March 30, 2014

Corporate Dictators Gone Wild

Interesting book review in the Wall Street Journal on Moments of Impact--corporate strategy meetings. 

The authors, Ertel and Solomon, see strategy meetings as critical for "to confront radical challenges" "cope with fast-changing threats", and confront competition.


It is an opportunity to:


- Look at the big picture, including industry trends.


- Hear different points of view from as broad array of perspectives as possible (instead of the usual "fences and silos" that prevail in corporate life).


- Decide to change ("Creative Adaptation") or to stay with tried and true strategies ("stick to their knitting").


The book reviewer, Adrian Woolridge, though has a much more skeptical view of these strategy sessions calling them "dull, unstructured time-sucks" and "more often than not, [they're] a huge waste of time":


Why?


- They produce "airy-fairy nonsense."


- Rather than abandoning the corporate hierarchy, the sessions anchor in "status hierarchy."


- Outside strategy "experts" brought in "are nothing more than cliche-mongers."


- The "games" are silly and non-impactful.


- Often rather than strategic conversations, we get "lazy consensus," where decisions are driven by senior managers with a bone to pick or a reorganization in mind.


What's the truth...as usual, somewhere in between these 2 states of idealism and cynicism.


We can choose to take planning seriously to bring people together to solve problems creatively and gain consensus and commitment or we can use strategy as bogus cheerleading sessions and to manipulate the sheep to do what the seniors already know they want.


If we really work as a team to press forward then we can accomplish great things through our diversity and strength, but if strategy is nothing but corporate dictators gone wild, then the cause is already lost to the competition.


(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

March 29, 2014

Will You Take The Next Exit Or Not?

I'm not really into the psychic stuff. 

First, I learned in Yeshiva that we are not supposed to divine the future. 

Second, I don't think we're supposed to know what we're not supposed to know--it take the edge of the challenge in life (almost like trying to gain an unfair advantage in going through life's ups and downs, which is how we learn and grow). 

Third, I think there are a lot of charlatans out there (not everyone, but a lot). 

But one idea recently, from Sylvia Brown, has got me thinking. 

The idea is that we each have Exit Points in our lives--"precise times and ways when we'll leave here and go Home again." 

Brown says we each have 5 of these exits planned in our lives--"and we can use any one of the five we want, as we go along, depending on whether or not we feel we've accomplished enough of what we wanted from this lifetime to begin with."

Thinking back to my own life, I can clearly see times when it seemed like my number was up.

Each occurrence was dramatic and looking back now, sort of surreal. 

During these exit points, I know that I was just inches from death and that G-d brought me back. 

This is where I differ from Brown, I don't think it was my choice to live or die, but I think it was a time of judgment, when G-d decided whether to let me live on (although, perhaps, I had some input as far as G-d is concerned).

The exit points are not escape hatches like from the Matrix, where we can choose to stop or "exit program," but rather times in our lives when we are given the opportunity to go on or not. 

Also, I think the decision of whether we stay or go is based in part on whether we've accomplished our mission, but also on those around us who will be impacted--that's why it takes G-d to figure out all the combinations and permutations to make the call. 

Bad things happen and people die suddenly and violently or even excruciatingly slow and painful deaths--and in other cases, people survive to die another day--we really don't know what is going to happen. 

Part of not knowing tests us--sometimes to our limits and perhaps for some even beyond (although I was taught in Yeshiva that G-d never gives us more than we can handle). 

We live, we die, and perhaps we live again i.e. through reincarnation--a mechanism of ultimate justice and learning. 

Will G-d permit us to continue as ourselves in this go around, to come back as another in a future spiral, or is it really "game over"?

I thank G-d for letting me live to continue my journey--I still have so much to learn here and now--what the future brings, only the merciful Almighty knows. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

March 28, 2014

So It Really Is A Popularity Contest

Good, Sue Shellenbarger in the Wall Street Journal finally said it..."likability matters more than ever at work."

Yes, you also need to know your subject matter and be able to perform like a pro, but just that alone is not enough.


If your a card or a jerk, no one wants to know you.


The old Jewish thinking about being a mensch, first and foremost, still holds true.  


"Likable people are more apt to be hired, get help at work, get useful information from others, and have mistakes forgiven."


Employees also track employees likability on social networks and recruit those who can well represent them and make transformative changes. 


