year makes the previous year's weaponry increasingly affordable on the second-hand market. It is around this fusion of modern and older equipment that doctrines and tactics will become increasingly more difficult to predict.
  5. Developed nations will continue to target the developing world, Africa included, as an arms market despite the latter's relative inability to pay for those arms.
  6. "Grey area" groups will increasingly tailor their tactics to suit specific operational and technological requirements.
  7. Conflicts are especially likely to occur in the Central African basin along with parts of West Africa and Southern Africa.
  8. Developed nations will play an increasingly higher role in peace support initiatives and so will have to prepare for contingencies in this area.

"Intrastate communitarian strife" - or "ethnic strife"

This risk analysis has drawn extensively on the implications of "ethnic strife," more properly called intrastate communitarian strife, on African states. Intrastate conflict has been by far the dominant form of strife in the world in the 1990s. Only seven of the 108 world's armed conflicts in the 1989 -- 1998 period were interstate wars. Most of the remaining intrastate conflicts had a communitarian aspect. Szayna noted that there "will be more Somalias, Rwandas, Haitis and Burundis in the future."

While most interstate wars end in a negotiated settlement, the majority of intrastate conflicts end with the extermination, expulsion, or complete surrender of one side. Civil wars with a communitarian or ethnic dimension are especially difficult to negotiate and the most likely to result in protracted strife, and closely mapping to the African experience, often go on for years and sometimes decades. Szayna and Tellis note that the reason is straightforward:

"To end intrastate strife the warring sides must lay down arms and respect an agreement usually in the absence of a legitimate government and under conditions in which the agreement is generally unenforceable. In conditions of communitarian strife, where issues of identity are intertwined in the conflict (since ethnic bonds are psychologically similar to kinship bonds and involve perceptions of identity), it is especially difficult for the two sides to go on coexisting in the same state. Put differently, there are only two main pathways for the regulation of ethnic conflict:

  1. Eliminating the differences (genocide, forced transfer of population, partition/secession, and integration/assimilation);
  2. Managing the differences (hegemonic control, arbitration by third party, federalization, and power-sharing)."

Because the trust that would allow for management of differences is absent once conflict starts, it is understandable that elimination of the differences becomes the preferred choice and that many ethnic and communitarian conflicts end up in prolonged and bloody strife, sometimes mixed in with attempts at genocide and complete elimination of the other side:

"Because of the unenforcibility of an internal agreement to end intrastate conflict, third-party intervention is usually required to guarantee the agreement and, even then, the intervening forces easily may become caught up in the continuing struggle between the belligerents. But without an intervention, the simmering intrastate strife may well spawn an international crisis, either in the form of a humanitarian disaster or because a neighboring state becomes drawn into the internal strife and, as a result, creates a regional conflict and the potential for an interstate war."

Communal differences by themselves do not provoke conflict. The most widely discussed explanations of ethnic conflict are incomplete and, at worst, simply wrong. Ethnic conflict in not "primitive, atavistic, and irrational." It is not directly caused by inter-group differences, "ancient hatreds" and centuries-old feuds, the stress of modern life, or ethnic passions "uncorked by the end of the Cold War."

Individuals are goal-oriented and adaptive, and will attempt to reach their goals by what they see as the easiest and least costly or most efficient means. (Rationality does not have to be a universally agreed-upon mindset.) Ethnic action requires mobilization and direction. The popular image of a disadvantaged group rebelling spontaneously against state tyranny is a "romantic image not borne out in reality." There are many examples of severe group deprivation and repression that do not lead to rebellion, because the group is not mobilized for political action. Without mobilization, ethnically centered perceptions of injustice may exist but do not have larger political significance.

"Ethnic strife" has three stages:

  • First, a pattern of exclusion or dominance in the three areas of political, social and economic control. If one group dominates any or all of the three areas and other ethnic groups are systematically excluded, then the possibility exists of their resorting to violence to gain access, even though conflict is not yet imminent.
  • Second, group mobilization, where mobilization is for the purpose of capturing power and not necessarily for redressing past injustices. Leaders become "identity entrepreneurs" that exploit the ethnic card to gain access to the specific arena from which they are excluded, and are as essential as the resources at the disposal of the group and their capacity for organization.
  • Third, the addition of the element of strategic bargaining in which each side uses the tools available to it to bargain for the political space. The state has the weapons of finance, accommodation, and the ability and willingness to use force. The mobilizing group has the weapons of leadership strength, popular support, and available resources.

While prevention is the preferred course of action so that long-term strife does not escalate to major regional problems, it is often not initiated in time even though the costs of dealing with an ongoing conflict and its reconstruction are uniformly far greater than the small costs in prevention. Even when the drift towards intrastate strife is clear, it may not be possible to assemble the resources required to head off the conflict. In the absence of a direct threat, it is difficult for international or multinational organizations to expend substantial resources to deflect what might be a "phantom threat." Responses are therefore too often reactive and late.

Conflict diamonds - or "blood diamonds," market forces and civil war

Collier and Hoeffler found that conflicts occur when rebels respond rationally to market opportunities, much as entrepreneurs and investors do. Civil wars that are so often blamed on chaotic, irrational ethnic, religious and communal feuds now have a unifying thread:

"Rebels need to meet a payroll without actually producing anything, so they need to prey on an economic activity that won't collapse under the weight of the predation... Natural resources is a good one. The same characteristics that make a commodity readily taxable -- that it's rooted to a spot, it can't move -- makes it readily lootable, too."

Three economic factors were found to shape civil wars:

  • Countries dependent on the export of primary, or unprocessed, commodities such as minerals or coffee are more prone to civil wars. A country where such exports account for 28 percent of GDP has four times the risk of civil war as a country with no such exports.
  • Countries that are divided between just a few ethnic groups are much more likely to have civil wars than ethically diverse countries because the economic costs of pushing a highly diverse nation into conflict are so much greater.
  • Once a civil war has ended the chance that war will resume "goes up by a factor of six if there is a large and relatively wealthy population of natives living outside the country." This Diaspora has the money to fund rebel actions, World Bank says, "so the rebels sustain themselves by selling vengeance to diasporas during the 'lean' years of peace," when looting of resources isn't possible.

The new economics of civil wars starts with the premise that conflicts within countries begin if the incentive for a rebellion outweighs the costs of mounting one, i.e., that the "opportunity cost" outweighs other more familiar factors such as the intensity of ethnic differences or support for differing political ideologies. The World Bank authors say that it is "greed and not grievance that lies at the root of many violent conflicts within nations."

"Blood diamonds" becomes a special case of this resource-based means of civil war. To the degree that any primary extraction process can be sequestered by a powerful minority, the opportunity for conflict, extortion, and interruption rises. Coupling this concept with the fact that most wars today occur within nations rather than between them, the risk analysis of investing firms should be reevaluated.

Endnote: Readers now have an underpinning of conditions that lead to sustained asymmetrical responses. These same conditions permit the gathering, smuggling and hiding of operational assets, and the subsequent deployment of those assets against the established power. The characteristics that led two of those engagements taking to the air will be examined. As the cost of aerial responses plummet, more asymmetrical players will deploy air forces in various forms.

Part II: Asymmetrical air force symmetries: Biafra Babies and Air Tigers, part II

Global Pattern Formation and Ethnic/Cultural Violence
May Lim, Richard Metzler, Yaneer Bar-Yam
Vol 317, no. 5844, pp. 1540-1544
14 September, 2007

Supporting Online Material for: Global Pattern Formation and Ethnic/Cultural Violence
May Lim, Richard Metzler, Yaneer Bar-Yam
Supplement contains:

  • Methods
  • Reports of Ethnic Violence in the Former Yugoslavia and India
  • References
  • Bibliography on Ethnic and Cultural Conflict

Neo-Classical Counterinsurgency?
Frank G. Hoffman
Summer 2007, pp. 71-87

Sri Lanka: Rebels with an air force
Commentary by Animesh Roul
ISN Security Watch

Expecting The Unexpected
Terror Tactics Take A New Turn
Aviation Today/Air Safety Week
Monday, April 2, 2007

Air Tigers' Maiden Attack
Motives and Implications
N Manoharan
Senior Fellow, IPCS
Institute of Peace and Conflict Studies
NO 45
APRIL 2007

Ethnic polarization and the duration of civil wars
Jose G. Montalvo, Marta Reynal-Querol
Policy, Research working paper WPS 4192
Post-Conflict Transitions working paper No. 6
World Bank Development Research Group
April 1, 2007

Subversion and Insurgency
William Rosenau
ISBN 978-0-8330-4123-4
Prepared for the Office of the Secretary of Defense

by B.Raman
May 11, 2006

On ''Other War''
Lessons from Five Decades of RAND Counterinsurgency Research
By: Austin Long
RAND Counterinsurgency
ISBN 978-0-8330-3926-2

Terrorism and Civil Aviation Security: Problems and Trends
Jangir Arasly
Spring 2005

Primary Commodities Exports and Civil War
James D. Fearon
Department of Political Science, Stanford University
Forthcoming in Journal of Conflict Resolution
October 25, 2004

Primary Commodity Exports and Civil War
James D. Fearon
Journal of Conflict Resolution, Vol. 49, No. 4, 483-507 (2005)
DOI: 10.1177/0022002705277544

Evidence and Analysis: The Role of Natural Resources in Fuelling and Funding Conflict in Africa
Hester Le Roux
London, September 2004

Measuring the Economic Costs of Internal Armed Conflict - A Review of Empirical Estimates
Göran Lindgren
Department of Peace and Conflict Research, Uppsala University, Sweden
Paper for the conference Making Peace Work in Helsinki 4-5 June arranged by The United Nations University -
World Institute for Development Economics Research (WIDER)
June 2004

Greed and grievance in civil war
Paul Collier and Anke Hoeffler
Oxford Economic Papers Advance Access originally published online on August 20, 2004
Oxford Economic Papers 2004 56(4):563-595; doi:10.1093/oep/gpf064
Oxford University Press


Breaking the conflict trap: civil war and development policy, Volume 1
Collier, Paul; Elliott, V. L.; Hegre, Havard; Hoeffler, Anke; Reynal-Querol, Marta; Sambanis, Nicholas
World Bank policy research report 26121
June 31, 2003

GO HERE for individual segments

Natural Resources and Civil War: An Overview with Some Policy Options
Prof. Michael Ross
UCLA Department of Political Science
December 13, 2002
Draft report prepared for conference on "The Governance of Natural Resources Revenues," sponsored by the World Bank and the Agence Francaise de Developpement, Paris, December 9-10, 2002.

On the Incidence of Civil War in Africa
Paul Collier and Anke Hoeffler
Journal of Conflict Resolution, Vol. 46, No. 1, pp. 13-28
DOI: 10.1177/0022002702046001002

The New Partnership for Africa's Development: last chance for Africa?
Richard Cornwell
African Security Analysis Programme
Institute for Security Studies, Pretoria
Journal of Development Studies
Vol 32 No 1 ISSN 0304-615X

Implications of ethnic diversity
Paul Collier
The World Bank
Working Paper 28127
December 17, 2001
Originally (?): Economic Policy, Vol 16, Issue 32, April, 2001, pp: 127-166

On the Duration of Civil War
Paul Collier, Anke Hoeffler and Mans Soderbom
World Bank Development Research Group
September 30, 2001

The GIobal Reach of Tamil Militancy: Sri Lanka's Security Predicament
P. K. Rao
Strategic Affairs
No. 0025/ Issue: August 1, 2001

Conflict Diamonds
Louis Goreux
Consultant, Africa Region, The World Bank
Africa Region Working Paper Series No. 13
World Bank
March 2001

Identifying Potential Ethnic Conflict: Application of a Process Model
By: Thomas S. Szayna
ISBN/EAN: 0-8330-2842-1

World Bank Blames Diamonds and Drugs for Many Wars
New York Times
Published: June 16, 2000

Paul Collier, Director, Development Research Group
World Bank
June 15, 2000

Market Forces Add Ammunition to Civil Wars --- Research Suggests Rebels Have 'Greed' as Motive; Primary Exports Count
By G. Pascal Zachary
Wall Street Journal (Eastern edition)
Jun 12, 2000. pg. A.21

Greed and grievance in civil war, Volume 1
Paul Collier, Anke Hoeffler
Policy, Research working paper WPS 2355
World Bank Development Research Group
May 31, 2000

Greed & Grievance: Economic Agendas in Civil Wars
By Mats R. Berdal, David Malone
International Peace Academy
ISBN 1555878687
Cited page

Department of Economic and Social Affairs
Division for Public Economics and Public Administration
United Nations

On the Economic Consequences of Civil War
Paul Collier
Oxford Economic Papers Vol 51, No 1, pp. 168-183
Oxford Universty Press
January 1999


The Changing Nature of Warfare: Implications for Africa
Ian van Vuuren
Deputy Director, Strategic Management Systems
Defence Secretariat, South Africa
Published in African Security Review Vol 7, No. 1, 1998

Anticipating Ethnic Conflict
By: Ashley J. Tellis, Thomas S. Szayna, James A. Winnefeld
ISBN/EAN: 0-8330-2495-7

Gordon Housworth

InfoT Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Semi-autonomous "killer robots" are already within reach of asymmetrical attackers


As part of my work revolves about inverting toys, technical gadgets, and industrial "found objects" into asymmetrical weapons, I was attracted to Noel Sharkey's presentation at RUSI's The Ethics of Autonomous Military Systems as well as his earlier efforts in venues such as Robot Wars and Techno Games. I have come to see Sharkey inhabiting the intersection of engineering, the application of engineering and ethics of application:

Most robots currently in combat are extensions of human fighters who control the application of lethal force. When a semi-autonomous MQ-1 Predator self-navigated above a car full of al-Qaida suspects in 2002, the decision to vaporise them with Hellfire missiles was made by pilots 7,000 miles away. Predators and the more deadly Reaper robot attack planes have flown many missions since then with inevitable civilian deaths, yet working with remote-controlled or semi-autonomous machines carries only the same ethical responsibilities as a traditional air strike.

But fully autonomous robots that make their own decisions about lethality are high on the US military agenda. The US National Research Council advises "aggressively exploiting the considerable warfighting benefits offered by autonomous vehicles". They are cheap to manufacture, require less personnel and, according to the navy, perform better in complex missions. One battlefield soldier could start a large-scale robot attack in the air and on the ground.

One should never underestimate the lift of a headline grabbing title; A brief Reuters item called, Killer robots pose latest militant threat, have recently ricocheted Sharkey's concerns around the web:

[Sharkey] believed falling costs would soon make robots a realistic option for extremist groups. Several countries and companies are developing the technology for robot weapons, with the U.S. Department of Defense leading the way...

"How long is it going to be before the terrorists get in on the act? With the current prices of robot construction falling dramatically and the availability of ready-made components for the amateur market, it wouldn't require a lot of skill to make autonomous robot weapons." Sharkey said a small GPS-guided drone with autopilot could be made for about 250 pounds ($490).

Writing to Sharkey:

I support your contention and submit that it will happen sooner that the high street press assumes and, if previous al Qaeda operational practices are any guide, robots will come in swarms to both confuse and overwhelm defenders and maximize target damage. [email]

I cited a trio of short weblog items I wrote in April 2004 in pursuit of Commercial-Off-The-Shelf (COTS) fleet of attack and surveillance UAVs (Unmanned Aerial Vehicles):

Price, performance and accessibility have only accelerated since. Subsequent to my articles, the Israeli IDF was astonished when Hezbollah launched a reconnaissance UAV over Israeli territory, recovering it without incident. Despite Israeli drone and UAV flights over Lebanon, Israel had not been paying attention to asymmetrical UAV development - publicly stated in many cases to rise from commercial radio-controlled (R/C) model aircraft versions. They should not have been surprised; Hezbollah is a resourceful adversary.

