June 9, 2013
Turnkey Cyberwar
It's called Plan X and it's being pursued by the Defense Advanced Research Projects Agency (DARPA).
The idea is for cyber warfare to be conducted like traditional kinetic warfare--where "munitions made of 1s and 0s [are] to be as a simple to launch as ones made of metal and explosives."
Cyberspace is considered a domain of warfare similar to land, sea, air, and space, and it is necessary to be able to craft offensive capabilities where "a military operator can design and deploy a cyber effect, know what it's going to accomplish...and take the appropriate level of action."
We can't fly by the seat of our pants in cyberspace any longer; we've got to have turnkey solutions ready to launch in order to defend our people and interests.
To accomplish this, we need:
1) Surveillance: A good map of cyberspace detailing enemy cyber outposts and threats akin to the geographical maps we have identifying physical targets and dangerous movements.
2) Weapons: Reliable cyber weapons ready to take on and take out enemy networks similar to kinetic weapons ready to destroy their military hardware and infrastructure.
3) Launch protocols: The rules of engagement for attack and counterattack and the ability to intuitively and securely unleash those even faster then the turnkey capabilities with which we can respond with traditional military might.
Whether, the cyber weapon looks like Angry Birds or some other point (at the target) and swipe (to launch at them) interface is almost beside the point--what is key is that we are ready to fight like hell in cyberspace, win uncontested, and keep the peace again. ;-)
(Source Photo: here with attribution to Great Beyond)
May 8, 2013
Fun, The Good 'ol Fashion Way
This guy was getting a cheap ride down the thoroughfare in a bin.
She was pushing and he had his arm raised as the winner of the big race.
It reminded me of when we were kids and used to ride go-karts down the hill--and only after we picked up some speed did we realize that the breaks didn't work that good.
Oh well, a little flip and some chuckles and no worse for the wear.
Those were the days, young and carefree--nothing to worry about except whose house we were going over to, next, to wreck some havoc.
I remember, one day we were having a huge wet paper towel fight and one kid ran into the garage to escape the barrage, I gave chase and unwittingly pushed against the glass in the door to follow and oops my hand went right through.
Not a pretty sight, but I thank G-d lived to tell my kids about it, and now they got one up on me when they do something a little out of bounds and fun--actually they are a lot better than I was at that age.
And it wasn't that I was a bad kid, I was actually one the good ones--or so I was told--but before we all had computers, the Internet, social media, and smartphones, we had each other.
It wasn't the technology that drove us, but rather the evolving web of interactions (today my new best friend is...), the challenges we made up (let's bike up to Tarrytown in 100+ degree heat), the fun we found ourselves in (from the board game Risk to early gaming on the Atari, or just cleaning out a friends garage for a few bucks)--times were simpler, more innocent, and in a way better.
When we went home at night from work or for the weekend, our time was our own--were weren't glued to email and always on call.
When we attended an event, we didn't check our Facebook and Twitter, but paid attention to the company we were in.
When we ate dinner together, maybe the one rabbit-ear TV was going in the background with one of the 3 networks stations, but everyone wasn't being pulled away for gaming, blogging, or some Internet shopping.
Don't get me wrong, I love my technology as much or maybe more than the next guy, but I also miss just being me in the physical world with my family and gang of friends, and not just so much TheTotalCIO in the office and in cyberspace. ;-)
(Source Photo: Andy Blumenthal)
Fun, The Good 'ol Fashion Way
March 29, 2013
Catching More Flies With Honey
And this is true in cyberspace as well...
Like a honey pot that attracts cyber criminals, organizations are now hiring "ethical hackers" to teach employees a lesson, before the bad guys teach them the hard way.
The Wall Street Journal (27 March 2013) reports that ethical hackers lure employees to click on potentially dangerous email links and websites, get them to provide physical access to data centers and work site computers, or give up passwords or other compromising information through social engineering.
