Showing posts with label Cyber Warfare. Show all posts
Showing posts with label Cyber Warfare. Show all posts

July 13, 2020

Awesome Elbit!



Love this Israeli defense company, Elbit Systems! 

They are Israel's largest defense company with brilliant defense, homeland security, and national security solutions. 

Proven on the battlefield on land, sea, air, and space. 

From the advanced F-35 Joint Strike Fighter helmet mounted display to the Iron Fist active protection system to drones, lasers, C4ISR, cyber, electronic warfare, electro-optics, countermeasures, combat vehicle systems, and artillery, mortar, munitions and more. 

Elbit offer high-tech solutions that uniquely combine brain with brawn!  

Defending the Holy Land and other countries around the globe. 

In the fight of good over evil, I'm proud that Elbit is one of the good guys! ;-)
Share/Save/Bookmark

May 3, 2017

Easy Solution to Axis of Evil

So there is an easy solution to the hellbent destruction of the Axis of Evil...

North Korea and Iran are sworn to the destruction of the U.S. and it's allies. 

Repeatedly, they sponsor global terrorism, abuse human rights, violate agreements against proliferation of weapons of mass destruction, conduct nuke tests, and missile launches. 

Instead of destroying the missiles immediately upon launch or on the launchpad, which is a nice start...

Let's just do this:

- When North Korea launches, let's redirect the guidance system on the missile to Tehran. 

- And when Iran launches their missiles, let's redirect it toward Pyongyang. 

We don't have to fire a single volley. 

Let the evil ones destroy each other and have a gangbusters time doing it. ;-)

(Source Photo: here with attribution to Pixabay)
Share/Save/Bookmark

March 19, 2017

Killer Bots--Massive and Nano

There are big deadly weapons to worry about, such as weapons of mass destruction that come on an ICBM or even in a suitcase bomb to frightening armies of massive killer robots.

And then there are small nanobot weapons to worry about--which don't sound like much, but they could be the ultimate killer machines.

About 10 nanometers make up the width of a human hair, so we are talking about microscopic or bug size weaponized drones. 

Nanobots can be manufactured or scarily can be self-replicating. 

They can fly alone or in massive swarms. 

They can surreptitiously enter/exit and carry out their missions virtually undetected. 

Whether surveillance or delivering a mini-nuke or a toxin.

Nanobots could function like a biological weapon killing millions--targeted or indiscriminately. 

Cambridge University forecasts a 5% chance that nanotech weapons could cause a human extinction level event by the year 2,100

Soon wars will not be fought by people any longer--by rather by robots and nanobots.

People are too fragile for fighting and war against ruggedized and militarized bots that are designed for one purpose only...to kill, kill, kill. 

Terminators are coming--from massive to nanoscale--and mere humans will be dogmeat to these killing machines.

Add in a cyber warfare component that will turn off 21st century civilization leaving us to fend as if we were back in the stone ages, and overpopulation is the last and funniest joke any of us will ever tell. 

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

May 6, 2015

A Political Teddy Bear

Thought this was an awesome photograph.

Taken on the Washington, D.C. Mall...

You can see the Capitol of the United States in the background.

The gate is surrounding the construction being done.

On the fence is a Teddy Bear--representing so many of our national challenges--sort of just hanging there helpless.

This political bear looks like he's clutching for dear life, but unfortunately he is left hung out to dry as we just keep chugging away...but where is the real progress? 

- ISIS and radical Islam is still growing stronger.

- Iran continues building toward a nuclear WMD.

- China and Russia are "becoming [ever more] aggressive as they perceive U.S. pulling back."

- North Korea achieves capability for a "nuclear ICMB."

- Cyber insecurity is a "real and growing threat."

- There is a growing danger of a catastrophic EMP attack with a "staggering human cost."

- Immigration crisis remains in "limbo."

- Economic growth is "grinding to a halt."

- National deficit is "projected to skyrocket over next decade." 

- American economic competitiveness is in ongoing "slow decay."

- U.S. education "still lagging" significantly in science and mathematics. 

- Life expectancy in U.S. ranks 26th, "right behind Slovenia."

This doesn't mean that good things aren't continuing to happen especially with innovation despite all the gridlock...there is the Apple Watch (ok, the jury is still out on that one too).

