GEOG 479
Cyber-Geography in Geospatial Intelligence

Envisioning The Future(s)


Many still credit Engelbart only with technological innovations like the mouse, the outline processor, the electronic-mail system, or sometimes, the windowed user interface. These indeed are major innovations, and today they have become pervasive in the environments in which people work and play. But Douglas Engelbart never really gets credit for the larger contribution that he worked to create: an integrative and comprehensive framework that ties together the technological and social aspects of personal computing technology. Engelbart articulated a vision of the world in which these pervasive innovations are supposed to find their proper place. He and other innovators of this new technology defined its future on the basis of their own aspirations and ideologies. Those aspirations included nothing less than the development via the interface between computers and their users, of a new kind of person, one better equipped to deal with the increasing complexities of the modern world.

The Atlantic on the Inventor of the Mouse

Listen to the Experts

My former commander here in Germany was Admiral James Stavridis. He constantly pushed for openness and collaboration between the partner nations of NATO. As the NATO Supreme commander, he tried to imagine global security driven by collaboration - among agencies, government, the private sector, and the public. Transparency would be key, and it was his vision that bridges were the next century's construct for peace - walls just don't work, as has been proven time and again. In a July 2012 Ted Talk, Admiral Stavridis shared moments from recent military history to explain why security of the future should be built with bridges rather than walls. What could 21st-century security look like? He suggests that dialogue and openness will be the game-changers. After 37 years in the Navy, it is a talk well worth listening to (16:43).

James Stavridis: How NATO's Supreme Commander thinks about global security
Click here for transcript of the how NATO's supreme commander thinks about global security video.



JAMES STAVRIDIS: I'm going to talk a little bit about Open Source Security because we've got to get better at security in this 21st century. Let me start by saying, let's look back to the 20th century and kind of get a sense of how that style of security worked for us. 

This is Verdun, a battlefield in France, just north of the NATO headquarters in Belgium. At Verdun, in 1916, over a 300-day period, 700,000 people were killed. That's about 2,000 a day. If you roll it forward, 20th century security, into the Second World War, you see the battle of Stalingrad. 300 days, 2 million people killed. 

We go into the Cold War, and we continue to try and build walls. We go from the trench warfare of the First World War to the Maginot Line of the Second World War, and then we go into the Cold War-- the Iron Curtain, the Berlin Wall. Walls don't work. 

My thesis for us today is instead of building walls to create security, we need to build bridges. This is a famous bridge in Europe. It's in Bosnia-Herzegovina. It's the bridge over the Drina river, subject of a novel by Ivo Andric, and it talks about how in that very troubled part of Europe, in the Balkans, over time there's been enormous building of walls. More recently, in the last decade, we begin to see these communities start hesitatingly to come together. 

I would argue, again, open source security is about connecting the international, the inter agency, the private public, and latching it together with strategic communication, largely in social networks. So let me talk a little bit about why we need to do that because our global commons is under attack in a variety of ways, and none of the sources of threat to the global commons will be solved by building walls. 

Now, I'm a sailor, obviously. This is a ship, a liner clipping through the Indian Ocean. What's wrong with this picture? It's got concertina wire along the sides of it. That's to prevent pirates from attacking it. Piracy is a very active threat today around the world. This is in the Indian Ocean. Piracy is also very active in the Strait of Malacca. It's active in the Gulf of Guinea, and we see it in the Caribbean. It's a $10 billion a year discontinuity in the global transport system. 

Last year at this time, there were 20 vessels, 500 mariners held hostage. This is an attack on the global commons. We need to think about how to address it. 

Let's shift to a different kind of sea, the cyber sea. Here are photographs of two young men. They were probably here at TED a few years ago. 


At the moment, they're incarcerated-- 


--because they conducted a credit card fraud that netted them over $10 billion. This is part of cybercrime, which is a $2 trillion a year discontinuity in the global economy-- $2 trillion a year. That's just under the GDP of Great Britain. So this cyber sea, which we know endlessly is the fundamental piece of radical openness, is very much under threat as well. 

