return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ Risk Containment and Pricing Public ]

Mexican drug cartels make the leap from guns to IEDs: Expect risks in Mexico to rise


Expect unpleasant bits of Colombia and Iraq to appear in Mexico

A milestone in the weaponry used in the Mexican drug wars has passed largely unnoticed over the weekend. After some 2500 dead in the past year, primarily due to gunshot trauma, the cartels deployed the first known Improvised Explosive Device (IED) - and deployed it in the capital, Mexico City, adjacent to a major tourist area. The only curiosity was why it took so long. The fact that the IED detonated prematurely, killing the perpetrator instead of the intended victim, will be forgotten as better explosives - likely military explosives that will join the rising number of automatic weapons flowing into Mexico - are deployed by the cartels against the government and one another.

We forecast asset risk in Mexico to rise accordingly. The unwelcome trends noted in my September 2007 piece, Trends point towards Mexico's destabilization, continue. One must now expect personnel attacks, even if collateral damage, in addition to supply chain interruption.

Among the drumbeat of Mexican "narco-terrorism" killings, here the torture, mutilation, murder and public dumping of six informants, the names of which are supposedly kept secret, and the transient, sensational headlines of threats of Hezbollah's Hassan Nasrallah against Israel for the assumed killing of Imad Mughniyeh in Damascus, the threat by al Qaida in Iraq (AQI) to commence attacks elsewhere in the Middle East, the continuing ethnic strife in Kenya, Chinese efforts to damp down espionage charges and refute Beijing's facilitation of Sudanese attacks in Darfur, and the run-up to elections in Pakistan, there appeared a brief AFP piece on Friday, Feb 15, 6:15 PM ET:

At least one person died and two others were injured after a bomb exploded in Mexico City's central tourist area [Zona Rosa]... "It sounded like back-to-back explosions ... one person is dead, a man, and we have a woman in critical condition with burns all over her body"... No group has come forward claiming responsibility for the blasts [which] occurred at 2:30 pm (2030 GMT)... "It was a home-made explosive device probably activated by cell-phone and probably made with gunpowder, judging from the smell"... police were investigating whether the deceased was the trigger man in the attack or simply a passerby who picked up a red bag where the device was stashed... "We noticed the dead man lost a hand and this surely happened the instant he handled the device"... Apart from rebel groups, Mexican media also speculated that Friday's attacks could be attributed to the country's powerful drug trafficking cartels.

The Houston Chronicle Mexico City Bureau shortly added:

Though rare, political bombings are not unknown in Mexico. Several leftist guerrilla groups have set off homemade bombs in Mexico City in recent years. But the groups usually issue warnings or time the blasts for early morning hours to avoid innocent casualties... City and federal police have recently arrested suspected drug cartel hitmen and confiscated large amounts of weapons in raids in several Mexico City neighborhoods. But police Friday said there was no apparent link between those arrests and the bomb.

Reuters added more detail a few hours later as the BBC carried the link to police headquarters, the intended means of triggering, and pointed directly at the cartels:

The device was set off near the city's police headquarters... Investigators believe the bomb was activated remotely by a mobile phone... Mexico's government has been locked in a violent battle with drug gangs since last month. Police have announced the arrest of several alleged members of the powerful Sinaloa drug cartel and seized substantial amounts of weapons.

By Saturday, Reuters was flagging the Sinaloa Cartel:

Mexico's increasingly brazen drug cartels may have been behind a bomb blast in the center of the capital in what would be a major escalation of a war with President Felipe Calderon's government.

Friday's explosion points more toward a bungled attack by drug gangs that killed over 2,500 people last year in a turf war. The homemade bomb, attached to a cell phone for activation, went off prematurely near Mexico City's security ministry, killing a man who was believed to have been handling it.

Initial suspicions fell on drug gangs like the Sinaloa Cartel headed by Mexico's most-wanted man, Joaquin "Shorty" Guzman, which has suffered most in recent weeks from an army-backed drive against drug violence by Calderon.

Security forces arrested one of the Sinaloa Cartel's main money launders last month and the gang has lost weapons and cash in police seizures in Mexico City in recent days.

On Monday, Reuters noted that the bomber, Juan Manuel Meza Campos (deceased), and his accomplice/lookout, Tania Vázquez Muñoz (badly burned), were targeting an unnamed "director of the public security ministry." Reuters identified the tactical shift in targeting without flagging its significance:

Drug gang hit men regularly murder police chiefs and judges, and three heavily armed men arrested in January were planning to kill the country's deputy attorney general. However gangs have not been known to use bombs so far.

By Thursday, Meza's nickname, El Pipén, and his "links to drug dealers in a high-crime neighborhood called Tepito" were known as was his intent to place the IED into a police commander's car in a nearby parking lot.

Acetone peroxide, or Triacetone Triperoxide (TATP), comes to the Americas

Of great interest to this analyst was the apparent identification of the explosive used in the device: Acetone Peroxide, often known as Triacetone Triperoxide, or TATP, the explosive of choice of the London bombings and many Palestinian suicide bomber attacks.

Owing to the fact that the precursors are readily available, Acetone Peroxide is commonly used by amateur bomb makers, is often used for detonators, [and] is a favored explosive for terrorist attacks, particularly in the Middle East...

Of [the] group of peroxide-based explosives, including triacetone triperoxide (TATP), diacetone diperoxide (DADP), and hexamethylene triperoxide diamine (HMTD) and their analogues... TATP is one of the most sensitive explosives known, a property that allows its employment as both primary explosive and main charge. With power close to that of TNT [it] may be employed for explosive devices. [TATP's shock wave velocity is approximately 5000 m/s.] However, due to its low chemical stability and its sensitivity to mechanical stress and open flame, as well as its high volatility [has] not been extensively used. Unlike most conventional explosive devices, those made of [TATP] contain neither nitro groups nor metallic elements, making its detection by standard methods quite difficult.

Not used in areas such as Iraq where military explosives are plentiful, TATP, while exceedingly sensitive and prone to cook off, offers the ability to combine three commonly available precursors, drain cleaner, hydrogen peroxide and acetone, to produce an explosive with three-quarters of the detonation rate of TNT and about half that of C-4 plastic explosive.

The cartels now refine certain cocaine products in Mexico as well as produce superior grades of methamphetamine. They can certainly perfect the production of TATP. Expect to see a family of IEDs employing homemade, commercial and military explosives emerge in Mexico.

Deadly Bomb in Mexico Was Meant for the Police
New York Times
February 21, 2008

Bomb was assassination plot, Mexico City authorities say
The blast last week is believed to have been a failed attempt to kill a top police official. Drug traffickers are suspected.
By Héctor Tobar
Los Angeles Times
February 20, 2008

Dead suspect named in botched Mexico City bombing
By Mica Rosenberg and Luis Rojas
19 Feb 2008 05:39:28 GMT
(Recasts with suspect, target identified, adds details)

Mexico City tightens security after fatal blast
By Mica Rosenberg
18 Feb 2008 23:45:44 GMT

Mexico City Bomber's Motive Unclear, Police Say
New York Times
February 17, 2008

Mexico drug gangs suspected of fatal blast
By Alistair Bell
16 Feb 2008 19:45:31 GMT

Mexico City blast may have ties to organized crime
February 16, 2008 -- Updated 1459 GMT (2259 HKT)

Bomb Kills Man on Street in Mexico
New York Times
February 16, 2008

Bomb kills one, wounds two in Mexico City
By Armando Tovar and Cyntia Barrera Diaz
16 Feb 2008 03:18:21 GMT
(Updates with officials' comments, details about the bomb)

Blast near Mexico City police HQ
BBC News
Last Updated: Saturday, 16 February 2008, 00:13 GMT

MOD-DATE: 02/16/08 00:08:25
INTRO: Bomb kills one, wounds two in Mexico City.

Homemade bomb explodes in Mexico City, killing man
Two others hurt by blast in capital near U.S. Embassy
Houston Chronicle Mexico City Bureau
Feb. 15, 2008, 11:59PM

Bomb explodes in Mexico City killing at least one
Fri Feb 15, 6:15 PM ET

Grim warnings left on six bodies found in Tijuana
Placards advise against informing on drug traffickers
Houston Chronicle Mexico City Bureau
Feb. 14, 2008, 11:06PM

Acetone Peroxide (For A Bomb - Triacetone Triperoxide) And The Terrorist Plot To Bow Up British Planes
Posted by Richard at August 10, 2006 7:27 PM

Acetone Peroxide - the explosive used in the London blasts
Posted by Hyscience at July 21, 2005 1:20 PM

TATP is suicide bombers' weapon of choice
By Philippe Naughton
Times Online
July 15, 2005

Decomposition of Triacetone Triperoxide Is an Entropic Explosion
Faina Dubnikova, Ronnie Kosloff, Joseph Almog, Yehuda Zeiri, Roland Boese, Harel Itzhaky, Aaron Alt, and Ehud Keinan
Journal of the American Chemical Society (JACS)
Received June 14, 2004
Published on Web 01/05/2005
2005, 127, 1146-1159

13.8 What is the chemical structure of common explosives?
From the Chemistry FAQ, by Bruce Hamilton with numerous contributions by others

Gordon Housworth

InfoT Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Submarine fiber optic cable breaks: a study in hysteria and ignorance against analysis


Undersea cable networks are an underappreciated but essential part of modern life. They now carry well over 95% of the world's international telecommunications traffic. As trade rises as a share of global GDP - it's now over 30% - reliable connectivity becomes a key ingredient to growth. Some drivers of economic growth - outsourcing, offshoring - would be nearly impossible without it. As such, the undersea cable networks that support this connectivity are clearly vital to global commerce...

Submarine fiber optic networks mimic electricity grid vulnerability

The global submarine fiber optic network almost perfectly mimics the global electricity grid in its inability to mount any reasonable defense against attack. (I say 'almost' as the fiber optic industry is far less aware of its being a target than is the electricity grid.)

Here is Richard Clarke in 2000 speaking of cyberwar as "a threat that US government cannot defend solely by federal means":

The owners and operators of electric power grids, banks and railroads; they're the ones who have to defend our infrastructure. The government doesn't own it, the government doesn't operate it , the government can't defend it. This is the first time where we have a potential foreign threat to the United States where the military can't save us.

Compare that to Clarke's recent 2008 reply on the vulnerability of fiber optic networks to physical attack:

No one has the responsibility to insure there are redundant lines. Each company makes a decision based on market forces as to whether to invest in building new capacity. Nobody pays the private firms that own the fiber to build excess capacity. In some places it exists, but there are many point-to-point connections that have single points of failure and insufficient work-arounds available. There ought to be a public-private partnership, an international one, that insures there is adequate capacity to handle large scale outages caused by malevolent actors. That means back up dark fiber, rapid repair and replacement capability, and research to increase the bandwidth for laser uplink/downlink satellite comms.

Substitute 'cable system companies' for 'electric power companies' in this 2003 comment by Clarke:

[Our] electric power companies, both the generating companies and the distribution companies, have paid very little attention to security in cyberspace... They are beginning to understand that they need to have security. And the Federal Electric Regulatory Commission is beginning to understand that it needs to regulate that, in order to create an even playing field...

Unless power companies are required to do [this] by the federal government, they will never do it, because they're now in competition with each other. They're all willing to do it if they're all forced to do it... no one has competitive disadvantage by proving security...

We, as a country, have put all of our eggs in one basket... It could be that, in the future, people will look back on the American empire, the economic empire and the military empire, and say, "They didn't realize that they were building their whole empire on a fragile base."

In researching this note I thought to see what Clarke had said about the recent cable outages in the Eastern Med and the Persian Gulf, forgetting that he wrote a novel, Breakpoint, (excerpt here) that included an attack against fiber optic backbone:

Breakpoint [shows] was how much more damage could be done if an organized group set about to create havoc by attacking these strand that unite the global village. Disconnect cyberspace in key places and the unified global village and world economy can't operate. And we have no backup economic system... And while undersea lines were cut in the novel, there were also attacks on the places where the cables come up from under the water and go on the beach. Those places are well known and unprotected.

Spot on. My read surfaced few public analysts that spoke systematically and realistically about the threats to submarine cables. Of those, fewer identified their unprotected "landing stations" - where the cables come ashore - as a high vulnerability. (This analyst found it interesting that landing stations highlighted in discussions of telecom cooperation with federal eavesdropping were forgotten in assessing the cable threat.)

A simple search on "submarine cable landing" will produce a List of international submarine communications cables as well as 983 locations where undersea cables come ashore, most all of them in rural to remote areas. There are so many ways to identify landing points. Bluewater sailors know where cables congregate to come ashore as they are clearly marked on their nav charts.

The Eyeball series highlights the landing stations along the US East Coast. (Scroll down past the text to the paired aerial photo-highway maps for the landing stations. But note that the text you skipped over cites sources for these locations. My point is that it is a trivial problem. My compliments to Cryptome for flagging that triviality.)

Separating hysteria and excessive calm from legitimate risk

It appeared that the only procedural rigor at play among amateur reporters was to repeat Auric Goldfinger's line that, "Once is happenstance, twice is coincidence, three times is enemy action" and then assign multiple, geographically dispersed cable breaks to enemy action, usually Jihadist, without further investigation.

The relatively uncomplicated sovereign state environment in effect when Neal Stephenson wrote Mother Earth Mother Board in 1996 is now complicated by the emergence of the stateless aggressor against whom retaliation is difficult:

There is also the obvious threat of sabotage by a hostile government, but, surprisingly, this almost never happens. When cypherpunk Doug Barnes was researching his Caribbean project, he spent some time looking into this, because it was exactly the kind of threat he was worried about in the case of a data haven. Somewhat to his own surprise and relief, he concluded that it simply wasn't going to happen. "Cutting a submarine cable," Barnes says, "is like starting a nuclear war. It's easy to do, the results are devastating, and as soon as one country does it, all of the others will retaliate.

There are more than one stateless aggressors that will be pleased to sever submarine cables or other communications services in the pursuit of their aims. (Mother Earth Mother Board is otherwise still worth the read.)

TeleGeography's Eric Schoonover does a nice job of describing what happened in the wake of the Egyptian outages, what was required to compensate and who suffered with what consequences. By far the best routing intelligence was the highly recommended five-part series showing who was affected when, by Earl Zmijewski:

Christopher Rhoads does a yeoman analysis of the structure of the fiber sector, much of it still dark since the bust of the late 1990s fiber boom. (Unfortunately, the unused dark links are often not in the areas of current demand.) A useful summary of cable maintenance, grappling and repair is here. It was amusing to hear FLAG Telecom state a new third cable, the FLAG Mediterranean Cable, between Egypt and France would be "fully resilient" against cuts as it was taking "a different route from the severed cables." FLAG knows that the cables emerge in shallow water to terminate at the same landing points.

A respondent to Bruce Schneier's Fourth Undersea Cable Failure in Middle East argued more systematically for "undersea damage associated with seismic activity" in Turkey and Southern Greece than any of the handwringing Cassandras. That may not be the ultimate cause for the Med breaks but its rigor shames many of the high street press journalists. (And if you hear a rumor that Iran has been knocked offline, use traceroute (tracert) (prepackaged sets here and here) to verify it rather than running the rumor. That skill will separate you from most journalists.)

As to the comments from Egyptian authorities that no ships were operating in the restricted area where the breaks were said to occur, and thus had no opportunity to drag an anchor, I say anything is possible in a land where a bureaucrat will accept payment to look the other way. This comment from a diver is useful:

Having dived around Alexandria, a common site is a bunch of locals in a 10m boat throwing a grappling hook over the side over known or suspected wrecks in an attempt to snag some scrap metal and haul it up. Several times we had to abort to alternate dive sites to avoid locals who were tearing up wrecks like this. As for the egyptian military being able to contain a restricted area ... their training makes mcdonalds workers seem well trained.

Ryan Singel nicely outlined the "Cable cut fever" racing about the web. But when Johna Till Johnson answered "Is it likely the cable cuts were intentional? And more importantly, are we at the dawn of a new era of "cable terrorism," in which malcontents try to disrupt global communications via cable cuts?," she got the first right and, overlooking shallow water and the landing stations, got the second quite wrong:

Nope. Cutting cables is a lot more difficult than it looks. For one thing, you have to first locate the cables - no small feat when they're somewhere in the middle of an ocean, under miles of water. Even with the latest-and-greatest technology, this is no easy task. According to the delightful book Blind Man's Bluff, the United States spent a fair amount of time in the 1960s and 1970s attempting to locate and tap Soviet cables. Although there reportedly were noteworthy successes, they required decades of focused effort and investment in a fleet of nuclear submarines. Terrorists have easier ways to make trouble.

Ovum's Matt Walker made the best non-military analysis:

[C]ables are nearly impossible to secure. Cable landing stations are often located in remote areas and usually staffed with a handful of technical employees, not teams of armed guards. Moreover, a typical transpacific system stretches around 20,000km. Even if the private cable owners increase security for the "dry plant" segment of such networks, securing the wet plant is problematic. Cable owners work hard to minimize accidental damage, making cable routes available to those that need to know, such as fishermen, navies, and research vessels. Cable routes also deliberately avoid, as possible, such hazards as earthquake-prone zones and rocky seabed. However, there is an unspoken assumption that the networks are safe from deliberate human sabotage. The recent spate of cable failures in a politically volatile region has called this assumption into question...

In deep waters, cable cuts are rare... 60% of all cable cuts occur in waters less than 100 meters deep. Of all cable faults, roughly three-fourths are due to "external aggression," the bulk of which is accidental human activity, namely, fishing, anchors, and dredging...

Intentional sabotage [is] probably more feasibly done in shallow waters than deep, and cable security in shallow waters is only modestly more practical. Clearly, undersea cables are a ripe target for those with an interest in wreaking havoc on international communications, whatever their motivation. Another consideration is that undersea cables have been used for submarine/surface surveillance purposes as far back as World War II, with the cooperation of private industry...

And here a scent of Clarke:

It is not enough to have multiple independent operators of ring- or mesh-based networks, with built-in restoration capabilities, optical equipment and power redundancy, multiple redundant links between cable stations and city gateways, etc. Physical security from deliberate human attack or sabotage must also be considered. If ports, railways, gas pipelines, and other types of networks are being secured against possible sabotage, we must similarly increase the security of undersea optical highways. Guaranteeing reliability is impossible, but an improvement on the current hands-off approach is long overdue. The economic cost of losing, or even just slowing down, international communications is extremely high. This risk has to be factored into the calculations behind the investment level and design of undersea optical networks.

Technical assist: For those struggling with unfamiliar communications vocabulary in a subsea cable network, a nice pictographic introduction of general data communications in any medium can be found here (actually the introduction to a data communications course).

The highly vulnerable landing station

RAND highlighted the landing station vulnerability as least as early as 2000; the problem has only grown more critical while commercial cable firms remain obtuse:

[W]iring companies have focused on redundancy as an important aspect of the cable network. While early fiber optic cables were "point-to-point" systems, modern systems are configured as loops, connecting two landing stations - at least 100 kilometers away from one another - in one country to two in another. Because it would be unlikely for an isolated nautical event - a sudden shift in the seabed on which the cables rest, for instance, or an inadvertent break caused by a fishing net or a ship's anchor - to affect both cables, the systems are thought of as secure...

