Cyber Strategy – Different From A Shooting War

Big hack of pretty much everything in Ukraine this morning: internet, power plants, government. I wrote this post before that happened, but it applies.

The Obama administration was in an extremely difficult position after learning about Russian hacking of last year’s election. Several factors came into play: the difficulty of dealing with international cyber attacks, intransigent Republican partisanship, and the decaying relationship with Russia. I’m going to break down those factors into at least two posts.

Cyber attacks present a national security problem different from any encountered before. Lumping them into a designation of “cyberwar” projects assumptions of conventional war onto them and distorts the difficulties and possibilities. I haven’t seen much analysis of these differences and how they affect strategy. Please point me to them, if they exist. Most punditry assumes that cyber attacks can be equated to war, and numerous opinion articles have referred to the Russian hacks as a form of war. In this post, I will consider only that part of last fall’s situation. A later post will consider the political ramifications.

The weapons of war have been physical and obvious. Troops and tanks lining up along a neighbor’s border have a number of characteristics that cyberweapons turn on their heads.

  • The capability and purpose of the military deployment can be inferred within a range. Numbers of tanks and troops can be estimated from readily available satellite photos, leading to estimates of plans and goals. Timing can be kept secret.
  • The military deployment is attributable. There is no doubt which nation put it in place.
  • A military response must be considered. Diplomatic and other responses are also possible.
  • An extensive history can be drawn on for the tactics most likely to be successful.

Now consider hacking another country’s election process. I’m going to keep close to the scenario from last fall’s election, but I will be making general points.

  • Capability and purpose may not be immediately obvious. Depending on the levels of defense, an attack may not even be noticeable.
  • Attribution is difficult and depends on the skill of the attacker and the tools of the defender.
  • Cyber attacks are new enough that conventions on responses have not been developed. Does a theft of data justify a physical response? Diplomatic warnings may reveal to the attacker which systems are vulnerable, and by how much. A cyber response, particularly a damaging one, must be sure of attribution. What is the equivalency of cyber damage and physical damage?
  • Capabilities for attacks and defenses change constantly. The attacker must expect that they won’t be able to use the same attack against the same target twice because using it gives up information that can be used to block it the next time. Preliminary probes to determine what kind of weapon to use may give away the intention of an attack so that the defender can harden defenses.

The differences are so profound that calling cyberattacks “war” damages our ability to think through a strategy to deal with them.

Are cyber attacks a national security concern? Yes.

Do we need to defend against them? Yes.

Should we retaliate? Yes. Retaliation should be timely, but it may take time to attribute a cyber attack. It should be proportional, but we have not figured out the proportionality of cyber damage to real-world damage. The theft of voter information? Damaging voter rolls? Slowing down electrical service without damaging equipment? A DDOS attack on government websites? When does a shooting war begin? All of which is complicated by the possibility that the damage is not fully understood.

One method of retaliation is to expose the activity and what is known about the attacker. This can undermine an operation that requires secrecy and bring down a variety of penalties on the attacker, ranging upt to sanctions. But exposure of the activity can also give credit and credibility to the attacker while exposing the methods used to identify the attacker and perhaps which systems were vulnerable.

Similarly, there have been calls to deter further Russian cyber attacks. Deterrence is the threat that if you do X, we will do Y. Again, proportionality is desirable. Threatening a particular outcome can reveal a cyber capability that would be more effective if kept secret. And if you don’t know the opposition’s defenses, you may not be able to credibly threaten.

This is a quick overview of what I see as major differences associated with the characteristics of cyber attacks. All of this likely went into the Obama administration’s thinking on how to respond to last fall’s Russian cyber campaign against the American election. The decisions they made can’t be evaluated without taking these characteristics into account. The politics of dealing with the situation shortly before a presidential election further complicated those decisions. I’ll examine the politics in the next post.

 

I just found an article that addresses, in a more academic way, the points I’ve made above. I have access only to the abstract, but there seem to be parallels with what I’ve said.

 

Cross-posted at Nuclear Diner.

 

166 replies
  1. 1

    […] Cross-posted at Balloon Juice. […]

  2. 2
    The Moar You Know says:

    With regards to deterrence and retaliation: I am fully in agreement that such is needed. NOW.

    However, from what I’ve seen on my end, we are not even close to having the capability to respond with the same level and sophistication. Or even make a good try of doing so. In other words, there’s a “hacker gap”, or other words again, we’re not good at this.

    The Russians, at the moment, are the best in the world at it. China, Israel, Iran, France…all quite good. America – we are not. Other countries hire their best hackers, we jail ours. Other nations recruit the best and brightest and train them. We let them sit in school, bored. They started training up twenty years ago, we did nothing. I could go on, but as a guy who’s been doing cybersecurity for a while, I see zero chance of this ending well for America.

  3. 3
    Laura says:

    So the big story on the election hacking is President Obama’s waffling. Why the hell is the fact that McConnell was also made aware and threatened the President that he’d call it interference if he went public?

    Why would we be able to respond or retaliate or deter when the Congressional “leadership” picks and chooses which threats get a response? Harrumph!

    I hope that you address this in the pending post.

  4. 4
    O. Felix Culpa says:

    Thoughtful article. I hope our intelligence and military strategists are doing this kind of analysis too. Thanks.

  5. 5
    nightranger says:

    I don’t know why the Europe is just sitting back and letting Russia do this. Clearly Russia has declared cyberwar with the west. Treat it like a war. Cut all internet connections with Russia. Yea they will find some ways around it but it’s still going to hobble their abilities severely. Not to mention their ability to do legitimate business.

    I don’t know why there is still this mindset that Russia should be treated normally while it’s obvious they are at cyberwar with the west.

  6. 6
    JPL says:

    @The Moar You Know: Well that’s encouraging! According to the Post article, the previous president did set a group to develop a system to punish Russia. Trump can stop it though, but hasn’t appeared to do so. My read on that is Trump didn’t know about it, and will now stop it. Russia is our friend.
    I’m surprised that Tillerson hasn’t released a statement about the attack on Ukraine.

  7. 7
    nightranger says:

    Since Russia has obviously declared cyberwar on the west treat it as such. Europe should cut all internet connections with Russia. They can find ways around it but will still severely hobble their abilities.

    Will be a major disruption to legitimate businesses as well but that is how war works and Russia should be shown that there are consequences. Right now Russia is doing this because there are no negative consequences to them.

    Putin is a proven killer of anyone who critisizes him. He should have been delegitimized by the west a long time ago. The fact the west has tried to continue to treat him as a legitimate leader despite all his shenanigans has only emboldened him.

  8. 8
    The Moar You Know says:

    Well that’s encouraging!

    @JPL: From where I sit it’s utterly terrifying. We are not ready for this, not even close.

  9. 9
    gene108 says:

    @Laura:

    McConnelll getting a pass is the power of the right-wing media at work, along with Trump’s tweets, to set the overall narrative.

  10. 10
    Cheryl Rofer says:

    @The Moar You Know: The problem is that so much of this is classified. We simply don’t know. So I can’t agree with your analysis.

    @Laura: Yes, that’s coming. I plan to look at possible paths forward for Obama. There’s no doubt that McConnell’s response made things more difficult.

    @O. Felix Culpa: I keep hoping that too. I see little evidence of it, but it would likely be classified.

    @JPL:

    I’m surprised that Tillerson hasn’t released a statement about the attack on Ukraine.

    I love the early morning humor at Balloon Juice.

  11. 11
    MattF says:

    One thing to note is that counter-cyber itself raises various new sets of security issues. E.g., all the remedial or retaliatory stuff– encryption, zero-day hacks, large-scale backup and restoration, engineering of robust systems, all have their own strengths and weaknesses.

  12. 12
    Citizen_X says:

    One method of retaliation is to expose the activity and what is known about the attacker.

    One other weakness of this approach, that we can see today, is that certain political blocs will deny or not care about the evidence as long as the attack helps them.

  13. 13
    Emma says:

    Cheryl, I sent you an email through the BJ link.

