return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ InfoT Public ]

Staff Statement No. 11 identifies critical path identification failure

  #

My ears were ringing as Philip Zelikov read the summary of Staff Statement No. 11, "The Performance of the Intelligence Community."  It was the lead paragraph of the section, Warning and the Case of Aircraft as Weapons:

"Since the Pearl Harbor attack of 1941, the Intelligence Community has devoted generations of effort to understanding the problem of warning against surprise attack. Rigorous analytic methods were developed, focused in particular on the Soviet Union. Several leading practitioners within the Intelligence Community discussed them with us. They have been articulated in many ways, but almost all seem to have at least four elements in common: (1) think about how surprise attacks might be launched; (2) identify telltale indicators connected to the most dangerous possibilities; (3) where feasible, collect intelligence against these indicators; and (4) adopt defenses to deflect the most dangerous possibilities or at least get more warning. Concern about warning issues arising after the end of the Gulf War led to a major study"

The staff report noted that "laboriously developed" methods to detect [Soviet] surprise attack had languished, save for interest in al Qaeda's NBCR (nuclear, biological, chemical, and radiological) weapons.

Report 11 then enumerated a large numbers of attempted uses of aircraft as weapons, but noted:

"These past episodes suggest possibilities. Alone, they are not warnings. But, returning to the four elements mentioned above [the] CTC did not analyze how a hijacked aircraft or other explosives-laden aircraft might be used as a weapon. If it had done so, it could have identified that a critical obstacle would be to find a suicide terrorist able to fly large jet aircraft. This had never happened before 9/11."

What was not explicitly stated is that these episodes happened over some years in diverse regions on the watch of many analysts under different reporting structures.  There was no unifying trigger theme.  This is the failure to understand a critical path of the terrorist's supply chain that we have pressed upon in our private distributions: terrorist access to, and control of, the flight deck. Our analysis showed that from Mohammed Atta's arrival into the US, the goal was access and control of a flight deck, first with light twin-engine aircraft converted to 'crop dusters,' and only when that approached failed, did Atta and the group shift to commandeering flight decks of commercial aircraft. We have seen that argument extended to freight and cargo aircraft and we have since made the argument that flight deck control can be remote as in UAVs (Unmanned Aerial Vehicles) here and here.

Richard Clarke told the committee that he "attributed his awareness to novels more than any warnings from the Intelligence Community." Airliner-as-weapon was not the only failed analysis:

"There was, for example, no evident Intelligence Community analysis of the danger of boat bombs before the attack on the U.S.S. Cole in October 2000, although expertise about such means of attack existed within the Community, especially at the Office of Naval Intelligence."

In hindsight, it is effortless to connect the lack of visualization of a hijacked aircraft-as-weapon (or inflatable boat as weapon) to absence of identified telltale indicators, to no collection requirements against those telltales, to no effective means of deflection.  That will not protect us from all future threats.  Far from it.

Yes, al Qaeda has pursued certain themes, but it can craft new ones without warning, so to dwell solely on existing themes is to fight yesterday's war. What we must constantly do is look at where are weak, where we allow the perp to penetrate our perimeter or allow him or her to get "close enough," where there are exploitable lapses in our command, control and communication. Only then can we try to think asymmetrically as al Qaeda does so well.

Gordon Housworth



InfoT Public  Strategic Risk Public  Terrorism Public  

discussion

  discuss this article

The DDoS attack of all time was in the cards

  #

Hackers penetrated and, for a period of time, took control of parts of the TeraGrid, a supercomputer network used for compute-intensive tasks such as weather forecasting. Even a single supercomputer on a broadband network is the equal of thousands of desktop PCs.

This is inspired in its analysis of critical path -- so that relatively few computers could launch the kind of digital Pearl Harbor that Dick Clarke spoke of but was pooh-poohed by many in industry.

In yet again another example of the bad guys operating inside our OODA Loop, the systems were apparently vulnerable due to recently discovered software faults. These computers were running Linux and Solaris OS variants -- not a Microsoft OS. It is interesting to think of us spending a packet to armor up Microsoft OS products and the bad guys take us down via key faults on Linux and Solaris OS. Talk about 'hitting us where we ain't.' My admiration and compliments to the perps. It will be interesting to see what seeps out as to their identity and/or nationality.

Change "could" to "must" in the following and you have it:

"This could be a wake-up call to what should be very, very secure computing environments, because these machines should never have been compromised."

Anything less than "must" and the follow-through it demands just leaves us booking seats in a future bipartisan commission trying to determine what went wrong.

I can only hope that this is setting off massive alarm bells in government, the OS providers, institutional management, and the sysadmins of TeraGrid.

Hackers Strike Advanced Computing Networks
By Brian Krebs
washingtonpost.com Staff Writer
Tuesday, April 13, 2004; 5:40 PM

Gordon Housworth



Cybersecurity Public  InfoT Public  

discussion

  discuss this article

What is al Qaeda learning from the 9/11 Commission? How will we know?

