America’s Retreat and Japan

by Stephen Bryen

Japan is not much of a military power today, a mere shadow of what it was before World War II.  Since her defeat in 1945, Japan has relied on the United States for security.  The US keeps a large number of bases on Japan and Okinawa, and also shares facilities with Japan.  Below is a list, courtesy of Wikipedia, of American bases by service:[1]

The U.S. military installations in Japan and their managing branches are as follows:

USFJ Facilities
Admin Code
Name of Installation Primary Purpose
Air Force FAC 1054 Camp Chitose
(Chitose III, Chitose Administration Annex)
Communications Chitose, Hokkaido
FAC 2001 Misawa Air Base Air Base Misawa, Aomori
FAC 3013 Yokota Air Base Air Base Fussa, Tokyo
FAC 3016 Fuchu Communications Station Communications Fuchu, Tokyo
FAC 3019 Tama Service Annex
(Tama Hills Recreation Center)
Recreation Inagi, Tokyo
FAC 3048 Camp Asaka
(South Camp Drake AFN Transmitter Site)
Wako, Saitama
FAC 3049 Tokorozawa Communications Station
(Tokorozawa Transmitter Site)
Communications Tokorozawa, Saitama
FAC 3056 Owada Communication Site Communications Niiza, Saitama
FAC 3162 Yugi Communication Site Communications Hachioji, Tokyo
FAC 4100 Sofu Communication Site Communications Iwakuni, Yamaguchi
FAC 5001 Itazuke Auxiliary Airfield Air Cargo Terminal Hakata-ku, Fukuoka
FAC 5073 Sefurisan Liaison Annex
(Seburiyama Communications Station)
Communications Kanzaki, Saga
FAC 5091 Tsushima Communication Site Communications Tsushima, Nagasaki
FAC 6004 Okuma Rest Center Recreation Kunigami, Okinawa
FAC 6006 Yaedake Communication Site Communications Motobu, Okinawa
FAC 6022 Kadena Ammunition Storage Area Storage Onna, Okinawa
FAC 6037 Kadena Air Base Air Base Kadena, Okinawa
FAC 6077 Tori Shima Range Training Kumejima, Okinawa
FAC 6078 Idesuna Jima Range Training Tonaki, Okinawa
FAC 6080 Kume Jima Range Training Kumejima, Okinawa
Army FAC 2070 Shariki Communication Site Communications Tsugaru, Aomori
FAC 3004 Akasaka Press Center
(Hardy Barracks)
Office Minato, Tokyo
FAC 3067 Yokohama North Dock Port Facility Yokohama, Kanagawa
FAC 3079 Camp Zama Office Zama, Kanagawa
FAC 3084 Sagami General Depot Logistics Sagamihara, Kanagawa
FAC 3102 Sagamihara Housing Area Housing Sagamihara, Kanagawa
FAC 4078 Akizuki Ammunition Depot Storage Etajima, Hiroshima
FAC 4083 Kawakami Ammunition Depot Storage Higashihiroshima, Hiroshima
FAC 4084 Hiro Ammunition Depot Storage Kure, Hiroshima
FAC 4152 Kure Pier No.6 Port Facility Kure, Hiroshima
FAC 4611 Haigamine Communication Site Communications Kure, Hiroshima
FAC 6007 Gesaji Communication Site Communications Higashi, Okinawa
FAC 6036 Torii Communications Station
(Torii Station)
Communications Yomitan, Okinawa
FAC 6064 Naha Port Port Facility Naha, Okinawa
FAC 6076 Army POL Depots Storage Uruma, Okinawa
Navy FAC 2006 Hachinohe POL Depot Storage Hachinohe, Aomori
FAC 2012 Misawa ATG Range
(R130, Draughon Range)
Training Misawa, Aomori
FAC 3033 Kisarazu Auxiliary Landing Field Air Facility Kisarazu, Chiba
FAC 3066 Negishi Dependent Housing Area
(Naval Housing Annex Negishi)
Housing Yokohama, Kanagawa
FAC 3083 Naval Air Facility Atsugi Air Facility Ayase, Kanagawa
FAC 3087 Ikego Housing Area and Navy Annex Housing Zushi, Kanagawa
FAC 3090 Azuma Storage Area Storage Yokosuka, Kanagawa
FAC 3096 Kamiseya Communications Station
(Naval Support Facility Kamiseya)
Yokohama, Kanagawa
FAC 3097 Fukaya Communication Site
(Naval Transmitter Station Totsuka)
Communications Yokohama, Kanagawa
FAC 3099 United States Fleet Activities Yokosuka Port Facility Yokosuka, Kanagawa
FAC 3117 Urago Ammunition Depot Storage Yokosuka, Kanagawa
FAC 3144 Tsurumi POL Depot Storage Yokohama, Kanagawa
FAC 3181 Iwo Jima Communication Site Communications
Ogasawara, Tokyo
FAC 3185 New Sanno U.S. Forces Center Recreation Minato, Tokyo
FAC 5029 United States Fleet Activities Sasebo Port Facility Sasebo, Nagasaki
FAC 5030 Sasebo Dry Dock Area Port Facility Sasebo, Nagasaki
FAC 5032 Akasaki POL Depot Storage Sasebo, Nagasaki
FAC 5033 Sasebo Ammunition Supply Point Storage Sasebo, Nagasaki
FAC 5036 Iorizaki POL Depot Storage Sasebo, Nagasaki
FAC 5039 Yokose POL Depot Storage Saikai, Nagasaki
FAC 5050 Harioshima Ammunition Storage Area Storage Sasebo, Nagasaki
FAC 5086 Tategami Basin Port Area Port Facility Sasebo, Nagasaki
FAC 5118 Sakibe Navy Annex Hangar Sasebo, Nagasaki
FAC 5119 Hario Dependent Housing Area
(Hario Family Housing Area)
Housing Sasebo, Nagasaki
FAC 6028 Tengan Pier Port Facility Uruma, Okinawa
FAC 6032 Camp Shields Barracks Okinawa, Okinawa
FAC 6046 Awase Communications Station Communications Okinawa, Okinawa
FAC 6048 White Beach Area Port Facility Uruma, Okinawa
FAC 6084 Kobi Sho Range Training Ishigaki, Okinawa
FAC 6085 Sekibi Sho Range Training Ishigaki, Okinawa
FAC 6088 Oki Daito Jima Range Training Kitadaito, Okinawa
FAC 3127 Camp Fuji Barracks Gotenba, Shizuoka
FAC 3154 Numazu Training Area Training Numazu, Shizuoka
FAC 4092 Marine Corps Air Station Iwakuni Air Station Iwakuni, Yamaguchi
FAC 6001 Northern Training Area
(Incl. Camp Gonsalves)
Training Kunigami, Okinawa
FAC 6005 Ie Jima Auxiliary Airfield Training Ie, Okinawa
FAC 6009 Camp Schwab Training Nago, Okinawa
FAC 6010 Henoko Ordnance Ammunition Depot Storage Nago, Okinawa
FAC 6011 Camp Hansen Training Kin, Okinawa
FAC 6019 Kin Red Beach Training Area Training Kin, Okinawa
FAC 6020 Kin Blue Beach Training Area Training Kin, Okinawa
FAC 6029 Camp Courtney Barracks Uruma, Okinawa
FAC 6031 Camp McTureous Barracks Uruma, Okinawa
FAC 6043 Camp Kuwae (Camp Lester) Medical Facility Chatan, Okinawa
FAC 6044 Camp Zukeran (Camp Foster) Barracks Chatan, Okinawa
FAC 6051 Marine Corps Air Station Futenma Air Station Ginowan, Okinawa
FAC 6056 Makiminato Service Area (Camp Kinser) Logistics Urasoe, Okinawa
FAC 6082 Tsuken Jima Training Area Training Uruma, Okinawa

