Lessons From Israel In Stopping Ransomware

Please see my new article in The Times of Israel called "Lessons From Israel In Stopping Ransomware."

Israel is a small, but powerful nation that wants to stop attacks before they get to their door, and indeed, their lives depend on that. We can learn from Israel's military doctrine of deterrence through overwhelming strength, unity, and disincentivizing the attackers to inform other security issues, such as ransomware attacks. I believe that the answer lies in a public-private security partnership financially backed by the government.

First, companies voluntarily join a public-private security partnership in which they adhere to higher security standards and oversight as well as pledge not to pay ransomware. Additionally, these companies are placed on a public list and given a badge or seal of approval/logo like Brink's Home Security or ADT to display that indicates they are "fortified," and in this case, that they won't pay any ransom, and are backed by the government.

Second, the government provides an incentive for companies to participate in the public-private partnership and not to pay ransomware. The incentive provided is that the companies are backstopped (insured) by the government in the event of a ransomware attack to them. This is similar to ransomware insurance, but the difference is that the cost to companies would be a fraction of what they would otherwise have to pay. The benefit to the taxpayer is that the market for ransomware dries up with companies that have pledged not to pay. As the program become universal, there is no one left for the ransomware attackers to target.

(Source Photo: https://pixabay.com/illustrations/ransomware-cyber-crime-malware-2321110/)

Lessons From Israel In Stopping Ransomware

A 2022 New Year of Eggs

New Years 2022. 

Congratulations!

But I wouldn't call it "eggcellent," because there is a lot of world instability and fear looming on the horizon.

Are we looking at competition, conflict, and even possible areas of collapse or a much rosier outcome in the order of things?

• From Russia to China and Iran to North Korea. 
• From Al-Qaeda to ISIS and Hamas to Hezbollah and Islamic Jihad
• From WMD to Cyber 9/11 and EMPs to Hypersonic ICBMs
• From Covid to the Economy and Inflation to National Insolvency

Like a bunch of eggs. 

Will it be a year of Broken, Scrambled and Mashed or Sunny Side Up and Eggs Over Easy? 

Either way, we had better hope and pray that we don't get fried and burned.  ;-)

(Credit Photo: Andy Blumenthal)

A 2022 New Year of Eggs

We Just Magically Found $2,000,000,000,000

It's amazing how we can magically find $2 trillion for a Coronavirus "Rescue Plan."

This after we already wasted over $6.4 trillion (and thousands of our dead and wounded) through 2017 in unexplainable and endless wars in Iraq and Afghanistan with no known or lasting benefits to this country (while archenemy, Iran continues their pursuit of nukes unabated). 

And for decades, we haven't been able to find money for:

- Decent healthcare for all Americans.

- Ensuring our national security, including adequate planning and disaster preparedness for things like Coronavirus, cybersecurity, WMDs, EMPs, and for critical infrastructure protection. 

- Repairing our aging roads, bridges, and infrastructure. 

- Fixing our broken public education system.

- Helping our countless of homeless and needy lying the streets of our nation. 

- Restoring our space program to get a man on the moon again or put another shuttle into space. 

When politics are in play, there is plenty of money to go around. 

But when the nation needs proper care and feeding, there are no adults in the room. ;-)

(Credit Photo: Andy Blumenthal)

We Just Magically Found $2,000,000,000,000

@National Cybersecurity Center of Excellence

So good today to visit the NIST Cybersecurity Center of Excellence (NCCoE).

The cybersecurity solutions developed are aligned to the well-known Cybersecurity Framework (CSF). 

Got to see some of the laboratories, including demonstrations for securing the Healthcare and Energy Sectors. 

Interesting to hear about examples for securing hospitals records and even things like infusion pumps.  

The medical devices are tricky to secure, because they are built to potentially last decades and are expensive to replace, but the underlying technology changes every couple of years. 

Also, learned more about securing the energy sector and their industrial control systems.  

One scary notable item mentioned was about the "big red button" for shutdown in many of these facilities, but apparently there is malware that can even interfere in this critical function. 

It is imperative that as a nation we focus on critical infrastructure protection (CIP) and continuously enhancing our security.

Time is of the essence as our adversaries improve their game, we need to be urgently upping ours. ;-)

(Source Photos: Andy Blumenthal)

@National Cybersecurity Center of Excellence

Top Secret Tinseltown

So this is a city with a lot of secrets. 

