The West Has Forgotten How to Keep Secrets

My CEPA article about the intelligence vulnerability open access, open government, and open data can create if left unaddressed and not in sync with national security – The West Has Forgotten How to Keep Secrets.
From the text:
“But OSINT, like all other intelligence, cuts both ways — we look at the Russians, and the Russians look at us. But their interest is almost certainly in freely available material that’s far from televisual — the information a Russian war planner can now use from European Union (EU) states goes far, far beyond what Europe’s well-motivated but slightly innocent data-producing agencies likely realize.

Seen alone, the data from environmental and building permits, road maintenance, forestry data on terrain obstacles, and agricultural data on ground water saturation are innocent. But when combined as aggregated intelligence, it is powerful and can be deeply damaging to Western countries.

Democracy dies in the dark, and transparency supports democratic governance. The EU and its member states have legally binding comprehensive initiatives to release data and information from all levels of government in pursuit of democratic accountability. This increasing European release of data — and the subsequent addition to piles of open-source intelligence — is becoming a real concern.

I firmly believe we underestimate the significance of the available information — which our enemies recognize — and that a potential adversary can easily acquire.”

 

 

Bye bye Vladivostok! The Chinese claim of the Russian Far East.

Russia’s decline is visible to everyone, including China, despite its grandiose claims and attempts to bury history.

In 1997, the First Opium War officially ended with the British administration and forces leaving Hong Kong. The Second Opium War is still ongoing, since the Russian Federation continues to occupy the Amur region and Outer Manchuria. This land area was extorted from China in 1860 during the Second Opium War, under threat to set Beijing ablaze.

Surely no one these days thinks of returning Vladivostok to China? 

Let’s first understand the limits of Russia’s expansive claims to territory it does not currently occupy. The Kremlin or its servants claim any terrain that has been Russian territory or under Russian administration for the last 800–900 years, or has a Russian-speaking population. These claims include Alaska, Ukraine, Finland, Estonia, Latvia, Lithuania, and Moldova. Russia also sees any country that was a part of the defunct Soviet Union as part of the Russian Empire, which must at the very least accept Russia’s authority, or risk being brought back to the fold at any time. Putin has for years talked about Russian peace, or Russkiy Mir, as the natural end state. The concept is pure Soviet ideology; mir was the happy state of global harmony achieved once the Soviets had eradicated all obstacles to socialism.

Putin further enunciated this idea at the St Petersburg Economic Forum on June 17, when he asked, “What is the Soviet Union? It’s historical Russia.” He then attempted to reassure anxious neighbors that they were unlikely to be invaded (unless they took the Ukrainian path.)

The trouble with old territorial claims against others is they’re just as likely to have claims against you. So Russia has a potential counterclaim clan composed of Finland after the loss of Karelia, Viborg, and Petsamo, and other countries such as Georgia. As things stand, the irredentists are silenced by the disparity in power between Russia and minor countries.

Not so China. Its claims to Russia’s Far East are fact-based and indisputable. Chinese maps from the 13th century show the area around Vladivostok as Yongmingcheng, and to this day the port itself is still called Hǎishēnwǎi alongside the Russian imperial name of Vladivostok. From a Chinese and Korean perspective, the name Vladivostok must feel as natural as Salisbury, as Zimbabwe’s capital was formerly known, in Mashonaland.

It is notable that public discourse on decolonization regularly avoids any mention of Russia’s continuing colonial occupation. Maybe it is time to change that.

Once understood, Putin’s selective imperialism becomes glaringly obvious. Treaties and agreements are subservient to the Kremlin’s understanding of history, or Russian military power, whichever is the greater.

Chinese (and Korean) claims over the Russian Far East are significant. There was a substantial Chinese population in the Russian Far East until Soviet mass deportation to China; ethnic cleansing of the Far East peaked in the 1930s. Before the Russian revolution, the Chinese made up 41% of the registered labor force in the then Amur and Primorsk oblasts. The actual number was likely higher as many Chinese did seasonal cross-border work as day laborers. Ethnic Russians were likely the minority, which is what drove Stalin, as always, to select the inhumane policy of mass expulsion to guarantee Russian supremacy.

