Goodreads Profile

All my book reviews and profile can be found here.

Sunday, August 01, 2021

Review: Shadow Strike: Inside Israel's Secret Mission to Eliminate Syrian Nuclear Power Kindle Edition by Yaakov Katz


A common definition of insanity is to do the same thing over and over while expecting different results each time. That is a good definition of Israeli-Arab relations.  Katz, enamored of the Israeli armed forces, writes hagiographically about the Israeli strike on the Syrian nuclear plant in 2007.  Justification for this act of war was the assumption that a nuclear power plant -- Israel has several in addition to nuclear weapons -- could only be used to create the material for nuclear weapons, the presence of which Israel assumed could only be an existential threat to their country. **


There is an assumption that some countries act responsibly when it comes to nuclear weapons and others are not. Israel, while never admitting publicly it has nuclear weapons, clearly does, yet cannot seem to understand why that knowledge would not encourage hostile neighbors to want the same. Another assumption is that democracies will always act more sensibly than authoritarian governments. Recent events in the United States reveal just how fragile that assumption is. It's an assumption Plato warned about a millennia ago when he foresaw the seeds of its own destruction built into democratic governments.


Israel has determined (at least the more recent governments) that countries in the Middle East will not (except for itself) be permitted to have nuclear weapons nor nuclear power plants that might be used to create the seeds of a nuclear weapons program. They see it as an existential threat. Then again, they see almost everything they don't like as an existential threat.


From his extensive interviews with the decision-makers, advisers and planners — American and Israeli — Katz, the editor-in-chief of the Jerusalem Post, has written a gripping story of the Sept. 6, 2007 destruction of a secret, nearly completed al-Kabar nuclear reactor in Syria. knowledge of which was confirmed only in March of 2018. The Syrian strike at al-Kabar was not the first time the Israelis felt compelled to act. On June 7, 1981, the IAF destroyed a nuclear reactor in Osirak, Iraq, which was, at the time, a nation ruled by Saddam Hussein, another dictator willing to use chemical weapons.


A fascinating portion of the book is devoted to the discussions within the Bush administration on the proper response to the intelligence that had been shared by Israel about the construction of a reactor in Syria. It was the hawks (Cheney et al) v diplomats (Rice eta al.) each with valid concerns and suspecting different outcomes. What was the possibility of a wider war? What would be the reaction of the Russians? Would this help or hurt the Iranians? Was the intelligence legitimate. It was an example of how government should work, but often doesn't.


Cheney, ever the hawk and advocate of preemptive strikes, whatever the issue, was alone in thinking the U.S. should bomb the site. Everyone else in the Cabinet thought otherwise.  The Iraq war, begun on faulty intelligence, was not going well and the feeling was that each administration gets just one war; trying to conduct two would lead to disaster. A more nuanced role proposed by a few was that the facility should be destroyed, but better that Israel should do the bombing.  It would reinforce the view that Israel had rebounded from the Lebanese debacle and help issue a warning that Israel could handle its own affairs and protection and was not the minor stepchild of the U.S.


The author claims at the end of the book that it was less about the strike than decision-making. That's certainly true.  But what a messy process, indeed, influenced less by reality than perceptions, ideology, religion, and politics.


**It was just learned that Syria fired a missile that landed perilously close to an Israeli nuclear plant in April 2021.  Israeli responded with a retaliatory strike.  Agence France has reported that Israel is suspected to have between 100 and 200 nuclear weapons.


Thursday, July 15, 2021

Review: This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth

 Putin loves his hackers, comparing them to artists who feel great in the morning and immediately start work on some new masterpiece. He told them, feel free to hack away, just anywhere except the homeland, and if your hacks coincide with Russian goals, well so much the better.