What contributes to likability:


1. Be Authentic - an ounce of sincerity is worth more than a boatload of of b.s. -- people see right through it.


2. Use Positive Cues - eye contact, smiling naturally, and a warm, varying, and enthusiastic tone make you approachable and believable.


3. Show interest in others - selfishness, narcissism, and I, I, I will get you no friends; show genuine interest in the other person--be cognizant of what's in it for them--give a damn!


4. Listen - 2 ears, 1 mouth; close the mouth and listen to the other person--don't just hear them, understand them, empathize, feel something!


5. Find common ground - look for shared interests or commonalities; we can all relate to others with whom we can identify.


Short and sweet, treat others as you would want to be treated (Golden Rule) and it doesn't pay to be a ass! ;-)


(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

March 27, 2014

10 Keys To Influencing And Selling Anything


Brilliant video by Kendra Eash for McSweeney's Internet Tendency.

It is made entirely with stock footage from Dissolve.

What is amazing is how with some great video, nice background music, and a soothing confidant voiceover--we can sell, or be sold on, just about anything.

The 10 Keys to influencing and selling anything, including B.S.:

1. Vague words that show progress (innovation, hope, motherhod, and apple pie--I'll have some of that)

2. Beautiful footage and sound (who wouldn't want to be there type?)

3. High-technology and science (we can solve the world's problems and make money, yippee)

4. Research and development (we're investing in the future and you should invest in us)

5. Global and U.S. (we're beyond borders, but still "made in...", headquartered, or otherwise a U.S. entity)

6. Environmentally conscious (clean water, breathable, air, lush forests, who can argue with that?)

7. High-speed (movers and shakers, we don't stand still, join us or be left behind)

8. Attractive people (this is for real human beings, human kind, we care about you!)

9. Diversity and equality (we love and help everyone--including you and your family)

10. Inspiring (we're thinking big and bringing positive change--buy from us, support our cause)

Throw/superimpose any company, product, country, person, or cause on this video--and poof, you've got an awesome brand--whether you deserve it or not!

This is how we're manipulated one brand at a time, hundreds of brands a day. ;-)
Share/Save/Bookmark

March 25, 2014

Top 100 Most Social CIOs



Thank you Huffington Post--article here on Top 100 Most Social CIOs. 

I never thought that an introvert like me could end up in a list like this. ;-)

Share/Save/Bookmark

March 23, 2014

Six Internet Creepoids To Beware Of

There are a lot of basket cases out there--both in the physical world and in the virtual one.

The New York Times today has an article by Henry Alford about people who act or are mainly just perceived as creepy online. 

He gives examples of people who take out their smartphones (with cameras) in the locker room, who show their online photos and whoops there's an indecent doozie, who mistakenly send a critical email to the wrong person or distribution list, who say the wrong thing online because of autocorrect or autofill, and who act the detective looking up too much information about others. 

At the end, Alford calls for "more tolerance toward the gaffe-makers." 

And while we should be good people and forgive genuine mistakes, some things are not accidents and deserve the seal of "ick!"

Here's the list of 6 Internet Creepoids to seriously beware of:

1) Overly Cyber Friendly or Familiar:  People who chat, text, email, or comment in a way that portrays an inappropriate knowing or intimacy with others.

2) Cyber Stalkers: Those who unsolicitedly and unwanted or obsessively follow, friend, monitor, or harass others on the Internet.

3) Internet Trolls: Individuals who giddily sow discord with argumentative, inflammatory or extraneous messages online narcissistically or just to be jerks.

4) Cyber Exhibitionists or Voyeurs: People who inappropriately or compulsively expose themselves or watch others naked or engaged in sexual activity online. 

5) Cyber Impersonators or Identity Thieves:  Those who falsify their identities by exaggerating or masking their true selves, pretend to be someone else, or otherwise steal someone's online identity.

6) Cyber Freaks: Individuals who behave online in extreme unusual, unexpected, and frightening ways.

So while some things are innocent or accidentally creepy from otherwise nice and decent people, other actions are genuinely such from the real online creepoids. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

March 22, 2014

The Bigger Smaller Navy

So our Navy is shrinking for real, but growing on the books.

Steve Cohen writes in the Wall Street Journal how the "U.S. Navy is stretched too thin."