Constructing, in some instances assembling, a semi-autonomous "killer robot" is all too easy. Remember this effort to construct a COTS fleet of attack and surveillance UAVs was early 2004:

I am not an R/C pilot so I could start clean as would any other reasonably technically inclined individual. My ground rules were:

  • Could pay cash for everything
  • Could buy everything in-country and so not have to bring items across a border
  • Could buy all items in a population-dense environment not immediately likely to be surveilled
  • Could obtain PC-based simulators in order to covertly learn how to pilot either fixed wing or rotary wing aircraft, i.e., before I tried to fly a physical device
  • All essential components were either genuinely plug and play or already available in kitted form
  • Could obtain functional schematics and instructions for all installs/add-ons
  • Ability to install GPS autopilots with ground pilot override
  • Ability to install real-time video cameras and their RF links
  • Ability to install digital camera triggering
  • Ability to carry payloads (and either release, spray, or otherwise distribute the payload)
  • Option for stealth/noise abatement
  • Ability to do it at modest cost in comparison to anything a military unit would field and, labor costs aside, be within al Qaeda's frugal pocket book

I found that as early as 2004, "it is feasible for a diligent and reasonably agile individual or small group to create a COTS hunter-killer and surveillance R/C model fleet, a poor man's Predator":

Ability to assemble an R/C craft that could launch conventionally, switch over to GPS autopilot, fly a course either to a target or a race track round trip and allow it to again be taken over by another user for terminal homing or landing... Many PC simulators [are available] for a variety of fixed wing and rotary wing R/C models.

Nose video cameras that could superimpose imagery over a heads-up cockpit display based on telemetry sent back from the bird. If the ground pilot was properly trained, it was possible to fly something onto the target just like the big boys...

Smoke systems intended for demonstration flying are intriguing as a dispersal mechanism for other agents. Certain smoke pumps use one TX-RX channel to toggle on/off...

If the intent is to surveil or deliver/spray a payload, then an R/C aircraft can be launched, perform its mission, and subsequently be recovered -- if for no other reason than to forestall discovery of the means of an attack or that an attack had occurred. The cost of the systems is low enough and simple enough that it could be produced in a quantity that would satisfy the redundancy needs of groups like al Qaeda.

These small UAVs can have enormous consequences beyond delivery of conventional explosives. Our research into the feasibility of producing asymmetrical small volume, "off scope" organophosphates (nerve agents), i.e., agent production using easily purchased materials and not the more rarified "Australia Group" components, showed that production was not limited to sovereign state actors. See:

Some of our findings: If you are going to make and use an organophosphate product in less than a year, standard stainless steel components will suffice before corrosion degrades the system, inadvertently venting product. Toxic byproducts of production can be exhausted directly into a sealed running water stream, sending it off for the sewer system to absorb. Use of microreactors and microfactory components vastly lower production risks while improving weaponization and delivery.

An article is forthcoming on criteria for an asymmetrical air force that would be within the means of a number of entities, criminal and terrorist.

'Robot arms race' underway, expert warns
Tom Simonite news service
12:10 27 February 2008

The Ethics of Autonomous Military Systems
Royal United Services Institute for Defence and Security Studies
27 February, 2008

Killer robots pose latest militant threat-expert
Tue Feb 26, 2008 7:00pm EST

Robot wars are a reality
Armies want to give the power of life and death to machines without reason or conscience
Noel Sharkey
The Guardian
August 18, 2007

Hezbollah sends drone over Israel
AFP/ABC (Australian Broadcasting Corporation)
Last Update: Monday, November 8, 2004. 9:50pm (AEDT)

Gordon Housworth

InfoT Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  Weapons & Technology Public  


  discuss this article

Supply chain blowback of cocaine production hopping the Andes to Argentina and Uruguay


In attempting to study the unintended blowback of forcing cocaine production to move from Andean states to Argentina and Uruguay, it is not new news that:

  1. Cocaine production shifted to Argentina and Uruguay because of an ill-thought-out restriction of precursor chemicals entering Bolivia which drove starved cocaine production east where the precursors were cheap and easily available - and actually improved shipping costs to Europe.
  2. Byproducts of cocaine production had long ago ravaged the poor of Bolivia who could not afford the higher order product, cocaine.
  3. The byproducts of this migrated production has been ravaging the poor of Argentina and Uruguay for five years.

The news value of this note is occasioned more by the intersection of the:

  1. Vacuum of coverage these events had heretofore merited in our high street press (especially the US press).
  2. Sudden surge of coverage by mirroring a single article in the New York Times on Paco (PAsta de COcaina), the paste base cocaine (PBC) at the low end of the addict hierarchy.
  3. Continued failure to monitor those whom I have come to call the committed collectors who have long been covering the shift in production and the effects of Paco for any who cared to look.

Barrionuevo's piece in the 23 February Times ricocheted around the web, carried by the phrase "Devouring Lives," offering readers their introduction to Paco and now aging changes wrought in the cocaine supply chain. (A quick search of the Times indicates that Barrionuevo had not previously written on issues of the drug trade under its masthead.):

[Mothers of addicted youths] have become the only bulwark [against] the irrepressible spread of paco, a highly addictive, smokable cocaine residue that has destroyed thousands of lives in Argentina and caused a cycle of drug-induced street violence never seen before in this country.

The scourge underscores a significant shift in both Argentina and its larger neighbor, Brazil, which in just a few years have become sizable cocaine consumers. Brazil now ranks as the second largest consumer of cocaine in the world after the United States, the State Department says.

The surge in drug use [in the Southern Cone has seen the region] become the dumping ground for cheaper, lower-quality cocaine. In the five years since residents first began noticing the crude yellowish crystals being smoked [in the Buenos Aires neighborhood of Ciudad Oculta], paco has become the dominant drug that dealers are peddling.

Al Jazeera's Teresa Bo had beaten the Times two weeks earlier with a video of paco consumption while the BBC had covered the topic in August 2007, noting that paco consumption rates were rising at an estimated at 200% to 500% per annum. Inter Press Service (IPS) had done a good piece much earlier, in September 2006, but the best coverage was largely "off scope."

In Value from the fringe: "committed" collectors and investigators, I spoke of the value of a good time sequence, a properly described set of events as a means of pattern detection:

As a good sequence requires significant research to make it viable, or for that matter any effort or cause not tracked by the shifting "lens of the news" of the major trade and popular press, I have learned to look to the "committed," i.e., those who have a passion to search out and document what would be obscure or tedious work for the rest of us.

Based in Amsterdam, the Transnational Institute (TNI) is one of those committed collectors, "an international network of activist-scholars committed to critical analyses of the global problems of today and tomorrow" in alternative development approaches (read at odds with the IMF/World Bank), drugs, environment, water and militarism.

TNI had two excellent pieces. The first, Paco Under Scrutiny: The cocaine base paste market in Argentina, Uruguay and Brazil, drew upon three works:

The second was Coca yes, cocaine, no?, also in 2006. An earlier Corruption, Drug Trafficking and the Armed Forces, speaks to the infrastructure corruption that plagues so much of the Americas. (Their Losing Ground: Drug Control and War in Afghanistan will not make US readers any happier with our performance in Afghanistan.)

Paco Under Scrutiny (2006) taught that the definition of 'base paste' or paco had changed over a decade:

The first refers to the substance that results from mixing and heating cocaine hydrochloride with sodium bicarbonate, which is then smoked. In other countries, this mixture is called 'crack', and its use is widespread.

The second refers to the paste extracted from the maceration of coca leaves, which only through subsequent processing with chemical substances can be converted into cocaine hydrochloride; this is also known as 'base cocaine', and it can be smoked, but not injected or inhaled, as it is not soluble.

Finally, PBC is defined as the residue from the manufacturing of cocaine hydrochloride. This final stage of processing may leave a residue that is sold as paco. [Interviews] mentioned a change that may have occurred in recent years. [About] 10 years ago cocaine hydrochloride mixed with bicarbonate - crack - was consumed, but now almost everyone says that PBC is the residue from the preparation of cocaine hydrochloride, or paco...

Even with this agreement "about the harm done by the substance and its inferior quality in comparison to cocaine hydrochloride," there are variants of PBC:

First, there is [the] cocaine base paste (PBC), also known as cocaine sulphate [that] is the first consumable extract or by-product of the process of manufacturing and refining cocaine hydrochloride. PBC is therefore a substance produced in a primary phase of extraction and refining of coca leaves, a process that eventually ends with the production of cocaine hydrochloride.

Dry PBC - known in Colombia as bazuco, in Bolivia as pitillo, in Peru as kete, in Ecuador as baserolo, and in Chile as mono - contains 50 to 85 percent cocaine sulphate, along with other alkaloids and methanol, benzoic acid and kerosene. PBC is smoked by mixing it with tobacco. Consumption of [this] PBC appeared in Colombia and Peru in the 1970s, later spreading to Bolivia, Ecuador and Chile.

Second, washed 'base paste' or 'cocaine base' is the result of the next step in the cocaine refining process, with the addition of potassium permanganate and acid, which cleanses the base paste of kerosene and other impurities... [Third, a still more inferior product is the residue of the washed 'base paste' which can be smoked as paco.]

TNI readers learned the cause and effect between a transforming cocaine trafficking in Argentina, Uruguay and southern Brazil and the startling increase in paco consumption:

"PBC doesn't arrive because of poverty ... it comes because there are laboratories, because there wouldn't be base paste if there weren't laboratories. So what actually arrived was the laboratory. Once the laboratory arrived, it found a market for the residue from the processing. ... In other words, if there weren't laboratories here, there wouldn't be paco. ... The laboratory doesn't come to sell paco; it comes to refine cocaine."

[There] appears to have been a geographic rearrangement of the cultivation-production-export circuit, which may have had a decisive impact on the presence of PBC in the [Southern Cone]. If cocaine is being produced in Argentina or Uruguay, it is possible that there is much more PBC, and in any case much more of the residue from its preparation, which is what some interviewees - both users and experts - identify as paco (in Argentina). Paco may be a smaller business than the large-scale cocaine trade, and in Argentina its sale usually occurs near areas where laboratories are located...

TNI readers learned the changes occurring in the cocaine supply chain from Andean states to the Plata:

PBC use began in coca-producing countries like Colombia, Peru and Bolivia more than two decades before it appeared in Argentina and Uruguay. The appearance of PBC in these two countries is apparently linked to a general transformation in the production, trade and trafficking of cocaine hydrochloride.

While cocaine hydrochloride, mainly from Bolivia, used to enter Argentina across the northwestern border to reach the Atlantic seaports, where it was shipped out, what now comes across the border is cocaine base, which is then processed into cocaine hydrochloride in clandestine laboratories in Argentina. The availability and lower price of chemical precursors necessary for producing cocaine hydrochloride in Argentina are favourable to this option. This could explain both why the number of cocaine laboratories found in Argentina has increased in the past three years, and how this has helped turn Argentina from a cocaine transit country to a place where the last stage of manufacturing occurs...

In Argentina in recent years, there have been raids on dozens of laboratories where [sniffed or injected] cocaine hydrochloride was apparently manufactured. Argentina and Brazil have a chemical industry capable of producing the inputs necessary for manufacturing drugs. During the first half of 2006 alone, Argentine authorities seized as much cocaine as they had confiscated in the entire previous year. For agencies responsible for controlling the problem, this is an indication that the trafficking organisations' modus operandi is no longer exclusive to the Andean and Amazon region, where manufacturing of the final product traditionally was done...

The important changes that have taken place in Latin America in the manufacturing of cocaine hydrochloride may be related to the implementation of the 1988 U.N. convention on control of chemical precursors. Control of precursors in cocaine-producing countries may have spurred a shift of this final phase of production to countries such as Argentina and, later, Uruguay, which offer better conditions for chemical processing and export by air and sea.

PBC thus appeared in Argentina and Uruguay, and a base paste consumer market emerged. PBC mainly enters Uruguay by land from Argentina and, to a lesser extent, Brazil. According to data from some informants in Uruguay, the most plausible route is probably the following: the PBC leaves Bolivia, is processed and divided up in northern Argentina or provinces near Buenos Aires, and from Buenos Aires the packets are distributed to Uruguay. The paste is transported from Argentina to Uruguay by 'mules' [transporting] batches of 60 to 100 capsules in the stomach (ingested) or 300 attached to their bodies... Subsequent police operations, however, have found large laboratories, leading to the assumption that there is parallel transportation of larger quantities of PBC for processing.

Paco Under Scrutiny and its kin have much more to offer. Recommended.

The admonition of this note is to pay attention to the committed collectors in your region of interest as they will very likely yield a Reuters-like continuum of contextual and actionable information that will measurably lead the high street press reporting.

Cheap Cocaine Floods Argentina, Devouring Lives
New York Times
February 23, 2008

HIV and AIDS in Latin America
by Graham Pembrey
Last updated February 18, 2008

Argentina's new drug epidemic - 13 Feb 08
Argentina's Deadly Drug
Teresa Bo
AlJazeera English
Added YouTube: February 13, 2008

Drugs scourge takes hold in Argentina
By Daniel Schweimler
BBC News, Buenos Aires
Last Updated: Wednesday, 29 August 2007, 11:20 GMT 12:20 UK

Losing Ground: Drug Control and War in Afghanistan
By Martin Jelsma, Tom Kramer, Cristian Rivier
Drugs & Conflict Debate Papers Nr. 15
Transnational Institute
ISBN ISSN 1871-3408
December 2006

Argentine Slums Mired in New Drug Problem
Kelly Hearn
The World & I Online
November 2006

'Paco' Under Scrutiny
The cocaine base paste market in the Southern Cone
BY Equipo Intercambios, Giorgina Garibotto et al., Tom Blickman
Drugs & Conflict Debate Papers Nr. 14
Transnational Institute
ISBN ISSN 1871-3408
October 2006

PDF: Paco Under Scrutiny: The cocaine base paste market in Argentina, Uruguay and Brazil

'Pasta Base' Destructive but Not Invincible
Marcela Valente
Inter Press Service
12 September 2006

Coca yes, cocaine, no?
Legal options for the coca leaf
BY Pien Metaal, Martin Jelsma, Mario Argandoña, Ricardo Soberón, Anthony Henman, Ximena Echeverría
TRANSLATION BY Amira Armenta, Barbara Fraser
Drugs & Conflict Debate Papers Nr. 13
Transnational Institute
ISBN ISSN 1871-3408
20 pp.
May 2006

Sunday Mirror
Mar 19, 2006

Argentina uncovers drug runways
By Daniel Schweimler
BBC News
Last Updated: Sunday, 19 February 2006, 23:26 GMT

Corruption, Drug Trafficking and the Armed Forces
An Approximation for Latin America
Ricardo Soberón Garrido
Crime in Uniform: Corruption and Impunity in Latin America
TNI/Acción Andina/Cedib, December 1997

Gordon Housworth

InfoT Public  Risk Containment and Pricing Public  Strategic Risk Public  


  discuss this article

Mexican drug cartels make the leap from guns to IEDs: Expect risks in Mexico to rise


Expect unpleasant bits of Colombia and Iraq to appear in Mexico

A milestone in the weaponry used in the Mexican drug wars has passed largely unnoticed over the weekend. After some 2500 dead in the past year, primarily due to gunshot trauma, the cartels deployed the first known Improvised Explosive Device (IED) - and deployed it in the capital, Mexico City, adjacent to a major tourist area. The only curiosity was why it took so long. The fact that the IED detonated prematurely, killing the perpetrator instead of the intended victim, will be forgotten as better explosives - likely military explosives that will join the rising number of automatic weapons flowing into Mexico - are deployed by the cartels against the government and one another.

We forecast asset risk in Mexico to rise accordingly. The unwelcome trends noted in my September 2007 piece, Trends point towards Mexico's destabilization, continue. One must now expect personnel attacks, even if collateral damage, in addition to supply chain interruption.