Overall the United States has more than 50,000 military personnel stationed in Japan and Okinawa and employs around 5,500 civilians.  There are over 40,000 military family members associated with America’s presence.

Japan is the home base at Yokosuka for the US Seventh fleet and also the home of the 3rd Marine Expeditionary Force.  Along with troops, helicopters, ships and submarines the US Air Force has 130 fighters based in Japan.

The American presence is the successor to the US occupation of Japan at the end of World War II.  While the number of bases, facilities, training centers and storage facilities is large, the US also closed down close to the same number of facilities and bases over the years.

Japan pays the United States around $2 billion as compensation for America’s presence.  While this seems like a large number, the actual cost to the United States for the deployment is many billions more than the Japanese contribution. Japan therefore benefits from the American presence because it can keep a small defense budget even where potential threats in the region are growing.

And they are.  North Korea is already a nascent nuclear power and is likely in future years to use its missiles as a means of getting concessions from Japan. The Japanese have had a rocky relationship with Korea.  In 1905 Japan forced Korea to become a protectorate.  In 1910 Japan annexed Korea (then a unified peninsula).  Under this annexation Japan dealt harshly with the Korean people and exploited its resources.  Before and during World War II the northern part of Korea was an industrial center supplying Japan with armaments and ammunition. It is also one of the places where Japan worked on building an atomic bomb.

Along with roughly treating Koreans, using them as conscripts and forced labor, thousands were transferred to Japan and use as laborers there.  When Hiroshima and Nagasaki were hit by atom bombs, thousands of Koreans working in those cities were killed.  Adding to the misery of the Korean people was the use of young Korean ladies as “comfort women” for Japanese troops and administrators.  Bitterness over this issue still remains.

China, too, is turning into a true superpower, and confrontations between Japan and China over disputed islands has risen in the past few years. Their disagreement is over some uninhabited small ”rocks” in the East China Sea (known in Japan as the Senkaku islands).  These “rocks” are under Japan’s control, but the Chinese want them.  Their location is strategic, affecting China’s ability to control the sea lines of communication, and are positioned near important oil and gas reserves.

But much more is involved as China grows stronger.  China thinks of its perimeter as two imaginary boundaries, the inner boundary already clearly under China’s control; the outer one coming under its control as China expands its navy and develops new weapons that can challenge America’s aircraft carriers and nuclear submarines.

The United States has been trying to beef up its Pacific presence.  The bases in Japan offset, to a degree, China’s growing military power, but will that be enough?

The last test of military power in the region took place in the Taiwan Straits from July 21, 1995 to March 23, 1996.  In that period China carried out an “exercise” that included closing sea and air traffic in and around the Taiwan straits as China launched missiles, mobilized its land forces, and prepared its naval forces to support what looked like an invasion of taiwan itself.  Would the US respond to China’s provocation? Would China challenge the United States or back off?

The evidence shows that America delayed responding and finally put two aircraft carrier task forces on patrol near the Straits.  China, if it really planned to strike Taiwan, backed away and the crisis ended.  China blinked.

It is far from clear whether a repeat performance would be met resolutely by Washington. Even if America did move its naval and air forces to face China,   China might not cut and run.  There are many scenarios that could trigger a confrontation:  disputed territories, Taiwan, conflict on the Korean peninsula.

Americans tend to forget that we faced Chinese “volunteers” in the Korean War, and proxy wars involving China and Russia in Vietnam, Laos and Cambodia.

Which brings us back to Japan and the dilemma Japanese policy makers’ face.

Can Japan depend on the United States for its protection?  Should a confrontation unfold that directly impacts Japan, there is reason to believe, based on the worsening geopolitical posture of the United States and the drawdown of defense assets, that the United States might dawdle, seek diplomatic remedies, and try not to engage.

There have already been a number of incidents between China and Japan (see for an excellent review by Sheila A, Smith, a senior fellow for Japan at the Council for Foreign Relations).  So far they have been small scale and contained, but these were probes by China to judge not only Japan’s behavior, but to understand what America might do.  So far at least, the Japanese have worked to contain any incident and the United States has not needed to take any direct role.  But this can change at any time.  If China wants to do so she can ratchet up trouble at any time.

