The Pentagon has a problem: How does one of the world’s largest employers avoid doing business with companies that rely on China’s Huawei Technologies Co., the world’s largest telecommunications provider?
So far, the Defense Department is saying that it can’t, despite a 2019 US law that barred it from contracting with anyone who uses Huawei equipment. The Pentagon’s push for an exemption is provoking a fresh showdown with Congress that defense officials warn could jeopardize national security if not resolved.
As it has done since the law was passed more than five years ago, the Pentagon is seeking a formal waiver to its obligations under Section 889 of the 2019 National Defense Authorization Act, which barred government agencies from signing contracts with entities that use Huawei components.
Ahem, Microsoft ought to know a thing or two about security lapses
CISA published a report shortly before Easter, on 3/20/24, regarding the security breaches detected in June 2023 (source)
Review of the Summer 2023 Microsoft Exchange Online Intrusion
Makes for very interesting reading, given it looks like Microsoft can’t explain how the signing keys were “lost” and whether these are the only keys that were lost. The lost key had been issued in 2016, so it’s unclear how long the threat actors were in possession of it before the intrusion was detected last June.
In May and June 2023, a threat actor compromised the Microsoft Exchange Online mailboxes of 22 organizations and over 500 individuals around the world. The actor—known as Storm-0558 and assessed to be affiliated with the People’s Republic of China in pursuit of espionage objectives—accessed the accounts using authentication tokens that were signed by a key Microsoft had created in 2016. This intrusion compromised senior United States government representatives working on national security matters, including the email accounts of Commerce Secretary Gina Raimondo, United States Ambassador to the People’s Republic of China R. Nicholas Burns, and Congressman Don Bacon.
Signing keys, used for secure authentication into remote systems, are the cryptographic equivalent of crown jewels for any cloud service provider. As occurred in the course of this incident, an adversary in possession of a valid signing key can grant itself permission to access any information or systems within that key’s domain. A single key’s reach can be enormous, and in this case the stolen key had extraordinary power. In fact, when combined with another flaw in Microsoft’s authentication system, the key permitted Storm-0558 to gain full access to essentially any Exchange Online account anywhere in the world. As of the date of this report, Microsoft does not know how or when Storm-0558 obtained the signing key.
Reading between the lines, Microsoft could be seen as initially stonewalling
In response to Microsoft’s blogs, Wiz, a cloud security company, launched a limited independent review of the incident. Wiz concluded that the compromised 2016 MSA key could sign access tokens for many types of applications, far beyond Microsoft’s initial reporting. For Wiz, this revelation underscored the need for a broader awareness and proactive measures across all affected stakeholders. CISA also conducted an in-depth review of Microsoft’s public statements. CISA’s findings pointed to the need for greater clarity and transparency from Microsoft about the initial compromise’s blast radius, token scope, and impact. Specifically, CISA noted information gaps in what additional capabilities the stolen key granted the threat actor, Microsoft’s incident response measures, and the potential for threat actors to access internal servers or additional key material.
By the sounds of it, CISA/CSRB (along with most of industry [1]) is deeply unhappy about the current state of affairs with MS cyber security. It seems that people are starting to realize just how much the West’s government’s (and others) rely on Windows, Excel, and Azure. The USG has tried asking nicely (eg. Congressman Ron Wyden sent a letter asking for info [2]) and now they are starting up the threaten and fine playbook.
The FTC is also getting to the mix, looking into security product (lack of) bundling in standard Azure plans. [3]
Edit: On the other hand, if we lose PowerPoint it’s a net win.
Russia’s focus on electronic warfare dates back to the development of Western precision weapons in the final decade of the Cold War, a breakthrough that disrupted the balance of power created by the Soviet and Western nuclear arsenals.
Russian interference proved particularly successful with Excaliburs, which used fuzes programmed to explode at a certain altitude, and because of GPS tampering failed to detonate altogether, Ukrainian troops say. Other precision-guided artillery shells, such as the Bonus rounds produced by France and Sweden, have also been rendered less effective by Russian jamming.
The Excalibur artillery round performed wonders when it was introduced into the Ukrainian battlefield in the summer of 2022. Guided by GPS, the shells hit Russian tanks and artillery with surgical precision, as drones overhead filmed the resulting fireballs.
That didn’t last.
Within weeks, the Russian army started to adapt, using its formidable electronic warfare capabilities. It managed to interfere with the GPS guidance and fuzes, so that the shells would either go astray, fail to detonate, or both. By the middle of last year, the M982 Excalibur munitions, developed by RTX and BAE Systems, became essentially useless and are no longer employed, Ukrainian commanders say.
Russia’s success in electronic countermeasures—closely watched by China, with whom Moscow is believed to share some of its battlefield lessons in dealing with Western weaponry—poses a strategic problem for the U.S. and allies.
