Friday, August 29, 2008

Aaron Mannes in Folha on Prisoner Exchange with the PA

The other day I gave an interview to Folha the largest circulation paper in Sao Paulo. We discussed Israel's plan to release almost 200 prisoners to the PA. I explained that the idea was to strengthen PA President Mahmoud Abbas while putting pressure on Hamas to release Gilad Shalit. I also noted that these scenarios were unlikely, Abbas is simply too weak and Hamas' price for releasing Shalit is too high.

Unfortunately, the interview was published in Portuguese, I language I don't know.

26/08/2008 - 16h49
Libertação de prisioneiros de Israel é ato marginal, diz especialista

FERNANDO SERPONE
da Folha Online

A libertação de quase 200 prisioneiros palestinos feita por Israel nesta segunda-feira é vista como uma ação marginal que não irá fortalecer o presidente da Autoridade Nacional Palestina (ANP), Mahmoud Abbas, envolvido nas conversas de paz com o governo israelense. Essa é a opinião de Aaron Mannes, autor do livro "Perfis do Terror: O guia para as organizações terroristas do Oriente Médio" (Ed. Rowman & Littlefield, 2004).

"Os israelenses vêm tentando fortalecer Abbas nos últimos cinco anos e nada funciona", afirmou Mannes em entrevista por telefone à Folha Online. Para o estudioso, a organização palestina que detém o poder é o grupo radical Hamas --partido político com braço armado--, procurado por autoridades israelenses e jordanianas para negociações, segundo Mannes, apesar de o grupo não reconhecer a existência de Israel.

Cerca de mil prisioneiros palestinos foram libertados desde que o Hamas tomou o controle da faixa de Gaza, em junho de 2007, após violentos confrontos com o secular Fatah --de Abbas, que foi expulso do território e se concentrou na Cisjordânia. As libertações são vistas como um esforço para fortalecer Abbas e legitimá-lo como interlocutor do povo palestino.

A libertação desta segunda ocorreu horas antes de a secretária de Estado dos EUA, Condoleezza Rice, chegar a Israel. Essa é a sétima viagem de Rice ao Oriente Médio desde a conferência de Annapolis, nos EUA, em novembro de 2007, quando as negociações entre israelenses e palestinos foram retomadas após um hiato de sete anos.

Washington tenta costurar um acordo entre os israelenses e palestinos até o fim deste ano, quando termina o mandato do presidente dos EUA, George W. Bush. "Bush e Rice, assim como [o premiê de Israel, Ehud] Olmert, gostariam de deixar um acordo como seu legado", disse o professor. No entanto, as negociações a portas fechadas mantidas nos últimos nove meses praticamente não apresentam resultados.

"Creio que esse tipo de atitude seja marginal", afirmou o analista. "É mais um gesto. Os assuntos principais são deixados de lado e eu não creio que medidas como essa ajudem."

Para Mannes, há uma série de questões, entre elas as divisões internas do Fatah, que inviabilizam um acordo na região.

Leia a seguir os principais trechos da entrevista:

*

Folha Online - O sr crê que essa libertação possa fortalecer Abbas entre os palestinos?

Aaron Mannes - Não. É uma idéia legal, mas não. Os israelenses têm tentado fortalecer Abbas nos últimos cinco anos e nada funciona. Você viu Abbas reclamando, que os israelenses estão falando com o Hamas, estão falando com o Hizbollah, enquanto falam com ele. E, creio que, pelos padrões da Autoridade Nacional Palestina, ele não é a pior pessoa.

O Hamas já está com o vento nas costas. Eles dominam Gaza e estão competindo na Cisjordânia. Também não é claro o quão poderoso Abbas é dentro do Fatah. O Fatah é uma organização bastante complexa. Há o Farouk Kaddoumi, que é de fato o líder internacional do Fatah, e ele é linha-dura em absoluto. Ele também é bem velho, é difícil saber o seu poder, mas apenas para mostrar que na geração de Abbas no Fatah há divisões. E então, há a questão de quanto essa geração influencia. Muito das discussões sobre troca de prisioneiros se foca em Marwan Barghouti, que é tido como um presidente em potencial da ANP. Ele é algumas décadas mais novo que Abbas, e é um exemplo da nova geração. Ele nasceu e cresceu na Cisjordânia. Abbas veio da turma que passou décadas no exterior e que voltou com o processo de paz de Oslo (1996).
Folha Online/Folha Online
mapa Israel

Estamos em dias ruins para vários políticos. Olmert está de saída. Bush está de saída. Bush e Rice, assim como Olmert, gostariam de deixar um acordo como seu legado. Então isso (a libertação) ao menos cria um tipo de sentimento bom e empatia. E há um outro ponto que faz esse processo precisar seguir adiante. Sob tudo isso, todos na região estão preocupados com o Irã. A maioria das potências regionais, Egito, Arábia Saudita, estão preocupados com isso. Eles não amam Israel, mas reconhecem qual é a real ameaça. E enquanto esse processo continue público, as potências regionais podem conversar e ver como lidar com o Irã. É um evento com várias camadas.

Os israelenses pensam também que isso pode ajudar a libertar Gilad Shalit (militar israelense capturado por militantes palestinos da faixa de Gaza há dois anos).

Folha Online - O senhor crê que essa libertação é resultado de pressão americana --e/ou para agradar os americanos-- ou é uma medida que os israelenses consideraram necessária?

Mannes - Provavelmente, é mais um assunto interno. Israel faz essas libertações freqüentemente. O Shin Beit (inteligência interna de Israel) disse que essas pessoas provavelmente não voltarão a realizar atividades terroristas. Então há uma questão moral, e não estou tão seguro se há uma questão de segurança. Talvez os EUA pediram que Israel desse uma força a Abbas, mas os israelenses não o fariam se eles não sentissem que isso poderia ajudar.

