Showing posts with label Hardening. Show all posts
Showing posts with label Hardening. Show all posts

October 28, 2017

Deterrence Alone Is Not A Strategy

So there is a military doctrine that has been in place for decades. 

- MAD - Mutually Assured Destruction 

If you attack the USA with weapons of mass destruction, you'll get an overwhelming responses that will totally destroy your country. 

This was what supposedly held the USSR at bay during the cold war. 

And even recently, President Trump threatened North Korea that they would be "totally destroyed" if they try anything on us. 

The problem is that the MAD doctrine of deterrence assumes incorrectly that you are always dealing with rational actors and not with madmen.

Let's face it, their are plenty of crazies out there, and some of whom may be willing to go down in a "blaze of glory" as long as they stand up to the United States and die a heroes death for their radicalized or "subjected" people. 

Whether it's Iran or North Korea or others--we may not know what we are really dealing with here until it's too late. 

Life is not everything to these people--remember many a terrorist has died a martyrs death with the promise of 72 virgins in heaven awaiting them. 

To some, as Prime Minister Gold Meir stated:
"Peace will come when the Arabs will love their children more than they hate us!"

Hate by virtue of perceived injustice, required Jihad or "holy war," brainwashing or threats and the desire for a "glorious death" standing up to the infidels or the "great Satan...any of all of these can contribute to ignoring the consequences. 

Israel has tried to deter horrible homicide bombers/and other mad terrorists from performing their evil misdeeds on the civilian population by for example, demolishing the terrorist homes as a potent consequence that they know going into it, yet many terrorists still wear the explosive vests and detonate anyway.

Similarly, North Korea despite the President's threat that they "will be met with fire and fury like the world has never seen," brushed it off and shot off more volleys of ICBMs and threatened to engulf Guam in fire. 

- The point is that deterrence alone is not a strategy!

If our enemies can hit us with a devastating attack--whether WMD, cyber, EMP, or quantum attack-- that can inflict immeasurable harm on us--they may actually choose to take their best shot, rather than wait for us to hit them or continue to feel disrespected, subjected, inferior, and hopeless.

To someone on the radical fringes or the mental edge, maybe--just maybe--they will do the unthinkable and surprise us.

What good will our fire and fury counterstrike do us, when our cities are in ruin and our people dead and dying en masse. 

Revenge isn't so sweet when your family, homeland, and virtually everything you know and held dear is gone.

The only real military strategy is to be able to defend ourselves and AVOID getting a homeland catastrophe!

We need massive investment and expertise in missile defense, bio defense, cyber defense, quantum computing, and expansive hardening of our critical infrastructure.

Unfortunately, as naysayers to the threats abound, we are no where near where we need to be in protecting the homeland.

If one person falls from the high wire and smashes their head, what good is it that the other person falls and suffers similarly or worse. 

The point is not to fall, not to get hurt, not to die, not to have our country and way of life destroyed.

Deterrence does not guarantee this security to the country--especially when dealing with no shortage of radicalized nuts out there. 

Only a genuine defense that can STOP and counter the threats BEFORE a devastating attack happens and hits us is a strategy worth pursuing ...and THEN you can punch the other person squarely in their devil's face!

Without an adequate defensive strategy, get ready, because every high flying act eventually falls to the ground and hits their head hard. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

May 22, 2013

Blackout Nation

We are reaching an exciting but dangerous phase of technology adoption where our dependence is virtually complete. 

From mobile to social computing, from telecommunications to transportation, from industrial systems to electronic health records, from banking to eCommerce, from homeland security to national defense--we are dependent on technology.

But while technology proliferates everywhere, so do the risks. 

Bloomberg BusinessWeek (16 May 2003) in an article called "The City That Runs On Sensors" talks about how initiatives like IBM's smart-cities is bringing sensors and technology to everything running our towns--"Smart [city] innovation is improving our economic fabric and the quality of our life."

The flip side is an editorial in today's Wall Street Journal by former CIA director James Woolsey and Peter Pry who served on the congressional EMP commission warning how "A single nuke exploded above America could cause a national blackout for months" or years (stated later in article)

They write that "detonating a nuclear weapon high above any part of the U.S. mainland would generate a catastrophic electromagnetic pulse" (EMP)--and that this "would collapse the electric grid and other infrastructure that depends on it."

This would be a national blackout of epic proportions that would impact all areas for 21st century sustainment of 311 million lives. Think for yourself--what would you be able to do and not do without the computers and telecommunications that you use every day? 

Woolsey and Pry call for a preemptive surgical strike, for example, to prevent North Korean development of an ICMB capable of inflicting a nuclear EMP strike, but you can imagine other nations that pose a similar threat. 

While be beef up our Cyber Corps and attempt to strengthen our tools, methods, and configurations, this is just the tip of the iceberg when it comes to securing cyberspace. 

Cybersecurity is more than just protecting us from malware infiltration and exfiltration--because the whole IT system that our society is built on can be wiped out not by cyber attack alone, but rather by collapsing the very electronic infrastructure that we rely on with a pulse of electromagnetic radiation that will fry the very circuits that run our devices. 

While we build firewalls and put up intrusion detection and prevention guards and establish a court system of antivirus and spamware to put away violators and so on, how shall we prepare for a pulse attack that can incapacitate the electronics underpinnings--security and all? 

"Star Wars" missile defense, preemptive action, and hardening of critical infrastructure are all security options--it costs money to keep the IT lights on, but better to pay now, then pay catastrophically bigger later. ;-)

(Source Photo: Andy Blumenthal)


Share/Save/Bookmark

May 4, 2012

Leadership Cloud or Flood Coming?

I came across two very interesting and concerning studies on cloud computing--one from last year and the other from last month.

Here is a white paper by London-based Context Information Security (March 2011)

Context rented space from various cloud providers and tested their security. 

Overall, it found that the cloud providers failed in 41% of the tests and that tests were prohibited in another 34% of the cases --leaving a pass rate of just 25%!

The major security issue was a failure to securely separate client nodes, resulting in the ability to "view data held on other service users' disk and to extract data including usernames and passwords, client data, and database contents."

The study found that "at least some of the unease felt about securing the Cloud is justified."

Context recommends that clients moving to the cloud should:

1) Encrypt--"Use encryption on hard disks and network traffic between nodes."

2) Firewall--"All networks that a node has access to...should be treated as hostile and should be protected by host-based firewalls."

2) Harden--"Default nodes provisioned by the Cloud providers should not be trusted as being secure; clients should security harden these nodes themselves."

I found another interesting post on "dirty disks" by Context (24 April 2012), which describes another cloud vulnerability that results in remnant client data being left behind, which then become vulnerable to others harvesting and exploiting this information.

In response to ongoing fears about the cloud, some are choosing to have separate air-gaped machines, even caged off, at their cloud providers facilities in order to physically separate their infrastructure and data--but if this is their way to currently secure the data, then is this really even cloud or maybe we should more accurately call it a faux cloud? 

While Cloud Computing may hold tremendous cost-saving potential and efficiencies, we need to tread carefully, as the skies are not yet all clear from a security perspective with the cloud. 

Clouds can lead the way--like for the Israelites traveling with G-d through the desert for 40 years or they can bring terrible destruction like when it rained for 40 days and nights in the Great Flood in the time of Noah. 

The question for us is are we traveling on the cloud computing road to the promised land or is there a great destruction that awaits in a still immature and insecure cloud computing playing field? 

(Source Photo: here with attribution to freefotouk)


Share/Save/Bookmark