Showing posts with label Cyber Attack. Show all posts
Showing posts with label Cyber Attack. Show all posts

October 28, 2017

Deterrence Alone Is Not A Strategy

So there is a military doctrine that has been in place for decades. 

- MAD - Mutually Assured Destruction 

If you attack the USA with weapons of mass destruction, you'll get an overwhelming responses that will totally destroy your country. 

This was what supposedly held the USSR at bay during the cold war. 

And even recently, President Trump threatened North Korea that they would be "totally destroyed" if they try anything on us. 

The problem is that the MAD doctrine of deterrence assumes incorrectly that you are always dealing with rational actors and not with madmen.

Let's face it, their are plenty of crazies out there, and some of whom may be willing to go down in a "blaze of glory" as long as they stand up to the United States and die a heroes death for their radicalized or "subjected" people. 

Whether it's Iran or North Korea or others--we may not know what we are really dealing with here until it's too late. 

Life is not everything to these people--remember many a terrorist has died a martyrs death with the promise of 72 virgins in heaven awaiting them. 

To some, as Prime Minister Gold Meir stated:
"Peace will come when the Arabs will love their children more than they hate us!"

Hate by virtue of perceived injustice, required Jihad or "holy war," brainwashing or threats and the desire for a "glorious death" standing up to the infidels or the "great Satan...any of all of these can contribute to ignoring the consequences. 

Israel has tried to deter horrible homicide bombers/and other mad terrorists from performing their evil misdeeds on the civilian population by for example, demolishing the terrorist homes as a potent consequence that they know going into it, yet many terrorists still wear the explosive vests and detonate anyway.

Similarly, North Korea despite the President's threat that they "will be met with fire and fury like the world has never seen," brushed it off and shot off more volleys of ICBMs and threatened to engulf Guam in fire. 

- The point is that deterrence alone is not a strategy!

If our enemies can hit us with a devastating attack--whether WMD, cyber, EMP, or quantum attack-- that can inflict immeasurable harm on us--they may actually choose to take their best shot, rather than wait for us to hit them or continue to feel disrespected, subjected, inferior, and hopeless.

To someone on the radical fringes or the mental edge, maybe--just maybe--they will do the unthinkable and surprise us.

What good will our fire and fury counterstrike do us, when our cities are in ruin and our people dead and dying en masse. 

Revenge isn't so sweet when your family, homeland, and virtually everything you know and held dear is gone.

The only real military strategy is to be able to defend ourselves and AVOID getting a homeland catastrophe!

We need massive investment and expertise in missile defense, bio defense, cyber defense, quantum computing, and expansive hardening of our critical infrastructure.

Unfortunately, as naysayers to the threats abound, we are no where near where we need to be in protecting the homeland.

If one person falls from the high wire and smashes their head, what good is it that the other person falls and suffers similarly or worse. 

The point is not to fall, not to get hurt, not to die, not to have our country and way of life destroyed.

Deterrence does not guarantee this security to the country--especially when dealing with no shortage of radicalized nuts out there. 

Only a genuine defense that can STOP and counter the threats BEFORE a devastating attack happens and hits us is a strategy worth pursuing ...and THEN you can punch the other person squarely in their devil's face!

Without an adequate defensive strategy, get ready, because every high flying act eventually falls to the ground and hits their head hard. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

August 21, 2017

Navy Under Attack?

So there was another collision of a U.S. Navy Destroyer.

The Navy destroyer collided early today with an oil tanker off of Singapore. 

10 sailors are missing and there is significant hull damage. 

This is the 4th known accident just this year of our Navy vessels in Asia waters.

And previously I wrote incredulously about the last Navy collision with a massive container ship in June that resulted in 7 dead. 

How do U.S. Navy ships with the most advanced sensors, navigation, weapons, and command and controls systems in the world--that are supposed to be protecting us--just simply collide with other ships like toys in a bathtub?

These Navy ships are a vital projection of U.S. might, and are supposed to be able to keep the worst foes away and keep our dedicated men and women warfighters safe at sea--whether from bomb-laden terrorist attack speed boats to anti-access/area denial missiles and all threats from on, above, or below. 

Yet, they just keep crashing...

There was supposedly some buzz online about a stealthy new cyber weapon that is attacking our ships and making them useless and helpless pieces of (G-d forbid) floating junk at sea or perhaps enabling them to be hacked and electronically commandeered and controlled in order to crash them.

Either way, how many collisions does it take for this to become a concerning problem with our Navy's ability to manage the ships under their command and be ever war-ready. 

Our ships are a major element of our national strength and security, and loss of control implies a potentially great risk to our nation. 