I'm not talking about just the run-of-the-mill, non-disclosure agreement (NDA).

This is Top Secret Tinseltown!

And even the stuff that comes out in the news--whether it's clandestine transfers of $1.7 billion to the Ayatollahs in Iran or the Uranium One deal with the Russians, there is plenty of dirty little games going on. 

What was hilarious is when when saw this huge industrial shredding truck in the parking lot:

Paper Shredding * Electronic Destruction * Medical Waste Disposal

And there were a line of cars waiting to get rid of their little secrets.

I kid you not when I say that on a Saturday morning, there were at least 25 cars in line to dispose of their "stuff."

Now who do you know in what city that waits 25 cars deep in line for an industrial shredder on a Saturday morning.

And the cars are pulling up, the trunks are popping open, and boxes and boxes of paper and electronic files are being handed over. 

Gee, I hope the Russians or Chinese aren't getting into the shredding business...and inside the truck isn't a large shredder but a bunch of analysts waiting for you to hand it all over. ;-)

(Source Photo: Andy Blumenthal) 

Top Secret Tinseltown

17 Years Since 9/11

Today is the 17th anniversary since that fateful day of 9/11 when the terrorists brought down both World Trade Centers and ploughed another plane into the Pentagon.

One of the greatest acts of terrorism in history. 

With almost 3,000 dead and the center of our financial and military strength hit in a flash attack, we as a nation stood naked. 

We've gone after the terrorists in Iraq, Afghanistan, Pakistan, Yemen, and more, but still, there is the endless drone of world-wide terrorism. 

Yes, we are lucky that nothing major has happened in the U.S. since 2001.

At the same time, we know that anything could happen at any time--from another terror attack to a catastrophic cyber attack that takes out our critical infrastructure, bioterrorism that wipes out hundreds of millions with genetically engineered viruses, or even nuclear warheads wiping out entire cities or regions of the world. 

Forget natural disasters for the moment, man-made disasters are always just around the corner when it comes to planning and execution.

The FBI and our other dedicated law enforcement personnel try to stop them all, but no one and nothing human is perfect. 

So while we try to maintain an elevated security posture to protect this country and even maybe someday build a wall that doesn't leave us with porous borders for everyone and anyone to get in willy-nilly, many don't or barely remember 9/11 and what it meant. 

We said it changed everything forever, but did we mean it?

17 years and we've been fortunate--very fortunate--but are we ready for the next fateful blow to land in the ongoing war on terror. ;-)

(Source Photo: Andy Blumenthal)

17 Years Since 9/11

Floppy Disk Earrings

So this was an interesting technology fashion statement.

This lady in Washington, D.C. has earrings that are floppy disks. 

One full diskette on each ear!

I guess not only can she wear them, but she can plug them into her computer at work and save or transfer files (that is if you can still find a computer that actually uses these). 

It makes you think though, from a cybersecurity perspective, what other devices can people "wear" to work and use for good or malicious purposes. 

Another scary thought came to mind, how suicide/homicide bombers strap vests with explosives to their bodies too--do terrorists also adhere to a certain "style" even for murdering people? 

Anyway, fashion can be almost anything apparently...if you can find a way to put it on you body. ;-)

(Source Photo: Dannielle Blumenthal)

Floppy Disk Earrings

In the Know Or Dark

So here is one way that some people can (try to) manipulate you--positively or negatively. 

They can help either to keep you "in the know" or "in the dark."

As we all know by now, information is power!

When you're in the know--you are a trusted agent and a valuable resource; you have more dots and more connections between the dots to make; you are able to analyze what's happening and make better decision going forward; you can lead with knowledge, wisdom, and hopefully understanding. People come to you for advice, guidance, and because you are a true asset to the team, your superiors, and the organization. 

When you're in the dark--you are untrusted and unvalued, you may actually be seen as the enemy who needs to be marginalized, put out or taken out! You are kept out of meetings, uninformed or misinformed, and so you become more and more intellectually worthless. Further, others are implicitly or explicitly told that you are poisonous and not to get caught up in the pending slaughter.  A colleague of mine put it this way: "Don't get between a man and his firing squad."   

So with others, there can be information alliances as well as information warfare. 

