[ISN] Councils of War

From: InfoSec News (isnat_private)
Date: Wed Feb 06 2002 - 00:35:48 PST

  • Next message: InfoSec News: "[ISN] Airline Web sites seen as riddled with security holes"

    Forwarded from: William Knowles <wkat_private>
    The Atlantic Monthly
    February 2002
    by James Fallows 
    There is no mistaking the excitement in Washington when world news
    originates here. Through the second Clinton Administration it was easy
    to think that a drive down Highway 101 in the San Francisco Bay area
    brought one closer to the real centers of power -Oracle, Intel, Cisco-
    than a drive along Pennsylvania Avenue from the White House to the
    Capitol. In Silicon Valley and Seattle the technology industry's
    leaders talked about the "withering away of the state," and in
    Washington the arrival of technology-driven prosperity was the central
    fact of political life.
    However distant that seems now, the corrective reaction is, perhaps
    inevitably, going too far. I may be biased from having spent several
    years in Seattle and San Francisco before returning last summer to
    Washington. But now that the state is back, I am struck by the
    assumption here that if there is truly significant technology at the
    moment, it is the kind the military has used in Afghanistan. During
    the weeks when Taliban forces were collapsing, I did see three
    applications of technology with important economic, political, and
    even terrorism-related implications. Each was plain old civilian
    In one case the technology is e-mail, which has made possible the
    "open-source intelligence" movement. For decades diplomats and
    soldiers have bitterly joked that most important international secrets
    are likely to show up in the newspaper before they make their way
    through classified channels. Obviously, governments can still keep
    secrets. An illustration: three months after the terrorist attacks the
    Federal Aviation Administration was still enforcing strict "no-fly
    zones" -ones forbidden to private noncommercial aircraft- over three
    cities. Two were the terrorists' targets: Washington, the political
    capital, and New York, the financial capital. The third was ...  
    Boston. Not San Francisco, capital of the technology industry; not Los
    Angeles, capital of America's image-making industry; not Chicago,
    capital of exposed skyscrapers. I asked Steven Brown, the FAA official
    in charge of airspace, why Boston? Because the planes that hit New
    York took off there? He said, essentially, If you knew what we know,
    you'd understand. What he actually said was "The vulnerabilities in
    Boston, those known to the public and others, are unique." Until we do
    know what he knows, there's no choice but to take it on faith. Maybe
    this is where Dick Cheney has been.
    But the strictures secrecy requires can make it hard for armies or
    security units to get full, timely information in emergencies. One
    solution is to circulate non-secret information. In the mid-1980s the
    retired Air Force colonel John Boyd attracted adherents, especially in
    the Marine Corps, with his view that "fast feedback" loops were the
    key to military success. That is, the army that could observe and
    react to its opponents' movements the fastest would be the most likely
    to prevail. A young Marine captain named G. I. Wilson drew from Boyd's
    work the idea that the military should look for information as widely
    as possible. "It takes both unclassified open source resources and
    classified intelligence to win in today's information age," Wilson
    wrote in the Marine Corps Gazette in 1995, with Major Frank Bunkers.
    In practice "open-source resources" means what the best foreign
    correspondents and embassy political officers have always tried to
    keep abreast of, but on a bigger scale: reports in local papers,
    sudden changes in what's available in stores, snippets from the radio.  
    Over the past decade Wilson and his colleagues have set up several
    electronic networks. The largest, called Access Intelligence (AI),
    connects hundreds of people in the defense, intelligence,
    law-enforcement, commercial, and academic worlds. It works like a
    normal list server or electronic mailing list: one person posts a
    message and everyone else receives it as e-mail moments later. The AI
    network often produces a hundred or more messages a day; recipients
    quickly scan the titles for subjects they are interested in. Although
    many AI members have security clearance, the material posted is
    strictly "open source" publicly available news reports or personal
    observations. That way the question of violating security rules won't
    come up.
    AI has proved a valuable supplement to the slower, more controlled
    channels of official communication—much as cell phones did for many
    civilians on September 11. For instance, Rick Forno, a computer expert
    who helps to operate the AI list, was in a building overlooking the
    Pentagon; he posted real-time reports about areas of damage and
    unfolding events before some of them appeared on CNN. Wilson, who is
    now a colonel based at Camp Pendleton, has relayed messages to ships'
    crews during (pre-Afghanistan) combat operations. "I can tell them
    what's being reported here, and they compare it to what they are
    seeing," he told me recently.
    Open-source intelligence "frequently appears less valuable than
    classified information because it does not carry the classification
    mystique," Wilson wrote in 1995. "Because it appears less valuable, it
    is shared more freely and used more. The irony is by sharing it more
    the information's value and usefulness increases." Within the
    Pentagon, Wilson told me, reports that were posted on AI have been
    stamped with classified markings and used in briefings. An old trick
    of John Boyd's, Wilson said, was to get data into circulation by
    leaving it in "the head."
