Preventing Cyber Disaster

prevention

So I liked this ad from Palo Alto Networks on the side of the bus, over the windows:

“Dinosaurs react.
Professionals prevent.”

That’s some very good marketing for a cyber security company.


It’s almost a daily occurrence now to hear about the infiltrations into our networks and exfiltrations or manipulations of data that is taking place across government and industry.


Just today again, another NSA contractor accused of stealing highly classified computer code.


The day before Guccifer 2.0 and Wikileaks releases trove of stolen documents from the Clinton Foundation


And again, J&J reveals that it’s insulin pump is vulnerable to hacking following allegations in August that St. Jude heart devices were subject to life-threatening hacking. 


Certainly, we can’t afford to sit back and wait to react to the next attack…damage control and remediation is much harder than getting out in front of the problem in the first place. 


Prevention and deterrence is really the only solution…keep the hackers out and make sure they know that if they mess with us and our systems that we can identify who they are, find them, and take them out. 


These are the capabilities we need and must employ to dominate the cyber realm. 


In the presidential debates, candidates struggled to articulate how to deal with cybersecurity


But this is not a game of cyberopoly, rather national security, critical infrastructure, vital intellectual property, and our economy is at risk. 


Giving away Internet control and trying to plug leaks after the fact on a sinking cyber ship is no way to manage our vital technology resources.


It’s high time for the equivalent Cold War determination and investment that ensures we win a free and safe cyberspace with all our networks and data intact. 


This is the only way that we don’t go the way of the dinosaurs. 😉


(Source Photo: Andy Blumenthal)

Vetting The Refugees–Do You Think It’ll Work?

Spy.JPEG

So not that anyone was so thrilled with the Syria and Iraq refugee idea post 9/11 to begin with…


But now 31 States have come straight out refusing to take these refugees post the terror attack that happened just last week in Paris–where at least one of the terrorists was...


Guess what?


That’s right!  A fake refugee from Syria


But what about the “intensive vetting process” that is being promised for these 10,000 refugees?


Well what can be more intensive than the vetting that the American government does on employees working for highly sensitive agencies like the CIA, FBI, and NSA? 


So how has that worked out?


Probably not too bad, but the problem is that no vetting no matter how thorough is foolproof, hence major spies have infiltrated these organizations for years or even decades and caused immense harm to national security:


Robert Hanssen (former FBI–spied for the Soviets for 21 years)


Aldrich Ames (31-year veteran of the CIA, compromised 2nd largest number of CIA agents after Robert Hanssen)


Edward Snowden (leaked classified information from the NSA on our surveillance programs)


The point is that no matter how well we vet 10,000 or more refugees from Iraq and Syria, with ISIS vowing “to strike America at its center in Washington”–there certainly can be some errors in the screening and final adjudication process.


Again no vetting process is perfect–especially when the refugees themselves are admitting that fake ideas are being given out to them like candy in a candy store. 


So that’s the dilemma we now face:


HEART–do what our heart tells us to and help people in need by taking in the refugees.


OR 


HEAD–follow our heads not risking another one or more potentially devastating terror attacks on the U.S. homeland. 


The choice is heartbreaking or headache producing! 😉


(Source Photo: Andy Blumenthal)

Dire Warnings On Cybersecurity

Security Camera
This week Adm. Michael Rogers, the Director of the National Security Agency and head of U.S. Cyber Command issued a stark warning to the nation about the state of cybersecurity:



With our cybersecurity over the next decade, “It’s only a matter of the ‘when,’ not the ‘if,’ that we are going to see something dramatic.



The Wall Street Journal reports that he gave ” a candid acknowledgement that the U.S. ISN’T yet prepared to manage the threat!”



China and “one or two others” [i.e. Russia etc.] are infiltrating our SCADA networks that manage our industrial control systems, including our power turbines and transmission systems,.



The cyber spies from the nation states are “leaving behind computer code that could be used to disable the networks  in the future.”



Can you imagine…you must imagine, you must prepare–not if, but when. 



