IT security for real


Imagine your country's economy can be switched off by another country. Further imagine that also much of private life can be switched off by another country. Let's say that other country has half the voters flirting with fascism. Would you feel that this is an existential threat to your country and its sovereignty?

Well, we're de facto living this nightmare already.

- - - - -

Every autoupdater for software is technically a backdoor through which the software company can change software on your computer.

Every operating system with an autoupdater function (hidden or overt) can take over the entire computer with ease, unstoppable by all security features. The same applies to server software.

Example: Microsoft could - compelled by the U.S. government or on its own - switch off the economy of Europe with malicious non-optional updates for the Windows operating system and the Windows server operating system. The latter could even erase most backup data. Operating systems can also permanently damage the computer hardware, turning a data loss into a catastrophic nationwide loss of computers.

I consider this an unacceptable vulnerability for government and economy, and very undesirable for the private sector.

To increase the robustness of a nation against such an attack is simple; move from trusted software to trustworthy software.

It would be easy to mandate that no federal government institution is permitted to purchase or install software that's not on a whitelist without a temporary waiver by a properly staffed and competent agency. The whitelisted software would all be certain open source software. Open source (source code visible to the public) alone is not good enough. You also need proper audits of the open source code, timely audits for patches, a regime how to handle extremely urgent hotfix patches and the audited and later not manipulated source code either has to be compiled directly or the installation-ready version has to be available from a secure and trustworthy source. For-profit software providers (this is feasible with open source software in some ways) would have to pay for the thorough security audits. This would incentivise them to create lean code (for cheaper audits), and lean code can more easily be kept safe than bloated code anyway.

This would effectively lead to offices running Linux and OpenOffice rather than MS Windows and MS Office. Both are available for free and would even save the government much money.

This IT security regime could diffuse to state governments and be extended (with enforcement) to selected businesses such as hospitals, infrastructure providers and arms industry. Further incentives to harden the economy against catastrophic IT sabotage could be non-mandatory and still effective, such as making companies liable in court for damages caused to others by their non-secure IT. This also includes liability for damages when you use outdated software commercially.

The multinational level (EU) can go even further, and force suppliers of software that runs on non-secure operating systems to offer a no higher-priced and no worse version of their software for a whitelisted operating system. This would help private users to migrate to secure operating systems and secure applications.

Likewise, hardware may be extremely insecure. It's very difficult (=expensive) to look into the logic of chips. Yet chips and other electronics components (which may include chips without seeming to do so) are a severe security hazard themselves. They may have non-removable functions that compromise security.

To increase the robustness of a nation against such an attack is simple; move from trusted hardware to trustworthy hardware.

This is less practical than with software, but at least critical government departments (including the military) and critical businesses (especially infrastructure providers) could move to whitelisted hardware, for which design plans are known and which has been produced in a trusted place (for Germany this would be Germany, for Luxembourg this would be most EU countries) based on those design plans. It's acceptable to lag behind in performance by a few years, most government computers do so anyway. The trusted production facility would thus not require the newest chip manufacturing technology. Again, a 100% implementation of such a security regime would be impossible. There would again be a need for an authority that can and does give temporary waivers, but not too liberally so.

- - - - -

Next, encryption should be mandated for many activities, and this encryption should be based on a preferably quantum-proof encryption developed without interference by government spy agencies and their helpers. I mean encryption without intentional weaknesses. Furthermore, certain particularly sensitive communication (and archives) should feature one-time-pad encryption, which simply cannot be broken if done right. To establish such encryption standards and to enforce them through outlawing products that are in violation (with sellers forced to reimburse buyers fully), through inspections and fines and through legal liabilities would be feasible on the nation-state level.

- - - - -

The EU's talk about digital sovereignty is largely bollocks. They do so very little about security issues (and in fact multiple governments in the EU keep weakening security in order to be able to spy more easily themselves) that I have but one conclusion; their real motivation is not "digital sovereignty" or IT security, it's to deny the rent-seeking American software companies dozens of billions of turnover and profits. It's more of a transatlantic economic policy wrestling than an IT security initiative.

The EU might achieve all it wants to achieve with its "digital sovereignty" stuff and in the end MS could still switch the European economy off, and not just for a few days or weeks.


No invisible hand of markets establishes satisfactory IT security. We would require decisive action by politicians, and this is very largely (the software & encryption facets) feasible on the national level.