We need our Navy and their tremendous people, assets, and expertise to safeguard our people, freedom, and democracy.

A few months ago, there was a hackathon to test the Navy's systems' security--and most certainly, this is a crucial type of test that we potentially face every day in real life.

These are challenging times for everything cybersecurity, so let's make sure we have all the capabilities we need and are fully up to the task to defend ourselves and take out our enemies--it's not just our Navy in the spotlight and at risk. ;-) 

(Source Photo: With attribution to CNN and adapted from here)
Share/Save/Bookmark

July 6, 2017

Driverless Cars - New Beginning or Part of The End

Driverless cars are exciting to so many.

But doesn't it also seem so boring?

There is a lot to be said for being the driver and doing the driving. 

We control the destination, trajectory, speed, etc.

Occasionally, there is even time to stop and enjoy the view. 

We've given up on doing or even knowing how to do so many basic things.

Probably 90% plus of us would fail at any sort of basic survival test. 

You can't hunt, you don't know how anything really works, and you don't even have a green thumb.

You'd be dead in under a week or max three

The only thing you do know how to do is sit at a desk, push papers, go to meetings, and post endless nonsense on social media--congratulations you're an imbecile!

When Axis of Evil North Korea, Iran, or Russia decide to hit us with an ICBM, EMP, or a massive cyber attack your gonna wish you knew something (anything) real, let alone how to drive a simple automatic. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

August 28, 2016

Preppers Preparing

A very interesting article in the Washington Post on the prepper movement.

People are concerned about the inaction, misdirection, and chaos of where things are going, and they are preparing for a potential post-apocalyptic America and world.


Grave worries seem to be coming from a multitude of concerns whether about an eventual bursting of the bubble of our national debt and the downfall of our economy and associated good jobs, an outbreak of ebola or a deadly influenza, a dirty bomb by Iran or North Korea, a cyber attack or EMP that takes out our critical infrastructure including electricity and anything with computer circuits, or a devastating natural disaster, many of which are considered "overdue."


The preppers are moving to the American Redoubt (pacific northwest--Idaho, Montana, Wyoming, Washington and Oregon.


They are buying and building defensible homes (bunkers and "fortresses"), stockpiling food, weapons, and ammunition, and preparing for life off the grid with water sources, solar farms, and secure storage.


While survivalists have always existed, the numbers of concerned, disaffected, and generally disgruntled citizens seems be growing exponentially along with prepper network shows, books, blogs, websites, and sales of survival gear.


Many people seem to either feel insecure, fearful, uncertain, or that we are simply going in the wrong direction, and that it is only a matter of time until there is some sort of major earth shattering, society destabilizing disaster, and not everyone will survive.


So from home shelters to luxury underground bunkers, preppers are putting their money and efforts where their mouths are, and are preparing for potentially the worst.


If as all agree that an important part of the government's job is to ensure the national security of the country, and protect life, liberty, and property, then something seems to be going very wrong that many people are feeling so insecure and unprotected physically and in terms of their human rights.


From corruption to divisiveness, dependency, and dirty dealing, communication and trust between government and the governed is being needlessly undermined.


Why can't we get some decent leaders with a solid moral compass, and a real plan to bring us back from forever walking the brink to a nation of strength and unity, prosperity and health, and a superpower not only today, but for the future, once again. ;-)


(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

August 24, 2015

My Ashley Madison

So Ashley Madison is now a well-known adulterous website, particularly after hackers stole 37 million records on the site participants, and have released that information to the public.

These tens of millions of users seek companionship for loveless or sexless marriages or perhaps are just plain liars and cheaters--who knows? 

But yikes, now everyone knows!

Huffington reports that divorce lawyers are anticipating a deluge of new clients seeking divorces

And BBC reports that two people have already taken their lives in Canada as a result of the release. 

What is incredible as well are the 15,000 people who used their .gov or .mil accounts presumably to hide their infidelity from their spouses, but now are in potentially huge trouble with their government agencies.

I assume that Ashley Madison prided themselves on their discretion in handling their clients accounts, but lo' and behold the discretion is for naught compliments of some very naughty hackers. 

Privacy is becoming a very lonely and meaningless word whether you are faithful or a cheater--it's all open fodder on the net. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

July 12, 2015

The "Real" OPM Data Breach

A lot has been made and should be made of the theft of over 21 million federal employees' sensitive personnel records and security clearances. 

Everyone rightly, although somewhat selfishly, is worried about identity theft and the compromised privacy of their information.

The government is worried about hostile nation states using the pilfered information to bribe or coerce military, intelligence, high-level politicals, and others to turn and work for them or otherwise to use against them. 