When it comes to Ukrainian-made weapons like drones, models that worked just a few months earlier are no longer efficient on the battlefield because of the constantly evolving technology, said a Ukrainian intelligence official. “It’s like updating software on your phone—we and the Russians have to do it every month, to keep up,” the official said. “But when we get weapons from the West, the manufacturer put in its software many years ago, and rarely wants to change anything.”
Russia’s own precision munitions, such as Krasnopol shells, rely on laser designation by Orlan-30 drones that continued to operate without GPS guidance. The U.S. has supplied Ukraine with comparable M712 Copperhead artillery rounds, but Ukrainian forces rarely use them because of a shortage of compatible drones to designate targets, Ukrainian troops say.
More recently, Russia introduced at scale the enhanced Kometa-M satellite guidance kit that’s far more resistant to Ukrainian jamming and that has allowed Russian glide bombs to be used to devastating effect against Ukrainian positions.
This illustrates one of my reasons that the US should have pushed hard for negotiations even at the cost of giving up something that maybe we didn’t want to give up.
It is not 1980. We are much weaker relative to any adversary. It is critical to face reality when making judgements. We are weaker militarily, economically and socially relative to any proposed adversary in comparison to 1980.
We may or may not be able to recover from our current situation as a country. If we are to recover, it is not arguable that we need time. Time to rebuild our industry, society and our trust in institutions.
When you need time to build up your strength, you have to consider a strategic retreat. That is the moment you do not want to be pressed hard.
The particular quote above is a minor example of destroying the illusion of your strength. The unknown is sometimes far more frightening than the reality and it may help slow your adversaries aggression.
Kirby says Russia already lost. The thing is Russia never announced it was going to overrun Ukraine. The US did announce that it was going to destroy Russia. We were going to turn the ruble into rubble and oust Putin. It is the US that already lost because none of that is going to happen. Anything less than the destruction of Russia will result in Putin retaining more respect than the US government with their respective populations.
I doubt any of the neocons thought about these considerations. One giant elite echo chamber. They have lived their whole lives being able to run off at the mouth with no consequences.
Edit: The unknown is sometimes far more frightening than the reality and it may help slow your adversaries aggression. NOW China knows more about our capability than we know about theirs.
One big problem is that during the leadup to the 2022 invasion, Biden raised the stakes and killed Ukraine’s attempts at negotiations. In a self fulfilling prophecy, Biden effectively said that Putin was going to lose face if he failed to take all of Ukraine.
Using Brave search AI for “Thucydides fear honor interest quote”
Interplay between Fear, Honor, and Interest Thucydides illustrates how these three factors interact and influence one another. For instance: * Fear can lead to actions driven by interest, as states seek to protect themselves from perceived threats. * Honor can motivate states to take risks or engage in conflicts, even if it means sacrificing their interests. * Interest can be shaped by fear and honor, as states prioritize their perceived self-preservation and reputation.
Fear: the desire to avoid being attacked or dominated by others.
Honor: the need to maintain its reputation and prestige.
Interest: the pursuit of its own advantage and well-being.
UAVs have turned into the main threat in terms of our ability to deal with it, because the army right now has no means of prevention except using F-16s,” said Ariel Frisch, deputy security officer of Kiryat Shmona, an Israeli city near the border with Lebanon that has been hit by at least six explosive drones since Oct. 7. “We are very, very worried about it.”
Drones force militants’ stronger adversaries to allocate scarce and costly resources to defend against them. While the Iranian Ababil drones used by Hezbollah can cost $5,000 apiece, an hour of flight time for an F-16 shooting two missiles is roughly $45,000, said Yehoshua Kalinsky, a senior researcher at the Tel Aviv-based Institute for National Security Studies. An interception by the Iron Dome is even more expensive and can cost $100,000 or more.
One highly expected response is the “Iron Beam,” which will fire a concentrated laser to take down aerial threats. A defense official said it would be rolled out sometime in 2025. The energy used for each interception is expected to cost a dollar or two per target, significantly cheaper than using interceptor missiles.
Moshik Cohen, an Israeli tech entrepreneur who previously worked on defense-missiles development at the Israel Aerospace Industries and autonomous vehicles at Samsung, is now working on building a platform to detect and classify threats, such as drones and UAVs, so they can be shot down. But he is aware that the drones are improving quickly as well. Israel is in a technology race, he said, not a typical arms race, and doesn’t have the advantage of time.
“This is an agile, software-defined conflict,” Cohen said. “If something is evolving, you need to evolve and move faster to win. Otherwise, you have no chance. You don’t have three years for development.”
