The Principles of a Safe Secure & Intelligent (S2I) Communications System

And that’s it. That is the entire basis for developing these principles, the rules of the road, these guiding lights, so that we can protect these systems we so dearly rely on.

What is a principle? The “know all” (aka, Google) tells us a principle is: “a fundamental truth or proposition that serves as the foundation for a system of belief or behavior or for a chain of reasoning.”

What is a communication system? The other “know all” (aka, Wikipedia) tells us a communication system is: “In telecommunication, a communications system is a collection of individual communications networks, transmission systems, relay stations, tributary stations, and data terminal equipment usually capable of interconnection and interoperation to form an integrated whole.” Continue reading “The Principles of a Safe Secure & Intelligent (S2I) Communications System”

What Can We Learn From the World Economic Forum’s Cyber Resilience Playbook

While it may be tempting to dismiss this document as a directive aimed solely at politicians and policymakers, the playbook lays out very real risks that organizations around the world must face when dealing with their own cyber resilience capabilities.

When the World Economic Forum (WEF) released its “Global Risks Report 2018,” in January, it also issued a new report titled “Cyber Resilience: Playbook for Public-Private Collaboration,” which aims to improve the way governments and policymakers around the world make decisions about cybersecurity. Since, as the report noted, the first line of defense is rarely the government, this framework is designed to promote collaboration both within our own borders and across the globe.

To create the framework, the WEF, in collaboration with the Boston Consulting Group, asked its experts to create an initial list of values that policymakers would need to weigh when choosing between various cyber policies. The 30 options were eventually distilled down to five key values that are central to any choice regarding cybersecurity policy: security, privacy, economic value, fairness and accountability. The remaining 25 options can be mapped to one of these five key values. Continue reading at SecurityIntelligence.com

The Freedom to Communicate

The Internet has allowed speech to move freely. It is the railroad system of the 1800s and nobody should ever be denied entry onto a rail car for discriminatory reasons, especially when those reasons can serve as proxy to deny somebody their constitutional rights. And because the Internet rests on the use of radio spectrum, a federally-regulated property, nothing should prohibit the free exercise or abridging of the freedom to communicate.

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

– The First Amendment of the United States Constitution

Think back to a time where there was no social media, no mass media, and no printing press. How was a message passed? Two ways: through oral conversation or the laborious task of duplicating messages by hand.

These two conditions meant that your message didn’t really go far, but then again, neither did you. Most of your business was decided in your community and you had little fear of far off places impacting your life.

Fast forward to today. The technological leaps we have made allow us to replicate the message faster, spread the message faster, and reach a wider audience. I hit “publish” and this article is theoretically accessible to over 3 billion people by the first degree.

Generally speaking, these advances have worked out well for us. Think free societies, scientific innovation, friendships and bonds. Continue reading “The Freedom to Communicate”

Highlights From the World Economic Forum’s ‘Global Risks Report 2018’

This year, cyberthreats figure prominently along the various global risks found in our increasingly complex and interconnected world. It makes it a perfect New Year’s gift for chief information security officers (CISOs) to share with their business leaders as a way to examine common concerns and build trust through stronger communication and engagement on a topic that is critical to the survival of organizations around the world.

First came the New Year’s Eve parties, followed by New Year’s resolutions and, finally, the annual meeting of global elites at the World Economic Forum (WEF) in Davos, Switzerland, on January 23–26. Just ahead of the event, the WEF released its “Global Risks Report 2018,” a compendium of data points and analysis about the state of economic health around the world.

The report, partly based on a survey of about 1,000 of its members conducted during the second half of 2017, covers all major categories of risk, including economic, environmental, geopolitical, societal and technological. The top four concerns include recurring themes, such as inequality and unfairness, political tensions within and between countries, the environment, and cyber vulnerabilities. It is across this spectrum of global risks that the report warns of “the increased dangers of systemic breakdown,” due in part to our increasing dependence on technology. Continue reading at SecurityIntelligence.com

Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies

It is important for all companies — especially small and midsize companies — to have a basic understanding of what the FTC considers to be reasonable cybersecurity. The FTC is known for being one of the more aggressive regulators that are investigating and enforcing (what it views as) inadequate cybersecurity by companies doing business in the United States.

In the watershed case solidifying the FTC’s authority to regulate companies’ cybersecurity under the FTC Act, F.T.C. v. Wyndham Worldwide Corp.,  the U.S. Third Circuit Court of Appeals looked to resources published on the FTC’s website and found that Wyndham’s cybersecurity was very rudimentary and contravened recommendations in the FTC’s 2007 guidebook, Protecting Personal Information: A Guide for Businesses.

