Jammen det var ikke det vi mente...?

Det har slått meg lenge, og enda mer de siste dagene; jeg skulle likt å ha sett den kulørte dagspressen dersom Post- og teletilsynet (fra 1. januar Nasjonal Kommunikasjonsmyndighet) , Politiets sikkerhetstjeneste eller Nasjonal sikkerhetsmyndighet i det daglige hadde rattet rundt på jakt etter falske basestasjoner.

De siste dagene har vi sett oppgitte politikere, overraskede politikere, skuffede politikere, indignerte politikere, påtatt himmelfalne politikere... kort sagt; hele spekteret av "jammen det var ikke det vi mente"-politikere.


Politikerne er oppgitt, overrasket skuffet og alt det andre jeg nevnte - over at PT, PST og NSM ikke trasker rundt på måfå og monitorerer det elektroniske Norge uten konkret mistanke.

Men, ehhh... er det ikke akkurat det politikerne har forbudt PT, PST og NSM å gjøre?
Jeg mener å huske noe om at det skulle være "mistanke-basert". Hva hadde politikerne sagt hvis Aftenpostens oppslag hadde tittelen: "PST overvåker deg på Aker Brygge"?
Eller hva med "Her overvåker norske myndigheter deg!" og ikke minst "Her er overvåkningsbilen til Hysj-sjefen."  Da hadde det blitt oppslag da!


Eller tenk om de siste dagers "avsløringer" (eller kopier som mange kaller det) har blottlagt en viktig pågående operasjon i regi av de som skal beskytte vår frihet og vårt demokrati? Tenk om liv går tapt på grunn av medias avsløringskåthet. 
Det blir det ikke oppslag av. Man har jo et samfunnsoppdrag må vite.
Det er igjen på sin plass å sitere fra doktoravhandlingen til Kjetil Anders Hatlebrekke: "Trusselforståelse er derfor utfordrende, siden trusselforståelsen i seg selv er offer og et mål for truslene den søker å forstå."
Takk: Min "lillesøster", far og alle de som vet jeg takker dem.  
[Som alltid; denne som alle andre poster her er forfatterens ene og alene. Ikke noe på denne bloggen kan reflekteres til forfatterens arbeidsgiver - nåværende eller tidligere.]


Where is the threshold for invocation of Article 5 in cyberspace?

At this side of the hill you this summer could read my reflections about What if a Red Cross was attacked - in cyber? I am confident that the right entities are still finding interest in the "Energetic Bear", its weaponry, its intention, its capacity and capability, and; its courses of action. Even how confident I am, I still can not stop thinking how all this effects The North Atlantic Treaty. To be clear; where is the cyber threshold regarding this treaty?

Let me quote three of the articles that the Alliance member states has signed.

"Article 4

The Parties will consult together whenever, in the opinion of any of them, the territorial integrity, political independence or security of any of the Parties is threatened.

Article 5

The Parties agree that an armed attack against one or more of them in Europe or North America shall be considered an attack against them all and consequently they agree that, if such an armed attack occurs, each of them, in exercise of the right of individual or collective self-defence recognised by Article 51 of the Charter of the United Nations, will assist the Party or Parties so attacked by taking forthwith, individually and in concert with the other Parties, such action as it deems necessary, including the use of armed force, to restore and maintain the security of the North Atlantic area.
Any such armed attack and all measures taken as a result thereof shall immediately be reported to the Security Council. Such measures shall be terminated when the Security Council has taken the measures necessary to restore and maintain international peace and security .

Article 6 (1)

For the purpose of Article 5, an armed attack on one or more of the Parties is deemed to include an armed attack:
  • on the territory of any of the Parties in Europe or North America, on the Algerian Departments of France (2), on the territory of or on the Islands under the jurisdiction of any of the Parties in the North Atlantic area north of the Tropic of Cancer;
  • on the forces, vessels, or aircraft of any of the Parties, when in or over these territories or any other area in Europe in which occupation forces of any of the Parties were stationed on the date when the Treaty entered into force or the Mediterranean Sea or the North Atlantic area north of the Tropic of Cancer."