Why don't we let the bear down gently please. ;-)

(Source Photo: Minna Blumenthal)
Share/Save/Bookmark

February 22, 2014

National State Of Cyber Insecurity


This video is a wake up call on the state of our national cyber insecurity. 

It is the opening statement (about 6 minutes) of Chairman Michael McCaul (R-TX) of the Homeland Security Subcommittee of Oversight, Investigations, and Management.

What he describes is quite grave and every American should listen carefully about the state of our cyber insecurity that poses a real and significant threat to our economy and national security.

We are under attack by cyber criminals, terrorists, and hostile nation states. 

Our adversaries seek to and can paralyze our critical infrastructure, steal our intellectual property, conduct espionage, and access our personal and financial information. 

The collapse of our military networks, financial system, energy, transportation, and electricity "is not science fiction."

The cyber attacks are "real, stealth, and persistent, and can devastate our nation." 

It is "not a matter of if, but when a Cyber Pearl Harbor will occur."

And "we have been fortunate that up until this point that cyber attacks on our country have not caused a cataclysmic event."

I read from the Center for Strategic and International Studies (2011) that cybersecurity has taken a back seat after 9/11 to the War on Terror as well as the economic fight after the recession of 2008, with the result that "the United States is unprepared to defend itself."

Chairman McCaul critically states at the end of his opening statement, "Let's do something meaningful [now] because it is not a tolerable situation!"
Share/Save/Bookmark

November 15, 2013

Survival Is More Than An iPhone

Please see a new article by Andy Blumenthal at Government Technology

We "need to learn ever new technology skills and simultaneously retain, old tried and true, core survival and self-sufficiency." 


This is a serious topic, and there will come a time when the lights go out and those who blend old and new skills will survive, while unfortunately, others who don't, will not. 


Hope you enjoy the article. 


Andy


(Source Photo: here with attribution to U.S. Army Africa)

Share/Save/Bookmark

June 9, 2013

Turnkey Cyberwar

Interesting article by Noah Shachtman in Wired about how the Pentagon is gearing up for cyberwar.

It's called Plan X and it's being pursued by the Defense Advanced Research Projects Agency (DARPA).

The idea is for cyber warfare to be conducted like traditional kinetic warfare--where "munitions made of 1s and 0s [are] to be as a simple to launch as ones made of metal and explosives."

Cyberspace is considered a domain of warfare similar to land, sea, air, and space, and it is necessary to be able to craft offensive capabilities where "a military operator can design and deploy a cyber effect, know what it's going to accomplish...and take the appropriate level of action."

We can't fly by the seat of our pants in cyberspace any longer; we've got to have turnkey solutions ready to launch in order to defend our people and interests. 

To accomplish this, we need:

1) Surveillance: A good map of cyberspace detailing enemy cyber outposts and threats akin to the geographical maps we have identifying physical targets and dangerous movements.

2) Weapons: Reliable cyber weapons ready to take on and take out enemy networks similar to kinetic weapons ready to destroy their military hardware and infrastructure.

3) Launch protocols: The rules of engagement for attack and counterattack and the ability to intuitively and securely unleash those even faster then the turnkey capabilities with which we can respond with traditional military might. 

Whether, the cyber weapon looks like Angry Birds or some other point (at the target) and swipe (to launch at them) interface is almost beside the point--what is key is that we are ready to fight like hell in cyberspace, win uncontested, and keep the peace again. ;-)

(Source Photo: here with attribution to Great Beyond)
Share/Save/Bookmark

November 9, 2012

Biowarfare: A Fight At The Molecular Level

There is a fascinating article in The Atlantic (November 2012) on an emerging bioweapons storm that is brewing that could be used in a decapitation strike to harm anyone, even the President of the United States. 

Advances in genetic engineering, biotechnology, and synthetic biology (Synbio) has been seen from decoding human DNA to the development of "magic bullets", personalized viral therapies that can target and destroy cancer cells.

However, just as most things can be used for good or evil--so too, can this biotechnology be used to target and destroy cancerous cells or perversely to attack healthy ones.

Bioweapons could be targeted to various parts of the body or brain to cause blindness, memory loss, or death itself. More subtly, it can be used to "fabricate evidence" of affairs, crimes, "cast doubt" as to birthplace or heritage, or as supposed markers for genetic diseases, and even mental disability. 

