Friday, 31 October 2014

The upsides and downsides of low oil prices

Low oil prices should be positive for the New Zealand economy, but a number of downsides can also be expected, say analysts.

Oil prices rose slightly in the final week of October nudging $87 per barrel on the Brent crude index (WTI $82). This follows a precipitous drop over the past month where benchmark crude reached a price not seen since November 2010.

Since June this year, Brent crude oil has lost 20% of its value with most indicators suggesting the price could continue to slip. Goldman Sachs released a forecast early this week predicting US benchmark crude prices could dip to $70 in the first quarter of 2015.

Compounding factors ranging from decreasing demand in Asian markets and a stuttering recovery in Europe, to a marked increase in supply from OPEC countries and the American shale-oil boom are all contributing to an oil price slump.

That’s good news for many of the world’s struggling economies still trying to claw back from poor economic growth. It’s also healthy for companies desperate to increase tight revenue margins strangled by high energy prices over the last six years.

But with positive effects come the inevitable negative downstream effects in many economies, including New Zealand’s.

For instance, Russia has pegged its 2014/15 budget on an assumed $US116 per barrel price. If the price remains below $90 it is estimated that Russia will lose 1.2% of its GDP over the next year.

Saudi Arabian oil producers have said they can weather the downswing even if the crude price hovers around an $80 mark. But even they will have to rethink their long term strategy as the United States is predicted to produce more oil soon than even the stalwart Middle Eastern giant.

Auckland University head of energy economics Professor Basil Sharp says New Zealand imports about 6 billion tonnes of oil each year and exports close to 1.5 billion tonnes. That’s a 4.5 billion tonne shortfall, so the lower prices should help to marginally close this gap.

“Whether that helps our greenhouse gas emissions in another matter, because even though demand for fuels in New Zealand is inelastic, we might expect some response in terms of increased consumption as a result in the fall of oil prices.

“If low oil prices do translate into lower prices at the pump, from the point of view of the economy it’s probably a positive thing,” he says.

Professor Sharp says the industries likely to benefit the most will be transport intensive like the dairy or logging industries. It all depends on whether those savings are going to be fed widely through the industry.

“If there’s concentration in the marketplace it could be quite easy for a supplier to hold on to the increased revenues as a result of the lower oil prices.  So it depends on the competitive nature of our industry.”

Hayes Gold Fund chief investment officer Craig Robins says countries importing oil and most businesses will benefit in the shorter term from lower oil prices due to lower costs, better margins and lower inflation.

“Lower oil prices imply lower costs and inflation for consumers. This is great for most consumers, businesses and governments, however the reasons behind the falling oil price may signal a global economic slowdown that could negatively impact us all,” Mr Robins says.

If there is a surplus of oil it is probably best explained by the increased US shale oil availability which is bringing the US closer to self-sufficiency in fossil fuel energy.

“Of concern to US shale oil producers will be a continuation of weak oil prices. Shale oil is expensive to produce and requires oil prices of between $US80-90 to break even.

“Lower oil prices could remove marginal shale producers from the supply chain, slowing US economic growth and lead to higher oil prices longer term.” He says.

So the low oil price isn’t entirely bursting with good news. The downsides are to be found in market incentives. For example, during the steep rise in oil price in the mid-2000s, private transport owners cut back on driving hours, but only at the margins.

Most people simply rode the high price out and kept driving. The price of oil hasn’t risen high enough for most vehicle owners to constrict their driving schedules outright.

A drop in oil prices will, says Professor Sharp, encourage drivers to perhaps act a bit more liberally in their schedule. But even that’s not completely a good thing either.

“It will mean increased carbon emissions. Whether or not you agree with the connection of greenhouse gas and climate change, that’s really another matter.

“This is all linked to public transport as well. If private transport is cheaper then it could have a negative impact on the trend towards public transport,” he says.

Another, perhaps more worrying, downside is whether low oil prices will impact the government’s programme of encouraging development in New Zealand’s exclusive economic zone.

“It could create some uncertainty in the eyes of investors and the viability of offshore oil drilling developments. That could push the plans back onto the shelf, so to speak.

“It might be that one of the large developers just doesn’t find it profitable at $80 a barrel to start drilling in New Zealand waters,” Professor Sharp says.

Neither Mr Robins nor Professor Sharp predict the oil price will rise back to recovery-crippling heights within at least the next three months unless an international conflict turns off the tap in OPEC countries.

Wednesday, 29 October 2014

Gauging global jihadism and NZ’s response

On the outskirts of the northern Syrian town of Kobani hundreds of experienced Islamic State (IS) militants were vaporised by airstrikes last week. Despite showing astonishing temerity and solid small unit tactics in prior months, the jihadist group could not easily break the Kurdish city.

In New Zealand, Prime Minister John Key is giving speeches and interviews suggesting his government could contribute to the coalition campaign against IS. He has promised to make a decision “soon”. But killing the jihadists will not be the best use of our resources and skills.

IS besieged Kobani for more than two weeks and coalition airstrikes were decisive in holding them back. Should IS take the city, it will the worst Pyrrhic victory the group has experienced so far. But IS was likely never a long term threat anyway.
The routing of Iraqi troops earlier this year and insurgency in Iraq and Syria spooked the world by portraying IS as stronger than it really was. Its mistake at Kobani was switching from effective mobile small unit tactics to difficult fixed position siege tactics without the necessary skills to do so.

In the past, IS fighters emerged from engagements relatively unscathed because whenever they encountered an entrenched foe they bypassed the position preferring weaker defences instead. This created an illusion of a quickly spreading jihadist plague across Iraq and Syria. Kobani proves the group is far weaker than conventional wisdom indicated.

Over the past few weeks, the group’s strength has been severely degraded. In committing so many fighters to securing Kobani the group lost territory, irreplaceable people, equipment and more importantly it lost a crucial propaganda victory. Taking a step back, what’s going on with IS reflects weakness of jihadism in general.

As with al Qaeda Prime before them (AQP - Osama bin Laden’s group), IS suffers from the same structural flaw of being a jihadist group in a world which is inexorably turning against that ideology.

While horrific terrorist attacks makes it look like the jihadist ideology is gaining traction, the size of that threat is overwrought. Sure, the United Kingdom’s intelligence service say five Britons join these groups each week and even a few New Zealanders have travelled there. But while some may return home with new skills and stories, they are not the skills needed to be a major threat.

This is because the advanced terrorist skills required to conduct sophisticated high-profile terror attacks are starkly different from combat skills. Precious few fighters in Syria will learn those skills. This puts the jihadist movement in a lot of trouble.

The United States and its allies, enduring years of terror attacks elevated terrorism to a first tier national security priority. A good chunk of US military and intelligence spending now directly supports counterterrorism.

As the coalition airstrikes show, one of the West’s strongest counters is fighting jihadist groups wherever they appear. And the decade-long campaign of US-led unmanned aerial vehicle (UAV) strikes against top jihadist operatives has been an extremely effective programme to achieve short term international security.

