We all have needs, we all have identities. It is important to us, as it is for many others. No one debates or disagrees with it. Yet what to do when identity hinders us? When we see the Washington Post (at https://www.washingtonpost.com/world/national-security/former-nsa-deputy-is-mattiss-leading-choice-to-head-the-spy-service-if-it-splits-from-cyber-command/2018/10/05/1be8d7a8-c73d-11e8-b2b5-79270f9cce17_story.html) giving us ‘Former NSA deputy is Mattis’s leading choice to head the spy service if it splits from Cyber Command‘, we need to consider the impact of identity, corporate identity, governmental identity, military identity, projected and presented identity. They are not the same and can vary to a much larger degree. When someone is part of what used to be referred to ‘No Such Agency‘. We will get the impact of identity; we all know that and many faced it too. Look at any friend or co-worker you have ever known and ask him/her about the impact of a merger and they will tell you, there are changes. Some are subtly, some are not noticed, yet others are, usually in infrastructure and the way things were done. Now the change tends to be for the good in the long run but that is not a given.
So what gives?
It is my personal observation and a highly speculative one at that. Yet I believe that the Washington Post giving us: “The current head of both organizations, Gen. Paul Nakasone, has urged Mattis to keep the NSA and U.S. Cyber Command under one leader on the grounds that the nine-year-old military organization is not ready to stand on its own, these people said. In recent weeks, Mattis was close to a decision to separate the leadership arrangement, but Nakasone’s counsel has caused him to reconsider, according to two U.S. officials. The officials spoke on the condition of anonymity to discuss sensitive internal deliberations“, is not entirely accurate. I believe that ‘military organization is not ready to stand on its own‘ is not the setting that matter. I believe that Stratfor who gives us ‘A New, More Aggressive U.S. Cybersecurity Policy Complements Traditional Methods‘ is very much at the heart of that. I believe that the general is not ready or perhaps unwilling to set the offensive and aggressive part in motion. Now, this is no bad reflection on the general, let that be a first. He is well decorated, he has seen the field in many ways and he has done a fair share of field events. He has earned his rank. I merely wonder that a man who has seemingly played a defence and protection game is the man for the offense. I think that this is a football moment, and as a non-football expert (and a 49ers fan) I would compare the General to DeMarcus Lawrence from the Dallas Cowboys against what the US seems to demand is a Derrick Henry (Tennessee Titans), or even a Tom Brady (New England Patriots), roles that are not really moveable. Even as a Quarterback might become a really good Derick Henry that Quarterback will never become a DeMarcus Lawrence. The defence and offense game is that far apart. This is where Chris Inglis comes in. He is an analyst (at heart), he is used to counter offensive strategies and introduce strategies of his own (effective one’s mind you). I believe that this is the game that is in the open at present and these two will need to find a way to make it work. Not merely because it is good for the needed strategy, but because the segregation of the two elements might hurt U.S. Cyber Command in a few ways, not merely funding, but the elements that U.S. Cyber Command currently have access to will partially fall away and getting two infrastructures like the NSA is unyielding, unaffordable and in the end will introduce flaws and dangers on both sides of the isle making the setting (as I personally see it) a non-option right of the bat. Stratfor gives us a few other items.
One of them is “A best-case scenario for a U.S. cyberattack would be disabling computer systems and networks being used against U.S. interests to prevent an attack from happening or to disrupt an attack that is in progress“. The problem there is that some of the opponents are getting to be really good at what they do and a few of them are not state driven, not by any state changing the dynamics of the solution. Even as I discussed the hop+1 strategy almost three years ago, settings like that require an expert layer one knowledge and the players cannot both have these experts changing the needs of the infrastructure overnight.
The second consideration is: “Perhaps the main challenge to U.S. engagement in tit-for-tat cyberattacks is that the United States is by far the biggest target for such attacks“. That might be true but that goes beyond mere true enemies, it includes a truckload of students wanting to finger the man (or is that giving them the bird)? Do they really want to waste resources to those people whilst the US has actual enemies in the world?
The larger issue is seen with: “Discussing the strategy, national security adviser John Bolton hinted that the administration had already taken steps to bolster offensive efforts in recent weeks, warning that the United States is no longer just playing defense when it comes to cybersecurity. But despite the Trump administration’s more hawkish tone regarding cybersecurity, it will continue mainly to rely on traditional measures such as the legal process, regulations and cooperation with the private sector when it comes to cybersecurity” It is here when we get the consideration of the resources required. The defence, offense and legal sides of it all becomes a real mess if the two split up giving the chance that targets and issues walk away on technicalities. How does that help?
