I would really like to escape this sorry century and get back to something with a heroic scope and real consequences. I am on pretty solid ground so far, but I need additional information my Great Great Grandfather’s whereabouts after the Union humiliation at the Battle at Brice’s Crossroads, where the family DNA was saved from abrupt termination, and how GG Uncle Patrick got back in the fight against the Yankees at Peachtree Creek under mad Texan John Bell Hood.
Both of their service records are on their way form the National Archives, so expect more presently on the story of love and war.
I got sidetracked today with an inquiry from a staff writer at a major metropolitan newspaper. He was looking around for information and context and ran across the Socotra piece yesterday. He wanted to know the consequences for his audience so he could do an informative article, and wanted to know if I would mind chatting.
I had the time, and agreed. We explored some of the issues that are in play, considering what we know. I am not saying the Government is lying to us all, but they are certainly underplaying the full consequences of what happened in cyberspace, particularly as it applies to personnel in the Armed Services.
After giving him my bona fides, I said: “The technical term is that we are completely screwed.”
I am not alone in that assessment. The scope of the damage is still being investigated, of course, and the natural inclination of any bureaucracy is to defect blame. But if what we have been told is true, and the applications for security clearances in the Government have been compromised, along with the medical records of nearly half of all working-age Americans, we have got a real problem on our hands.
Several pals- grizzled veterans of the information operations and IT communities- chimed in with vigor and opened up some vistas I had not considered.
My pal in Tidewater said he had been talking to someone yesterday, and together they decided that the real issue is that, from a security perspective, you now have to assume two things:
1) The Chinese penetrated every data base (at least the unclass ones, but if you were prudent, you would assume all them, including the classified ones), and:
2) That they have spent a little time selectively corrupting some files. So, in short, not only can you not trust the system, but every single thing you pull from it is now suspect.
That was my feeling from the beginning, and that the matter of public trust is the first casualty in this active and hot cyber war.
And, of course, to extract this much data is not a matter of ‘dialing in,’ it is a matter of gaining access and leaving behind software that provides for data ex-filtration. We now have to assume that everything is tainted. Not that this is unexpected. As our pal who ran the NSA a couple cycles ago once he was in an information-security job on the outside noted a while ago, every corporate data system his people inspected- 100%- had been attacked and successfully hacked by the Chinese.
There were only two categories of companies- those that knew they had been hacked and those that were not aware of it yet.
All that is just on the commercial side, which includes identify theft for everyone whose social security number has gone missing, and fraudulent tax filings and all sorts of ordinary misery. That includes the Supervisory Control and Data Administration Systems (SCADA) that operate our infrastructure, including the electrical grid. Yike.
That would be bad enough, but there is much more that edges over into the matter of national survival.
My pal Santa passed along something from StratFor, the private intelligence analysis firm. I am not a huge fan of the company, but they hit this one right on. This has outed, at a stroke, the entire military counterintelligence community. What’s more, their opinion is that people in the government may not be the first targets. The hackers may be looking for ethnic Chinese first, in order to turn the screws. That is a classic modus operandi for their espionage services already.
I am sure there will be the usual cries of protest about profiling, even though it is completely valid. I have no answers for that, which is why Granny at the airport gets the pat-down in her wheelchair by TSA.
So what do we do?
My Tidewater pal says we need to start with three things:
1) We need to look into a law forbidding Chinese manufactured electronics (which, by the way, means all those neat attachments to all our smart phones, the chargers, the connecting cables to move pictures, etc., (all made in China) anywhere near USG systems or contractors.
2) we need to harshly punish folks in the USG to make a statement.
3) we need to work out a plan to retaliate – and then execute.
My pal at Mountain House mused that President Obama is considering considering retaliatory options, though he doubts that anything meaningful can be done. I mean, what would we do with a billion Chinese social security numbers?
In cyber warfare, he said, the advantage currently lies with the offense. That suggests the Chinese are vulnerable too. I know of several ways we could burn them, but all might be considered escalatory. I’m not sure tit for tat is enough, though.
This is so bad that I am pretty sure no one is going to acknowledge it. And that means we are in really, really deep kimchi. That is the truth, and we are going to have to live with the consequences.
Copyright 2015 Vic Socotra
Twitter: @jayare303