Pages

29 July 2014

The CIA Fears The Internet Of Things; Put Our Faith In Big Data — With Some Caveats

July 26, 2014 


So says Patrick Tucker writing in the July 24, 2014, online edition of DefenseOne.com. And, I think with good reason. More on that later. Mr. Tucker begins by noting that “the major themes defining geo-security for the coming decades were explored at The Aspen Security Forum, moderated by Defense One’s Executive Editor, Kevin Bacon. Dawn Meyerriecks, Deputy Director of the CIA’s Directorate of Science and Technology, said “today’s concerns about cyber war, — don’t address the looming geo-security threats posed by the Internet Of Things, the embedding of computers, sensors, and Internet capabilities — into more and more physical objects.

“Smart refrigerators have been used in distributed denial of service attacks,” Ms. Meyerriecks. “At least one smart refrigerator played a role in a massive spam attack last year (2013), — involving more than 100K internet-connected devices, and more than 750K spam emails.” She also mentioned “smart, fluorescent LEDs [that are] communicating that they need to be replaced; but, are also being hijacked for other things,” many of which I have written about on this blog several times.

“The merger of the physical and virtual is really where its at. If we don’t grok that — then we’ve got huge problems,” she said. Grok is a reference to Robert A. Heinlein’s 1961 novel, Stranger In A Strange Land, that describes the telepathic communion of thoughts, feelings, and fears,” writes Mr. Tucker.

“Smart clothing,” she said, “could create security and access problems, specifically for the CIA,” and, our Special Operations and Defense HUMINT operators overseas. “The same technologies that could allow millions to better monitor and manage their health, could create transparency and workplace problems, that “I don’t want to have to deal with.”

“It has a sort of science-fiction flare,” writes Mr. Tucker, “but, Ms. Meyerriecks says there is no excuse for being caught off-guard by technological events”; or, “punctuating technological disruptions,” that are clearly visible in trends today.

“The merger of biological and cyber, those will be viewed as disruptors; although, we all know they’ve been invested in for decades at this point. When someone finally figures out to productize it in a way.” By way of an example, Ms. Meyerriecks brought up the cell phone,” writes Mr. Tucker. “When it goes from the brick, to something I can’t leave my house without, then it’s disruptive.”

“In many ways, that day has already arrived” Mr. Tucker contends. Former Vice President of the U.S., Dick Cheney, recently told 60 Minutes, that he had a wireless pacemaker installed in his chest in 2007, that would have allowed his doctor to monitor his heart online. He didn’t enable the Blue Tooth broadcasting feature — for fear of it being hacked. We have a hard enough time securing computers on desks. We may face the risk of an entire generation of baby boomers becoming vulnerable to lethal cyber attacks — because of Internet-enabled medical devices.” How long will it be before we have our first murder by Internet?

The Economic War Is Afoot

“When asked if the U.S. is was already engaged in an economic war, with intellectual property as the prize”, Meyerriecks said “Absolutely, this is the case.” “That’s evident in the fact that the U.S. is now suing five members of the Chinese military [which I have written before was a huge unforced error], for what amounts to industrial espionage, stealing trade secrets for personal profit,” which by the way, has been going on for many, many decades. “It’s a lawsuit against individuals, but the Chinese government, as a whole, took it personally; and, suspended participation in a joint U.S.-China cyber-security working group.”

Quantum Computing Won’t Save You

“On our best year, we’re twenty years away,” Meyerriecks said of true quantum computing, — (defined roughly as computing that everyone in computer science can agree is actually quantum in nature, achieving entanglement). “When it happens, we have a huge challenge. We are making significant investments; and, paying a lot of attention.”

Steven Chan, the Director of Network Science Research Center at IBM, who joined Meyerriecks on the stage in Aspen, said “the search for the quantum Holy Grail was not only confused but, largely unnecessary. Quantum is generally referred to as computation that takes advantage of the unique behaviors of quantum bits, or quibits, to represent information in multiple ways, as opposed to ones and zeros.” “Nowadays.” he said, “we can do custom chip design so we can use binary rules but three digit representations that get basically the same value, with fewer digits, which saves computational cycles.” Quantum encryption also could make penetration of the adversary’s networks much more problematic.

Put Your Faith In Big Data

“The threats and the opportunities [with respect to] technological acceleration — occupy the same space,” wrote Mr. Tucker. When asked about the major investment areas of the future, Lynn Dugle, a Vice President at military contractor Raytheon enthusiastically offered up big data; and, described the “opportunity to know things, through cyber analytics, through personal analytics,” wrote Mr. Tucker. Ms. Dugle cited a common industry forecast that more than 50B machine-to-machine connected devices will inhabit the globe by 2020 (according to figures from Cisco), versus approximately 13B today.”