And we are down to just 283 ships, but for reporting purposes it's 293--that is--because we now include hospital ships, small coastal patrol vessels ("lightly armed [with machine guns]...and not true oceangoing"), and a high-speed transport in the calculus.

Moreover, "only 35% of the U.S. Navy's entire fleet is deployed, fewer than 100 ships, including just 3 aircraft carriers."

According to the Heritage Foundation, gone is the promise of a mighty U.S. with a formidable 600-ship navy, and instead "U.S. naval leaders are struggling to find ways to meet a new requirement of around 300 ships...with "predictions [that] show current funding levels would reduce the fleet to [just] 263 ships."

Sure, today's fleet is comprised of ships more capable than predecessors, but our enemies are also not resting on their laurels. 

China is now building its 2nd aircraft carrier, and Russia has formally secured Crimea home to it's Black Sea fleet. 

The function for military readiness includes not only capability of each, but numbers available to fight. 

There are times that less is more, but less can also be less. ;-)

(Source Photo: here with attribution to Jon Olav)
Share/Save/Bookmark

March 21, 2014

Safely Detonate That Malware


I like the potential of the FireEye Malware Protection System (MPS).

Unlike traditional signature-based malware protections like antivirus, firewalls, and intrusion prevention systems (IPS), FireEye is an additional security layer that uses a dynamic Multi-Vector Virtual Execution (MVX) engine to detonate even zero-day attacks from suspicious files, web pages, and email attachments. 

According to Bloomberg Businessweek, Target's implementation of FireEye detected the malware attack on Nov 30, 2013 and it alerted security officials, but allegedly "Target stood by as as 40 million credit card numbers--and 70 million addresses, phone numbers, and other pieces of personal information--gushed out of its mainframes"over two weeks!

In fact, FireEye could've been set to "automatically delete [the] malware as it's detected" without human intervention, but "Target's team apparently "turned that function off."

FireEye works by "creating a parallel computer network on virtual machines," and before data reaches its endpoint, they pass through FireEye's technology.  Here they are "fooled into thinking they're in real computers," and the files can be scanned, and attacks spotted in safe "detonation chambers."

Target may have been way off target in the way they bungled their security breach, but using FireEye properly, it is good to know that attacks like this potentially can be thwarted in the future. ;-)

[Note: this is not an endorsement of any product or vendor]
Share/Save/Bookmark

March 20, 2014

Fighting Someone Who Doesn't Care

Today, an editorial by Daniel Henninger in the Wall Street Journal said it outright about Putin's land grab of Crimea and his view of others' reactions to it, "He doesn't care what they think."

This comes to the point of the whole matter, which is how do you fight an adversary that just doesn't give a [you know what]?


If one side is arguing what's right based on international laws, mores, and the ethics of human rights and freedom, how does that stack up with an adversary that disseminates misinformation [oh, are those our troops on the ground?] and thumbs their nose at the world to get what they want?


Maybe fighting fair is wonderful from a legal standpoint, but it sure looks challenging on the ground. 


Putin is daring anyone to do anything...heck, he's got thermonuclear ICBMs and a veto at the U.N. Security Council. 


BTW, if a security council member is the one doing something wrong, why in those matters, do they still get a veto???


Anyway, this is a very dangerous game of cat and mouse, and if everyone fought this way, the doomsday clock would be ticking very close to midnight, indeed.


Many times in history, a Goliath has swung a big ugly sword, but even a David--and we are not a David, but a world superpower--came to the fight with a sligshot and still won. 


Notice though, David still came to the fight!


We can win by doing the right thing, but we cannot run away, because as Hitler showed us--appeasement does not work!


Give a finger and next goes the hand, arm, and torso.


Now already are reports that Putin is threatening to derail the P5+1 negotiations with Iran as well. 

Yesterday, I read in Businessweek about overspending, that it's better to get a haircut now, than have a beheading later.


Perhaps, this applies to national security matters as well?


We can't be the policeman/woman of the world, but Snowden is snug in "Mother Russia" and now so is Crimea. 


(Source Photo: here)

Share/Save/Bookmark

March 17, 2014

Time To Spread The Magic

So I'm not the biggest fan of Disney theme parks -- maybe that is not a popular thing to write.