    Still, the AI network doesn't get respect. "It's not popular with the
    intelligence community, because it doesn't cost anything," Wilson told
    me. (Forno and Bill Feinbloom, a former Green Beret, run it as
    volunteers, and it is free to all users.) "But you've got about three
    hundred people acting as individual sensors, from a whole variety of
    backgrounds. I may say something that seems commonsensical to a
    Marine, but someone who's a physicist will come back and say no, it
    can't have worked that way."
    If the AI network is the application of e-mail to the
    military-intelligence business, a new company called Development Space
    represents the application of eBay to international aid. In the
    quarter century plus of the personal-computer age a few seminal
    applications have suddenly made computers necessities for new groups
    of people. The first was VisiCalc, the original spreadsheet program,
    whose introduction in 1979 gave small businesses a reason to own
    computers. The next was the coming of e-mail. And the most recent is
    eBay, the online auction site. Whereas Amazon.com, for instance,
    offers a faster, more convenient version of a familiar shopping
    experience, eBay creates something that didn't exist before: a
    self-policing worldwide market matching buyers and sellers of even the
    most obscure goods. I am generally skeptical of "perfect markets" as
    laid out in economics textbooks, but an eBay auction for a used car, a
    signed baseball glove, or a new digital camera comes close. Those who
    want to sell have the largest audience of buyers; those who want to
    buy have the largest selection to choose from; and each party can
    judge whether to trust the other by means of a rating system based on
    past transactions (and a cautionary label on those with no record
    Dennis Whittle and Mari Kuraishi, two employees of the World Bank who
    had served around the globe, decided in 1998 to try to match resources
    and need just as directly in the public sector. Their first approach
    was bricks-and-mortar: a one-day Innovation Marketplace inside the
    atrium of the Bank's headquarters, in Washington. Normally proposals
    for Bank projects wend their way through a tedious multi-stage vetting
    process. On this one day anyone who worked for the Bank could set up a
    little booth, science-fair style, and make a pitch for a project; at
    the end of the day a jury would award grants to the best ones. More
    than a hundred teams made presentations, and eleven got awards,
    totaling $3 million.
    Whittle and Kuraishi next persuaded the Bank to hold a two-day fair,
    with applications accepted from anyone who wanted to come and present
    an idea. More than 1,100 groups, from eighty countries, sent
    proposals. The heart of the program was letting people who knew
    firsthand about a local need or dream—a well, a road, a small
    business—explain what the money could do. A group of war widows in
    Bosnia, for example, offered a plan for a small, high-end knitting
    operation. The World Bank brought more than 300 finalists to
    Washington; and the forty-four winners got grants averaging just over
    $100,000 and totaling about $5 million. (The war widows won, and now
    they are prosperous, selling their output mainly to fashion houses in
    Europe and the United States.)
    Electronic publicity explains the tenfold increase in applications.  
    "Once this idea gets into e-mail circulation, it is amazing how fast
    it gets around the world," Whittle told me. "People who didn't have
    Internet access were contacted by those who did and encouraged to try.  
    One Turkish guy was strutting around like a proud father at a Phi Beta
    Kappa ceremony five of the finalists had found out about the program
    from him."
    Whittle and Kuraishi thought that if the concept worked despite the
    real-world impediments of getting applicants to one place at one time,
    it would work all the better if it were also implemented
    electronically. In 2000 they resigned from the Bank, and just as the
    Internet economy was beginning to falter, they created an online
    company, Development Space, which began operation last month. Like
    eBay, it is meant to let the "market" in this case for development aid
    clear at minimum cost and with little or no bureaucratic interference.
    People who want money for vaccines, for an orphanage, for a small
    factory can prepare online descriptions of their projects, with help
    from advisers, if necessary, in drawing up business plans.  
    Foundations and government aid agencies that intend to give money but
    also individuals who will give, say, $250 if they think it will help
    survey the projects and decide which to support. Various inspection
    and feedback systems will establish a track record, as on eBay, and
    follow up to see how the money was used.
    A number of environmental foundations have approached Development
    Space to explore using this platform to find projects to support. If
    America's past wars are any guide, huge amounts of recovery assistance
    will soon be headed to Afghanistan, Pakistan, and who knows where
    else. This model could be a lower-cost, better-targeted way of getting
    it there.
    Open-source intelligence and an eBay for foreign aid are extensions of
    the Internet's model of information flow. The third innovation comes
    from a company called Athena Technologies, and it's an extension of
    the ongoing hardware revolution.
    In 1992 a young South African named David Vos was preparing for his
    Ph.D. in aeronautical engineering at MIT. His dissertation project was
    to build a guidance system that would let a unicycle propel itself,
    with no rider. I have seen a videotape of his presentation. On an
    arctic day in Boston a shaggy, tired-looking graduate student in a ski
    jacket (Vos) hovers inches away from a unicycle, ready like a parent
    to reach out and support it. But the unicycle keeps itself erect and
    propels itself around a basketball court, responding to commands from
    something on top that looks like a cake box.
