Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks

The specifics of a security approach may vary according to circumstances, but the mesh that connects the elements is situational awareness combined with systematic abilities for critical communications in cases of emergency.

What are the new Cybersecurity Stakes – What are vulnerabilities and risks?

We live in world of algorithms; x’s and o’s. Our digital world is ripe for access and compromise by those who want do harm from just a laptop and server. A myriad of recent breaches have demonstrated that as consumers we are becoming more and more dependent upon digital commerce. Our banking accounts, credit cards, and financial daily activities are interconnected. We are all increasingly vulnerable from hackers, phishers, and malware proliferating across all commercial verticals.

In the past year, the employment of ransomware has become a method of cyber-attack choice by hackers. This is because many networks (especially hospitals, utilities, universities, and small businesses) are comprised of different systems, devices and often lack required patching and updating necessary to thwart attacks. The recent Wannacry, and Petya attacks were certainly wake up calls to the disruptive implications of ransomware. We can expect to see more such attacks because of the ease of infection and because the vulnerabilities to networks still remain. Continue reading “Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks”

Multilateral Cyber Interests Will Rarely Align

The human-technology cyber conflict cannot be solved, but instead is a fact not to be solved but to be coped with over time.

Previously, I proposed that security and economy are inextricably linked and that such a link has the potential to increase both national and personal prosperity. If you are a student of history, I do not believe you will have any difficulty accepting this hypothesis, particularly when you put aside any consideration of cultural and societal issues or constructs.

A sovereign entity can potentially achieve national prosperity through security and economy, but that construct may not be tenable over time. Therefore, how prosperity is achieved is where it gets tricky. Why? Because people see the world in different ways and people want to live their lives differently. Continue reading “Multilateral Cyber Interests Will Rarely Align”

US Legislators Wising Up About Cybersecurity?

Forgive the security lingo, but if legislators can speak vulnerabilities, two-factor auth, and hard-coded credentials, then it’s a big moment that should be acknowledged.

A recent article by Brian Krebs caught my attention: New Bill Seeks Basic IoT Security Standards. The bill “to improve the cybersecurity of Internet-connected devices” was authored by U.S. Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Ron Wyden (D-OR) and Steve Daines (R-MT) on August 1, 2017. This is so recent that a search on August 3 for the bill on GovTrack returned only the most generic of messages saying this bill was in the “first stages of of the legislative process” so in the meantime, the full text of the bill can be found on Scribd (posted by Senator Warner). Continue reading “US Legislators Wising Up About Cybersecurity?”

Before You Declare Your Enemy, Be Sure of Your Interests

Set aside all politics and details for a moment and begin with this premise: are my interests being met? If you take that as your starting point, the fog will begin to clear for you. Of course, reasonable people can have an informed debate over what “correct” interests are, but that is what we try to do in democracies. Interest is the overriding factor here.

In my previous article, I discussed the clash of systems we currently are in. Super quick recap: in one corner, we have the Westphalian nation-state system that’s been around since 1648 and is built on the principles of sovereignty, legal equality and a policy of non-interventionism; in the other corner, we have the Internet, which has no established sovereignty, is marred by legal blurring, and by virtue is interventionist and disruptive in nature.

Ultimately, what we have is a system clash where our original intent – free flow of information but with positive control of the Internet in our lives – has been flipped on its head, where the Internet effectively controls our lives. Continue reading “Before You Declare Your Enemy, Be Sure of Your Interests”

Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity

Certainly, information collaboration is a key component of any successful cybersecurity initiative effort, and the relationship between industry and government is no exception.

This past month cybersecurity legislation, called Promoting Good Cyber Hygiene Act of 2017, was introduced that would mandate the National Institute of Standards and Technology (NIST), the Federal Trade Commission (FTC), and the Department of Homeland Security (DHS) to establish baseline best practices for good cyber hygiene, authentication and cooperation.

Specifically the legislation states that the list of best practices established “shall be published in a clear and concise format and made available prominently on the public websites of the Federal Trade Commission and the Small Business Administration.” It also recommends including “other standard cybersecurity measures to achieve trusted security in the infrastructure.” Continue reading “Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity”

Time to streamline Congressional oversight of DHS

As DHS reauthorization is finally being addressed by Congress, the time is also opportune to consider the streamlining of Congressional oversight over the Department of Homeland Security. Efficient oversight will lead to better morale and more importantly, a better homeland security posture and capability.