Among the drumbeat of Mexican "narco-terrorism" killings, here the torture, mutilation, murder and public dumping of six informants, the names of which are supposedly kept secret, and the transient, sensational headlines of threats of Hezbollah's Hassan Nasrallah against Israel for the assumed killing of Imad Mughniyeh in Damascus, the threat by al Qaida in Iraq (AQI) to commence attacks elsewhere in the Middle East, the continuing ethnic strife in Kenya, Chinese efforts to damp down espionage charges and refute Beijing's facilitation of Sudanese attacks in Darfur, and the run-up to elections in Pakistan, there appeared a brief AFP piece on Friday, Feb 15, 6:15 PM ET:

At least one person died and two others were injured after a bomb exploded in Mexico City's central tourist area [Zona Rosa]... "It sounded like back-to-back explosions ... one person is dead, a man, and we have a woman in critical condition with burns all over her body"... No group has come forward claiming responsibility for the blasts [which] occurred at 2:30 pm (2030 GMT)... "It was a home-made explosive device probably activated by cell-phone and probably made with gunpowder, judging from the smell"... police were investigating whether the deceased was the trigger man in the attack or simply a passerby who picked up a red bag where the device was stashed... "We noticed the dead man lost a hand and this surely happened the instant he handled the device"... Apart from rebel groups, Mexican media also speculated that Friday's attacks could be attributed to the country's powerful drug trafficking cartels.

The Houston Chronicle Mexico City Bureau shortly added:

Though rare, political bombings are not unknown in Mexico. Several leftist guerrilla groups have set off homemade bombs in Mexico City in recent years. But the groups usually issue warnings or time the blasts for early morning hours to avoid innocent casualties... City and federal police have recently arrested suspected drug cartel hitmen and confiscated large amounts of weapons in raids in several Mexico City neighborhoods. But police Friday said there was no apparent link between those arrests and the bomb.

Reuters added more detail a few hours later as the BBC carried the link to police headquarters, the intended means of triggering, and pointed directly at the cartels:

The device was set off near the city's police headquarters... Investigators believe the bomb was activated remotely by a mobile phone... Mexico's government has been locked in a violent battle with drug gangs since last month. Police have announced the arrest of several alleged members of the powerful Sinaloa drug cartel and seized substantial amounts of weapons.

By Saturday, Reuters was flagging the Sinaloa Cartel:

Mexico's increasingly brazen drug cartels may have been behind a bomb blast in the center of the capital in what would be a major escalation of a war with President Felipe Calderon's government.

Friday's explosion points more toward a bungled attack by drug gangs that killed over 2,500 people last year in a turf war. The homemade bomb, attached to a cell phone for activation, went off prematurely near Mexico City's security ministry, killing a man who was believed to have been handling it.

Initial suspicions fell on drug gangs like the Sinaloa Cartel headed by Mexico's most-wanted man, Joaquin "Shorty" Guzman, which has suffered most in recent weeks from an army-backed drive against drug violence by Calderon.

Security forces arrested one of the Sinaloa Cartel's main money launders last month and the gang has lost weapons and cash in police seizures in Mexico City in recent days.

On Monday, Reuters noted that the bomber, Juan Manuel Meza Campos (deceased), and his accomplice/lookout, Tania Vázquez Muñoz (badly burned), were targeting an unnamed "director of the public security ministry." Reuters identified the tactical shift in targeting without flagging its significance:

Drug gang hit men regularly murder police chiefs and judges, and three heavily armed men arrested in January were planning to kill the country's deputy attorney general. However gangs have not been known to use bombs so far.

By Thursday, Meza's nickname, El Pipén, and his "links to drug dealers in a high-crime neighborhood called Tepito" were known as was his intent to place the IED into a police commander's car in a nearby parking lot.

Acetone peroxide, or Triacetone Triperoxide (TATP), comes to the Americas

Of great interest to this analyst was the apparent identification of the explosive used in the device: Acetone Peroxide, often known as Triacetone Triperoxide, or TATP, the explosive of choice of the London bombings and many Palestinian suicide bomber attacks.

Owing to the fact that the precursors are readily available, Acetone Peroxide is commonly used by amateur bomb makers, is often used for detonators, [and] is a favored explosive for terrorist attacks, particularly in the Middle East...

Of [the] group of peroxide-based explosives, including triacetone triperoxide (TATP), diacetone diperoxide (DADP), and hexamethylene triperoxide diamine (HMTD) and their analogues... TATP is one of the most sensitive explosives known, a property that allows its employment as both primary explosive and main charge. With power close to that of TNT [it] may be employed for explosive devices. [TATP's shock wave velocity is approximately 5000 m/s.] However, due to its low chemical stability and its sensitivity to mechanical stress and open flame, as well as its high volatility [has] not been extensively used. Unlike most conventional explosive devices, those made of [TATP] contain neither nitro groups nor metallic elements, making its detection by standard methods quite difficult.

Not used in areas such as Iraq where military explosives are plentiful, TATP, while exceedingly sensitive and prone to cook off, offers the ability to combine three commonly available precursors, drain cleaner, hydrogen peroxide and acetone, to produce an explosive with three-quarters of the detonation rate of TNT and about half that of C-4 plastic explosive.

The cartels now refine certain cocaine products in Mexico as well as produce superior grades of methamphetamine. They can certainly perfect the production of TATP. Expect to see a family of IEDs employing homemade, commercial and military explosives emerge in Mexico.

Deadly Bomb in Mexico Was Meant for the Police
New York Times
February 21, 2008

Bomb was assassination plot, Mexico City authorities say
The blast last week is believed to have been a failed attempt to kill a top police official. Drug traffickers are suspected.
By Héctor Tobar
Los Angeles Times
February 20, 2008

Dead suspect named in botched Mexico City bombing
By Mica Rosenberg and Luis Rojas
19 Feb 2008 05:39:28 GMT
(Recasts with suspect, target identified, adds details)

Mexico City tightens security after fatal blast
By Mica Rosenberg
18 Feb 2008 23:45:44 GMT

Mexico City Bomber's Motive Unclear, Police Say
New York Times
February 17, 2008

Mexico drug gangs suspected of fatal blast
By Alistair Bell
16 Feb 2008 19:45:31 GMT

Mexico City blast may have ties to organized crime
February 16, 2008 -- Updated 1459 GMT (2259 HKT)

Bomb Kills Man on Street in Mexico
New York Times
February 16, 2008

Bomb kills one, wounds two in Mexico City
By Armando Tovar and Cyntia Barrera Diaz
16 Feb 2008 03:18:21 GMT
(Updates with officials' comments, details about the bomb)

Blast near Mexico City police HQ
BBC News
Last Updated: Saturday, 16 February 2008, 00:13 GMT

MOD-DATE: 02/16/08 00:08:25
INTRO: Bomb kills one, wounds two in Mexico City.

Homemade bomb explodes in Mexico City, killing man
Two others hurt by blast in capital near U.S. Embassy
Houston Chronicle Mexico City Bureau
Feb. 15, 2008, 11:59PM

Bomb explodes in Mexico City killing at least one
Fri Feb 15, 6:15 PM ET

Grim warnings left on six bodies found in Tijuana
Placards advise against informing on drug traffickers
Houston Chronicle Mexico City Bureau
Feb. 14, 2008, 11:06PM

Acetone Peroxide (For A Bomb - Triacetone Triperoxide) And The Terrorist Plot To Bow Up British Planes
Posted by Richard at August 10, 2006 7:27 PM

Acetone Peroxide - the explosive used in the London blasts
Posted by Hyscience at July 21, 2005 1:20 PM

TATP is suicide bombers' weapon of choice
By Philippe Naughton
Times Online
July 15, 2005

Decomposition of Triacetone Triperoxide Is an Entropic Explosion
Faina Dubnikova, Ronnie Kosloff, Joseph Almog, Yehuda Zeiri, Roland Boese, Harel Itzhaky, Aaron Alt, and Ehud Keinan
Journal of the American Chemical Society (JACS)
Received June 14, 2004
Published on Web 01/05/2005
2005, 127, 1146-1159

13.8 What is the chemical structure of common explosives?
From the Chemistry FAQ, by Bruce Hamilton with numerous contributions by others

Gordon Housworth

InfoT Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Submarine fiber optic cable breaks: a study in hysteria and ignorance against analysis


Undersea cable networks are an underappreciated but essential part of modern life. They now carry well over 95% of the world's international telecommunications traffic. As trade rises as a share of global GDP - it's now over 30% - reliable connectivity becomes a key ingredient to growth. Some drivers of economic growth - outsourcing, offshoring - would be nearly impossible without it. As such, the undersea cable networks that support this connectivity are clearly vital to global commerce...

Submarine fiber optic networks mimic electricity grid vulnerability

The global submarine fiber optic network almost perfectly mimics the global electricity grid in its inability to mount any reasonable defense against attack. (I say 'almost' as the fiber optic industry is far less aware of its being a target than is the electricity grid.)

Here is Richard Clarke in 2000 speaking of cyberwar as "a threat that US government cannot defend solely by federal means":

The owners and operators of electric power grids, banks and railroads; they're the ones who have to defend our infrastructure. The government doesn't own it, the government doesn't operate it , the government can't defend it. This is the first time where we have a potential foreign threat to the United States where the military can't save us.

Compare that to Clarke's recent 2008 reply on the vulnerability of fiber optic networks to physical attack:

No one has the responsibility to insure there are redundant lines. Each company makes a decision based on market forces as to whether to invest in building new capacity. Nobody pays the private firms that own the fiber to build excess capacity. In some places it exists, but there are many point-to-point connections that have single points of failure and insufficient work-arounds available. There ought to be a public-private partnership, an international one, that insures there is adequate capacity to handle large scale outages caused by malevolent actors. That means back up dark fiber, rapid repair and replacement capability, and research to increase the bandwidth for laser uplink/downlink satellite comms.

Substitute 'cable system companies' for 'electric power companies' in this 2003 comment by Clarke:

[Our] electric power companies, both the generating companies and the distribution companies, have paid very little attention to security in cyberspace... They are beginning to understand that they need to have security. And the Federal Electric Regulatory Commission is beginning to understand that it needs to regulate that, in order to create an even playing field...

Unless power companies are required to do [this] by the federal government, they will never do it, because they're now in competition with each other. They're all willing to do it if they're all forced to do it... no one has competitive disadvantage by proving security...

We, as a country, have put all of our eggs in one basket... It could be that, in the future, people will look back on the American empire, the economic empire and the military empire, and say, "They didn't realize that they were building their whole empire on a fragile base."

In researching this note I thought to see what Clarke had said about the recent cable outages in the Eastern Med and the Persian Gulf, forgetting that he wrote a novel, Breakpoint, (excerpt here) that included an attack against fiber optic backbone:

Breakpoint [shows] was how much more damage could be done if an organized group set about to create havoc by attacking these strand that unite the global village. Disconnect cyberspace in key places and the unified global village and world economy can't operate. And we have no backup economic system... And while undersea lines were cut in the novel, there were also attacks on the places where the cables come up from under the water and go on the beach. Those places are well known and unprotected.

Spot on. My read surfaced few public analysts that spoke systematically and realistically about the threats to submarine cables. Of those, fewer identified their unprotected "landing stations" - where the cables come ashore - as a high vulnerability. (This analyst found it interesting that landing stations highlighted in discussions of telecom cooperation with federal eavesdropping were forgotten in assessing the cable threat.)

A simple search on "submarine cable landing" will produce a List of international submarine communications cables as well as 983 locations where undersea cables come ashore, most all of them in rural to remote areas. There are so many ways to identify landing points. Bluewater sailors know where cables congregate to come ashore as they are clearly marked on their nav charts.

The Eyeball series highlights the landing stations along the US East Coast. (Scroll down past the text to the paired aerial photo-highway maps for the landing stations. But note that the text you skipped over cites sources for these locations. My point is that it is a trivial problem. My compliments to Cryptome for flagging that triviality.)

Separating hysteria and excessive calm from legitimate risk

It appeared that the only procedural rigor at play among amateur reporters was to repeat Auric Goldfinger's line that, "Once is happenstance, twice is coincidence, three times is enemy action" and then assign multiple, geographically dispersed cable breaks to enemy action, usually Jihadist, without further investigation.

The relatively uncomplicated sovereign state environment in effect when Neal Stephenson wrote Mother Earth Mother Board in 1996 is now complicated by the emergence of the stateless aggressor against whom retaliation is difficult:

There is also the obvious threat of sabotage by a hostile government, but, surprisingly, this almost never happens. When cypherpunk Doug Barnes was researching his Caribbean project, he spent some time looking into this, because it was exactly the kind of threat he was worried about in the case of a data haven. Somewhat to his own surprise and relief, he concluded that it simply wasn't going to happen. "Cutting a submarine cable," Barnes says, "is like starting a nuclear war. It's easy to do, the results are devastating, and as soon as one country does it, all of the others will retaliate.

There are more than one stateless aggressors that will be pleased to sever submarine cables or other communications services in the pursuit of their aims. (Mother Earth Mother Board is otherwise still worth the read.)

TeleGeography's Eric Schoonover does a nice job of describing what happened in the wake of the Egyptian outages, what was required to compensate and who suffered with what consequences. By far the best routing intelligence was the highly recommended five-part series showing who was affected when, by Earl Zmijewski:

Christopher Rhoads does a yeoman analysis of the structure of the fiber sector, much of it still dark since the bust of the late 1990s fiber boom. (Unfortunately, the unused dark links are often not in the areas of current demand.) A useful summary of cable maintenance, grappling and repair is here. It was amusing to hear FLAG Telecom state a new third cable, the FLAG Mediterranean Cable, between Egypt and France would be "fully resilient" against cuts as it was taking "a different route from the severed cables." FLAG knows that the cables emerge in shallow water to terminate at the same landing points.

A respondent to Bruce Schneier's Fourth Undersea Cable Failure in Middle East argued more systematically for "undersea damage associated with seismic activity" in Turkey and Southern Greece than any of the handwringing Cassandras. That may not be the ultimate cause for the Med breaks but its rigor shames many of the high street press journalists. (And if you hear a rumor that Iran has been knocked offline, use traceroute (tracert) (prepackaged sets here and here) to verify it rather than running the rumor. That skill will separate you from most journalists.)

As to the comments from Egyptian authorities that no ships were operating in the restricted area where the breaks were said to occur, and thus had no opportunity to drag an anchor, I say anything is possible in a land where a bureaucrat will accept payment to look the other way. This comment from a diver is useful:

Having dived around Alexandria, a common site is a bunch of locals in a 10m boat throwing a grappling hook over the side over known or suspected wrecks in an attempt to snag some scrap metal and haul it up. Several times we had to abort to alternate dive sites to avoid locals who were tearing up wrecks like this. As for the egyptian military being able to contain a restricted area ... their training makes mcdonalds workers seem well trained.

Ryan Singel nicely outlined the "Cable cut fever" racing about the web. But when Johna Till Johnson answered "Is it likely the cable cuts were intentional? And more importantly, are we at the dawn of a new era of "cable terrorism," in which malcontents try to disrupt global communications via cable cuts?," she got the first right and, overlooking shallow water and the landing stations, got the second quite wrong:

Nope. Cutting cables is a lot more difficult than it looks. For one thing, you have to first locate the cables - no small feat when they're somewhere in the middle of an ocean, under miles of water. Even with the latest-and-greatest technology, this is no easy task. According to the delightful book Blind Man's Bluff, the United States spent a fair amount of time in the 1960s and 1970s attempting to locate and tap Soviet cables. Although there reportedly were noteworthy successes, they required decades of focused effort and investment in a fleet of nuclear submarines. Terrorists have easier ways to make trouble.

