Muffett’s Personal Opinion on the Cyber Volunteer Force

A friend of mine asked me about the UK’s mooted Cybersecurity “volunteer” force; this is approximately how I responded:

The Cyber-Force thing is simultaneously scary, tragic and amusing; Iain Lobban – Director of GCHQ – has been heard to lament that they cannot afford to pay for geeks:

www.techweekeurope.co.uk/news/news-security/gchq-boss-complains-of-cyber-brain-drain-34212

…that essentially they can’t compete with private sector industry for salaries and conditions.

The truth is a little more complex and a little less clear-cut than that.

From my modest experience of the demographic – dating from around 1994 to the present day – the UK defence establishment has subsisted by chewing-up public spirited geeks who were willing to trade shitty pay for unfireable job-security and an index-linked civil service pension from age ~55ish, thence to buy a cottage in Cornwall, or Provence or something.

The unfireable pension opportunity has now evaporated and DERA (the Defence Evaluation and Research Agency) which provided the hinterland of geeks for GCHQ was largely privatised as Qinetiq – significant numbers have left that – plus computing is now sexy again, so suddenly a lot of the UK’s core security expertise is going into private hands.

You know my perspective on “cyber”[1] – that it is a framing of the debate to launder:

  • interception/monitoring/snooping
  • filtering/blocking/censorship
  • public relations/propaganda, and …
  • expansion of state regulation opportunity

…as a necessary new military activity in a new “domain” – the domain of “communications” – which they call “cyber” because calling it communications would be too obviously unmilitary for people to bear.

Not to mention that honesty would sound too “Orwellian”.

However the good manpower is now off earning loadsamoney with either:

  1. “Big Data”, or…
  2. “Silicon Roundabout Startups” – which are sacrosanct because they may save the economy and the DTI is currently behind them.

…and therefore GCHQ are calling for volunteer cyberwarrior do-gooders.

If in one scenario this is not terrifying to normal people then it bloody well ought to be, if only for the example of “LOVEINT” at the NSA:

news.cnet.com/8301-13578_3-57605051-38/nsa-offers-details-on-loveint-thats-spying-on-lovers-exes/

…because if the best-funded cyberagency in the world has significant spy-on-your-ex-lover issues, what the hell will happen when you let loose a bunch of volunteers on the spook-internal databases of the UK?

There would be rather more “snoop on your mate’s ex-girlfriend” than “Edward Snowden” activity, to be sure.

But let’s instead imagine that GCHQ are not fools and that the volunteers are kept at a discreet arm’s length from the datacentre at Cheltenham; what then? Will you have a bunch of volunteers going around to BNFL and setting up firewalls for nuclear power stations? Or trying to hack into the National Grid? I think they’re already equipped.

What will they be doing, and will they actually be any good at it? And whom will they be depriving of a paid job in the interim? Answers: they won’t be sure, not terribly, and possibly themselves.

I’ve spoken with a competition winner from the GCHQ “UK Cyber Champion” contest and it seems that even if they really like you as a person, the public sector does not have the culture to employ creative, individualistic, modern computer people.

So I think they are in trouble; and you can’t justify the budgets if you can’t get the staff.

If I was to suggest a way out for GCHQ and the Government it would be to stop fretting about process so much, stop throwing money at the big defence contractors and instead engage directly with smaller parties in the private sector.

But that will never happen on the scale which it needs to. Alas.


[1] my perspective on cyber: www.slideshare.net/alecmuffett/how-to-think-clearly-about-cybersecurity-v2

The cost of UK Cybercrime was not £27bn – Hansard

Told you so…

Chi Onwurah (Newcastle upon Tyne Central, Labour)

Let us look at cyber-statistics. In answer to my parliamentary question, the Minister put the cost of cybercrime at £27 billion, but that turns out to be a 2010 “guestimate” from defence company Detica. The National Audit Office misused Cambridge university figures, managing to confuse pounds with dollars. We all know that online crime is rising, but the Government rely on outdated third-party figures. Is he surprised that the public do not trust the Government’s efforts to fight cybercrime, given that they clearly cannot even measure it?

Source; also, the Cabinet Office are throwing it under a bus:

I am writing to advise you that following a search of our paper and electronic records, I have established that the information you requested is not held by the Cabinet Office.

