Ged Carroll

Category: security | 保衛 | 정보 보안 | 情報セキュリティー

According to Wikipedia security can be defined:

Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social groups, objects and institutions, ecosystems or any other entity or phenomenon vulnerable to unwanted change. Security mostly refers to protection from hostile forces, but it has a wide range of other senses: for example, as the absence of harm (e.g. freedom from want); as the presence of an essential good (e.g. food security); as resilience against potential damage or harm (e.g. secure foundations); as secrecy (e.g. a secure telephone line); as containment (e.g. a secure room or cell); and as a state of mind (e.g. emotional security).

Back when I started writing this blog, hacking was something that was done against ‘the man’, usually as a political statement. Now breaches are part of organised crime’s day to day operations. The Chinese government so thoroughly hacked Nortel that all its intellectual property was stolen along with commercial secrets like bids and client lists. The result was the firm went bankrupt. Russian ransomware shuts down hospitals across Ireland. North Korean government sanctioned hackers robbed 50 million dollars from the central bank of Bangladesh and laundered it in association with Chinese organised crime.

Now it has spilled into the real world with Chinese covert actions, Russian contractors in the developing world and hybrid warfare being waged across central Europe and the middle east.

  • Hidden Hand by Clive Hamilton & Mareike Ohlberg

    Hidden Hand is written by two academics. Clive Hamilton is an Australian academic, who is currently professor of public ethics at Charles Sturt University in Canberra. Mareike Ohlberg is a senior fellow in the Asia Programme of the German Marshall Fund. Prior to that she worked for the German think tank; the Mercator Institute of China Studies.

    Hidden Hand by Clive Hamilton and Mareike Ohlberg
    Hidden Hand by Hamilton & Ohlberg (US hardback edition)

    Hidden Hand interest piqued

    Both of them are seasoned China watchers. China is a popular subject and Hidden Hand would have just gone into my Amazon wishlist but for the 48 Group Club. The 48 Group Club is a British China-orientated association that fosters cultural and social ties. It had threatened legal action over content that they alleged was incorrect or defamatory. My interest in Hidden Hand was piqued.

    So What’s it like?

    Hamilton and Ohlberg have pulled together an account of China’s relationships with various elites in countries around the world and intergovernmental bodies such as WHO. Having kept an eye on China for over a decade, little of the content was new for me.

    What I found was new, was the the way it is woven together in a cohesive pattern of activity in the Hidden Hand. A sustained, pervasive bid for global influence on a scale that most people couldn’t imagine. And those that could imagine would likely be thought of as excessively paranoid.

    One thing that immediately comes across is the depth of research that the Hidden Hand contains. The index and bibliography are a big chunk of the book. The facts come thick and fast, but delivered in a dispassionate manner.

    The reframe

    This book wouldn’t be as well received if it had been published 12 months ago. A split between Wall Street and manufacturing company CEOs, COVID and the steady drip of diplomatic clashes that China has had with western countries have reframed the view for Hidden Hand. Now you have an audience that is more receptive. They are more willing to take an objective, critical analysis of China rather than give them the benefit of the doubt like an errant teenager.

    Missing answers

    Hidden Hand tries to come up with starting points for answers. Holding elites accountable. Engaging members of the Chinese diaspora. Taking a multilateral stand. All of which are hard to do. There are changes happening to espionage related laws in the UK. The EU is taking a more policy-based approach and Trump administration officials have talked about US CEOs as being unregistered foreign agents. This is a long term battle, something that will go for decades.

    The Wall Street CEOs will be hunkering down; hoping to out wait Trump. In Europe and the UK, the root and branch work required to inoculate their countries are not yet underway.

    The final missing piece is understanding the first generation Chinese diaspora. In particular the way the communist party has successfully grafted itself into the very centre of what it means to be Chinese. And then thinking carefully about how to decouple that idea. It’s happened already in places like Taiwan (and young Hong Kongers), yet many first generation diaspora and older Chinese Malaysians are wedded to the idea.