Ovum's Matt Walker made the best non-military analysis:

[C]ables are nearly impossible to secure. Cable landing stations are often located in remote areas and usually staffed with a handful of technical employees, not teams of armed guards. Moreover, a typical transpacific system stretches around 20,000km. Even if the private cable owners increase security for the "dry plant" segment of such networks, securing the wet plant is problematic. Cable owners work hard to minimize accidental damage, making cable routes available to those that need to know, such as fishermen, navies, and research vessels. Cable routes also deliberately avoid, as possible, such hazards as earthquake-prone zones and rocky seabed. However, there is an unspoken assumption that the networks are safe from deliberate human sabotage. The recent spate of cable failures in a politically volatile region has called this assumption into question...

In deep waters, cable cuts are rare... 60% of all cable cuts occur in waters less than 100 meters deep. Of all cable faults, roughly three-fourths are due to "external aggression," the bulk of which is accidental human activity, namely, fishing, anchors, and dredging...

Intentional sabotage [is] probably more feasibly done in shallow waters than deep, and cable security in shallow waters is only modestly more practical. Clearly, undersea cables are a ripe target for those with an interest in wreaking havoc on international communications, whatever their motivation. Another consideration is that undersea cables have been used for submarine/surface surveillance purposes as far back as World War II, with the cooperation of private industry...

And here a scent of Clarke:

It is not enough to have multiple independent operators of ring- or mesh-based networks, with built-in restoration capabilities, optical equipment and power redundancy, multiple redundant links between cable stations and city gateways, etc. Physical security from deliberate human attack or sabotage must also be considered. If ports, railways, gas pipelines, and other types of networks are being secured against possible sabotage, we must similarly increase the security of undersea optical highways. Guaranteeing reliability is impossible, but an improvement on the current hands-off approach is long overdue. The economic cost of losing, or even just slowing down, international communications is extremely high. This risk has to be factored into the calculations behind the investment level and design of undersea optical networks.

Technical assist: For those struggling with unfamiliar communications vocabulary in a subsea cable network, a nice pictographic introduction of general data communications in any medium can be found here (actually the introduction to a data communications course).

The highly vulnerable landing station

RAND highlighted the landing station vulnerability as least as early as 2000; the problem has only grown more critical while commercial cable firms remain obtuse:

[W]iring companies have focused on redundancy as an important aspect of the cable network. While early fiber optic cables were "point-to-point" systems, modern systems are configured as loops, connecting two landing stations - at least 100 kilometers away from one another - in one country to two in another. Because it would be unlikely for an isolated nautical event - a sudden shift in the seabed on which the cables rest, for instance, or an inadvertent break caused by a fishing net or a ship's anchor - to affect both cables, the systems are thought of as secure...

However, the desire for security against inadvertent nautical events may have been counterproductive. When seeking adequate termination points for cables, companies have faced a relative paucity of suitable sites (relatively isolated from heavy fishing activity and strong ocean currents), particularly on the East Coast... Because of this lack of sites, and given the considerable effort in digging a trench on the seabed for the last kilometers of the cable, then tunneling from the ocean bed up into a beach manhole, to bring the cable ashore, cable companies have, again, especially on the East Coast, repeatedly placed cable termination points on the same shore...

The results of this "stacking" [can be seen in ten cable systems terminating in New Jersey. Of the ten] six terminate in only one of the same three cities, Tuckerton, Manasquan, and Manahawkin, New Jersey. One - a self-healing loop - terminates in both Tuckerton and Manasquan. A sixth terminates in both Manasquan and Charlestown, Rhode Island. Theoretically, an attack on two or three of these sites - at the point where the cables come together in the undersea trench before coming ashore - could cause enormous damage to the entire system...

Similarly, all submarine cables but one terminating in the south of the United States terminate at one of three points in Florida: Vero Beach, Palm Beach, and Hollywood.

[The US is less isolated than other states]- some transmissions could be rerouted through systems in Canada and South and Central America. However, given that the vast majority of transatlantic and transpacific cables terminate in the United States, the prospect of a concerted attack on these cables is troubling.

[However, a state such as Taiwan, unlike the US,] would be unable to depend on a vast overland information infrastructure beyond its borders in the event of damage to its fiber optic lifelines. A [then] recent example of the chaos potentially caused by communications outages is that of Australia. One cut cable in the SEA-WE-ME-3 network leading from Australia to Singapore caused Australia's largest Internet provider - Telstra - to lose up to 70 percent of its Internet capacity...

Pulsing the system as part of an information gathering exercise

I do not rule out an effort by state or nonstate assets to pressure the network, forcing the defender to enable comm links that normally remain dark. We often probed Soviet air defenses with aircraft flying a possible penetration profile, hoping to force the Russians to turn on defense in depth assets normally used in combat. These two comments to Schneier's post on the Middle East cable failures speak to my point:

Think about entities responsible for researching cyber attacks from a viewpoint of national security. Their main endeavors are mapping and monitoring global infrastructure and simulating possible scenarios. As with every simulation (e.g. development of nuclear warheads) you need real world data to make your simulation behave like the real world would do.

These entities do likely own warehouses full of real world netflow data, but only for more or less regular operation of the global network. To be really sure, that their virtual attack scenarios can be trusted, they need real world feedback for their own "interactions" with those networks. Now think about the interesting load of data you can collect when cutting undersea cables: number of nodes immediately offline, congestion on alternative routes, average response times of responsible institutions, measures taken by those institutions, unexpected backlash, general short, mid, and long term effects, on and on... Endless highly interesting parameters...

If this is deliberate, I suspect that it's a probe. If I was interested in knocking out access for a country, I'd probe it for uplinks. I'd search for all of the announced AS paths behind each uplink. Once I knew say, the top five fiber drops, cutting a few may fill the rest to capacity. Assuming that one is watching BGP, you'll see some changes. If they have emergency fiber or VSAT uplinks, they're probably going to route over them. This would be a useful method of observing a target. This doesn't mean that it requires a later attack, it could simply be an information gathering exercise...

Submarine cable operators: the sitting duck on the pond

The group that seems oblivious to asymmetrical threat risk appears to be the subsea fiber optic cable operators. An effort to locate robust risk analysis practices in general and this threat in particular went dry. The best was Cook's Risk Management which had the core of a useful method but it seemed more a proposal that evidence of sustained practice. Marine Survey & Cable Routing short course for "a safe and economic route" cited the principal hazards as:

  • Pre-Survey Route Position List (RPL)
  • Seafloor Morphology and Geology
  • Natural Hazards e.g. Seismic events, submarine volcanism
  • Oceanography and Meteorology
  • Human Activities e.g., mineral extraction, oil & gas, fishing
  • Man-Made Hazards e.g. anchoring, dredging
  • Other cables/pipelines/lease blocks

Its detailed Cable Route Study (CRS) had more to do with visiting local landing station authorities and other industries operating in the area, permits and regulatory issues, and cultural and environmental issues than asymmetrical or sovereign threats.

A forward leaning Blips on the Radar Screen for future cable capacity mentioned no threat profiles. In the search period where I should have found a working threat assessment model, I found none.

Writing in 2000, RAND noted a gap between the defense community and commercial cable operators that has not been closed:

By 1969, [defense] analysts had perceived vast potential military and economic benefits in cable's exploitation... With the explosion in importance of fiber optic networks [this] potential has been realized and will continue to grow; at the same time, however, so will the attendant vulnerability. The submarine fiber optic cable network is of great importance to the United States... Moreover, constraints on cable laying mean that several cables are likely to be bundled together, offering a potentially lucrative target for sabotage.

In most industry publications, however, little attention is given to the possibility of deliberate attack on the fiber optic network. Indeed, one of the few discussions of the possibility says simply that "while undersea cables could be cut, the practice of burying the in-shore segments makes this difficult; the mid-ocean portions are hard to find without a map and help from shore-based monitoring stations"...

Given the above, however, it is clear that more attention should be paid to the potential for deliberate attacks on the global fiber optic cable network... Currently, for instance, shore authorities have positioned radars and occasionally scheduled flyovers for areas in New Jersey that might be targeted...

Areas of high cable density are common: expect more multiple outages

"Cairo has become a communications hub to the Middle East..." The Suez Canal and the new overland "electronic Suez canal" comprise one of the globe's highest cable densities with massive fiber projects on the way:

Nearly all the new fiber cables recently built or planned for South Asia, the Middle East and east Africa funnel through Egypt, due to its unique location between the Red Sea and the Mediterranean. The other undersea path to the European and Atlantic networks is the much longer and costlier way around the southern tip of Africa...

The nine fiber projects planned across Egypt's Sinai desert compare with a total of four built over the past 20 years. "We call it the electronic Suez canal," says [the] Egyptian telecom regulator, likening the country's emergence as a communications hub to its importance last century for shipping by virtue of its Suez canal.

Suez in not unique in its high density of laid cables; The seabed offers many points where geography conspires to group submarine cables, thereby increasing the potential of cascaded damage. Take, for example, the Luzon Strait where the 2006 magnitude 7.1 Hengchun earthquake created "one of the largest disruptions of modern telecommunications systems. Nine submarine cables in the Strait of Luzon, between Taiwan and the Philippines, were broken thus disabling vital connections between SE Asia and the rest of the world."

Luzon Strait is the preferred of three routes to "link South East & Northern Asia":

  1. Luzon Strait between Taiwan & Philippines
    • 320 km width
    • 2600m sill depth in Bashi Channel (north)
  2. Route south of the Philippines
    • adds lots of mileage & hence latency
  3. Formosa Strait
    • Narrowest part is 130 km width
    • 70 m depth (too close to fishermen)

With nine cables transiting the earthquake epicenter in the Bashi Channel (2500-4000 meters deep), Hengchun created "multiple failures causing the entire cable system to be out of service." With no available cables for rerouting, Asia had to wait weeks for marine repairs:

21 faults were recorded in the 9 cables and it took 11 ships 49 days to restore everything back to normal. This length of time was due to the number of faults, the availability of cable repair vessels, adverse sea conditions and the occurrence of faults in water depths down to 4000 m. The repair effort was hampered further by the burial of some cables under a layer of mud and the huge size of the area that was affected...

Sovereign state weaponization of the sea floor

Terrorist efforts aside, it is clear that the major powers have a sustaining interest in the seabed, fiber optic cables and deep diving submarines.

As to subsea cables, Bamford notes:

[NSA] taps into the cables that don't reach our shores by using specially designed submarines, such as the USS Jimmy Carter, to attach a complex "bug" to the cable itself. This is difficult, however, and undersea taps are short-lived because the batteries last only a limited time. The fiber-optic transmission cables that enter the United States from Europe and Asia can be tapped more easily at the landing stations where they come ashore. With the acquiescence of the telecommunications companies, it is possible for the NSA to attach monitoring equipment inside the landing station and then run a buried encrypted fiber-optic "backhaul" line to NSA headquarters at Fort Meade, Maryland, where the river of data can be analyzed by supercomputers in near real time.

Tapping into the fiber-optic network that carries the nation's Internet communications is even easier, as much of the information transits through just a few "switches" (similar to the satellite downlinks). Among the busiest are MAE East (Metropolitan Area Ethernet), in Vienna, Virginia, and MAE West, in San Jose, California, both owned by Verizon. By accessing the switch, the NSA can see who's e-mailing with whom over the Internet cables and can copy entire messages. Last September, the Federal Communications Commission further opened the door for the agency. The 1994 Communications Assistance for Law Enforcement Act required telephone companies to rewire their networks to provide the government with secret access. The FCC has now extended the act to cover "any type of broadband Internet access service" and the new Internet phone services - and ordered company officials never to discuss any aspect of the program.

As to deep diving submarines. RAND produced an interesting 2002 monograph on the requirements for a successor to the NR-1, a deep-diving nuclear research submarine built in 1969. A small vessel (12 foot diameter, 150 foot length, 400 ton displacement and crew of seven), the NR-1 is set apart from other research submersibles and SSN submarines by its "prolonged (30-day) operation [limited only by its food and air supply] on or near the sea bottom [2,375 foot operating depth] at a speed of up to 4 knots" as well as its viewports, manipulators to "handle small objects... two retractable rubber-tired wheels that support it on the ocean bottom [and] thrusters to maintain depth without forward movement, to move laterally, and to rotate within its own length."

NR-1 missions "included support to national agencies, which had found other assets limited in their ability to complete such tasks as mapping the Challenger debris field despite inclement weather or locating important forensics information from the Egypt Air Flight 990 disaster... support of maritime archaeology, scientific research, and military operations." Command of the NR-1 does appear to be a career enhancing billet. Admiral Edmund Giambastiani commanded NR-1 earlier in his career.

Based upon NR-1 performance and expected NR-2 capability, a "military expert group" identified seven "core missions" for the NR-2 as part of an analysis of highest priority "military and scientific missions [for] their deep-diving research submarines":

  • Selected Covert Operations
  • Protection of National Assets on the Seabed
  • Intelligence Preparation of the Battlespace (IPB)
  • Forensics/Investigation
  • Expanded ISR [Intelligence Surveillance and Reconnaissance]
  • Offensive Information Operations
  • Defensive Information Operations

The NR-2 would require "magnetic and acoustic" quieting and enhanced endurance and should be able to operate under three support environments:

  • Fully autonomous operation... as is any SSN...
  • Operation in consort with an SSN [with] SSN transport/tow to an AOI [area-of-interest] and escort/protection within an AOI as desired...
  • Operation in consort with a surface support vessel [for] extensive logistics support... tow and communications support... and enable transfer and offload of objects...

Interestingly, little is written of the NR-2 despite the fact that the navy 'anticipated' "that the NR-1 will require [a third] refueling or replacement by 2012." There is an interesting oblique reference in a comment about a LTJG nuclear engineer with the Advanced Submarines Division at Naval Reactors Headquarters who:

uses his skills to keep the country's only nuclear-powered, deep-diving research submarine in top operating condition. [The officer] recently completed studies of concept designs for a nuclear-powered deep-diving research submarince including the sizing reactor and propulsion plant components, plant arrangement, and overall ship integration aspects.

In sum, subsea fiber optic networks are more vulnerable than the electricity grid. Fiber is not so much a case of raising security standards as it is introducing the concept of security. Richard Clarke's admonitions ring loudly.

