Remodulate The Shields For Cyber Security

I really like the concept for Cyber Security by Shape Security.

They have an appliance called a ShapeShifter that uses polymorphism to constantly change a website's code in order to prevent scripted botnet attacks--even as the web pages themselves maintain their look and feel.  

In essence they make the site a moving target, rather than a sitting duck. 

This is like Star Trek's modulating shield frequencies that would prevent enemies from obtaining the frequency of the shield emitters so they could then modify their weapons to bypass the shield and get in a deadly attack. 

In real life, as hackers readily change their malware, attack vectors, and social engineering tactics, we need to be agile and adapt faster than the enemy to thwart them. 

Changing defense tactics has also been used by agencies like Homeland Security to alter screening methods and throw potential terrorists off from a routine that could be more easily overcome.

I think the future of IT Security really lies in the shapeshifter strategy, where the enemy can't easily penetrate our defenses, because we're moving so fast that they can't even find our vulnerabilities and design an effective attack before we change it and up our game again.  

And hence, the evil Borg will be vanquished... ;-)

Remodulate The Shields For Cyber Security

Should Or Shouldn't The U.S. Attack Syria

As the hour approaches for a punishing U.S. attack on Syria, here are some thought on why or why not to do it:

Reasons Not To Attack Syria:

War-weary--The U.S. has been fighting back since 9/11 2001, how much more blood and treasure should we spend in a war that has brought limited results with over 5K dead and over 50K wounded Americans and costing almost $1.5 trillion dollars so far. 

World policeman--No country alone, including the U.S. can be the policeman for the world. We cannot get involved in every war and skirmish: we can't afford it; it is a distraction from our full slate of pressing domestic issues, and we ourselves are not perfect. 

International Discord--Russia and China, two other U.N. Security Council members are not on board with us in punishing Syria for use of chemical weapons or for ending the conflict there. Even the U.K backed out of the operation. 

Potential backlash--Syria, Hezbollah, or Iran may lash out at American interests, including neighboring Israel, embassies/posts worldwide, oil infrastructure, and more. 

Limited strike, limited benefits--With all the media and lack of secrecy on this operation, the Syrians have had the notice and time to vacate suspected target attack sites and move critical equipment out. Also, we have already ruled out attacking the chemical weapons themselves due to fear of collateral damage. Plus, we have already said that we are not going to try and unseat Assad or end the fighting. So will hitting some empty buildings in a civil war that has already been going for more than 2 years have anything but symbolic impact? 

Reasons To Attack Syria:

Morality--We can't stand idly by while Assad indiscriminately is killing civilians (including women and children). 

Norms of War--We must send a message that use of Weapons of Mass Destruction (WMD) is horrific and a precedent that is unacceptable. 

Red Line--We drew a red line and now we must adhere to it; our words and deeds must be consistent or else we lose credibility. 

Punish bad behavior--The Syrian civil war has cost over 100,000 lives so far and displaced millions, torturing and executing civilians and using chemical weapons is bad nation state behavior and must be punished to mete out justice, as a deterrent, as a rehabilitative action, and to reimpose some equality back in the fight.

Protect Ourselves--Being clear and sending a global message that use of WMD is unacceptable helps in the end to protect us from being victims of such a dastardly deed as well. It is in our own national self-interest.

Axis of Evil--Syria, Iran, and Hezbollah are working together to spread Anti-American and Anti-Israel hatred, terrorism, and to develop WMD (including Nukes) to threaten us and establish a greater stranglehold on the Middle-East as well as Europe. This is a war that is not desired by us, but one that has been thrust upon us by adversaries seeking our destruction. 

Closing Thoughts:

If we do it, then we should do it right.  

"Sending a message," in Syria rather than fighting to win something strategically meaningful and tangible continues to leave us vulnerable and just having to fight another day.

We can't straddle issues of morality, norms of war, and defense of our nation and way of life--either take out Assad, end the bloodshed, and establish a peaceful, democratic government or what is the point?

Obviously, there are arguments to be made on either side. 

But what is frustrating is that making a decision after we've concluded wrongdoing, and doing something positive is seeming to take too long, and strong leadership is required to bring resolution and greater good. 

Moreover, we need to look at the greater threat picture, so while sending Tomahawk missiles to Syria for their chemical weapons use, what about doing a full stopover in Iran with some Bunker Busters to put an end to their menacing and blatantly genocidal nuclear WMD program.

Wishy washy isn't going to make us any righter or safer, definitive results-oriented action can. 

(Source Photo: here with attribution to zennie62)

Should Or Shouldn't The U.S. Attack Syria

Why People Spy

There is an interesting article in the Wall Street Journal (31 May 2013) about why people spy.

The former CIA case officer, who recruited others to become traitors and wrote the article says, it comes down to MICES:

- Money: "We give you cash, and you steal secrets."

- Ideology: The person no longer believes in their system of government or has been abused by the system.

- Conscience: Someone who is looking to atone for the crimes/sins of the system or of themselves. 

- Ego: This is a person who responds to stroking of their self-esteem and sense of purpose.

- Sex: A fifth powerful motivator is sex or a relationship that may address people's feelings of isolation or loneliness. 