But what is grossly missing in this discussion is not what information presumably the Chinese stole and how they will use it against us, but rather what information they inserted, altered, or otherwise compromised into the OPM personnel and security databases when they got root access to it.

Imagine for a moment what could hostile nations or terrorists can do to this crown jewel database of personnel and security information:

- They could insert phony records for spies, moles, or other dangerous persons into the database--voila, these people are now "federal employees" and perhaps with stellar performance records and high level security clearances able to penetrate the depths of the federal government with impunity or even as superstars!

- They could alter personnel or security records taking prominent or good government employees and sabotaging them to have questionable histories, contacts, financial, drug or criminal problems and thereby frame or take-down key government figures or divert attention from the real bad guys out there and tie our homeland security and law enforcement establishment in knots chasing after phony leads and false wrongdoers and villains.

Given that the timeline of the hack of OPM goes back to March and December 2014, this was more than enough time for our adversary to not only do to our data what they want, but also for the backup tapes to be affected by the corrupt data entering the system. 

The damage done to U.S. national security is unimaginable. As is typically the case with these things, "An ounce of prevention is worth a pound of cure." Instead of investing in security, now we can invest in "credit monitoring and identity theft protection" for a very sparse three years, while federal employees will go a lifetime in information jeopardy, and the federal government will be literally chasing its tail on personnel security for decades to come. 

With the price so low to our adversaries in attacking our systems, it truly is like stealing and much more. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

December 20, 2014

2014 The Bad News Goes On

What a 2014 it's been as the world continues it's descent into madness.  

If Ebola, the War with Hamas in Gaza, the shoot down of Malaysian Airlines Flight MH17 killing 298 including 80 children and 15 crew, the intransigence of Iran on Nuclear Weapons, employment still near a 30-year low, the National Debt hitting over $18 trillion (and growing $2.43 billion a day!) and the suicide of comedian, Robin Williams wasn't enough...

- Criminal Records: 1 in 3 adult Americans (i.e. 80 million people) now have a criminal record...hmm, if the average family has around 2.5 people then just about 1 person per household has a criminal record. Are you starting to look around you now?


- Economy: Uber, yes, it's a online "ride-sharing" (i.e. taxi) service, but after it's recent IPO, Uber is worth over $41 billion dollars (more than Delta, Charles Schwab, Salesforce.com, and Kraft Foods). Someone's getting taken for a ride. Is this even surprising considering the S&P is priced over 27 times average 10-year earnings (while the historical average is only 16), the result of pumping the economy with short term easy money policies.  


- Cyber Attacks: After a blithering cyber attack by North Korea, Sony withdraws the release of the movie, The Interview, surrendering to cyber terror, and putting us all at greater risk in the future because cyber crime does pay!


- Islamic Terrorism: While ISIS advances in Syria and Iraq, 132 school children (mostly ages 6-18) plus 9 adults massacred by the Taliban this week in Peshawar, many shot in the head and others lit on fire with gasoline and burnt to death so they are unrecognizable. This only 9 months after the April kidnapping by Boko Haram of more than 280 schoolgirls in Nigeria, which was repeated this week with the kidnapping of another 185 woman and children.


- Russian Militarism: The Great Bear is back with a vengeance as Putin continues driving Russian nationalism and buildup of advanced weapons, including WMD (e.g. nukes), aircraft, submarines, and ICBMs to counter alleged "Western Aggression." And despite, the rubbles' massive decline, Putin promises an economic comeback within 2 years--he'll wait out the West and hold Crimea hostage and spoil it for everything it's worth


So where are we going next--more hell on Earth or at some point a turnaround towards heaven again?   


(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

March 6, 2014

Beware of Botnets



Interesting video demonstration of how botnets work and can literally take over your computer.

In essence, your computer becomes a zombie under the command and control of the botnet sender.

Computers get infected through a trojan or worm, and then the sender has you--they control your computer and information.

Generally, they do this to send spam, steal information, or send out other malware, all under anonymity. 

Once infected, the sender has complete control over your computer and can exfiltrate, delete, or change your data, turn on the keyboard lights, add a tail to your mouse, and even format your hard drive. 

The malware often can even disable your firewall.

The sender can turn on a keylogger and log your keystrokes, and capture your user ids and passwords to banking and financial institutions, and draw out your money. 

The video demos an example of botnets with a variant of the Zeus trojan. 

Worth a watch.

Makes me wonder whether our adversaries are infecting more and more computers, until they have almost everyone--eventually a virtual army.