Another thing I worry about in the global commons is the threat posed by trafficking, by the movement of narcotics, opium-- here, coming out of Afghanistan through Europe over to the United States. We worry about cocaine coming from the Andean Ridge North. We worry about the movement of illegal weapons in trafficking. Above all, perhaps, we worry about human trafficking and the awful cost of it. Trafficking moves largely at sea but in other parts of the global commons. 

This is a photograph, and I wish I could tell you that this is a very high-tech piece of US Navy gear that we're using to stop the trafficking. The bad news is this is a semi-submersible run by drug cartels. It was built in the jungles of South America. We caught it with that low-tech raft, and it was carrying six tons of cocaine. Crew of four, sophisticated communication suite. This kind of trafficking in narcotics, in humans, in weapons, God forbid in weapons of mass destruction, is part of the threat to the global comments. 

And let's pull it together in Afghanistan today. This is a field of poppies in Afghanistan. 80% to 90% of the world's poppy opium and heroin comes out of Afghanistan. We also see there, of course, terrorism. This is where al-Qaeda is staged from. We also see a very strong insurgency embedded there. So this terrorism concern is also part of the global commons and what we must address. 

So here we are, 21st century. We know our 20th century tools are not going to work. What should we do? I would argue that we will not deliver security solely from the barrel of a gun. We will not deliver security solely from the barrel of a gun. We will need the application of military force. When we do it, we must do it well, and competently. 

But my thesis is, open source security is about international, inter-agency private-public connection pulled together by this idea of strategic communication on the internet. 

Let me give you a couple examples of how this works in a positive way. This is Afghanistan. These are Afghan soldiers. They are all holding books. You should say, that's odd. I thought I read that this demographic-- young men and women in their 20s and 30s-- is largely illiterate in Afghanistan. You would be correct. 85% cannot read when they enter the security forces of Afghanistan. Why? Because the Taliban withheld education during the period of time in which these men and women would have learned to read. 

So the question is, so why are they all standing there holding books? The answer is, we are teaching them to read in literacy courses by NATO in partnership with private sector entities, in partnership with development agencies. We have taught well over 200,000 Afghan security forces to read and write at a basic level. When you can read and write in Afghanistan, you will typically put a pen in your pocket. 

At the ceremonies, when these young men and women graduate, they take that pen with great pride and put it in their pocket. This is bringing together international-- there are 50 nations involved in this mission; inter-agency-- these development agencies; and private-public to take on this kind of security. Now, we are also teaching them combat skills, of course. But I would argue, open source security means connecting in ways that create longer-lasting security effect. 

Here's another example. This is a US Navy warship. It's called the Comfort. It has sister ship called the Mercy. They are hospital ships. This one, the Comfort, operates throughout the Caribbean and the coast of South America, conducting patient treatments. On a typical cruise, they'll do 400,000 patient treatments. 

It is crewed not strictly by military, but by a combination of humanitarian organizations-- Operation Hope, Project Smile. Other organizations send volunteers. Inter-agency physicians come out. They are all part of this. To give you one example of the impact this can have, this little boy-- eight years old-- walked with his mother two days to come to the eye clinic put on by the Comfort. When he was fitted over his extremely myopic eyes, he suddenly looked up and said, Mama, veo el mundo. Mom, I see the world. 

Multiply this by 400,000 patient treatments, this private-public collaboration with security forces, and you begin to see the power of creating security in a very different way. 

Here, you see baseball players. Can you pick out the two US army soldiers in this photograph? They are the two young men on either side of these young boys. This is part of a series of baseball clinics where we have explored collaboration between Major League Baseball, the Department of State, who sets up the diplomatic piece of this, military baseball players, who are real soldiers with real skills but participate in this mission. And they put on clinics throughout Latin America and the Caribbean, in Honduras, in Nicaragua, in all of the Central American and Caribbean nations where baseball is so popular. 

And it creates security. It shows role models to young men and women about fitness and about life that I would argue helped create security for us. 

