Preface:

Tonight, CNN will be airing their coverage of the Bipartison Policy Center’s Cyber Shockwave event. I was an invited guest for the event held at the Mandarin Oriental in Washington, DC.  To augment CNN’s coverage, I wanted to give my personal perspective of the event.

I tweeted throughout the live event, so feel free to review my @mareck tweets using the #cybershockwave hashtag.  (Here’s a quick link to get to all the tweets I posted from that day.)

Also, see my initial quick thought posted after the event concluded.

I’m not sure what you are going to see on CNN.  I only know what I saw in person at the Cyber Shockwave event.  I have to admit – it was a good production:  great stage, high quality multimedia.  I think I can safely say you’ll agree it’s quite a “show.”

I think you’ll also like the premise of the show:  bringing public attention to (another) serious issue that the country needs to be aware of.  Unfortunately, however, you’ll probably also notice the lack of substance (and some reality) in the simulation.

First off, don’t get too tied up in that word, “simulation,” like I did.  I look at simulations as analytic tools, that can hold up to analytic scrutiny after the fact.  Other simulations I’ve participated in have been that way.  Cyber Shockwave, however, was much more watered down.  I think if you lessen your expectations, you might get a bit more out of the experience.

That said, it’s unfortunate that this event didn’t include experts in network security, hacking, social media, mobile technology and IT architecture.  I think that would have brought a lot of substance and reality into the simulation.  Within 30 minutes, I was already starting to note the wide gap between what I was hearing during the scenario and what I already knew from my experience.

I just don’t think the folks involved in the simulation “get” how real cyber attacks might happen.  They should have taken examples from crowd-based hacking techniques used by groups like Anonymous (from 4chan fame).  That would have helped significantly and it would have kept the scenario from going down the path it did.

You’ll notice how quickly the participants start blaming China and Russia and start looking for individuals who are responsible.  Those of you more familiar with IT security, internet vulnerabilities and hacking trends will probably be as disappointed as I was.  We know it’s much more likely that a major attack would come from a group of hackers from all over the world, connected primarily though similar ideology, discovered via the internet.

But, I’m not surprised that participants focused so much on obvious nation-states.  It’s much easier to target those.  It’s easier to think the problem is similar to nuclear proliferation, or something of the like.  It’s harder, almost scary, to admit it might be more like terrorism and nontraditional warfare.

Midway through the scenario, you’ll be hit with news that improvised explosive devices (IEDs) were used to blow up some of the nation’s power grid.  In an instant, the scenario turns from quasi-typical government response to ENTIRELY typical.  I mean, of course there are IEDs… we understand IEDs.  IEDs are “traditional” terrorism and we know how to react to that.  So, now we can be certain who the enemy is and we can send out our troops to destroy them.  To me, that was way too typical.

Introduction of the IEDs completely threw the scenario off course.  Suddenly, the participants focus shifted from a cyberattack to full on terrorism on U.S. soil.  I have to figure that responses to such terrorism is already being planned out by the Department of Homeland Security and about a hundred other federal, state and local agencies.

As I said in my previous post, you’ll also notice several spots throughout the scenario where participants point out that the private sector can help the government by providing software or services.  That tainted my view of the whole event because it caused me to call into question the motives of the participants.  I doubt all of them were taking advantage of the public forum, but I couldn’t help feeling like a few of them were.

For instance, at one point, the panel said that they wouldn’t “go to the President” with their recommendation without first having a discussion about what can be done over the next five years to prevent a major cyberattack.  If this were a real attack, do you really think the President would be interested in a 5-year plan?  He’d probably want an immediate response.  Talking about a 5-year plan seemed to be a way to propose where the government should invest.

Also, at the conclusion of the scenario, each participant was given an opportunity to provide some final thoughts.  Because my opinion was already tainted, I felt like some of the individuals used this time as an opportunity to market real-life corporate interests.  I think former-government-now-corporate-executive folks who participate in these types of events need to be careful of an important fact:  the appearance of being biased is just as bad as actually being biased.  And most of us public can’t tell the difference.

I look forward to hearing your opinions on Cyber Shockwave after you have a chance to watch it tonight.  Perhaps if enough feedback gets back to the Bipartisan Policy Center, it will help them to improve the next event they plan.

