Monday, September 23, 2013

Guns Control Responsiblity


I am a full supporter of the 2nd Amendment to the United States Constitution. I see nothing in the text that limits the type, number, or caliber of firearms a person may own. I feel that this extends not only to the United States, but it is a basic human right for all. 

For the Government to restrict ownership of firearms by responsible gun owners is a violation of that right. It is important to discuss the idea of a responsible gun owner, and I will use myself as an example.

I own several firearms.  I have owned them and had access to them since I was about 9 years old.  I grew up with the rules of owning a firearm. As a child the fact that you always treat a firearm as if it is loaded, always be aware of what is behind your target, and the safe transport of a firearm in the course of hunting. 

The military taught me how to employ a firearm in a tactical environment.  I was taught situational awareness, target identification, the best methods for employing a firearm, and the legal ramifications if I made a mistake. Safety was stressed, and not just a single class, but also a daily briefing, monthly class, and quarterly test.

The idea of controlling ownership of guns is a very touchy topic.  Absent of any overwhelming reason such as, mental issues, or criminal activity[1] the ownership of a firearm must not be restricted.

I support strict control on who may possess a firearm in a public area. In public there are tactical concerns that exceed the average user’s knowledge.  A 72 hour course once in a lifetime is not enough to engender confidence in the public’s ability to use a firearm effectively, or safely.  An untrained, well-intentioned person can cause much more harm than good. This issue needs to be addressed by all responsible gun owners.

I know this does not sit well with everyone, especially those irresponsible few who view this as a political issue.  I will point to the George Zimmerman case.  Although he was within his rights, he was tactically an idiot. Had he employed some simple tactical techniques he would never had a direct encounter. Responsible gun owners know this.

I will be pressing for gun reform that addresses these issues. As long as you are not deemed a mental case or felon you may own whatever you like at home.  However, without initial tactical and recurring training, you will have to leave your firearm at home.

[1] Any felony must result in loss of gun ownership anywhere at anytime. 

Thursday, September 19, 2013

The Insider Threat.

The Insider Threat

The recent events at the U.S. Navy facility in Washington D.C. has created confusion, and controversy in regards to the safety and security at military facilities. This article is based on my experiences as a U.S. Air Force Security Policeman.  Security of military information, facilities, and personnel was an intricate part of my life throughout my military career. I lived it, trained it, and helped develop security processes, devices, and doctrine. 

Whenever a person shoots a large number of people in a single incident it attracts attention.  This is a natural part of the human response to these types of tragedies.  When the shooting occurs on a military installation it causes even more concern. As with all tragedies of this sort it also becomes a wasteland of political and social comments that plays on what the average American does not know.  I hope to give you some information that will aid you in making decisions.

All of the military services have police functions. This is not just to protect information, facilities, and personnel from outside threats, but also to protect from the inside threat.  I would love to say that every military member is a Boy/Girl Scout, the truth is they are not.

Military personnel have the same problems as their civilian counterparts.  Military members commit the same crimes as their civilian counterparts.  A military base has crime that ranges from petty theft to murder. The major difference is the rate on a military base is far lower than you find in the “outside” world. The reasons these rates are so low is based on the security processes that begin at the recruiter’s office.

Every member of the military undergoes a background check.  The extent of this check varies based on the job the military member will be doing.  To join the military requires a basic criminal background check. The same type that many civilians are required to pass for a job. This will get them a military ID card that will allow access to a military base.

To obtain a basic Secret Clearance requires a more extensive background check to include financial, school, and criminal records.  In addition, family and friends are called to provide a basic profile of the individual’s trustworthiness.

Background checks are only one part of the process.  Even when a person has a clearance, they will still need to complete an interview that includes their immediate supervisor, and up; this includes their unit commander.  For those of us that carried a weapon as part of our job in included an interview and certification by our commander.

Background checks, no matter how complete or detailed, interviews and evaluations are only predictive of present trustworthiness.  There are events in a person’s life that can change everything about them in a very short period. 
Although reporting on the Navy shooter has been constant, it is still too early to determine what in him changed.  The important issue at hand is the processes that allowed him access to a military installation. Because of the sensitive nature of access to military installations I will not be able to describe in detail how these procedures work, but I can provide some basic information. 