Then at the time of their choosing, they can conduct one big massive attack, or incremental ones, logging into peoples accounts, stealing their identities and savings, sending out misinformation, destroying data and computers en masse. 

We need to be aware of what's possible, maybe even probable. 

Is your computer infected and you don't even know it yet?
Share/Save/Bookmark

July 29, 2013

Medical Hacks

Usually when we talk about the dangers of cyber attacks, we are concerned with the dangers of someone stealing, spying, or systematically corrupting our information systems. 

But Barnaby Jack who died last week at age 35 brought us awareness of another, more personal and perhaps dangerous hack...that of hacking medical devices.  

Barnaby, a director at computer security firm IOActive, became known first in 2010 for being able to hack at cash machine and have it dispense money. 

In 2012, he drew attention to a flaw in insulin pumps whereby someone could cause it to administer a fatal dose to its unknowing victim. 

This week, Barnaby was going to demonstrate how heart implants could be hacked, killing a man from 30 feet away. 

With advances in the miniaturization and battery life of personal medical devices and implants for monitoring and managing patients health, more and more people could be exposed to malicious or murderous cyber attacks on their body.

With the potential for RFID embedded chips for managing our personal identities to bionics for replacing or enhancing human body parts with electronic and mechanical implants, the opportunity for someone seriously messing with our physical person grows each day. 

If dangerous vulnerabilities are discovered and exploited in these devices, an enemy could go from the traditional attack on our information systems to potentially sickening, disabling, or even killing millions at the stroke of some keys. 

Imagine people keeling over in the streets as if from a surprise attack by a superior alien race or the release of a deadly chemical weapon, only it's not extraterrestrial or kinetic, but instead a malevolent cyber attack by a hostile nation or cyber terrorist group taking aim at us in a whole new and horrible way.

(Source Photo: here with attribution to Bhakua)

Share/Save/Bookmark

July 21, 2013

Like Buying A Nuke On The Black Market

Buying a serious computer vulnerability is now like acquiring a nuke on the black market. 

Nations and terrorists will pay to find the fatal flaw in computer programs that will enable them to perpetrate everything from subversive cyber spying to potentially massively destructive cyber attacks. 

As the world is focused on nuclear non-proliferation, computer weapons are the new nukes--able to do everything from a targeted strike on an organization or agency to taking out vast swaths of our nation's critical infrastructure.

According to the New York Times (13 July 2013), there is a great interest in buying "zero-day exploits"--one where governments or hackers can strike using a computer vulnerability before anyone even knows about it and can correct it. 

The average zero-day exploit persists for "312 days--before it is detected"--giving amble time for attackers to cash-in!

Brokers are now working to market the computer flaws for a 15% cut, with some even "collecting royalty fees for every month their flaw is not discovered."

The average flaw "now sells for around $35,000 to $160,000" and some companies that are selling these are even charging an annual $100,000 subscription fee to shop their catalog of computer vulnerabilities in addition to the cost for each one that varies with it's sophistication and the pervasiveness of the operating system behind the exploit. 

While governments and terrorists are on the prowl to buy the exploits for offensive purposes, technology companies are competing to purchase them and are offering "bug bounties" in order to identify the flaws and fix them before they are exploited. 

We've come a long way from people and organizations buying software with their regular upgrades and patches to nations and hackers buying the knowledge of the flaws--not to patch--but to spy or harm their adversaries. 

You can buy the bomb shelter or software patch, but someone else is buying the next more lethal bomb or vulnerability--the question is who will pay more to get the next exploit and when and how will they use it. 

(Graphic by Andy Blumenthal adapted from here with attribution for the mushroom cloud photo to Andy Z.)
Share/Save/Bookmark

June 19, 2013

Malware Through A Charger

Who would've thought you can get cyber attacked this way...

Forbes is reporting that Georgia Tech researchers have discovered an exploit where malware could be introduced to your computer through the plug in AC power charger. 

Based on their proof of concept, when you connect your computer and electrical plug, you could get more than an electrical charge to your Apple iOS computer--you could get hacked! 

The malicious charger has been named Mactans and in the future could be put together by inserting a miniature computer board (e.g. a BeagleBoard) right into the base of a charger plug (larger than the one shown above).

The hack attack is enabled by the USB port which is used for charging and doubles as a data port so that the malicious code would be surreptitiously inserted into your computer. 

So be careful what you plug into, because when you think you're just powering up your battery, you may end up powering down your whole computer device.

This sort of reminds me of the shoe bomber that forever changed how we view seemingly innocuous shoes at the airport.

