JC Chairman Dempsey Not Happy with WH

Can you list those in those in the Obama administration graveyard? The White House has rarely met with any cabinet secretaries to date during the Obama administration. Then top people have moved on to private business. Like who? Robert Gates, Leon Panetta, Hillary Clinton, Chuck Hagel, John Podesta, Kathleen Sebilius, Janet Napolitano, Jay Carney, Robert Gibbs, James Jones, Anita Dunn, Van Jones, Peter Orzag, Larry Summers,  General McChrystal, General Carter Ham, General David Petraeus, Rahm Emanual, Christina Roemler and there are more.

Now the question is why….perhaps at least one very important reason is micro-managing. In case you need proof, read on.

Joint Chiefs chairman distances himself from Obama promise on Afghanistan

The chairman of the Joint Chiefs of Staff doesn’t entirely share his boss’s unbridled optimism about the future of Afghanistan.

President Obama last month vowed that Afghanistan never again will be a breeding ground for terrorist attacks against the U.S., reassuring troops that they accomplished their mission as official combat operations came to an end.               

 

But Gen. Martin E. Dempsey on Sunday distanced himself from that statement.

“You’d have to ask the president how he could say that,” Gen. Dempsey said on “Fox News Sunday” when asked how the president could be sure Afghanistan won’t again become a safe haven for terrorist groups such as al Qaeda.

Mr. Obama made the remarks during a Christmas Day address to troops stationed in Hawaii. The president long has cast the Afghanistan War as a worthy fight and one critical to U.S. foreign policy moving forward, as opposed to the Iraq War, which he has characterized as a mistake.

“Because of the extraordinary service of the men and women in the armed forces, Afghanistan has a chance to rebuild its own country. We are safer. It’s not going to be a source of terrorist attacks again,” Mr. Obama told the troops.

Gen. Dempsey made clear that he believes the new government in Afghanistan will be a cooperative partner with the U.S. He also said he believes Afghan security forces have shown encouraging signs that they are willing to defend their country.     

 

But he stopped short of endorsing Mr. Obama’s blanket vow.

“I personally think there will be pockets inside of Afghanistan that change hands from time to time because that’s the history of the country,” he said. “But I think that we’re in a very good place in Afghanistan in terms of giving them a chance to do exactly what the president said. But we’re going to have to keep an eye on it.”

In the wide-ranging interview, Gen. Dempsey also addressed accusations — some from numerous former Pentagon officials — that the White House micromanages the Defense Department.

The charges have come from, among others, Defense Secretary Chuck Hagel, who unexpectedly resigned in November.

Gen. Dempsey said he believes the Pentagon’s relationship with the White House should be measured by whether he has access to the president and whether top administration officials listen to what he has to say.

“The metric we should be focused on is access and whether my advice influences decisions,” Gen. Dempsey said. “Whether someone wants to characterize the desire, the almost insatiable appetite for information about complex issues as micromanaging, they can have at it. But for me, the metric is access and advice.”

Still, he acknowledged the criticism in a tongue-in-cheek way when first asked the question.

“If you’re asking me if I’m being micromanaged, I don’t know. I’d better go check with the White House before I answer that question,” he said.  *** But what is the issue with Afghanistan you ask?

KABUL—Adherents of Islamic State this weekend declared their intention to step up operations in Afghan territory where the Taliban have long held sway, raising the prospect of battling jihadist groups and rising terrorism in the region.

In a 16-minute video released over the weekend and viewed by The Wall Street Journal, Afghan and Pakistani militants pledged their allegiance to Islamic State leader Abu Bakr al-Baghdadi and unveiled the movement’s leadership structure in Afghanistan and Pakistan.

“It’s very significant,” said a Western official who has seen the video. “I think they want to say: ‘This is serious—we are here.’ ”

The activity of new extremist groups could complicate efforts by the government of Afghan President Ashraf Ghani to start peace talks with the Taliban insurgency in a bid to end the violence. The groups’ arrival also comes as U.S.-led troops formally ended combat operations in December.

