Terrified Of Terrorism

Terrorism

Sure there are terrorism scares that are just hoaxes, and generally-speaking, we feel quite protected by our nation’s values, wealth, and entrepreneurial spirit, by Homeland Security, and by being surrounded with the Atlantic and Pacific Oceans and our friendly neighbors Mexico and Canada. 

So we can be very assured–no fear, right?  That’s what we need and want to function normally in every day life.

But perhaps behind the veil of daily bravado is a not-so subtle fear about something really bad happening again–whether a 9/11 or a San Bernardino or a Boston Bombing or anything in between or even possibly more extreme, including attacks on our critical infrastructure (via kinetic means, cyber attacks, or EMP weapons) or even attacks with WMD (from anthrax to nukes in suitcases)–there is certainly plenty of attack vectors, means, and bad actors. 

It was interesting-scary, the other day, there was a video circulating on Facebook of a “radical Muslim”-like character with a turban or something distinctive (I can’t really remember) and carrying a backpack. In scene after scene, the character goes up to innocent bystanders and throws his backpack in their direction. The people didn’t know him or what was in the backpack or why he was throwing it in their direction. Yet, over and over again, the people jumped up hysterically in fear running for cover like there was very possibly no tomorrow. 

Similarly, we watch on the news almost daily of terrorist attacks around the world–school attacks, beach attacks, restaurants and cafe attacks, theater attacks, grocery store attacks, house of worship attacks, funeral attacks, ambulance attacks…and there literally is no end to this list of what and who is considered a legitimate target by terrorists–we all are.

In the last couple of weeks, there was surveillance captured of Muslim women visiting a number of synagogues in Miami around the same time and asking questions suspiciously–could they have been staking these out for possible future attack, similar to the attack on a Jerusalem synagogue with butcher knives, axes, and guns that massacred people praying and in devotion to their maker?

In the last half a year, we have seen terrorism morph in Israel from volleys of missiles indiscriminately shot at cities, tunnels to attack and abduct, and suicide/homicide bombings to become up close and personal butcher knife attacks in the throat, chest, and back of victims old, young, man, women. Everyone who is available to kill is being called to martyrdom, even the most little children being indoctrinated to slash and thrust a knife into any unsuspecting victim. 

So as we listen and watch the goings-on in the world and we say to ourselves those attacks happen in Paris and London and Turkey and Ukraine and Libya and Tunisia and Nigeria and Yemen and Lebanon and Syria and Iraq and Kuwait and Pakistan and Afghanistan and India and Indonesia and and and…but not [so much] over here. 

We say it, and we hope it, and we pray it, but in the back of our minds we instinctively fear otherwise. 

So while panic is certainly not helpful, perhaps phony bravado is not what is really needed either, but rather a renewed focus, investment, and commitment to our security–with more gates, guns, guards, intelligence, and advances in technology to stop the next attack(s). 😉

(Source Photo: here with attribution to Irina Slutsky)

Cybersecurity Lost In Unknowns

Security

Today unveiled is a new Cybersecurity National Action Plan


This in the wake of another Federal data breach on Sunday at the Department of Justice where hackers stole and published online the contact information for 9,000 DHS and 20,000 FBI personnel


And this coming on the heels of the breach at OPM that stole sensitive personnel and security files for 21 million employees as well as 5.6 million fingerprints.


While it is nice that cybersecurity is getting attention with more money, expertise, public/private poartnerships, and centers of excellence. 


What is so scary is that despite our utter reliance on everything cyber and digital, we still have virtually no security!


See the #1 definition for security–“the state of being free from danger or threat.”


This is nowhere near where we are now facing threats every moment of every day as hackers, cybercriminals, cyber spies, and hostile nation states rapidly cycle to new ways to steal our secrets and intellectual property, commit identity theft, and disable or destroy our nation’s critical infrastructure for everything from communications, transportation, energy, finance, commerce, defense, and more. 


Unlike with kinetic national security issues–where we regularly innovate and build more stealthy, speedy, and deadly planes, ships, tanks, surveillance and weapons systems–in cyber, we are still scratching our heads lost in unkowns and still searching for the cybersecurity grail:


– Let’s share more information


– Let’s throw more money and people at the problem.


– Let’s seek out “answers to these complex challenges”


These have come up over and over again in plansreviewsinitiatives, and laws for cybersecurity.


The bottom line is that today it’s cyber insecurity that is prevailing, since we cannot reliably protect cyber assets and lives as we desperately race against the clock searching for real world solutions to cyber threats. 


Three priorities here…


1) Build an incredibly effective intrusion protection system

2) Be able to positively tag and identify the cyber attackers 

3) Wield a powerful and credible offensive deterrent to any threats 😉


(Source Photo: Andy Blumenthal)

18 Million–Change The SSNs

SSN

So, maybe one of the most detrimental hysts of information from the Federal government in history. 


Now involving over 18 million current and former federal employees, including military and intelligence personnel. 