(Source Photo: Andy Blumenthal)

The *S*p*y* Named Snowden

The *S*p*y* Named Snowden

So was Edward Snowden a whistleblower (some even call him a patriot) or one of the most ruthless spies this country has ever known?

An editorial in the Wall Street Journal by Edward Jay Epstein makes a strong case that Snowden was a spy galore, and the whistleblowing was his cover.
What he stole? – 1.7 million documents from the NSA with “only a minute fraction of them have anything to do with civil liberties or whistleblowing.” Instead, the vast majority “were related to our military capabilities, operations, tactics, techniques, and procedures”–otherwise known as the “keys to the kingdom.” Moreover, it seems clear that a “top priority was lists of the computers of U.S. adversaries abroad that the NSA has succeeded in penetrating.”
When he stole them? – Snowden took the Booz Allen Hamilton job as a contractor for NSA in March 2013–this was at the “tail end of his operation.” Moreover, the Foreign Surveillance Intelligence Act (FISA) court order for Verizon to provide metadata on U.S. phone calls for 90 days had only been issued in April 2013. And Snowden told reporter James Rosen in October 2013, that his last job at NSA gave him access to every active operation against the Chinese and “that is why I accepted the position.”
Where did Snowden end up? – First in Hong Kong and then under the protection of the FSB (aka the old KGB) in Russia, which “effectively compromises all the sources and methods” and ties all too nicely with what he stole. A former cabinet official has indicated that the Snowden heist was either Russian espionage, Chinese espionage, or a joint operation.
If Snowden really was a spy as indicated, then the Whistleblowing of domestic surveillance in the U.S. was a most brilliant ploy by his operators to distract our nation from the true nature of the exfiltration and the harm done to our national security. In a way, it falls right in line with Russia’s creative storyline/coverup in taking Crimea in saying that they were only protecting ethnic Russians. Score 2 for Russia!

Are we so easily lied to and manipulated…is public opinion really just jello in the hands of the global spymasters.

We’ve got to be smart enough (i.e. critical thinkers) to interpret the noise in the intelligence signals, political speeches, and news stories to unveil the truth of what is really going on. In advertising, when exposing the truth of products and companies, this is sometimes referred to as culture jamming. Can we apply this to the complicated intrigue of global politics and get past the storyline that is fed to us to expose truth?

It’s high time to outmaneuver those that may seek to manipulate the public (whether from outside or even sometimes from within) with some brilliance of our own–in not believing every snippet that is fed to us and instead looking at the bigger picture of political theater, special interests, and national security to see who is now zinging whom and why. 😉

(Source Photo: Andy Blumenthal)

The Dancer and The Tablet

So we are at this Mediterranean Restaurant next to the beach.

We are sitting outside–it is a little chilly and we cozy up next to one of the fire poles to keep warm.

We weren’t eating much; just a drink for our anniversary and something to munch on.

All of a sudden, my wife points to this lady from the next table who gets up and starts dancing provocatively.

You can see the sliver of ocean behind her, the night sky, and the cars and pedestrians are going by behind her.

There are multiple realities going on here:

She is in her own world–dancing to the music, swaying this way and that, and enjoying her femininity.

On the other hand, the guy she’s with is taking a video of her on his tablet computer–he seems more concerned with capturing the moment with his technology than enjoying his girlfriend.

We are conscientious observers–I sort of wondered if the guy should’ve been paying more attention to the women who was wooing him than playing with his tablet.

The other lesson that I can’t help reaching is that cameras and microphones are truly everywhere–privacy is a complete myth!

He is recording her, we are videoing them on our smartphone, and the restaurant is taping all of us on CCTV cameras, and NSA is laughing at us from Fort Meade.

So if you want solitude, book a flight with Virgin Galactic. 😉

No Such Agency (NSA) Listening To No Such Information (NSI)

No Such Agency (NSA) Listening To No Such Information (NSI)

The National Security Agency (NSA) frequently referred to by the secretive surname of No Such Agency is at the forefront of our signals intelligence (SIGINT) and in protecting America–they are amazing!

Recently, there is a lot of controversy about the PRISM program for sifting through communications looking for terrorist contacts, plans, and imminent attacks to be foiled.