The strategy s even more profound when we consider “Clandestine, discreet attacks are certainly already key elements of U.S. cyber tactics. There have likely been more examples of U.S.-launched attacks that have not come to light, perhaps because they were never recognized as cyberattacks. While the less known about U.S. cyber capabilities, the more effective they will be when deployed, this by definition limits the deterrence value of U.S. cyber capabilities“, at this point is the setting of ‘discreet’ that comes into play. With the two separated they will get into each other’s fare waters and more important give accidental light to the discreet part of the operation, there will be no avoiding it, only the most delusional person would think that it does not get out when more than one player is involved, because that will always introduce a third item being the intermediary, the cold war taught many players that part of the equation. And that is even before we get to the statement: “recent cases like the September indictment of North Korean cyber operatives, which displayed heavy FBI reliance on private security firms such as Mandiant and Alphabet to collect technical evidence and carry out investigations“, now we see the folly as Mandiant and Alphabet are mentioned, the entire matter grows further as soon as Constellis becomes part of the equation. That is beside the point of realising (highly speculative on my side) that neither three Mandiant, Alphabet and Constellis have the required safe servers in place to prevent names, places and facts from going out into the open. I might not be able to get in, but there are dozens who will get in and that voids the security of the matter to a much larger degree. For arguments sake I will leave Booz Allan Hamilton out of that equation, they have been snowed on long enough.
And even as we see the instance of legal preference, the US must realise that any attack from state or non-state parties in China or Russia has close to 0% of being successful (outside of the exposure part), the entire matter in case of the OPCW in the Netherlands is one. An attack was thwarted, yet was it THE attack? The guardian article (at https://www.theguardian.com/world/2018/oct/04/visual-guide-how-dutch-intelligence-thwarted-a-russian-hacking-operation) reads nice, and we see all these facts and from my point of view, things do not add up. You see, I would have used the car that we see mentioned “In the boot of their car was uncovered an arsenal of specialist electronic Wi-Fi hacking equipment” as a fire and forget consumable, use it as an access point, segregating the hacker from the accessing unit. When you have (as they stated) “cash: €20,000 and $20,000” getting a second car far enough to access yet not be directly linked is seemingly easy enough. Then there is the setting of the photo at Amsterdam’s Schiphol airport. I am not debating the issue of the photo, it seems genuine enough. In this operation they did not fly to Germany and took the train, or take a car and cross at Oldenzaal, Emerich, or even via Belgium and enter via Antwerp, or Eindhoven. It almost read like they wanted to get noticed. They know that Amsterdam Airport is high tech and nothing escapes their camera eyes. To me (a paranoid me) it comes across as ‘Where did they not want us to look‘. A mere sleight of hand deception, and again the entire GRU mention. A phone outside of that building and they had the taxi receipt? No one merely driving them to the airport in Russia or even them taking a bus from any hotel in Moscow. No a taxi receipt of all things, is anyone buying that? So in this it is not the Dutch, it is the Russian side that makes no sense at all.
How did I get there?
This is the initial setting of offense and defence. The proper application of strategy in all this matters, because we seem to undervalue and underestimate the need of either in all this. Because we get to push a button anywhere and anytime we seem to underestimate on what is recorded, what is collected and what can we verify. That entire mistake is how any offensive strategy can optionally become folly from the moment the instigation of ‘press any key‘ to start gets us. Proper offensive is not about doing what needs to be done, it is about being able to prove who did what. Perhaps Sony remembers that part as they were given that it was North Korea did something, whilst their computers were not even close to PC gaming ready, the mere processor, which was about 25% (at best) of a 1994 Silicon Graphics Indigo system is not the system that gives you what you need to hack the night away. The tools are equally as important as the access and ability to negate identity. When you see that part, the entire hop+1 intrusion path makes a lot more sense.
This now gets us to the end of the Washington Post, where we were treated to: ““As the build of the cyber mission force wraps up, we’re quickly shifting gears from force generation to sustainable readiness,” Nakasone said in a statement in May. “We must ensure we have the platforms, capabilities and authorities ready and available” to carry out successful cyber-offensives. Some former senior intelligence and defense officials oppose separating the “dual-hat” leadership arrangement, including former NSA Director Keith Alexander, former Director of National Intelligence Mike McConnell and former Defense Secretary Robert Gates. This week, former CIA Director David Petraeus, a retired Army general, said during a Washington Post cyber summit that he’d keep the dual-hat arrangement “for the time being.”” It is not merely the ‘we have the platforms, capabilities and authorities ready and available‘, you see, when we get to capabilities we see the need of offensive players and even as Cyber command might be aces in their field, the offensive game differs to some degree and even as we see that they are way above the student levels, we get back to the Football equivalent you see the application of defence and offense. It is not DeMarcus Lawrence versus Derrick Henry, the question becomes can DeMarcus Lawrence be a Derrick Henry that is good enough, that is the battle within. The mere realisation that if you fail this when the offensive is broken into a train wreck that makes the limelight in every paper, that is the game that is the dilemma that Gen. Paul Nakasone faces as I personally see it.
And when we see Stratfor with the one little gem we did not consider, the mere proposed fact that North Korea has a mere 9,000 IP Addresses, do you really think that they could have done this all, or are we in a setting where someone had the ability to act on BGP hijacking and was able to mask it to the level it needed to be masked at, because that was the offensive play that needed to be considered and there was no way that the evidence had been uncovered to that degree with a backdoor could be removed with a simple reset of routers.