The £27 billion per annum figure is not our figure but comes from a BAE Systems/Detica report. We do not hold any information about how this figure was arrived at.

End days for Cyberfear?

Have logged this with @Jawbone about a bug with Big Jambox; let’s see what they do.

Hi Guys!

I am running a software-updated 11-inch, Mid 2011 MacBook Air and using my Big Jambox. For reference I am a Unix system programmer and developer with 25 years of experience, so if you want to talk to me using quite long technical words, I am very happy.

Long story short: I have paired and re-paired, software updated, and connected-via-USB-and-wiped-all-the-pairings-and-again-paired my Big Jambox with my Macbook Air, and yet STILL it refuses to play sound from my Mac whilst the Sound Preferences are set to STEREO “Bluetooth Headphones” (my emphasis) – but it is really well behaved and plays well as non-stereo Bluetooth Headphones… except it just sounds like crap.

So, to recap:

1) I go to System Preferences > Sound, while paired.

2) If I select “Alec M Jambox .. Bluetooth Headphones” => okay but low rez mono audio

3) If I select “Alec M Jambox Stereo .. Bluetooth Headphones” => does not work at all, no audio, silence. Makes a depressing “bloop” noise when I select it, then silence. Selecting back to non-stereo and it start playing again immediately.

Syslog says this when I switch it to Stereo mode:

Sep 13 21:11:06 mistral.local coreaudiod[147] : Enabled automatic stack shots because audio IO is inactive
Sep 13 21:11:06 mistral kernel[0] : REQUIRE_NO_ERR_GOTO_ACTION failure: 0xe00002c0 – file: /SourceCache/IOBluetoothFamily_kexts/IOBluetoothFamily-4140.4.2/Core/Family/Drivers/IOBluetoothSCOAudioDriver/IOBluetoothSCOAudioEngine.cpp:550
— last message repeated 1 time —
Sep 13 21:11:08 mistral.local coreaudiod[147] : Disabled automatic stack shots because audio IO is active

…at which point it goes silent. When I switch it back to mono audio playback I get this:

Sep 13 21:11:59 mistral.local coreaudiod[147] : Enabled automatic stack shots because audio IO is inactive
Sep 13 21:11:59 mistral.local coreaudiod[147] : Disabled automatic stack shots because audio IO is active
Sep 13 21:11:59 mistral kernel[0] : [AppleBluetoothHCIControllerUSBTransport][HandleIsochData] — Error: 0xE000400F (kIOUSBMessagePortWasNotSuspended)
Sep 13 21:11:59 mistral kernel[0] : E:[AppleBluetoothHCIControllerUSBTransport][AppleBluetoothHCIControllerUSBTransport::HandleIsochData] error 0xe000400f (kIOUSBMessagePortWasNotSuspended) — Isoch In pipe

….and then it springs into lo-fi life.

It’s deeply vexing not to be able to use the Big Jambox over bluetooth properly. I am, I repeat, running the latest 10.8 OSX patches, and have run Disk Utility permissions-checking to ensure nothing is untoward in /dev. Looks like a driver issue to me.

Any idea how I can fix this, please?

I am still trying to work out what happened to the Guardian’s followup Clegg article

So Googling for the relevant phrase yields this:

Screen Shot 2013-08-25 at 13.29.09

 

Mousing over the “Nick Clegg queries…” link at the top yields the link illustrated at the bottom; but when you click through to Nicholas Watt’s article it does not use the word “intent” or any other of the relevant text. I am trying to establish whether the matching search text comes from the original article or somehow from comments, or similar, on Watt’s posting.

Or, it may too have been edited.  But silently. Not sure yet.

Apparently the Deputy PM thinks Anti-Terrorism Legislation is fairly used to retrieve/destroy classified data #Miranda

Interesting. Nick Clegg’s recent (friday evening) posting in the Guardian has been amended, saying:

This article was amended at 21.05 BST for legal reasons

Why would that be? Well a blogger notes:

Really, I don’t think I need say any more than point this out; and if the comment has been culled “for legal reasons”, all the more reason to highlight what was formerly said and presumably thought, I feel…

See also Reddit and just google the phrase to watch for a cascade of edits in other forums.