Top Secret Tinseltown

So this is a city with a lot of secrets. 


I’m not talking about just the run-of-the-mill, non-disclosure agreement (NDA).


This is Top Secret Tinseltown!


And even the stuff that comes out in the news–whether it’s clandestine transfers of $1.7 billion to the Ayatollahs in Iran or the Uranium One deal with the Russians, there is plenty of dirty little games going on. 


What was hilarious is when when saw this huge industrial shredding truck in the parking lot:

Paper Shredding * Electronic Destruction * Medical Waste Disposal


And there were a line of cars waiting to get rid of their little secrets.


I kid you not when I say that on a Saturday morning, there were at least 25 cars in line to dispose of their “stuff.”


Now who do you know in what city that waits 25 cars deep in line for an industrial shredder on a Saturday morning.


And the cars are pulling up, the trunks are popping open, and boxes and boxes of paper and electronic files are being handed over. 


Gee, I hope the Russians or Chinese aren’t getting into the shredding business…and inside the truck isn’t a large shredder but a bunch of analysts waiting for you to hand it all over. 😉


(Source Photo: Andy Blumenthal) 

Never Ever More Vulnerable

Vulnerable.jpeg

So we have never been more technology advanced. And at the same time, we have never been more vulnerable


As we all know, our cybersecurity have not kept near pace with our ever growing reliance on everything technology.


There is virtually nothing we do now-a-days that does not involve networks, chips, and bits and bytes. 


Energy

Transportation

Agriculture

Banking

Commerce

Health

Defense

Manufacturing

Telecommunications


If ANYTHING serious happens to cripple our technology base, we are toast!


From a crippling cyberattack that disables or hijacks our systems, steals or locks down our data, or creates massive chaotic misinformation flow to a EMP blast that simply fries all our electronic circuitry–we are at the mercy of our technology underpinnings. 


Don’t think it cannot happen!


Whether it’s Wannacry ransonware or the Equifax breach of our privacy data or the Kaspersky Labs hidden backdoor to our top secret files or North Korea threatening to hit us with an EMP–these are just a few of the recent cyber events of 2017!


Technology is both a blessing and a curse–we have more capability, more speed, more convenience, more cost-effectiveness than ever before, but also there is greater vulnerability to complete and utter death and destruction!


This is not just a risk that life could become more difficult or inconvenient–it is literally an existential threat, but who wants to think of it that way?


People, property, and our very society is at risk when our cybersecurity is not what it must be.


It’s a race of defensive against offensive capability. 


And we can’t just play defense, we had better actually win at this! 😉


(Source Photo: Andy Blumenthal)

Nation In Denial

NK.jpeg

We are a nation in utter denial over our problems.


Just to name a few…


Whether from the threat of North Korean dictator, Kim Jong Un, who smiled while displaying a video yesterday of nuclear missiles destroying the USA.


To the shooting death of three in Fresno, CA yesterday by a man shouting “Allahu Akbar” that was deemed not a terrorist attack.


To our national debt of $20 trillion which quadrupled in just the last 15 years under the administration of both political parties.  


Unfortunately, denial is still alive and well, while smiling photos of the North Korean dictator adorn the light poles outside the capital of the USA.


We don’t like to admit our problems be it from despots threatening us with WMD to global terrorism that gives us no peace, and a mammoth debt that is sinking our national economic sustainability.


Smile for the camera!


Don’t worry about big problem-solving. 


What we don’t admit can’t hurt us or can it?  😉


(Source Photo: Andy Blumenthal)

On The Lookout To Managing Risk

risk-management-jpeg

So risk management is one of the most important skills for leadership. 


Risk is a function of threats, vulnerabilities, probabilities, and countermeasures. 


If we don’t manage risk by mitigating it, avoiding it, accepting it, or transferring it, we “risk” being overcome by the potentially catastrophic losses from it.


My father used to teach me when it comes to managing the risks in this world that “You can’t have enough eyes!”


And that, “If you don’t open your eyes, you open your wallet.”


This is a truly good sound advice when it comes to risk management and I still follow it today. 


Essentially, it is always critical to have a backup or backout plan for contingencies.


Plan A, B, and C keeps us from being left in the proverbial dark when faced with challenge and crisis. 


In enterprise architecture, I often teach of how if you fail to plan, you might as well plan to fail. 


