Cybersecurity Vulnerabilities Database

Cybersecurity.jpeg

There is a very useful article in Bloomberg about how the U.S. is taking too long to publish cybersecurity vulnerabilities. 


And the longer we take to publish the vulnerabilities with the patch/fix, the more time the hackers have to exploit it!


Generally, the U.S. is lagging China in publishing the vulnerabilities by a whopping 20-days!


Additionally, China’s database has thousands of vulnerabilities identified that don’t appear in the U.S. version. 


Hence, hackers can find the vulnerabilities on the Chinese database and then have almost three weeks or more to target our unpatched systems before we can potentially catch up in not only publishing but also remediating them. 


Why the lag and disparity in reporting between their systems and ours?


China uses a “wider variety of sources and methods” for reporting, while the U.S. process focuses more on ensuring the reliability of reporting sources–hence, it’s a “trade-off between speed and accuracy.”


For reference: 


The Department of Commerce’s National Institute of Standards and Technology publishes the vulnerabilities in the National Vulnerability Database (NVD).


And the NCD is built off of a “catalog of Common Vulnerabilities and Exposures (CVEs) maintained by the nonprofit Mitre Corp.”


Unfortunately, when it comes to cybersecurity, speed is critical.


If we don’t do vastly better, we can be cyber “dead right” before we even get the information that we were vulnerable and wrong in our cyber posture to begin with.  😉


(Source Photo: Andy Blumenthal)

Advertisements

Never Ever More Vulnerable

Vulnerable.jpeg

So we have never been more technology advanced. And at the same time, we have never been more vulnerable


As we all know, our cybersecurity have not kept near pace with our ever growing reliance on everything technology.


There is virtually nothing we do now-a-days that does not involve networks, chips, and bits and bytes. 


Energy

Transportation

Agriculture

Banking

Commerce

Health

Defense

Manufacturing

Telecommunications


If ANYTHING serious happens to cripple our technology base, we are toast!


From a crippling cyberattack that disables or hijacks our systems, steals or locks down our data, or creates massive chaotic misinformation flow to a EMP blast that simply fries all our electronic circuitry–we are at the mercy of our technology underpinnings. 


Don’t think it cannot happen!


Whether it’s Wannacry ransonware or the Equifax breach of our privacy data or the Kaspersky Labs hidden backdoor to our top secret files or North Korea threatening to hit us with an EMP–these are just a few of the recent cyber events of 2017!


Technology is both a blessing and a curse–we have more capability, more speed, more convenience, more cost-effectiveness than ever before, but also there is greater vulnerability to complete and utter death and destruction!


This is not just a risk that life could become more difficult or inconvenient–it is literally an existential threat, but who wants to think of it that way?


People, property, and our very society is at risk when our cybersecurity is not what it must be.


It’s a race of defensive against offensive capability. 


And we can’t just play defense, we had better actually win at this! 😉


(Source Photo: Andy Blumenthal)

At The Doorstep…WMD

Chem Attack.jpeg

With a new threat again of a chemical weapons attack in Syria…


The U.S. is sending clear warnings to the Assad regime–Don’t do it!


Generally, the threat of using weapons of mass destruction–chemical, biological, radiological, and nuclear–have become all too blase!


Syria uses chemical weapons on its own people. 


– Iraq used chemical weapons on Iran and the Kurds


– Terrorists used chemical weapons in Japan and have threatened similar in UK


– Russia threatens use of nukes over Crimea or in a conflict with NATO.


North Korea threatens preemptive nuclear strike on the U.S. 


Iran has threatened attacks on Israel over nukes.


– Biological weapons such as Anthrax have been used against the U.S. and bioterror has been threatened in India


This list is far from comprehensive–and how very commonplace this is becoming is exactly the problem!


It is one thing (already scary bad) to have weapons that can do the unthinkable, and it is quite another to actually use or threaten to use them in such blase fashion like taking out the garbage or something!


If we don’t ensure that cooler and more stable heads prevail at the notorious red buttons around the world, then the risk of someone eventually doing something very stupid and dangerous to millions–or even billions–of lives is no longer just in the realm of science fiction anymore, but becomes so very ominous and real a disastrous possibility. 😉


(Source Photo: Andy Blumenthal)

Drumbeats Of War

War.JPEG

My bet is that we are looking at a semi-major international confrontation over the next few years. 


The bend over backwards for our enemies is over. 


Terrible and unenforceable deals are shameful history.


Cyberattacks and hacking will not be treated as the cost of doing business in the 21st century. 


Buzzing of our ships and planes won’t be tolerated anymore.


Letting other nations take what they want in Georgia, Crimea, Syria, and the South China Sea is finished. 


Watching helplessly the nuclear proliferation and buildup of the means to deliver weapons of mass destruction by Iran and North Korea won’t go unanswered.


Radical Islamic terrorism is not a dirty word anymore and we will bring the fight to the enemy in a bigger and more serious way. 


Our defense and that of our allies won’t be treated lightly and we will not retreat in the face of evil. 


No one wants war, everyone wants peace, but unless we stop the aggression against us once and for all, the drumbeats of war will only get louder and more ominous. 


Set the boundaries and enforce them before the all the red lines are crossed and a real and highly dangerous confrontation becomes inevitable. 


Peace through strength is far preferable than war because of disengagement, weakness, and leadership from behind. 


(Source Photo: Andy Blumenthal)

Our Assets Are Compromised

Compromise.jpeg

So in the games that nations play, spy games is #1 on the hit parade.


Of course, it’s about using information to get a strategic advantage. 


It runs the gamut from pure espionage in terms of stealing state secrets and intellectual property to conducting stealthy subversive acts to undermine enemies and competitors. 