Internet Logjams Spur Cable Boom
Outages in Mideast Expose Global Need For Fast Fiber Lines
February 8, 2008

FLAG Telecom: Abandoned ship's anchor caused cut in Internet cable between Emirates, Oman
Posted: 2008-02-08 10:58:35

Hotter under the water: A look at the undersea Internet cable "conspiracy" and the impact on global networks
Interview with Eric Schoonover, TeleGeography
Network Performance Daily
February 07, 2008

What those oceanic cable cuts mean to you
By Johna Till Johnson
Eye on the Carriers 
Network World, 02/07/08

Mediterranean Cable Break - Part IV
February 07, 2008 | By Earl Zmijewski at 02:03 PM
Renesys Corporation

Undersea cables extremely vulnerable say analysts
Comments by Matt Walker, Posted by andrewdonoghue
Recycled Green Tech News
Thursday 7 February 2008, 3:36 PM

07-Feb-08 - Update on Submarine Cable Cut Repairs - Daily Bulletin
FLAG Telecom
Press Releases

Three undersea cables seen fixed by weekend
Thu Feb 7, 2008 9:23am EST

New Cable Taking New Route After Web Cut
Associated Press
February 6, 2008 - 2:58pm

Cable Cut Fever Grips the Web
By Ryan Singel
Threat Level
February 06, 2008 | 4:50:11 PM

Analyzing the Internet Collapse
Multiple fiber cuts to undersea cables show the fragility of the Internet at its choke points.
By John Borland
Technology Review
February 05, 2008

Repairs start on undersea cable cut near UAE
Feb 5, 2008 8:39am EST

Cable damage hits 1.7m Internet users in UAE
By Asma Ali Zain
Khaleej Times
5 February 2008

Underwater Fiber Cuts in the Middle East
Steven Bellovin
4 February 2008

Ruptures call safety of Internet cables into question
By Heather Timmons
Published: February 4, 2008

ATTENTION: Iran is not disconnected!
February 03, 2008 | By Earl Zmijewski at 06:15 PM
Renesys Corporation

Cable cuts, conspiracies, and submarines...
Jesse Robbins
O'Reilly Radar

Mediterranean Cable Break - Part III
February 02, 2008 | By Earl Zmijewski at 06:17 AM
Renesys Corporation

India Internet capacity at 80 pct after cables break
Feb 1, 2008 2:32am EST

Web Disruptions Persist Overseas
Cables Could Take Weeks to Fix, Pressuring Business in India, Mideast
February 1, 2008

Mediterranean Cable Break - Part II
January 31, 2008 | By Earl Zmijewski at 07:20 PM
Renesys Corporation

Cable Cuts Disrupt Internet in Middle East and India
Thursday, January 31st, 2008

Mediterranean Cable Break
January 30, 2008 | By Earl Zmijewski at 06:53 PM
Renesys Corporation

Foundation [of Data Communications]
Data Communications and Computer Networks
Hongwei Zhang
Department of Computer Science, Wayne State University
Fall 2007

Enabling Global Communications - From Risk to Reward: Why must we learn our own lessons before we change risk management behaviour?
Keith Schofield
Pioneer Consulting (Dotdash Consulting)
Sub Optic 2007
May 17, 2007

Research & Security Applications of Submarine Technologies
Seymour Shapiro
Tyco Telecommunications Laboratories
SubOptic 2007

Jeremy Featherstone, Andrew Thomas
Sub Optic 2007
May 15, 2007

Thomas A. Soja, John Manock, S. Hansen Long
T Soja & Associates, Inc.
Sub Optic 2007
May 15, 2007

The regulation of undersea cables and landing stations
Steve Esselaar, Alison Gillwald and Ewan Sutherland
IDRC 2007

Subsea Landslide is Likely Cause of SE Asian Communications Failure
Graham Marle, ICPC Secretariat
21 March 2007

Taiwan Earthquake Fiber Cuts: a Service Provider View
Sylvie LaPerrière, Director
Peering & Commercial Operations
nanog39 - Toronto, Canada

Excerpt: 'Breakpoint,' by Richard Clarke
Veteran Counterterrorism Official Writes a Futuristic Thriller
ABC News Internet Ventures
Jan. 17, 2007

by Richard A. Clarke
Putnam Adult
ISBN-10: 0399153780
January 16, 2007

Earthquake Highlights Asian Dependency on Submarine Cables
January 2007

Taiwan Earthquake Severs Undersea Data Cables
Geology News
Friday, December 29, 2006

Taiwan Quake Shakes Confidence in Undersea Links
By Jon Herskovitz and Rhee So-eui
Dec 28, 2006

Earthquakes Disrupt Internet Access in Asia
A series of powerful earthquakes damages undersea cables and interrupts Internet connections in Asia.
Sumner Lemon
IDG News Service
December 27, 2006 11:00 AM PST

Earthquake in Taiwan
Status Report No: EQT-1
CAT-i, Guy Carpenter
Date: 26 December 2006
Time: 12:26:21 UTC (20:26:21 local time)
Position: 21.819N, 120.543E
Depth: 6.2 miles (10 km)
Magnitude: 7.1
Region: Taiwan Region

Big Brother Is Listening
by James Bamford
Atlantic Monthly
April 2006

Stephen Dawe (Cable & Wireless), Tony Frisch (formerly Alcatel), Barbara O'Dwyer (Level 3) and Denise Toombs (ERM)
Tu A2.3, SubOptic 2004
March 30, 2004

Rick Cook
Tu A2.6, SubOptic 2004
March 30, 2004

Marine Survey & Cable Routing
Short Course
Submarine Cable Improvement Group
Sub Optic 2004

A Concept of Operations for a New Deep-Diving Submarine
By: Frank W. Lacroix, Robert W. Button, Stuart E. Johnson, John R. Wise
RAND MR-1395
ISBN/EAN: 0-8330-3045-0
Executive summary
Submarine Cable Infrastructure

Eyeballing: Transatlantic Cable Landings Eastern US
Various dates 2002

Spy agency taps into undersea cable
By Neil Jr.
Published on ZDNet News
May 23, 2001 12:00:00 AM

Mother Earth Mother Board
The hacker tourist ventures forth across the wide and wondrous meatspace of three continents, chronicling the laying of the longest wire on Earth.
By Neal Stephenson
Issue 4.12, Dec 1996

Gordon Housworth

Cybersecurity Public  InfoT Public  Infrastructure Defense Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  Weapons & Technology Public  


  discuss this article

Themes and variations in Chinese and Indian Intellectual Property protection


Protecting your Intellectual Property in China and India was produced in response to GlobalAutoIndustry's request to contrast issues in Chinese and Indian Intellectual Property protection as part of China and India: Decreasing Costs Across Global Operations, a look at factors, advantages and concerns in Low Cost Country Sourcing (LCCS) to these automotive and component manufacturing areas.

Readers can treat China and India as the 'low cost is not low risk' abstract to separate presentations devoted to each country:

Each offers a much deeper dive into the factors affecting IP, facility and personnel protection in these Asian regions. Readers may consult these two article abstract series for further information on topics mentioned in all three presentations:

Citing the Aberdeen Group's 2005 observation that Chief Purchasing Officers "rate Low-Cost Country Sourcing (LCCS) a top priority over the next three years, and companies plan to double their spending with offshore suppliers by 2008," Wayne Forrest aptly noted:

While the LCCS road looks smooth on the surface and the cost benefits are enticing, there are potholes the size of moon craters for companies that do not properly prepare for all the potential hazards along the way.

Examining the nine tips that Forrest gathered from LCCS industry experts, I can state that the IP protection pothole (tip 2) remain unfilled in 2008, and adversely affects the other eight.

A close examination of the three presentations cited here will offer insight as to why. Feel free to contact us to begin to understand how to respond.

Nine tips for low-cost country sourcing
Wayne Forrest

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  


  discuss this article

In-the-wild attacks against electrical utilities coupled with extortion demands: implications for response to criminal and terrorist action


CIA announced what appears to be the first, documented in-the-wild successful SCADA (Supervisory Control and Data Acquisition) attack against utilities infrastructure. Surely more to follow but with the agency making the announcement, it appears to be a concrete example unlike the staged attack against a captive diesel powered generator (video, text, more text):

US Central Intelligence Agency senior analyst Tom Donahue told a gathering of 300 US, UK, Swedish, and Dutch government officials and engineers and security managers from electric, water, oil & gas and other critical industry asset owners from all across North America, that "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

Said to be "virulently allergic to hyperbole," Donahue would not have made a public announcement, nor would the agency have granted permission, "if he didn't think the threat was very large and that companies needed to fix things right now."

The UK is reporting that the specific case is Central/South America, lasting short duration:

The CIA has refused to provide further details but intelligence sources say that the cities where the hackers have caused outages were in Central and South American countries including Mexico. The sources said that in no case was a ransom paid and that the outages lasted for only a few minutes. It is not known if the hackers have made any further threats.

Seeing Mexico among the targeted Central and South American states, and being aware of the drug cartels' counterattack against the Calderon government, I think it wise to raise the potential of tunable Just-in-time Disruption in conjunction to extortion revenues within Mexico. This kind of activity is well within the cartels ability to fund.

This could well be as much proof of function, shot-across-the-bow of recalcitrant victims, or both. If one can gain detailed knowledge of the PEMEX pipeline distribution system, they can get similar data on a Latin American electrical grid. A magnificent model, intentional or accidental, for more tunable just in time disruption.

Targeting the power industry is a recent extension of a long-standing extortion practice:

In the past two years, hackers have in fact successfully penetrated and extorted multiple utility companies that use SCADA systems, says Alan Paller, director of the SANS Institute, an organization that hosts a crisis center for hacked companies. "Hundreds of millions of dollars have been extorted, and possibly more. It's difficult to know, because they pay to keep it a secret," Paller says. "This kind of extortion is the biggest untold story of the cybercrime industry."

Paller told in June that he expected those incidents to increase, and warned that a botched extortion attempt could lead to accidental damage. "There's been very active and sophisticated chatter in the hacker community, trading exploits on how to break through capabilities on these systems," he said. "That kind of chatter usually precedes bad things happening."

Cyber-extortion and its collateral damage aren't new, says Bruce Schneier... He says that offshore-hosted Web sites, most often offering pornography and gambling, are frequent victims of hacker extortion. Targeting power companies, however, is a new wrinkle, he says.

The ease of penetrating a mixed supervisory control network

I believe that my September 2004 article, Black hat meets white hat in the Idaho desert, describes the effort that produced the Aurora test. (See also Domestic Digital Pearl Harbor driven by offshore criminal and terrorist agents and Pandemic flaws at the architectural and base component level.) But unlike the special conditions permitted in the INL attack that was able to damage the diesel powerplant, but not the electrical generator, attacks against Supervisory Control and Data Acquisition (SCADA) can have pervasive, systemic effects.

Lay readers will not be happy after listening to Ganesh Devarajan merrily describe how easy it is assault SCADA devices, change apparent sensor values, take control of the system, what schematics he has seen terrorist members take an intense interest, et al. See his video at LayerOne 2007 and his slides on PDF.

A former NSA pen tester (penetration tester), Ira Winkler, describes how his team attacks SCADA networks:

There are two primary ways to break into a computer: (1) take advantage of bugs in the software, and (2) take advantage of the way a user or administrator configures or uses the computer...

Some bugs create elevated privileges, provide unauthorized access, or cause information leakage. These are security vulnerabilities. If you can connect to a computer that has not corrected such a vulnerability, you can take it over. It is that simple.

The vulnerability can exist in the operating system, SCADA applications software, Web browser, or any other software on the computer. In the case of SCADA and its supporting systems, power companies are very slow to mitigate the vulnerabilities, and may never do so, because they are afraid that any change can create problems. This is why power grid systems are likely to be more vulnerable to cyber attacks than most other computers.

With regard to taking advantage of configuration problems, even perfectly secure software can be set up insecurely. For example, I have seen many computers where the password on the Administrator account is "administrator." Passwords can otherwise be insecure. Low-level users can be given high-level access. There are also more technical ways to insecurely configure a computer. Again, if you can access a poorly configured computer, you can take it over.

Looking forward

We should expect to see parallel or overlapping attacks by criminal and terrorist groups, each of which could involve swarm attacks against multiple targets or tiers with a utility's network. Now that successful proof-of function interruptions are public knowledge, expect accelerated copycat events, although in the short-term, perpetrators may wait to observe what countermeasures, if any, are taken against them.

Given the interconnected nature of power grids, your network may become collateral damage to an attack on a seemingly distant network. Depending on the nature of an attack, it may be hard to determine if the perpetrator is criminal or terrorist (as terrorists also need funding).

Expect state countermeasures to draw counter-countermeasures from the attacker whomever they might be. Attack patterns will be watched closely as will the attacker watch and respond to the net countermeasures enacted against them. What will they be?

Targets will have to review their temporary power arrangements (many units will actually not start or will not run as long as expected) so as to not adversely impact business continuity. Supply chains will have to be reexamined for weak links due to any interruption of power at any tier on a global basis. (Think Hurricane Katrina and the lessons learned from it.)

How the merger of proprietary control systems and public internet occurred

An Ars Technica forum discussion on US approves standards to keep electric grid hacker-free contained this fine summary of how the power grid control merged with the internet:

Before the rapid adoption of the Internet we know today, these systems were operated in an isolated fashion. PLCs [Programmable Logic Controller] and RTUs [Remote Telemetry Unit or Remote Terminal Unit] in the field (devices monitoring, measuring, and responding to key points throughout the system) communicated using private networks to the control centers. Control centers communicated with the regional operators via private links, etc. The systems used to control the control centers were isolated from outside networks. They were expensive, highly-customized, and were very difficult to replace.

Along comes Unix (later Windows) systems. Control system manufacturers could just leverage common OSes and write their apps to run on those OSes--saving money. These systems were communicating with custom protocols over private networks. The protocols have no authentication/authorization, etc. See, when collecting data monitoring a grid, you need measurements multiple times per second in some cases. Adding 20% overhead for authenticating a packet on your private network was not needed.

Then comes the Internet as we know it. The corporate side of the business is using commodity OSes to operate, and wants to implement, say, a commercial billing system to run on the corporate network and print invoices, etc. That data is in the control center network. The invoice printing operations is in the corporate network. That's when the pressure (cost reductions) comes in to link the two.

There's also the pressure to encapsulate the custom protocols to run inside IP. That way, the systems can use the common network infrastructure (WAN links over ATM, leased lines, and the like) and reduce cost. Keep in mind that the underlying protocols haven't been rewritten to support authentication or encryption.

See, it's a delicate combination of two very different operating paradigms. Control systems folks focus on uptime and speed while corporate IT folks focus on security and control (by giving up uptime for patching, etc). The two networks are run very differently. There exists a division of knowledge about how to operate computer networks. This leads to shoddy divisions of the networks with weak or non-existent firewall policies so that the "grid" isn't affected by the IT staff. Also, understand that the control centers now communicate over the Internet using protocols encapsulated in IP. That's how they keep each other up to date. That's how the delicate balance of generation and demand is kept.

Recently, there has been an increase in awareness (a good thing!) of the brittle nature of the electric infrastructure. I say brittle because a common threat in the corporate environment (a Slammer/Blaster worm) now can have a devastating effect on the availability of the networks, applications, and systems supporting the monitoring of the control system if the two networks aren't properly segmented and controlled.

If a knowledgeable, malicious attacker was to gain direct access to a control system network, they would have the ability to tamper with the data presented to the operators and the software. They could feasibly cause a significant outage. How? Do things like tell the generators that they need to generate more power while at the same time opening some key switches over high voltage lines. Also, be sure to "hide" the real data from the operators and their displays, and they'll never know what's happening. They won't even respond, because their systems say everything is fine. These kinds of attacks are made possible due to the protocols not incorporating encryption or authentication. The data is often sent over IP, so many scanning and packet injection tools can perform this kind of packet injection trickery...

Basically, the cyber security controls and operating procedures of many control systems is 10-15 years behind what corporate IT is today. Putting the two together can often create risk... FERC [Federal Energy Regulatory Commission] [is] trying to establish a very modest baseline of security controls and procedures across the companies out there running their systems in 2008 using 1980's security methodologies...

Ultimately, this problem won't go away anytime soon. We can take steps to minimize the risk of cyber attack and minimize the damage caused by the loss of lines/substations. Our heavy reliance on the grid will always make it a credible target for attack...

Electrical power lags behind petroleum refining in security

Electrical power assets appear to lagging the refining industry in implementing realistic security. Here is one rationale, and given my work in the petroleum sector I can vouch for the attention paid to fire or explosion, but I find it too Pollyannaish in its timetable for bringing electricity current. I continue to wonder if we are talking about something akin to Y2K in the effort to find, fix, replace and (re)integrate the grid's firmware and software. (You only have to kill a few sites to start a cascade among many.):

[Refinery owners] have the resources, knowledge, and sophistication to implement comprehensive security programs. In the mid-tier and smaller refineries, this effort is moving at a slower pace; however, they still have progressed further in security than the power industry. There tends to be a heightened awareness for security in refining because loss of view and control in this industry can lead to greater loss of life and property...

While controls technology in refining is similar to that in the power industry, there are some important differences that may explain the variation in security preparedness:

  • In a refinery, there is more sophistication and discipline with respect to security and network architecture, and more effort put into system hardening.
  • In the power industry, you are more likely to find controls environments in unsecured areas, easily available to anyone who has access to the plant.
  • You may find more technicians working on controls systems in the power industry, while you tend to find more engineers working on controls systems in refining.
  • All of these differences can be reconciled once the power industry moves to proactive security.

