CEO at Ziklag Systems LLC
by Stephen Bryen
It is virtually certain now that the critical infrastructure of the United States will, in whole or in part, crash in the next few years, if not sooner. What is the critical infrastructure and how does any of this matter to you?
There are different ways that critical infrastructure can be understood. The Department of Homeland Security breaks it down into “sectors” that include the information technology sector, energy sector, communications, health care and public health, commercial facilities and transportation systems. To this we can add government and military operation and law enforcement as sectors of prime importance if any of the “sectors” collapses.
Consider the following simplistic scenario. A number of nuclear and conventional power plants stop functioning, creating a grid crisis that cascades, leaving major cities without electrical power. Some facilities, those with natural gas generators, may function; but most services will shut down, factories will close, and law enforcement which certainly will include National Guard deployments will be under pressure to prevent lawlessness and panic. Gas stations will not be able to pump gas, so after a few days most cars won’t run. Traffic signals will be out. Trains won’t run and planes won’t fly. Some radio may stay operating, but as people’s phone batteries run down, communications will be more difficult. Even worse, food stores will run out of supplies and can only operate in daylight hours and without cash registers, lighting or refrigeration. Government services will also stop and government employees won’t be able to go to work or be paid. Services like Medicare and Social Security will be suspended. Financial services will halt; the stock market will be suspended and for all intents and purposes crashed. No one will get a paycheck and the value of the dollar will plummet. Inflation will soar, just as it did in the Weimar Republic.
Why would a crisis like this happen? There is a natural causes scenario, where an overloaded and badly managed power grid just disintegrates taking with it all the services described above and a lot more we have left out. There are different points of view as to whether a natural causes scenario will happen, or even if a natural causes scenario could be recognized.
The emerging scenario is a successful cyber attack that brings down the power grid. This type of attack could happen so swiftly and cause so much physical damage that understanding what happened and figuring out how to bring the grid back on line is a non-trivial problem.
Our government is focused on attacks on the critical infrastructure from China, or Russia or Iran. A real attack is a form of war, and one would expect that a state actor would not sponsor such an attack unless there was a parallel conflict, or at least a series of events leading up to a military confrontation.
But are these expectations realistic? The recent Sony attack, which many are still trying to understand, may have been caused by a collaboration between North Korea and Iran. North Korea had a score to settle with Sony Pictures because of a film with an unfriendly portrayal of the North Korean dictator. As North Korea and Iran are closely collaborating on nuclear weapons and missiles, it makes sense to think that if the North Korean dictator asked for Iran’s help to attack Sony, that could have been easily arranged. While North Korea’s capabilities in cyber are suspect, Iran is well advanced thanks to help the Iranians have gotten from Western European companies anxious to cash in. Companies such as Siemens have also transferred critical SCADA technology to Iran, so the Iranians have all the tools they need to attack power grids, refineries, manufacturing centers and transport systems.
As a matter of fact, because it is difficult to pinpoint who is behind a cyber attacks on the critical infrastructure, it is mostly guesswork to assign blame. For example, if Russia actually attacked the American power grid (perhaps because President Putin was tired of hearing lectures from the Obama administration) can we be sure it was the Russians and not some other state or non-state actor? In today’s crazy world, non-state actors often are employed by governments (including our own) to hack someone’s network or system; and we also know that many intelligence agencies collaborate so that what might be illegal in one jurisdiction can be done in a place where taking such an action is not against the law.
An equally big problem is how one can respond to a cyber attack on the critical infrastructure. Supposing there is some reasonable certainty about the source of attack, how does one respond? Attack the other state’s critical infrastructure –tit for tat? It is not clear we yet have the capability to do that. The Russians, who inherited the systems built in the old Soviet Union, always kept their power systems, communications networks and government systems secret. Moreover, many of the systems the Russians have are built with seperate government and military hook ups and are redundant; furthermore a good many of them are buried underground.