  14. 14
    Another Scott says:

    @Laura: I suspect, but don’t know, that Obama’s thinking was very much along the lines of what Rosenstein said (requoted) in a recent NPR piece:

    Last year, Rosenstein told NPR the advice he gives younger lawyers.

    “That the most important part of their job is to protect the brand,” he said.
    “You know, it’s important to win cases, it’s important to solve crimes, but it’s more important that we maintain public confidence in the Department of Justice.

    Protecting the brand has gotten a lot more difficult. The Trump administration has shaken the foundations of federal law enforcement.

    He’s right, but I would have expressed it differently. If people lose confidence in their institutions, then all bets are off. Societies begin to crumble.

    Everything about protecting the norms of our national government has gotten more difficult since Donnie rode that escalator down that fateful late spring day….

    Could Obama have done more than was described to the public? Maybe. But the information was out there – and too many people only saw it through the lenses of a political horse race. I’m not sure what else he could have done that would have made a positive difference in the election and there were huge downside risks.

    Remember Donnie was screaming for months on end that “the election is rigged”??

    FWIW.

    Cheers,
    Scott.

  15. 15
    Gin & Tonic says:

    Indications are that today’s cyberattack was not solely (or perhaps not specifically) against Ukraine, but rather a more general ransomware event.

    Coincidentally, or not, depending on your tinfoil-hat level, a senior officer in Ukraine’s military intelligence service was killed by a car bomb this morning in Kyiv.

  16. 16
    Laura says:

    @gene108: Gene, that’s what I was thinking as I was typing, and can’t ever get over the grimpen mire that is the state of the media since the Fairness Doctrine was scuttled and the concentration of ownership commenced.

    Naked Capitalism covered many incidences over the last summer where fiber optic choke points were tampered with -though with no service disruptions. The supposition was that serious surveillance of the grid was being conducted and that trouble was/is coming.

    Again, eager for Cheryl’s next illuminating post.

  17. 17
    Ohio Mom says:

    Somewhat OT, but remember all the panic about Y2k? Was obviously ridiculous but I knew people who stockpiled food and pulled cash out of their bank accounts.

    Somehow, I’m not expecting this very real incident to send any of them back to Costco for canned goods or to the ATM for a big withdrawal.

  18. 18
    Chris says:

    @The Moar You Know:

    You’d think a country as neurotically obsessed with national security issues as the U.S. would’ve jumped on this long before anyone else.

    Maybe there’s just not enough money in it? At least when compared with building F-35s and invading oil-rich countries…

  19. 19

    @Laura: Is that Yves Smith’s site? She is a loon.

  20. 20
    Another Scott says:

    It looks like Seattle is trying to take out Toronto if you believe this map… :-/

    It’s hard to know what’s going on with these cyber attacks. As you say, there are so many unknowns that “war” is a bad term to describe them.

    The RWNJs go overboard with it, but I do think that we should remember that “letters of marque and reprisal” are in the Constitution and thinking about ways of conducting “politics by other means” other than throwing bombs and bootsonaground is probably worthwhile.

    Cheers,
    Scott.

  21. 21
    NCSteve says:

    @The Moar You Know: historically, “gaps” in American and Russian capabilities have been a matter of perception resulting from Russians hyping, and often overhyping, their capabilities and America keeping its capabilities secret. Maybe not this time, but could be.

    The real problem, I suspect, isn’t lack of capability, but a failure of deterrence because both sides know that we have the most to lose if things escalate to cyber-Armageddon.

  22. 22
    Viva BrisVegas says:

    @Chris:

    Maybe there’s just not enough money in it?

    I would have thought that it was easier money. You don’t need to produce any hardware at the end and you can claim the product works at least until it doesn’t. It’s like tiger repellent, you only know it doesn’t work when a tiger turns up.

  23. 23
    Gin & Tonic says:

    @Ohio Mom:

    Somewhat OT, but remember all the panic about Y2k? Was obviously ridiculous

    Some of it may have been ridiculous, but one of the reasons people remember it as a “ho-hum” event is that an awful lot of people spent an awful lot of time and effort remediating actual issues before the date.

  24. 24
    Gin & Tonic says:

    @schrodingers_cat: Yes and yes.

  25. 25
    trollhattan says:

    @nightranger:
    Doesn’t Russia play the natural gas card whenever they’re miffed at Europe? That dependency gives them some de facto leverage.

  26. 26
    NCSteve says:

    @Ohio Mom: It was only “obviously ridiculous” to people with no IT background. All of the IT people I knew were terrified through most of late 98 to mid-99. It was only because of the doomsayers and public awareness that corporate America finally took the problem seriously enough to allocate resources to a huge, expensive project with no net return.

    Fear of liability once the risk became public finally led to vast resources being thrown at it as the last possible minute. And it was only due to the efforts of an army of unsung code heroes that catastrophe was avoided. They just barely got done in time.

  27. 27

    @Gin & Tonic: At this point I think the purity left ( BS supporters, Jill Stein, Nation, blogs like Smith’s) is as compromised by Russian shenanigans and as susceptible to Putin’s machinations as the far right. The far left may be true believers and not in it for the money (I can only speculate about their motivation) but the end result* is the same.

    * Being antagonistic towards the Democratic party and its policies.

  28. 28
    MomSense says:

    @Laura:

    Not only did McConnell threaten to go public and present it as Obama trying to sway the election to Hillary, it turns out he wrote a letter to states saying not to let the federal government interfere in the hacking of election systems. I learned this from an interview Joy Reid did with Evan McMullin.

    WTF. McConnell discouraged states from letting FBI help them???

  29. 29
    Booger says:

    How many top-quality potential cyberdefenders have slipped through the FBI’s fingers because they smoked some weed and didn’t want to wear a white shirt, tie and dark suit? It might be nice to have someone like Aaron Swartz on our side, but that’s not how our government thinks.

  30. 30
    cmorenc says:

    @JPL:

    I’m surprised that Tillerson hasn’t released a statement about the attack on Ukraine.

    Keep in mind that the foremost purpose of the incoming Trump administration in selecting Tillerson as Secretary of State was his skillset and connections in negotiating favorable access by US petrochemical companies to Russian hydrocarbon resources in the Russian Arctic region. Tillerson getting anything approaching a usefully hard stance wrt Russia’s aggressive campaign against the Ukraine, beyond showing a concerned furrowed brow, would undermine this original key objective of the Trump Administration.

  31. 31
    Peale says:

    @trollhattan: And of course, right now, a major alternative supplier of Natural Gas is being beset by a blockade by our “allies” in the Gulf.

  32. 32
    low-tech cyclist says:

    @nightranger:

    Europe should cut all internet connections with Russia.

    Exactly how would that work? ‘The Internet’ doesn’t have a set of dedicated cables; it flows over multipurpose communications lines.

  33. 33
    Cheryl Rofer says:

    @trollhattan: Europe has been working to lessen Russia’s natural gas leverage over them. So Russia needs cyber attacks.

  34. 34
    piratedan says:

    @MomSense: that’s why I think that the entire GOP is going down once all of this shite sees the light of day… naturally, the hard part is getting it exposed to the light of day. The most difficult hurdle is going to be the fourth estate and their supposed idea that they themselves are above borders and that borders don;t matter to them, and whether they’ll actually own up to the idea that they’ve been played and manipulated just as deeply as the GOP has to the benefit of a relative few.

    In short, GOP leadership has been in cahoots with Putin as a way to try and achieve power with the thought that they can keep the party in power perpetually… remains to be seen if they think that they can control American institutions that way, but you’re already seeing it in the way that they’re handling the fourth estate now.

  35. 35

    @piratedan: Don’t expect the media conglomerates to save us.

  36. 36
    Peale says:

    So in the event of a major cyber attack, do we need a Balloon Juice check in system? Chain letters maybe? Or is that too much like threaded comments.

  37. 37
    Booger says:

    @low-tech cyclist: Yes, this. It’s like saying we should stop rain from getting to the sea.

  38. 38
    The Moar You Know says:

    You’d think a country as neurotically obsessed with national security issues as the U.S. would’ve jumped on this long before anyone else.

