Why Can’t We Keep Our Secrets

keepign-secrets-jpeg

Well after the now notorious email scandal and other information security mishaps galore, this advertisement in Washington, DC is really quite the rage. 

“Keeps classified data classified.”


As parents tell their children about keeping private things private:

“If you can’t keep it a secret, then how do you expect the other kids to keep it to themselves?”


There are lots of secrets in DC, but there are also a lot of big mouths, security negligence, and even corruption. 


This gives our adversaries the opportunities they need to get our countries vital information. 


We work too hard to develop the best intellectual property for national security and our economy as well as the critical policies for advancing human rights and democracy around the world to let it just be easy fodder for others to help themselves too. 


Technology won’t solve the gap in certain big mouths and sloppy Joes around town. 


Only vigilant, smart people can protect the nations vital information that is the fuel for our success and survival. 😉


(Source Photo: Andy Blumenthal)

Cybersecurity Lost In Unknowns

Security

Today unveiled is a new Cybersecurity National Action Plan


This in the wake of another Federal data breach on Sunday at the Department of Justice where hackers stole and published online the contact information for 9,000 DHS and 20,000 FBI personnel


And this coming on the heels of the breach at OPM that stole sensitive personnel and security files for 21 million employees as well as 5.6 million fingerprints.


While it is nice that cybersecurity is getting attention with more money, expertise, public/private poartnerships, and centers of excellence. 


What is so scary is that despite our utter reliance on everything cyber and digital, we still have virtually no security!


See the #1 definition for security–“the state of being free from danger or threat.”


This is nowhere near where we are now facing threats every moment of every day as hackers, cybercriminals, cyber spies, and hostile nation states rapidly cycle to new ways to steal our secrets and intellectual property, commit identity theft, and disable or destroy our nation’s critical infrastructure for everything from communications, transportation, energy, finance, commerce, defense, and more. 


Unlike with kinetic national security issues–where we regularly innovate and build more stealthy, speedy, and deadly planes, ships, tanks, surveillance and weapons systems–in cyber, we are still scratching our heads lost in unkowns and still searching for the cybersecurity grail:


– Let’s share more information


– Let’s throw more money and people at the problem.


– Let’s seek out “answers to these complex challenges”


These have come up over and over again in plansreviewsinitiatives, and laws for cybersecurity.


The bottom line is that today it’s cyber insecurity that is prevailing, since we cannot reliably protect cyber assets and lives as we desperately race against the clock searching for real world solutions to cyber threats. 


Three priorities here…


1) Build an incredibly effective intrusion protection system

2) Be able to positively tag and identify the cyber attackers 

3) Wield a powerful and credible offensive deterrent to any threats 😉


(Source Photo: Andy Blumenthal)

18 Million–Change The SSNs

SSN

So, maybe one of the most detrimental hysts of information from the Federal government in history. 


Now involving over 18 million current and former federal employees, including military and intelligence personnel. 


No getting around it, but we are major screwed here–this is a treasure trove of personal and privacy information ready to use for identity theft, blackmail, assassination/decapitation attacks at home and work addresses, kidnapping of family members, and literally attacking our national security apparatus from the very inside out–it’s people. 


Imagine, if at the time of its choosing, an adversary attacks our nation, but preempts this with sophisticated and coordinated attacks on our critical government personnel–generals, spy masters, political kingpins, and other key decision makers–thereby distracting them from their duties of safeguarding our nation. 


This is our new Achilles Heel and overall a security disaster bar none!


Well, we can’t go back and put the genie back in the bottle–although wouldn’t it be nice if such critical information (if not encrypted–already unforgivable) would have a self-destruct mechanism on it that we could at least zap it dead.


But for the people whose personal identities are at risk–whose social security numbers (SSNs) and dates of birth (DOBs) have been compromised what can we do? 


While we can’t very well change people DOBs, why not at least issue them new SSNs to help thwart the adversaries peddling in this information in the black markets. 


If we can put a man on the moon, surely we can issue some 18 million new SSNs and mandate government and financial institutions to make the necessary updates to the records. 


This is not rocket science, and certainly we owe this much to our people to help protect them.


Will our government be there for it’s own employees and patriots? 😉


(Source Photo: here with attribution to Donkey Hotey)

Safely Detonate That Malware

I like the potential of the FireEye Malware Protection System (MPS).

Unlike traditional signature-based malware protections like antivirus, firewalls, and intrusion prevention systems (IPS), FireEye is an additional security layer that uses a dynamic Multi-Vector Virtual Execution (MVX) engine to detonate even zero-day attacks from suspicious files, web pages, and email attachments.

According to Bloomberg Businessweek, Target’s implementation of FireEye detected the malware attack on Nov 30, 2013 and it alerted security officials, but allegedly “Target stood by as as 40 million credit card numbers–and 70 million addresses, phone numbers, and other pieces of personal information–gushed out of its mainframes”over two weeks!

In fact, FireEye could’ve been set to “automatically delete [the] malware as it’s detected” without human intervention, but “Target’s team apparently “turned that function off.”

FireEye works by “creating a parallel computer network on virtual machines,” and before data reaches its endpoint, they pass through FireEye’s technology. Here they are “fooled into thinking they’re in real computers,” and the files can be scanned, and attacks spotted in safe “detonation chambers.”

Target may have been way off target in the way they bungled their security breach, but using FireEye properly, it is good to know that attacks like this potentially can be thwarted in the future. 😉

[Note: this is not an endorsement of any product or vendor]

Overcoming The Height Factor

I really liked this law enforement elevation product called the Mobile Adjustable Ramp System (MARS) made by Patriot 3 in the United States.

It is fitted on top of armored or unarmored personnel carriers and used by law enforcement or SWAT teams to carry out raids and rescues on multiple stories simultaneously.

Two independent moving hydraulic platforms can be fitted on a single vehicle and each ramp can extended independently by remote control.

The ramps extends over 40 feet, enough to gain entry to the second and even third stories of buildings, unto an aircraft, breach a fenced perimeter, or even be used as a sniper post. 

According to the Ideas and Discoveries Magazine (Dec. 2012), MARS has been fitted on the Ford F550 pickup truck and at $370,000–can seat 9, hold 40 gallons of gas in an armored tank, go up to 100 miles per hour, and as an armored-cased vehicle, it “can withstand up to 24 hours of relentless gunfire.”

While this vehicle may look a little funny, it serves it’s purpose which it to take the height advantage away from the bad guys–get in and get out–quickly and safely.