In the video, the Pakistani and Afghan militants publicly reveal the name of their regional leader for the first time: Hafez Sayed Khan Orakzai. Footage shows Mr. Orakzai standing in front of a black-and-white Islamic State banner, flanked by men in black wearing balaclavas and carrying Kalashnikov assault rifles.

The video begins with a procession of men on foot and horseback waving Islamic State flags and ends gruesomely, with the beheading of a man the group says is a Pakistani soldier.

Mr. Orakzai was one of the six commanders of the Pakistani Taliban—formally known as Tehreek-e-Taliban Pakistan—who switched allegiance to Islamic State in October.  Shahidullah Shahid, the Pakistani Taliban’s former spokesman, also appears in the video, delivering introductory remarks to a crowd of militants. Mr. Shahid introduces local commanders who will be responsible for territory located on both sides of the Afghanistan-Pakistan border.

“We are gathered here with commanders from 10 units,” Mr. Shahid says. “They all want to pledge their allegiance to the caliph of all believers, Abu Bakr al-Baghdadi.”

In the video, both Messrs. Shahid and Orakzai speak Arabic, the language of the Quran, instead of their native Pashto.

While the military reach of Islamic State has thus far been limited to parts of Iraq and Syria, the defection of Afghan and Pakistani militants to the group raises fears that a new front line could emerge in South and Central Asia.

The rise of Islamic State could pose a challenge to the Afghan Taliban, a movement loyal to its elusive spiritual leader, Mullah Mohammad Omar, who hasn’t been seen in public since December 2001.

The Taliban movement is fragmented and, in the absence of visible leadership, some of its members have begun to look to Syria and Iraq for guidance and inspiration. A United Nations report released in December noted “a distinct increase in the activities and the visibility” of extremist groups such as Islamic State in 2014, and said that Afghan militants were beginning to defect to the group.

Members of the Afghan Taliban who joined Islamic State include Mawlawi Abdul Rahim Muslim Dost and Mawlavi Abdul Qahir, according to Mr. Shahid and the U.N. Mr. Muslim Dost, who was once imprisoned in the U.S. detention facility at Guantanamo Bay, Cuba, is the most prominent former member of the Afghan Taliban known to have joined the movement. Mr. Qahir, a former Taliban commander, was named a unit commander in the video.

Tensions between the Taliban and groups affiliated with Islamic State in Afghanistan have already turned violent. In the southwestern province of Helmand, local officials and residents say the Taliban are battling militants dressed in Islamic State’s signature black uniforms. The new group of fighters, they say, is led by a former Taliban commander, Mullah Raouf Khadim.

Mohammad Jan Rasoulyar, the deputy governor of Helmand, said the fighting started several days ago in the district of Kajaki, where the government has no control. About 30 fighters, including some women, have moved from Kajaki to the neighboring district of Sangin, according to Abdul Raziq Sarwani, a local police commander in Sangin.

The fighting in Helmand suggests that the Islamic State label could increasingly become attractive to local Taliban commanders disillusioned with their leadership. Two journalists based in Helmand who have spoken to locals in Kajaki said Mr. Khadim set up the new armed group after he was fired by the Taliban leadership.

“He established his own armed group in Kajaki and asked Taliban fighters to join him. He says Mullah Omar isn’t alive anymore, and that if he is alive he should join his own group,” one of the reporters said.

Afghan officials have previously raised the alarm on attempts by Islamic State to seek a foothold in Afghanistan, pointing to propaganda material that had been distributed in parts of Afghanistan.

While new information is adding weight to claims that Islamic State is beginning to have an active presence in the region, an Afghan security official played down the extent of its presence.

“We have some reports that show their interest in Afghanistan, but they have no base here,” the official said.

In this deeply conservative country, extremist ideology still thrives. On Friday, hundreds of men took to the streets in a district in the southern province of Uruzgan in support of the men who carried out the deadly attack on the office of the satirical French magazine Charlie Hebdo, local officials said.

The demonstrators also condemned Mr. Ghani for extending his condolences to the people of France, officials added.