    @Chris: We’re a nation that despises smart people and expertise. I expect nothing to taken seriously in the cybersecurity arena until the day when all of America wakes up and finds nothing but zeroes in their bank accounts.

  39. 39
    jeffreyw says:

    @Peale:
    I’ll leave my porch light on.

  40. 40
    Amir Khalid says:

    @Ohio Mom:
    The Y2K issue was a real thing, for people who had to keep infrastructure going and records from being corrupted, but I do agree that there was a lot Y2K-inspired silliness.

  41. 41
    MomSense says:

    @piratedan:

    After that article (Bloomberg?) about the Russians gathering information/kompromat on 2,300 high level military, government, and media figures I decided that my hunch about the kompromat and collusion having spread quite deeply was not as paranoid as I feared. And I keep going back to a comment Clapper made to Chuck Todd that contrary to what Todd assumed about the Obama administration trying to disseminate intelligence, they were actually trying to bury it and protect it. That gave me the chills. Apparently some intelligence officials gave the Democratic members of the gang of eight lists with the identification numbers of classified documents (not the docs themselves) so they would have a way of verifying that documents weren’t being buried. That combined with Comey saying that he intentionally wrote his memos in unclassified form so they could be released to the public says to me that high level officials are worried and trying to prevent a massive cover up.

    It really does feel like a battle is being waged all around us.

  42. 42
    MattF says:

    @low-tech cyclist: Right. A basic design principle of TCP/IP is to drive around any obstacle in communication between point A and point B.

  43. 43
    Cheryl Rofer says:

    Rosneft, the Russian state oil company, now says it’s been hit by a cyber attack.

  44. 44
    The Moar You Know says:

    How many top-quality potential cyberdefenders have slipped through the FBI’s fingers because they smoked some weed and didn’t want to wear a white shirt, tie and dark suit?

    @Booger: This is my main complaint with how America has responded, or to be more accurate utterly failed to respond, to cyber threats. We don’t take it seriously. And it will take a 9/11 type event before we even start doing so. And at that point we’ll be starting at least twenty years behind the competition.

  45. 45
    Bobby Thomson says:

    OT: CNN caved to litigation threats from Trump’s finance chair and fired three journalists who reported on his corruption.

    Free press my ass.

  46. 46
    MomSense says:

    @jeffreyw: @Peale:

    We could all fly green balloons next to our front doors or how about colanders?

  47. 47
    Cheryl Rofer says:

    Also, too: I doubt that it’s a cyber attack, but my internet is going on and off. More likely that my modem is dying.

  48. 48
    Cermet says:

    While certainly not “war” in any classical definition, still a real attack that if used against critical infrastructure will cause deaths – so, in some respects, identical to war. As such, we should economically devastate the russian financial system both via cyber attacks and standard methods causing them severe economic damage until they agree to a treaty banning/preventing such non-conventional warfare.

  49. 49
    MomSense says:

    @Cheryl Rofer:

    Yeah I saw that. Fuck.

  50. 50
    Cermet says:

    @The Moar You Know: You mean they all have a girlfriend like I do … .

  51. 51
    Cheryl Rofer says:

    @Cheryl Rofer: Sounding more like the telephone lines now. But I may be on and off for a while.

  52. 52
    rikyrah says:

    @Laura:

    So the big story on the election hacking is President Obama’s waffling. Why the hell is the fact that McConnell was also made aware and threatened the President that he’d call it interference if he went public?

    I call it TREASON

  53. 53
    Mnemosyne says:

    @NCSteve:

    I was working for the director of IT for UCLA Medical Center at the time and spent my New Year’s Eve 1999 inside the medical center waiting to see if everything the team had been doing for the previous two years would work. Fortunately, it did.

    The media whipped up a lot of unnecessary hysteria, but there was a genuine problem that had to be addressed.

  54. 54
    trollhattan says:

    @Cheryl Rofer:
    Are they importing more LNG, bringing in pipelines from elsewhere, converting to non-fossil sources, all of the above? Russia has enjoyed the NG lever for a long while and it’s nice to think it’s waning in influence over time.

  55. 55
    Cermet says:

    @Mnemosyne: Hysteria can be a extremely valuable thing; a huge danger like AGW isn’t taken seriously because 1) it is so slow the frog doesn’t realize it is being cooked 2) our brains simply aren’t wired to handle such dangers 3) the moneyed elite have trillions of dollars invested in underground carbon so will pay and pay for lies. Combined, these factors prevent a very deadly threat from being taken serious – we need some hysteria even if it is real and frankly, not over-hyped yet is so terrible people should be treating this danger in that exact manner.

  56. 56
    sharl says:

    @Peale:

    And of course, right now, a major alternative supplier of Natural Gas is being beset by a blockade by our “allies” in the Gulf.

    Just yesterday I saw that the blockade of Qatar is likely to cause disruption in worldwide supplies (and pricing) of helium. Helium is a byproduct of natural gas extraction/processing. Along with Iran, Qatar is the world’s second largest supplier of helium (the U.S. currently ranks first).

    In addition to its use in filling party balloons, a lot of us in areas of science, technology, and engineering have long relied* on helium for a lot of stuff we do, and periodic concerns about reliable helium supplies have caused worry before.

    *For some tasks hydrogen may serve as an acceptable substitute, if one can deal with the major hazard of hydrogen use (VERY flammable).

  57. 57
    OzarkHillbilly says:

    @schrodingers_cat: Divide and conquer, a strategy as old as man.

  58. 58
    piratedan says:

    @schrodingers_cat: I don’t, I expect it’ll be Mueller and the Senate Investigation that finally forces those GOP folks that have a modicum of conscience and ethics to act.

  59. 59
    Cheryl Rofer says:

    @trollhattan: All of the above. Although the move away from nuclear is in the opposite direction. OTOH, Lithuania just put in a port for LNG to diversify its sources.

  60. 60
    JPL says:

    @rikyrah: That’s the liberal MSM, for ya.

  61. 61
    Amir Khalid says:

    @Cermet:
    If our brains are not wired to process the danger of anthropogenic global warming, as you say, then why do a majority of people the world over believe that it is indeed a danger? Me, I think it’s more a conflict between the short-term interest of the rich, powerful, and selfish versus the rest of us.

  62. 62
    Lurking Canadian says:

    No need to shoot back with bombs & guns. You have asset forfeiture laws that are “guilty until proven innocent”.

    The Feds should just start seizing assets belonging to rich Russians and let them prove they weren’t ill-gotten. Since (as I understand it) the only way to be a rich Russian is to be in cahoots with Putin, that should get his attention.

  63. 63
    Neldob says:

    Where can I read about McConnell’s bad acting concerning election hacking? and, yeah, the fairness doctrine needs a comeback. Raygun’s demented idea to cement Repub’s control is destroying our democracy. Maybe that was the plan.

  64. 64
    SiubhanDuinne says:

    @MomSense:

    We could all fly green balloons

    Not according to @sharl:

    Just yesterday I saw that the blockade of Qatar is likely to cause disruption in worldwide supplies (and pricing) of helium.

    😉

  65. 65
    MomSense says:

    @SiubhanDuinne:

    Colanders it is!

  66. 66
    Snoopy says:

    One of the reasons the Russian government has good hackers is because, if you’re a good hacker in Russia, your choices are working for:
    1. The FSB (KGB)
    2. JetBrains
    3. Kaspersky Labs
    4. …nothing else?

    In the US, I don’t even have space to list all the opportunities. On the other hand, The US has twice the population, so naively, we’re starting from twice the talent base.

    Of course, it’s not naive. Russia is bordering on being a third-world country, and heading downhill. How many talented Russian hackers were waylaid by vodka, or mis-steps with protests…or malnutrition?

    The US is far and away the leader in cyber-talent. The reason you don’t hear about our operations is that we’re too good to talk about them. The reason your *do* hear about Russia’s is that the only thing they can do is talk about them. Taking down Ukraine? Please…

  67. 67
    FlipYrWhig says:

    @MomSense: It is long past time to make McConnell into an infamous political villain. If Republicans can win close elections by saying “booga booga Nancy Pelosi,” there’s no reason not to make McConnell’s gross face the face of that party: creepy, scheming, unethical, grasping, power-drunk, and traitorous.