    I think that would take a lot more research. China must be doing some things right in order to get that level of belief. But there was obviously a problem with the opportunities that China offered. Otherwise why would they come to the West? It must have offered more advantages; how are they opportunities highlighted and put in conflict with the belief in party/ Understanding this will then help the work on protecting the liberal democratic system from infiltration, subversion and exploitation.

    An example of that might come from Singapore, which managed to forge a distinct Singaporean identity, whilst still holding the best bits of cultural background. Though there are risks in trying to replicate the Singapore process. More China related content here and more book reviews here.

  • Science, Strategy and War by Frans P.B. Osinga

    Science, Strategy and War isn’t a book that would have normally made it on to my reading list, but we’re living in strange times. The book is an analysis of the history and strategic theory created over time by John Boyd.

    Boyd’s thinking led to the development of post-Vietnam, pre-stealth fighter aircraft that dominated the world’s skies. Boyd employed his experience and the insight that a ‘Swiss Army knife’ approach seldom provided an adequate design solution. A lesson that the US failed to learn when it created the F-35.

    Boyd was also responsible for creating the ideas that encouraged the US to move war into the IT space. Boyd’s thinking on strategy has shaped military thinking on tools, structure, integration and responsibility. What military-types call network-centric warfare. This seeks to translate an information advantage, enabled in part by information technology, into a competitive advantage.

    We saw the potential of this thinking in the first Gulf War when sensors, missiles and satellite imagery changed the face of modern warfare. What was less appreciated at the time by commentators is that this form of warfare was uniquely aided by Iraq’s flat terrain; which aided remote sensors and wireless networks. But the network-centric aspect really came into its own with William Owens’ paper on the system-of-systems which was emerging as the military followed Boyd’s approach.

    Ok, whilst there is some crossover with technology concepts such as Kevin Kelly’s ‘mirrorworld‘; where AR knits together networked information with location this is all pretty arcane stuff.

    Boyd breaks out of military circles

    John Boyd is particularly famous for a model called OODA which has broken out from its military origins. Probably the most high profile fan at the moment is Dominic Cummings – the special advisor to Boris Johnson and political activist.

    Cummings has talked about Boyd in terms of disruption and marketing of his political messages – through getting inside their OODA loop.

    Boyd’s ideas have also been picked up by sports coaches and even litigation teams in the US.

    OODA

    OODA or observe–orient–decide–act, is often described as a ‘loop’ and shown that way. However this deceives the audience of its true nature. As Osinga correctly points out; observe and orient are continual flows of information that feed into the decide and act functions. Strategists talk about ‘getting inside the enemies OODA loop’; that is disrupting their intelligence, understanding of their situational awareness and ability to act.

    Osinga’s critique of Boyd

    In Science, Strategy and War, Osinga sets out to do achieve a number of things with regards John Boyd’s ideas.

    First of all Osinga provides context, by providing a history of Boyd’s career in military service and as a retired service member and academic. Osinga brings a great deal of understanding to this part of the book as he also served in an air force and is an academic.

    John Boyd Climbing out of F-86 Cockpit, circa 1953
    John Boyd standing up in the cockpit of the F-86 Sabre that he few during his military service.

    Secondly, he explains how Boyd developed and honed his ideas over time. Boyd’s OODA model was borne out of empirical experience as a combat pilot. It was first used to change fighter pilots about engaging with the enemy. Use of it then expanded to encompass bigger strategic outlooks.

    Boyd read widely and had a deep understanding fo scientific principles due to his engineering background. He applied meta analysis to the great strategies and military campaigns of history and the literature describing them. He drew on his understanding of science to try and provide analogies for the many areas of uncertainty in implementing a strategy. He drew on the social sciences and concepts like post-modernism.

    Whilst Boyd was technical; Science, Strategy and War makes it clear that he wasn’t technocratic in nature. Boyd was keenly aware of human factors including the different aspect of moral power. I think that this one of the least understood aspects of Boyd’s thinking.