Japan is caught in a dilemma. Its military forces are weak compared to China and there is little chance much can be done to strengthen it in the next five years. Japan can compensate a little by buying new weapons. Japan has agreed to procure F-35 Joint Strike Fighters.  But these airplanes are years away from delivery, and they are tactical aircraft and will not be regarded by China as any sort of deterrent.  Japan really wanted the F-22, a true stealth penetration bomber capable of long range operations. The United States rejected Japan’s attempt to buy them.

Japan, therefore, has few options.  But there is one direction Japan can go, and it has the resources, know how, and delivery systems to get there.  That is to build nuclear weapons.  Doing this will surely antagonize the United States, China and North Korea, but Japan could nevertheless decide it is worth it.  Some suspect Japan may be laying the foundation for such a step. For example Japan has been energetically building long range rockets. It is hard to believe Japan would invest so much effort in rockets and space unless the investment was regarded as an important part of a future strategic system.

Japan had an atomic bomb program in World War II divided into two main programs, one run by the Army and the other by the Navy.  It had major facilities throughout Japan, and the Navy ran a secret operation in northern Korea that was taken over by the Russians at the end of World War II.  That facility, which produced thorium for the Russians, was bombed by B-29’s in 1950 in the early days of the Korean War.   In addition, Japan had a highly capable scientific community with excellent nuclear physicists and chemists. Major Japanese companies built equipment including cyclotrons and gas centrifuges for Japan’s atomic program and some participated in uranium extraction and enrichment.

Would Japan return to nuclear weapons after the devastation of Hiroshima and Nagasaki and the strong anti-nuclear feeling that permeates Japan’s politics?  That would depend on whether Japan felt sufficiently threatened by North Korea and China to do so.  A few islands are probably not enough to cause a major change in policy.   But minor clashes can turn into bigger ones, and the United States, its prestige in tatters and in retreat around the world, may not be able to play a role as Japan’s defender.  Then we will see.


Tagged , , , , , , ,

Lenin is in Poland

by Stephen Bryen

There is an old and rather awful joke that goes like this. The Russian Revolution has succeeded and the Communists are now in Power. Lenin is feeling very good about his great success and thinks there is a chance to convince some other countries to go Communist. He decides to go to Poland.

Meanwhile the Kremlin wants to honor the momentous occasion and commission a painting celebrating Lenin’s trip. The day arrives to unveil the painting and all of official Moscow has assembled. But alas, when the shroud over the painting is dropped there is a picture of a man in bed with a woman.

“What’s this exclaim the top Russian leaders? This,” the painter says, “is a painting of Trotsky, in bed with Krupskaya, Lenin’s wife.” And the painter explains, the title of the picture is “Lenin is in Poland.”

Today Lenin, in the form of Putin, is in the Ukraine, somewhere he surely does not belong. No one would dare to make a painting honoring the occasion.

Meanwhile the Western allies are in some turmoil. The Europeans are threatening more sanctions unless Putin pulls his forces out and wholeheartedly supports a peace effort (whatever that means). The United States is threatening to arm Ukraine with lethal weapons, as if there is some other kind of weapon useful to the Ukrainian military.

The country is in a mess. Ukraine is no match for Russia’s army, who are better trained and well equipped; there is not much chance that the Ukrainians can prevail without outside help.

Technically Ukraine is not a NATO problem because the Ukraine was never admitted to NATO membership. In fact the Ukraine’s bid for such membership was one of the contributing causes (but not the only one) to the Russian-sponsored war that is enveloping the country.

What is worse, NATO is far from having a single mind about the subject of Ukraine. Right now Angela Merkel and Francois Hollande are taking the lead as European leaders, not necessarily as NATO leaders, arguing for a cease fire and a peace process. Their chance for success is very small.

NATO itself is not what it used to be. NATO is a collective security system which was organized as the Soviet Union turned Eastern Europe into Communist puppet states under Communist Russia’s full control. The NATO idea and part of the Treaty agreement is that any attack on a NATO member can be met by collective force. But for NATO to act, all members must agree. When the United States asked NATO to join it after 9/11 to take down the Taliban, NATO could not agree. Keeping in mind that it was the same European states that pressured America into entering the war in Bosnia, NATO’s refusal to use collective defense on behalf of one of its members, in fact its most important member, was an especially rude slap in the face.

NATO also is paltry as a military operation. Many of the NATO countries reduced their armed forces after the collapse of the Soviet Union and major armor units were disbanded with land war equipment either sold or scrapped. Today NATO countries have an ability to launch a fight against the Taliban, but no ability to win the fight. That is the real reason Obama is pulling the US out of Afghanistan.  The British are doing the same and most of the others are only providing humanitarian aid.

Years ago in a meeting in the Senate Foreign Relations Committee over problems in Lebanon one of the Senators asked Dr. Henry Kissinger about French insistence to have a role in the affair. Where is their Navy, opined Kissinger, or their Army? Without a military capability and willingness to commit it, Kissinger had no interest or regard for the participation of the French, even though years ago they ran Lebanon for the League of Nations under a Mandate (1923-1946).

Today we have a rather parallel situation. Neither Germany nor France will commit one single soldier to any fight in the Ukraine. So their intervention with Putin lacks credibility. Putin’s only conceivable interest compelling his attention is European sanctions, but he has cards of his own he can play if he wants (like cutting off natural gas supplies to Germany or threatening other countries such as Poland or Estonia). For this reason Europe cannot risk war, and neither can the United States, because our country, like the rest of NATO, is woefully unprepared. Had America delivered on its promises to the Ukraine years earlier, after Ukraine got rid of Backfire bombers and other strategic assets, the situation today might have been different. But it isn’t and no one knows how to change history or make hindsight into a constructive tool.

There is also the problem that the NATO partners, aside from the bombastic statements by President Obama and Vice President Biden on Ukraine, do not see eye to eye. Greece has a new leftist leader friendly to the Kremlin. Will Greece be willing to vote for more sanctions on the Russians? From the Greek point of view they already have enough sanctions laid on themselves by European bankers. Or will Italy want to get into this quagmire, with Russia an important trading nation? Or for that matter will the Germans back up Mrs. Merkel?  Russia is a very important trading partner for Germany, the source of a significant flow of energy, and trades important raw materials in exchange for German manufactured goods. Merkel’s flexibility has to be extremely limited and her political future is far from assured.  Loss of jobs may well trump applying sanctions.

