Showing posts with label Cyber Security. Show all posts
Showing posts with label Cyber Security. Show all posts

November 15, 2016

Why Can't We Keep Our Secrets

Well after the now notorious email scandal and other information security mishaps galore, this advertisement in Washington, DC is really quite the rage. 
"Keeps classified data classified."

As parents tell their children about keeping private things private:
"If you can't keep it a secret, then how do you expect the other kids to keep it to themselves?"

There are lots of secrets in DC, but there are also a lot of big mouths, security negligence, and even corruption. 

This gives our adversaries the opportunities they need to get our countries vital information. 

We work too hard to develop the best intellectual property for national security and our economy as well as the critical policies for advancing human rights and democracy around the world to let it just be easy fodder for others to help themselves too. 

Technology won't solve the gap in certain big mouths and sloppy Joes around town. 

Only vigilant, smart people can protect the nations vital information that is the fuel for our success and survival. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

October 12, 2016

Losing Patience With Tech Progress

We're so close yet so far...that's my feeling as I grow ever impatient with the pace of technological progress. 

We have cloud computing, but still everyone has their own private computing setups everywhere. 

We have mobile computing, but still can't get get reliable service in the Metro and all the other "dead zones."

We have social computing, but still people are so cliquey and nasty and troll and bully each other online and off. 

We have the Internet of Things, but still things don't really talk to each other regularly (except our smart meters).

We have robots, but still they're relegated to factory assembly lines. 

We have natural language processing, but still can't get a meaningful conversation going with Siri.

We have 3-D printing, but still can't get dinner or a pair of Nikes to appear from the Star Trek like "Replicator."

We have augmented and virtual reality headsets, but still can't go anywhere with them without getting motion sickness.

We have biometrics, but still have to sign the check.

We have driverless cars, but still there is a driver inside. 

We have networks of information, but still it's subject to hacking, malware, identity and data theft, and even big time EMP knockouts. 

We have immunotherapy, but still haven't beaten cancer. 


We have nanotechnology, but still we travel through life loaded down with material possessions.

We have food and biotechnology, but still one in eight people are going hungry. 

We have space shuttles and stations, but still can't get a colony going on Mars.

We have big data, but still information is corrupted by personal biases and politics. 

We have knowledge management, but still more than 780 million adults are illiterate. 

We have artificial intelligence, but still it's devoid of emotional intelligence. 

We have bigger, deadlier, and more sophisticated weapons systems and smart bombs to "protect us", but still are no closer to living in peace and brotherhood. 

All this technology and advancement is great, except that we're left hungrier than ever for the realization of the promised technology land, and are really only halfway there, maybe. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

August 25, 2016

Modesty And Privacy Of Body and Information

So modesty and privacy is very important in terms of propriety and security.

Both are intimately connected. 

Already as children, we learn not to show or talk about our "privates" to others. 

And as adults, we understand that there are certain things about ourselves that we don't just talk about or divulge to others indiscriminately. 

Not being discrete with these and showing either your private parts or your personal information can get you in a load of trouble by giving others the opportunity to take undue advantage of you. 

Both open you up to be ridiculed or even raped of your person or information identity. 

That which is yours to use with others in propriety is instead disclosed for taking out from your control and for use against you. 

Security demands modesty of body and of information, and if not taken seriously, then no amount of lame covering will keep that which is private from public consumption. ;-)
Share/Save/Bookmark

December 22, 2014

Peace To All Mankind

I liked this post in downtown Washington, D.C. inscribed with the following:

"May Peace Prevail On Earth."

It left me wondering, if Earth includes:

1) ISIS advances into large swathes of Syria and Iraq
2) Taliban attacks in Afghanistan and Pakistan including the one that left 132 children dead in a Peshawar school last week.
3) Boko Haram kidnappings and killings in Nigeria including the hundreds of children taken and given as wives to their captors 
4) Al-Shabaab fighting in Somalia including attacks in the capital, Mogadishu
5) Hamas in Gaza and their barrage of rocket attacks on and terror tunnels into Israel
6) Hezbolah in Lebanon as a proxy for Iran-sponsored terror
7) Iran's pursuit of nuclear weapons and threats to annihilate Israel off the face of the map.
8) Russia in Ukraine and Georgia and ongoing threats to Eastern Europe/NATO.
9) China's military build-up, including nukes, submarines, and anti-satellite weapons.
10) North Korea cyber attack on Sony and threatening "the White House, the Pentagon, and the whole U.S. mainland."

