Friday, November 18

JJGas

With a vibrant rhythm, the action takes place in a claustrophobic environment immersed in a post-apocalyptic choreography. Camouflaged, among the action scenes, hides a devastating criticism to the contradictions of the capitalist society, combined with sharp and poignant reflections on human relationships and their organizational structures, necessarily framed within the environment and nature. 

Malthusianism, survivalists, hackers, transition cities, cyberwarfare, neo-tribes, primitive tribes, self-sufficient homes and permaculture, get mixed with war, shortages, large multinational corporations and society’s desire for welfare, in an explosive cocktail that makes you stop to think and reflect on the prevailing economic and social model in today’s world.

The Blackout delves into the role welfare has in shaping social and organizational rules, on how much we are willing to compromise to get comfort and security in our lives. Linking the past and the future, imagining possible scenarios of change is key to creating a better future. By contemplating the grotesque, sometimes, one can get closer to reality and achieve a mental state in which nothing is taken for granted. Fantasizing about such a catastrophe can be useful and effective. At a time of a comprehensive metamorphosis of the world’s economic and social organization, creativity becomes the primary tool to guide the change. What we have is no longer valid and we need to replace it with something else. 

In The Blackout you can find a reflection on the essence of life, on the inner spirituality of our relationship to our existence, and you may conclude that chance is the main driver of our destiny, framed in the vital process that forces each human, willy-nilly, to take a stance on his or her own existence, guided by the survival instinct inherent to human beings or to any other form of life. 

Wednesday, November 16

Cyberwar will not take place

It all depends on how we understand cyberwar. Thomas Rid states in this article that all politically motivated cyber attacks are merely sophisticated versions of three activities that are as old as warfare itself: sabotage, espionage, and subversion.

Monday, November 14

The inevitable Peaking of World oil Production

The Hirsch Report of 2005, commissioned by the U.S. Department of Energy, took a hard look at alternatives that could respond to the scale of the problem in time to have an impact. Not one of the approaches deemed to be currently viable in the report departs from fossil fuels.

Thursday, November 10

What is Stuxnet

"Stuxnet" is a computer worm designed to attack large-scale industrial facilities like power plants, dams, refineries or water treatment centers. It targets the computer systems used to monitor and control specific operations in those facilities, and most famously was used to destroy centrifuges in a uranium enrichment facility in Natanz, Iran.

In that case, the Stuxnet worm rewrote the code in a component that controlled the rotor speeds of the centrifuges. The code alteration resulted in slight variations in the rotor speeds, subtle enough not to cause attention but significant enough to cause physical damage to the centrifuges. The name "Stuxnet" comes from a combination of key file names hidden in the code.

Several features of the Stuxnet worm distinguished it as highly advanced. No previous computer virus had been used to physically sabotage industrial machinery. It is also unique in its ability to remain undetected for a long period of time, largely by sending fake messages that suggest processes are running normally. It has the ability to search for particular components, leaving others undisturbed. At least two U.S. computer systems in the United States were found to be "infected" by Stuxnet, but they were not "affected," according to Department of Homeland Security officials, because they did not match the Stuxnet requirements.

The sophistication and complexity of the Stuxnet worm has led researchers to believe that only a well-resourced nation-state could have developed it.

[Copyright 2011 National Public Radio. To see more, visit http://www.npr.org/]

Stuxnet reminds me so much of výpadek...

The 2nd of November of 2011, Boston's npr news station, published this article in their website.

Read it through and change Stuxnet for výpadek, doesn't it sound familiar?

-------
The Stuxnet computer worm, arguably the first and only cybersuperweapon ever deployed, continues to rattle security experts around the world, one year after its existence was made public.

Apparently meant to damage centrifuges at a uranium enrichment facility in Iran, Stuxnet now illustrates the potential complexities and dangers of cyberwar.

Secretly launched in 2009 and uncovered in 2010, it was designed to destroy its target much as a bomb would. Based on the cyberworm's sophistication, the expert consensus is that some government created it.

"Nothing like this had occurred before," says Joseph Weiss, an expert on the industrial control systems widely used in power plants, refineries and nuclear facilities like the one in Iran. "Stuxnet was the first case where there was a nation-state activity to physically destroy infrastructure [via a cyberattack]."

Reactions to the use of Stuxnet in Iran generally fall into two categories. For those focused on the danger of Iran developing a nuclear weapon, Stuxnet was something to celebrate, because it set back Iran's nuclear program, perhaps by years.

But for people who worry about the security of critical U.S. facilities, Stuxnet represented a nightmare: a dangerous computer worm that in some modified form could be used to attack an electric or telecommunications grid, an oil refinery or a water treatment facility in the United States.

