Friday, March 29, 2013

News Flash: GI Joe Discovers Nuclear Weapons in Israel

The movie GI Joe: Retaliation is crap.

To call it a video game movie is an insult to good video games.  It is a bad video game movie.

The expository scenes—where the characters move their mouths and words come out—are treated as cut scenes i.e. brief pauses to reward players with a bathroom break after they have completed a previous level, and provide the arbitrary framing that enables another session of witless, button-mashing mayhem on the next level.

Fans of common sense, physics, and conservation of momentum will be amused and/or appalled by the revelation—spoiler alert!—that Cobra’s super weapon is a gravity bomb…released from an orbiting satellite.

The audience’s primary diversion during and after the film is ridiculing the logical inconsistencies and plot holes in the movie—and noting the numerous missed opportunities for comic relief (obviously, the dubious determination was made that action, no matter how absurd, sells and character and comedy do not play in the critical foreign markets).  The possibilities are virtually limitless.

However, GI Joe: Retaliation does perform one remarkable geopolitical service.  It treats the existence of Israel’s undeclared nuclear weapons arsenal as a matter of fact.

When the world’s nuclear weapons powers are gathered for an asinine episode of Armageddon brinksmanship orchestrated by Cobra, the attendees are: USA, France, Great Britain, Russia, China, India, North Korea…and Israel (in the first act of the movie, Pakistan was deemed unworthy of retaining its nuclear weapons and was summarily disarmed by the GI Joe team, thereby forfeiting its place at the atomic roundtable).

I wonder how this plot point snuck into the movie.  Perhaps the producers believe they will lock in the lucrative Iranian market with the admission that Israel is, indeed, a covert nuclear weapons power.

In any case, it was interesting to see.  Pretty much the only interesting thing in GI Joe: Retaliation.

Waiting for the Multiculturapocalypse, Turko-Hispanic Edition

I saw this billboard while motoring through the LA suburbs.  

The sentiment is not drive-off-the-road gobsmacking, but it provided considerable food for thought.

Wonder if the Corps would celebrate its respect for “Caucasian” or “African-American” values.* Unlikely, because attributing certain “values” to racial groups is, well, racist.  I assume the idea is to characterize “Hispanics” as an ethnicity with certain cultural characteristics, like, you know, the Irish.  This leads us pretty far down the slippery slope to ethnic stereotyping, and I wonder what martial characteristics on the Frito Bandito-to-Zorro spectrum the Marines’ ad agency was thinking of when it crafted this campaign.

Actually, thanks to the website “Hispanic Marketing and Public Relations”, we don’t have to wonder:

“The ideals of honor, courage and commitment are not exclusive to the Marine Corps,” said Lieutenant Colonel Darrin Kazlauskas, assistant chief of staff for advertising, Marine Corps Recruiting Command. “Hispanic American families, like all great families, instill these values so that each generation can move forward and become positive members of their communities. We are proud to serve with all our Marine brothers and sisters who hold these values in high esteem.”

Through Family Values the Marine Corps set out to offer the public a window into the personal lives of the Hispanic Marines profiled in the ads with the intent of leading the audience to believe that there are ways in which the fundamental values of Hispanic Americans and the Marine Corps are one.

Well, don’t get me started on the “values” thing, and I won’t ask the Marines to reveal what other groups are relatively deficient in honor, courage, and commitment compared to a) the USMC and b) the "Hispanic community".

To unpack this a little more, “Hispanics” is something of a catch-all demographic category to characterize people in the US and the Latin and South American countries who can speak Spanish.  

“Hispanics” often define themselves according to nationality, current or ancestral (“Mexican, Mexican-American”).  Bear in mind, some indigenous Americans—Indians, per the traditional, wildly inaccurate nomenclature that prevails in the United States—such as the Oaxacans, who form a distinct underclass of immigrants in Los Angeles, employ their traditional pre-Colombian languages and speak Spanish as a second language and, sometimes, don’t speak Spanish at all.  And some people of mestizo extraction who do speak Spanish nevertheless accentuate their local origins and dislike the European cultural, imperial, and linguistic implications of “Hispanic”.

So, “Hispanic” is something of an artificial category that assists non-“Hispanic” people who are looking for a convenient way to characterize, investigate, analyze, and slice-and-dice an increasingly important element in US economics and culture.  I assume Hispanicism, the New World successor to Edward Said’s Orientalism—which explored the creation of “The Orient” as an object of Western penetration, exploitation, and conquest—has already been written by some bright, Foucault-steeped scholar, but I just don’t know about it.