Folha Online - Como essa libertação pode ser positiva para o governo israelense? Pode fortalecer o Kadima?

Mannes - Há uma luta dentro do Kadima. (O ministro dos Transportes) Shaul Mofaz e (a chanceler) Tzipi Lvini a estão lutando. Mofaz, ex-chefe do Exército de Israel, diz que Israel não deveria libertar os prisioneiros, pois isso os faz parecer fracos. Olmert, que ainda é premiê, diz que justamente porque Israel é forte que podem fazer isso.

Mas eu creio que esse tipo de atitude seja marginal. É mais um gesto. Os assuntos principais são deixados de lado e eu não creio que medidas como essa ajudem.

Folha Online - Até o momento, cerca de mil prisioneiros --principalmente do Fatah e de grupos de esquerda-- foram libertados por Israel desde que o Hamas dominou a faixa de Gaza. O senhor disse que esse tipo de medida é mais marginal, mas ainda assim o senhor crê em algum resultado prático oriundo dessa política?

Mannes - A questão real é que os israelenses basicamente conseguiram vencer o conflito com os palestinos. A habilidade dos palestinos de atacar Israel está extremamente limitada agora.

Ao mesmo tempo, vemos reformas políticas entre os palestinos --eles podem ser fortes o suficiente para assinar um acordo, mas isso está se mostrando bastante difícil. Reformar a cultura política não é fácil, como vimos na última década. Sou cético de que o Fatah esteja se fortalecendo. O Hamas parece mais forte. Os jordanianos estão conversando com o Hamas, e os jordanianos não gostam do Hamas, mas eles estão vendo onde está o poder.

VP Assessments

The real action today is over at Veep Critique where I assess the two Vice Presidential candidates and how the might fit into the national security process. An important question as we live in a complicated and dangerous world.

Madrassas Extending into Pakistani Heartlands

This short analysis from the invaluable Middle East Media Research Institute is well worth a read. It discusses the controversy Pakistan People’s Party (PPP) leader, Asif Zardari set off when, while delivering the keynote address at the 23rd Internationalist Socialist Congress, he described madrassas as propagating Islamist extremism.

Unsurprisingly, Pakistan’s religious leaders condemned him. But reading the report, and these notes from MEMRI’s Urdu-Pashto Blog also indicates that the madrassas have spread from the Northwest Frontier Province into the rest of the country – including the Punjabi heartland. Although Islam is central to Pakistan’s national identity, the traditional practice of Islam was relatively moderate. In fact there have been skirmishes between different factions within the Sunni community (not to mention the bloody Shia-Sunni violence within Pakistan) – particularly in Karachi.

Considering the endemic corruption and misrule in Pakistan, it is surprising that radicalism has not made inroads faster. Consistently, the Islamist parties do not do terribly well in Pakistani elections (when they proved no better then their secular counterparts, the lost power in NWFP.) But as their influence expands they can, not only expand their parties, they can also re-shape the positions of the major parties, the Pakistan People’s Party and the Pakistan Muslim League (PML). Although the PPP is generally perceived as secular and the PML is seen as closer to the Islamists – both turn to Islam when it is convenient.

Zardari is a problematic figure (although, despite reports, he is not mentally ill). He often seems to say the right thing, calling for a more moderate approach to India, and criticizing madrassas. He may actually believe these things. It is also possible that, because he cannot match Nawaz Sharif’s popularity on the ground – his wife the late Benazir Bhutto could – that he is appealing the West and particularly the U.S. as a balance. A real Pakistan policy needs to look beyond any given leader and build a deeper relationship.

To that end, the recent meetings between top U.S. and Pakistani military officers on the U.S.S. Abraham Lincoln for a “brainstorming session” is a step in the right direction. But the relationship needs to be far, far deeper.

According to Mark Bowden’s story in the Atlantic Monthly, “To Kill a Terrorist,” when the U.S. decided Abu Sayyaf in the Philippines was a serious problem they sent a CIA operative to liaise with the Philippine security forces. One of this operative’s key tasks was identifying which Philippine units and commanders were effective and then making sure they had the equipment and intelligence necessary to do the job. This sort of operation needs to be repeated dozens (maybe hundreds) of times if the FATA regions are to be brought under any kind of control.

Also, the relationship has to be more than military. Pakistan assumes that the U.S. will eventually abandon them. They have their reasons, first from the U.S. losing interest in them after the Soviets left Afghanistan and then when the U.S. sanctioned them for testing nuclear weapons. The burgeoning U.S.-India relationship also doesn’t help. When Presidential candidates threaten military incursions into Pakistan, it only heightens these fears.

Pakistan cannot be coddled – the U.S. must push for real economic and social reforms. The Islamist inroads into this nuclear power are too great to be ignored. But trying to achieve these things through threats and intimidation alone is unlikely to be successful.

Palin & Biden: Secondary Challenges

Now we know who the Vice Presidential choices are. They are both politically astute choices - appealing in various ways. But this blog is not about punditry (although a bit is unavoidable.) The question is how these VPs will fit into their president's policy process.

Biden: Old Hand or Big Mouth?

Biden was a solid insider choice for an outsider Presidential candidate. It is a well-established paradigm. Many pundits argued that Obama needed a Cheney - arguably, Obama may have gotten a bit more Cheney then he would have hoped.

Cheney was the first elected VP in living memory who had no presidential aspirations. Previous active VPs were careful about managing their profile and appearance to protect their future political prospects. Mondale's influence is famously hard to assess because he was known for not leaving fingerprints on his initiatives. While Cheney was discreet, his unconcern about his public profile may have led him to be out front on some issues where a lower profile would have been wise.

