How to Reopen the Strait of Hormuz
New Geopolitics Decanted episode on how the US military can mitigate against the anti-ship cruise missile, drone, fast-attack boat and mine threat in the Persian Gulf. And the possible timeline for return to normalcy
youtu.be/Sjz_zxKOMIk
"During the height of the Cold War, it was unthinkable for the U.S. to sell supercomputers to the Soviet Union, the equivalent of the GPUs today. We’ve never won technological competitions by arming our competitors—we’ve prevailed by preserving a clear advantage."
www.wsj.com/opinion/the-...
"We are fast approaching a moment when China’s expansionist ambitions may test America’s resolve," @dmitri.silverado.org and Matt Cronin write. https://wapo.st/3JVhdLd
So far this morning, we’ve had an incredible kickoff with on attribution alphabet soup with the one and only @dmitri.silverado.org and then a fascinating meme-ful talk from @activemeasures.bsky.social and @wylienewmark.bsky.social on SVR cyber espionage and Russian analytic battlefields.
I found the latest episode of Geopolitics Decanted with @dmitri.silverado.org very informative on the state of the Russian economy. I don’t know whether these new sanctions are enough to be the potential game changers identified by Chris Weafer.
podcasts.apple.com/gb/podcast/g...
I haven’t. What do you think has changed primarily?
Very interesting podcast by @dmitri.silverado.org why drones are a useful addition to the European military but shouldn't be the main focus for investment in building our military capabilities.
Great discussion with @justin-br0nk.bsky.social and @dmitri.silverado.org about the "drone panacea myth".
See also the RUSI article www.rusi.org/explore-our-...
I found this discussion between @dmitri.silverado.org and @justin-br0nk.bsky.social on the limitations of drones to be very useful. podcasts.apple.com/us/podcast/g...
Justin Bronk — @justin-br0nk.bsky.social — is a keen observer of military affairs. Talking with @dmitri.silverado.org, he challenges the view that Ukraine’s success with UAVs against Russia is a model for what the US and other western nations should focus on. podcasts.apple.com/us/podcast/g...
Hopefully we made it clear on the podcast!
Why Drones Can’t Replace Traditional Firepower
My @GeopolDecanted discussion with @justin-br0nk.bsky.social about his recent provocative @rusi.bsky.social piece on this topic.
We also discuss efficacy of Ukrainian F-16s, Operation SpiderWeb and much more. Watch 👇
youtu.be/ykLIH2kY1U8
The key is to keep the implementation as simple as possible (attestation via Intel Trust Authority or mTLS) and not include poison pills like kill switches and geofencing that would make this unworkable and too onerous for end-users and chip designers alike
END
Through this lens, the Chip Security Act or similar solutions would help accomplish the goal of identifying export control violators with minimal overhead to AI chip companies and exporters
The goal here would not be to identify and stop every AI chip export violation but to collect additional data that might help identify export control violators
In another scenario, if you have a customer that has purchased tens of thousands of AI chips which are not reporting in every month (accounting for typical chip failure rates, etc), it is also grounds for a BIS investigation of an importer
A typical hop between eg Shanghai and Singapore will add 40-300ms of consistent latency which can be easily detected. This would then be a clue for BIS to investigate further
To mitigate against this, the exporter's webserver can measure round trip time (RTT) for packets inside the mTLS connection and then compare it to pings to the IP from which the connection is originating
Of course, this is not full-proof. Chinese companies can purchase AI chips through shell companies elsewhere, reship the chips to China and then proxy their mTLS connections through VPNs and proxies in countries where the shell companies are based
Another way to accomplish this might to be use existing Intel Trust Authority for GPU remote attestation architecture that Intel and Nvidia have partnered on but that creates a requirement to use Intel CPUs, which may not be ideal in every case docs.trustauthority.intel.com/main/article...
GPU drivers can already do mTLS handshake operations like ECDSA signing, so this doesn’t even require any new code from the chip designers
The connection can be trivially initiated via a simple script from other parts of the environment where the AI chip is deployed, but just talk to the GPU driver for handshake initiation/client key exchange with the EXPORT_CERT. This minimizes the technical reqs for AI chips
The mTLS connection would not originate from the chip itself. In fact, it doesn’t even have to originate from the server that the chip is in
So if a chip is being sold to a data center in Singapore but the connection originates from an IP address in China (or anywhere else), well, that means you might have a potential transshipment on your hands that warrants BIS investigation
The US exporter would then have the country from where the secure mTLS conn is originating from and match it against the customer KYC and export info data that they had been collected during the export process to determine whether country of shipment matches country of use
US exporters would run mTLS webservers with public key versions of the EXPORT_CERTs loaded on them (they would get them from the chip designers) to record the IP addresses and their geolocation from where the connections are originating
Foreign end-users (wouldn’t apply to US customers or perhaps to trusted foreign govs) would then be obligated by BIS to use this cert for mTLS (mutual-auth) Client Key Exchange connection generation to the US exporter of the chip on a periodic basis (ex. once a week/month)
New AI chips going forward can incorporate a new certificate with a private key (EXPORT_CERT) in their Secure Enclave (they already have other certs for secure boot/attestation). So this is a very simple task