Of course, what’s also interesting is that the sign is in English, not Spanish.  Of course, one has to speak English to serve in the Marine Corps, but one might think that a recruiting poster would target Spanish-speaking parents as well.

I wonder how much deep thinking Lieutenant Colonel Kazlaukas put into this campaign.  Is it part of a sophisticated effort to identify and attract English-speaking people with a Spanish-speaking background who self-select as having an uncertain grasp of anthropology, ethnography, and Marx’s critique of Hegelian idealism?  Or a reflection of the fact that recruitment of “Hispanics”—actually, a certain undefined subset of this arbitrary class—has been quite successful and the Corps is trying to consolidate its gains by throwing the ad campaign at the wall and seeing if it sticks?

*The Marines do run a Black History Month campaign, but it accentuates the victories of black Marines in their struggle to overcome racism rather than attributing specific admirable values to African-Americans.

The second data point comes courtesy of the very interesting blog The Istanbulian, by Emre Kizilkaya, an editor of Hurriyet, the leading Turkish daily.

The modern Turkish state is based on a rather muscular, army-backed secularism that, in recent years, has come into increasing conflict with Islam-friendly political movements such as the one that Prime Minister Recip Erdogan rode into power.  The government does reveal some Islamicizing tendencies which are nervously recorded by advocates of secular liberalism.

An exam in a local religious class included this priceless image under the heading “Learning to Pray”.

Spidey, we never knew!

What I like about the image is, if you rotate it 90 degrees, he looks like he’s praying at the Wailing Wall! While climbing it!

Kizilkaya’s blog is well-worth bookmarking.  Turkey, in addition to serving as freedom’s eager handmaiden in Syria, is the world leader in imprisoning journalists.  Kizilkaya performs the invaluable task of documenting the trends in repression, politics, religion, and the complex and volatile Assad-rebels-Syrian/Iraqi/PKK Kurd security equation for an English-speaking audience.

Friday, March 22, 2013

Iraq War Ten-Year Commemorative Edition

Back in the day, I was a feisty anti-Iraq war blogger cranking out two or three pieces per month on Smirking Chimp and at my own blog Halcyon Days, supported through the generous efforts of Roberto Bourgonjen at  

The shoddy factual and theoretical underpinnings of the Iraq War were clearly visible, in clear text and open source, to anyone who cared to look—and were promptly confirmed after the invasion.  

Anybody remember the story of Saddam’s mobile bioweapons labs that Colin Powell peddled to the UN?  Post-invasion the CIA tried to claim they had found two of them—but they were actually hydrogen gas generators (for weather/artillery balloons) sold to Iraq by Marconi UK in the 1980s…and the US Army had identical units in its own inventory. 

The fact that the US electorate deigned to give George W. Bush a second term in 2004 despite his dramatic failings contributed to your humble narrator’s corrosive overall cynicism.

Here are some of my greatest hits, mostly from the run-up to the invasion, and one afterword on “intelligence failures”.

U.S. Petro-Gangsters Muscle in On Saddam’s Turf

Fighting ExxonMobil’s War in Iraq

Posted July 21, 2002

The “War on Terrorism” is no longer about bringing the September 11 murderers to justice.  It’s not about terror either, since hotbeds of terrorist, anti-US sentiment such as Pakistan, Saudi Arabia, and Egypt serve as our allies and clients and not our enemies.  It’s not about bringing
democracy and justice to the benighted despotisms of the Middle East and Central Asia, as George Bush’s clumsy dictatorial meddling in the internal affairs of Afghanistan, Palestine, Iraq, and Iran has demonstrated.

To the pundits who share our unelected president’s taste for vainglory, our violent, unilateralist stomp across the world has the whiff of empire.  Op-ed pages now bristle with bald eagles symbolizing our right as the world’s only superpower to set our own rules and standards.

More erudite commentators try to qualify or mitigate our behavior as “hegemonism” since we prefer to dominate and manipulate our vassals, instead of subjecting them to direct imperial rule.