Cheney however, was a staffer and could bring that view to the Vice Presidency. Biden, like Cheney, is an unlikely future President (barring tragedy.) If Obama wins the election, Biden will be 74 in 2016. Biden is a loquacious Senator, not used to playing second fiddle. Biden also loves (his own) ideas and may go public with them when discretion would be wiser. Come to think of it, Biden may be a new Rockefeller (see the end of my last post.)


Palin: At the Kid's Table?

The challenges facing Palin's ability to play a role in the administration are substantial. (See this blog's very first post.) McCain is an insider, so he has a gaggle of long-serving staffers who will tend to protect their turf. The last insider President was Bush 41, and while Quayle (despite his public standing) was knowledgeable and respected in the Senate on national security issues - he exercised minimal influence on the Bush administration. A former CIA director and UN Ambassador, Bush 41 did not really need Quayle's input. And if Bush did need foreign policy advice he could turn to his long-time friends Jim Baker and Brent Scowcroft.

The last outsider VP was Spiro Agnew, who, again, exercised no serious influence (granted, he did have, ahem, personal limitations - but the Nixon staffers froze him out as well.)

The prospect of the VP becoming President is a real one, so it is important that the VP be engaged in the process so that (unlike Harry Truman) they can take the reins of national security relatively smoothly.

Palin faces huge challenges of having minimal national security experience and of probably not being taken into the inner circle.

One solution would be to allow Palin to chair a component of the National Security Council (Bush 1 was vice chair* of the Crisis Management Committee at Reagan's NSC) in order to embed her in the process. The problem there is that she may not do a capable job. If the President is forced to remove the VP from a position, it will leak out. Perhaps establishing a sort of national security apprenticeship in which the VP plays an active role on this sort of committee and then moves into the chair would be a compromise.

It will be a serious issue that the McCain will have to address, both in the campaign and if there is a McCain administration.

*The President is always Chair, but doesn't always go to the meetings.

Aaron Mannes on Covert Radio disussing FARC, Georgia, and the VP and National Security

Covert Radio just posted a podcast where we discuss a number of topics. My perennials, FARC, Chavez, and Hezbollah, but also the implications of Russian moves in Georgia.

We also spent a lot of time discussing my new hobby-horse, the Vice President and the national security process - for more see my other blog - Veep Critique.

Barack & the Budget: Promises & Process

In his acceptance speech, Senator Obama promised to go over the budget line by line to weed out federal spending. This is the typical kind of promise Presidential candidates make. But actually doing so would be incredibly irresponsible. The budget is over 1300 pages long. Assume it takes an hour to go over a page (not unrealistic because many of the pages would require extensive background information and meetings) and that the President puts in a 10 hour day (they put in longer days, but he will also need to get his national security briefings and receive foreign dignitaries etc.) Actually going over the budget would take 130 working days, or more than one third of his time in office. Many of these efforts would require lobbying and log-trading on with Congress and many of the victories would be Pyrrhic. In the dangerous world we live in, would saving $1.5 million dollars by scaling down a new tourist center in Akron be worth hours of the President's time?

Of course, Obama's promise was just rhetoric. He won't really do this, a President's most valuable resource is his time and, like every President before him, he will pick his fights carefully. Battles over small-scale pork-barrel projects will not be getting priority.

Budget Review Process

In fact, there is already an extensive budget review process, through the all-powerful Office of Management and Budget. In the Bush administration, cabinet members could appeal OMB decisions to the budget review board, chaired by ---- Vice President Cheney.

This is the only formal power-base Cheney possessed. Everything else was contingent on his relationship with the President. There are two interesting aspects to this role.

First, Cheney got his teeth in the Ford Administration. Vice President Rockefeller hoped to "run" domestic policy and was the Vice Chair (the President was chair) of the Domestic Policy Council. Instead of being a power-base, it was an enormous drain on Rockefeller's energy and it turned Rockefeller into a lightning rod in the policy wars. Cheney no doubt took the lesson that a formal, high-profile VP role had major costs. Instead, Cheney exercised influence through a low-profile, little noticed insider position.

It also illustrates the limits of Cheney's influence. Cheney is a small government, fiscal conservative. Big budget expenditures like the drug program are not Cheney initiatives - they came from the President. At the budget review board, Cheney could have substantial influence on the margins - but the broad course (as always) is set by the President. The story of Cheney's impact on the broader course has yet to be told.

Thursday, August 28, 2008

Bite o'Biden



Watching the Colbert Report, Mike Huckabee described Biden as a vanilla choice for the Vice Presidency. That doesn't seem quite fair. Rum raisin seems a better fit - mostly vanilla - but with a little bit of something else. Something that either makes it much better or much worse, but with a bit of rum (Biden's self deprecating good humor) to push it towards better.



He proved he will do one important VP job well. He can give a good speech and the VP spends a lot of time out on the trail giving stump speeches. He tried to show his foreign policy credentials by naming all of the big foreign policy problems we face. He wants to hold Russia accountable - terrific, the mice wanted to bell the cat. And he reiterated his obsession with talking to the Iranians (Clinton vets will remind him what a Sisyphean torment negotiating with the mullahs will be.) But convention speeches are not policy addresses, they are show. Joe Biden gave a good one.

Trouble for Pakistan's Possible Next President?

Reports have surfaced that PPP leader Asif Ali Zardari "was suffering from severe psychiatric problems as recently as last year..."

Zardari (husband of the late Benazir Bhutto) is the defacto head of Pakistan's largest political party. His alliance with the other major political party PML-N fell apart shortly after Musharraf resigned. Knowing Pakistani politics this is not surprising.

Zardari is probably fine, the claims of psychiatric troubles were really a legal gambit to postpone a trial for corruption in the UK.

