We’ll be hosting a webinar with security expert Jeffrey Carr where we’ll demonstrate how Recorded Future can be used to gather cyber intelligence from open source.

Date: Tuesday, January 31, 2012
Time: 11am Eastern; 8am Pacific
Duration: 1 Hour

Register online

Topics we’ll cover include:

• How Recorded Future offers the only solution which can immediately harvest, cluster, and surface predictive signals from unstructured text
• How Recorded Future makes available what the world knows about the future by aggregating forecasts and predictive signals from across the web
• How advanced data visualization tools support patterns of behavior research, forecasting, and identification of influential relationships between entities
• How temporal reasoning partnered with entity and event extraction can be used on the public web or in private, secure clouds
• A live demonstration of open source research on cyber threats including the evaluation of state and non-state threats, corporate security measures, and the sequence of events surrounding Iran’s capturing a RQ-170 drone

Pop over to Drew Conway’s blog Zero Intelligence Agents and check out his latest post “Who are the most central members of the China’s leadership as we enter 2012?” Drew is a PhD student in political science at New York University. Drew studies terrorism and armed conflict; using tools from mathematics and computer science to gain a deeper understanding of these phenomena. He analyzed a massive amount of Recorded Future data gathered from open source, did some math magic and came up with a pretty compelling analysis.

Over the last week, much has been written on Iran’s new electronic warfare capabilities. Iran first claimed that it was able to hijack the RQ-170 drone by jamming its GPS signal and landing it remotely. Now there is a new report that suggests that the Iranians may have blinded a US spy satellite. The report suggests that a laser may have been used to temporarily “blind” a satellite that was conducting surveillance overhead. If this is true, the Iranians must have gained access to advanced electronic warfare equipment.

The sudden flurry of reports about Iran’s capabilities makes it seem like this technology was developed overnight. In reality, this type of advanced equipment needs to be acquired from a superpower, and it looks like the Iranians turned to the Russians for help in this department.

View of discussion around Avtobaza reveals connections to Russia

The Russians admitted to selling the Iranians an advanced electronic intelligence system called the Kvant 1L222 Avtobaza. The Avtobaza is intended to be a, “radar jamming station and RF intelligence gathering tool”. A technical analysis of Iran’s ELINT capabilities postulates that the trucks that the Russians sold to Iran may have, “been modded to work in the satellite ranges”. It was the opinion of the report however that the system was likely used only in the RQ-170 incident.

This appears to be a more likely scenario, unless the Iranians were able to modify the equipment given to them by the Russians. The Iranians have been known to interfere with satellite communications in the past, but trying to modify the Avtobaza appears difficult. The Avtobaza was intended, “to detect airborne side-looking radars, air-to ground fire-control radars and low-altitude flight control radars” but not satellite communications. Despite this, a DIY Iranian ELINT system capable of blinding US satellites might be possible.

Emerging Reports on the Russian-built Avtobaza

Do you think the Avtobaza could be used to interfere with satellite communications? Have a look here at the technical specifications. Would you like to follow Iran’s jamming activity or ELINT capabilities? If so, consider taking a look at Recorded Future’s open source intelligence tools.

What is the regional significance of Hezbollah working with the drug cartels? Let’s consider Hezbollah’s cell activity in Latin America and examine its relationship with the cartels.

The issue has increased in momentum over the past few months

US websites dedicated to border issues and even one of the Republican presidential candidates mentioned the “significant and imminent threat of the Iran-Latin America nexus”. Others have indicated that Hezbollah functions as a sort of insurance policy for Iran in those regions. The state can fund the terrorist group and still exercise plausible deniability in the event of a major attack. Iran perceives its support of Hezbollah as a way to pressure the United States within its strategic sphere of influence in the Americas.