  #

Learning is a two way street, and I am not speaking of Republicans and Democrats. We know that al Qaeda and other skilled militants "go to school on us," watching us, our military posture, our attack and defense procedures, our weapons (so that they can defeat, copy, or obtain), and our leverage points.

Nowhere amid the political slanging and efforts to 'pin my tail on your donkey,' do I see anyone asking, What are they learning from the 9/11 Commission and its proceedings - both public testimony and unclass commission documents? What do they see that we dwell upon and what we ignore? What changes in their operations and tradecraft might we expect from their analyses, i.e., what will they stop doing and start doing? How will we know, e.g., what precursors or fuzzy events will signal a shift?

While these questions have passed in and out of mind during the proceedings, a datum that Pickard (acting Director FBI) shared today drove it home.

This is an excellent opportunity for open-source collection and analysis to take an untainted look at the accumulated public record. My concern is that we are in such a spasm of self-discovery and blame fixing, that no one is performing an analysis on our proceedings. Failure to do so can open a window for an unexpected attack.

Gordon Housworth



InfoT Public  Infrastructure Defense Public  Strategic Risk Public  Terrorism Public  

discussion

  discuss this article

Richard Kerr, former Deputy DCI, and others on PBDs

  #

Richard Kerr, former Deputy Director of Central Intelligence, and a preparer of PDBs noted in an NPR interview this morning that the PDB is a "continuity document," that many of its items may be prepared a few days in advance of 'publication,' and that many items rise from an analyst's desk and are refined - as opposed to being written by Kerr or his successor. Kerr had prepared PDBs for Presidents Reagan and Bush.

I also call your attention to a valuable item at The National Security Archive (George Washington University), "The President's Daily Brief" By Thomas S. Blanton, Updated April 12, 2004.

Among the useful items on this page are:

The White House Fact Sheet titled "The August 6, 2001 PDB" that was released along with the 6 August PDB section, in a Q&A format.

A background briefing plus Q&A from two individuals that asked to be referred to as "senior White House officials": White House Briefing on Release of the August 6, 2001 President's Daily Brief Excerpt "Bin Ladin Determined to Strike in U.S.," April 10, 2004.

While these latter two documents might be construed as a reasonably sympathetic administration view, they do offer additional information on the PDB.

Gordon Housworth



InfoT Public  Strategic Risk Public  

discussion

  discuss this article

Blue canary daily threat and response in the Capitol

  #

Suspicious Powders, Packages Keep FBI Unit on Edge is a good example of the daily threat and response resolution that passes beneath citizens' radar, of a maze of false positives and false negatives that might mask a next 'big one,' that confront the FBI National Capital Response Squad and U.S. Capitol Police (many of whose investigations do not require FBI involvement). Unless you have been on continuous alert status, playing the role of the "blue canary," it is hard to describe how demanding it is to keep your edge.

Suspicious Powders, Packages Keep FBI Unit on Edge
By Allan Lengel
Washington Post Staff Writer
Tuesday, April 13, 2004; Page A01

Gordon Housworth



InfoT Public  Infrastructure Defense Public  

discussion

  discuss this article

Only the zealot and the lucky "have it" on the PDB

  #

The release of the al Qaeda snippet from the 6 August PDB occasioned a number of pundits, some of whom I otherwise admire, lining up to slang this document into whichever political camp they preferred. Some in this readership may have done likewise.

I am still trying to figure out what I think I read. Perfectly clear, you say? Rubbish. Let me share a related example: How many of you are aware that if Condi Rice's testimony before the 9/11 Commission had been under a court of law (such as Clinton's impeachment trial) that her responses would have landed her in contempt of court on multiple occasions? She and the administration knew that the public watching would not know that and, as this was not a court proceeding, she could move to control the limited public time and make her questioners look like ogres. This takes nothing away from her performance. I am just telling you that I might have seen something different that you did.

As to the PDB, without knowing it, we are all trying to interpret one of the smallest distribution "newsletters" on the planet, the President's Daily Brief. It is said to be the most closely held document in a government where chimney building is rampant and control over information is power. The PDB is said to be an art form, a daily document that tries to be forceful without being alarmist. (There are in fact many pressures to resist alerts, many for good reasons.) Supposedly anything seen to hold a smoking gun "goes downtown" immediately and does not wait for the PDB, although a later PDB may well reflect follow-up and tracking.

Any reader familiar with my writings has heard me speak of misevaluating a "still frame from a motion picture." So it is with this PDB snippet. Its release will demand more information in order to put it in the appropriate context. Each PDB is a ten plus page document, so we need to know where the snippet sat in the order of issues of that PDB, how many other related items preceded and followed it in other PDBs, what steps did the president put in place as a result, and what follow-up occurred when to what effect. There are likely more questions to ask.