It would be nice to think that this is a sign that Pakistani politics has moved to character assassination - a real improvement since usually that nation's politics is rocked by the real thing. But it is maddening that the country's leaders cannot seem to come together in a time of severe crisis.

Another worrying sign is the tiff between the American Ambassador to the UN, Zalmay Khalilzad, and the State Department's assistant secretary for South Asia Richard Boucher. Boucher is mad because Khalilzad is having unsanctioned contacts with Zardari and somehow this spat found its way into The New York Times. Hmmm...

Boucher is long-time Foreign Service, whereas Khalilzad is close to the administration. Virtually every administration complains about the State Department. FDR considered them more obstreperous then Treasury - but not as bad as the Navy. Kennedy thought Foggy Bottom was running its own government. In general, administrations figure out how to work with the foreign policy bureaucracy, but this administration has not been able to do so. Every administration has to do occasional end runs around the bureauracy sometimes, and the administration undoubtedly has its reasons for being frustrated with "the striped pants crowd."

But these end runs must be sued sparingly and this is a crucial issue. Pakistan is an impoverished, cobbled together country that in the best of times is in a partial state of collapse. And it has nukes. Currently in the throes of multiple insurgencies, an economic crisis, rising Islamist radicalism, Pakistan will be at the top of the next administration's priority list. And they have nukes!

Yes, the hour is late and this administration doesn't have much gas left. But building frameworks that can be expanded under the next President is still possible. Biden mentioned Pakistan as a major area of concern in his speech tonight. Even some spadework would be appreciated no matter who takes office in January

It is frustrating that Pakistan's political class cannot get its act together and move forward in the national interest - but on this issue the United States is a glass house.

Monday, August 25, 2008

VeepCritique Updates

With the choice of Biden, I am posting more over at VeepCritique.

Everyone wants to talk about who it will be - I want to know what they will do.

Biden (not Bayh, boo hoo) assessment

Obama picked Biden, a reasonable choice. Obama is an outsider and Biden is an insider, able to give Obama the kind of inside advice about how DC works that he will need should he become president. That Biden has particularly strong credentials on international affairs, an area where Obama's resume is thin.

Although Biden is being criticized for being not representing change, he is an "ideas" guy so he could still be positioned to represent new thinking.

Unfortunately, ideas are cheap in DC - implementation is what really matters. Is this Biden's strength - I'll leave that to long time Hill watchers to judge.

Another crucial characteristic for VPs is discretion (and remembering who is President.) Even disagreeing with the President in staff meetings can leak out. This may not be the mercurial Sen. Biden's strength. Of course, outspoken VPs might find themselves relegated to crowning produce queens in the farm belt. (Alben Barkley liked that job...)

Still, overall, a decent solid and serious pick.

Biden Train

Commentators keep noting that Biden takes Amtrak to get to Capitol Hill from his home in Wilmington. This is evidence of his common touch. He has also used his weight on the Hill as an advocate for Amtrak.

There are obvious positive spins to this - but there is the negative as well. He pushes for service that costs tax-payer dollars that benefits him. (He lives just far away enough that driving each way would be hassle.) Thanks to Amtrak he doesn't need a second home, but can work during his commute without having to pay for a driver. Good deal!

Maybe we should all try to do this (personally I am a fan of a solid rail transit network). But it could be spun another way, that this is a typical "liberal" program, subsidizing something that ends up benefiting the not-so-needy (sort of like rent control in Cambridge, MA.)

What about Hillary?

Apparently Hillary fans are mad because she wasn't even considered. But there was a simple reason for not considering her. A President does not need an ex-President hanging around the White House - no matter who it is. (Recall the abortive Reagan-Ford negotiations in 1980.)

That the ex-President in question is Bill Clinton might exacerbate the issue...

Friday, August 22, 2008

Obama's Options: Someone Just Right

Tomorrow, Obama will announce his Vice Presidential candidate. He knows who it is, but none of the rest of us know anything.

Obama said the right thing, noting that first of all he needed someone who could become President and second someone who could help him govern. He did not say, but perhaps should have, that he needs someone he can get along with – because the single most salient fact about Vice Presidents is that they can’t really be fired until the next election (and doing so that point usually looks pretty bad.)

The third quality is a bad sign for two possibles, Joe Biden and Jim Webb, both of whom have been known for gaffes. Vice Presidents can never show any deviance from the President’s policy – neither of these gentleman, worthy in many regards, could be guaranteed on that front.

It is difficult to say who is fit to be President – we just tend to know it when we see. But for aid in governance, Obama is a classic outsider with limited Washington experience. So first and foremost, he needs someone who knows Washington. Other knowledge deficits are national security and executive experience.

Obama may be running on his judgment, but process is about how things actually get done – and the learning curve is steep. Mondale, Gore, Cheney, and to a lesser extent Bush 1 served as senior counselors who could assist the President in getting stuff done. Mondale took over the White House agenda setting process, Cheney ran the Budget Review Committee. Bush 1 ran the NSC’s Crisis Management Committee.

This is the stuff that will flummox Obama and he will need a VP who can take on these kinds of nuts and bolts tasks, disagree in private – but remain loyal in public.

Arguably, the best relationship between a President and his VP was Clinton-Gore, where, in addition to having strengths in policy areas where Clinton was weak – Gore also brought discipline to the process.

Virginia’s Tim Kaine has been much touted, but he has zero Washington or national security experience. None. In fact his resume most closely resembles that of Spiro Agnew (former Baltimore County Executive and 2 years into his first term as Governor of Maryland.) Kaine is undoubtedly a better and smarter man than Agnew, but Agnew was the last outsider VP and – personal weaknesses aside – there were process issues that isolated him as well.

