Ask any journalist to pick an adjective to use in connection with standards development and the answer will invariably be "boring." But according to a recent New York Times article (yes, it also used that word - as well as "wonky"), the process of creating standards just became a whole lot more interesting - at least when it comes to the blockchain. The reason? A standards working group may have been infiltrated by state actors bent on embedding security flaws into the very standards being created for the purpose of preventing attacks.

Today the old Gray Lady, the New York Times, no less, weighed in on election hacking in an Op/Ed piece titled The Election Won't be Rigged. But it Could be Hacked. Of course, anyone who's read my second cybersecurity thriller, The Lafayette Campaign, a Tale of Election and Deceptions, already knew that.

The particular focus of the NYT article is that since voting can be hacked, it's vital to have a way to audit elections after they occur to see whether that has been the case, and to reveal the true electoral result.

One of the big political stories this week is that experts believe that Russia has hacked the Democratic National Committee’s servers in an effort to help Trump win the presidential election. Today, security expert Bruce Schneier went further, in an editorial in the Washington Post, suggesting that Putin’s next move may be to exploit the woefully inadequate security of US voting machines to hack the election itself.

That’s a warning worth heeding, because the possibility is all too real. So far, though, no one has focused on another vulnerability that may have already been exploited as the first step towards stealing the election. That’s surprising, because the hack is so obvious.

Now that’s an intriguing question, isn’t it? Just about every other computerized process has proven to be vulnerable, and as voting becomes even more technology based, it becomes increasingly vulnerable as well. Computer systems are generic processing hosts, and to a computing platform, data is simply data. The fact that certain information tallies votes rather than credit card transactions does not make it any harder to hack. Moreover, the U.S. has a long history of documented voting fraud, so there’s no reason to assume that politicians, and their backers, have suddenly become paragons of virtue. Indeed, there’s plenty of evidence to the contrary.

When you come down to it, the only thing that’s different today is that altering votes might be easier, and that those motivated so do so may be harder to catch. So why aren’t we hearing more about that risk?

Another good question. But before we explore it, let’s add a few more observations to the pile.

You can find the first part of this series here

It would be convenient and consoling to pretend that what I’ve described over the last several days is simple science fiction. But sad to say, the only thing that is doubtful about the scenario I have described is that it might be difficult for the perpetrator to build a thousand drones without Western espionage becoming aware of the plan.

But would that really be so hard? Many countries are building drones now; the technology is not complex. Indeed, Germany launched V-1 drones against Britain more than seventy years ago. With GPS today, building and guiding sufficiently reliable drones of the primitive type needed to stage the attack I have described is within the technical ability of every nation that could be imagined to be an enemy. And there are plenty of old ships to go around.

You can find the first part of this series here

When the New Year’s Day sun rose in Europe and the United States, the reality of what had happened was hidden to almost all. Only a hundred or so targets had been struck, and the smoke from the ruins that remained was already dissipating. What people did immediately realize was that certain things that they were used to working now did not.

The things that no longer functioned included anything that relied on electricity to operate. Which was, of course, virtually everything except automobiles. This was necessarily the case, because all of the elements that coordinated and controlled the power grid had been destroyed. Even many battery powered devices were silent – the cell phones had no dial tones, and the radios generated only static, because the management software and servers that enabled telecommunications had also been annihilated. Perhaps most discomfiting of all, there was no Internet, nor any of the services that relied upon the Internet.

You can read the first part of this series here

As the sun set on New Year’s Eve, 2022, a dozen anonymous container ships were approaching major ports in the United States and Europe.  Like many carriers nearing the end of their useful life, their histories were mongrel in nature; originally owned by major shipping magnates in Greece, they had passed through multiple hands and were now flagged in Senegal, and chartered by a concern in Amsterdam. Three years ago each had been subchartered by one of several much smaller companies with offices in many out of the way places. 

The terms of each charter contract made the company responsible for the upkeep of the ships it had leased, and in due course over the first year of the engagements each ship had undergone repairs in small ship yards in the Indian Ocean and in Southeast Asia before returning to ply its trade in the various shipping lanes of the world.

This is the first part of a four-day series I will post this week highlighting an astonishingly neglected area of cyber-vulnerability. I will be presenting it tomorrow (remotely) at the Jules Verne Corner segment of the ITU's meetings this week in Kyoto, Japan

There appears to be consensus in many quarters today that migrating to the Cloud is highly desirable – indeed, that we have already embarked upon an irresistible and indeed inexorable migration.  Multinational IT vendors view this transition as the next great market opportunity; governments see in it an opportunity to finally rationalize their Byzantine legacy systems without incurring massive up front capital costs; and enterprise users find the value proposition increasingly compelling as their systems become more complex, expensive and difficult to maintain. 

Meanwhile, the data, records, pictures and social relations of individuals (often without their pausing to think about it) move with the tap of a key from hard drives and back up device from the supervision of their owners to who knows where, owned by who knows who, and vulnerable to who knows what?

Have you discovered The Alexandria Project?

Well, it’s an interesting world we live in, isn’t it?  I say that because one of the lines I came up with to promote my cybersecurity thriller, The Alexandria Project was, “It’s only fictional in the sense that it hasn’t happened yet.”  There wasn’t much question in my mind that this statement would prove true, but I hadn’t expected that it would happen so quickly, and even so precisely.  In the latest example, it almost makes you wonder whether those involved have read my book.