But to me, the rides alternate between fake or nauseating (when they're not broken down), the characters are outdated, the parks are hot, overcrowded, and the lines and wait times are long, and the ticket prices are sort of crazy for what you're getting (not). 

Let's see, a day at Disney or day at the beach--uh, I'll take the beach any day!

But Disney is doing something magical these days. 

Bloomberg Businessweek reports how Disney's new MagicBands are using technology to make the theme park experience more convenient, even if not more fun. 

The MagicBands are like an all-in-one electronic link between you and Disney:

- No need for an admission ticket, because the MagicBand does that.

- Reserve your favorite rides, use your wrist band. 

- Hotel room keys, that's right the band unlocks your door.

- Shopping at Disney kingdom, the band functions as your debit/credit card. 

- Being greeted by name or wished a happy birthday, the bands make your experience more personal.

What's more Disney uses the bands for "big data" analytics--for capturing your likes and preferences for rides, restaurants, food, and souvenirs--and this adds up to customer service enhancements like restocking shelves, opening up reservations, expedited queues, and even targeted mail and text messaging/advertising. 

The bands have radio frequency identification tag/chips (RFID) as well as GPS sensors, so Disney knows who you are, where you are, and even much of what you're doing. 

Spooky from a privacy standpoint--sure, you are really sitting there exposed in just about every way. 

But this technology has arrived, not just at Disney, but via embedded RFID in your smartphones or your body someday soon. 

The synthesis of man and machine...the mystery is gone in the magic kingdom, but maybe the service gets better. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

March 16, 2014

There's No Line In Online

I loved the article in the Wall Street Journal By Andy Kessler. 

Kessler's point is that technology is all about convenience. 


The way I put it is that online, there is no line!


With technology, we can do things proverbially--better, faster, cheaper.


But so much of technology really is about doing things with the utmost convenience--that means that rather then spend time hunting or gathering, searching or shopping, traveling or transacting, gaming or gambling, we can go online and in Internet speed it's done!


The beauty of the Internet and technology is that there is no queue, no lines, no waiting--just lots of convenience mainly with point and click.  


I couldn't hate lines more--hate wasting time--hate doing stupid things that have no real meaning-->time is absolutely precious! 


We are mortal and one day, time stops for all of us, so we better use what we have well--use it wisely, not wastefully. 


When we have convenience from technology, we have to spend less time on the mundane and have more time to do the things we really enjoy or that can grow us.


So get the doldrums done quickly online, and spend more time with family and friends, on fitness, pursing spiritual matters, and even learning the secrets of the universe--and then blogging about them. 


Technology is a convenience and a true G-dsend. ;-)


(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

March 15, 2014

U.S. To Give Up U.S.?

This is just ridiculous already...I mean why do we even bother to try, if as a nation we are just resigned to give up.

1. Russia takes Crimea and the U.S. has "no options," instead of considering a variety of meaningful options--will Putin stop with Crimea, Georgia, Chechnya if there is virtually nothing standing in his way?

2. Syrian civil war goes on for almost 3 years and takes 150,000 lives and the U.S. has "few options," while Russia, Iran, Hezbollah, Saudi Arabia seem to have and be exploiting lots of options.

3. "U.S. to give up Web oversight" since other governments have complained over our "unique influence"--well darn it, we invented the Internet, why shouldn't we capitalize on it?

4. Serious "deficit reduction is dead" even though the national deficit continues to grow and threaten the national security of this country, but there are few acknowledged options for politicians that want to get re/elected, except to continue the runaway gravy train.

5. Space exploration to other planets--NASA shelves it--"Space, the final frontier...to boldly go where no man has gone before," but we're not really going!

6. Defense cuts threaten U.S. military as the "U.S. faces a more volatile, more unpredictable world," and even as China ramps up its military budget by 12.2%.

7. Despite the potentially catastrophic impact that a serious cyber attack would have on the U.S. national security and economy, "the U.S. military is not prepared for cyber warfare"-why are we waiting for the proverbial lights to go out?

8. Outsourcing jobs outside the U.S. has already become cliche--with top U.S. Corporations sending more than 2.4 million American jobs overseas between 2002-2011--as our own labor force participation is now at a 30-year low!

I don't understand what has happened to our national resolve to succeed, to lead, to be a good example in the world.

Why are we in global retreat--instead of steadfastly protecting and growing our national strategic interests in every domain?