Another aspect of this partnership is in disaster relief. This is a US Air Force helicopter participating after the tsunami in 2004, which killed 250,000 people. In each of these major disasters-- the tsunami in 2004, 250,000 dead; the Kashmiri earthquake in Pakistan, 2005, 85,000 dead; the Haitian earthquake, about 300,000 dead; more recently, the awful earthquake-tsunami combination which struck Japan and its nuclear industry. In all of these instances, we see partnerships between international actors, inter-agency, private-public working with security forces to respond to this kind of natural disaster. 

So these are examples of this idea of open source security. We tie it together increasingly by doing things like this. Now, you're looking at this thinking, ah, Admiral, these must be sea lanes of communication, or these might be fiberoptic cables. No, this is a graphic of the world according to Twitter. Purple are tweets. Green are geolocation. White is the synthesis. It's a perfect evocation of that great population survey-- the sixth largest nations in the world in descending order-- China, India, Facebook, the United States, Twitter, and Indonesia. 

Why do we want to get in these nets? Why do we want to be involved? We talked earlier about the Arab Spring and the power of all this. I'll give you another example, and it's how you move this message. I gave a talk like this in London a while back about this point. I said, as I say to all of you, I'm on Facebook. Friend me. Got a little-- got a little laugh from the audience. 

There was an article, which was run by AP on the wire, got picked up in two places in the world-- Finland and Indonesia. The headline was NATO Admiral Needs Friends. 


Thank you. Which I do. And the story was a catalyst, and the next morning, I had hundreds of Facebook friend requests from Indonesians and Finns, mostly saying, Admiral, we heard you need a friend. And oh, by the way, what is NATO? 


We laughed, but this is how we move the message. And moving that message is how we connect international, inter-agency, private-public, and these social nets to help create security. 

Now, let me hit a somber note. This is a photograph of a brave British soldier. He's in the Scots Guards. He's standing the watch in Helmand in southern Afghanistan. I put him here to remind us I would not want anyone to leave the room thinking that we do not need capable, competent militaries who can create real military effect. That is the core of who we are and what we do, and we do it to protect freedom, freedom of speech, all the things we treasure in our societies. 

But life is not in on and off switch. You don't have to have a military that is either in hard combat or is in the barracks. I would argue life is a rheostat. You have to dial it in. And as I think about how we create security in this 21st century, there will be times when we will apply hard power in true war and crisis. But there will be many instances, as we've talked about today, where our militaries can be part of creating 21st century security. International, inter-agency, private-public connected with competent communication. 

I would close by saying that we heard earlier today about Wikipedia. I use Wikipedia all the time to look up facts. And as all of you appreciate, Wikipedia is not created by 12 brilliant people locked in a room writing articles. Wikipedia, every day, is tens of thousands of people inputting information. And every, day millions of people withdrawing that information. 

It's a perfect image for the fundamental point that no one of us is as smart as all of us thinking together. No one person, no one alliance, no one nation, no one of us is as smart as all of us thinking together. 

The vision statement of Wikipedia is very simple-- a world in which every human being can freely share in the sum of all knowledge. My thesis for you is that by combining international, inter-agency, private-public strategic communication, together in this 21st century, we can create the sum of all security. Thank you. 

Credit: TED

The future is only now starting to take shape based on the new connective technologies and one other aspect – what some call the rise of “Big Data.” We have already discussed the transforming technologies that were installed on the African continent in the first decade of the 21st century. What we haven’t discussed up to this point is a 4th aspect (not saying there might not be others, i.e., O3B Inc's launch of 4 new satellites the week of 25June2013, dedicated to providing low cost Internet connectivity to underserved areas) that also contributed to such things as the Arab Spring.

As recently as 2000, most information stored on the planet (explicit knowledge) was stored in an analog form. In the May/June issue of Foreign Policy, one estimate places the amount of digitization of explicit knowledge in 2000 around 25%. Everything else was on paper, on tape, or in some other analog form. This has changed in the same decade as the connectivity has also changed. Today, the same authors, Kenneth Cukier and Viktor Mayer-Schoenberger, estimate that the amount of analog information represents less than 2% of the current total – recall this was the 75% of analog information in 2000. The vast majority of information – 98%, is now in a digital form, and, according to a recent study, over 90% of this digital data has been created in the last 2-3 years.

