SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2010, Issue No. 62
August 2, 2010

Secrecy News Blog: http://www.fas.org/blog/secrecy/

AFGHANISTAN CASUALTIES, AND MORE FROM CRS

Sixty-six American troops died in Afghanistan in July, making it the deadliest month for U.S. forces in the Afghanistan War thus far, the Washington Post and others reported.

Casualties of the Afghanistan War have recently been tabulated by the Congressional Research Service, including statistics on American forces, of whom around 1100 have been killed, as well as allied forces, and Afghan civilians. Although the three week old CRS report does not include the very latest figures, it provides links to official and unofficial sources of casualty information that are regularly updated. See "Afghanistan Casualties: Military Forces and Civilians," July 12, 2010:

A number of other noteworthy new CRS reports that have not been made readily available to the public were obtained by Secrecy News, including these:

"Terrorist Material Support: An Overview of 18 U.S.C. 2339A and 2339B," July 19, 2010:

"Terrorist Material Support: A Sketch of 18 U.S.C. 2339A and 2339B," July 19, 2010:

"Veterans Medical Care: FY2011 Appropriations," July 27, 2010:

"U.S. Sanctions on Burma," July 16, 2010:

"U.S.-Australia Civilian Nuclear Cooperation: Issues for Congress," July 7, 2010:

Sen. John McCain inserted a nice tribute in the Congressional Record on April 28 to CRS analyst Christopher Bolkcom, our friend and former FAS colleague, who died last year. See "Remembering Christopher C. Bolkcom":


WEAKNESSES IN INDUSTRIAL CYBER SECURITY DESCRIBED

The vulnerabilities of critical energy infrastructure installations to potential cyber attack are normally treated as restricted information and are exempt from public disclosure. But a recent Department of Energy report was able to openly catalog and describe the typical vulnerabilities of energy infrastructure facilities because it did not reveal the particular locations where they were discovered.

"Although information found in individual... vulnerability assessment reports is protected from disclosure, the security of the nation's energy infrastructure as a whole can be improved by sharing information on common security problems," the DOE report said. "For this reason, vulnerability information was collected, analyzed, and organized to allow the most prevalent issues to be identified and mitigated by those responsible for individual systems without disclosing the identity of the associated... product."

The specific vulnerabilities that were found are no big surprise -- open ports, unsecure coding practices, and poor patch management. But by describing the issues in some detail, the new report may help to demystify the cyber security problem and to provide a common vocabulary for publicly addressing it. See "NSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses," Idaho National Laboratory, May 2010:


TOO MANY SECRETS, THE GREATEST MATH DISCOVERY, AND MORE

The Wikileaks publication of tens of thousands of classified U.S. military records last week is inevitably prompting a review of information security practices to identify remedial steps. I have been arguing that recent disclosures provide an occasion to rethink classification policy, and that "the reform that may be needed more urgently than any other is a careful reduction in the size of the secrecy system." See "Afghan Leaks: Is the U.S. Keeping Too Many Secrets?" by Alex Altman, Time, July 30:

The Department of Defense has updated its doctrine on "foreign internal defense," which refers to actions taken to support a foreign government's efforts to combat domestic subversion, insurgency or terrorism. See Joint Publication 3-22, "Foreign Internal Defense," July 12, 2010:

"The Army in Multinational Operations" is the subject of a newly updated U.S. Army Field Manual, FM 3-16, May 2010:

Michel de Montaigne (1533-1592), whose essays transformed Western consciousness and literature, was not capable of solving basic arithmetic problems. And most other people would not be able to do so either, if not for the invention of decimal notation by an unknown mathematician in India 1500 years ago. That is the contention of a neat little essay recently published by the Department of Energy (based in part on a book by Georges Ifrah). See "The Greatest Mathematical Discovery?" by David H. Bailey and Jonathan M. Borwein, May 12, 2010:

******************************

Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.

The Secrecy News blog is at:
      http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to:
      http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to [email protected]

Secrecy News is archived at:
      http://www.fas.org/sgp/news/secrecy/index.html

SUPPORT the FAS Project on Government Secrecy with a donation here:
      http://www.fas.org/member/donate_today.html