Peace is more than a wish, right now it seems like a dream. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

November 22, 2014

Dire Warnings On CyberSecurity

This week Adm. Michael Rogers, the Director of the National Security Agency and head of U.S. Cyber Command issued a stark warning to the nation about the state of cybersecurity:

With our cybersecurity over the next decade, "It's only a matter of the 'when,' not the 'if,' that we are going to see something dramatic."

The Wall Street Journal reports that he gave " a candid acknowledgement that the U.S. ISN'T yet prepared to manage the threat!"

China and "one or two others" [i.e. Russia etc.] are infiltrating our SCADA networks that manage our industrial control systems, including our power turbines and transmission systems,.

The cyber spies from the nation states are "leaving behind computer code that could be used to disable the networks  in the future."

Can you imagine...you must imagine, you must prepare--not if, but when. 

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

October 3, 2014

Data Like Clouds

So data is like clouds...

Clouds want to be free roaming the wild blue skies similar to how data wants to be searchable, accessible, useful, and so on. 

But with data, like clouds, when it rains it pours--and when data blows about with the windstorm and is compromised in terms of security or privacy, then we not only come away wet but very uncomfortable and unhappy. 

Then, as we actually end up putting our data in the great computing clouds of the likes of Amazon, iCloud, HP, and more, the data is just within arm's reach of the nearest smartphone, tablet, or desktop computer. 

But just as we aspire to reach to the clouds--and get to our data--other less scrupled (cyber criminals, terrorists, and nation states)--seek to grab some of those oh so soft, white cloud data too.

While you may want to lock your data cloud in a highly secure double vault, unfortunately, you won't be able to still get to it quickly and easily...it's a trade-off between security and accessibility. 

And leaving the doors wide open doesn't work either, because then no one even needs an (encryption) key to get in. 

So that's our dilemma--open data, but secured storage--white, soft, beautiful clouds wisping overhead, but not raining data on our organizational and personal parades. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

February 27, 2014

Newspaper, Identity Thief

So, true story.

I know identify theft is a serious matter, but really...

I'm heading out of the driveway and I see the newpaper delivery guy just pulling up.

He's running a little late, but I figure I can still get the paper in time for morning reading on the Metro. 

I walk over to him and ask if I can get the Journal that he's deliverying to me.

He says, "No, I only deliver the Wall Street Journal and the Post."

I say, "Yeah, the Wall Street Journal, can I get it, since you're running a little late this morning."

He says. "I'm never late!"--actually, he is and sometimes doesn't deliver at all (the other week, I got 3 papers in one day). 

I say, "OK, but I can take it from here."

He says, "No, I only deliver to the door."

I say, "But I'm right here."

He says, "How do I know you are who you say you are?"

I say, "I am, and thank G-d, I really don't need to steal a $2 newspaper from you, Sir."

He says, "Okay, but I'll need to see an id!"

I say, "Are you serious?"

He says, "Yeah," pulling back to safety the pile of newspapers he is holding is his arms. 

Reluctantly, I flip open my wallet and flash my license to him.

Not good enough...he insists I take it out so he can read it. 

I finally got the paper, but we wasted what seemed like 5 minutes between the negotiation and proof of identity exercise. 

Don't get me wrong, I appreciate his diligence, but I think this type of scrutiny over access and identity would be better placed squarely on our cyber assets--somewhere where we really need them! ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

February 22, 2014

National State Of Cyber Insecurity


This video is a wake up call on the state of our national cyber insecurity. 

It is the opening statement (about 6 minutes) of Chairman Michael McCaul (R-TX) of the Homeland Security Subcommittee of Oversight, Investigations, and Management.

What he describes is quite grave and every American should listen carefully about the state of our cyber insecurity that poses a real and significant threat to our economy and national security.

We are under attack by cyber criminals, terrorists, and hostile nation states. 