A shoe may not just be for walking, and a AC charger may not be just a power source anymore.  ;-)

(Source Photo: here with attribution to Lee Bennett)
Share/Save/Bookmark

May 26, 2013

Mayim Chaim

You can only live about 3 days without water--that's why protecting our water is so critical.

Emergency Management (May/June 2013) says, "There are numerous ongoing threats to our water supply. Some of them [natural or man made] could be catastrophic."

- Water poisoning: Already in the 1st century, Roman Emperor Nero poisoned the wells of his enemies.  These days you'd need a large supply, like "several dump trucks of cyanide or arsenic to poison a reservoir.  Plus the water system is monitored and has purification protections such as chlorine, so it's not that simple. We can also issue "boil alerts" for people to boil the water before drinking it. Then again, we saw what some radiation did to the Japanese water supplies after Fukushima.

- Blowing it up: The water system infrastructure can be disrupted using explosives, so keeping intruders far away from it is important to keeping it safe.

- Earthquakes/Hurricanes: Much of the water system pipes are old--some built during the Civil War--and these can be destroyed by natural disasters or even a construction crew jackhammer hitting in the wrong place. 

- Electrical outage: If you shut down the electricity, you shut down the water pumps...and even with generators taking over for a while, your up against the clock, if you don't get the juice flowing again soon. 

- Cyber Attack: Our water systems, like other industrial control systems are vulnerable to cyber attack. A hacker that gets control of the systems could overheat it, overtreat it, flood it, or otherwise break it and shut it down. 

Keeping our water infrastructure secure, the water supply safe and potable, the transport pipes intact, the electricity working, and the systems under control--are not little matters--they are the difference between life and death for millions. 

As in The Rime of The Ancient Mariner, when the ship gets blown off course into unchartered waters and the crew is thirsty for water and desperate to survive, the poet states, "Water, Water. Everywhere. And All The Boards Did Shrink; Water, Water, Everywhere. Nor Any Drop To Drink."

In Hebrew, there is a short saying that sums up this topic, "Mayim Chaim"--water is life. ;-)

(Source Photo: Dannielle Blumenthal)

Share/Save/Bookmark

May 22, 2013

Blackout Nation

We are reaching an exciting but dangerous phase of technology adoption where our dependence is virtually complete. 

From mobile to social computing, from telecommunications to transportation, from industrial systems to electronic health records, from banking to eCommerce, from homeland security to national defense--we are dependent on technology.

But while technology proliferates everywhere, so do the risks. 

Bloomberg BusinessWeek (16 May 2003) in an article called "The City That Runs On Sensors" talks about how initiatives like IBM's smart-cities is bringing sensors and technology to everything running our towns--"Smart [city] innovation is improving our economic fabric and the quality of our life."

The flip side is an editorial in today's Wall Street Journal by former CIA director James Woolsey and Peter Pry who served on the congressional EMP commission warning how "A single nuke exploded above America could cause a national blackout for months" or years (stated later in article)

They write that "detonating a nuclear weapon high above any part of the U.S. mainland would generate a catastrophic electromagnetic pulse" (EMP)--and that this "would collapse the electric grid and other infrastructure that depends on it."

This would be a national blackout of epic proportions that would impact all areas for 21st century sustainment of 311 million lives. Think for yourself--what would you be able to do and not do without the computers and telecommunications that you use every day? 

Woolsey and Pry call for a preemptive surgical strike, for example, to prevent North Korean development of an ICMB capable of inflicting a nuclear EMP strike, but you can imagine other nations that pose a similar threat. 

While be beef up our Cyber Corps and attempt to strengthen our tools, methods, and configurations, this is just the tip of the iceberg when it comes to securing cyberspace. 

Cybersecurity is more than just protecting us from malware infiltration and exfiltration--because the whole IT system that our society is built on can be wiped out not by cyber attack alone, but rather by collapsing the very electronic infrastructure that we rely on with a pulse of electromagnetic radiation that will fry the very circuits that run our devices. 

While we build firewalls and put up intrusion detection and prevention guards and establish a court system of antivirus and spamware to put away violators and so on, how shall we prepare for a pulse attack that can incapacitate the electronics underpinnings--security and all? 

"Star Wars" missile defense, preemptive action, and hardening of critical infrastructure are all security options--it costs money to keep the IT lights on, but better to pay now, then pay catastrophically bigger later. ;-)

(Source Photo: Andy Blumenthal)


Share/Save/Bookmark

February 27, 2013

Cyberweapons Power Up

In you haven't heard of Project Aurora, this is a wonderful segment from 60 Minutes on this cyberwar project. 