We are innovators, entrepreneurs, skilled in every worldly affair, and lovers of freedom and human rights for all, yet we have become gun shy, afraid, and reticent to be ourselves and do what we do best--which is to do what's right, what needs to be done, and to be global leaders in progress toward the future.

If we can't do this, if we have just given up, if we have become ostriches with our heads in the sand--then we haven't just given up on this or that or the other thing--but we have given up on being the U.S. of A.

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

It Can Happen To Anyone

Life is unpredictable. 

Today, at the pool, someone collapsed. 

Looks like a heart attack or something serious.

Most of the people at the pool are in amazing physical condition. 

The young folks on the swim team are fast as hell. 

The older people, many seem like they never aged and can do still perform adroitly.

I find the whole crew generally quite competitive and if you can't keep up...you may even get shove to the side. 

When I heard the whistle blow this morning, it was unlike the usual stop running or horsing around--this time is was long and shrill. 

Everyone stopped and pulled to the ends. 

Instead of splashing water, you could hear a pin drop. 

Lifeguards started running. One ran back to the control center and I could see him through the glass window dialing quickly on the phone for help. 

Another young women was getting help from the pool supervisor--the young one ran, the older one strode sternly to ascertain the situation. 

People started swimming in the main pool again, while the collapsed man was out of sight around the corner in another pool area.

The floating lady water runners were kibbutzing about what happened and is he going to be okay.

Eventually the swimming continued, but even then, people were looking around and had those worried faces on.

There was a realization that even with the dozens of people there, this person could've been anyone--any of us. 

The ambulance and fire truck rescue came, the stretcher was brought in.

I asked the lifeguard with concern what had happened to the man and he said in a monotone, almost practiced voice, "The ambulance is here; everything is okay."

It sort of sounded like don't anyone panic and shut the heck up. 

Anyway, it was upsetting to see someone up early, getting themselves to the pool, trying to stay healthy and fit, and struck down at the scene, while trying their best. 

I'm a little shaken and am still hearing the whistle in my head. :-0

(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

March 14, 2014

Guns And Roses

This was an interesting student portrayal showing decision on whether someone is a friend or foe--I like it!

On the face of it, is a computer screen "head" with pictures of a drone for surveillance and a fighter jet for carrying out battle. 

In the right hand is a rose for the friend, and in the left hand is a gun for the foe. 

On the bottom, it says "You Decide" with little pieces of hanging paper marked "Friend"or "Foe" and you pick one.

To me, the kid that designed this is pretty smart--smarter than a lot of adults today,

Why? 

To many people, everything is black or white--for example, liberals may default to everyone as good and trustworthy until shown otherwise, while conservatives may take the alternate track where they assume people are bad and we should be cautious with them and be prepared to defend ourselves. 

Neither is simply right or wrong--it's just how we approach things--although for me, it's definitely you have to earn trust, and still it's important to verify!

The kid that made the friend or foe robot apparently realizes that we have to discriminate between those people that are friends and those that are enemies--and act accordingly. 

Surveillance is a good thing and being ready to defend ourselves is a very good thing. 

Sometimes, those that masquerade as friends are really foes, and those that challenge us may really be our best friends. 

We must be very discriminating in determining who is who--and be ready with both rose and gun. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

March 12, 2014

Terrorism - Is it Going Away?

Going on 13 years since 9/11...

- Ukraine invaded by Russia seeking to annex Crimea

- Malaysia Airline with 239 aboard missing and still a mystery

- Sochi, suspected hijacker tries to divert plane, F-16s scrambled

- Syria aided by Hezbollah fighters, estimates of more than 150,000 dead

- Iran ships medium range missiles to Hamas in the Gaza Strip

- Iraq Suicide bombing a somewhat regular occurrence

- Pakistan death toll in war on terror estimated at 49,000

- Saudi Arabia concerned about Muslim Brotherhood and 
Hezbollah

- Lebanon, twin suicide car bombings in capital

- Egypt, terror attack on tourist bus in Red Sea resort

- Somalia, car bombing at national intelligence headquarters

- North Korea accused by South of "reign of terror" 

Where are we in the war on terror--are we really any safer? 

All opinions my own. 

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

March 11, 2014

Be, Be Yourself

I thought this was a cute sign in the elevator at Safeway. 

"Be Yourself. Everyone else is already taken."