After thinking about it, I’ve decided to post my thoughts about the Bipartisan Policy Center’s Cyber Shockwave over the next few days.  I have a lot of thoughts to get down.  But here is my initial reaction:

It’s good that the Bipartisan Policy Center is trying to get the country thinking about important issues.  Cybersecurity is certainly an important topic and our nation needs to consider cyberattacks along with all other sorts of attacks so that we are not blindly vulnerable to an enemy.  But, in doing this, I believe it’s incumbent upon such “doers of good” to keep the discussion true to the subject so that it really can help us.  On that note, I really think sponsors of events such as this — especially when the event is purported to be a “simulation” — have to be careful not to allow their corporate interests to enter into the simulation itself.  I think the whole event would have been much better if there didn’t appear to be ulterior motives at different points during the exercise.  I caught panelists several times subtly “proposing” ways in which information security companies could help the federal government.  I won’t go into them right now, but I intend to discuss them further in my subsequent blot posts.

Was Cyber Shockwave terrible?  No.  But, did it help the country?  I have to answer no.

Look for more thoughts on Cyber Shockwave in the coming days…

I have been using Waze on my Droid for the past few days and I have to say that it is a great application.  The developer’s of Waze describe it as “Real-time maps and traffic information based on the wisdom of the crowd” and that’s exactly what it is.  I have enjoyed seeing updates from folks around the DC metro area about traffic issues: slow areas, jams and accidents.  Apparently DC hasn’t reached critical mass yet according to the notice displayed on Waze when I first launched it.  However, I can definitely see the potential.

In addition to “social traffic,” Waze will share your location and destination to everyone in your area.  It defaults to sharing this data anonymously, but you have the option of turning it off all together or showing your nickname.  There is also a game aspect to Waze that I haven’t explored yet.  Much like Foursquare, you get points by using directions through Waze and bonus points for going to locations set by Waze.  Personally, I’d rather Waze award points towards solely to increase the credibility of users, rather than for playing the game, but I understand why it is there.

I think a great enhancement to tool like this would be the ability to dymically change your route based on traffic conditions.  Waze would probably have to wait until an area reached critical mass, but once all of that data is available, it would be a shame not to take advantage of it.  If that were a feature, I could see using Waze every day for my commute.

I’m planning to read the classic book “The Guns of August” by Barbara Tuchman. I’ve been thinking about how often times we base our current decisions and strategies on that which we have learned in the past, without understanding that our world has changed around us. “The Guns of August” describes how that exact thinking is what led us to World War I – by 1914 the world had changed technologically, economically and culturally since earlier wars. That meant that the military philosophies of the world’s leaders and the very nature of warfare had to change as well…but it didn’t and serious miscalculations resulted in a long, drawn out, costly World War.

How does this related to social media?  I think that the world has changed significantly with the advent of the Internet and social media:  people in third world countries are carrying cell phones even though they travel on dirt roads; netizens armed with smartphones, Youtube and Twitter rose up against Iranian leadership; and virtual wars are taking place regularly on the Internet.  To me, this means that the very nature of modern warfare has to change as well.  Perhaps weapons that inflict physical damage on the enemy won’t go as far in this new world as “smart” weapons that hit the enemy via social media sites, smartphone applications and denial-of-service attacks.  I think that in order to be competitive in the future, we must become experts in these new technologies so that we are prepared for the battles to be fought on the virtual landscape.

Got word through my network (thanks, Rita) that Forterra is likely laying people off:  http://dusanwriter.com/index.php/2009/12/20/is-forterra-headed-for-acquisition-layoffs-reported/

Having used Forterra in a project within the past year and a half, I have to agree with the writer that Forterra’s issues are related to cost of software and services and a somewhat unstable platform.  Plus, as I said in my last post, virtual world technology is available as free or nearly free open-source.  Opensim, for instance, is open source and looks/acts a heck of a lot like Second Life.

The cost of developing within a virtual world is very low.  Second Life is free to join and there are many open-source virtual worlds.  I believe virtual worlds can be used as a near-free platform for real-time data visualization.  If everyone is a sensor, then displaying and tracking the real-time location could be done on the cheap in a virtual world.