I found it interesting that the World Economic Forum's Global Risks 2007 did not include power continuity among its 23 "core" global risks even though those chosen, e.g., "Oil price shock/energy supply interruptions," were said to of "systemic nature: their impacts challenge the integrity of the system. Their consequences are harder to predict, frequently disproportionate, difficult to contain and present challenges to us all." I put this up to the fact that power has not reached the public consciousness of petroleum.

An arduously slow road to 'not enough'

Note the consistent threat verbiage without concerted action:

1998: Jeffrey A. Hunker, then Director of the Critical Infrastructure Assurance Office (CIAO)

"The full support of the private sector" is vital in protecting U.S. critical infrastructures against cyber attack... "The threat that we are facing is a threat that's growing over time... And so we need to respond with a sense of urgency and produce real results very quickly to combat it.... I think that one major measure of success is going to be the extent to which the private sector -- the owners and operators of the electric power grid, and our transportation and our banking and finance sectors -- comes together and, with the government, develops an action plan. We'll be able to measure how that partnership has been formed within the next six months to a year."

2000: Richard Clarke on the assertion that cyberwar is a threat that US government cannot defend solely by federal means:

The owners and operators of electric power grids, banks and railroads; they're the ones who have to defend our infrastructure. The government doesn't own it, the government doesn't operate it , the government can't defend it. This is the first time where we have a potential foreign threat to the United States where the military can't save us.

2003: Interview with Richard Clarke regarding cyber tools by al Qaeda and other entities:

For an organization [that] is looking to leverage its investment, to have the biggest possible damage for the least possible investment, cyberspace is a good bet, because it doesn't cost a lot of money to develop these skills. You could have an effect in a number of places simultaneously, without being in those locations, and you can achieve a certain degree of anonymity and a certain degree of invulnerability to arrest [or] apprehension....

Mountain View [shows] the ease with which people can do virtual reconnaissance from overseas on our physical infrastructure and on our cyber infrastructure, and the difficulty that we have in knowing what is being done...

[Our] electric power companies, both the generating companies and the distribution companies, have paid very little attention to security in cyberspace. It took them a long time to even admit that they were connected to the Internet. Now they know that they are. Now they also know that they're running a control software, SCADA, that is available to our enemies, because it's software that's sold around the world. They are beginning to understand that they need to have security. And the Federal Electric Regulatory Commission is beginning to understand that it needs to regulate that, in order to create an even playing field...

I'd suggest the Federal Electric Regulatory Commission create an even standard for all power-generating companies and all power distribution companies, and a high standard that's achieved in several steps over the course of the next several year...

SCADA systems need to be encrypted. People who have access to them need to do authentication... But we also need to make sure that our control signals -- the signals that we send out over the electric power grid -- are not sent and clear, they're not broadcast on radio, but they're on fiber optic cables that are not connected to the Internet...

Unless power companies are required to do [this] by the federal government, they will never do it, because they're now in competition with each other. They're all willing to do it if they're all forced to do it... no one has competitive disadvantage by proving security...

We, as a country, have put all of our eggs in one basket... It could be that, in the future, people will look back on the American empire, the economic empire and the military empire, and say, "They didn't realize that they were building their whole empire on a fragile base. They had changed that base from brick and mortar to bits and bytes, and they never fortified it."

2005: cyber-security a distant second to physical security:

"People downplay the importance of cyber-security, claiming that no one will ever die in a cyber-attack, but they're wrong," says Richard Clarke... "This is a serious threat."... "An attack on the scale of the Bhopal disaster in India is not impossible"... Despite such a nightmare scenario, federal officials are more immediately focused on the threat of a dual attack... a physical attack and a simultaneous cyber-attack on critical infrastructure"...

Many experts say that DHS is still relatively unprepared to protect America's critical infrastructure against a cyber-attack. "In government, when it came to senior level focus after Sept. 11, 99.9 percent was skewed towards physical protection, and cyber-security took a back seat."...

The industry has a lot to address, Clarke says. "Every time the government has tested the security of the electric power industry, we've been able to hack our way in - sometimes through an obscure route like the billing system."... "Computer-security officers at a number of chemical plants have indicated privately that they are very concerned about the openness of their networks and how easily they might be penetrated."

2007: This author on Cyber Storm:

[It] does not give this author comfort that the first federal cyber war exercise, Cyber Storm, carried out in February 2006 had such a relatively positive outcome. (It is moments like this when I remember the counsel of a skilled practitioner who noted that any exercise presided over by political elites must be designed not to fail lest their stewardship be called into doubt.) Cyber Storm was to provide a "controlled environment to exercise State, Federal, International, and Private Sector response to a cyber related incident of national significance"...

Having spun scenarios without limit, Cyber Storm's "Overarching Lessons Learned" offer painful parallels to each of the TOPOFF series simulating large-scale terrorist attacks involving biologic, chemical and radiological WMDs ("diseases are fearsome, hospitals and first responders are overwhelmed, interagency and intra-agency coordination is pummeled while communications in the form of multiple control centers, numerous liaisons, and increasing numbers of response teams merely complicate the emergency response effort")... Who could be surprised by these lessons learned? They could describe any large bureaucracy under stress, perhaps even their daily environment...

2007: An insufficiently strong standard emerges:

"NERC reliability standards [are] less stringent guidelines than [those offered in the] NIST guidance," said Greg Wilshusen, director of information security issues at the Government Accountability Office. "They do not provide the level of standard, mandatory protection required."

Specifically, NERC standards focus on the bulk power system as a whole, but don't properly address the threat of regional outages or the security of the IT components that support the electric grid, Langevin said. By contrast, the System Protection Profile for Industrial Control Systems developed by NIST in collaboration with private sector organizations presents a cross-industry, baseline set of security requirements for new industrial control systems that vendors and system integrators can use. Government has not yet enforced the adoption of these requirements.

"Why [NERC] would have standards below NIST is beyond me," Langevin said. "This is something we're going to [pay] close attention to; perhaps legislation will be required."

2008: The problem will get worse before it gets better. From a 2005-2007 study of electric utilities' energy management systems, SCADA and distribution management systems:

Linkage to other utility enterprise systems continued to be on the increase on a global scale; despite cyber security concerns. For many sites, the key to remaining secure seemed to be either: (a) the restricted provision of non-real-time access via periodic downloads to authorized requestors or (b) indirect access to and from the control system via historian files. Newton-Evans anticipates some changes in priorities this year, with a likelihood that many U.S. utilities will be implementing a NERC compliance reporting system over the 2008-2010 period.

Examples of flaws and entry points

Rather than asking how safe are the current SCADA and related architectures, better to ask how can such an environment not offer multiple opportunities for mischief? For examples of mischief, Schneier's weblog entry, Staged Attack Causes Generator to Self-Destruct, contained reader comments which I've categorized under two topics: systemic fault opportunities and attack vectors. (While the commentary of many forums is dross, Schneier's readers did a creditable job.)

Systemic fault opportunities

Still designing for efficiency, not security, and allowing connection of systems designed for closed proprietary systems onto the web:

1, The [SCADA] systems are designed by engineers with only one [aspect] in mind to control complex systems (oil platforms etc)... The problem with 1 is that security was never ever a consideration in the design. And like Unix most SCADA systems will do as they are told irespective of the consiquences.

2, [Management] no longer want to pay to have people on site any longer just on call from home or some other office in the world... The problem with 2 is that the Internet is the cheapest solution...

The result is systems that have no built in safe guards appearing on the internet with minimal security...

[More] and more of the old electrical mechanical relay logic controls [in electrical utilities] have been replaced by PLCs, RTUs and bay level controllers, combined with SCADA. Yes, the majority of SCADA systems used run on commodity hardware and Windows OS...

In most cases, the new Ethernet based control protocols are secret... (the exception being Modbus/TCP). The companies which own them provide binary drivers in a format known as "OPC". OPC runs only on Windows, so a customer pretty much has to use Windows to run their SCADA system whether they want to or not.

The field devices which are controlled by these protocols are not very sophisticated and will accept commands from anywhere without requiring any sort of authentication. The assumption is that if you are on the network, you are not going to do anything malicious...

Cost reduction:

SCADA vendors want to cut their costs and only support one platform. We initially were told by our SCADA vendor that we would have to go all Windows, HMI [Human-Machine Interface] workstations & servers, if we wanted to upgrade to the latest version of their system...

Every penny saved is another penny in the vendor's pocket... It doesn't matter how good your design is because the customers will demand arbitrary price cuts. This is standard purchasing department tactics during the negotiation of any purchase...

[US] utilities used to pay into EPRI [Electric Power Research Institute] to get research done for the common good. EPRI would have been the logical party to deal with these problems. After deregulation [many] of these companies are not willing to pay for research anymore...

Cost-benefit analysis driving out dedicated networks:

[These] systems were networked, usually over a fairly slow wire, so it is all in allowing the control systems to do more than monitor and control devices over the specialized SCADA network, since the remote devices [may] be speaking IP... but, in Power/Gas/etc networks, there's a lot of equipment that would be considered obsolescent (Anyone remember Visicode switches? PDMs?) but, if they work, won't be scrapped.

 Employ new application/use case without redesign:

 A system used in a way or in an environment for which it was not designed is a potential problem... SCADA systems were largely designed to not be connected to the Internet. Simply connecting them without significant redesign is a recipe for serious problems.

Aging, unpatched equipment. See the incongruity in this polar pair:

- SCADA systems are built using off the shelf components (on the human interface side), MS Windows is common.
- The systems are seldom patched, in some cases, the software vendor will not support systems that have 'unapproved' patches.
- The systems are built with life expectancies measured in decades...

The only thing which has kept this from being a major problem so far is that most plant equipment is old so equipment with this capability is in the minority. The only practical solution is to put the plant on an isolated network with some sort of intermediary security box between the plant and the office which only allows limited information to pass each way. Trying to secure every individual valve and other plant device is unrealistic...

20-year old technology? That is sometimes the newer equipment in the generation plants and substations. Dial-up accessible? Absolutely. Modems left enabled? More often than you would think. And, yes, the newer hardware is IP accessible, not always securely installed and configured...

Human error in procedure and programming:

In one incident a contracter anxious to complete his installation connected 2 completely [separate] parts of our banking network together totally compromising our security. We only discovered it days later when we could contact servers we should not have been able to. Another was 100 servers rolled out with their C: drives open to anonymous and undetectable attacks because of one configuration error. Again this was in a sector that you would expect to be secure however it was not. On yet another occasion I went to a shared PC to fix it and written in pencil around the edges of the monitor where all the usernames and passwords of all the people that used this particular PC to access the banks systems.

Complexity of equipment and their controllers:

Newer GE gas turbine control systems use PCs with Windows for the MMI [Man Machine Interface]. They have discontinued their own MMI system, and currently sell a re-branded product from someone else... MMI is what you use to control the equipment. If you control the MMI, you control the equipment. The equipment control system itself has protective relays and other over rides, but the MMI system still has a lot of factors and parameters that are set at commissioning which can damage the equipment if set incorrectly. You can also of course, simply shut down the system by issuing a shutdown command...

GE is a mixed bag with regards to their offerings... last I had heard they had 13+ different SCADA systems depending on the division you were working with. But I can say authoritatively that their Energy Management System offerings are UNIX, same with Siemens. I do seem to remember that they had a smaller Distribution Mgmt. System that was windows based, but those systems typically don't have [a] generation control, merely routing at the street level.

[For] the bigger electric systems like , Southern California, NYC, Southern NJ, etc... cost of computing hardware was not a concern... Some smaller rural utilities may see that cost reduction from running Windows make a significant change to the overall price of an a new control system...

Embedded systems face problems akin to SCADA:

[M]ore and more critical control functions in things like electrical generation, chemical production, and so on are handed over to embedded systems, because they can be, and because it makes things like maintenance and troubleshooting easier. And again, in service of convenience for management and maintenance, it's all getting networked, with everything from 9600 baud modems over POTS (who said wardialing was dead?) to the latest fiberoptics and even short-range wireless in some cases.

The fundamental problem is that your average embedded guy doesn't know much of anything about network security, and isn't hooked into social or professional networks that might tell him. OTOH, he's got an advantage over your average programmer, because embedded systems have to be much more tightly built in the first place, i.e. unhandled cases are unacceptable in general, and critical bugs tend to get fixed quickly, because the consequences are potentially catastrophic in a way that crashing your computer simply isn't. The software is also immensely simpler and more rigid than your average network application. The first step is to convince embedded programmers and their managers that malicious attack is as real and urgent a potential failure as any of the others that the software must handle.

Attack vectors

Insider attack:

A malicious or inattentive operator at the plant in the middle of the night could do the same thing. Nothing "cyber" is necessary for this attack.

Insiders, often foreign, hired without proper checks:

It's very hard to background check an engineer when you have so very few of them, and the pool of replacements is mostly from overseas. In the old days, you didn't have to -- the engineering schools knew that they were putting lives in these men's hands, so verifying the diploma was good enough.

The most disturbing trend I have seen in background checks is to preferentially hire recent immigrants from overseas (with background check waivers are in effect) as opposed to U.S. citizens with no criminal record but spotty credit or other risk factors. Sometimes this is a H1B issue.

More often, it's a product of laziness in not conducting real backgrounds on people born outside the USA. Unless DHS is doing really, really good checks prior to allowing these people into the USA (which takes a lot of money), this is a serious vulnerability with respect to international terrorism.

Access network assets indirectly:

[Power system component] systems are not typically "connected to the internet". They are, however, interfaced to most companies business networks, through some type of firewall, in order for operational data to make it to "the business", and for maintenance staff to access diagnostic information. This connectivity, however, can safely be managed following fairly standard methods of defense in depth, and implementing reasonable security practices.

War dialing remains a valid attack:

Modems are still a relevant attack vector... Everything from PBXs, manufacturing gear, even an accounting system.

Look for an overlooked access point:

[Hack] into control of the transmission / distribution system - look around some pole tops, there are radio controlled switches everywhere.

Affect a cascading overload:

[A] "cascading overload" is one where a local problem caused by any local event propergates out of the local area into other areas that are not at fault... In previous times suppliers put sufficient and well thought out safegaurds into their networks and introduced changes in a managable fashion... Unfortunatly the modern drive to maximise efficiency and return makes the likleyhood of such propergating faults all the more common.

Insert common worms and viruses:

Older SCADA systems used to run on proprietary hardware or on UNIX workstations. Newer ones are using PCs with Windows for display, monitoring, alarm display and data logging. On the more sophisticated systems control though is often still through proprietary hardware, but on the cheaper ones control is done on the same PC as display. The industry has gone this way to take advantage of cheaper PC hardware. There are a few vendors basing their systems on Linux instead of Windows, but these ones specialise in the more sophisticated end of the market. Wonderware, Citec, WinCC, Rockwell, etc. however all use Windows.

[A] worm or virus could DDOS or send undesirable commands to pretty much any newer control system if it can get access to the network. The SCADA networks are getting connected to the business networks because the business side wants real time reporting and production scheduling. This means that if viruses and worms are a realistic threat to office PCs, they are a realistic threat to the plant as well.

Issue simple, directed on/off commands:

[The] potential for "script kiddie" or "wrench-in-the-works" type attacks [in which] Simple 'If-it's-on-turn-it-off, if-it's-off-turn-it-on' type of "button pushing" could really raise havoc on a wide scale... All this takes is system level access and rudimentary programming skills.

Insert bad data:

[All] command and control information is passed between sensors..., control units..., and actuators... Over a bus. Airplane manufactures went digital for many reasons: to save money [and] to make the equipment more reliable... [S]ystems will eventually distribute sensory, control and actuator functionality over a network. That means that the sensory data upon which the control function operates will be vulnerable to attack as well as the commands to actuators, engines, valves, &etc. Can every electronic device in every system have its own security front-end to protect its data communications? If not, could one bring down, say, a power network by simply faking data values from a remote transformer farm saying "Hey! I'm overloaded!" and let the control function (over-) react?

