Namespaces, Search, Network Gestures And The American Soft-White Cyber-Underbelly
On the drive home from Boston's Logan Airport after 7 hours of red-eye flying back from Mashup Camp in Silicon Valley, National Public Radio's Here & Now aired Robin Young's interview of Larry Wortzel, chair of the U.S.-China Economic and Security Review Commission, about China's alleged acts of cyberwarfare against the United States. What Wortzel said, right on the heels of what I heard O'Reilly Media founder and CEO Tim O'Reill
On the drive home from Boston's Logan Airport after 7 hours of red-eye flying back from Mashup Camp in Silicon Valley, National Public Radio's Here & Now aired Robin Young's interview of Larry Wortzel, chair of the U.S.-China Economic and Security Review Commission, about China's alleged acts of cyberwarfare against the United States. What Wortzel said, right on the heels of what I heard O'Reilly Media founder and CEO Tim O'Reilly say about namespaces and search during his Mashup Camp keynote was enough to keep me awake and thinking for the 50-minute drive home.During his keynote, O'Reilly spoke of the historical role and rising importance of namespaces as though they were the currency of future success on the Net. He might be right because success has a way of following namespaces in most of the places they turn up. For example, the Internet's Domain Name System (DNS). There have been plenty of successful namespaces since the DNS. But, as far as the current crop of social networks are concerned (for which namespaces should be child's play), O'Reilly contrasted Twitter's success with Facebook's failure.
Unlike with Twitter, if Facebook has a public-facing namespace, the public doesn't know about it. If you know someone's user name on Twitter (I'm dberlind), then you know how to find them on Twitter (eg: twitter.com/dberlind). The syntax for directly accessing one's Twitter page from within a Twitter post (aka a "tweet") is simple. For dberlind, it's @dberlind (an example in one of Tim O'Reilly's tweets here). In either case, finding or referring to me within Twitter is relatively easy.
Themes within Twitter are almost just as easy to locate. Twitter takes the folksonomic tags that are common to most social networks, prefixes them with a hash sign (#), calls them "hashtags," and then from within Twitter Search (but strangely, nowhere else within the Twitter domain), automatically links those hashtags to a search of all posts that contain them (the hashtags, that is). It's yet another Twitter namespace that helps people find things within the Twitter domain. There it is again: the link between search and namespaces.
On the other hand, knowing my Facebook ID ("dberlind" again) won't do you a lot of good. You can't find me with it nor is there a commonly accepted syntax for referring to me from within your own Facebook pages (let alone outside of them).
O'Reilly recently announced a new conference called Found and namespaces will no doubt play some role in that event's content. Namespaces and finding stuff are inextricably linked. Although I use namespaces to find stuff almost every day, I never really stopped to think about it until O'Reilly mentioned it and then again when I heard the NPR report on cyberwarfare.
Another important point O'Reilly made had to do with Google's success and how its founders Larry Page and Sergey Brin recognized the meaning of a click (ultimately leading to the page ranks). In fact, beyond clicks, the network is full of meaningful gestures and data that are worth more to someone than their face value.
Like, maybe the Chinese.
In her NPR interview of Wortzel, Robin Young asked what a Chinese military strategist meant when he said that the United States' dependencies on space assets and information technology are America's "soft ribs." While I pictured Muhammed Ali collapsing the ribs of Joe Frazier in the Thrilla' in Manila, Wortzel responded:
The United States is so dependent on satellites and electronic communication for command and control ...and comptuers systems... that if you can disable those, you'll really limit the ability of our military leaders to direct forces. You also limit the ability of forces to coordinate with each other.
If that doesn't make you gulp, what he said next might:
They are targeting defense related production and R&D information. They're targeting defense contractors. They're targeting U.S. military manuals. They have shut down bureaus of the Department of State and the Department of Commerce, electronic communication and e-mail at the Navy War College and the Defense Intelligence Agency at times....
...It's a massive intelligence gathering apparatus that is also mapping the critical nodes in the way we communicate and in our infrastructure so that if it ever came to a conflict, they would know what nodes to attack.....
...The 10 most prominent U.S. defense contractors, including Raytheon, Lockheed Martin, Boeing, and Northrop Grumman, were victims of cyberespionage through penetrations of their unclassified networks.
By now, it's a safe bet that the "massive intelligence gathering apparatus" Wortzel speaks of isn't just "photocopying" what it finds. Some of the node-mapping Wortzel mentioned undoubtedly involves an extraction and understanding of other meaningful gestures that the people who run those networks aren't even aware of. Much the same way Google knows things about our domains that we have no clue about, the Chinese may actually know more about our defense networks than we do.
One reason is that, like Google, the Chinese have some idea of what they're looking for and how to find it. The people whose job it is to protect those networks have no idea what the Chinese are looking for which makes it that much more difficult get ahead of the transgressors.
If that's not bad enough, let's put this in the context of namespaces. Sure, Twitter, Flickr, and other social networks have namespaces. But if you're the Chinese poking around America's defense networks, "mapping nodes" as Wortzel says, then you'd be dumb not to invent a namespace or two of your own: ones that transcend the great many defense-related domains, aggregating related functionality and content under unique identifiers.
Let's put this in the context of Twitter. Today, if a Twitter user wants to repeat a tweet (what's known as "retweeting"), the commonly accepted convention is to prefix that retweet (RT) with something like "RT @dberlind" where @dberlind, as described earlier, is a namespace handle. It's not a command but it could be (and actually should be ... a post for a different day).
So, after all that crawling, discovering, mapping, and understanding of meaningful gestures that the Chinese are developing of our defense-related networks and content, imagine a command like the following that relies on a Chinese-developed cross-domain namespace:
and the damage it could do.
The really scary thing is that Wortzel's recommended remedy was to encrypt everything. It's sort of like saying a click means nothing to Google if the document behind the link is encrypted. Maybe I'm paranoid. But, after hearing that, it's no wonder I was able to stay awake after the red-eye (and long enough to write this).
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.