A quick & dirty analysis of front-line combat in Ukraine

The Russo-Ukrainian War has long taken the shape of a trench war, with an apparently somewhat flexible defence by the Ukrainians wherever there's no calm sector or water obstacle forming the front line.
The most entrenchments appear to be in use in the East, but there's also an established (albeit occasionally moving) front-line North and Northwest of Kherson and in the North near Charkiw.
I'd like to write a bit about my interpretation of what's going on.
(1) Indirect fires are the main killers, likely exceeding 80% of casualty generation. This is not entirely new, we saw that during 18th century sieges, during First World War trench battles, in the Normandy battle and some late Eastern Front battles of the Second World War. American indirect fires and air attacks combined also reached this much effect during the last phase of the Korean War.
Ukrainians are short on munitions and resort to especially (maybe mostly) precision attacks (including with dumb munitions), while Russians appear to usually use area fires (or simply widely dispersing weapons). 
The bird's view by drones appears to be a most important method for spotting with Cold War-ish artillery radars and ground-bound forward observers seemingly being less important (though this may be an incorrect impression due to a bias in availability of videos for publication).

(2) What's the infantry's job in all this?
First, read my old text on repulsion, please: 
The lethality of small arms and all the tacticool whizzbang about them doesn't matter much. The Ukrainians might be able to hold their lines just as well with Soviet WW2 weapons (machineguns, bolt action rifles, submachineguns). The poorly motivated Russian infantry isn't able to overcome certain all-too human things like survivability instinct on the attack. Their armour fails as well, despite reports of how fearsome the automatic 30 mm fires by large quantities of BMP-2/-3 can be.
The Ukrainians' ability to establish and largely hold front-lines despite the extremely long length of the front appears to be rooted in the susceptibility of low morale Russians to relatively little firepower.
Attacks bog down easily under such circumstances. I've read many WW2 infantry battle reports where a single sniper or a single light machinegun nest was able to stall a platoon-sized infantry attack that did not benefit from support by armour or smoke. 
So if your infantry can establish sufficient repulsion effect on the cheap and is backed-up by fire support that can accurately hit the attackers while they're fixed behind cover or flat on a field then you can indeed maintain a long front-line with little force density and moderate casualties of your own.

Ukraine appears to have what it takes to stop the current flawed Russian ground forces at acceptable losses, but offensive success requires that they be able to mass up somewhat (line of sight combat strength AND support!) and find ways to make Russian defences crumble. That should be possible, but it would look much different from what was reported so far from the Kherson front where Ukrainian advances do not appear to have overwhelmed any major Russian forces.

P.S.: This is a good opportunity for a reminder that people who think they can overthrow a Western government with mere small arms and improvised explosives are idiots. Infantry without at the very least 60 mm mortars and anti-tank weapons cannot achieve anything of significance.


Battalion battlegroups and front-lines


Tanks had mixed success in the First World War, but they showed much promise and European armies and military theoreticians pondered during the 1920's how best to organise and employ tank forces. The epitome of this process was the Panzerdivision / armour division with hundreds of tanks and between 10,000 and 20,000 personnel. These divisions were successful when employed as a whole, but operational success required more than just one division; a whole corps of at least two fully motorised divisions.

Operations in WW2 also showed that these divisions were behemoths that were difficult to lead. German Panzerdivision commanders often reduced themselves to a leader of a much smaller vanguard, while their chief of staff somehow organised that the bulk of the division follows the vanguard.

The later much-reduced (nominally and by lack of replacements) Panzerdivisionen were much easier to use and the well-replenished American divisions employed regimental combat teams similar to modern-time brigades to overcome the excessive size of the division during operations.

Brigades became a NATO standard during the Cold War, in part based on German experiments in the late 50's. We still have many divisions, but it's widely understood that divisions are too clumsy for operational manoeuvre. In fact, sometime in the late Cold War or 90's even the brigade became regarded as too clumsy and the (mixed) battalion battlegroup became the key manoeuvre element, comprising usually only one tank company. Organisation for training was usually kept pure (whole battalion being tanks OR infantry OR artillery), and expected wartime structure  in non-desert terrain would be a mixed ad hoc battlegroup with one or two tank companies, one or two infantry companies, maybe an artillery battery or two and some more support (a total of about 1,000 men and about 100 vehicles). Some peacetime exercises and experiments even went farther and worked with mixed company-sized battlegroups.

There's just one problem with this trend towards smaller manoeuvre elements; It's well-understood from military history that you sometimes need about 50 tanks for a successful true tank-like offensive action. To disperse tanks in smaller packages largely reduces their repertoire against 1st or 2nd rate opposition to fire support guns for infantry; assault guns.