This is probably the way that any attack would be carried out. Operators that use remote system implicitly trust the reading on their instruments. One of the most efficient ways to disable a system is to supply bogus readings and watch the operators crash their own systems. Do it at 3:00am when peoples decision making is at its worst and it could be serious.

Try the default passwords:

Of course Iran (and China, Pakistan, N. Korea, etc.) know the passwords. It is amazing how many times the default password is not changed. [There are not] that many vendors out there to choose from and the manuals are available on the 'net.

Affect phase mismatch via manipulation of the power grid configuration and/or load balancing equipment (LBE):

If a key point on the power grid could be closed, then two legs of the grid would become connected. If these two legs are of different [wave] length, then there would be a phase difference between them. A difference in length of the two legs of just a few miles would cause a slight phase difference that would cause serious trouble on a megavolt power line.

While the power grid is designed to provide dynamic control of this phase difference, as well as phase compensators (switchable capacitive and inductive loads to compensate for the phase difference), if one could rapidly switch in and out several legs in the power grid, the dynamics of such a rapid change in power load and phase would be very difficult to compensate for. Weak spots in the grid would overload or burn out as they dissipated the heat developed by the current from the phase mismatch.

Pick an easy entry point to remove a node:

[Many local substations can] be unmanned, secluded, and guarded only by a chain-link fence and some barbed wire. Most of the gear and lines appears uninsulated... you could raise a whole lot of havoc with a good arm and a roll of heavy-duty aluminum foil.

This is not far off the mark. The US first used the BLU-114/B special-purpose munition, containing reels of "chemically treated carbon graphite filaments, to attack to attack the Serbian power grid in 1999, virtually terminating Serbian power generation and distribution by shorting out the system. (This link also has an informative 'Electrical Distribution System Overview' written from the viewpoint of disruption.)

Time to affect repair is often sufficient damage or a causal condition for another default:

it's not how much damage an insider could do (enormous!) but how long it would take to fix. Some of the equipment used in the power distribution system is manufactured only a few places in the world; spare parts inventory does not exist; lead time for replacement is measured in months not weeks; and transportation of these larger than 8'x8'x40' components is a real hassle under 'ordinary' conditions.

Is your data center prewired to be able to use rental generators for weeks or months if necessary? Do you have ironclad contracts with multiple sources of said generators? Did you think to strike the 'act of God' clause regarding nonperformance in the event of natural or man-made disaster?

If not, you're kidding yourself about maintaining uptime in a disaster. The fastest way to find out that your on-site generators haven't been properly maintained is to run them for a week and watch them fail . . . In a real disaster, your emergency generators are a temporary bridge to some other power source. Unless you thoughtfully lay hands on a generator technician you employ, a large spare parts inventory, and ridiculous amount of diesel fuel storage well in advance.

CIA: Hackers Shook Up Power Grids (Updated)
By Noah Shachtman
Danger Room
January 19, 2008 | 2:58:00 PM

CIA launches hunt for international computer hackers threatening to hold cities ransom by shutting off power
Daily Mail
Last updated at 23:33pm on 18th January 2008

Hackers Cut Cities' Power
Andy Greenberg
01.18.08, 7:00 PM ET

Title is error as text states outside the US:
CIA official: North American power company systems hacked
By Jill R. Aitoro
January 18, 2008

SANS Flash: CIA Confirms Cyber Attack Caused Multi-City Power Outage
The SANS Institute
SANS NewsBites Vol. 10 Num. 5
Fri Jan 18 14:59:14 2008

US approves standards to keep electric grid hacker-free
By Nate Anderson
Ars Technica
Published: January 18, 2008 - 02:17PM CT

Analyzing Energy Sector Security Preparedness
Ken Miller
Energy Pulse

An apparently unrelated but interesting snippet on Indian targeting:
Hackers targeting Tier-II cities: Symantec
Business Daily from THE HINDU group of publications
Our Bureau
Nov 03, 2007

Tighter security over power plant computer systems urged
By Jill R. Aitoro
October 18, 2007

Video Shows Eerie Effectiveness of Power System Hack
By Ted Bridis and Eileen Sullivan
09/27/07 9:44 AM PT

US Improperly Releases Threat Details
Associated Press
Sep 27, 2007 5:45 PM EDT

CRITICAL INFRASTRUCTURE PROTECTION: Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain
Statement of Gregory C. Wilshusen Director, Information Security Issues
Testimony Before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, Committee on Homeland Security, House of Representatives
October 17, 2007

How to Take Down the Power Grid
by Ira Winkler
Internet Evolution

Staged Attack Causes Generator to Self-Destruct
by Bruce Schneier
Crypto-Gram Newsletter
October 15, 2007

LayerOne 2007 - Ganesh Devarajan - SCADA Systems
Conference: LayerOne 2007
Topic: SCADA System Fuzzing
Ganesh Devarajan
May 5-6, 2007

SCADA Protocol Fuzzer & The Next generation of Inline Devices
SCADA Systems
Ganesh Devarajan
LayerOne 2007
May 5-6, 2007

Aurora Generator Test
Raw Video: Simulated Attack on Power Grid
March 4, 2007

Global Risks 2007
A Global Risk Network Report
World Economic Forum Report in collaboration with Citigroup, Marsh & McLennan Companies (MMC), Swiss Re, Wharton School Risk Center
World Economic Forum
REF: 150107
January 2007

Minimizing Risk Of Attack On Electric Grid
by Meredith Mackenzie
Boston (UPI) Mar 09, 2006

Diagnostic Tools to Estimate Consequences of Terrorism Attacks Against Critical Infrastructure
Rae Zimmerman, Carlos Restrepo, Nicole Dooskin, Jeremy Fraissinet, Ray Hartwell, Justin Miller and Wendy Remington
Institute for Civil Infrastructure Systems (ICIS)
New York University

New York University's Institute for Civil Infrastructure Systems (ICIS) for the Center for Risk and Economic Analysis of Terrorism Events (CREATE) at the University of Southern California
December 2007

New focus on cyber-terrorism
At risk: computers that run power grids, refineries.
By Nathaniel Hoopes
The Christian Science Monitor
from the August 16, 2005 edition

Avoiding Grid Lock
By Robert MacMillan
Washington Post
August 16, 2005; 9:09 AM

AIRDATE: April 24, 2003

Interview: Richard Clarke

From MAD (Mutual Assured Destruction) to MUD (Multilateral Unconstrained Disruption): Dealing with the New Terrorism
by Stephen Gale and Lawrence Husick
Foreign Policy Research Institute (FPRI)
Volume 11, Number 1
February 2003

Steven A. Hildreth
Specialist in National Defense
Foreign Affairs, Defense, & Trade Division
CRS Report for Congress
Updated June 19, 2001

Cyber War
Steve Croft with Admiral Herbert Brown
60 Minutes
April 9, 2000
[No direct citation]
mirror for quote

Frequently Asked Questions (FAQ) About the Y2K Problem

An interview with Dr. Jeffrey A. Hunker
Director of the Critical Infrastructure Assurance Office
USIA, U.S. Foreign Policy Agenda
November 1998

Gordon Housworth

Cybersecurity Public  InfoT Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Intersection of al-Nakba, The Second Lebanon War and Ehud Olmert


Part 1: Obtuse diplomatic blunder and journalistic ignorance: US inadvertently agrees to celebrate al-Nakba, the 1948 destruction of Palestine

Rescue of Arab pride by yet another crusader

Certainly by 2000, disgust by the (Sunni) Arab street with its rulers and their collective inability to prevent or remove a Jewish state from Muslim holy ground that they turned their affection towards their (Shia) Hezbollah adversaries. Much like Hamas, which the US tries to vilify despite their commitment to graft-free infrastructure maintenance in schools, hospitals and local government, Hezbollah rose in political and military strength to the point that a tactical miscalculation by Hezbollah was met by military blunder by Israel in The Second Lebanon War:

Fueled by saturation television coverage of the destruction and suffering wrought by Israel's attacks, popular sentiment in both Shia and Sunni communities has moved strongly behind Shia Hezbollah, whose leader, Sheikh Hassan Nasrallah, has become a symbol of resistance to Israeli and U.S. power, these analysts agree.

"Resistance rises above sectarianism," according to Graham Fuller, a former top Middle East analyst for the Central Intelligence Agency (CIA) and the Rand Corporation. "Sunni masses by and large are not concerned whether Iran, Syria's rulers, or Hezbollah are Shiites; they applaud them for their steadfastness and willingness to fight and even die."

 In 2006, I wrote in Hezbollah is something not seen for hundreds of years: a Muslim army that can fight

Hezbollah is something that the West has not seen in a few hundred years - a Muslim army, Persian trained, that can fight, that can acquire and employ sophisticated weaponry (albeit some systems are most likely under direct Iranian control) and employ combat operations appropriate to its condition and environment. (I would have said Arab army but Iranians, although mostly Muslim, are Persians.) I submit that Hezbollah presents a threat greater than al Qaeda if and when it elects to strike out beyond Palestine at the US and EU. In that, Mahmoud Ahmedinejad's statements are not boast but fact. (The only benefit is that, unlike al Qaeda, there will be a nation state homeland to counterattack. Unfortunately, that is Iran.)...

In point of fact, Israel is losing in its conflict with Hezbollah, yet it will not have a better chance given that Hezbollah miscalculated with its POW grab and was surprised by the level of Israeli response. If Hezbollah survives with its weapons reasonably intact, Israel loses and is shown to be vulnerable as never before in its history. It is now unlikely that Israel will be able to push Hezbollah far enough away to prevent it sending missiles into Israel at will.

Unlike the close of the 1967 Six Day War, El Al Airlines is not taking out ads in the New York Times inviting tourists to "Visit Israel and see the Pyramids," nor are there jokes about Arab (Egyptian) weapons for sale, "never fired, dropped only once" or Egyptian deserters who abandoned their units to stand and fight. While "Arab Unity" is a contradiction in terms, especially so across a Sunni-Shia divide, Arabs are so thirsty for selfesteem that they can rally around Hezbollah's accomplishments. This is all the more remarkable when Lebanese whose state is being sundered in the conflict support Hezbollah's state within a state resistance against Israel.

Hezbollah did what no Arab army had done in many attempts to expel or contain Israel; it had beaten the superior foe, the IDF. Arab elation was tempered only by the fact that this victorious crusader was Shia. For Israelis it was as if their cloak of invincibility had shattered, that military business-as-usual which had sustained them since 1948 was aging.

I recommend readers start with Kober's The Second Lebanon War (Begin-Sadat Center for Strategic Studies) as a short, accurate analysis of the conflict's military and political aspects. To understand the changes that Israel, and well as the US, must absorb, read Levine's Behind the Headlines on the Winograd Commission's Interim Report. Also useful is Kreps' The 2006 Lebanon War: Lessons Learned. For intelligence operations, see Eshel's Hezbollah's Intelligence War and Israeli Intelligence Dilemmas in Lebanon.

I describe other aspects of Israel's loss in:

I recommend against the implications from such items as the The No-Win Zone: An After-Action Report from Lebanon or Boot's The Second Lebanon War. (I respect much of what Boot writes but depart from him here.)

Olmert as crippled partner

Israeli Prime Minister Ehud Olmert has the earmarks of a crippled politician, despite his refusal to resign, rising from his inept stewardship of Israel's military campaign against Hezbollah in summer 2006. The preliminary report of the Winograd Commission indicts Olmert's performance as "a serious failure in exercising judgment, responsibility and prudence." (Winograd is unusually expansive, covering the period from May 2000, when the IDF exited Lebanon, to July 2006, when Hezbollah captured two IDF soldiers, followed immediately by the 12-17 July decision cycle for the military operation Change of Direction which became The Second Lebanon War:

The primary responsibility for these serious failings rests with the Prime Minister, the minister of defense [Amir Peretz] and the (outgoing) Chief of Staff [Dan Halutz]... [Had] any of them acted better - the decisions in the relevant period and the ways they were made, as well as the outcome of the war, would have been significantly better...

  • The decision to respond with an immediate, intensive military strike was not based on a detailed, comprehensive and authorized military plan, based on carefull study of the complex characteristics of the Lebanon arena...
  • [The] government did not consider the whole range of options, including that of continuing the policy of containment, or combining political and diplomatic moves with military strikes below the escalation level, or military preparations without immediage military action...
  • The support in the cabinet for this move was gained in part through ambiguity in the presentation of goals and modes of operation...
  • Some of the declared goals of the war were not clear and could not be achieved...
  • The IDF did not exhibit creativity in proposing alternative action possibilities, did not alert the political decision-makers to the discrepancy between its own scenarios and the authorized modes of action, and did not demand [early] mobilization of the reserves...
  • Even after these facts became known to the political leaders, they failed to adapt the military way of operation and its goals to the reality on the ground...

Speaking specifically of Olmert, Winograd says that the Prime Minister:

  • bears supreme and comprehensive responsibility for [the] failures in the initial decisions concerning the war stem from both his position and from his behavior, as he initiated and led the decisions which were taken...
  • made up his mind hastily, despite the fact that no detailed military plan was submitted to him and without asking for one. Also, his decision was made without close study of the complex features of the Lebanon front and of the military, political and diplomatic options available to Israel...
  • is responsible for the fact that the goals of the campaign were not set out clearly and carefully, and that there was no serious discussion of the relationships between these goals and the authorized modes of military action...
  • did not adapt his plans once it became clear that the assumptions and expectations of actions were not realistic and were not materializing.

The final Winograd report is to be released 30 January, 2008. One wonders if more US nationals were aware of Winograd that they would have asked for a similar commission here.

Impact of the Bush43-Olmert relationship on the peace process

While Bush43 embarked on his trip to the Middle East to urge on the Palestinian-Israeli peace process and press Arab states for Iranian containment, he did do to near unanimous "skepticism in the Arab world:

[Bush43's] visit to the Middle East comes amid waves of criticism and rancor from the Arab press. Newspaper columnists note the push for Middle East peace has not begun until the final year of the president's two terms in office.

Mr. Bush remains one of the least popular world leaders in Arab opinion polls, and is held personally responsible by many in the region for the destabilizing chaos in Iraq. In his tour of the region, he will have to overcome widespread skepticism about his new push toward an Israeli-Palestinian peace deal.

At the diplomatic level, Arab official ranks were more restrained:

Egyptian and other Arab officials qualify the visit as "important". They argue that it is an opportunity for the US president to demonstrate commitment to keep up the pace that he induced last November in the Middle East process upon hosting the Annapolis meeting. They also argue that the visit is an opportunity for Arab leaders to offer Bush their direct accounts of the role that the US needs to play during the remaining months of Bush's term in office to help promote peace and stability in a region that many an Arab capital blame Bush and neo-cons for its increased instability.

For Egyptian and other Arab commentators the visit is about one of two things: either to promote further isolation of Iran, since many seem to think that a US military attack on Iran is getting increasingly unlikely, if not totally excluded, or to attempt to keep up the momentum of the Palestinian-Israeli talks in order to secure some sort of a final status agreement, or a framework thereof.

Complicated by poor chemistry between Bush43 and Mubarak, this is a tall order in the face of "disturbing signs" of US-Israeli actions in the aftermath of Annapolis:

The continued "settlements expansion", the lack of US monitoring of the commitment of Palestinians and Israelis to honour the roadmap obligations, the lack "so far of serious final status negotiations" despite Palestinian-Israeli meetings and the failure to engage Hamas and to improve the situation in Gaza...

It is difficult for this analyst to envision an environment that would permit such a movement given the relationship and interdependence between Bush43 and Olmert. The pair have evolved a "deep bond... reinforced by their shared views of Israel’s security, and their own political problems in selling their approach to their respective constituencies":

Mr. Bush’s relationship with the two Israeli leaders he has known best, Mr. Sharon and Mr. Olmert, have differed in detail, if not in spirit. Mr. Bush admired Mr. Sharon as "an old warrior" who... crystallized Mr. Bush’s sympathies for Israel’s security concerns... "With Olmert, it’s completely different... They’re the same age... They both feel that most of the world is against them, which, I think, is not far from the truth."