Moreover, while bioweapons of mass destruction can destroy virtually entire civilizations, personalized bioweapons can be engineered based on the manipulation of a specific person's DNA to attack that person--then just like a sniper, it becomes one shot, one (targeted) kill. 

Personalized bioweapons can be silent and deadly, difficult to detect, hard to pin on a source, and may even be confused with death by natural causes. 

And the cost is coming down...cell-culturing gear "can be had on eBay for as little as $10,000" or "cobbled together for less than $1,000."

Even non-weaponized use of this technology, can be extremely dangerous. For example, Synbio, can be used to "cut and paste" genetic code from one species to another, can be mixed from multiple species, and new creatures can be created altogether--all this potentially leading to frightening scenarios of "undesired cross-breeding with other organisms, uncontrolled proliferation, crowding out existing species, and threats to biodiversity." 

Already, "forty nations now host synbio research" and "The Beijing Genomics Institute...is the largest genomic research organization in the world."

The article speaks to various approaches to counter the personalized bioweapons threat including scientific task forces, bio-detectors, "Clean DNA" (as biological backup system), conducting biological war games, and open/crowdsourcing for solutions. 

It seems clear that the answers of how to defend against these emerging threats are not as good as the questions raised by them--and we will need to be vigilant and fast-track R&D in these areas, as we are still vulnerable. 

Further, I see some similarities between bioweapons, cyberweapons, and even legions of attack drones/droids, as all areas that are non-conventional and developing quickly and quite lethally. 

Unfortunately, we can't just put on a coat of armor and be safe from attacks at the molecular level, or from malicious code seeking to cripple our national critical infrastructure, or from robots that can stream across a battlespace attacking without fear, pain, or tiring. 

There is no simple paradigm for killing anymore and we better let our imaginations run wild, so we can figure out new ways to protect everyone--from the President and on down to us all.

(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

October 29, 2012

Zombie Homeland Security Training 101


Unbelievable. The Halo Counter-terrorism Summit (Oct 29-Nov. 2, 2012) is hosting a mock Zombie Invasion as part of its emergency response training for about a 1,000 special ops, military, police, medical, firefighter, and other homeland security professionals. 

The Zombie Apocalypse training exercise is occurring mid-summit on October 31, Halloween--so it is quite timely for other ghoulish activities that day. 

There are two sessions--#1 at 4:30 PM and #2 at 7:00 PM.

Both the Centers for Disease Control (CDC) and the Federal Emergency Management Agency (FEMA) of The Department of Homeland Security (DHS) have posted the CDC's Zombie Preparedness guidance--saying that "if you are generally well equipped to deal with a zombie apocalypse you will be prepared for a hurricane, pandemic, earthquake, or terrorist attack."

I guess this is very good news with Hurricane Sandy or "Frakenstorm" bearing down on the East Coast this evening.  Zombies, you ain't got nothing on Frakenstorm! 

In Yahoo News, Brad Barker, the President of Halo Corp., explained why Zombies are good for training, especially in asymmetric warfare: "No one knows what zombies will do in our scenario, but quite frankly no one knows what a terrorist will do."

Barker also jested that "No doubt when a zombie apocalypse occurs, it's going to be a federal incident, so we're making it happen."

Frankly, I love to see this type of creativity brought to national and homeland security and believe that this makes it less likely that we'll be perpetually fighting yesterday's war, instead of tomorrow's. 

The key is that we think out of the box in terms of what will the adversary do next--from cyberwar to weapons of mass destruction, we can't afford to be blindsighted. 

So do I think that aliens or zombies are coming for us some day--let's just say, never say never. ;-)

Share/Save/Bookmark

June 16, 2012

Securing Transport To The Cloud

A new article by Andy Blumenthal on cyber security and cloud computing in Public CIO Magazine (June 2012) called Securing Cloud Data Means Recognizing Vulnerabilities.

"It’s the principle of inertia: An object in motion stays in motion unless disturbed. Just like a car on a highway, everything zips along just fine until there’s a crash. This is similar with information on the superhighway."

Let's all do our part to secure cyberspace.

Hope you enjoy!