 They went at it with a vengeance in 2014 and Ukraine became a testing ground for election interference, disinformation campaigns, interference and destruction of infrastructure, and cast doubt on the election process.  There was little Ukraine could do to retaliate, given it history and geographic dependence on Russia. The hackers were wildly successful and our 2016 campaign reflected many of their techniques. The Mueller report has laid out exactly how they went about it.


One interesting chapter examines the market for zero-day exploits, how it works and how it has changed from companies suing hackers who find bugs, to actively soliciting and paying for bugs and especially the zero-day exploits. ( A zero-day exploit is a vulnerability that has yet to be discovered and patched, making it extremely valuable for anyone with malicious intent. The Stuxnet worm created by the U.S. and Israel to destroy the Iranian centrifuges used several.) Paying for the bugs meant a rise in prices, from mere hundreds of dollars to many thousands and countries found themselves competing against bad actors, other countries, and companies for the zero-day exploits.


The Stuxnet exploit  is discussed in more detail than I had read before. Of particular interest were the policy determinations and the effect of the Iraq war on those decisions. Deaths of American soldiers in Iraq ere at their highest level when the Israelis, wanting to repeat their successful attack on the Syrian nuclear reactor strike (see ShadowStrike) insisted they wanted the U.S. to bomb the Iranian facility. Bush couldn't afford such a provocative action, one the military's war games revealed would result in WW III.  So he authorized the unique and first-ever cyber strike to result in physical destruction of an opponent's infrastructure.  It used an unheard-of seven zero-day exploits, and the preparation was boosted by an Iranian intelligence error of Trumpian proportions when the Iranian leader bragged to the press about the facility and gave them a tour, allowing pictures, of their centrifuges.  This gave the Stuxnet planners all the information they needed about the brand and type of centrifuges being used allowing them to target those directly with the Stuxnet malware. The Israelis were kept informed and must have assisted because Bush could not have them operating unilaterally.

Stuxnet showed the world the power and destructiveness of the cyber-world,  and soon the value of zero-day exploits exploded as smaller countries and those without a large military realized that with little expense they could equal the United States and China in offensive capability. The attack on Saudi Arabia's oil network** that destroyed thousands of their computers and disrupted oil networks, used some of the same code the U.S. had utilized in an attack a few months prior and was clearly retaliation for that attack. The hackers got in through an email someone in ARAMCO had opened.


One of the mantras I try to inculcate in my students is to NEVER click on a link in an email.  If you have reason to believe it might be valid, go to the web site and investigate there, never via a link in an email. The Russian hack of the DNC email resulted in a typo error. Podesta got an email purportedly from gmail claiming he needed to reset his password.  He ran it by their IT guy who meant to write back that the link was IL-legitimate but left off the initial IL.  What the IT guy should have insisted on besides noting it was illegitimate was to hammer away at the danger of clicking on email links. So Podesta, thinking it was legit, click on it and gave the Russian hackers instant access to the DNC's emails.


The chapter on how the WannaCry ransomware was unleashed on the world and its origin is alone worth the price of the book. The role of the NSA in hiding its zero-day exploits rather than alerting Microsoft so they could be patched was highlighted by Brad Smith, Microsoft's CEO, in an essay. "We have seen vulnerabilities stored by the CIA show up on Wikileaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."  Ironically, the ransomware, garnered little in the way of financial rewards for the North Korean malefactors, but it caused billions in damage to computers around the world, especially because the originators had not built in a workable way to pay the ransom. In another travesty, the teenager who discovered a built-in kill switch to the malware, was arrested by the FBI for hacking! (see the Wikipaedia article for more information.)


An important book.  I recommend reading it along with Cyberspies by Gordon Corera.

Monday, June 28, 2021

Interesting analysis of electric cars and energy use.


From your Digest

Let's do the math.

The US burned 133 billion gallons gasoline in 2012. I'm going to ignore diesel vehicles because the majority of diesel burned in the US is in heavy vehicles where battery-electric drivetrains are not a practical option.
How much gasoline does the United States consume?

