Archive for the ‘digerati’ category

Less Than Meets The Eye — Cyber War edition

June 5, 2011

A couple of days ago John wrote about the seemingly new doctrine of armed response to acts of cyber sabotage.  I’m broadly with him on the badness of expanding without limit the range of events that we would treat as an act of war.  But I think there is much less new here than it seems — and perhaps that lack of novel insight is more of the problem than the risks inherent in treating cyber attacks as a potential casus belli.

First of all, there is a significant trail behind this latest Pentagon statement.  A major milestone came with the publication of Presidential Decision Directive 63 in 1998 — a document coming from the Clinton White House/National Security Council.  The directive calls for a series of measures aimed at minimizing our vulnerability and enhancing our ability to respond to cyber attacks — response in this case meaning fixing the damage to critical systems to minimize pain, suffering, and economic and/or military damage.  But the notion that a digital attack is a form of warfare is already present, part of US official doctrine all the way back in the last century:

Because of our military strength, future enemies, whether nations, groups or individuals, may seek to harm us in non- traditional ways including attacks within the United States. Because our economy is increasingly reliant upon interdependent and cyber-supported infrastructures, non-traditional attacks on our infrastructure and information systems may be capable of significantly harming both our military power and our economy.

And of course, this is true.  As the WSJ article to which John linked recounts, the Stuxnet virus that seems to have done significant damage to Iran’s nuclear effort struck at a sovereign nation’s economic and perhaps military capacity in a pretty direct way.

Had the authors of Stuxnet managed to set off a bomb in the centrifuge room, that would have been obviously an act of violence, one of war.  That the cyber path permitted the same damage to be done less messily does not alter its tactical significance, at least not in any obvious way.  If the Pentagon is moving to formalize the logic implied by Clinton-era perceptions of cyber threat — well, there are changes here, but I’m not sure they are as groundbreaking as the WSJ article made it seem.

That is:  the reality behind the digital metaphor of infection is one of the facts of life in a networked world.  The realms of the virtual and the physical are now deeply interconnected, and disruption of the cyber networks can (and has) produced real consequences in our material circumstances.  I don’t see it as a huge stretch to suggest that a cyber attack could cause the deaths of people, and that a response using other weapons that also kill people might be appropriate, if (and only if) you can reliably connect the original attack to the folks you want to target.

Which is the real problem with this not-so-new posture, a twisty little bit you can find by burrowing a little deeper into the WSJ piece:

Pentagon officials believe the most-sophisticated computer attacks require the resources of a government. For instance, the weapons used in a major technological assault, such as taking down a power grid, would likely have been developed with state support, Pentagon officials say.

Well, maybe.  But I read this and come back to where I think John was heading in his piece:  if a network attack by a cyber-al-Qaeda goads us into pounding the next Iraq stand-in, then we are back to what got us into our current predicament in the first place.

To which depressing thought, I’ve three reactions.

First:  it is a good thing that our government is taking cyber crime/war seriously.  Given how increasingly dependent we are on a complicated and variously vulnerable digital infrastructure,  it would be the height of folly to think that our networks are of no interest to potential adversaries.

Second: its an assumption not in any evidence I’ve seen these adversaries will be conventional states, to be deterred or defeated by conventional means.

The idea that cyber skills are uniquely the province of nations, or that digital assaults require the same kinds of concentration of resources needed to field actual armies is as unsupported as the notion that no band of committed nothing-to-losers couldn’t strike at major civilian targets in the United States.

So if in fact the focus of this new cyber command is mostly committed to state actors, I don’t feel much more secure for its existence.  Worse — if our only options in response to cyber attacks are ordinary military strikes on conventional physical targets we’ll be right back in the sad old game of shooting at the wrong people with the wrong weapons…which is no damn good at all.

Third:  It’s not in the piece, and though I’ve been following some of the writing about cyber security popping up lately, I’m hardly expert.  But I do worry about what I see as at least a potential trap in the way we might be imagining cyber threats.  A lot of conventional, garden variety digital security is based around the idea of building a fence around a vulnerable system — that’s the idea of a firewall that keeps malware and intruders out of yours and my personal computer, or the systems to which we attach in the course of our working day.

I’m hoping that’s not how the new cyber-command — or rather, its superiors in the chain of command — are thinking.  If the concept of cyber-security being developed by the national security folks is based some kind of digital Maginot Line,  an über firewall designed to keep the bad guys out, then we may well be fighting the last war.  Because, as we’ve seen with major security breaches in commercial networks, the real vulnerability happens when someone gets past a security wall, whether by clever hacking from without, or old fashioned human treachery from within.  If the folks directing our national cyber defence are Fulda Gap types, people with a strategic sense born of classic war-fighting approaches, then we’re in for trouble.

Early days, but my own web paranoia is peaking, and I have a deep urge to encrypt everything down to my cat Tikka’s 313131122’s name.

Images: Giovanni Batista Tiepolo, tentatively identified as the victory of Gaius Marius over Teutonic tribes in 101 B.C.E., c. 1725-1729


My Favorite iPad Hater Nonsense so far

April 7, 2010

From commenter zyodei at Cory Doctorow’s blog at BoingBoing (h/t @jasonpontin’s twitter feed):

Of course, I will still never buy one, because as has been pointed out by its design I still see it as something that is designed primarily for consuming information, not creating it. And who needs that?

Uhhh…those of us who create not “information,” but works of communication, craft, art, whatever.

I mean, I don’t know about anyone else, but I hope that folks actually, you know, read what I write, not to mention see or hear the other works I create.  Consuming that stuff, again, not information but composed, intended works, is something for which the iPad, among other devices, is just a dandy platform.  More of this please.