To a great extent, you are responsible for keeping yourself in the know. You need to build relationships, bridges, and networks. You need to read, observe, and talk to lots of people. You need time to digest and analyze what you learn.  And you must build your information store so that it is ready and actionable. 

But to another extent, there are others--superiors, competitors, bullies, abusers--who just might seek to keep you in the dark and bring you down. Not everyone is your friend...some maybe just the opposite. (Wouldn't it be nice, if we all were just friends!) But showing you the intellectual ass of the group is a powerful nut that once superimposed as an image, cannot be easily distilled. There is plenty of groupthink to go around. And taking out a perceived enemy diffuses their power to everyone else.  What a lousy coup by some nasty f*ckers!

Why some friend and others foe you--who the heck knows. Perhaps some is chemistry; some is tit for tat; some is personal bias and bigotry; and some just the crapshoot of fate. 

In the end, keep doing your part to enhance your value, your friendships, and your integrity. The rest, you have to be vigilant about and realize not everyone wants the lights kept on. ;-)

(Source Photo: Andy Blumenthal)

In the Know Or Dark

Weaponizing Your Privacy

So this was the funniest War of the Roses on the Kane Show that I ever heard. 

They use the Alexa personal assistant from Amazon (voiceover) to call the cheater. 

In this skit, we really see the potential power of these home computing devices. 

Alexa hears and knows everything that goes on in the house (including the cheating).

Alexa confronts the cheater and calls him a few descript names for his infidelity.

Alexa punishes the cheater by going online to purchase items with his credit card. 

Alexa betrays him by calling his girlfriend and telling her about the cheating. 

Cheating aside, maybe this is a great lesson how we should all be considering our privacy in our homes and on our persons before we install Alexa, Siri, Cortana, the Google Assistant or any other personal or home surveillance systems. 

With all the bad actors out there and people that want to steal everything from your money, identity, secrets, and maybe even your wife--these devices are a direct line into your personal life.

This is called weaponizing your privacy!

Tell me, do you really believe that no one is listening or watching you?  ;-)

Weaponizing Your Privacy

Computer Sentiment 1984

So I found this book in an IT colleague's office. 

It's called: "The Unofficial I Hate Computer Book".

It was written in 1984, and like the George Orwell's book by that name, it is a dystopian view of technology. 

The back cover says:

Computer haters of the world unite: It's time to recognize and avenge the wonderful advances we've made thanks to computers--excessive eyestrain and headaches, irritating beeping noises, a one-ton printout where once there was a six-page report, a "simple" programming language you can't understand without five handbooks, a dictionary, and a math degree.

The book goes on with illustration after illustration of unadulterated computer hate and associated violence. 

- Dogs dumping on it (see cover)
- Contests to smash it with a hammer
- Hara-kiri (suicide with a knife) into it
- Skeet shooting computers that are flung into the air
- Shotput with a computer
- Tanks rolling over them
- Sinking it in water with a heavy anvil
- Boxer practicing his punches on it
- Setting it ablaze with gasoline
- And on and on, page after hate-filled page.

So in the last 34-years, have we solved all the annoyances and complexity with computers and automation?  

Do the benefits of technology outway the costs and risks across-the-board?

How do security and privacy play in the equation? 

I wonder what the authors and readers back then would think of computers, tablets, smartphones and the Internet and apps nowadays--especially where we can't live without them at all.  ;-)

(Source Photo: Andy Blumenthal)

Computer Sentiment 1984

From Malware To Malevolent People

So in virus protection on the computer, there are 2 common ways antivirus software works:

1) Signature Detection - There are known patterns of viruses and the antivirus software looks for a match against one of these. 

2) Behavior Detection - There are known patterns of normal behavior on the computer, and the antivirus software looks for deviations from this. 

Each has certain weaknesses:

- With signature detection, if there is a zero-day exploit (i.e. a virus that is new and therefore which has no known signature) then it will not be caught by a blacklist of known viruses.

- While with behavior detection, some viruses that are designed to look like normal network or application behavior will not be caught by heuristic/algorithm-based detection methods. 

For defense-in-depth then, we can see why employing a combination of both methods would work best to protect from malware. 

It's interesting that these same techniques for recognizing bad computer actors can be used for identifying bad or dangerous people. 

We can look for known signatures/patterns of evil, abusive, and violent behaviors and identify those people according to their bad actions.