However, the desire for security against inadvertent nautical events may have been counterproductive. When seeking adequate termination points for cables, companies have faced a relative paucity of suitable sites (relatively isolated from heavy fishing activity and strong ocean currents), particularly on the East Coast... Because of this lack of sites, and given the considerable effort in digging a trench on the seabed for the last kilometers of the cable, then tunneling from the ocean bed up into a beach manhole, to bring the cable ashore, cable companies have, again, especially on the East Coast, repeatedly placed cable termination points on the same shore...

The results of this "stacking" [can be seen in ten cable systems terminating in New Jersey. Of the ten] six terminate in only one of the same three cities, Tuckerton, Manasquan, and Manahawkin, New Jersey. One - a self-healing loop - terminates in both Tuckerton and Manasquan. A sixth terminates in both Manasquan and Charlestown, Rhode Island. Theoretically, an attack on two or three of these sites - at the point where the cables come together in the undersea trench before coming ashore - could cause enormous damage to the entire system...

Similarly, all submarine cables but one terminating in the south of the United States terminate at one of three points in Florida: Vero Beach, Palm Beach, and Hollywood.

[The US is less isolated than other states]- some transmissions could be rerouted through systems in Canada and South and Central America. However, given that the vast majority of transatlantic and transpacific cables terminate in the United States, the prospect of a concerted attack on these cables is troubling.

[However, a state such as Taiwan, unlike the US,] would be unable to depend on a vast overland information infrastructure beyond its borders in the event of damage to its fiber optic lifelines. A [then] recent example of the chaos potentially caused by communications outages is that of Australia. One cut cable in the SEA-WE-ME-3 network leading from Australia to Singapore caused Australia's largest Internet provider - Telstra - to lose up to 70 percent of its Internet capacity...

Pulsing the system as part of an information gathering exercise

I do not rule out an effort by state or nonstate assets to pressure the network, forcing the defender to enable comm links that normally remain dark. We often probed Soviet air defenses with aircraft flying a possible penetration profile, hoping to force the Russians to turn on defense in depth assets normally used in combat. These two comments to Schneier's post on the Middle East cable failures speak to my point:

Think about entities responsible for researching cyber attacks from a viewpoint of national security. Their main endeavors are mapping and monitoring global infrastructure and simulating possible scenarios. As with every simulation (e.g. development of nuclear warheads) you need real world data to make your simulation behave like the real world would do.

These entities do likely own warehouses full of real world netflow data, but only for more or less regular operation of the global network. To be really sure, that their virtual attack scenarios can be trusted, they need real world feedback for their own "interactions" with those networks. Now think about the interesting load of data you can collect when cutting undersea cables: number of nodes immediately offline, congestion on alternative routes, average response times of responsible institutions, measures taken by those institutions, unexpected backlash, general short, mid, and long term effects, on and on... Endless highly interesting parameters...

If this is deliberate, I suspect that it's a probe. If I was interested in knocking out access for a country, I'd probe it for uplinks. I'd search for all of the announced AS paths behind each uplink. Once I knew say, the top five fiber drops, cutting a few may fill the rest to capacity. Assuming that one is watching BGP, you'll see some changes. If they have emergency fiber or VSAT uplinks, they're probably going to route over them. This would be a useful method of observing a target. This doesn't mean that it requires a later attack, it could simply be an information gathering exercise...

Submarine cable operators: the sitting duck on the pond

The group that seems oblivious to asymmetrical threat risk appears to be the subsea fiber optic cable operators. An effort to locate robust risk analysis practices in general and this threat in particular went dry. The best was Cook's Risk Management which had the core of a useful method but it seemed more a proposal that evidence of sustained practice. Marine Survey & Cable Routing short course for "a safe and economic route" cited the principal hazards as:

  • Pre-Survey Route Position List (RPL)
  • Seafloor Morphology and Geology
  • Natural Hazards e.g. Seismic events, submarine volcanism
  • Oceanography and Meteorology
  • Human Activities e.g., mineral extraction, oil & gas, fishing
  • Man-Made Hazards e.g. anchoring, dredging
  • Other cables/pipelines/lease blocks

Its detailed Cable Route Study (CRS) had more to do with visiting local landing station authorities and other industries operating in the area, permits and regulatory issues, and cultural and environmental issues than asymmetrical or sovereign threats.

A forward leaning Blips on the Radar Screen for future cable capacity mentioned no threat profiles. In the search period where I should have found a working threat assessment model, I found none.

Writing in 2000, RAND noted a gap between the defense community and commercial cable operators that has not been closed:

By 1969, [defense] analysts had perceived vast potential military and economic benefits in cable's exploitation... With the explosion in importance of fiber optic networks [this] potential has been realized and will continue to grow; at the same time, however, so will the attendant vulnerability. The submarine fiber optic cable network is of great importance to the United States... Moreover, constraints on cable laying mean that several cables are likely to be bundled together, offering a potentially lucrative target for sabotage.

In most industry publications, however, little attention is given to the possibility of deliberate attack on the fiber optic network. Indeed, one of the few discussions of the possibility says simply that "while undersea cables could be cut, the practice of burying the in-shore segments makes this difficult; the mid-ocean portions are hard to find without a map and help from shore-based monitoring stations"...

Given the above, however, it is clear that more attention should be paid to the potential for deliberate attacks on the global fiber optic cable network... Currently, for instance, shore authorities have positioned radars and occasionally scheduled flyovers for areas in New Jersey that might be targeted...

Areas of high cable density are common: expect more multiple outages

"Cairo has become a communications hub to the Middle East..." The Suez Canal and the new overland "electronic Suez canal" comprise one of the globe's highest cable densities with massive fiber projects on the way:

Nearly all the new fiber cables recently built or planned for South Asia, the Middle East and east Africa funnel through Egypt, due to its unique location between the Red Sea and the Mediterranean. The other undersea path to the European and Atlantic networks is the much longer and costlier way around the southern tip of Africa...

The nine fiber projects planned across Egypt's Sinai desert compare with a total of four built over the past 20 years. "We call it the electronic Suez canal," says [the] Egyptian telecom regulator, likening the country's emergence as a communications hub to its importance last century for shipping by virtue of its Suez canal.

Suez in not unique in its high density of laid cables; The seabed offers many points where geography conspires to group submarine cables, thereby increasing the potential of cascaded damage. Take, for example, the Luzon Strait where the 2006 magnitude 7.1 Hengchun earthquake created "one of the largest disruptions of modern telecommunications systems. Nine submarine cables in the Strait of Luzon, between Taiwan and the Philippines, were broken thus disabling vital connections between SE Asia and the rest of the world."

Luzon Strait is the preferred of three routes to "link South East & Northern Asia":

  1. Luzon Strait between Taiwan & Philippines
    • 320 km width
    • 2600m sill depth in Bashi Channel (north)
  2. Route south of the Philippines
    • adds lots of mileage & hence latency
  3. Formosa Strait
    • Narrowest part is 130 km width
    • 70 m depth (too close to fishermen)

With nine cables transiting the earthquake epicenter in the Bashi Channel (2500-4000 meters deep), Hengchun created "multiple failures causing the entire cable system to be out of service." With no available cables for rerouting, Asia had to wait weeks for marine repairs:

21 faults were recorded in the 9 cables and it took 11 ships 49 days to restore everything back to normal. This length of time was due to the number of faults, the availability of cable repair vessels, adverse sea conditions and the occurrence of faults in water depths down to 4000 m. The repair effort was hampered further by the burial of some cables under a layer of mud and the huge size of the area that was affected...

Sovereign state weaponization of the sea floor

Terrorist efforts aside, it is clear that the major powers have a sustaining interest in the seabed, fiber optic cables and deep diving submarines.

As to subsea cables, Bamford notes:

[NSA] taps into the cables that don't reach our shores by using specially designed submarines, such as the USS Jimmy Carter, to attach a complex "bug" to the cable itself. This is difficult, however, and undersea taps are short-lived because the batteries last only a limited time. The fiber-optic transmission cables that enter the United States from Europe and Asia can be tapped more easily at the landing stations where they come ashore. With the acquiescence of the telecommunications companies, it is possible for the NSA to attach monitoring equipment inside the landing station and then run a buried encrypted fiber-optic "backhaul" line to NSA headquarters at Fort Meade, Maryland, where the river of data can be analyzed by supercomputers in near real time.

Tapping into the fiber-optic network that carries the nation's Internet communications is even easier, as much of the information transits through just a few "switches" (similar to the satellite downlinks). Among the busiest are MAE East (Metropolitan Area Ethernet), in Vienna, Virginia, and MAE West, in San Jose, California, both owned by Verizon. By accessing the switch, the NSA can see who's e-mailing with whom over the Internet cables and can copy entire messages. Last September, the Federal Communications Commission further opened the door for the agency. The 1994 Communications Assistance for Law Enforcement Act required telephone companies to rewire their networks to provide the government with secret access. The FCC has now extended the act to cover "any type of broadband Internet access service" and the new Internet phone services - and ordered company officials never to discuss any aspect of the program.

As to deep diving submarines. RAND produced an interesting 2002 monograph on the requirements for a successor to the NR-1, a deep-diving nuclear research submarine built in 1969. A small vessel (12 foot diameter, 150 foot length, 400 ton displacement and crew of seven), the NR-1 is set apart from other research submersibles and SSN submarines by its "prolonged (30-day) operation [limited only by its food and air supply] on or near the sea bottom [2,375 foot operating depth] at a speed of up to 4 knots" as well as its viewports, manipulators to "handle small objects... two retractable rubber-tired wheels that support it on the ocean bottom [and] thrusters to maintain depth without forward movement, to move laterally, and to rotate within its own length."

NR-1 missions "included support to national agencies, which had found other assets limited in their ability to complete such tasks as mapping the Challenger debris field despite inclement weather or locating important forensics information from the Egypt Air Flight 990 disaster... support of maritime archaeology, scientific research, and military operations." Command of the NR-1 does appear to be a career enhancing billet. Admiral Edmund Giambastiani commanded NR-1 earlier in his career.

Based upon NR-1 performance and expected NR-2 capability, a "military expert group" identified seven "core missions" for the NR-2 as part of an analysis of highest priority "military and scientific missions [for] their deep-diving research submarines":

  • Selected Covert Operations
  • Protection of National Assets on the Seabed
  • Intelligence Preparation of the Battlespace (IPB)
  • Forensics/Investigation
  • Expanded ISR [Intelligence Surveillance and Reconnaissance]
  • Offensive Information Operations
  • Defensive Information Operations

The NR-2 would require "magnetic and acoustic" quieting and enhanced endurance and should be able to operate under three support environments:

  • Fully autonomous operation... as is any SSN...
  • Operation in consort with an SSN [with] SSN transport/tow to an AOI [area-of-interest] and escort/protection within an AOI as desired...
  • Operation in consort with a surface support vessel [for] extensive logistics support... tow and communications support... and enable transfer and offload of objects...

Interestingly, little is written of the NR-2 despite the fact that the navy 'anticipated' "that the NR-1 will require [a third] refueling or replacement by 2012." There is an interesting oblique reference in a comment about a LTJG nuclear engineer with the Advanced Submarines Division at Naval Reactors Headquarters who:

uses his skills to keep the country's only nuclear-powered, deep-diving research submarine in top operating condition. [The officer] recently completed studies of concept designs for a nuclear-powered deep-diving research submarince including the sizing reactor and propulsion plant components, plant arrangement, and overall ship integration aspects.

In sum, subsea fiber optic networks are more vulnerable than the electricity grid. Fiber is not so much a case of raising security standards as it is introducing the concept of security. Richard Clarke's admonitions ring loudly.

Internet Logjams Spur Cable Boom
Outages in Mideast Expose Global Need For Fast Fiber Lines
February 8, 2008

FLAG Telecom: Abandoned ship's anchor caused cut in Internet cable between Emirates, Oman
Posted: 2008-02-08 10:58:35

Hotter under the water: A look at the undersea Internet cable "conspiracy" and the impact on global networks
Interview with Eric Schoonover, TeleGeography
Network Performance Daily
February 07, 2008

What those oceanic cable cuts mean to you
By Johna Till Johnson
Eye on the Carriers 
Network World, 02/07/08

Mediterranean Cable Break - Part IV
February 07, 2008 | By Earl Zmijewski at 02:03 PM
Renesys Corporation

Undersea cables extremely vulnerable say analysts
Comments by Matt Walker, Posted by andrewdonoghue
Recycled Green Tech News
Thursday 7 February 2008, 3:36 PM

07-Feb-08 - Update on Submarine Cable Cut Repairs - Daily Bulletin
FLAG Telecom
Press Releases

Three undersea cables seen fixed by weekend
Thu Feb 7, 2008 9:23am EST

New Cable Taking New Route After Web Cut
Associated Press
February 6, 2008 - 2:58pm

Cable Cut Fever Grips the Web
By Ryan Singel
Threat Level
February 06, 2008 | 4:50:11 PM

Analyzing the Internet Collapse
Multiple fiber cuts to undersea cables show the fragility of the Internet at its choke points.
By John Borland
Technology Review
February 05, 2008

Repairs start on undersea cable cut near UAE
Feb 5, 2008 8:39am EST

Cable damage hits 1.7m Internet users in UAE
By Asma Ali Zain
Khaleej Times
5 February 2008

Underwater Fiber Cuts in the Middle East
Steven Bellovin
4 February 2008

Ruptures call safety of Internet cables into question
By Heather Timmons
Published: February 4, 2008

ATTENTION: Iran is not disconnected!
February 03, 2008 | By Earl Zmijewski at 06:15 PM
Renesys Corporation

Cable cuts, conspiracies, and submarines...
Jesse Robbins
O'Reilly Radar

Mediterranean Cable Break - Part III
February 02, 2008 | By Earl Zmijewski at 06:17 AM
Renesys Corporation

India Internet capacity at 80 pct after cables break
Feb 1, 2008 2:32am EST

Web Disruptions Persist Overseas
Cables Could Take Weeks to Fix, Pressuring Business in India, Mideast
February 1, 2008

Mediterranean Cable Break - Part II
January 31, 2008 | By Earl Zmijewski at 07:20 PM
Renesys Corporation

Cable Cuts Disrupt Internet in Middle East and India
Thursday, January 31st, 2008

Mediterranean Cable Break
January 30, 2008 | By Earl Zmijewski at 06:53 PM
Renesys Corporation

Foundation [of Data Communications]
Data Communications and Computer Networks
Hongwei Zhang
Department of Computer Science, Wayne State University
Fall 2007

Enabling Global Communications - From Risk to Reward: Why must we learn our own lessons before we change risk management behaviour?
Keith Schofield
Pioneer Consulting (Dotdash Consulting)
Sub Optic 2007
May 17, 2007

Research & Security Applications of Submarine Technologies
Seymour Shapiro
Tyco Telecommunications Laboratories
SubOptic 2007

Jeremy Featherstone, Andrew Thomas
Sub Optic 2007
May 15, 2007

Thomas A. Soja, John Manock, S. Hansen Long
T Soja & Associates, Inc.
Sub Optic 2007
May 15, 2007

The regulation of undersea cables and landing stations
Steve Esselaar, Alison Gillwald and Ewan Sutherland
IDRC 2007

Subsea Landslide is Likely Cause of SE Asian Communications Failure
Graham Marle, ICPC Secretariat
21 March 2007

Taiwan Earthquake Fiber Cuts: a Service Provider View
Sylvie LaPerrière, Director
Peering & Commercial Operations
nanog39 - Toronto, Canada

Excerpt: 'Breakpoint,' by Richard Clarke
Veteran Counterterrorism Official Writes a Futuristic Thriller
ABC News Internet Ventures
Jan. 17, 2007

by Richard A. Clarke
Putnam Adult
ISBN-10: 0399153780
January 16, 2007

Earthquake Highlights Asian Dependency on Submarine Cables
January 2007

Taiwan Earthquake Severs Undersea Data Cables
Geology News
Friday, December 29, 2006

Taiwan Quake Shakes Confidence in Undersea Links
By Jon Herskovitz and Rhee So-eui
Dec 28, 2006

Earthquakes Disrupt Internet Access in Asia
A series of powerful earthquakes damages undersea cables and interrupts Internet connections in Asia.
Sumner Lemon
IDG News Service
December 27, 2006 11:00 AM PST

Earthquake in Taiwan
Status Report No: EQT-1
CAT-i, Guy Carpenter
Date: 26 December 2006
Time: 12:26:21 UTC (20:26:21 local time)
Position: 21.819N, 120.543E
Depth: 6.2 miles (10 km)
Magnitude: 7.1
Region: Taiwan Region

Big Brother Is Listening
by James Bamford
Atlantic Monthly
April 2006

Stephen Dawe (Cable & Wireless), Tony Frisch (formerly Alcatel), Barbara O'Dwyer (Level 3) and Denise Toombs (ERM)
Tu A2.3, SubOptic 2004
March 30, 2004

Rick Cook
Tu A2.6, SubOptic 2004
March 30, 2004

Marine Survey & Cable Routing
Short Course
Submarine Cable Improvement Group
Sub Optic 2004

A Concept of Operations for a New Deep-Diving Submarine
By: Frank W. Lacroix, Robert W. Button, Stuart E. Johnson, John R. Wise
RAND MR-1395
ISBN/EAN: 0-8330-3045-0
Executive summary
Submarine Cable Infrastructure

Eyeballing: Transatlantic Cable Landings Eastern US
Various dates 2002

Spy agency taps into undersea cable
By Neil Jr.
Published on ZDNet News
May 23, 2001 12:00:00 AM

Mother Earth Mother Board
The hacker tourist ventures forth across the wide and wondrous meatspace of three continents, chronicling the laying of the longest wire on Earth.
By Neal Stephenson
Issue 4.12, Dec 1996

Gordon Housworth

Cybersecurity Public  InfoT Public  Infrastructure Defense Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  Weapons & Technology Public  


  discuss this article

Themes and variations in Chinese and Indian Intellectual Property protection


Protecting your Intellectual Property in China and India was produced in response to GlobalAutoIndustry's request to contrast issues in Chinese and Indian Intellectual Property protection as part of China and India: Decreasing Costs Across Global Operations, a look at factors, advantages and concerns in Low Cost Country Sourcing (LCCS) to these automotive and component manufacturing areas.

Readers can treat China and India as the 'low cost is not low risk' abstract to separate presentations devoted to each country:

Each offers a much deeper dive into the factors affecting IP, facility and personnel protection in these Asian regions. Readers may consult these two article abstract series for further information on topics mentioned in all three presentations:

Citing the Aberdeen Group's 2005 observation that Chief Purchasing Officers "rate Low-Cost Country Sourcing (LCCS) a top priority over the next three years, and companies plan to double their spending with offshore suppliers by 2008," Wayne Forrest aptly noted:

While the LCCS road looks smooth on the surface and the cost benefits are enticing, there are potholes the size of moon craters for companies that do not properly prepare for all the potential hazards along the way.

Examining the nine tips that Forrest gathered from LCCS industry experts, I can state that the IP protection pothole (tip 2) remain unfilled in 2008, and adversely affects the other eight.

A close examination of the three presentations cited here will offer insight as to why. Feel free to contact us to begin to understand how to respond.

Nine tips for low-cost country sourcing
Wayne Forrest

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  


  discuss this article

In-the-wild attacks against electrical utilities coupled with extortion demands: implications for response to criminal and terrorist action


CIA announced what appears to be the first, documented in-the-wild successful SCADA (Supervisory Control and Data Acquisition) attack against utilities infrastructure. Surely more to follow but with the agency making the announcement, it appears to be a concrete example unlike the staged attack against a captive diesel powered generator (video, text, more text):

US Central Intelligence Agency senior analyst Tom Donahue told a gathering of 300 US, UK, Swedish, and Dutch government officials and engineers and security managers from electric, water, oil & gas and other critical industry asset owners from all across North America, that "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

Said to be "virulently allergic to hyperbole," Donahue would not have made a public announcement, nor would the agency have granted permission, "if he didn't think the threat was very large and that companies needed to fix things right now."

