Ehud Barak is current Israeli Minister of Defense, former IDF Chief of Staff and former Prime Minister  that led the disastrous withdrawal from Lebanon that fomented Intifada II and then Lebanese War II.  Barak is famous for quotes like “If I was a Palestinian, I would also be a suicide bomber” or “If I was an Iranian, I would also build nuclear weapons“.

During her military service as an assistant in the Central Command bureau Anat Kamm secretly copied over 2,000 classified documents, copied the documents to a CD and leaked it to the Israeli Haaretz journalist Uri Blau. Kamm  was recently convicted of espionage and leaking confidential information without authorization and sentenced to 4.5 years in prison after a plea bargain.

Former Mossad chief Meir Dagan has recently voiced unrestrained criticism of the current administration’s defense policy in the service of his political activism; criticism which is supposedly based on his inside knowledge from the Mossad.

Meir Dagan, together with Gen. Gabi Ashkenazi (former chief of staff), Gen. Amos Yadlin (former head of military intelligence), and Yuval Diskin (former head of Shin Bet), opposed an attack on Iran. While in office (they all retired between November 2010 and May 2011), the Gang of Four successfully blocked attempts by Netanyahu and Barak to move forward on the military option.

Of the four, only Dagan has spoken openly, after leaving office, about what he considers to be the folly of an attack on Iran —  and openly criticized Netanyahu and Barak for irresponsibly pushing Israel to an unnecessary war, relying on his former position of responsibility as chief of intelligence as as implying that what he said must be true.

It was unclear why Dagan would speak of plans best left undisclosed. Unclear, at least until last week, when Dagan announced his plans for a movement to change the method of Israeli government, leaving his options to enter politics in the future open.

I wish Dagan luck.  I’m not happy with his way of publicizing his political activism at the risk of treading the thin line of information leak. It places him on the same slippery slope as Anat Kam who lamely attempted to justify her actions as an act of political protest.

In comparison with Dagan, Barak is circumspect (despite his unfortunate quotes and bad decisions).

Barak was asked about the possibility of making a decision on attacking Iran in the Israeli daily Ha’aretz.

The essay below by professor Avinash Persaud considers the creation of a terrorism futures market. The ideas are particularly timely in the context of the unrest in Libya and the uptick in oil prices.

Right now, the closest thing we have to “terrorist futures” are crude oil futures. One way of looking at them is as a loose proxy for the sell-by date on the Saudi monarchy. For example, oil prices above $99 would be a function of geopolitical instability, and not just the supply-demand dynamic.

Futures prices convey information in its raw form. They tell you what individual participants are betting on and how they’re evaluating risk.  They tell us something about Quaddaffi. Even if Libya is not a major oil producer, Muamer Quaddaffi is a major source of instability.

Can a Country Take out Financial Insurance Against Macro-Risks Like Currency Instability or Global Terrorism?
by Professor Avinash Persaud

Good evening, ladies and gentlemen. I would like to begin today by discussing the link between the personal insurance you and I take out every day and financial futures markets. I will then turn to a proposal to establish a terrorism futures market and how that would work. I will address the moral objections to such a market and its possible benefits to our democracy. It should be a thought-provoking tour.

There is a larger issue that Israel has with foreign policy and that is constantly being defensive.    I believe that the root cause of Israel’s perennial problems with public relations is the “need to be loved and be thought a nice guy by the rest of the world”.  This in itself, is rooted in 2,000 years of being a minority in the Diaspora, having to keep a low profile in order to stay alive.

An interesting corollary that may be derived from the post is the notion of the price to be paid for peace and who pays the price. Conventional wisdom is that the Americans and the Israelis need to pay the Arabs for peace.   The fact that this wisdom has no basis in reality or history is immaterial.  But – the same conventional wisdom states that Israel is the key to peace in the Middle East. If so, then it follows that the question should be not how much Israelis should pay but how much the Arab and Palestinian nations should pay Israel for peace.

Just like being assertive is important on a personal and business level, the world will think better of Israel when Israels leaders stop being defensive and attempting at being the perennial “nice guy”.

Not unpredictably – the essay yielded a lively discussion,  I agree with Bruce – especially because of all the hype around Stuxnet. On one hand – the locals in Israel more or less know, or guess who worked on the project and on the other hand – there are clumsy attempts at disinformation – Shai Blitzbau is trying to claim that it is not military code, but didn’t do his homework regarding WinCC ( a Siemens Windows application for industrial command and control, not a special version of Windows for SCADA systems as Blitzbau wrote).