Just imagine

In the geopolitical reality we all live, it is natural to look to what is going on in the Ukrainian theatre. Maskirovka was a central and mandatory Soviet Opsplanning term and means deception in the very broadest sense: What is true, what is artificial and what is wrong? No one in their right mind would suggest that Russia has not kept this modus operandi alive - both in the "old" analog domain and in cyberspace.

Then imagine the possibilities based on the following quote: "Military Experts believe a campaign of "ambiguous warfare" including cyber attacks, propaganda campaigns and using local irregulars to destabilize a country, would be designed to be deniable and stay below the threshold of "armed attack" that would trigger NATO's Article 5 mutual defense agreement." 

Now what if....

Interesting ....... But let's say, of course just as a hypothesis, that Mr. Putin found it convenient and effective for his end state to destroy one ore more of these dams (Norwegian) and thereby disrupt power supply, destroy homes, take lives and create fear with the help of a few TU-95s. I suppose that someone would start muttering about use of NATO Article 5.
And then; let us use the same
hypothesis, but this time the attack vector is not TU-95s, but cyber weapons and the end state is the same. Are we then above or below the threshold for use of Article 5? If below: Why and what's the difference? 
What is the threshold for use of Article 5 when a member state is attacked in cyber? How will NATO do the attribution and how will NATO respond - with cyber capacities or with kinetic capacities?
I quote from Wales Summit Declaration, issued by the Heads of State and Government participating in the meeting of the North Atlantic Council in Wales: "A decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis." 

All well, but for your enemy the main effort is highly likely not when the cyber weapon is planted or how it is planted, as long as it has desired effect on the target when he wants it to. Yes; stockpiling is possible in cyber space. Live with it. 
Finally: What if enemy cyber weaponizing has already taken place inside infrastructure belonging to alliance member states? How much time will the North Atlantic Council need to do a case-by-case based assessment then? 
Remember; in cyber the attack can be over and the damage done before you detect that it ever happened. There will not be any sound of tanks or smell of diesel.

Mr NATO Secretary General; where is the threshold for invocation of Article 5 in cyberspace?

Recommended reading 

Admiral Jim Stavridis (Ret.) Supreme Commander of NATO (2009-2013) Only These Three Steps Will Enable NATO to Stand Up to Putin

Loren Thompson Cyber Alliances: Collective Defense Becomes Central To Securing Networks, Data

Siberian pipeline sabotage: National Security Council´s Thomas C. Reed documented the operation in his book, At the Abyss: An Insider's History of the Cold War. 

Wales Summit Declaration, issued by the Heads of State and Government participating in the meeting of the North Atlantic Council in Wales. 

Thanks to these people: My mentor, my "little sister", my father, Frank The Tank  -  and those that know I thank them.
[As always, the posts here are the author's alone. Nothing on this blog is reflective of any of the author´s employers, past or present.]


What if a Red Cross was attacked - in cyber?

Lately the word on the street has been: "Any news on the Energetic Bear?" It's all about an entity that likely is state sponsored and from Eastern Europe, according to media.  Both F-Secure and Symantec have published reports on the matter. The Energetic Bear, according to media, systematically targets hundreds of Western oil and gas companies, as well as energy investment firms. This made me think - What if a state or state sponsored entity did the same to a Red Cross (or similar) institution?

Far as I can tell, the Energetic Bear and their SCADA-targeting cyber weapon named HAVEX so far have been mentioned to be targeting the energy sector´s SCADA systems. But when you read  the reports from F-Secure and Symantec the picture is a lot different.

Few seem to be talking about the fact that also hospitals, financial institutions, telcos and other branches depend on both SCADA systems - and power. 
This makes the whole Energetic Bear case more worrying. Have all gone blind on watching "the energy silo"?

But what if...

Then this article did catch my eye: "Big cyber hack of health records is only a matter of time" - sure I agree totally, but again when media writes about cyber attacks they go the easy way and pick the privacy angel. Of course that angle is important, but what if a cyber attack on a hospital was targeted to the hospital´s SCADA systems? This could, as Karl Rauscher writes, "leave doctors scrambling in the dark, machines failing, and patients dying in their beds". It is to me very hard not to agree with Mr. Rauscher, and this is the center of gravity regarding targeted advanced attacks on health institutions; it will be about life and death.  Information theft and privacy violations will likely not be the main intent of an aggressor wanting to disrupt a hospitals capabilities to operate as a hospital. And mind you, such an attack will occur without the health institution even knowing who hit them. 