Is this necessary for security or a violation of our privacy?

Of course, we value our privacy and generally wish we had more. (For me growing up in the busy and crowded city that never slips, I craved a little more quiet and secluded life and that’s how I ended up in the Washington D.C. suburbs).

Anyway, if your an average hard-working Joe or Jane, what do you fear about PRISM?

For me, if “they” are tracking calls or listening–this is what they hear:

– The occasional squabble with my loving wife (yes, we drive each other nuts sometimes).

– My teenage kids hanging up their phone on me, not wanting to hear my brilliant (in my own mind) parental advice and guidance.

– My elderly parents lecturing me and telling me that I should go to synagogue more often.

– The daily life transactions with the plumber, the cable service, and the credit card company.

If your honest and loyal, and the system works fairly, the way it’s supposed to, your communications are just some transmission packets travelling through cyberspace to carry out your life’s goings on.

Then again, if you’re crooked, a traitor, or planning to or have hurt someone, well then your up against some very powerful technology tools and (hopefully) your going to get caught and get what’s coming to you.

The big concern then is not when the system works well and fairly, but when it’s used corruptly, fraudulently, or for political ends.

Then it’s not what someone overhears you say or sees you do that’s a real concern, but rather, with all the advanced electronics and technology, what can be made up about you to address personal or political gripes, grievances, or just settle a score.

You don’t have to be afraid (generally) of what you do honestly, instead you need to fear the dishonesty of those who can or are apt to misuse the technology for their own ends.

Then what you really did or said, can be taken out of context, exaggerated, edited, spliced, or otherwise doctored to something else entirely.

This is why the integrity and ethical backbone of those who run the country and our vital institutions are of paramount importance.

With honesty, ethics, and justice–a surveillance system can greatly enhance national security. Without these things, they can be a tool of corruption. The best protection is not unplugging the system, but hooking in lots of internal and external controls to keep it honest. 😉

(Source Photo: here by LittleBirth)

The Privacy Slope

Slippery

I read with interest Ronald Bailey’s book review of Privacy by Garet Keizer in the Wall Street Journal ( 16 August 2012) .

In a nutshell, privacy is founded in the Constitution’s 4th Amendment: “the right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures, shall not be violated.”

I would define privacy as the freedom–to think, to feel, and to act as ourselves (within ethical boundaries) without fear of intrusion, revelation, or reprisal.

In other words, it should only be our business who we love, what we are interested or believe in, who we vote for, what we choose to do with our lives, and more.

I think in grade school, the children generally sum it up well when they playfully chant: “Mind your own BI,” where BI is used for business (or biziness). 🙂

According to Keizer, the danger to privacy come into play from two main sources:- Commerce–who want to sell you something and

– Government–that needs to surveil for security and law enforcement purposes

After 9/11, their was a perceived need for greater surveillance to enhance homeland security, and with advances in technology and communications (smartphones, Internet, social media, etc.), the ability to snoop became far easier.

In 2002, the DoD program for Total Information Awareness (TIA) was an attempt to know everything (i.e. total) about those who would do us harm, but fears about this capability being used against the innocent, quickly required a rethinking or perhaps, just a rebranding.

Some say that the new NSA mega data center in Utah is the fulfillment of the TIA dream–according to the Washington Post, already in 2010 NSA intercepted and stored “1.7 billion emails, phone calls, and other types of communications.” Further, law enforcement demanded records from cellphone carriers on 1.3 million subscribers “including text messages and caller locations” over just the last year’s time.

Keizer cautions that “the ultimate check on government as a whole is its inabilityto know everything about those it governs”–i.e. without the people holding the cards, there is the risk of spiraling into a Big Brother totalitarian society–goodbye democracy!

I think Keizer perhaps oversells the fear of government surveillance and underemphasizes intrusion from business–his thinking is that “If consumers are annoyed with a merchant’s monitoring, they can buy elsewhere.”

But what Keizer misses is that industry as a whole has moved toward the use of technology–from club cards and promotions to use of Internet cookies, RFID, and more–to systematically track consumers and their buying behavior and that information is readily captured, packaged, used, and sold for marketing and sales–as well as to the government!