Our adversaries seek to and can paralyze our critical infrastructure, steal our intellectual property, conduct espionage, and access our personal and financial information. 

The collapse of our military networks, financial system, energy, transportation, and electricity "is not science fiction."

The cyber attacks are "real, stealth, and persistent, and can devastate our nation." 

It is "not a matter of if, but when a Cyber Pearl Harbor will occur."

And "we have been fortunate that up until this point that cyber attacks on our country have not caused a cataclysmic event."

I read from the Center for Strategic and International Studies (2011) that cybersecurity has taken a back seat after 9/11 to the War on Terror as well as the economic fight after the recession of 2008, with the result that "the United States is unprepared to defend itself."

Chairman McCaul critically states at the end of his opening statement, "Let's do something meaningful [now] because it is not a tolerable situation!"
Share/Save/Bookmark

February 21, 2014

Can You Trust Social Media?

Interesting article in BBC about a project underway to develop a system that will rate information on the Internet as trustworthy or not. 

Considering how quickly we get information from the Net and how easy it is to start crazy rumors, manipulate financial investors, or even cause a near panic, it would be good to know whether the source is legitimate and the information has been validated. 

Are we simply getting someone mouthing off on their opinions or what they think may happen or perhaps they are unknowingly spreading false information (misinformation) or even purposely doing it (disinformation)?

Depending how the Internet is being used--someone may be trying to get the real word out to you (e.g. from dissidents in repressive regimes) or they may be manipulating you (e.g. hackers, criminals, or even terrorists). 

To have a reliable system that tells us if information being promulgated is good or not could add some credibility and security online. 

What if that system though itself is hacked? Then lies can perhaps be "verified" as truth and truth can be discredited as falsehood. 

The Internet is dangerous terrain, and as in the life in general, it is best to take a cautious approach to verify source and message. 

The next cyber or kinetic attack may start not with someone bringing down the Internet, but rather with using it to sow confusion and disarm the masses with chaos. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

January 25, 2014

Remodulate The Shields For Cyber Security


I really like the concept for Cyber Security by Shape Security.

They have an appliance called a ShapeShifter that uses polymorphism to constantly change a website's code in order to prevent scripted botnet attacks--even as the web pages themselves maintain their look and feel.  

In essence they make the site a moving target, rather than a sitting duck. 

This is like Star Trek's modulating shield frequencies that would prevent enemies from obtaining the frequency of the shield emitters so they could then modify their weapons to bypass the shield and get in a deadly attack. 

In real life, as hackers readily change their malware, attack vectors, and social engineering tactics, we need to be agile and adapt faster than the enemy to thwart them. 

Changing defense tactics has also been used by agencies like Homeland Security to alter screening methods and throw potential terrorists off from a routine that could be more easily overcome.

I think the future of IT Security really lies in the shapeshifter strategy, where the enemy can't easily penetrate our defenses, because we're moving so fast that they can't even find our vulnerabilities and design an effective attack before we change it and up our game again.  

And hence, the evil Borg will be vanquished... ;-)
Share/Save/Bookmark

January 21, 2014

Care To Be Curious?

Here's three topics for the curious of mind today:

- Are we technologically safer?  As we attempt to beef up IT security, we continue to be technologically insecure. Just this last week, BBC reported how a fridge was part of 100,000 devices used to send out 750,000 pieces of spam. Yes, a fridge, and there was also a television involved--sounds like the beginning of a bad joke, right? But this is our reality these days...Proofpoint, a cloud computing and security company said "Many of these devices are poorly protected at best, and consumers have virtually no way to detect or fix infections when they do occur."

- Is our economy healing or hurting? As unemployment fell from 7% to 6.7% last week--an impressive reduction--the overall labor force participation rate didn't rise, but rather sank to 62.8%--its lowest level in 35 years! And while, the Wall Street Journal explains that U.S. employment is simply not keeping up with population growth, the S&P 500 hit a new record high just last Wednesday. Meanwhile, the Fed continues to pour money into the economy, although at a slowing rate (expected to go down next week to only $65B a month), speculation is building whether we have another real bubble brewing, and this one of our own making, perhaps. 