The average thermal energy content in gasoline is 33.41 KWh/gallon.
Gasoline gallon equivalent

This gives 4,443 TWh of thermal power going to gasoline road vehicles in the US per year. If we assume electric vehicles use energy with 4x the efficiency of gasoline vehicles (a reasonable round number) then it would take 1,111 TWh of electrical energy to replace that gasoline energy.

US electricity consumption in 2011 was 3882 TWh.
International Energy Statistics

So the increase in yearly electricity demand would be ~29%.

Now let's look at what this does to CO2 emissions.

Each gallon of gasoline contains 8,887 grams of CO2.
Calculations and References

So the CO2 reduction from avoided gasoline consumption (assuming demand does not rise elsewhere to compensate) would be 1182 million tonnes CO2 per year. But this is the gross figure before increased electricity use is considered.

If we assume the extra electricity comes from the existing mix of non-base-load sources (as nighttime charging likely would), the CO2 emission per KWh of electricity is 689 grams of CO2.
Calculations and References

Electric Vehicles: Myths vs. Reality

So the total increase in CO2 emissions from increased electricity consumption would be 765 million tonnes Co2 per year. Thus the net CO2 emission reduction would be 417 million tonnes.

Total US CO2 emitted in 2012 was 6,526 million tonnes.
U.S. Greenhouse Gas Inventory Report

So the net decrease in national CO2 emissions would be ~6.4%.

[Update: Graham Katz pointed out that I've neglected the CO2 emissions from refining, which is a valid point. Gasoline's share of US refinery emissions is ~130 million tonnes, which increases the CO2 reduction from ~6.4% to ~8.4%. There are many other factors which can be included in the analysis that will increase or decrease both cost and emissions, and for the sake of brevity, I'm ignoring those. A full accounting would take hundreds of pages.]

Now let's look at cost.

The average US car costs $25,000.
Passenger vehicles in the United States

Electric cars -- pre-subsidy -- are running around $40,000. Now, this will come down with scale. But the "average" $25k car price today also includes many heavy vehicles and diesel-burners that skew up the average price. Small gasoline vehicles that are good candidates for replacement with EVs are cheaper -- perhaps $20k average. So at today's costs, EVs cost $20k more than equivalent gasoline vehicles. But let's be conservative and call it $30k for an economy-of-scale electric vehicle. This means $10k marginal cost over gasoline for a good round number.

So there's two cost cases to consider here. Switching all cars instantly, versus merely replacing all old vehicles with electric cars.

  • For the extreme "instant" switch, around 150,000,000 vehicles have to be replaced immediately, and gasoline cars lose all value. That would cost $4.5 trillion.
  • For the "gradual" switch, where gasoline vehicles are run until the end of their useful life, you only need to consider the marginal increase in cost over a business-as-usual case. So the cost would be $1.5 trillion.

I think these are fairly conservative numbers. Reality would probably be somewhere between the two.

Taking the $1.5 trillion figure, that gives us an effective cost of CO2 reduction of ~$3600 per tonne CO2 per year. Amortized over 30 year vehicle life (which I think is extremely optimistic in the US) that gives $120/tonne CO2 avoided. This is quite expensive.

To be fair, EVs also have long-term savings in fuel cost but the rest of the math is very conservative so I don't feel bad about neglecting this. Decrease the expected vehicle life to a more realistic number (considering battery longevity), or retire gasoline vehicles more aggressively, and the net $/tonne CO2 number will come out about the same.

I'm sticking with $120/tonne -- I think it is a reasonable estimate. You're welcome to disagree in the comments if you have a better number.

