Stop The Coronavirus, Please!

It’s been a few exhausting weeks since the outbreak of the Coronavirus (Covid-19) has gone public. 


First case in China in November.


Now as a Pandemic in 126 countries!


Over 132,000 confirmed cases, so far .


And around 5,000 deaths 🕱.


The numbers are projected to climb/////.


With Dr. Faucci of NIH’s National Institute of Allergy and Infectious Diseases (NIAID) warning that it will “get worse before it gets better.”


Everything is closing down from our work facilities to Cruises, Broadway, and Disney.


Of course, we need the government (at all levels), health professionals, and pharmaceutical companies to get their acts together with an effective response strategy. 


Also, this is a wake up call for better preparedness for all sorts of natural and man made disasters that are awaiting. 


Today it’s a virus (natural or biowarfare) and tomorrow it’ll be a devastating cyber attack that we are woefully unprepared for. 


No more playing politics, half measures, and waiting for the next shoe to drop (Spanish Flu, Pearl Harbor, 9/11).


The rest of us need to do our “prepping” parts and to say a prayer or two and keep going. 


(Source Graphic: Andy Blumenthal)

EMP Attack–>Danger, Danger, Danger

Saw the Movie E.M.P. over the weekend.  


Everyone needs to see this!


The explosion of a nuke(s) in the atmosphere over the country causes an electromagnetic pulse that fries all our electronics. 


Nothing would work!!!


Think cyberattack on steroids with everything out of commission and basically little to no chance of recovery. 


Prognosis is for mass riots, starvation, and illness that wipes out most of the population. 


Easy then for the enemy to swoop in and conquer the country with no resistance and the basic infrastructure still intact for them to build on. 

 

Just having mutually assured destruction is not enough!

 

We need to genuinely be able to counter these threats and not just say: “You’ll die if we die.” 


How stupid and immature is that thinking?


There are more than a share of radical nuts out there who don’t care if they die as long as they take us down.


These are the threats we need to pay attention to before…before…before…it’s too late. 😉


(Credit Photo: Andy Blumenthal)

Tired of All The Whining About China

I don’t know about you, but I am so tired about all the whining about China. 


– They are stealing our intellectual property. 


– They are hacking into our systems. 


– They are unfairly forcing us to transfer technology to them.


– They aren’t opening up their market to us. 


OMG stop the complaining already!


If you don’t like what they are doing, then do something about it. 


Tariffs are a start, but just a small one. 


Seriously, if you can’t incentivize them to stop the harassment and unfair trade practices by adding them to the World Trade Organization, investing in them, and partnering with them, then you need to actually compete with China. 


– They steal our sh*t–you help yourself to a generous serving of theirs.  


– They break into our systems–you find your way into their systems.


– They try to unfairly take away our markets and jobs–you take away theirs big time.  


Everyone knows that to deal with bully, you must fight back!


The more we are scared into inaction, the worse it gets.


This doesn’t mean that we should get into a military exchange with China, but we do need to get into a confrontation over what economic and global partnership should mean and look like. 


China is an old and truly great nation and their people should be highly respected.


However, the USA should also be treated right, and if that means it’s time for a heart to heart and some evening up of the playing field then that is what has to happen. 


We have to restore respect to America, not by becoming bullies ourselves, but by standing up to them when we are being taken advantage of.  😉


(Source Photo: Andy Blumenthal)

Cyber Attacks Typology

Saw this acronym to describe the types of cyber threats and thought it was useful.


STRIDE


Spoofing – Falsifying identity to gain systems access


Tampering – Making unauthorized changes to data or systems


Repudiation – Forging identify of actions to data or system to deny responsibility or even blame a 3rd party


Information Disclosure – Stealing (exfiltrating) information and disclosing it to unauthorized individuals


Denial of Service – Depriving legitimate users access to data or systems


Elevation of Privilege – Transforming user account to allow it to exceed legitimate user privileges (e.g. admin account or superuser)


Funny-sad enough, these six types of cyber attacks can cause any information security officer to lose their stride. 😉


(Source Photo: Andy Blumenthal 

Cybersecurity Vulnerabilities Database

Cybersecurity.jpeg

There is a very useful article in Bloomberg about how the U.S. is taking too long to publish cybersecurity vulnerabilities. 


