"Pay my troops no mind; they're just on a fact-finding mission."

Category Archives: Warfare

Ret. Gen. David Petraeus – Officer Education

They need to be “pentathlete leaders”—individuals who, metaphorically speaking, are not just sprinters or shot putters but can do it all. We need officers comfortable not just with major combat operations but with operations conducted throughout the middle- and lower-ends of the spectrum of conflict, as well.

At the end of the day, however, few if any of the experiences we can provide within our military communities are as intellectually stimulating, challenging or mind-opening as a year or two at a civilian graduate school. One reason for that is simple enough: When an officer leaves a lecture or a seminar room within a military environment, he or she returns to the familiar cloister and grindstone. When that officer leaves a lecture or a seminar room in a civilian graduate school, he or she is living an experience beyond the cloister. Just as the best way by far to learn a foreign language is to live in the culture where the language is spoken, the best way to learn about other worldviews is to go to and live in another world.

When I first went to Iraq in 2003, my colleagues and I were repeatedly greeted by Iraqis—in the case at hand, in Mosul—who would say to us in the course of conversation: “We love democracy!…What is it?”

Basic concepts from Econ 101 helped me plenty. Had I not remembered, for example, that injecting more money into an economy without increasing the amount of goods in the marketplace does nothing more than produce inflation, our early effort to get Iraqi government salaries paid would have been for naught. We would not have re-opened the border for trade with Syria as soon we did.


How To Be The Biggest Tribe

SCADA: Vital utilities vulnerable to hacking

Undertaken by the Dutch research lab TNO Defence, based in The Hague, the water industry study examined the security measures taken by the 10 companies that control the Netherlands’ drinking water. At issue are the Supervisory Control and Data Acquisition Systems (SCADAs) which, at a water plant, control processes like water intake, purification, quality control and pumping to homes.

A SCADA sends instructions to shopfloor machines like pumps, valves, robot arms and motors. But such systems have moved from communicating over closed networks to a far cheaper conduit: the public internet. This can give hackers a way in. Eric Luiijf of TNO Defence and his colleagues found a litany of insecure “architectural errors” in the waterworks’ SCADA networks (International Journal of Critical Infrastructure Protection, DOI: 10.1016/j.ijcip.2011.08.002).

Some firms did not separate their office and SCADA networks, allowing office hardware failures, virus infections and even high data traffic to potentially “bring down all SCADA operations”. While remote internet access to SCADAs is supposed to be possible only with strict security controls, the researchers found this was often not the case. And some water firms allowed third party contract engineers to connect laptops to their SCADA network with no proof they were running up-to-date antivirus software. Indeed, it has emerged that a US contractor logging on to check the Illinois water plant from Russia, while he was away on holiday, was behind the Illinois ‘Russian hacker’ scare.

This was compounded by news of the hack at the Texas water plant, where on 20 November a hacker named “prof” gained access to the plant’s systemsusing a three-character default password on an internet-accessed SCADA made by Siemens of Germany. “No damage was done to any machinery; I don’t really like mindless vandalism. It’s stupid and silly. On the other hand, so is connecting your SCADA machinery to the internet,” he wrote on the Pastebin website.

One of PRECYSE’s main approaches to securing systems will be “whitelisting”, a way of ensuring only authorised users obtain access. This is the opposite of the approach used by antivirus software. “Instead of hunting for malicious code, as in an antivirus blacklist, this only lets the known good guys connect,” says security engineer Sakir Sezer at Queens University Belfast in the UK. Unusual behaviour – such as attempting to extract the control codes used to drive equipment – would also mean access is blocked. Deep-packet inspection, normally used to spot copyrighted material on the net, could be harnessed to ensure no attack code is injected. Link

4 Things the Roman Aqueducts Can Teach Us About Securing the Power Grid

Back then, as now, the perception of risk had a direct correlation to how systems were designed. Over time, a decreased sensitivity to security risk in ancient Rome resulted in design modifications that made the aqueducts more vulnerable to disruption. Roman engineers began to incorporate architectural “advances” into the aqueduct system, adding magnificent arcades with arches and other above-ground structures that advertised Roman greatness.

Unfortunately these structures also made the aqueducts vulnerable to exploitation, because the water supply was no longer protected underground. Thus, the infrastructure changed from a hidden and purpose-built system into a visible symbol that invading forces found appealing. Eventually those vulnerabilities were exploited by invading German tribes, who damaged the aqueducts, disrupting water supplies. The disruption of large portions of Rome’s aqueducts contributed to the symbolic capitol’s diminished role in the western Empire and imposed further limits to Rome’s military, economic and political power–all of which played a part in the fall of the Roman Empire. As the flow of water dwindled, so did the hope of Rome’s ability to repel the foreign invaders. Ironically, the only aqueduct left in commission after these invasions was the Aqua Virgo, which had been built underground. Link

Information Security Defense In Depth Lessons (from a Bronze-Age Fort)

On a side note, the vast majority of computers in a botnet, the people infected with keyword loggers, adware, rootkits, ect, are simply unwilling to treat a computer like a device that should be secured. It’s instead treated like a multi-functional television. Convenience/accessibility always outweighs security concerns. Most of the computer security industry is about creating the illusion of security, because people want to feel safe more than the care about securing things. AV software that tries to target based off of known signatures is faulty because there’s a never ending stream of new variants. You’re better off using GMER to keep track of processes and clear out rootkits, and do all the OS/browser/flash/java/ect updates, and only allow manual execution of flash/java. The key is that they don’t want to raise your suspicions.