 

 

 

 

CENTCOM Victim of CyberCaliphate

An unknown network of hackers that are sympathizers of Islamic State hacked CENTCOM’s twitter account and the associated YouTube channel.  So far the response is ‘it does not appear to be anything problematic’. Ah what…problematic? The hackers had some success that for sure is problematic and what is more, data breaches of any sort does not provide anyone in America with internet security confidence.

There is a ‘cybercaliphate’ that no one is admitting.

A screenshot shows the U.S. Central Command Twitter account after it was apparently hacked by people claiming to be aligned with Islamic State militants. The account was shortly thereafter suspended.  

A screenshot shows the U.S. Central Command Twitter account after it was apparently hacked by people claiming to be aligned with Islamic State militants. The account was shortly thereafter suspended. Reuters

WASHINGTON—Hackers claiming to be aligned with Islamic State militants took control of the U.S. Central Command’s Twitter and YouTube accounts Monday, posting phone numbers of top military officers and what they said was classified documents.

In the posting, the militants claimed they were working for the Islamic State and a “Cyber Caliphate.”

A Pentagon official said that U.S. Central Command was aware of the hack but had no immediate information about how it occurred.

Officials for a time Monday appeared to be trying to retake control of the Twitter account. Shortly after the first tweets from the hackers appeared, the “Cyber Caliphate” logo and slogan disappeared, replaced by a blue square.

Then shortly after 1 p.m., the Twitter account was labeled as suspended. Moments later, the Central Command’s YouTube account apparently was suspended.

“We can confirm that the U.S. Central Command Twitter and YouTube accounts were compromised earlier today,” said a defense official. “We are taking appropriate measures to address the matter. I have no further information to provide at this time.”

The White House said it was looking into the hack, but had little information and played down the significance of the intrusion.

“There is a significant difference between…a large data breach and the hacking of a Twitter account,” said Josh Earnest, the White House press secretary.

The tweets posted by the hackers included phone number of top military commanders and what the group said were military scenarios for a conflict with North Korea and China.

A senior Pentagon official said the information posted by the hackers on the Twitter account didn’t appear to be highly classified documents.

“It does not appear to be anything problematic,” the official said.

–Felicia Schwartz and Carol E. Lee contributed to this article.

Write to Julian E. Barnes at [email protected]

  • Regular
  • Medium
  • Large
  • Google+
  • LinkedIn
  • Print

WASHINGTON—Hackers claiming to be aligned with Islamic State militants took control of the U.S. Central Command’s Twitter and YouTube accounts Monday, posting phone numbers of top military officers and what they said was classified documents.

In the posting, the militants claimed they were working for the Islamic State and a “Cyber Caliphate.”

A Pentagon official said that U.S. Central Command was aware of the hack but had no immediate information about how it occurred.

Officials for a time Monday appeared to be trying to retake control of the Twitter account. Shortly after the first tweets from the hackers appeared, the “Cyber Caliphate” logo and slogan disappeared, replaced by a blue square.

Then shortly after 1 p.m., the Twitter account was labeled as suspended. Moments later, the Central Command’s YouTube account apparently was suspended.

“We can confirm that the U.S. Central Command Twitter and YouTube accounts were compromised earlier today,” said a defense official. “We are taking appropriate measures to address the matter. I have no further information to provide at this time.”

The White House said it was looking into the hack, but had little information and played down the significance of the intrusion.

“There is a significant difference between…a large data breach and the hacking of a Twitter account,” said Josh Earnest, the White House press secretary.

The tweets posted by the hackers included phone number of top military commanders and what the group said were military scenarios for a conflict with North Korea and China.

A senior Pentagon official said the information posted by the hackers on the Twitter account didn’t appear to be highly classified documents.

“It does not appear to be anything problematic,” the official said.

–Felicia Schwartz and Carol E. Lee contributed to this article.