Not to mention that there are lots of hours in the day when I — I, and not a seraph, not an avenging messenger of the Tech Lords — find myself consuming other folks’ good work, and don’t need or necessarily want to haul my lapbeast.

I’m not saying that there is any affirmative necessity that should send all tech-happy folks into Father Jobs’ arms.  There are lots of reasons not to buy another thing.  I haven’t got mine yet, and didn’t get swept up on a wave of gadget-lust when I briefly toyed with one in an Apple store yesterday.  And choosing to save one’s pennies because it doesn’t perform the functions you require, as it appears it doesn’t for zyodei,, is sane, perfectly reasonable.

It’s just the “who needs that” tag that harshed my mellow.  No writer that I’ve ever known lays down words for a game of solitaire. Even as we — or at least I — write, the words seem to me to be leaning toward a reader.  Who needs “consumers” — an ugly, misleading name?  I do; every last line I write does.

Image:  Antoine Wiertz, “The Reader of Novels,” 1853

New Frontiers in Computer Security

April 1, 2010

A British company takes a genuinely innovative view of network protection, combined with an ingenious use of crowd sourcing.

(h/t Andrew Whitacre, communications maven of the MIT C4CM project).

Diary of a Trade Book (Newton and the Counterfeiter) no number quick update on blogs and books…

January 16, 2010

…which is the topic of tomorrows session at Science Online 2010, led by Rebecca Skloot, Brian Switek and your humble (sure about that?–ed.) blogger.

In the haste of getting to the hotel and then getting together with Rebecca and Brian to figure out what we really are going to talk about tomorrow, I haven’t found the time to write in detail what I had wanted to talk about today:  some thoughts on what the blogs can do — or even whether they should — to step into the void left by the collapse of the American book journalism at the mass media level.

So here’s a truncated version, which I will try to develop later with whatever insights come out of our conversatons tomorrow.

First:  there are tons of books being published — I’ve seen numbers in excess of 200,000 per year in the US.  I expect that number to both rise and fall in coming years:  rise through the opportunities to self publish that exist now in ways that no vanity publisher of an era gone by could have ever imagined; and fall in the category of books published by institutions attempting to reach large audiences through some kind of worked out distribution and publicity channels — “real” publishing as we’ve known it for a couple of centuries, at least.

Second:  whatever the precise balance between non-traditional and old fashioned publishing will turn out to be, the idea of national or broad conversations centered on books is mostly gone.  There are basically three remaining MSM outlets that can drive a book that does not already have its own media platform (Sarah Palin’s memoir, which was an industrial operation, not a literary one, for an obvious recent example).

Those three, in my guess as to order of importance, are The New York Times Sunday Book Review; NPR (which is not a unitary operation, of course) and, a rather distant third, The New Yorker. Some might through the NY Review of Books in there — and it is true that though its circulation is small, it is influential. Other radio and certain TV outlets are important as well, but these are the outlets that still make a claim to provide real literary journalism — to treat books as cultural events to be covered as news.*

(It’s different in the UK, where there is still a considerable literary news hole; but the mother country (literally, in my case is  have a different problem — an exceptionally rapid decline in their high street retail book trade.  But that’s for another post.)

This is not how it used to be.  Earlier in my career, even though I’ve never gotten much of a rise out of the Times, major newspapers around the country actually had reviewers, and devoted some real space to them, and I found I could hope for significant public discussion of my work in the LA Times, in the Chicago Papers, in the Washington Post…a bunch of places.

Now many of those places have stopped reviewing, picking up the AP review if there is one, or simply not bothering.  Meanwhile the Times has cut its reviewing hole, and now maybe checks out, in brief notices included, something between 1,000 and 2,000 books a year.  And there’s a vicious circle there too: book reviewing space in the NYT and in any other newspaper tracks advertising dollars spent to support such space.  As publishers consolidate and find their profit margins shrinking, they spend less on such ads.  As they do so, the book review hole declines…and the opportunity to sell more product goes with it…

and you know that tune.

So here’s the problem:  blogs and web attempts to create communities of writers, readers, and critics are popping up all the time.  They are important. They work — my post of a piece on Scalzi’s Whatever blog, as part of his Big Idea series drove Amazon sales and other blog interest.

But it’s a really big blog that gets 10,000 hits a day.  Only a small handful can hope to get 100,000.  A decent newspaper in a moderate metro area used to do that every day — in quite recent memory.

And of course, mere numbers only tell a part of the story.  Consider, for example the audience partitioning that goes on in the web is another impediment to permitting a book to find that part of its audience that doesn’t know yet that they might be interested in, say, a story about a scientist-cop whose detective career illuminates the birth of the modern idea of money. (If that describes you, here is the inevitable plug: you can find it at  AmazonPowellsBarnes and NobleIndiebound and  across the pond at, and John Smith & Son — not to mention electronically Amazon’s Kindle store.)

So the thought to consider, in all this doom and gloom, is what, if anything, can be done to make up for the gap left by the MSM abandonment of serious books as an essential beat in cultural journalism.

I have some ideas — as do my co-presenters…all to be discussed, I hope, in tomorrow’s session. From thence, to more bloggy meanderings.

*There is one type of venue that is new and that can do enormous good for a book: the non-book oriented avidly followed TV show.  The gold standard now for book publicity is a gig on The Daily Show, or Colbert, or — and happy indeed are the happy few who achieve this for non-fiction trade book — Oprah.  But we are talking a few dozen books at most in any given year, single digits of which would be science or history-of-science works.  So for purposes of this discussion, hope for the best, and prepare for an acceptable alternative.

Image:  Norman Rockwell, “Fact and Fiction,” 1917