Reliable Security Information
So many Doomsdays

Inundated with weekly national security news on a variety of approaching Doomsdays I've occasionally asked, "Which is it to be?" All of them? One? Some? None? How can you tell from reading the usual public testimony of our experts? The answers: (1) You can't tell; and (2) the future refuses to obey diagnosis.

So last week, taking up the first 130 words of a 1700 word piece on the potential for cyberattack on the power grid, an Asbury Park Press reporter presents standard practice -- what doomsday will look like.

An excerpt:

"Power generators at a plant in New Jersey spin wildly out of control, then grind to a halt.

"Other utilities step in to carry the extra load, but they, too, suffer internal malfunctions. Soon, cascading outages take out the power grid in the eastern half of the country - all carefully timed to happen in the dead of winter. Gas utilities are next ...

"No heat, no running water, no toilets, no phones. Small generators die when fuel quickly runs dry. Hospitals, transportation, the banking system, the telecommunications grid - all down ...

"Former chairman of the Joint Chiefs of Staff Adm. Michael Mullen, who retired in September, said during his tenure that cyberattacks pose an "existential threat" to the United States."

Over the holidays I was a source for the piece. For the phone chat, which lasted long enough, the readers gets:

"Yet not every expert buys the grim scenario of a downed electrical grid."

This is almost progress.

Most of the time such stories don't contain anything but the presentation of a future doomsday and then three or four business interests or government men saying it's all true.

But first, a detour. Which Doomsday will strike the country first?

In the past months there has been news of doomsday from an electromagnetic pulse attack, doomsday from really bad solar weather, financial doomsday from cyberattacks on Wall Street, and doomsday because you can make biological weapons in a high school biology lab.

And yet again this week, this gratuitously idiotic quote on cyberwar, from some random computer publication, delivered by the businessman selling data protection services and consulting:

" 'The consequences of a successful attack against critical infrastructure makes these cost increases look like chump change. It would put people into the Dark Ages', commented Larry Ponemon, chairman of the Ponemon Institute."

The Dark Ages. Sounds pretty bad.

To a person, all the journalists I've spoken with (and there have been lots over the last decade) never step outside their beats to see how regular the warnings about doomsday are in every domain having to do with national security. If they do, these things either don't register or are considered unimportant.

I've come to believe there's a defect in American thinking, one brought about by the conjunction of national paranoia after 9/11 and the fear-based economy. And that defect paralyzes the ability to think critically, to take time to consider the passage of recent history, context and perspective. It can also be said that it's virtually impossible to get someone to look at things a little differently when their job and usefulness to higher ups depends on them always predicting disaster.

It's far easier to just shut up and unquestioningly accept all the arguments presented from authority. The only silver lining, and it's a really thin one, is that reality just often doesn't give a s--- about what's printed in newspapers, shown on tv and emitted in policy documents.

And this is, at the root, fundamentally what the Asbury Park Press news report, a long one for the topic, does. It presents two views but the one that gets the most attention is the implication that electrical grid collapse is probably coming because we're not doing enough about it. And this is the central feature of all future doomsdays. There's never enough attention being paid. We cannot imagine what trouble awaits if the warnings are not heeded now.

For this the reporter commits one sin. But it's one I repeatedly touched upon in interview.

And it has to do with the claim that "cyberintruders" caused power blackouts in foreign cities.

This is the infamous story of the Brazil blackouts and it's important because it's often central to all US national security-stoked stories about the alleged potential for catastrophic attack on the power grid.

Reporter Ken Serrano uses it as one of three examples of infrastructure cyberattack, given to him by James Lewis of the Center for Strategic and International Studies.

It reads:

"A blackout in Brazil - it is hotly contested whether a cyberattack was responsible."

Fair enough. Then the newspaper puts its fingers ever so lightly on the scale.

Two or three paragraphs on Serrano writes:

"In May 2009, President Barack Obama spoke about the risk of cyberattacks.

" 'We count on computer networks to deliver our oil and gas, our power and our water. We rely on them for public transportation and air traffic control,' the president said. 'Yet we know that cyberintruders have probed our electrical grid and that in other countries cyberattacks have plunged entire cities into darkness.' "

Early in his presidency, Obama issued a preliminary cybersecurity strategy and this official statement was part of the news surrounding it.

In making the claim the "other countries cyberattacks have plunged entire cities into darkness" the President was invoking the same Brazil/blackout rumor (it had been started a year earlier) -- made vague with no who, where, when, what and why.

And it was a claim originally presented by a vendor of computer security training at a computer security conference. Perhaps not the best place to gather reliable intelligence.