"It's just a matter of time," says Michael Assante, formerly the chief security officer for the North American Electric Reliability Corporation. "Stuxnet taught the world what's possible, and honestly it's a blueprint."

Further complicating the Stuxnet story is the widely held suspicion that the U.S. government, possibly in partnership with Israel, had a hand in the creation of this lethal cyberweapon, notwithstanding the likelihood that in some form it could now pose a threat to the U.S. homeland.

Training To Face A Catastrophe

The prospect of a cyberattack on U.S. infrastructure assets has prompted the Department of Homeland Security to arrange a new training program for the people who are supposed to protect the electric grid, manufacturing plants, refineries, water treatment centers and other critical facilities.

The top concern is the industrial control systems (ICS) that oversee the operation of key equipment at those facilities, from the valves to the breaker switches.

By hacking into the computer networks behind the industrial control systems, an adversary could reprogram an ICS so that it commands the equipment to operate at unsafe speeds or the valves to open when they should remain closed. This is roughly the way Stuxnet was able to damage the centrifuges in Iran.

Participants in the training program, based at the Idaho National Laboratory in Idaho Falls, are taken step by step through a simulated cyber-intrusion, so they can experience firsthand how a Stuxnet-like attack on their facilities might unfold.

During an Idaho National Laboratory exercise that was staged for visiting reporters in late September, instructor Mark Fabro installs his "red" team on the second floor of the training center, with the mission of penetrating the computer network of an unsuspecting industrial company, set up on the floor below.

The trainees on the "blue" team downstairs sit in a mock control room, monitoring their computer screens for any sign of trouble.

At first, everything appears normal. The attackers have managed to take control of the computer network without the defenders even realizing it. But gradually, problems develop in the control room.

"It's running really slow," says one operator. "My network is down."

Sitting at their monitors upstairs, the attacking team is preparing to direct the computer system to issue commands to the industrial equipment.

"Take this one out," says Fabro, pointing to a configuration that identifies the power supply to the control room. "Trip it. It should be dark very soon."

Within 30 seconds, the mock control room downstairs is dark.

"This is not good," says Jeff Hahn, a cybersecurity trainer who this day is playing the role of the CEO of the industrial company under attack. The blue team is under his direction.

"Our screens are black and the lights are out. We're flying blind," Hahn says.

During the exercise, the critical industrial facility under attack is a pumping station, such as might be found in a chemical plant or water treatment center. As the operators sit helpless at their terminals, the pumps suddenly start running, commanded by some unseen hand. Before long, water is gushing into a catch basin.

"There's nothing we can do," one of the operators tells the CEO. "We can only sit here and watch it happen."

If this mock facility were an actual chemical plant, hazardous liquids could be spilling. If it were an electric utility, the turbines could be spinning out of control.

If it were a refinery, the tanks could be bursting or pipelines could be blowing up, all because the cyberattackers have been able to take over the computer network that controls the key operations.

The cyberattack scenario is all the more worrisome, because it is not clear that such attacks can be effectively stopped.

"Some of these [systems] can't be protected," says Weiss, the industrial control systems security expert. "We're going to have to figure out how to recover from events that we simply can't protect these systems from."


A U.S. Role In Stuxnet?


The challenge of managing a Stuxnet-like attack is compounded by the possibility that the U.S. government itself had a role in creating the cyberweapon.

U.S. officials were certainly aware of the ICS vulnerabilities that the Stuxnet worm ultimately exploited. An Idaho National Laboratory experiment in 2007, dubbed "Project Aurora," first demonstrated how cybercommands alone could destroy industrial equipment. Idaho lab researchers, who at the time included Michael Assante, rewrote the ICS computer code for the generator, directing the generator to destroy itself.

"When we started to conduct the test, that really robust machine couldn't take it," Assante recalls. "The coupling broke ... and you saw black smoke belching out of it."

In 2008, Idaho National Laboratory researchers performed a demonstration expanding on the Aurora experiment and their further analysis of ICS vulnerabilities. The PowerPoint briefing was prepared specifically for Siemens, the company whose equipment the Stuxnet attack targeted. One year later, the worm was introduced into Siemens ICS equipment used at a uranium enrichment facility in Natanz, Iran.

Ralph Langner, a German cybersecurity researcher who was among the first to analyze the Stuxnet code, came away convinced that it was a U.S. creation.

"To us, it was pretty clear that the development of this particular malware required resources that we only see in the United States," Langner says.