Whatever spies do, it’s all about compromising assets…whether they be human, information, or critical infrastructure. 


From turning patriots into traitors, words into info warfare, or critical infrastructure in trojan horses ready to im/explode…whatever leads to getting the upper-hand or advantage. 


What one nation comes to rely on for their sustainment and survival is instead exploited and turned against them like a trojan horse or modern-day malware.


And with people, using money, sex, ideology, compromising material (Kompromat), or threats against loved ones–it’s simply about appealing to either opportunism or extortion. 


So truly defense means protecting not only what before one’s eyes, but also what in the rear and at the flanks. 


When the over 21 million personnel records and background investigations where stolen from OPM on virtually all federal employees (civilian, military, and intelligence personnel) a door was left open and the demon is still hiding and waiting to cross the threshold, infiltrate, exfiltrate, and compromise. 


As an society that meaningfully values an open and transparent democracy, we can perhaps too easily become lured or lax to common sense safeguards and vigilance, but that does not excuse negligence, incompetence or stupidity.


Rich people and countries around the world can unknowingly falter by becoming overly comfortable and full of themselves…to the point where many don’t fully care about their jobs or their country, as they sit in their mansions, designer clothes, and with busting bellies.


From the need to vastly improve our competencies in cyberwarfare to defending ourselves from a tidel wave of global terrorism to upgrading the U.S. nuclear triad against resurgent superpowers and dangerous rogue dictators, we have let our guard down to compromise. 


Is expelling 35 Russian diplomats an effective strategy against their technical attempts to subvert our free and democratic elections or does it just underscore how vulnerable we continue to be?


When as a country and with our leadership, we decide to get serious rather than stay scared and war weary then we will not only stand firm again, but fight against weakness and compromise of ourselves. 😉


(Source Photo: Rebecca Blumenthal)

Just Cut It Out

cut-it-out

What a way to handle global leadership…all you have to say is,  just “Cut it out!” and your job is done. 


– Cyber attacking the U.S. democratic election, invasion of Crimea, and encroaching on NATO with nuclear capable missiles…just cut it out! 


– Vast destruction of Aleppo including hospitals, schools, and markets, killings, refugees, and humanitarian crisis, and the dangerous use of chemical weapons on civilians…just cut it out!


– China stealing our drone and militarizing the South China Sea…just cut it out!


– North Korea testing advanced nukes and ballistic missiles capable of reaching Europe and America and threatening to use them…just cut it out!


– Iran taking our sailors captive, humiliating them, buzzing our warships, and violating the nuclear arms deal…just cut it out!


– Abandoning our friends and allies and befriending our enemies sworn to kill us and not even being able to say the words, “Radical Islamist”…just cut it out!


– Spiraling divisiveness, rioting in our inner cities, and cycles of racial and police violence…just cut it out!


– An unsustainable Obamacare with double digit rising rates and decreasing insurance choices (many localities with only 1)…just cut it out!


– Doubling of the U.S. national debt by another $10 trillion and enacting regulations that are strangling business…just cut it out!


– Endless ISIS and other terrorist attacks (yesterday on Berlin, Zurich, Turkey and more) and calls it “workplace violence” or a traffic accident…just cut it out!


Anyone who says that now “We’re feeling what not having hope feels like,” truly must be referring to where we come from and not where we are going.


(Source Photo: Andy Blumenthal)

Returning Our US Drone

chinese

So I love and respect China, and think they are one of the greatest nations of the world.


However, it is wrong that their military stole a US drone in international waters. 


Bullying and theft is a violation of the rule of law and a challenge to America on the international stage. 


So far, our leadership from behind approach has again done virtually nothing, except like a child, ask for it back (after they have already taken whatever they wanted from it). 

Moreover, this is not the first time China has captured our assets and people–less than 6 years ago, they collided into one of our EP-3E surveillance aircraft and captured, interrogated , and held the crew for 11 days!


And hence our planes and ships keep getting buzzed, our citizens captured and humiliated, our assets confiscated illegally, and our secret intellectual property unabashedly hacked and copied.


Moreover, we are seeing a resurgent Russia in Georgia, Ukraine and Syria; a militarized China expanding and weaponizing the South China Sea, a belligerent North Korea with ever further reaching ballistic nukes, and an Iran that violates their nuclear deal at will and now runs amuck with military operations from Iraq to Syria, Lebanon, Yemen, and more. 


Oh, and surely let’s not forget ISIS and the global wave of Islamic terrorism that is unabated from Paris to Orlando. 


Despite our outspending the next leading 8 nations combined on the military, we continue to be the laughing stock internationally with world leaders calling our Presidents everything from the devil to an SOB


No one would dare do this with Putin’s Russia!


Why? Because they know the ridiculous price they would pay. 


We have long since passed the time when we should’ve stopped the whining, begging, and acting the victim, and instead start to do something real to defend ourselves and once again establish a no-nonsense deterrent, rather than a joke of red lines and hollow threats.


Our Commander-in-chief, instead of laying blame at the doorstep of Congress or world leaders doing the wrongdoing, should start to act his position. 


Perhaps, just perhaps, it’s a single phone call to whoever has our drone that says something like, “You have exactly 2 hours to return the drone unharmed or the ship that was responsible for stealing it will pay the consequences–and the clock starts ticking now!”


The funny-sad thing is that bullies don’t stop bullying until you stand up to them once and for all. 


A real Commander In Chief protects his nation and his people and doesn’t let them be victimized in a endless cycle of violence and shame…and he does it before something really bad can happen. 😉


(Source Photo: Andy Blumenthal)