And then...the questions

Hospitals (and similar) are in times of war protected under the Geneva Convention - would a cyber attack on a hospital (and similar) be a violation of this Convention? Should, for example, hospitals have special labeling on the Internet? A kind of cyber Red Cross on their communication lines and end point infrastructure?
When cyber vectors are used in war, would an attack that affects a hospital be a violation of the Convention and should it then be punished?
The Cyber domain is ​​recognized as fighting domain, similar to the land, sea and air domains. So to me the first thought is to say that we must think as we are used to in our analog world.
Actually the "Markers in Cyberspace virtual group" have been discussing Internet marking for years and College of Europe has the issue mentioned in "Technological Challenges for the Humanitarian Legal Framework".

Discussions are fine, but this has, in my opinion, to be addressed by a global entity - and there is not many to choose from.

Just to make it worse

Very recently NATO updates cyber defense policy as digital attacks become a standard part of conflict and Article 5 will also apply in cyberspace. This is good news, but if an asynchronous actor makes the cyber attack against a hospital - or other societal entity, then what? By whom and how should the attacker be taken out and punished? Can states "hack back" towards an unknown entity? Should the attacker, if caught, later be tried by The International Court of Justice? 
And even more; is it an act of crime or an act of war? For how long can governmental bodies and NATO discuss "who owns the mayday" before countermeasures are implemented?
I can say only one thing for sure; when this happens -  the fog of war will be thick.

A very experienced police officer with international operations on his CV said this when I raised the cyber attack and hospital issue; "The Geneva Convention was made to fit an industrial war between nations. That does not occur any longer, in short; the Convention is outdated and should be refreshed."

[As always, the posts here are the author's alone. Nothing on this blog is reflective of any of the author´s employers, past or present.]


The Babushka Lady and the attempted assessment of C&C

When it walks like a goose, quacks like a goose and smells like a goose..... Well then it might even be something that reminds someone of a Babushka. But this evil entity took out (for now) an important part of competence and capacity (for this time around; "C&C" in short) on Twitter. Last night just after 1900 GMT+2 Professor John Schindler blogged "Signing Out (for now)"

My immediate reaction was clear, and I was not alone. Whatever had been said or done, whatever accusations pushed forward, a smear campaign was easily spotted for those who bothered to look, and there were not even one single sign of any fog of war amongst the professor´s supporters.

Professor Schindler has, over the time I have gotten to know his competence, background and capacity, shown me that he knows his geopolitics, his INTEL, his history and his geopolitical security understanding. 
All you need to do is read his blog, you will learn more facts there about the #OpSnowden, about Ukraine, Kremlin, NATO and international conflicts than most other places.

And along came Babushka

With a little twist, and not in any way pointing towards any link to the JKF assassination or starting any conspiracy, you might understand why I express myself like this: It can be seen upon as if The Babushka Lady took out John.
After professor Schindler wrote his "Signing out (for now)" things have been happening, accounts on Twitter have "disappeared" and blogs connected to them suddenly no longer in use. What I called "The Babushka Lady", had done "its" operation. But it did not end, and professor Tom Nichols gave a good summary:
"Those asking abt John Schindler, this is the apology from the person involved. A personal matter between two adults."

The support

During the day the comments have been pouring on professor Schindler´s blog and for the first time in my life I write a blog post in support of a single person. 
Like Catherine Fitzpatrick did earlier today when she commented on professor Schindler´s blog: "Stay strong, and come back soon!"

I summarize by quoting "Smear campaign against J. Schindler getting uglier by the day. So: Closing ranks behind John Schindler, Everybody in Formation!"

I add; the formation needs scouts. 

Prepare! Be aware! Semper Fidelis - Semper paratus!
I predict that professor Schindler will be back -  and then again there will be balance in the twitter sphere and C&C will be in place.
On your six Professor!

[As always, the posts here are the author's alone. Nothing on this blog is reflective of any of the author´s employers, past or present. Comments on this post is closed.]

The Babushka Lady? Well, some might find parallels here.