Write to Julian E. Barnes at [email protected]

Due to Haiti, No White House Run for Hillary

There are countless reasons to keep the Clintons out of the White House in 2017. Many of them are obvious including sex scandals, Benghazi, Travelgate and Hillary’s most recent declaration that we must come to understand the reasons that militant Islamists have for killing, in short be sensitive to their condition. Yeah sure. But let’s take a look at a matter ignored for many years and that is Haiti.

Hillary’s Half-Baked Haiti Project

Caracol Industrial Park is failing to deliver on the promises made to foreign investors and Haitians.

On the fifth anniversary of the 7.0 magnitude earthquake in Port-au-Prince, Haiti remains a poster child for waste, fraud and corruption in the handling of aid. Nowhere is the bureaucratic ineptitude and greed harder to accept than at the 607-acre Caracol Industrial Park, a project launched by former Secretary of State Hillary Clinton with U.S. taxpayer money, under the supervision of her husband Bill and his Clinton Foundation.

Between the State Department and the Inter-American Development Bank (IDB), which hands out grants to very poor countries thanks to U.S. generosity, hundreds of millions of dollars have been spent on this park in an attempt to attract apparel manufacturers. But the park is falling far short of the promises made to provide investors with necessary infrastructure. If things continue this way, frustrated investors will look for greener pastures.

Successful industrial parks are built by people who know the business and who demand accountability. This park was put in the hands of State, the IDB and Bill Clinton. The results have been predictable.

I had been warned about Caracol going to the dogs by sources on the ground in Haiti. So last month I traveled east by truck from Cap Haitien, across the poor rural north of the country to see if the alarm was justified. I found a project in trouble. It can be saved, but only if it is handed over to professionals with skin in the game.

On paper Caracol makes sense. Thanks to special trade legislation passed by the U.S. Congress in Dec. 2006, Haitian-sewn apparel enters the U.S. duty free and the manufacturers can use fabric purchased from anywhere in the world. This gives Haiti a big advantage over apparel exporters to the U.S. who have to source the fabric in the U.S. even if they sew overseas. With lower wages than in many Asian markets and proximity to North America, Haitian-based producers have comparative advantages that might offset the country’s low productivity.

The State Department initially promised that the park would be able to support 65,000 direct jobs by 2020. The Clinton Foundation has made similar statements. That means constructing 40 10,000 square-meter buildings for garment assembly. It won’t happen at the current pace.

The total job-creating capacity since the foundation stone was laid in November 2011 is three assembly buildings and a 10-megawatt power plant. A fourth workshop is under construction but is unlikely to be completed before late spring.

This must be tough to take for the anchor tenant, the Korean manufacturer Sae-A Trading Ltd. It has committed to a $78 million investment at Caracol and currently employs some 4,500 Haitians. It says it wants to hire 20,000. To do so it needs another dozen buildings.

A Dec. 12 IDB press release says the Haitian government is approved for a new $70 million grant to construct, among other things, three new production buildings by 2018 with a goal of providing space for 6,800 workers. Bank officials have to know that putting Haitian government officials in charge of such a project is likely to doom it. But let’s suppose I’m wrong and the buildings go up. The Caracol workforce will then be 11,300—a far cry from the State Department’s estimate of 65,000 direct jobs or even the IBD’s forecast of 40,000.

It’s understandable for the IDB to want to lower expectations. But the target should be higher and it shouldn’t take three years to boost capacity. Craig Miller, president of the Boston-based Waterfield Design Group and a consultant for the Haitian apparel sector, told me that “once the materials are on site, a 10,000 square-meter production workshop can be built in six to eight months.”

Apparel manufacturers in Haiti are hungry for production space but my sources say investors were not given an option to build their own workshops in Caracol. The Clinton planners—Hillary at State and Bill at the Clinton Foundation—wanted to retain that responsibility for reasons that can only be guessed. So now the producers have to wait.