The FTC recently published a couple of helpful resources on its website and companies of all sizes would be well-served to spend some time reviewing the recommendations in these resources:

Local LinkedIn pick as cybersecurity guru talks trends

I think government is traditionally been way behind on procurement issues and recently, enactment of legislation for modernization has taken place. They’re trying to replace a lot of legacy systems.

Our guest today was recently named by LinkedIn as one of the top five people to follow in cybersecurity issues among their 500 million members. He was also just selected as LinkedIn to be an advisor on cybersecurity and emerging technology issues, and we’re lucky enough to have him here in the studio– Chuck Brooks of Chuck Brooks Consulting. Chuck, thanks for joining us. Continue reading “Local LinkedIn pick as cybersecurity guru talks trends”

Emerging Technologies and the Cyber Threat Landscape

Nothing is completely un-hackable, but there is a myriad of emerging technologies that can help us navigate the increasingly malicious cyber threat landscape.

Cybersecurity is at a tipping point, the sheer volume of breaches, attacks, and threats has become overwhelming.  Juniper Research, suggests that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019. About 1.9 billion data records got exposed in the 918 data breaches that occurred in the first half of 2017—up 164 percent from the last half of 2016. According to a recent AT&T Cybersecurity Insights report, some 80 percent of the IT and security executives surveyed said their organizations came under attack during the previous 12 months.

This rising threat trend, coupled with the rapid growth of sophistication in malware, ransomware, DDoS, and social engineering attacks has created a conundrum. How do we protect ourselves in an increasingly connected world? Continue reading “Emerging Technologies and the Cyber Threat Landscape”

An Eye on GDPR

Think Equifax. Think Uber. Now think about how to notify those tens and hundreds of millions within 72 hours. That is the sort of headache you are going to have to deal with.

There is a lot of talk about the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679).  And rightly so, because it will impact a great many organizations, many of which reside in the U.S.  Set to come fully into effect May 25, 2018, the GDPR has understandably caused a lot of headaches because it is wide-sweeping and costly regulation, especially if you are in violation.

Clearly, the first question to ask is if the GDPR applies to you. If it doesn’t, you are in the clear (but that is not an excuse to relax your data protection measures).  If it does, well, you have work to do if you haven’t been on top of your GDPR compliance. This is especially true if you are a big organization, are not based in the EU, and have a lot of EU customers and clients. Continue reading “An Eye on GDPR”

60 Cybersecurity Predictions For 2018

And one from the #CyberAvengers all on Forbes

Attacks on the US government and critical infrastructure

A nation-state sponsored group will commence a 5-day long DDoS attack against a critical US government (non-DoD) agency, shutting it down in order to show their strength—The Cyber Avengers

Read the entire list on Forbes

A National Cybersecurity Action Plan is a Serious Priority

We cannot allow this slow economic bleed of our economy to continue. It slows down and even reverses living standards. We simply cannot invest billions into research and development and have it siphoned from us with a few clicks. There is no justifiable reason to let this happen anymore. Smart and competent people have been sounding the alarm bells for some time, but they need more voices to back them.

Expectedly, our cybersecurity issues are growing.  We say expectedly for a variety of factors including, but not limited to: size and scope of breaches, increasing costs that cannot be accurately estimated or predicted, a proliferation of technologies and abilities, and geopolitical tensions. Given current conditions, we do not see a particularly bright future if our current cybersecurity strategy remains more or less constant.

What is our current strategy? In short, it is the accumulation of a lot of expensive toys to hold together decaying infrastructure, along with a healthy dose of the putting aside or worse, ignoring, the basics. In short, we look to more technological solutions, but we avoid the single greatest problem: our decisions. The growing track record of failures demonstrates that this “technology-heavy” approach is not working.

The underlying problem with this strategy is that it is simply untenable unless there is some revolutionary technology that completely changes the landscape. And while we do think artificial intelligence and quantum computing will be game-changing, we do not necessarily believe they will solve all our problems. Poor handling and implementation of these two technologies may, in fact, accelerate our demise. Therefore, we cannot continue to throw what limited resources we have at supposed technological wizardry, fixes, and repairs when the root of our deepest problems are inherently insecure systems, poor maintenance, and social engineering. Continue reading “A National Cybersecurity Action Plan is a Serious Priority”