Home

Blog

SPEEDY Shows Up

Tuesday, May 10 2005

At 15:01:31 GMT (8:01:31 PDT) another computer, SPEEDY.pnl.gov, showed up on my blog.  The user did a google search for blog huffman and clicked viewed the blog posting Blogs mentioning Boomershoot.

At 15:02:31 SPEEDY clicked on the link to the home page of my blog.

At 15:05:46 SPEEDY viewed the posting Boomershoot pictures and video from Jason M.

At 15:06:32 SPEEDY clicked on the link to my personal web site www.joehuffman.org.

At 15:07:30 SPEEDY viewed the blog archives for the month of May 2005.

At 15:07:39 SPEEDY viewed the blog archives for the month of April 2005.

At 15:08:26 SPEEDY viewed the blog posting I should just go to bed.

At 15:08:56 SPEEDY clicked on the link for the post category Home life.

At 15:09:03 SPEEDY viewed the blog posting Busy, busy day and it's not over yet.

At 15:09:11 SPEEDY viewed the blog posting It's a good thing I'm not superstitious.

At 15:09:26 SPEEDY clicked on the link for the post category Technology.

At 15:09:29 SPEEDY viewed the blog posting What I'm working on and why (which I deleted off from blog on May 18 even though news about this project is openly available on the I3P website).

At 15:09:49 SPEEDY viewed the blog posting Internet access anywhere.

At 15:10:08 SPEEDY viewed the Image Galleries on my blog. He was confronted with the following title and thumbnail pictures:

Joe and Barb

Random pictures of Joe and sometimes Barb

At 15:10:11 SPEEDY, as with previous investigators, showed the most interest in the one with me wearing a holster and gun on my hip and clicked on the center picture.

At 15:10:17 SPEEDY clicked on the left hand thumbnail picture.

At 15:10:21 SPEEDY clicked on the right hand thumbnail picture.

At 15:10:35 SPEEDY went back to my personal web site and clicked on the link to my webpage for Project Fireball.

At 15:11:18 SPEEDY clicked on the link to the WMV compilation: windows only.

At 15:15:33 SPEEDY clicked on the link to the January 2005 archives.

At 15:16:07 SPEEDY again clicked on the link to the January 2005 archives.

At 15:16:21 SPEEDY after doing a google search for site:blog.joehuffman.org clearance viewed the blog posting National ID card is on its way.  As it stands this post is modified, as explained here, from it's original form.

At 15:17:17 SPEEDY clicked on the link to the home page of my blog.

At 15:17:46 SPEEDY after doing a google search for site:blog.joehuffman.org site:blog.joehuffman.org classified (yes, the site restriction was duplicated) viewed the blog posting which has now been deleted but is reproduced below:

National security and secrecy

Bruce Schneier has a post up today about the balance between security and secrecy.  Often you are more secure by being less secretive.  He links to this testimony before Congress which, indeed, is excellent testimony.  At first I had my doubts about his position.  Often times when people claim some bit of information isn't useful or important it's simply because they lack imagination or skills to utilize that information.  And so I can imagine that when people say something like only 10% of classification is for legitimate protection of secrets they just didn't understand how all that information could be utilized to cause the U.S. harm.  But as I read on a bigger picture began to emerge.  Openness with information enables distributed processing.  Rather than just a few “experts” having access to critical data you have thousands or perhaps millions of people with access.  They might not be the “best and the brightest expert“ with a government approved need to know but they may be in the right place at the right time to recognize that some tidbit of data only they have will connect two sections of “the jigsaw puzzle”.  Sort of like distributed processing using ordinary computers can accomplish great things that if done using single task computers would be too expensive.  Another example would be presence of weapons in the hands of private citizens.  On the average they aren't as well trained in the use of weapons as Federal Air Marshals or perhaps (this point is debatable) even the FBI and local law enforcement.  But the distribution of power to a wider section of the population means that there is a greater chance some means of defense against attack will be available and readily deployed rather than waiting and hoping for the “experts“ to arrive in time to save you.

My personal experience with classified data has been that I could understand why the classified information I had access to was classified.  It made perfect sense to me.  There wasn't really any over classification of stuff.  But perhaps it was because I dealt with different types of data.  Stuff we know about our enemies that we don't want them to know that we know.  Or tools we use that if discovered would allow them to defeat them.  Or maybe it's just because I looking for justification for the decisions that had already been made.  I do know that when I write up something which might be classified (making my handling of it much more difficult) I play a little game.  I do my best to write it in such a way that it isn't classified.  This is much to the consternation of the person doing the classification.  I remember one document that no paragraph was considered classified (they have to mark things classified/unclassified on a paragraph by paragraph basis).  Yet the paper, taken as a whole, was obviously very sensitive information.  They ended up classifying one paragraph and I had to place the entire document in the safe, in the locked room, in the specially locked area of the building.  But I made them earn their pay for causing me the extra hassles of dealing with that paper as classified.  And someday they may end up having to justify classifying that one paragraph which, on it's own, doesn't qualify for classification.