Why they put this up in a supermarket, I don't really know. 

Anyway, gotta hate phonies, kiss-ups, and B.S. artists--in the store or out. 

My wife's grandfather used to say, "What comes from the heart, goes to the heart"--I really like that!

An ounce of sincerity is worth more than a ton of faking it--even if you're a good fake. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

March 10, 2014

Naked And Yelled At

So true story...I'm in the changing room at the pool.

There is a guy there, just a few feet away, naked. 

The pool supervisor comes over and says, "Hey, where's your brother?"

The guy says, "Why?"

The pool supervisor says, "He asked for a change in schedule, and I told him he can work on Mondays, and he's not here."

The guy annoyed, says, "I'll tell him."

The pool supervisor, shakes his head, and walks away. 

The guy turns to me and says, "You know this is the only job where your boss can come up to you when you're stark naked and start yelling at you!"

I say, "Yeah, and you can't even say it's sexual harassment."  ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

March 9, 2014

SCADA in Pictures




So SCADA are Supervisory Control and Data Acquisition systems.

They are a form of Industrial Control Systems (ICS) that monitor and control major industrial processes from power generation, transmission, and distribution, to water treatment, chemical production, air traffic control, traffic lights, building controls, and more. 

These are part of our nation's critical infrastructure. 

In the lab, we are able to use tools to capture and analyze communication packets and edit and re-use them to: 

- Turn on and off lights

- Open/close perimeter gates

- Control water and gas pipelines

- And even open and close a bridge

This was very scary!

No one, unauthorized, should be able to do this in real life, in the physical world. 

This is a major security vulnerability for our nation:

- SCADA systems should not be openly available online, and instead they should be able to be controlled only either locally or remotely through an encrypted virtual private network (VPN).

- SCADA systems should not be available without proper access controls--there must be credentials for user id and passwords, and even two-step authentication required. 

No one but vetted, cleared, authorized, and trained personnel should be able to monitor and control our critical infrastructure--otherwise, we are giving them the keys to disrupt it, destroy it, and use it for terror. 

We owe our nation and families better, much better. 

(Source Photos from lab: Andy Blumenthal)

Share/Save/Bookmark

March 8, 2014

Security Is A Joke!


Fascinating video with Dan Tentler on the Shodan Search Engine...which CNN calls the "scariest search engine on the Internet."

The search engine crawls the Internet for servers, webcams, printers, routers, and every type of vulnerable device you can imagine.

It collects information on more than 500 million devices per month and that was as of last year, so it's already probably a lot more.

Tentler shows the unbelievable amounts and type of things you can access with this, including our critical infrastructure for the country --from utilities to traffic lights, and power plants:

- Private webcams
- Bridges
- Freeways
- Data Centers
- Polycoms
- Fuel cells
- Wind farms
- Building controls for lighting, HVAC, door locks, and alarms
- Floor plans
- Power meters
- Heat pump controllers
- Garage doors
- Traffic control systems
- Hydroelectric plants
- Nuclear power plant controls
- Particle accelerators
- MORE!!!!

Aside from getting information on the IP address, description of the devices, locations (just plug the longitude and latitude into Google for a street location), you can often actually control these devices right from YOUR computer!

The information is online, open to the public, and requires no credentials.

- "It's a massive security failure!"

- "Why is this stuff even online?"

Where is our cyber leadership????

>>>Where is the regulation over critical infrastructure?

If there is a heaven for hackers, this is it--shame on us. :-(
Share/Save/Bookmark

March 7, 2014

We're Giving It All Away


Nice little video from Mandiant on "The anatomy of a cyber attack."

Despite the typical firewalls, antivirus, and intrusion detection system, cyber attacks can and do penetrate your systems.

This happens through social engineering (including phishing attempts), automated spam, and zero-day exploits.

Once inside your network, the cyber attacker takes command and control of your computers, surveys your assets, steals user names and passwords, hijacks programs, and accesses valuable intellectual property. 

Mandiant performs security incident response management (detecting breaches, containing it, and helping recovery efforts), and they are known for their report "APT1" (2013) exposing an alleged significant government-sponsored cyber espionage group that they state "has systematically stolen hundreds of terabytes of data from at least 141 organizations."