(Source Photo: here with attribution to Kenny Holston 21)

Share/Save/Bookmark

June 1, 2012

Cyberwar, You're On

There was significant news this week about the U.S. and Israel making major inroads with cyberwar capabilities

First, the New York Times today (1 June 2011) writes about alleged Bush and Obama administrations' "increasingly sophisticated [cyber] attacks on the computer systems that run Iran's main nuclear enrichment facilities"--sabotaging as many as a 1000 centrifuges, delaying their deadly program by as much as 2 years, as well as conducting cyber espionage to strengthen our negotiating hand. 

The cyber offensive program code-named Olympic Games allegedly involved cyber weapons codeveloped by the United States' National Security Agency and Israel's advanced cyber corps, Unit 8200.

The malware included such programs such as Stuxnet, Duqu, and The Flame and according to Bloomberg BusinessWeek (30 May 2012) may date as far back to 2007.

These cyber attacks have been viewed as the best hope of slowing the Iranian's sinister nuclear program while economic sanctions have a chance to bite. 

Additionally cyber attacks were viewed preferentially over using traditional kinetic military options and potentially causing a regional war in the Middle-east. 

At the same time, the use of cyber weapons is a double-edged sword--if we use it on others, this may encourage cyber proliferation and it's eventual use on us--and as the NYT writes, "no country's infrastructure is more dependent on computer systems and thus, more vulnerable to attack than the United States."

Therefore, it was good to see in The Washington Post yesterday (30 May 2012) that the Pentagon's Defense Advanced Research Projects Agency (DARPA) is pursuing Plan X--"ambitious efforts to develop technologies to improve its cyberwarfare capabilities, launch effective attacks, and withstand likely retaliation."

"If they achieve it, they're talking about being able to dominate the digital battlefield just like they do the traditional battlefield."
The "five-year $110 million research program" is seeking to accomplish three major goals in arming U.S. Cyber Command at Fort Meade for cyber war:

1) Mapping Cyberspace--create realtime mapping of the entire cyberspace and all its devices for commanders to use in identifying targets and disabling them and seeing enemy attacks. 

2) Building A Survivable O/S--Just like DARPA invented the Internet as a survivable messaging and communication system, so too, they want to develop a battle-ready operating system for our computers (like a tank) "capable of launching attacks and surviving counterattacks."

3) Develop (Semi-)Autonomous Cyber Weapons--so cyber commanders can engage in "speed-of-light attacks and counterattacks using preplanned scenarios that do not involve human operators manually typing in code."

Just to be clear, with cyber warfare, we are not just talking about computers taking out other computers--and end there, but rather this is where computers take out computers that are controlling critical infrastructure such as the power grid, transportation systems, financial systems, supply chain, command, control, and communications, weapons systems, and more.

"Cyberwar could be more humane than pulverizing [targets]...with bombs," but I doubt it will be. 

Imagine, everything you know coming to a complete halt--utter disruption and pandemonium--as well as the physical effects of that which would ensue--that's what cyber war is all about--and it is already on the way. 

So as, Richard M. George, a former NSA cyberdefense official stated: "Other countries are preparing for a cyberwar. If we're not pushing the envelope in cyber, somebody else will."

It is good to see us getting out in front of this cyber security monster--let's hope, pray, and do everything we can to stay on top as the cyberspace superpower. 

(Source Photo: Andy Blumenthal taken of mural at National Defense University, Washington D.C.)


Share/Save/Bookmark

May 29, 2012

A Cyber Security House Of Cards

Yesterday there were reports of a new "massive cyber attack" called the Flame.

A U.N. Spokesperson called it "the most powerful [cyber] espionage tool ever."

The Flame ups the cyber warfare ante and is "one of the most complex threats ever discovered"--20 times larger than Stuxnet--and essentially an "industrial vacuum cleaner for sensitive information."

Unlike prior cyber attacks that targeted computers to delete data ("Wiper"), steal data ("Duqu"), or to disrupt infrastructure ("Stuxnet"), this malware collects sensitive information. 

The malware can record audio, take screenshots of items of interest, log keyboard strokes, sniff the network, and even add-on additional malware modules as needed. 

Kaspersky Labs discovered the Flame visus, and there have been greater than 600 targets infected in more than 7 countries over the last 2 years with the greatest concentration in Iran. 

This is reminiscent of the Operation Shady Rat that was a 5-year cyber espionage attack discovered by McAfee in 2011--involving malware that affected more than 72 institutions in 14 countries. 

