A National Cybersecurity Action Plan is a Serious Priority

We cannot allow this slow economic bleed of our economy to continue. It slows down and even reverses living standards. We simply cannot invest billions into research and development and have it siphoned from us with a few clicks. There is no justifiable reason to let this happen anymore. Smart and competent people have been sounding the alarm bells for some time, but they need more voices to back them.

Expectedly, our cybersecurity issues are growing.  We say expectedly for a variety of factors including, but not limited to: size and scope of breaches, increasing costs that cannot be accurately estimated or predicted, a proliferation of technologies and abilities, and geopolitical tensions. Given current conditions, we do not see a particularly bright future if our current cybersecurity strategy remains more or less constant.

What is our current strategy? In short, it is the accumulation of a lot of expensive toys to hold together decaying infrastructure, along with a healthy dose of the putting aside or worse, ignoring, the basics. In short, we look to more technological solutions, but we avoid the single greatest problem: our decisions. The growing track record of failures demonstrates that this “technology-heavy” approach is not working.

The underlying problem with this strategy is that it is simply untenable unless there is some revolutionary technology that completely changes the landscape. And while we do think artificial intelligence and quantum computing will be game-changing, we do not necessarily believe they will solve all our problems. Poor handling and implementation of these two technologies may, in fact, accelerate our demise. Therefore, we cannot continue to throw what limited resources we have at supposed technological wizardry, fixes, and repairs when the root of our deepest problems are inherently insecure systems, poor maintenance, and social engineering. Continue reading “A National Cybersecurity Action Plan is a Serious Priority”

Science of Cybersecurity Interview with Chuck Brooks

Frank Abagnale, one of the world’s most respected authorities on the subjects of forgery, embezzlement, cybercrime, and secure documents succinctly states the troubling environment. “The police can’t protect consumers. People need to be more aware and educated about identity theft. You need to be a little bit wiser, a little bit smarter and there’s nothing wrong with being skeptical. We live in a time when if you make it easy for someone to steal from you, someone will.” There are many malicious actors out in the digital landscape and it will be increasingly important to stay ever vigilant.

Email interview held on 30th September 2017 – as follows between Alan Radley (questioner) and Chuck Brooks (relator):

  1. What are your thoughts on the current state of cybersecurity, both for organizations and for consumers?

The current state is a scary one. Constant breaches have demonstrated that as consumers we are becoming more and more dependent upon digital commerce. Our banking accounts, credit cards, and financial daily activities are interconnected. We are all increasingly vulnerable from hackers, phishers, and malware proliferating across all commercial verticals.

In the past year, the employment of ransomware has become a method of cyber-attack choice by hackers. This is because many networks (especially hospitals, utilities, universities, and small businesses) are comprised of different systems, devices and often lack required patching and updating necessary to thwart attacks. The recent Wannacry, and Petya attacks were certainly wake up calls to the disruptive implications of ransomware.  We can expect to see more such attacks because of the ease of infection and because the vulnerabilities to networks still remain. Continue reading “Science of Cybersecurity Interview with Chuck Brooks”

Here’s How to Make Patching Security Holes Easier For Everyone

We’re realists. That’s why we propose this interim solution: making patching and protecting all American devices easy, especially for the individual. If nothing else, it hopefully can stimulate a culture change in our cybersecurity behavior.

A lot has been said recently about patching and what role it plays in cybersecurity. A patch is just a small piece of software, made available to the consumer from the software company that “patches” a security flaw in the software. That’s all. But these patches, when installed, can save you a world of hurt.

Many of the worst breaches we have seen could have been avoided if patches were installed in a timely manner. Before we start getting flak that patching for an entire enterprise is not some “flick of the switch” easy procedure, we’re on your side. We agree with you. You need a system in place so you can roll out these patches on all devices within your enterprise. The biggest problem for enterprise-sized organizations is not so much installing the patches but managing the logistics behind patching an entire system. It’s more project management than anything, so you need to find what is right for you and your organization. Continue reading “Here’s How to Make Patching Security Holes Easier For Everyone”

Why we need a #Cybersecurity “Moon Shot” Now.

Cybersecurity must be conquered. The United States must do so to preserve peace and seek knowledge, and “it will be the greatest adventure in which man, let alone the United States, has ever engaged.” Let’s conquer cybersecurity today. And not just for ourselves. But for the generations to come.

I often wonder about the legacy that we would leave our children today if all were too suddenly end. Would they be proud of our accomplishments? Would we leave a lasting effect on mankind? Or would our children view our time as a wasted decade (or two)? Meaning we have so much and so many riches. Yet we find no bother in having someone (something/some nation-state) steal them willy-nilly without attribution or consequences? I wonder.

When I was growing up, I idolized these guys, the Mercury Seven astronauts. They represented the best of the best. Our heroes. The men who would make going to the Moon and walking on the moon not only possible, but they would get it done. Period. Failure was not an option. And they did not fail. Continue reading “Why we need a #Cybersecurity “Moon Shot” Now.”

Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks

The specifics of a security approach may vary according to circumstances, but the mesh that connects the elements is situational awareness combined with systematic abilities for critical communications in cases of emergency.

What are the new Cybersecurity Stakes – What are vulnerabilities and risks?

We live in world of algorithms; x’s and o’s. Our digital world is ripe for access and compromise by those who want do harm from just a laptop and server. A myriad of recent breaches have demonstrated that as consumers we are becoming more and more dependent upon digital commerce. Our banking accounts, credit cards, and financial daily activities are interconnected. We are all increasingly vulnerable from hackers, phishers, and malware proliferating across all commercial verticals.

In the past year, the employment of ransomware has become a method of cyber-attack choice by hackers. This is because many networks (especially hospitals, utilities, universities, and small businesses) are comprised of different systems, devices and often lack required patching and updating necessary to thwart attacks. The recent Wannacry, and Petya attacks were certainly wake up calls to the disruptive implications of ransomware. We can expect to see more such attacks because of the ease of infection and because the vulnerabilities to networks still remain. Continue reading “Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks”

Multilateral Cyber Interests Will Rarely Align

The human-technology cyber conflict cannot be solved, but instead is a fact not to be solved but to be coped with over time.

Previously, I proposed that security and economy are inextricably linked and that such a link has the potential to increase both national and personal prosperity. If you are a student of history, I do not believe you will have any difficulty accepting this hypothesis, particularly when you put aside any consideration of cultural and societal issues or constructs.

A sovereign entity can potentially achieve national prosperity through security and economy, but that construct may not be tenable over time. Therefore, how prosperity is achieved is where it gets tricky. Why? Because people see the world in different ways and people want to live their lives differently. Continue reading “Multilateral Cyber Interests Will Rarely Align”

US Legislators Wising Up About Cybersecurity?

Forgive the security lingo, but if legislators can speak vulnerabilities, two-factor auth, and hard-coded credentials, then it’s a big moment that should be acknowledged.

A recent article by Brian Krebs caught my attention: New Bill Seeks Basic IoT Security Standards. The bill “to improve the cybersecurity of Internet-connected devices” was authored by U.S. Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Ron Wyden (D-OR) and Steve Daines (R-MT) on August 1, 2017. This is so recent that a search on August 3 for the bill on GovTrack returned only the most generic of messages saying this bill was in the “first stages of of the legislative process” so in the meantime, the full text of the bill can be found on Scribd (posted by Senator Warner). Continue reading “US Legislators Wising Up About Cybersecurity?”

Before You Declare Your Enemy, Be Sure of Your Interests

Set aside all politics and details for a moment and begin with this premise: are my interests being met? If you take that as your starting point, the fog will begin to clear for you. Of course, reasonable people can have an informed debate over what “correct” interests are, but that is what we try to do in democracies. Interest is the overriding factor here.

In my previous article, I discussed the clash of systems we currently are in. Super quick recap: in one corner, we have the Westphalian nation-state system that’s been around since 1648 and is built on the principles of sovereignty, legal equality and a policy of non-interventionism; in the other corner, we have the Internet, which has no established sovereignty, is marred by legal blurring, and by virtue is interventionist and disruptive in nature.

Ultimately, what we have is a system clash where our original intent – free flow of information but with positive control of the Internet in our lives – has been flipped on its head, where the Internet effectively controls our lives. Continue reading “Before You Declare Your Enemy, Be Sure of Your Interests”

Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity

Certainly, information collaboration is a key component of any successful cybersecurity initiative effort, and the relationship between industry and government is no exception.

This past month cybersecurity legislation, called Promoting Good Cyber Hygiene Act of 2017, was introduced that would mandate the National Institute of Standards and Technology (NIST), the Federal Trade Commission (FTC), and the Department of Homeland Security (DHS) to establish baseline best practices for good cyber hygiene, authentication and cooperation.

Specifically the legislation states that the list of best practices established “shall be published in a clear and concise format and made available prominently on the public websites of the Federal Trade Commission and the Small Business Administration.” It also recommends including “other standard cybersecurity measures to achieve trusted security in the infrastructure.” Continue reading “Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity”

Time to streamline Congressional oversight of DHS

As DHS reauthorization is finally being addressed by Congress, the time is also opportune to consider the streamlining of Congressional oversight over the Department of Homeland Security. Efficient oversight will lead to better morale and more importantly, a better homeland security posture and capability.

The House Homeland Security Committee recently marked up a bill to reauthorize the Department of Homeland Security (DHS) for the first time since its conception in 2002. Chairman Mike McCaul, R-Texas, stated that the reauthorization bill makes “DHS more efficient by consolidating and eliminating unnecessary programs and offices.”

This is an excellent step in reforming the operational structure of DHS as a federal agency. Congress needs to also reform and streamline their own oversight roles over the agency. This outcome now a possibility, as McCaul announced last fall that he will work with his colleagues to reduce the number of committees with jurisdiction over DHS. Continue reading “Time to streamline Congressional oversight of DHS”