Indeed, America has yet to demonstrate the belly and ability for empire.  A national inclination toward xenophobia and isolationism does not predispose us to offer up our sons and daughters for a lifetime of service in foreign lands.  The legionnaires and proconsuls we do send abroad roost in their mini-America encampments and pour out their contempt for the inexplicable, deplorable, and ungrateful locals who surround them.

However, as the outlines of the military, diplomatic, and public relations war against Iraq emerge, the motive for Bush’s foreign policy is revealed as infinitely vulgar, meretricious, and beneath the national interest.  It is simply the money to be had from controlling and selling cheap oil.

Those who care about our country and its interests would be well advised to read the July 11, 2002 London Times article “West sees glittering prizes ahead in giant oilfields” by Michael Theodoulou and Roland Watson.  It is well worth quoting at length:

 Iraq has oil reserves of 112 billion barrels, second only to Saudi Arabia, which has some 265 billion barrels…Iraq estimates that its eventual reserves could be as high as 220 billion barrels…Extraction costs in these giant onshore fields, where development has been held up by more than two decades of war and sanctions, would also be among the lowest in the world…it would take five years, at most, to develop the oilfields and Iraq’s prewar capacity of three million barrels a day could reach seven or eight million…

I remember reading that some Saudi oil emerged from the wellhead with sufficient pressure to pump itself onto the waiting tankers; direct production costs were measured in pennies and the only significant production costs were the investments in well-drilling and pipelines.  Let’s say for the sake of argument it costs $10/barrel to get the oil out, and oil is selling for about $30 per barrel.  Profits of $20/barrel x 5 million barrels a day in increased output equals $100 million in profits per day.  And $20/barrel  x 220 billion barrels of reserves: if you want to do the math, it’s profits (not revenues) of US$4 trillion.

Isn’t $4 trillion worth murdering, lying, and cheating for?  Isn’t it worth a few dozen wars that trample over the lives, health, wealth, and well-being of millions of people?  George Bush and the oil boys think it is.

And please don’t be fooled into thinking we have to go to war to “secure our oil supplies”. Saddam Hussein would like nothing better than to sell oil at the international market price until a glutted SUV sat in every garage in creation.  That oil is screaming to get out of Iraq and nothing will stop it.  Like Tolkien’s Ring of Power, the oil of Majnoon, West Qurna, and Nalu
Umar—names that should be carved on the tombstones of every victim of our 21st century petroleum crusade—has summoned up vast, powerful, and furious legions from every corner of the earth determined to descend upon Iraq and wrest the fatal treasure from the hands of that unlikely hobbit, Saddam Hussein.

We are not fighting for oil; we are fighting for the profits from Iraqi oil, and the power that comes with it.  We have already spent billions of dollars and thousands of Iraqi lives seeking to deny Saddam Hussein access to these profits, and now the Bush Administration petro-gangsters are ready to move in and seize these billions for themselves.

What we have here is simply a battle between two sets of gangsters: one weakened and isolated by two decades of war and sanctions but still clinging to its valuable turf, another greedy and emboldened and panting to initiate a gang war to seize it.

The lust for Iraq’s trillions have inspired a desperate push by Cheney, Rumsfeld, Perle, Wolfowitz, and company to get the war going before Bush’s popularity ratings sink to the point that even the Democratic leadership will dare to question our imperial bobblehead’s reasoning and competence, and challenge the illogic of our stated reasons for invading Iraq.

There has been a frantic roadshow over the last few weeks to assemble the Iraq invasion coalition, culminating in America’s apparent suggestion that the Iraqi people yearn for a Jordanian prince to rule their shattered and benighted land as a monarchy.   The same wishful thinkers who expect liberated Iraqis to compose ecstatic paeans in their honor promise the invasion will release a tidal wave of democracy through the Middle East (but presumably avoiding the Kurdish areas of Iraq, which we have assured Turkey will remain firmly under the thumb of Baghdad), whose mysterious agency will also solve the knotty Israeli-Palestinian problem as a lagniappe.  This sweaty salesman’s effort to be all things to all people, including bleeding heart liberals, signifies nothing more or less than the oil crew’s willingness to say or promise anything as long as the invasion can be launched as soon as possible.

