Has Information Gone Rogue?

Taking advantage of these feelings and sentiments are at the core of Psychological Warfare (PSYWAR) and Psychological Operations (PSYOPS) and in an era of liberalized information, traditional media sources need to be more responsible, otherwise they are only contributing to the problem. Yes, an open and free press is essential to the Western way of life; but an open and free press also has the responsibility to protect the Western way of life, not expose it to vulnerability.

So I am back because the second trailer of Rogue One was released a few days ago and because of that other cyber security related thing some of you may have heard of: #WikiLeaks.

I have been extremely reluctant to make any comments on the #Podesta e-mails; there has been plenty of commentary and punditry on the issue and how it will affect the campaign of #HillaryClinton, therefore one more opinion would not necessarily add to the body of knowledge. But, I do have this open question: why is anybody surprised a breach of this magnitude could occur?

Moving on, this article has a very different intent, namely: broad issues related to Information Warfare (IW) and Information Operations (IO). Continue reading “Has Information Gone Rogue?”

Emerging focus on cyberthreats to energy infrastructure

Much of our grid still relies on antiquated technologies, and more investment in defenses are needed. As technology exponentially advances and as threat actors (including cyber mercenaries) gain tools via the dark web, that number of potential state-sponsored adversaries could expand in the near future.

Last week, the Kentucky Office of Homeland Security hosted an exercise simulating attacks on the power grid and government computer networks. Participants included law enforcement, first responders, and private sector representatives engaged in health and security.

The exercise centered on how the state would react if hackers were able to take down Kentucky’s energy grid while simultaneously engaged in the exfiltration of information from government computer networks. The goal was to provide a gap model and develop best practices that can be utilized by other states and by the federal Department of Homeland Security (DHS). Continue reading “Emerging focus on cyberthreats to energy infrastructure”

Safeguarding Patients and Data In The Evolving Healthcare Cybersecurity Landscape

The reality is that hospitals are a logical hacker target for several reasons. They are susceptible to phishing attacks and insider threats because of the large data flows throughout various systems. They are many points of vulnerability for malware/ransomware extortion because their systems are networked with multiple stations and devices. In addition, most workers in medical facilities are not trained in basic cybersecurity hygiene.

Healthcare cybersecurity is in a state of transformation. As medical care becomes more networked and interconnected via computers and devices, the digital landscape of health administrators, hospitals, and patients, has become increasingly vulnerable.

The cybersecurity healthcare landscape has many facets. These include the information security networks of medical facilities and hospitals, medical equipment and devices, and protection of the privacy of patients. Technologies, processes and people are the cornerstones of the healthcare cybersecurity transformation. Continue reading “Safeguarding Patients and Data In The Evolving Healthcare Cybersecurity Landscape”

Technology Foraging for Cybersecurity Solutions

In government, there is an extensive infrastructure of agencies geared toward facilitating technology foraging. For specifically enhancing cybersecurity capabilities, there are dedicated research and development efforts being conducted at (among other agencies) the Department of Homeland Security (DHS), the Department of Defense (DOD), the Department of Energy/National Labs (DOE), and in the Intelligence Community (IC).

Technology foraging, or searching for smart ideas and technologies, is a key element of research and development both in the public and private sectors. It serves as a basis for discoveries of new products, applications, and processes brought to the marketplace. There are many hidden treasures yet to be discovered, commercialized, licensed and integrated into technology solutions. Foraging can impact all innovations across the emerging technology spectrum, including in cybersecurity areas. Continue reading “Technology Foraging for Cybersecurity Solutions”

The Gender Gap in Cybersecurity Can, and Should Be, Closed

The challenge at hand, to ameliorate the shortage of cybersecurity professionals and close the gender gap, is to educate, train, and facilitate women to fill the pipeline for a qualified information security workforce.

There are huge, growing demands for a modern cybersecurity workforce in both the private and public sectors; there is also a significant shortage of skilled professionals. There is an especially wide gender gap in cybersecurity and in many technology jobs as well. But this is a gap that can, and should, be closed. Continue reading “The Gender Gap in Cybersecurity Can, and Should Be, Closed”

Grading Global Boards of Directors on Cybersecurity

Despite apparently being way ahead of their contemporaries in the E.U. countries surveyed, US and UK directors and executives clearly have work to do. One cybersecurity executive aptly noted: “Cyber security is ‘no longer a dark art but an everyday business practice that must pervade every level of the organization.’”

On April 1, 2016 NASDAQ, along with Tanium (a leading-edge cybersecurity consultant), released a detailed survey of nonexecutive (independent) directors and C-suite executives in multiple countries (e.g., the US, UK, Japan, Germany, Denmark, and the Nordic countries) concerning cybersecurity accountability. [1] NASDAQ and Tanium wished to obtain answers to three basic questions: (1) how these executives assessed their company’s vulnerabilities to cybersecurity threat vectors; (2) how they evaluated their company’s readiness to address these vulnerabilities; and (3) who within the company was held “accountable” for addressing these cybersecurity vulnerabilities. Continue reading “Grading Global Boards of Directors on Cybersecurity”

The Nature of Cybersecurity Strategies for Unprecedented Cyber Attacks

Just as the United States is vulnerable, so too are businesses within the United States and around the world. Just as the computer is increasingly becoming the weapon of choice for warfare, so too has it in business warfare.

What is foreseeable is that cyber attacks often are not. A few years ago the Sony Pictures Entertainment (SPE) hack turned on its head the business world that was already trying to come to grips with the Target, Home Depot, Neiman Marcus, and many other data breaches.

There was one thing about the SPE breach that really had the cybersecurity community in quite a buzz. An internal email from SPE’s cybersecurity investigators was made public and some were taking it as saying “It’s ok, it could have happened to anybody and there was nothing Sony could have done to stop it. It’s not Sony’s fault.”

That inference came from statements in the email that referred to the attack as being unique and unprecedented with the malware being undetectable by industry standard antivirus software.

The kerfuffle that ensued brings to mind the bigger picture of cybersecurity. Things such as what I have been preaching about cybersecurity. What others have been preaching about cybersecurity. More directly, what our respective roles are when it comes to cybersecurity and where and how (or whether) we really provide value to our clients. Continue reading “The Nature of Cybersecurity Strategies for Unprecedented Cyber Attacks”

Navigating the Cybersecurity Storm in 2016

“Our nation is being challenged as never before to defend its interests and values in cyberspace. Adversaries increasingly seek to magnify their impact and extend their reach through cyber exploitation, disruption and destruction.”

—Admiral Mike Rogers, Head of US Cyber Command September 9, 2015

A very recent article in the UK publication The Guardian, entitled “Stuxnet-style code signing of malware becomes darknet cottage industry,” [1] raises the specter of bad actors purchasing digital code signatures, enabling their malicious code to be viewed as “trusted” by most operating systems and computers. Two recent high profile hacks utilized false or stolen signatures: Stuxnet, the code used to sabotage the Iranian nuclear program, allegedly jointly developed by America and Israel, and the Sony hack which was allegedly perpetrated by the government of North Korea. Both of these instances involve sovereign states, with effectively unlimited resources. Continue reading “Navigating the Cybersecurity Storm in 2016”