We Just Magically Found $2,000,000,000,000

It’s amazing how we can magically find $2 trillion for a Coronavirus “Rescue Plan.”

This after we already wasted over $6.4 trillion (and thousands of our dead and wounded) through 2017 in unexplainable and endless wars in Iraq and Afghanistan with no known or lasting benefits to this country (while archenemy, Iran continues their pursuit of nukes unabated). 

And for decades, we haven’t been able to find money for:

– Decent healthcare for all Americans.

– Ensuring our national security, including adequate planning and disaster preparedness for things like Coronavirus, cybersecurity, WMDs, EMPs, and for critical infrastructure protection. 

– Repairing our aging roads, bridges, and infrastructure. 

– Fixing our broken public education system.

– Helping our countless of homeless and needy lying the streets of our nation. 

– Restoring our space program to get a man on the moon again or put another shuttle into space. 

When politics are in play, there is plenty of money to go around. 

But when the nation needs proper care and feeding, there are no adults in the room. 😉

(Credit Photo: Andy Blumenthal)

@National Cybersecurity Center of Excellence

So good today to visit the NIST Cybersecurity Center of Excellence (NCCoE).
The cybersecurity solutions developed are aligned to the well-known Cybersecurity Framework (CSF). 

Got to see some of the laboratories, including demonstrations for securing the Healthcare and Energy Sectors. 

Interesting to hear about examples for securing hospitals records and even things like infusion pumps.  

The medical devices are tricky to secure, because they are built to potentially last decades and are expensive to replace, but the underlying technology changes every couple of years. 

Also, learned more about securing the energy sector and their industrial control systems.  

One scary notable item mentioned was about the “big red button” for shutdown in many of these facilities, but apparently there is malware that can even interfere in this critical function. 

It is imperative that as a nation we focus on critical infrastructure protection (CIP) and continuously enhancing our security.

Time is of the essence as our adversaries improve their game, we need to be urgently upping ours. 😉

(Source Photos: Andy Blumenthal)

Top Secret Tinseltown

So this is a city with a lot of secrets. 

I’m not talking about just the run-of-the-mill, non-disclosure agreement (NDA).

This is Top Secret Tinseltown!

And even the stuff that comes out in the news–whether it’s clandestine transfers of $1.7 billion to the Ayatollahs in Iran or the Uranium One deal with the Russians, there is plenty of dirty little games going on. 

What was hilarious is when when saw this huge industrial shredding truck in the parking lot:

Paper Shredding * Electronic Destruction * Medical Waste Disposal

And there were a line of cars waiting to get rid of their little secrets.

I kid you not when I say that on a Saturday morning, there were at least 25 cars in line to dispose of their “stuff.”

Now who do you know in what city that waits 25 cars deep in line for an industrial shredder on a Saturday morning.

And the cars are pulling up, the trunks are popping open, and boxes and boxes of paper and electronic files are being handed over. 

Gee, I hope the Russians or Chinese aren’t getting into the shredding business…and inside the truck isn’t a large shredder but a bunch of analysts waiting for you to hand it all over. 😉

(Source Photo: Andy Blumenthal) 

Tired of All The Whining About China

I don’t know about you, but I am so tired about all the whining about China. 

– They are stealing our intellectual property. 

– They are hacking into our systems. 

– They are unfairly forcing us to transfer technology to them.

– They aren’t opening up their market to us. 

OMG stop the complaining already!

If you don’t like what they are doing, then do something about it. 

Tariffs are a start, but just a small one. 

Seriously, if you can’t incentivize them to stop the harassment and unfair trade practices by adding them to the World Trade Organization, investing in them, and partnering with them, then you need to actually compete with China. 

– They steal our sh*t–you help yourself to a generous serving of theirs.  

– They break into our systems–you find your way into their systems.

– They try to unfairly take away our markets and jobs–you take away theirs big time.  

Everyone knows that to deal with bully, you must fight back!

The more we are scared into inaction, the worse it gets.

This doesn’t mean that we should get into a military exchange with China, but we do need to get into a confrontation over what economic and global partnership should mean and look like. 

China is an old and truly great nation and their people should be highly respected.

However, the USA should also be treated right, and if that means it’s time for a heart to heart and some evening up of the playing field then that is what has to happen. 

We have to restore respect to America, not by becoming bullies ourselves, but by standing up to them when we are being taken advantage of.  😉

(Source Photo: Andy Blumenthal)

17 Years Since 9/11

Today is the 17th anniversary since that fateful day of 9/11 when the terrorists brought down both World Trade Centers and ploughed another plane into the Pentagon.

One of the greatest acts of terrorism in history. 

With almost 3,000 dead and the center of our financial and military strength hit in a flash attack, we as a nation stood naked. 

We’ve gone after the terrorists in Iraq, Afghanistan, Pakistan, Yemen, and more, but still, there is the endless drone of world-wide terrorism. 

Yes, we are lucky that nothing major has happened in the U.S. since 2001.

At the same time, we know that anything could happen at any time–from another terror attack to a catastrophic cyber attack that takes out our critical infrastructure, bioterrorism that wipes out hundreds of millions with genetically engineered viruses, or even nuclear warheads wiping out entire cities or regions of the world. 

Forget natural disasters for the moment, man-made disasters are always just around the corner when it comes to planning and execution.

The FBI and our other dedicated law enforcement personnel try to stop them all, but no one and nothing human is perfect. 

So while we try to maintain an elevated security posture to protect this country and even maybe someday build a wall that doesn’t leave us with porous borders for everyone and anyone to get in willy-nilly, many don’t or barely remember 9/11 and what it meant. 

We said it changed everything forever, but did we mean it?