The UK is reporting that the specific case is Central/South America, lasting short duration:

The CIA has refused to provide further details but intelligence sources say that the cities where the hackers have caused outages were in Central and South American countries including Mexico. The sources said that in no case was a ransom paid and that the outages lasted for only a few minutes. It is not known if the hackers have made any further threats.

Seeing Mexico among the targeted Central and South American states, and being aware of the drug cartels' counterattack against the Calderon government, I think it wise to raise the potential of tunable Just-in-time Disruption in conjunction to extortion revenues within Mexico. This kind of activity is well within the cartels ability to fund.

This could well be as much proof of function, shot-across-the-bow of recalcitrant victims, or both. If one can gain detailed knowledge of the PEMEX pipeline distribution system, they can get similar data on a Latin American electrical grid. A magnificent model, intentional or accidental, for more tunable just in time disruption.

Targeting the power industry is a recent extension of a long-standing extortion practice:

In the past two years, hackers have in fact successfully penetrated and extorted multiple utility companies that use SCADA systems, says Alan Paller, director of the SANS Institute, an organization that hosts a crisis center for hacked companies. "Hundreds of millions of dollars have been extorted, and possibly more. It's difficult to know, because they pay to keep it a secret," Paller says. "This kind of extortion is the biggest untold story of the cybercrime industry."

Paller told in June that he expected those incidents to increase, and warned that a botched extortion attempt could lead to accidental damage. "There's been very active and sophisticated chatter in the hacker community, trading exploits on how to break through capabilities on these systems," he said. "That kind of chatter usually precedes bad things happening."

Cyber-extortion and its collateral damage aren't new, says Bruce Schneier... He says that offshore-hosted Web sites, most often offering pornography and gambling, are frequent victims of hacker extortion. Targeting power companies, however, is a new wrinkle, he says.

The ease of penetrating a mixed supervisory control network

I believe that my September 2004 article, Black hat meets white hat in the Idaho desert, describes the effort that produced the Aurora test. (See also Domestic Digital Pearl Harbor driven by offshore criminal and terrorist agents and Pandemic flaws at the architectural and base component level.) But unlike the special conditions permitted in the INL attack that was able to damage the diesel powerplant, but not the electrical generator, attacks against Supervisory Control and Data Acquisition (SCADA) can have pervasive, systemic effects.

Lay readers will not be happy after listening to Ganesh Devarajan merrily describe how easy it is assault SCADA devices, change apparent sensor values, take control of the system, what schematics he has seen terrorist members take an intense interest, et al. See his video at LayerOne 2007 and his slides on PDF.

A former NSA pen tester (penetration tester), Ira Winkler, describes how his team attacks SCADA networks:

There are two primary ways to break into a computer: (1) take advantage of bugs in the software, and (2) take advantage of the way a user or administrator configures or uses the computer...

Some bugs create elevated privileges, provide unauthorized access, or cause information leakage. These are security vulnerabilities. If you can connect to a computer that has not corrected such a vulnerability, you can take it over. It is that simple.

The vulnerability can exist in the operating system, SCADA applications software, Web browser, or any other software on the computer. In the case of SCADA and its supporting systems, power companies are very slow to mitigate the vulnerabilities, and may never do so, because they are afraid that any change can create problems. This is why power grid systems are likely to be more vulnerable to cyber attacks than most other computers.

With regard to taking advantage of configuration problems, even perfectly secure software can be set up insecurely. For example, I have seen many computers where the password on the Administrator account is "administrator." Passwords can otherwise be insecure. Low-level users can be given high-level access. There are also more technical ways to insecurely configure a computer. Again, if you can access a poorly configured computer, you can take it over.

Looking forward

We should expect to see parallel or overlapping attacks by criminal and terrorist groups, each of which could involve swarm attacks against multiple targets or tiers with a utility's network. Now that successful proof-of function interruptions are public knowledge, expect accelerated copycat events, although in the short-term, perpetrators may wait to observe what countermeasures, if any, are taken against them.

Given the interconnected nature of power grids, your network may become collateral damage to an attack on a seemingly distant network. Depending on the nature of an attack, it may be hard to determine if the perpetrator is criminal or terrorist (as terrorists also need funding).

Expect state countermeasures to draw counter-countermeasures from the attacker whomever they might be. Attack patterns will be watched closely as will the attacker watch and respond to the net countermeasures enacted against them. What will they be?

Targets will have to review their temporary power arrangements (many units will actually not start or will not run as long as expected) so as to not adversely impact business continuity. Supply chains will have to be reexamined for weak links due to any interruption of power at any tier on a global basis. (Think Hurricane Katrina and the lessons learned from it.)

How the merger of proprietary control systems and public internet occurred

An Ars Technica forum discussion on US approves standards to keep electric grid hacker-free contained this fine summary of how the power grid control merged with the internet:

Before the rapid adoption of the Internet we know today, these systems were operated in an isolated fashion. PLCs [Programmable Logic Controller] and RTUs [Remote Telemetry Unit or Remote Terminal Unit] in the field (devices monitoring, measuring, and responding to key points throughout the system) communicated using private networks to the control centers. Control centers communicated with the regional operators via private links, etc. The systems used to control the control centers were isolated from outside networks. They were expensive, highly-customized, and were very difficult to replace.

Along comes Unix (later Windows) systems. Control system manufacturers could just leverage common OSes and write their apps to run on those OSes--saving money. These systems were communicating with custom protocols over private networks. The protocols have no authentication/authorization, etc. See, when collecting data monitoring a grid, you need measurements multiple times per second in some cases. Adding 20% overhead for authenticating a packet on your private network was not needed.

Then comes the Internet as we know it. The corporate side of the business is using commodity OSes to operate, and wants to implement, say, a commercial billing system to run on the corporate network and print invoices, etc. That data is in the control center network. The invoice printing operations is in the corporate network. That's when the pressure (cost reductions) comes in to link the two.

There's also the pressure to encapsulate the custom protocols to run inside IP. That way, the systems can use the common network infrastructure (WAN links over ATM, leased lines, and the like) and reduce cost. Keep in mind that the underlying protocols haven't been rewritten to support authentication or encryption.

See, it's a delicate combination of two very different operating paradigms. Control systems folks focus on uptime and speed while corporate IT folks focus on security and control (by giving up uptime for patching, etc). The two networks are run very differently. There exists a division of knowledge about how to operate computer networks. This leads to shoddy divisions of the networks with weak or non-existent firewall policies so that the "grid" isn't affected by the IT staff. Also, understand that the control centers now communicate over the Internet using protocols encapsulated in IP. That's how they keep each other up to date. That's how the delicate balance of generation and demand is kept.

Recently, there has been an increase in awareness (a good thing!) of the brittle nature of the electric infrastructure. I say brittle because a common threat in the corporate environment (a Slammer/Blaster worm) now can have a devastating effect on the availability of the networks, applications, and systems supporting the monitoring of the control system if the two networks aren't properly segmented and controlled.

If a knowledgeable, malicious attacker was to gain direct access to a control system network, they would have the ability to tamper with the data presented to the operators and the software. They could feasibly cause a significant outage. How? Do things like tell the generators that they need to generate more power while at the same time opening some key switches over high voltage lines. Also, be sure to "hide" the real data from the operators and their displays, and they'll never know what's happening. They won't even respond, because their systems say everything is fine. These kinds of attacks are made possible due to the protocols not incorporating encryption or authentication. The data is often sent over IP, so many scanning and packet injection tools can perform this kind of packet injection trickery...

Basically, the cyber security controls and operating procedures of many control systems is 10-15 years behind what corporate IT is today. Putting the two together can often create risk... FERC [Federal Energy Regulatory Commission] [is] trying to establish a very modest baseline of security controls and procedures across the companies out there running their systems in 2008 using 1980's security methodologies...

Ultimately, this problem won't go away anytime soon. We can take steps to minimize the risk of cyber attack and minimize the damage caused by the loss of lines/substations. Our heavy reliance on the grid will always make it a credible target for attack...

Electrical power lags behind petroleum refining in security

Electrical power assets appear to lagging the refining industry in implementing realistic security. Here is one rationale, and given my work in the petroleum sector I can vouch for the attention paid to fire or explosion, but I find it too Pollyannaish in its timetable for bringing electricity current. I continue to wonder if we are talking about something akin to Y2K in the effort to find, fix, replace and (re)integrate the grid's firmware and software. (You only have to kill a few sites to start a cascade among many.):

[Refinery owners] have the resources, knowledge, and sophistication to implement comprehensive security programs. In the mid-tier and smaller refineries, this effort is moving at a slower pace; however, they still have progressed further in security than the power industry. There tends to be a heightened awareness for security in refining because loss of view and control in this industry can lead to greater loss of life and property...

While controls technology in refining is similar to that in the power industry, there are some important differences that may explain the variation in security preparedness:

  • In a refinery, there is more sophistication and discipline with respect to security and network architecture, and more effort put into system hardening.
  • In the power industry, you are more likely to find controls environments in unsecured areas, easily available to anyone who has access to the plant.
  • You may find more technicians working on controls systems in the power industry, while you tend to find more engineers working on controls systems in refining.
  • All of these differences can be reconciled once the power industry moves to proactive security.

I found it interesting that the World Economic Forum's Global Risks 2007 did not include power continuity among its 23 "core" global risks even though those chosen, e.g., "Oil price shock/energy supply interruptions," were said to of "systemic nature: their impacts challenge the integrity of the system. Their consequences are harder to predict, frequently disproportionate, difficult to contain and present challenges to us all." I put this up to the fact that power has not reached the public consciousness of petroleum.

An arduously slow road to 'not enough'

Note the consistent threat verbiage without concerted action:

1998: Jeffrey A. Hunker, then Director of the Critical Infrastructure Assurance Office (CIAO)

"The full support of the private sector" is vital in protecting U.S. critical infrastructures against cyber attack... "The threat that we are facing is a threat that's growing over time... And so we need to respond with a sense of urgency and produce real results very quickly to combat it.... I think that one major measure of success is going to be the extent to which the private sector -- the owners and operators of the electric power grid, and our transportation and our banking and finance sectors -- comes together and, with the government, develops an action plan. We'll be able to measure how that partnership has been formed within the next six months to a year."

2000: Richard Clarke on the assertion that cyberwar is a threat that US government cannot defend solely by federal means:

The owners and operators of electric power grids, banks and railroads; they're the ones who have to defend our infrastructure. The government doesn't own it, the government doesn't operate it , the government can't defend it. This is the first time where we have a potential foreign threat to the United States where the military can't save us.

2003: Interview with Richard Clarke regarding cyber tools by al Qaeda and other entities:

For an organization [that] is looking to leverage its investment, to have the biggest possible damage for the least possible investment, cyberspace is a good bet, because it doesn't cost a lot of money to develop these skills. You could have an effect in a number of places simultaneously, without being in those locations, and you can achieve a certain degree of anonymity and a certain degree of invulnerability to arrest [or] apprehension....

Mountain View [shows] the ease with which people can do virtual reconnaissance from overseas on our physical infrastructure and on our cyber infrastructure, and the difficulty that we have in knowing what is being done...

[Our] electric power companies, both the generating companies and the distribution companies, have paid very little attention to security in cyberspace. It took them a long time to even admit that they were connected to the Internet. Now they know that they are. Now they also know that they're running a control software, SCADA, that is available to our enemies, because it's software that's sold around the world. They are beginning to understand that they need to have security. And the Federal Electric Regulatory Commission is beginning to understand that it needs to regulate that, in order to create an even playing field...

I'd suggest the Federal Electric Regulatory Commission create an even standard for all power-generating companies and all power distribution companies, and a high standard that's achieved in several steps over the course of the next several year...

SCADA systems need to be encrypted. People who have access to them need to do authentication... But we also need to make sure that our control signals -- the signals that we send out over the electric power grid -- are not sent and clear, they're not broadcast on radio, but they're on fiber optic cables that are not connected to the Internet...

Unless power companies are required to do [this] by the federal government, they will never do it, because they're now in competition with each other. They're all willing to do it if they're all forced to do it... no one has competitive disadvantage by proving security...

We, as a country, have put all of our eggs in one basket... It could be that, in the future, people will look back on the American empire, the economic empire and the military empire, and say, "They didn't realize that they were building their whole empire on a fragile base. They had changed that base from brick and mortar to bits and bytes, and they never fortified it."

2005: cyber-security a distant second to physical security:

"People downplay the importance of cyber-security, claiming that no one will ever die in a cyber-attack, but they're wrong," says Richard Clarke... "This is a serious threat."... "An attack on the scale of the Bhopal disaster in India is not impossible"... Despite such a nightmare scenario, federal officials are more immediately focused on the threat of a dual attack... a physical attack and a simultaneous cyber-attack on critical infrastructure"...

Many experts say that DHS is still relatively unprepared to protect America's critical infrastructure against a cyber-attack. "In government, when it came to senior level focus after Sept. 11, 99.9 percent was skewed towards physical protection, and cyber-security took a back seat."...

The industry has a lot to address, Clarke says. "Every time the government has tested the security of the electric power industry, we've been able to hack our way in - sometimes through an obscure route like the billing system."... "Computer-security officers at a number of chemical plants have indicated privately that they are very concerned about the openness of their networks and how easily they might be penetrated."

2007: This author on Cyber Storm:

[It] does not give this author comfort that the first federal cyber war exercise, Cyber Storm, carried out in February 2006 had such a relatively positive outcome. (It is moments like this when I remember the counsel of a skilled practitioner who noted that any exercise presided over by political elites must be designed not to fail lest their stewardship be called into doubt.) Cyber Storm was to provide a "controlled environment to exercise State, Federal, International, and Private Sector response to a cyber related incident of national significance"...

Having spun scenarios without limit, Cyber Storm's "Overarching Lessons Learned" offer painful parallels to each of the TOPOFF series simulating large-scale terrorist attacks involving biologic, chemical and radiological WMDs ("diseases are fearsome, hospitals and first responders are overwhelmed, interagency and intra-agency coordination is pummeled while communications in the form of multiple control centers, numerous liaisons, and increasing numbers of response teams merely complicate the emergency response effort")... Who could be surprised by these lessons learned? They could describe any large bureaucracy under stress, perhaps even their daily environment...

2007: An insufficiently strong standard emerges:

"NERC reliability standards [are] less stringent guidelines than [those offered in the] NIST guidance," said Greg Wilshusen, director of information security issues at the Government Accountability Office. "They do not provide the level of standard, mandatory protection required."

Specifically, NERC standards focus on the bulk power system as a whole, but don't properly address the threat of regional outages or the security of the IT components that support the electric grid, Langevin said. By contrast, the System Protection Profile for Industrial Control Systems developed by NIST in collaboration with private sector organizations presents a cross-industry, baseline set of security requirements for new industrial control systems that vendors and system integrators can use. Government has not yet enforced the adoption of these requirements.

"Why [NERC] would have standards below NIST is beyond me," Langevin said. "This is something we're going to [pay] close attention to; perhaps legislation will be required."

2008: The problem will get worse before it gets better. From a 2005-2007 study of electric utilities' energy management systems, SCADA and distribution management systems:

Linkage to other utility enterprise systems continued to be on the increase on a global scale; despite cyber security concerns. For many sites, the key to remaining secure seemed to be either: (a) the restricted provision of non-real-time access via periodic downloads to authorized requestors or (b) indirect access to and from the control system via historian files. Newton-Evans anticipates some changes in priorities this year, with a likelihood that many U.S. utilities will be implementing a NERC compliance reporting system over the 2008-2010 period.

Examples of flaws and entry points

Rather than asking how safe are the current SCADA and related architectures, better to ask how can such an environment not offer multiple opportunities for mischief? For examples of mischief, Schneier's weblog entry, Staged Attack Causes Generator to Self-Destruct, contained reader comments which I've categorized under two topics: systemic fault opportunities and attack vectors. (While the commentary of many forums is dross, Schneier's readers did a creditable job.)

Systemic fault opportunities

Still designing for efficiency, not security, and allowing connection of systems designed for closed proprietary systems onto the web:

1, The [SCADA] systems are designed by engineers with only one [aspect] in mind to control complex systems (oil platforms etc)... The problem with 1 is that security was never ever a consideration in the design. And like Unix most SCADA systems will do as they are told irespective of the consiquences.

2, [Management] no longer want to pay to have people on site any longer just on call from home or some other office in the world... The problem with 2 is that the Internet is the cheapest solution...

The result is systems that have no built in safe guards appearing on the internet with minimal security...

[More] and more of the old electrical mechanical relay logic controls [in electrical utilities] have been replaced by PLCs, RTUs and bay level controllers, combined with SCADA. Yes, the majority of SCADA systems used run on commodity hardware and Windows OS...

In most cases, the new Ethernet based control protocols are secret... (the exception being Modbus/TCP). The companies which own them provide binary drivers in a format known as "OPC". OPC runs only on Windows, so a customer pretty much has to use Windows to run their SCADA system whether they want to or not.

The field devices which are controlled by these protocols are not very sophisticated and will accept commands from anywhere without requiring any sort of authentication. The assumption is that if you are on the network, you are not going to do anything malicious...

Cost reduction:

SCADA vendors want to cut their costs and only support one platform. We initially were told by our SCADA vendor that we would have to go all Windows, HMI [Human-Machine Interface] workstations & servers, if we wanted to upgrade to the latest version of their system...

Every penny saved is another penny in the vendor's pocket... It doesn't matter how good your design is because the customers will demand arbitrary price cuts. This is standard purchasing department tactics during the negotiation of any purchase...

[US] utilities used to pay into EPRI [Electric Power Research Institute] to get research done for the common good. EPRI would have been the logical party to deal with these problems. After deregulation [many] of these companies are not willing to pay for research anymore...

Cost-benefit analysis driving out dedicated networks:

[These] systems were networked, usually over a fairly slow wire, so it is all in allowing the control systems to do more than monitor and control devices over the specialized SCADA network, since the remote devices [may] be speaking IP... but, in Power/Gas/etc networks, there's a lot of equipment that would be considered obsolescent (Anyone remember Visicode switches? PDMs?) but, if they work, won't be scrapped.

 Employ new application/use case without redesign:

 A system used in a way or in an environment for which it was not designed is a potential problem... SCADA systems were largely designed to not be connected to the Internet. Simply connecting them without significant redesign is a recipe for serious problems.

Aging, unpatched equipment. See the incongruity in this polar pair:

- SCADA systems are built using off the shelf components (on the human interface side), MS Windows is common.
- The systems are seldom patched, in some cases, the software vendor will not support systems that have 'unapproved' patches.
- The systems are built with life expectancies measured in decades...

The only thing which has kept this from being a major problem so far is that most plant equipment is old so equipment with this capability is in the minority. The only practical solution is to put the plant on an isolated network with some sort of intermediary security box between the plant and the office which only allows limited information to pass each way. Trying to secure every individual valve and other plant device is unrealistic...

20-year old technology? That is sometimes the newer equipment in the generation plants and substations. Dial-up accessible? Absolutely. Modems left enabled? More often than you would think. And, yes, the newer hardware is IP accessible, not always securely installed and configured...