Golden Boy is the Golden Mean

Evan Bayh is called the safe choice, but he is also an excellent choice. He (paralleling Al Gore) was the son of a Senator and attended St. Albans. In his own right he was a two term governor and has been in the Senate for 10 years – where he as served on Armed Forces and Select Intelligence. Resume-wise he is exactly the kind of person Obama needs.

Within the party he is a moderate, who has spoken about the importance of Democrats reaching out to more conservative groups. This is also a classic VP selection strategy – picking someone from the opposite wing of the party (Reagan-Bush, Carter-Mondale, Kerry-Edwards – are just a few of the examples.)

Finally, Bayh is low-key and unlikely to overshadow Obama but likely to make a good impression. Bayh’s background shows him as a person with good qualifications for the Presidency and the right skills to help govern. Bayh would highlight Obama’s good judgment, and further the campaign’s youthful appearance.

At the same time, VP would serve Bayh well. Bayh is an oddly unforceful speaker, but Veeps spend a lot of time on the campaign trail (party-building) and Bayh would get better in this role very quickly.

If Biden is a bit too much and Kaine is not quite enough - Bayh is just right.

Russia v. Georgia: Flanks in the 4th Dimension

My previous post is an article I co-wrote with Jim Hendler in which I argue that the Russia-Georgia spat wasn't really much of a cyber-war. It was, however, an a sophisticated information war. Not in the sense that information systems were crucial, or disrupted. But the Russia carried out their operation at a crucial time in which the United States had limited capabilities to process the information and develop a response.

In traditional warfare, enemies seek to find weak points in opponents defenses and positions. This occurs primarily in space, although time is important as well. As the ability to collect and process information expands, issues of time matter more and more.

In this case, the Russians struck in the waning days of a Presidency. Regardless of its own failings, no administration has much political capital in its last few months in office. Key personnel have left or are considering their individual exit strategies. This was compounded by carrying out the attack during the Olympics - when the world's attention (and many leaders) were elsewhere.

There was a recent precedent for Russia's use of the American presidential election/transition process. In October 2000 al-Qaeda struck the U.S.S. Cole in the Aden harbor. Although President Clinton told the 911 Commission that his administration's limited time left in office was not a factor in preventing the administration from retaliating - it seems intuitively unlikely that this had no impact. Regardless, the change in administrations did disrupt the development of a coherent policy.

As world affairs become more complex and proceed at a faster pace, these kinds of weaknesses in time and in the decision-making process will loom larger and become more important components in strategic and operational planning.

Aaron Mannes in the Guardian: Russia-Georgia CyberWar Assessment

The Guardian Online just posted an assessment I co-wrote with my friend Jim Hendler (computer science professor at RPI) about the Georgia-Russia Cyberwar.


The first modern cyberwar?

Aaron Mannes and James Hendler
Friday August 22 2008

The Russian-Georgian conflict is being described as the first time cyber-attacks have accompanied an actual war. Last year, the Russian-Estonian spat was described as the first modern cyber-war. These descriptions over dramatise events and are a distraction from the more prosaic, but more serious, danger these illicit cyber-actions represent. The technology used in these cyber-conflicts has only limited strategic impact, but represents a major threat to one of the most successful engines of human freedom and opportunity – the World Wide Web itself.

The strikes against Georgian government websites, along with last April's attacks against Estonian websites, were distributed denial of service attacks (DDoS) where many computers simultaneously send messages to a website, preventing legitimate traffic from reaching the site. These attacks are relatively easy to launch, but taking a website down does not affect real world infrastructure and competent IT professionals can counter or at least mitigate DDoS attacks. The increasing volume and sophistication of these attacks is a subject much discussed among IT professionals, but its impact is to create an inconvenience.

Theoretically taking down Georgian government sites could have prevented Georgia from publicising its side of the conflict. However, some Georgian sites were migrated to new locations. More importantly, the Georgian government's message was getting out to the world. The problem was that the United States and Nato had limited options for supporting Georgia. In short, the cyber component had no significant known impact.

Advanced economies and militaries rely on sophisticated information networks. Damaging or infiltrating these networks will probably be an important component of future wars. The ability to listen in on or disable an enemy's military communications net could be the difference between victory and defeat. It is also conceivable that information inside these networks could be influenced, or that the networks running critical infrastructure - military or civilian - could be infiltrated and used to cause real-world damage. However the skills and technologies needed for these attacks will be highly specialised, and not akin to the DDoS attacks which a relative amateur can launch.

Russia, home to a sophisticated core of cyber-criminals, undoubtedly possesses some of these capabilities. But, considering Russia's massive military advantage over tiny Georgia, it is unlikely that Russia would have turned to advanced cyber war to guarantee victory, particularly when deploying it would provide potential future adversaries with valuable intelligence about Russia's cyber war strategies and tactics. In addition, much of Georgia's infrastructure is old and consequently not online and therefore invulnerable to a cyber strike. (The Georgians claim that Russia has targeted their phone system, and while that is possible, it is more likely that Georgian phone systems were overwhelmed in the general crisis accompanying the Russian attacks.)

The Russian government may have instigated the DDoS attacks, although the evidence is unclear, and it is difficult to identify the origins of a DDoS attack. It appears that the DDoS attacks were in fact a mass action by regular Russian citizens. For the future of the Web, this is even more worrisome.

DDoS attacks typically use botnets, networks of thousands of compromised computers that, unbeknownst to their owners, are used to disseminate spam. Five years ago DDoS attacks and botnets were the domain of highly skilled cyber-criminals. Now, botnets can be rented online, and rentals come with tech support. The massive DDoS attacks on Georgia included botnets, but ordinary citizens joined in, using simple tools distributed online to join in the attacks. The tools of cybercrime are becoming progressively easier to use.