Capturing jihadists might seem to be the best choice, but we’ve implicitly decided that Guantanamo Bay-like prisons are worse than targeted airstrikes. The preference for military commanders was to capture the jihadists (for intelligence purposes) but we’ve said we don’t want that. Instead the leadership of every jihadist group has been operationally broken using UAVs.

There hasn’t been another 9/11-type attack because being a jihadist commander is now the most dangerous job on the planet. It’s extremely important to maintain this pressure.

Some say UAV strikes lead to the recruitment of more jihadists. But there are differences between incompetent jihadists dying for the cause and exceptional individuals formulating complex plots against transnational targets. UAV strikes generally target the latter.

These people are extremely difficult to replace, so every well-placed missile really does save innocent lives down the track. The Islamic State leadership is now under finely-tuned pressure from a system built to kill or capture people exactly like them.

In response, jihadists have resorted to a last-ditch effort to reach out to aspiring young men to conduct simple attacks in their own countries. This is a sign of the ideology’s weakness, not its strength. If the leaders could perpetrate another 9/11, they would. Some young men have attempted terror attacks on their own, but not enough to reverse the degradation of jihadism.

In reality, these groups are not like the Soviet Union or Nazi Germany. It’s time we realised that jihadism - while frightening - is not an existential threat. Of course, terrorism is an unfortunate part of modern life but it no longer needs the single-minded concentration and monopoly of resources that it has secured over the past decade.

By the time John Key decides whether to join the international coalition to fight IS, the group will be significantly degraded. The jihadists won’t “rampage across the earth” as he said over the weekend.

Mr Key should be looking further ahead than playing whack-a-mole with jihadists all over the world. The developed world is extremely adept at dealing with jihadists as they appear. But the real problem is dealing with the production rate of such people before they get to the perimeter wire. Unfortunately we’re not so good at that.

New Zealand has a real opportunity with the UN Security Council to avoid the easy route of killing jihadists. Instead, Mr Key should focus New Zealand’s attention on mending the aftermath of Iraq and Syria because those two countries are not coming back. They are painfully shifting to reflect their true ethnic, religious and tribal identities and that will need wise coordination.

Mr Key should lead New Zealand to mediate the inevitable negotiations among the various players in those countries. New Zealand’s skills in understanding tribal peoples will be extremely useful in the region over the next few decades. If New Zealand truly believes in international security, it should look past the symptoms of unrest and towards the cause by sitting down and listening to people.

Wednesday, 22 October 2014

China/US war? Doesn't have to happen

A wide-angle lens shows the 21st Century already turning into one of the safest periods for humans than almost any time in antiquity. Yet the headlines still seem to say otherwise. A creeping Ebola virus, whack-a-mole Jihadists, revanchist Russians, nuclear-bent Persians, fiscally imprudent Europeans and combustible Central Africa. It’s been a wild year indeed.

But is China going to be one of the world’s dangers? Is the much-discussed US/China conflict actually going to happen? The answer can only be: probably not, but it’ll require finesse from both parties to avoid.

Travelling down the motorway of bilateral foreign policy, a cool reading of international relations suggests that almost all the offramps towards a US/China peace are ahead of us, and not behind us. That’s a very good thing for future security.

But those offramps demand focused concentration. The economic path that China is tiptoeing is essentially do or die. Asia watchers, including Chinese political elite, worry just as much about Chinese failure as Chinese success.

The dominating theme for China’s foreseeable future is a gradual development towards a new economic model that best fits its evolving demographics and economics.

One issue is that the country’s demographic pyramid has inverted and despite deep treasury pockets the social safety net to deal with a rapidly aging population is inadequate. Put it this way: you think Kiwisaver will struggle? Well…

China’s horrific environmental problems also stagger belief. Some estimates put the cost of China’s pollution at 11% of its GDP per year. Needless to say, the central government is looking very closely at this issue.

No one thinks this shift won’t be painful for a good chunk of middle-class and even elite Chinese. A lot of deeply vested interests run a very real risk of disappearing entirely if the transition to a domestic consumer model isn’t gently managed by the central government.

In the big picture, the international system is working on the question of how to accommodate a powerful new nation-state. Yet the real question for China is: what is the legitimacy of Communist Party (CCP) rule? The answer will tell us where we’re going.

It’s painfully clear that it is not Marxism. It’s not Lenin either, and it’s not even Mao. Their legitimacy might come from Confucianism, which has upheld the CCP as trained scholars who are intellectually and morally superior. But anyone with even a passing knowledge of the Chinese blogosphere knows the Confucian pillar is dust. The CCP’s insidious corruption has wiped it all away.

It used to be the economy. CCP rule has depended on the promise of 10% GDP growth per year. Unfortunately almost everyone knows Beijing’s reported GDP figures probably weren’t ever accurate. Whether they were or not, the Chinese economic rocket is losing thrust and won’t maintain its steep trajectory.

So if it’s not Marx or Confucius, and it can’t be the economy for ever, then where are CCP elites turning? Worryingly, the answer for legitimacy is being increasingly found in nationalism.

As China changes direction, the central government is using regional tension to distract attention from a slowing economy by piling on nationalistic fervour. Nationalism has its merits, but it also has its pitfalls. The key for Chinese elites will be how it’s all managed because history is a cruel mistress.

Graham Allison of Harvard University studies how status quo powers (like the United States) accommodate up-and-coming emerging powers (like China). History, Mr Allison says, counts about 24 instances of this dangerous dynamic dating all the way back to Sparta and Athens.

He discovered that the mechanism by which the world reaches the new equilibrium between an emerging and a status quo power is commonly referred to as: global war. This mechanism held in two out of three historical cases. The ‘globe’ being defined by that era’s field of view.

So the China question deserves close attention. Think back to the 20th Century to get an idea of what Mr Allison is talking about. The underlying thread of that century is largely defined as the story of Germany coming to grips with being a powerful new nation-state. That process wasn’t managed so well. Hopefully we’ve learned some lessons since then.

Although this accommodation of China doesn’t have to heat up, it’s all being complicated by the nationalistic path China appears to have decided on taking. A further complication is that the Chinese don’t view themselves as an emerging power. To them this whole experiment is about restoration.

That particular worldview greatly concerns China’s neighbours. Most Asia Pacific countries would consider themselves United States allies, which now aims, through its “Asia Pivot” strategy, to turn the Pacific Ocean into an American lake. Sure, that paints the strategy a little too cartoonish, but the direction coming from Washington D.C. isn’t very far off that.

This means that any territorial argument the Chinese might have with, say, the Japanese ultimately ends with the carrier groups of the US Seventh Fleet. No one - on any side - wishes to bring aggressive economic competition to a point where the world’s three strongest navies begin to exchange fire. Everyone loses here. We’ve seen it happen a few dozen times before.

Despite its nationalistic brinksmanship, China is not presently an enemy of the United States. In fact, there aren’t any good reasons for China to ever be an enemy of the United States.