To gain access to most military installations is not hard if you are already authorized to do so.  For a person who is not authorized access it is slightly more difficult, but not impossible. Gaining access to a military installation is like getting into the parking lot of an amusement park.  You are there, but getting on a ride requires further steps.

Every military facility has access levels.  Depending on the facility you may need special identification, and pass though special procedures to gain access.  Regardless of all the background checks and human reliability procedures; the access procedures is where the system failed at the Navy facility. That brings us to another popular issue regarding the Navy shooter.

The carrying of weapons on a military facility is strictly controlled.  In contrast to what has been reported; carrying personal weapons concealed or otherwise have not been allowed on any military installation since well before President Clinton took office.  For those living in a barracks they must keep their personal weapons in the unit’s armory.  For those living in base housing they may keep their weapons in their home.  In either case they may transport these weapons on or off base. They are not allowed to carry these weapons to work or for non-shooting recreational use.  A military base is not a Gun Free Zone as defined by civilians.  In fact, many bases offer a wide variety of weapons and ammo for sale that exceeds what many comparable civilian stores do.  In addition many bases have skeet and rifle ranges for recreational use.

A military base is a treasure chest for our country.  The weapons and systems that exist there are extremely valuable in terms of money, and national security. The protection of these systems and personnel are the responsibility of the base security force. If everyone was carrying their own personal protection, the ability for outside agents to exploit this becomes enormous, and would reduce security, not enhance it. Military security forces are well trained in the use and tactics required to provide security. Certain military resources react poorly to bullets.  The Navy shooter is not a case of an outsider exploiting security, it is a matter of an insider exploiting security.

The Navy, and all of the services will review and report on their processes. Although it is an on-going process, situations like those at the Navy facility highlights the need to strengthen those procedures.  Allowing everyone on base to carry a weapon at work is not the answer.

What procedures can the military take?  They can take the same procedures that are taken in other high threat areas.  Due to Operational Security this is not the place to discuss those procedures; however, I have notified the appropriate authorities with my suggestions.

If you have any questions you may comment here, or email me at

Sunday, September 8, 2013

Cyber Tomahawk

Cyber Tomahawk

There is no doubt that chemical weapons were used in Syria.  There is also no doubt that this should not be ignored. A response to the action must be swift and debilitating.  Although there are a great many good arguments on both sides of this issue there are methods that many do not consider.  This article is about one of the methods that can be used that are outside the conventional military response.

First, what do we know about Syria?  Although Syria has been embroiled in a +2 year civil war it still has certain portions of its infrastructure intact.  These include basic communications, power, and military targeting and guidance systems.

Second, what do we know about these systems?  Operations by non-government supported individuals have demonstrated that Syria has not spent much time or effort in securing these systems.  To be fair that is true of most computer systems in general, but Syria appears to have many holes that have been penetrated.

Third, what do we know about the capabilities of the U.S. and others who support a retaliatory strike?   Operations that have been conducted in other locations prove the ability of government supported teams to not only penetrate, but to also take control of systems within “protected” networks.  A strike directed at the electronic infrastructure of Syria is well within the capabilities of these groups.

Fourth, what is the potential fallout of this type of strike?  This is the complicated part of the equation.  No guarantee can be made that this type of attack would not result in non-combatant casualties. However, this type of attack would not result in the numbers of associated casualties that a conventional attack would. 

Fifth, would the attack cripple Syria? That depends on the level and depth of the attack.  It would create a great deal of havoc that could last weeks, and even months. Of course that is dependent on the aggressiveness of the attack. It would not keep the Syrians from launching another chemical attack, but the realization of the damage caused by a cyber attack would certainly make them hesitant to do so.

Sixth, what dangers exist to our own networks and future cyber attacks?  Everyday our enemies are attempting to penetrate our electronic systems. Would an enemy be emboldened to strike back?  In this case I am not talking about Syria, they have a very limited capacity to do so.  Other enemies would become more aware of possible vulnerabilities and learn from the attack, which would allow them to further harden their own networks.  This is true of everyday hacking attempts.