  68. 68
    Another Scott says:

    @Cheryl Rofer: Our cable internet connection would get wonky when it was really hot outside. Or after a rain. If the weather is unusual where you are, you might have problems with the wiring outside your home.

    It’s often pulling teeth to get the companies to fix things like that, but you might ask them to check anyway. Your modem is likely fine (electronics usually are the last thing to fail).

    Good luck!

    Cheers,
    Scott.

  69. 69
    Gretchen says:

    @Booger: Our government runs a cyber security PhD program. I know several really bright young people who went through it and now do cyber security for the government. Before the FBI interviews qualifying for entry, they are told that it’s ok to have smoked weed, but it’s not ok to lie to the FBI about it. I wonder if the govt isn’t downplaying its capabilities for security reasons.

  70. 70
    Cheryl Rofer says:

    @Another Scott: Same here with the weather. And yes, the telephone company will swear up and down that they have no problems, although just now I could hardly hear over the static. I bought a new modem a while back, when it really did seem to be my modem that was going out. But then it perked up. Today is slow, and people tell me that the new modem probably has better security, so I think that will be one of today’s projects.

  71. 71
    catclub says:

    @nightranger:

    Europe should cut all internet connections with Russia.

    You do know how much of Europe’s natural gas heat comes from Russia, yes?

  72. 72
    SiubhanDuinne says:

    @MomSense:

    :-D

  73. 73
    Origuy says:

    @Gin & Tonic:

    Some of it may have been ridiculous, but one of the reasons people remember it as a “ho-hum” event is that an awful lot of people spent an awful lot of time and effort remediating actual issues before the date.

    This. I think the reason a lot of people in the industry were concerned was that, while they knew a lot of work had been done, they had no way of knowing what hadn’t. I worked for Compaq at the time. They spent a lot of money renting big generators to keep our facility running. I slept in the office December 30 and carried a pager December 31.

  74. 74
    JGabriel says:

    @NCSteve:

    The real problem, I suspect, isn’t lack of capability, but a failure of deterrence because both sides know that we have the most to lose if things escalate to cyber-Armageddon.

    Exactly. Along the same line, I’m wondering: How the hell does an actual democracy retaliate against election interference by a hostile foreign power whose own elections are essentially Potemkin polls – i.e., just there for show?

    Putin is going to win Russia’s elections, no matter how many results he has to fake. The only possible responses would appear to be sanctions (hurt Putin in the wallet), orchestrating a way to get his own country to jail him or revolt against him (unlikely), or assassination (which would probably lead to all out war).

  75. 75
    joel hanes says:

    @Ohio Mom:

    remember all the panic about Y2k? Was obviously ridiculous

    I’m a computer engineer. I built mainframes for a dozen years.
    Then I spent twenty-five years building set-tops and and mobile electronics.

    There was nothing ridiculous about Y2K, and without two years of concentrated effort by various embedded-systems people, we’d have experienced widespread systems failure in control systems. My mom was on the board of a large regulated utility at the time, and she said that what they found in their audit seriously frightened them.

  76. 76
    catclub says:

    @MomSense:

    WTF. McConnell discouraged states from letting FBI help them???

    Technically, it was Jeh Johnson at Homeland security that wanted to declare election systems national treasures or somesuch, in order to emphasize their protection. many states rejected the suggestion.

  77. 77
    StringOnAStick says:

    @Snoopy: A lot of Russian programmers left Russia and work on Wall Street, doing the programming that turned the stock market into mostly about machine-based trading algorithms that are on the millisecond scale, basically sucking the life force out of the market for buy and hold investors. I recall in the following book how the Russians had a total “fuck your system, let’s bleed it dry” attitude: https://www.amazon.com/Flash-Boys-Wall-Street-Revolt/dp/0393351599/ref=pd_sim_14_2?_encoding=UTF8&pd_rd_i=0393351599&pd_rd_r=Z07M08G03VTWRABY3M73&pd_rd_w=lfBpk&pd_rd_wg=33aEO&psc=1&refRID=Z07M08G03VTWRABY3M73

    I’m sure those Russian coders who are working on Wall Street are making more than Putin would ever pay them, and with significantly less risk of turning up crushed by a bathtub. Like Adam says, penetration at all levels.

  78. 78
    Ryan says:

    I don’t know if it’s proportional, and certainly Trump would never sign off on it, but it’d sure be funny if a certain strongman with his own hacker network were to lose an election that everybody expected him to win.

  79. 79
    stinger says:

    @Gin & Tonic: Thank you for this. At the time, I was working for a power company, and we joined in a national effort to make sure there were no consequences (in the energy industry) from computers programmed to read dates as six-digit numbers treating January 1, 2000 as January 1, 1900. There MIGHT have been consequences. For example (different industry example), I had no money in any bank account anywhere on 010100, if that referred to 01/01/1900. That could have hurt!

    [also NCSteve @25]

  80. 80
    liberal says:

    @Cermet:

    As such, we should economically devastate the russian financial system both via cyber attacks and standard methods causing them severe economic damage until they agree to a treaty banning/preventing such non-conventional warfare.

    LOL. You’re high on crack. The US would never agree to such a treaty, and it’s highly unlikely in the extreme that the US hasn’t used such methods itself on states it regards as hostile.

  81. 81
    tobie says:

    @MomSense:

    it turns out he wrote a letter to states saying not to let the federal government interfere in the hacking of election systems. I learned this from an interview Joy Reid did with Evan McMullin.

    Has this letter ever been made public? I would assume that enough copies were circulated that someone must have held on to it. If so, it needs to be broadcast right now. The rot runs deep. And no one in the Senate looks more rotten than Yertle.

  82. 82
    liberal says:

    @joel hanes:

    There was nothing ridiculous about Y2K…

    Yes there was. Some of the estimates being floated as to the cost of fixing it were simply absurd. That doesn’t mean nothing important needed fixing, of course.

  83. 83

    Did any other Y2K vets come across software that failed to recognize the year 2000 was supposed to be a leap year?

  84. 84
    SiubhanDuinne says:

    O/T, (via NPR) the Redstone Arsenal is on lockdown. Active shooter situation. No details.

    ETA: http://www.al.com/news/huntsvi.....ted_o.html

  85. 85
    liberal says:

    @StringOnAStick:

    A lot of Russian programmers left Russia and work on Wall Street, doing the programming that turned the stock market into mostly about machine-based trading algorithms that are on the millisecond scale, basically sucking the life force out of the market for buy and hold investors.

    How does high-frequency trading harm buy-and-hold investors? I mean, I think it’s evil, AFAICT it’s a form of front-running (especially this BS where they get info by putting out feelers and then canceling the orders), but agents who trade infrequently aren’t really harmed.

  86. 86
    Immanentize says:

    I see a bunch of people are concerned that we don’t have the capacity to strike back in-kind against the Russians. I think this is way more an issue of covert desires and secrecy. Think Stuxnet. That is a worm we developed in the mid naught-ies which was discovered in the dawn of this decade. We (with the Israelis) developed a hugely damaging piece of malware that was able to physically disrupt nuclear processing centrifuges in Iran. Also, the release of the NSA information earlier this year regarding (older) tools to use to enter an disrupt suggests we are totally on top of this issue. Didn’t Obama promise reprisals that would be known only to the Russians to suggest our capabilities? I have no worries about the US capacity to wreak amazing harm in a cyber context.

    I do worry about how or even whether we will use our tools wisely with our current administration

  87. 87
    Gin & Tonic says:

    @Snoopy:

    if you’re a good hacker in Russia, your choices are working for:

    You don’t work in IT, do you?

  88. 88
    Immanentize says:

    @MomSense: Such a letter must be discoverable….

  89. 89
    thalarctosMaritimus says:

    @Gin & Tonic: This. Thank you.

  90. 90
    MomSense says:

    @Immanentize:

    I’m sure it is. I only know about it from McMullin’s interview over the weekend.