Saturday, March 16, 2013

Just in Case You Needed Help Spitting Out Your Morning Coffee…

here’s today’s headline from the Los Angeles Times print edition

CIA sizes up Syria radicals for drone hits

For the webversion, the LAT went with the more conventional and presumably more accurate presentation:

CIA begins sizing up Islamic extremists in Syria for drone strikes

Syrian radicals of the non-Islamist extremist persuasion can, I suppose, breathe a sigh of relief that they do not occupy the “kill on sight” overlap region of the Arab/radical/Islamist extremist Venn diagram, at least as far as the US government is concerned.

As to the motivation for assembling “target packages” on drone-worthy individuals:

Identifying possible threats in Syria would be "a logical step if the policy community sends a signal that, 'Hey, you guys might want to think about how you would respond to a possible request for plans about how you would thin the herd of the future insurgency,'" said a former CIA officer with experience in the Middle East.

I assume the target audience for this article is not “Syrian radicals” or “Islamic extremists in Syria”, neither of whom probably has the inclination to enjoy the LA Times’ superior blend of world-class reporting, in-depth entertainment news, and punchy headlines.

It is probably the Gulf states, led by Saudi Arabia, which are receiving a warning that the fall of Assad to predominantly Islamist forces will not mean the end of Syria’s civil war, or US attempts to channel Syrian politics into more US-friendly channels.

In other words, that designation of the al Nusra Front as a terrorist organization—which appears rather nonsensical as the Front advances the US cause of removing Bashar al Assad through its bloody business-- is good for something.  It provides a continuing justification for US intervention a.k.a. "thinning the herd" even after the insurrection ends.

Considering that the United States has been unable to effect the removal of Assad, a secular authoritarian eager to do business with America, I wonder if US disapproval, as expressed by the occasional drone strike, will be enough to deter the Saudis and their Salafist assets in pursuit of their project of Sunni resurgence in Syria and Iraq.

China cyber-war: Don't Believe the Hype

I make some basic assumptions about the China cyberinstrusion issue:

First, that the Chinese program of industrial espionage, both conventional and cyber-based, is immense and it's gotten out of hand.  The previous justification--that, as a matter of national security, the PRC had to obtain by hook or by crook vital technologies that the West and Japan refused to share--doesn't hunt.   In my opinion, the PRC should unilaterally wind down the program without trying extract any concessions from the US in return.

Second, I do not think that the cyber industrial espionage issue should be conflated with the "cyberwarfare" scaremongering, which is a transparent exercise in budget and mission enhancement for the NSA and Pentagon, and a China-bashing hobbyhorse for cynical politicians.

Instead, I think the industrial/cyberespionage issue should be linked in the public sphere to the intellectual property issue--another area in which the PRC should be behaving better.

The infrastructure/military issue is too important and too sensitive to serve as public political fodder, and the US hands are far from clean in this regard--see Stuxnet.

Third, I would like to think that the Obama administration's thoughts run along the same track, but the cyber-train is getting hijacked by the cyberwar enthusiasts.  That's the approach I take in this week's Asia Times Online column, by parsing National Security Adviser Tom Donilon's speech at the Asia Society.

Fourth, bitching about Chinese state hacking is not going to solve the hacking/security problem.  The threats are coming from all over (look at Russia, not just China), and they are capable of challenging whatever defenses that nations, militaries, and corporations can come up with.

I think these points are ones that sober, pipe-smoking liberals can consider endorsing.

Here's the last point, which may be a little harder to swallow:

I'm a big believer in the open-architecture free-for-all, but the Internet is now government business, and governments around the world are going to do their best to control the Internet.

As viruses and exploits have proliferated and demonstrated their ability to elude detection programs, the reality of the Internet has evolved away from open architecture to a defensive architecture buttressed by state data collection, surveillance, and legal coercion meant to identify and confront threats.  It sounds like I'm describing the Chinese Internet, but I'm describing the US Internet as well.

I expect "freedom to connect" to survive as a convenient China-bashing talking point for the US government, but I expect the US military and security apparatus will become increasingly sympathetic to Internet-taming strategies by the PRC and other nations, so that threats can be identified, managed, and negotiated in coordination between capable state interlocutors and not left up to corporate players or the miraculous self-perfecting ecology of the untrammeled Internet.

Which is another way of saying get used to the Great Firewall in China and a less overt but similar pattern of data collection, monitoring, and threat identification in the US.  And get used to the PRC believing that US calls to get rid of the Great Firewall are simply hypocritical demands for unilateral disarmament and empty political posturing.