AS a result, these are not happy times either for Europe, for the United States, and certainly for the Ukrainian people who have been treated to a tap dance by the West’s leaders in place of a functional alliance. There is only so much of this sort of thing before things turn even more tragic.

Interestingly, despite the fissures and extreme problems with NATO, all the Western players are marching around and around without getting to some core issues that must be addressed for the future. At risk today is not only NATO survival, but peace in Europe. Putin is not Hitler, notwithstanding the rhetoric that has been coming from the United Kingdom. But Putin is an aggressive minded Russian leader who is filling a vacuum. He already learned he could get away with aggression in Georgia. And now he is taking advantage because he knows NATO has mutated into a paper tiger.

We need to wake up.  We don’t want Putin in Poland.

Tagged , , , , , ,

Greece Will Need a New Currency

by Stephen Bryen

The new Greek government, mainly composed of former Communists and other leftists, with a dash of a far right political party giving Syriza enough support to form a government, faces a huge task in trying to reform Greece’s economy.  The idea that it can be done in negotiations with the European Central Bank and the key economic power, Germany, is wishful thinking at best.

The German government has already made clear it is not prepared to write off Greek debts.  Furthermore the Germans and the bankers expect Greece to pay back its loans and to retain an austerity program in order to squeeze enough resources out to make the required payments.

It is unlikely Greece can, or will comply.  What is more certain is that the new government will raise salaries, cut some taxes (but not to the rich), and hire back many unemployed State workers.  Of course this is impossible if the euro remains Greece’s currency.

Once the government gets organized and starts imposing its “cure” Greek repayments will have to cease, bond prices will escalate and will be chasing investors who will be running for cover, and the situation will rapidly become quite explosive.

At this point both the Greeks and the Europeans will have to make choices.  In such an environment, the most likely result is that Greece will have to replace the euro with a local currency.  For our purposes let’s call it the “New Drachma.”

Greece can get along with the New Drachma.  But a better solution for Greece is a hybrid approach: if possible retaining the euro and support a New Drachma –in other words, two currencies.

There are two ways this can be done.  One is a formal agreement with the European banks that will give Greece room for maneuver by stretching out loan repayments and making other credit provisions that are reasonable.  With a second, “local” currency Greece can pay its civil servants and encourage private business to also use the local currency for all internal transactions. André Cabannes, a professor at Stanford University, outlined this approach for Greece a few years ago, and his proposal remains the best one for Greece and for other weak players in the euro community such as Spain and Italy.

A New Drachma will start off in parity with the euro, but won’t stay there for long.  Unless the government exercises some discipline and restraint and builds confidence in the banking and business community, the New Drachma will rapidly lose value.  The real challenge for a radical Greek government is whether it can come up with a program that can be managed properly, kept sensible, and will be able to have the support of the financial community.

Europe cannot really afford to write off Greece.  Nor can the new Greek government survive if it is reckless or obnoxiously ideological.  It would help both sides in the argument to find independent experts who can structure a workable program for a second currency while keeping the euro alive.

Tagged , , , , ,

Now it is CENTCOM: But it is just the Tip of the Iceberg

by Stephen Bryen
You don’t have to be real smart to know that social media accounts are not private, even if you are told by their owners and operators that they are.  Social sites, all of them, are easily hacked by outsiders, and even the companies that offer own them exploit them to make money.  The monetization of privacy in the United States is highly advanced and represents a multibillion dollar, unstoppable, business.
But folks are starting to figure out that a major danger is lurking.
For this reason the French gendarmes and counter terrorism forces have been order to close any personal social media accounts they have and to do so immediately.
You would have thought that America’s Central Command, which focuses on the Middle East and plays a vital role in dealing with radical Islamic terrorism, would recognize social media risks and would have, long ago, taken security measures to protect sensitive information.  But that did not happen.  In fact, CENTCOM (as it is known) has been merrily running Twitter and YouTube sites without any care.
So now we know that ISIS hacked CENTCOM and published the names and addresses of top officials including four star generals, making the information generally available to any operational terror cells including some who may be lie embedded in the United States. US Cyber Command is only the tip of the iceberg.  ISIS could have got all the information and passed it to terror organization without defacing the CENTCOM twitter account and other CENTCOM-sponsored sites.  In this way Central Command would not know that critical information about their top personnel was in the hands of a vicious Islamic terror organization.  But ISIS wanted to get the propaganda value out of its hack, so they made a lot of noise.  No one knows how long they have been mucking about in CENTCOM’s operations.
The Pentagon says it was all a prank and is of no concern.  With this mindset anyone hoping there was a chance that the Pentagon might try and fix a looming problem now knows better: they are the problem.
But, under pressure, the Pentagon changed its mind.  Huh?families
Is CENTCOM an exception?  Hardly.  Americans, despite countless articles pointing out obvious vulnerabilities in social networking and media sites, continue with their obsession to leak information that compromises personal and organizational security.   It is a good bet that virtually every American military base, office, organization and unit is leaking away using Facebook, Twitter, LinkedIn, Pinterest and all the others.  So too are folks at Homeland Security, the State Department, FBI and on and on.
The truth is we do not know just how much sensitive information is in the hands of terrorists, but if we have learned anything watching al-Qaeda, ISIS, the Iranians, the Syrian Electronic Army and all their brethren is that they certainly know how to exploit social media and build powerful attack databases.
They have already used their laptop computers and the lists they have generated and passed around on memory sticks to identify and kill their enemies in Iraq and Syria. It would be foolish to think they have confined themselves to the Middle East –indeed we know they have not.
In France the attacks on the Jewish community, for example, are not random.  Names, addresses and other information was gathered by the terrorists from social media sources, especially Facebook.  This exposed not only the targeted individuals, but also their families.  Even the Charlie Hebdo attack was precisely targeted.  The killers had the ID and photos of their victims well in advance.
For a long time the French government, trying to be politically correct in the French context, did almost nothing to protect its citizens from terrorists, especially its Jews.
Now, in the wake of Charlie Hebdo and Hyper Cacher, a Kosher supermarket in Paris, the French government has taken an about face (volte-face) and decided to try and protect synagogues and religious schools. To this end the French government has assigned 10,000 soldiers.  But soldiers can’t protect someone in their home or walking down the street.  In the last decade Jews in France have been murdered, shot add, beaten up, raped and terrorized.  How to protect exposed individuals, their families and friends?
The American situation is not much better.  For years we have allowed terrorist organization free rein on the Internet, and have done little or nothing to stop them.  The fact that ISIS can get away with launching cyber attacks tells you all you really need to know.  Despite investing billions in so-called cyber security, and even creating a Pentagon unit (“Plan X”) that is supposed to deal with the bad guys, everyone is still looking at their thumbs.  US security policy is frozen, blindsided, hamstrung and inept.  The Pentagon can’t figure out which end us up, has not given direction to its millions of military and civilian employees, and has not engaged the enemy or tried to shut them down. Remember what happened in Boston.
Security comes down to protecting people, and if you can’t do that your security system is faulty.  A quick way to provide some modicum of protection is to purge social media of sensitive information that puts people directly at risk. The bigger job is to provide real aggressive leadership to take down the connections being exploited over the Internet by the Islamic terrorists.  The Pentagon can do the job; they just need to be told to launch the effort.
Tagged , , , , , ,