Thinking about the motivation for spying in terms of Maslow's Hierarchy of Needs, I have connected the five techniques to turn someone with their basic needs, making the Pyramid of Spying:

- Money fulfills people's base physiological needs.

- Ideology appeals to someone who has been abused and hates the system and thus is tied to motivations for safety and security.

- Sex/relationships has to do with social needs.

- Stroking someone's ego fulfills his/her esteem needs. 

- Spying for reasons of conscience (e.g. what some would consider becoming enlightened) is driven by the need to self-actualize. 

The reason that I turned the pyramid/hierarchy upside down for the motivations of why people spy is that being "turned" and becoming a traitor to one's country is such an unnatural and abhorrent concept to normal people that they would generally not do it just for the money, revenge, or sex (lower-level needs), but rather they ultimately would need to be driven by reasons of conscience and ego (higher-level needs).

Of course, sprinkling in the money, ideology, and sex makes acting the traitor that much more appealing to some--and helps "grease the wheels" to go outside the bounds of what a normal person does and feels towards their nation--but those are not the primary drivers for committing the ultimate crime against one's country. 

Again, normal people are not motivated to be treacherous and treasonous, but given the wrong dose of motivations, people are turned--this means we know how to use the tools of the trade to our nation's advantage, but also to be mindful and watchful of those who motivations are being acted on. 

(Source Graphic: Andy Blumenthal)

Why People Spy

Mayim Chaim

You can only live about 3 days without water--that's why protecting our water is so critical.

Emergency Management (May/June 2013) says, "There are numerous ongoing threats to our water supply. Some of them [natural or man made] could be catastrophic."

- Water poisoning: Already in the 1st century, Roman Emperor Nero poisoned the wells of his enemies.  These days you'd need a large supply, like "several dump trucks of cyanide or arsenic to poison a reservoir.  Plus the water system is monitored and has purification protections such as chlorine, so it's not that simple. We can also issue "boil alerts" for people to boil the water before drinking it. Then again, we saw what some radiation did to the Japanese water supplies after Fukushima.

- Blowing it up: The water system infrastructure can be disrupted using explosives, so keeping intruders far away from it is important to keeping it safe.

- Earthquakes/Hurricanes: Much of the water system pipes are old--some built during the Civil War--and these can be destroyed by natural disasters or even a construction crew jackhammer hitting in the wrong place. 

- Electrical outage: If you shut down the electricity, you shut down the water pumps...and even with generators taking over for a while, your up against the clock, if you don't get the juice flowing again soon. 

- Cyber Attack: Our water systems, like other industrial control systems are vulnerable to cyber attack. A hacker that gets control of the systems could overheat it, overtreat it, flood it, or otherwise break it and shut it down. 

Keeping our water infrastructure secure, the water supply safe and potable, the transport pipes intact, the electricity working, and the systems under control--are not little matters--they are the difference between life and death for millions. 

As in The Rime of The Ancient Mariner, when the ship gets blown off course into unchartered waters and the crew is thirsty for water and desperate to survive, the poet states, "Water, Water. Everywhere. And All The Boards Did Shrink; Water, Water, Everywhere. Nor Any Drop To Drink."

In Hebrew, there is a short saying that sums up this topic, "Mayim Chaim"--water is life. ;-)

(Source Photo: Dannielle Blumenthal)

Mayim Chaim

Blackout Nation

We are reaching an exciting but dangerous phase of technology adoption where our dependence is virtually complete. 

From mobile to social computing, from telecommunications to transportation, from industrial systems to electronic health records, from banking to eCommerce, from homeland security to national defense--we are dependent on technology.

But while technology proliferates everywhere, so do the risks. 

Bloomberg BusinessWeek (16 May 2003) in an article called "The City That Runs On Sensors" talks about how initiatives like IBM's smart-cities is bringing sensors and technology to everything running our towns--"Smart [city] innovation is improving our economic fabric and the quality of our life."

The flip side is an editorial in today's Wall Street Journal by former CIA director James Woolsey and Peter Pry who served on the congressional EMP commission warning how "A single nuke exploded above America could cause a national blackout for months" or years (stated later in article)

They write that "detonating a nuclear weapon high above any part of the U.S. mainland would generate a catastrophic electromagnetic pulse" (EMP)--and that this "would collapse the electric grid and other infrastructure that depends on it."

This would be a national blackout of epic proportions that would impact all areas for 21st century sustainment of 311 million lives. Think for yourself--what would you be able to do and not do without the computers and telecommunications that you use every day? 

Woolsey and Pry call for a preemptive surgical strike, for example, to prevent North Korean development of an ICMB capable of inflicting a nuclear EMP strike, but you can imagine other nations that pose a similar threat. 

While be beef up our Cyber Corps and attempt to strengthen our tools, methods, and configurations, this is just the tip of the iceberg when it comes to securing cyberspace. 

Cybersecurity is more than just protecting us from malware infiltration and exfiltration--because the whole IT system that our society is built on can be wiped out not by cyber attack alone, but rather by collapsing the very electronic infrastructure that we rely on with a pulse of electromagnetic radiation that will fry the very circuits that run our devices. 