Similarly, we generally know what "normal" looks like (within a range of standard deviations, of course) and people who behave outside those bounds could be considered as potentially dangerous to themselves or others. 

Yes, we can't jump to conclusions with people -- we don't want to misjudge anyone or be overly harsh with them, but at the same time, we are human beings and we have a survival instinct. 

So whether we're dealing with malware or malevolent individuals, looking at patterns of bad actors and significant deviations from the normal are helpful in protecting your data and your person. ;-)

(Source Photo: Andy Blumenthal)

From Malware To Malevolent People

Cyber Attacks Typology

Saw this acronym to describe the types of cyber threats and thought it was useful.

STRIDE

Spoofing - Falsifying identity to gain systems access

Tampering - Making unauthorized changes to data or systems

Repudiation - Forging identify of actions to data or system to deny responsibility or even blame a 3rd party

Information Disclosure - Stealing (exfiltrating) information and disclosing it to unauthorized individuals

Denial of Service - Depriving legitimate users access to data or systems

Elevation of Privilege - Transforming user account to allow it to exceed legitimate user privileges (e.g. admin account or superuser)

Funny-sad enough, these six types of cyber attacks can cause any information security officer to lose their stride. ;-)

(Source Photo: Andy Blumenthal 

Cyber Attacks Typology

Technology Forecast 2018

Here are Andy Blumenthal's technology forecast and priorities for 2018.

1. Medical Computing - Continue the significant progress and solve the great illnesses of Cancer, Parkinson's, ALS, Alzheimers, and so many other horrible and debilitating diseases. Along with longevity, we need to alleviate human suffering and create a higher quality of living for all people.

2. Environmental Computing - Develop more and better clean technologies that can eliminate the Great Plastic Garbage Patch and other heart-breaking garbage dumps and environmental disasters around the world--clean up, breakdown, recycle, and create a more sustainable and beautiful planet for everyone to enjoy.

3. Quantum Computing - Achieve the ultimate processing power and speed of quantum computing to enable us to solve the greatest of mankind's problems including WMD, and cyber security threats as well as the overcome the transportation and colonization challenges to reach, explore, and settle the depths of outer space.

Technology Forecast 2018

Cybersecurity Vulnerabilities Database

There is a very useful article in Bloomberg about how the U.S. is taking too long to publish cybersecurity vulnerabilities. 

And the longer we take to publish the vulnerabilities with the patch/fix, the more time the hackers have to exploit it!

Generally, the U.S. is lagging China in publishing the vulnerabilities by a whopping 20-days!

Additionally, China's database has thousands of vulnerabilities identified that don't appear in the U.S. version. 

Hence, hackers can find the vulnerabilities on the Chinese database and then have almost three weeks or more to target our unpatched systems before we can potentially catch up in not only publishing but also remediating them. 

Why the lag and disparity in reporting between their systems and ours?

China uses a "wider variety of sources and methods" for reporting, while the U.S. process focuses more on ensuring the reliability of reporting sources--hence, it's a "trade-off between speed and accuracy."

For reference: 

The Department of Commerce's National Institute of Standards and Technology publishes the vulnerabilities in the National Vulnerability Database (NVD).

And the NCD is built off of a "catalog of Common Vulnerabilities and Exposures (CVEs) maintained by the nonprofit Mitre Corp."

Unfortunately, when it comes to cybersecurity, speed is critical.

If we don't do vastly better, we can be cyber "dead right" before we even get the information that we were vulnerable and wrong in our cyber posture to begin with.  ;-)

(Source Photo: Andy Blumenthal)

Cybersecurity Vulnerabilities Database

Never Ever More Vulnerable

So we have never been more technology advanced. And at the same time, we have never been more vulnerable. 

As we all know, our cybersecurity have not kept near pace with our ever growing reliance on everything technology.

There is virtually nothing we do now-a-days that does not involve networks, chips, and bits and bytes. 

Energy
Transportation
Agriculture
Banking
Commerce
Health
Defense
Manufacturing
Telecommunications

If ANYTHING serious happens to cripple our technology base, we are toast!

From a crippling cyberattack that disables or hijacks our systems, steals or locks down our data, or creates massive chaotic misinformation flow to a EMP blast that simply fries all our electronic circuitry--we are at the mercy of our technology underpinnings. 

Don't think it cannot happen!