This leaves the US in the unenviable position of needing to take some other kind of action to respond to a critical infrastructure attack. Whether we can truly take a military risk is an open question. Military escalation with a well-armed nuclear power is very risky, as the famous Cuban Missile Crisis illustrates.
In short, the problem is assymetric and difficult. While the Pentagon has put in place Plan X to be able to respond to cyber attacks, no one knows whether Plan X is much more than smoke and mirrors.
A key question is if you have limited options to respond to a successful attack on the critical infrastructure, can you find a way to protect the critical infrastructure from attack or at least mitigate damages should such an attack occur.
When Russia got the atomic bomb and the Cold War was in full swing, we had Civil Defense. Some readers may remember being taught to duck under a desk at school, or line up in areas thought to be more resistant to bomb blasts. Many Americans built and equipped and stocked bomb shelters. Some folks went so far as to buy cabins deep in the countryside in order to survive.
A Civil Defense program invites the notion that the threat is great enough to warrant taking defensive measures.
We have not done that to protect the critical infrastructure. Despite a lot of exhortatory legislation supposedly pushing the idea of protecting the critical infrastructure, doing that has mostly been left to the private sector owners of major critical infrastructure elements. It is not that they have not tried to put some security around their systems. But individual companies cannot compete against dedicated, well funded foreign government assaults. While the US government could try and fill the gap, the record to date on providing real help is spotty. A lead agency, the FBI, has created something called InfraGuard, a public private partnership, but everytime a business or infrastrcture player asks for help, they get blank stares and an unwillingness to share intelligence or practical solutions. The same holds true for the Defense Department, the NSA, the Department of Homeland Security –not really helpful.
Part of the problem is institutional. Some of these agencies are poorly equipped to provide solutions when most of the time they are trying to break into someone elses network. Some of it is a lack of leadership: lots of talk and not much else. And some of it is because of the dependency that has developed on commercial computer products and technology, most of which is ill suited to security.
The result of these multiple conundrums is that the United States is ill prepared to deal with any threat to our critical infrastructure, has no clear way to respond to attacks, and has no solutions that really help defend what we have. Are we to wait until the mostly inevitable happens and we are without light and power, fuel, food and medical support? Do we really want to risk urban riots, disease and upheaval?
The answer should be self evident.
Thus the question is, what should we do. It makes no sense to continue to “study” the problem: we need to solve the problem.
I have proposed a kind of Manhattan Project for Critical Infrastructure Security. The idea is to create a large team of the best experts available, with suitable policy leadership and substantial funding on the order (for starters) of $2 billion. The goal: build secure America-only computer network systems for the critical infrastructure from the ground up. There are some problems that will be very challenging, for example how to use computer hardware that is manufactured in China and in other places where malware and Trojans can be built in at the point of manufacture. There are other problems, how to manage authentication and encryption so that no part of any critical infrastructure network lacks encryption. This means very strong encryption that needs to be available to American critical ifnrastructure elements and that is constantly tested against external threat. But all these problems can be solved if there is a real will to do it.
I used the funding number of $2 billion because that is what the Manhattan Project to develop the atomic bomb cost originally (in 1945 dollars). Today $2 billion is a drop in the bucket and may not be enough. But it is, as they say, a good start.
The Manhattan Project should be run by the best and the brightest and not by any government agency. Government can have a seat on the board, but not management of the Project. The program must be authorized by Congress; must be non-partisan, open only to US citizens with security clearances, and run in secret. Critical infrastructure organizations and entities need to be vetted and made ready to accept and support a classified program. Administratively this is a big project, but just as the original Manhattan Project ultimately employed tens of thousands of people, so too would this project involve thousands organized entirely on a need to know basis.