Another fascinating report on a similar topic of advanced persistent threats was done by McAfee on Operation Shady Rat (2011) that reveals over 70 organizations (governments, commercial entities, and more) that were targeted over 5 years and had terabytes of information siphoned off. 

The overall risk from cyber espionage is high and the McAfee report states:

- "Every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact."

- "What we have witnessed...has been nothing short of a historically unprecedented transfer of [intellectual] wealth - closely guarded national secrets...disappeared in the ever-growing electronic archived of dogged adversaries."

In short we can't keep a secret--we're putting endless gobs and gobs of our information online and are not adequately protecting it in cyberspace, with the result that our adversaries are able to access, exfiltrate, disclose, modify, or destroy it.

In short, we're giving it all away - why? 
Share/Save/Bookmark

March 6, 2014

Beware of Botnets



Interesting video demonstration of how botnets work and can literally take over your computer.

In essence, your computer becomes a zombie under the command and control of the botnet sender.

Computers get infected through a trojan or worm, and then the sender has you--they control your computer and information.

Generally, they do this to send spam, steal information, or send out other malware, all under anonymity. 

Once infected, the sender has complete control over your computer and can exfiltrate, delete, or change your data, turn on the keyboard lights, add a tail to your mouse, and even format your hard drive. 

The malware often can even disable your firewall.

The sender can turn on a keylogger and log your keystrokes, and capture your user ids and passwords to banking and financial institutions, and draw out your money. 

The video demos an example of botnets with a variant of the Zeus trojan. 

Worth a watch.

Makes me wonder whether our adversaries are infecting more and more computers, until they have almost everyone--eventually a virtual army.

Then at the time of their choosing, they can conduct one big massive attack, or incremental ones, logging into peoples accounts, stealing their identities and savings, sending out misinformation, destroying data and computers en masse. 

We need to be aware of what's possible, maybe even probable. 

Is your computer infected and you don't even know it yet?
Share/Save/Bookmark

March 4, 2014

A Different Definition For IV&V

In IT circles, IV&V generally refers to Independent Verification and Validation, but for CIOs another important definition for leading is Independent Views and Voices.

Please read my new article on this: here at Government Technology -- hope you enjoy it.

Andy

(Source Photo: here with attribution to Joi)
Share/Save/Bookmark

March 3, 2014

Rejuvenate Like A Starfish


Good video on centralization vs. decentralization.

A spider is the model of a centralized organism or organization--cut of the head and the thing is dead. 

But a starfish is the epitome of one that is decentralized--if you cut off one of the arms (it doesn't have a head) of a Blue Linckia starfish, it just grows another one. And if you cut off all five arms, it grows five new starfish. 

So when it comes to organizations, do you want one like a spider, where all power, decision-making, and talent is concentrated at the top, and if you lose your senior executive(s), you've lost the innovation or operational effectiveness of the entire organization (think what happened when Apple lost Steve Jobs as an example)? 

Or do you want to be an organization that is more decentralized (less hierarchical) like the Starfish--where talent is widely dispersed and work is delegated to the many within. Here the organization's very survival is not threatened when something happens at the top or to somebody. 

In most cases, there is no perfect spider or starfish organization, but more of a hybrid model, where some functions (like HR, finance, communications) are centralized and others are decentralized (based on specific business expertise). 

To me the main point here is that an organization is made up of many individuals, and everyone in the organization is valuable; no one person can do everything and we should leverage each person according to their strengths and help them on their weaknesses. This gives each individual and the organization the best chance of rejuvenation and survival. ;-)
Share/Save/Bookmark

March 2, 2014

Restraint or Recklessness?

Like many of you, as I watch the events unfold with the Russian military invasion of Ukraine, I am amazed at the "restraint" being shown by the West. 

But I can't help asking myself why a military invasion by the Great Bear into a sovereign nation that is leaning toward democracy is being met with restraint.

Sitting in Starbucks, I overheard one young women saying to an older gentlemen that she did not understand the reaction of the President in saying there would be "consequences" and that no one took that seriously as there was no specificity, almost as if their where no real consequences to even threaten Russia with. 

So why all the word-mincing, dancing around the subject, and restraint by the West in light of this very dangerous escalation in eastern Europe:

1) Surprise - Was the West completely taken by surprise by Russia's military intervention? Didn't something similar happen with Georgia in 2008--less than 6 years ago? Did we not foresee the possibility of Russia lashing out against Ukraine to protect its interests when Ukraine turned back toward European integration and away from the embrace of Russia that it had made only weeks earlier? After Pearl Harbor, 9/11, and with all our "Big Data," intelligence, and military planning--how did we miss this (again!)? 