This is tragic for the thousands of Haitians eager to get the sewing jobs. Factory workers earn three times the average income in Haiti’s north. Sae-A produces for a wide number of American labels, such as Target and Wal-Mart, WMT +0.48% Wal-Mart Stores Inc. U.S.: NYSE $89.78 +0.43+0.48% Jan 12, 2015 11:44 am Volume (Delayed 15m) : 1.72M P/E Ratio 18.32 Market Cap $287.99 Billion Dividend Yield 2.14% Rev. per Employee $219,905 01/09/15 Toys “R” Us Holiday Period Sam… 01/08/15 Tesco to Cut Prices, Close Unp… 01/08/15 Stocks to Watch: Family Dollar… More quote details and news » WMT in Your Value Your Change Short position and the American companies regularly dispatch auditors to inspect work conditions. Even without the U.S. Labor Department breathing down its back, Sae-A has incentives to care for workers to retain them and boost productivity. Getting a spot on the assembly line opens the door to economic mobility, and that’s unusual in Haiti.

Haiti has a rare opportunity. Investors want to invest, workers want to work, and consumers want to buy. This seems like a good time for government to get out of the way.

But how did all this begin? 

Bill Clinton’s Shameful Haiti Legacy

He may be playing the hero now, but the ex-president’s trip to Haiti is a reminder of the mess his administration left behind. Bob Shacochis on how Clinton wasted a good invasion.
Like many Haitians and not a few Americans who know the island and its history, I had mixed feelings watching the video of former President Clinton step off a plane on to the tarmac at Toussaint Loverture International Airport in Port-au-Prince on Monday afternoon. Bill Clinton, the Second Coming of Hope. The First Coming, the U.S.-led invasion in 1994 adorned with 20,000 American troops, did not turn out so well. By 1996, when the American military decamped, you’d be hard pressed to find a Haitian on the streets of Port-au-Prince who wasn’t suffering miserably from hope. By 1996, Haitians were scratching their heads in bewilderment, asking themselves Why has America come to save us? Who will save us now? Ten years later, by almost every measure, Haiti was worse off than it was before Clinton had “rescued” it from the illegitimate regime of General Raoul Cedras and his gang of terrorist enforcers, known by the acronym FRAPH.

I had heard the Haitians saying of the U.S. after the American troops went home: “Lave men ou, siye li a te. It looks like you wash your hands and dry them in dirt.”

It’s the proper time, of course, to ask what is the legacy of American foreign policy in Haiti, a beleaguered neighbor that we have invaded and occupied twice in the 20th century, the first time to preempt German influence there during and after World War I, the second time during the early years of the Clinton administration, an 18-month long intervention which I reported on for Harper’s magazine.  

Looking at the images pouring out of Haiti these days, what comes immediately into focus is the near-sighted, irrational nature of what is out of focus in American foreign policy since the Marshall Plan worked its miracles on a shattered planet. I think that we can all agree that Haiti has finally found its bottom, but the descent, lubricated by man-made folly, was not inevitable.

To be sure, Haiti brings out the cynic in me. Perhaps I should express that sentiment with more precision: The United States’ two-faced relationship with Haiti stirs a cynicism within me that I’d rather not claim.

The U.S. Army came ashore in September 1994 locked and loaded to do battle with a military dictatorship composed of a tiny dysfunctional army and roving bands of FRAPH’s homicidal thugs, who threatened to send America’s sons and daughters back home in coffins. Essentially an absurd boast but from a genuine enemy. Colin Powell’s brinkmanship defused the potential for bloodshed on the eve of the invasion, yet the fact remained—our soldiers would be liberating villages, towns, and cities controlled by a terrorist organization that had brutalized the population.

Early on, there were shootouts between U.S. soldiers and FRAPH. Special Forces hunted down FRAPH leadership in the countryside, captured them and shipped the detainees to headquarters in Port-au-Prince, where, to general dismay, they were invariably released. One night, hunkered down with a detachment of Green Berets in the mountains south of Cap Haitien, I listened in alarm to a radio transmission from Col. Mark Boyatt, the overall commander of Special Forces in Haiti, telling his commandos to begin regarding FRAPH as Haiti’s “loyal opposition,” as if the terrorists, overnight, had become Haiti’s equivalent to the Republican Party, rehabilitated patriots eager to remake Haiti into a modern democratic nation.