Will the Stringray End Up At the Supreme Court?

by Stephen Bryen

The Stingray is a device that can track cell phones in real time.  It is a type of IMSI catcher.  IMSI, the International Mobile Subscriber Identity, is built into all cellular phones.  The IMSI number is broadcast by a phone when it connects to any cellular tower.  An IMSI catcher pretends to be a cellphone tower, “catches” the IMSI broadcast, and then can act as a relay to a legitimate cellular phone tower, meaning that everything that is broadcast across the IMSI catcher can be heard or intercepted.

The Stingray IMSI Catcher

The Stingray IMSI Catcher

There are many IMSI catcher devices on the market. Some of them are “active” intercepts and others operate passively. Stingray is the product used by the FBI and law enforcement.  Its capabilities are kept secret from the public.

All cellular phones encrypt the connection between the phone and the cellular tower. Thus for an IMSI catcher to be any good, it has to break the encryption or defeat it one way or another.

Essentially there are two ways of getting rid of the encryption:  Knowing the algorithms used by the phone companies and how the key is composed or finding a means to turn off the encryption.  Both are feasible strategies and it is likely that Stingray employs both strategies and perhaps others.

The IMSI catcher is a tool for law enforcement, for intelligence agencies, and for criminals.  Other than Stingray, many of these devices can be bought online. And the US government also supplies such devices to friendly foreign countries and foreign entities.

The heart of the FBI case is that it can use the Stingray because the public has “no reasonable expectation of privacy” when using a mobile phone.  This argument is not generally accepted, and nine states, including Virginia and Maryland, require a law enforcement agency to get a warrant if the agency wants to use a Stingray device, or to agree in advance on the protection of information gleaned from cellular phones that are not part of a current law enforcement investigation.

The expectation of privacy issue was first brought out in Smith vs. Maryland (1979). In that case law enforcement used a “pen register” to record the time, duration and phone numbers called from a phone line belonging to a suspect.  The Supreme Court said that the pen register (an electro-mechanical device) did not record actual phone calls and that use of a pen register did not rise to a violation of either the First or the Fourth Amendments (e.g., Freedom of Speech, Illegal Searches and Seizures).  In an earlier case, Katz vs. U.S., the Court held that warrantless wiretaps were unconstitutional searches and seizures because the public had a reasonable expectation of privacy.  Katz was decided in 1967, before the cellular phone era.

The FBI is not relying entirely on its argument that the public has no reasonable expectation of privacy when using a cellular phone.  It also argues there are urgent circumstances, such as preventing the commission of a crime or stopping a terrorist, where a warrantless wiretap of a cell phone is justified.  To my mind, law enforcement has to have the ability to make an informed judgment there is an imminent risk, and law enforcement should be able to move against these threats.  The same idea is what was behind the War Powers Act, which recognized that the President as Commander in Chief needed flexibility to protect American national security.  Law enforcement needs the same flexibility.

The question is whether one should hang that argument on the idea that the public lacks a reasonable expectation of privacy when using mobile devices.  It seems to me the stronger case is the ability to respond to a concrete threat.

And therein lies the rub, to quote the Bard.  Law enforcement has to take a risk when it uses the argument of dire necessity to justify acting without a warrant.  In other words, law enforcement will need to defend those decisions before an impartial court if challenged.  Law enforcement cannot, willy-nilly run around setting up fake cell towers just to suck up as much information as it can.  Right now, except in those states where there are laws on the books, the standards for law enforcement operations when it applies to IMSI catchers, are far from settled.  That is why, short of specific legislation, the use of Stingrays may end up in the Supreme Court.

Tagged , , , , ,

Ratcheting Up the Heat on North Korea

by Stephen Bryen

The North Korean Internet has gone dark.  Meanwhile the United States has demanded that Korea pay compensation to Sony for the damage they have caused.

First of all, Congratulations to the Obama administration.  After bumbling on this issue for more than a week, it seems they may have got up enough gumption to slam the North Koreans.

Even more importantly, the sordid threats to destroy the White House, Pentagon and other American institutions, perhaps with suicide attacks –all of this coming from North Korea and its inexperienced leader– are dangerous threats. Hitting back sends a message that statements of this kind are war like and unacceptable.  Perhaps the administration will finally forget about the silly language it used calling the attacks on Sony “cyber vandalism.”

It is likely in the days and weeks ahead that North Korea will try and punish South Korea which is regarded by them as an American lackey.  There already is a report that there were cyber attacks coming from North Korea against a South Korean nuclear power plant.  Temporarily at least, with North Korea’s Internet shut down, the Kim Jung-um gang will find launching attacks more difficult.

