Brazil’s military took the plunge and recently established a military cyber command. Many have applauded this action as a big first step. After all, Brazil is in the top 10 countries when it comes to cyber crime, and some estimates have placed the country in the top 5 in that category.
Brazil's armed forces (Navy, Air Force and and Marine Corps) are the largest in Latin America with just more than 300,000 members and also more than 1 million reservists. The country’s armed forces’ budget is estimated to be between 1.7 percent and 1.85 percent (+/- $44.5 billion) of the country’s gross domestic product, which in 2011 was estimated at $2.324 trillion.
While the cyber group is limited in size and has a modest budget. Army General José Carlos dos Santos, commander of the Cyber Defense Center, anticipates the center’s staff to soon grow to about 100. In a published interview, he described cyber warfare as an asymmetric challenge and identified future challenges that he and his staff will focus on in the months ahead.
Brazil is re-skilling members of its military and supplementing them by hiring civilians with desired cyber skills. The new cyber center is constructing a modern situational awareness room to monitor cyber threats. The center’s monitoring efforts are said to focus on trends and statistics rather than monitoring individual users, and broader attention is being given to threats on social networks.
Brazil ranks 37 in the world in terms of cyber warfare capabilities in the Cyber Commander’s eHandbook and this move is expected to raise that ranking moderately.This comes as little surprise to those that monitor cyber threat activity globally. Brazil has been the target of hostile cyber activities. Some reports suggest the country receives thousands of cyberattacks each day. Some of the more harmful cyberattacks have been denied by Brazilian authorities.
Posted on Aug 09, 2012 at 2:46 PM0 comments
To some extent we are all shaped by the breadth and depth of our experiences in the cyber domain. These experiences are what shapes our mental models and drives our actions. The development of our mental models is influenced by related events we are exposed to whether directly or indirectly. These mental models have somewhat culminated around a set of key areas. An interesting question came up last week – based on the last decade of experience -- what would be the top 10 areas that contribute the most to cyber insecurity?
After careful consideration below is my list. (These are not in any specific order. )
--Egos and attitudes of users and security staff.
--Perception of immunity of software suppliers.
--Limited funding for cybersecurity programs.
--Failure to integrate cyber and physical security.
--Inability to keep up with malware production.
--Lack of global cooperation on cyber investigations.
--Global black market for zero-day threats.
--Overlapping, contradicting and confusing regulations.
.--Lack of cyber threat understanding by executives.
--Assignment of responsibility without authority.
Those who have different opinions and attitudes are coming from a different perspective. The warnings about the threats posed by cyberattacks from cleared security professionals are often harsher and express more concerns than those who are not experiencing the brunt or most advanced that cyber attackers have to offer. Based on my perception, the national security implication of these cyberattacks is huge and continues to get worse. The public and private-sector need to come together and address this critical issue before it is too late.
Posted on Jul 27, 2012 at 12:00 AM1 comments
Legislation designed around reducing the nation’s risk of cyber attacks have been in the works for a while now. Much debate has taken place about the Cyber Information Sharing and Protection Act (CISPA). What has changed is that just in mid-July President Obama began applying pressure to get it passed. A few pundits have even called the presidential pressure an all-out push.
Consider what Gen. Keith Alexander, the head of U.S. Cyber Command recently stated, which is that DOD will have full cyber readiness by 2014. Full cyber readiness would include offensive cyber capabilities, appropriate level of cyber defenses and intelligence that is critical to cyber offensive and defensive capabilities.
The United States is not the only one taking actions to mitigate the threat in cyberspace. Just recently the British Parliament’s Joint Intelligence and Security Committee asserted the need for aggressive retaliatory cyber strikes against those who attack the U.K.’s cyber defenses. They made it clear that they want their security agencies to become more aggressive and pursue those who attack Britain’s cybersecurity.
Australia also has made comments contributing to the international cyber efforts. The head of Australia's leading spy agencies stated that cyber warfare is one of the most serious threats to their national security and also disclosed the dramatic changes in the security environment in the recent past.
The news about cyberattacks, cyber espionage and evolving cyber threats has not been good lately. All this has combined to have many who monitor the cyber threat domain asking why the change and new sense of urgency? What do they know that the general public doesn’t?
In honor and remembrance of Petty Officer Third Class John Thomas Larimer of the Navy Fleet Cyber Command, and all the victims of the July 20 shooting tragedy in Aurora, Colo.
Posted on Jul 25, 2012 at 7:01 PM0 comments
The current wave in technology is all about mobile devices – no doubt about it. New devices with innovative applications and services are the draw for the billions of wireless users worldwide. Some users find these devices addictive. Security issues surrounding wireless devices are commonly talked about and discussed, and some improvements have been made while many others are on the way.
Like traditional computing, the lack of knowledge among mobile users about the security issues is well known. Some efforts to rectify that knowledge gap that is all too common in security problems currently. However, it is not always the end user that is the root cause of the knowledge problems that result in security issues.
This became all too evident in a recent interaction I had with a device and service provider. While upgrading to a newer device I interacted in person with one of the sales staff. During that interaction I decided to probe into his general knowledge about security issues surrounding the devices and services that were being pitched to me. If I were to give his awareness a grade it would be a big fat F.
He knew nothing about any of the devices related vulnerabilities that have been widely publicized for months, not even the basics. I am not talking about advanced threats, I am talking about fundamental issues. The product knowledge of this provider was so lacking that they even sold me an accessory that would not work with the device he sold me. So his knowledge gap went far beyond security. It encompassed basic product knowledge of interoperability with other products they sold.
Once I discovered the interoperability mismatch, I called the store. After 30 minutes of trying, I was finally connected to another sales representative. I just wanted to return the incompatible accessory and get one that works. I found it hard to believe, but she was even less knowledgeable.
Maybe it’s time that the basic sales training on a company’s products include the security fundamentals for that product or service. With all that is at stake at least these organizations should make sure they are not making the security situation worse with incorrect information. Or at least read Symantec’s eight-page Consumer Guide to Wireless Device Security.
Posted on Jul 19, 2012 at 12:54 PM1 comments