The two nations fiercely compete economically and technologically - the latter being a particular bugbear of US cyber security agencies. And competition is intertwining the nations together more symbiotically than any two superpowers perhaps have ever been. Considering the stakes, it’s a good sign that a little thing like trade will probably keep the two behemoths from colliding.

Thankfully, most foreign policy signals predict the emergence of China should occupy a spot in Mr Allison’s peaceful one-third of history’s two-dozen emerging power processes. The international system really can’t afford for China’s accommodation procedure to fall into the other, more violent, two-thirds.

Almost all the offramps remain in sight and both China and the US have a wide range of rational, non-heroic policy choices available to keep their relationship competitive. At times this dynamic could become confrontational, that’s to be expected. But conflictual? It doesn’t have to happen.

Tuesday, 21 October 2014

Talks begin as Hong Kong protests lose steam

Talks between Hong Kong protestors and government officials are scheduled to begin today as momentum slows for the pro-democracy groups.

The discussions between the government in Hong Kong and student protest groups will be broadcast live. However, no representative from the Chinese Central Government will reportedly be present at the talks.

Despite calls from student groups for the Hong Kong chief executive Leung Chun-ying to step down and for the city-state’s elections set for 2017 to be more democratic, the protestors rely on the inclusion of Beijing in the talks to effect any lasting impact.
If no representative from Beijing attends the talks, it will effectively put a bow on the protests as they wind down due to lack of popular support and a refusal from the Hong Kong and central Chinese governments to compromise with student demands.

New Zealand Asia Institute research fellow Xin Chen says even if the negotiations make some progress, it’s not clear whether all the competing voices of the Hong Kong student protest groups will agree with the outcome.

“If the demonstrators continue to insist on the Hong Kong CEO resigning, or that the central government must agree to this or that demand, it will be very difficult to reach an agreement,” Ms Chen says.

Loss of momentum

A wider sense of pessimism about the Occupy Central movement is growing across the city-state. After minor clashes between demonstrators and police over the weekend, many local businesses and large corporates now prefer the barricades and students to be cleared from the streets.

University of Auckland China expert Stephen Noakes isn’t certain the movement ever really had broad support from the Hong Kong populace at all.

“Early on, it appeared to be a noisy minority which was able to garner some sympathy. But folks have had their patience run out with the protests.

“Once I saw on social media last week that a lot of the occupied areas were clearing out, my assumption at that point was that as a news item, the story was over. That’s obviously turned out not to be quite true. I’m surprised the story has stayed alive as long as it has,” Mr Noakes says.

The core issue for the protestors was likely never strictly about democracy and the 2017 elections.

Hong Kong is a dynamic city with many similar social issues affecting large groups of people anywhere on earth. Democracy concerns stirred the current protest fire, but significant economic inequalities also worry many students and citizens.

Ms Chen says Hong Kongers feel they haven’t had access to the same level of economic improvement since the city-state reverted back to Chinese control in 1997.

“Whether there’s democracy or not, both Hong Kong and the central government will have to deal with this inequality otherwise the problems will continue,” she says.

Mr Noakes also think the inequalities in Hong Kong need attention from Beijing.
“I think [these protests] are a very convenient vehicle for people to get out in the street demonstrating against other things. Hong Kong is a much less materially equal place than people might think. It’s not all glittering high-rises.

“The role of the movement and the motivations of the protest figures are still unclear. It doesn’t seem to be about Occupy Central any more but the protestors, and that could mean a lot of different things,” he says.

Beijing watching the unrest closely

From Beijing’s perspective, the protests in Hong Kong don’t appear to have spilled over into mainland China – which the central government would have been monitoring closely. The issues espoused on the streets of the city-state have remained local, as all politics inevitably is.

“Beijing is worried each time there is a large scale demonstration because no one knows when those events end or what it will lead to,” Ms Chen says.

Ms Chen says the Chinese culture more or less demands a strong state and government. So if demonstrations like the one in Hong Kong last for a long time, it can be interpreted as though the government is weak.

But there are reasons for citizen trepidation. China’s central government deals with thousands of legitimate and recognised protests in the country each year, and the Asian heavyweight is transitioning to a new economic model which may have varying levels of success.

There are underlying currents of political unrest in China which tend to focus the attention of Beijing’s planners, but it would be a mistake, says Mr Noakes, to draw the conclusion that after the Hong Kong protests the central government is unpopular.

“What we do know is that the Chinese Communist Party (CCP) enjoys high popular legitimacy. To presume that this movement will take root on the mainland and that democracy was coming was to seriously misread the national mood.

“As for it becoming a mass movement that shook the foundations of the CPP, I don’t see it. It never had quite the same feel to it as June of 1989 [Tiananmen Square] did,” he says.

Monday, 20 October 2014

Shocking statistics on NZ cyber security demand change

New Zealand businesses are horribly protected and still using extremely weak security standards, says a KPMG security analyst.

The damage to New Zealand businesses from security breaches reached into the hundreds of millions of dollars in 2013. But this country’s lack of any regulatory compulsion to tell the media about security breaches suggests the actual numbers could be a lot higher.

Most of the United States - and even privacy-conscious Europe - require companies to inform their customers of privacy breaches. However, there’s no obligation in New Zealand to report a private security breach, leaving customers in the dark about how secure their information really is.

New Zealand’s Privacy Commission is keen on plugging this gap and enforce more transparency, whether it be through compulsory disclosure, fines or other penalties.

Until that happens, business security in New Zealand probably won’t change radically. KPMG security advisor Philip Whitmore says generally, security isn’t getting better across almost any New Zealand business or government agency.

“Most of the time failure comes down to risk management and not understanding what the threats are and what controls are in place to protect the risks. Security isn’t about saying no. It’s about saying yes in a very secure and protective way.

“I’m not saying we need to make it like Fort Knox and lock everything away, but we need to know what’s of value in our organisation and what’s at threat and put the right security in place. Trying to do a one-size-fits-all approach often doesn’t work,” he says.

Mr Whitmore tests business’ security - both digital and physical – through penetration testing. The idea is for his team to access an organisation’s critical infrastructure using methods available to anybody.

He discovered some uncomfortable facts about how vulnerable New Zealand organisations are against even simple threats.

The vulnerabilities read like a horror show:

·         100% of the time he accessed critical networks while pretending to be an employee
·         71% of web applications had high-risk vulnerabilities to critical networks
·         32% had poor internet perimeter controls
·         100% of the time they gained physical access (89% to secure areas)
·         24% of wireless networks were vulnerable to unauthorised access
·         62% of mobile devices’ sensitive information was accessible to outside entry

Mr Whitmore says the protection of wireless and internet access points is not as bad as it used to be. But security is a full-spectrum issue, not limited to digital. When it comes to the physical and less-thought-of aspects, the numbers are damning.