    The mechanism inside the box was Vos's achievement: a system of
    inertial sensors and quick-response motors that could detect changes
    in the unicycle's balance eighteen times a second and issue the right
    corrective command. A tricycle is of course inherently stable, and a
    bicycle has a kind of stability when moving. But because a unicycle is
    always trying to fall over, most people cannot react quickly enough to
    control it, and no mechanical device had previously been able to.
    Ten years later Athena, Vos's company, has produced a device that
    drives not unicycles or people, like the inventor Dean Kamen's highly
    publicized "IT" vehicle but airplanes, and with significant
    implications for defense. The device is known as GuideStar, and it is
    about the size of a car radio. Packed with inertial sensors and logic
    circuits, it is capable of detecting and reacting to changes fifty
    times a second and of flying aircraft that are too tricky or unstable
    for human pilots to control. Vos made another video to underscore the
    point. In it an odd-looking airplane one big wing and no tail sits on
    a runway. Without a tail an aircraft would be even more unstable than
    a unicycle and, according to simulation models, would require such
    constant and immediate adjustments that even a skilled pilot would
    quickly lose control of it. But in the video this jet-powered tailless
    plane zooms off the runway and then circles several times before it
    lands, to the joyous whoops of Vos's team in the background.
    GuideStar has civilian potential for instance, as part of the
    autopilot in small planes or airliners, permitting them to land in
    circumstances that overwhelm the pilot. Another device shown in Vos's
    videos suggests military and civilian uses alike. This is a vehicle,
    built by the Micro Craft company and guided by Vos's systems, that
    looks like a large smudgepot, with a cylindrical base and a vertical
    shaft, powered by a compact engine. It can take off straight up,
    maneuver itself around corners, travel at altitudes from treetop level
    to a few hundred feet, and land straight down. In the civilian world
    this could be a jazzy counterpart to Kamen's "IT" vehicle, delivering
    parcels rather than people. For the military it could also be a remote
    sensing device, far cheaper than current pilotless drone aircraft.
    But what Athena has been touting since September 11 is that its
    GuideStar controls could be programmed to prevent any airplane from
    ever going someplace it should not. No airliner, we can assume, will
    ever be flown into a skyscraper again: the passengers will not let it
    happen. But in theory it could still happen with a FedEx or a UPS
    cargo plane. The coordinates of restricted areas and important
    buildings could be entered into the new guidance system, which could
    thwart a pilot's attempts to divert the plane. In principle the system
    could land the airplane at a military airfield if it sensed abnormal
    What do these innovations have in common, apart from reminding us of
    the fecundity of the high-tech world despite the Nasdaq's slide? They
    show two crucial traits of the civilian tech world in general, and
    these traits distinguish them from most military technology.
    First, they are cheap. The open-source network is literally free to
    its users. Development Space plans to support the eBay model of
    foreign aid by taking a seven percent cut of all transactions, to pay
    for expert teams and authenticators much less than the overhead of
    most charities. The Athena controls are both cheaper and more powerful
    than current autopilots. "We come from the computer-industry mindset
    that the price has to keep going down," says Jeffrey Leonard, who is
    on Athena's board of directors.
    It is easy to forget how important the race to cheapness was in
    creating the technology boom. Indeed, the Internet's main business
    problem is that users think content should be free. The contrast with
    military technology is sharp.
    A B-52 bomber, for example, costs about $23,000 per flight hour just
    to operate; the B-2, which makes long treks to Afghanistan from its
    home base in Missouri, costs at least twice as much. During the Kosovo
    bombing campaign the United States reduced Serb defenses by firing
    HARM missiles, which lock onto the beam from a radar station and then
    destroy the station. The Serb army reportedly discovered that it could
    place microwave ovens in open fields and the HARMs would think the
    ovens were radar stations. Each oven cost less than $100; each missile
    it attracted cost $750,000. We pay any price for freedom, and the
    costs mount up. The idea of a race for cheapness has not spread from
    the civilian to the military world.
    Second, these innovations don't try to replace what is best about
    human judgment and intelligence. The most popular breakthroughs in the
    commercial-tech market have let people do more of what they have
    always wanted to do: buy, sell, interact, explore. Open-source
    intelligence and Development Space follow this model as well.  
    GuideStar does replace a human function, but a calculator-like one, at
    which machines should ultimately exceed human abilities as
    spreadsheets do, and language-translation programs do not. In
    principle the military would always prefer to use machines instead of
    men. Machines don't have grieving families; they don't need to be
    recruited and trained. Some of the most expensive boondoggles in
    military technology have involved attempts to mechanize the most
    sophisticated human abilities which include, surprisingly, the ability
    to detect patterns. Any human being can tell a camel from a car.  
    Designing sensors that can reliably do so is very hard. That is why
    even in the phenomenal rout of the Taliban army, the bombing became
    effective only after special-operations troops, on foot and on horses,
    were there to identify the right targets.
    This war began with a devastatingly brilliant bit of jujitsu, in which
    the very openness of our society and elegance of our technology were
    turned against us. The stages ahead will certainly call not for
    brute-force technical power alone but for a shrewd combination of
    human and technological abilities a lesson the military can take from
    the civilian world.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 04:07:36 PST