What does modern China make of this? For now, it is content to ally with its fellow global disruptor in an axis fueled by discontent at the continuing dominance of the US and a supporting cast of allied democracies. Despite the laughable imbalance between the two (Chinese adjusted national wealth is more than 5.5 times that of Russia), the Communist party (CCP) is getting cheap oil and gas from Putin’s regime while helping to prop up a large, if failing, autocracy.

The real strategic upside for China is a continued deterioration of Russia’s economy and abilities (it is, for example, short of more than 170,000 IT staff after a post-invasion exodus), and population — 2020 saw its largest recorded peacetime decline following huge numbers of pandemic deaths. Officials have warned that it may lose another 12m of its 145m population by 2035.

Russia is rotting, giving China a huge range of options with its declining neighbor. If current trends persist, China can reasonably expect its old territories to one day fall into its lap.

The CCP has a long memory, as it has made clear over the years with sometimes splenetic outbursts aimed at Japan and the UK, and their role in its history. Will Russia get a free pass? That seems hard to believe.

But China can hope to decolonize the Far East by simply continuing the current long-term strategic path. This doesn’t undermine access to Russian resources because the Kremlin is ever-more reliant on its giant neighbor’s goodwill to prop up the economy. Past attempts to diversify with Japanese and South Korean investment have failed, not least because Russia swiped the Kuril Islands at the end of World War II and refuses to discuss the matter. That tentative relationship is anyway now sanctions-bound.

Seen in this light, China can take its time.

The Chinese population is 10 times that of Russia and yet each Russian has 17.5 times more land per capita than his/her Chinese counterpart. Chinese farmers already work on Russian soil in the Far East and businesses have a strong presence.

Chinese leaders may well have a better understanding of Russian decline than their Western counterparts. Russia is not a superpower but is treated as a superpower. There is a reason why Russia constantly threatens the use of nuclear arms; the country is an economic dwarf compared to its geographical size.

Russian GDP is only nine times greater than the revenues of the American retailer Costco. The economic strength of Russia is limited; natural resource sales produce cash flow that can be distributed to keep the Russian people calm and elites happy, but not much else. Almost no one outside Russia seeks to buy Russian cars, household appliances, or TVs.

It confounds logic for China to treat Russia as a superpower and an equal when Russia has a tenth of the economic torque, unless China itself has fallen for the Russian propaganda and sable rattling.

Sun Yat-Sen, the nationalist father of modern China, pushed for the decolonization of the Russian Far East and the resettlement of Han and Manchu Chinese on their ancestral lands, until the Chinese Revolution halted further discussion. But even these days, Chinese spokespeople splutter when reminded of its past status.

Will China now get tough on Russia and raise its demands, now that the Russian Far East is drained of military units, while the Kremlin has made itself an international pariah and its economy groans under the weight of Western sanctions? Probably not.

For now, Vladivostok can continue under the Russian flag with the certain knowledge that one day it’s more than likely to become Hǎishēnwǎi, a city in China once again.

Jan Kallberg

Picture credit: By Raita Futo from Tokyo, Japan – Zolotoy bridge, Golden Bridge, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=64991440

Defending NATO in the High North

Defending NATO in the High North

 

The invitation and entry of Sweden and Finland into the NATO alliance radically improve the Alliance’s ability to defend the High North. Sweden and Finland will provide NATO with operational depth and logistic routes that the Alliance lacked earlier. With Sweden and Finland outside of the Alliance, the route to move NATO reinforcement to Finnmark, the Northernmost part of Norway, follows the single coastal road E6 along the Norwegian shoreland. Any Russian stand-off weaponry, or special forces, could, with limited engagements, strike the E6 route and cut off Northern Norway, leaving it open to a rapid Russian advance.

This lack of operational depth and NATO’s reliance on a single route to reinforce the High North has been an opportunity for a Russian fait accompli attack early in an evolving conflict with NATO.

A sustained fight to defend an area needs a land-based supply route to maintain the flow of equipment, logistics, and reinforcements, as these represent thousands of tons to be hauled into the operational area. Airborne or air transported troops can only sustain a fight over a limited time. The recent battle for Hostomel Airport outside of Kyiv, where Russian airborne troops lost against Ukrainian ad hoc formations, shows the short duration airborne forces can sustain a fight without a land-based logistic trail that follows.

