In October of 2016, then President Obama and his team published a report by the National Science and Technology Council entitled, “The National Artificial Intelligence Research and Development Strategy Plan.”
The Trivial Overanalyzed
At the time of its release, the country was in the final weeks of a particularly divisive presidential campaign and consequently, it was ignored by all of the main stream media, who instead continued to focus on political dramas, accusations of fake news and the Russian thing.
The Essential Overlooked
When you read the report, it occurs to you that one of its objectives was to awaken the American public to the possibilities and threats of AI and to marshal support for a significant investment in R&D so that America could begin to compete with China in this field.
And in all connected fields, especially cybersecurity.
The Intended Target?
When we look back on all the political and social media turmoil that surrounded that election, we don’t wonder about how it all happened – it was clearly both Russia and China clanging the social media bell throughout the day, every day, in a successful attempt to disrupt and divide – we wonder instead about the true intended target.
Missing the Mark
Those who believe either Russia or China were meddling with our electoral process for the purposes of electing one candidate over another, completely miss the point.
Whether our POTUS title goes to Biden or Trump, Clinton or Nixon, neither of our long-view foes care one way or the other. They will deal with them as they have with every prior presidential administration going back to Kennedy. Sometimes annoying. Often distracting. But, both Russia and China have their own playbook and whether it be Trump, Biden or Mickey Mouse (whom my sister wrote in), our two adversaries will continue along their focused path toward either global technological domination or natural resource control.
Tearing the Social Fabric
So, our hypothesis is that the continuing disruption of social fabric with escalating social media fights and further cleaving of a once united republic, has everything to do with that report.
Because first, targeting social media with fake news, fake non-player characters and fake outrage is a piece of cake. It requires no technological leaps. It burns very few calories, and, if you are Russia, you already have a fully engaged team in a cyber-troll factory in St. Petersburg known as the Internet Research Agency (IRA) working fake social media accounts to spread misinformation by the barrel.
In fact, it was that very team that spread a ton of contrived content during the 2016 elections aimed (not at Clinton or Trump) but at polarizing the American electorate and alienating cultural, social and political groups from one another.
And, wow, did it work.
Gas and Oil in Turmoil
Now, we witness a cyberattack on our critical infrastructure, this time with Colonial Pipeline, where it remains unclear, one week later, whether the DarkSide gang was able to leap from their IT network over to their OT network and infect 5,500 miles of gas and jet fuel pipeline.
In an “abundance of caution” the operator immediately shut the pipeline down resulting in shortages throughout the eastern seaboard and inland as far west as Texas and Tennessee.
Is the Structure Sound?
While it was advertised as a Ransomware attack, it also resulted in a sudden public awareness of the threat that a cyber-physical attack can pose, and it had many ordinary citizens wondering for the first time about whether our other critical infrastructure was indeed safe and reliable. Especially our electric and water distribution grids. A hot summer without AC is as uncomfortable as a frozen natural gas pipeline in winter.
Long gas lines appeared throughout the south almost immediately and ragged nerves resulted in at least one fist fight, between a woman and a man no less, over her attempt to cut in line.
That is emblematic of the deterioration of civic behavior when faith in government leadership begins to fray, and fear rises.
Compounding a year-long lockdown, escalating uncertainty about the integrity of the CDC, an organization that was once held as a bastion of truth, and its capacity for leadership and guidance, we witness eruptions in the Middle East as Hamas attacks Israel, bold moves by both Russia and China, increased uranium enrichment by Iran, renewed missile testing by NoKo, and a violent coup in Myanmar despite sanctions and condemnation, are testing the courage and strength of our new administration.
Along with that, it is our contention that an intended by-product of the Colonial Pipeline attack was indeed fear and loathing.
Look on the DarkSide
For anyone who believes Putin is not directly behind the Colonial attack, I offer the view of a former NSA hacker, David Kennedy, who knows from experience at the nation’s top security agency that DarkSide is a proxy for the Kremlin. And, it’s not their first rodeo.
Kennedy told CNBC’s “The News with Shepard Smith” that he assumes Putin is enjoying the attention while causing issues in the U.S. both from misinformation campaigns and cyberwarfare.
“We are seeing so much hostility coming from a cyber warfare campaign perspective, that it’s almost difficult to even keep up with it,” said Kennedy.
In an Annual Threat Assessment released last week, the U.S. espionage community predicts destabilizing cross-border migratory surges and toppled governments in the geopolitical aftershocks of the pandemic. And it unequivocally claimed that Beijing and Moscow were causing and then exploiting the discord to bolster their power.
While it is not unusual that America’s adversaries will probe the resilience of a new president, Moscow’s massive troop build-up on Ukraine’s borders and China’s probing of Taiwan’s defenses are clear challenges to our international capacity. The message is clear: We are not afraid of America and we have all of the technological superiority in cybersecurity to manage our course in whichever way we see fit.
New Initiatives More of the Same
In the interim, Biden has signed an executive order outlining a number of initiatives, including reducing barriers to information sharing between the government and the private sector, mandating the deployment of multi-factor authentication in the federal government, establishing a Cybersecurity Safety Review Board modeled after the National Transportation Safety Board, and creating a standardized playbook for responding to “cyber incidents.”
Read the Warning Signs
I once thought that Richard Clark was a bit of a paranoiac with a long history of warnings and elevated concerns over our lack of preparedness and failure to realize the size of the national security exposure from cyber threats. Now, with folks like Keith Alexander, Paul Nakasone and Greg Touhill joining in similar expressions of concern, it becomes hard to discount Clark’s predictions.
Here We Go Again
While increased sharing is a good thing and MFA is even better, another board and another playbook for responding to cyber incidents are hardly going to move the needle. We already have solid guidance from folks like NIST and we already have too many agencies doing redundant work required to improve our cyber defenses.
What is needed is less politics and grandstanding, and instead, a hard initiative with an aggressive timetable to modernize our laws, so that we can go after the bad guys and put an end to this craziness.
This Just In
Late breaking news flash: It has been reported now that Colonial paid just under $5 million in cryptocurrency today in order to unlock their OT network. As gas begins to travel back down through the pipeline, we are forced to witness our leadership violate the first rule of ransomware, and by doing so, admitting that the IT and OT networks were connected.
We remain just as vulnerable today as we were yesterday.
And now the whole world knows it.