If we wait much longer we will be sitting in the dark or worse.
by Stephen Bryen
founder and former head of the Defense Technology Security Administration
I have been writing about cyber security for many years. I believe I have some credibility in this field. I headed and ran the Defense Department’s program for technology security as the Director of the Defense Technology Security Administration and as a Deputy Under Secretary of Defense. I also started and ran two cyber security companies, one in the 1990’s called SECOM which was the world’s first secure chat program, and currently Ziklag Systems which markets secure mobile smartphones. Over the years I have been increasingly concerned about the vulnerability of our critical infrastructure and the risk to America. My concern has escalated along with growing and successful cyber intrusions into our power, energy, transportation and government grids and networks. And I have found it shocking that no one seems to know what to do about the menace.
Somehow our leaders in the administration and Congress, even Admiral Mike Rogers who heads NSA and the US Cyber Command, all of whom clearly understand the threat and risk, seem clueless on how to fix the problem.
Meanwhile China, Russia, Iran, Syria and plenty of rogue operations are increasing the pressure on us by attacking our computer networks. Nothing is safe. Not our defense Command and Control systems, our missile defenses, our energy grid, our refineries, our nuclear power plants, not even our telecommunications, transportation, water supply or health care systems are secure.
The reason for that is easy to see. All our computer networks rely on computer operating systems hardware and software that has been distributed all over the world. Since almost everything about those systems is public, it is easy for attackers with sufficient resources to take them apart. It should surprise no one that virtually all of our hardware is made in China, introducing a massive vulnerability into our critical infrastructure.
Add to this tremendous weakness the problem of SCADA systems. SCADA is the supervisory control and data acquisition system used by nuclear and conventional power plants, heating and cooling systems, manufacturing centers, refineries and lots of other automated systems. There are only two or three SCADA systems in the market with wide acceptance, and they are used worldwide. Once again, both the hardware and software for SCADA is accessible to foreign regimes and terrorists as well as other rogue actors. It is the SCADA that was the center of the attack on Iran’s uranium enrichment centrifuges where the US and Israel hoped to slow Iran’s acquisition of an atomic bomb. What was done with the Stuxnet worm to damage Iran’s nuclear program likewise can happen to us.
Patching computer operating systems and fixing SCADA software won’t work. This is proven empirically by the growing frequency of successful attacks on critical infrastructure systems,. If patches worked, they would save us from attack. But the plain fact is that they may help a little but not enough to stop a determined and resourceful adversary.
China, one of the countries known to be tampering with our critical infrastructure and helping to finance its growth by stealing defense designs and technology from our leading companies is already taking steps to keep us out of their networks by producing their own computer operating systems they won’t share with us. We should take a clue from China. For critical infrastructure security we need secure operating systems and a new secure SCADA that replaces all the commercial equipment and software we have been using.
Changing over to a government proprietary secure system is a vital step in locking down our networks and management systems. It requires a bold and determined initiative by the US government, and it needs to be accompanied by security measures that are well drawn and deeply monitored to provide an additional layer of protection.
Above all we need a policy based on “win win” not on hopes and fictions we can make what we have work. It is foolish to wait for the worst to happen, as it surely will.
DHS reports there is a Trojan Horse malware lurking in America’s critical infrastructure computers that could cause an economic catastrophe. It comes from Russia. But are we doing anything about it? You bet! DHS issued a Memo on November 6, 2014! The threat has been there since 2011!
The United States needs an explicit, public plan to deal with cyber attacks on the critical infrastructure of the United States. The critical infrastructure includes banking and finance, government, defense plants, energy, communications and health and safety systems. All of them have been attacked by outside powers, the most reckless attacks from China and Russia. But Plan X does not seem to have been activated. This should tell us that Plan X is not the answer to the problem that threatens our national security.
To the degree we have any policy, it seems it is to sit on our hands and watch as our defense secrets are stolen, our technology compromised and our commercial, transportation, energy and banking systems threatened. Do we want to watch attacks on nuclear power plants when the result could be another Three Mile Island or Chernobyl?
The policy we have is purposefully defeatist and highly dangerous. The idea that Secretary of State Kerry would go off to talk to the Chinese and ask them to be nice about cyber attacks is absurd on its face and demeaning to the United States. The time to talk to the Chinese is after we slap down a cyber intrusion that came from Beijing.