Some sources have said that the strengthening relationship between Iran and Venezuela has increased Hezbollah’s influence in the region. Both leaders are staunchly anti-American, and it is reasonable to think that they would pursue activities that would undermine US interests. Roger Noreiga, the same official that warned of an attack by Hezbollah, indicates that Venezuela, “has allowed Iran to mine uranium” and that Venezuela’s Margarita Island has eclipsed the infamous TBA as the principal safe haven and center of Hezbollah operations in the Americas”. This is particularly disturbing as Iran is suspected of pursuing a nuclear weapon while simultaneously funding Hezbollah close to the US border. Therefore, there major concerns that if Iran obtains a nuclear weapon it might share the weapon with Hezbollah.

There are two major Hezbollah networks operating in the Americas under the direction of the Iranian Quds Force. The first is the Nassereddine network, operated by a former Lebanese citizen that became a Venezuelan and is now the second-ranking diplomatic official to Syria. He currently resides on Margarita Island and runs money laundering operations for the group. The other network is purportedly run by Hojjat al-Eslam Mohsen Rabbani, a culutral attaché from Iran who is involved in various recruitment activities and frequently travels under false papers in Latin America. The two networks together make up the majority of Hezbollah’s activity in the Americas.

Now back to the cartels. Why is the link between Hezbollah and Los Zetas so important? The main concern is that if Hezbollah and Los Zetas are cooperating on drugs (which they are to the tune of hundreds of millions), then why would they not cooperate on weapons? Hezbollah and other extremists may be willing to export their knowledge of IEDs to the cartels. The relationship between Hezbollah and Los Zetas appears to have already expanded beyond drugs. In October 2011, the US authorities revealed that there was an attempt made by Iran to assassinate the Saudi ambassador on US soil.

It looks like Los Zetas was intricately involved with Iran in this and other related plots, “The alleged plot also included plans to pay the cartel, Los Zetas, to bomb the Israeli Embassy in Washington and the Saudi and Israeli Embassies in Argentina, according to a law enforcement official…The plotters also discussed a side deal between the Quds Force, part of Iran’s Islamic Revolutionary Guards Corps, and Los Zetas to funnel tons of opium from the Middle East to Mexico”. Other information that we have found would corroborate the existence of a relationship between Hezbollah and Los Zetas.

There are also some analysts that think that the entire relationship should be played down and that Hezbollah’s influence is overplayed. James Bowsworth of the Christian Science Monitor downplays the relationship saying,

“The case is notable for having all the key words that people get excited about: Hezbollah! Terrorist-financing! Cocaine! Zetas! Venezuela! And all of that appears to be true. At the same time, in spite of all the red flag key words, the details within these articles and the indictment show how the US government can deal with the issue of Hezbollah in the hemisphere without panic and over-reaction”

In the early morning of November 26^th, US military aircraft struck a (previously identified) Pakistani border outpost resulting in 42 Pakistani Military casualties. With a total of 28 dead and 14 seriously wounded, this incident qualifies as the single most deadly cross-bor

der attack on a Pakistani military position since the beginning of the US lead war in Afghanistan.  As a result, Pakistani officials have announced the permanent closure of NATO supply lines into Afghanistan. In addition, the Pakistani government promptly ordered the departure of US persons from the Shamsi air base; which, has reportedly been utilized for the launch and recovery of UAV’s (unmanned aerial vehicles).

The Data

I prefer to keep things simple so after a little keyword experimentation I searched “Islamic Republic of Pakistan” and “drone” and “strikes”. I felt that this combination would best identify past cross-border incursions; even when drones aren’t involved, they’re nearly always referenced.  To have a solid data set to work with I queried from January 1^st 2009 through December 31^st 2012.

What I end up with is the chart below, which has plenty of data and a wonderful view of the momentum and negative sentiment trend lines. To provide a better view of the trending, I’ve included a second chart with the events deselected.

A thorough review of all the events supports an increase in momentum, not surprising, after a drone strike in Pakistani territory. Interestingly, there’s no direct correlation between the large spikes in negative sentiment and civilian and/or Pakistani military casualties. Subsequent searches revealed these spikes typically occurred during times in which the Pakistani government was being criticized, for one reason or another, by the US government. That’s a completely different problem set, but the following analysis was derived from the information obtained via Recorded Future, which quickly permitted me to view similar past events, reactions and outcomes.