While my jury is still out, I am reminded that in previous great surprises such as Pearl Harbor (where we knew the Japanese were going to attack but did not guess Pearl) and Normandy (where the Germans knew that the Allies were going to launch an amphibious invasion but did not know where and so did not alert the proper divisions) that we may not always know the precise where and when even we are reading some of the enemy's mail.

On the other hand, I am remember that the first months of the Bush administration were marked by what has been called the "incuriosity" of the sitting president in foreign affairs. As I am adjacent to the Canadian border, my Canadian colleagues relish the question put to candidate Bush shortly after he had been stung in a pop quiz about foreign leaders. Candidate Bush fell victim to a foreign affairs trap when he responded on-air to a "comic posing as a reporter made up a story that Canadian Prime Minister "Jean Poutine" had endorsed him as "the man to lead the United States into the next millennium." (Canada's prime minister at the time was Jean Chretien and he did not endorse any US candidate.)

To hear the Canadians tell it, Bush fell into the flattery trap (as had the governor of Michigan and a top Bush adviser to the same question) and replied that, "I appreciate his strong statement, he understands I believe in free trade," Bush replied.

Poutine is a plate of french fries smothered in gravy and cheese curd popular in Quebec.

Again I submit that only the zealot and the lucky think that they "have it" on the PDB. We need more information to make a reasoned decision.

Gordon Housworth



InfoT Public  Strategic Risk Public  

discussion

  discuss this article

Euro flight cancellations have ebbed: Why?

  #

As the hole is as good as the donut, i.e., what we don't see is as useful as what we do, I find it interesting that the flight cancellations, primarily from France and the UK along with some from Mexico, that rattled authorities and travelers alike in late 2003-early 2004, seemed to have ebbed yet I have not seen much mention of it.

During the 03-04 holiday Orange level alert, I mused that it was not a person per se but a transported object that was the source of cancellations. That concern appeared to be growing as al Qaeda remained steadfast in its effort to show followers, recruits and donors that it remained relevant and lethal. At the time, I thought it of lesser importance that we were at the close of the Hajj and of greater significance that the Eid al-Adha, Feast of the Sacrifice, was beginning.

The January 2004 flight cancellations were due to a presumption that jihadis were attempting to release chemical or biological agents on board an airliner in order to infect passengers and crew, turning them into disease vectors, or transport a radiological device in cargo, above and beyond hijacking. I took that as an indication as to why specific flights were being canceled time and again, i.e., something about the origination, timing, support-crews, and perhaps the airframes themselves.

Air carriers found it easier to cancel flights than to meet the "required enhanced, multi-tiered security precautions" that the US was requiring, presumably in pre- and post-flight screening of air cargo, very little of which is subject to physical inspection, and carrier vetting of shippers, an admittedly demanding action. Beyond aircraft, authorities have long been concerned with a seaborne container containing a GPS-augmented payload that would allow terrorists to track and detonate the payload at the appropriate position.

Those flight cancellations have halted. Why? Did we institute new policies for screening, especially on cargo, or put in place vetting procedures for shippers, that induced the perpetrators to down tools and recommence surveillance in order to find a new vector in the US without endangering their infrastructure? Or did the bad guys opt for another attack profile altogether?

The problem with an unexplained "TWA" or Trouble Went Away is that it can return with equal lack of announcement.

Flights Canceled as New Air Terror Concerns Raised
By Sara Kehaulani Goo and Dana Priest
Washington Post Staff Writers
Saturday, January 31, 2004; 7:45 PM

Gordon Housworth


InfoT Public  Infrastructure Defense Public  Terrorism Public  

discussion

  discuss this article

FBI as a contender for 11 September culpability

  #

As the FBI attempts to transforms "into an agency that can prevent terrorist acts, rather than react to them as criminal acts, " a reader must be diligent in seeking a thoughtful, apolitical analysis of the issues and options for the bureau, DoJ, and Congress.

I do not pretend to understand the GAO but I am told by some I trust that it can play a bit of politics in what it chooses to investigate and can certainly be fed information backchannel upon which it can launch an investigation. The CRS, or Congressional Research Service, is a research arm of Congress that, to my notice, not been accused of same.

Although CRS reports are not readily available to the public, they can be harvested as a source of thoughtful and balanced information that has the ability to draw upon resources through the government. Heretofore they come down as PDFs but, perhaps because of its recent release (6 April), RL32336, "FBI Intelligence Reform Since September 11, 2001: Issues and Options for Congress" by Alfred Cumming and Todd Masse has has been found as an HTML page.

