Legislation designed around reducing the nation’s risk of cyber attacks have been in the works for a while now. Much debate has taken place about the Cyber Information Sharing and Protection Act (CISPA). What has changed is that just in mid-July President Obama began applying pressure to get it passed. A few pundits have even called the presidential pressure an all-out push.
Consider what Gen. Keith Alexander, the head of U.S. Cyber Command recently stated, which is that DOD will have full cyber readiness by 2014. Full cyber readiness would include offensive cyber capabilities, appropriate level of cyber defenses and intelligence that is critical to cyber offensive and defensive capabilities.
The United States is not the only one taking actions to mitigate the threat in cyberspace. Just recently the British Parliament’s Joint Intelligence and Security Committee asserted the need for aggressive retaliatory cyber strikes against those who attack the U.K.’s cyber defenses. They made it clear that they want their security agencies to become more aggressive and pursue those who attack Britain’s cybersecurity.
Australia also has made comments contributing to the international cyber efforts. The head of Australia's leading spy agencies stated that cyber warfare is one of the most serious threats to their national security and also disclosed the dramatic changes in the security environment in the recent past.
The news about cyberattacks, cyber espionage and evolving cyber threats has not been good lately. All this has combined to have many who monitor the cyber threat domain asking why the change and new sense of urgency? What do they know that the general public doesn’t?
In honor and remembrance of Petty Officer Third Class John Thomas Larimer of the Navy Fleet Cyber Command, and all the victims of the July 20 shooting tragedy in Aurora, Colo.
Posted on Jul 25, 2012 at 6:47 AM0 comments
The current wave in technology is all about mobile devices – no doubt about it. New devices with innovative applications and services are the draw for the billions of wireless users worldwide. Some users find these devices addictive. Security issues surrounding wireless devices are commonly talked about and discussed, and some improvements have been made while many others are on the way.
Like traditional computing, the lack of knowledge among mobile users about the security issues is well known. Some efforts to rectify that knowledge gap that is all too common in security problems currently. However, it is not always the end user that is the root cause of the knowledge problems that result in security issues.
This became all too evident in a recent interaction I had with a device and service provider. While upgrading to a newer device I interacted in person with one of the sales staff. During that interaction I decided to probe into his general knowledge about security issues surrounding the devices and services that were being pitched to me. If I were to give his awareness a grade it would be a big fat F.
He knew nothing about any of the devices related vulnerabilities that have been widely publicized for months, not even the basics. I am not talking about advanced threats, I am talking about fundamental issues. The product knowledge of this provider was so lacking that they even sold me an accessory that would not work with the device he sold me. So his knowledge gap went far beyond security. It encompassed basic product knowledge of interoperability with other products they sold.
Once I discovered the interoperability mismatch, I called the store. After 30 minutes of trying, I was finally connected to another sales representative. I just wanted to return the incompatible accessory and get one that works. I found it hard to believe, but she was even less knowledgeable.
Maybe it’s time that the basic sales training on a company’s products include the security fundamentals for that product or service. With all that is at stake at least these organizations should make sure they are not making the security situation worse with incorrect information. Or at least read Symantec’s eight-page Consumer Guide to Wireless Device Security.
Posted on Jul 19, 2012 at 12:54 PM1 comments
The number and impact of recent operational and intelligence leaks has caught the attention of just about everyone in the defense community, especially the upper brass. Their concern is that these leaks will not only have a negative impact on our national security but also could cost the lives of covert operatives working on our behalf. These events and concerns have resulted in a number of investigations being launched to get to the bottom of the leaks.
As the FBI continues its investigation into the inappropriate disclosures of this sensitive information, intelligence professionals, strategists and Defense Department policy staff are working on ways to solve this complex problem. In early July, an interesting idea surfaced that has by one account gotten legs.
The strategy is quite simple, the DOD and the intelligence community will work cooperatively to design and implement an ongoing disinformation campaign to proactively blur the view of sensitive information if it is leaked. This campaign is said to be designed to distribute false information deliberately and in some cases covertly to obscure the truth.
Disinformation as it relates to espionage or military intelligence is generally defined as the deliberate spreading of false information to mislead an adversary as to one's position or course of action. Some military and intelligence agencies also refer to this as black propaganda.
These techniques are commonly used to manipulate the recipients of the information at the rational level by either discrediting actual (i.e., real) information or supporting false conclusions.
I reached out to my sources to see if I could confirm this course of action and got the following response: “Implementing a disinformation campaign? With all the contradictory reports that I see in the media I thought we had done that years ago." Of course, the leak about the design and implementation of a disinformation campaign to obscure the truth could be disinformation itself.
Posted on Jul 12, 2012 at 12:54 PM0 comments
In my Digital Conflict blog on Aug. 11, 2011, I discussed the need for continuous innovation and creativity, which should be coupled with out-of-box thinking, as fundamental requirements for intelligence collection and analysis. This is necessary of the defense community is to stay ahead of the changing cyber threat environment.
I also pointed out that the private sector is on the spot to provide the next generation of products and services needed to address the demands of the cyber environment. On June 27, the results of a survey conducted by management consulting firm KPMG of 668 business executives in the Americas, Asia Pacific, Europe, the Middle East and Africa was released. The survey participants said that China and the United States show the most promise for disruptive breakthroughs that would have global implications. By far the most interesting yet troubling portion of that study found that only 39 percent of U.S. respondents selected the United States as most promising.
Has the United States lost its creative and innovative mojo? After having multiple discussions about this since that blog posting, two schools of thought have emerged. First and foremost, creativity and innovation involves risks, and the economic slow down that began back in 2008, and has hung on ever since, has made many companies take a risk-averse position. The second thought was that the continual hacking of U.S. companies, and the resulting theft of intellectual property, significantly contributed to the low rating. We all know that most of those activities have been attributed to China.
Regardless of the cause corrective actions must be taken immediately. Our country’s economic future and our national security may damn well depend on it.
Posted on Jul 05, 2012 at 12:54 PM2 comments