The fastest way to move ground units from Germany, Denmark, and the U.K. to Northern Norway is through Sweden, which has several roadways leading to the far North. Meanwhile, coastal Norway has fjords, deep-cut valleys, mountainous terrain, and numerous bridges that could be destroyed and hinder a NATO movement; Sweden offers a straighter route to the North.

A Russian military planner, creating a case for assault plans on Northern Norway, had to focus on the Western edge towards the defending NATO forces along the Norwegian coast. The High North engagements Southern flank towards Sweden and Finland was “protected” by the Swedish and Finnish decision to be neutral and not be a part of the conflict. So the Cold War case, and until now, for a USSR/Russian attack on Northern Norway went from East to West without considering the Southern flank.

The NATO defense of the Norwegian High North will also benefit from the opportunity for NATO with the Swedish and Finnish entry into the Alliance to base and prepare rapid build-up of air assets on Swedish and Finnish airfields when a conflict is on the horizon. The Swedish towns of Kiruna and Gällivare have civilian airports, and any airport can also be used for military purposes. There are also several airfields in Finland; Enontekiö airfield is almost on the Norwegian Finnmark border. These added airfields and assets give NATO a stronger ability to establish air superiority in the Far North and less reliance on a few Norwegian airports that can be struck in the initial stages of the war.

The development of modern anti-ship missiles, with a range of 100s of kilometers, in combination with an enhanced ability to base and use operational space in the North, also ensures NATO a broad ability to prevent the Russian Northern Fleet from reaching the Atlantic Ocean and intercept the movement of U.S. and Canadian formations to Europe.

The entry of Sweden and Finland gives NATO more opportunities to defend the High North by providing logistic pathways, operational space and depth, and the ability to base air assets which would combine strengthen the deterrence posture against Russian aggression. Deterrence translates to a higher threshold for conflict, not only the NATO’s objective but also Sweden and Finland’s, and a gain for both parties.

Jan Kallberg, Ph.D.

 

 

Drones Will not Liberate Ukraine – but Tanks Will

My CEPA article “Drones Will not Liberate Ukraine – but Tanks Will” – see full text.

From the article:
“Drones have changed the battlefield, providing additional situation awareness and the ability to strike targets, but their high success rates in the Ukraine war is a result of unique conditions unlikely to be replicated elsewhere.

Unmanned combat aerial vehicles (UCAV) such as the Turkish Bayraktar TB2 have been successful in the Russian-Ukrainian war and helped prevent the Ukrainian defenses from crumbling under the initial Russian onslaught. The absence of short-range air defenses (SHORAD) in the initial months of the war gave drones free range.

But four months later, man-portable air-defense systems (MANPADS) like the US-manufactured Stinger, its Russian counterpart the SA-25, and other air defense systems, are bringing down drones.”

Air defenses can as easily target larger, slow-moving drones such as TB2 Bayraktar just like other slow moving aerial targets such as helicopters and transport aircraft.

 

A Potemkin Military? Russia’s Over-Estimated Legions

My CEPA article about the overestimation of the Russian abilities – see full text. 

From the text:
“Seen from the West, the Red Army was an able, well-integrated, and competent opponent able to rapidly launch joint offensive operations with no or little warning. Every Western soldier learned how the Soviets would fight by watching Red Army propaganda movies which projected a fast-moving armored onslaught that would either overrun any defense, or destroy the defending forces after encirclement.

The West was taken in by the Communist propaganda machine because these were the only movies showing the Soviet capabilities. We believed that Russian armored divisions would sweep across the open landscape, cross rivers and streams with ease when engineers unfolded pontoon bridges as the spearhead arrived, all surrounded by a symphony of well-orchestrated artillery and rocket fire and framed by the smoke trails of SU-24 ground attack aircraft in joint operations.

We looked at the Soviet, and now Russian, order of battle and drew mathematical inference – and ended up being wrong.

We missed discipline, leadership, coordination, trust, and the effects on troops and hardware, living in a culture of corruption and theft for decades. These factors could not be quantified and never made it to the model. Instead of passing the Portuguese border on day 75 of the assault, following the original Seven Day to Rhine model, the Russians in reality barely made it to the next postal code in Donbas.”