No getting around it, but we are major screwed here–this is a treasure trove of personal and privacy information ready to use for identity theft, blackmail, assassination/decapitation attacks at home and work addresses, kidnapping of family members, and literally attacking our national security apparatus from the very inside out–it’s people. 


Imagine, if at the time of its choosing, an adversary attacks our nation, but preempts this with sophisticated and coordinated attacks on our critical government personnel–generals, spy masters, political kingpins, and other key decision makers–thereby distracting them from their duties of safeguarding our nation. 


This is our new Achilles Heel and overall a security disaster bar none!


Well, we can’t go back and put the genie back in the bottle–although wouldn’t it be nice if such critical information (if not encrypted–already unforgivable) would have a self-destruct mechanism on it that we could at least zap it dead.


But for the people whose personal identities are at risk–whose social security numbers (SSNs) and dates of birth (DOBs) have been compromised what can we do? 


While we can’t very well change people DOBs, why not at least issue them new SSNs to help thwart the adversaries peddling in this information in the black markets. 


If we can put a man on the moon, surely we can issue some 18 million new SSNs and mandate government and financial institutions to make the necessary updates to the records. 


This is not rocket science, and certainly we owe this much to our people to help protect them.


Will our government be there for it’s own employees and patriots? 😉


(Source Photo: here with attribution to Donkey Hotey)

People Are Our Greatest Asset, Goodbye!

People

The Chinese are smart and talented, and there is a cyberwar going on. 


They are suspected are having just stolen the personnel information of 4 million federal government workers.


And there are 4.2 million active, including 1.5 million military personnel. 


So if as they are apt to say, “people are our greatest asset”…


…then we just sort of lost the CROWN JEWELS in terms of highly personal, sensitive, and critical information on the people that handle everything from defense and diplomacy to the economy, energy, the environment, justice, and health and wellbeing. 


Oops!


This is getting scary folks. 


When the adversary through cyber (and other) espionage can know our people, our technology, our communications, virtually everything…then we got some big vulnerabilities!


If we can’t defend ourselves adequately (at least for now), I hope at least we are doing okay on the offense! 😉


(Source Photo: Andy Blumenthal)

Metro Wide Open

Metro Gate
I took this photo in the Washington, D.C. Metro today. 



What do you think it is?



Lots of electronics, wires, lights–and in front of it and holding the door open is a “caution” pylon. 



This is one of the faregates to get into the metro system for the Capital region. 



Now how “smart” is it to leave the door wide open to this contraption. 

Usually the basics of physical security is gates, guards, and guns–in this case, the gates part is broken. 



The Department of Homeland Security was provided another week of funding to work out the immigration mess pitting Congress against the President…



But even with DHS still up and running, security is looking a little too wide open again. 😉



(Source Photo: Andy Blumenthal)

Trouble In Protection Land

Insect
The Secret Service is one of the finest agencies in the Federal government, but unfortunately, the “recreational” drone crash landing at the White House was a protection disaster this week.



(And it comes on the heels of knife-wielding assailants running wild through the front doors of the White House, people taking pot shots at the White House, and even planes crash landing there). 



This time it was perhaps, a small drone innocently passing low without a significant radar signature unto the White House grounds, but next time it may be a miniaturized drone the size of an insect that attacks the President or his senior staff in the White House itself. 



This could happen with a pin prick of poison or a small drone carrying explosives, biological, or chemical weapons. 



We are entering a new dimension of threats that are not easily addressed with existing technology. 



It is said the the President is proverbially protected by a bubble of defenses around him, but where we are going is that this bubble may need to become an actual physical bubble that nothing, not even an insect drone can get through. 



It may sound ridiculous, but it may be the only way (for now) to really protect against these threats that literally fly beneath our radar!



Perhaps at some future time, we will have our swarms of defensive drones that go after any attack drone, no matter how small or how many, but in the meantime, we must protect our critical leadership and assets. 



Almost two years ago, I blogged about robots, drones, and commandos in exoskeletons attacking the White House and our not being prepared with adequate defenses and counter-measures.



This week’s drone crash should be making the alarm bells go off on this issue big time now!



We must move past reactive steps and a failure to anticipate and become true forward-thinkers, strategists, planners, enterprise architects, and futurists. 



The protection of our leaders, institutions, critical infrastructure, and people depend upon true out of the box thinking, not doing the same thing but on a different day. 



The time is now to think about protections from much more than traditional attack patterns to the wildest and craziest we can imagine–because our enemies are not hampered by the past and won’t rest until they see what we won’t. 😉



(Source Photo: here with attribution to David Illig)

Safeguarding D.C.

Gas Cylinders
I took this photo the other day of a truck loaded from front to back with compressed gas cylinders in downtown, Washington, D.C.



I understand that there are strict safety regulations for this. 



Although with this truck just sitting out on the street, appapently not moving or even attended as far as I could see, I was a little concerned. 