The point of this is not to make people feel stupid when they fall for the hack--although they probably do--but rather to show the dangers out there in cyberspace and to impress on them to be more careful in the future.
One ethical hacker company sends an email with a Turkish Angora cat (code-named Dr. Zaius) promising more feline photos if people just click on the link. After sending this to 2 million unsuspecting recipients, 48% actually fell for the trick and ended up with a stern warning coming up on their screen from the cyber security folks.
Another dupe is to send an faux email seemingly from the CEO or another colleague so that they feel safe, but with a unsafe web link, and see how many fall for it.
While I think it is good to play devil's advocate and teach employees by letting them make mistakes in a safe way--I do not think that the people should be named or reported as to who feel for it--it should be a private learning experience, not a shameful one!
The best part of the article was the ending from a cyber security expert at BT Group who said that rather than "waste" money on awareness training, we should be building systems that don't let users choose weak passwords and doesn't care what links they click--they are protected!
I think this is a really interesting notion--not that we can ever assume that any system is ever 100% secure or that situational awareness and being careful should ever be taken for granted, but rather that we need to build a safer cyberspace--where every misstep or mistake doesn't cost you dearly in terms of compromised systems and privacy. ;-)
(Source Photo: Dannielle Blumenthal)
Catching More Flies With Honey
June 16, 2012
Securing Transport To The Cloud
"It’s the principle of inertia: An object in motion stays in motion unless disturbed. Just like a car on a highway, everything zips along just fine until there’s a crash. This is similar with information on the superhighway."
Let's all do our part to secure cyberspace.
Hope you enjoy!
(Source Photo: here with attribution to Kenny Holston 21)
Securing Transport To The Cloud
January 27, 2012
Cyber War - The Art of The Doable
The host Steve Kroft lays the groundwork when he describes information or cyber warfare as computers and the Internet that is used as weapons and says that "the next big war is less likely to begin with a bang than with a blackout."
This news segment was hosted with amazing folks like Retired Admiral Mike McConnell (former Director of National Intelligence), Special Agent Sean Henry (Assistant Director of the FBI's Cyber Division), Jim Gosler (Founding Director of CIA's Clandestine Information Technology Office), and Jim Lewis (Director, Center for Strategic and International Studies).
For those who think that cyber war is a virtual fantasy and that we are safe in cyberspace, it's high time that we think again.
Here are some highlights:
- When Retired Admiral McConnel is asked "Do you believe our adversaries have the capability of bringing down a power grid?" McConnell responds "I do." And when asked if the U.S. is prepared for such an attack, McConnell responds, "No."
- Jim Gosler describes how microchips made abroad are susceptible to tampering and could "alter the functionality" of let's say a nuclear weapon that needed to go operational, as well as how they "found microelectronics and electronics embedded in applications that shouldn't be there."
- Special Agent Henry talks about how thieves were able to steal more than a $100 million from banks in less than half a year, not by holdups but through hacking.
- Jim Lewis tells of the "electronic Pearl Harbor" that happened to us back in 2007, when terabytes of information were downloaded/stolen from our major government agencies--"so we probably lost the equivalent of a Library of Congress worth of government information" that year and "we don't know who it is" who broke in.
The point is that our computers and communications and all the critical infrastructure that they support--including our defense, energy, water, transportation, banking, and more are all vulnerable to potentially lengthy disruption.
What seems most difficult for people to grasp is that the bits of bytes of cyberspace are not just ephemeral things, but that thy have real impact to our physical universe.
Jim Lewis says that "it doesn't seem to be sinking in. And some of us call it 'the death of a thousand cuts.' Every day a little bit more of our intellectual property, our innovative skills, our military technology is stolen by somebody. And it's like little drops. Eventually we'll drown. But every day we don't notice."
Our computer systems are vulnerable and they control virtually all facets of lives, and if the enemy strikes at our cyber heart, it is going to hurt more than most of us realize.