[This piece originally appeared at Asia Times Online on March 15, 2013.  It can be reposted if ATOl is credited and a link provided.]

The United States has made the interesting and perhaps significant decision to generate a crisis around Chinese cyber-intrusions as the Obama administration enters its second term. With its typical careful, methodical preparation, the Obama administration has been gradually rolling out the Chinese cyber-threat product since November 2011 with escalating evidentiary indictments of Chinese hacking, but without overtly linking these activities to the Chinese government or military. [1]

The most recent shoes to drop were the detailed brief drawn up by Mandiant Corp against the PLA's Unit 61398, allegedly the PLA outfit in the white office building in Shanghai's Pudong District that phished, lurked, and drained information from the New York Times and many other US businesses, and the subsequent calling out of the PRC by name for its cyber-sins by National Security Advisor Tom Donilon. [2]

People hoping for a reset in US-Chinese relations - including the PRC - may feel a twinge of disappointment that the United States has decided to hype another point of US-PRC friction.

Then again, there is the interesting question of whether the White House is trying to conduct a measured escalation, but is getting stampeded by the threat inflation/budget boosting priorities of the US national security apparatus and its eager handmaiden, the Western media.

Donilon came up with a nuanced approach to Chinese cyber-mischief during his speech to the Asia Society, which deserves to be quoted at length.

Bypassing the issue of cyber-spying against military and government targets that probably falls into the grey area of "everybody does it and why shouldn't they", and defining and limiting the issue to a specific and remediable problem - the massive state-sponsored PRC program of industrial and commercial espionage against Western targets - Donilon's framing placed "cyber-theft" in a category similar to the intellectual property gripe, also know as systematic piracy of US software, as an info strategy condoned by the Chinese government:
Another such issue is cyber-security, which has become a growing challenge to our economic relationship as well. Economies as large as the United States and China have a tremendous shared stake in ensuring that the Internet remains open, interoperable, secure, reliable, and stable. Both countries face risks when it comes to protecting personal data and communications, financial transactions, critical infrastructure, or the intellectual property and trade secrets that are so vital to innovation and economic growth.

It is in this last category that our concerns have moved to the forefront of our agenda. I am not talking about ordinary cybercrime or hacking. And, this is not solely a national security concern or a concern of the US government. Increasingly, US businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale. The international community cannot afford to tolerate such activity from any country. As the President said in the State of the Union, we will take action to protect our economy against cyber-threats.

From the President on down, this has become a key point of concern and discussion with China at all levels of our governments. And it will continue to be. The United States will do all it must to protect our national networks, critical infrastructure, and our valuable public and private sector property. But, specifically with respect to the issue of cyber-enabled theft, we seek three things from the Chinese side. First, we need a recognition of the urgency and scope of this problem and the risk it poses - to international trade, to the reputation of Chinese industry and to our overall relations. Second, Beijing should take serious steps to investigate and put a stop to these activities. Finally, we need China to engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace.

We have worked hard to build a constructive bilateral relationship that allows us to engage forthrightly on priority issues of concern. And the United States and China, the world's two largest economies, both dependent on the Internet, must lead the way in addressing this problem. [3]
This rather unexceptionable and reasonable demand that the PRC reign in its gigantic program of economic/commercial hacking, ie cyber-enabled theft as Donilon put it, and give US businesses a break, was not good enough for the Christian Science Monitor, which has apparently shed, together with its print edition, the sober inhibitions that once characterized its news operations.

The CSM's headline:
US tells China to halt cyberattacks, and in a first, lays out demands

Obama's national security adviser, Thomas Donilon, spelled out a more aggressive US stance on the cyberattacks, saying China must recognize the problem, investigate it, and join in a dialogue. [4]
Note in the CSM story the effortless slide down the slippery slope from cyber-theft to cyber-espionage to cyber-attacks (and for that matter, "should" and "needs" to "demands"). Well, fish gotta swim, birds gotta fly, and eyeballs have to be wrenched from their accustomed paths and turned into click-fodder.

And don't get me started on the Pentagon:
A new report for the Pentagon concludes that the US military is unprepared for a full-scale cyber-conflict with a top-tier adversary. The report says the United States must increase its offensive cyberwarfare capabilities. The report also calls on the US intelligence agencies to invest more resources in obtaining information about other countries' cyberwar capabilities and plans.