Separately, an attack on the U.S. Federal government's retirement investments--the Thrift Saving Plan --impacted the privacy and account information of 123,000 participants and "unathroized access"--and was reported just last week after being discovered as far back as July 2011.

Regardless of where the particular cyber attacks are initiating from, given the scale and potential impact of these, it is time to take cyber security seriously and adopt a more proactive rather than a reactive mode to it.

One can only wonder how many other cyber attacks are occuring that we don't yet know about, and perhaps never will.

We can't afford to fumble the countermeasures to the extraordinary risk we face in the playing fields of cyber warfare. 


We have to significantly strengthen our cyber defenses (and offenses) -- or else risk this "cyber house of cards" come crashing down. 

It's time for a massive infusion of funds, talent, tools, and leadership to turn this around and secure our nation's cyber infrastructure.   

(Source Photo: here with attribution to Dave Rogers)

Share/Save/Bookmark

March 11, 2012

Taking Down The Internet--Not A Pipe Dream Anymore

We have been taught that the Internet, developed by the Department of Defense Advanced Research Projects Agency (DARPA), was designed to survive as a communications mechanism even in nuclear war--that was its purpose.

Last year, I learned about studies at the University of Minnesota that demonstrated how an attack with just 250,000 botnets could shut down the Internet in only 20 minutes. 

Again last month, New Scientist (11 February 2012) reported: "a new cyberweapon could take down the entire Internet--and there is not much that current defences can do to stop it."

Imagine what your life would be like without Internet connectivity for a day, a week, or how about months to reconstitute!

This attack is called ZMW (after its three creators Zhang, Mao, and Wang) and involves disrupting routers by breaking and reforming links, which would cause them to send out border gateway protocol (BGP) updates to reroute Internet traffic.  After 20 minutes, the extreme load brings the routing capabilities of the Internet down--" the Internet would be so full of holes that communication would become impossible."  

Moreover, an attacking nation could preserve their internal network, by proverbially pulling up their "digital drawbridge" and disconnecting from the Internet, so while everyone else is taken down, they as a nation continue unharmed. 

While The Cybersecurity Act of 2012, which encourages companies and government to share information (i.e. cybersecurity exchanges) and requires that critical infrastructure meet standards set by The Department of Homeland Security and industry are steps in the right direction, I would like to see the new bills go even further with a significant infusion of new resources to securing the Internet.  

An article in Bloomberg Businessweek (12-18 March 2012) states that organizations "would need to increase their cybersecurity almost nine times over...to achieve security that could repel [even] 95% of attacks."

Aside from pure money to invest in new cybersecurity tools and infrastructure, we need to invest in a new cyberwarrior with competitions, scholarships, and schools dedicated to advancing our people capabilities to be the best in the world to fight the cyber fight. We have special schools with highly selective and competitive requirements to become special forces like the Navy SEALS or to work on Wall Street trading securities and doing IPOs--we need the equivalent or better--for the cyberwarrior.

Time is of the essence to get these cyber capabilities to where they should be, must be--and we need to act now. 

(Source Photo of partial Internet in 2005: here, with attribution to Dodek)


Share/Save/Bookmark

January 27, 2012

Cyber War - The Art of The Doable

CBS 60 Minutes had a great episode this past June called Cyber War: Sabotaging The System.

The host Steve Kroft lays the groundwork when he describes information or cyber warfare as computers and the Internet that is used as weapons and says that "the next big war is less likely to begin with a bang than with a blackout."

This news segment was hosted with amazing folks like Retired Admiral Mike McConnell (former Director of National Intelligence), Special Agent Sean Henry (Assistant Director of the FBI's Cyber Division), Jim Gosler (Founding Director of CIA's Clandestine Information Technology Office), and Jim Lewis (Director, Center for Strategic and International Studies).  

For those who think that cyber war is a virtual fantasy and that we are safe in cyberspace, it's high time that we think again.  

Here are some highlights:

- When Retired Admiral McConnel is asked "Do you believe our adversaries have the capability of bringing down a power grid?"  McConnell responds "I do." And when asked if the U.S. is prepared for such an attack, McConnell responds, "No."