Current industry estimates put the cost of coal power plant carbon capture & sequestration (CCS) at ~$80/tonne CO2 captured. Then that CO2 has an economic value of ~$40/tonne for enhanced oil recovery. So the net economic cost of CCS is ~$40/tonne. (These numbers may not scale linearly, but neither do the marginal electricity and CCS costs. It arguably washes out.)
Journal of Petroleum Technology February 2014 Page 46

Which means electric vehicles are a pretty crummy way to reduce CO2 emissions, given the current US power mix. You can do three times as much good per dollar by fitting coal plants with carbon capture systems. Not to mention even better alternatives like replacing coal plants altogether with nuclear, wind, or combined-cycle gas plants. Mass rollout of electric vehicles is only worthwhile in tandem with massive increases in renewables generation. Perhaps in the future we'll get there. But today's generation market trends do not support that assumption for the next several decades.
U.S. Energy Information Administration (EIA)

Thursday, June 17, 2021

Review: Cyberspies by Gordon Corera

 One of the most overlooked parts of the Muller report is the detailed information the FBI, et al., collected on Russian interference in the 2016 election. They determined the names and location of the GRU officers and cyberspies who conducted the operation, what they did and how they did it. It was an extraordinary piece of sleuthing. (See Sandworm by Andy Greenberg for more details.)  Cyberspies places all this in historical context.
This book has something for everyone: history, spying, and interesting characters. While he argues that "hacking" using technology has a long history dating back millennia, he chose to begin with the cutting of German cables on the ocean floor during WW I. Leaping-frogging rather quickly he then begins with the use of computers (people, those who computed) and especially Flowers and Turing who respectively understood the larger picture and how "valves" (vacuum tubes in American) could be used binarily to process data. Along the way, he tries to answer questions of what cyber spying is, how such developed and its impact in today’s world politically, economically, and in the intelligence communities. An ambitious goal indeed.i.e.
There are two key components to the world of spies: attribution, i.e. can you trace back a decision or instruction to its source; and integrity, the accuracy of the data, for getting just one component of a message wrong could mean sending a missile to the wrong target. Scrambling a message so it can't be read by the unauthorized is an inherent part of spycraft and technology has made all of that both easier and more difficult at the same time.   “Few outside the intelligence world understand the extent to which spies in the US and Britain perceive technology as an existential threat to their work,” Corera writes. “An arms race is on between spy services to exploit technology. Only those who adapt will survive.”
Spying has more than just military significance. The Russians and others have taken economic espionage to a new level. Collecting information peripherally is important.  The author provides an example of Russian trolling for information about a particular executive whom the intelligence services had determined was gay but not out of the closet. “The hackers then sent him an email from a gay rights organization which they suspected he would open since it looked as if it was sent to him, but in fact held malware,” Corera writes. “They then counted on the fact that, even if the executive did suspect it was malware, he would not be willing to go to his company’s IT department or security team for fear it would reveal his sexuality. This is classic, high level, targeted Russian espionage.”
There's intelligence and then there's information.  Spying in common parlance conjures up images of dangerous men with guns in tuxedos in scary situations who can leap tall buildings in a single jump. Or the silent bureaucratic types of Le Carre. The author has a wonderful metaphor for the difference in how spying is done by different countries. Let's say you want to find out what kind of sand is on a particular beach in some foreign country.  The UK would send a submarine with divers in wet suits (bow ties and suits underneath) to surreptitiously retrieve a sample of sand from the beach. The Americans would use technology to and fly satellites, drones, and planes over the area to take lots of pictures.  The Chinese would send tourists to the country to have a good time, visit the beaches, and then shake out their towels when they got home.
It's a comprehensive look at how spying developed, including the misconceptions about what spying is and its development over time into not just  military purposes uses but economic, as well.  Corera includes a detailed history and an examination of how cyber spying was affected by the revelations of the collection of data by government agencies by Snowden, and suggestions on what the future of cyber spying and offensive actions may hold for us. It's organized in a logical chronological way and intricate cyber threats and attacks are explained clearly.