17 years and we’ve been fortunate–very fortunate–but are we ready for the next fateful blow to land in the ongoing war on terror. 😉

(Source Photo: Andy Blumenthal)

Floppy Disk Earrings

So this was an interesting technology fashion statement.

This lady in Washington, D.C. has earrings that are floppy disks. 

One full diskette on each ear!

I guess not only can she wear them, but she can plug them into her computer at work and save or transfer files (that is if you can still find a computer that actually uses these). 

It makes you think though, from a cybersecurity perspective, what other devices can people “wear” to work and use for good or malicious purposes. 

Another scary thought came to mind, how suicide/homicide bombers strap vests with explosives to their bodies too–do terrorists also adhere to a certain “style” even for murdering people? 

Anyway, fashion can be almost anything apparently…if you can find a way to put it on you body. 😉

(Source Photo: Dannielle Blumenthal)

In The Know or Dark

So here is one way that some people can (try to) manipulate you–positively or negatively. 

They can help either to keep you “in the know” or “in the dark.”

As we all know by now, information is power!

When you’re in the know–you are a trusted agent and a valuable resource; you have more dots and more connections between the dots to make; you are able to analyze what’s happening and make better decision going forward; you can lead with knowledge, wisdom, and hopefully understanding. People come to you for advice, guidance, and because you are a true asset to the team, your superiors, and the organization. 

When you’re in the dark–you are untrusted and unvalued, you may actually be seen as the enemy who needs to be marginalized, put out or taken out! You are kept out of meetings, uninformed or misinformed, and so you become more and more intellectually worthless. Further, others are implicitly or explicitly told that you are poisonous and not to get caught up in the pending slaughter.  A colleague of mine put it this way: “Don’t get between a man and his firing squad.”   

So with others, there can be information alliances as well as information warfare. 

To a great extent, you are responsible for keeping yourself in the know. You need to build relationships, bridges, and networks. You need to read, observe, and talk to lots of people. You need time to digest and analyze what you learn.  And you must build your information store so that it is ready and actionable. 

But to another extent, there are others–superiors, competitors, bullies, abusers–who just might seek to keep you in the dark and bring you down. Not everyone is your friend…some maybe just the opposite. (Wouldn’t it be nice, if we all were just friends!) But showing you the intellectual ass of the group is a powerful nut that once superimposed as an image, cannot be easily distilled. There is plenty of groupthink to go around. And taking out a perceived enemy diffuses their power to everyone else.  What a lousy coup by some nasty f*ckers!

Why some friend and others foe you–who the heck knows. Perhaps some is chemistry; some is tit for tat; some is personal bias and bigotry; and some just the crapshoot of fate. 

In the end, keep doing your part to enhance your value, your friendships, and your integrity. The rest, you have to be vigilant about and realize not everyone wants the lights kept on. 😉

(Source Photo: Andy Blumenthal)

Weaponizing Your Privacy

So this was the funniest War of the Roses on the Kane Show that I ever heard. 

They use the Alexa personal assistant from Amazon (voiceover) to call the cheater. 

In this skit, we really see the potential power of these home computing devices. 

Alexa hears and knows everything that goes on in the house (including the cheating).

Alexa confronts the cheater and calls him a few descript names for his infidelity.

Alexa punishes the cheater by going online to purchase items with his credit card. 

Alexa betrays him by calling his girlfriend and telling her about the cheating. 

Cheating aside, maybe this is a great lesson how we should all be considering our privacy in our homes and on our persons before we install Alexa, Siri, Cortana, the Google Assistant or any other personal or home surveillance systems. 

With all the bad actors out there and people that want to steal everything from your money, identity, secrets, and maybe even your wife–these devices are a direct line into your personal life.

This is called weaponizing your privacy!

Tell me, do you really believe that no one is listening or watching you?  😉

Computer Sentiment 1984

So I found this book in an IT colleague’s office. 

It’s called: “The Unofficial I Hate Computer Book”.

It was written in 1984, and like the George Orwell’s book by that name, it is a dystopian view of technology. 

The back cover says:

Computer haters of the world unite: It’s time to recognize and avenge the wonderful advances we’ve made thanks to computers–excessive eyestrain and headaches, irritating beeping noises, a one-ton printout where once there was a six-page report, a “simple” programming language you can’t understand without five handbooks, a dictionary, and a math degree.

The book goes on with illustration after illustration of unadulterated computer hate and associated violence. 

– Dogs dumping on it (see cover)

– Contests to smash it with a hammer

– Hara-kiri (suicide with a knife) into it

– Skeet shooting computers that are flung into the air

– Shotput with a computer

– Tanks rolling over them

– Sinking it in water with a heavy anvil

– Boxer practicing his punches on it

– Setting it ablaze with gasoline

– And on and on, page after hate-filled page.

So in the last 34-years, have we solved all the annoyances and complexity with computers and automation?  

Do the benefits of technology outway the costs and risks across-the-board?

How do security and privacy play in the equation? 

I wonder what the authors and readers back then would think of computers, tablets, smartphones and the Internet and apps nowadays–especially where we can’t live without them at all.  😉

(Source Photo: Andy Blumenthal)

Cyber Attacks Typology

Saw this acronym to describe the types of cyber threats and thought it was useful.

STRIDE

Spoofing – Falsifying identity to gain systems access

Tampering – Making unauthorized changes to data or systems

Repudiation – Forging identify of actions to data or system to deny responsibility or even blame a 3rd party

Information Disclosure – Stealing (exfiltrating) information and disclosing it to unauthorized individuals

Denial of Service – Depriving legitimate users access to data or systems

Elevation of Privilege – Transforming user account to allow it to exceed legitimate user privileges (e.g. admin account or superuser)

Funny-sad enough, these six types of cyber attacks can cause any information security officer to lose their stride. 😉

(Source Photo: Andy Blumenthal