As you might imagine while bureau supporters and detractors alike agree that the bureau's reforms to gather intel by penetrating terrorist cells is a worthy goal, its supporters opine that the "FBI has a long and successful history of such penetrations when it comes to organized crime groups, and suggest that it is capable of replicating its success against terrorist cells" whereas its detractors "say recruiting organized crime penetrations differs dramatically from terrorist recruiting [and that strategic intelligence collection is a qualitatively different function than gathering information on criminal activity]."

I am not alone in the opinion that the bureau 'too often responds to a crime scene' instead of assuming a leading interagency posture needed to gather proactive intel. It is also no secret that I feel that we need an MI-5 equivalent. Yes, I know that is expensive and time consuming but I am price elastic in its achievement as the last figure that I saw for the cost of 11 September was 95 billion in 2001 dollars. I have had the opportunity to read transcripts from some of the cell calls from the towers. Not I, thank you very much.

I am aware of some difficulties within DHS, that resolution will exceed the near-term, and that they are not in a position to provide such an interagency-intersource analysis capacity. I also am of the opinion that there is not enough genuine asymmetrical threat analysis in all the agencies, FBI included. An example is the standard FBI security audit which is a qualitative analysis without a specific counterthreat analysis as opposed to a qualitative approach that moves forward into the shooters mission to identify them in their surveillance period.

While new bureau recruits are said to be steeped in national security and counterterrorism, foreign and domestic, it is very difficult to shift a reactive law enforcement mentality into a proactive intelligence approach to terrorism. The FBI will have to demonstrate that it can quickly gain the capacity to "collect, analyze and disseminate domestic intelligence so that it can help federal, state and local officials stop terrorists before they strike."

The CRS report goes so far as to criticize FBI leadership for their lack of experience in intelligence, thus calling into question the ability of current reforms to achieve the needed transformation. Whether by design or by serendipity, this debate regarding the future of the FBI and policy choices available to legislators, crosses the 9/11 Commission's work in attempting to determine who knew what when.

As I read items such as Briefing on Al Qaeda Included Specifics I wonder if the FBI will be set up as the group to take the fall -- or at least the lions share of culpability. I had thought that it might be Rice but given the gentle nudges in the Times and Post, the FBI grows in contention.

Briefing on Al Qaeda Included Specifics
White House Says Declassification of Pre-9/11 Document Will Be Delayed
By Walter Pincus and Dan Eggen
Washington Post Staff Writers
Saturday, April 10, 2004; Page A05

RL32336 -- FBI Intelligence Reform Since September 11, 2001: Issues and Options for Congress
April 6, 2004
Alfred Cumming, Specialist in Intelligence and National Security, Foreign Affairs, Defense and Trade Division
Todd Masse, Specialist in Domestic Intelligence and Counterterrorism, Domestic Social Policy Division

Gordon Housworth



InfoT Public  Infrastructure Defense Public  Strategic Risk Public  

discussion

  discuss this article

Latin American graft: collateral damage of war on terror

  #

For more than a decade, Miami has been said to be the 'capital of Central America.' Gaining residence in that capital, and retaining the means to support oneself there, may be slightly less easy than in the past due to two tools occasioned by the Patriot Act:

(1) Pursuit of US assets of foreigners convicted of corruption in their native countries

(2) Denial or revocation of visas for PEPs (politically exposed persons)

Corruption in Latin America: Harder graft notes that historically, visas could be revoked only for crimes such as drug-trafficking, war crimes, and immigrant smuggling. Concerns over national security are driving an attack on public corruption and its illegal web of moving money, people, and objects that can be co-opted as a "dual use" tool by terrorists attempting to smuggle explosives, weapons, or operatives into the US or to launder its own money.

Given the porosity of our southern and maritime borders, and the proximity of fertile grounds, this is useful even if it temporarily disrupts the current channels.

I am surprised that the second driver is a new found desire not to squander US funds on corrupt regimes. As Louis said, "I'm shocked - shocked - to find gambling is going on in here!"

Corruption in Latin America: Harder graft
Apr 7th 2004 | MIAMI
From The Economist print edition

Gordon Housworth



InfoT Public  Strategic Risk Public  

discussion

  discuss this article

Maximizing your defense against a Mini-DDoS attack

  #

How to shore up your defenses against a Mini-DDoS attack presents the "best of the available fixes" to the min-DDOS attack that I mentioned here. It is excellent advice for those of us below the ISP radar horizon of large, widely distributed  attacks:

How to shore up your defenses against a Mini-DDoS attack
By David Berlind,
Tech Update
March 25, 2004

Gordon Housworth



Cybersecurity Public  InfoT Public  

discussion

  discuss this article

Prev 51  52  53  54  55  56  57  58  59  60  [61]  62  63  64  65  66  67  68  Next

You are on page 61
A total of 68 pages are available.

Items 601-610 of 673.

Pages: [1 - 25] [26 - 50] [51 - 68]


<<  |  June 2019  |  >>
SunMonTueWedThuFriSat
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456
view our rss feed