And the longer we take to publish the vulnerabilities with the patch/fix, the more time the hackers have to exploit it!


Generally, the U.S. is lagging China in publishing the vulnerabilities by a whopping 20-days!


Additionally, China’s database has thousands of vulnerabilities identified that don’t appear in the U.S. version. 


Hence, hackers can find the vulnerabilities on the Chinese database and then have almost three weeks or more to target our unpatched systems before we can potentially catch up in not only publishing but also remediating them. 


Why the lag and disparity in reporting between their systems and ours?


China uses a “wider variety of sources and methods” for reporting, while the U.S. process focuses more on ensuring the reliability of reporting sources–hence, it’s a “trade-off between speed and accuracy.”


For reference: 


The Department of Commerce’s National Institute of Standards and Technology publishes the vulnerabilities in the National Vulnerability Database (NVD).


And the NCD is built off of a “catalog of Common Vulnerabilities and Exposures (CVEs) maintained by the nonprofit Mitre Corp.”


Unfortunately, when it comes to cybersecurity, speed is critical.


If we don’t do vastly better, we can be cyber “dead right” before we even get the information that we were vulnerable and wrong in our cyber posture to begin with.  😉


(Source Photo: Andy Blumenthal)

Never Ever More Vulnerable

Vulnerable.jpeg

So we have never been more technology advanced. And at the same time, we have never been more vulnerable


As we all know, our cybersecurity have not kept near pace with our ever growing reliance on everything technology.


There is virtually nothing we do now-a-days that does not involve networks, chips, and bits and bytes. 


Energy

Transportation

Agriculture

Banking

Commerce

Health

Defense

Manufacturing

Telecommunications


If ANYTHING serious happens to cripple our technology base, we are toast!


From a crippling cyberattack that disables or hijacks our systems, steals or locks down our data, or creates massive chaotic misinformation flow to a EMP blast that simply fries all our electronic circuitry–we are at the mercy of our technology underpinnings. 


Don’t think it cannot happen!


Whether it’s Wannacry ransonware or the Equifax breach of our privacy data or the Kaspersky Labs hidden backdoor to our top secret files or North Korea threatening to hit us with an EMP–these are just a few of the recent cyber events of 2017!


Technology is both a blessing and a curse–we have more capability, more speed, more convenience, more cost-effectiveness than ever before, but also there is greater vulnerability to complete and utter death and destruction!


This is not just a risk that life could become more difficult or inconvenient–it is literally an existential threat, but who wants to think of it that way?


People, property, and our very society is at risk when our cybersecurity is not what it must be.


It’s a race of defensive against offensive capability. 


And we can’t just play defense, we had better actually win at this! 😉


(Source Photo: Andy Blumenthal)

At The Doorstep…WMD

Chem Attack.jpeg

With a new threat again of a chemical weapons attack in Syria…


The U.S. is sending clear warnings to the Assad regime–Don’t do it!


Generally, the threat of using weapons of mass destruction–chemical, biological, radiological, and nuclear–have become all too blase!


Syria uses chemical weapons on its own people. 


– Iraq used chemical weapons on Iran and the Kurds


– Terrorists used chemical weapons in Japan and have threatened similar in UK


– Russia threatens use of nukes over Crimea or in a conflict with NATO.


North Korea threatens preemptive nuclear strike on the U.S. 


Iran has threatened attacks on Israel over nukes.


– Biological weapons such as Anthrax have been used against the U.S. and bioterror has been threatened in India


This list is far from comprehensive–and how very commonplace this is becoming is exactly the problem!


It is one thing (already scary bad) to have weapons that can do the unthinkable, and it is quite another to actually use or threaten to use them in such blase fashion like taking out the garbage or something!


If we don’t ensure that cooler and more stable heads prevail at the notorious red buttons around the world, then the risk of someone eventually doing something very stupid and dangerous to millions–or even billions–of lives is no longer just in the realm of science fiction anymore, but becomes so very ominous and real a disastrous possibility. 😉


(Source Photo: Andy Blumenthal)