Human error in procedure and programming:

In one incident a contracter anxious to complete his installation connected 2 completely [separate] parts of our banking network together totally compromising our security. We only discovered it days later when we could contact servers we should not have been able to. Another was 100 servers rolled out with their C: drives open to anonymous and undetectable attacks because of one configuration error. Again this was in a sector that you would expect to be secure however it was not. On yet another occasion I went to a shared PC to fix it and written in pencil around the edges of the monitor where all the usernames and passwords of all the people that used this particular PC to access the banks systems.

Complexity of equipment and their controllers:

Newer GE gas turbine control systems use PCs with Windows for the MMI [Man Machine Interface]. They have discontinued their own MMI system, and currently sell a re-branded product from someone else... MMI is what you use to control the equipment. If you control the MMI, you control the equipment. The equipment control system itself has protective relays and other over rides, but the MMI system still has a lot of factors and parameters that are set at commissioning which can damage the equipment if set incorrectly. You can also of course, simply shut down the system by issuing a shutdown command...

GE is a mixed bag with regards to their offerings... last I had heard they had 13+ different SCADA systems depending on the division you were working with. But I can say authoritatively that their Energy Management System offerings are UNIX, same with Siemens. I do seem to remember that they had a smaller Distribution Mgmt. System that was windows based, but those systems typically don't have [a] generation control, merely routing at the street level.

[For] the bigger electric systems like , Southern California, NYC, Southern NJ, etc... cost of computing hardware was not a concern... Some smaller rural utilities may see that cost reduction from running Windows make a significant change to the overall price of an a new control system...

Embedded systems face problems akin to SCADA:

[M]ore and more critical control functions in things like electrical generation, chemical production, and so on are handed over to embedded systems, because they can be, and because it makes things like maintenance and troubleshooting easier. And again, in service of convenience for management and maintenance, it's all getting networked, with everything from 9600 baud modems over POTS (who said wardialing was dead?) to the latest fiberoptics and even short-range wireless in some cases.

The fundamental problem is that your average embedded guy doesn't know much of anything about network security, and isn't hooked into social or professional networks that might tell him. OTOH, he's got an advantage over your average programmer, because embedded systems have to be much more tightly built in the first place, i.e. unhandled cases are unacceptable in general, and critical bugs tend to get fixed quickly, because the consequences are potentially catastrophic in a way that crashing your computer simply isn't. The software is also immensely simpler and more rigid than your average network application. The first step is to convince embedded programmers and their managers that malicious attack is as real and urgent a potential failure as any of the others that the software must handle.

Attack vectors

Insider attack:

A malicious or inattentive operator at the plant in the middle of the night could do the same thing. Nothing "cyber" is necessary for this attack.

Insiders, often foreign, hired without proper checks:

It's very hard to background check an engineer when you have so very few of them, and the pool of replacements is mostly from overseas. In the old days, you didn't have to -- the engineering schools knew that they were putting lives in these men's hands, so verifying the diploma was good enough.

The most disturbing trend I have seen in background checks is to preferentially hire recent immigrants from overseas (with background check waivers are in effect) as opposed to U.S. citizens with no criminal record but spotty credit or other risk factors. Sometimes this is a H1B issue.

More often, it's a product of laziness in not conducting real backgrounds on people born outside the USA. Unless DHS is doing really, really good checks prior to allowing these people into the USA (which takes a lot of money), this is a serious vulnerability with respect to international terrorism.

Access network assets indirectly:

[Power system component] systems are not typically "connected to the internet". They are, however, interfaced to most companies business networks, through some type of firewall, in order for operational data to make it to "the business", and for maintenance staff to access diagnostic information. This connectivity, however, can safely be managed following fairly standard methods of defense in depth, and implementing reasonable security practices.

War dialing remains a valid attack:

Modems are still a relevant attack vector... Everything from PBXs, manufacturing gear, even an accounting system.

Look for an overlooked access point:

[Hack] into control of the transmission / distribution system - look around some pole tops, there are radio controlled switches everywhere.

Affect a cascading overload:

[A] "cascading overload" is one where a local problem caused by any local event propergates out of the local area into other areas that are not at fault... In previous times suppliers put sufficient and well thought out safegaurds into their networks and introduced changes in a managable fashion... Unfortunatly the modern drive to maximise efficiency and return makes the likleyhood of such propergating faults all the more common.

Insert common worms and viruses:

Older SCADA systems used to run on proprietary hardware or on UNIX workstations. Newer ones are using PCs with Windows for display, monitoring, alarm display and data logging. On the more sophisticated systems control though is often still through proprietary hardware, but on the cheaper ones control is done on the same PC as display. The industry has gone this way to take advantage of cheaper PC hardware. There are a few vendors basing their systems on Linux instead of Windows, but these ones specialise in the more sophisticated end of the market. Wonderware, Citec, WinCC, Rockwell, etc. however all use Windows.

[A] worm or virus could DDOS or send undesirable commands to pretty much any newer control system if it can get access to the network. The SCADA networks are getting connected to the business networks because the business side wants real time reporting and production scheduling. This means that if viruses and worms are a realistic threat to office PCs, they are a realistic threat to the plant as well.

Issue simple, directed on/off commands:

[The] potential for "script kiddie" or "wrench-in-the-works" type attacks [in which] Simple 'If-it's-on-turn-it-off, if-it's-off-turn-it-on' type of "button pushing" could really raise havoc on a wide scale... All this takes is system level access and rudimentary programming skills.

Insert bad data:

[All] command and control information is passed between sensors..., control units..., and actuators... Over a bus. Airplane manufactures went digital for many reasons: to save money [and] to make the equipment more reliable... [S]ystems will eventually distribute sensory, control and actuator functionality over a network. That means that the sensory data upon which the control function operates will be vulnerable to attack as well as the commands to actuators, engines, valves, &etc. Can every electronic device in every system have its own security front-end to protect its data communications? If not, could one bring down, say, a power network by simply faking data values from a remote transformer farm saying "Hey! I'm overloaded!" and let the control function (over-) react?

This is probably the way that any attack would be carried out. Operators that use remote system implicitly trust the reading on their instruments. One of the most efficient ways to disable a system is to supply bogus readings and watch the operators crash their own systems. Do it at 3:00am when peoples decision making is at its worst and it could be serious.

Try the default passwords:

Of course Iran (and China, Pakistan, N. Korea, etc.) know the passwords. It is amazing how many times the default password is not changed. [There are not] that many vendors out there to choose from and the manuals are available on the 'net.

Affect phase mismatch via manipulation of the power grid configuration and/or load balancing equipment (LBE):

If a key point on the power grid could be closed, then two legs of the grid would become connected. If these two legs are of different [wave] length, then there would be a phase difference between them. A difference in length of the two legs of just a few miles would cause a slight phase difference that would cause serious trouble on a megavolt power line.

While the power grid is designed to provide dynamic control of this phase difference, as well as phase compensators (switchable capacitive and inductive loads to compensate for the phase difference), if one could rapidly switch in and out several legs in the power grid, the dynamics of such a rapid change in power load and phase would be very difficult to compensate for. Weak spots in the grid would overload or burn out as they dissipated the heat developed by the current from the phase mismatch.

Pick an easy entry point to remove a node:

[Many local substations can] be unmanned, secluded, and guarded only by a chain-link fence and some barbed wire. Most of the gear and lines appears uninsulated... you could raise a whole lot of havoc with a good arm and a roll of heavy-duty aluminum foil.

This is not far off the mark. The US first used the BLU-114/B special-purpose munition, containing reels of "chemically treated carbon graphite filaments, to attack to attack the Serbian power grid in 1999, virtually terminating Serbian power generation and distribution by shorting out the system. (This link also has an informative 'Electrical Distribution System Overview' written from the viewpoint of disruption.)

Time to affect repair is often sufficient damage or a causal condition for another default:

it's not how much damage an insider could do (enormous!) but how long it would take to fix. Some of the equipment used in the power distribution system is manufactured only a few places in the world; spare parts inventory does not exist; lead time for replacement is measured in months not weeks; and transportation of these larger than 8'x8'x40' components is a real hassle under 'ordinary' conditions.

Is your data center prewired to be able to use rental generators for weeks or months if necessary? Do you have ironclad contracts with multiple sources of said generators? Did you think to strike the 'act of God' clause regarding nonperformance in the event of natural or man-made disaster?

If not, you're kidding yourself about maintaining uptime in a disaster. The fastest way to find out that your on-site generators haven't been properly maintained is to run them for a week and watch them fail . . . In a real disaster, your emergency generators are a temporary bridge to some other power source. Unless you thoughtfully lay hands on a generator technician you employ, a large spare parts inventory, and ridiculous amount of diesel fuel storage well in advance.

CIA: Hackers Shook Up Power Grids (Updated)
By Noah Shachtman
Danger Room
January 19, 2008 | 2:58:00 PM

CIA launches hunt for international computer hackers threatening to hold cities ransom by shutting off power
Daily Mail
Last updated at 23:33pm on 18th January 2008

Hackers Cut Cities' Power
Andy Greenberg
01.18.08, 7:00 PM ET

Title is error as text states outside the US:
CIA official: North American power company systems hacked
By Jill R. Aitoro
January 18, 2008

SANS Flash: CIA Confirms Cyber Attack Caused Multi-City Power Outage
The SANS Institute
SANS NewsBites Vol. 10 Num. 5
Fri Jan 18 14:59:14 2008

US approves standards to keep electric grid hacker-free
By Nate Anderson
Ars Technica
Published: January 18, 2008 - 02:17PM CT

Analyzing Energy Sector Security Preparedness
Ken Miller
Energy Pulse

An apparently unrelated but interesting snippet on Indian targeting:
Hackers targeting Tier-II cities: Symantec
Business Daily from THE HINDU group of publications
Our Bureau
Nov 03, 2007

Tighter security over power plant computer systems urged
By Jill R. Aitoro
October 18, 2007

Video Shows Eerie Effectiveness of Power System Hack
By Ted Bridis and Eileen Sullivan
09/27/07 9:44 AM PT

US Improperly Releases Threat Details
Associated Press
Sep 27, 2007 5:45 PM EDT

CRITICAL INFRASTRUCTURE PROTECTION: Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain
Statement of Gregory C. Wilshusen Director, Information Security Issues
Testimony Before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, Committee on Homeland Security, House of Representatives
October 17, 2007

How to Take Down the Power Grid
by Ira Winkler
Internet Evolution

Staged Attack Causes Generator to Self-Destruct
by Bruce Schneier
Crypto-Gram Newsletter
October 15, 2007

LayerOne 2007 - Ganesh Devarajan - SCADA Systems
Conference: LayerOne 2007
Topic: SCADA System Fuzzing
Ganesh Devarajan
May 5-6, 2007

SCADA Protocol Fuzzer & The Next generation of Inline Devices
SCADA Systems
Ganesh Devarajan
LayerOne 2007
May 5-6, 2007

Aurora Generator Test
Raw Video: Simulated Attack on Power Grid
March 4, 2007

Global Risks 2007
A Global Risk Network Report
World Economic Forum Report in collaboration with Citigroup, Marsh & McLennan Companies (MMC), Swiss Re, Wharton School Risk Center
World Economic Forum
REF: 150107
January 2007

Minimizing Risk Of Attack On Electric Grid
by Meredith Mackenzie
Boston (UPI) Mar 09, 2006

Diagnostic Tools to Estimate Consequences of Terrorism Attacks Against Critical Infrastructure
Rae Zimmerman, Carlos Restrepo, Nicole Dooskin, Jeremy Fraissinet, Ray Hartwell, Justin Miller and Wendy Remington
Institute for Civil Infrastructure Systems (ICIS)
New York University

New York University's Institute for Civil Infrastructure Systems (ICIS) for the Center for Risk and Economic Analysis of Terrorism Events (CREATE) at the University of Southern California
December 2007

New focus on cyber-terrorism
At risk: computers that run power grids, refineries.
By Nathaniel Hoopes
The Christian Science Monitor
from the August 16, 2005 edition

Avoiding Grid Lock
By Robert MacMillan
Washington Post
August 16, 2005; 9:09 AM

AIRDATE: April 24, 2003

Interview: Richard Clarke

From MAD (Mutual Assured Destruction) to MUD (Multilateral Unconstrained Disruption): Dealing with the New Terrorism
by Stephen Gale and Lawrence Husick
Foreign Policy Research Institute (FPRI)
Volume 11, Number 1
February 2003

Steven A. Hildreth
Specialist in National Defense
Foreign Affairs, Defense, & Trade Division
CRS Report for Congress
Updated June 19, 2001

Cyber War
Steve Croft with Admiral Herbert Brown
60 Minutes
April 9, 2000
[No direct citation]
mirror for quote

Frequently Asked Questions (FAQ) About the Y2K Problem

An interview with Dr. Jeffrey A. Hunker
Director of the Critical Infrastructure Assurance Office
USIA, U.S. Foreign Policy Agenda
November 1998

Gordon Housworth

Cybersecurity Public  InfoT Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  


  discuss this article

The inflection point in reversed capital flow from China to the US has occurred and will accelerate


On the Brownfield side of manufacturing, automotive manufacturers and similar Tier 0 producers; and on the Greenfield side, Venture Capitalists, have driven their respective tier base and investment stable firms to China based solely on piece part or operating cost with no particular thought to what happens when (a) the cost advantage dissolves, (2) the effects of that move - which I call destabilization once its full ramifications become felt (also here and here), and (3) the shifting of money from dollars and treasury notes to investment by Chinese entities at a time when their US/EU competitors are facing relatively higher capital costs.

I wager that many firms don't even have the foresight to look past the piece part cost trap much less the other drivers. With so many sitting ducks, Chinese investors will prosper.

Monaghan speaks of a Chinese inflection point that I submit has already arrived but its structural effects have yet to make a measurable effect:

[B]eneath the excitement of the domestic [Chinese] story emerges the prologue to something perhaps far more important. China and Chinese corporations are no longer simply a destination for capital but a point of origin. A fundamental change has begun. Today, five of the top 10 global companies by market capitalisation are Chinese. We are seeing the first ebb in the tidal flow of capital. China's sphere of influence and responsibility is changing. The fundamentals that created China's success equally pressure China to find new sources of competitive advantage. Chinese capital will flow to those sources as the domestic economy matures. No longer is the local market the sole consideration. China is now actively adjusting focus and capital from internal to international markets. That ebb will become an unstoppable current.

None of the above includes the ultimate destabilizer when the Chinese employ administrative edicts, tariff strictures and noncommutative standards (Chinese products meet the standard but foreign products do not) to force out foreign firms out of China in concert with investments into the home territories of those firms. See Confluence of thinking on Chinese outsourcing and supply chain risks from DSB and USCC.

In any case, Monaghan's inflection point of capital flow had already begun only to be accelerated by weaknesses occasioned by the excesses of the subprime loan fiasco. China and other sovereign state investors will acquire stakes in key US investment banks on the cheap. (Yes, the markets have continued to fall, making some of these investments look less attractive, but were it not for the subprime impact those stakes would not have been available at all, much less than at the negotiated prices.) Monaghan makes what I would call a statement of the patently obvious were it not for the many firms that are unaware:

The implications are as significant as they are far reaching. It impacts everything from talent to technology, capital to competition and revenue to risk. It calls into question the very fundamentals of our investment and strategy in China and the role China will play in our global or regional operations. It implies increasing volatility and the need to ensure our organisations are agile and prepared for change...

It is essential for firms to break out Jack Welch's five strategy review questions:

These should be asked frequently and especially at any change in operating or environmental conditions. (They form a key jump point for our strategic planning and technology forecasting efforts.) Most firms are not doing so with respect to China, or if they are, do not like their implications and so push them aside.

China's Inflection Point
Steve Monaghan
15 Jan 2008

Citi Writes Down $18 Billion; Merrill Gets Infusion
Edited by Andrew Sorkin
DealBook/New York Times
January 15, 2008, 6:44 am

The Subprime - Trade Deficit Connection
Thomas Palley
posted on January 7th, 2008 at 9:07

Sub-prime Casualties Who Should Have Known Better
Finding Dulcinea
January 6, 2008 3:05 PM

$9.4 Billion Write-Down at Morgan Stanley
New York Times
December 20, 2007

Case Study: Jack Welch’s Creative Revolutionary Transformation of General Electric and the Thermidorean Reaction (19812004)
Pier A. Abetti
Volume 15 Number 1 2006, pp 74-84

China Investing in Rust-Belt Companies
Auto-Parts Maker Wanxiang Invests in U.S. Partners As Its Ambitions Expand
Wall Street Journal
November 26, 2004
Fee archive
Free Mirror

Control Your Destiny or Someone Else Will
James Altfeld's 'Cliffs Notes' version of Jack Stack's A Stake in the Outcome, 2002

The GE Way Fieldbook: Jack Welch's Battle Plan for Corporate Revolution
By Robert Slater
McGraw-Hill Professional
ISBN 0071354816
Published 2000

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  


  discuss this article

Operational analysis of Chinese 'cyber army' penetration and recovery techniques


The PowerPoint China Cyber Army documents a classic, highly organized Chinese IP attack/phishing pattern that we have seen previously but China Cyber Army is the first specific unclass description that we've seen on the recent spate of Chinese attacks against France (also here), UK (also here), Germany, the US, but to name a few.

A Taiwanese-American working in the US IT sector who graduated the same year in Taiwan as did the likely author, Chung-Ping Chen, or Charlie Chen, now at National Taiwan University, and has a number of Stanford and Taiwanese friends coming from the same class as Chen had this to say about the PPT: "Those are interesting slides, and probably a known secret for a lot of Taiwanese." These foils (slides) will come as bracing news to too many complacent US and EU corporations and defense entities who believe that they are not at risk at their desk on home soil.

Readers will gain background from:

Global context

It is helpful to place China Cyber Army within the context of rising state on state cyber ops. The third annual VIRTUAL CRIMINOLOGY REPORT, CYBERCRIME: THE NEXT WAVE, points out three trends for 2008 and beyond:

  • [G]rowing threat to national security as Web espionage becomes increasingly advanced, moving from curiosity probes to well-funded and well-organized operations out for not only financial, but also political or technical gain...
  • [I]ncreasing threat to online services because of the growth in sophistication of attack techniques. Social engineering, for example, is now being used in conjunction with phishing techniques-making the situation even more complex and posing an increasing threat to public confidence in the Internet.
  • [E]mergence of a sophisticated market in software flaws that can be used to carry out espionage and attacks on critical government infrastructure networks. The findings indicate a blurred line between legal and illegal sales of software vulnerabilities.

The states most at risk as cybertargets "are those countries which are heavily networked and reliant on the Internet as well as those countries with an unstable political environment."

The commercial and government sector seems to be unaware that a cyber cold war is underway:

The Chinese have publicly stated that they are pursuing activities in cyber-espionage and government white paper, as read by McAfee Avert Labs, they speak of technology being a large part of war in the future. The United States, United Kingdom, Germany and several other countries are likely targets for political, military, economic and technical espionage.

And other nations may have similar plans to conduct online spying operations.

"There are signs that intelligence agencies around the world are constantly probing other governments’ networks looking for strengths and weaknesses and developing new ways to gather intelligence," said Peter Sommer, an expert in information systems and innovation at the London School of Economics.

"Everybody is hacking everybody," said Johannes Ullrich, an expert with the SANS Technology Institute, pointing to Israeli hacks against the United States and French hacks against European Union partners. But it is aspects of the Chinese approach that worry him. "The part I am most afraid of is...staging probes inside key industries. It’s almost like having sleeper cells, having ways to disrupt systems when you need it if it ever came to war."