At the same time, coming to work today, there was someone marching down the street yelling “Allah”–again and again–sort of talking to themselves yet screaming something that wasn’t intelligible, at least to me. 



Not that there is anything wrong with freedom of expression, but it just seemed a little wild and scary on the darkened streets. 



I couldn’t help think about this gas truck with all these gas containers from the other day…and are we keeping things as safe as they need to be. 



We take a lot for granted in terms of our security, but are we perhaps getting a little overconfident so many years after 9/11 now. 



Hopefully, we’re all good, but we need to be careful, vigilant, and safe! 😉



(Source Photo: Andy Blumenthal)

Chaos On Metro

Metro
Sheer chaos on the Washington, D.C. Metro this morning. 



A water main break suspended the running of the Orange, Blue, and Silver lines.



The Metro spokeperson told me pointing with his hand up to his the neck that the water was filling the tunnels and getting way up there–nice!



At the same time, disabled trains on the Red line brought things to a “Major Delay,” followed by the offloading of crowded trains because the conductors couldn’t get the doors shut.



At the stations themselves, numerous escalators were out of commission, you can see them at boths ends of the station here, and the people were backed up all along the platforms. 



At one point, I got caught on the edge of a platform with a huge crowd pushing up against me, and had to tell the person behind me to take a step back (that I didn’t want to end up on the tracks, why thank you, and believe it or not, so not-so-nice people actually laughed at that!). 



Unfortunately, it didn’t take much to see how most of this city can be brought to a snarl or taken right out of commission. 


After 9/11, one has to ask, what have we learned as the Capital of the nation that our basic infrastructure and support systems cannot endure the ups and downs of weather and age, let alone G-d forbid another attack on our soil. 



Hopefully, someone will wake up and step up the planning and preparations here, rather than just spending trillions abroad and with what results. 😉



(Source Photo: Andy Blumenthal)

6 D’s Of Cyberwar

Cybersecurity
Popular Science had a interesting article that spelled out the six D’s of Cyberwar:



On the offensive side, you want to destroy, deny, degrade, disrupt, and deceive.



“Unlike World War II code breaking, cyber attacks offer the potential to not just read the enemy’s radio, but to seize control of the radio itself.”



– Step 1: Infiltrate the enemy’s networks and communications and gather/exfiltrate information.



– Step 2:  Compromise the enemy’s information either by:



1) Corrupting the enemy’s information, planting misinformation, sewing erroneous reports, and causing poor decision-making. 

2) Taking control of their networks, disabling or jamming them, and disrupting their command and control or harming their critical infrastructure and causing mass confusion, destruction, and death.



Examples are “not merely to destroy the enemy’s tanks, but to make them drive in circles–or even attack each other” or to cyber attack an enemies control systems for electricity, dams, transportation, banking, and so on. 

With the ability to steal information, sow misinformation, seize control, or even stop the information flow altogether, cyberwar is not just another weapon in our arsenal, but “a tool to help achieve the goals of any given operation.”



On the flip side, you want to defend against the enemy’s use of cyberspace to hurt us.



We need to continue to get serious about cyberwarfare and cybersecurity and become the masters in the information domain, and quickly. 😉



(Source Photo: Andy Blumenthal)

Like Buying A Nuke On The Black Market

Like Buying A Nuke On The Black Market

Buying a serious computer vulnerability is now like acquiring a nuke on the black market.

Nations and terrorists will pay to find the fatal flaw in computer programs that will enable them to perpetrate everything from subversive cyber spying to potentially massively destructive cyber attacks.

As the world is focused on nuclear non-proliferation, computer weapons are the new nukes–able to do everything from a targeted strike on an organization or agency to taking out vast swaths of our nation’s critical infrastructure.

According to the New York Times (13 July 2013), there is a great interest in buying “zero-day exploits”–one where governments or hackers can strike using a computer vulnerability before anyone even knows about it and can correct it.

The average zero-day exploit persists for “312 days–before it is detected”–giving amble time for attackers to cash-in!

Brokers are now working to market the computer flaws for a 15% cut, with some even “collecting royalty fees for every month their flaw is not discovered.”

The average flaw “now sells for around $35,000 to $160,000” and some companies that are selling these are even charging an annual $100,000 subscription fee to shop their catalog of computer vulnerabilities in addition to the cost for each one that varies with it’s sophistication and the pervasiveness of the operating system behind the exploit.

While governments and terrorists are on the prowl to buy the exploits for offensive purposes, technology companies are competing to purchase them and are offering “bug bounties” in order to identify the flaws and fix them before they are exploited.

We’ve come a long way from people and organizations buying software with their regular upgrades and patches to nations and hackers buying the knowledge of the flaws–not to patch–but to spy or harm their adversaries.

You can buy the bomb shelter or software patch, but someone else is buying the next more lethal bomb or vulnerability–the question is who will pay more to get the next exploit and when and how will they use it.

(Graphic by Andy Blumenthal adapted from here with attribution for the mushroom cloud photo to Andy Z.)