We are taking steps with cyber security, but we need to quickly shift from a reactive stance (watching and warning) to a proactive posture (of prevention and protection) and make cyber warfare a true national priority.
Cyber War - The Art of The Doable
July 23, 2011
Getting To Swift Cyber Justice
The first Department of Defense Strategy for Operating in Cyberspace is out (July 2011).
- "DoD is particularly concerned with three areas of potential adversarial activity: theft or exploitation of data; disruption or denial or service of access or service..., and the destructive action--including corruption, manipulation, or direct activity that threatens to destroy or degrade network or connected systems."
- "Cyber threats to U.S. national security go well beyond military targets and affects all aspects of society. Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks and systems that control civilian infrastructure."
- "Every year, an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government departments and agencies."
Getting To Swift Cyber Justice
January 16, 2011
"Your Brain On Google"
"Your Brain On Google"
September 26, 2010
Now The Computer War Games Are Real
The Iranian nuclear program hit has been claimed for civil nuclear power but has long been suspected of being a cover for making weapons, and Iran has been unabashedly vocal about its hostile intent to many nations, even going so far as to openly threaten some, especially Israel, with complete “annihilation.”
The technical aspects of Stuxnet as a weapon are fascinating, for this is the first computer program “specifically created to take over industrial control systems.” Another article in U.K.’s The Guardian quotes another source as saying it is “one of the most refined pieces of malware ever discovered.”
This worm works by exploiting Windows operating systems security holes and taking over critical infrastructure SCADA systems (AKA Supervisory Control And Data Acquisitions systems or industrial control systems).
What is maybe even more amazing than the technical feat of Stuxnet, is that for months or years, everyone has been focused on and hypothesizing about when a traditional military strike was going to occur to the ever menacing Iranian nuclear threat. However, instead of conventional planes and bombs making a big bang (remember “shock and awe”), we get a silent but “very sophisticated” cyber worm that no one seems to have expected.
So times have certainly changed and with it warfare. Prior military engagements occurred on land, sea, and air with kinetic “bang/boom” weapons. Today they have a new domain in cyberspace with bits and bytes that are just as impactful. But I think what hasn’t really hit home with most people is that cyber war is not just virtual, like playing a video game (like the SIMS) or acting out in virtual reality (like Second Life); cyberwarfare starts online but has real physical ramifications as we see with the Stuxnet worm. Industrial systems like nuclear plants or hosts of other critical infrastructure (in manufacturing, energy, telecommunications, etc.) can be taken out with cyber bombs just like with real bombs maybe even better, faster, cheaper, and cleaner (less collateral damage).
We had all better be prepared for the fight in this new realm as the potential damage is as real as any we have ever seen before.
Now The Computer War Games Are Real
April 3, 2010
Reality Trumps Virtuality
What a crazy news story (reported through South Korean news media)—and true. This South Korean couple, addicted to a video game, ends up starving their 3-month old child to death.
The video game that the couple was addicted to happened to be about raising a virtual child—of all things.
The couple—a 41 year old father and 25 year old mother were both unemployed—and fed their child only once a day, while they spent 4-6 hours a day playing games at the Internet café.
When the child died, the couple was playing video games all night long.
This is an unbelievably tragic story that defies logic, where troubled parents caught in the web of the virtual world, abrogate their responsibilities to themselves and their child in the real world.
So are these two parents just a bunch of whack jobs…an oddity that we shake our heads at disapproving or is this something more?
While the American Medical Association has so far declined to include Internet Addiction Disorder in the Diagnostic Statistical Manual, pending further study, we know that we as a society have become in a sense obsessed (although maybe not yet clinically) with everything online—getting information, communicating, networking, shopping, and gaming—and for the most part, we love it!
Some programs like Second Life even go so far as to create virtual worlds where people interact with each other through avatars. They meet, socialize, and participate in activities in a world of only composed of 3-D models—where reality is what programmers make of it—in a coding sense.