And with an estimated 120 countries working on their cyberattack commands, in 10-20 years experts believe we could see countries jostling for cyber supremacy."

Sommer warns that countries are undoubtedly gearing themselves up to launch international all-out online attacks. The present political environment is one in which countries are testing the waters to gauge the potential influence (and risks) of such assaults...

"The Chinese were first to use cyberattacks for political and military goals," said James Mulvenon, an expert on China’s military and director of the Center for Intelligence and Research in Washington. "Whether it is a battlefield preparation or hacking networks connected to the German chancellor they are the first state actor to jump feet first into the 21st century cyber warfare technology. This is becoming a more serious and open problem."

High-tech crime is no longer just a threat to industry and individuals...

China Cyber Army architecture and operation

China Cyber Army describes eight discrete operating groups placed in Beijing/TienJing, SiAnn, ShangHai, SiChuan, HuBei, JianSu, FuJian,and GuoDong. As Jun is the word for military troop, an individual group would be known as, say, HuBei Jun. (Unlike official state responses which have been reticent to name Chinese state assets as perpetrator, China Cyber Army pointedly labels China as the relevant actor.) The purpose of the groups is said to be commercial and military espionage as opposed botnet herding or site defacement. No surprise that "Motivation" is said to be "Political Control, Military Operation, and High Tech intelligent properties." Group membership is said to be drawn from university, military, criminal sources and what I would describe as global for-hire hackers, notably from Taiwan.

Hacker group roles are delineated as:

  • Attacker : scan, exploit attack, get control of way-station
  • Mailer: using free mail box or mass mail sender tool on way-station
  • Collector: backdoor master, get useful data from victim, somehow play as internal attack via victim machine
  • Operator: Stable, continuous maintain the latest data from victim
  • Analyzer: depends on language

These hacker groups demonstrate intense organization. A rigorous summer operating schedule of two shifts is described for this cyber army: Start work at 0750 GMT+8, primarily entry hacking and launching data collect commands; lunch at 1200 GMT+8; recover data from the morning effort; break at 1700 GMT+8; first shift ends at 1900 GMT+8 and is replaced by second shift. Attacks are said to be "everyday" which may be interpreted as a seven day week. Encryption keys are "arranged by area," group members employ "the same tool not common seen in the public internet," Chinese military signatures are seen in the tools and extensive use is made of language experts and machine translation.

Prime human targets are in government, defense, military, foreign affairs, media plus any site containing potentially sensitive information. Data target comprise the usual suspects: contact lists, mailbox contents, databases, passwords and keys, MS Office files, Acrobat PDFs, images and internal system settings. Once this data is gathered, relationship databases are constructed, key personnel are identified to receive email Trojans and phishing attacks, malware is inserted at key points, ID-passwords and keys are examined for subsequent targeting, while potentially useful data is routed to language analyzers (machine translation).

The Chinese employ three different attack and recovery processes described as "Type 1: Direct reverse Connect, Type 2: Relay Connect, Type 3: Switching Connect." From the diagrams in the PPT and a fair use PDF:

Direct reverse Connect

Hacker to Way Station Relay Program:

(1) Hacker change the DN
(2) Remote Control the WS through 3389 (TS) or other back door
(3) Open the backdoor controller on WS for victim on 80,53,443,1863

Way Station Relay Program to Victim:

(1) Backdoor on victim, Query the Domain Names or IP
(2) Connect to the way station through normal Ports like 80,53,443,1863 etc.

Relay Connect

Hacker to Way Station Relay Program:

(1) Hacker change the DN mapping to Way-Station
(2) Start the Relay Program on WS
(3) Open the backdoor controller on Hacker’s PC listening

Way Station Relay Program to Victim:

(1) Backdoor on victim, Query the Domain Names or IP
(2) Connect to the way station through normal Ports like 80,53,443,1863 etc.

Switching Connect

Hacker to Way Station Relay Program:

(1) Hacker change the DN mapping to Way-Station
(2) Start the Switching Program on WS
(3) Start the backdoor controller & Connect to WS
(4) Pick the Victim Connection , build a tunnel * Not all the flow will pass to hacker

Way Station Relay Program to Victim:

(1) Backdoor on victim, Query the Domain Names or IP
(2) Connect to the way station through normal Ports like 80,53,443,1863 etc.
(3) Waiting For Select!

Great efforts are taken to prevent discovery and shield attack source: multiple Way Stations, "Leveling" steps involving checking importance of victims and inserting new backdoors, dynamic domain name shifting, and parallel channels for downloads.

An "independent defense analyst," Cheng Ta-chen, was quoted in translation from Taipei Times regarding China's "cyber army":

It is reliant on imports for most of its computer hardware and software. More than 90 percent of the computer operating system used by China's government and military is imported from the US. The overall security of China's informatics and Internet is lacking and it does not have security controls for imported technology and equipment. Also, economic relations between China and the US are becoming more entertwined, so if the cyber army were to wage war on the US economy, it would easily create problems for China. None of these factors are beneficial to the development of China's cyber warfare.

A state of war, or peace, is merely a cost benefit analysis:

Economic and military threads are warp and weft of the same cloth, yet too many continue to believe the fallacy that nations that trade together do not war with one another. The reality is that they trade so long as their national cost-benefit analysis tells them to continue doing so. Tipping points exist. The key is to recognize their immergence and be prepared to prosecute them. Short of that, business must address the uncertainties as their governments jostle for advantage.

Obscured provenance and unusual release mechanism

The content of China Cyber Army is as interesting as its provenance is obscured. The anonymous poster used the name DeepThroat. The poster's join date to Slideshare was October 2007 and has only shared this one slideshow. I'd conclude that this alias came up with the express purpose of posting the cyber set. There are no introductory or closing foils (pages). The foils are atypically clean, i.e., they are not burdened by the typically overwrought graphics that the feds and the military employ.

Many of the foils have rather dodgy spellings and word constructions that are not bad enough, or consistent enough, to be a machine translation but appear to be the hand of a non-native English speaker. (Certain word constructs are tantalizing and cry out for clarification.) The "Asian fan" is the background is not something that an Occidental would generally use, but when I have seen a fan the subject is Japan rather than China. There is a nice touch in having a slide transcript as footer to the foils.

We found it interesting that DeepThroat used a "no download, view only" PPT format as the release mechanism instead of a PDF posted to one of many widely read security forums. As we thought the material of value and were uncertain how long the PPT would remain active, a full screen capture was made of each foil as individual jpg files, rolled into a PDF for better examination and portability, and then posted under a fair use guideline as China Cyber - Fair Use.

At the time of capture, DeepThroat listed only one contact in Slideshare, Jonathan Boutelle, a cofounder of Slideshare. A number of us found it curious that a phantom poster elected to cite Boutelle as a linked friend. For a variety of reasons, I'd first assumed that Boutelle was DeepThroat and had bought some room for plausible denial. I queried Boutelle with the courtesy note that I would cite his response in a forthcoming weblog entry. Boutelle replied:

Not me. But you can message that person through slideshare. Just go to their slidespace and click "send a private message". Regards, Jon [email]

Deciding against a voluntary appeal to DeepThroat to uncloak, I researched the PowerPoint text strings which led me to Charlie Chung-Ping Chen, or Charlie Chen, now at National Taiwan University.

Author search for China Cyber Army

Search for the author of China Cyber Army has focused on Associate Professor Charlie Chung-Ping Chen, or Charlie Chen, recently at University of Wisconsin-Madison and now at the Graduate Institute of Electronics Engineering, National Taiwan University, Taipei. (See personal data in the ICS Group.) Chen has potential motive and certainly has means and opportunity.

Taiwanese by birth, thereby open to an anti-mainland Chinese sentiment, Chen took a BS in computer science and information engineering from the National Chiao-Tung University, Hsinchu, Taiwan, in 1990. Moving to the US, Chen matriculated his doctorate in computer science from University of Texas, 1998.

Between 1997-1999 he was with the Intel Corporation as a senior CAD engineer with Strategic CAD Labs. He was in charge of several important interconnect and circuit synthesis projects in his microprocessor group.

Then assistant professor in the Electrical and Computer Engineer Department, University of Wisconsin-Madison, followed by the Graduate Institute of Electronics Engineering, National Taiwan University.

Searching the Chinese language blog, X-Solve, I found a likely source from an article, China Cyber Army~A!, describing Chinese predation on UK and French networks

The first response to this item is by a "Charlie Chen":

Internet Espionage: The China Cyber Army

Since 2003 Spet, we have found first big scale intrusion event, the victim
is the National Police Agency, attacked by at least 2 groups of china hackers,
from HuBei and JianSu.

2003 Oct. Taiwan Military Missile Plan Leakage. (Lw)
2004 Jan. Executive Yuan 300+ PC compromised.
2004 Apr. Fake Official Dept. E-mail with Trojan found
2004 Sep.
Ministry of Foreign Affairs and embassy compromised.()
2004 Nov.
DPP compromised. (Mh)
2005 May. Big scale: Gov, High-Tech,on-line banking, Science Park(200+ companies compromised)
2005 Jul. Taiwan,
Ministry of Foreign Affairs again.()
2005 Sep. Taiwan, National Security council compromised. ()
2005 Nov. Taiwan, Military Central Command compromised.()
2006 Mar. Taiwan,
Legislative Yaun, Reporters compromised. ()
2007 Apr. Military Operation plan leakage due to USB data collect backdoor. (h

The seventh response is by 'Tomato X' who cites a reply made by Charlie Chen to a Securuty Focus post:

Tomato X - 11th, 2007 at 6:59

The story is on going everyday
Charlie Chen

While Lemos' originating article in Security Focus is quite short:

China on hot seat over alleged hacks
Robert Lemos
SecurityFocus 2007-09-04

Fresh allegations surfaced on Monday that China's military has hacked other nation's networks to nab sensitive data, charges that the country denied for the second time in two weeks.

Charlie Chen's reply is fulsome with both the content and curious English phrasing reminiscent of the PPT:

the story is on going everyday 2007-09-10
Charlie Chen
Security Focus
Sept 10, 2007

Link to this comment:

There are a least 8 China Hacker Groups. we call them as HuBei Jun(Jun for military troop)

ShangHai Jun, Beijing/TienJing Jun, GuoDong Jun, FuJian Jun, SiChuan Jun, JianSu Jun, SiAnn Jun.

Through incidents handling and investigation with law enforcements, we found some evidences to prove the china hackers (targeted attack/ spearing phishing) were come from government (military,intelligent dept and public security).

We have inspect the tools, from the begining trojaned e-mail, backdoor, and realy tools in the way stations.

At first, using Microsoft word (*.doc) file with exploit, to drop backdoors or download spyware from other way stations.And the backdoor connect back to way station, when hacker came from China (fixed IP or ADSL) to remote controlling victims.

What they want is to collect the contact list files (outlook, MSN ...) to build a huge database about relationships for future use,from the contact list, hackers can send a 'well-make' trojaned mail to the others in the contact list, then victims will trust the e-mail's subject and fake e-mail source, open it and been compromised. And, periodically jump back to collect the latest documents in all file types. Even steal your mail account to have a copy of your mail boxes.

From the official document shows, the cyber operation was directly sponsored or supported by General Staff Department Sec. Four. And the evidences shows they:

(1) Organized: have principle, formal check-in/out time,

in our domain name (used by backdoor) observations, they start to work at 0700 GMT+8 Round 1, 1150 Lunch, 1400 Round 2, 1730 Take a break,

then, depends on group, have night team, to hack foreign countries.

(2) the Tools. not common seen in public Internet .some hacker groups using the same military produced/purchased hacking tools.

(3) the source IP we sniffer from incident handling, can be directly mapping to military regions of China.

A quick search on Charlie Chen includes Charlie Chung-Ping Chen, also known as Charlie Chen, at University of Wisconsin-Madison (his most recent position posting to National Taiwan University is far more obscure but still points to the Extended home page at Wisconsin). While there are other Charlie Chen's about, this is the only one online with the pedigree to perform the analysis shown in China Cyber Army:

Chen's posting at National Taiwan University is currently listed as on "leave of absence." The attack profile is familiar but Chen is one of the few that is writing a (semi) public analysis of recent attacks. There must be a network beyond Chen as his Security Focus comment talks about 'we' and working with the authorities. Sounds like a Baker Street Irregular group with symbiotic ties to the defense sector.

Chen is not keeping a sufficiently low profile when, with modest digging, I can get to this point. If the mainland is interested, they know this much and far more. Two emails to Chen to learn more about his research efforts in this area have yet to be answered.

US looks to military to take on cyber threats
Command centre to be offensive and defensive
Tom Young
10 Jan 2008

Researchers map China’s underground cybercrime economy
Posted by Larry Dignan @ 4:20 am
December 6, 2007

Cybercrime agency faces cuts as computer raid threats grow
Rhys Blakely and Sean O'Neill
From The Times
December 4, 2007

Studying Malicious Websites and the Underground Economy on the Chinese Web
Jianwei Zhuge, Thorsten Holz, Chengyu Song, Jinpeng Guo1 Xinhui Han, and Wei Zou
Peking University Institute of Computer Science and Technology Beijing, China
University of Mannheim Laboratory for Dependable Distributed Systems Mannheim, Germany
Reihe Informatik. TR-2007-011
December 3, 2007

Secrets of Shell and Rolls-Royce come under attack from China’s spies
James Rossiter
From The Times
December 3, 2007

World faces "cyber cold war" threat
By Peter Griffiths
Nov 29, 2007 8:37am EST


Cyber war to escalate in 2008
120 countries developing ways to attack computer networks
Andrea-Marie Vassou
29 Nov 2007

Nations must defend against cyber warfare
Problem is getting worse as technology improves methods of attack
Tom Young
29 Nov 2007

By Ian Brown, Oxford Internet Institute; Lilian Edwards, Institute for Law and the Web (UK); Eugene Spafford et al from CERIAS center at Purdue University (US)
The annual McAfee global cyber trends study into organized crime and the Internet in collaboration with leading international security experts
Commissioned by McAfee

Chinese Spying No. 1 Threat To U.S. Manufacturing
By Foster Klug, Associated Press
November 15, 2007

Panel: China's Spying Poses Threat to U.S. Tech Secrets
By David Cho and Ariana Eunjung Cha
Washington Post
November 15, 2007; 11:57 AM

Cyber war moves up Nato agenda
Increasingly co-ordinated assaults are alarming defence ministers
Tom Young
01 Nov 2007

China behind daily internet attacks on Germany
"Chinese cyber war" looking to bridge corporate and scientific gap
Matt Chapman
23 Oct 2007

Malicious code infects Chinese security site
Chinese Internet Security Response Team's Web site is rigged with a malicious hidden window that can allow code to run on a visitor's PC
By Jeremy Kirk
IDG News Service
October 03, 2007

China Cyber Army
October 2007

China says it's a cyberattack victim, not villain
Published on ZDNet News
Sep 22, 2007 1:15:00 PM

Beware lurking PRC cyber army
By Cheng Ta-chen
Translated by Anna Stiggelbout
Taipei Times
Sep 12, 2007

France blames China for hack attacks
Chinese whispers
By John Leyden
The Register
Published Wednesday 12th September 2007 15:49 GMT

France joins Chinese hacking row
Fourth country points the finger at Chinese hackers following breaches
Matt Chapman
10 Sep 2007

Chinese hacking row escalates
UK government accused of cover up
Iain Thomson
06 Sep 2007

CIO Magazine on IP Theft
Posted by Richard Bejtlich at 19:17
Tao Security
August 08, 2007

Gordon Housworth

Cybersecurity Public  InfoT Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Bhutto's assassination and other tribal terminations of "precious American assets"


With the assassination of Benazir Bhutto who was, make no mistake about it, a thief that pillaged her country, aiding and abetting a husband who compounded graft to excess, we now hear all manner of prattle about democracy in Pakistan, even comments to the effect that Pakistan is a democratic country encased in a military state. Rubbish. Bhutto was leading the Pakistan People’s Party (PPP), a party of the poor who expected a spoils distribution in their direction. Understandable as no one else was looking out for them, but one should not confuse that with democracy as we know it. Bhutto was a thief but she was being groomed as our thief. (Alternate view from Harlan Ullman who I respect in other matters. The Economist's obituary is more balanced.)

At root, "Bhuttoism" has "more to do with the mythic, untainted legacy of [Benazir's] father, than anything she had actually done. "Take a pillar, put it in a public square, and write Zulfiqar Ali Bhutto’s name on it... People will vote for the pillar.""

Bhutto had appeared somewhere between obdurate and dismissive of the threats facing her return. It appeared that pre-arrival planning by she and her entourage had underestimated threats against her person. My colleagues and I thought that her slow motion bus tour was idiocy and it was only fortune that she was not taken out on the eve of her return. Modestly chastened, Bhutto held a series of small unscheduled rallies but then held the well publicized, large event which allowed her attackers to carefully plan with great success.

She is now gone but the military, the ISI, and the increasingly radical religious parties remain. (Readers should treat Pakistan's military and the ISI as hierarchies of tribes for the purpose of understanding their motives and actions as well as noting that these tribes view India as the principal enemy over the Taliban.) I noted in 2004:

I am one of those that believe that Pakistan is "one bullet away from regime change" and the change will not be to our liking. We must remember that Pakistan "made the Taliban" in that they funded, trained, and protected it in return for the security of not having to fight a two-front war, access to energy sources in the Stans, and a conservative religious view that was, and is still, shared by many in the Inter-Services Intelligence (ISI), Pakistan's intelligence agency. Musharraf faces significant resistance in his support of the US war on terror, both at home in the south and more so in the tribal areas of Waziristan that have long been a law into their own.

We failed to learn our lesson in Afghanistan, then Iraq, and may now repeat the blunder in Pakistan. We cannot create institutions from whole cloth; we have to work with what is there. Rather than look to a mirror image of democracy that is not there, I repeat my observation that we should establish the Tammany Hall Institute of Graft and Corruption which of course will lead to discretionary enforcement with the Foreign Corrupt Practices Act (FCPA). Countries are not a construct that works in this region. Tribes work, as we are belatedly seeing in Iraq.

Kaplan does a nice short job of tribal value in It's the Tribes, Stupid!:

It is such traditional loyalties existing below the level of the state that historically both Marxist and liberal intellectuals, in their efforts to remake societies after Soviet and Western democratic models, tragically underestimated. A realist like St. Augustine, in his City of God, understood that tribes, based on the narrow bonds of kinship and ethnicity rather than on any universalist longing, may not constitute the highest good; but by contributing to social cohesion, tribes nevertheless constitute a good in and of themselves. Quelling anarchy means starting with clans and tribes, and building upwards from those granular elements.

The tribal nature of Pakistan is even more pronounced than in Iraq. Pakistan, divided among geographically based ethnic groups, is a nuclear Yugoslavia-in-the-making. Our troops are already in Afghanistan. So it is highly conceivable that we will have boots on the ground in Pakistan’s border area with Afghanistan. This is the true frontline in the war on terrorism, where presumably the leadership of al-Qaeda is ensconced. Our troops will find there a deathly volcanic landscape of crags and winding canyons and alkaline deserts 1,000 miles long and 100 miles wide. In this high desert, the tribes rule: Dravidian Raisanis, Turko-Iranian Baluchis, and Indo-Aryan Pushtuns. Neither the British nor any succeeding Pakistani government has managed to subdue them.