An Israeli political historian, Michael Oren, states that "the message is very clear" that Bush43 is "a strong supporter of Israel and of its current prime minister." An Israeli analyst, Daniel Levy, goes further, saying that Bush and Olmert

had grown so close that the president was now invested in his political future, willing to visit Israel so soon after Annapolis at least in part to bolster his standing before the Winograd report on the Lebanon war is made public later this month.

If it is correct that Olmert's close relationship to Bush43 "is both a lifeline and an insurance policy, that Israel will not be pressed to sacrifice its security to satisfy the American desire for a peace treaty," then I see little chance that a meaningful peace treaty will emerge.

Meaningful means the Abdullah Plan.

As the Second Lebanon War demonstrated, the defense posture that Israel has relied upon since partition is increasingly unsustainable. The interest on the inability of the US to restore even the modest respect it held in Arab eyes prior to Operation Iraqi Freedom (OIF) continues to accrue. The US is going to need friends on the street (the 'spirit' of which Napoleon spoke) and in the foreign office across the Muslim world as things could get significantly worse on a larger scale.

If US readers think that there are threats enough with Hezbollah and Hamas, they have yet to see Egypt's Muslim Brotherhood in the wings. Egypt is the most populous in the region, its economy is in tatters and there is no prognosis for improvement. Egypt's government mirrors the problems that dogged Arafat and Fatah, providing a receptive opening for an honest provider of public services whatever its political leanings. In Lebanon it was Hezbollah. In the West Bank and Gaza it was Hamas. In Egypt, it is the Muslim Brotherhood.

The potential threats of Egypt falling into unfriendly hands are real. Readers should remember that the Egypt-Israel peace treaty of 1979, a direct result of the 1978 Camp David Peace Accords, was the first peace treaty between Israel and an Arab state, largely deflating pan-Arab conflict against Israel. Readers can go here:

Where was the Abdullah Plan?

The Abdullah Plan is nowhere to be heard in Palestine, Arab or Jew, nor has it been mooted in Arab diplomatic circles during this 'next step' of the Annapolis process, yet it is the only plan that will work and actually reduce strife and combat in the Levant. My opinion is that Israel has done everything diplomatically possible to extinguish it, the Abbas/Fatah faction is too powerless to put it forward, Hamas is being economically strangled and so has other things on its mind, and a lame duck president will accept scraps in order to claim the fiction of a foreign policy legacy prior to leaving office.

Well before King Fahd became incapacitated by stroke, Prince Abdullah, nicknamed "Abdullah the Heavy," was running Saudi Arabia. This pious prince leading the Islamist side of the Saudi family had closed ranks with the secular/western side of the family under Prince Sultan to publicly restrain the clerics providing a key element of his political support. As the commander of the all important Bedu national guard, whenever King Fahd needed to tell a recalcitrant regional player how the cow eats the cabbage, Abdullah carried the message. (Sort of like sending out Sharon: 'Knock it off, this is what we're going to do.') In other words, if Abdullah said it, virtually all Arab states would fall into line. In 2002, then Crown Prince, now King, Abdullah made an offer at the Arab League summit in Beirut:

Peace is a free and voluntary choice made by two equal parties, and it cannot survive if it is based on oppression and humiliation. The peace process is based on a clear principle: land for peace. This principle is accepted by the international community as a whole, and is embodied in U.N. Security Council resolutions 242 and 338, and was adopted by the Madrid Conference in 1991. It was confirmed by the resolutions of the European Community and other regional organizations, and re-emphasized once more this month, by U.N. Security Council Resolution 1397.

It is clear in our minds, and in the minds of our brethren in Palestine, Syria and Lebanon, that the only acceptable objective of the peace process is the full Israeli withdrawal from all the occupied Arab territories, the establishment of an independent Palestinian state with al-Quds al-Shareef [East Jerusalem] as its capital, and the return of refugees. Without moving toward this objective, the peace process is an exercise in futility and a play on words and a squandering of time, which perpetuates the cycle of violence...

Allow me at this point to directly address the Israeli people, to say to them that the use of violence, for more than 50 years, has only resulted in more violence and destruction, and that the Israeli people are as far as they have ever been from security and peace, notwithstanding military superiority and despite efforts to subdue and oppress...

I propose that the Arab summit put forward a clear and unanimous initiative addressed to the United Nations Security Council based on two basic issues: normal relations and security for Israel in exchange for full withdrawal from all occupied Arab territories, recognition of an independent Palestinian state with al-Quds al-Shareef [East Jerusalem] as its capital, and the return of refugees. At the same time, I appeal to all friendly countries throughout the world to support this noble humanitarian proposal, which seeks to remove the danger of destructive wars and the establishment of peace for all the inhabitants of the region, without exception.

Israel blockaged Arafat in his headquarters, preventing his attendance to the Arab summit; Egypt's Mubarak refused to attend if Arafat could not. Bush43 proceeded to support Sharon, thereby endangering a 70-year relationship with the House of Saud:

The crown prince bore a warning that Bush's apparent tolerance of Israeli military offensives against Palestinians had damaged prospects for Mideast peace. "We believe the administration could have been stronger on [Israeli Prime Minister Ariel] Sharon, made it clearer to him that negotiations cannot be done under the barrel of a gun," Nail Al- Jubeir, a spokesman for the Saudi Embassy, told reporters here.

"The message is, Sharon has been acting up, and the U.S. government needs to rein him in. We cannot maintain the peace process with this stuff going on," Abdullah's spokesman said. The Israeli-Palestinian crisis dominated Bush's first face-to- face meeting with Abdullah.

"There is a lot of anger at the U.S. for what is perceived as a lack of restraining Sharon," said Adel Al-Jubeir, the foreign policy adviser to Abdullah. "The crown prince wanted to make sure the president was aware of this," the adviser said. "Allowing this problem to spiral out of control will have grave consequences for the U.S. and its interests."

Things went predictably south as the tail wagged the dog, again cementing the allegiance of the US to Israel in Arab minds. Even now, Bush43's trip is being described as nothing more than an "Exotic Gulf vacation" while his calls to embargo Iran were met with Gulf state realism that ''Iran is a neighbor; we have to deal with that." To be fair, Bush43 was said to listen in private:

According to a well placed observer, Bush listened carefully when he was briefed on building resentments and frustrations among Arabs, promising to champion the issue during his last year in office. In turn, he demanded that concerns with the putative Iranian threat, receive equal attention.

Yet I wonder how an Arab, diplomat or layman, can trust Bush43 to be impartial when:

Many [Arab] television audiences saw the hand-written note left by Bush at the Yad Vashem Holocaust Memorial, which simply stated: "God Bless Israel".

Arabs asked where was the equivalent in the Holy Land for Palestinians, especially when Born-Again Bush stopped by the Church of Nativity.

Others wondered whether they would read a similar scribble in Bahrain or Kuwait. Indeed, if Gulf rulers were especially generous with Bush, it was to sensitise him to the Arab plight, not to be reminded that Iran was a detrimental force in the region.

Uri Avnery employs the story of Esau and Jacob in a delicious send-up of Olmert saying one thing yet doing another:

Anyone who listens to him - not just at the press conference, but also on every other occasion - hears words of peace and reason: The Palestinians must have a state of their own. The "vision" must be realized while Bush is president, because Israel has never had and never will have a truer friend. The settlement outposts must be removed, as promised by us again and again. The settlements must be frozen. Etc. etc. That is the voice of Jacob. But the hands, well, they are the hands of Esau.

Having observed Israel's performance for a few decades, I must agree with the Gulf Times:

The illegal colonies Israel has planted all over the occupied territories are at the core of the struggle. A peace treaty will require that they all have to go, but in fact Israel is working hard to keep the issue as confused as possible. Rather than accepting they are all illegal settlements, Israel draws a distinction between the West Bank and the land it claims to have annexed around occupied Jerusalem.

In a grand gesture Israeli Prime Minister Ehud Olmert ordered a halt to construction in its colonies, but it turns out that this order does not include colonies near occupied Jerusalem, on land which Israel claims to have annexed. Work is still continuing at a site near occupied Jerusalem that Israelis call Har Homa and Palestinians call Jabal Abu Ghneim...

Stopping work on colonies is a key test of Israel's serious commitment to peace talks. The Palestinians are well aware of this. Many times in the past, when Israel has started peace talks, it has continued to build in the colonies, and then in a grand gesture stopped building and withdrawn from the colonies that it has been building during the negotiations, leaving in place those colonies which had been there for years, completely untouched and full of colonists delighted at having "outsmarted" the Palestinians again.

The Annapolis process required these core issue talks to start in November, but the continuing building in the colonies forced the Palestinians to refuse to talk... The Palestinian government should and does commit to working to stop attacks on Israel, and to bring the perpetrators to justice, but it is a very different situation from the Israeli government allowing its own workers to continue to build in the illegal colonies, while at the same time taking part in a peace process...

To achieve a permanent peace, both sides will have to recognise the other's need for a just and equitable settlement. That will need to be based on the Abdullah Plan offered by King Abdullah of Saudi Arabia at the 2002 Beirut Arab summit, which involves complete Israeli withdrawal in return for complete normalisation of relations with all the Arab states.

This means Israel should be ready to pull back from all colonies and go to its pre-1967 borders. The Arabs will then have to be ready to recognise Israel and move to full diplomatic relations.

The Gulf states stand ready to support this process, should it start to happen. But at present it is not likely with President Mahmoud Abbas not in control of all Palestinian territory, Olmert gravely weakened - thanks to the failure of his invasion of Lebanon - and Bush working out the last year of his term.

Scraps may be an overly optimistic term for what Bush43 and SecState Rice can achieve in 2008. I don't see the administration briefing Congress on the impact of the fall of Mubarak, and exploring ways to protect Israel going forward. Little wonder that Arab states are cynical and disbelieving in the capacity of the US to behave differently. Were I them, I would be forced to agree.

Exotic Gulf vacation for US president
By Joseph A. Kechichian
Gulf News
Published: January 17, 2008, 01:06

Democracy Activists Disappointed in Bush
Mideast Tour Seen as Failure To Revive Earlier Emphasis; Economic Woes Grow Urgent
By Ellen Knickmeyer
Washington Post Foreign Service
Thursday, January 17, 2008; A14

Implement the Abdullah plan
By Francis Matthew
Gulf News
Published: January 17, 2008, 01:06

Hawk Quits Israeli Coalition
New York Times
Published: January 17, 2008

Bush Avoids Criticism of Mubarak
New York Times
January 17, 2008

Bush Seeks to Answer Arab Skepticism
The Associated Press
January 16, 2008; 12:59 PM

The Hands of Esau
Uri Avnery
Uri Avnery's Column

Bush Promises to Return to Israel
New York Times
January 12, 2008

Of ordinariness and occupation
By Sharmila Devi
Published: January 12 2008 02:00 | Last updated: January 12 2008 02:00

Syrian press slams Bush's 'hollow words'
"The pressure exerted by Washington on Israel is zero"
11 January 2008

Bush visits Kuwait to promote peace deal
By Terence Hunt
Associated Press
January 11, 2008

Arabic papers react to Bush tour
al Jazeera
14:39 MECCA TIME, 11:39 GMT

President Says Mideast Peace Accord Possible Within a Year
Originally Aired: January 10, 2008

Letter to George W. Bush
Gulf News
Published: January 10, 2008, 23:32

Bush Begins Peace Effort Bonded With Olmert
New York Times
January 10, 2008

Skepticism, Anger Greet Bush in Middle East
By Challiss McDonough
Voice of America (VOA)
08 January 2008

For Bush, 2008 Makes or Breaks
By Michael Moran
January 2, 2008

Final Winograd report to be published on January 30
Commission charged with probing Second Lebanon War to submit its final report end of the month. Report expected to be harsh, but not include personal recommendations
Aviram Zino
Israel News
01.06.08, 13:38

US uses Arabs to promote itself on Arabic sites
State Dept. team posts pro-US comments
DUBAI (Hayyan Nayouf,
(Translated from Arabic by Sonia Farid)
Tuesday, 18 December 2007

The Death of the RMA
By William S. Lind
On War #224
July 2, 2007

The Muslim Brotherhood for Beginners
By Jeffrey Breinholt
Counterterrorism Blog
July 2, 2007 10:24 AM

Behind the Headlines on the Winograd Commission's Interim Report
Haninah Levine
May 29, 2007

Hezbollah Reacts to Israel's Winograd Report
By Chris Zambelis
Terrorism Focus
Jamestown Foundation
Volume 4, Issue 13
May 8, 2007

The fourth dimension
The Israel-Hezbollah clash and the shape of wars to come
Armed Forces Journal
May 2007

PM Olmert on Winograd Commission Interim Report
Israeli Ministry of Foreign Affairs
30 Apr 2007

Winograd Commission submits Interim Report
Israeli Ministry of Foreign Affairs
30 Apr 2007

The 2006 Lebanon War: Lessons Learned
Sarah E. Kreps
Spring 2007

Israeli government chooses "The Second Lebanon War"
Sun Mar 25, 2007 5:49am EDT

Him and them
Al-Ahram Weekly
Issue No. 879
10 - 16 January 2007

The No-Win Zone: An After-Action Report from Lebanon
Daniel Byman & Steven Simon
The National Interest
Number 86, Nov./Dec. 2006

Israeli Intelligence Dilemmas in Lebanon
Assessment of the Second Lebanon War
By Col. David Eshel
Defense Update
Oct 2006 ??

Hezbollah's Intelligence War
Assessment of the Second Lebanon War
By Col. David Eshel
Defense Update
Oct 2006 ??

The Second Lebanon War
Avi Kober
Begin-Sadat Center for Strategic Studies (BESA)
Perspectives Paper No. 22
September 28, 2006


The Second Lebanon War
It probably won't be the last.
by Max Boot
Weekly Standard
Volume 011, Issue 47
CFR Mirror

Sunni-Shia Split Fades as Israel Presses Campaign
By Jim Lobe
InterPress News
Jul 27, 2006

Al-Qaeda & the Muslim Brotherhood: United by Strategy, Divided by Tactics
By Lydia Khalil
Terrorism Monitor
Jamestown Foundation
Volume 4, Issue 6 (March 23, 2006)

WRITTEN BY Neil Docherty & Lowell Bergman
Airdate: January 25, 2005

Searching for meaning
The nakba was not just a tragic moment in the history of Palestinians, but touches the core of the struggle -- now as in the past -- for Arab dignity, identity and justice in the face of power
Azmi Bishara
Al-Ahram Weekly
Issue No. 690
13 -19 May 2004

by Sandra Sobieraj
Chicago Sun-Times
Apr 26, 2002
Original scrolled off copy not available

Cache of FindArticles copy as retrieved on Dec 4, 2007 23:27:54 GMT.

THE ARABS; In Beirut, Arab Officials Vow To Move on Saudi Peace Plan
New York Times
March 27, 2002

Saudi, in Emotional Plea to Israel, Offers 'Land for Peace' Proposal
Arab Leaders Divided
New York Times
March 27, 2002
Original URL now goes to different text
Mirrors of original are here and here.

Excerpts From Speech by Crown Prince of Saudi Arabia
New York Times
March 27, 2002

The Arab World: Society, Culture, and State
By Halim Barakat
University of California
ISBN 0520084276

Gordon Housworth

InfoT Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Prev 1  2  3  4  [5]  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  Next

You are on page 5
A total of 68 pages are available.

Items 41-50 of 673.

Pages: [1 - 25] [26 - 50] [51 - 68]

<<  |  July 2019  |  >>
view our rss feed