  91. 91
    Cermet says:

    @liberal: So, your crack addition is showing up in BJ, now? You really need to get out of that basement – yes, the US has a vested interest in remaining free to use such cyber-warfare and that would remain even after any such treaty; note our use of mines, cluster bombs and many other weapons the rest of the world outlaws. As the 800 lbs gorilla, we can force treaties even upon the russian – if we hurt them enough.

  92. 92
  93. 93
    nightranger says:

    @low-tech cyclist:

    Thanks for pointing that out cap’tn obvious. When I say cut I am obviously not talking about it like it’s just one connection. Cut everything in all countries bordering Russia. In the case of any routes that go through China where China would not willingly participate, they can block IP’s and use deep packet inspection. Can never 100% block everything but can certainly give them major headaches. Also would be easier to track what little remaining traffic would trickle out of Russia.

  94. 94
    nightranger says:

    @catclub: Russian natural gas goes mostly via Ukraine. They have already cut that supply a few times. Also tried to hold Europe hostage on pricing awhile ago. Since then Europe has been moving away from using them for awhile. A lot of countries import LNG now in addition to increased use of renewables. It is their achilles heel.

    It is not in Russia’s best interests to cut that supply anyways. Most of Russian wealth is generated from energy exports.

  95. 95
    Gin & Tonic says:

    @nightranger: You don’t know how the Internet works, do you?

  96. 96
    frosty says:

    @Neldob: I’ve been skeptical about how useful a renewed Fairness Doctine would be since it only covers the publicly regulated airwaves and not private cable, so no effect on Fox News. Then the lighbulb went on: AM hate radio. Maybe more pernicious and widespread than Fox, but subject to the FD. It would be worth the effort to put a lid on Limbaugh and his cohorts.

  97. 97
    randy khan says:

    @Gretchen:

    Before the FBI interviews qualifying for entry, they are told that it’s ok to have smoked weed, but it’s not ok to lie to the FBI about it.

    The Justice Department adopted a similar standard for lawyers more than 20 years ago when it became impossible to hire enough good lawyers who hadn’t smoked pot in college.

  98. 98
    StringOnAStick says:

    @liberal: Bullshit they aren’t harmed. High frequency trading is a giant suck of profit out of the system and distorts the market; obviously that impacts all others involved. If you can’t see that, then there is no point even communicating with you.

  99. 99
    randy khan says:

    @liberal:

    Estimates of the actual cost to fix the Y2K bug are in the $400 to $600 billion range, with $100 billion of it in the U.S. I don’t recall what people said it would cost beforehand, but it was pretty expensive to fix. Even then, there were quite a few people who weren’t sure that everything was fixed – a bunch of federal agencies had people sitting in their offices on December 31, waiting to see what would happen at midnight.

    And a fair amount of effort went into fixing software being sold into the marketplace in the years leading up to Y2K. Nobody counts those costs, but they were significant.

  100. 100
    Stan says:

    @The Moar You Know:

    The Russians, at the moment, are the best in the world at it. China, Israel, Iran, France…all quite good. America – we are not. Other countries hire their best hackers, we jail ours. Other nations recruit the best and brightest and train them. We let them sit in school, bored. They started training up twenty years ago, we did nothing.

    This is pretty much what the Nazis said about our armed forces just before we kicked their asses.

    Even if we are behind right now, (and I don’t know that, but….) one thing Americans excel at is learning and innovation. We could get better faster than they ever will. We can learn faster, innovate better, and decide faster.

    That all presumes that we decide to do this.

  101. 101
    rikyrah says:

    Republican rhetoric on the uninsured descends into incoherence
    06/27/17 11:05 AM—UPDATED 06/27/17 11:24 AM
    By Steve Benen
    Republicans have plenty of criticisms for the Affordable Care Act, and some of their points are more credible than others, but of all the arguments GOP officials are pushing aggressively, I think we’ve identified the worst.

    Yesterday afternoon, for example, Donald Trump’s White House published a curious tweet:

    FACT: when #Obamacare was signed, CBO estimated that 23M would be covered in 2017. They were off by 100%. Only 10.3M people are covered.

    I realize the White House’s communications office is struggling right now – the communications director recently quit after a few months on the job, and no one wants to replace him – but someone over there probably should’ve read this before publishing it. If the Congressional Budget Office projected that the ACA would cover 23 million Americans, and the CBO was “off by 100%,” that means it would’ve been off by 23 million – because 100% of 23 million is 23 million. According to the White House’s own message, that’s not what happened.

    ………………………

    Yes, in reality, the Congressional Budget Office has found that under the Affordable Care Act, there are still 28 million uninsured Americans. If Team Trump and John Cornyn believe that number is too high, then we’re all on the same page.

    Of course, that number would be much lower if Republican governors had adopted Medicaid expansion through the ACA – in other words, the 28 million figure is partly a failure of GOP governance, not “Obamacare” as a model – but federal officials can’t force those state officials to do the right thing.

    The Congressional Budget Office also found, however, that the Republican alternative to the ACA would make this problem vastly worse, forcing 22 million Americans into the ranks of the uninsured.

  102. 102
    nightranger says:

    @Gin & Tonic: lol. If you only knew. So you want to start talking about how the different types of packets can be separated now? Do you think I literally mean “cut” and that I think Telco engineers do everything with wirecutters and patch cables?

    Please continue random internet person who probably saw a documentary about it once.

  103. 103
    trollhattan says:

    @frosty:
    The Fairness Doctrine would be a nice thing to revisit but far greater problems stem from eliminating ownership limits, which has graced us with Sinclair, Clear Channel, et al. That ruined radio and local/regional television.

  104. 104
    Stan says:

    @Ohio Mom:

    remember all the panic about Y2k? Was obviously ridiculous

    “panic” is always ridiculous regardless of the issue. However, the remediation work that went into preventing Y2K disasters……was successful in preventing Y2K disasters.

  105. 105
    Kathleen says:

    @Cheryl Rofer: Could it be inside wire? If Telco ok from. its Central Office to the drop box. it could be from drop box to your modem. Inside wite is pain in the ass.

    That scenario. can also apply if phon is over internet cable.

  106. 106
    Stan says:

    @NCSteve: T

    he real problem, I suspect, isn’t lack of capability, but a failure of deterrence because both sides know that we have the most to lose if things escalate to cyber-Armageddon.

    Bingo. Imagine both countries going for a week without a functioning internet. Who gets hurt the most? Obviously we do.

    But that realization simply points to another basic principle, which is: don’t accept the enemy’s definition of the battlefield. The response to cyber attack need not be cyber counterattack. It could be something completely different/asymmetrical. And depending on how we want to play it, something that is equally deniable in public.

  107. 107
    Technocrat says:

    @randy khan:

    Part of the reason why it was so expensive was that the ‘”all hands on deck” attitude bypassed a lot of normal cost controls. I had friends that were billing at *triple* their normal rate.

    Unfortunately, I was salaried at the time, so I just forgot what my wife and kid looked like.

  108. 108
    NoraLenderbee says:

    @nightranger: You used the word “cut” multiple times. That makes you sound like you think the Internet is a telephone line. If “cut” is not what you meant, how do you expect us to know?

  109. 109
    Cheryl Rofer says:

    @Kathleen: My best guess is it’s the telephone company lines. Will let it ride for a day or so before I start bugging them.

  110. 110
    Gin & Tonic says:

    @nightranger: Since I don’t recall seeing you around here stating your qualifications, all I will say is “please proceed.”

  111. 111
    Jack the Second says:

    From a defensive standpoint, I would also keep in mind the heterogeneity of the United States – basically everything in the United States is different; different companies use different software, different states use different software, heck, each branch of the federal government and branch of the military is pretty stand-alone.

    This diversity means that, while we have a lot of vulnerable pieces, here and there, most things are vulnerable in different ways. This means that you can’t find a single exploit to take down everything from Wall Street to the water supply; you need to find thousands of exploits and match them up to each vulnerable system. This is not to say you can’t cause problems, but you will be breaking individual pieces of our industry & technology in a regional subset of our country. That’s bad, but not really that bad. It might not even be particularly noticeable amid the background of one airline or another’s booking system going down.