- Jim Gosler describes how microchips made abroad are susceptible to tampering and could "alter the functionality" of let's say a nuclear weapon that needed to go operational, as well as how they "found microelectronics and electronics embedded in applications that shouldn't be there." 

- Special Agent Henry talks about how thieves were able to steal more than a $100 million from banks in less than half a year, not by holdups but through hacking. 

- Jim Lewis tells of the "electronic Pearl Harbor" that happened to us back in 2007, when terabytes of information were downloaded/stolen from our major government agencies--"so we probably lost the equivalent of a Library of Congress worth of government information" that year and "we don't know who it is" who broke in.  

The point is that our computers and communications and all the critical infrastructure that they support--including our defense, energy, water, transportation, banking, and more are all vulnerable to potentially lengthy disruption.

What seems most difficult for people to grasp is that the bits of bytes of cyberspace are not just ephemeral things, but that thy have real impact to our physical universe.   

Jim Lewis says that "it doesn't seem to be sinking in. And some of us call it 'the death of a thousand cuts.' Every day a little bit more of our intellectual property, our innovative skills, our military technology is stolen by somebody. And it's like little drops.  Eventually we'll drown. But every day we don't notice."

Our computer systems are vulnerable and they control virtually all facets of lives, and if the enemy strikes at our cyber heart, it is going to hurt more than most of us realize.  

We are taking steps with cyber security, but we need to quickly shift from a reactive stance (watching and warning) to a proactive posture (of prevention and protection) and make cyber warfare a true national priority.
Share/Save/Bookmark

December 16, 2011

Decloaking The Adversary

Yes, we lost a drone in Iran and they won't give it back--that stinks!
Initially, the word coming out was it was a mishap, an accident, but the Iranians claimed otherwise--that they brought it down.
Who believed that they could actually do that?
Then there was word that the craft being displayed by the Iranians was a fake, a mock-up, only to reversed with a confirmation, as reported in Christian Science Monitor, that the drone "is almostly certainly the one lost by U.S. forces."
Well now, InformationWeek is reporting (16 December 2011) that Iran really did bring down the stealth drone as well as how they claim to have done it.
First they jammed the communications of the RQ-170 Sentinel, so that with its command, control, and communications (C3) no longer intact, it was forced to go into autopilot and rely on GPS signals to find its way.
Then, the Iranians spoofed the GPS signal making the Sentinel think it was landing at a U.S. base rather than right into hostile territory.
If this is true, then not only is all the captured sensitive technology aboard the craft (such as radar, fuselage, coating, and electronics) in jeopardy of being comprised by reverse engineering, but also as the article states, the Iranians may have demonstrated the means to be able to literally "divert any GPS-guided missiles launched at targets inside its borders."
Quite a scary thought when according to Reuters reports, Iran is less than a year from going nuclear!
So what is the truth and what is misinformation (PsyOps) to confuse or outwit the enemy and how much does any of that really matter if the Iranians have possession of our advanced technology along with the time and the nefarious partners to study it and use it against us?
Or perhaps, this is a great ruse by us and we intended for the Iranians to get the drone--tick, tick, tick... ;-)
We live in a new sophisticated world of electronic and cyber warfare and that combined with nukes makes for some truly dangerous scenarios.
Finally, we should never underestimate the capabilities or intent of our adversaries--surprise may be the the most potent enemy of them all.
(Source Photo: here)

Share/Save/Bookmark

September 4, 2011

9/11 - A Lesson In Risky Business

Corresponding to the 10th anniversary of 9/11, Bloomberg BusinessWeek (5-11 Sept 2011) has a great article on risk management called The G-d Clause.

When insurers take out insurance--this is called reinsurance, and reinsurers are "on the hook for everything, for all the risks that stretch the limits of the imagination"--that's referred to as The G-d Clause--whatever the almighty can come up with, the "reinsurers are ultimately responsible for" paying for it.

And obviously, when insurers and reinsurers don't well imagine, forecast, and price for risky events--they end up losing money and potentially going out of business!

Well when it came to 9/11, insurers lost fairly big financially--to the tune of $23 billion (it is in fact, the 4th costliest disaster since 1970 after Japan's tsunami, earthquake and Fukushima nuclear disaster ($235B), and hurricanes Katrina ($72B) and Andrew ($25B) in the U.S.)