“In pretending to be a disgruntled employee we were 100% successful gaining unauthorised access to key systems and information undetected. This was done by using the same skills and techniques that any of us - if we were so motivated - could learn easily. We gained access every time to financial systems, manufacturing or controls of a utility.”

He’s also worried about protections on web-based applications because they’re nothing new. ASB, for instance, went online in 1997. Nevertheless, the issues Mr Whitmore commonly sees haven’t changed since the late 90s.

“Whether it be an online banking or perhaps a retail application, 71% of the time the applications had high risk vulnerabilities. We could bypass authentication, access sensitive information – medical or financial – whatever it may be.”

Even when he stood outside a business trying to get in through the internet perimeter he was successful far too often. In this case, his team tried different combinations of passwords and usernames.

"We got all the way in without detection, without using anything overly technical. Things like finding a login screen for remote access and trying this name or that password.”

However, wireless networks are one of the areas where people are getting better at security.

“Ten years ago I would have gotten into wireless networks perhaps 70% of the time,” Mr Whitmore says. “Today, we’re still not managing it effectively. 24% of the time we sat down the road from an organisation and got in, so that’s your internet perimeter gone.”

Mobile computing - whether it be through smartphones, tablets or laptops - he says 62% of the time they could access all the information on those devices employing simple techniques.

This is all bad news for New Zealand business’ digital safety, but surely locking the front door at night isn’t a problem? Not so fast, says Mr Whitmore. We tend to forget about physical security too.

“When we tried to get into an organisation, or into a sensitive area in that organisation, 100% of the time we were successful using techniques most of us could pick up. And if you can get access to an IT central system, you can bypass the world’s strongest passwords.

“It’s taking actions like strolling in during the day or going up to the door at night, knocking on it and asking the cleaner to let you in. Or it’s getting a bit of fencing wire and popping open the lock on the door.

The top 10 security risks, it isn’t pretty

Mr Whitmore says he’s narrowed down the top 10 all-too-common security issues. Since security is a specialised topic most companies probably won’t employ anyone with the right set of skills, but spreading some knowledge as to how exactly we’re all at risk will help the decision makers.

And the decision makers clearly need a kick in the incentives to bolster their security because the simple things are letting them down. The two most common issues are using kindergarten-weak, garden-variety passwords.

“We simply sat down and guessed the passwords of 89% of organisations. Is it “password” with capital ‘P’ and the number zero instead of an ‘O’ at the end? Is it a username, or “welcome”, or even “Monday”? That’s something any of us can do.

“Of the organisations we looked at, 78% used a common password for new people joining the company. Of those 78% of organisations, 87% retained some of those accounts for a long time with exactly the same passwords.

“Some of those accounts are privileged accounts, with administrative accounts that give you access to everything. Common initial passwords cause problems and there’s generally no need for it.”

The third most common issue is giving every employee access to everything on a company’s critical network, regardless of their job position or responsibility. That’s incredibly dangerous, especially considering the ‘disgruntled employee’ scenario could happen at any organisation.

“In 92% of cases, everyone in the organisation had access to information they shouldn’t have had access to. By sensitive information I mean things like payroll information.

“People struggle to control access to sensitive information. And I think that’s partly because organisations don’t understand what information they have,” Mr Whitmore explains.

Companies also often fail to properly secure any written down passwords. For the average employee, writing down passwords is crucial because no one’s going to remember five or six key codes. That’s really not an excuse for an IT professional.

“Best practice says you don’t write down your passwords. But the IT guys will always have a need to document their passwords, the question is how well those administrator passwords are protected. When pretending to be a disgruntled employee we found those passwords 83% of the time.”

“We found passwords written up on whiteboards in the IT area. If you see some random word written up in the corner, it’s probably a password. If it looks like a password, it probably is a password.

“We found them in the IT manager’s top drawer, they usually write them in notebooks. So we came along and just pulled the drawer open really hard. Those drawers are designed to maybe protect your lunch not sensitive information.”

Next on the list are locks on the front door or access controls to the all-important server rooms. Unfortunately the average time to get through any locked door in an office was 60 seconds in Mr Whitmore’s experience.

“Weak physical security is a problem because 100% of the time we’ve tried to get in, we’ve been successful. Of that 100%, 89% of the time we got into sensitive areas using relatively simple means.

“By simple means I mean things like, when you see in the movies people going up to hotel rooms and getting the credit card out? That’ll probably work 25% of the time. Or using a bit of fencing wire to reach under the door and grab the interior handle and pull it down.

“Doors are locked for a reason, they’re protecting something.”

Sometimes a company does have very secure passwords - and that’s a good thing - but once a user is inside a web-based application the system stops asking whether they truly should have access to the section they’re trying to enter. System developers struggle with security, Mr Whitmore says.

“Here’s a couple of examples, 61% of applications didn’t validate user input. 42% didn’t check the user’s authority to do something. Once I’m inside the application it’s not really checking whether I have the authority to do what I want to do.

“Just because there’s no button saying “admin” doesn’t mean you can’t do admin tasks. You might see up in the URL bar: “user=admin=no”. Just change it to “admin=yes”. It often is that simple.”

Nope, still not getting it

Then there’s hunting an organisation’s cached passwords. On Windows networks when you log into your workstation, a copy of your network password is stored locally in your workstation – be that on a laptop or desktop.

“So if I can get access to your workstation, your network password’s on there. And not only your network password, but the last ten people to log on. And maybe the day before you took your computer to get fixed and the IT administrator logged on, so now I’ve got their password too.

“That’s designed by Microsoft in the event your network goes down, you can still log on. Do you really need to log into desktops when the network is down? 100% of companies had local storing of passwords when they probably didn’t need to.”

Poor checks for password reset is also a big vulnerability. Often the reception or IT people executing the resets simply aren’t trained in the arts of security challenges. All it takes is a sweet voice and a little pressure and, bang, you’ve got new password for the caller and you’re in.

“We phone up the helpdesk from outside the organisation and say, “Hi, it’s Fred Smith. I’ve forgotten my password, can you reset it please?” 86% of the time when we did that, there was no challenge.

“One challenge I had recently was, ‘Philip, when did you start with the organisation?’ I responded, ‘February this year’. He said, ‘Our records say it was December last year.’ ‘Oh, I was contracting then, I’ve come back in February this year.’ ‘Oh, Ok’, he said, and changed the password,”

This weak defence is tied to a general lack of security awareness among employees. Mr Whitmore’s not saying everyone needs to be James Bond, but they do need to know enough to do their jobs.

“If I knock on a locked door, should you let me in? Most of the time, the answer I get is: yes. Sometimes in the middle of the night, one of my team members will walk up to the door and people will let us in while we’re wearing jeans and a t-shirt!

“We see people getting up for lunch and leaving their computers unlocked. Well, I’ll sit down at your computer and maybe I’ll try to get a fake invoice through. I can enter it but I can’t approve it. So I just need to wait until the accountant gets up for lunch, sit down at their computer and approve it.”