The policy I advocate is a byte for a byte. It is biblical. If you mess with our power plants, we can mess with yours. If you strike at our banking system, we will hobble your banking system.
This message should go out to the Chinese, Russians, Iranians and anyone else who thinks they can attack us without penalty.
If we had a policy we would put it openly on the table: We will not tolerate attacks on our critical infrastructure. If you are so brazen as to do it anyway, we will respond in kind and more.
The word in Washington is that no one wants to confront China because, after all, they are sort of paying our bills these days. If that is the sum of our foreign policy we are dead ducks. When we talk about national security, we cannot turn the other cheek.
Clearly the United States is in a great position to win any cyber confrontation. We have the talent pool and much better capability than any of our potential adversaries. This won’t always be the case: even the Pentagon is taking notice that our edge is slip slip sliding away.
The new Congress should demand a tough policy of retaliation for cyber attacks. Happily the new Congress is closer in tune with the outlook of the American people. Appeasement is not an answer to cyber attacks anymore than it is an answer to military invasions.
by Stephen Bryen
It would not surprise me if Israel’s Prime Minister Benjamin Netanyahu does not soon wind up in Moscow working out a strategic deal with Russia’s President, Vladimir Putin. The reason would not be hard to find. Israel is facing an existential threat from Iran, has lost all trust in the Obama administration, and has been vilified by unnamed Obama administration people.
There is an old political story that starts out when the late Senator John Sherman Cooper was asked to campaign for a friend. Arriving at a country store and standing on a soapbox, the good Senator delivered his campaign talk. Just halfway through a voice in the back hollered, “Your full of beans!” (The actual word is not beans, but as a matter of propriety I will tell the story my way.) The Senator, taken aback, regained his composure and continued, only to be once again greeted by the same exclamation from the old man in the back of the room. At this point, he rapidly concluded his remarks and got down from the soapbox. A number of local folks gathered around and apologetically told him, “please don’t believe what that old man hollered to you. He is addle-minded. He just says what he hears.”
In fact, the anonymous words directed contemptuously toward Netanyahu had to come from the top. Which is why the White House, trying to mitigate the harm done, could not apologize. The boss would not tolerate an apology and anyway no one would have the guts to ask him. So, as they say. the White House just put out that openly saying such things was counterproductive.
Any second-rate analyst in Israel would already understand that the statement came from the top. From this what would they conclude?
Aside from confirming what they already understood regarding personal relationships between Obama and Netanyahu, there was no surprise. But a deeper look reveals much more. The United States was not any longer a reliable partner.
The question about American reliability has been growing for some time. It has two dimensions: the strategic posture of the United States in the Middle East; the US-Israel “alliance” as the second.
The US has moved far ahead in jettisoning its friends in the Middle East, denouncing Egypt, faking it with Saudi Arabia, tolerating Turkey’s suppression of their military leaders who for decades supported the United States, and playing fast and loose with Israel’s security.
The US relationship with Iran has shifted significantly and the US has unleashed strategic trade deals with Iran, using its more than willing European allies as a front. All of this to grease the wheels of a nuclear deal that will be announced after the mid-term elections. There is a good probability that the Iran nuclear deal will have side arrangements that won’t be made public. One suspects the Israelis may already be tracking them.
In the recent Gaza war the United States froze the delivery of Hellfire missiles. Hellfire missiles, as the Pentagon will tell you, are precision tools to be used to remove targets with as little collateral damage as possible. Freezing their delivery effectively pushed Israel into using other weapons to counter Hamas’ rockets. So why did the administration do it? To show its ire at Israel, possibly, but also in a truly Machiavellian twist, to force the Israelis to cause more Palestinian casualties. This hardly qualifies how an ally should treat its partner. It is paradoxical that in the White House briefing over the “chickens..t” comments, the Press Secretary was anxious to put across how the US helps Israel and that it was Obama who led the charge to get Israel’s Iron Dome program funded.
