Archive for the ‘nukes’ Category

Am I right in thinking that Andy Hayman’s testimony yesterday fingered Met press chief Dick Fedorcio? Hayman admitted he’d regularly had dinner with News International executives while he was meant to be investigating them. He mentioned that he had done this in the company of the head of communications of the Met, presumably with his approval, although Hayman was also acting in his capacity as ACPO media lead.

Fedorcio has had the same job since 1997. He was named by Nick Davies as having been present in the meeting where the Met demanded to know why Dave Cook was being followed by News International private detectives, and apparently intervened with senior police officers to get them to go easy on NI. Surely the guy in charge of police-press-political relations is a key figure in a scandal that’s all about relations between the press, the police, and politics?

Like the key News International men, Alex Marunchak and Greg Miskiw, there’s no sign of him. The Home Affairs committee, and indeed anyone else who wants the truth about this, must call Fedorcio without delay. Oh, and is Greg Miskiw in the UK?

Second point. Yesterday’s New York Times claims that Miskiw and others on the NOTW were able to locate mobile phones by paying £500 a shot to a corrupt police officer. That is to say, this policeman had access to the lawful intercept systems that are part of all GSM and UMTS cellular networks, or at least he could task people who did. ETSI Specification 01.33 defines this as a standard element of all GSM networks and the corresponding 3GPP TS 33.106 does so for UMTS ones.

If this is so, they could certainly also get pen-register information – lists of calls to and from given phone numbers – and even tap the calls themselves.

This is a massive violation of the UK’s critical national infrastructure security, of the Regulation of Investigatory Powers Act, and of the Data Protection Act. News International, their police contact, and the police force responsible (not necessarily the Met) should all be prosecuted.

There is an urgent need to audit the lawful interception systems’ logs, among other things to find out if there are other unauthorised users out there. International standards foresee a detailed audit trail as part of these systems in order to preserve the legal chain-of-evidence. If the Interception Request message was submitted in proper form from the police to the telcos, the operators are legally in the clear, but if I was in charge of their network security I’d suspend processing the requests until such an audit was carried out as we now know that an unknown but significant percentage of them are illegal.

Thank fuck we didn’t build that giant national ID card database.

Third point. Not that anyone will answer this, but were any of the Prime Minister’s designated deputies for nuclear retaliation subject to illegal telecoms surveillance?

Fourth point. Circling back to the Defence Vetting Agency and Andy Coulson, the vetting procedure as described on the DVA Web site states that in some cases, the decision may be taken to issue a security clearance subject to risk management measures taken by the department involved. In these cases, the DVA will disclose information to the sponsoring department that it would usually keep confidential. Did they make such a recommendation to the Prime Minister’s office, and if so, what was the information?


Did I mention that Arms Control Wonk is still great? The guided nuclear bomb. Bureaucratic consequences of A.Q. Khan. The clean-up of Semipalatinsk, including an actual loose nuke, which was disposed of back in 1995 without anyone getting hurt.

Via yet another really excellent Arms Control Wonk piece on Indian and Pakistani nukes, it turns out that A.Q. Khan, formerly of Khan Research Laboratories, the man who sold the world the unofficial open-source community version of the Urenco enrichment cascade, and now of luxurious house arrest right up until the Navy SEALs climb over his back garden wall, has a blog.

It’s in Urdu, but I know a man who can deal with that and who has blogging time on his hands.


Following up this post, here’s a really interesting piece in Dawn on the Indian-Pakistani nuclear balance and the implications of the COLD START doctrine. It’s an especially good point that if India really wanted to punish Pakistan after a “Mumbai II” terrorist attack, they could do so very effectively and much less dangerously through economic sanctions, given how much fuel Pakistan imports and that most of it passes through one port.