The final problem is software patches. Updates and patches are often sent out to fix software security which the developers weren’t aware of. What was thought to be secure yesterday, isn’t secure today. That’s not the fault of software vendors, it’s just that technology inexorably evolves.

“However, 100% of organisations don’t apply patches to sensitive software in a timely fashion. This might be within a day for a very high risk, or it might be within a month for other risks. Of the top four mitigations against breaches, patching is two of them. Patching is very effective.”

Are you feeling sheepish?

Do you feel a tingling sensation running down your spine? That’s what everyone experiences after they see the results of a penetration test. The news isn’t very nice when you see all the holes.

Some companies might be looking at this list and feeling quite embarrassed right now. The truth is, almost every business will be vulnerable to one or perhaps all of these breaches during its lifetime. It might even have a few too many gaps open right now.

Unfortunately Mr Whitmore says there’s no easy fix as the best procedures can still be thwarted by a careless (or coffee-less) employee making a simple, human mistake. But that shouldn’t obviate the need to sit down and think about security on a regular basis. After all, the consequences of not doing so could be disastrous.

“What would have happened if the breach at ACC had occurred to a private insurer?” Mr Whitmore asks.

“With ACC we don’t have a choice, private sector we do have a choice. The customers would have picked up their policies and walked down the road. So this is an important business issue, it can kill us in nanoseconds.”

Every business has limited funds and it’s always going to be hard to allocate precious resources to get the greatest effect. There’s so many gaps that it’s hard to make the first move.

This can lead to paralysis and the assumption that because no attack has occurred yet, it probably won’t happen in the future. But this is folly, all companies are targets in the modern internet age.

The best thing to do is perhaps concentrate on the top threats and vulnerabilities. At least companies can start here.

“It’s tough convincing people. There isn’t an easy answer to convince people who have their blinders on. But over the last two years it’s become less tough. They’ve seen ACC, IRD and EQC and it has woken people up. They’re thinking that could have been them,” Mr Whitmore says.

Tuesday, 14 October 2014

New Snowden NSA documents reveal 'core secrets' of agency

New documents released by ex-NSA analyst Edward Snowden reveal “core secrets” framework of the secretive signals intelligence agency.

The latest tranche is probably the most damaging set of documents yet released since Mr Snowden began leaking the documents in June 2013. The files were released on The Intercept website.

In case the previously released files from Edward Snowden didn’t prove it, this new set of briefs and slides underline that Mr Snowden’s releases are not just drips or even a bucket of intelligence leaks.

Instead, the documents outlining the enormous spying programme called SENTRY EAGLE essentially reveal the very plumbing of the NSA. The files have absolutely nothing to do with individual privacy. They were released to hurt the NSA and the Five Eyes partners, including New Zealand.

SENTRY EAGLE is the controlling programme above the PAWLEYS system, which is a structure for the GCSB and others with “requirements for HUMINT acquisition of foreign cryptographic information and material” via Computer Network Exploitation (CNE).

The documents, released over the weekend, outline “the fact that CSE (Canada), DSD (Australia), GCHQ (United Kingdom) and GCSB (New Zealand) all operate the PAWLEYS programs and that NSA collaborates with each on targets of mutual interest”.

SENTRY EAGLE is an “overarching compartmented programme”. It is an umbrella programme “protecting the highest and most sensitive level of information related to the NSA” and the US government’s effort to protect America’s cyberspace.

The details listed under SENTRY EAGLE constitute “many of NSA’s most highly sensitive cryptologic or network warfare facts related to intelligence sources, methods and activities and relationships; or CNA [Computer Network Attack] operational capabilities”.

The programme is highly compartmentalised. Not even Second Party Partners like New Zealand were ever cleared to know about SENTRY EAGLE. Specific facts could be disclosed to New Zealand, depending on the relevance, but “under no circumstances will you share the totality of SENTRY EAGLE” with foreign intelligence agencies, the document warns those read into the programme.

The briefs caution that any “unauthorised disclosure of NSA/CSS relationships with industry (US and foreign)” would “critically compromise highly sensitive cryptologic US and foreign relationships, multi-year past and future NSA investments and the ability to exploit foreign adversary cyberspace while protecting US cyberspace”.

Including the overarching SENTRY EAGLE programme, the six programmes are classified above Top Secret as “Exceptionally Compartmented Information (ECI)”. This level of classification is only meant for a “very select” number of government officials outside of the NSA and in the US government.

We now know there are six levels to an NSA classification pyramid. These include: Unclassified, Unclassified/For Official Use Only Confidential, Secret and Top Secret. With the final tier of information, ECI, regarded as the “CNO Core Secrets”.

Those secrets are split into six main categories: SENTRY HAWK (Computer Network Exploitation), FALCON (Computer Network Defence), CONDOR (General Computer Network Operations), OSPREY (Human Intelligence Enabled SIGINT), RAVEN (Exploitation of Encipherment) and OWL (Relationships with Industry).

It is the final three which stand out as important and largely new information, or at least they offer more information about how the NSA conducts its cyber operations on a broad day-to-day phase.

Revealing the NSA’s plumbing

OSPREY appears to be a programme built to carry out “off net-enabling” CNE operations. This is defined as “introducing code into target computer networks” and “develop, deploy, exploit or maintain intrusive access”, among others.

These “physical subversion activities” are conducted in collaboration with Second Party Partners, which includes New Zealand. Essentially, the NSA and its Five Eyes partners send agents to real-world targets of intelligence interest to physically gain access to computer networks.

They look for “specific vulnerabilities” in a target’s IT/computer system, such as “in a firewall, operating system, software application, etc”.

The documents describe a range of clandestine field activities undertaken by a unit in the NSA called “Targeted Exploitation” or TAREX. This unit conducts Human Intelligence (HUMINT). That the NSA uses its own HUMINT is initially surprising, but not so confusing if one takes a look at the context.

These TAREX agents work with their US counterparts in the FBI, CIA, DHS and DIA to gain physical access to targets of interest. Descriptions of those responsibilities are listed as “close access-enabling”, “off net-enabling”, “supply chain-enabling” and “hardware implant-enabling”.

Journalist Glenn Greenwald already revealed in his 2013 book No Place To Hide that NSA operatives intercept computer hardware in “supply chain interdiction”. The agents implant software or signals beacons into computer hardware at “undisclosed locations” before letting it go on to the end user.

TAREX operate with the unit responsible for this called the Tailored Access Operations (TAO) from forward bases in Germany, South Korea and Beijing, China. They operate from bases in Hawaii, Texas and Georgia in the United States. The unit also work from US Embassies and other “overseas locations”.

The job of TAREX and TAO is apparently to access “data at rest”. This is an important description because of the historic turf wars between the NSA and CIA.

In the past, the distinction between “data at rest” and “data in motion” specified the roles of the two agencies and what kind of intelligence they were directly responsible for obtaining.