Social networks, like Facebook, MySpace, LinkedIn, and numerous specialized online communities—for all sorts of shared interests from books to music, dating to investing, and philanthropy to travel—are available to chose from and are widely popular destinations.
It seems truly that many people have become more comfortable living in the IP address on the World Wide Web than at their street address within their true day-to-day realities. Their chosen avatars, pseudo-names, and online profiles often far more exciting then the persons, occupations, and lifestyle they physically inhabit. The virtual world has become an escape for many, and a place many are all too happy to engross themselves in 2, 4, 6 or more hours a day.
What happens to the occupants of our real world, when we choose to retreat to virtual worlds?
Well at the extreme is the fate of the 3-month old baby who died of neglect and hunger. More common are spouses and children, and others—family, friends and associates—who are increasingly physically and emotionally distant.
Our connection to people in real life—around us—are traded in for long-distance, abstract, and virtual relationships with people we often hardly know on the Internet.
We routinely trade emails, instant messages, tweets, and blog comments, with people who we hardly know—often do not even know people’s real names and cannot pronounce their presumed cities of residence.
While the Internet is in many ways miraculous in its ability to bring us together—across time and space, in other ways it can potentially substitute the surreal for the real, the meaningless for the meaningful, and empty chatter with people we barely know and never really will for true giving with people we absolutely care about.
At the extreme, we cannot let real children die because we are hiding in cyberspace feeding our virtual addiction. In more common terms, we must not trade our most important real world relationships and activities for those that are phantom experiences in cyberspace.
It is great to extend our reach with the Internet, but it is not okay to do so at the expense of those that are truly at arms reach. We must find a balance between the two worlds we now live in—real and virtual!
While there is every reason to love the Internet—communication, connection, and convenience—it has also become a retreat from people’s very real world problems.
When Online, people are not hungry, not sick, not unemployed, not lonely, not judged—instead they are in a sense one with everybody else in a common pool of bite and bytes—where no one knows them or their situations. Online, they are anonymous, no ones and at the same time anyone they want to be.
The Internet is a great place to be—to escape to—sort of the like the Holodeck on the Star Trek. Choose your program—and you can be in any time and at any place—interacting with anybody. It is not real, but it feels real when you are there.
I remember when I used to watch Star Trek and be fascinated by the experiences the characters had when they went into the Holodeck’s alternate reality. At the same time (and I think this was the intention of the show), after awhile I found myself wanting the characters to get back to reality and deal with the issues that they truly had to face. Somehow watching them escape “too much” wasn’t very satisfying.
To me, real relationships, even with and maybe because of their inherent challenges and tests, is more satisfying than virtuality, because of the deeper impact of the actions and interactions. Cyberspace is a great augmented reality, but it cannot replace reality.
In the end, being online is a nice place to visit (and there are a lot of benefits to being there), but I wouldn’t want to live there all the time and miss the real fun.
Reality Trumps Virtuality
September 15, 2009
Happy Birthday Internet
On September 2, 2009, the Internet celebrated its fortieth birthday.
ComputerWorld (14 Sept. 2009) reports that 40 years ago “computer scientists created the first network connection, a link between two computers at the University of California, Los Angeles.” This was the culmination of research funded by the Defense Advanced Research Projects Agency (DARPA) in the 1960s.
This information technology milestone was followed by another, less than two months later, on October 29 1969, when Leonard Kleinrock "sent a message from UCLA to a node at the Sanford Research Institute in Palo Alto, California."
While the Internet conceptually become a reality four decades ago, it didn’t really go mainstream until almost the 1990’s—with the founding of the World Wide Web project in 1989, AOL for DOS in 1991, and the Mosaic browser in 1993.
Now, I can barely remember what life was like before the Internet. Like the black and white pictures of yester-year: life was simple and composed, but also sort of lifeless, more boring indeed, and less colorful for sure. In other words, I wouldn’t want to go back.