 

CEPA Article: Russia Won’t Play the Cyber Card, Yet

My article from CEPA (Center for European Policy Analysis). Read the full text following this link. 

In reality, the absence of cyber-attacks beyond Ukraine indicates a very rational Russian fear of disclosing and compromising capabilities beyond its own. That is the good news. The bad news is that the absence of a cyber-offensive does not mean these advanced capabilities do not exist.

From the text.

“The recent cyberattacks in Ukraine have been unsophisticated and have
had close to no strategic impact. The distributed denial-of-service (DDoS) cyber-attacks are low-end efforts, a nuisance that most corporations already have systems to mitigate. Such DDoS attacks will not bring down a country or force it to submit to foreign will. These are very significantly different from advanced offensive cyber weapons. Top-of-the-range cyber weapons are designed to destroy, degrade, and disrupt systems, eradicate trust and pollute data integrity. DDoS and website defacements do not even come close in their effects.

A Russian cyber-offensive would showcase its full range of advanced offensive cyber capabilities against Ukraine, along with its tactics, techniques, and procedures (TTP), which would then be compromised. NATO and other neighboring nations, including China and Iran, would know the extent of Russian capabilities and have effective insights into Russia’s modus operandi.

From a Russian point of view, if a potential adversary understood its TTP, strategic surprise would evaporate, and the Russian cyber force would lose the initiative in a more strategically significant future conflict.

Understanding the Russian point of view is essential because it is the Russians who conduct their offensive actions. This might sound like stating the obvious, but currently, the prevailing conventional wisdom is a Western think-tank-driven context, which in my opinion, is inaccurate. There is nothing for the Russians to strategically gain by unleashing their full, advanced cyber arsenal against Ukraine or NATO at this juncture. In an open conflict between Russia and NATO, the Kremlin’s calculation would be different and might well justify the use of advanced cyber capabilities.

In reality, the absence of cyber-attacks beyond Ukraine indicates a very rational Russian fear of disclosing and compromising capabilities beyond its own. That is the good news. The bad news is that the absence of a cyber-offensive does not mean these advanced capabilities do not exist.”

Jan Kallberg

My article for 19fortyifive: “Free War: A Strategy For Ukraine To Resist Russia’s Brutal Invasion Of Ukraine?”

 

I wrote an article for the national security web-based venue 19fortyfive that addresses resistance operations seen in the light of the Swedish Fria Kriget (Eng.: Free War) concept.

The full text can be found here.
(Picture UK MOD)

 

Article: Too Late for Russia to Stop the Foreign Volunteer Army

My article “Too Late for Russia to Stop the Foreign Volunteer Army” was published by the Center for European Policy Analysis. A short quote below,

Any Ukrainian who sees French, British, American, Spanish, Brazilian, from wherever they come, volunteers joining their resistance will solidify the notion that the war is not between Ukraine and Russia; but between good and evil. Predictably enough, Putin, his commanders, and propagandists are troubled by the prospect of thousands of volunteers supporting the Ukrainian narrative, their cause, and strengthening the Ukrainian will to endure.

 

Ukraine: Russia will not waste offensive cyber weapons

An extract from my latest article at CyberWire – read the full article at CyberWire.

When Russia’s strategic calculus would dictate major cyber attacks.

Russia will use advanced strategic cyber at well-defined critical junctures. For example, as a conflict in Europe unfolded and dragged in NATO, Russian forces would seek to delay the entry of major US forces through cyber attacks against railways, ports, and electric facilities along the route to the port of embarkation. If US forces can be delayed by one week, that is one week of a prolonged time window in Europe before the main US force arrived, and would enable the submarines of the Northern Fleet to be positioned in the Atlantic. Strategic cyber support strategic intent and actions.

All cyber-attacks are not the same, and just because an attack originates from Russia doesn’t mean it is directed by strategic intent.

Naturally, the Russian regime would allow cyber vandalism and cybercrime against the West to run rampant because these are ways of striking the adversary. But these low-end activities do not represent the Russian military complex’s cyber capabilities, nor do they reflect the Russian leadership’s strategic intent.

