To be candid, I’ve always found the NSA’s “defend forward” pitch intriguing from a historical perspective.
The Navy subsequently developed a “transoceanic” strategic concept, orienting the Service away from contesting the oceans and toward projecting power across them to distant land masses.
Truman, a master statesman, perhaps explained the problem most succinctly as I’ve written here before:
…MacArthur had been outwitted and outflanked by a guerrilla army with no air force, crude logistics, and primitive communications, an army with no tanks and precious little artillery. As David Halberstam put it, MacArthur had “lost face not just before the entire world, but before his own troops, and perhaps most important of all, before himself.” All of this happened because MacArthur was almost criminally out of touch with reality. […] “I didn’t fire [General MacArthur] because he was a dumb son of a bitch, although he was,” Truman later said. “I fired him because he wouldn’t respect authority…”
The CIA might be making a subtle yet very poignant argument that all the best high-tech in the world doesn’t amount to a hill of beans when basic skills and wisdom for placement and use are missing.
The biggest “power projection” advocates often overlook some important lessons of quiet professional intelligence oriented towards asymmetry. Consider how false power projections often have helped smaller, more agile forces overcome vastly more powerful enemies.
Here’s a story that can’t be told often enough. In 1940 Ethiopia 20,000 irregular troops from Sudan made quick and easy work of nearly 300,000 Italian fascist soldiers. Done and dusted, presenting us a very fine model for active defense in cyber being highly efficient and strategic, creative more than athletic.
The impotence of the American juggernaut in Vietnam has put this problem under the spotlight of history. The one thing the guerrillas have in abundance is imagination, and this seems to outweigh the imbalance in materiel. It is the author’s contention that creativity is what wins battles–the same faculty that inspires great art.
Analogies comparing more traditional big power projection (Russia’s “dumb meat grinder” approach) onto cyber operations, projecting massive capabilities as the wedge into an adversary’s digital infrastructure, are frequently used but may not accurately reflect the complexities of cyber warfare. It’s a bit like hearing “we estimate Goliath’s imposing size is what will prevent the next David”. Meanwhile David might just be afraid of tiny spiders. It’s conflict on the Web, after all.
The NSA’s publicly described concepts of “Cyber 101 – Defend Forward” showed much promise for being on the right side of “power projection” history, yet it remains unclear just how agile, adaptive and effective it has been and at what scale. Can it be a deterrent if its potential remains a secret?
The book that inspired Dr. Strangelove
At the very least I can appreciate that an official .mil site said “Cyber 101” as if a veiled shout-out to those who know about the WWII Special Operations “Mission 101” victory. Big hint? Maybe 50 years from now we’ll know how deeply the NSA landed and implanted quiet professionals behind enemy infrastructure boundaries.
…just as a navy goes underway from a port or an airplane takes off from a runway, and thus are legitimate targets during times of conflict – persistent engagement involves targeting adversary cyber capabilities and their underlying infrastructure. This approach prevents adversary nations and non-state actors from launching disruptive and destructive cyberattacks in the first place.
With the departure of General Paul M. Nakasone, the primary advocate for “defend forward” from a top NSA position, it remains to be seen under General Haugh how this strategy will evolve.
General Timothy D. Haugh, U.S. Air Force, assumed command of U.S. Cyber Command (USCYBERCOM) and the National Security Agency (NSA)/Central Security Service (CSS) on February 2, 2024, during a change of command, directorship, and responsibility ceremony at USCYBERCOM/NSA/CSS Headquarters.
In my estimation and experience, Navy leadership typically brings a superior strategic mindset to effectively navigate the intricate infrastructure and multi-domain landscape of cybersecurity. Air Force brass, however, may prioritize very abstract approaches lacking grounded understanding of light-touch and responsive asymmetry needed for real measured success in massive scale operational challenges (e.g. risk MacArthur’s “catatonic” follies).
A brand new Cybertruck showing moisture decay gets put out with the other garbage in the East BayHere is yet more proof that some old white guy high on drugs shooting at his own car in the desert shouldn’t be the one making actual real world product engineering decisions let alone PR claims about “survivability“.