Traditionally, the CIA is responsible for collecting “data at rest”. Essentially this is everything from white paper stored in a safe to recorded voices on a tape or CD. Whereas the NSA was responsible for intercepting “data in motion”, or signals as they fly through the airwaves.

According to these latest documents, the thorny distinction between data “at rest” or “in motion” has obviously been impossible to clarify between the agencies. Instead, they have decided on working together to gather “data at rest”.

It’s an efficient way of sorting out the issue of whether digital data is ever really “at rest” at all. The CIA and other agencies do not receive anywhere near the same amount of funding that the NSA does annually. And that has always been a contentious point in the US intelligence community.

But it also indicates that the annual funding for the CIA, FBI, DIA and NSA can to a reasonable extent be now considered a single pool. And it shows an encouragingly higher degree of cooperation between the agencies.

The NSA responded to the publication of these secrets with the sentence “it should come as no surprise that NSA conducts targeted operations to counter increasingly agile adversaries.”

No company is unwatched

One of the main points about Mr Snowden’s leaks is that his information supplies physical, hard proof for all the NSA capabilities that people once only speculated about.

For instance, it was always assumed that the NSA had some kind of direct access to both US and foreign companies and especially to the technological devices they made.

These documents now prove that the NSA is working with “specific named US commercial entities and operational details (devices/products) to make them exploitable for SIGINT”.

In other words, the NSA along with US companies are manipulating the hardware and software of commercially available products like mobile phones and computers.

The documents also prove that the NSA has access to foreign companies as well. It says that the NSA works with “specific foreign commercial entities and operational details (devices/products) to make them exploitable for SIGINT”.

On top of this, we now know the NSA places clandestine agents into “commercial entities”. These undercover agents could be working as full time employees or they may be visiting companies under false identities or charade.

Many analysts have suspected for years that the NSA and CIA have relationships with companies enabling those agencies to legally work with employees to access company information.

However, it appears the NSA has been operating a network of employees as hidden sources inside both US and foreign commercial entities without the respective companies knowing.

This might sound duplicitous, but there are two immediate reasons for creating covert sources in private companies.

One is that some companies may not wish to give certain information to the NSA despite legal rulings ordering the handover. If that happens, the NSA will have somebody in place to deliver that information to the agency regardless of company procedures.

Another explanation is the verification of information. Having a person in place as an independent source gives the agency much more confidence in the material they have received.

This is standard practice in intelligence when penetrating a foreign agency, for instance. Especially when the compromised source is a mole. So it makes sense that the NSA would create a system of verification to confirm the accuracy of voluntarily released information.

Lessons on encryption

Nevertheless, revelations that there are people inside US and foreign companies communicating directly with the NSA is bound to cause alarm in businesses across the world. Those employees make the NSA’s job much easier by funneling critical information like encryption keys and source code directly to the agency. But CEOs will now be wondering who the mole is, that is, if it isn’t the boss in the first place.

As for the foreign companies the NSA works with, no specific names are given and it remains unknown how many companies are compromised. We now know the NSA is working with foreign companies to a much larger extent than previously known.

Considering the type of intelligence the NSA is interested in, it can safely be assumed that any company building devices capable of sending digital communications such as emails, texts, photos, chats and phone records (take your pick) has probably been penetrated by the NSA and its partners.

International companies outside the US have positioned themselves since the revelations began as better alternatives for cyber security and digital devices than their American counterparts.

Unfortunately for these companies, that’s simply not true anymore. It now looks like many of them (and it has to be assumed this means all of them) are just as compromised in security and privacy as the American companies are.

This will be a huge blow for those company’s integrity and commercial image.

The takeaway from the latest documents is that the NSA is integrated in a much greater capacity with both international and US technology and internet companies than previously thought. 

Monday, 13 October 2014

Kim a no show as North Korean Generals maneuver

North Korea’s leader Kim Jong Un was a no show at a key political commemoration on Saturday, fuelling more speculation that the 31-year-old leader may have been pushed aside.

For the first time in three years, the leader was not on the list of dignitaries at the celebration of the anniversary of the founding of the ruling Worker’s Party.

Most other high-level military and party officials were present at the celebrations but only a flower basket with Mr Kim’s name on it marked the missing leader’s existence. It remains unclear where the regime head is.

Elsewhere over the weekend, heavy machine gun fire from the North Korean side of the demilitarised zone targeted a balloon launched by South Korean activists which was reportedly dropping propaganda leaflets across the border.

South Korean military forces responded to the shooting with their own volleys, but the situation did not escalate. No casualties were reported on either side.

Both events underlie a marked vacuum of information about what exactly is going on in the hermetic kingdom. There is good reason to believe Mr Kim’s absence has something to do with the high purge-rate he has conducted over his brief career at the top.

Mr Kim is also the last in line in the dynastic Kim legacy of the country’s founders. So a mix of political nervousness and opportunity could have converged in the minds of some of the North Korean generals or elites that perhaps quietly overthrowing the young leader was prudent.

Adding heat to this analysis, Gen. Hwang Pyong So, who stepped into the public spotlight by organising bilateral talks with the South, could fit the profile of a high-ranking officer with cause and opportunity to take control of the kingdom.

Mr Hwang turned down a meeting with South Korea’s Prime Minister Park Geun-hye before leading a top-level delegation on a surprise visit earlier in September to attend the Asian Games.

Some analysts speculate that Mr Hwang could be in control of the nation. One way of knowing if this suggesting is accurate is whether he meets with the South’s leader in the near future.

Other generals who fear for their life or political position are jockeying for position behind the scenes as well, so more movement and action is to be expected.

A Mr Kim no show at the anniversary and a sudden rise in military staff travelling across the demilitarised zone could indicate a deeper change in the North.

However, the anniversary was not a landmark year (69th) and the generals may be taking orders from the traditional hierarchy. It is almost impossible for open source analysts to truly know what is going on.

But something doesn’t smell right in the “Hermit Kingdom”. A coup might not be the answer to the riddles (although it does fit many of the questions), but even if Mr Kim returns to the scene soon, it is clear that his powers are significantly weakened.

Friday, 10 October 2014

Hong Kong talks cancelled as protests dwindle

The Hong Kong government called off promised talks with student groups this morning in a worrying sign that the pro-democracy protests could re-intensify.

The talks were organised to resolve Hong Kong’s political standoff but were in chaos Friday morning NZT as both the government and student protest groups traded confrontational rhetoric in multiple news conferences.

Protests in the city-state had been winding down after almost two weeks of widespread but largely peaceful unrest. The talks hoped to clear the streets of protesters and return the city to normal function.

Despite dwindling crowds over the bulk of this week, particular streets of Hong Kong key areas of the city remain barricaded. The students are now under pressure to justify those barricades as the anticipated talks have been cancelled.

Hong Kong’s No. 2 official, Carrie Lam, issued the cancellation of talks saying the students were “shifting their demands”. The protesters, she said, began by demanding the public nomination of political candidates for the upcoming chief executive elections in 2017.