“Calling Big Data a big opportunity has become almost ‘glib” according to Meyerriecks. “But, its an area where the CIA is also focusing its major investments; and, building the capability to do the sort of highly-targeted, individual specific data collection that would make today’s NSA activities look positively quant. It’s big data that “dwarfs today’s Twitter feeds,” she said, and emphasized that it was data specific to an individual, not everyone, “that’s targeted collection. Not random collection.”

Over-Reliance At The Alter Of Big Data Will Have Some Unpleasant Shortfalls

Maybe it is just me; but, I really wasn’t all that impressed with this discussion. Fearing the Internet of Things — by the Intelligence Community is certainly warranted. The benefits versus the costs are probably a wash. The Internet of Things will open so many new possibilities, new areas for exploitation, and avenues of approach to difficult and hard intelligence collection targets. The vulnerabilities are boundless, and the opportunities for denial and deception, false-flag operations, etc. may just be the ticket to deep intelligence penetration of the target; and, will likely provide numerous opportunities to prompt the adversary into making a move that will inadvertently expose signatures that we might have been otherwise unable to get.

But, these same vulnerabilities will also expose us to the same techniques, tactics, and operations. It is getting exceeding difficult to maintain deep cover, as digital exhaust, digital fingerprints, digital ‘DNA,’ facial recognition, body-scanning at airports, drones, and other biometric signatures are making identity management challenging to say the least.

Big-data mining is also no panacea and also fraught with its own vulnerabilities. Nonetheless, it seems that big data is all the rage and may well take us down the primrose path. One has to expect the adversary to get much more sophisticated about what the put on computer systems, such as data that is made to look authentic and accurate — only to contain the seeds of falsehoods and deception like the Germans suffered as a result of Operation Mincemeat.

As Matt Asay wrote in the July 24, 2014 online edition of InfoWorld.com, “those who do data science well — blend statistical, mathematical, and programming skills with domain knowledge, a tough combination to find in any single person. “Of these,” Mr. Asay says, “I’d argue that domain knowledge matters most, as it leads to the process of getting value from data, Gartner analyst Svetlana Sicular hints:

— “Organizations already have people who know their own data better than mystical data scientists….Learning Hadoop is easier than learning the company’s business. What is left? To form a strong team of technology and business experts and supportive management who create a safe environment for innovation.”

“The “safe environment for innovation” is one that affords data practitioners room to iterate.

Mr. Asay contends “there are at least two major problems with big data projects.” “The first,” he writes, “is that many companies consider them, well, project. Big-data isn’t a one off project: It’s a culture of collecting, analyzing, and using data. As Phil Simon, author of “To Big To Ignore: The Business Case For Big Data,” told Mr. Asay, “Do you think that Amazon, Apple, FaceBook, Google, Netflix, and Twitter do? Nope. It’s part of their DNA.”

“The way it becomes DNA, however, is the second detail that trips up companies getting into big data. They think it’s a technology issue. While most great big technology is Open Source, building out a big data application isn’t as simple as downloading Hadoop, or the NoSQL database of your choice.” As IDC analyst Carl Olofson highlights: “Organizations should not jump too quickly into committing to big data technology, whether Hadoop or, otherwise, as their solution to a given problem, but should consider all the alternatives carefully, and develop a strategy for big data technology development.”

“Such careful consideration happens,” Mr. Asay argues, “by iterating. Rather than paying a mega-vendor a mega-check to get started, (do this and you’re absolutely doing big data wrong), the right approach is to start small. As Thomas Edison noted, the trick is to fail fast, or as he says, “I have not failed. I’ve just found 10,000 ways it won’t work.”

Mr. Asay concludes, “agile iteration, in other words, is the heart of innovation today. While technology facilitates this shift, it’s more a cultural shift than a technology shift. To innovate, you and your company need to start thinking of data as an essential ingredient to your day-to-day business, not a point project you code, then move on. So long as you recognize that this culture will take time to build and accommodate plenty of failure along the way, you too can make big data into big business like FaceBook and Google do.”

One last thing, if we haven’t developed a sophisticated Open Source Tradecraft for our analysts and collectors — we are behind the curve. The black and grey Internet world is full of charlatans, thugs, and deceivers — who would nothing more than corrupting and infecting our precious data — with faulty — but, sophisticated information that could lead us to false judgments and false conclusions. We need a sophisticated Open Source Tradecraft regimen that examines that domain in exquisite ways — to both ferret out the “bad” data, as well as develop our own — for offensive and denial/deception purposes. V/R, RCP

No comments:

Post a Comment