Faced with some of the worst case scenarios for cybergeddon, Idaho National Labs set out in 2007 to test what would happen to a 27-ton power generator if the researchers hacked into it from a mere laptop. 

The turbine was sent instructions that would essentially tear itself apart--and in the video you can see what happened--it shudders, shakes, smokes, and ultimately destroys itself. 

The test was a grand success demonstrating our capabilities to conduct cyberwar operations against an adversary.  

Interestingly, Reuters reported the Symantec researchers "uncovered a version of Stuxnet from the end of 2007 that was used to destroy two years later about 1,000 Iranian centrifuges used in their Natanz nuclear uranium enrichment facility for alleged development of weapons of mass destruction. 

The flip side of this cyberwar test is the realization of the potential blowback risk of cyberweapons--where adversaries can use similar technology over the Internet against our critical infrastructure--such as SCADA industrial control systems for the power grid, water treatment, manufacturing, and more--and cause potentially catastrophic events.

As stated toward the end of the video, this is a type of "pre 9/11 moment" where we identify a serious threat and our vulnerability and we need to act to prevent it--the question is will we? 

Share/Save/Bookmark

January 10, 2013

One-Two-Three Punch For Cyber Security

Here are three crafty ideas for improving our cyber security that can be used to protect, prevent, and recover from attacks:

1) Intrusion Deception (not detection)--Mykonos Software aims to protect websites by putting up a virtual minefield--"setting traps to confound hackers." When the software detects hackers trying to infiltrate, it can flood hackers with false information on vulnerabilities that goes nowhere, mess with the hackers computers such as by pop-up flashing maps of their locations and local defense attorneys, and disrupt their connections and slow down their hacking attempts (Bloomberg BusinessWeek).

2) Scamming The Scammers--Notorious email spams such as from Nigeria that look to ensnare victims into wiring money overseas in order to secure some lost fortune costs $9.3 billion in losses in 2009. Psychology professors Chris Chabris and Daniel Simons suggest that we can prevent many scammers from succeeding by raising the cost of their doing business by scamming them with " baiters" that send responses to scammers and occupy them but never actually send any money. They suggest that artificial intelligence could actually be used to create "automated scam-baiters bots" simulating potential gullible victims. These bots could even be programmed to provide phony account numbers and data to scammers to really get them spun up. (Wall Street Journal)

3) Insuring Again Losses--Insurance is a common way to manage risk by purchasing coverage for potential liabilities--this is used to indemnify against losses for everything from auto accidents to home fires, personal theft, and business interruptions. However, according to Bernard Horovitz, CEO of XL Insurance's Global Professional Operations, businesses (and of course, individuals) are rarely are covered by insurance for hacker attacks. Insurance companies are now offering specialty products to recover from the insuring liabilities. Additionally, the insurers will "help with preventing and mitigating cyber crime" through security audits. (Wall Street Journal)

These three cyber security strategies are great examples of how we can make it technically and financially more difficult for cyber attackers to succeed in geting in a knockout punch on their victims. ;-)

(Source Photo: Minna Blumenthal)

Share/Save/Bookmark

December 27, 2012

Resilience In The Face Of Disaster


This year when ball drops in Time Square next week to usher in the New Year, it will be a little different than in prior years, because rather than blanket cheer, there will be a good amount of consternation as we hit the debt limit of $16.4 trillion as well as the Fiscal Cliff where broad spending cuts and tax increases are to go into effect (whether in full, partial with some sort of deal, or in deferral).

Like the statue pictured here, the strength and resilience of the American people will be tested and we will need to stand tall and strong. 

In this context, it was interesting to read in Wired Magazine (January 2013) a interview with Andrew Zolli, the author of Resilience: Why Things Bounce Back, an exploration of the importance of resilience in the face of adversity. 

Whether in response to natural disaster like Hurricane Sandy or man-made ones like the financial crisis and terrorism, we need to be prepared to adapt to disaster, respond and continue operations, and recover quickly to rebuild and grow. 

According to Zolli, we need shock absorbers for our social systems that can "anticipate events...sense their own state...and can reorganize to maintain their core purpose amid disruption."

Adaptability is important, so that we can continue to operate in an emergency, but also vital is "self-repair" so we can "bounce back."

These concepts for resiliency in emergency management are similar to how Government Computer News (December 2012) describes the desire for building autonomous self-healing computer systems that can defend and recover from attacks. 

The notion is that when our computer systems are under cyber attack, we need to be able to defend them in an automated way to counter the threats in a timely fashion. 

Thus, acccording to GCN, we need IT systems that have situational monitoring for self awareness, real-time identification of an attack, continuous learning to adapt and defend againt changing attack patterns, and self-healing to recover from them. 