Software Requirements
WinCC V6.2 is released for the following operating systems:

Windows XP Professional Service Pack 2 (client / single-user station)

• Windows 2000 Professional Service Pack 4 (client / single-user station)
• Windows Server 2003 Service Pack 1 (client / single-user station / server)
• Windows Server 2003 R2 (client / single-user station / server)

Microsoft SQL Server 2005 SP1 is used as the database and is supplied with WinCC Version 6.2. The SQL Server system administrator password can be assigned by the user and supports adherence to company password conventions.

While Blitzbau is probably trying to link-bait some headlines with  contrarian opinion –  500MB of well written code by a large multi-disciplinary team looks and smells like cyber war no matter what languages the developers speak and use.

Nonetheless – cyber war is overhyped.

I found it significant that Schneier’s article and the resulting discussion thread – skimmed over the obvious:  namely that:

In real war (as defined by soldiers of one state fighting soldiers of another state) or real terror (as defined by bad people who kill civilians) – real people get killed.

As an Israeli – I find the American fixation on cyber terror and cyber war somewhat amusing.

Although I understand that it is fundamentally a way of generating more business for the Raytheons of this world – the American fixation on cyber-war and cyber terror goes beyond DoD and Pentagon turf wars.

For many Americans, cyber war must seem like a safe way of vicariously participating in some kind of a cool war effort without having to pay the physical and emotional price of dealing with losing friends and families to real world terrorists or soldiers.

Perhaps – if I might speculate – it is possible that the President Obama has not declared war on Afghanistan because it runs contrary to his liberal weltanschaung of “lets solve conflicts by talking to everyone since everyone are created equal”.

Cyber war and cyber terror are proofs of the inequality of life and the inequality of war.

While the DHS, NSA, FBI, CIA would have difficulty producing a single example of a real person being murdered by a piece of targeted malware – any Israeli you meet – including yours truly, has close friends or family who were killed by real wars and real terrorist.

The  long, eloquently phrased article, demonstrates that the US has fundamental flaws in it’s strategic thinking about fighting terror:

Predicting cyberattacks is also proving difficult, especially since both state and nonstate actors pose threats…..Given these circumstances, deterrence will necessarily be based more on denying any benefit to attackers than on imposing costs through retaliation.

And in summary:

“The principal elements of that strategy are to develop an organizational construct for training, equipping, and commanding cyberdefense forces …to build collective defenses with U.S. allies; and to invest in the rapid development of additional cyberdefense capabilities. The goal of this strategy is to make cyberspace safe…”

It is unfortunate that a politruk has so much influence on US cyber security.

The US and European governments consistently adopt strategic policies that were obsolete  years before they came into office.

Just as the Obama administration is crippled by flawed assumptions about the regional balance of power in the Middle East, Washington still sees security as an exercise in organizational constructs, inter-agency collaboration and better defenses and pats itself on the back for recognizing that there is a new domain of threats….when the Internet was invented 20 years ago.

Lyn’s laundry lists of strategic objectives phrased in politically-correct corporate-speak are the wrong answer for improving cyber-security. When Lynn himself, speaks extensively about the need for speed and flexibility, the answer cannot be more government-funded monolithic, bureaucracies.

The private – public partnership is particularly problematic in my view.    The really smart people in security technologies are at small startups – not at Raytheon and Symantec and all the other big corporates that have enough lobbyist resources to line up and eat pork from the Federal plate.  And – why – if I may challenge some conventional wisdoms – should companies like Symantec be allowed to influence US cyber defenses when they have done an abysmal job protecting civilian networks and digital assets? And – why- should Microsoft be part of the solution when they are part of the problem.

Perhaps the US should start by outlawing Windows and using Ubuntu which is not vulnerable to removable USB device auto run attacks.

Perhaps the US should start getting more humint on the ground instead of gutting the CIA from it’s human assets and relying on satellites and network intercepts.   At the time of 9/11 – the CIA had no human assets in Saudi and since the Clinton administration – investment in people on the ground has gone downhill.   I hear the sign in the CIA station chief office in Riyadh says “Better to do nothing then to do something and look bad”.