As a common practice now, where is a consumer to go that will shield them from hungry business looking to capture market share and earn nice profits?

At the same time, while government surveillance can certainly be misused and abused with terrible consequences for individuals society—there are potentially a lot of people looking over the shoulder of those carrying out public programs–and this “sunlight”–where and when it shines–can help to prevent bad things happening. The problem is that the system is not perfect, and there are always those program people who act of out of bounds and those watchers who are ineffective and/or dishonest.

Overall, it’s a zero sum game, where those that hype up security and capitalism, can tramp down on privacy, and vice versa.

In totality, we can never just assume everything will be okay when it comes to privacy and how information is used, but we have to be active citizens helping ensure that right things are done, the right way.

For regular, hardworking, decent citizens, there is a definite need to safeguard privacy–and technology can be helpful here with anonymizers, encryptors, and other shielding tools

For the bad guys, I would imagine, no question, that the government will continue to develop the means to thwart their secrecy and planning to inflict harm on the American people.

For business, it’s okay to capture consumer information and sell, but pour it on to thick and people will think twice about your company’s ethics and brand–and even a lawsuit may be in the making.

Yes, privacy is a slippery slope, and not only can a person’s self be revealed or used inappropriately, but the voyeur can get burned too if they overdo it.

(Source Photo: Andy Blumenthal)

Cyberwar, You’re On

Cyber_warfare

There was significant news this week about the U.S. and Israel making major inroads with cyberwar capabilities.

First, the New York Times today (1 June 2011) writes about alleged Bush and Obama administrations’ “increasingly sophisticated [cyber] attacks on the computer systems that run Iran’s main nuclear enrichment facilities”–sabotaging as many as a 1000 centrifuges, delaying their deadly program by as much as 2 years, as well as conducting cyber espionage to strengthen our negotiating hand.

The cyber offensive program code-named Olympic Games allegedly involved cyber weapons codeveloped by the United States’ National Security Agency and Israel’s advanced cyber corps, Unit 8200.

The malware included such programs such as Stuxnet, Duqu, and The Flame and according to Bloomberg BusinessWeek (30 May 2012) may date as far back to 2007.

These cyber attacks have been viewed as the best hope of slowing the Iranian’s sinister nuclear program while economic sanctions have a chance to bite.

Additionally cyber attacks were viewed preferentially over using traditional kinetic military options and potentially causing a regional war in the Middle-east.

At the same time, the use of cyber weapons is a double-edged sword–if we use it on others, this may encourage cyber proliferation and it’s eventual use on us–and as the NYT writes, “no country’s infrastructure is more dependent on computer systems and thus, more vulnerable to attack than the United States.”

Therefore, it was good to see in The Washington Post yesterday (30 May 2012) that the Pentagon’s Defense Advanced Research Projects Agency (DARPA) is pursuing Plan X–“ambitious efforts to develop technologies to improve its cyberwarfare capabilities, launch effective attacks, and withstand likely retaliation.”

“If they achieve it, they’re talking about being able to dominate the digital battlefield just like they do the traditional battlefield.”
The “five-year $110 million research program” is seeking to accomplish three major goals in arming U.S. Cyber Command at Fort Meade for cyber war:

1) Mapping Cyberspace–create realtime mapping of the entire cyberspace and all its devices for commanders to use in identifying targets and disabling them and seeing enemy attacks.

2) Building A Survivable O/S–Just like DARPA invented the Internet as a survivable messaging and communication system, so too, they want to develop a battle-ready operating system for our computers (like a tank) “capable of launching attacks and surviving counterattacks.”

3) Develop (Semi-)Autonomous Cyber Weapons–so cyber commanders can engage in “speed-of-light attacks and counterattacks using preplanned scenarios that do not involve human operators manually typing in code.”

Just to be clear, with cyber warfare, we are not just talking about computers taking out other computers–and end there, but rather this is where computers take out computers that are controlling critical infrastructure such as the power grid, transportation systems, financial systems, supply chain, command, control, and communications, weapons systems, and more.

