Wednesday, December 23, 2015

A Brief History of the Internet in Northern Virginia

Earlier today I happened to see a short piece from the Bloomberg Businessweek "The Year Ahead: 2016" issue, titled The Best Places to Build Data Centers. The text said the following:

Cloud leaders including, Microsoft, Google, IBM, and upstart DigitalOcean are spending tens of billions of dollars to construct massive data centers around the world. Microsoft alone puts its total bill at $15 billion. There are two main reasons for the expansion: First, the companies have to set up more servers near the biggest centers of Internet traffic growth. Second, they increasingly have to wrestle with national data-privacy laws and customer preferences, either by storing data in a user’s home country, or, in some cases, avoiding doing just that.

The article featured several maps, including the one at left. It notes data centers in "Virginia" because "the Beltway has massive data needs." That may be true, but it does not do justice to the history of the Internet in Northern Virginia (NoVA), nor does it explain why there are so many data centers in NoVA. I want to briefly note why there is so much more to this story.

In brief, there are so many data centers in NoVA because, 25 years or so ago, early Internet companies located in the area and also decided to connect their networks in NoVA. Key players included America Online (AOL), which built its headquarters in Loudoun County in the early 1990s. About the same time, in 1992, Internet pioneers from several local companies decided to connect their networks and build what became known as MAE-East. A year later, the National Science Foundation awarded a contract designating MAE-East as one of four Network Access Points. Later in the 1990s Equinix arrived and contributed to the growth in data center and network connectivity that continues through the present.

Essentially, NoVA demonstrated real-life "network effects" -- with networks cross-connecting to each other in Ashburn and Loudoun County, it made sense for new players to gain access to those connections. Companies built data centers there because the network connections offered the best performance for their customers. The "Beltway" and its "massive data needs" were not the reason.

If you would like to know more, I recommend reading Andrew Blum's book Tubes: A Journey to the Center of the Internet. Yes, Blum is referring to those "tubes," which he investigates via in-person visits to notable Internet locations and refreshing historical research. Along the way, Blum charts the growth of NoVA as an Internet hub, in some ways, "the" Internet hub.

Thursday, December 10, 2015

Domain Creep? Maybe Not.

I just read a very interesting article by Sydney Freedberg titled DoD CIO Says Spectrum May Become Warfighting Domain. That basically summarizes what you need to know, but here's a bit more from the article:

Pentagon officials are drafting new policy that would officially recognize the electromagnetic spectrum as a “domain” of warfare, joining land, sea, air, space, and cyberspace, Breaking Defense has learned. 

The designation would mark the biggest shift in Defense Department doctrine since cyberspace became a domain in 2006. With jamming, spoofing, radio, and radar all covered under the new concept, it could potentially bring new funding and clear focus to an area long afflicted by shortfalls and stovepipes.

The new electromagnetic spectrum domain would be separate from cyberspace, although there’s considerable overlap between the two... 

But the consensus among officials and experts seems to be that the electromagnetic spectrum world — long divided between electronic warriors and spectrum managers — is so technologically complex and bureaucratically fragmented by itself it must be considered its own domain, without trying to conflate it with cyberspace.

My initial reaction to this move is mixed. History and definitions provide some perspective.

One of the big differences between the civilian and military views of "cyberspace" has been, prior to this story, the military's more expansive view.

The formerly classified National Military Strategy for Cyberspace Operations, published in 2006, defined cyberspace as

A domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. (emphasis added)

The NMS-CO in a sense embedded cyberspace within EMS. That document also signaled DoD's formal recognition of cyberspace as a domain. By associating EMS with cyberspace, DoD thought of cyberspace in larger terms than civilian counterparts. In addition to activities involving computers, now cyberspace theoretically incorporated electronic warfare and other purely military functions with little or no relationship with civilian activities.

Army Doctrine Reference Publication No. 3-0 published in 2012 introduced the term "cyber electromagnetic activities" (CEMA). It defined CEMA as

Activities leveraged to seize, retain, and exploit an advantage over adversaries and enemies in both 
cyberspace and the electromagnetic spectrum, while simultaneously denying and degrading adversary and enemy use of the same and protecting the mission command system. Cyber electromagnetic activities consist of cyberspace operations, electronic warfare, and electromagnetic spectrum operations.

This Army publication separates cyberspace and EMS, and created "CEMA" as an umbrella over both.

The more recent  Joint Publication 3-12R, published in 2013, drops explicit mention of the EM spectrum. It defines cyberspace as

A global domain within the information environment consisting of the interdependent networks of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

With the definitions and their evolution out of the way, consider what it means for cyberspace to be separate from EMS.

In my opinion, cyberspace has always been more about the content, and less the infrastructure. In other words, it's the information that matters, not necessarily the containers. I first appreciated this distinction when I was stationed at Air Intelligence Agency, where we helped publish Air Force Doctrine Document 2-5: Information Operations in August 1998. Page 3 states

The Air Force believes information operations include actions taken to gain, exploit, defend, or attack [GEDA] information and information systems. (emphasis added)

*Note that document doesn't use the term "cyber" very much. When describing information warfare, it states

Information warfare involves such diverse activities as psychological operations, military deception, electronic warfare, both physical and information (“cyber”) attack, and a variety of defensive activities and programs.

In any case, the "GEDA" concept stuck with me all these years. I think the focus on the information, rather than the infrastructure, is conceptually useful. Consider: would there be "cyberspace" if it contained no information? The answer might be yes, but would anyone care to use it? It's the information that makes "cyberspace" what it is, I believe.

In this sense, separating the physical aspect of EMS seems to make sense. However, what does that mean for other physical aspects of manipulating information? EMS seems most tangible when considering radio and other radio frequency (RF) topics. How does that concept apply to cables or servers or other devices? Are they part of EMS? Do they "stay" with "cyberspace"?