Months later, when I challenged Colonel Boyatt on this highly counterproductive order to his troops, he clammed up on me. For the next two years, I tried to track down who in the chain of command had told Boyatt to whitewash the terrorist organization FRAPH. The trail finally led to the American Embassy in Port-au-Prince, and then it jumped to the mainland, Sandy Berger, and the White House.

Legacy No. 1: We left the poison in the system. The result: A Haiti rendered ungovernable by our heedless self-interest. The only Devil in Haiti is to be found in the deals we cut with the worst elements in that society. Sound familiar?

On March 31, 1996, the United States handed over Operation Restore Democracy to the United Nations and a peacekeeping force that has been there ever since. Early in the Clinton administration’s intervention in Haiti, the word came down to the boots on the ground from the White House: You have not been deployed to conduct nation-building. The mission turned out to be foolishly attenuated: Restore Haiti’s first democratically elected president, Jean Bertrand Aristide, to the National Palace. Hold elections that will remove the troublesome Aristide from the National Palace. Go home.

Ultimately, the mission ended up profoundly disillusioning not only the Haitians but the American troops as well. Back at Fort Bragg, I asked a Special Forces Master Sergeant if he was glad he went to Haiti. “Tough question,” he said. “No carpenter likes to build a house and see it crooked and leaning and ready to fall down the day he leaves. But if he builds a nice house, he’s happy about it, it’s something he’ll be proud of the rest of his life.”

“You don’t think you have anything to be proud of?” I asked.

“No.”

“That’s sad,” I said.

“It is,” said the Master Sergeant. “It is.”

I told him what I had heard the Haitians saying about the United States after the American troops went home. Lave men ou, siye li a te. It looks like you wash your hands and dry them in dirt.

Legacy No. 2: In Haiti, America wasted a perfectly good occupation. Call our post-earthquake presence there anything you want, but let’s hope it works out better this time around. Good luck, Bill. And remember, merry are the builders.

Bob Shacochis, a professor at Florida State University, is the author of The Immaculate Invasion, a chronicle of the 1994 U.S. intervention in Haiti.

 

 

 

Felony Charges Against General Petraeus?

Prosecutors Said to Seek Felony Charges against Petraeus

CyberWar Vulnerabilities

A Hacker’s Hit List of American Infrastructure

In an 800-page document dump, the U.S. government revealed critical vulnerabilities.

On Friday, December 19, the FBI officially named North Korea as the party responsible for a cyber attack and email theft against Sony Pictures. The Sony hack saw many studio executives’s sensitive and embarrassing emails leaked online. The hackers threatened to attack theaters on the opening day of the offending film, The Interview, and Sony pulled the plug on the movie, effectively censoring a major Hollywood studio. (Sony partially reversed course, allowing the movie to show in 331 independent theaters on Christmas Day, and to be streamed online.)

Technology journalists were quick to point out that, even though the cyber attack could be attributable to a nation-state actor, it wasn’t particularly sophisticated. Ars Technica’s Sean Gallagher likened it to a “software pipe bomb.”

But according to cybersecurity professionals, the Sony hack may be a prelude to a cyber attack on United States infrastructure that could occur in 2015, as a result of a very different, self-inflicted document dump from the Department of Homeland Security in July.

Here’s the background: On July 3, DHS, which plays “key role” in responding to cyber attacks on the nation, replied to a Freedom of Information Act (FOIA) request on a malware attack on Google called “Operation Aurora.”

Unfortunately, as Threatpost writer Dennis Fisher reports, DHS officials made a grave error in their response. DHS released more than 800 pages of documents related not to Operation Aurora but rather the Aurora Project, a 2007 research effort led by Idaho National Laboratory demonstrating how easy it was to hack elements in power and water systems.

Oops.

The Aurora Project exposed a vulnerability common to many electrical generators, water pumps, and other pieces of infrastructure, wherein an attacker remotely opens and closes key circuit breakers, throwing the machine’s rotating parts out of synchronization causing parts of the system to break down.