  112. 112
    TenguPhule says:

    One method of retaliation is to expose the activity and what is known about the attacker.

    Another is to make those hackers living impaired.

  113. 113
    catclub says:

    @StringOnAStick: Liberal is more right than you on this. If I only buy (or sell) once every year, versus three times a day, the fact that the high speed traders raise my costs by a penny per share for that one trade, matters very little to me [you are correct that they have front-run my order by 1 cent]. Vanguard is not that worried about high speed traders.

  114. 114
    TenguPhule says:

    @Stan:

    don’t accept the enemy’s definition of the battlefield. The response to cyber attack need not be cyber counterattack.

    This.

    Lots of ways to hurt Russia. And Russian Hackers.

  115. 115
    Aleta says:

    I remember how “we’re at war with terrorists” was used to violate civil liberties. For one example, picking up and holding muslims in NYC jails, and not allowing them to contact anyone. I don’t want a loose application of the word ‘cyberwar’ to lead to laws or interpretations against activists who organize on the internet or work for freedom of information.

    Cheney-Bush used ‘war’ to convince young people to enter the military after 9-11, rush the country into invasion, and give massive contracts to Halliburton without open bids. (Yet cynically they weren’t committed to a war. Refused to spend enough money to protect soldiers coming home and on the streets in Iraq, didn’t do proper analysis or listen to academics, cut taxes and mailed out checks, intimidated the press.)

    The word war has often been used to excite people and get them to act too fast. And to turn on their neighbors. It’s permission to sign up, join groups and attack quickly. Also to attack dissent. In a democracy it should mean a commitment coming from open information and democratic debate.

  116. 116
    Bill Arnold says:

    Important point here that maybe isn’t getting enough play: attribution is hard and one needs to think carefully and generously about the list of potentially-involved actors, and their motivation(s). Could be political, could be financial, could [other], could be some combination. Could be malignant/selfish/greedy, could even have an element of utilitarian benevolence.
    (And always include “false flag” as a possibility.)

  117. 117
    pluky says:

    @StringOnAStick: amen. goldman sachs isn’t refered to as the VAMPIRE squid for nothing.

  118. 118
    mr_gravity says:

    @FlipYrWhig: As an added plus, there is no need to doctor the photos.

  119. 119
    MattF says:

    OT. NYT column says SC order on travel ban is bad news for Trump. Of course, this is just some guy’s opinion, so YMMV– but it’s interesting.

  120. 120
    Jim Snyder says:

    Possibly already posted in comments (but if so I don’t see it).

    Edit: for some reason I’m not seeing the link in my comment. Here’s plaintext:

    https://sipa.columbia.edu/system/files/experience-sipa/12-Lonergan_The%20Logic%20of%20Coercion%20in%20Cyberspace_abstract.pdf

  121. 121
    Chris says:

    @Aleta:

    Cheney-Bush used ‘war’ to convince young people to enter the military after 9-11, rush the country into invasion, and give massive contracts to Halliburton without open bids. (Yet cynically they weren’t committed to a war. Refused to spend enough money to protect soldiers coming home and on the streets in Iraq, didn’t do proper analysis or listen to academics, cut taxes and mailed out checks, intimidated the press.)

    I’m finally getting around to reading that Blackwater book by Scahill, and being reacquainted again with exactly how that policy of theirs led to such a total clusterfuck on every conceivable level.

    The Bush era is one of these things that just doesn’t fade with time – the more I look back at it, the more horrific I find it. He’s got a leg up on Trump, but that says more about Trump than it does about Bush and his peeps.

  122. 122
    Kathleen says:

    @Cheryl Rofer: As I’m sure you already know Tecos love to o proboff to inside wire so they can charge small fortune to fix it.

  123. 123
    dnfree says:

    @Ohio Mom: Sorry, you tripped my Y2K trigger. It was far from “obviously ridiculous”. In fact, it was a very real problem that companies spent millions of dollars to rectify. I know because I was one of the people who worked on it at two different employers. It’s one of the largest tech successes ever, and because it worked so well, people now think it was a hoax. In 1998, the large corporation I worked for set up a completely separate facility where every branch and location of the company was brought in and tested and remediated one at a time. They wouldn’t have done that if it weren’t a real problem.

    Programming staff where I worked stayed home and did not party on December 31, 1999, because we were on call. I sat all day watching the year turn over on TV and celebrating that the power was still on as the year 2000 rolled in around the globe. We all knew that we had succeeded in fixing the code at our particular company, but couldn’t be sure about anyone else, or about all the interfaces. Even pieces of supposedly “dumb” equipment had two-digit years built in.

  124. 124
    Aleta says:

    @Chris:

    the more I look back at it, the more horrific I find it.

    Yeah, and the horror and the facts and the crimes and lies got numbed and buried.

  125. 125
    Cheryl Rofer says:

    @Bill Arnold: This is indeed important.

    attribution is hard

    I’ve wondered why the IC is so convinced that the Russians were behind last year’s election hack, up to and including VVP himself. It suggests that that inside person was an essential part of the intelligence chain. That, along with the digital evidence, could provide that kind of confirmation.

    But more generally, attribution is indeed hard, and you don’t want to retaliate on someone who was uninvolved. Look at how today’s Ukraine hack is unfolding. Now some Russian and other sources are saying they’ve been hit by ransomware. There seem to be several things going on at once, possibly from several attackers.

  126. 126
    dnfree says:

    @Origuy: Yes. I worked at two different large companies during the Y2K era. (I pat myself on the back because way back in 1986 I could see the problem coming and insisted that any new code I and my co-workers wrote from that point forward be Y2K-compliant.) The very large company I worked for set up a separate Y2K remediation location and brought every single corporate location in to test Dec. 31, 1999; January 1, 2000; and leap day 2000, and remediate the code as needed. Every single vendor of attached factory equipment, controllers, monitors, had to be contacted and ensure that their equipment was compliant. It was a huge deal and a big success, and as a reward we get told that it was “obviously ridiculous”.

  127. 127
    Gin & Tonic says:

    AP is reporting that the Senate vote on the “kill the old people” bill is postponed. Turtle didn’t have the votes.

  128. 128
    Matt McIrvin says:

    The problem with “striking back in kind” is that none of this respects political boundaries, and attacks with viruses and malware tend to proliferate without control. It’s like striking back in kind to biological warfare–you’re likely to do damage mostly to the wrong people.

  129. 129
    Ruckus says:

    @Bobby Thomson:

    Free press my ass.

    The press in general has never been free. Ink and paper cost money, printing presses are very expensive to purchase/operate/maintain. The electronic press is somewhat cheaper but TV of any kind is not all that cheap (especially if you take into account all of the hidden costs – cable access/licensing fees/etc) and while we may like free access, it doesn’t pay the bills, for staff/real estate/servers…..
    That’s the working structure costs, what about performers and the profitability? I’m not calling them newscasters, most of them aren’t, they are performers. They don’t set the agenda/content, they look/speak/act acceptably to the boss and that is their job.
    Then you have the bosses/owners. While at one time some of them may have been in the business to mold opinion/disseminate bullshit and that may still be a component for some, profitability is the overriding concern for all now. Yes a business needs to be profitable to stay in business (believe me I know this first hand, all too well in hand and fact) but it is no longer a byproduct of having a good product, it is everything in our modern business practices. Money drives everything, every decision. The press has never been free but it has been a lot cheaper and better.
    Now on the other hand if you meant that the press is free of government meddling, I’m not sure it’s ever been entirely free in that consideration either. It does seem that the meddling is far more political today than in years past but I contend that it is just more transparent to the political meddling rather than any less meddled in.

  130. 130
    StringOnAStick says:

    @catclub: Nope, I still don’t agree. I was a home trader for 8 years and got deeply involved, quite profitably, both up and down markets; everyone in my family sold out on my advice in early 2000 then I bet hard on the downside until the volatility dropped off. Once machine trading started to dominate, there was really no way to make much at the scale I had been working at, and since there are a ton of market makers who are also machine traders, only fellow Flash Boys have the advantage and it is a significant one.