- Is this the lead up to peace or war with Iran? As we continue to seek a long-term deal with Iran on their dangerous nuclear weapons foray, we read from Bret Stephens that Iranian President Rouhani said during his presidential campaign, "Saying 'Death to America" is easy...We need to express 'Death to America' with action." If we are getting a good deal that can truly lead to WMD disarmament of Iran, why did Rouhani tweet, "In #Geneva agreement world powers surrendered to Iranian nation's will." Curious, whether this is for political consumption in Iran or whether he sees the deal as just a stalling tactic leading to a breakout capability in nuclear weapons as well as a way to get some goodies in terms of sanctions relief for his country in the meantime.

What does little kitty cat say about these? ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

July 30, 2013

When GPS Takes You Down The Wrong Path

Mashable is reporting that a team of university students from University of Texas at Austin were able to spoof the GPS receivers on an $80 million yacht with false signals and make it veer off course without anyone even noticing!

I remember a couple of years ago, I was heading to an offsite meeting for work. 


It was planned for a location that I wasn't extremely familiar with.


Of course, I turned on my GPS device in the car and set the destination.


It was a cold snowy day--the roads were iced--and it was already treacherous driving. 


But I followed the GPS directions to a T.


I ended up in someone's backyard--at a dead end--practically in the middle of a cornfield. 


I'm thinking to myself Crap!--what type of crazy GPS is this? 


Thank G-d, I had my smartphone in my pocket and I opened up the GPS app on it and set the destination again. 


Sure enough, it takes me off and running to the meeting location--about 10 minutes away!


Some things I learnt:


1) OMG, we are so very dependent on our technology; with technology gone wrong, I was stuck in nowhere land USA; with it right--I got out of there and to the correct location and thank G-d. 


2) GPS is a capability that is critical for everything from getting us to where we need to go to getting our missiles to hit on target. Take away or mess with our GPS and we end up missing the mark--potentially big time and with devastating consequences. 


3) Always have a backup, plan B. One GPS can be wrong as in this case, while the other GPS was correct. Redundancy and contingency planning is a must have, period. 


4) When you're heading down the wrong road (or you're off course in international waters), man up and admit it and make a course correction. You don't win any brownie points for continuing to drive into the cornfields. ;-)


(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

July 29, 2013

Medical Hacks

Usually when we talk about the dangers of cyber attacks, we are concerned with the dangers of someone stealing, spying, or systematically corrupting our information systems. 

But Barnaby Jack who died last week at age 35 brought us awareness of another, more personal and perhaps dangerous hack...that of hacking medical devices.  

Barnaby, a director at computer security firm IOActive, became known first in 2010 for being able to hack at cash machine and have it dispense money. 

In 2012, he drew attention to a flaw in insulin pumps whereby someone could cause it to administer a fatal dose to its unknowing victim. 

This week, Barnaby was going to demonstrate how heart implants could be hacked, killing a man from 30 feet away. 

With advances in the miniaturization and battery life of personal medical devices and implants for monitoring and managing patients health, more and more people could be exposed to malicious or murderous cyber attacks on their body.

With the potential for RFID embedded chips for managing our personal identities to bionics for replacing or enhancing human body parts with electronic and mechanical implants, the opportunity for someone seriously messing with our physical person grows each day. 

If dangerous vulnerabilities are discovered and exploited in these devices, an enemy could go from the traditional attack on our information systems to potentially sickening, disabling, or even killing millions at the stroke of some keys. 

Imagine people keeling over in the streets as if from a surprise attack by a superior alien race or the release of a deadly chemical weapon, only it's not extraterrestrial or kinetic, but instead a malevolent cyber attack by a hostile nation or cyber terrorist group taking aim at us in a whole new and horrible way.

(Source Photo: here with attribution to Bhakua)

Share/Save/Bookmark

July 21, 2013

Like Buying A Nuke On The Black Market

Buying a serious computer vulnerability is now like acquiring a nuke on the black market. 

Nations and terrorists will pay to find the fatal flaw in computer programs that will enable them to perpetrate everything from subversive cyber spying to potentially massively destructive cyber attacks. 