The recent cyberattacks in Ukraine have been unsophisticated and have had close to no strategic impact. The distributed denial-of-service (DDoS) cyber-attacks are low-end efforts, a nuisance that most corporations already have systems to mitigate. Such DDoS attacks will not bring down a country or force it to submit to foreign will. Such low-end attacks don’t represent advanced offensive cyber weapons: the DDoS attacks are limited impact cyber vandalism. Advanced offensive cyber weapons destroy, degrade, and disrupt systems, eradicate trust and pollute data integrity. DDoS and website defacements are not even close to this in their effects. By making DDoS attacks, whether it’s the state that carried them out or a group of college students in support of Kremlin policy, Russia has not shown the extent of its offensive cyber capability.

The invasion of Ukraine is not the major peer-to-peer conflict that is the central Russian concern. The Russians have tailored their advanced cyber capabilities to directly impact a more significant geopolitical conflict, one with NATO or China. Creating a national offensive cyber force is a decades-long investment in training, toolmaking, reconnaissance of possible avenues of approach, and detection of vulnerabilities. If Russia showcased its full range of advanced offensive cyber capabilities against Ukraine, the Russian tactics, techniques, and procedures (TTP) would be compromised. NATO and other neighboring nations, including China and Iran, would know the extent of Russian capabilities and have effective insight into Russia’s modus operandi.

From a Russian point of view, if a potential adversary understood Russian offensive cyber operations’ tactics, techniques, and procedures, strategic surprise would evaporate, and the Russian cyber force would lose the initiative in a more strategically significant future conflict.

Understanding the Russian point of view is essential, because it is the Russians who conduct their offensive actions. This might sound like stating the obvious, but currently, the prevailing conventional wisdom is a Western think-tank-driven context, which in my opinion, is inaccurate. There is nothing for the Russians to strategically gain by unleashing their full advanced cyber arsenal against Ukraine or NATO at this juncture. In an open conflict between Russia and NATO the Russian calculation would be different and justify use of advanced cyber capabilities.

End of abstract – read the full article at CyberWire.

An Underground Resistance Movement for Ukraine

My article titled “An Underground Resistance Movement for Ukraine” was published by the Center for European Policy Analysis. Clip from the text “If Russia succeeds in occupying large parts of the country, a resistance movement can prosper, but only if the West provides help.”

 

Ukraine: the absent Russian Electronic Warfare (EW)

The Russian doctrine favors rapid employment of nonlethal effects, such as electronic warfare (EW), to paralyze and disrupt the enemy in the early hours of conflict. There was an expectation that a full-size Russian invasion of Ukraine would be a massive utilization of electronic warfare from the start.

In the afternoon on the first day of the Russian invasion, the 24th of February, it became apparent that the Russians faced significant command and coordination issues, as there was no effective electronic warfare against Ukrainian communications.

The rationale for the absence of Russian electronic warfare can have different origins; the Russians could have assumed marginal Ukrainian resistance and not deployed their EW capabilities. There was no tangible Russian EW engagement on day five of the invasion after stiff Ukrainian resistance. So if the Russian held back their EW early, the EW should be operational on day five, so the other explanation stands. The Russians can’t get their EW together.

In my view, that indicates that the Russians have failed to synchronize the EW, spectrum management, and the activities between different military formations to ensure functional, friendly communications; meanwhile, the Ukrainians are under Russian EW attack.

After this conflict, the Russian Ukrainian War, the Russians have learned from their failures and any potential adversary that studied the Russian Ukrainian War. The core problem of successfully doing EW is not the hardware; management and operational integration are the challenges.

Any potential adversary will adapt to the Russian Ukrainian War experience and focus on operational integration, but there is a risk for US status quo bias and unwillingness to invest in EW “because apparently, EW doesn’t work.”

The spurious assessment that EW doesn’t work and is not critical for the battlefield becomes the rationale for continuing the current marginal EW investment.

The last almost thirty years, American electronic warfare capabilities have been neglected because the spectrum was never contested in Iraq and Afghanistan. There was neither an enemy ability to detect and strike at electromagnetic activity, allowing for US command post radiating electromagnetic signatures and radiation from radios and data links with no risk of being annihilated when least expected.

During these decades, the other nations have incrementally and strategically increased their ability to conduct electronic warfare by denying and degrading spectrum and detecting electromagnetic activity leading to kinetic strike. Over the last years, the connection between electromagnetic radiation and kinetic strikes has been repeated along the frontlines in Donbas, where Russian-backed separatists shelled Ukrainian positions. In 2020, we witnessed it in the second Karabakh War Armenian command posts were located by their electromagnetic signature and rapidly knocked out in the early days of the war.