The Washington Post reports that the report says that the United States must maintain the threat of a nuclear strike as a deterrent to a major cyberattack by other countries. The report notes that very few countries, for example, China and Russia, have the skills and capabilities to create vulnerabilities in protected systems by interfering with components.

The report emphasizes that defensive cyber capabilities are not enough, and that the United States must have offensive cyber capabilities which, when needed, could be used either preemptively or in retaliation for a cyber attack by an adversary. [5]
Security consultant Bruce Schneier addressed the threat inflation issue (and the dangers of trying to design and justify retaliation in the murky realm of cyberspace) in a blog post on February 21:
Wow, is this a crazy media frenzy. We should know better. These attacks happen all the time, and just because the media is reporting about them with greater frequency doesn't mean that they're happening with greater frequency.

But this is not cyberwar. This is not war of any kind. This is espionage, and the difference is important. Calling it war just feeds our fears and fuels the cyberwar arms race.

In a private e-mail, Gary McGraw made an important point about attribution that matters a lot in this debate.

Because espionage unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind of forensic work that Mandiant did would not be possible. (In fact, we might just well be "Gandalfed" and pin the attack on the wrong enemy.)

Those of us who work on security engineering and software security can help educate policymakers and others so that we don't end up pursuing the folly of active defense.

I agree.

This media frenzy is going to be used by the US military to grab more power in cyberspace. They're already ramping up the US Cyber Command. President Obama is issuing vague executive orders that will result in we-don't-know what. I don't see any good coming of this. [6]
Not to worry, is the US attitude.

The United States apparently feels that it can "win the Internet" by harnessing the power of the invincible American technological knowhow to the anti-Chinese cyber-crusade.

In another of the seemingly endless series of self-congratulatory backgrounders given by US government insiders, the godlike powers of the National Security Agency were invoked to Foreign Policy magazine in an article titled Inside the Black Box: How the NSA is helping US companies fight back against Chinese hackers:
In the coming weeks, the NSA, working with a Department of Homeland Security joint task force and the FBI, will release to select American telecommunication companies a wealth of information about China's cyber-espionage program, according to a US intelligence official and two government consultants who work on cyber projects. Included: sophisticated tools that China uses, countermeasures developed by the NSA, and unique signature-detection software that previously had been used only to protect government networks.

Very little that China does escapes the notice of the NSA, and virtually every technique it uses has been tracked and reverse-engineered. For years, and in secret, the NSA has also used the cover of some American companies - with their permission - to poke and prod at the hackers, leading them to respond in ways that reveal patterns and allow the United States to figure out, or "attribute," the precise origin of attacks. The NSA has even designed creative ways to allow subsequent attacks but prevent them from doing any damage. Watching these provoked exploits in real time lets the agency learn how China works.
And amid the bluster, a generous serving of bullshit:
Now, though, the cumulative effect of Chinese economic warfare - American companies' proprietary secrets are essentially an open book to them - has changed the secrecy calculus. An American official who has been read into the classified program - conducted by cyber-warfare technicians from the Air Force's 315th Network Warfare Squadron and the CIA's secret Technology Management Office - said that China has become the "Curtis LeMay" of the post-Cold War era: "It is not abiding by the rules of statecraft anymore, and that must change."

"The Cold War enforced norms, and the Soviets and the US didn't go outside a set of boundaries. But China is going outside those boundaries now. Homeostasis is being upset," the official said. [7]
A more impressive and evocative term than "upset homeostasis" to describe the US cyber-war conundrum is "Stuxnet".

The Obama administration's cyber-maneuverings have been complicated and, it appears, intensified, by the problem that the United States "did not abide by the rules of statecraft" and "went outside the boundaries" and, indeed, became the "Curtis LeMay of the post Cold War era" when it cooperated with Israel to release the Stuxnet exploit against Iran's nuclear program.

That was a genuine piece of cyber-warfare, the effort to sabotage a critical military facility in a pre-emptive attack.

The Obama administration admitted the central role of the United States and President Obama personally in the Stuxnet attack, apparently in a desire to demonstrate his genuine, Iran-hating credentials to skeptical conservatives and national security types prior to the November 2012 presidential election.
And President Obama, in his usual thoughtful way, 'fessed up to the fact that it was the United States that started drawing outside the cyber-warfare lines, as the New York Times' David Sanger reported in his privileged account:
Mr Obama, according to participants in the many Situation Room meetings on Olympic Games [the Stuxnet program], was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyber-weapons - even under the most careful and limited circumstances - could enable other countries, terrorists or hackers to justify their own attacks.