Finally, I am a little worried that a reason from creating EMS as a sixth domain could be because it is " technologically complex and bureaucratically fragmented," as described in the article excerpt. "Creating" a military domain should not be done to solve problems of complexity or bureaucracy. Domains should be used as constructs to improve the clarity of thinking around warfighting, at least in the military world.

Addendum: When reading Joint Publication 3-13: Information Operations for this post, I saw the following figure:

It is one way to show that DoD considers Information Operations to be a much larger concept than you might consider. IO is often neglected in the "cyber" discussions, but with the ideas concerning EMS, IO might be hot again.

Saturday, December 05, 2015

Not So Fast! Boyd OODA Looping Is More Than Speed

The name "John Boyd" and the term "OODA Loop" are probably familiar to many of the readers of this blog. I've mentioned one or the other in 2006, 2007, 2009 (twice), and 2014. Boyd was a fighter pilot in the Korean war and revolutionized thinking on topics like fighter design and military strategy. His OODA loop -- an acronym for Observe, Orient, Decide, Act -- is the contribution that escaped from the military sphere into other fields of thought. In a world that has finally realized prevention eventually fails, the need for a different strategy is being appreciated.

I've noticed an increasing number of vendors invoke Boyd and his OODA loop as an answer. Unfortunately, they fixate on the idea of "speed." They believe that victory over an adversary results from operating one's OODA loop faster than an opponent. In short, if we do something faster than the adversary, we win and they lose. While there is some value to this approach, it is not representative of Boyd's thought and misses key elements of his contribution.

Before continuing I'd like to mention a recent talk on OODA within the security community that didn't fall into the "speed rules" trap. At the last Security Onion conference, Martin Holste presented Security Event Data in the OODA Loop Model. His spoken remarks reflected the issues I raise in this post, and for a hint in his Prezi material you see statements like "At higher levels, OODA speed is less important than accurate mental models." I was glad to see Martin avoid the speed trap in his talk!

The best reference for gaining a deep appreciation for Boyd's strategic thought is the book Science, Strategy and War: The Strategic Theory of John Boyd by Frans P.B. Osinga. I have the Kindle and paperback editions. The Kindle version is readable, but you may have trouble with some of the tables and figures.

The following is a selection of quotes from the book, re-ordered, highlighted, and lightly edited to capture the author's message on properly appreciating Boyd and OODA.

[T]he common view that the OODA loop model, interpreted as an argument that victory goes to the side that can decide most efficiently, falls short of the mark in capturing the meaning and breadth of Boyd’s work...

The first misconception about the OODA loop concerns the element of speed. The rapid OODA looping idea suggests a focus on speed of decision making, and ‘out-looping’ the opponent by going through consecutive OODA cycles faster. This is not incorrect, indeed, Boyd frequently suggested as much, [however]...

Whereas rapid OODA looping is often equated with superior speed in decision making, Boyd employs the OODA loop model to show how organisms evolve and adapt.

[U]ncertainty as the key problem organisms and organizations have to surmount...

One may react very fast to unfolding events, but if one is constantly surprised nevertheless, apparently one has not been able to turn the findings of repeated observations and actions into a better appreciation of the opponent, i.e. one has not learned but instead has continued to operate on existing orientation patterns...

[T]he abstract aim of Boyd’s method is to render the enemy powerless by denying him the time to mentally cope with the rapidly unfolding, and naturally uncertain, circumstances of war, and only in the most simplified way, or at the tactical level, can this be equated with the narrow, rapid OODA loop idea...

This points to the major overarching theme throughout Boyd’s work: the capability to evolve, to adapt, to learn, and deny such capability to the enemy...

It is not absolute speed that counts; it is the relative tempo or a variety in rhythm that counts. Changing OODA speed becomes part of denying a pattern to be recognized...

The way to play the game of interaction and isolation is [for our side] to spontaneously generate new mental images that match up with an unfolding world of uncertainty and change...

In order to avoid predictability and ensuring adaptability to a variety of challenges, it is essential [for our side] to have a repertoire of orientation patterns and the ability to select the correct one according to the situation at hand while denying the opponent the latter capability...

[In Boyd's words, one should] "operate inside [an] adversary’s observation-orientation-decision-action loops to enmesh [the] adversary in a world of uncertainty, doubt, mistrust, confusion, disorder, fear, panic, chaos . . . and/or fold adversary back inside himself so that he cannot cope with events/efforts as they unfold...

[We should ask ourselves] how do we want our posture to appear to an adversary, i.e., what kind of mental picture do we want to generate in his mind?

Designing one’s defense on this basis is obviously quite a departure [from current methods].

My take on these points is the following: Boyd's OODA loop is more about affecting the adversary than it is about one's own operations. Our side should take actions to target the adversary's OODA loop such that his cycle becomes slower than ours, due to the adversary's difficulty in properly matching his mental images of the world with what is actually happening in the world. On our side, we want to be flexible and nurture a variety of mental images that better match what is happening in the world, which will enable more efficient OODA loops.

In brief, the OODA concept has a speed component, but it is much more about coping with perceptions of reality, on the part of the adversary and ourselves. This approach can be used offensively and defensively.

What might this look like in the security world? That is worth one or more future posts.

If you'd like to learn more, in addition to Osinga's book I recommend reading Boyd: The Fighter Pilot Who Changed the Art of War by Robert Coram and listening to the Pattern of Conflict videos on YouTube. All 14 parts occupy about 6 1/2 hours. I recommend extracting them to audio format and listening to them on a long drive or flight. I listened to them driving to and from the aforementioned Security Onion conference. There is really no substitute to listening to the master at work. It brings the books to life when you have Boyd's voice and mannerisms playing in your mind.