More thought is needed on this topic and I'll be looking at the classified material I handle with a much more critical eye than before.

At 15:19:04 SPEEDY, using the previous google search, again viewed the blog posting What I'm working on and why which I deleted on May 18, 2005..

At 15:19:41 SPEEDY, using the previous google search, viewed the blog posting Airplane security.

At 15:20:48 SPEEDY, using the previous google search, viewed the following blog posting which I deleted on May 18, 2005.

Some of the work I do

Nearly all of the work I do has at least some classified component.  There is one project that doesn't.  This article describes some of the problems I'm helping to fix.

Hundreds of times a day, hackers try to slip past cyber-security into the computer network of Constellation Energy Group Inc., a Baltimore power company with customers around the country.

...

Patrick H. Wood III, the chairman of the Federal Energy Regulatory Commission, warned top electric company officials in a private meeting in January that they need to focus more heavily on cyber-security. Wood also has raised the issue at several public appearances. Officials will not say whether new intelligence points to a potential terrorist strike, but Wood stepped up his campaign after officials at the Energy Department's Idaho National Laboratory showed him how a skilled hacker could cause serious problems.

Wood declined to comment on specifics of what he saw. But an official at the lab, Ken Watts, said the simulation showed how someone could hack into a utility's Internet-based business management system, then into a system that controls utility operations. Once inside, lab workers simulated cutting off the supply of oil to a turbine generating electricity and destroying the equipment.

Describing his reaction to the demonstration, Wood said: "I wished I'd had a diaper on."

Also Bruce Schneier has a post today about SCADA (System Control and Data Acquisition) security.  SCADA is a broad term for technology that is used for things like electrical power generation and distribution, to sewage treatment plants, to water distribution, to chemical plants.  There are some security holes that need to be plugged and there are lots of people working on the problem.  The problems are not technically all that tough.  More difficult is the making the business case for upgrading the exsiting systems.  And how do you measure the benefits and risks of making the system more secure (or not)?

At 15:21:18 SPEEDY, using the previous google search, viewed the blog posting Name that bullet.

At 15:21:34 SPEEDY, using the previoius google search, viewed the blog posting below which I deleted on May 18, 2005.

More impact from the Los Alamos screw up

On Tuesday I metioned the Los Alamos mess caused a minor impact on me.  Another hit just occurred from the same screw up.

Secretary of Energy Spencer Abraham today ordered that all Department of Energy (DOE) operations using such controlled removable electronic media (CREM) as classified hard drives or computer discs conduct an immediate stand-down to improve procedures for protecting such media.

PNNL, where I workd, is a DOE laboratory.  This “stand-down“ doesn't directly affect me at this time.  It could have and it still might.  But the internal email say that our earlier activities were in preparation for this sort of thing and we should be back up and running at full speed by Monday morning.

At 15:21:50 SPEEDY, using the previous google search, viewed the blog posting National Security Issues.

At 15:22:09 SPEEDY, using the previous google search, viewed the blog posting What did you do today ... for freedom?

At 15:22:33 SPEEDY, using the previous google search, viewed the blog posting I just invited 'the enemy' to Boomershoot 2005.

At 15:22:36 SPEEDY clicked on the link to the home page of my blog from the previous viewed post.

At 15:24:05 SPEEDY clicked on the link to Syndication.

At 15:24:19 SPEEDY clicked on the link to the post category Home Life.

At 15:57:26 PUCK returned to the blog home page.

At 21:06:12 WD31448 viewed the home page on my personal web site www.joehuffman.org

At 21:06:24 WD31448 viewed the home page on my Boomershoot.org website.

At 21:06:44 WD31448 viewed the Links page on Boomershoot.org.

At 22:03:26 SPEEDY came to the home page of my personal web site www.joehuffman.org by clicking a link on an old personal website of mine for which I don't have web logs.

At 22:03:30 SPEEDY clicked on the link to the web page Jury Duty.

At 22:04:28 SPEEDY clicked on the link to the web page Weapons on Passenger Planes.

At 22:05:13 SPEEDY clicked on the link to my blog.

At 22:17:00 SPEEDY clicked on the link to Contact on my blog.

At 22:20:57 SPEEDY clicked on the link to the April 2005 archives for my blog.

At 22:25:23 SPEEDY viewed the blog posting Home life update (Kim mostly--what else?).

At 22:27:54 SPEEDY viewed the blog posting Airport security is still a joke.

At 23:07:27 PUCK went to the home page of my blog.

At 23:08:23 PUCK again went to the home page of my blog.

There were no further contacts from PNNL investigators this day.