From the inception of the Jewish state there was always a Russian hope, based on the fact that many of the Palestinian Jews were either socialists or communists, that Russia could strategically align with Israel. The USSR was the first state to recognize Israel diplomatically. A few years later the Russians decided that the Jewish state was going to be anti-communist, so the Russians embraced Arab socialism and dropped Israel. Today Russia is not communist and Putin and Netanyahu have a positive relationship. Israel has an interest in persuading the Russians to help stop the Iranian march to nuclear weapons. Putin has an interest in putting as much pressure as possible on the United States. This creates options for both countries.
The Obama administration’s side switching and unreliability is very costly and dangerous. American power and influence in the Middle East is at an all time low.
by Stephen Bryen
It is time for the US government, critical infrastructure components, the military and important businesses to dump Microsoft and Google. The products of these two companies, and many others, built primarily for entertainment have no place in sensitive government and business operations. All of them represent a time bomb whose chain reaction has already started. The constant hacking and intrusion of these systems is robbing the American taxpayer blind and undermining national security.
Our government has long been two-faced about the vulnerabilities of popular operating systems, open source software and the total lack of security that dominates America’s software industry. That’s because NSA and other intelligence organizations in the US government take advantage of the stunning weakness of these platforms for spying. So, while the government opines about hacking and foreign governments, it is busily at work spending billions of dollars to spy on anyone and everything.
I am not at all against government spying. It keeps me and my family safe. It is important and if we decide to curtail it we may pay too high a price enabling terrorists and foreign regimes to bring harm to our country.
My problem is that the two faced approach has blocked any chance to put real security in place for critical computer networks providing essential services, and it has left our military vulnerable to hacking. Today we know that our energy companies, banks, transportation systems, even our health care delivery has been heavily assaulted from within and without, by foreign and domestic hackers. Key defense programs have been compromised and billions of dollars worth of data stolen. Important stealth combat systems have been stolen.
America is a rich country, one of the richest in the world. But can we afford the losses we are taking? Because of the two faced approach, we do not have accurate reporting on how much has gone out the window, but it is a lot. Our government will not own up to the true danger so long as its spying trumps security at home.
Risks are multiplied by the fact that almost all our computer hardware comes from China. Certainly American companies make some of it although production is abroad, but none of that really matters. The opportunity to slip micro code into mobile phone and computer platforms is there and plain to see. But our government offers no guidance on this sore subject, and in fact continually encourages production outside our borders.
Surely at some point in the not so near future tragedy will strike. Someone will penetrate a nuclear power plant and generate a Three Mile Island type disaster; or Amtrak will end up with trains on the same track heading in opposite directions; or the power grid will go out as it did on overload in 2003; or Air Force One’s elaborate systems could cause a crash landing. There are plenty more dire scenarios.
The Chinese have got sick and tired of NSA and GCHQ. Thus China is investing in new hardware for its government and military systems and a Chinese operating system without Google and Microsoft. In a few years China will be better protected than America. Maybe we should pay attention. What the Chinese are doing is not just a curiosity. It is a serious investment that may give them more secure systems than we have.
We waste billions each year trying to graft security onto open, public computer systems and networks that were never build to be secure. Thousands of software engineers from all over the world work for America’s software companies. Computer technology has become so globalized that trying to manage production and keep any semblance of security is strictly impossible. Recent bugs found in open source software widely used in all computer systems came from Germany. It could just as well come from France, the UK, India, Israel, Singapore or China. It seems everyone is playing in this field and these is zero auditing of the final products. The rush is to get to market. It can be patched later! But as we know, once a vulnerability is introduced, it lives on. The myriad systems that use these products can’t possibly track the known bugs; and the unknown holes in the system rise to the surface at an increasingly fast tempo.
No one can, or needs to, fix the globalized software and hardware industry. What is needed is a trusted solution that is available only to qualified government, military and critical industries that is build on rigorous, tested security standards and on hardware that is strictly controlled in the United States. Building a secure system is costly, but the investment is far less than what is going out the window today and certainly less than the risk exposure we currently have.