There is always the possibility North Korea will appeal to its friends abroad, namely China, Iran and Syria and attempt to get them to do what the North Koreans cannot.  But they may find less enthusiasm for this kind of gambit.  A lot of what the Iranians do relies on the Internet, even their nuclear program.  They won’t volunteer to help their North Korean “friends” if the risk is too great and the fear America might retaliate.

This will leave the North Koreans in a box.  Perhaps they can do some bad things with their army or navy, or fire off artillery rounds as they have done before.  But these steps could lead to military action by South Korea or the United States, and North Korea may find itself in big trouble.  One can doubt that North Korea can rally its troops in a country that still is starving.  The whole North Korean ill adventure may come to a crashing halt and even its government could collapse.

North Korea is a mad country.  It is run by a ruthless gang of thugs who don’t care one whit about their own people.  They live high on the hog while everyone else starves.  They waste their human capital and brainwash their people.  One wonders what Putin thinks he is going to gain by lining up with these guys.

Decidedly the response by the United States to North Korean cyber attacks and provocations is good news.  Perhaps it will help the administration to understand that North Korea is a danger to world peace. The idea that North Korea is building up a nuclear arsenal and is well along on missiles that can deliver nuclear warheads is a dire prospect.  Nothing is impossible in the wacky world of North Korea’s leaders.

In the meantime perhaps the Obama administration, if it can keep its focus and act maturely, will recognize that it now has a hold of the tail of the enemy and should not let go.  North Korea is a first step, but the United States should not tolerate cyber warfare by any foreign nation.  Not only is our country being ripped off, but our security systems are deeply at risk and exposed.  This needs to stop and hitting them back where it matters is how you send the right message.

Thus, Congratulations to the President.  Don’t stop and don’t flinch.

Tagged , , , , ,

When There Is No Price to be Paid the Hackers Win

by Stephen Bryen
If there is one salient fact that emerges from the now infamous Sony hack it is that the bad guys won.  The bad guys won because there they paid no price for the damage inflicted.  In the Sony case the hackers are outside and beyond the law, so their backers and sponsors are encouraged to cause even more damage in future. To stop cyber attacks, particularly those sponsored by foreign governments, we need to respond to attacks now.
Sony is a movie company, a major cog in the entertainment industry.  Whether Sony rises or falls has little or nothing to do with national security.  There are plenty of other entertainment companies that can fill the gap if Sony drops out, something that Sony surely understands.
But the sort of intimidation attack suffered by Sony is non trivial, and presages similar attempts that surely will come by hostile actors to intimidate our government.  The Russians have used such attacks against at least three former Soviet Republics (Lithuania, Georgia and Ukraine), electronically hacking telecommunications, banking, government and military organizations. Newspapers have also been attacked by foreign hackers, signalling displeasure over certain stories. The North Koreans have also pummeled South Korea with cyber attacks, destroying hard drives and shutting down banking operations.  One South Korean bank was out of commission for more than two weeks.
Despite precautions, cyber attackers can often stay one step ahead of protection mechanisms.  Sony, of course, had little in the way of cyber security protections, making it an easy soft target for hackers.  But even better protected systems can be penetrated. 
Liran Tancman CEO of CyActive in Israel, quoted in the Times of Israel, says “Cyber-security is, for the most part, reactive, not proactive. A company will spend hundreds of thousands or millions of dollars to secure themselves against a major malware variant, fighting off a specific attack.”  But hackers can often get around better protected organizations. “All they have to do is insert some changes in their malware code, and they are in the clear. For $150, a cyber-criminal can hire a hacker to do $25 million of damage, and then do it again a few months later, making very minor changes to their malware code.”  (See )
In the wake of the Sony attack, former Republican Speaker Of the House and presidential candidate Newt Gingrich says that we have lost our first cyber war.  Commenting on Twitter, Gingrich said “it wasn’t the hackers who won, it was the terrorists and almost certainly the North Korean dictatorship, this was an act of war.”
Gingrich begs the question: if a serious cyber attack is an act of war, how should America respond?
The Pentagon has set up Plan X supposedly to respond to cyber attacks by launching cyber assaults of its own as retaliatory strikes.  But nothing like that has happened. Russian, Chinese, North Korean, Iranian and Syrian hackers –all government backed– continue to operate unabated.  Is there a threshold that remains to be crossed, and when it is will the Pentagon launch a massive retaliatory cyber attack on the perpetrators, namely the governments that sponsor the hacks?  Plan X is a nice idea, but it is a wasted effort unless it is used.
Hacking is a cheap crime to commit unless there are costly consequences.
It is a bad idea to wait around until a massive cyber attack leads to costly consequences such as paralyzing our government and military, creating a run-away chain reaction cascade at a nuclear power plant, or wrecking our banking system.
A prudent policy is to start striking back when we are hit the first time, not the last time.  Only in that way can limits be set and warnings understood.  If the United States answered even one of the Chinese-Russian-Iranian-North Korean-Syrian attacks by a strong meaningful response, the bad guys would get the message.  Then the hackers would lose.
Tagged , , , , , ,

The Day the Critical Infrastructure Goes Up In Smoke

by Stephen Bryen

It is virtually certain now that the critical infrastructure of the United States will, in whole or in part, crash in the next few years, if not sooner. What is the critical infrastructure and how does any of this matter to you?

There are different ways that critical infrastructure can be understood. The Department of Homeland Security breaks it down into “sectors” that include the information technology sector, energy sector, communications, health care and public health, commercial facilities and transportation systems. To this we can add government and military operation and law enforcement as sectors of prime importance if any of the “sectors” collapses.

Consider the following simplistic scenario. A number of nuclear and conventional power plants stop functioning, creating a grid crisis that cascades, leaving major cities without electrical power. Some facilities, those with natural gas generators, may function; but most services will shut down, factories will close, and law enforcement which certainly will include National Guard deployments will be under pressure to prevent lawlessness and panic. Gas stations will not be able to pump gas, so after a few days most cars won’t run. Traffic signals will be out. Trains won’t run and planes won’t fly. Some radio may stay operating, but as people’s phone batteries run down, communications will be more difficult. Even worse, food stores will run out of supplies and can only operate in daylight hours and without cash registers, lighting or refrigeration. Government services will also stop and government employees won’t be able to go to work or be paid. Services like Medicare and Social Security will be suspended. Financial services will halt; the stock market will be suspended and for all intents and purposes crashed. No one will get a paycheck and the value of the dollar will plummet. Inflation will soar, just as it did in the Weimar Republic.