The House Homeland Security Committee recently marked up a bill to reauthorize the Department of Homeland Security (DHS) for the first time since its conception in 2002. Chairman Mike McCaul, R-Texas, stated that the reauthorization bill makes “DHS more efficient by consolidating and eliminating unnecessary programs and offices.”

This is an excellent step in reforming the operational structure of DHS as a federal agency. Congress needs to also reform and streamline their own oversight roles over the agency. This outcome now a possibility, as McCaul announced last fall that he will work with his colleagues to reduce the number of committees with jurisdiction over DHS. Continue reading “Time to streamline Congressional oversight of DHS”

The Gamification Trend in Cybersecurity

Of course there is a real science to gamification and the many algorithms that create a scenario for the players. The values of lessons learned for the cybersecurity community in conducting such exercises can create working models that will pay dividends for everyone connected, improving competiveness for industry and better security overall.

For many years the defense and intelligence communities have relied upon a concept called gamification to test concepts, strategies, and potential outcomes in various scenarios via computer simulation. They have found that gamification heightens interest of the players involved and serves as a stimulus for creativity and interchange of ideas which is vital for keeping an edge. As computers have become faster and more capable and data gathering abilities have has exponentially grown, gamification has become a “go to” process for many involved in the security community. Continue reading “The Gamification Trend in Cybersecurity”

Meeting Growing Security Challenges

The more digitally interconnected we become in our work and personal lives, the more vulnerable we will become. Mitigating the cyber threats will grow as a priority and requires security awareness and that data be secure and reliable.

In 2017 we are facing a new and more sophisticated array of physical security and cybersecurity challenges that pose significant risk to people, places and commercial networks. The nefarious global threat actors are terrorists, criminals, hackers, organized crime, malicious individuals, and, in some cases, adversarial nation states. Everyone and anything is vulnerable, and addressing the threats requires incorporating a calculated security strategy.

According to Transparency Market Research, the global homeland security market is expected to grow a market size of $364.44 billion by 2020. A large part of the spending increase over the past year is directly related to cybersecurity in both the public and private sectors. Continue reading “Meeting Growing Security Challenges”

Fixing the Federal IT Mess Before it is Too Late

You would be amazed how lightbulbs go off over peoples’ heads when we say “think of cybersecurity like this: network security + information security = data security.” Cybersecurity suddenly seems less threatening.

Originally published on May 8th, 2017: Let us take a headcount of recent events: the attack on the Ukraine’s electric grid, a LinkedIn data dump as a result of a 2012 breach, the information warfare campaign surrounding the US Elections, a peculiar “Google Docs” app involved in a massive spear-phishing campaign, and most recently, another information warfare campaign aimed at the French Elections. Do not forget our ”good ole friends” – North Korea, Iran, and Syria, just to mention a few – are well into the cyber game and ready to pounce on the next database which has been left unguarded, unencrypted, and unprepared to thwart an attack.

As the disc jockey says, “and the hits keep on playing!” Continue reading “Fixing the Federal IT Mess Before it is Too Late”

Shared Responsibility in Cybersecurity

Sober strategic thought suggests that if you cannot immediately defeat and subdue an adversary through immediate and overwhelming strength, by using surprise, speed, and violence of action, your best course of action is to bleed your adversary, over time and through asymmetry, by attacking their strengths. In the case of the West, our strengths are two: the economy and our democratic institutions (the latter of which we will not discuss in depth in this piece, as we are primarily focusing on the private sector).

The safety of the Internet is at stake.  A relatively obvious comment, but one which is neither unfounded, nor wrapped up in the auto-hysteria, as so many cybersecurity conversations are today.  Why do we say this?  A simple reason really: because the Internet is no longer used as it was originally designed – a benign information-sharing tool, used primarily for knowledge and research, by a select group users.  Today, but also arguably for the last 15 or so years, the Internet is a “wild west” with more and more actors entering it every day.  Intent of these actors may be fairly obvious – we want to order something online and have it shipped to our door – or it may be shrouded in controversy and obfuscation, making attribution a seemingly impossible task.

Despite this environment, we still must go on about our daily lives, unless of course we are willing to change our daily lives, which would almost certainly result in a lower standard of living. Continue reading “Shared Responsibility in Cybersecurity”