Analysis

It’s important to understand that the Pakistani version of an outpost is substantially different from the typical US outpost and often consists of nothing more than hastily dug positions and/or dirt berms. Now this particular border outpost is well within Pakistani territory, located approximately 2.5 kilometers from the Afghanistan border, in the FATA (Federally Administered Tribal Area). The FATA border area is extremely volatile and has long been a point of contention between Pakistani and US Forces, with regular exchanges of small arms fire and occasional strike missions involving US military aircraft. I want to be clear when I state that it’s very common for Pakistani border forces to initiate contact with US troops. Regardless, most of these instances occur during the hours of low visibility when it’s often difficult to distinguish friend from foe. Similarly, complex tribal affiliations and the often not-so-subtle support for and intermingling with militants can further complicate matters.

What if this wasn’t a matter of confusion? To further speculate, it’s possible that a high value target was identified as having been at that location. Due to political sensitivities such an operation would have to have direct approval from the office of the POTUS and would require an extremely high degree of confidence. It’s unlikely that such a sensitive operation would ever be publicized but in my experience, it’s entirely plausible. Given the scenario and increasing political tensions however, it’s equally likely that influential elements within the FATA and/or the Pakistani government intentionally provoked a military response and ensured its escalation. This may sound like a conspiracy theory but there are certainly people out there with much to gain from the growing tensions and political turmoil between the US and Pakistani governments.

The timing of this couldn’t have been better…errrr…worse rather. There’s been an extraordinary amount of political tension between the US and Pakistani governments. The tension was steadily building but the US special operations cross-border raid deep into Pakistan targeting Usama Bin Laden accelerated an already declining relationship. The Pakistani government has openly opposed cross border drone strikes that have always, publically, been a point of contention not to mention a sometimes-political diversion. In previous instances in which border incursions resulted in high civilian casualties, the Pakistani government was quick to publically condemn such strikes. Similarly, it’s common for supply lines to be temporarily closed as a show of strength.

So what happens this time? Well… very likely the same thing that’s happened every other time a similar situation has occurred. From the Pakistani governments perspective, the response needed to be fast, appear tough and demonstrate attacks against Pakistani forces will not be tolerated. The government needs to maintain its sovereignty in the eyes of the people. Similarly, they need to appease tribal leaders as well as the militant elements that could threaten the capitals stability. On the surface, at least from my perspective, this has been achieved. NATO supply routes will be closed and perhaps for a longer period than before, but they’ll inevitably reopen until the next blatant breach of sovereignty. The US was already scheduled to depart the Shamsi air base in June of 2012, so this is more of an inconvenient show of power that at most will reduce the dwell time of the drones and whatever other aircraft are being utilized. There’s no real comparison for this scenario but I suspect this deadline will be extended but not announced. Lastly, I suspect the video from the aircraft involved will be provided as proof that US forces did not initiate contact and were in fact responding to hostile actions.

If you’re interested to try Recorded Future, sign up for a free 14-day trial.

Smart grid technology is poised to take the power infrastructure market by storm in the coming decade. The industry in the US is expected to grow from $5.6 billion in 2010 to $9.6 billion by 2015. The US government made an initial $3.6 billion investment in 2009, and now many smart grid firms are showing signs of growth. Big companies like IBM and Lockheed Martin are scrambling to take advantage of this emerging market.

The appeal of the smart grid is its potential to greatly improve the efficiency and stability of the nation’s power infrastructure. For example, the smart grid can “self-heal,” so if a power station goes down in one region the system may be able to adapt and divert resources as needed. Another principle advantage of the smart grid is increased transparency between the customer and the utility, ideally allowing utilities to better manage peak loads and communicate with customers.

Let’s look at the progress. How has the industry fared within the past year?