The scale of cyber espionage has evolved way beyond the wildest dreams of a former Stasi officer who noted their maximum capability was to tap forty lines at once. Now, given that almost all of the world’s internet traffic flows at some time or another through the United States, the NSA, with its sweeping authority and collection devices, has access to everything. Worried about public encryption keys, they sweep up and store ALL of the telephone traffic in the U.S. and many other places arguing they don’t listen to the content but merely search the metadata attached to digital traffic. And since even analog conversations get converted to digital at some point, that’s everything. Metadata is easy to search and often more revealing than content.

In their search to build an even larger haystack (you can’t find the needle without the haystack) they even resorted to techniques even aside from the famous clipper chip debacle. In one instance, discovered by Kaspersky Labs, they arranged to have malware hidden into DVDs that were given to participants of hacker and security conferences attended by analysts from all around the world that contained records and presentations of the conference. This gave them worldwide access to computers run by the most sensitive personnel.

Snowden’s revelations of the NSA’s spying capabilities had less affect on national security than it did on business. It’s hard to maintain a global outreach and increase your revenue if it becomes widely known that anything you do using the company’s products will become NSA fodder. Zuckerberg, in particular, was furious after the revelations, complaining to Obama that his business model was being hurt. Screw national security; you’re hurting our business, was the message.

1984 doesn’t even remotely compare to today’s capabilities.
Some reviewers have complained that a weakness of the book is its specialization and detail; that's what I liked.  Unfortunately, the world changes so fast that more recent events are obviously not included.  Sandworm by Andy Greenberg fills that gap and should also be read. Overall a fascinating glimpse at the evolution of the new cyber world.
N.B. Years ago I read Clifford Stoll's The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage    (1990) (how the author tracked down a spy ring because he wanted to know how and why 75 cents of computer time was unaccounted for.) Stoll is highlighted for his work in this book.  Stoll also wrote (in 1996) a prescient view of the problems inherent in the Internet:  Silicon Snake Oil: Second Thoughts on the Information Highway  .  For a truly prescient view of the problems with interconnectivity written in 1955, see a SF masterpiece by Thomas Ryan, The Adolescence of P-1

Wednesday, June 09, 2021

The Success of Terrorism


I've been reading a lot lately about cyber-security, its history, and the impact it's had on democracy and policy. One thing is clear. Terrorism in any form, be it IEDs, 9/11s, assassinations, etc., have little to do with gaining military advantage.  They are about creating an environment where people are scared. Getting them to overreact or distrust their government is the goal. The cyberattacks on infrastructure serve a similar purpose. After all, one purpose of government is to protect its citizens.  The occasional cyber hit on, say, the billing department of a pipeline that shuts down gasoline supplies, or messing with the water supply of a Florida city, or shutting off the lights in Ukraine, or manipulating people on social media with disinformation; all these efforts build distrust in the ability of government to protect its citizens.  You can shatter people's support for  government by scaring them, and soon people won't bother to vote, they'll distrust elections, and governments will fall.  


The efforts of the Russian GRU and other terrorists have been wildly successful. 9/11 unleashed an enormous overreaction that bogged the U.S. down in multiple wars in the Middle East that have sapped the treasury and military, resulted in spending trillions on theatrical security efforts in airports, and increased surveillance on its citizens, accomplishing nothing except to build distrust of government. Their recent minion in the White House only made things worse by placing his emphasis on personal enrichment rather than defense of the country, downplaying not just cyber threats, but biologic ones as well.


None of this is new, but it will take a deft hand at the controls to overcome the mounting distrust in democracy and government.

Suggested Reading:

Anderson, James. "Computer Security Technology Planning Study." UC Davis Computer Security Lab,

Corera, Gordon. Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage. Pegasus Books, 2017.

Greenberg, Andy. Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. Anchor, 2020.

Perlroth, Nicole. This Is How They Tell Me the World Ends: The Cyberweapons Arms Race. Bloomsbury Publishing, 2021.

"SAGE: Semi-Automatic Ground Environment Air Defense System." MIT Lincoln Laboratory,