Marty Edwards, director of the Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team, based at the Idaho lab, denies any Idaho National Laboratory role in the creation of Stuxnet, and says the ICS traits the worm exploited were relatively well-known by the time it was created.

"I think it was only a matter of time before those common weaknesses or vulnerabilities were leveraged in an event such as Stuxnet," Edwards says. He would not comment on any role that other U.S. government agencies might have played in the development of the Stuxnet weapon.

That the United States has an offensive capability in the cyberwar domain is a matter of official record. Activities in that area are highly classified, but officials privately acknowledge that U.S. agencies have developed cyberweapons for offensive use.

It has also been reported that the United States has engaged previously in the sabotage of Iranian nuclear facilities. The use of Stuxnet would fit squarely within such a category.

Joel Brenner, the former inspector general at the National Security Agency, writes in his new book,America the Vulnerable, that the use of Stuxnet "would ... have been consistent with U.S. policy but not with previous U.S. methods, which avoided computer operations likely to damage others besides its intended targets."

Some observers have argued that the risk of a weapon like Stuxnet being turned against U.S. assets was so great that no U.S. government agency could logically have supported its development. But others aren't so sure.

Among them is Assante, who was among the first cybersecurity experts to warn that Stuxnet could provide a blueprint for attacks on U.S. infrastructure.

Now the president of the National Board of Information Security Examiners, Assante argues that concerns about Iran developing a nuclear weapon could have justified Stuxnet's creation.

"That is probably one of the largest national security challenges I can envision," Assante said in a recent meeting with reporters at the Idaho lab. "In that context, you can make a pretty strong argument that the benefit of using a cyberweapon to slow down or delay [a nuclear weapon program] or to achieve a specific objective might absolutely outweigh the risk."


Questions Of Information-Sharing


Given the secrecy around the U.S. offensive cyberwar capability, however, that cost-benefit analysis could only be carried out at the highest levels of the U.S. government. Moreover, it is unclear whether agencies responsible for defending the U.S. infrastructure would even be part of the deliberation.

"[The development of a cyberweapon] would probably be so highly classified that the people at DHS wouldn't even know about it," says one former intelligence official.

Such a strict compartmentalization of policymaking would raise the question of whether there is sufficient communication between the offensive and defensive teams in the cyberwar domain.

If Stuxnet was developed by U.S. cyberweapon specialists, the DHS personnel who spent a year analyzing the computer code were presumably engaged in a major duplication of effort.

But Greg Schaffer, assistant secretary of homeland security for cybersecurity and communications, says DHS officials have no complaint over coordination with U.S. agencies responsible for offensive cyber-activities.

"DHS is focused on network defense," Schaffer says. "We do get assistance from the organizations that work on the offensive mission. Whether they bring their work [to us] is something they have to decide. That is not something that we worry about."

A growing awareness of the cyberthreat to critical U.S. infrastructure assets, however, may well deepen concerns about the "blowback" risk to the U.S. homeland from the development of a potent cyberweapon designed to be used elsewhere.

The appropriate level of information-sharing between the offensive and defensive teams within the U.S. cybercommunity is likely to be the focus of intense interagency discussion.

"My sense is that there are lots of people talking about it," says Herbert Lin, chief scientist at the National Academy of Sciences and a co-editor of a book on policy, law and ethics in cyberwar. "But almost all of the discussion is going on behind closed doors."

Eventually, this could change. Whether and when the United States should use nuclear weapons or chemical weapons or land mines has been vigorously debated in public for years, and it may be only a matter of time until the use of cyberweapons gets similar attention.

[Copyright 2011 National Public Radio. To see more, visit http://www.npr.org/]




Systempunkt

In Blitzkrieg warfare, the point of greatest emphasis is called a schwerpunkt. It is the point, often identified by lower level commanders, where the enemy line may be pierced by an explosive combination of multiple weapon systems. Once the line is pierced, armored forces dive deep into enemy territory to disrupt command, control, and logistics systems. Once these systems are disrupted, the top-heavy military units they support collapse in confusion. 

In global guerrilla warfare (a combination of open source innovation, bazaar transactions, and low tech weapons), the point of greatest emphasis is called a systempunkt. It is the point point in a system (either an infrastructure or a market), always identified by autonomous groups within the bazaar, where a swarm of small insults will cause a cascade of collapse in the targeted system. Within infrastructure, this collapse takes the form of disrupted flows that result in immediate financial loss or ongoing supply shortages. Within a market, an attack on thesystempunkt destabilizes the psychology of the market to induce severe inefficiencies and uncertainties. The ultimate objective of this activity, in aggregate, is the collapse of the target state and globalization.