While we build firewalls and put up intrusion detection and prevention guards and establish a court system of antivirus and spamware to put away violators and so on, how shall we prepare for a pulse attack that can incapacitate the electronics underpinnings--security and all? 

"Star Wars" missile defense, preemptive action, and hardening of critical infrastructure are all security options--it costs money to keep the IT lights on, but better to pay now, then pay catastrophically bigger later. ;-)

(Source Photo: Andy Blumenthal)

Blackout Nation

Survivable Water Pipes

When an earthquake strikes, it is not just the immediate loss of life that is a concern, but the longer-term damage to critical infrastructure and the effect on human survival. 

As we know, water is critical to every living creature, and in an earthquake, when there is damage to the water infrastructure, such as the underground piping, people can be left without this basic life-sustaining commodity. 

When traditional solid cast-iron piping is used, an earthquake can cause these to deform and buckle. However, with a new ductile pipe design by Japanese company, Kubota--the pipes are built in a chain-like fashion and expand and contract, flex and bend, but do not easily break.  

According to the Wall Street Journal (14 April 2011), Kubota earthquake-resistant pipes even withstood the 9.0 quake in Japan in 2011, and it can withstand "shaking, landslides, and extreme temperatures. 

Now Los Angeles is piloting this pipe along 2 miles of its 7,000 miles of piping--they are focusing on "the most vulnerable, fault-line-adjacent areas," since the piping is 2 1/2 times the price of regular piping. 

In the absence of having a device like the Star Trek Replicator to synthesize food and water on the fly, it makes a lot of sense to upgrade our water systems and other critical infrastructure to protect us from the disasters that come. 

"Tea, Earl Grey, Hot" needs to be available not just in good times, but also in bad. ;-) 

(Source Photo: Kubota)

Survivable Water Pipes

Balancing Cybersecurity And Citizen Freedom

There is a very interesting discussion of the protection of Federal Networks and the Fourth Amendment in “Cybersecurity, Selected Legal Issues,” Congressional Research Service (CRS) Report for Congress (3 May 2012). 

The Department of Homeland Security (DHS) in conjunction with the National Security Agency (NSA) rolled out EINSTEIN, an intrusion detection system (IDS) in early iterations, and later an intrusion prevention system (IPS) at all Internet points of presence (POPs) for the government.

The system works through copying, storage, and deep packet inspection of not only the metadata for addressing information, but also the actual contents of the flow. This handling is necessary in order to identify suspicious malware signatures and behavior and alert the United States Computer Emergency Response Team (US-CERT) in order to block, quarantine, clean, and respond to the attacks and share information about these.

However, the civil liberties and privacy issue with EINSTEIN is that according to the Fourth Amendment, we are protected from unreasonable search and seizures. Thus, there are concerns about the violation of the Fourth Amendment, when DHS monitors and inspects addressing and content of all email and Internet communications to and from federal agency employees and the public–including not only from government email accounts and systems, but also from private email accounts such as Yahoo and Gmail and social media sites like Facebook and Twitter.

 The justification for the use of EINSTEIN includes:

1.    The government cannot reasonably get warrants in real time in order to safeguard the federal network and systems at the speed that the attacks are occurring.

2.    The government places banners and user agreements on all Federal networks notifying users of monitoring, so there is no expectation of privacy in the communications.

3.    The monitoring is conducted only for malicious computer activity and not for other unlawful activities—so “clean” traffic is promptly removed the system.

4.    Privacy protections are ensured though review mechanisms, including Attorney General and Director of National Intelligence (DNI) reporting to Congress every six months and a sunset provision requiring monitoring reauthorization every four years.

This tension between monitoring of Federal networks and traffic and civil liberties and privacy is a re-occurring issue when it comes to cybersecurity. On one hand, we want cybersecurity, but on the other hand, we are anxious about this security infringing on our freedoms---whether freedom of expression, from search and seizure, from surveillance, or from potentially costly regulation, stifling innovation, and so forth.  It is this tension that has stalled many cybersecurity bills such as the Stop Online Privacy Act (SOPA), Cyber Intelligence Sharing and Protection Act (CISPA), The Computer Security Act of 2012 and more.

In the absence of a clear way forward with legislation to regulate and enforce, or incentivize, standards and best practices for cybersecurity, particularly for critical infrastructure protection, as well as information sharing, the White House released Presidential Policy Directive/PDD-21 on Critical Infrastructure Security and Resilience to establish DHS and other federal agency roles in cybersecurity and to manage these on a risk-based model, so that critical infrastructure is identified, prioritized, assessed, and secured accordingly.

While PDD-21 is a step in the right direction, it is an ongoing challenge to mediate a balance between maintaining our values and constitutional freedoms, while at the same time securing cyberspace.

One thought is that perhaps we can model cybersecurity after the Posse Comitatus Act of 1878 that separated federal military from domestic national guard and law enforcement powers. Using this model, we can create in cyberspace a separation of cybersecurity from our borders outward by the federal government, and within the domestic private networks by our national guard and law enforcement.