Perhaps the US should consider that there are numerous offensive alternatives to retaliation (which indeed is not an effective countermeasure due to the extreme asymmetry of cyber attacks).

Perhaps the US should consider that cyber attackers are not motivated by economic utility functions and therefore utility-function-based defenses are not appropriate.

The security concept proposed by Lynn is  sadly divorced from reality.

The recent case of the Opsec security violation on Facebook in Israel reported by the Jerusalem Post, is a good example of how a hierarchical organization (Army) is threatened by a flat social network. The good news was that the security countermeasure was found the social network itself – herein lies the lesson.

The IDF was forced to cancel a recent arrest operation in the West Bank after a soldier posted information about the upcoming raid on his Facebook page.The operation was scheduled to take place several weeks ago in the Binyamin region. The soldier, from an elite unit of the Artillery Corps, posted on his Facebook page: “On Wednesday, we are cleaning out [the name of the village] – today an arrest operation, tomorrow an arrest operation and then, please God, home by Thursday.”

The status update on the soldier’s page was revealed by other members of the soldier’s unit. His commanders then updated Judea and Samaria Division commander Brig.-Gen. Nitzan Alon, who decided to cancel the operation out of concern that the mission had been compromised.

Organizations need to leave the static top down control frameworks a few times a year and look outside the organization for links and interdependencies – and talk to the soldiers in the trenches in customer service, field sales and field service.

The information you will get from people outside your firm and from people with dirty hands is far more valuable than rehashing the ISO27001 check list in an audit.

The most valuable data is from questions you haven’t asked yet – not from a checklist in an Excel spreadsheet in the hands of a junior auditor from KPMG.

Leading up to the Al Quaeda attack on the US in 9/11, the FBI investigated, the CIA analyzed but no one bothered to discuss the impact of Saudis learning to fly but not land airplanes.

Dissonance in organizations is often resolved  by building separate silos of roles and responsibilities.

However, it is impossible to take wise decisions on risk management in the business when the risk intelligence is in separate silos.

We help protect customer data and intellectual property from fraud and breaches of confidentiality.  We’re always looking for interesting projects – call or text me at  +972 54 447 1114 at  any time.

Hellman proposes that we need a  third state scenario (instead current state – > nuclear war) where the risk of nuclear holocaust has been reduced by several orders of magnitude from today to an acceptable level.

This makes sense and it’s an intriguing idea as an exercise in risk analysis of information security and data protection to see if there is a third state of reduced risk that where the risk of data breach and major data loss events is reduced to acceptable levels.

That’s one thing that got me thinking.

The second thing is the quote from Fyodr Burlatsky, one of Khrushchev’s speechwriters and close advisors, as well as a man who was in the forefront of the Soviet reform movement:

In Krushchev’s eyes [America insisting on getting its way on certain issues] was not only an example of Americans’ traditional strong arm policy, but also an underestimation of Soviet might. … Khrushchev was infuriated by the Americans’ … continuing to behave as if the Soviet Union was still trailing far behind.

So here we are – 2009 and President Obama is insisting on getting his way on certain issues with the  Iranians, who pose a serious nuclear threat to the world.  But no only Ahmadenijad – the Russians and the North Koreans are also  infuriated by the Americans’ … continuing to behave as if they are still trailing far behind.

JALALABAD, Afghanistan (Reuters) – Taliban fighters beat musicians, shaved their heads and left them tied to trees overnight because they performed at an Afghan wedding, a village tribal chief said Monday, a sign of the fighters’ growing influence. While in power from 1996-2001, the Taliban banned music as un-Islamic.

The militants have returned to areas in the east and south of the country, where violence has sharply spiked in recent years. They attack government officials, Afghan police, foreign troops and schools that teach girls, another practice they forbid.

“A party was going on when a group of Taliban grabbed five musicians and started beating them and smashing their musical instruments,” said Rahmatullah Khan, a head of Merke Khel village in the east of the country.

“The musicians were tied up with rope to trees last night and villagers found them in the morning when going out for prayers,” Khan said.

Khan said Taliban fighters shaved the heads of the musicians and made them take oaths in the presence of villagers that they would not sing or play music at weddings again.

Afghan weddings and engagement parties in rural areas are traditionally celebrated with hundreds of guests, music and singing that often continues until late at night.

(Reporting by Rafiq Sherzad; Writing by Hamid Shalizi)