As the world is focused on nuclear non-proliferation, computer weapons are the new nukes--able to do everything from a targeted strike on an organization or agency to taking out vast swaths of our nation's critical infrastructure.

According to the New York Times (13 July 2013), there is a great interest in buying "zero-day exploits"--one where governments or hackers can strike using a computer vulnerability before anyone even knows about it and can correct it. 

The average zero-day exploit persists for "312 days--before it is detected"--giving amble time for attackers to cash-in!

Brokers are now working to market the computer flaws for a 15% cut, with some even "collecting royalty fees for every month their flaw is not discovered."

The average flaw "now sells for around $35,000 to $160,000" and some companies that are selling these are even charging an annual $100,000 subscription fee to shop their catalog of computer vulnerabilities in addition to the cost for each one that varies with it's sophistication and the pervasiveness of the operating system behind the exploit. 

While governments and terrorists are on the prowl to buy the exploits for offensive purposes, technology companies are competing to purchase them and are offering "bug bounties" in order to identify the flaws and fix them before they are exploited. 

We've come a long way from people and organizations buying software with their regular upgrades and patches to nations and hackers buying the knowledge of the flaws--not to patch--but to spy or harm their adversaries. 

You can buy the bomb shelter or software patch, but someone else is buying the next more lethal bomb or vulnerability--the question is who will pay more to get the next exploit and when and how will they use it. 

(Graphic by Andy Blumenthal adapted from here with attribution for the mushroom cloud photo to Andy Z.)
Share/Save/Bookmark

July 10, 2013

Emergency Alert Or R U Kidding?

BBC News Technology (9 July 2013) reports on how the U.S. Emergency Alert System (EAS) was hacked. 

The EAS is a program of the Federal Emergency Management Agency (FEMA) and was set up "to allow the president to talk to the entire country within 10 minutes of a disaster." It also provides the public with alerts on local weather emergencies, such as tornados and flash floods. 


EAS replaced the Emergency Broadcast System (EBS) in 1997 and with it came security weaknesses.


Earlier this year, those vulnerabilities were tested and exploited when the Montana Television Network was hacked with an alert of a zombie attack.


And it provided advice on how to survive--"Do not approach or apprehend these bodies as they are considered extremely dangerous."


This is reminiscent of the hoax in 1938 when over the radio came a warning that a meteorite had smashed into New Jersey and aliens were attacking New York--an adaptation of H.G. Wells "War of the Worlds."


Well yesterday it was aliens, today it's zombies, and tomorrow it could be an phony announcement of an invasion by country XYZ or perhaps a imminent detonation of a thermonuclear warhead somewhere over the continental U.S. 


Imagine the panic, confusion, and potential loss of life and property from the ensuing chaos. 


It goes without saying that this is not a way to inspire confidence by the citizens in case of a true national emergency. 


If we cannot count on the systems meant to survive an emergency then how can we be expected to survive the emergency itself? 


The EAS may interrupt your regularly scheduled programming with those loud and annoying tests, but what can really ruin you day is a cyber attack on the system that broadcasts something much nastier and more ominous--and you don't really know whether it's the real thing or just another hack. ;-)


(Source Photo: here with attribution to UWW ResNet)

Share/Save/Bookmark

March 31, 2013

Searching For Cybersecurity Warriors

For those interested in the field of cybersecurity, I wanted to share some useful websites that I've come across: 

1) Cybersecurity Training and Competitions

Cyber Aces--provides cyber training and competitions for high school and college students, including:

Cyber Foundations: For high school students, you can visit the online Cyber Centers and learn the fundamentals of cybersecurity, including modules in networking, operating systems, and systems administration and then take cyber quizzes to compete for honors, awards, scholarships, and even corporate internships. 

Cyber Quests: For college students, you can take "cyber quests" or online competitions associated with the U.S. Cyber Challenge, to demonstrate knowledge of infrastructure security, digital forensics, vulnerability analysis, packet capture analysis, and more. Winners can get an invitation to Cyber Camps for specialized advanced training. 

2) Information Assurance Scholarships

The Department of Defense has a generous Information Assurance scholarship program where recipients generally work as a full-time DoD employee for one year for each year of scholarship received. 