Why would a crisis like this happen? There is a natural causes scenario, where an overloaded and badly managed power grid just disintegrates taking with it all the services described above and a lot more we have left out. There are different points of view as to whether a natural causes scenario will happen, or even if a natural causes scenario could be recognized.

The emerging scenario is a successful cyber attack that brings down the power grid. This type of attack could happen so swiftly and cause so much physical damage that understanding what happened and figuring out how to bring the grid back on line is a non-trivial problem.

Our government is focused on attacks on the critical infrastructure from China, or Russia or Iran. A real attack is a form of war, and one would expect that a state actor would not sponsor such an attack unless there was a parallel conflict, or at least a series of events leading up to a military confrontation.

But are these expectations realistic? The recent Sony attack, which many are still trying to understand, may have been caused by a collaboration between North Korea and Iran. North Korea had a score to settle with Sony Pictures because of a film with an unfriendly portrayal of the North Korean dictator. As North Korea and Iran are closely collaborating on nuclear weapons and missiles, it makes sense to think that if the North Korean dictator asked for Iran’s help to attack Sony, that could have been easily arranged. While North Korea’s capabilities in cyber are suspect, Iran is well advanced thanks to help the Iranians have gotten from Western European companies anxious to cash in. Companies such as Siemens have also transferred critical SCADA technology to Iran, so the Iranians have all the tools they need to attack power grids, refineries, manufacturing centers and transport systems.

As a matter of fact, because it is difficult to pinpoint who is behind a cyber attacks on the critical infrastructure, it is mostly guesswork to assign blame. For example, if Russia actually attacked the American power grid (perhaps because President Putin was tired of hearing lectures from the Obama administration) can we be sure it was the Russians and not some other state or non-state actor? In today’s crazy world, non-state actors often are employed by governments (including our own) to hack someone’s network or system; and we also know that many intelligence agencies collaborate so that what might be illegal in one jurisdiction can be done in a place where taking such an action is not against the law.

An equally big problem is how one can respond to a cyber attack on the critical infrastructure. Supposing there is some reasonable certainty about the source of attack, how does one respond? Attack the other state’s critical infrastructure –tit for tat? It is not clear we yet have the capability to do that. The Russians, who inherited the systems built in the old Soviet Union, always kept their power systems, communications networks and government systems secret. Moreover, many of the systems the Russians have are built with seperate government and military hook ups and are redundant; furthermore a good many of them are buried underground.

This leaves the US in the unenviable position of needing to take some other kind of action to respond to a critical infrastructure attack. Whether we can truly take a military risk is an open question. Military escalation with a well-armed nuclear power is very risky, as the famous Cuban Missile Crisis illustrates.

In short, the problem is assymetric and difficult. While the Pentagon has put in place Plan X to be able to respond to cyber attacks, no one knows whether Plan X is much more than smoke and mirrors.

A key question is if you have limited options to respond to a successful attack on the critical infrastructure, can you find a way to protect the critical infrastructure from attack or at least mitigate damages should such an attack occur.

When Russia got the atomic bomb and the Cold War was in full swing, we had Civil Defense. Some readers may remember being taught to duck under a desk at school, or line up in areas thought to be more resistant to bomb blasts. Many Americans built and equipped and stocked bomb shelters. Some folks went so far as to buy cabins deep in the countryside in order to survive.

A Civil Defense program invites the notion that the threat is great enough to warrant taking defensive measures.

We have not done that to protect the critical infrastructure. Despite a lot of exhortatory legislation supposedly pushing the idea of protecting the critical infrastructure, doing that has mostly been left to the private sector owners of major critical infrastructure elements. It is not that they have not tried to put some security around their systems. But individual companies cannot compete against dedicated, well funded foreign government assaults. While the US government could try and fill the gap, the record to date on providing real help is spotty. A lead agency, the FBI, has created something called InfraGuard, a public private partnership, but everytime a business or infrastrcture player asks for help, they get blank stares and an unwillingness to share intelligence or practical solutions. The same holds true for the Defense Department, the NSA, the Department of Homeland Security –not really helpful.

Part of the problem is institutional. Some of these agencies are poorly equipped to provide solutions when most of the time they are trying to break into someone elses network. Some of it is a lack of leadership: lots of talk and not much else. And some of it is because of the dependency that has developed on commercial computer products and technology, most of which is ill suited to security.

The result of these multiple conundrums is that the United States is ill prepared to deal with any threat to our critical infrastructure, has no clear way to respond to attacks, and has no solutions that really help defend what we have. Are we to wait until the mostly inevitable happens and we are without light and power, fuel, food and medical support? Do we really want to risk urban riots, disease and upheaval?

The answer should be self evident.

Thus the question is, what should we do. It makes no sense to continue to “study” the problem: we need to solve the problem.

I have proposed a kind of Manhattan Project for Critical Infrastructure Security. The idea is to create a large team of the best experts available, with suitable policy leadership and substantial funding on the order (for starters) of $2 billion. The goal: build secure America-only computer network systems for the critical infrastructure from the ground up. There are some problems that will be very challenging, for example how to use computer hardware that is manufactured in China and in other places where malware and Trojans can be built in at the point of manufacture. There are other problems, how to manage authentication and encryption so that no part of any critical infrastructure network lacks encryption. This means very strong encryption that needs to be available to American critical ifnrastructure elements and that is constantly tested against external threat. But all these problems can be solved if there is a real will to do it.

I used the funding number of $2 billion because that is what the Manhattan Project to develop the atomic bomb cost originally (in 1945 dollars). Today $2 billion is a drop in the bucket and may not be enough. But it is, as they say, a good start.

