I was very
surprised to learn from a news feed this morning that the Ministry for Hybrid
Warfare of the Russian Federation has awarded me the ironically-named
International Medal of Freedom. Since I hadn’t heard of this, I looked it up
online. It seems that this coveted award is bestowed annually on the foreign
national who has done the most to advance the interests of Russia in his or her
own country.
I was very
puzzled by this news, since I certainly don’t think it can be said that I’ve
provided any aid or comfort to Russia in my blog posts, especially recently.
I was still wondering about this when I received a Skype call from a Russian
reporter that I’d met at this year’s RSA Conference a few weeks ago. Of course,
when he called me it was the later afternoon in Russia.
“I guess you
heard the news?”
I did. What do you know about this?
“I was as
surprised as you are when I heard it this morning. Fortunately, I have a very good
friend who occupies a fairly high position in this Ministry. I called him about
this. He said he did know the story behind this, but he wanted me to come in to
talk to him, since he didn’t want to discuss this on the phone. I didn’t have
other commitments this morning, so I drove in to talk with him.”
What did he say?
“First let
me set the scene. Even though he’s been a friend since high school, I’ve never
actually been in his office. I was very impressed – wood panels, high windows.
He’s obviously somebody important there. What I found especially striking was
the quotation from Nikita Khrushchev in gold lettering behind his desk: ‘We will bury you.’ I
asked him why this quote from the height of the Cold War was still there. He
answered that he’d regularly asked for the money to have it removed, but he was
always turned down. Given how important he obviously is, I found this a little
suspicious.”
Whatever.
“Then I got
right to the point. I said to him, ‘I know you probably had never heard of Tom
Alrich before today; it was probably some low-level guy who suggested him for
the award. I actually met him in San Francisco just a few weeks ago, and I can
certainly say he’s very nice. But he’s written a number of blog posts that have
been very critical of our recent – ahem! – activities with respect to the US
power grid. In fact, he’s been calling repeatedly of late for an investigation
of the report in the 2019
Worldwide Threat Assessment, which implied that we’d actually penetrated
control centers or substations of multiple electric utilities in the US, and
had planted malware so that we could cause outages. Now, I know you’re going to
deny this is true, since it’s never been officially acknowledged here, but…’
“At this
point, I looked up at him, expecting him to be angry that I hadn’t taken the
official line that the reports of Russians attacking the US grid were fantasy.
Instead he said ‘Don’t worry, I know exactly who Tom Alrich is. I as well as a
lot of my people have been reading his blog on
certain occasions with great interest, even when he’s not talking about
Russia. In fact, giving him the medal was my idea!’”
“Of course,
now I was speechless. I almost blurted out ‘You know, I always thought you were
smart. But giving a medal to someone who is doing everything he can to thwart
what we’re doing with the US power grid is just about the stupidest thing I’ve
ever heard. Have you been to the doctor lately?’”
“Fortunately,
I didn’t have to say this, since he continued ‘I know this may seem strange to
you. But consider: Has he been at all successful in his campaign to get an
investigation?’ I admitted that he hadn’t, but I blurted out that this still
isn’t a reason to give him a (Russian expletive) medal.
“He went on,
‘I first heard about him last summer when he started writing about us, the day the big article appeared in
the Wall Street Journal. This was a
report on the first of four briefings that the Department of Homeland Security
scheduled in late July. That article quoted DHS people at the briefing as
saying that ‘Russian hackers’ had penetrated control networks at utilities, and
had most likely planted malware that could cause outages (this story was
immediately widely reported, of course).
I’ll admit
that at the time I told others he was just an excitable fellow, and he wasn’t
really a danger to us. After all, in that first post he asked a few pointed
questions that implied the DHS people didn’t know what they were talking about.
And when DHS issued a story two days after the briefing that just about
completely discounted what had been said at the first briefing, Mr. Alrich
expressed amazement
that DHS could have been so wrong at first. But he clearly believed the walk
back by DHS, not the briefings themselves. After that, people congratulated me
that I had been right about his not being a danger, and I and my department
pretty much forgot about him.
“But in
January, the Wall Street Journal came
out with another article
– this one the product of its own research, not just repeating what was in a
briefing – that provided a lot more detail about our campaign, including the
statement by Vikram Thakur of Symantec that at least eight utilities had been
penetrated at the control system level, and malware might have been planted.
And shortly after that, the Worldwide Threat Assessment came out.