Thus, bouncing back from social and cyber disasters really requires similar resilience, and for some challenges, it may be sooner than later that we are tested. ;-)

(Source Photo: Minna Blumenthal)

Share/Save/Bookmark

October 13, 2012

Amazing Internet Statistics 2012

Star_wars
So what happens in only 1 minute on the Internet--this cool magazine Ideas and Discoveries (October 2012) provides some amazing examples:

- Information Sharing--639,800 gigabytes of data are exchanged
- Information Generation--6 new Wikipedia articles are created
- Information Visualization--20,000,000 photo looked at on Flickr
- eMail--204,000,000 emails are sent
- eCommerce--$83,000 of sales on Amazon
- Social Networking--320 new users on Twitter and 100 on LinkedIn (wonder how many for Facebook...)
- Cyber Crime--20 new victims of identity theft

And in the same month, Harvard Business Review reported on the growing significance to commerce with the Internet contributing to GDP (in 2010) as much as:

- 8.3% in the UK
- 7.3% in South Korea
- 5.5% in China
- 4.7% in the US
- 4.7% in Japan
- 4.1% in India

Moreover in HBR, this is what was reported that people are willing to give up instead of the Internet for a year--and the numbers are pretty startling--check this out:

- 91% of UK would give up fast food
- 89% of Indonesians would give up smoking
- 86% of Japanese would give up chocolate
- 85% of Chinese would give up coffee
- 78% of Indonesians would give up their shower
- 60% of Japanese would give up exercise
- 56% of Chinese would give up their car
- 56% of Japanese would give up sex--go figure! ;-)

While this is all sort of light, there is also a very seriousness dimension to this. For example, in the Wall Street Journal today, it quotes Secretary of Defense, Leon Paneta warning that with Iran's digital assault on the U.S., the concerns of cyberwar are growing with the SecDef going so far as to say "Is there a cyberwar going on? It depends on how you define war."

Yes, the Internet is amazing for so many reasons and we can't take it for granted--we need to be vigilant and defend the Internet (cyber) with the same zeal and commitment as the other domains of war--land, sea, and air--all are vital to national security and for the preservation of life, liberty, and the pursuit of happiness.

This is a lesson we need to learn quickly and decisively--before the old Star Wars is passe and cyberwar turns deadly. 

(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

June 23, 2012

Biosecurity--Where Every Moment Counts

A biological attack on the United States is a most frightening prospect and one that could present an existential threat to us. 

Just the very mention of bio-warfare agents such as anthrax, ebola, smallpox, bubonic plague, and others are enough to provoke sheer terror in most people. 

BioWatch is a program managed by the Department of Homeland Security (DHS) in partnership with the Centers for Disease Control (CDC) and the Environmental Protection Agency (EPA) to monitor for a biological attack.

According to Bloomberg Businessweek (21 June 2012) bio-surveillance is currently conducted in 30 metropolitan areas around the country using 600 air filters to detect pathogens, where samples are collected daily and taken to labs for analysis in what amounts to a 36 hour turnaround to determine if there is a hazard. 

A new technology made by Positive ID or Northrop Grumman collects samples four times a day and analyzes it on the spot for bateria, viruses, and toxins, and sends the results to officials by secure network in as little as two hours. 

The shorter time to detection will give more time to save lives by getting drugs and vaccines to the field sooner and prevent the spread from person to person.  

DHS wants to deploy 2,500 of these new sensors and the bio-attack alert system at a cost of approximately $5.7 billion, if Congress approves. 

If this bio-sensing system proves out functionally, then the price tag seems well worth it. 

Bioweapons like cyber-attacks can cause widespread panic as well as disruption to our everyday way of life, however a bio-attack has the added feature of making people symptomatic and infecting them with deadly and painful illnesses. 

Cyber attacks can infiltrate and take out our critical infrastructure, but biological attacks can directly destroy our physical bodies and the population itself. 

A bio-attack and a cyber-attack together could devastate us by attacking us while at the same time inhibiting our ability to deliver medication and quarantine those that are ill and so on. 

In addition to grossly improving on our cyber defensive (and offensive) capabilities, we must do everything we can to enhance our biosecurity--this mean upgrading our preparedness for bio-terrorism and bio-warfare using the latest technologies available to sniff out and identify a bio attack and alert us so we can respond timely, while we still can. 

(Source Photo: here with attribution to U.S. Department of Defense)

Share/Save/Bookmark

April 24, 2012

Cyberwar--Threat Level Severe

!
This video is of an incredible opening statement by Rep. Michael McCaul (R-TX), Subcommittee Chairman on Oversight, Investigations, and Management on the topic--Cybersecurity Threats to the United States.