American forces are not prepared to face electronic warfare that is well-integrated and widely deployed in an opposing force.
For a potential future conflict, it is notable that the potential adversaries have heavily invested in the ability to conduct electronic warfare (EW) throughout their force structure. In the Russian Army, each motorized rifle regiment/brigade has an EW company, the division has an EW battalion, and within the Corps and Army structure, there are additional units to allocate to the direction of the thrust in the ground offensive. The Russians appear not to use it effectively, but they will learn and adapt.

At the doctrine level, the Russian ground forces are designed to be offensive and take the initiative from the first round is fired, where denial-of-spectrum access is a part of their strategy.
In theory, EW enables forward-maneuver battalions to engage and create disruption for the enemy and an opportunity for exploitation. The Russians benefit from decades of uninterrupted prioritization and development of EW, so they have the hardware, but it appears to be the integration that lacks.

Electronic warfare is a craft, a skill, and potential adversaries’ EW/signal officers are EW/signal officers their entire careers. Naturally, the potential adversaries’ junior and mid-career officers lack experience from the other Army branches and units, but they know the skills required in EW. In my view, it gives the potential adversaries’ an advantage in Electronic Warfare, compared to the US warrior-scholar that are shuttled around in a system of constant change of duty station, schools, and tasks.

The DOPMA “Defense Officer Personnel Management Act” has been discussed to undergo a significant revision, and it is essential to take into account the need for time and stability to gain craftmanship in EW, which is both technical and hands-on, which need officers to narrow down their specialization without career penalties or forced out of the force. The requirements for winning a war must prevail over a career flow chart driven by obsolete Taylorism and the belief that everyone is interchangeable. Not everyone is interchangeable, and uniquely talented leaders can ensure mission success through spectrum warfare. In the future fight, the EW units will have a far more active role and face constant targeting due to the EW units’ impact on the battlefield. This development requires leadership and decision-making by leaders who know EW craftmanship.

The Russian aggression in Ukraine is evidence that a more extensive ground war is possible. Our potential adversaries will learn and adapt their EW from the Russian Ukrainian war. Meanwhile, it is long overdue to accelerate the US investment in fielded and integrated EW. The current state of intermittent integration through formations and undersized EW capabilities compared to the battlefield needs has to change.

Every modern high-tech weapon system is a dud without access to the spectrum; that realization should be enough to address this issue.

Jan Kallberg

These opinions are my private viewpoints and do not reflect the position
of any employer. 

 

 

Artificial Intelligence (AI): The risk of over-reliance on quantifiable data

The rise of interest in artificial intelligence and machine learning has a flip side. It might not be so smart if we fail to design the methods correctly. A question out there — can we compress the reality into measurable numbers? Artificial Intelligence relies on what can be measured and quantified, risking an over-reliance on measurable knowledge.

The problem with many other technical problems is that it all ends with humans that design and assess according to their own perceived reality. The designers’ bias, perceived reality, weltanschauung, and outlook — everything goes into the design. The limitations are not on the machine side; the humans are far more limiting. Even if the machines learn from a point forward, it is still a human that stake out the starting point and the initial landscape.

Quantifiable data has historically served America well; it was a part of the American boom after World War II when America was one of the first countries that took a scientific look on how to improve, streamline and increase production utilizing fewer resources and manpower.

Numbers have also misled. Vietnam-era Secretary of Defense Robert McNamara used the numbers to tell how to win the Vietnam War, which clearly indicated how to reach a decisive military victory — according to the numbers.

In a post-Vietnam book titled “The War Managers,” retired Army general Donald Kinnard visualized the almost bizarre world of seeking to fight the war through quantification and statistics. Kinnard, who later taught at the National Defense University, surveyed fellow generals that had served in Vietnam about the actual support for these methods. These generals considered the concept of assessing the progress in the war by body counts as useless; only two percent of the surveyed generals saw any value in this practice.