The member wrote: “The advisor specifically mentioned the Cybertrucks develop orange rust marks in the rain and that required the vehicle to be buffed out. … [He] also shared photos of small orange specs of rust on the stainless-steel body, which they claim were taken after a “dish soap wash.”
Can’t get it wet?
Rain degrades the shell?
Have to regularly buff and buff, and buff some more, to prevent rapid deterioration after exposure to moisture?
It’s impossible to put less thought into this vehicle. A baby chimpanzee could probably deliver a more “survivable” design by randomly pushing buttons on a keyboard.
This corrosion problem seems like the very basic kind of stuff the British famously figured out by the 1800s. Somehow Tesla is caught off guard over two centuries later, to the point that owners have to publicly and loudly grouse about rust spots just days after getting delivery of a new car.
Let me put it like this. If Elon Musk had built ships for the British in 1800, they’d all be speaking French today. Tesla peddles fraud, the opposite of survivable.
A Navy SEAL reportedly was swept away by a large rogue wave while in the process of climbing a boarding ladder in the dark at 20:00 (sunset 17:50). Another SEAL, in an expected rescue procedure, pursued the first and both disappeared.
Gentle Breeze – Sea surface broken with large wavelets. Wave height 0.5 to 1.25 metres (1 ft 8 in to 4 ft 1 in)
The wake of a fat dhow underway easily could affect wave height. This is the exact dhow, and the sea state, in question.
Source: CENTCOM
The two missing SEALs have just been officially listed as deceased by CENTCOM.
During this expansive search operation, airborne and naval platforms from the U.S., Japan, and Spain continuously searched more than 21,000 square miles to locate our missing teammates. Search assistance was also provided by Fleet Numerical Meteorology and Oceanography Center, the U.S. Coast Guard Atlantic Area Command, University of San Diego – Scripts Institute of Oceanography, and the Office of Naval Research – Oceanographic Support.
I’m noticing again that ChatGPT is so utterly broken that it can’t even correctly count and track the number of letters in a word, and it can’t tell the difference between random letters and a word found in a dictionary.
Here’s a story about the kind of atrociously low “quality” chat it provides, in all its glory. Insert here an image of a toddler throwing up after eating a whole can of alphabet soup
Ready?
I prompted ChatGPT with a small battery of cipher tests for fun, thinking I’d go through them all again to look for any signs of integrity improvement in the past year. Instead it immediately choked and puked up nonsense on the first and most basic task, in such a tragic way the test really couldn’t get started.
It would be like asking a student in English class, after a year of extensive reading, to give you the first word that comes to mind and they say “BLMAGAAS”.
F. Not even trying.
In other words (pun not intended) when ChatGPT was tested with a well-known “Caesar” substitution that shifts the alphabet three stops to encode FRIENDS (7 letters) it suggested ILQGHVLW (8 letters).
I had to hit the emergency stop button. I mean think about this level of security failure where a straight substitution of 7 letters becomes 8 letters.
If you replace each letter F-R-I-E-N-D-S with a different one, that means 7 letters returns as 7 letters. It’s as simple as that. Is there any possible way to end up with 8 instead? No. Who could have released this thing to the public when it tries to pass 8 letters off as being the same as 7 letters?
I immediately prompted ChatGPT to try again, thinking there would be improvement. It couldn’t be this bad, could it?
It confidently replied that ILQGHVLW (8 letters) deciphers to the word FRIENDSHIP (10 letters). Again the number of letters is clearly wrong, as you can see me replying.
And also noteworthy is that it was claiming to have encoded FRIENDS, and then decoded it as the word FRIENDSHIP. Clearly 7 letters is neither 8 nor 10 letters.
Excuse me?
The correct substitution of FRIENDS is IULHQGV, which you would expect this “intelligence” machine to do without fail.