The Web was established as an open environment, with minimal governance, that puts a premium on individual liberty and initiative. This openness has been essential to the Web's success as a tremendous engine of creativity, opportunity, and liberty. DDoS attacks that take down websites are bad manners and one threat to the open spirit that underpins the Web. But the technology behind these attacks represents even greater threats.

The primary use of botnets is not DDoS attacks, but to perpetrate an ever expanding repertoire of online frauds and distribute malicious software. These activities undermine the physical and moral integrity of the Web. Some estimates are that more than 75% of the emails sent worldwide are spam. With botnets becoming easier and easier to create and manage, the rate of spam is increasing faster than new internet capacity. Spam also represents a moral threat to the Web, as online fraud undermines trust in e-commerce and online communications in general.

Governments can better prepare for specific events, such as international cyberspats. There are a number of improvements that could be made in coordination and in developing early warning systems. But the systemic issues also need to be addressed. Software designs need to be improved to reduce the vulnerabilities that cyber-criminals exploit and the public needs to be better educated about safer online behaviour. Major Web users such as governments, ISPs, universities, and corporations need incentives to better secure their networks, and educate their users. Finally, serious efforts must be made to develop international laws that can prevent increasingly sophisticated cyber attacks and to prosecute cyber-criminals. All of these steps are costly, but without them more draconian efforts that impinge on individual privacy may be needed to keep the Web viable.

The cyber-component of the Russian-Georgian conflict was only a sideshow, but it highlighted the threats facing one of history's great promoters of freedom and innovation - the World Wide Web.

Friday, August 15, 2008

Golden Oldie: Russian-Estonian Cyberwar Overview

Spring 2007, a spat between Russia and Estonia was accompanied by a "cyberwar." With my friend, and former boss, Jim Hendler (now a professor at RPI) I wrote an overview. The story is now relevant again for assessing the cyber component of the Georgian-Russian conflict. This difference is that this time, for all of the hype about cyberwar, there is real world fighting that is having a more permanent impact.

At the same time the growing level of illicit activity on the web is a concern in its own right.

June 5, 2007

COMMENTARY

Net Attack
By AARON MANNES and JAMES HENDLER
June 5, 2007

The age of cyberwar has arrived. The attacks on Estonian government and commercial Web sites following the relocation of a Soviet World War II memorial in Tallinn in late April made news around the world. Yet these were not the only, or even the most significant, such assaults this year.

In February, hackers laid siege to six of the 13 "root servers" that form the backbone of the Internet. Had they succeeded in disabling these servers, the Internet would have ceased to function. Fortunately, only two of the root servers were severely affected, causing only some localized slowdowns. The emerging threat of cyberattacks against vital parts of the global economy highlights the urgent need to protect the Net from criminals.

The attack on Estonia was perhaps more akin to a riot than a military strike. Just as a mob might wreck storefronts, cyberattacks defaced or knocked prominent commercial and government Web sites offline. Similar attacks have accompanied other international political spats. Arab and Israeli hackers attack each other's Web sites, as do Pakistani and Indian hackers. After a South Korean speed skater was disqualified for bumping an American rival during the 2002 Winter Olympics, several strikes apparently originating from South Korea hit U.S. servers.

In all these cases, the hackers can cause email delays and fetter access to targeted Web sites. In Estonia, they prevented the national government from explaining the situation, hampered financial transactions and interfered with telephone systems, which rely in part on the Internet to function.

The strikes against the Estonian sites and the Internet root servers are of a type known as Distributed Denial of Service attacks, or DDoS. The assailants begin by installing a virus or other malicious software on a computer, directing it to send messages without its owner's knowledge. These compromised computers, known as bots, are bound together into large networks called botnets. They then simultaneously send messages to the targeted system, overwhelming it and leaving it unable to respond to queries. Low-end estimates indicate that there are tens of millions of bots in the world, and experts have identified some botnets that included more than 100,000 compromised computers.

One reason for the increasing frequency of these attacks is that they don't require high-level skills. In chat rooms where cybercriminals congregate, botnet builders offer their "products" for rent, their real identities obscured behind aliases. There are even online help desks to assist users. Because botnets consist of computers from all over the world, it is difficult to trace the origin of an attack, making it particularly attractive to governments who can deny any responsibility.

Consider the Estonian case. Tallinn accuses Russian state officials of involvement in the recent attacks. But even if that is true, it is difficult prove that this was state policy instead of the actions of sympathetic individuals. State computers may have been part of botnets, but so were other computers around the world. Russia is also a major center for cybercriminals, many of whom happen to be staunch Russian patriots. In this recent cyber levée en masse, many ordinary Russians participated in the attacks against Estonia; at its peak over one million computers were involved.

Because of their ease of use, DDoS attacks have proved attractive to various malevolent actors. According to a report by the Middle East Media Research Institute, Islamist chat rooms have included discussions of attack techniques and work to coordinate attacks on Web sites that oppose their cause. DDoS attacks may favor the assailant, but skilled IT professionals can counter them. More important, they have limited efficacy: Knocking out the power company's Web site is not the same as taking down the power grid. Breaking into a system to gather information, or launching an attack that damages real-world infrastructure, requires more extensive skills. So far, the few publicly known incidents involving real-world infrastructure -- most famously an April 2000 case in Australia in which raw sewage was released into rivers and streams -- have involved disgruntled insiders.

DDoS is also of limited utility in economic warfare. Knocking out the Web site of an online business is obviously bad for that business, but it has a negligible overall economic effect: Frustrated customers can simply purchase from competitors.