In 2007, in an effort to cast light on the vulnerability that was common to many electrical components, researchers from Idaho National Lab staged an Aurora attack live on CNN. The video is below.

How widespread is the Aurora vulnerability? In this 2013 article for Power Magazine:

The Aurora vulnerability affects much more than rotating equipment inside power plants. It affects nearly every electricity system worldwide and potentially any rotating equipment—whether it generates power or is essential to an industrial or commercial facility.

The article was written by Michael Swearingen, then manager for regulatory policy for Tri-County Electric Cooperative (now retired), Steven Brunasso, a technology operations manager for a municipal electric utility, Booz Allen Hamilton critical infrastructure specialist Dennis Huber, and Joe Weiss, a managing partner for Applied Control Solutions.

Weiss today is a Defense Department subcontractor working with the Navy’s Mission Assurance Division. His specific focus is fixing Aurora vulnerabilities. He calls DHS’s error “breathtaking.”

The vast majority of the 800 or so pages are of no consequence, says Weiss, but a small number contain information that could be extremely useful to someone looking to perpetrate an attack. “Three of their slides constitute a hit list of critical infrastructure. They tell you by name which [Pacific Gas and Electric] substations you could use to destroy parts of grid. They give the name of all the large pumping stations in California.”

The publicly available documents that DHS released do indeed contain the names and physical locations of specific Pacific Gas and Electric Substations that may be vulnerable to attack.

Defense One shared the documents with Jeffrey Carr, CEO of the cybersecurity firm Taia Global and the author of Inside Cyber Warfare: Mapping the Cyber Underworld. “I’d agree…This release certainly didn’t help make our critical infrastructure any safer and for certain types of attackers, this information could save them some time in their pre-attack planning,” he said.

Perpetrating an Aurora attack is not easy, but it becomes much easier the more knowledge a would-be attacker has on the specific equipment they may want to target.

* * *

In a 2011 paper for the Protective Relay Engineers’ 64th Annual Conference, Mark Zeller, a service provider with Schweitzer Engineering Laborites lays out—broadly—the information an attacker would have to have to execute a successful Aurora attack. “The perpetrator must have knowledge of the local power system, know and understand the power system interconnections, initiate the attack under vulnerable system load and impedance conditions and select a breaker capable of opening and closing quickly enough to operate within the vulnerability window.”

“Assuming the attack is initiated via remote electronic access, the perpetrator needs to understand and violate the electronic media, find a communications link that is not encrypted or is unknown to the operator, ensure no access alarm is sent to the operators, know all passwords, or enter a system that has no authentication.”

That sounds like a lot of hurdles to jump over. But utilities commonly rely on publicly available equipment and common communication protocols (DNP, Modbus, IEC 60870-5-103,IEC 61850, Telnet, QUIC4/QUIN, and Cooper 2179) to handle links between different parts their systems. It makes equipment easier to run, maintain, repair and replace. But in that convenience lies vulnerability.

In their Power Magazine article, the authors point out that “compromising any of these protocols would allow the malicious party to control these systems outside utility operations.”

Defense One reached out to DHS to ask them if they saw any risk in the accidental document dump. A DHS official wrote back with this response: “As part of a recent Freedom of Information Act (FOIA) request related to Operation Aurora, the Department of Homeland Security (DHS) National Programs and Protection Directorate provided several previously released documents to the requestor. It appears that those documents may not have been specifically what the requestor was seeking; however, the documents were thoroughly reviewed for sensitive or classified information prior to their release to ensure that critical infrastructure security would not be compromised.”

Weiss calls the response “nonsense.”

The risk posed by DHS accidental document release may be large, as Weiss argues, or nonexistent, as DHS would have you believe. But even if it’s the latter, Aurora vulnerabilities remain a key concern.

Perry Pederson, who was the director of Control Systems Security Program at DHS in 2007 when the Aurora vulnerability was first exposed, said as much in a blog post in July after the vulnerability was discovered. He doesn’t lay blame at the feet of DHS. But his words echo those of Weiss in their urgency.