The tribes of Baluchistan and the Northwest Frontier Province don’t require Western institutions because they already have institutions of their own. What we call warlords are often, in reality, tribal elders who settle divorce cases, property disputes, and other civil conflicts for which we resort to the courts or government. If the American military deploys to these badlands in numbers large or small, it will follow the Anbar example of working with the tribes, greasing their palms for information on al-Qaeda, while accepting their social and political way of life.

There is nothing wrong or cynical about this. Where democratic governance does not exist, we must work with the material at hand. We have inherited our Anglo-Saxon traditions of liberty and democracy just as other peoples, with different historical experiences and geographical circumstances, have inherited theirs. And these other peoples yearn for justice and dignity, which does not always overlap with Western democracy. Throughout the Arab world, old monarchial and authoritarian orders are now weakening. Keeping societies stable will depend largely on tribes, and the deals they are able to cut with one another. In the Middle East, an age of pathetic, fledgling democracies is also an age of tribes.

Pakistan is a compote of competing tribes

I noted in Pakistan a failed state by 2015? Why not now?:

Think how much we owe to the British [for] their manipulation and balkanization of tribal landscapes in Africa and Asia. The UK handed power in Rwanda to the Tutsis over the Hutu. Whenever one sees a 'straight-line' boundary on maps today, it is generally the work of Colonial powers not perceiving value in a landscape, i.e., it had no military, commercial, or diplomatic value to one or more Colonial states. Those tidy lines repeatedly divided tribal areas and are a bane of the OAU to this day.

At other locations, the British intentionally divided tribal lands in order to weaken them, e.g., the Durand Line which divided ethnic Pashtuns in half, making their dream of a Pashtunistan stillborn, as it drew a boundary between Afghanistan and then British India (this part of which later becomes Pakistan).

By the 1920's, British hold over what is now India and Pakistan was weakening. Muslims, a sizeable majority in these territories, were beginning to push for a separate state. The name "Pakistan" itself was coined in 1933, being the first letters of all the territories the Muslim separatists desired to be included in their state: Punjab, Afghania (now the NWFP), Kashmir, Iran, Sindh, Tukharistan, Afghanistan and Balochistan. The word "Pak" also means "pure" in Persian languages. The official language spoken in Pakistan today, Urdu, is related to the Farsi spoken in Iran and the Dari language spoken in Afghanistan.

Bowing to the inevitable quest for independence, the UK passed the India Independence Act in 1947, creating two dominions, India and Pakistan, that lesser states could join. In order to provide Pakistan with the port of Karachi, Balochistan, over its objections, was 'given' to Pakistan. (Desiring independence from both Pakistan and India, Balochistan was invaded by Pakistani forces after partition.) Kashmir's indecision over which dominion to join causes agony to this day.

Pakistan is a compote of Sindh, Punjabi, Baloch, Pashtu, Bengali (from Bengal and Bangladesh), Urdu-speaking Muslims (muhajirs (refugees) from India), and tribal groups predating British presence such as the Amb, Chitral, Dir, and Hunza. There are no ethnic Pakistanis, but led by a military elite trained by British officers, the compote went to war with India in 1949.

The British bribed them; why can't we?

Some tribes are more ungovernable than others. Pakistan's North West Frontier Province (NWFP) [map, map] lies along the Durand Line.  Opposite Afghanistan's Tora Bora area, the NWFP's southwest rim contains the Federally Administered Tribal Areas (FATA):

The tribal areas had a population of 5.7m according to the 1998 national census. There are seven tribal areas : Khyber, Kurram, Orakzai, Mohmand, Bajaur, North Waziristan and South Waziristan, all inhabited by Pashtun tribes. The tribal areas, or agencies as they are called, were created by the British to serve as a buffer between undivided India and Afghanistan.

The British devised a special system of political administration to govern the freedom-loving Pashtun tribes who resisted colonial rule with a determination unparalleled in the subcontinent. The tribal people were granted maximum autonomy and allowed to run their affairs in accordance with their Islamic faith, customs and traditions.

Tribal elders, known as Maliks, were given special favours by the British in return for services such as maintaining peace, keeping important roads like the Khyber Pass open, and apprehending anti-state and anti-social elements. The system of administration has not changed much [since] Pakistan's independence [in 1947].

Of the FATA districts, North and South Waziristan [map, tribal map] has always been apart, ungovernable by the seat of government, even before partition. The adjoining areas to the north and east are little better. North and South Waziristan districts "are openly controlled by the Taliban" as is the Bajaur Agency to the north (also on the Afghan border). Directly east of the Waziristans, the districts of Tank and Dera Ismail Khan "are under threat" as are the districts of Kyber Agency and Peshawar.

These tribal regions are now home to a complex mix of foreign fighters - Arab as well as the Islamic Movement of Uzbekistan, Pakistani and Afghan Taliban. Intercene warfare among these groups is presented by Karachi as evidence of success of the Waziristan Accord, but in fact Pakistani military elements are either ill trained, demoralized, even sympathetic. The jihadists operate freely across districts and cross-border. It will be interesting to watch the US try its hand at an Anbar-like tribal paramilitaries.

Further problems rise with those 'special tribes', the military and the ISI who are deeply divided in their loyalties. The analogy to Pakistan is the Republic of Korea (ROK). Seoul always saw Japan as its aggressor state, not the DPRK or China, despite sustained US efforts. Karachi sees India as it aggressor state; In its efforts to forestall a two-front war, significant elements of the ISI/Army built the Taliban and now support various jihadists in the tribal areas.

The endgame is Pakistan, not Iraq

US nightly news leads its citizens to dwell on Iraq to the exclusion of other regions. As severe as events on the ground in Iraq may be, the endgame - the next generation of jihadists - are forming in Pakistan. I urge readers to a pair by Saleem Shahzad in Le Monde diplomatique under the rubric Global jihad splits into wars between Muslims:

The takfirism article is a short companion piece to introduce unfamiliar readers to takfirism. US readers unfamiliar with takfirism will remember one of its troublesome adherents in al-Qaida in Iraq, Abu Musab Al-Zarqawi, killed in 2006:

Takfirism is a centuries-old belief that suddenly revived among Islamic militants in Egypt after the Israeli victory in 1967. It claims that the Muslim ummah (the community of believers) has been weakened by deviation in the practice of Islam. Takfirism classifies all non-practising Muslims as kafirs (infidels) and calls upon its adherents to abandon existing Muslim societies, settle in isolated communities and fight all Muslim infidels.

The money piece is Shahzad's analysis of intercene struggles among the activist Muslim fighters:

The confrontation between the two strategies – and two different ideologies – of the Islamist struggle is getting more violent. Many of the foreign volunteers who have flooded into Pakistan and Iraq since 2003 are Takfirists, who regard "bad Muslims" as the real enemy... Indigenous Islamic resistance groups have reacted uncomfortably to the growth of this near-heresy within al-Qaida which, by waging war against Muslim governments, has brought chaos to the populations it claims to defend.

Between 2003 and 2006, across the war zone that is the two Waziristans, Afghanistan and Iraq, the complexity of the situation reinforced al-Qaida’s doctrinaire thinking and reduced indigenous groups to silence. The consequence of Takfirist influence was the emergence in the two Waziristans of a self-styled Islamic state that challenged the writ of the Pakistan government within its own boundaries and fuelled the spread of armed conflict to major cities. The aim was to provoke armed insurrection against the pro-western military regime.

The fierce response of the Pakistani army... fuelled the anger of Takfirist ideologues. But many Taliban leaders privately felt that the Takfirists had lost touch with reality and were distorting the sharply focused anti-western strategy developed during the 1990s by Osama bin Laden. The war of national resistance against foreign occupying forces had been transformed into one aimed at Pakistan’s military establishment...

The Arabs who poured in to join the Afghan resistance fell into two camps, Yemeni and Egyptian. The zealots who went to Afghanistan, inspired by their local clerics, were mostly in the Yemeni camp. In breaks from fighting they spent their days drilling and cooking their food, before going straight to sleep after the isha (last prayer of the day). As the Afghan jihad tailed off, they went home or melted into the population in Afghanistan or Pakistan, where many married. In al-Qaida circles, they were called dravesh, easy-going.

In the Egyptian camp were the politically minded and ideologically motivated. Though most belonged to the Muslim Brotherhood (1), they opposed its commitment to elections and the democratic process. The Afghan jihad cohered these like-minded, often educated, individuals, many of them doctors and engineers or former soldiers associated with the Egyptian Islamic Jihad under Ayman al-Zawahiri, now Bin Laden’s deputy. This group had been responsible for the assassination of president Anwar Sadat in 1981 after he signed a peace deal with Israel at Camp David. All agreed that the US and its puppet governments in the Middle East were responsible for the decline of the Arab world...

"Most Yemeni fighters, simple minded warriors whose only ambition was martyrdom, left Afghanistan after the fall of the Communist government. The Egyptians stayed because they had other ambitions as yet unfulfilled. When Osama bin Laden joined them, after he left Sudan in 1996, they focused on shifting his basic thinking from opposition to American hegemony in the Middle East towards a Takfirist perspective.

Read the entire piece to see what you should be reading in the high street press. Recommended.

Battle lines have now been drawn between the establishment political parties, Musharraf (Pakistan Muslim League (Q) aka PML "Quaid-i-Azam group"), Bhutto/Zardari (Pakistan People's Party) and Nawaz Sharif (Pakistan Muslim League (N) aka PML "Nawaz group"), et al, and the ideologues of al Qaeda, notably an Egyptian cleric Sheikh Essa (alternately Issa, Is'sa) whose given name is Abu Amro Abdul Hakeem.

[An aside on Hakeem is valuable: Researching Hakeem, I found almost all incidences to be reentrant, i.e., they point to Shahzad's posts while not appearing in my standard terrorist/jihadist databases. Contacting Shahzad about the lack of data, he kindly advised that me that there were few citations available on Shiekh Essa. I find it remarkable that an Islamist so central would have such a small footprint in English. I put this as another example of the US failure to focus, at least in the unclass press, on the essential, i.e., while the administration and its senior figures focus attention on Iraq to justify the invasion there, they do nothing to flag the threats rising in Pakistan. (CIA/military assets were aware of Essa as they wounded him in a missile attack the day following Bhutto's assassination.)]

Prior to 2003, the entire al-Qaeda camp in the North Waziristan and South Waziristan tribal areas of Pakistan was convinced that its battle should be fought in Afghanistan against the foreign troops there, and not in Pakistan against its Muslim army.

That stance was changed by Sheikh Essa, who had taken up residence in the town of Mir Ali in North Waziristan, where his sermons raised armies of takfiris (those who consider all non-practicing Muslims to be infidels). He was convinced that unless Pakistan became the Taliban's (and al-Qaeda's) strategic depth, the war in Afghanistan could not be won.

In a matter of a few years, his ideology has taken hold and all perceived American allies in Pakistan have become prime targets. Local adherents of the takfiri ideology, like Sadiq Noor and Abdul Khaliq, have grown strong and spread the word in North Waziristan. Former members of jihadi outfits such as Jaish-i-Mohammed, Laskhar-i-Toiba and Lashkar-i-Jhangvi have gathered in North Waziristan and declared Sheikh Essa their ideologue.

This is the beginning of the new world of takfiriat, reborn in North Waziristan many decades after having first emerged in Egypt in the late 1960s. On the advice of Sheikh Essa, militants have tried several times to assassinate Musharraf, launched attacks on the Pakistani military, and then declared Bhutto a target.

Orchestrating the termination of "precious American assets" in Pakistan

Asia Times maintains consistent coverage of central, west, southeast and southwest Asian matters not seen in the US press. Readers will find many of Shahzad's pieces there:

"We terminated the most precious American asset which vowed to defeat mujahideen." These were the words of al-Qaeda’s top commander for Afghanistan operations and spokesperson Mustafa Abu al-Yazid, immediately after the attack that claimed the life of Pakistani politician Benazir Bhutto on Thursday (December 27)...

At the time of her death, Bhutto was vigorously campaigning around the country, following the November 20 announcement of general elections to be held on January 8. She had returned to Pakistan from exile in October, after a US-brokered deal with Musharraf gave her immunity from charges of corruption during her previous terms as prime minister. In return, her Pakistan People’s Party (PPP) supported Musharraf’s bid to be re-eleted as president...

"This is our first major victory against those [eg, Bhutto and President Pervez Musharraf] who have been siding with infidels [the West] in a fight against al-Qaeda and declared a war against mujahideen," Mustafa told Asia Times Online by telephone.

He said the death squad consisted of Punjabi associates of the underground anti-Shi’ite militant group Lashkar-i-Jhangvi, operating under al-Qaeda orders. The assassination of Bhutto was apparently only one of the goals of a large al-Qaeda plot, the existence of which was revealed earlier this month.

On December 6, a Pakistani intelligence agency tracked a cell phone conversation between a militant leader and a local cleric, in which a certain Maulana Asadullah Khalidi was named. The same day, Khalidi was arrested during a raid in Karachi. The arrest, in turn, led to the arrest of a very high-profile non-Pakistani militant leader, which, it is said, revealed an operation aimed at wiping out "precious American assets" in Pakistan, including Musharraf and Bhutto.

The operation is said to have involved hundreds of cells all over Pakistan to track targets and communicate with their command, which would then send out death squads.

We appear to continue to underestimate the organizational skill and reach of al-Qaeda, or if we do not, are unable to interdict it:

The group accused in Bhutto's killing, Lashkar-i-Jhangvi, was also among the alphabet soup of militant groups that were spawned by the Afghan war. One of the most vicious of these groups called itself Sipah-e-Sahaba and used religious justifications for jihad from an austere sect of Islam called Deobandi, similar to the ideology of the Taliban. Sipah-e-Sahaba and similar groups believe that one obligation of "true Muslims" is to kill so-called apostates like Shi'ites. In the early 1990s, these veterans from the Afghan wars, with no more war to fight, launched a bloody sectarian campaign against Pakistani Shi'ites. In 1996, amid these attacks, Lashkar-i-Jhangvi was formed by a disgruntled member of Sipah-e-Sahaba who named his group after the martyred founder of Sipah-e-Sahaba, Haq Nawaz Jhangvi...

The group has close ties to al-Qaeda. The leadership of Lashkar-i-Jhangvi [LiJ] fought alongside many high-ranking al-Qaeda and Taliban operatives against the Northern Alliance in Afghanistan before Sept. 11, 2001. U.S. intelligence agencies believe many in its ranks trained in al-Qaeda-run camps in Afghanistan during the late 1990s. When al-Qaeda retreated from Afghanistan in 2002, many of its fighters are believed to have joined forces with Lashkar-i-Jhangvi and Lashkar-i-Tayyba [LeT]... Since then, the groups have targeted pro-Western entities of Pakistani society. In March 2002, [LiJ] retaliated against the U.S. invasion of Afghanistan and the resulting fall of the Taliban by launching a grenade attack on the International Protestant Church in Islamabad... The group is responsible for dozens of attacks inside Pakistan over the past decade including sectarian killings of Shi'ites and Christians, a failed 1999 assassination attempt against then-Prime minister Nawaz Sharif, and involvement in the kidnapping and beheading of the Wall Street Journal correspondent Daniel Pearl...

Calibration is useful: Readers should note that Nawaz Sharif, now returned from exile and again running for government office, is not considered pro-US and is too Islamic in his leanings (the US put forth Bhutto over Sharif), but even he is fair game for the LiJ.

Hanging over all jihadist paramilitaries are their founding roots in the ISI and the army. It tries the imagination to believe that ISI-army elements do not maintain de facto or de jure contact:

[Frederic Grare states] "It is probable there are links between Lashkar-i-Jhangvi and al-Qaeda... but it is certain they do have links to the government... If the government itself says Lashkar-i-Jhangvi is involved, it is suicidal because it opens the door to speculation about their own role." Indeed, while Pakistani authorities have had a hand in encouraging groups like Lashkar-i-Jhangvi and Lashkar-i-Tayyba, Islamabad has done little to systematically dismantle these jihadist "armies" now that their original purposes fighting the Soviets and supporting the Taliban in Afghanistan or fighting the Indians in Kashmir are over. [Stephen Cohen notes] "They have nothing else to do... and they are causing mischief... It's like a cancer you've started elsewhere that comes back to eat you up."

Bhutto's assassination was said to 'highlight' the failure of two of Bush43's primary objectives for the region, a "quest to bring democracy to the Muslim world" and the "drive to force out the Islamist militants" from Pakistan. At this point, while I agree on the expulsion target, I see the governance objective as more contrived than genuine, i.e., democracy was conspicuously absent from the region until no WMD were found in Iraq. A soft underpinning not withstanding, I suppose that once the claim has been staked, however belatedly, that the administration can be marked for nonachievement.

Semiprecious assets

It was hard to take Benazir Bhutto's comments at face value that she was firm in her conviction that her children should not go into politics ("Politics in Pakistan is much too dangerous."), preferring her son to become a lawyer. Now the succession strategy said to 'reflect' her wishes has tipped her son, Bilawal Bhutto Zardari, to "lead the party when he finishes his studies at Oxford University" while her husband, Asif Ali Zardari, known as "Mr. 10 Percent" for graft gained from government contracts, acts as regent. (In Bhutto's second term as prime minister, Zardari's nickname was raised to "Mr. 40 Percent.") Only "intense" "pressure to keep the party's leadership in family hands" could promote the unlikeable Zardari (disliked equally by the PPT, the US and European states). It is hard to imagine a more appealing target for the Jihadists than Zardari. One should also not rule out an attack against Bilawal while he is in the UK.

India in the wings

A colleague whose skill in this area I trust remarked, "The unknown wild card yet to be played will be India. Will India move in to fill the vacuum created by a Paki breakdown?" My response was:

India will have no choice. I make it an issue of how and how often as opposed to if. China has been stepping up its military and commercial support to Pakistan. India will have to both secure its western borders as well as check Chinese flanking efforts. If [Pakistani] fissile packages go at risk, we can expect to see US, Indian and Israeli SpecOps assets, [who] alone and in various pairings [a cooperative effort already underway], attempt to secure them. That alone could precipitate interesting Paki reactions. [email]

As I have noted previously, a recovery hierarchy that commences with SpecOps units must ultimately terminate in the decision cycle to detonate fissile packages deemed unrecoverable and about to go rogue. Despite repeatedly revisiting this idea, I do not see how any of the three states in question can do anything to the contrary. Further complicating the matter is that Israel, India and the US may have different trigger points, a noforn release of such sensitive data to their putative partners who will have assets in-country, the targeting information may be highly transitory leading to a 'use it or lose it' state of mind and, once a decision is taken to inform one or more partners, a less than effective communications process may intercede.

The risk calculus for all parties is enormous; It is hard to remove regional nuclear war in SW Asia as an endgame. India is now the Great Imperialist of SW Asia. If someone has to attack Pakistan, I'd rather it be them than us.

Hazarding prediction

Western readers are not getting the point, a lapse that I put that down to the investigative failure on the part of the high street journalists that are supposed to serve them. Take away this central theme:

Democracy, autocracy, junta, or coalition are meaninglessly interchangeable to the takfiri. Each will be attacked with increasing vigor unless the takfiri are interdicted as their only acceptable form of government is a uniformly Sunni Muslim theocracy.

The horrific distraction and dilution of US diplomatic, military and reconstruction attention from Afghanistan to Iraq, having already robbed us of the ability to capitalize upon our early successes in Afghanistan, will now put Pakistan into play as well as Afghanistan.