Thus, we can create stronger security radiating out at the national periphery, while maintaining our important freedoms within, but always working together to identify and neutralize any and all threats to cyberspace. ;-)

(Source Photo: Andy Blumenthal)

Balancing Cybersecurity And Citizen Freedom

Cyberweapons Power Up

In you haven't heard of Project Aurora, this is a wonderful segment from 60 Minutes on this cyberwar project. 

Faced with some of the worst case scenarios for cybergeddon, Idaho National Labs set out in 2007 to test what would happen to a 27-ton power generator if the researchers hacked into it from a mere laptop. 

The turbine was sent instructions that would essentially tear itself apart--and in the video you can see what happened--it shudders, shakes, smokes, and ultimately destroys itself. 

The test was a grand success demonstrating our capabilities to conduct cyberwar operations against an adversary.  

Interestingly, Reuters reported the Symantec researchers "uncovered a version of Stuxnet from the end of 2007 that was used to destroy two years later about 1,000 Iranian centrifuges used in their Natanz nuclear uranium enrichment facility for alleged development of weapons of mass destruction. 

The flip side of this cyberwar test is the realization of the potential blowback risk of cyberweapons--where adversaries can use similar technology over the Internet against our critical infrastructure--such as SCADA industrial control systems for the power grid, water treatment, manufacturing, and more--and cause potentially catastrophic events.

As stated toward the end of the video, this is a type of "pre 9/11 moment" where we identify a serious threat and our vulnerability and we need to act to prevent it--the question is will we? 

Cyberweapons Power Up

The Anti-Drone Drone

Last week Fox News reported on how the British were deploying tiny drones that can now fit in the palm of one's hand. The Black Hornet Nano is only 4 inches long, weighs about half an ounce, and carries a camera that can take stills and video and transmit them back to a remote terminal. 

Drones are becoming ubiquitous weapons of war, homeland security, law enforcement and more. 

As other nations advance their drone programs, our efforts must not only be offensively, but also defensive--The Guardian reported (22 April 2012) that Iran has already claimed to have reverse engineered the Sentinel drone they captured in 2011 and are making a copy of it--lending some credence to this perhaps, this past week, they also showed surveillance footage that they claim came from the captured drone. 

So how do you protect against drones-big and small?

While you can lock on and shoot down a big Predator drone out of the sky, drones as small as tiny bugs are going to be a lot harder to defend against. 

The bug-like drones may not only carry surveillance equipment in the future, but could even carry a lethal injection, chemical or biological agents to disable or kill, or perhaps even weapons of mass destruction. 

Moreover, they may not attack onsies-twosies, but in mass swarms like locusts ready to swoop down and destroy our crops, our lines of communications, and all sort of critical infrastructure. 

The Atlantic (6 Feb. 2013) describes the idea for a "Drone-Proof City" of the future that someone came up with for an extreme architecture class. 

Like cities in World War II that camouflaged entire sections with green military netting and other subterfuges, the idea here would be to create a "sanctuary" or "compound" that would provide a safe-zone from drones. 

Whether using tall Minarets, cooling towers, other high-rise buildings and even window grills to obstruct the drones, or a "latticed roof" to create distracting shade patterns, or a climate-controlled city interior that could confuse heat-seeking missiles--all good ideas are welcome. 

Of course, their are other options too such as anti-drone laser system that could shoot them down, electronic countermeasures that could confuse, self-destruct, or other take control of them, or even anti-drone drones--that would be specialized drones that could seek and destroy enemy drones in waiting or about to attack. 

Drones everywhere--and nowhere to hide--we will need some extreme architecture to take out these buggers. ;-)

(Source Photo: here with attribution to Ars Electronica)

The Anti-Drone Drone

Safeguarding Our Electrical Grid

Popular Science (28 January 2013) has an interesting article on "How To Save The Electrical Grid."

Power use has skyrocketed with home appliances, TVs, and computers, causing a significant increase in demand and "pushing electricity through lines that were never intended to handle such high loads."

Our electrical infrastructure is aging with transformers "now more than 40 years old on average and 70% of transmission lines are at least 25 years old" while at the same time over the last three decades average U.S. household power consumption has tripled!

The result is that the U.S. experiences over 100 mass outages a year to our electrical systems from storms, tornados, wildfires and other disasters.

According to the Congressional Research Service, "cost estimates from storm-related outages to the U.S. economy at between $20 billion and $55 billion annually."

For example, in Hurricane Sandy 8 millions homes in 21 states lost power, and in Hurricane Irene, a year earlier, 5.5 million homes lost electricity. 

The solution is to modernize our electrical grid:

- Replace a linear electrical design with a loop design, so a failure can be rerouted. (Isn't this basic network architecture where a line network is doomed by a single point of failure, while a ring or mesh topology can handle interruptions at any given point?)

- Install "fault-current limiters" as shock absorbers so when there is a surge in the grid, we can "absorb excess current and send a regulated amount down the line" rather than causing circuit breakers to open and stop the flow of electrical power altogether. 

- Create backup power generation for critical infrastructure such as hospitals, fire stations, police, and so on, so that critical services are not interrupted by problems on the larger grid. This can be expanded to installing solar and other renewable energy resources on homes, buildings, etc. 