    What high speed trading does is not unlike having a lot of ticks on an animal. Sure, a few is tolerable, but when the majority of the trading is being done to capture price disparities, it becomes trading more about exploiting those with a millisecond slower pipe into the trading stream. The core idea of making a stock market is bets are placed on company performance; high speed trading is all about that next millisecond, not the underlying business; talk about market distorting. Vanguard isn’t worried because for the size of assets they are moving, they can’t do a damned thing about it so there is no need to make the investing public nervous now, is there? Bad for business. The high speed traders are exploiting those large block buys and sells by mutual funds; they see when they hit the trading stream and they all suck a little blood off the trade. By the magic of compounding that adds up. If it wasn’t so profitable high speed trading would not be the vast majority of every day’s trading volume.

  131. 131
    Chris says:

    @Aleta:

    Oh yeah. A huge part of the horror is that the people being described not only were never punished but are still walking around and continuing their work today. After all, this is Betsy DeVos’ brother I’m reading about (who himself is currently consulting with the Chinese on how to carve out colonies in Africa, and recently name-checked the British East India Company as a model for what he wanted to see done in Afghanistan).

  132. 132
    dnfree says:

    @Certified Mutant Enemy: That was one of the dates tested in our corporate remediation center, as I noted above. Years ending in ’00’ are not leap years EXCEPT if the first two numbers are divisible by 4 (1600, 2000, 2400). We didn’t have to worry about it in 1600, but many programs had just said if the year ends in 00 it’s not a leap year. So that was one of the problems that our testing caught. Who knows what 2100 or 2400 will bring–won’t be my problem! As you probably know, some have facetiously proposed that we start working now on the five-digit year problem we will have when we roll over from year 9999 to 10000.

  133. 133
    Matt McIrvin says:

    @dnfree: On top of that, though, there were responses that were ridiculous–Jack van Impe tying it into apocalyptic Bible prophecy, for instance. In the popular eye it was hard to distinguish that from the people who really were working on mitigation around the clock.

    There were even some silly responses within IT–I remember one book arguing that your best bet for fixing the Y2K problem was to port all your enterprise software into COBOL.

  134. 134
    Chris says:

    @Cheryl Rofer:

    Well, the fact that Trump actually asked the Russians in front of the entire nation to hack his opponent’s campaign for him, and the way the Russians have continued to troll the nation ever since, probably contributed to their centering their investigations on Russia. (That and the knowledge that they’ve done the same thing in various European nations over and over).

  135. 135
    Mnemosyne says:

    @Chris:

    recently name-checked the British East India Company as a model for what he wanted to see done in Afghanistan

    He may want to read a little history on what happened to the British East India Company when they tried to go into Afghanistan.

    Not to mention the fact that the BEIC fell on their faces when they caused the Sepoy Mutiny and had to be bailed out by the British government, which dissolved them.

  136. 136
    Laura says:

    @schrodingers_cat: yes. And it’s gotten even more vitriolic. However, pensions, especially CalPERS is part and parcel my bailiwick as a Union Business Agent. And so it serves a limited but important purpose.

  137. 137
    Steve in the ATL says:

    @StringOnAStick:

    @liberal: … there is no point even communicating with you.

    This is all you needed to say

  138. 138
    Chris says:

    @Mnemosyne:

    The tradition of private enterprises running amok until they’ve fucked up so completely that the government has to save their ass is long and distinguished.

    Must be that “private sector efficiency” I’m always hearing about.

  139. 139
    Ruckus says:

    @trollhattan:
    I understand that most European nations are strongly on the renewables bandwagon, as they have very few of their own natural resources and have had to purchase them from someone for a very long time. Replacing “offshore” hydrocarbon power is vital to their national interests, at the same time as exports are vital to Russia’s and the Middle East. It is a inevitable that this will come to a head sooner or later. And this effects the US as well, in the same way. Mileage efficiency and smaller cars/electric/hydrogen cars, our own increase in renewables will forever change hydrocarbon exporting nations and for Russia and the Middle East, this is their lifeblood. There will be issues. There already are. I’d bet that this is the basis of a dramatic amount of the Russian problem we face.

  140. 140
    Origuy says:

    There still are Y2K related problems out there. One of the quick fixes was to treat any two digit year less than twenty as occurring in the 21st century and any 20 or greater as occurring in the 20th. This was to avoid rebuilding databases with four digit years. It just pushed the problem out twenty years, assuming that in that time the problem would be fixed correctly. There could be some databases out there that still haven’t been rebuilt. Management likes to put things off that don’t affect the quarterly earnings.

    Then there’s the Y2038 problem. Unix-based programs using a 32-bit timestamp will have problems on March 19, 2038. They store the time in the number of seconds since January 1, 1970 00:00:00 UTC. This is known as the Unix Epoch. On March 19, 2038, this value will exceed 2,147,483,647, the largest number that can be contained in a 32-bit field. Most programs in recent years have converted to using 64-bit values, but not all.

  141. 141
    MattF says:

    @dnfree: I’ve heard that the ‘next’ problem will occur early in 2038, when it will be 2^32 seconds after midnight, January 1, 1900.

    ETA: Beaten to the punch. And I got the arithmetic wrong.

  142. 142
    nightranger says:

    @Gin & Tonic:You are waaaay out of your league on this one. You should go back to a level you are more comfortable in. Calling people poopy heads or whatever.

  143. 143
    Ruckus says:

    @Amir Khalid:

    Me, I think it’s more a conflict between the short-term interest of the rich, powerful, and selfish versus the rest of us.

    The rich and powerful got that way by controlling the basis of production – power. Not the power to control but the power that is used for production of everything from food to iStuff. It has been since the industrial revolution started, coal and oil. Coal is out, the supplies are waning and getting it and using it is very dirty. Natural gas is in but it still creates a supplier monopoly. We in the states don’t see this as much as many parts of the world because we have natural gas and the resources to find and extract it. A lot of places, as you very likely know, don’t. So there is a global market for it and large NG tankers float around the globe. So many around the world are still dependent on a hydrocarbon product for power and have to depend on other countries suppliers. At the same time technology is getting much better at extracting the power from renewable sources, that are abundant everywhere. Ergo conflict.

  144. 144
    Gin & Tonic says:

    @nightranger: How many peers are at AMS-IX? How many of them are primarily Russian or Eastern European? Who controls the peering contracts?

  145. 145

    I believe this is enabled by extremely poor security practices in civilian infrastructure. This is a result of laziness, encouraged by security agencies which desired to spy on their own people. As cryptographers have been warning us, such weaknesses can be exploited by enemies, as well as ones own police agencies.

    We are in dire need of improvements to civilian cybersecurity infrastructure.

  146. 146
    Bill Arnold says:

    @Cheryl Rofer:

    I’ve wondered why the IC is so convinced that the Russians were behind last year’s election hack,…

    Hacks. When it’s complicated, cardinality can also be important. I’m fairly sure (without access to real evidence) that Russians were involved, but not at all sure that others were not also involved.

  147. 147
    SiubhanDuinne says:

    @Gin & Tonic:

    Say what you will about this new “nightranger” fella, but he’s a fucking expert on pie. Never seen anything like it.

  148. 148
    J R in WV says:

    @Amir Khalid:

    In my first IT job starting in 1985 we were writing a new business tax system for a state government. We used a 2-digit year which was standard, but we assumed that in YY50 CC was 19, so our date failure point would be 2049, not 2000. I don’t know if that system is still implemented, I hope not.

    In my IT role in 1998 -> 2000 we had an older COBOL IMS-DB system that was going to fail on 31-12-1999 rollover. We worked like beavers to replace it with a system written on Windows with Oracle relational DB backend, with no date rollover failure anticipated. And we did.

    No one in my shop was at work on New Year’s Eve 1999, in fact we had a New Year’s Eve party with champagne I had started buying months before to accumulate enough for a big group of friends. Some of which were co-workers also not at work that night.