In the light of this, it’s hard to avoid the conclusion that the Indian military preparations are simply unwise – in a classic post at Arms Control Wonk, Michael Krepon discusses why Pakistan is continuing to build more nuclear weapons and concludes that the factors at work are as follows. First of all, Indian leaders’ public statements are threatening – to use cold-war terminology, although their military planning is moving towards “flexible response”, their declaratory policy contains a lot of “massive retaliation”. The combination is toxic. Trying to make the conventional forces more usable is potentially provocative. Statements about nuclear strategy like this one, combined with faster response times, begin to look a lot like an offensive doctrine:

The Indian Chief of Army Staff, S. Padmanabhan, sang the same tune – that if Pakistan resorted to first use, “the perpetrator of that particular outrage shall be punished so severely that their continuation thereafter in any form will be doubtful.”

Secondly, although nuclear weapons cost a lot to acquire in the first place, they get much cheaper once the programme has been capitalised and the process industrialised. This was a major theme in the high cold war – the original Manhattan Project was designed to scale up to five bombs a month, achieved that ahead of schedule, and in fact scaled even further. Also, they are often considered cheap in terms of their strategic value. Nukes scare people; Pakistan will never be an industrial power like India, but now it has the production line going, it certainly can add more bombs and more target packages faster than the Indian economy can grow. Krepon makes the interesting point that the limiting factor isn’t the nukes so much as the delivery systems – a country like North Korea can build a nuclear device of sorts, and Pakistan can run a bomb factory, but only a fully diversified industrial economy can make the aeroplane or the missile to carry them.

This has certain consequences for the Pakistani strategic targeting plan. In comments at ACW, someone asks whether they might be thinking of making use of man- or at least vehicle-portable weapons, the famous suitcase nukes. Another, slightly less terror-licious point about this is how the Pakistan Air Force is operating. If they have plenty of bombs but relatively few aircraft, they have to preserve the strike-force (the P-Force, perhaps, by analogy with the 1960s RAF V-Force) at all costs. This implies putting as many planes as possible on quick-reaction alert, dispersing them early in a crisis with the weapons, and keeping open the option of dispersing them in Afghanistan. (We may now begin to see why they care so much.) It also suggests that it would be very difficult to target anything in the Pakistan Air Force without threatening the nuclear assets, and that they might be keen to use tactical nuclear weapons – it’s a relatively cheap substitute for a much bigger army, and (as NATO found out in the high cold war) if you have more and more atom bombs hanging about, pure bureaucratic logic tends to get them assigned to targets.

This is a special case of the principle that mayhem is easy and order is difficult, of course.

The good news, such as there is, is contained in this wikileak, a 2008 cable from the US Ambassador to India. Interestingly, he points out, there are good reasons to think that COLD START is likely to be well named. It takes longer than you think, and when you turn the key there’s a lot of grinding and coughing and fuss before anything happens. So you might be tempted to go for a nice cup of tea and come back later, or perhaps have some biscuits and another cup of tea and turn to page 3, or just do something else.

Although the doctrine is explicitly designed to avoid threatening the existence of Pakistan as a state, and therefore to permit Indian military retaliation without triggering anything nuclear, it is seen as threatening both because it is intended to permit military action – to sneak under the wires of deterrence – and also because it is intended to reduce the relevance of Pakistani nuclear forces. The Indians, if the ambassador’s analysis is sound, are aware of this and are actually quite unlikely to implement it. One way of looking at the complex administrative machinery and politics he outlines is as a deliberate brake on doing anything hasty. Alternatively, it may not have been created deliberately as a check on the military, but if that is the case, it is interesting that it is tolerated. A state that really did intend to carry out a partial mobilisation and a 72-hour blitz from a standing start would have made sure that the code-word would be given. To some extent, the Indians may be experiencing self-deterrence.

The cable also points out that the terrain has changed since 1971 and that some of the ground is now much more urban and more defensible, and also that there are logistical problems that have yet to be solved. Taking an interpretative view, you might say that the real purpose of COLD START is to reject the idea that the international community has any veto on Indian action and to signal non-deterrence to the Pakistanis, while not actually doing anything dangerous. However, the problem is that the signalling succeeds all too well. In fact, the point that all arguments based on “credibility” are crap strongly applies. Either they are taken at face value, in which case they are dangerous, or they are seen through, in which case they are useless.