Some would say that a trusted solution will not stay up with the times and will become a costly and useless artifact. There are two answers to this complaint. A security system has a limited purpose and is not like commercial systems with features more geared to entertainment than productivity. Moreover, a security based system should not be divorced from the real world. If important communications, processing or data management solutions are important and attractive, nothing would prevent these from being adapted to a security-based system.
I am far from optimistic our government will throw out Microsoft and Google and all the Chinese hardware it has bought. But without a new way of protecting ourselves we will pay dearly for our government’s short sighted approach to protecting its citizens.
The Washington Post carried a front page article on October 10th “Hacked Firms Quietly Talk about Fighting Fire with Fire” about growing corporate anger over successive cyber attacks. The new theme: go on the offensive. Hack back!
They are not alone. The Pentagon has set up a secretive unit called Plan X which is supposed to fight back against hacking. Its “rules of engagement” are classified, and nobody really knows if Plan X is operational or pie in the sky.
But how would “hacking back” work? The corporate approach, as reported in the Post, seems to be that one can attack the hackers, send them bogus information, as a way of closing them down. Would this work?
Most of the really bad hacking, attacks on government computers and networks and on America’s critical infrastructure is foreign government sponsored. The latest banking attacks are thought to be Russian-sponsored, Putin’s reaction to American-led sanctions because of the Ukraine crisis. And the Senate Armed Services Committee has found that American defense companies are being systematically looted by China through cyber espionage.
Well-financed foreign governments do not directly launch attacks on American companies or our government and military. They would be foolish to do so, especially since they have plenty of other options. The Russians and Chinese have cadres of hackers who can operate on their behalf. Occasionally these state-sponsored “independent” hackers make a few extra dollars by stealing credit cards and emptying bank accounts. Sure you can hack them back, but they will just get another computer and do it again. Living abroad they are beyond American law enforcement. The FBI may want to investigate; one can expect few results.
Then there is the problem of recognizing that a hack has occurred. A study by Verizon which was done with the cooperation of many businesses, security firms and government experts points out that it often takes a long time to uncover an intrusion. If you don’t know you have been ripped off you may in the end find your coffers empty when it is too late.
The level of angst circulating in business and government circles caused by huge financial losses from cyber intrusions (one study says $300 billion per year goes out America’s cyber “pipeline”) suggests we are rapidly reaching a tipping point. The security model we are trying to apply is a failure.
In fact as I have pointed out elsewhere, the security model we have cannot work for the simple reason that it is impossible to protect computer networks when the networks, fixed and mobile platforms, and transmission equipment are composed of open-source computer code and foreign sourced hardware, predominantly manufactured in China. The time has come for the government to realize we cannot protect America’s resources or critical systems such as telecommunications, energy, health care and banking if they are running on foreign produced equipment and globalized software.
And there is more.
It makes no sense to go after hackers who are employed by foreign governments. If we want to be serious when our banks are attacked or our nuclear power plants are damaged we have to respond in kind. This is the ancient rule of warfare. We need to establish a cyber balance of power. To do so, we have to act like a grown up superpower that is no longer willing to be picked on by hackers and intruders ad nauseam. It is doubtful the Pentagon’s Plan X rules of engagement allow it to attack the other guy’s critical infrastructure, but maybe they should. If the White House is timid maybe Congress can put some backbone into our leadership.
Successive administrations have kicked the ball down the hall on cyber security. Leaders have bought into the idea that there is some nice solution just around the corner and all we needed to do is to be more rigorous, spend more money, and apply the right security safeguards. If anything, as spending on security has increased, so have cyber attacks. There is no empirical evidence that more spending has produced anything approaching a cure. While it may get them off the hook by throwing more dollars at the problem, a more serious and comprehensive approach is needed and soon. That approach is tit for tat for those attacking us, and weaning our computer networks and communications systems off weak, compromised software and Chinese-made hardware. We would not give our soldiers rifles made in China? Why do we run our nuclear power plants and government computers on Chinese supplied parts?