  149. 149
    Steve in the ATL says:

    @SiubhanDuinne: funny–so is Ben from Virginia. Who knew a concern troll so loved pie?

  150. 150
    Bill Arnold says:

    @StringOnAStick:

    What high speed trading does is not unlike having a lot of ticks on an animal. Sure, a few is tolerable, but when the majority of the trading is being done to capture price disparities, it becomes trading more about exploiting those with a millisecond slower pipe into the trading stream.

    (s/millisecond/microsecond/)
    Yes, parasites can kill/destroy:
    Winter ticks are bugging Vermont’s moose to death

    According to Vermont Fish and Wildlife, “The ticks are becoming more prolific as spring and fall weather has warmed in recent years, causing some moose to collapse from blood loss or die from hypothermia after rubbing their insulating hair off in an attempt to rid themselves of the parasite.”

  151. 151
    Gin & Tonic says:

    @Steve in the ATL: Mmm, love me some pie, too. If I lived down by you and SD I’d probably weigh 350 and have no teeth, because I have a real weakness for pecan.

  152. 152
    J R in WV says:

    @SiubhanDuinne:

    When an arsenal is on lock-down, that’s never off topic !!

  153. 153
    MomSense says:

    @Bill Arnold:

    Same thing has been happening in Maine, especially Oxford County, for a number of years now.

  154. 154
    Steve in the ATL says:

    @Gin & Tonic:

    If I lived down by you and SD I’d probably weigh 350 and have no teeth

    Why, you’d fit right in down here–that perfectly describes my brother Cletus!

  155. 155
    beef says:

    @StringOnAStick:

    No. HFT is an irrelevance. The total industry wide yearly profits of the HFT industry is a few billion dollars. Sounds like a lot until you remember that Twitter alone makes that much, and that the relevant scales for the investment industry are in the trillions.

    Also, claiming Vanguard doesn’t care about transaction costs is stupid. The bigger your assets are, the more you worry about those transaction costs. That’s why Vanguard likes HFT; on balance, they’re cheaper liquidity providers than their predecessors.

    Frankly, it sounds to me like you got lucky for a while as a day trader, then failed to adapt when market conditions changed.

  156. 156
    Gin & Tonic says:

    Incidentally, says here that the Ukrainian military intelligence officer assassinated in Kyiv today was heading a group that was documenting evidence of Russian aggression in Eastern Ukraine for the Hague.

  157. 157
    Gravenstone says:

    @Gin & Tonic: Just so you know, you’re arguing with the latest incarnation of Derf. Proceed at your own risk.

  158. 158
    Steve in the ATL says:

    @Gin & Tonic:

    Incidentally, says here that the Ukrainian military intelligence officer assassinated in Kyiv today was heading a group that was documenting evidence of Russian aggression in Eastern Ukraine for the Hague.

    Golly, don’t Putin’s enemies just have the worst luck?

  159. 159
    Gin & Tonic says:

    @Gravenstone: Ugh. Didn’t recognize it.

  160. 160
  161. 161
    J R in WV says:

    @Gin & Tonic:

    I’m not a network engineer, but I do know that there are physical links via fiber and copper, and less physical links via sat based systems and microwaves between region A and region B.

    There are a lot of them, and as long as some of them are operatio-Jnal, network communications between A and B continues, more slowly as the number of links decreases. If you continue to disconnect those links, by unplugging routers and switches, available bandwidth shrinks and speed begins to drop.

    Eventually routing around the “errors” in the network where switches are disconnected or turned off becomes insufficient to maintain reliable communications. Even though the network is designed to rout around “damage”, eventually actual systems built upon the Internet will fail if communications become insufficient to support TCP-IP acknowledgements.

    Imagine the terror of no Facebook or Twitter or Craigslist or….. but I must stop now before I scare myself to death. What if your ATM doesn’t recognize your card?? What if your bank can’t transmit funds???? The mind boggles!!!! IT HURTS!!! NO Balloon-Juice.com…………

    Amazon Prime is Broken——- arrrggggK!

  162. 162
    J R in WV says:

    @frosty: It is true that the original Fairness Doctrine only applied to broadcast media back in the day before Reagan tore up our liberal democracy. But there is no reason we can’t impose a fairness doctrine on all media, require truthfulness, balance, fairness, and shut them down with punishing fines if they violate the new Fairness in Media Requirement.

    Because to be carried on cable, you have to transmit your signal up to the satellite(s) which provide a signal to the cable systems all over the nation. See those big dishes outside the cable HQ in your area? They transmit using FCC approved frequencies through the airwaves up to and down from the sat network.

    Interstate transmission via fiber is by definition interstate commerce, thus subject to regulation by the government. It isn’t a limitation on freedom of speech to require non-truth to be labeled, is it? Facts are facts, and balance is something you can measure. It isn’t balance if you hire a clown to represent the Democratic party.

    Anyway, just because the Fairness Doctrine worked one way back in the past doesn’t define how it must always work in the future, so I’m always a little depressed when I see comments to the effect of “Well, the Fairness Doctrine didn’t apply to cable…” like it can never apply to cable.

    In England you have to pay a license fee to operate a TV set. Hmm? Charge a fee when the committee detects a falsehood? hmmm….

  163. 163
    StringOnAStick says:

    @beef: I was never a day trader; I used complex options strategies with a longer time frame and had a few friends on Wall Street, one of whom died on 9-11 at Cantor Fitzgerald. Every person I saw who fell for the day trading BS lost all their money either quickly or really quickly, so be careful about who you insult for lack of understanding.

    There are plenty of books out there now that describe how HFT works and who is benefiting, try reading a couple. The most recent estimates I pulled up on Google is that at least 50% of the daily market volume in HFT; that’s a lot of ticks in the system. Vanguard gets incredible rates on their trading costs, but that has nothing to do with HFT traders shooting against Vanguard’s orders to suck their portion out of the bid/ask spread, which in the greater picture is a cut coming off the Vanguard investor’s assets and into the HFT trader’s pockets. Market shills say HFT increases liquidity, but these are the same folks who worship the free market. A market isn’t entirely free and all players at equal advantage if there are those with just a slightly faster data pipe who get to win at being the tick over the shop next door with a slightly slower pipe. For awhile, HFT was all about who could upgrade hardware and software to be just a tiny bit faster. Since I no longer deal with these markets, I no longer pay attention to this other than to know that the market now has even more complex securities issues than it did before the great CDO/CDS meltdown that hit at the end of Dubya’s terms of misrule.

    There are plenty of professional traders who found the market changed dramatically when HFT became a much bigger part of the market; my friends started out saying it took 4 times the work to make what they used to make, and then it was up to 20 times. By that time I walked away and stopped participating. Markets are complex, there is an incredible amount of wealth being traded at all levels, from small investors to investment pools for individual countries, and now we have dark pools to toss in the mix as well. Dark pools came about to combat HFT; if HFT was a big nothing burger there would be no dark pools. Look a little deeper.

  164. 164
    polyorchnid octopunch says:

    @Another Scott: Hey Scott! You may know me better as jake123 ;)

    That’s all SMTP traffic, and represents high volumes of spam being sent out of compromised outlook.com accounts. That’s pretty much background noise on the Internet.

  165. 165
    beef says:

    @StringOnAStick:

    Yeah, I don’t need books on the subject, thanks. Unlike you, I’m still in the game. And frankly, I’ve never seen a book on HFT that accurately represented how it actually works.

    I’d still like to see you explain _with_ _numbers_ how it is that HFT has any effect on buy and hold strategies, when their gross profits are rounding error when compared to the net from the slow players. Come on. Show us the accounting.

  166. 166
    dopey-o says:

    @Cermet: “…we should devastate the russian financial system…”
    perhaps you meant ‘we should devastate all the American and UK banks that the russians keep their laundered their money in.’
    Perhaps you meant ‘we should devastate all the trump and kushner properties that the russians have purchased with their ill-gotten gains.’?
    NGH.

Trackbacks & Pingbacks

  1. […] Cross-posted at Balloon Juice. […]

Comments are closed.