So, the D-word. What should anyone do about it? This is traditionally the moment at which it becomes obvious why the abbreviation for the discipline of international relations is pronounced “Errr”. But I think the answer is that Kashmir is still the issue. Only real concessions affect perception. Further, it would be very good news if the Indians disavowed COLD START and looked at an alternative reaction plan, perhaps concentrating on the economic side as mentioned in the Dawn link. But you try getting them to do that. Finally, and again spinning off that Dawn piece, the real role of the Pakistani nukes is to secure the special place of the military. Errr, indeed.

A question

How did the Americans make sure their raid on Osama bin Laden wasn’t misidentified as Pakistan’s real enemy? This was surely a major planning constraint. It’s been suggested, plausibly, that the bulk of their radar assets are positioned along the international border and the LOC, but once you get to Abbottabad you’re not that far from the Line of Control. There’s been a lot of interest in the helicopter that was destroyed, and specifically if it was either a hitherto unknown type or else a Blackhawk modified to be stealthy. But stealthy is a relative term, and a helicopter will never be really stealthy as its rotor blades are constantly changing aspect towards any radar source.

There’s an interesting French paper here on Indian military doctrine – apparently, part of the lessons-learned exercise after the 2002 crisis and mobilisation was that the whole process took too long, and left far too many opportunities for the international community to get involved and yell “stop!”. (This may not be the lesson one would hope had been learned.) As a result, they came up with a new doctrine, known as Cold Start, which foresaw a quicker response to provocation from Pakistan, using forces already posted nearer the border to carry out raids with limited territorial objectives, closely integrated with air power. The point that the objectives are limited in terms of territory is important – as I mentioned above, a lot of things in Pakistan are not far from the border. They might not be very limited in terms of importance, for example, nuclear sites or major headquarters, or perhaps key ISI or jihadi figures.

(Ah, we had one of those, didn’t we?)

Obama’s counter-terrorism advisor, John Brennan, was quoted as saying that the Pakistani air force scrambled its quick-reaction alert of fighters during the mission. This may of course be disinformation, or just wrong. It could imply that for a while at least, there was an elevated risk. Or perhaps the plan was designed to make it obvious that the helicopters were coming from the direction of Afghanistan, and they wanted the radars to detect them at some point during the operation…

It would be very interesting to know if the Indian government was informed at any point.

So what about those North Koreans? As the SWJ put it, a small war in Korea was postponed. I’d query “small”, especially in the special sense they use it – it wouldn’t have been particularly small and it would have been defined by high-intensity battle – but perhaps they are really thinking of whatever would happen after North Korea, as in David Maxwell’s paper I linked to. (Maxwell turns up in the comments thread.) The postwar is reasonably certain to show up; the big question is whether Korea has to go through the big war to get there.

It’s worth noting that the North Koreans took care to be seen to be alert and causing trouble during the exercises off Yeonpyeong, but without doing anything that would be unambiguously hostile. It’s also interesting that they seem to have used electronic warfare as a way of signalling their continued determination to fight in a field that wasn’t a direct challenge to the South Koreans and their allies.

Actually, all parties to the conflict attempted to find alternative forms of confrontation in order to exert power while trying to keep control of the escalation dynamic. I recently saw somewhere on the Web a reference to the idea that having multiple independent forms of power or status was an egalitarian force in society as they could balance each other. It’s certainly an important concept in international politics. North Korea’s original bombardment of Yeonpyeong was a direct and physical, kinetic, attack on the disputed border – at one level, they hoped that if there was no response from the South, they would have set a precedent that South Korea could not treat the island and part of the surrounding sea as entirely its own territory. More strategically, it was a demonstration that they were willing to cause trouble in order to extract concessions, and that they were willing to escalate significantly.