Why were the Americans counting bodies? It is likely because it was quantifiable and measurable. It is a common error in research design to seek the variables that produce easily accessible quantifiable results, and McNamara was at that time almost obsessed with numbers and the predictive power of numbers. McNamara was not the only one.

In 1939, the Nazi-German foreign minister Ribbentrop, together with the German High Command, studied and measured the French and British war preparations and ability to mobilize. The Germans quantified assessment was that the Allies were unable to engage in a full-scale war on short notice and the Germans believed that the numbers were identical with the factual reality — the Allies would not go to war over Poland because they were not ready nor able. So Germany invaded Poland on the 1st of September 1939 and started WWII.

The quantifiable assessment was correct and lead to Dunkirk, but the grander assessment was off and underestimated the British and French will to take on the fight, which led to at least 50 million dead, half of Europe behind the Soviet Iron Curtain and the destruction of their own regime. Britain’s willingness to fight to the end, their ability to convince the U.S. to provide resources, and the subsequent events were never captured in the data. The German quantified assessment was a snapshot of the British and French war preparations in the summer of 1939 — nothing else.

Artificial intelligence depends upon the numbers we feed it. The potential failure is hidden in selecting, assessing, designing and extracting the numbers to feed artificial intelligence. The risk for grave errors in decision-making, escalation, and avoidable human suffering and destruction, is embedded in our future use of artificial intelligence if we do not pay attention to the data that feed the algorithms. The data collection and aggregation is the weakest link in the future of machine-supported decision-making.

Jan Kallberg, Ph.D.

Business leaders need to own cyber security

Consultants and IT staff often have more degrees of freedom than needed. Corporate cybersecurity requires a business leader to make the decisions, be personally invested, and lead the security work the same way as the business. The intent and guidance of the business leaders need to be visible. In reality, this is usually not the case. Business leaders rely on IT staff and security consultants to “protect us from cyberattacks.” The risk is obvious – IT staff and consultants are not running the business, lack complete understanding of the strategy and direction, and therefore are unable to prioritize the protection of the information assets.

Information security has a few foundational pieces. Information resources are classified according to their importance to the business, an acceptable level of risk is established for the company, and then security solutions are developed to mitigate risk down to an acceptable level. Parallel, these mitigation strategies are implemented with minimal disruption to the workflow and the business. The information security program ensures that information and functionality can be restored after an incident as part of the process.

These basic steps may sound like an elementary exercise – something that consultants can solve quickly – but the central question is risk appetite, the acceptance to take an understood risk, which can jeopardize the entire business if too high or too low. What is the wrong level of risk appetite? The business’ IT operations are prepared to take risks that the business management did not even dare to dream of or, conversely, the IT systems will slow down the business, stand in the way, and the failure to prioritize due to risk aversion. Risk, which is central to information security, can only be controlled by the business leader. IT staff and consultants can be advisors, produce information, and sketch solutions, but the decision is a business decision. What risk we are prepared to take cannot be an open issue and is left to arbitrary interpretation.

Just as the management has an influence and controls what is an acceptable risk when information security is structured, management is central when things go wrong. A business management team that is not involved in information security, and gains a conceptual understanding, will be too slow to act in a crisis. Cyberattacks and data failures occur daily. The financial market, customers, government authorities, and owners rightly expect these damages to be dealt with quickly and efficiently. Confusion when a major cyber crisis occurs, by attack or mistake, undermines confidence in the business at a very high rate. In a matter of hours, a trust that has taken decades to build can be wiped out. In the digital economy, trust is the same as revenue and long-term customer relationships. Business management that lacks an understanding of how cyber security is structured for their business, at a managerial level, has not made the intellectual journey of prioritizing and will not lead or have relevant influence in a crisis.

Managers have premium pay and are recruited because they have experience, insight, and character to navigate when a crisis hits and is challenging. If the business management cannot lead when the business is under major cyberattacks, then management has left it to the IT staff and consultants to lead the business.

In a smaller and medium-sized business, the need for committed business management is reinforced because the threat of long-term damage from a cyberattack is greater. A public company can absorb the damage, which smaller players often in niche industries cannot do in the same way.

If business management can engage in sustainability and the climate threat, as many do with both energy and interest, the step of engaging in vulnerability and the cyber threat should not be that far to go. The survival of the business will always be a business decision.

Jan Kallberg, Ph.D.