- Replace outdated electrical grid components and install a smart grid and smart meters to "digitally monitor and communicate home power" and automatically adjust power consumption at the location and device level. Smart technology can help manage the load on the grid and shift non-essential use to off-hour use. The estimated cost for modernizing the U.S. grid is $673 billion--but the cost of a single major outages can run into the ten of billions alone. What will it take for this investment to become a national priority? 

I would add an additional solution for safeguarding our electrical grid by beefing up all elements of cyber security from intrusion detection and prevention to grid protection, response, and recovery capabilities. Our electrical system is a tempting target for cyber criminal, terrorists or hostile nation states that would seek to deprive us of our ability to power our economy, defense, and political establishments. 

While energy independence has become feasible by 2020, we need to make sure that we not only have enough energy resources available, but also the means for reliable and secure energy generation and distribution to every American family and business. ;-)

(Source Photo: Andy Blumenthal)

Safeguarding Our Electrical Grid

Personal Bulletproof Shields

In light of the horrible school shootings we have witnessed in Sandy Hook Elementary School, Virginia Tech, Columbine High School, and more, people and companies are trying to figure out how to fight back. 

In some cases, ex-Marines have decided to stand guard at their children's schools.

In others, companies are coming up with emergency protective devices as a last line of defense for teachers and school children. 

Hardwire Armor Systems has developed a white board that doubles as a bulletproof shield. 

According to USA Today (22 January 2013), the whiteboards are 18" by 20", a quarter inch thick, and 3.75 lbs. and have three rubberized handles on the back for slipping your arm through.

The shield is large enough to cover the head and torso, is 2 1/2 times as strong as Kevlar, and "can stop a bullet from a handgun shot at point-blank range." 

The whiteboards are made of a similar ultra-strong polyethylene material used in Mine Resistant Ambush Protective (MRAP) vehicles in Iraq and Afghanistan, and they are light enough and less dense than water and will actually float. 

While we hope our teachers and children never need these to hold off an attacker until first responders arrive, it is good to know that they are there just in case to stop that deadly oncoming bullet. 

The whiteboard costs $299 and a smaller 10" by 13" bulletproof clipboard costs $109.To outfit a standard high school with whiteboards would cost $15,000 and for all 7 million teachers and administrators in America $1.8 billion. 

From teaching math and science to protecting our children and teachers, these ballistic shields can be part of a multi-layered defense plan for our schools--and I would think for corporate America, religious institutions, and government agencies as well--and is an awesome idea. ;-)

Personal Bulletproof Shields

Liar, Liar, Pants On Fire

To catch a terrorist, you have to think like a terrorist or at least be able to get behind their lies and deception.

Terrorist want to gain entry, surveil their targets, plan their attack, assemble their weapons and tactics, avoid their pursuers, and execute maximum human, economic, and political damage. 

To succeed, terrorists have to use lies and deceit to make their way through all the obstacles that the good guys put up.

Wired Magazine (February 2013) addresses some new interrogation technology being tested by the Department of Homeland Security (DHS) to catch the lies and the liars. 

First of all, "people are really good at lying, and it's incredibly hard to tell when we're doing it."

Moreover, most people "lie 10 times a day," so it is routine and comes naturally to them. 

In terms of detecting lies, we are not very good at it--in fact, we're just better than chance--able to tell when someone is lying only 54% of the time.
Apparently, even with polygraph exams--their success is dependent more on the experience and finesse of the examiner and less on the polygraph tool. 

However, with new research and development, DHS has come up with an automated interrogator--that enhances the success of catching a liar by combining multiple detection technologies. 

The "interrogator bot" has three different sensors in use by the Embodied Avatar Kiosk.

- Infrared camera--"records eye movements and pupil dilation at up to 250 times per second--the stress of lying tends to cause the pupils to dilate"

- High-definition video camera--"captures fidgets such as shrugging, nodding, and scratching, which tend to increase during a deceptive statement"

- Microphone--"collects vocal data, because lies often come with minute changes in pitch" as well as "hesitation, changes in tempo and intonation, and spoken errors"

In the future, a additional sensors may be added for:

- Weight-sensing platform--to "measure leg and foot shifts or toe scrunches"

- 3-D camera--to "track the movements of a person's entire body"

Aside from getting better deception-detection results from multiplying the sensing techniques, the interrogation kiosk benefits from communicating in multiple languages and being "consistent, tireless, and susceptible to neither persuasion not bribery."

Another very cool feature being tested is tan interrogation avatar that actually resembles the person being interrogated using a camera and morphing software and making it look uncanny and "disturbing" at the same time--this can be quite familiar, disarming and unnerving.

By aggregating data points from many types of sensors and using behavioral analysis as a first line of defense followed by human questioning of those found to be lying, homeland security can proverbially light a fire under the pants of would be infiltrators and terrorists--and catch them before they make it to their next target. ;-)

(Source Photo: here with attribution to Cosmic Jans)

Liar, Liar, Pants On Fire

Zombie Homeland Security Training 101

Unbelievable. The Halo Counter-terrorism Summit (Oct 29-Nov. 2, 2012) is hosting a mock Zombie Invasion as part of its emergency response training for about a 1,000 special ops, military, police, medical, firefighter, and other homeland security professionals. 