Smart grid news over the past 12 months

Recorded Future’s sentiment analysis tool can provide immediate feedback on the health of an industry. In this case, we can see plenty of positive sentiment for the smart grid market, and we can also pick out favorable analyst quotations. Three analysts of note that discuss the US smart grid market:

• Paul Korzeniowski of EnergyBiz: “says the number of smart meters deployed in the United States is nearing critical mass and may in fact be leading to a fast approaching transition point in the industry”

• Lawrence Makovich: “the widespread expectation in the United States and around the world today [is that] the smart grid is the next big thing… the reality, he writes, is more sobering. Instead of a disruptive technology poised to transform the power sector, he argues, we should expect a more evolutionary change toward a “smarter” grid, with more modest results.

• Massoud Amin: “there have been an increasing amount of outages per year in the US, and a smart grid could reduce the costs of outages by about $49 billion per year.

As seen above, forecasts for the US smart grid market appear to be generally positive. Analysts like Lawrence Makovich seem more cynical than others about the smart grid’s transformative powers, but even he is cautiously optimistic.

International Outlook

The international market for smart grid technology in the future appears to be even more explosive than in the United States.

Future international market for smart grid technology

China is expected to be a major player in this area, investing around $100 billion into upgrading its power infrastructure . It also appears to have taken the lead in government spending on smart grid projects at $7.3 billion while several other nations in the region are expected to spend $28.8 billion on smart grid projects by 2017.

Security: The Achilles Heal

Although most analysts agree on the general short-term health of the industry, there are some signals that raise concern. Electric Light & Power indicates that the momentum of smart grid development declined in the first half of 2011, and the “weakest link in smart grid’s development has been the lack of attention to automating and modernizing the transmission and distribution network”, according to the smart grid blog Memoori.

However, the biggest risk and potentially limiting factor for progress toward widespread smart grid adoption is security. The smart grid market is serious business with potentially disastrous consequences if it is not implemented correctly. Rolf Adam of Cisco sums up the situation: “From an IT environment security perspective, it’s a nightmare”.

Evidence suggests that he isn’t the only one concerned as fear of an infrastructure attack is on the rise among business executives. In a survey conducted by McAfee, 40 percent of executives surveyed said that their company was not prepared for an attack.

The security of the smart grid is increasingly being brought into question

Over the past year, the security of the smart grid has increasingly been brought into question. The primary concern is that an attacker might be able to exploit vulnerabilities in the hyper-connected grid to cause mass blackouts. VentureBeat highlights why so many industry experts are concerned, “ increasing automation and communications within the electricity grid potentially has a dark side; increased vulnerability to attack.” Ironically, as the grid gets smarter it becomes less secure.

Is anything being done to combat this future threat? What is the biggest future security threat for the smart grid?

Long-term security threats facing the smart grid

The good news is that governments are aware of the problem and resources are being mobilized to combat it. A report by Pike Research, “anticipates that government and regulatory compliance will drive substantial investment in smart grid cyber security”. The group also expects the smart grid cyber security market to reach $3.7 billion by 2015.

Will billions of dollars in cyber security investment solve the problem? Perhaps not. It appears that the biggest problem facing the power grid is non-technical in nature. According to one former government official, “Ninety to 95 percent of the people working on the smart grid are not concerned about security and only see it as a last box they have to check”.

If no one cares about security, it is reasonable to conclude that the system will not be secure, and the New York Times recently highlighted this same point when it said that, “utilities are very reluctant to share information about security vulnerabilities due to liability issues”. It appears that utilities are not encouraging a culture of security around the smart grid. As a result, this could have disastrous consequences for the long-term future of the smart grid.

Conclusion

The smart grid market is a potentially lucrative space, and both the US and international markets are expected to grow substantially over the next decade. Yet, the security concerns are significant enough that they can be expected to slow down progress.

Are you following the smart grid market? Interested in the future of Advanced Metering Infrastructure (AMI) or Meter Data Management (MDM)? Take a look below and see what future projects these companies are working on.

Advanced Metering Infrastructure (AMI):

Analytics:

Demand Response:

Meter Data Management (MDM):

Personal Energy Management (PEM):