Sampling used to be the key to understanding the subtle information of behavior and science. A small “good” unbiased sample gave us insights into what was going on in a population without having either the time or the resources to measure a characteristic (a parameter) of the population. With the advent of “Big Data” some advocate that the sample is no longer as important for these data sets. While we may not get to “n=all” of a population, it is becoming evident that for some datasets, we are developing the tools to get closer. What does this mean? Messy data is ok, as long as we get enough of it. Answering “why” becomes harder to achieve even as “what” becomes easier. The authors in this same article refer to a phenomenon of humans to infer causation into data where there may not be any. In a sense, this is similar to the characteristic of apophenia – seeing patterns in nature where none may exist. Regardless, “Big Data” can allow us to see the “what” of what is happening even if we may not understand the “why,” and it also allows us the opportunity to examine the “where” as well. The “geo” piece enabled by earlier implementations of infrastructure in places where there was none previously is also an aspect of Big Data.

An example of the analysis possible is Dr. Ming-Hsiang Tsou’s work on Twitter data discussed earlier and is similar to research results released by Google in predicting the patterns of a flu pandemic cited by the same article above. Google was able to establish the patterns of the spread of flu in the US recently, based on analysis of people's search patterns on certain key phrases and words. Again, the advantage to this is the speed accomplished – hours by Google, as compared to 2 weeks based on current reporting methods by the CDC.

Technologists view technology as the key to this. Given that modern computers and the Internet are enablers by lowering the transaction costs (storage costs, processing costs, and information sharing costs), what has occurred is the ability of masses of information not previously captured in digital form to be digitized. Google is doing this with their augmented reality glasses – digitizing a random glance, and Twitter does the same by digitizing random thoughts and impressions. Implicit knowledge is being digitized as the explicit knowledge once was. Once the thoughts are digitized and shared, the implicit information is transformed, and new value can be gleaned from it – intelligence value from something not capturable in the past. The struggle to explain and understand speaks to the traditional intel analysts looking for the “why” in the data. For the time being, the IC may have to be satisfied with the “what.” Causation may have to take a back seat to correlation alone while events are unfolding. Knowing “what” is happening may have to be considered actionable without knowing the “why” it is happening. The “why” may have to wait until there is time to do a reflection on the events. This is the real struggle in the both the practice (tradecraft) and the explanations centered around what we refer to as the information flow through cyberspace. The old models and ways of thinking are not going to be enough. Why? Because what is being captured and digitized in many forms is implicit knowledge – how people think and what they see. Why they think what they do is a much larger question – but in the current state of digitization, at least the implicit ideas are being visualized dynamically, and there is a huge geolocation piece tied to this data. Governments and organizations that harness the new values created by Big Data (and a geo component is a huge piece to understanding it) will have an edge over those who cannot. An example of seeking causation for understanding can be thought of in McNamara’s fixation on body counts in Vietnam. The metric declared as, “if we kill enough of them, then we must be winning” implied a causation between the number of enemy killed and the desired outcome of the war. It proved to be a huge falsehood the US government bought into at the time and resulted in significant policy mistakes as a result.

Transparency in data in democratic societies is sort of a natural evolution from the passing of such laws as the Freedom of Information Act (FOIA). The presence of such transparency can be indicative of aspects of a society, whether brought about by governance in a democratic society or by connectivity in a less than democratic one. Transparency is transformative – we need look no further than the Mahgreb to understand this. The transparency enabled by the connectivity of technology unleashed the phenomena that brought down governments that had been in power for decades. Whether it leads to democratic governance as a result of the transformation is still in question - one look no further than the evolving situation in Egypt to be confronted with this fact. Connectivity alone may not be enough. That’s why the correlation analysis of such NGO datasets done earlier is important. That’s why the study and discussion of transformational technologies are important. That’s part of the real reason this course is important. Information cannot exist without a medium to support it, whether a stone tablet, a piece of paper, or a hard drive. That medium also has a location. Implicit knowledge now has such a medium that did not exist before, and is both enabled and possible because of the Internet. As stated earlier, this understanding can provide an edge, but it also helps to point out the vulnerabilities created by the connectivity.