With the present huge asymmetry in drone threat vs. defense cost, I’m afraid to say a root cause analysis (or whatever military scientists call it) of the most readily-disrupted component in the chain of causation as to offensive use of large numbers of such drones in an attack, is the command-and-control, decision making structure. One single point of failure immediately comes to mind: the political leadership. There is locus of the formulation of the intent to undertake the significant planning and marshaling of personnel and resources required for such an attack. Only then, does this same individual or small group give the order to ‘FIRE’!
To my way of thinking, this situation very likely invites decapitation attacks - and well before the attack’s preparations are complete - at a time when the decision to ‘go’ is optional over some period of time suitable to the attacker. Waiting until the point of strategic readiness invites disaster. This is all the more the case for Israel, surrounded by an overwhelming number of implacable enemies, whose explicit goal is genocide.
As I listened to Netanyahu’s speech before congress (sic), I found myself thinking that - even as Israel finishes its war in Gaza - it will not allow itself to continually live under the existential threat from Hezbollah, really Iran. I use the word ‘existential’ intentionally. If Hamas’ little genocide proved anything, it showed Israel the depth and breadth of world anti-semitism. Every other group may legitimately have its own historical enclave (all with more or less displacement of others!) for its betterment and safety, but not the Jews. Verboten!
“Never Again, said Netanyahu, is Now”. To borrow from our domestic enemies - you know, the ones who continually tell us they will accomplish their goal (of destroying the US as Founded in favor of DIE according to their received wisdom) -"by ANY means necessary - I’m afraid Israel has had a stark realization: Many have rightly described Iran as “the head of the snake”.
As in 1981, when it destroyed the Osirak reactor, Israel likely believes there is no other option to ensure its survival. I think they have decided to deal with Iran and Hezbollah - by any means necessary. I won’t be very granular in my descriptors of those means. Lets hope that term aptly describes the status of Iran’s and Hezbollah’s leaders following implementation of those means. The future of the US, as well, is in the offing.
Kalinsky ignored that two Sidewinder or Python missiles fired by the F-16 likely go for nearly half a million apiece. Mr. Kalinsky is a freaking moron.
This brings back a faint recollection of a US military man (Marine Corps, I seem to remember) who earned early retirement by successfully sinking a US carrier task force in a war game. Not cricket! His method was exactly as you described – overwhelm the US side with multiple simultaneous attacks by many light planes and speed boats.
Apart from firing the winner, what could someone do to avoid this kind of attack? I fear that an early decapitation strike would not work. Someone else would step in to take over organizing the attack, now with renewed vigor. Two obvious alternatives:
The first is to develop an effective means of countering a massive drone attack. Maybe Electronic Warfare to send the drones back to their launch points, or maybe cheap fast-recharging laser blasts which could knock down drones quicker than they could be launched. Such technologies will be developed eventually … but that does not help Israel (or anyone else subject to attack) today.
The second truly horrible alternative would be to rip a page out of the NATO “defensive alliance” playbook, and copy what our guys did when they attacked far-off Serbia over some tenuous excuse – bomb the population back to the Stone Age, hitting electric power and water treatment plants. It seems that NATO’s support for the Zelensky regime has forced Russia to adopt a similar (albeit gradual) approach. It is very difficult for a population without power or water to organize an attack.
Jaw-jaw is always better than war-war, as Winston Churchill is reputed to have said. Let’s hope the leaders on all sides remember that.
Russians claim to have found an NVIDIA Jetson TX2 video card in one of the aircraft-style drones that recently crashed in southern Russia. This video card is used for many tasks, including computer vision.
“Russia has used KN-23 ballistic missiles from North Korea … but about half lost their programmed trajectory …”
That is an interesting point. Unfortunately, it would need a small army of MBAs to work out where the optimum lies.
Impoverished North Korea can build ballistic missiles which hit their target about 50% of the time, using cheap off-the-shelf Toyota automobile bearings. On the other hand, the once-wealthy US can build missiles which can hit their target 100% of the time (we assume), using very expensive custom-made components. Which is the better strategy?
The North Korean strategy sounds a bit like what the US did in World War II when it really was the “Arsenal of Democracy” – i.e., do a lot of repurposing of existing components & factories to outproduce & overwhelm the enemy. The current US strategy of low-volume highly-specialized customization may be part of why Our Betters have not won a war since 1945.
Perhaps the important question is – how many missiles can each side produce? The North Koreans could be limited if Toyota stops selling them auto bearings. But where are Toyota auto bearings (and their components) produced these days? Probably not in expensive Japan – more likely by sub-contractors in China or Turkey, who may be happy to keep selling bearings to North Korea. And of course we know that the US (and the West more generally) would be unable to produce any missiles without imported components from China and materials from Russia.
Then again, we know that the vaunted Patriot missiles are fired in pairs, because the probability of a hit is about … 50%. So maybe hitting the target is not just an issue for the North Koreans.
Many layers of the onion would have to be peeled back to answer the question of whether the North Korean approach to missiles is more or less effective than the Western approach.