    I don’t think that Osinga’s book is essential reading for marketing. It was never meant to be. Instead, it provides a good insight into how many of our thinkers operate only at the surface level without truly understanding the concepts they talk about. Boyd was not a surface player, he thought deeply about things and read widely. In that respect I think he can be an example to us all. Osinga did a really good job at bringing this to light in an accessible way.

    More on strategy here, more strategy related book reviews here.

  • Dual circulation strategy + more

    China’s inward-facing ‘dual circulation’ strategy leaves many wondering where domestic demand will come from | South China Morning Post – dual circulation faces an uphill struggle. some structural issues. Finances in China are designed to benefit the state and the uber rich. China’s Gini co-efficient shows an astonishing gap between rich and poor. COVID-19 has meant that Chinese consumers have even less money to spend. This means that the domestic demand aspect of the dual circulation strategy won’t work as desired. More on China here.

    Forget TikTok. China’s Powerhouse App Is WeChat. – The New York TimesIt has even extended Beijing’s reach beyond its borders. When secret police issue threats abroad, they often do so on WeChat. When military researchers working undercover in the United States needed to talk to China’s embassies, they used WeChat, according to court documents. The party coordinates via WeChat with members studying overseas – I loved the descriptor of WeChat as a super filter bubble. I am continually surprised by how nationalistic Chinese friends have become over my nine years using WeChat

    Jaron Lanier Thinks Things May Have Gotten Better, or Facebook ‘Might Have Won Already’ – Slashdot – interesting takeouts from an interview with GQ. This wouldn’t have made GQ five years ago, which goes to show how online privacy has become more important to the general public

    The True Story of Lee Kuan Yew’s Singapore | Palladium Magazine 

    The User Always Loses | Hacker News – fascinating Silicon Valley discussion on user-hostile companies

    How Did the Internet Get So Bad? | The Nation“Search strings used to be phrased like ingredients: ‘revolution AND french OR russian NOT american,’” McNeil writes. But in the past two decades, the language and tone of our search queries have become more baroque and confessional. “When I search for information now, I feel like I should add ‘please’ and ‘thank you’ to every request. There is no way around it, talking to the Google search bar like a human generates more relevant results.” This feels anecdotally true; I’ve certainly gotten into the habit of phrasing my searches, as McNeil notes, along the lines of “‘how do i download a printer driver for mac’ rather than ‘download printer driver mac.’” – one of my biggest frustrations is the lack of depth that ‘human language’ search allows versus the previous use of boolean terms

    ‘Is PR structurally ageist? Sadly, I think it is’ – PR leaders respond to Mark Read’s comments on age | PR Weekwhen the realisation you’re old hits you in PR, you have six options. You can set up your own shop (if you haven’t already). You can go in-house for breadth. You can run an agency (or help someone run theirs). You can become a functional ‘guru’ (a strategist, for example). You can fully embrace freelance consulting. Or you can go full side hustle and open a gin still

    Apple Watch Podcasts App Found to Falsely Inflate Listener Numbers – MacRumors – interesting, I wonder if this will change as we go ‘post-smartphone’?

    TikTok ads have pushed scams about apps, diet pills, other products, report says – CNET – to be fair most of Facebook and Instagram ads sourced from Chinese merchants and drop-shippers are just as bad. Given the continued export focus of China’s dual circulation strategy I can’t see TikTok changing this at all

    SoftBank unmasked as ‘Nasdaq whale’ that stoked tech rally | Financial Times – this almost sounds like a desperate gambler

    The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy – Electrek – but what happens if its the GRU, the MSS or North Korea who find the next hack?

    ‘The Man in the White Suit’: What Will We Do When We’ve Nothing to Make? — Jim Carroll’s BlogShould science pursue innovation that improves people’s lives regardless of the impact it may have on industry and employment? How do we deal with the concentration of capital that results from such disruptive change? How do we accommodate the workers who have lost their jobs? What will we do when we’ve nothing to make?

    WePresent | Mong Tong are an ambient psychedelic group from Taipei – Taiwanese krautrock?