The Zombie Apocalypse training exercise is occurring mid-summit on October 31, Halloween--so it is quite timely for other ghoulish activities that day. 

There are two sessions--#1 at 4:30 PM and #2 at 7:00 PM.

Both the Centers for Disease Control (CDC) and the Federal Emergency Management Agency (FEMA) of The Department of Homeland Security (DHS) have posted the CDC's Zombie Preparedness guidance--saying that "if you are generally well equipped to deal with a zombie apocalypse you will be prepared for a hurricane, pandemic, earthquake, or terrorist attack."

I guess this is very good news with Hurricane Sandy or "Frakenstorm" bearing down on the East Coast this evening.  Zombies, you ain't got nothing on Frakenstorm! 

In Yahoo News, Brad Barker, the President of Halo Corp., explained why Zombies are good for training, especially in asymmetric warfare: "No one knows what zombies will do in our scenario, but quite frankly no one knows what a terrorist will do."

Barker also jested that "No doubt when a zombie apocalypse occurs, it's going to be a federal incident, so we're making it happen."

Frankly, I love to see this type of creativity brought to national and homeland security and believe that this makes it less likely that we'll be perpetually fighting yesterday's war, instead of tomorrow's. 

The key is that we think out of the box in terms of what will the adversary do next--from cyberwar to weapons of mass destruction, we can't afford to be blindsighted. 

So do I think that aliens or zombies are coming for us some day--let's just say, never say never. ;-)

Zombie Homeland Security Training 101

Robots: More Than A Technical Challenge

This is the DARPA Pet-Proto Robot (a predecessor to the Atlas model) showing some pretty cool initial operating capabilities for navigating around obstacles.

- Climbing over a wall
- Straddling a pit
- Going up a staircase
- Walking a plank

These things may seem simple to you and I, but for these robots, we are talking about their autonomously sensing what's around them, identifying and evaluating alternatives to overcome them, deciding on what to actually do, and then successfully executing on it.

Not bad for a machine (even if we are spoiled by the the great science fiction writers and special effects of Hollywood)!

We will be seeing a lot more progress in this area in the 27 months in response to the DARPA Robotics Challenge (DRC), where robots are being looked to "execute complex tasks" for "humanitarian, disaster relief, and related activities" in potentially "dangerous and degraded, and human-engineered" environments.

I'd say only another 15-20 more years and the robots will walking among us--but are we prepared for the significant shift about to occur. 

Think about it--these robots will be able to do a lot more of the physical work (construction, manufacturing, service, care-taking, even warfighting, and more), and while we will benefit from the help, jobs are going to continue to get a lot tougher to find if you are not in fields such as engineering, science, technology, design, and so on.

This is going to lead to continued, significant social, educational, and economic disruptions.

What is now a robotics challenge to meet certain performance benchmarks, may in the future become a human challenge to shift from a human-dominated world to one which is instead shared or commingled with machines. 

This means that we need to define the boundaries between man and machine--will we be working and playing side-by-side, how about loving or fighting each other, and is there the possibility that the machine will some day transcend the inventor altogether. 

I believe that we need significant more study and research into how robotics are going to transform the way we live, work, and interact, and how humanity will adapt and survive this new monumental opportunity, but also looming threat.

What is just an obstacle to overcome in a simulation chamber may one day become an urban battlefield where humans are not necessarily the clear winners.

While I love robotics and where it can take us, this cannot be a field limited to the study of hardware and software alone.

Robots: More Than A Technical Challenge

Overcoming The Height Factor

I really liked this law enforcement elevation product called the Mobile Adjustable Ramp System (MARS) made by Patriot 3 in the United States. 

It is fitted on top of armored or unarmored personnel carriers and used by law enforcement or SWAT teams to carry out raids and rescues on multiple stories simultaneously. 

Two independent moving hydraulic platforms can be fitted on a single vehicle and each ramp can extended independently by remote control.

The ramps extends over 40 feet, enough to gain entry to the second and even third stories of buildings, unto an aircraft, breach a fenced perimeter, or even be used as a sniper post.  

According to the Ideas and Discoveries Magazine (Dec. 2012), MARS has been fitted on the Ford F550 pickup truck and at $370,000--can seat 9, hold 40 gallons of gas in an armored tank, go up to 100 miles per hour, and as an armored-cased vehicle, it "can withstand up to 24 hours of relentless gunfire."

While this vehicle may look a little funny, it serves it's purpose which it to take the height advantage away from the bad guys--get in and get out--quickly and safely.