Little is known about the people behind the February attacks on the Internet root servers. The investigation into the incident suggested that the attack was by cybercriminals who wanted to advertise their sophisticated botnet. Criminals have used DDoS to blackmail online businesses, particularly gambling sites. But botnets are used more profitably to disseminate spam and malware. While the botnets cannot yet destroy the Web technically, they are undermining its vital trust and openness.

There are no simple ways to prevent the World Wide Web from becoming a zone where powerful criminals operate unfettered and large players can push around small ones. Software makers can work to make systems more secure, but many computers are compromised by user error rather than technical flaws. The public can be better educated in computer security, but human nature is imperfect.

International standards for addressing the problem, such as the Council of Europe's Convention on Cybercrime, are evolving. Setting international standards to counter cybercrime, while still protecting civil liberties, will be a continuing challenge. But the greater challenge will be pressing nation-states to adhere to these standards by enacting and enforcing laws against cybercrime.

Yet as the attacks against Estonia show, the task cannot be delayed -- the increasing sophistication and accessibility of malware means these problems will only become worse. The future of the Web is at stake.

Mr. Mannes is a researcher in international security affairs and Ph.D. student at the University of Maryland. Mr. Hendler is a professor of computer science at Rensselaer Polytechnic Institute.

If Musharraf Goes: Assessments and Opportunities

There are reports that Pakistani President Pervez Musharraf will be stepping down in the next few days in order to avoid impeachment. Musharraf has denied these reports, but the prominence of the rumors indicates strongly that the political balance of power has shifting against Musharraf – he will almost certainly be reduced to a figurehead. It is difficult to say how history will judge Musharraf. From the American perspective he was not adequately taking on Islamic extremism. But from the Pakistani perspective he was becoming an American lackey. The truth is somewhere in between. What Musharraf lacked was either the desire or the capability to take on the systemic problems bedeviling Pakistan. It is possible that with his exit from the scene, a new opportunity to take on these challenges could emerge.

On one level, Musharraf has been cooperative on counter-terror issues, arresting high-profile al-Qaeda and acquiescing to missile strikes on Pakistani territory. However, while missile strikes are a useful tool – they are no substitute for a serious policy. They have also contributed to Musharraf’s loss of standing in Pakistan, since he is seen as subordinating Pakistani sovereignty – and lives (these strikes have, unfortunately, killed civilians) – to American priorities.

On the other hand, Pakistan has not successfully taken control of the tribal areas where al-Qaeda is re-grouping. Americans would be wise to temper their criticism of the Pakistani military’s counter-insurgency efforts. Imagine a heavy military force designed for conventional conflict being forced to fight a major conventional war stumbling when forced to fight a tough insurgency in hard terrain.

In addition, when Pakistan has cracked down harshly on Islamist groups (such as storming the Lal Masjid Mosque in Islamabad) the response has been waves of Islamist violence – a certain amount of trepidation is understandable.

Large organizations do not change quickly or easily – no matter what the political leadership orders. Ultimately, the Pakistani military’s size (a drag on the economy), shape (oriented towards conflict with India), and operations (such as meddling in Afghanistan) are due to its ongoing conflict with India over Kashmir. The Kashmir issue probably cannot be effectively resolved. However, in general Pakistan’s civilian leaders have been willing to lower the level of tension (in fairness, so did Musharraf). When PPP chief Asif Zardari stated that relations with New Delhi should not be held hostage to the Kashmir issue he was criticized from almost every quarter. Several days later General Kayani made a highly publicized visit to the Line of Control in Kashmir.

Pakistan is at a severe disadvantage vis-à-vis India, both in geography and power (Pakistan’s Afghanistan policy is motivated by a desire to keep that country weak, and thus potential strategic depth for Pakistan in a conflict with India.) U.S. policy has to take Pakistan’s security concerns seriously.

With a civilian government holding real power, the United States might be able to offer security guarantees that would reduce Pakistani fears of conventional defeat by India. Equally important would be the framework of this dialogue. The United States should work to structure these discussions so that Pakistan’s leadership is not negotiating from an inferior position. This combination of real guarantees and the appearance of dealing with the U.S. from a position of strength (essential for the new leadership to establish that it is not in the American pocket) might give Pakistan’s civilian leadership the strength to re-shape the security establishment for its current challenges, reduce the size of the ISI, and counter-act the military’s ongoing expropriation of Pakistan’s civilian economy.

This approach will require a combination of strength and subtlety from both the Pakistani and American sides – qualities that have been in short supply. Nonetheless, a nuclear-armed nation of 200 million, in a strategic location – and at least some democratic currents in its politics – demands this level of attention.

Monday, August 4, 2008

College Park Maryland Cougar Video: Unanswered Questions



Here is footage of the Savannah Cat terrorizing the University of Maryland College Park.

Notice how easily the cat disappears from the camera. Why did it allow itself to be caught on camera at that time? Steganography perhaps? A signal to al-Cata?

Meanwhile, what else does the University know? What else are they concealing from us?

Tune in next time, same cat blog, same cat url.

Sunday, August 3, 2008

Large Cats@UMD Updates & Analysis: Infiltration Potential

My top secret campus briefing has been confirmed by mainstream media. First, the sightings were not humidity-induced mirages. Security cameras on campus have captured the elusive large cat's image. Specialists have determined that it is not a cougar, but probably a Savannah Cat.

A Savannah Cat is a mix between a Serval and a domestic short hair cat. A Savannah Cat, known as the "Great Dane" of the cat family, usually weighs in at around 35 pounds (75 lbs. less than a typical cougar.) So in terms of raw feline firepower the campus appears to be safer. But we must not be lulled into a false sense of security. There is more going on here than is generally realized. Highly placed campus sources tell me the sightings had been going on for over a week - and the University was keeping it quiet.

Why?