2) Duped - Were we duped by the misinformation from Russia saying that the 150,000 troops they called on a "training exercise" was planned months ago and it just happened to coincide with the toppling of Ukraine's President?  Also, were we fooled when the "mysterious" soldiers showed up without national markings and Russia said they weren't their military--uh, where did they come from--did they float down from the heavens?

3) Apathetic - Are we just apathetic to Ukraine's plight? Are they just a poor country of little strategic value to us? Are we so war weary from Iraq and Afghanistan that we just want to place our heads in the sand like ostriches even when democracy and freedom is threatened in a European nation of some 45 million people?

4) Fear - Are we afraid of the military might of the nuclear-armed Russian Federation? Is America, the European Union, NATO, the United Nations all not willing to stand up and hold Russia accountable even if that means a military confrontation? Not that anyone wants World War III, but if we don't stand up and defend against wanton aggression, how can any country or anyone be safe going forward? 

5) Optionless - Are we just out of options? Russia got the upper hand on this one and they are logistically right there on the border and in the country of Ukraine now and what can we do? Despite the U.S. assertion that it can project military power anywhere around the world and a defense budget bigger than the 10 next largest combined--how can we be out of options? Are we out of options because we tacitly understand that one wrong miscalculation and we could end up with WMD on our homeland doorstep? 

6) Butter Over Guns - Have we retrenched from world affairs, downsized our military, and emphasized domestic issues over international ones? Have we forgotten the risk that comes from a world without a superpower that helps to maintain stability and peace? Are we just under so much financial duress with a growing mountain of national debt, a economic recovery still struggling, and the lowest employment participation in over 30 years that we can't even entertain spending more treasure to fight again? 

7) Leadership - Who is managing the crisis? We've seen our President speak, various other government officials from the U.S. and European Union, the Secretary General of the U.N., the Secretary General of NATO, and more?  Who is in charge--setting the tone--deciding the strategy? Who has point so that we and Russia know who to listen to and what is just background noise? 

What is so scary about this whole thing is how quickly things can escalate and seriously get out of control in this world, and this despite all the alliances, planning, and spending--at the end of the day, it looks like we are floundering and are in chaos, while Russia is advancing on multiples fronts in Ukraine and elsewhere with supporting dangerous regimes in Syria, Iran, North Korea and more. 

Whether we should or shouldn't get involved militarily, what is shocking is: 1) the very notion that there wouldn't be any good military options, and 2) that the consequences are not being spelled out with speed and clarity. 

In the streets, at the cafe, on the television, I am seeing and hearing people in shock at what is happening and what we are and are not doing about it. 

Even if we get Russia to stop advancing (yes, based on what happened with Georgia, I doubt they will actually pull back out), the question is what happens the next time there is a conflict based on how we've managed this one? 

I do want to mention one other thing, which is while I feel empathy for the plight of the Ukrainians seeking their freedom from Russia now, I also must remember the events of Babi Yar where, between 1941-1944, 900,000 Jews were murdered in the Soviet Union by Nazi genocide and Ukrainian collaborators. This is history, but not so long ago. 

All opinions my own. 

(Source Photo: here with attribution to Utenriksdept)
Share/Save/Bookmark

March 1, 2014

First We Must Live

I liked this advertisement for the movie sequel to the 300 coming out this week. 

Anyway, for this scary-looking dude, "War is in my blood"--that's who he is and these days, it seems like he is not alone in this crazy and violent world. 

Some people are like that...they always like to fight, be oppositional, or just be difficult. 

My belief is more like Ecclesiastes--that there is a time and place for everything..."a time for war and a time for peace."

Around the globe, there seems to be plenty of fighting, slaughter, and tensions going on...from Damascus to Kiev, from Iran to Venezuela, from Sudan to the South China Sea, and more. 

I heard what I thought was a good saying on the Game Of Thrones Season 3 (which by the way is totally excellent), it went like this:


"If we die, we die, but first we will live."


Let's hope and pray for more peaceful, stable, and pleasant times.

There is yet much to live for. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark