Nyet! La Voila! Los Bad Hombres! đŸ•” đŸ—œ đŸ€Ą – Part III

A new awareness of governments’ capabilities in collecting and monitoring vast amounts of information in great detail has raised concerns over privacy, civil, legal and human rights implications. The list of the outraged goes from liberal activist groups to the media and the right including the President.

In (Part I) and (Part II) I set up the dynamics leading to an area that is a greater domain of risk. To get a few points across, it is useful to recall/review risk. Risk is assessed on 2 dimensions: probability and impact. We do not waste resources or energy on high probability/low impact (yapping noise at Starbucks) and low probability/low impact (rain on sunny days) outcomes. We avoid (or should if we know) high probability/high impact ones.

The danger lies in low probability/high impact outcomes. We build safeguards into infrastructure, systems and environments where adverse impact can be high (prevention) and try to reduce or eliminate the probability where it is high (transform, disrupt.) The more complex a system (organization, machine, etc.) the more difficult it is to keep track of dependencies and secure weak links if each have their own probability of failure/compromise and cascading affects.

As the safeguards become ubiquitous we take them for granted and the risk is not reduced per se but carefully managed and maintained at an acceptable level. Flying in a 1,000,000 lb pressurized cabin of metal at 33,000 feet is not inherently safe — it is made safe by rigorous application of experience, science, engineering and quality control processes in design, manufacturing and maintenance.

The current fixation with the NSA is somewhat biased and in 2 aspects (too many to go into here but some typical ones exploited in Information Warfare and propaganda: anchoring/confirmation/Post hoc ergo propter hoc/Illusory correlation/Description-experience gap/bandwagon/fundamental attribution/backfire/bandwagon/framing biases, affects and errors.) First — notwithstanding a healthy distrust in authority, the populist de facto acceptance of conspiracy theories, leaks, and already acknowledged errors — data collection, storage and dissemination systems (physical, legal, process and human) are by-and-large sound. BTW recent leaks have also demonstrated underlying value. Agreement with the law and policy being a separate issue, the DNI’s section 702 release, the transparency report and EFF FOIA request show no violations of rights and the inability to fully minimize led the NSA to drop the “about” collection method. Talking about lack of transparency in such closed conspiratorial system we have!

Second, the mission, culture and incentives at the national security level are focused on building national and international towers and moats and not sinking some poor sob’s boats. I do rhyme! The same goes for Five Eyes (same level) sharing which is again not absolutely unrestricted in either direction.

So, based on oversight checks and balances and all evidence and logic, the mass hysteria following Snowden and other leaks about (no pun here) violation of individual and Constitutional rights has little basis in relevant facts, inference or a remotely reasonable conclusion. The risk is extremely low if there at all.

One note on leaks and risk — you control what you can control which is much easier with environment, hardware, technology than people and human nature. The clearance processes, training, monitoring, and audit trails are controls for that risk. May be they can change or be improved but they are there.

Done with where the risks are low and onto where they are and why — not just naughty but oh so nasty!

And I expected to put the last nail in that coffin in 3 parts — alas the story of my life is going longer and beyond expectations. At least keeping it interesting and real. Hopefully we can reuse or dispose of the coffin for a burning-man style spectacle.

We need to shine more light on algorithms so they can help reduce bias, not perpetuate it


Courts, banks, and other institutions are using automated data analysis systems to make decisions about your life. Let’s not leave it up to the algorithm makers to decide whether they’re doing it appropriately.

Source: We need to shine more light on algorithms so they can help reduce bias, not perpetuate it

Multi-Domain Confusion: All Domains Are Not Created Equal

Total Domain Confusion Confusion

Domains are not complicated at all. Thus, my knee jerk reaction to the article (link below) was why this confusion? I looked at the author, list of references and had a flashback to Boeing and how nitpicking happens. One of my roles as part of the Enterprise Architecture organization was when the company wanted to define its Information Architecture concepts and group.

Domains and functions are core concepts in Enterprise Architecture. To start with a good and short conceptualization, regardless of the organization, if X is unique enough to require its own set of capabilities, separate from other X’s and not relevant to their core operational needs, it is a domain, otherwise it is a function. For example, in a business, Marketing is a domain not required to run the Supply Chain domain and vice versa. Tech support is a function that cuts across those and other domains (visual here.)