The final analysis of using a Cyber Tomahawk to strike Syrian infrastructure would indeed do substantial damage in the short term, and send a clear message to the Syrian’s, it would not cripple the regime in the long term. While the cyber attack would reduce the exposure of U.S. forces, it would not eliminate the danger posed to non-combatants in Syria. As with any attack other enemy forces would learn about our capabilities, but this is not critical as you may think. 

Questions still exist as to the objective of a strike on Syria. These objectives must be clearly known by our forces (not our public) before determining the best course of action.  Given the fact that we have lost the initiative and any chance of surprise this type of attack may be the only viable option.

Sunday, September 1, 2013

The Story of the Syrian Electronic Army (SEA)

The Story of the Syrian Electronic Army (SEA)

The Background Story: On 27 August 2013, the New York Times website was attacked and taken off-line for several hours by the Syrian Electronic Army (SEA). The attack resulted in users web browsers being redirected to an SEA page. The attack has been the subject of little interest to most of the major media outlets, and for good reason as I will explain.

First, a quick primer for my friends who are not all technically savvy.  Think of the internet as a bunch of houses all arranged into neighborhoods.  Each house has an address that identifies the country, state, city, and house. When you go visit a website you are actually traveling to a house.  In order to get there you follow the address that is given for the house.

Now imagine that someone changes the address for that house. Instead of going to the house with awesome cat pictures, you end up going to a house that has dead fish pictures. I would think you would be surprised by this, and rightly so. Where the house is located is published by a company that registers the website’s domicile, or domain.

What the SEA did was not about technical ability. Instead of using some tremendous technical ability, they were given the password by someone at the domain registration company.  In short, it was an inside job.

The New York Times, Twitter United Kingdom, and Huffington Post United Kingdom all used the same Domain Registrant.  This is not to condemn the domain registrar in this case; they had a bad apple go rogue. The attack highlights the unsophisticated nature of the attacker.  They could have done more, but they lacked either the skill or planning to do so. No, I will not be telling you what they could have done. Let those morons figure it out alone.

The Skirmish in the Ether: The SEA attack was not the only one going on at this time.  Shortly after the attack a response was launched by at least two hackers in a counter attack on Syrian Government media, and the SEA itself.  Unlike the short lived attack by the SEA these attacks lasted for over 24 hours, and effectively shut down the SEA, and syriously (intentional spelling) affected the Syrian Government. I witnessed and confirmed the targets were indeed taken down, and stayed down. 

Another battle began shortly after the initial attack on the NY Times et al.  In the propaganda war the SEA, which claims to be a Hacker Collective began making claims that they had never come under attack.  The outage of their system was due to their domain registrar suddenly deciding to suspend their account. This ranks up their with Baghdad Bob claiming Americans were not near Baghdad Airport, when in fact they were past the Airport and running off the rest of the Republican Guard. Propaganda is weird that way.  

Propaganda has a way of telling us things the enemy does not want you to know. In this case, IF the SEA is backed by Syria’s government then the Syrian Government has a syrious (I did it again) Information Technology problem.  Oddly, Al-Jazeera, who had been a target of the SEA, has attempted to portray the SEA as some sort of danger.  They very well could be, but the real danger to the Syrian Government is defense of their networks.  There are those poised to make it disappear, or behave badly.

The Final Analysis: The skirmishes in the ether will continue, and I predict will escalate.  At present they do not amount to much in a real sense, but they do demonstrate the capabilities that exist.  

There are certainties we can take from the Civil War.  Syria in the end will lose.  The world outside of Syria will be dangerously affected with further destabilization in the region. War is hell and the longer it lasts the more children will suffer.

Credits and Acknowledgements.

            Sources with held due to security considerations, you are certainly free to investigate the claims I have made.

            I did not come up with the clever us of “Syrious” that was inspired by someone else. We will just say that person will remain an inspiration of sorts.