Overcoming The Height Factor

Amazing Internet Statistics 2012

So what happens in only 1 minute on the Internet--this cool magazine Ideas and Discoveries (October 2012) provides some amazing examples:

- Information Sharing--639,800 gigabytes of data are exchanged
- Information Generation--6 new Wikipedia articles are created
- Information Visualization--20,000,000 photo looked at on Flickr
- eMail--204,000,000 emails are sent
- eCommerce--$83,000 of sales on Amazon
- Social Networking--320 new users on Twitter and 100 on LinkedIn (wonder how many for Facebook...)
- Cyber Crime--20 new victims of identity theft

And in the same month, Harvard Business Review reported on the growing significance to commerce with the Internet contributing to GDP (in 2010) as much as:

- 8.3% in the UK
- 7.3% in South Korea
- 5.5% in China
- 4.7% in the US
- 4.7% in Japan
- 4.1% in India

Moreover in HBR, this is what was reported that people are willing to give up instead of the Internet for a year--and the numbers are pretty startling--check this out:

- 91% of UK would give up fast food
- 89% of Indonesians would give up smoking
- 86% of Japanese would give up chocolate
- 85% of Chinese would give up coffee
- 78% of Indonesians would give up their shower
- 60% of Japanese would give up exercise
- 56% of Chinese would give up their car
- 56% of Japanese would give up sex--go figure! ;-)

While this is all sort of light, there is also a very seriousness dimension to this. For example, in the Wall Street Journal today, it quotes Secretary of Defense, Leon Paneta warning that with Iran's digital assault on the U.S., the concerns of cyberwar are growing with the SecDef going so far as to say "Is there a cyberwar going on? It depends on how you define war."

Yes, the Internet is amazing for so many reasons and we can't take it for granted--we need to be vigilant and defend the Internet (cyber) with the same zeal and commitment as the other domains of war--land, sea, and air--all are vital to national security and for the preservation of life, liberty, and the pursuit of happiness.

This is a lesson we need to learn quickly and decisively--before the old Star Wars is passe and cyberwar turns deadly. 

(Source Photo: Andy Blumenthal)

Amazing Internet Statistics 2012

The iFirefighter

This the the first fire fighting robot and is built by Howe and Howe called the Thermite. 

Key features:

- Moves steadily on treads instead of wheels

- 1 ton of fire fighting power

- Fits through most doorways

- Douses fires with 600 gallons per minutes

- Doesn't tire like a human firefighter 

- Costs about $96,000 per unit

- Useful in chemical, radiological and other hazardous incidents

While I generally like these fire fighting robots, there are a number of  thoughts that come to mind about these:

- If someone is caught in a burning building or otherwise needs to be rescued, I believe that for now we are still going to be on the lookout  for the real human hero to come through the door and save the day. 

- The next advance will be autonomous firefighting robots (firefighting drones that can identify the fire, encircle it, and put the right suppressants to work to put it out quickly and safely.

- Soon it will be drones, drones everywhere--fighting everything from fires to the enemy and we will no longer be just people, performing alone, but surrounded by our little assistants--perhaps pulling the majority of the weight, leaving higher value activities to us humans.

The iFirefighter

Choke Points to Checkpoints

This is some promising biometric technology from AOptix. 

Enrolling in the system is the first step and means just seconds of standing in the capture field of the slender tower, and the device scans both iris and face of the person. 

The scanning captures images within seconds and the software converts the images into binary code. 

It then subsequently scans and matches the person's biometrics against the database for positive identification. 

The beauty of this system is that it is simple and fast and can be used for passenger screening, immigration, or any other access control for entry/egress for a building, location, or even to a computer computer system and it's information.

According to Bloomberg Businessweek, the Insight Duo Towers sells for $40,000 each.

Eighty of these are currently in use at all air, land, and sea borders in Qatar.  Further, Dubai International Airport has been piloting this at a terminal that handles 40 million people per year, and it has cut immigration waiting times from 49 minutes to 22 seconds. 

This technology has obvious important applications for military, law enforcement, and homeland security, as well as even more generalized security use in the private sector.

And while very impressive, here are some concerns about it that should be addressed:

1) Enrollment of Biometrics and Personal Identification--registering for the system may only take a few seconds for the actual scan, but then verifying who you are (i.e. who those biometrics really belong to) is another step in the process not shown.  How do we know that those iris and face prints belong to Joe Schmo the average citizen who should be allowed through the eGate and not to a known terrorist on the watch list?  The biometrics need to be associated with a name, address, social security, date of birth and other personal information.

2) Rights versus Recognitions--rights to access and recognition are two different things. Just because there is iris and facial recognition, doesn't mean that this is someone who should be given access rights to a place, system or organization.  So the devil is in the details of implementation in specifying who should have access and who should not. 

3) Faking Out The System--no system is perfect and when something is advertised as accurate, the question to me is how accurate and where are the system vulnerabilities. For example, can the system be hacked and false biometrics or personal identification information changed?  Can a terrorist cell, criminal syndicate, or nations state create really good fake iris and facial masks for impersonating an enrollee and fooling the system into thinking that a bad good is really a good guy. 

4) Privacy of Personally Identifiable Information (PII)--not specific to AOptix, but to this biometric solutions overall--how do we ensure privacy of the data, so it is not stolen or misused such as for identity theft.  I understand that AOptix has PKI encryption, but how strong is the encryption,who long does it take to break, and what are the policies and procedures within organizations to safeguard this privacy data.

5) Big Brother Society--biometrics recognition may provide for opportunities for safe and secure access and transit, but what are the larger implications for this to become a "big brother" society where people are identified and tracked wherever they go and whatever they do. Where are the safeguards for democracy and human rights.

