On October 28th President Obama signed into law the National Defense Authorization Act for Fiscal Year 2010. OK, so more people are needed. Now, let’s talk money. How much money is provided in the 2010 Defense Authorization Act for Cyber Defense? A lot.
The question is not lack of process but whether or not security is being used to help enforce business process in the relevant areas of product safety, customer service, employee workplace security and information protection in business-to-business relationships.
There are four pillars to the cyber war realm: intelligence, technology, logistics, and command. By understanding these factors IT security practitioners can gauge the threat to their own organization from cyber war and perhaps take steps to prepare for either direct attacks or the fallout from an outbreak of cyber hostilities between nations.
This is the first cogent look at the efficacy of waging strategic cyber war and I hope will serve to slow the rhetoric coming from the US Defense community about acquiring cyber offensive capability: “Can cyberattacks disarm cyberattackers? In a world of cheap computing, ubiquitous networking, and hackers who could be anywhere, the answer is no.”
I recently saw an article entitled Compliance is the New Security Standard. The basic thesis of the blog post was that since companies have to spend money on compliance, they might as well spend the money once and rename the effort “security”. This is an interesting notion – although perhaps “placebo security” might be a cheaper approach. Compliance is not equivalent to security for several fundamental reasons…
The root cause of application security vulnerabilities is usually design bugs, and often there are implementation defects. The empirical data showed that software bugs accounted for over 55% of the contributing vulnerability to the event (see the Business Threat Modeling study).The root cause of application security vulnerabilities is usually design bugs, and... more
I recently moved to Ecuador. Not for a vacation. Not for a month or two. I moved to Ecuador for good, as a permanent resident.
Upon hearing my plans for living in South America, many people who knew me in the States asked things like, “Well what about the stability of Ecuador as a nation?” To which I would respond, “Oh, you mean the stability of banks that don’t make loans and don’t invest in derivatives? You mean the stability of a nation where the population still has the courage to march in the streets and throw corrupt officials out of its capitol?”Mike Adams
Counterthink
March 22, 2009
I recently moved to Ecuador. Not for a... more
People and their employers are unwilling to discuss the details of security events that happened, their security vulnerabilities, the damage in dollars was actually caused, how the events were discovered, how the threats that exploited the vulnerabilities were mitigated and most importantly – how well their current security products perform.People and their employers are unwilling to discuss the details of security events... more
Is the best way to counter the rise of bike gangs in Canada for the government to create a rival bike gang? No. Is the best way to counter Somali pirates to develop piratical abilities? No. Is the best way to fight biologic weapons to develop more virulent pathogens? No.
Federal Agencies and the Defense Department have inadequate cyber defenses, but the course of action should be to beef those defenses up, not to resort to cyber attacks as some sort of deterrent. The best way to counter cyber attacks is with cyber defense.Is the best way to counter the rise of bike gangs in Canada for the government to... more
My daily routine includes a short scan for the latest posts of some specific blogs, especially security related. Of course, there are many security related blogs but considering the time that passes very fast, I can only follow specific ones. So here I share with you the top 5 security related blogs that I think you should subscribe to:My daily routine includes a short scan for the latest posts of some specific blogs,... more
Anyone within an organization could have the motivation, access to resources, and the tools to steal information, or even destroy critical resources. While often overlooked, the insider threat actually outweighs the threats from cyber criminals, hackers and the random malware that most organizations concentrate on. It is the insider that understands where the keys to the kingdom are hidden.Anyone within an organization could have the motivation, access to resources, and the... more
With the perspective of six years of data breaches, the rise of cyber crime, phishing, identity theft, and information warfare - it seems laughable that the big issue of employees bringing malware infested laptops into the office spawned so many companies.With the perspective of six years of data breaches, the rise of cyber crime, phishing,... more
Cyber Security Awareness Month is a waste of time, energy, and tax payer money. All of which could be spent on improving security within the Federal government. They are the ones who are getting infected by malware spread by USB devices, or having their email read or their fighter jet designs stolen. They are the ones that cannot articulate a cyber defense strategy well enough to entice someone to take on the top job…Cyber Security Awareness Month is a waste of time, energy, and tax payer money. All of... more
The US Defense Information Systems Agency announced that it is going to released a Request For Information this month. Anyone responding to DISA’s RFI would do well to study the methodology that Barrett Lyon describes using the open source SQUID proxy and caching server. The technique spelled out by Barrett involves putting a bank of high end servers running SQUID in front of the potential targets.The US Defense Information Systems Agency announced that it is going to released a... more
As it evolves, Emerson believes this next generation telecommunications system, dubbed IronPipe™, will have huge implications for national security as well as tremendous new revenue opportunities for the carriers and supply chains which serve them.As it evolves, Emerson believes this next generation telecommunications system, dubbed... more
Why cyber defense? How is this different than “security”? The difference is in motivation, purpose, and risks. Announcing the birth of Cyber Defense Weekly, a newsletter created to give participants in this new category a comprehensive summary of the week’s news, product announcements, and escalations in cyber threats.Why cyber defense? How is this different than “security”? The difference is in... more
Bruce Schneier points out the attacks against US Federal sites that succeeded in shutting them down or the malware spread by USB thumb drive that infected the US Military Central Command, demonstrate a lack of common sense anti-virus and patch management. But that is a very big deal Bruce…Bruce Schneier points out the attacks against US Federal sites that succeeded in... more
War has not changed. The weapons of disruption, corruption, and destruction reflect only the evolution of human creativity and innovation. We must understand the conflicts that drive their use, be they individual, corporate, or international. Without this insight, we are doomed to cyber attrition.War has not changed. The weapons of disruption, corruption, and destruction reflect... more
The political world is in a moment of transformation with many unprecedented developments rapidly coming together amidst widespread calls for deep, systemic change.
Amory Lovins on:
1. Climate
2. Oil dependence
3. Nuclear proliferationThe political world is in a moment of transformation with many unprecedented... more
There’s one issue that President Bush and presidential hopefuls John McCain and Barack Obama all agree on: expanding the use of nuclear power. We speak with Amory Lovins, the co-founder, chairman and chief scientist of Rocky Mountain Institute in Colorado, who has been described as “one of the Western world’s most influential energy thinkers.”Democracy Now! July 16, 2008
There’s one issue that President Bush and... more