Also, before the Internet, the world was a lot smaller. Even with connections to others far away—by phone and by plane—people’s day-to-day connections were more limited to those in close proximity—on their block, down on Main Street, or in and around town. It took an extra effort to communicate, share, deal, and interchange with people beyond the immediate area.
At present with the Internet, every email, chat, information share, e-commerce transaction, social media exchange, and application are a blast across the reaches of cyberspace. And like the vastness of the outer space beyond planet Earth, cyber space represents seemingly endless connectivity to others over the Internet.
What will the Next Generation Internet (NGI) bring us?
ComputerWorld suggests the following—many of which are already with us today:
- Improved mobility—like “showing you things about where you are” (for example, where’s the nearest restaurant, restroom, or service station or even where are your friends and family members).
- Greater information access—“point your mobile phone at a billboard, and you’ll see more information” about a particular advertisement.
- Better e-commerce—“use the Internet to immediately pay for goods.”
- Enhanced visualization—Internet will “take on a much more three-dimensional look.”
I believe the future Internet is going to be like Second Life on steroids with a virtual environment that is completely immersive—interactive with all five senses and like speaking with Hal the computer, answering your every question and responding to your every need.
It’s going to be great and I’m looking forward to saying “Happy Birthday Internet” for many more decades, assuming we don’t all blow ourselves out of the sky first.
Happy Birthday Internet
July 14, 2009
A Call to IT Arms
Recently, I heard a colleague say that we should view IT not as a cost center, but as a resource center—and I really liked that.
In fact, IT is a cost center and a resource center, but these days there is an overemphasis on it being a cost center.
On the negative side, people seem to like to criticize IT and point out the spectacular failures there have been, and in fact, according to Public CIO “a recent study by the Standish Group showed that 82% of all IT project were either failures or were considered challenged.”
This is the dark side of IT that many would like to dwell on.
However, I would argue that while we must constantly improve on IT project delivery, IT failures can be just a point in time on the way to tremendous success and there are many of these IT successes that we benefit from in big and small ways every day.
Moreover, it may take 1000 failures to achieve that one great breakthrough success. That is the nature of innovation and experimentation.
Of course, that does not mean we should do stupid or negligent things that results in failed IT projects—we must do our best to be responsible and professional stewards. But, we should not be afraid to experiment and fail as a healthy part of the creative process.
Thomas Edison said: “I have not failed. I’ve just found 10,000 ways that won’t work.”
So why are we obsessed with IT failures these days?
Before the dot com bust, when technology was all the rave, and we enjoyed the bounty of new technologies like the computer, cell phones, handhelds, electronics galore, the Internet and all the email, productivity software and e-commerce and business applications you could ask for, the mindset was “technology is the engine that drives business.” And in fact, many companies were even changing their names to have “.com” in them to reflect this. The thinking was that if you didn’t realize the power and game-changing nature of technology, you could just as well plan to be out of business in the near future. The technologies that came out of those years were amazing and you and I rely on these every day.
Then after the dot-com burst, the pendulum swung the other way—big time! IT became an over zealous function, that was viewed as unstructured and rampant, with runaway costs that had to be contained. People were disappointed with the perceived broken promises and failed projects that IT caused, and IT people were pejoratively labeled geeks or techies and viewed as being outside the norm—sort of the societal flunkies who started businesses out of home garages. People found IT projects failures were everywhere. The corporate mindset changed to “business drives technology.”
Now, I agree that business drives technology in terms of requirements coming from the business and technology providing solutions to it and enabling it. But technology is also an engine for growth, a value creator, and a competitive advantage!
Further, while some would argue these days that IT is “just a tool”, I would counter that IT is a true strategic asset to those who understand its role in the enterprise. I love IT and I believe we all do and this is supported by the fact that we have become basically insatiable for IT. Forrester predicts U.S. IT budgets in 2009 will be in the vicinity of $750 billion. (http://it.tmcnet.com/topics/it/articles/59200-it-market-us-decline-51-percent-2009-researchers.htm) Think about what you want for the holidays—does it have IT in it?