Whether it's Wannacry ransonware or the Equifax breach of our privacy data or the Kaspersky Labs hidden backdoor to our top secret files or North Korea threatening to hit us with an EMP--these are just a few of the recent cyber events of 2017!

Technology is both a blessing and a curse--we have more capability, more speed, more convenience, more cost-effectiveness than ever before, but also there is greater vulnerability to complete and utter death and destruction!

This is not just a risk that life could become more difficult or inconvenient--it is literally an existential threat, but who wants to think of it that way?

People, property, and our very society is at risk when our cybersecurity is not what it must be.

It's a race of defensive against offensive capability. 

And we can't just play defense, we had better actually win at this! ;-)

(Source Photo: Andy Blumenthal)

Never Ever More Vulnerable

We Broke The Weather

So my friend who lives in FL and recently experienced the crazy hurricanes down there said something very interesting to me. 

This was during the series of numerous recent hurricanes in just a few weeks period of time, including Harvey, IRMA, and Maria that devastated Texas, Florida, and Puerto Rico.

He said to me:

"We broke the weather!"

And after decades of warning about the impact of global warming--maybe he is right.

This last September was the most active month for Atlantic hurricanes ever on record. 

Further, we are seeing simultaneously the deadliest wildfires raging in California in its history. 

This only 13 years after the deadliest Tsunami from the Indian Ocean in recorded times killing about a quarter million people!

And only 28 years after the deadliest Tornado occurred in Bangladesh in 1989 that killed 1,300 people.

All these as if the increasing threats of nukes and other weapons of mass destruction and cyberattack weren't enough to keep you up at night.

As we get more sophisticated and technologically dependent, incredible manmade and natural disasters are threatening us superbig time. 

And over and over again, it is being reported that a well-placed EMP explosion over the United States would kill 90% of the population within a year--talk about a extinction level event!

As we experience temperatures15 degree above normal this fall, even the trees are behaving abnormally as the leaves are not changing to colors of yellows and oranges and reds and purples that we expect and enjoy. 

Nature is messed up by our abuse of the planet and nurture is messed up by megalomaniacs with the weapons to do us in. 

If we don't correct the dangerous path we are on polluting our planet and over-relying on technology then soon we could be turning horrible colors even if the leaves just fall to the ground or turn to ash. ;-)

(Source Photo: Andy Blumenthal)

We Broke The Weather

Reconquest of the Soviet Union

Okay, when I saw this map of the Soviet Union pre-1991 breakup, I got it!

Russia lost 14 Former Soviet Union (FSU) states after the fall of the Berlin Wall.

1. Armenia
2. Azerbaijan
3. Belarus
4. Estonia
5. Georgia
6. Kazakhstan
7. Kyrgystan
8. Latvia
9. Lithuania
10. Moldovia
11. Tajikistan
12. Turkenistan
13. Ukraine
14. Uzbekistan

Could you imagine the United States or the European Union losing something like that?

Think of California and Texas and more seceding and making their own independent states. 

What would that do to the power and capability of this country?

Hence, when Russia goes into FSUs like Georgia and Ukraine (in red)--does a land grab like with Crimea and Abkhazia and South Ossetia--and threatens others, in their Soviet minds, they are just reclaiming what is/was theres.

Now listen, I am not justifying their aggression and hostile actions, but I am realizing/recognizing how explosive a situation this may end up being--especially since Estonia, Latvia, and Lithuania (in blue) changed sides and are now part of NATO!

Russia--even without the 14 FSUs--is the largest country in the world by territory with over 17 million square miles--that is almost the size of the United States and Canada or and China combined!

Russia may not have the economy of the United States but they are a formidable foe that we least not forget also has the largest nuclear weapons stockpile in the world. 

Russia has a history of creating a large world dominating union and their military forays into the FSUs, support of hostile regimes like Syria and in Iran, sizable war games in Belarus, continuing to militarize the Arctic, interfering in our election, stealing our secrets via Kaspersky Lab software is likely just a shadow of what is yet to come. 

So if you think North Korea and Iran are problems...  ;-)

(Source Map: here with attribution to Map Collection)

Reconquest of the Soviet Union

People, Process, and Technology Lifecycles

The table describes the alignment of the various people, process, and technology lifecycles commonly used in Information Technology to the CIO Support Services Framework (CSSF).