If the Internet is primitive, then its security is prehistoric. Cerf’s and Mockapetris’s future visions of the Internet will rely on that changing. Read on to see what Bronze Age wisdom Dun Aengus can impart that will help security evolve in the Digital Age.

Open Your Perimeter Only When and Where Necessary. Dun Aengus ranges over 14 acres; if laid out in a straight line, its walls would stretch more than a mile. Yet Cotter says there would have been only one or two doorway openings in the walls. In terms of security, entrances are obviously weaknesses since they require the least effort to penetrate. Fewer portals meant fewer weak points, or, if you prefer, vulnerabilities.

Compare that to today, when many damaging worms succeed simply because ports, the virtual equivalent of doorways, are unnecessarily left open.

Sometimes Security Must Trump Efficiency. Dun Aengus’s location was highly inconvenient for people whose business was the business of survival. Fishing and trading (requiring access to boats) meant long trips down the sloped land, far from the protection of the fort (and then long trips back); the lack of a fresh water supply forced inhabitants to collect rainwater; metals and other raw materials used to make tools and weapons, or jewelry and other goods for trading, were mined far away and then transported to be forged or crafted locally.

Control Traffic. Since the architects of Dun Aengus assumed attacks would come, they designed the fort so that attacks would be as difficult as possible. Fort entrances faced downslope, forcing enemies to charge uphill. Doorways were narrow, hard to find and, when you did find them, had high stone thresholds. You couldn’t just run through. Once you did get through, more walls would force you to turn right, thus exposing your weapon-carrying arm to attack. If you managed to keep going, you’d eventually reach the massive band of chevaux-de-frise (upturned stones jutting in every direction), which would certainly slow you down. Cotter found that the chevaux-de-frise at Dun Aengus was mapped out with flat stones before it was created, and its distance from the inner enclosure was consistent with chevaux-de-frise at other sites40 meters. “Forty meters,” Cotter says dramatically, “is a human’s missile-throwing range.” Link

Psychology and Security Resource Page

At the macro scale, societal overreactions to terrorism are founded on the misperception of risk and undertainty, which has deep psychological roots. At the micro scale, more and more crimes involve deception; as security engineering gets better, it’s easier to mislead people than to hack computers or hack through walls. Many systems also fail because of usability problems: the designers have different mental models of threats and protection mechanisms from users. Wrong assumptions about users can lead systems to discriminate against women, the less educated and the elderly. And misperceptions cause security markets to fail: many users buy snake oil, while others distrust quite serviceable mechanisms. Security is both a feeling and a reality, and they’re different. The gap gets ever wider, and ever more important. Link

Tactic of using teens as drug couriers invented by Young Boys Incorporated

DETROIT — The gang called Young Boys Incorporated started here and changed the face of drug dealing.

Adults in their 20s and 30s took children from the streets and hired them to be couriers of crack cocaine. The kids would have most of the confrontations with police. Meantime, those behind the illicit operation would hide themselves and the money their couriers brought in.



For obvious reasons, most research on violent urban subcultures is done with computer printouts, not with tape recorders and notebooks on the mean streets. Not so with Carl S. Taylor, adjunct professor of criminal justice at Michigan State University and director of the Criminal Justice Program at Jackson Community College.

Taylor believes that gang members share a grossly distorted version of the values mainstream Americans hold dear. The difference is that gang members want money and status faster, and are willing to kill to obtain them. Asked to identify his role models, one 14-year-old cited the cocaine-snorting protagonist of the movie Scarface and Chrysler chairman Lee Iacocca. “Lee Iacocca is smooth and he be dissing ((disrespecting, in street lingo)) everybody,” the youth explained. In some cases, parents encourage their children’s criminal careers. Said one: “My momma talk about how proud she is of me making doughski. She used to dog me and say I wasn’t s—, but now she’s proud.”

Games Criminals Play – How You Can Profit By Knowing Them


Written in Sarajevo, between April of 1992 and April of 1993, and distributed in trade paperback by Workman Press of New York, this manuscript is part of a multifold project by FAMA, triggered during the siege of Sarajevo. Link

Preventive Priorities Survey: 2012

The Preventive Priorities Survey (PPS) is intended to help inform the U.S. policy community about the relative urgency and importance of competing conflict prevention demands. The Center for Preventive Action asked a targeted group of government officials, academics, and experts to comment confidentially on a list of contingencies that could plausibly occur in 2012. Link

RAND: Assessing Military Information Operations in Afghanistan, 2001-2010

RAND: Applying Madison Avenue Principles and Recent Operational Experience to Counterinsurgency and Stability Operations

Osama bin Laden didn’t use encryption

Over the long term we’re forcing them to get wise and step up their technological game. Much like what happened in Iraq, we killed or arrested all the dumb hot headed terrorists, selecting heavily for the calculating kind. But we also put most of the experienced bomb makers away and took away traditional materials, so the bombs became more amateurish. Selecting for less technical skill, because of the training time and materials cost. Technology has always been the Achilles heel of the Islamic terrorists.