Challenges were not just about semantics and taxonomies. There were hours long and months of on-going meetings with seasoned professionals arguing that information and data are the same. And yes — references to the dictionary and appeal to authority type of arguments. Good people — but thinking about those environments and meetings make me more nauseous than Comey.

If you think information and data are the same you are not abstracting, and not everyone has learned how to or can, but many conflicts are also due to large organization politics and turf protection. In that light, the article makes more sense.

From an analytical approach, it makes assumptions that are not correct:

  • “Etymological problems” and ” Semantic Implication of Ownership” are mistakes of equating a “domain” with physical control. Such associations are neither inherent nor necessary to define domains
  • While the historical progression of thought and proposals (which are abound in large and bureaucratic organizations) are informing, revised domain constructs and effect based definitions are even more confused. There is no such thing as “human (cognitive, moral, and social)” domains in the type of abstraction needed (following below)

Building on those assumptions, the article concludes “What is needed is a simplified construct that defines domain as ‘an area of knowledge, influence, or activity by which a target system can be affected’ with reference to three overarching and interrelated warfighting dimensions—physical, virtual, and social.”

As for affecting, it is too general for war and is not a consideration in the definition of domain. War is about an end state brought by use of force. Effects of affecting are clear: disrupt, deny, destroy. e.g. Stuxnet worm (cyber payload) affected target nuclear centrifuges but it really disrupted their functions as part of the general goal of disrupting a nuclear enrichment program.

Read paragraph 2 above and think of domains as abstractions. Land, sea and air are physical mediums. Their domain quality is not because they are distinct physical operational environments but rather the uniqueness of capabilities and competencies necessitated by that environment. That is the abstraction of why.

Which also makes social a non-candidate since it is not an abstracted medium. Disinformation, deception, PSYOPS are one or other flavors of information warfare but because something may be a domain somewhere does not make it one elsewhere, and information itself is not a “warfare domain.”

There is no confusion except for Domain Confusion Confusion.

Source: Multi-Domain Confusion: All Domains Are Not Created Equal

Don’t Over Connect the Dots on Jared Kushner’s Russia Dealings | The Cipher Brief

Level headed and drama-free points.

Hubris ✓, family business and personal loyalty demanding attitude ✓, trusted chaperone ✓, and suspicions of the IC ✓ can explain it, and certainly not a necessary ✓ but an epic ✓ stupid ✓ initiative.

All those elements check out!


Source: Don’t Over Connect the Dots on Jared Kushner’s Russia Dealings | The Cipher Brief

An Extended Discussion on an Important Question: What is Information Operations?

A good introduction to upcoming series on the continuously evolving definition and scope of Information Operations for different domains and stakeholders.

Source: An Extended Discussion on an Important Question: What is Information Operations?

Piratage de l’Ă©quipe Macron : ce qu’il faut savoir – Le Parisien

De nombreux documents internes de l’équipe de campagne d’Emmanuel Macron ont Ă©tĂ© diffusĂ©s sur les rĂ©seaux sociaux dans la soirĂ©e de vendredi.

Source: Piratage de l’équipe Macron : ce qu’il faut savoir – Le Parisien

Camouflaged Aggression: A Strategic Shift in Russia’s Cyber Activity

Many good points but is there a tendency to assume every result was a reaction to and “intended signal?” Excluding Cambridge Analytica’s targeted impact and Comey public statement on Wiener, the election results do not support an expected and certain success of any covert meddling — and not all such operations are expected or certain to succeed either.

Any successful Information Warfare or covert operation has elements of surprise, difficulty in attribution and intent. Cyber is a new warfare domain with unique asymmetric, low cost of entry, and high pay off characteristics but the underlying strategies are not new. TTPs’ change in time, theater and capabilities do not imply the same about strategies.

Russian IW goes back to Tzars as far as is documented and all of Sun Tzu’s teachings are about non-kinetic warfare. The unfortunate state of our daily political thoughts, discussions and priorities being riddled with pettiness does not impose the same limitations on our adversaries’ capabilities and priorities!

Source: Camouflaged Aggression: A Strategic Shift in Russia’s Cyber Activity