Similarly, the National Science Foundation offers scholarship where recipients work for a federal agency in the Federal Cyber Service (Cyber Corps) upon graduation. 

These are some amazing training and scholarship opportunities to ready the next generation of cybersecurity professionals. 

In a 2012 movie that I was watching recently called "Abducted," the main character tells the others with whom she is being held hostage that they need to fight their way out, and she exhorts them to have "No fear, no excuses, just results"--this is what we need in cybersecurity today! ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

March 23, 2013

Innovation Infertility

Many of you may have probably the seen the movie, "Children of Men,"--it is themed around a time in the future when women are infertile (because of pathology, pollution, drugs, or whatever) and the world is in chaos--for what is life without children to carry on?

Fortunately, in the movie, after 18 years, one woman does get pregnant and bears a child and there is hope in the scientific community for a resurgence of humankind. 

Unfortunately, we are now in a similar period of technology, where big innovation of yesterday has come grinding to a miserable saunter. 

When the biggest news leaking out of superstar innovator, Apple is the potential for an iWatch--uh, not exactly earth shattering, we know we are in innovator's hell!

And vendors from Apple to Samsung and Sony trying to come out with some sort of voice activated television--again, who doesn't hate the TV clicker, but really this is not going to revolutionize our entertainment center days.

With hundreds of thousands of apps available for everything from social networking, eCommerce, gaming, and more, it seems like there are more copycat apps then anything else coming out these days--where's the real wow factor?

Microsoft can't find it's way in a mobile world, the mighty Intel has been supplanted by ARM with mobile chips, Marissa Mayer is trying to figure out how to remake the jump for joy, Yahoo, relevant again, as are the Vanderhook brothers and Justin Timberlake trying to do for MySpace.

With the overemphasis on the form factor making bigger and smaller sizes and shapes for computing devices, we seesaw between iPod Classics and Nanos and between iPads and Minis. But where are the great functional enhancements? Yeah, ask Siri.

Similarly in computing architecture, we have latched unto cloud computing as the next great savior of IT-mankind, ignoring the repackaging again of the mainframe into a cool new computing model again, and relegating the prior go-to architecture of distributed computing as the evil twin.  Sure, we can save some bucks until the pendulum swings back toward more decentralization and agility again.

In social computing, with Facebook what can you say--it's got a billion users, but virtually not a single one would pay a dime to use it. If not for marketers scooping up our personal information online and advertisers annoying us with their flashing and protruding pop-ups, we continue to trade privacy for connectedness, until we lose too much of ourselves to identity thieves and snooping sources, and we fall back clamoring for more protection. 

In security, we are getting clobbered by cyber intrusions, cyber espionage, and cyber attacks--everyday!  We can't seem to figure out the rules of cyberspace or how to protect ourselves in it. We can't even find enough qualified people to fight the cyber fight.

I was surprised that even magazine, Fast Company, which prides itself on finding the next great innovation out there, states this month (April 2013), "Growing uncertainty in tech is creating chaos for startups, consumers, and investors...nobody has a non-obvious new social business model that can scale."

As in the movie, Children of Men, we are suffering from an infertility of innovation--whether from burnout, a focus on short-term profit instead of long-term R&D investments, declining scores in STEM, or a lack of leadership--we are waiting for the next pregnancy so we can have hope again, but are disappointed that so many are false positives or overhyped prophets. 

One of the things, I am most excited about is Google Glass and their concept of augmented reality, but the glasses are geeky and will need to be package in a lot more eloquent solution to really be practical in our futures. 

The next great thing will come--life is a great cycle--but as in the Bible with 7 fat cows and 7 skinny cows, leading to the great famine in Egypt, we are now seeing lots of skinny cows walking around and it is darn scary. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

February 27, 2013

Cyberweapons Power Up

In you haven't heard of Project Aurora, this is a wonderful segment from 60 Minutes on this cyberwar project. 

Faced with some of the worst case scenarios for cybergeddon, Idaho National Labs set out in 2007 to test what would happen to a 27-ton power generator if the researchers hacked into it from a mere laptop. 

The turbine was sent instructions that would essentially tear itself apart--and in the video you can see what happened--it shudders, shakes, smokes, and ultimately destroys itself. 