Further, the defining error of the Bush43 administration will be Iraq which spawned the dropping of Afghanistan, a fragmentation of an extremely fragile Pakistan that may well be beyond our grasp to recover on our terms, put China and Russia into positions of strategic advantage vis-à-vis the US, vastly weakened global US military responsiveness (if nothing else for the replacement and refurbishment demands on the Iraqi Ops tempo), et al. In 1949, conservatives demanded to know, "Who lost China?," then proceeded to a witch-hunt at State in an effort to punish the innocent.

In the coming decades, there will be no surprise as to who lost so much. It will seen as a great sadness, but no defense, that those who acted in error did so with the most patriotic intentions.

Updated 3 Jan, 2008

Pakistan - Nuclear-Related Facilities
Center for Nonproliferation Studies

Pakistan - Special Weapons Facilities [maps at bottom of page]
Federation of American Scientists


Obituary Benazir Bhutto
From The Economist print edition
Jan 3rd 2008

We Are Ready to Die
Nicholas Schmidle
Virginia Quarterly Review
Jan 2, 2008

U.S. Isn’t Ready to Accept Pakistan’s Initial Findings
New York Times
January 2, 2008

Al-Qaeda aims at Pakistan's heart
By Syed Saleem Shahzad
Asia Times
Jan 1, 2008

'Loss of a very great lady'
By Harlan Ullman
Washington Times
January 1, 2008

Bhutto's Son, Husband Named to Lead Her Party
Opposition Parties Announce They Will Participate in Election; Date for Vote Still Uncertain
By Griff Witte
Washington Post
December 30, 2007; 11:58 AM

Shady reputation trails Bhutto's husband
Associated Press
Sun Dec 30, 2:15 PM ET

Benazir Bhutto's husband 'Mr. 10 Percent' to head family dynasty in Pakistan
December 30, 2007

Al-Qaeda claims Bhutto killing
By Syed Saleem Shahzad
Asia Times
Dec 29, 2007

Bhutto's Jihadist Enemies
By Brian Bennett
Friday, Dec. 28, 2007

Many Had the Desire, Means to Kill Bhutto
By Joby Warrick and Thomas E. Ricks
Washington Post
December 28, 2007

The Traditional Rebel
Benazir Bhutto Was a Woman Of Contradictions and Convictions
By Molly Moore
Washington Post
December 28, 2007

U.S. Brokered Bhutto's Return to Pakistan
White House Would Back Her as Prime Minister While Musharraf Held Presidency
By Robin Wright and Glenn Kessler
Washington Post
December 28, 2007

The Void Left Behind
By Ahmed Rashid
Washington Post
December 28, 2007

Bhutto Murder Fits Pattern of Lashkar I Jhangvi Terrorism, With Nasty Implications
By Jonathan Winer
Counterterrorism Blog
December 28, 2007 02:14 PM

The Nelson Report on Bhutto Assassination
Steve Clemons
Washington Note
Posted by steve at December 27, 2007 09:05 PM

Bhutto Attack Cuts Short an Epic Life
Associated Press
27 December 2007

Bhutto: Fatal bomb was rigged to baby
By Betsy Pisik
Washington Times
December 14, 2007

U.S. Hopes to Use Pakistani Tribes Against Al Qaeda
New York Times
November 19, 2007

Al-Qaida: the unwanted guests
As the arc of chaos grows from Afghanistan to Somalia by way of the Middle East, the region’s states are growing weaker and their armed groups gaining in power. But in this battle for competing visions between the US and al-Qaida, the Sunni resistance is now opposing al-Qaida in Iraq, as are the Taliban in Afghanistan.
By Syed Saleem Shahzad
Le Monde diplomatique
July 2007

Takfirism: a messianic ideology
By Syed Saleem Shahzad
Le Monde diplomatique
July 2007

Red-on-red in Waziristan
By Bill Roggio
The Long War Journal
March 21, 2007 3:12 AM

Return of the Taliban
Martin Smith; Ed: Jason Schmidt
Airdate Oct 3, 2006

Waziristan accord signed
By Pazir Gul
September 06, 2006 Wednesday Sha'aban 12, 1427

Al-Qaeda and Hezbollah look to make up
By Syed Saleem Shahzad
Asia Times
Aug 25, 2006

Lashkar-e-Jhangvi (LeJ)
Aliases: Army of Jhangvi, Lashkar I Jhangvi (LJ)
MIPT Terrorism Knowledge Base

IN THE SPOTLIGHT: Lashkar I Jhangvi
Mar. 3, 2003

Pakistan Sentences Bhutto To 5 Years for Corruption
New York Times
April 16, 1999

Gordon Housworth

InfoT Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Who is encircling whom?: China and the US


Economic and military threads are warp and weft of the same cloth, yet too many continue to believe the fallacy that nations that trade together do not war with one another. The reality is that they trade so long as their national cost-benefit analysis tells them to continue doing so. Tipping points exist. The key is to recognize their immergence and be prepared to prosecute them. Short of that, business must address the uncertainties as their governments jostle for advantage.

It is no secret that the US and China have a multi-faceted relationship, one part of which is China's rise, the US, and lesser EU, effort to shape, even control, that rise, and China's countermeasures. At the moment, I rate China better at playing its hand than has the US. Worse, I feel that the broad US posture in both Washington and the UN has unnecessarily alienated potential allies while allowing China an easier path in its patient pursuit of Asian hegemony at a minimum and perhaps more. Following are some thoughts along that road.

Uncertain containment allies in the Pacific

It should not be a secret to readers that part of US efforts to contain China is the creation of marine defense network linking the US with Japan, Australia and India in order to deliver control of the Pacific and Indian Oceans into western hands.

The so-called "golden age" of US-Japanese relations under Prime Ministers Koizumi and Abe came to an end with the election of Yasuo Fukuda, a man definitely not "on the same ideological wavelength" as Bush43. The US had seen, and still hopes to see, Japan as a key component of its defense planning for a generation:

The key calculation for the Pentagon is whether Japanese military assistance will be available to the US should a crisis erupt with China, perhaps over Taiwan or some other cause... "To put it in stark terms, the question for us is whether Japan regards itself as an offshore island of China or of the US."... The official stressed that the US continues to view Japan as an "extremely reliable" ally with which highly sensitive defense cooperation [will] continue.

The resignation of Japanese Prime Minister Shinzo Abe came as a surprise to the US; the election of Yasuo Fukuda over the preferred Taro Aso came as an unpleasant smack:

"Japan is the crown jewel of [US] Asian defense posture. If Japan becomes less reliable, we will have to rethink our plans." Of special concern are US hopes for a defense network which includes the US, Japan, Australia and India. This idea has been the subject of regular exchanges between US officials and their foreign counterparts, most recently on September 9th..

Bush43 had promoted Japan as a new member of the UN Security Council based upon the expectation that Japan would expand its role in global security and assist the US should relations worsen with China:

"We are taking many measures to promote stable relations with China, but it would be irresponsible not to plan for a deterioration. Japan is a big part of this planning." The US concern is that Fukuda will rule out a role for Japan in an anti-China alliance. Should this happen, the US would, in the words of a Pentagon planner, "have to go back to square one for our Asian policy."

Worse, Japan could yet invite China in:

"A nightmare would be if Japan suggests that China joins the alliance. This would defeat its rationale." On the economic front, the US also has concerns that momentum toward reform is slowing [and that] recent requests on privatization and liberalization will meet resistance. The combined result of the potential setbacks on both the security and economic fronts is that US-Japan relations may become, in the description of a White House official, "problematic."

For its part, the Japanese postwar Jekyll & Hyde of diplomatic runt and economic workhorse is winding up. As part of the postwar Pacific realignment, it is interesting to contemplate a nuclear Japan that is not a "US Japan," that Sancho Panza will ride on his own:

The Six Party Talks are no longer an institutional mechanism to terminate the Cold War structure that persists on the Korean Peninsula. It has now metamorphosed into a detente approach predicated on continuous confrontation and coexistence with Pyongyang's die-hard dictatorship. The aim of this approach is to defuse politico-military tensions created by Pyongyang's confidence in the efficacy of the threat and use of nuclear weapons. Yet any transformation of the tensions is expected to occur only in the form of a series of concessions made by North Korea in response to large-scale international economic assistance given to it. Such economic assistance would be provided synchronous with the creation of a post-Korean War peace regime and the eventual formation of a regional multilateral security framework in Northeast Asia. This means the resolution of the North Korean nuclear and abduction issues will have to wait until Korean unification takes place.

Japan is practically the only country capable of providing such a massive amount of aid. However, Pyongyang's impending nuclear threats and indisputable offenses against sovereignty in the form of repeated abductions of Japanese nationals have convinced the Japanese government not to provide aid until Pyongyang has achieved complete denuclearization, scraped its ballistic missiles, and settled the abduction issue. Since this government policy is rooted in a solid national consensus, Tokyo has little room for making compromises, at least in principle.

Furthermore, the Japanese public is now fully aware that Washington has ceased to speak of complete denuclearization (CVID), the HEU programs and, most crucially, the dozen or more rudimentary nuclear warheads that North Korea is believed to possess. It will not take long before the Japanese public realizes that Washington is extending a de facto, if not de jure, recognition of Pyongyang's nuclear power status.

Consequentially, Washington's detente approach will sooner or later cause a backlash in Japanese public opinion, which will force the Japanese government to rethink its strategic calculations and alliance policy. Now that the opposition Democratic Party of Japan has seized control of the upper house of the Diet, Washington can no longer take Japan's followership in diplomacy for granted. Tokyo has become increasingly less pliable to US security interests...

For China's part, Beijing is doing what it can to unwind the last decade's effort of a US China containment policy. One wonders when Japan hits a tipping point, as much by demographics as defense, in its ability to deter the Chinese.

US relations with India are "awkward":

Of greatest concern to the [US] are indications that there is growing Indian hostility to Washington’s hope of turning India into a "new Japan in South Asia", that is, an ally wholly aligned with US interests. US officials had noted with satisfaction the signing in late 2006 of an India-Japan Global and Strategic Partnership but now see it losing momentum. They are confident that relations with New Delhi will get back on track but concede that opportunities have been missed.

The US had hoped to create a trilateral defense relationship with India and Japan as the US felt that that regional multilaterals such at the ASEAN Regional Forum (ARF) deferred to China. (I would were I them.) The US wants "India to see itself as a maritime power" allied with the US/EU rather than a continental power allied with Russia and China.

The strong US-Australian rapproachment ended or was at least curbed with the victory of Prime Minister Kevin Rudd over the hawkish John Howard. Given Rudd's "strong Chinese connections," observers expect Australia to break away from a foreign policy supportive to the US and specifically move to further accommodation with China.

Elections reverse governments, at least in the West, and so regional policy may swing more towards US interests. My point is that the long tail of postwar certainty in US assumptions is waning while I see that of China increasing. Too much of the difference is a US self-inflicted wound.

China strategy patiently executed

My 2004 short trio summarize the approach that China continues to pursue with consummate skill:

'Peaceful Rise' overcoming 'China Threat' opens:

China's regional and global diplomatic initiative, "peaceful rise" or heping jueqi, literally "emerging precipitously in a peaceful way," is a masterful endeavor to extricate itself from the collar of "China threat" imposed by the US. Heping jueqi shows a level of nuance, patience, and simultaneous flooding of regional and global diplomatic channels with a level of personal diplomacy at which the US can only marvel, if indeed, it has recognized.

Heping jueqi is marked by:

  • Diplomatic drive for regional acceptance of PRC's expanding sphere of influence
  • Enshrining China as Asia's predominant economic force
  • Leveraging economic cooperation into political influence over Southeast Asia
  • Offsetting and eventually diminishing US influence
  • Regional and international acceptance of China as the Asian superpower with hegemony over the region

China's controlled 2004 deployment of police/peacekeepers to Haiti marked its end of diplomatic non-intervention. See China reverses a half-century on diplomatic non-intervention as it becomes a model UN citizen.

Hegemons come and go: a renewing Chinese hegemon eyes a mature US hegemon, also 2004, drew on "Chinese open source literature paint an intriguing view of the Sino American relationship":

  • The US is a hegemonic power that is "a major obstacle and competitor for influence in Asia"
  • The US is a superpower in decline, losing global economic, political, and military influence
  • China aspires to be a "major international power and the dominant power in Asia. To that end, China is actively pursuing a multipolar world where it could align with other rising powers such as Russia, Japan, and Europe in order to check or challenge U.S. power"
  • China can counter US power by its pursuit of a multipolar world "where it could align with other rising powers such as Russia, Japan, and Europe"
  • Maintain stable and good relations with the US as it is "an important market for Chinese goods and an important source of science and technology, financial capital, and foreign direct investment--all central components of Chinas rising status and strength"
  • "Although technologically superior in almost every area of military power, [the US] can be defeated, most particularly, in a fight over Taiwan in which China controls the timing"
  • Al Qaeda's 11 September attack changed only Chinas approach to the US but not the fundamentals of its vision

Beijing has continued to pursue this plan with great success, in which success is defined as many incremental steps that do not draw undue backlash on either economic, diplomatic or military fronts. China needs economic growth to stave off domestic unrest, but that restraint has limits.

In July 2006 the Chinese ambassador to the UN, Wang Guangya, uncharacteristically lost his temper of the Security Council's attempt to word a rebuff of Israel's bombing of a UN Observer mission that killed four, one of whom was Chinese:

Without naming any countries... Wang lashed out at "a tyranny of the minority in the council" and vowed that there would be "implications for future discussions" on other subjects. Once the meeting ended, Wang [complained] that the presidential statement had been "watered down," observing in several different formulations that "we have to take into account the concerns of other countries" and predicting that the "frustration" his country felt "will affect working relations somewhat."...

In an earlier era, when the People’s Republic of China tended to conduct diplomacy by tantrum [but] China cares too much about the international order for such revolutionary shenanigans... China now aspires to play an active role on the global stage... The bad news is that China’s view of "the international order" is very different from that of the United States, or of the West, and has led it to frustrate much of the agenda that makes the U.N. worth caring about...

"First world" mentality in a "third world" body

China plainly wishes to join the international community on its own terms. The People’s Republic is a singular entity, a world-class power almost wholly preoccupied with harnessing its internal energies and preventing domestic conflict. Unlike Russia, for example, China has little wish to use the power at its disposal, save to establish a harmonious environment for its "peaceful rise."... China thus cares a very great deal about matters of little concern in the West "territorial integrity," [and] very little about the burning issues in [the US, UK and France. China supports the view of the now expanded "G77 plus China" that the UN] should pay more attention to economic and social issues and less to matters of peace and security...

China’s economy has made it a global force, and the accompanying need for resources has pushed it to forge new ties throughout Asia, Africa and Latin America. The old revolutionary ardor is gone, and China surveys the world with increasing pragmatism and confidence. China is now a status quo power "an exporter of good will and consumer durables instead of revolution and weapons."... Unlike the United States and the West generally, China views the current global situation as fundamentally benign and malleable a setting conducive to diplomacy...

The impact of that economy on US security can be seen in many areas; here are three:

Returning to the diplomatic front:

China has chosen to enmesh itself in global bodies like the World Trade Organization, regional groupings like the six-member, security-oriented Shanghai Cooperation Organization and a vast range of bilateral partnerships. China has begun routinely signing arms-control agreements and antiterrorism conventions. And it has begun playing a more active role at the U.N., contributing troops almost all of whom provide medical or engineering services rather than front-line patrolling as well as policemen to U.N. peacekeeping operations...

China has become so influential a country, such an object of imitation, respect and fear, that you can no longer talk about an "international community" that does not include it. The West has a profound interest in China’s development as a global power and its acceptance, however gradual and grudging, of the rules by which the West has defined global citizenship...

The great issue that divides the U.N. is no longer Communism versus capitalism, as it once was; it is sovereignty [which flies in the face of those who deride the UN for failing to] defend individuals against an abusive state... But this failing is a Western preoccupation: most developing nations, with their history of colonial rule [object] to all such inroads on sovereign rights. [In China] sovereignty has long been a fighting word...

China and the United States are the twin bêtes noires of the U.N.: the U.S. insists on enlisting the organization in its crusades, while China refuses to let any crusade get in the way of national interest. Washington is all blustering moralism; Beijing, all circumspect mercantilism... It’s a truism that the Security Council can function only insofar as the United States lets it. The adage may soon be applied to China as well...

"We don’t want to make anyone feel uncomfortable."

With some accuracy, I fear, certainly in recent years, UN ambassador Wang told his interviewer (Traub) that "blunderbuss diplomacy is the American way "because America is a superpower, so America has a big say." China would appear to have a big say of its own, but that’s not Wang’s view." Wang virtually encapsulated the paragraphs above by saying, "The Americans have muscle and exercise this muscle [whereas] China has no muscle and has no intention of exercising this muscle."

With continuing understatement and self-effacement, Wang clarified the remark with the CCP's need to protect China's peaceful rise and to "reassure all who fear its growing clout. "We don’t want to make anyone feel uncomfortable."" China is well on its delicate, thoughtful path of replacing the US as the Bretton Woods' model world citizen and in the end taking the UN away from the US.

Without correction by the US, that may well happen:

Japan's Evolving Relations with China
by Yoshio Okawara
Association of Japanese Institutes of Strategic Studies
AJISS-Commentary No. 19
14 December 2007

Australia and Japan: Both Moving in Beijing’s Direction?
Published on: December 8th 2007 14:24:55

East China Sea Dispute: Learn from the Australians and East Timorese
By Yasuhiro Goto
Association of Japanese Institutes of Strategic Studies
AJISS-Commentary No. 17
7 December 2007

America, Don't Count on Our Followership
by Masahiro Matsumura
Online Publisher: Yukio Satoh
President of The Japan Institute of International Affairs
The Association of Japanese Institutes of Strategic Studies
4 December 2007
AJISS-Commentary No. 16

Japan: End of the Golden Age
Published on: December 1st 2007 13:34:13

India: Stable but Awkward Relations
Published on: November 17th 2007 17:34:22

Japan: US Trying Not to Worry
Published on: November 10th 2007 12:20:05

Japan: US Insists on Reform, Japan Temporizes
Published on: November 3rd 2007 16:02:08

India: Problems on the Nuclear Question
Published on: October 20th 2007 14:36:44

Japan: Complications on Defense
Published on: October 20th 2007 14:36:57

Russia: New Puzzles, Same Answers
Published on: October 13th 2007 16:45:55

Strengthening Security Cooperation with Australia: A New Security Means for Japan
By Yoshinobu Yamamoto
Association of Japanese Institutes of Strategic Studies
AJISS-Commentary No. 13
9 October 2007

Japan: Back to the Drawing Board?
Published on: September 22nd 2007 08:57:12

Is Washington Losing East Asia?
The Drawbacks of Linking Trade and Security in America’s Foreign Policy
Heribert Dieter, Richard Higgott
Paper prepared for the CSGR/GARNET Conference on Pathways to legitimacy? The Future of Global and regional Governance
University of Warwick, 17 to 19 September 2007

Japan and India: A Joint Defense Destiny?
Published on: June 2nd 2007 00:09:54

The World According to China
New York Times
September 3, 2006

Bretton Woods Institutions
Ngaire Woods
Oxford Handbook of the United Nations
Ed. by Thomas Weiss and Dam Daws
OUP, 2006

China Engages Asia: Reshaping the Regional Order
David L. Shambaugh
International Security - Volume 29, Number 3, Winter 2004/2005, pp. 64-99

Bretton Woods and the UN system - relationship of the International Monetary Fund and the World Bank to the UN
by Hans W. Singer
Ecumenical Review
July, 1995

Bretton Woods Conference Collection: Photographs
IMF Archives: funding Aids
Date(s): [1940-?]-1944, [May 14, 1956?]