From the Southern side, there were serious restrictions to the possible response. Anything they could do in the same context would either have involved risking bringing about the big war, or else risking a disastrous fiasco – a major raid over the border would have been too much, a commando operation to destroy the guns facing Yeonpyeong would have risked ending up with prisoners in North Korea. There is not much at the moment they could do to put pressure on North Korea economically, and the North Koreans often respond to economic problems by provocations designed to get economic concessions. The North Koreans held escalation dominance – they could choose whether to go further, without necessarily having to go for the ultimate deterrent.

This is why the navies were so important. Although they were constrained in what they could do in one context, the Peninsula, the US Navy and its allies were not so constrained in bringing ships into international waters in the area. The response was to move the focus of the conflict into a different context. Also, cooperating at sea allowed Japan and South Korea to demonstrate alliance unity in a way that they could not otherwise – nobody would bring Japanese troops to Korea, for example, but there is no such objection to Japanese, US, and South Korean ships (or aircraft) cooperating. This is still true even though the US-made or US-inspired equipment aboard those ships permits them to cooperate very closely indeed, with radars aboard one ship, aircraft from another, a command centre in yet another, and missiles aboard a fourth being internetworked.

Also, there was very little the North Koreans could do about it without taking unacceptable risks (even for them). The biggest concern for the allied ships was that the North might lay mines in the narrow seas west of Korea. Paradoxically, the North Koreans were probably self-deterred from doing this – had they got lucky and sunk the Jimmy Carter while she was spying around Yeonpyeong, the consequences would probably not have been ideal from their point of view.

Another parallel form of conflict was the nuclear issue. North Korea had just revealed its new uranium enrichment cascade when it started shelling Yeonpyeong, after all. Bill Richardson’s officially-unofficial mission to North Korea brought back the offer to sell North Korea’s stock of plutonium to the South. This sounds better than it is, precisely because they now have the capability to use uranium rather than plutonium. On the other hand, accepting it is sensible – it’s a matching concession to de-escalate the situation, less plutonium in North Korea is probably desirable, and it moves the nuclear debate onto the slower “enrichment track”.

The nuclear debate also provided an opportunity for the Chinese government to play the role of turning up late but bringing a solution. If the 12,000 rods do leave North Korea, a big question is where they would go. The Chinese might buy them and might even offer fuel of some description in return, a replay of the 1994 framework agreement.

In my continuing fit of doom about Korea, this isn’t helping – a US Military Sealift Command reserve freighter full of Maritime Prepositioning System kit is practising offloading it all in a Korean port. Supposedly, when they’re finished they’ll put it all back aboard and sail away. If you believe that, though…

The MPS is the US military’s way of saving time shipping stuff around; they basically keep all the gear for an Army or Marine brigade packed in a ship somewhere strategic. Instant force, just add soldiers, who can come by air. This has a nasty logistics sound to it. Meanwhile, there is a real danger of war, says a Korean strategist from CSIS. Serious politicians are saying things like “reunification is drawing near” and that the Japanese military might be sent to look for people abducted by North Korea. That last one, from the Japanese prime minister, has an even nastier propaganda sound to it.

The Chinese envoy has been to Pyongyang, while the Foreign Ministry has had a pop at the US commander in chief in the Pacific, Admiral Mullen. This could be good news in the sense that Chinese engagement might warn off anyone from doing anything dangerous. The US Deputy Secretary of State is going to Beijing soon with a delegation, followed by Robert Gates next month.

And if you want to know what a joint US-Japanese carrier fleet looks like

Ill-coordinated links. Great news in RepRapping – South Korean scientists have succeeded in getting bacteria to make polylactic acid. PLA is the RepRap project’s favourite feedstock because it’s a reasonably tractable, general purpose plastic that can be synthesised from starch. The synthesis is not exactly simple, which is why outsourcing the job to germs is interesting. As the kit of parts now costs about £395, I really ought to get started with one of these. Now there’s a Christmas present for you. “Engineered bacteria not included.” MUM! YOU FORGOT THE GERMS!