The world is increasingly connected and is getting more so. Everything from bank accounts to medical records is available, to some degree, online for a connected society. All this information can exist provided there is a medium to support it, and all of that support is dependent upon a viable, sustainable, and reliable power grid. In a recent article in Scientific American , the U.S. military is studying scenarios for future conflict in Cyberspace. This war would be waged – at least partially – with computers, and the targets in the war would be a peer competitor's information infrastructure. The connected infrastructure creates opportunities for cyber-attacks with disastrous results for large urban areas.

As far back as the Clinton administration, various lists of Critical National Information Infrastructure (NII) (read PDD 63 for a better understanding) were compiled and examined for their criticality and vulnerability. The document lists the following as types of critical infrastructures to be protected:

  • Electric power
  • Telecommunications
  • Banking and finance
  • Petroleum and natural gas
  • Transportation
  • Food
  • Water
  • Emergency services
  • Space
  • Government

as pieces of the NII that would need to be defended. These systems do not stand alone but are interconnected in terms of power and information, shown in Figure 45; thus a failure in one system may cause disruption of services or failures in another system. The latest report from the Council on Foreign Relations estimates that "the “Internet of things”—cars, ovens, office copiers, electrical grids, medical implants, and other Internet-connected machines that collect data and communicate—could result in thirty-one billion devices connected to the Internet in 2020." (The August 2013 Scientific American actually refers to an "Internet of Everything" - to me this speaks to a lack of geospatial awareness - we need to think of the web as the Internet of "Everywhere").

The full CFR report can be downloaded: "Defending an Open, Global, Secure, and Resilient Internet". The CFR Task Force found that improved cyber defense and greater resiliency are necessary - but not sufficient by themselves. "Offensive capabilities are required to deter attacks, and, if deterrence fails, to impose costs on the attackers." It recommends the United States launch an "interagency economic counterespionage program that will help prevent foreign services and corporate competitors from stealing secrets from U.S. industry." One aspect of deterrence as a strategy left over from the Cold War is that deterrence is not possible without talking about a second strike capability. According to the "Second Strike" entry on Wikipedia:

"The possession of second-strike capabilities counters a first-strike nuclear threat and can support a no first use ....strategy. Reciprocal second-strike capabilities usually cause a mutual assured destruction defence strategy, though one side may have a lower level minimal deterrence response."

Many questions are on the table for this domain, for example, "What constitutes a second strike capability in Cyberspace?" The answers, assuming they have been defined, remain classified. It has even been argued by Martin Libicki that, "because cyberspace is so different a medium, the concepts of deterrence and war may simply lack the logical foundations that they have in the nuclear and conventional realms."

A Conceptual Illustration of the Interconnectedness of Elements Contained Within Each Critical Infrastructure
Figure 45. A Conceptual Illustration of the Interconnectedness of Elements Contained Within Each Critical Infrastructure. Some connections are not shown. This diagram models the interconnectedness of various domains of the US economy. This is a network defined by infrastructure located in real space in real places.
Credit: Diagram provided courtesy of Sandia National Laboratory.

In the 2 January 2013, Wall Street Journal it was reported that attacks on critical U.S. energy infrastructure are occurring more frequently than realized earlier. DHS’ cyber response team issued a report that thousands of SCADA systems used in the energy infrastructure are linked to the Web and as a result are vulnerable. (Figure 46). Hundreds of attacks were reported to DHS’ Industrial Control Systems Cyber Emergency Response Team (CERT) in 2012, over 40% of which were in the energy sector. The team “has been tracking threats and responding to intrusions into infrastructure such as oil and natural gas pipelines and electric power organizations at an alarming rate.” (The full CERT report can be downloaded).

A map of the United States showing approximately 7200 Internet facing SCADA based control devices
Figure 46. Approximately 7200 Internet facing SCADA based control devices in the US.
Credit: Image courtesy of Department of Homeland Security.