"We discussed the irony, more than once," one of his aides said. Another said that the administration was resistant to developing a "grand theory for a weapon whose possibilities they were still discovering". [8]
Yes, the irony, if irony is defined as "the refusal to acknowledge that what you are doing is the precise opposite of what you are advocating that other people do."

The word "Stuxnet" does not appear in the official US lexicon of dastardly cyber-attacks, even though, in terms of its severity and irresponsibility (in addition to disabling the Iranian centrifuge facility, the virus spread to 100,000 hosts in 155 countries; oops!) it is truly the poster child for the dangers of the cyber-warfare option.

Instead, the US government has forcefully if not particularly effectively attempted to divert attention from Stuxnet to "Shamoon", a nasty virus that compromised office systems at a couple of Middle Eastern energy giants, Aramco (Saudi Arabia) and RasGas (Qatar) in August 2012, shortly after the Iranians started grappling with their Stuxnet problem.

As part of the Stuxnet misdirection, Shamoon has become the invoked cyber-attack bugbear of choice, despite the fact that, unlike Stuxnet, it was a very conventional hack that erased data from management computers and defaced homescreens with the taunting image of a burning American flag.

There is, of course, no discussion of the distinct possibility that Iran executed the exploit as a piece of cyber-retaliation for Stuxnet, and not as an unprovoked attack. [9]

Before President Obama acknowledged shared paternity in Stuxnet, the United States was engaged in negotiations with China on the very same cyber-warfare norms that exercised the anonymous source in the Foreign Policy article:
While no one has, with 100% certainty, pinned the Chinese government for cyber-attacks on US government and Western companies, in its 2012 report "Military and security developments involving the People's Republic of China", the US secretary of defense considers it likely that "Beijing is using cyber-network operations as a tool to collect strategic intelligence" ...

The report raises China's unwillingness to acknowledge the "Laws of Armed Conflict", which the Pentagon last year determined did apply to cyberspace ... [10]
Not unsurprisingly, post-Stuxnet the Chinese government has even less interest in the "Law of Armed Conflict in cyberspace" norms that the United States wants to peddle to its adversaries but apparently ignore when the exigencies of US interests, advantage, and politics dictate.

Instead, the PRC and Russia have lined up behind a proposed "International Code of Conduct for Internet Security", an 11-point program that says eminently reasonable things like:
Not to use ICTs including networks to carry out hostile activities or acts of aggression and pose threats to international peace and security. Not to proliferate information weapons and related technologies.
It also says things like:
To cooperate in combating criminal and terrorist activities which use ICTs [information and computer technologies] including networks, and curbing dissemination of information which incites terrorism, secessionism, extremism or undermines other countries' political, economic and social stability, as well as their spiritual and cultural environment. [11]
The United States, of course, has an opposite interest in "freedom to connect" and "information freedom," (which the Chinese government regards as little more than "freedom to subvert") and has poured scorn on the proposal.

The theoretical gripe with the PRC/Russian proposal is that it endorses the creation of national internets under state supervision, thereby delaying the achievement of the interconnected nirvana that information technology evangelists assure us is waiting around the next corner - and also goring the ox of West-centric Internet governing organizations like ICANN.

So the Chinese proposal is going exactly nowhere.

The (genuine) irony here is that the Chinese and Russians are showing and driving the rest of the world in their response to the undeniable dangers of the Internet ecosystem, some of which they are themselves responsible for but others - like Stuxnet - can be laid at the door of the US.

In response to hacking, the Internet as a whole has evolved beyond its open architecture to a feudal structure of strongly-defended Internet fortresses, with cyber-surfs free to roam the undefended commons outside the gates, glean in the fields, and catch whatever deadly virus happens to be out there.

In recent months, the word "antivirus" has disappeared from the homepages of Symantec and MacAfee as they have recognized that their reference libraries of viruses can't keep up with the proliferation of millions of new threats emerging every year, let alone a carefully weaponized packet of code like Stuxnet, and protect their privileged and demanding users. Now the emphasis - and gush of VC and government money - has shifted to compartmentalizing data and applications and detecting, reducing the damage, and cleaning up the mess after a virus has started rummaging through the innards of an enterprise.

