Cyber Wars: liveblog

Ok, straight from cosmology to cybersecurity: the Aspen Institute is running an “Aspen Security Forum” with several days of events.

Tonight General Keith Alexander, head of the NSA is doing a forum with NBC’s Pete Williams.
I got a ticket and got here early, as the heavens opened up and the lightning flashed. Despite the weather a lot of people are trickling in.
The Homeland Security folks are discretely tucked away behind the pavilion under the trees – seem to be trying to stay out of the rain.

Don’t expect much news stuff, more here for curiousity and to hear the tone.
Aspen Institute tweets of earlier panels suggested it is mostly rah-rah, go US.
Apparently Franklin was wrong about the whole security and freedom thing.

I’ll liveblog as best I can.

Live video stream of ASF2013 events here

Aspen Security Forum - before the show

Aspen Security Forum – before the show

Getting a serious shower here, need the rain, good timing.

Interesting, the forum is not sold out, but “You’re a Good Man, Charlie Brown” show in the park tomorrow is sold out.

Room for about 600 people in the pavilion, less than half full with two minutes till start time.

Fairly top heavy crowd.
Running late, filling up slowly.

and we are off

Aspen Security Forum - Clear and Present Danger

Aspen Security Forum – Clear and Present Danger

Seriously unfunny – crash as I type in Gen Alexander’s comments…

Paraphrasing: Mission is to defend country.
Not logical to read everyone’s email.
Looking for bad pixels in a big picture.

ed: yes, but… do you trust your successor?
Do you trust future administrations no to abuse the data.

Cites case where a threat was headed off based on metadata analysis.

Yes, NSA has some good math guys, some of them were my class mates.

FISA court limits how many hops nexus of suspicion can be traced out
– a “logical” number of hops.
[anecdote on 2009 planned subway attack case tipped to FBI is at least 3 hops]
– claims ~ 40 nodes per hop – so ~ 105 connections to check per nexus (seems underestimate) – metadata analysis narrows down possible connections to the interesting ones.

yeah, they can totally do that with some decent fidelity

Alexander directly contradicts Snowden’s claims on ability to intercept phone calls (that’d be FBI and require a warrant)
[ed. yes, but… as Gen A says, they are foreign intelligence agency,
famously they do swaps with their friends espec GCHQ in UK – that is left open]

“Have you seen evidence of Snowden leaks harmed intelligence gathering” – “We have”.

Deflection to discuss NSA support of combat operations – couple of guest attendees from Iraq/Afghanistan

[ed. Ultimately it is a matter of trust – perpetual trust – yes, mission is critical and noble, intents are good, but potential for abuse is enormous – do you trust this administration? Do you trust future administrations? Do you trust individuals within the agencies not to abuse these powers? –
Quis custodiet ipsos custodes?
Do you trust the FISA court?]

Long discussion on why not have the “phone companies” keep the data (like bank records) – Alexander counters whether you trust phone companies, and that it slows everything down.
Missing more basic point – banks are regulated, phone companies are undergoing disruption comm info and data not just kept by ATT and Verizon, or even skype and google chat – anyone can set up IP protocol comm network and route packets

Expect more dark nets will be set up with sparse connection to the white nets

Alexander: FISA not rubber stamp – should see them when we make mistakes!

ed. Well, yes we should…

“54 different events” – 300 nexi – didn’t catch think he said 13 lead to FISA intervention. Numbers keep changing.
Ah, 13 of 54 inside US, 12 relied on metadata analysis
Hmm
So 41 in other countries, incl Germany and Denmark

ed.Strictly speaking 9/11 was not stopped because of lack of data but because of lack of communication between agencies, as I recall [correct me if I’m wrong]

metadata analysis leading to pointers to electronic communication is most effective – once they have suspect, they harvest actual email data – presumably with FISA signoff “inside” US.
Where is “inside”?