Some of the highlights from his statement:

- America's computers are under attack and every American is at risk.

- The attacks are real, stealthy, persistent, and can devastate our nation.

- Cyber attacks occur at the speed of light, are global, can come from anywhere, and can penetrate our traditional defenses.

- In the event of a major cyber attack, what could we expect? Department off Defense networks collapsing, oil refinery fires, lethal clouds of gas from chemical plants, the financial systems collapsing with no idea of who owns what, pipeliness of natural gas exploding, trains and subways derailed, a nationwide blackout. This is not science fiction scenarios. (Adapted from Richard Clark, former Senior Advisor of Cyber Security)

- It is not a matter of if, but when a Cyber Pearl Harbor will occur.  We have been fortunate [so far]. (Adapted from General Keith Alexander, Director of the NSA).

I believe we must address these threats and our vulnerabilities in at least five main ways:

1) Increase research and development for new tools and techniques--both defensive and offensive--for fighting cyberwar.

2) Establish a regulatory framework with meaningful incentives and disincentives to significantly tighten cybersecurity across our critical infrastructure.

3) Create a cybersecurity corps of highly trained and experienced personnel with expertise in both the strategic and operational aspects of cybersecurity.

4) Prepare nationwide contingency plans for the fallout of a cyberwar, if and when it should occur. 

5) Create a clear policy for preventing cyberattacks by taking preemptive action when their is a known threat as well as for responding with devastating force when attacks do occur. 

With cyberwar, just as in conventional war, there is no way to guarantee we will not be attacked, but we must prepare with the same commitment and zeal--because the consequences can be just, if not more, deadly.

Share/Save/Bookmark

June 19, 2011

Crashing The Internet--Are We Prepared?


Almost week after week, I read and hear about the dangers of cyber attacks and whether "the big one" is coming.

The big one is what some experts have called a pending "digital Pearl Harbor."

Just last week, the Federal Times (13 June 2011) wrote that the "U.S. government computer networks are attacked about 1.8 billion times per month."


The Center for New American Security (CNAS) states that deterring and preventing cyber attacks will require "stronger and more proactive leadership."

Charles Dodd, a cyber security consultant in D.C. warns that "You've bought a stick to a gunfight, and you're arrogant about your capabilities."
So the question is--are we really paying attention to and being realistic about the probability and magnitude of the impact of the cyber threat out there?

Certainly, with so much critical infrastructure--from government, military, and private industry--dependent on the Internet, the effects of a concerted or prolonged cyber attack on our country would be devastating as documented most recently in The Lipman Report (October 2010) on "Threats to the Information Highway: Cyber Warfare, Cyber Terrorism, and Cyber Crime" as follows:

--"There is a great concern regarding the types of destructive attacks that are already occurring, but an even greater concern for the unknown that is yet to happen but is almost certainly even now in development. Cyberspace touches nearly every part of our daily lives."

It is in this regard that I read with serious concern today in ID Magazine (August 2011) that the University of Minnesota has "demonstrated in a simulation how an attack with a large botnet (a network of remotely-controlled PCs) could shut down the Internet."

And it took only 20 minutes to trigger the chain reaction in which "manipulated routers overloaded all other Internet routers worldwide...mak[ing] it impossible for Internet address to be found."
Granted it would take around 250,000 computers to carry out such an attack, but with the billions of people online with computer devices of all sorts...that does not seem like an inordinate amount to press forward with for a coordinated attack.

So the Internet in theory can be crashed!

Just think for a moment about how that would impact you and what you do every day...would anything be the same? Could we even function normally anymore?

As we move more and more of our applications, data, and infrastructure online to the cloud, we need to consider what additional risks does this bring to the individual, the organization, and the nation and how we can respond and recover should something happen to the Internet.

In the Federal government there are many agencies, commands, task forces, and groups working to secure the Internet, and at the same time, there are separate efforts to modernize and reform IT and reduce unnecessary expenditures, so what we need to do is better integrate the drive to the cloud with the urgency of securing our data, so that these efforts are strong and unified.
This is one of the things that I was trying to achieve when I created the CIO Support Services Framework in synthesizing the functions of IT Security with the other strategic CIO functions for Enterprise Architecture, IT Investment Management, Project Management, Customer Relationship Management, and Performance Management.

If the Internet can indeed be crashed, we had all better be prepared and make the right IT investment decisions now, so that we won't be sorry later.
(All opinions are my own)

(Source Photo: Heritage and History.com)

Share/Save/Bookmark