The Manhattan Project should be run by the best and the brightest and not by any government agency. Government can have a seat on the board, but not management of the Project. The program must be authorized by Congress; must be non-partisan, open only to US citizens with security clearances, and run in secret. Critical infrastructure organizations and entities need to be vetted and made ready to accept and support a classified program. Administratively this is a big project, but just as the original Manhattan Project ultimately employed tens of thousands of people, so too would this project involve thousands organized entirely on a need to know basis.

If we wait much longer we will be sitting in the dark or worse.

Tagged , , ,

Is Hollywood Going Back to Flip Phones?

Hollywood stars, producers and writers are so worried by hacks at Sony and the compromise of “selfie” nude photos, many are saying they are going back to Flip Phones to protect themselves.  Are Flip Phones safer than today’s smartphones?
A Flip Phone is called a “Feature Phone” in the trade.  It is not a “smart” phone, but it can do some of the things a smartphone can do.  For example a typical Flip Phone can receive email, SMS (text) messages, send photos, keep a calendar and use Bluetooth.  The big difference is in the Operating System and the fact that Feature Phones typically don’t use high speed data connections such as 3G or 4G or WiFi.
Feature Phones also don’t have operating systems like iPhone, Android or Windows, although some of them might have cut down versions of these systems. Mostly they have semi-programmable software sets that support the phone’s functions.  
But Flip Phones are certainly not “safer” than smartphones.
For example, Flip Phones have GPS chips and your location can be tracked on a Flip just as well as you can be tracked on a smartphone.
And SMS, Email and pictures can be easily intercepted by government organizations as well as by hackers.
There is even pretty good spyware that can be installed on some Flip Phones.
What Feature Phones or Flips generally don’t have is much access to social media such as Facebook which needs a data connection. Nor can you use programs like Skype for communications.  But you can access the Internet, although the connection is very slow.
If the Hollywood types can live without high quality nudie photos and the social media, maybe the Flip Phone will work for them. But it won’t make them much more secure.
Just like smartphones, communications on a Flip or Feature Phone are just as vulnerable to intercept as they are on a smartphone.  In fact, maybe even more so because you can’t put your own encryption on a Flip or Feature Phone and many Flip Phones have only rudimentary scrambling that can easily be turned off by any hacker.
The truth is there is neither much protection nor much future in Flip Phones, which is why they are increasingly losing market share.
The big problem for everyone is that as far as smartphones and Flip Phones are concerned is that we are living in the “wild West” in the sense that there are few security standards, lots of spaghetti code, too much foreign manufacturing and tampering, and a home government that exploits all these vulnerabilities meaning that our government is compromised and won’t do much to help the average citizen, or even the above average citizen (assuming such a citizen exists).  This leaves American business at risk and it violates most of the freedoms we are supposed to enjoy. Folks in Hollywood are rightfully offended, but the big picture is even more challenging.
Tagged , , , , , , , ,

Saving the Critical Infrastructure

by Stephen Bryen

founder and former head of the Defense Technology Security Administration

I have been writing about cyber security for many years.  I believe I have some credibility in this field.  I headed and ran the Defense Department’s program for technology security as the Director of the Defense Technology Security Administration and as a Deputy Under Secretary of Defense.  I also started and ran two cyber security companies, one in the 1990’s called SECOM which was the world’s first secure chat program, and currently Ziklag Systems which markets secure mobile smartphones.  Over the years I have been increasingly concerned about the vulnerability of our critical infrastructure and the risk to America.  My concern has escalated along with growing and successful cyber intrusions into our power, energy, transportation and government grids and networks.  And I have found it shocking that no one seems to  know what to do about the menace.

Somehow our leaders in the administration and Congress, even Admiral Mike Rogers who heads NSA and the US Cyber Command, all of whom clearly understand the threat and risk, seem clueless on how to fix the problem.

Meanwhile China, Russia, Iran, Syria and plenty of rogue operations are increasing the pressure on us by attacking our computer networks.  Nothing is safe.  Not our defense Command and Control systems, our missile defenses, our energy grid, our refineries, our nuclear power plants, not even our telecommunications, transportation, water supply or health care systems are secure.

The reason for that is easy to see.  All our computer networks rely on computer operating systems hardware and software that has been distributed all over the world.  Since almost everything about those systems is public, it is easy for attackers with sufficient resources to take them apart.  It should surprise no one that virtually all of our hardware is made in China, introducing a massive vulnerability into our critical infrastructure.

Add to this tremendous weakness the problem of SCADA systems.  SCADA is the supervisory control and data acquisition system used by nuclear and conventional power plants, heating and cooling systems, manufacturing centers, refineries and lots of other automated systems.  There are only two or three SCADA systems in the market with wide acceptance, and they are used worldwide.  Once again, both the hardware and software for SCADA is accessible to foreign regimes and terrorists as well as other rogue actors.  It is the SCADA that was the center of the attack on Iran’s uranium enrichment centrifuges where the US and Israel hoped to slow Iran’s acquisition of an atomic bomb.  What was done with the Stuxnet worm to damage Iran’s nuclear program likewise can happen to us.

Patching computer operating systems and fixing SCADA software won’t work.  This is proven empirically by the growing frequency of successful attacks on critical infrastructure systems,.  If patches worked, they would save us from attack.  But the plain fact is that they may help a little but not enough to stop a determined and resourceful adversary.

China, one of the countries known to be tampering with our critical infrastructure and helping to finance its growth by stealing defense designs and technology from our leading companies is already taking steps to keep us out of their networks by producing their own computer operating systems they won’t share with us.  We should take a clue from China. For critical infrastructure security we need secure operating systems and a new secure SCADA that replaces all the commercial equipment and software we have been using.

Changing over to a government proprietary secure system is a vital step in locking down our networks and management systems.  It requires a bold and determined initiative by the US government, and it needs to be accompanied by security measures that are well drawn and deeply monitored to provide an additional layer of protection.

Above all we need a policy based on “win win” not on hopes and fictions we can make what we have work. It is foolish to wait for the worst to happen, as it surely will.

Tagged , , , , ,

Get every new post delivered to your Inbox.

Join 2,229 other followers