Lot of comm to allied law enforcement agencies

ed. – is that ALL they do? Is a valid question

Phone cos/comp cos “compelled to co-operate with NSA”
Even if they are non-US

NSA does not want to reveal details just to make cos look better

Question I’d like to ask, but won’t get to: would General Alexander give the metadate on himself to NBC’s Williams and let them analyse it and decide what if anything to follow up or publish?

NSA knows what Snowden got.
It was a lot.

NSA ought to be really really pissed off with Boorz Allen Hamilton…
I wonder if Snowden is a fan of the Vorkosigan stories (#Ivan!)

Tech fix – “two person rule” – restrict file access
“thin virtual cloud” – “encrypt data” [WOT? you mean it isn’t already]
– yes, but you need people to be able to access info to make use of it

tech fixes sound easily circumventable

NSA thinks they know what Snowden looked at vs what he copied
duh, so their comps at least do system logs

Good question from Williams: “When is enough enough?”
Answer: “What does it take to stop terrorism, defend troops”.

“From 9/11 know we don’t have enough”

“Don’t want to step back to feel where edge [of enough] is”.

“Value of american citizen is priceless”
[ed. er, no, it clearly is not – but raises interesting question, what is cost per life saved?
Is the NSA trawl actually cost effective???
cost-benefit analysis of intelligence ops would be interesting – fed programs are not generally cost is no object]

back to bad pixel analogy

Williams asking some good analogy based questions
[eg he asked whether trawling though everyone’s pockets to search for drug dealers would be reasonable or (implicitly) unconstitutional]

“no reasonable expectation of privacy in communication” – yes, well that is the crux isn’t it – is that what people actually expect as opposed to ’70s legal analysis

Hitting hard on visceral connection to 9/11 casualties – reminds me of Tom Clancy novels post 9/11 – clearly hit home hard – understandable but not proportional to real risks – usual risk/benefit misanalysis and quantitative estimates of controllable risks.

Move on to offence/defence strategies for cyber threats – knows his crowd – “hundreds of attacks on Wall Street, threaten financial institutions” [paraphrasing]

training cyber warriors, sounds like they are understaffed

Williams has another good question: “what are rules of engagement for offensive units of cyber war”
A: “policy issue” – need for pre-emptive capabilities
again brings up “take down Wall Street”

A: need for new “cyber legislation” – eg Wall Street has dark networks…
can’t see attacks from inside, sometime have to be reactive – they want to be inside

Heh. This will be a crux – will the hedgies trust NSA to be inside their systems…

Audience questions:

1) “trust us”

2) WaPo reporter asks about “insider threat”

3) Sound like real problem is the policy and command people don’t understand sysadmins – l00s3rs

uh-oh, he said “incentivize”

must be in wrap up, at least the flags are now being wrapped

20 cryptologists killed in combat in Afghanistan

Hmm, significant fraction of this audience did not applaud when Gen Alexander asked for applause for NSA operators, “Snowden Not Hero” – some applause, many did not

dumb question from german reporter

Alexander invokes the East German panopticon conundrum – if you wanted to read everyone’s email you’d need to employ everyone to do so – true, but slightly misleading

wow, actually sensible question from a Politico reporter: “why can’t you point to better examples of big stuff prevented”

Alexander dodges question.
Strange – all he has to say is “if we hadn’t stopped them they would have been a serious issue big stuff” – but he didn’t say that, he just talked more about how they caught the alleged planned subway attackers

“just prevention of NY subway planned attack paid for op” – numbers would be good here, what was plan, how big a threat?

“must have some program like this” appeals to media to support NSA program, “based on fact”

“we do make mistakes, and we self-report those mistakes”
“huge set of mistakes being worked trough in 2009 when Obama came it”
– oh boy, got to be a story there!

NSA employees have to pass a test on use of data.
Hm, wonder if it is online multiple choice.

US oversight better than anyone elses. #FaintPraise.

And we are done

PS: in retrospect, I don’t think the word “Constitution” was used once, though I might be mistaken – invoked implicitly a few times by Williams in “unreasonable search” language.
Interesting nuance – FISA and the NSA programs are legal, but are they constitutional? Can they be challenged? Who has standing?