The CIO Support Services Framework describes the six key functional roles of the Office of Chief Information Officer (OCIO)--it includes:

1) Enterprise Architecture (Architect)
2) Capital Planning and Investment Control (Invest)
3) Project Management Office (Execute)
4) CyberSecurity (Secure)
5) Business Performance Management (Measure)
6) IT Service (and Customer Relationship) Management (Service)

All these OCIO Functions align to the lifecycles for process improvement (Process), project management (People), and systems development (Technology).

- The Deming Life Cycle describes the steps of total quality management and continuous process improvement (Kaizen) in the organization.

- The Project Management Life Cycle describes the phases of managing (IT) projects.

- The Systems Development Life Cycle describes the stages for developing, operating and maintaining application systems.

Note: I aligned cybersecurity primarily with doing processes, executing projects, and designing/developing/implementing systems.  However, cybersecurity really runs through all phases of the lifecycles!

My hope is that this alignment of people, process, and technology life cycles with the roles/functions of the OCIO will help bridge the disciplines and make it easier for people to understand the underlying commonalities between them and how to leverage the phases of each with the others, so that we get more success for our organizations! ;-)

(Source Graphic: Andy Blumenthal)

People, Process, and Technology Lifecycles

Reading Your Emails

So you know you typically get a message when you log on your computer at work that there is "no expectation of privacy."

Meaning...you're on the corporate network and so remember that you can be monitored. 

Well we all read that warning and sort of know it by heart.

But do you really think that someone is watching you.

Well be assured that they are!

Talking to one of my colleagues and friends recently and this is what happened.

He had to fire one of his senior guys. 

And I asked him why?

He said:

"Because he was dead wood."

I asked what he meant as this was a senior person in the organization that was being let go.

So he said:

"Well I read the last few days of his emails on his account and he was doing absolutely nothing!"

And I was like hmm, that's amazing that you actually go into his account and read his stuff.

Yeah, I know it's not really his employees--the guy is at work--but still it's his email account that he uses, seriously.

So it's not just some corporate spooks sitting in the bowls of the building in a darkened security operations center behind a lot of cool looking screens monitoring your accounts for suspicious activity.

It's your management too that can logon and see and read your stuff, whenever.

So this guy that was fired wasn't just dead wood, he was actually dead meat. 

"Smile you're on camera" in more ways then one.

So if you decide to write some juicy emails today or save some salacious files on "your" computer or on the network, the expectation surely is that they are being read--you can take that to your privacy bank. ;-)

(Source Photo: Andy Blumenthal)

Reading Your Emails

Navy Under Attack?

So there was another collision of a U.S. Navy Destroyer.

The Navy destroyer collided early today with an oil tanker off of Singapore. 

10 sailors are missing and there is significant hull damage. 

This is the 4th known accident just this year of our Navy vessels in Asia waters.

And previously I wrote incredulously about the last Navy collision with a massive container ship in June that resulted in 7 dead. 

How do U.S. Navy ships with the most advanced sensors, navigation, weapons, and command and controls systems in the world--that are supposed to be protecting us--just simply collide with other ships like toys in a bathtub?

These Navy ships are a vital projection of U.S. might, and are supposed to be able to keep the worst foes away and keep our dedicated men and women warfighters safe at sea--whether from bomb-laden terrorist attack speed boats to anti-access/area denial missiles and all threats from on, above, or below. 

Yet, they just keep crashing...

There was supposedly some buzz online about a stealthy new cyber weapon that is attacking our ships and making them useless and helpless pieces of (G-d forbid) floating junk at sea or perhaps enabling them to be hacked and electronically commandeered and controlled in order to crash them.

Either way, how many collisions does it take for this to become a concerning problem with our Navy's ability to manage the ships under their command and be ever war-ready. 

Our ships are a major element of our national strength and security, and loss of control implies a potentially great risk to our nation. 

We need our Navy and their tremendous people, assets, and expertise to safeguard our people, freedom, and democracy.

A few months ago, there was a hackathon to test the Navy's systems' security--and most certainly, this is a crucial type of test that we potentially face every day in real life.

These are challenging times for everything cybersecurity, so let's make sure we have all the capabilities we need and are fully up to the task to defend ourselves and take out our enemies--it's not just our Navy in the spotlight and at risk. ;-) 

(Source Photo: With attribution to CNN and adapted from here)

Navy Under Attack?