    Harrods’s bold new bet: Suburbia | Vogue Business – in Essex and Milton Keynes. Surprised at this, I would have thought branches in Singapore and Berlin would make more sense?

    Dive action hero: meet the new Rolex Submariner | Financial Times – still the cleanest design of dive watch. The 70-hour power reserve is impressive

    Hong Kong cardinal warns priests to ‘watch your language’ in homilies – Catholic HeraldThe priest, who asked not to be named because of concerns he could be prosecuted under the National Security Law, told CNA on Tuesday that many local Catholics were dismayed by Cardinal Tong’s actions. “The youth of the Church is for democracy, they simply are,” he told CNA. “They are looking for leadership, and I doubt you would find any Catholic under 35 here who is not angry and does not see the chancery as siding with the people tear-gassing them in the streets.”

    A TALE OF TWO NIKE ADS: MARKETING’S UNHEALTHY OBSESSION WITH “INSPIRATION” – BBH LabsGenerally speaking, ordinary folks are just much more chilled out than marketers. They are far less preoccupied with their careers, their personal fitness, keeping up with technology and looking at social media. They look for good deals and use coupons and loyalty programs but they are less likely to consult “expert opinion” before a purchase. They are much more interested in books and literature than they are in business. They are unashamed about their love of television. In fact they just love to be entertained.

    ‘We May Be Losing The Race’ For AI With China: Bob Work – US defence establishment think that they may be losing the race for AI with China.

  • Ageism + more things

    Ageism row: WPP CEO Mark Read apologises on Twitter | More About Advertising – interesting to see how this debate about ageism in marketing services has gathered steam. I was at Paul Armstrong’s conference TBD where it was talked about as an ‘unspoken issue’ and now Mark Read seems to have elevated it inadvertently. The concept of digital natives is becoming less tenable in general.

    Although it is unspoken in Read’s interview and apology I think this strikes down a number of fault lines that advertising is trying to address. Digital is an analogue for performance media marketing and television an analogue for brand building. I believe that the pendulum is swaying slightly more in favour of brand marketing than it had been in recent years. I also believe that digital advertising platforms haven’t done that good a job in setting out their case for roll in brand building activities; but have instead tried to put old ‘performance marketing’ wine in brand marketing bottles. I suspect that the evidence of ageism cited is as much about the relentless cost-cutting of marketing combines as anything else

    About — Yahoo Creative Dept. – interesting that they’re touting their wares to all comers, rather than being purely focused on inhouse work. And no exclamation mark on Yahoo! in the meta data either. Yahoo! is the company a Yahoo is someone who works (or has worked) for Yahoo! More Yahoo!-related content here.

    [outages] Level3 (globally?) impacted (IPv4 only) – fascinating to read, I wonder what caused it?

    ByteDance’s Global Chief Security Officer Says That The Chinese Government Cannot Get Hold Of TikTok Users Data Since its Servers Are Based In The United States / Digital Information World – interesting but not completely truthful. Even Huawei admitted that

    “Article 77 of the State Security Law sets out an obligation on organisations and individuals to provide assistance with work relating to State Security”.

    Sophie Batas, director for cybersecurity and data privacy at Huawei Europe

    And if you want an idea of what state security means, have a careful read of the Law of the People’s Republic of China on Safeguarding National Security in the Hong Kong Special Administrative Region as an example. It is vague, expansive and extra-territorial in nature.

    China Tightens Tech Export Rules Amid TikTok Talks – WSJ – interesting tech that China wants to keep at home….

    Saudi Arabia’s women gamers want to be taken seriously – Rest of World – a young, rapidly growing population – it makes sense that Saudi Arabia could become an e-sports powerhouse

    Google, Facebook Dump Hong Kong Cable After U.S. Security Alarm – Bloomberg – potentially huge given Hong Kong’s position in terms of international finance where high speed networks are key. Another thing to watch is the ratio is if the ratio of population to Cisco certified engineers starts to drop in Hong Kong which could be a real possibility with the departure of data centre occupants like Facebook, Amazon Web Services, Google etc… No cloud services again make international finance difficult.