However, Ms Lam says the students are now calling for the Chinese government to rescind its decision to intervene in Hong Kong’s elections entirely. To restart the talks, Ms Lam says students will have to accept the decision by Beijing to select candidates for the leadership position.

Student representatives fired back at the official’s statements saying their demands are reasonable and that the government intentionally terminated the talks. They gave no indication they are ready to agree to Beijing’s demands.

The cancellation of the talks indicate Beijing still has confidence in the current chief executive Leung Chun-ying. But this confidence may change if the demonstrations fail to end comprehensively soon.

Beijing would rather not intervene unilaterally, preferring to leave fixing the situation up the Hong Kong government, but it has serious options to quell the protests should it need to.

Protest groups are now calling for a new wave of civil disobedience on Friday night. However, the momentum appears to be slowing significantly with fewer protesters in the streets on Thursday.

At their peak, the protests reached an estimated 190,000 participants. The movement displayed a high degree of self-discipline despite the Chinese government decision to use force on multiple occasions.

If the protests are to continue, they will need more support from a quickly demotivating and disinterested wider Hong Kong public. If they do intensify, Beijing could be forced to provide a limited political concession.

However, Beijing has made it clear that it will not back down from being the arbiter of the nomination of the next chief executive in 2017.

Yet the underlying democratic currents stirred over the past week are sure to reappear in the future. What worries Beijing is that the feeling could spread.

Some of the protest groups voice concern that continued blockages of the famously efficient city will bring more harm to their cause than necessary.

Agnes Chow, a spokesperson for the high-school student-led protest group Scholarism, says the group is considering pulling out of thinly occupied streets and consolidating pressure near government buildings now that the talks have collapsed.

“We are also aware that we can’t block roads or streets that make a majority of citizens there unhappy,” she said.

Their apprehension is not misplaced. The damage to the city is not physical, but economic. Merchants are now taking stock of the business they lost during last week’s protests.

Sales at some major retailers fell by up to 50%, according to Bloomberg. Smaller companies fared much worse with sales tumbling by closer to 80%. A loss of revenue between 40-60% could also hit major hotel and restaurants located near key protest sites in the city centre.

During the heaviest days of protest, 17 banks were forced to temporarily close their doors in 29 branches and offices.

A Hong Kong academic at the University of Science and Technology says the protests could cost the city-state around $HK350 billion ($57.4 billion), or about one-sixth of Hong Kong’s GDP.

Now as protesters appear to return to their normal lives in the expensive Chinese city-state, the demonstrations will lose more support from business leaders.

The protest’s negative impact on business in Hong Kong will unfortunately only exacerbate the decreasing importance of the city-state compared to other faster-growing and more Beijing-friendly cities in mainland China.

This reflects China’s transformation into less of an export oriented economy and into a consumer economy. That gradual evolution has created multiple alternate options for Beijing which Hong Kong used to occupy.

Shanghai, Shenzhen and Guangzhou are three cities just as commercially large as Hong Kong and growing in importance for Beijing.

Ultimately, the two Chinese systems in Hong Kong and Beijing will continue to rely on each other over the short term. Both sides need to weather the protests if they continue because neither has a better option presently.

Beijing needs Hong Kong to prove that a one country, two systems approach can work - especially when it has its eye firmly set on potentially reuniting with Taiwan. On the other side, Hong Kong still relies heavily on the mainland for development and investment.

But in the long run, the question of greater autonomy for the city-state will not disappear and Beijing will need to decide what political concessions it is happy to make without setting too much of a precedent that demonstrations will result in democracy.

Why the TPP is NZ’s best hope

Most trade deals pass under the public radar for good and obvious reasons. They’re generally as complex as a spiders’ latticework, entirely unsexy and often last much longer than a typical news cycle allows.

But the Trans Pacific Partnership (TPP) bucks this trend. More people around the world appear to be interested in these negotiations than even the more impactful World Trade Organisation talks. People really seem to care about this deal.

The TPP gives New Zealand access to free trade with markets this country could never negotiate with bilaterally. And it’s an agreement which, if it works, could attract many more countries into its embrace.

The partnership has taken more than five years to complete, far longer than any of the members ever thought it would. US President Barack Obama is pushing to close the agreement by the end of the year, but even now the TPP teeters on the edge of history’s dustbin.

Trade is never a particularly exciting subject for most governments. They can lose votes easily and it’s very hard to win votes based on trade. Yet the single thing which would make the most difference for the TPP is if Mr Obama embraces the agreement in a way he is yet to do. Especially when HSBC predicts TPP-like deals could create 10 million jobs for the US over the next decade.

If it the TPP pass before early 2015 it may not be signed until 2017. For the TPP’s detractors that’s music to their ears. Then again, most of those critics are opposed to free trade agreements in any form. And there’s no talking someone out of a position with logic if they never arrived at that positon using logic in the first place.

But the TPP is far from only a nice-to-have for New Zealand. In 100 years’ time, we’ll look back and be very grateful our ancestors spent so much political capital on this family of free trade deals.
There’s a lot to like about the TPP, and not really much to hate. It’s not going to be like the Second Coming of Christ, but it’ll be an important agreement nonetheless.

From New Zealand’s perspective, the TPP is probably the best opportunity this country will get to cook itself into a truly massive trade agreement with meaningful openings into key markets, like Japan and the US. This really cannot be overstated.

New Zealand exporters and service sector will be huge beneficiaries, since the economy is so heavily built on exports. By being part of the TPP, New Zealand can overcome some of the challenges of being relatively small and geographically isolated.

And for consumers the benefits are even bigger. They’ll have access to goods and services that will be cheaper and higher quality. And businesses looking to expand offshore will be better protected.

Of course, New Zealand has two problems. One is that, on its own it isn’t the most powerful player in the room. Getting its most cherished objectives on dairy, for instance, is problematic given its size and economic strength.

But the second big problem is that dairy happens to be the most sensitive protectionist area for most of the other players.

New Zealand is at the ground floor, and the TPP is only going to get bigger. If the rumours are in any way true, the current 12 TPP members could leap to 19 countries by 2020. That’s enormous.

By then, even China could be ready to join the agreement, especially since Beijing is looking for ways to pull closer to the United States and reform its own economy. Both of which could be achieved by negotiating itself into the finished TPP.

Most people say China could never join the agreement because the intellectual property protections are too strong. But China is increasingly producing its own intellectual property. Their firms are creating new ideas, designs and inventions.

And the more that a country participates in creating intellectual property, the more they have to care about protecting it. By 2020 China will likely be deeply interested in protecting this IP, even while joining the deal might begin to look like a China/US FTA.

Perhaps China is a bit worried about joining an agreement it had no part in structuring. But they’d find it increasingly difficult to stay out of the TPP, especially if South Korea joins a completed partnership.

New Zealand is blessed with excellent trade negotiators who look out for New Zealand’s interests. If they thought this agreement was in any way detrimental overall, they simply wouldn’t sign it.