Osama bin Laden didn’t use encryption to protect the thousands of files stored in the Pakistani compound where he was killed. 17 of the 6,000 documents have now been publicly released.

“Bin Ladin’s frustration with regional jihadi groups and his seeming inability to exercise control over their actions and public statements is the most compelling story to be told on the basis of the 17 de-classified documents. “Letters from Abbottabad” is an initial exploration and contextualization of 17 documents that will be the grist for future academic debate and discussion.” Link

also (lol @ the closed source homebrew program):

Woolwich Crown Court was told that Bangladeshi Islamic activists who were in touch with Karim had rejected the use of common modern systems such as PGP or TrueCrypt in favour of a system which used Excel transposition tables, which they had invented themselves.

But the underlying code system they used predated Excel by two millennia. The single-letter substitution cipher they used was invented by the ancient Greeks and had been used and described by Julius Caesar in 55BC.

Karim, an IT specialist, had used PGP, but for storage only.

Despite urging by the Yemen-based al Qaida leader Anwar Al Anlaki, Karim also rejected the use of a sophisticated code program called “Mujhaddin Secrets”, which implements all the AES candidate cyphers, “because ‘kaffirs’, or non-believers, know about it so it must be less secure”. Link

Napoleon Was Not Short, He Was Actually Above Average Height

Dealing In Security

De-escalation – Theory & Practice

De-escalation is the step when force is imminent (how’s that for ‘soft’ language- more real: if you don’t do something now the fight will be on in a few seconds). It is “talking ’em down”. It ranges from sympathy to weird non-sequitors to treating a threat like a thoughtful question to pure intimidation. It is a skill, and a more varied and more versatile skill than anything physical. But it is a skill, not an answer.
Some memorable successes:

“Turn your head to the side.”
“Why, mother fucker?” He glared hard.
“Cause you look like you’re thinking about fighting and you seem like a nice guy, so if you do start to fight and I smash you into the wall right there, if you turn your face to the side you won’t break any teeth.”
His glare changed to something more puzzled.
“It’s just a courtesy. You seem like a nice guy and you don’t need any dental bills. Just turn your head to the side.”
“I won’t be any trouble.”
“I appreciate that.”

“What’s your goal today, partner?” This is one of my universals. Most of the people who want to fight are unhappy, without really thinking about why, and want to do something, without really thinking about what. Once they put into words what they want , e.g.”I wanna go home” they often clearly see how fighting is not a step in that direction.


City Crippler Car Worms

The idea would be to launch a worm that would spread on the Internet (in any of a number of well explored ways) looking for vulnerable smart phones.  Smart phones have GPS devices in, so the worm, having infected the phone, could ensure it was only operating in some geographic area of interest (eg the US, or a particular city).  The worm could then check if it was on a smart phone that happened to be plugged into a car, and if so compromise the car.  It could then use whatever wireless opportunities were available to compromise any other cars within the attack range.  It could also disable the car (eg by locking up the brakes, stopping the engine, etc). Link

Even Good Leadership Fails If Most People Are Idiots

Fabius Maximus was a Roman general who knew better than to risk everything and engage Hannibal in open battle.

But his fellow Romans would have none of it. They called him, Cunctator, the delayer, the wimp, and had him removed from command.

The military disaster of Cannae followed: 80,000 Romans slaughtered. Among their number was a sizeable fraction of the entire class of nobles who had laughed at Fabius Maximus. History drips with irony.

Fabian Strategy: Wearing Down the Enemy(i.e. modern warfare) Fabius keeps his command, no Cannae

fabius maximus

DoD Seeking Renewable Energy Sources

Smart Bullets & Micro Missiles

Warhammer Fantasy Battle Report: Orcs vs. Skaven

How The Potato Changed European History

10 Sci-Fi Weapons That Actually Exist

High Power Microwaves – Strategic & Operational Implications for Warfare

GWOT Logistics – No Longer Reliant On Mooching

I was amazed when I first realized how minimally supported our SEALs were. Up until recently the approach to logistics support ashore for SPECWAR operators was jokingly referred to as “go forward and mooch.” There was no planned, let alone dedicated, support for the Navy’s premier warfighters ashore. SEALs would literally figure it out when they got there, cobbling together support for basics like food and transportation, from wherever they could. In fact, Operation Iraqi Freedom was the first time in Naval Special Warfare history a dedicated logistics element deployed with the operational force. In after action reports of the conflict, SPECWAR leadership cited logistics support as a “force multiplier” and a key factor in their historic mission success. Logistics support simply “allowed SPECWAR operators to do things they otherwise could not have done.” Link

%d bloggers like this: