Asymmetric Cyberwar

From today's Washington Post:

National Security: Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say

While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid. And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks.

Officials in government and the utility industry regularly monitor the grid because it is highly computerized and any disruptions can have disastrous implications for the country’s medical and emergency services.

Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities.

The facts do not come out until paragraph three, preceded by very scary headline and paragraphs 1 and 2. The laptop was not connected to operations. It could have been infected by an employee viewing porn sites. The infection contained at least a snippet of code attributed to Russian origin.

I'm willing to believe that the malware found was of Russian origin. But hackers share malware freely and excerpt and morph it to fit their needs. The Stuxnet virus, supposedly of US Government origin is like that. Finding a snippet of Stuxnet code on an infected computer today is very weak evidence that the US Government put it there.

Here is my central point. Bad guys can very simply and cheaply use hacking to spread fear in out country, and to erode trust in our institutions, and to cause us to spend our money foolishly. Measured in terms of money, it is asymmetric to the extreme. Security vendors salivate over prospective sales of $100-$150 billion in smart grid or cyber security hardware and software. It might have cost the bad guys less than $10 to get the malware on the Vermont computer. That suggests a leverage of 10,000,000:1! Readers may wish to argue for a lower number, perhaps 1,000:1. But we should all agree that the gain is very much bigger than 1, thus asymmetric in favor of the attacker.

Next, I think back to the so-called Strategic Defense Initiative of the Reagan years (known as Star Wars). It has been said that Star Wars was the straw that broke the back of the Soviet Union. Perhaps Star Wars was genuine, or perhaps it was an insanely successful ruse. No matter. That little packet of information, true or false, achieved what 30,000 nuclear warheads over the span of 40 years did not accomplish. It was asymmetric to the extreme.

It seems entirely plausible that the Russians, North Koreans, Iranians, or other enemies can have a field day practicing asymmetric cyberwar with the USA. The beauty of the scheme is that they do not need to ever succeed in causing a blackout or anything else with physical reality. All they need to do it to destabilize our society with anxiety. If we accept that the Russians did meddle with the US election, then destabilization rather than electron of Trump seems to be a much more believable motive. Hundreds of millions of Trump opponents, still stinging with disappointment, are willing to jump on that destabilizing wagon at this moment in time.

It may be true that the USA is much more skilled than any other country in offensive cyberwar capability. But it is also true that we are more vulnerable because (a) we are so computer dependent, and (b) because our free speech traditions allow the media megaphone to amplify fears and concerns. The USSR in the 1980s was vulnerable in different socioeconomic ways. Star Wars was merely the trigger, not the total cause of Soviet Union collapse.

What can we do? We can't repeal the 1^st amendment. But we can and should solicit the cooperation of the media. Using today's Washington Post article as an example, all that would be needed would be to to make the raw facts appear first. Make facts the first paragraph and the headline. The authors would still be free to embellish the facts with speculation about scary possibilities, but the editors could simply move those to paragraph 20 of the story. It is ironic to note that other countries with weaker free press traditions (including much of Western Europe) would find it easier to do than we would.

It is my opinion that if we could accomplish that simple change in how we emphasize and highlight information, that the USA.

There are also other things not related to cyber security that we can do to make ourselves less vulnerable, but I'll leave those for another day.

Radical Changes We Can Agree On

Umatilla, FL

Love it or hate it, Donald Trump will be President and he intends to make major changes.  Most of his changes will be loved by some and hated by others.  I would like to focus on two really big reforms that he could do that I thing most of us, liberal or conservative, could agree would be improvements.

Move agencies out of DC

Trump promised two things, first to “drain the swamp” and second to put the coal miners in WV and OH back to work. But many coal burning power plants have already shut down permanently, and no government actions will re-open those coal mines. One small step we could take would be to move EPA to West Virginia. Presumanly, many EPA employees would refuse to move there, so we could hire WV and OH people to take their places.

In terms of making government accountable to the people, it makes perfect sense to staff the government with people who are closest to those directly affected by government actions. I think that sentiment should appeal to liberals and conservatives alike.

But don't stop with EPA. Trump could move all executive branch offices to locations around the country other than Washington DC. That would naturally lead to staff profiles that reflect the public, and not an overreaching ruling class. I believe that it is pretty obvious that much of today's resentment of government rests on the public's perception that federal employees have been evolving into an arrogant and privileged ruling class.

Make the law WYSIWYG (what you see is what you get)

For 230 years, our system of laws more-or-less works like this. Congress drafts a law using lawyer's language and passes it. Laws are seldom repealed but new laws add features or override meanings of older laws. Then courts interpret what the laws mean and at times strike down portions of laws. The court's product are decisions. Then regulators create regulations which are supposed to put flesh on the skeleton of laws. For a citizen to know what he is or is not supposed to do, he is required to read and understand the entire history of laws, court decisions, and regulations. No mortal can do that so we need armies of lawyers.

Now, if Trump is making radical changes, especially in this digital age, imagine this:

• The Law of the Land (TLOTL), should be written in plain language that every citizen can and should read and understand without assistance from a lawyer. It will be posted on the Internet, and fully searchable.
• The online version should include revision marking. For example, that previous versions of the law can be made visible in red strikeout fonts green underline text . Proposals for future changes can similarly be identified by color and font in terms of proposed changes in text wording changes.  
• The Internet site displaying TLOTL will also provide for citizens to comment on passages, and to start discussions.  People viewing TLOTL can choose to see or not see the comments.  Comment management will be difficult.
• We will not pass additional laws, we pass edits or revisions to TLOTL text.
• Regulations and court decisions are not in addition to TLOTL they modify the text of TLOTL. 
• We will no longer allow district or regional courts to make local decisions that have the effect of making the law of the land different in different places in the country.
• TLOTL repeals and supersedes all prior laws, regulations and court decisions. TLOTL will be the one and only place to look to see what is and is not allowed or required. No documents, other than The Constitution and TLOTL, will have force of law.
• IRS and the tax laws plus 70000 pages of tax regulations are too complex to translate to plain text. Repeal and replacement of all existing tax laws will be reuired, not just in words, but also in detail. We need to re-think taxes from the ground up and to put millions of tax lawyers out of business.
• Expressing TLOTL in plain text will have the profound effect of ending government micro-management of its subjects simply because it can not be millions of pages long. The law of the land will have to be more general and less specific than existing laws and regulations. All three branches of government will have to adjust to that. On one hand, that seems to give government more power, but on the other hand it will greatly reduce government interference into the daily lives of everyone.   
• Transition from the status quo to TLOTL will be very difficult. The easiest way to start would be with those agencies that relocate from DC and who re-staff.  Instead of undoing existing regulations one at a time, they would focus on the TLOTL expression of what they think the agency should do.  Achieving that for a few agencies within the next 4 years would be a major accomplishment.

Local Nature

Umatilla, FL

Last night was the first rainstorm since we've been here.  I never heard of rain coming so fast and forceful as it did.  Even though the storm lasted only 20 minutes, we got 1.5 inches of rain.  I think 1.0 inches of that in 5 minutes.   The lawn was a mess.   At one of the buildings I saw a delta of 3/4 inch crushed stones moved more than 3 feet away from the bottom of a downspout.  Man when it rains here it really rains.

Here are a few shots of the delightful local nature.   The first three were taken on the Florida National Trail in Ocala National Forest.  This area is quite unlike southern Florida.

This is Lake Pearl as seen from this RV park.  It is on the shore of the lake where I go before dawn each morning to do my workout.  Watching the sky redden then brighten is a delight.   Sometimes the lake is like a reflecting pool.  Other times, the mist rises from the lake surface to create fog.

Libby shot this pic of me working out.

My Dilemma

Umatilla, FL

Regular blog readers already know that Libby and I are spending much less time on the boat than before.  Also, that we are extremely reluctant to admit to ourselves or anyone else that we are giving up the cruising life.

I said that this winter's stay in the RV park is only an experiment.  Well, the experiment is successful.  We both like it here very much.  To me, it is especially pleasing to see Libby enjoy the pleasures of gardening, decorating, cleaning, and cooking.  It would be fair to call it nesting.  Merely having more space and also being on land offers much more opportunity to do that kind of stuff than living on the boat.  On the boat there is no real gardening, there is no furniture to rearrange, there is very little wall space to decorate, and so on.