The test was a grand success demonstrating our capabilities to conduct cyberwar operations against an adversary.  

Interestingly, Reuters reported the Symantec researchers "uncovered a version of Stuxnet from the end of 2007 that was used to destroy two years later about 1,000 Iranian centrifuges used in their Natanz nuclear uranium enrichment facility for alleged development of weapons of mass destruction. 

The flip side of this cyberwar test is the realization of the potential blowback risk of cyberweapons--where adversaries can use similar technology over the Internet against our critical infrastructure--such as SCADA industrial control systems for the power grid, water treatment, manufacturing, and more--and cause potentially catastrophic events.

As stated toward the end of the video, this is a type of "pre 9/11 moment" where we identify a serious threat and our vulnerability and we need to act to prevent it--the question is will we? 

Share/Save/Bookmark

February 23, 2013

Analyzing The Law


So I am back in school AGAIN (I'm a life-long learner), augmenting my not so slow-paced job.

Let's just say that at this point, I recognize that the more I know, the more I don't know anything. 

The class that I am taking now is Cyberlaw, and while I did take law in business school--many moons ago--that was more focused on contracts and business organizations. 

This class looks interesting from the perspective of the legal and regulatory structure to deal with and fight cybercrime, -terrorism, and -war.

One interesting thing that I already learned was a technique for evaluating legal cases called IRAC, which stands for:

- Issues--the underlying legal matters that the case is addressing.

- Rules--what legal precedents can be applied.

- Analysis--whether those rules apply or not, in this case.

- Conclusion--rendering an opinion on the case.

This is a structured way to analyze any legal case. 

Of course, before you do these, you have to look at the facts--so that is the very first section. 

The problem with that is then you have F-IRAC and that can definitely be taken the wrong way. ;-)

(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

February 2, 2013

This Tape Will Self Destruct In Five Seconds


Ever since the 1960's airing of Mission Impossible, where each episode started with the instructions for a dangerous mission on a tape recording, which ended with "This tape will self-destruct in five seconds," have we all recognized the need for self-destructing devices to safeguard information. 

This message has been honed over the last three decades with compromising security incidents:

1979: Iranian demonstrators stormed the U.S. Embassy in Tehran and according to UMBC "the incinerator broke" as personnel tried to destroy sensitive documents and they had to revert to shredding. 

2001: A Chinese J-8 fighter aircraft collided with a EP-3 U.S. Intel aircraft which according to CNN was "likely equipped with highly sensitive equipment" and landed on the Chinese island of Hainan providing China the opportunity to board, disassemble, and study the equipment before it was returned three months later. 

2011: Iran captured an RQ-170 Sentinel Drone and USA Todayreported on Iran's claims that "all files and boards of the drone were copied and used to improve Iran's unmanned aircraft." Also in 2011 in the assault on Osama Bin Laden, a secret stealth helicopter that took a hard-landing had to be destroyed before special forces pulled out--however according to the New York Times, "a surviving tail section reveal modifications to muffle noise and reduce the chances of detection by radar" was left behind providing others the opportunity to learn about our sensitive technologies.

Additionally, as ever more advanced technology continues to enter the battlefield the threat of its capture and exploitation becomes increasingly concerning. 
In this context, Defense Advanced Research Projects Agency (DARPA) announced the start up of a new program on 28 January 2013 called Vanishing Programmable Resources (VAPR).

VAPR is intent on developing technologies for "transient electronics...capable of dissolving into the environment around them."

The goal is that "once triggered to dissolve, the electronics would be useless to any enemy that comes across them."

According to Armed Forces International, along with the destruction of the electronics would be "taking classified data with it." Thereby preventing the enemy from using captured information to develop countermeasures or reverse engineer their finds. 

Transient electronics are intended to be rugged on the battlefield but able to be destroyed on command, perhaps by biomedical implants that release "a few droplets of [a self-destruct] liquid" or other means. 

Whether self-destructing in five seconds or slightly more, the need to preserve our sensitive battlefield technologies and the intelligence they contain has never been more vital. ;-)

(Source Photo: here with attribution to Mike Licht)

Share/Save/Bookmark