Before You Declare Your Enemy, Be Sure of Your Interests

Set aside all politics and details for a moment and begin with this premise: are my interests being met? If you take that as your starting point, the fog will begin to clear for you. Of course, reasonable people can have an informed debate over what “correct” interests are, but that is what we try to do in democracies. Interest is the overriding factor here.

In my previous article, I discussed the clash of systems we currently are in. Super quick recap: in one corner, we have the Westphalian nation-state system that’s been around since 1648 and is built on the principles of sovereignty, legal equality and a policy of non-interventionism; in the other corner, we have the Internet, which has no established sovereignty, is marred by legal blurring, and by virtue is interventionist and disruptive in nature.

Ultimately, what we have is a system clash where our original intent – free flow of information but with positive control of the Internet in our lives – has been flipped on its head, where the Internet effectively controls our lives. Continue reading “Before You Declare Your Enemy, Be Sure of Your Interests”

Today’s Cybersecurity Challenges Started in 1648

Instead of positive control, we have a system that completely controls how we conduct ourselves.

Understandably, a few eyebrows raise up when I suggest today’s cybersecurity challenges started nearly 370 years ago, some 300 years before the invention of ENIAC (the world’s first digital computer). But I stand by this observation because of the unintended clash of two systems: the nation-state and the Internet.

Many of the institutions, social constructs and domains we have accepted as norms came out of the Peace of Westphalia, a series of treaties to end the 30 Years War. No, the problems do not stem from the fact that many of us wish to throw our devices out the window when things go wrong or we find ourselves in disagreement with technology. (Though defenestration does sometimes feel like a natural response to many of our cybersecurity problems.) Continue reading “Today’s Cybersecurity Challenges Started in 1648”

Make Yourself a “Goes Nowhere” Project for Adversaries

Would you invest time and treasure in a “goes nowhere” project? Probably not. You have better things to do. Therefore, take steps – like encryption, tokenization, and data masking – to make your data so meaningless to an adversary that they will consider you a “goes nowhere” project.

Before we jump in, we need to make clear the following: no single solution will ever offer complete and total security. In fact, even multiple solutions designed to provide overlapping layers of security to your crown jewels will not provide “complete and total” security. But what any reasonably implemented solution should do is the following: slow down your adversary by making their job difficult and eventually forcing them to move on to a more easily accessible target (or, more colloquially, go for the low hanging fruit).

Although this fact should be relatively obvious, both of us still experience – more often than we would like to admit – “experts” professing they can provide “total security” because they have the latest and greatest technology. As we indicated in our previous article (making sense of big data), big numbers are, in fact, hard to make sense of by mere mortals like us. In the same fashion, humans are really bad at understanding probabilities (for those who seek greater understanding of the topic, Nassim Nicholas Taleb, author of The Black Swan and Fooled by Randomness, explains the subject well). “Low” probability is in fact quite different from “zero” probability, but we often make the mistake of equating the two (and such a mistake could be perilous). Continue reading “Make Yourself a “Goes Nowhere” Project for Adversaries”

What If “Cyber” Is The Wrong Word?

The word “cyber” means different things to different people. In virtually every training session I put on, one of my first actions is to go around the room and ask people what “cyber” means to them. If I am lucky, perhaps two or three people will have a similar answer, but in most cases, the definitions vary, even when people share similar job titles and roles.

Often, how you characterize a problem will determine your plan of attack to solve the problem. To illustrate, I often use this example with both clients and friends.

If I were to ask you: “How long can you and your business survive without your computer?” your answer would likely be something along the lines of “I need my computer to do everything!” While I suspect this is most likely true, such a response does very little for your resilience. Should such a case ever arise in your life, you would be left scrambling to find some sort of solution to keep your business operations going.

But what if I were to ask you: “You don’t have your computer for three days, a week, or even two weeks…what do you do?”  By asking the question in this manner, you are undoubtedly forced to look at the problem in a very different way. In fact, you have to look at the problem in a very different way because your survival depends on it. Continue reading “What If “Cyber” Is The Wrong Word?”

Has Information Gone Rogue?

Taking advantage of these feelings and sentiments are at the core of Psychological Warfare (PSYWAR) and Psychological Operations (PSYOPS) and in an era of liberalized information, traditional media sources need to be more responsible, otherwise they are only contributing to the problem. Yes, an open and free press is essential to the Western way of life; but an open and free press also has the responsibility to protect the Western way of life, not expose it to vulnerability.

So I am back because the second trailer of Rogue One was released a few days ago and because of that other cyber security related thing some of you may have heard of: #WikiLeaks.

I have been extremely reluctant to make any comments on the #Podesta e-mails; there has been plenty of commentary and punditry on the issue and how it will affect the campaign of #HillaryClinton, therefore one more opinion would not necessarily add to the body of knowledge. But, I do have this open question: why is anybody surprised a breach of this magnitude could occur?

Moving on, this article has a very different intent, namely: broad issues related to Information Warfare (IW) and Information Operations (IO). Continue reading “Has Information Gone Rogue?”