It’s trivial to decode ChatGPT’s suggestion of ILQGHVLW (using 3 letter shift of the alphabet) as a non-word. FRIENDS should not encode and then decode as an unusable mix of letters “FINDESIT”.
How in the world did the combination of letters FINDESIT get generated by the word FRIENDS, and then get shifted further into the word FRIENDSHIP?
Here’s another attempt. Note below that F-R-I-E-N-D-S shifted three letters to the right becomes I-U-L-H-Q-G-V, which unfortunately is NOT the answer that ChatGPT responds with.
Why do those last three letters K-A-P get generated by ChatGPT for the cipher?
WRONG, WRONG, WRONG.
Look at the shift. The (shifted) letters K-A-P very obviously get decoded to the (original) letters H-X-M, which would leave us with a decoded F-R-I-E-H-X-M.
FRIEHXM. Wat. ChatGPT “knows” the input was FRIENDS, and it “knows” deciphering fails if different.
Upon closer inspection, I noticed how these last three letters were oddly inverted. The encoding process opaquely flipped itself backward. That’s how it encoded a non-word F-R-I-E…K-A-P.
In simpler terms, ChatGPT flipped itself into a reverse gear half-way, incorrectly using N->K (shift left 3 letters) instead of the correct encoding N->Q (shift right 3 letters).
Thus, in cases where it starts with a shift key of F->I, we see a very obvious and easy to explain mistake of K->N (abrupt inversion of the key, shift left 3 letters).
Given there’s no H-X-M in FRIENDS… hopefully you grasp the issue with claiming a K-A-P where the first letter F was encoded as I, and understand how the simple substitution is so blatantly incorrect.
This may seem long-winded, yet it represents a highly problematic and faulty logic inversion at the most simple stage of test. Imagine trying to explain integrity failure of a far more complex subject with multi-layered and historical encoding like health or civil rights.
There are very serious integrity breach implications here.
Can anyone imagine a calculator company boasting a rocket-like valuation to billions of users and dollars invested by Microsoft and then presenting…
We found that ChatGPT’s performance changes dramatically based on the requirement to show its work, failing 20% of the time when it provides work compared with 84% when it does not. Further several factors about MWPs relating to the number of unknowns and number of operations that lead to a higher probability of failure when compared with the prior, specifically noting (across all experiments) that the probability of failure increases linearly with the number of addition and subtraction operations.
We are facing a significant security failure that cannot be emphasized enough as truly dangerous to release to the public without serious caution.
When ChatGPT provides inaccurate or nonsensical answers, such as stating “42” as the answer to the meaning of life, or asserting that “2+2=gobble,” some people are too quick to accept such instances as evidence that only certain/isolated functions are unreliable, as if there must be some vague greater good (like hearing the awful fallacy that at least fascists made the trains run on time).
Similarly, when ChatGPT fails in a serious manner, such as generating harmful content related to racism or societal harm, it is often too easily waved away or made worse.
In order to make ChatGPT less violent, sexist, and racist, OpenAI hired Kenyan laborers, paying them less than $2 an hour. The laborers spoke anonymously… describing it as “torture”…
At a certain point, we need to question why the standard for measuring harm is being so aggressively lowered to the extent that a product is persistently toxic for profits without any real sense of accountability.
Back in 1952, tobacco companies spread Ronald Reagan’s cheerful image to encourage cigarette smoking, preying on people’s weaknesses. What’s more, they employed a deceptive approach, distorting the truth to undercut the unmistakable and emphatic scientific health alerts about cancer at the time. Their deliberate strategy involved manipulating the criteria for assessing harm. They were well aware of their tactics.
Ronald Reagan played a significant role in exploitation campaigns, which are claimed to have caused the deaths of at least 16 million Americans. It wasn’t until data integrity controls were strengthened that the vulnerability was addressed.
This is the level of massive integrity breach that may be necessary to contextualize the “attraction” to OpenAI. A “three sheets to the wind” management of public risk also reminds me of CardSystems level of negligence to attend to basic security.