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  


  discuss this article

The triple canopy of infection, birds over cats over pigs cascading feces, urine and DNA, returns


I've appropriated the tropical term triple canopy forest (also here) to describe the triple canopy of infection prevalent in China and Asia, birds over cats over pigs cascading feces, urine and DNA to a new 'forest floor' on traditional wet markets (photo, video) where recombination can work wonders in proximity to man. Similar cage stacking of wild and domesticated animals was widely seen in the SARS epidemic:

SARS, or severe acute respiratory syndrome, first appeared in China in 2002. It spread widely in early 2003 to infect at least 8,098 people in 26 countries, according to the World Health Organization. The disease died out later in 2003, and no cases have been reported since.

A refresher on SARS, including its timeline:

Wet markets run the gammet in quality, cleanliness and oversight:

For some customers, it is important to see the animal live before being sold. Specifically, they may want to check for health condition and quality. This is generally not an option in supermarkets, except in lobster or fish booths. Most wet markets have facilities for allowing a customer to choose a live animal, then either take it home as is or watch it expertly killed and "cleaned" - gutted, etc. - before their very eyes. Some big-box stores, such as Walmart, provide these facilities in their Far Eastern stores, but not in their U.S. stores...

If sanitation standards are not maintained, wet markets can easily spread disease and viruses. Because of the openness, newly introduced animals may come in direct contact with sales clerks, butchers and customers. Insects such as flies have relatively easy access to the food products.

I admit to a fondness for wet markets, having spent much time in them and eaten their street food. Unfortunately I have seen some that are nothing short of an unregulated, unsupervised viral Petri dish, and from those I move along.

As the attention to SARS, even avian flu, has ebbed in China as its economy accelerates, old habits that foster new outbreaks reassert themselves.

"You can eat anything with four legs except the dinner table"

While major cities have upwardly mobile populations concerned about food safety and able to seek out branded items, the balance of the country depends on "traditional wet markets... for the bulk of fresh food sales."

"The concept of buying food once a week and putting it in your fridge doesn't really exist in China yet. It's produced today, bought today, and eaten later today"... And dangerous tastes persist under the radar...

An outbreak of the SARS virus in 2002 resulted in a local gourmet favorite -- the civet -- being banished to the black market. The raccoon-like animal was blamed for spreading SARS, which infected 8,000 people globally and killed 800. But exotic wildlife and squalor have returned to the Qingping market [in Guangzhou], making health officials worried that another killer virus could emerge...

"We face similar threats from other viruses and such epidemics can happen because we continue to have very crowded markets in China... Even though official measures are in place, they are not faithfully followed. We are not talking about just civet cats, but all animals."

"Civet cats are forbidden, and sanitation is an important issue. Most live animals are sold on the city's outskirts. You can see it's more of a normal market now."

While Qingping is dotted with posters such as "Everyone should honor the policy of paying attention to product safety," the reality is far different:

In a dark shop near the new medicine mall, feces and urine drip like goo through stacked cages of squawking chickens and meowing cats... Although Guangdong authorities culled thousands of civets in January 2004, investigators recently found the animals, as well as badgers and pangolins, on the black market and in Guangdong's "wild flavor" restaurants, where diners hope exotic meats will bring good fortune... Among Qingping's cats and chickens were tiger paws, turtles, insects of myriad varieties, and bundled strips of shredded toads -- some food, others medicine.

It was two years after SARS was brought under control, that investigators determined that the Chinese horseshoe bat was the "healthy carrier" and host repository for SARS, and not civets:

SARS now appears to join a number of other infectious agents that bats can transmit. Over the last decade, bats have been found as the source of two newly discovered human infections caused by the Nipah and Hendra viruses that can produce encephalitis and respiratory disease. In the SARS outbreak, attention focused on the role of Himalayan palm civets in transmitting it after scientists identified the virus in this species and in a raccoon dog sold in markets in Guangdong. But W.H.O. officials and scientists elsewhere cautioned that these species were most likely only intermediaries in the transmission, largely because no widespread infection could be found in wild or farmed civets...

"The SARS outbreak was a strong reminder that new viruses can emerge, and whether new or old, pathogens can cause not only significant disease and death, but they can also have a global socioeconomic impact," said Brenda Hogue, [who] has been involved in a big push to uncover some of the key clues behind coronavirus illness.

When SARS emerged, no one could have predicted that a new coronavirus, usually the culprit of nothing more than a common cold in humans, could become so harmful and spread so quickly through health systems from China to Canada.

The stakes are high. One only has to reflect on possible Avian flu variants:

And for the open secret of cutting corners in China, which make for difficulties in many areas beyond wet markets:

Wet Market Renovation
(that's Guangzhou)
Updated: 2004-03-11 15:36
China Daily
December 12, 2007

China Market May Be Breeding Ground For Deadly Viruses
By Joseph Chaney
Dec 10, 2007 10:42am EST

wet market
The Shanghai Show
Posted on Thursday, September 27th, 2007 at 9:33 am

Penang's Gem of a Wet Market
Eating Asia
September 11, 2007

SARS: Getting To The Core Of An Emergent Public Health Threat
Source: Arizona State University
Science Daily
May 16, 2007

What the heck is a wet market?
Posted by The Culinary Chase at 8/25/2006
The Culinary Chase
Friday, August 25, 2006

Chinese avoid wild animals
AP/Gulf News
Published: 04/19/2006 12:00 AM (UAE)

2 Teams Identify Chinese Bat as SARS Virus Hiding Place
New York Times
September 30, 2005

The Wet Market
By usabaker
Philippines Through My Eyes
Thursday, August 11, 2005

Klang Valley Streets: Marketing the wet market
NST Online

Timeline: Sars virus
BBC News
Last Updated: Wednesday, 7 July, 2004, 15:30 GMT 16:30 UK

W.H.O. Urges China to Use Caution While Killing Civet Cats
New York Times
January 6, 2004

Inter-species transmission of SARS being investigated
By Joy Su
Oct 30, 2003

China Lags in Sharing SARS Clues, Officials Say
New York Times
August 2, 2003

Gordon Housworth

InfoT Public  Risk Containment and Pricing Public  Strategic Risk Public  


  discuss this article

Confluence of thinking on Chinese outsourcing and supply chain risks from DSB and USCC


Rather than selling US securities, consider China restricting microchip supplies to the west at a critical junction (which would hit Taiwan, the current global producer of electronic componentry). This is no more implausible than Russia restricting energy flows to the Ukraine which despite the repercussions remains a viable distress option. (Think of combining securities with chips.)

Consider a foreign nation-state or its proxy embedding malicious code somewhere in a software developer's global outsourcing tier. (If bugs get in, certainly purpose-crafted malicious code can get in.) The state actor can be camouflaged by the nationality and location of its proxy.

Think of the implications of the Defense Department "inadvertently outsourcing the manufacturing of key weapons and military equipment to factories in China."

These are but three implications of the confluence of thinking from the Defense Science Board (DSB) and the U.S.-China Economic and Security Review Commission (USCC). With its transient task forces drawn from a wide range of industry and commerce, the DSB is as contemplative and low-key as the bipartisan congressional USCC can be public and hawkish.

U.S.-China Economic and Security Review Commission (USCC)

As I consider the DoD to be a harbinger of threats to private industry, I find the concerns of DSB and USCC to have industry-wide significance in both the US and the EU. All the better that this fifth USCC report has shed its historic "harsh rhetoric" in favor of "more objective and supported cooperative efforts" that secured the "unanimous support" of its twelve Democratic and Republican commissioners; Its output defined realistic risks and offered useful responses, starting with industrial consolidation that amounts to a new autarky on the part of the Chinese:

China's consolidation of its state-owned enterprises (SOEs) is guided by a new policy announced in December 2006. The State-Owned Assets Supervision and Administration Commission (SASAC) and China's State Council identified seven strategic industries in which the state must maintain "absolute control through state-owned enterprises," and five heavyweight industries in which the state will remain heavily involved. The strategic industries are armaments, power generation and distribution, oil and petrochemicals, telecommunications, coal, civil aviation, and shipping. The heavyweights are machinery; automobiles; information technology; construction; and iron, steel, and non-ferrous metals. It is estimated that forty to fifty of SASAC's 155 central SOEs fall in the strategic category and account for 75 percent of SASAC's total assets...

The Commission is disappointed that Beijing's efforts to move in the direction of a market economy appear to be slackening. In particular, the government's decision to retain state ownership or control of a large block of the economy is disappointing. In accord with its 11th Five-Year Plan, China has designated a dozen industries, including telecommunications, civil aviation, and information technology, as "heavyweight" or "pillar" industries over which it intends for government to retain control. In addition, 155 of China's largest corporations remain state-owned, including nearly all the nation's largest banks. Much of the economy remains under the Chinese government's strict control. Beijing's provision of subsidies to its pillar industries may damage competitors in other countries - including the United States where companies do not receive such subsidies...

It is precisely these "pillar" and "heavyweight" industries that China will protect to the point of excluding foreign firms. I offered this guidance in an October 2007 advisory but its theme could have been plucked from far earlier work:

China has repeatedly used standards and administrative edicts to hold competitors at bay until Chinese products were in the market, often at established levels that minimized success of any foreign competitor. One that comes to mind is the 'technical issues' barring Blackberries for well over a year until Chinese products were in the market. China has a not so thinly veiled plan to harvest foreign tech, producing indigenous standards which bar foreign standards BUT let Chinese standards compliant products work overseas, i.e., the PRC wants to completely invert all royalty payments while achieving the price volume curves of a global product... I am not the only one to have [observed] that this standards practice is a strategic weapon.

In private - as in group dinner conversations - senior Chinese individuals have specifically stated that US/EU automotive OEMs will be driven out by use of standards, tariffs and administrative rulings. [Personal email advisory]

The USCC is specific with regards to Chinese predation on US Intellectual Property (IP):

[China] enlists engineers and scientists to obtain valuable information from foreign sources ''by whatever means possible - including theft.''

Additionally, industrial espionage provides Chinese companies an added source of new technology without the necessity of investing time or money to perform research. Chinese espionage in the United States, which now comprises the single greatest threat to U.S. technology, is straining the U.S. counterintelligence establishment.

China still is not enforcing its own laws against intellectual property theft.

Of the USCC Commission's 42 recommendations to Congress, ten were seen to be "of particular significance." Of those ten, numbers 2, 3 and 7 are specific to supply chain and IP risk and affect all industrial segments, commercial and defense:

  • Determining the country of origin of U.S. weapon systems components: The Commission recommends that Congress require the Department of Defense to prepare a complete list of the country of origin of each component in every U.S. weapon system to the bottom tier.
  • Ensuring adequate support for U.S. export control enforcement and counterintelligence efforts: In order to slow or stop the outflow of protected U.S. technologies and manufacturing expertise to China, the Commission recommends that Congress assess the adequacy of and, if needed, provide additional funding for U.S. export control enforcement and counterintelligence efforts, specifically those tasked with detecting and preventing illicit technology transfers to China and Chinese state-sponsored industrial espionage operations.
  • Assessing potential Chinese military applications of R&D conducted in China by U.S. companies: The Commission recommends that Congress direct the U.S. Department of Defense to evaluate, and, in its Annual Report to Congress on the Military Power of the People's Republic of China, to report on, potential Chinese military applications of R&D conducted in China by U.S. companies.

The specifics are laid out in the Commission's comprehensive recommendations:

The Impact of Trade with China on the U.S. Defense Industrial Base
8. The Commission recommends that Congress require the Department of Defense to prepare a complete list of the country origin of each component in every U.S. weapon system to the bottom tier...

China's Military Modernization
12. In order to slow or stop the outflow of protected U.S. technologies and manufacturing expertise to China, the Commission recommends that Congress assess the adequacy of and, if needed, provide additional funding for U.S. export control enforcement and counterintelligence efforts, specifically those tasked with detecting and preventing illicit technology transfers to China and Chinese state-sponsored industrial espionage operations...

China's Science and Technology Activities and Accomplishments
20. The Commission recommends that Congress direct the U.S. Department of Commerce to report periodically on the general R&D expenditures of U.S. companies in China, based on protected business proprietary data the Department currently collects.
21. The Commission recommends that Congress direct the U.S. Department of Defense to evaluate, and, in its Annual Report to Congress on the Military Power of the People's Republic of China, to report on, potential Chinese military applications of R&D conducted in China by U.S. companies...

Defense Science Board (DSB)

It would appear that the USCC's 2007 report has been informed by work by the DSB in the 2005-2007 period, notably in the areas of firmware/microelectronics and software outsourcing and tiered manufacturing, encompassing both the buy side and the make side).

By 2005 DSB noted that the US defense side was disturbed by offshoring or "alienation" of critical supply chains, notably for microelectronics:

Pressure on U.S. IC suppliers for high return on invested capital has compelled them to outsource capital intensive manufacturing operations. Thus, the past decade has seen an accelerating trend toward vertical disaggregation in the semiconductor business. Companies whose manufacturing operations once encompassed the full range of integrated circuit activities from product definition to design and process development, to mask-making and chip fabrication, to assembly and final test and customer support, even materials and production equipment, are contracting out nearly all these essential activities...

One unintended result of this otherwise sound industry change is the relocation of critical microelectronics manufacturing capabilities from the United States to countries with lower cost capital and operating environments. Trustworthiness and supply assurance for components used in critical military and infrastructure applications are casualties of this migration. Further, while not the focus of this study per se, the U.S. national technological leadership may be increasingly challenged by these changing industry dynamics; this poses long term national economic security concerns.

[For] DOD's strategy of information superiority to remain viable, the Department requires:

    • Trusted and assured supplies of integrated circuit (IC) components.
    • A continued stream of exponential improvements in the processing capacity of microchips and new approaches to extracting military value from information.

Trustworthiness of custom and commercial systems that support military operations - and the advances in microchip technology underlying our information superiority - however has been jeopardized. Trustworthiness includes confidence that classified or mission critical information contained in chip designs is not compromised, reliability is not degraded or untended design elements inserted in chips as a result of design or fabrication in conditions open to adversary agents. Trust cannot be added to integrated circuits after fabrication; electrical testing and reverse engineering cannot be relied upon to detect undesired alterations in military integrated circuits. [Emphasis in original]

The opportunities for adversarial intervention are great:

Finding: Because of the U.S. military dependence on advanced technologies whose fabrication is progressively more offshore, opportunities for adversaries to clandestinely manipulate technology used in U.S. critical microelectronics applications are enormous and increasing. In general, a sophisticated, clandestine services develop opportunities to gain close access to a target technology throughout its lifetime, not just at inception.

If real and potential adversaries' ability to subvert U.S. microelectronics components is not reversed or technically mitigated, our adversaries will gain enormous asymmetric advantages that could possibly put U.S. force projection at risk. In the end, the U.S. strategy must be one of risk management, not risk avoidance. Even if risk avoidance were possible, it would be prohibitively costly.

By 2007 DSB observed that the US defense side had focused on microelectronics' mating factor, software design, in its concern of "alienation" of critical supply chains, but with a difference. Software and firmware are not parallel "because the microchip fabrication business requires increasingly large capital formation - a considerable barrier to entry by a lesser nation-state. Software development and production, by contrast, has a low investment threshold. It requires only talented people, who increasingly are found outside the United States." (ICG has had a sustaining interest in the supply chain risks and diversion of embedded software within weapons systems. See my 2005, Israel as serial violator, temporarily the chicken killed to scare the monkeys.):

The task force on microchip supply identified two areas of risk in the off-shoring of fabrication facilities - that the U.S. could be denied access to the supply of chips and that there could be malicious modifications in these chips. Because software is so easily reproduced, the former risk is small. The latter risk of "malware," however, is serious. It is this risk that is discussed at length in this report.

Software that the Defense Department acquires has been loosely categorized as:

  • Commodity products - referred to as "commercial-off-the-shelf" (COTS) software;
  • General software developed by or for the U.S. Government - referred to as "Government-off-the-shelf" (GOTS) software; and
  • Custom software - generally created for unique defense applications.

The U.S. Government is obviously attracted by the first, COTS. It is produced for and sold in a highly competitive marketplace, and its development costs are amortized across a large base of consumers, Its functionality continually expands in response to competitive market demands. It is [a] bargain, but it is also most likely to be produced offshore, and so presents the greater threat of malicious modification.

There are two distinct kinds of vulnerabilities in software. The first is the common "bug," an unintentional defect or weakness in the code that opens the door for opportunistic exploitation. [DoD] shares these defects with all users. However, certain users are "high value targets" such as the financial sector and the Department of Defense. These high-value targets attract the "high-end" attackers. Moreover, the DoD also may be presumed to attract the most skilled and best financed attackers - a nation-state adversary or its proxy. These high-end attackers will not be content to exploit opportunistic vulnerabilities which might be fixed and therefore unavailable at a critical juncture. Furthermore, they may seek to implant vulnerability for later exploitation.

DSB reports are recommended reading as, noted above, DoD assets are the 'canary in the coal mine' for the larger set of commercial assets in the US and abroad. (Even when the subject topic seems far afield, the underlying technology discussions have surprising relevance.) Where DoD threats are now, the commercial sector will soon follow. The latest USCC report shows that defense and commercial risks have now substantially intersected.

The full 2007 USCC report is to be released next week. In preparation, I suggest:

ICG's Intellectual Property (IP) Protection Abstracts, September 2006 to June 2007
ICG's Intellectual Property (IP) Protection Abstracts, April 2004 to July 2006


Press Release
November 15, 2007

USCC 2007 Report segments, available online 17 November:
2007 Report to Congress Intro
2007 Report to Congress Executive Summary
The Commission's Recommendations

Panel: China's Spying Poses Threat to U.S. Tech Secrets
By David Cho and Ariana Eunjung Cha
Washington Post
November 15, 2007; 11:57 AM

Chinese Spying No. 1 Threat To U.S. Manufacturing
By Foster Klug, Associated Press Writer
Manufacturing.Net - November 15, 2007

National Security and the PC
Posted by Paul Murphy @ 12:18 am
November 14, 2007

Are Foreigners Ruining DOD Software?
Posted by Catherine MacRae Hockmuth
Ares/Aviation Week
10/30/2007 4:02 PM

Building Trustworthy Circuits
Posted by Catherine MacRae Hockmuth
Ares/Aviation Week
10/29/2007 12:48 PM

Report of the Defense Science Board Task Force on Mission Impact of Foreign Influence on DoD Software
Defense Science Board (DSB)
September 2007

Statement of Senator Carl Levin before the U.S.-China Economic and Security Review Commission Hearing on The U.S. China Relationship
Contact: Press Office
Phone: 202.228.3685
February 1, 2007

Satellite surprise highlights U.S.-China gap: official
February 1, 2007; 3:12 PM

Russia Bargains for Bigger Stake in West's Energy
New York Times
June 12, 2006

Gas Halt May Produce Big Ripples in European Policy
New York Times
January 4, 2006

Defense Science Board (DSB)
Office of the Under Secretary of Defense For Acquisition, Technology, and Logistics
February 2005

Gordon Housworth

InfoT Public  Infrastructure Defense Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  Weapons & Technology Public  


  discuss this article

Prev 1  2  3  4  [5]  6  7  8  9  10  11  12  13  14  15  16  17  18  Next

You are on page 5

Items 41-50 of 177.

<<  |  January 2020  |  >>
view our rss feed