Cyberwar could be more humane than pulverizing [targets]…with bombs,” but I doubt it will be.

Imagine, virtually everything you know coming to a complete halt–utter disruption and pandemonium–as well as the physical effects of that which would ensue–that’s what cyber war is all about–and it is already on the way.

So as, Richard M. George, a former NSA cyberdefense official stated: “Other countries are preparing for a cyberwar. If we’re not pushing the envelope in cyber, somebody else will.”

It is good to see us getting out in front of this cyber security monster–let’s hope, pray, and do everything we can to stay on top as the cyberspace superpower.

(Source Photo: Andy Blumenthal taken of mural at National Defense University, Washington D.C.)

Those In The Know, Sending Some Pretty Clear Warnings

Listen

There have been a number of leaders who have stepped up to tell people the real risks we are facing as a nation.

They are not playing politics–they have left the arena.

And as we know, it is much easier to be rosy and optimistic–let’s face it, this is what people want to hear.

But these leaders–national heros–sacrifice themselves to provide us an unpopular message, at their own reputational risk.

That message is that poor leadership and decision-making in the past is threatening our present and future.

Earlier this week (15 May 2011), I blogged about a documentary called I.O.U.S.A. with David Walker, the former Comptroller General of the United States for 10 years!

Walker was the head of the Government Accountability Office (GAO)–the investigative arm of Congress itself, and has testified before them and toured the country warning of the dire fiscal situation confronting us from our proclivity to spend future generation’s money today–the spiraling national deficit.

Today, I read again in Fortune (21 May 2012) an interview with another national hero, former Admiral Mike Mullen, who was chairmen of the Joint Chiefs (2007-2011).

Mullen warns bluntly of  a number of “existential threats” to the United States–nukes (which he feels is more or less “under control”), cyber security, and the state of our national debt.

Similarly, General Keith Alexander, the Director of the National Security Agency (NSA) and the head of the Pentagon’s Cyber Command has warned that DoD networks are not currently defensible and that attackers could disable our networks and critical infrastructure underpinning our national security and economic stability.

To me, these are well-respected individuals who are sending some pretty clear warning signals about cyber security and our national deficit, not to cause panic, but to inspire substantial change in our national character and strategic priorities.

In I.O.U.S.A., after one talk by Walker on his national tour, the video shows that the media does not even cover the event.

We are comfortable for now and the messages coming down risk shaking us from that comfort zone–are we ready to hear what they are saying?

(Source Photo: here with attribution to Vagawi)

Cloud Second, Security First

Shadyrat_map

Leadership is not about moving forward despite any and all costs, but about addressing issues head on.

Cloud computing holds tremendous promise for efficiency and cost-savings at a time when these issues are front and center of a national debate on our deficit of $14 trillion and growing.

Yet some prominent IT leaders have sought to downplay security concerns calling them “amplified…to preserve the status quo.” (ComputerWorld, 8 August 2011)
Interestingly, this statement appeared in the press the same week that McAfee reported Operation Shady RAT–“the hacking of more than 70 corporations and government organizations,” 49 of which were in the U.S., and included a dozen defense firms. (Washington Post, 2 August 2011)
The cyber spying took place over a period of 5 years and “led to a massive loss of information.”(Fox News, 4 August 2011)
Moreover, this cyber security tragedy stands not alone, but atop a long list that recently includes prominent organizations in the IT community, such as Google that last year had it’s networks broken into and valuable source code stolen, and EMC’s RSA division this year that had their SecurID computer tokens compromised.
Perhaps, we should pay greater heed to our leading cyber security expert who just this last March stated: “our adversaries in cyberspace are highly capable. Our defenses–across dot-mil and the defense industrial base (DIB) are not.” (NSA Director and head of Cyber Command General Keith Alexander).
We need to press forward with cloud computing, but be ever careful about protecting our critical infrastructure along the way.
One of the great things about our nation is our ability to share viewpoints, discuss and debate them, and use all information to improve decision-making along the way. We should never close our eyes to the the threats on the ground.
(Source Photo: here)