Even with these said, I believe that this is the wave of the future for access control--as AOptix's says, for changing choke points to checkpoints--we need a simple, fast, secure, and cost-effective way to identify friends and foe and this is it, for the masses, in the near-term.

Choke Points to Checkpoints

The Privacy Slope

I read with interest Ronald Bailey's book review of Privacy by Garet Keizer in the Wall Street Journal ( 16 August 2012). 

In a nutshell, privacy is founded in the Constitution's 4th Amendment: "the right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures, shall not be violated."

I would define privacy as the freedom--to think, to feel, and to act as ourselves (within ethical boundaries) without fear of intrusion, revelation, or reprisal. 

In other words, it should only be our business who we love, what we are interested or believe in, who we vote for, what we choose to do with our lives, and more. 

I think in grade school, the children generally sum it up well when they playfully chant: "Mind your own BI," where BI is used for business (or biziness). :-)

According to Keizer, the danger to privacy come into play from two main sources: 
- Commerce--who want to sell you something and
- Government--that needs to surveil for security and law enforcement purposes 

After 9/11, their was a perceived need for greater surveillance to enhance homeland security, and with advances in technology and communications (smartphones, Internet, social media, etc.), the ability to snoop became far easier.

In 2002, the DoD program for Total Information Awareness (TIA) was an attempt to know everything (i.e. total) about those who would do us harm, but fears about this capability being used against the innocent, quickly required a rethinking or perhaps, just a rebranding. 

Some say that the new NSA mega data center in Utah is the fulfillment of the TIA dream--according to the Washington Post, already in 2010 NSA intercepted and stored "1.7 billion emails, phone calls, and other types of communications." Further, law enforcement demanded records from cellphone carriers on 1.3 million subscribers "including text messages and caller locations" over just the last year's time. 

Keizer cautions that "the ultimate check on government as a whole is its inability to know everything about those it governs"--i.e. without the people holding the cards, there is the risk of spiraling into a Big Brother totalitarian society--goodbye democracy!

I think Keizer perhaps oversells the fear of government surveillance and underemphasizes intrusion from business--his thinking is that "If consumers are annoyed with a merchant's monitoring, they can buy elsewhere." 

But what Keizer misses is that industry as a whole has moved toward the use of technology--from club cards and promotions to use of Internet cookies, RFID, and more--to systematically track consumers and their buying behavior and that information is readily captured, packaged, used, and sold for marketing and sales--as well as to the government!

As a common practice now, where is a consumer to go that will shield them from hungry business looking to capture market share and earn nice profits?

At the same time, while government surveillance can certainly be misused and abused with terrible consequences for individuals society---there are potentially a lot of people looking over the shoulder of those carrying out public programs--and this "sunlight"--where and when it shines--can help to prevent bad things happening. 

The problem is that the system is not perfect, and there are always those program people who act of out of bounds and those watchers who are ineffective and/or dishonest.

Overall, it's a zero sum game, where those that hype up security and capitalism, can tramp down on privacy, and vice versa.
In totality, we can never just assume everything will be okay when it comes to privacy and how information is used, but we have to be active citizens helping ensure that right things are done, the right way. 

For regular, hardworking, decent citizens, there is a definite need to safeguard privacy--and technology can be helpful here with anonymizers, encryptors, and other shielding tools.

For the bad guys, I would imagine, no question, that the government will continue to develop the means to thwart their secrecy and planning to inflict harm on the American people. 

For business, it's okay to capture consumer information and sell, but pour it on to thick and people will think twice about your company's ethics and brand--and even a lawsuit may be in the making. 

Yes, privacy is a slippery slope, and not only can a person's self be revealed or used inappropriately, but the voyeur can get burned too if they overdo it. 

(Source Photo: Andy Blumenthal)

The Privacy Slope

That's The Last Straw

Our daughters and granddaughters are special. 

They deserve to be protected from sexual predators, such as those that spike drinks and take advantage of their unknowing victims. 

I was so pleased to learn about a new Anti-Date Rape Straw to help prevent this. 

The straw developed by Israeli inventors tests drinks for common date rape drugs. 

If the dangerous drugs are present, then the straw changes colors or becomes cloudy--providing a crucial early warning sign to those who might otherwise be drugged and sexually assaulted. 

We now have greater awareness of the prevalence of sexual abuse, especially by people we know and trust--such as dating partners, sports coaches, teachers, and even clergy--so we must remain ever vigilant.

We need to teach our daughters that they are beautiful and special and to protect themselves--and not to think that "it can't happen to me."

With these special straws, our daughters can be better prepared, aware, and hopefully safer.

I can see the potential growth and application of this technology to protecting government and private sector leaders, dignitaries, and other VIPs from potentially ingesting--intentionally- or accidentally-tainted food or drink. 

With a straw, eating utensil, or even toothpick like device that tests for the presence of dangerous pathogens and contaminants, we can provide a critical safeguard and prevent eating and drinking harmful elements. 

Potentially, these types of devices--maybe connected to an smartphone--could be used to provide other important measures and readings of food--such as ingredients, nutrition, and calories--of the actual servings we are about to eat.

This technology has incredible potential to help us not only eat safer, but also healthier. 

(Source Photo: Andy Blumenthal)

That's The Last Straw