It is thus absolutely necessary for operational success to temporarily mass multiple battlegroups for a combined attack on one opposing forces element (such as a battalion or brigade) or simply for breakthrough against a defensive line.

The Russians appear to not try this any more. A possible explanation is that their (and our!) force structure is the problem: They cover a long front-line, and have mostly mechanised forces to do so. Operational art is in large part about forming and using reserves, but the Russians are stretched so thin that their forces for operational manoeuvre are actually pinned down as line troops along a long front-line: A task for infantry with artillery support, instead done by heavily mechanised forces that need to have their BMP IFVs and other armoured vehicles far forward with their few infantrymen. The AFV fleet suffers a slow yet steady attrition while being exposed like this, without achieving any operational breakthroughs or even exploitations.

It appears that this force structure is fundamentally flawed. The Russo-Ukrainian War shows that front-lines are in fact possible against Russian armed forces that perform at the lower boundary of what was previously thought possible. I myself did not expect this and wrote for years about how front-lines could not happen for lack of troops. Well, the Ukrainians simply mobilised enough troops, dug in and somehow this suffices against the thinly-spread Russian forces.

So let's summarise:

The operational impotence of the Russian land forces may be temporary and end when they free mechanised forces for operational reserves by either shortening the front-line or by introducing large quantities of artillery-backed infantry.

The land forces structures in NATO are unsuitable for the kind of stationary conflict we see in Ukraine, and their only hope of doing much better art of war-wise is to succeed in mobile warfare without front-lines.

Operational manoeuvre against combat-ready opposition is still only possible with local superiority, the historical rule of thumb regarding massing of tanks seems to still apply.






Infantry picket evacuation


This screenshot shows a random, yet fairly representative area in Eastern Ukraine. You can enlarge it by clicking.

The fields are large, typical of Eastern European industrialised agriculture (a legacy of Soviet-era land reform). The monoculture fields are separated by treelines / hedgerows. The red line measures a distance between two such treelines; about 1.5 km. It would typically be anything from about 500 m to about 2 km (diagonally more).

An obvious conclusion is that ATGMs absolutely don't need more than 2.5 km range unless you have a great vantage point (a roof) or a mast-mounted ATGM launcher and sensor. The line of sight is rarely if ever longer than that.
The defensive posture

Infantry can either dig in in those fields (the treelines would not hide large trench networks and their roots are an obstacle to digging) for fairly well-protected real and decoy positions or you could use a more stealthy approach and hide in the treelines with likely less (not necessarily no) cover.
Such positions should be manned enough for full surveillance of the area of responsibility day and night, for maintaining radio and/or cable comms, for accurately and competently calling for indirect fires, for accurate single shots at dispersed infantrymen, for high volume of fire against large groups of infantrymen and for deterring armour action with effective anti-armour weapons. The idea is that they should be able to fend off weak probing attacks and scouts and protect themselves against infiltration attacks. The defenders should not be strong enough to defend against powerful attacks, for this would require and thus expose too many men to artillery fires (too high attrition). The forwardmost line should be a picket line.
In short, such a 1.5 km treeline should be occupied by at one or two not unusually large infantry platoons. This assumes a defence-in-depth front-line, of course. A single fire team, LRS team, sniper team or AFV crew (with vehicle) might satisfy in mobile warfare.

The problem

So what would such platoons do when they come under pre-planned artillery and mortar fires? The textbook answer* for holding ground is to fall back to a secondary position during the fires, and to return to the original position before the enemy reaches it with tanks and/or infantry. The textbook answer for delaying actions is to fall back as well, and prepare to fight in the secondary position, rinse repeat. Variations are possible and likely, but it's fairly obvious that leaving a long-detected position in face of destructive fires is a smart, self-preserving move.

Yet how to do this? Infantry needs 10+ minutes for a 1.5 km cross-field run with equipment, more if the field has much vegetation. To run in the open exposes the infantry to spotting by aerial platforms that can see past the treelines.

The distance is too great to hide the moving infantry with smoke (and it takes too much munition to maintain smoke that blocks thermal cameras for long). The smoke might furthermore benefit an ongoing infantry & armour attack by the enemy and make it harder to get the timing for returning to the original treeline right.

Substantial entrenchments (cover, not necessarily fighting positions) every 200...300 m would help, but that would require much work for a long time, or expose much personnel to hostile artillery fires during construction.

Survivability could be enhanced by offering battlefield taxi service, such as by tracked armoured personnel carriers. The downside is that sending such vehicles into such a risky situation is materially unsustainable. Vehicle losses would occur frequently.
The APC would also need to hide fairly far forward (maybe 3 km back only, in range of even 120 mm mortars), which would expose it to detection, identification and finally to destruction by artillery, mortars or drones. So battlefield taxis sound like a solution for a brief conflict and for a long conflict with mass production of cheap and simple APCs only.
A solution?