The partying going on in Beijing and Moscow will go on until we get serious. We are still buying the beer.
The ancient city sits ninety meters above the Euphrates river. Known in ancient times as Dura Europos, its history spans the most important time for change and strife for Jews and the formative period of Christianity. Dura Europos (the nearest Syrian village is Salhiyé ) is now under ISIS control. ISIS has put diggers there who are pick pocketing the artifacts of the city and selling them to brokers on the spot.
Dura Europos has three sanctuaries, a synagogue, an early Christian church and a Roman temple. The city was founded by the Seleucids in 303 BC. It would be captured by the Romans in 165 AD who held it until 256 or 257 AD. Established as a trade hub for caravans and river traffic, Dura Europos also was a melting pot of culture and a place of religious ferment.
The period between from 303 BC to 250 AD marks a time of great change in Judaism and Christianity. It is the period of struggle between the Roman occupiers and Jewish zealots who believed the Romans were polluting the Temple and undermining religion. It is a period where notions of a savior took hold in both the Jewish and Christian communities and where it was not always possible to distinguish between Christians and Jews. In the finds at Qumran (popularly known as the site where the Dead Sea scrolls were discovered) we can get an extraordinary insight into the religious fervor, the striving for purity, the anticipation of a messiah, that became the core idea of Christianity.
Of particular importance is the work of the prophet Ezekiel. He was Ezekiel ben-Buzi, who lived in exile in Babylonia between 593 and 571 BC. Ezekiel’s writings were modified and added to many times, so it is uncertain what truly belongs to him and what his successors added over the years.
Chapter 37 by Ezekiel is most famously known as “dry bones.”
“The hand of the Lord was on me, and he brought me out by the Spirit of the Lordand set me in the middle of a valley; it was full of bones. He led me back and forth among them, and I saw a great many bones on the floor of the valley, bones that were very dry. He asked me, “Son of man, can these bones live?”
“I said, “Sovereign Lord, you alone know.”
” Then he said to me, “Prophesy to these bones and say to them, ‘Dry bones, hear the word of the Lord! This is what the Sovereign Lord says to these bones: I will make breath enter you, and you will come to life. I will attach tendons to you and make flesh come upon you and cover you with skin; I will put breath in you, and you will come to life. Then you will know that I am the Lord.’”
” So I prophesied as I was commanded. And as I was prophesying, there was a noise, a rattling sound, and the bones came together, bone to bone. I looked, and tendons and flesh appeared on them and skin covered them, but there was no breath in them.
“Then he said to me, “Prophesy to the breath; prophesy, son of man, and say to it, ‘This is what the Sovereign Lord says: Come, breath, from the four winds and breathe into these slain, that they may live.’” So I prophesied as he commanded me, and breath entered them; they came to life and stood up on their feet—a vast army.”
“Then he said to me: “Son of man, these bones are the people of Israel. They say, ‘Our bones are dried up and our hope is gone; we are cut off.’ Therefore prophesy and say to them: ‘This is what the Sovereign Lord says: My people, I am going to open your graves and bring you up from them; I will bring you back to the land of Israel. Then you, my people, will know that I am the Lord, when I open your graves and bring you up from them. I will put my Spirit in you and you will live, and I will settle you in your own land. Then you will know that I the Lord have spoken, and I have done it, declares the Lord.’”
These verses speak for themselves and it is this vision that takes hold and dominates Qumran and early Christianity.
Remains of the Dura Europos Synagogue
The incredible Dry Bones mural from Dura Europos
Civilization is possible thanks to historical memory, and the artifacts of the past intensify and validate the integrity of our culture and give proof that our beliefs grow out of the struggles of our forbearers. We cannot describe in words what we owe to them, but when they leave behind remnants of their vision it moves us spiritually and emotionally.
The Dura Europos synagogue is now threatened as never before by ISIS. What a tragedy for all of us if we lose this precious symbol of our religious heritage.