A recent article in the Wall Street Journal was about how the homeless are so tied to technology that many have a computer with Internet access, even when they don’t have three square meals a day or a proper home to live in.
Another sign of how critical IT has become is that we recently stood up a new Cyber Command to protect our defense IT establishment. We are reliant indeed on our information technology and we had better be prepared to protect and defend it.
The recent White House 2009 Cyberspace Policy Review states: “The globally-interconnected digital information and communications infrastructure known as “cyberspace” underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security.”
It's time for the pendulum to swing back in the other direction and to view IT as the true strategic asset that it is.
A Call to IT Arms
June 27, 2009
Now We All Have Skin In The Game
It used to be that cybersecurity was something we talked about, but took for granted. Now, we’re seeing so many articles and warnings these days about cybersecurity. I think this is more than just hype. We are at a precipice, where cyberspace is essential to each and every one of us.
Here are some recent examples of major reviews in this area:
- The White House released its 60-days Cyberspace Policy Review on May 29, conducted under the auspices of Melissa Hathaway, the Cybersecurity Chief at the National Security Council; and the reports states: “Cybersecurity risks pose some of the most serious economic and national security challenges of the 21st century…the nation’s approach to cybersecurity over the past 15 years has failed to keep pace with the threat."
- The Center for Strategic and International Studies’ Commission on Cybersecurity for the 44th President wrote in a December 2008 report: “America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration…It is a battle we are losing.”
Cyberspace is becoming a more dangerous place as the attacks against it are growing. Federal Computer Week, June 2009, summarized the threat this way:
“Nation states are stealing terabytes of sensitive military data, including some of the most advanced technology. Cybercrime groups are taking hundreds of millions of dollars from bank accounts and using some of that money to buy weapons that target U.S. soldiers. The attacks are gaining in sophistication and the U.S. defenses are not keeping up.”
Reviewing the possibilities as to why this is happening: Have we dropped our guard or diverted resources or knowhow away from cybersecurity in a tight budgetary environment and now have to course correct? Or, have our adversaries become more threatening and more dangerous to us?
I believe that the answer is neither. While our enemies continue to gain in sophistication, they have always been tenacious against us and our determination has never wavered to overcome those who would threaten our freedoms and nation. So what has happened?
In my view the shift has to do with our realization that technology and cyberspace have become more and more vital to us and underpins everything we do--so that we would be devastated by any serious disruption. As the Cyberspace Policy Review states definitively: “The globally-interconnected digital information and communications infrastructure known as “cyberspace” underpins almost every facet of modern society and provides critical support for the U.S economy, civil infrastructure, public safety, and national security.”
We rely on cyberspace in every facet of our lives, and quite honestly, most would be lost without the connectivity, communications, commerce, productivity, and pleasure we derive from it each and every day.
The result is that we now have some serious “skin in the game”. We have something to lose--things that we deeply care about. Thus, we fear for our safety and survival should something bad happen. We think consciously or subconsciously how would we survive without the technology, Internet, and global communications that we have come to depend upon.
Let’s think for a second:
What if cyberspace was taken down or otherwise manipulated or controlled by hostile nation states, terrorists, or criminals?
Would there be a breakdown in our ability to communicate, share information, and learn? Would there be interruptions to daily life activities, disruptions to commerce, finance, medicine and so forth, concerns about physical safety or “accidents”, risks to critical infrastructure, and jeopardy to our ability to effectively protect ourselves and country?
The point here is not to scare, but to awaken to the new realities of cyberspace and technology dependence.
Safeguarding cyberspace isn’t a virtual reality game. Cyberspace has physical reality and implications for all of us if we don’t protect it. Cyberspace if a critical national asset, and we had better start treating it as such if we don’t want our fear to materialize.
Now We All Have Skin In The Game