2016-12-13 The Congress, pundits and others are focusing on Russia and cyber and the recent Presidential election.
Before one rushes to ascribe real impact from this variable, it should be noted that Hillary Rodham Clinton lost in 2016 the same way she lost in 2008.
To quote Newsweek from 2008:
While Hillary turned out to be a much stronger candidate as time went on, one thing never changed: the sense that the Clintons felt they were owed the nomination.
By repeatedly moving the goal posts on party rules, sideswiping Obama at every turn, whining about rampant sexism on the basis of two or three anecdotes, and claiming that the Florida primary resembled the 2000 fiasco and a rigged Zimbabwe election, Clinton continued to reinforce the impression that she considered the title hers no matter what.
If the Congress wishes to focus on cyber threats to democracy, that is fine.
But just focus on the real issue: the need to shape comprehensive cyber defense.
In this piece by Secretary Michael W. Wynne, a way ahead which the Congress could focus upon is the focus of attention.
Cyber Security: Really Protecting Democracy
By Michael W. Wynne, 21st Secretary of the US Air Force
Summary: The CIA recently summarily accused Russia of hacking into the Democrat and Republican E-mails in an attempt, as they describe it, to bias the election.
The root of this issue is a total lack of protection that our leaders and technologists have offered users of every stripe on the internet.
This is unconscionable as a technology nation when we know with certainty that vulnerability is a choice, not a given.
What calamity will we wait for before we opt for a simple, permanent, cyber defense called analog?
Where are the innovators to stop the madness of trying to band-aid solutions, or re-discovering that hacking has occurred.
This problem has been known and understood since 1934, and the solution has literally grown up technically next door.
Because of Moore’s Law, both digital and analog devices have grown smaller yet more powerful.
We’ve tried digital; now let’s choose analog.
The pursuit of precise information regards Hackers as a art form, akin to looking for complex brush strokes to detect forgeries.
This latest allegation is curious, as it plays into an expectation.
That said, it is at heart an admission of a failure that started way back when Turing Computing was first designed and implemented.
Academicians knew at once that the Mathematics were imperfect.
They provided copious proofs about the flaws that would allow mischief into the fundamental Turing Machines.
Yet, this flaw was allowed to flourish, like an electronic disease, that really was able to multiply as flawed computing devices became interconnected, and multiply again as domains became interconnected; and now again as the Internet Of Things proliferates.
Also we have ample evidence of mischief, with early calls for cross border law enforcement; and our major computer makers working with Interpol to round up hackers.
State players as well began to employ hackers magnifying the myth of a null solution set, see ‘Hack the Army’ as the latest waste of capital.
We know very well that the best Hackers don’t fess up; they lay in wait for the order.
The current state is denial.
As society wallows in the deceit that a software patch can save the Turing Computing Machines that underlay the present internet, we find even senior security officials such as the Chair and Co-Chair of the Intelligence Committee espousing the thought that protection is simply unavailable.
Our technologists deny that they are capable of inserting a fix, while essentially destroying $18 Billion a year in capital knowing it is a fruitless pursuit to fix a hardware problem with software.
Corporate Boards are leery of liability, and thus either in denial or becoming part of the herd of software patch payers.
But society is slowly becoming aware that this is a scam, that they are riding an unending strife curve; and the alarms are beginning to sound as if the end of life as we know it is nigh again.
It is finally seeping into engineering and into systems design that those that have stayed with Analog are immune to this Internet, distant and malicious, threat.
Whether aircraft safety systems, or in some of the most carefully protected areas; suddenly what is old is new again.
Meanwhile, our Society awaits Armageddon, lamenting the lack of BIG IDEAS while one sits like the elephant in the room, let’s save ourselves from Cyber with Analog.
This means being protected using frozen (e.g.; non reprogrammable) complex analog circuitry mimicking and replacing currently installed Turing Computing Based internet appliances.
The National Institute of Standards has essentially declared out loud the futility of the many solutions it has encountered, citing the patience of the Advanced Persistent Threat in many papers.
It as well stipulates that many penetrants never realize for many months or years that a penetration has occurred, until it becomes advantageous for the agent to disclose the information or act maliciously on command.
At best, a separate patch unwittingly discovers the loss of data.
Many times the victim has no idea there was an issue.
Academics have known since 1934 that Turing computers were and remain inherently vulnerable to hacking as Godel and Keene Mathematically proved, and confidently expressed that proof in the years following.
The times were different; and computers were just aborning, and abandoning a rule of circuit design to firmly comprehend the relationship of every input to every output seemed acceptable when operating in isolation.
This is a marked departure than “crowd sourcing” corrections to flawed software, which by its very nature invites malicious activity, while waving the flag of cooperation and collaboration.
When it comes to National Security or to Public Infrastructure, this is flawed policy and needs to change dramatically.
Even the internet of things (IoT), now popular, requires re-evaluation when public safety in the form of vehicle control, or Grid, or Pipe, or Dam, is at risk.
We are increasingly desperate for leadership in Cyber Defense.
One who will say, ‘Enough is Enough” and refuse to accept designs that are inherently insecure.
We lean on our President, and President-Elect Trump has highlighted the need for Cyber Defense. he is aware of the suffering, and upset that there is whining but not solutions.
What then do we need, we need a academic or government research agency thought leader to certify the protective capability that the complex frozen analog appliance offers.
To be able to testify, if you will, that using frozen (e.g.; non reprogrammable) complex analog circuitry mimicking and replacing currently installed internet appliances satisfies the pent up desire for a corrective action against hacking.
In other words, we need designed in Cyber Security, not a software patch.
There will be upcoming congressional hearings into the latest allegations but if only narrowly focused will fail the historical challenge.
Political maneuvering and grandstanding is not a policy.
Addressing a fundamental redirection of systems for built in by design cyber defense is.
Let’s hope they demand action in the form of a commitment to stop the madness, and endorse the mathematically correct response, complex analog circuitry that has the capability to protect our democracy, our infrastructure, our intellectual property, and our ability to communicate freely.
Ask, why don’t our executive branch leaders demand that security be designed into systems?
Why don’t industrial leaders be held liable to loss of the future value through intellectual property loss, such that they demand an available solution?
Since it is now becoming known that vulnerability is a choice, not the standard, lets get on with the fix.
What calamity will we wait for before we opt for a simple, permanent, cyber defense called Analog.
Editor’s Note: Wynne’s appeal for the Congress to focus on the underlying challenge rather than shuffling political musical chairs highlights a strategic opportunity or failure point for the Congress.
A hearing that just focuses on the Russians will simply highlight the CIA and its institutional shortfalls versus the FBI which simply does not believe the CIA allegations, in large part because of the nature of cyber threats and how they are executed.
The FBI did not corroborate the CIA’s claim that Russia had a hand in the election of President-elect Donald Trump in a meeting with lawmakers last week.
A senior FBI counterintelligence official met with Republican and Democrat members of the House Permanent Select Committee on Intelligence in order to give the bureau’s view of a recent CIA report. The official did not concur with the CIA, frustrating Democrats.
The CIA believes Russia “quite” clearly intended to send Trump to the White House. The claim is a bold one, and concerned Democrats and some Republicans who are worried about Trump’s desire to mend relations with an increasingly aggressive Russia. The CIA report was “direct, bald and unqualified,” one of the officials at the meeting told The Washington Post Saturday.
The FBI official was much less convinced of the claims, providing “fuzzy” and “ambiguous” remarks.
For a look at the nature of cyber threats and the challenges which they pose by state actors, see the following:
For the past quarter century, we’ve tried digital; now let’s choose analog.