In other words, the Internet fortresses, just like their medieval analogues, are increasingly partitioned into outer rampart, inner wall, and keep - complete with palace guard - in order to create additional lines of defense for the lords and their treasure.

In other words, they are starting to look like the Chinese and Russian national internets.

Despite the precautions, there will always be people vulnerable to social engineering (clicking on a dodgy attachment or link while at work), and there will always be more talented and motivated hackers. And maybe more talented hackers aren't even necessary.

Barbara Demick of the Los Angeles Times located the personal blog of a PLA cyber-drudge who, in addition to blathering about the presumably classified details of his hacking job (such as perfecting a Trojan known as "Back Orifice 2000"), moaned the boredom of hacking for The Man, and the embarrassment of looking like a loser at his high school reunion:
My only mistake was that I sold myself out to the country for some minor benefits and put myself in this embarrassing situation. [12]
Critical observers declared that the alleged PLA intrusions documented by Mandiant were conducted by the B Team, inviting the analogy that military hacking is to hacking as military music is to music:
Jaime Blasco, labs director at security tools firm AlienVault, described APT1, aka Comment Crew [which Mandiant associated with 61398], as one of the more successful hacking group based on the number of targets attacked - but not necessarily on the skill level of its members.

"APT1 is one of the less sophisticated groups," Blasco said. "They commonly reuse the same infrastructure for years and their tools are more or less easy to detect. The techniques they use to gain access to the victims are more based on social engineering and most of the times they don't use zero-days exploits to gain access." [13]
Even so, they were inside the New York Times for months (part of that time, admittedly, they were being tracked and analyzed by Mandiant).

Bottom line: attacks will happen, attacks will succeed, and reliable (or more likely, probable) attribution will emerge only in the days and weeks after detection (detection itself might be a matter of years) through the grinding application of forensics, correlation of information in massive databases, and anxiously parsing leads for reliability and to try and filter out dangerous disinformation.

Absolute cyber-safety, through defense or deterrence against an antagonist, is a chimera. The best hope for the Internet might be "peaceful coexistence" - the move toward cooperation instead of confrontation that characterized the US-USSR relationship when it became apparent that "mutually assured destruction" was leading to a proliferation of dangerous and destabilizing asymmetric workarounds instead of "security through terror".

Or, as the Chinese spokesperson put it in Demick's article:
"Cyberspace needs rules and cooperation, not war. China is willing to have constructive dialogue and cooperation with the global community, including the United States," Foreign Ministry spokeswoman Hua Chunying said at a briefing Tuesday. [14]
It looks like the Obama administration, by carefully and convincingly placing the cyber-theft issue on the table, might be working toward some kind of modus vivendi that leads to a joint reduction of Internet threats - dare I say, win-win solution? - with the PRC.

It remains to be seen if this initiative can withstand the pressures of the US military, security, and technology industries for a profitable threat narrative - and the Obama administration's own inclination toward zero-sum China-bashing.

1. If There's a War With China…, China Matters, February 20, 2013.
2. Exposing One of China's Espionage Units, Mandiant.
3. Remarks By Tom Donilon, National Security Advisory to the President: "The United States and the Asia-Pacific in 2013", March 11, 2013.
4. US tells China to halt cyberattacks, and in a first, lays out demands, Christian Science Monitor, March 11, 2013.
5. U.S. military “unprepared” for cyberattacks by “top-tier,” cyber-capable adversary: Pentagon, Homeland Security Newswire, March 6, 2013.
6. More on Chinese Cyberattacks, Schneier on Security, February 21, 2013.
7. Inside the Black Box, Foreign Policy, March 7, 2013. (subscription only)
8. US digs in for cyber warfare, Asia Times Online, October 13, 2012.
9. America Freaked Out by the Cyberboogeyman It Unleashed, China Matters, October 12, 2012.
10. US hopeful China will recognize its cyber rules, CSO, May 21, 2012.
11. China and Russia's 'International Code of Conduct for Information Security', .nxt, September, 2011.
12. China hacker's angst opens a window onto cyber-espionage, Los Angeles Times, March 12, 2013.
13. APT1, that scary cyber-Cold War gang: Not even China's best, The Register, February 27, 2013.
14. China hacker's angst opens a window onto cyber-espionage, Los Angeles Times, March 12, 2013.