First, do not under-estimate the Savannah Cat, a creature so dangerous it was banned in Australia (although no permits are needed to own one in the U.S.):
An assessment commissioned by the government found that the savannah cat posed an extreme threat... with a likelihood that each generation would retain the more efficient hunting traits of the wild African serval.
[The Australian government stated it] would "not hesitate" to use [its] powers... to prevent the live import of any species or breed that poses a significant risk...
If infiltration is the plan, not frontal assault - typical in asymmetric threats - then the Savannah Cat could prove to be a deadly foe. Its domestic cat side will ensure it has tremendous familiarity and knowledge of human society. The Serval, a small hunter has evolved enormous ears and will sit and listen for up to 15 minutes while on a hunt. A self-contained killing machine that combines collection and analytical capabilities.

It is possible that some unknown corner of the University's research facilities scientists have engineered an uber-feline part animal, part machine - a cat-borg.

I will reiterate my concern - Redouble security around COLUSSUS ( the Internet backbone server at UMD) - some sort of cyber-feline alliance could be afoot!*




Also, based on this picture I found, it is clear a Savannah Cat could eat a small child - thus it is no accident that the beast was first sighted near the University's Center for Young Children.

(This picture comes from SelectExotics "a progressively innovative, TICA registered cattery that has continually been striving to produce the highest quality domesticated companions." So I guess if you wish to own one of these demon-spawn these are the people who can hook you up.)

Let me reiterate my previous call to the University of Maryland's feline intruder:
They will hunt you down and give you to someone qualified to take care of you. If such a boring, unchallenging life is what you seek, surrender. Otherwise, come to my office - I still have several pounds of raw meat waiting for you - and I can give you sanctuary.


*I am not worried that this bionic cat could somehow do damage to the Internet. Legend has it that there are enormous boxes of Legos from a defunct robotics lab somewhere in the bowels of the computer science department at MD. No one has ever found them (and I've looked high and low.) This Lego Dorado will probably never be found, because the Internet has appropriated them and is building a giant Legotron that will one day rise from its underworld home and do its cyber-master's bidding.

Friday, August 1, 2008

Pakistani Intelligence Sponsoring Terror

This morning, The New York Times has a front page story stating that U.S. intelligence has determined that Pakistan’s intelligence agency, Inter-Services Intelligence, aided the July 7, 2008 attack on the Indian Embassy in Kabul. The conclusion was “based on intercepted communications between Pakistani intelligence officers and militants who carried out the attack…”

This is a very big deal. Indian intelligence sees the ISI behind every adverse event (it should be noted that sometimes, this assessment is correct), but oftentimes the follow-up investigation is lax and inconclusive. India’s security services are of uneven quality (with, it should be emphasized, some able people in top slots) and blaming the ISI is easier than engaging in the needed long-term reform. More recently Afghanistan’s President Karzai has been publicly accusing Pakistan of supporting the Taliban against his regime.

But for U.S. intelligence, particularly the CIA (which has a long working relationship with the ISI) to come to this conclusion – and allow it to appear in the newspaper of record is an event of a different magnitude altogether and it should be taken very seriously. Unsurprisingly, Pakistan’s Prime Minister has denied this support. But the U.S., which has given Pakistan billions in aid since 9/11 and tried to build a strategic alliance, would have little incentive to accuse Pakistan of something so serious.

Unfortunately, effective policy options are not readily available. Too much pressure could isolate Pakistan and lead to a rupture in relations. This is inadvisable - since Pakistan is nuclear-armed, and al-Qaeda cannot be neutralized and Afghanistan cannot be stabilized without Pakistani cooperation. Pakistan can also turn to other powers (particularly China, which is building a giant port at Gwadar) for support.

Also, Pakistan is not completely hopeless. While radical Islam is on the rise in Pakistan, considering how poorly the country has been governed it is surprising that the Pakistani people have not turned even more strongly to radical Islam. The government has recently returned to democracy - a corrupt, inept democracy - but one of the few in the Muslim world.

Pakistan, is one of the central theaters in the war on terror. The recently reported revelations about its intelligence agency's involvement with Islamist terrorists make this an unavoidable reality about Pakistan that the next administration will need to face directly, with resolve, subtlety, and creativity.

But, as Doug Farah notes, simply writing checks is insufficient.

Cougar of College Park



Usually this blog focuses on the threat of trans-national terrorism – but major threats come in various forms. Reports of a cougar stalking the University of Maryland College Park (where, full disclosure, I am employed as a researcher) could represent more than a wayward large cat (strictly speaking cougars are not “great cats” because they don’t roar – although some great cats, like leopards, are actually smaller than cougars) – it could be a homeland security issue.





This appears to be an extraordinarily clever cougar, it was most recently spotted near the Center for Young Children - perfect prey for a cougar in search of an appetizer.

Although the brutal fact is that we are at the beast’s mercy. Cougars are lightning fast, whereas Terrapins are notoriously slow.

But there is reason to believe there is more going on. The University of Maryland is home to a number of sensitive projects and institutions. Most notably, one of the 13 DNS root name servers that run the internet is based at Maryland (exact location undisclosed – and possibly unknown.) Could the cougar be attempting to hijack the internet for purposes unknown?

This is particularly worrisome if, as many (or at least I) believe, the server has achieved an independent consciousness – like the super-computer in Colossus: The Forbin Project.

All things considered, our best bet is to attempt to negotiate with the cougar and come to terms with it. I have extensive experience with large cats (I’ll discuss this in a future post) so I will volunteer to be an emissary. As a tribute to our new feline over-Lord I am bringing several pounds of raw meat into my office.

So, let me address the cougar directly. If you are out there and scared, come to my office – I can offer you sanctuary (and possibly a research assistant position.)

If you can’t smell the raw meat, look me up in the directory, or stop by the main office of my lab.