Even Lloyd's "that invented the modern profession of insurance [and] publishes a yearly list of what it calls 'Realistic Disaster Scenarios,'" and while they had imagined 2 airlines colliding over a city, even they failed to anticipate the events of September 11, 2001.

According to the article, even insurers that make their living forecasting risks, "can get complacent."

And the psychology of the here and now, where "people measure against the perceived reality around them and not against the possible futures" is the danger we face in terms of being unprepared for the catastrophic events that await, but are not foretold.

In a sense, this is like enterprise architecture on steroids, where we know our "as-is" situation today and we try to project our "to-be" scenario of the future; if our projection is to far off the mark, then we risk either failing at our mission and/or losing money, market share, or competitive advantage.
The ability to envision future scenarios, balancing reality and imagination, is critical to predict, preempt, prepare, and manage the risks we face.

Post 9/11, despite the stand-up of a sizable and impressive Department of Homeland Security, I believe that our achilles heel is that we continue to not be imaginative enough--and that is our greatest risk.

For example, while on one hand, we know of the dangers of weapons of mass destruction--including nuclear, chemical, biological, and radiological devices--as well as new cyber weapons that can threaten us; on the other hand, we have trouble imagining and therefore genuinely preparing for their actual use.

Perhaps, it is too frightening emotionally or we have trouble coping practically--but in either case, the real question is are we continuing to proceed without adequate risk-loss mitigation strategies for the future scenarios we are up against?

Frankly, living in the suburbs of our nations capital, I am fearful at what may await us, when something as basic as our power regularly goes out, when we get just a moderate rain storm in this area. How would we do in a real catastrophe?

In my mind, I continue to wonder what will happen to us, if we proceed without taking to heart the serious threats against us--then the tragic events of 9/11 will have unfortunately been lost on another generation.

Like with the reinsurers, if we do not open our minds to perceive the catastrophic possibilities and probabilities, then the risky business that we are in, may continue to surprise and cost us.

(All opinions my own)

(Source Photo: here)

Share/Save/Bookmark

July 23, 2011

Getting To Swift Cyber Justice

Destroyed_computer

The first Department of Defense Strategy for Operating in Cyberspace is out (July 2011).

Of course, like the plans that came before (e.g. Cyberspace Policy Review), it emphasizes the imperative for cyberspace protection. Some highlights:

  • "DoD is particularly concerned with three areas of potential adversarial activity: theft or exploitation of data; disruption or denial or service of access or service..., and the destructive action--including corruption, manipulation, or direct activity that threatens to destroy or degrade network or connected systems."
  • "Cyber threats to U.S. national security go well beyond military targets and affects all aspects of society. Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks and systems that control civilian infrastructure."
  • "Every year, an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government departments and agencies."

The strategies for cyberspace protection in the DoD plan include treating cyberspace as an operational domain; innovation; partnership; and so on. But we need to leverage our strengths even more.

As the Wall Street Journal pointed out on 15 July 2011: "The plan as described fails to engage on the hard issues, such as offense and attribution." If we can't even identify who's attacking us, and fight back with precision, then we're flailing.

Some may express the concern that we would have all-out war by attacking those who attack us. However, what is the alternative besides confronting our aggressors?

The concept of operations is straightforward: Any computer device that is used to attack us, would immediately be blocked and countered with equivalent or greater force and taken out of play.

This would mean that we are able to get past cyber-bot armies to the root computers that are initiating and controlling them, and dealing with them decisively. This would hold regardless of the source of the attack--individual or nation-state.

The DoD plan acknowledges our own unpreparedness: "Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity."

As in the Cold War, there must be no doubt with Cyber Warfare (as with nuclear) of our ability to inflict devastating second-strike or preemptive attacks with deadly precision.

Until we have unambiguous hunter-killer capability to identify and locate perpetrators of cyber attacks against us and the ability to impose swift justice, we are at the mercy of our aggressors.

We can only have peace in cyberspace when we have the strength to stand up and defend it.

Now we must move with cyber speed to build this capability and stand ready to execute our defenses.

Admiral Mike Mullen was quoted this week (18 July 2011) in Federal Times as saying: "The single biggest existential threat that's out there is cyber...It's a space that has no boundaries. It has no rules."

We must become even better--much better!

(Source Photo: here)

Share/Save/Bookmark