The uranium-enrichment deal with Iran is still on, but they are looking for stronger guarantees of getting the promised fuel for their research reactor. I reckon this is going to come down to the exact number of kilos that leave at a time, and therefore to a fine judgment about the efficiency of their centrifuges.

Spencer Ackerman mourns a great Mod shop. I remember that Klass Clothing in Leeds was about the first business of any kind in town to have a Web site, apart from these guys for obvious reasons. That’s gone, as is Sam Walker in Covent Garden…and possibly even the SL1200!

Bruce Schneier and Jason Sigger, usually sensible sources, both mock a study by some thinktank or other which raises the supposed possibility of hackers “using the Internet to start a nuclear war”.

As they both point out, the possibility of anyone getting access to the actual command and control firing chain with metasploit is so remote as to be ridiculous, and we’d do much better to worry about tidying up old radioisotopes in Russia, and perhaps not having quite so many nuclear bombs.

My only objection is that we have, in fact, lived through a serious attempt to do just that, immediately after Lashkar e-Toiba terrorists attacked the centre of Bombay in December, 2008. As you might expect, they didn’t try to get control of nuclear weapons from the command line.

Instead, they attempted to use the Internet to influence the political leadership – they placed a call to the Pakistani president’s office, spoofing the calling line identification message in order to give credibility to their effort to pose as the Indian foreign minister. My technical analysis is here; the Indian government’s investigation later showed that the attackers set up a VoIP network with nodes in the US and Austria for their own use.

Presumably the idea was to provoke the Pakistanis into doing something that would destabilise the situation, causing the Indians to respond and thus triggering Pakistani mobilisation for real. The Guns of August, 2.0, with Princip using a Linksys SIP handset.

Clearly, there is still a need for the existing nuclear states to help the new ones establishing solid command and control procedures, including the communications elements that make them work; one of the problems of international crises is that the system to be secured suddenly gets a whole lot bigger, as other systems – in this case the diplomatic/protocol bureaucracy – become closely connected to it.

It’s not the early 80s hackers of War Games we need to worry about – instead it’s essentially trolls, provocateurs, empowered by the technology available to today’s spammer.

It strikes me that the possibility of ambiguous identity is a hard one to grasp; for a very long time, it was safe to say that such a message was unlikely to be a fake, and if it was, it was probably faked by a proxy for the real enemy. Consider the case of 4chan vs. AT&T.

AT&T null-routed the server which carries the bulk of 4chan’s content; everyone freaked; AT&T claimed that a denial of service attack was coming from that IP range. But it was hardly likely that the 4chan crowd, of all people on the Internet, would have been daft enough to launch a denial of service attack from their own machine – DOSs have essentially always been distributed over many, many hacked computers (DDOS, for Distributed Denial of Service) since the first botnets emerged in the early 00s, this being harder to counter, offering much more stolen computing power, and being much more difficult to trace to its source.

A detail in the Ars Technica story explains it all. One of the sources cited mentions “persistent ACK scans” – when a computer wants to start a TCP connection, as used for the Web, to another, it sends a message called a SYN to the receiving party, which if it gets the message and wants to reply, sends a message called an ACK to the address provided in the SYN. If received, the sender replies with a SYN-ACK and then starts transferring data.

4chan was experiencing a DDOS attack itself at the time. Putting these bits together, it’s clear that the attackers were altering the source header in the packets they threw at 4chan to point to a machine somewhere in AT&T’s network, so that every one received generated a further packet thrown at the AT&T machine. This is a classic; it gets you two attacks for the price of one, it conceals your own position, and it brings the possibility that AT&T might go ape and do the job for you. If the first target is especially big, you could also use it to magnify the volume of traffic, in a so-called reflector attack.

It’s surprising and depressing that they weren’t aware of that; no more surprising and depressing, however, than the way so many people have been willing to believe patently false information just because it’s “secret”.

Remember this post? Well, Geoff Forden at Arms Control Wonk has a brilliant series on the system that Stanislav Petrov was monitoring, how it worked, what went wrong, and how to draw conclusions from pictures of a missile launch with Google Earth. And why you should worry now.