Then looking further out into the century, any plans about creating a larger free trade area in the Asia Pacific can only really begin once the TPP concludes. Once it closes, the TPP will be a very attractive platform with countries probably lining up to join it. Hopefully the various members will work out their differences in a timely fashion later this month in Sydney.

The return of history in Russia

Street battles, artillery barrages and airstrikes continue to rumble eastern Ukraine. In February, the media was predicting the next World War, but 2014 won’t be 1914. The question now is not whether the world has changed, but who it has changed for.

The Ukraine conflict is difficult to write about because it is still unclear exactly what the endgame is for Russian President Vladimir Putin. It is clear that Russia has altered the security architecture of the European peninsula.

Russia is far more concerned about eastern Ukraine’s politics than Europe is, let alone America. But Mr Putin’s Russia is not Tsarist or Soviet. And he doesn’t appear to have designs for explicit control over the peninsula. Russia’s energy and commerce ties achieve this goal better than any tank column could.

No one can move in Ukraine, and yet Europe’s geopolitical reality hasn’t progressed faster in so short a time for a long time. It appears that Mr Putin has both ended and begun a new reality we will be dealing with for decades to come. Recent history explains the transformation.

Lilia Shevtsova, writing in the American Interest, offers a name for the strange period before Russia annexed Crimea this year. She chooses the term “interregnum” which was used for the early 1930’s by Italian Marxist Antonio Gramsci.

The word means “a time outside of time” where the old ways are no more, but the new has not yet arrived or isn’t quite visible yet.

This concept encapsulates the developed world after the Cold War. For America, right up until the events of 9/11 (or maybe 2008) the world it accidentally controlled was operating in an incoherent period unlike any in human history.

To a good approximation, ideologies were defunct, politics was vapid, technology was evolving and prosperity was never going to end. Even if all that was all accurate, it couldn’t last. And it didn’t.
The thing is, this interregnum was only a reality for the Western world. That the Americans were caught off-guard by Russia’s manoeuvres in Ukraine actually reflects their own ideological fantasy.

Europe and Russia know exactly what’s happening in Ukraine. They’ve been conducting this type of politics for thousands of years.

When the Russian president sent unmarked soldiers into Crimea, Mr Putin knew he was neatly circumventing international law. How was Russia committing a crime when those men clear weren’t Russian troops?

And how exactly is Russia invading a nation when there’s no proof of Russian soldiers or armour on the ground in Ukraine? Aside from a few satellite images and hyperventilating claims from a few Ukrainian officials, where’s the solid evidence?

The United States and NATO couldn’t muster any reason to intervene in Ukraine precisely because of the rules they invented for a world that existed only in their heads.
What Western officials didn’t understand for decades was how alone they were in their fantasy. Everyone else knows when it comes down to national imperatives all the nice borders, treaties and laws are simply dry ink on rough paper.

If the rules created by the Western world brought us to this point, then what good are the rules? Right now a Eurasian country has essentially invaded a neighbouring sovereign nation and there’s nothing the international system can do about it.

For all their power, the Western world operates with both arms tied behind their back – this time the knots are self-inflicted.

Their mistake was assuming the world could escape its history by employing logical rationality.

When the institutions of the current international system began, everyone joined in because they wanted to ride the waves of wealth. Countries gave lip-service to law, borders and human rights when it suited them but revert to old animosities and actions when it didn’t.

Each time a Russia, Rwanda or China sidelines or reinterprets the international system for their own ends, Western elites and ideologues shouldn’t be so shocked.

Because when it comes to choosing between the “things-a-country-must-do” and international law, history is filled with torn parchment and broken seals.

Has there been a coup in North Korea?

Rumours abound about the whereabouts of North Korean dictator Kim Jong Un. The secretive state’s leader hasn’t been seen for over a month.

Even on a good day, it’s difficult to penetrate the closed North Korean society and yet more eyes are on that country than anywhere else. Still, fantasy and conjecture fills the normal information gap about this country more than perhaps any other nation-state.

All this makes it more difficult than usual to discover what’s happening now. The country’s leader, Kim Jong Un, has been out of the public eye since September 3, fueling suspicion that Mr Kim could have been overthrown in a coup after only three years in power.

The normally boisterous, but pudgy, dictator generally loves the limelight. He appears at factory events, stage shows, missile launches and all manner of kooky press photo ops. The last time he was seen was smoking cigarettes at a performance by the all-female North Korean Moranbong Band.

His family is known to have a history of diabetes and obesity (although Mr Kim’s love of food also explains his weight). That could explain why, at the recent event, he had a limp and was noticeably overweight.

Asia watchers and foreign policy analysts are divided over two main theories about the sudden disappearance. The coup scenario has been floated by serious analysts, but the second contender is that the dictator is recovering from some type of injury and will be back on deck eventually.

Andrei Lankov of South Korea’s Kookmin University said recently that the hypothesis of a simple illness isn’t entirely out of the question.

“People get sick. I wouldn’t make much of it,” he says. The only government reports from Pyongyang say that Mr Kim is suffering from “discomfort”.

Other rumours suggest Mr Kim’s little sister, Kim Yo Jong, is running the country in her brother’s absence. A former North Korean counterintelligence officer is also claiming that Mr Kim was overthrown in December, although this suggestion should be viewed with suspicion considering his professional history.

In North Korea later today, the country will celebrate the anniversary of the founding of the communist Worker’s Party and Mr Kim is expected to attend. If he does appear, most things will be back to normal in the hermetic nation.

But if he doesn’t attend, the implications of a sharp regime change may need to be seriously addressed. The problem is, no one outside the Pyongyang elite really knows what’s going on inside the regime.

Mr Kim never had the training that either his father or grandfather had before they entered into power. He is very young and inexperienced. He has often clashed with powerful military figures over key decisions.

Mr Kim’s schedule is also punishing. Considering all the events he must attend, and his medical history, the hypothesis that he is either injured or simply overworked does carry some possibility.

But he shares the responsibility of governing the state with other elites. The President of the Supreme People’s Assembly and the chairman of the National Defence Commission, alongside a few others, are constantly maneuvering for greater control and privilege.

Hundreds of military advisers and officers have been dismissed since Kim Jong Un came to power. The country constantly works through crises so the latest isn’t unusual. If Mr Kim has been deposed, however, it will be the first time the Kim dynasty has lost its hold on power in more than 50 years.

Keeping an eye on what China is doing will also be important because Beijing is the closest ally to the North Korean regime. A shift in behavior from Beijing could indicate a change in North Korea, although what that shift will look like is unknown.

There’s too much speculation about Pyongyang to assume nothing is wrong in the North Korean nation. Regardless of what happens at the anniversary parade, it is becoming increasingly clear that Mr Kim has lost much of his power and a transition could be in the works anyway.

Rumours are dangerous at the best of times. But when it comes to North Korea, rumours could be critical. A lot rests on whether North and South Korea can remain largely at peace. A restive North Korea would not be a good sign for international stability.