We plan to sail to the Abacos next spring with Waves of Grace and Vixen.  What happens next?   Libby very sensibly suggested that we make Lake Champlain the year round base for Tarwathie, and that we find winter storage space for the boat up there.  That allows us the part of cruising we love most; on our home waters of Lake Champlain.

But if we do that, it becomes clear that we will cruise only 3 months (maybe 4) of the year, and leave Tarwathie on the hard for the rest of the time.  That is the part that has me worried.

Any cruiser will tell you that a boat begins deteriorating the first day you place it in storage.   Storing it in freezing temperatures during the winter magnifies that problem many fold.

Recently we've hear from friends on W32 Calypso about major projects that they are working on because of leaks.  Ditto our friend Jay on W32 Pygmalion.  Jay too had a leak which caused damage forcing him into a major renovation project.  So far, on Tarwathie, we have been blessed by never having a major leak.  We have never removed the chain plates or port windows for re-bedding. Tarwathie really has been an exceptionally fit vessel.

The reality I foresee is that 8-9 months storage in cold weather for several will undoubtedly lead to leaks, rot, and major renovation projects for Tarwathie.  In addition, in the next 5-10 years we will probably need new standing rigging, new main sail, new electronics, new barrier paint.  It would also be wise to replace the bowsprit and boomkin  with stainless steel upgrades before rot sets in and we are forced to do it.

I'm also humbled by the extent that our recent major project to paint the topsides, exhausted us.  The fact is that we are getting too old to handle major projects ourselves, nor do we live close enough to a boat yard where we can pop over there and do work on the boat once or twice a week.   If we keep Tarwathie in Vermont, and can use her only 3 months per year, we will not be happy to fit in occasional 1-2 month renovation projects.   When you live on a boat for 12 months, 1 month of maintenance work is not such a big fraction of your time.   That makes maintenance easier for full-time cruisers.

If we sell Tarwathie now, she is in excellent sail-away condition.  If we continue for 5-10 years with long annual storage periods, the eventual sail will be a distress sale, and with or without sale we will be distressed for allowing her to deteriorate.

My head is pulling me one way.  My heart is pulling the other way.  Libby's heart also pulls the other way, but she does not appreciate the future problems I foresee.

Dilemma.

Wind Scales

Umatilla, FL

I presume that you have all heard of the  Beaufort Wind Scale.  It is a practical scale that allows you to estimate wind speed based on visual clues while at sea.

For example,

\

We never got used to the Beaufort Scale.  I guess the reason is that we spent most of our sailing time in force 3, 4 and 5 condisions.  Tarwathie's former owner told me a story of being out there in Force 10 with the wife and children on board.  No thank you.  

The highest winds we have seen at sea is force 7 (28-33 knots).  That can be terrible or comfortable depending on the circumstances.  For example, we once sailed from Fort Meyers to Marathon in 30 knot winds.  The whole time we were in the lee of the land, so waves were small.  The angle of the wind on the beam was also just right. We just flew with no discomfort at all.

On the other hand, both Libby and I have become experts at reading the water surface in the range 7-20 knots.  I believe that we can name the wind speed in that range with an accuracy of 2 knots 80% of the time, and with an accuracy of 1 knot 50% of the time.

On Valcour Island, we learned a different scale.  Sitting at anchor in sheltered Sloop Cove, we could hear the wind howling in the tree tops.  I think I can tell wind speed from that sound with 10 knot accuracy.

Now in the RV park, I'm learning a new scale.  The acorn scale.  You see the park is full of live oak trees.  Yes, those big majestic trees, often with spanish moss or other epiphytic plants. Well, live oak trees have acorns, thousand of acorns. RVs have tin or hard glass roofs.  When a acorn hits the roof it makes a sound like a gunshot.  All day and all night we hear those sounds from all over the park.  Each 24 hours, the lots directly under the trees are covered with about 2 freshly fallen acorns per square foot.  Some neighbors sweep them up every day.  We are not directly under at tree, so we don't have that chore.

Most interesting, when a gust of wind comes along an extra quantity of acorns drop.  I'm still working on calibrating my acorn wind speed scale.