“Fast forward to 2014. What have we learned about the protection of critical cyber-physical assets? Based on various open source media reports in just the first half of 2014, we don’t seem to be learning how to defend at the same rate as others are learning to breach.”

* * *

In many ways the Aurora vulnerability is a much harder problem to defend against than the Sony hack, simply because there is no obvious incentive for any utility operator to take any of the relatively simple costs necessary to defend against it. And they are simple. Weiss says that a commonly available device installed on vulnerable equipment could effectively solve the problem, making it impossible to make the moving parts spin out of synchronization. There are two devices on the market iGR-933 rotating equipment isolation device (REID) and an SEL 751A, that purport to shield equipment from “out-of-phase” states.

To his knowledge, Weiss says, Pacific Gas and Electric has not installed any of them anywhere, even though the Defense Department will actually give them away to utility companies that want them, simply because DOD has an interest in making sure that bases don’t have to rely on backup power and water in the event of a blackout. “DOD bought several of the iGR-933, they bought them to give them away to utilities with critical substations,” Weiss said. “Even though DOD was trying to give them away, they couldn’t give them to any of the utilities because any facility they put them in would become a ‘critical facility’ and the facility would be open to NERCCIP audits.”

Aurora is not a zero-day vulnerability, an attack that exploits an entirely new vector giving the victim “zero days” to figure out a patch. The problem is that there is no way to know that they are being implemented until someone, North Korea or someone else, chooses to exploit them.

Can North Korea pull of an Aurora vulnerability? Weiss says yes. “North Korea and Iran and are capable of doing things like this.”

Would such an attack constitute an act of cyber war? The answer is maybe. Speaking to reporters at the Pentagon on Friday, Pentagon Press Secretary Rear Adm. John Kirby said “I’m also not able to lay out in any specificity for you what would be or wouldn’t be an act of war in the cyber domain. It’s not like there’s a demarcation line that exists in some sort of fixed space on what is or isn’t. The cyber domain remains challenging, it remains very fluid. Part of the reason why it’s such a challenging domain for us is because there aren’t internationally accepted norms and protocols. And that’s something that we here in the Defense Department have been arguing for.”

Peter Singer, in conversation with Jason Koebler at Motherboard, says that the bar for actual military engagement against North Korea is a lot higher than hacking a major Hollywood movie studio.

“We didn’t go to war with North Korea when they murdered American soldiers in the 1970s with axes. We didn’t go to war with North Korea when they fired missiles over our allies. We didn’t go to war with North Korea when one of their ships torpedoed an alliance partner and killed some of their sailors. You’re going to tell me we’re now going to go to war because a Sony exec described Angelina Jolie as a diva? It’s not happening.”

Obama said Friday that there would be some sort of response to the hack, but declined to say what. “We have been working up a range of options. They will be presented to me. I will make a decision on those based on what I believe is proportional and appropriate to the nature of this crime,” he said.

Would infrastructure vandalism causing blackouts and water shutdowns constitute an act of war? The question may be moot. Before the United States can consider what sort of response is appropriate to cyber attacks, it must first be able to attribute them.

The FBI was able to finger North Korea for the hack after looking at the malware in the same way a forensics team looks for signs of a perpetrator at the scene of the crime. “Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” according to the FBI statement. (Attribution has emerged as a point of contention in technology circles, with many experts suggesting that an inside hack job was more likely.)

An Aurora vulnerability attack, conversely, leaves no fingerprints except perhaps a single IP address. Unlike the Sony hack, it doesn’t require specially written malware to be uploaded into a system—malware that could indicate the identity of the attacker, or at least his or her affiliation. Exploiting an Aurora attack is simply a matter of gaining access, remotely, possibly because equipment is still running on factory-installed passwords, and then turning off and on a switch.

“You’re using the substations against whatever’s connected to them. Aurora uses the substations as the attack vector. This is the electric grid being the attack vector,” said Weiss, who calls it “a very, very insidious” attack.

The degree to which we are safe from that eventuality depends entirely on how well utility companies have put in place safeguards. We may know the answer to that question in 2015.