It appears that those forward troops need some kind of motorisation, preferably some motor vehicles that can be hidden very well, might be parked in shallow dugout for fragmentation-protection and should keep moving when perforated a bit.
The conclusion is thus that maybe this 'line' infantry on picket or platoon strongpoint duty requires either very compact motorcycles or ATVs or something akin to the original Jeep (a small 4x4 vehicle).
None of this would cope well with any form of trench or wire fence, so enough routes would need to be prepared, with marked gaps in such non-military obstacles.

There are several models of compact 2x2 motorcycles with relatively little power, small diameter fat tires and modest top speed out there. The Rokon is the archetype. Their low weight and low weight would make them a good fit, but this is not a solution for having passengers in a stressful ride under fire. So this might at most suit very small teams, as you need one per man. These motorcycles should also not be considered a practical solution for self-deployment over long distances. Such motorcycles require no extra driving license (in Germany), the car driving license and a few training hours are enough (legally).
Next, let's consider ATVs. The image shows an untypical ATV, as it is tracked similar to snowmobiles and it's lightly armoured (though not much to the benefit of the users). Two men per vehicle seems optimistic, albeit possible. Again, routine self-deployability is limited to short distances (I'm thinking of less than 100 km, with this tracked one maybe less than 50 km). The vehicle is a lot harder to hide, certainly much harder to protect by giving it its own hull down dugout with ramp.
I understand that ATVs are popular with infantry, but I don't feel that this is the way to go for the tactical problem of this topic.

Finally, let's ignore modern ergonomics milspec standards and remember that numerous cars have shown that 3.5 to 3.75 m length suffice for four seats. That does not offer much comfort for tall men on the rear seats, but it's doable. A compact 4x4 vehicle of 3.75x1.6 m size could transport four men and the overall height could be as low as 1 m (with variable height suspension, when parked) while having enough ground clearance for offroad-driving.
A certain ATV/buggy and the M151 come close to this notional vehicle.
This is vastly more promising than the aforementioned 'fun vehicles' because the ratio between driver and total men onboard is radically better. This enables to hide the vehicles not in the front row, but in the 2nd or 3rd treeline/hedgerow. A driver could then provide a battletaxi service for three men from the front row. The self-deployability seems better, albeit preferably with no more than two men onboard.
A question remains: Who is crazy enough to drive an open vehicle towards artillery fires?

Maybe high tech helps solve the dilemma?

A solution might be to delete the battletaxi driver. This boosts the passenger capacity by one per vehicle anyway. A self-driving (or optionally remotely piloted vehicle with self-driving as backup capability) could be hidden in relative safety in 2nd or 3rd row, be called forward without risking a driver's life and then be used for moving 500 m...2 km where the men break contact and send the vehicles back where some other troops take care of them (hiding them again, updating their inertial navigation system and such). This does de facto preclude all two-wheeled vehicles, but ATVs, buggies and compact jeeps might work.
Such RPV/self-driving vehicles could also be used for casualty evacuation, for bringing supplies forward, for laying simple smoke walls (diesel fuel-evaporating smoke generator) and of course for routine exchange of crews between rear and forward positions. They might also be used to provide electric power as generators, to provide power for machinery to aid in preparing positions and more.
They would horribly extend any road march convoy with their low capacity per vehicle, though. An answer to that might be to transport them on logistic vehicles, which comes at a price, but also largely renders the self-deployability point moot.
Such unprotected or marginally protected vehicles would present less valuable targets than a real APC, would  be easier to hide (though also more numerous) and most importantly, they would be easier to replace. The latter is particularly true if one simply adapts existing civilian 4x4 cars by removing the roof and other parts.

Then again,
the Ukrainians appear to suffer less than 200 KIA per day while under intense Russian fires. That's actually a very low rate of attrition relative to the size of the country. Ukraine has millions of men fit for military service, maybe two million in a decent age for infantry. 70,000 KIA per year won't bleed it white. So how do they do it? Are Russian fires actually survivable in the trenches (that was not the sentiment in 1944)? Are the Russians using creeping barrages that can be evaded? Are the Russians incapable of hitting infantry slowly evading on foot? 
One thing is for sure; they suffer (relatively) tolerable attrition rates without any self-driving battletaxis.
I do suppose their forwardmost infantry might like having some, though.

*: A good historical study on this is here.