“At this
point, Mr. Alrich completely changed his tune and – while he still indicated
skepticism about the reports, he said an investigation
was needed, and he started a one-man campaign for this (which he continues
today). He made the point that a lot of experts had flown from the US to the
Ukraine to investigate after our successful attacks there (both the 2015 and
2016 attacks), and had produced some very good papers on them. Plus DHS had
held multiple briefings for the utilities, both classified and unclassified –
so that they could be on the lookout for similar attacks. He started asking very
loudly why so much had been done when the Ukraine was attacked, whereas when
the FBI and CIA reported that the US
was subjected to attacks that might be far more damaging, nobody felt motivated
enough to look into why they said this – even though the general consensus in
the utility industry was that those agencies must have been wrong.’
“At this
point, I was really exasperated and got sarcastic. ‘So you decided the right
way to neutralize Mr. Alrich as a threat was to give him a medal!? Whatever happened to the Skripal
solution?’ Of course, I really like you so I certainly don’t want what happened
to Skripal to happen to you, but I assumed the office was bugged and I began to
think this was some sort of test of my loyalty. And you probably know that Russian journalists who show insufficient loyalty to President Putin sometimes die of acute lead poisoning, if not some other type of poisoning.”
Don’t worry, I’m sure you wouldn’t seriously
advocate the Skripal solution for me. And even if you did, given how badly the Russians
botched that one, I wouldn’t be too concerned about it.
“You’re
right about that! We really blew it. At this point, my friend picked up his
story. He said ‘Believe me, I started to advocate for something like Skripal to
be applied to Mr. Alrich. But then I decided to talk to a deeply embedded asset
we have in the US, who is really on top of all this electric utility stuff. I
told him we were considering taking action to neutralize Mr. Alrich, and he
laughed. He asked if I was crazy, and he said we should give Mr. Alrich a
medal, not try to kill him.
“Now I was
really confused, and I asked if he was joking with me. He said ‘Certainly not.
The best thing you can do for yourself is let Mr. Alrich continue his campaign
for an investigation. In fact, you should do everything you can to encourage
him in it – maybe get some of our friends in the US government to egg him on,
whatever. And do you know why I say this? It’s because that guy has been going
on crusades for years - complaining about wording problems in CIP version 5 and
trying to get them fixed, trying to get NERC to postpone the CIP v5 compliance
date, trying to get all of the current CIP standards rewritten in a risk-based
format, and on and on.
“Yet guess
how much success he’s had? Zero. People read him, but nobody in a position to
make anything happen ever agrees with him. In fact, what makes him really valuable to you is that, because
he complains so much, I think the people in power deliberately don’t do what
he’s demanding. So the best thing that ever happened to our attacks on the US
power grid was when Tom Alrich started calling for an investigation. That
probably guaranteed they’ll never be seriously investigated!’
“At this
point, our asset in the US stopped talking, to let this sink in with me. I thought
a bit, then asked him if he’d heard the phrase ‘useful idiot’. He said he
had indeed, and that while it was often attributed to Lenin it was actually
much older. I said ‘Well, it seems like Mr. Alrich may be our useful idiot. I
absolutely agree we should give him a medal, not kill him. I’ll get that done
right away.’’’
“And now you
know why they gave you that medal. I have to admit I was in awe at the subtlety
of this reasoning; and I was also very relieved that they’d rejected the idea
of killing you – which means, by the way, that you shouldn’t hesitate to come
here to St. Petersburg to accept the award. By the way, have you ever been to
Russia?”
I haven’t, although I’ve always wanted to
visit St. Petersburg. I’ve read a lot about the Bolshevik revolution and I’ve
always wanted to see the Hermitage. However, I
saw that the ceremony is during the next NERC CIPC meeting and I very much want
to attend that because of the CIP-013 discussions beforehand – so I’ll have to
decline.
“Too bad, I
would have given you a personal tour of the Hermitage. I spend most of my
Sundays there! Well, at least you now know why you got the medal.”
I thanked my
friend for his invitation and said I’d hope to come another time. But I
probably won’t, for fear there will be a change of heart at the Ministry, and
they’ll go back to planning the Skripal solution for me. I’m safer here in the
USA!
Plus I can’t
say I really appreciate being called a useful idiot. I’ve been called an idiot
many times before, but useful???
Any opinions expressed in this blog post are strictly mine
and are not necessarily shared by any of the clients of Tom Alrich LLC.
If you would like to comment on what you have read here, I
would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that
if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or
challenges like what is discussed in this post – especially on compliance with
CIP-013. To discuss this, you can email me at the same address.
No comments:
Post a Comment