He Was a Boy; She Was a Girl…

Information Assurance – IA – is one of those deceptively simple-looking things the military is a major proponent of; at a glance, most people would (not entirely incorrectly) think that “Information Assurance” was just a fancy way of saying “information security”, i.e. protecting computers, networks, and their contents from Bad People and their tools. Needless to say, it’s not quite that simple. Like most security-related things, IA is closely interrelated with other, similar disciplines; the glass-half-full guys might say it encompasses other things, like Operational Security, a/k/a OPSEC, and is greater than the sum of those many parts. (Most of the descriptions glass-half-empty people might use aren’t repeatable in polite company, alas.)

One of the must-visit resources for people interested in (or forced to take an interest in) IA is the Information Assurance Support Environment, or IASE. I periodically check their site for interesting tidbits, and recently stumbled across something that’s interesting on so many levels, it just had to be shared.

That “something” is a PowerPoint presentation from Boeing, which seems to be – in some places, at least – incorrectly attributed to the NSA’s Interagency OPSEC Support Staff, or IOSS. Called “Lethal Keystrokes”, a copy is available – if you have the correct security certificates on your computer – directly from IASE. Why this is restricted to government employees is something of a mystery to me, unless they’re trying to hide just how cheesy – indeed, how Awesomely Bad(tm) – the presentation is.

In a nutshell, the presentation is the hyperbolic story of a tempestuous long-distance relationship between an employee of a major defense contractor, and a teenage girl in a hostile foreign country. He seems bound and determined to make inadvertent, well-meaning mistakes with the potential for far-reaching consequences:

She, on the other hand, is a dutiful slave of her government bent on destroying Chris and everything he works for – not out of any particular malice, but because, hey, she’s just doing her job:

Chris’ wife doesn’t know about Alice, or her relationship with him; in fact, Chris isn’t even aware of Alice, or his dangerous relationship with her. (Yes, Chris, like most men, is something of an idiot.) I admit, it’s not exactly Oscar-worthy stuff, but it’s still interesting… though not, perhaps, for the reasons you might think.

The presentation – which is available to the public elsewhere on the web, incidentally, including right here – actually has nothing to do with Information Assurance, or Operational Security. It includes hip, bleeding-edge technical terms like “Internet” and “Google”, but the entire threat model it addresses is severely old-school, and I’m not talking “1999” old-school, here: think early Cold War, old-school. In fact, the basics of what this presentation warns against are essentially identical to what one of Boeing’s competitors was warning against in the early 1980s; back then it was called “counterintelligence”, and the big concern was the Soviet Union. The name has changed, and you’d have to be an idiot not to conclude that China has eclipsed Russia as an intelligence threat, but it’s still a ridiculously old threat model.

Maybe Boeing – and/or DISA and IASE – know something I don’t, but I really don’t see the threat model portrayed in the presentation as particularly likely – or even particularly cost-effective for an adversary, here in the 21st century. More to the point, the presentation – to me – sends a painfully and confusingly mixed message: ostensibly, Boeing wants “you” to watch what you say online; loose lips sink ships, actions have unintended consequences, and all that sort of thing. (The presentation is titled “Lethal Keystrokes”, remember.) Yet, “Chris” never does anything particularly questionable online; his “lethal” blunder is the result of a 1960’s HUMINT espionage technique that has nothing to do with computers or the internet.

Anyway, I suggest you download it for yourself (it’s just over 2MB) and give it a look; it’s ridiculously cheesy and Awesomely Bad(tm), but still kind of entertaining; it is, after all, a sort of dysfunctional love story, and who can resist a love story, however stupid and dysfunctional, masquerading as (stupidly confusing, inept, and ill-conceived) training material?

Published in: 'D' for 'Dumb', General, Security | on November 13th, 2008| Comments Off on He Was a Boy; She Was a Girl…

Both comments and pings are currently closed.

Comments are closed.