This is truth–so keep your eyes wide open and manage risks and not just hide your head in the sand of endless and foolhardy optimism for dummies. 😉


(Source Photo: Andy Blumenthal)

Cybersecurity Lost In Unknowns

Security

Today unveiled is a new Cybersecurity National Action Plan


This in the wake of another Federal data breach on Sunday at the Department of Justice where hackers stole and published online the contact information for 9,000 DHS and 20,000 FBI personnel


And this coming on the heels of the breach at OPM that stole sensitive personnel and security files for 21 million employees as well as 5.6 million fingerprints.


While it is nice that cybersecurity is getting attention with more money, expertise, public/private poartnerships, and centers of excellence. 


What is so scary is that despite our utter reliance on everything cyber and digital, we still have virtually no security!


See the #1 definition for security–“the state of being free from danger or threat.”


This is nowhere near where we are now facing threats every moment of every day as hackers, cybercriminals, cyber spies, and hostile nation states rapidly cycle to new ways to steal our secrets and intellectual property, commit identity theft, and disable or destroy our nation’s critical infrastructure for everything from communications, transportation, energy, finance, commerce, defense, and more. 


Unlike with kinetic national security issues–where we regularly innovate and build more stealthy, speedy, and deadly planes, ships, tanks, surveillance and weapons systems–in cyber, we are still scratching our heads lost in unkowns and still searching for the cybersecurity grail:


– Let’s share more information


– Let’s throw more money and people at the problem.


– Let’s seek out “answers to these complex challenges”


These have come up over and over again in plansreviewsinitiatives, and laws for cybersecurity.


The bottom line is that today it’s cyber insecurity that is prevailing, since we cannot reliably protect cyber assets and lives as we desperately race against the clock searching for real world solutions to cyber threats. 


Three priorities here…


1) Build an incredibly effective intrusion protection system

2) Be able to positively tag and identify the cyber attackers 

3) Wield a powerful and credible offensive deterrent to any threats 😉


(Source Photo: Andy Blumenthal)

SCADA In Pictures

SCADA In Pictures

SCADA 3 SCADA 4 SCADA

So SCADA are Supervisory Control and Data Acquisition systems.

They are a form of Industrial Control Systems (ICS) that monitor and control major industrial processes from power generation, transmission, and distribution, to water treatment, chemical production, air traffic control, traffic lights, building controls, and more.

These are part of our nation’s critical infrastructure.

In the lab, we are able to use tools to capture and analyze communication packets and edit and re-use them to:

– Turn on and off lights

– Open/close perimeter gates

– Control water and gas pipelines

– And even open and close a bridge

This was very scary!

No one, unauthorized, should be able to do this in real life, in the physical world.

This is a major security vulnerability for our nation:

– SCADA systems should not be openly available online, and instead they should be able to be controlled only either locally or remotely through an encrypted virtual private network (VPN).

– SCADA systems should not be available without proper access controls–there must be credentials for user id and passwords, and even two-step authentication required.

No one but vetted, cleared, authorized, and trained personnel should be able to monitor and control our critical infrastructure–otherwise, we are giving them the keys to disrupt it, destroy it, and use it for terror.

We owe our nation and families better, much better.

(Source Photos from lab: Andy Blumenthal)

Medical Hacks

Medical Hacks

Usually when we talk about the dangers of cyber attacks, we are concerned with the dangers of someone stealing, spying, or systematically corrupting our information systems.

But Barnaby Jack who died last week at age 35 brought us awareness of another, more personal and perhaps dangerous hack…that of hacking medical devices.

Barnaby, a director at computer security firm IOActive, became known first in 2010 for being able to hack at cash machine and have it dispense money.

In 2012, he drew attention to a flaw in insulin pumps whereby someone could cause it to administer a fatal dose to its unknowing victim.

This week, Barnaby was going to demonstrate how heart implants could be hacked, killing a man from 30 feet away.

With advances in the miniaturization and battery life of personal medical devices and implants for monitoring and managing patients health, more and more people could be exposed to malicious or murderous cyber attacks on their body.

With the potential for RFID embedded chips for managing our personal identities to bionics for replacing or enhancing human body parts with electronic and mechanical implants, the opportunity for someone seriously messing with our physical person grows each day.

If dangerous vulnerabilities are discovered and exploited in these devices, an enemy could go from the traditional attack on our information systems to potentially sickening, disabling, or even killing millions at the stroke of some keys.

Imagine people keeling over in the streets as if from a surprise attack by a superior alien race or the release of a deadly chemical weapon, only it’s not extraterrestrial or kinetic, but instead a malevolent cyber attack by a hostile nation or cyber terrorist group taking aim at us in a whole new and horrible way.

(Source Photo: here with attribution to Bhakua)