In any case, one data point to demonstrate an argument cannot be made into two simply by passing it through different sources from authority, even if one of them is the president.

General interest readers are certainly unlikely to know such a thing. And they certainly do not understand nor should they be expected to know the genesis of all the myths and contested claims.

However, it is the journalist's job to tell them. And the newspaper, for this feature, was apprised of the details.

Eventually the "opposing view" is presented.

It's mine, a challenge none of the other sources polled for the story have any good answer for:

" 'If you make extraordinary claims, you need to produce extraordinary proof,' said [George Smith, GlobalSecurity.Org Senior Fellow] who has been writing about national security and technology issues for more than a decade.

"As for a blackout in Brazil in 2007 being caused by a cyberattack, he said, 'It's been debunked. They've never produced any extraordinary proof.' "

Many in our government have become very accustomed to never providing extraordinary proof to back up anything. It is a very bad habit, one that has had horrible results for the country.

And James Lewis, resourced for the story and formerly an employee of the US government, simply goes back to the stock play book to answer the criticism:

"Lewis stands by his sources on the Brazilian blackout, adding that it involved an insider and software manipulation."

Translated: I know it because I have sources.

James Lewis often appears in the news to discuss matters of national cybersecurity and cyberwar. Often what he is reported to say is informative and reasonable.

But for the newspaper this was feeble. Everyone knows the standard abuse -- the government man, or the ex-government man, always has the inside information. Their say trumps everyone else's. QED.

Forever reliant on argument from authority in a country where government, ex-government and business interests aligned with security spending have spent the past decade destroying the legitimacy of such argument.

"Lewis fears that it will take a catastrophe for changes to occur," reads the newspaper. Then, the inevitable mentions of Pearl Harbor and 9/11.

Cybersecurity remains a topic for serious discussion at the national and the grass roots level. And the Asbury Park Press is part of that. However, it's also a topic that is not served by now far too overused appraisals of what's going to happen.

This week has featured no less than three pieces citing Doomsdays and the electrical grid. Two of them are above.

Another goes to print on Sunday in the Boston Globe and is on the web now.

Excerpted, it again contains all the bog standard assertions and scenarios delivered by authority, again demonstrating what I've come to believe is a profound defect in the American national security mind brought on by the melding of US paranoia and a fear-based economy.

From the newspaper (italics and bold, mine):

"A few months back, I made the mistake of falling asleep with the television on, tuned to C-Span. While a torpid House hearing on finance lulled me to sleep, sometime during my REM rebound I found myself in the middle of a Day After-style nightmare. Turns out, I was emerging from my slumber during a forum dominated by EMPact America, a well-funded advocacy group spreading the word about the looming threats of an EMP attack.

"These guys know how to scare the daylights out of you. The most prominent EMP hawk is Newt Gingrich, who peppered some of last year's presidential debates with mini-lectures about the threat. "Without adequate preparation," Gingrich said at one EMP conference, "we would basically lose our civilization in a matter of seconds." There is real science behind the EMP fears, though some energy and national security analysts contend the EMP lobby greatly exaggerates the threat. (It took years to force this concession.)

"Analyst Sue Tierney is far more concerned about cyber threats. No bomb needed - just serious hacking qualifications, and these days it seems everybody knows a gloomy 17-year-old who's got those ...

"Several years ago, Tierney was part of a National Academies task force charged with identifying the grid's vulnerability to terrorists. With the World Trade Center in mind, the task force largely concentrated on trying to anticipate another Al Qaeda-style conventional attack. If Tierney were serving on the task force right now, she says, she would push for even more focus on guarding against cyber threats.

"But the chairman of the task force, Granger Morgan, says that what continues to worry him the most is the havoc that bad guys could cause with relatively little technological savvy. 'If I'm a terrorist, I can shut down the power system in a lot simpler ways than using a valuable nuclear device,' says Morgan, an engineering professor at Carnegie Mellon University and a noted authority on the grid. 'All I need to do is destroy a bunch of major substations.' Despite all the talk about strengthening security after 9/11, he says, 'big transformers continue to sit there on pads out in the open, with only chain-link fences around them.' "

"Any way you look at it, these are real threats that need to be treated seriously."

They always are. Do you think a few stories each week in the national press isn't quite enough? Who has not been exposed to enough seriousness?

Here again: National security experts like grains of sand, each with their version of doomsday. Always working from what they believe to be easy to do, a capability always in the hands, or near to it, of someone.

This post was originally published at Dick Destiny blog. Have something to impart? Send an e-mail to webmaster at dickdestiny dot com.

Subscribe to SitRep: SitRep RSS Feed SitRep ATOM Feed