Businessweek says the US is reorganizing its cyberspace command, moving control away from the Air Force:

The Pentagon this week delayed and may kill the Air Force’s nascent Cyberspace Command, according to a memo obtained by The Associated Press. This comes as Russia used a major computer network attack to begin its assault on Georgia.

Sounds like a control struggle is happening within the armed forces. Dissent among American leadership is the next block of the story:

“The Russians just shot down the government command nets so they could cover their incursion,” said Wynne. “This was really one of the first aspects of a coordinated military action that had cyber as a lead force, instead of sending in air planes. We need to figure out a way not only see the attack coming but to block it, and in blocking it chase it home.”

“I think this is a very poor time to send a signal that the United States is not interested in focusing on warfighting in the cyber domain,” Wynne added.

Wynne was fired by Defense Secretary Robert Gates earlier this year after the Air Force’s mishandling of nuclear weapons. Wynne, however, told reporters he was fired over differences with Gates on the need for additional F-22 fighter jets, among other matters.

.

People from the Air Force that I have spoken with have said they disagree with the current Administration’s policies, and some have even suggested that Bush himself is unable to lead or make decisions. They still discuss how he reacted on 9/11. No doubt this grudge makes them a target for reorganization.

The Air Force considers cyberspace a “domain” for which the service should train and equip forces to defend, as it does airspace. There are about 3 million attempted penetrations of Defense Department networks every day, according to the Air Force.

A senior military commander told the AP, however, that the mission to defend U.S. military networks is better vested in U.S. Strategic Command, which has the military responsibility for cyberspace across all services and commands.

The bottom line on this issue is that the problem of DDoS attacks is real and needs to be addressed immediately. Companies like Arbor seem to get it and have been managing the situation for many years already. The risks are known; this stuff is not rocket science, so hopefully the Pentagon is actually getting things organized and moving ahead rather than playing politics and favors to corporations, or lobbyists, etc..

Jose Nazario suggests on his blog that Georgia has not been under cyber attack as some are starting to suggest:

While some are speculating about cyber-warfare and state sponsorship, we have no data to indicate anything of the sort at this time. We are seeing some botnets, some well known and some not so well known, take aim at Georgia websites. Note that RIA Novosti, a Russian news outlet, was apparently targeted during this fighting. Georgian hackers are accused of this event.

Compared to the May 2007 Estonian attacks, these are more intense but have lasted (so far) for less time. This could be due to a number of factors, including more sizable botnets with more bandwidth, better bandwidth at the victims, changes in our observations, or other factors.

Sounds a lot like an uncertainty principle sneaking into the calculations. He points towards other links that say there is no question Georgia is experiencing cyberwarfare. Unfortunately the term is too loosely defined to reconcile the perspectives.

Arbor’s point seems to be that no link to “state sponsorship” has been proven and so the attacks are not classified under warfare. On the other hand, political analysis done by Jose Nazario in his July 20th review of a DDoS that targeted the website for the President of Georgia highlights Russia-Georgia tension. Moreover The Register claims a link to state-sponsored system has been uncovered.

Arbor continues to prove that “weather map” technology for network behavior is one of the best ways to anticipate more conventional risks.

Schneier’s blog points to analysis of biological weapons and claims he has found “some reality to counter the hype”.

Unfortunately, when I read the “reality” I found statements such as this one:

Biological weapons programs were abandoned because they proved to be not as effective as advertised and because conventional munitions proved to provide more bang for the buck.

I’m not sure I understand their argument. Aside from having a lack of citation or any examples, it seems to lack historical and political context.

If someone’s goal is to create a major catastrophe, then these weapons have been proven (in WWI for example) to be very effective. Hundreds of thousands were killed with millions injured.

It is clear to me that countries refused to agree on a ban throughout the 1930s and production continued through the 1940s because effectiveness was tangible. In fact chemical weapons were invented in 1936, many years after biological weapons were used.

Even by the 1970s President Nixon had ordered a review of both chemical and biological weapons but he only agreed to ban the latter, not the former.

Why did America reserve the right to maintain and use chemical weapons if they were ineffective? The President only “renounced first use of lethal or incapacitating chemical agents and weapons”.

The Soviets balked at first to an exception made for chemical weapons, but later agreed to the biological-only ban. The Chinese walked away and highlighted the failure of the US to ban chemical weapons.

Strange to me that the authors fail to mention how chemical weapons have been separated from biological and preserved by states in this context. And that is not even to mention extensive use of “herbicide” such as Agent Orange (similar to 2,4-D) by the US during the Vietnam War, which I have discussed before.

Another distinction from biological is that chemical weapons are supposed to kill people, whereas biological variants seem to be about intense suffering and are said to spread more easily. Why shouldn’t we factor that as a reason for banning biological if chemical alternatives exist?

When “effectiveness” is compared with nuclear weapons, nukes obviously have no known countermeasures other than deterrence — more nuclear weapons of your own. However, chemical and biological attacks have a host of potential countermeasures such as filters, antidotes, etc. (NBC suits) and fail to achieve “mass” status without new delivery mechanisms. I dare say complicated, but nuclear weapons also have highly complicated delivery mechanisms.

This seems to be why chemical and biological weapons fail to get classified as WMD, even though they can and have been used for acts of genocide — not a WMD, but it can still kill an entire nation…seems effective in a different kind of way.

Finally, in terms of effectiveness, Corporations (increasingly non-state agents) that produce and use biological and chemical substances have proven more than capable of causing significant harm to anyone in proximity to even controlled use as well as accidents.

Unfortunately this Red Tape article was written without any mention whatsoever to the chip and PIN requirement for cards outside the US.

Could a hacker steal enough information from a store you’ve shopped at to print up fake debit cards in your name and withdraw cash from your checking account at an ATM? Even if you’ve never told a soul your PIN code?

In fact, said the Justice Department last week, it’s already happened, possibly to millions of people.

Let’s face it, antiquated American payment cards have been a technology embarrassment for years, just like the primitive mono-tone one-size-fits all bills.

The systems outside the US not only are more modern in terms of security controls, but also more consumer-oriented, and even less invasive (better privacy).

Consumers in America deserve(d) better. The real story is why they have not been offered a choice.

Banking regulators and Congress have coddled the industry, which has worked its will over the past two decades with an army of lobbyists and more than $200 million in campaign contributions spread around Washington.

There is a slim chance that America could get wise and regulate financial security more carefully:

A critical test for reform came last month in the House Financial Services Committee, where Republican members tried to amend a “Credit Cardholders Bill of Rights” into oblivion or replace it with a meaningless statement commending the Fed’s proposals. Instead, two Republicans, Reps. Christopher Shays of Connecticut and Walter Jones of North Carolina, joined 37 Democrats, led by Rep. Carolyn Maloney of New York, to hand the banking lobby a rare defeat.

I think it should not be called a banking lobby defeat, when in fact some in banking support regulation. Perhaps I am naive to think that the banking lobby does not fairly represent all of the broad interests of banks in America, but I see the reform movement as a genuinely positive step towards bringing some balance back to the industry.