Tens of Millions of Consumer Credit and Debit Card Numbers Compromised
The CardSystems incident was pivotal, underscoring the undeniable harms associated with it. Sixteen million Americans succumbed to tobacco-related deaths over decades, then tens of millions of American payment cards were compromised in systems-related breaches over years.
Although these were distinct issues, they shared a common thread of need for regulatory intervention and showed accelerations of harm from inaction, which is very much what OpenAI should be judged against. Look at the heavily studied Chesterfield ad above one more time, and then take a long look at this:
The last time big companies blew this much smoke, sixteen million Americans died.
Honestly I expected ChatGPT to complain that the Chesterfield ad with Ronald Reagan was running the same year in direct response to scientific study, not two years after. Here’s how Bing’s AI chat handled the same question, for comparison.
Did you expect Microsoft AI to promote smoking? You probably should now.
Microsoft seems to be actively promoting smoking to users as a cute commentary, arguably far worse than OpenAI forgetting whether Reagan promoted it. Also the Christmas ad campaign in question was not 1948, it was 1952. Bing failed to process a correct year. Alas, these AI systems pump into the public obvious integrity failures one after another.
The tobacco industry’s program to engineer the science relating to the harms caused by cigarettes marked a watershed in the history of the industry. It moved aggressively into a new domain, the production of scientific knowledge, not for purposes of research and development but, rather, to undo what was now known: that cigarette smoking caused lethal disease. If science had historically been dedicated to the making of new facts, the industry campaign now sought to develop specific strategies to “unmake” a scientific fact.
The very large generative AI vendors fit only too neatly into what you can see was described in the above quote as a production process to “‘unmake’ a scientific fact“… and for financial gain.
In 1775, in his book, Chirurgical Observations, London physician Percival Pott noted an unusually high incidence of scrotal cancer among chimney sweeps. He suggested a possible cause… an environmental cause of cancer was involved. Two centuries later, benzo(a)pyrene, a powerful carcinogen in coal tar, was identified as the culprit.
Carcinogens of tar were studied and known harmful since the late 1700s? The timing of scientific fact gathering for “intelligence” sounds very similar to a worldwide abolition of selling humans (another ChatGPT test it failed), except that somehow selling tobacco was continued another 100 years longer than slavery, while killing tens of millions of people.
Let’s go back to considering the magnitude of negligence in privacy breaches of trust like CardSystems, let alone the creepily widespread and subtle ones like the privacy risk of Google calculator. Map of Google calculator network traffic flows
Everyone now needs to brace themselves for low-integrity products such as the AI calculator that can’t do math — failure to deliver information reliably with quality control — perhaps racing us toward the highest levels of technology mistrust in history. Unless there’s an intervention compelling AI vendors to adhere to basic ethics, establishing baseline integrity control requirements such as how cholera was proven unsafe in water, safety failures are poised to escalate significantly.
The landscape of security controls to prevent privacy loss underwent a significant transformation in response to the enactment of California’s SB1386, a necessary change and driven only by the breach laws and their implications. After 2003 the term “breach” took on a more concrete and enforceable significance in relation to potential dangers and risks. Companies finally found themselves compelled to take fast action to prevent their own market from collapsing due to predictable lack of trust.
But twenty years ago the breach regulators were focused entirely on confidentiality (privacy)… and now we are deep into the era of widespread and PERSISTENT INTEGRITY BREACHES on a massive scale, an environment seemingly devoid of necessary integrity regulations to maintain trust.
The dangers we’re seeing right here and now in 2023 serve as a stark reminder of the kind of tragically inadequate treatment of privacy in the days before related breach laws were established and enforced.
The good news is there are simple technical solutions to these AI integrity breach risks, almost exactly like there were simple technical solutions to cloud privacy breach risks. Don’t let anyone tell you otherwise. As a journeyman with three decades of professional security work to stop harms (including extensive public writing and speaking), I can explain and prove both solutions immediately viable. It’s like asking me “what’s encryption” in 2003.
The bad news is the necessary innovations and implementations of these open and easy solutions will not happen soon enough without regulation and strong enforcement.