  • Epic Games + more things

    Why Epic isn’t an innocent victim in the Fortnite battle with Apple, and why it deserves a loss today – BGR – interesting argument that goes against the popular media narrative. I wonder why Epic haven’t gone after console makers as well? Not all gamers might get the fact that Epic has created this crisis fully knowing it would breach the contract, fully knowing what Apple’s responses could be, and full knowing that Apple will call its bluff. That’s why it had all those lawsuits on hand and the viral commercial. Whether it expected Apple to go for the nuclear option, that’s debatable, but the same email chain above proves that Apple’s response was swift. From the moment Epic released the update, Apple let the company know that it’s risking losing access to its developer tools, which can hinder app development for games based on the Unreal engine that Epic licenses to other game makers.  The same response also details another dishonest behavior from Epic that shouldn’t be ignored. Epic took advantage of Apple’s developer tools to quietly push an update to the App Store that turned on an IAP payment functionality that Apple would never approve. Epic has been cheating, and that’s a company that’s supposedly working for other developers. That’s a company that other developers should trust when dealing with a hypothetical Epic App Store inside the App Store that would be governed by Epic’s own rules

    Vietnamese tech firm sues TikTok, alleging copyright infringement – Reuters – VNG are a highly creative outfit. They do great games, their messenger platform has done well despite Vietnam allowing access to WhatsApp and Facebook. They had some challenges over IP over five years ago and have since built up their own stable of recording artists

    Chinese-Made Smartphones Are Secretly Stealing Money From People Around The Worldhow cheap Chinese smartphones take advantage of the world’s poorest people. Current security concerns about Chinese apps and hardware have largely focused on potential back doors in Huawei’s 5G equipment. More recently, people have focused on how user data collected by TikTok could be abused by the company and the Chinese government. But an overlooked and ongoing threat is the consistent presence of malware on cheap smartphones from Chinese manufacturers and how it exacts a digital tax on people with low incomes

    Why are prices so damn high by Eric Hellend – health, education and the Baumol cost disease

    Jack Ma’s Ant Group Produces $3.5 Billion Profit in Six Months as IPO Looms – WSJ – one thing to remember is how Ma unilaterally bilked Yahoo! shareholders out of Ant Financial when Carole Bartz was CEO. Probably not a good investment for a foreigner in China

    ‘The new definition of luxury’: Highsnobiety unpacks how the landscape of high-end fashion has tilted toward accessibility – DigidayCarvalho said that through the recent research Highsnobiety performed, his team has learned that younger shoppers don’t care about exclusivity in luxury like previous generations did. Instead, they want accessibility. And for the most part, the designer brands that have successfully attracted a younger audience no longer have closed shop doors that only allow in certain clientele.  “Accessibility doesn’t mean that every consumer will have the means to purchase a product, but the doors are open for them,” he said. “The hope is that down the line” this 16- or 17-year-old will become a paying customer of the brand.” More luxury segment content and analysis here

    Frasers Group announces deal for DW Sports | RTE – buying into gyms and fitness studio business

    First, private equity holds us to ransom. Now it wants us to bail out its losses | Private equity | The GuardianIts excessive debts, once the route to fortunes and, it would say, “business discipline”, are crushing it. On top, the commercial property market no longer looks a one-way bet. It wants its vast mortgage debt guaranteed by the government, even though the interest charges drive the underlying companies into operating losses – but this has been apparent way before COVID. Private equity in these sectors has been like an unpleasant game of pass the parcel

    Chick-Fil-A Fires Employee for a Menu Hack Video That Went Viral on TikTok | Inc.com – the article points out the various different reasons why Chck-Fil-A is wrong. I get it, the challenge for businesses like this are:

    • The businesses provide a consistent experience – like McDonalds that’s their thing. This means very hierarchical structures.
    • Finally restaurants tend to make money on controlling the margins tightly, doing the right thing here would be going against pretty much every trait that makes them successful all of the time

    Imagination in China lab RISC-V deal | EETimes Europe – RISC-V is often overlooked as a platform but is has great potential