Cyber Warfare Infrastructure

Posted on May 17, 2013 by admin

Cyber – The fifth domain of conflict. During a recent presentation by a Senior Fellow of the Technolytics Institute it was noted that “in the four traditional domains of conflict there are well established redlines and thresholds which are totally absent in the cyber domain.”

Any successful plan to mitigate cyber attacks against the United States must include integration of cyber into these traditional domains. In order to do this a non linear approach must be pursued. Today’s cyber weapons are inexpensive, easy to access and deploy and can now have a global reach. Recently, The Department of Homeland Security issued a warning to U.S. critical infrastructure operators of the increasing threat from hackers intent on industrial sabotage.

Rear Admiral Michael Hewitt noted that, “Cyberspace can be an enabler but there’s [other] non-kinetic ways to disadvantage the enemy in cyberspace that don’t require a cyber activity; [electronic warfare] capability, and other things like that.”  So now that the government is looking at ways to integrate cyber-weapons into their arsenals the issue of how and when to use them must be added to the decision chain. This will take some time to train the leadership to catch up with the technology and how to handle this new digital domain resource for the battlefield.

Notables:

  • The U.S. Air Force has recently designated six cyber tools as weapons
  • Other countries around the world are establishing their own Cyber Warfare Infrastructure programs
  • The Intelligence Organizations need to be part of the equation
  • What role will cyber law play in the changing landscape for cyber warfare and the cyber weapons used to prosecute a war effect?

To round this out keep in mind that our National Security Agency has been engaging in cyber warfare for more than a decade with the goal of impacting information infrastructures which are primarily computer controlled, operated by the commercial-civilian sector, and usually unprotected, and the primary infrastructure upon which opposing military forces almost totally depend.

Are You CyberReady? ®

This blog helps with real world insights on the cyber threat domain.

 

Posted in CyberAttacks, CyberSecurity, CyberThreats, Espionage, Military, News | Leave a comment

MACH37 Cyber Accelerator

Posted on May 10, 2013 by admin

Virginia Governor, Bob McDonnell announced the creation of MACH37™, a planned premier market-centric cyber security accelerator to be located at the Center for Innovative Technology. Initially funded by the Commonwealth of Virginia, the accelerator will leverage private investments to launch new, high growth cyber technology companies in Virginia.

The phenomenon of accelerator programs which; fund, mentor, and guide entrepreneurs toward investors also provide a baseline for how to get your concept off the ground.  However, don’t expect cyber accelerator programs to have all the answers. There is a great deal of work that the start-up must continue to control and initiate. Having experienced my own start-up, trying to decipher all the advice and guidance though well-intentioned, can be daunting. A key is to listen carefully, do your due diligence and document everything so you have a place to go back and validate experiences and ideas. It is a great deal of work and you WILL make mistakes. But having a team of experienced leaders at your fingertips is so important to the ultimate success of your business concept.

What I like about the MACH37 cyber accelerator program is that a decent number of early stage companies are going to get some great advice, mentoring, a little bit of money and access to some fantastic networking - to include investors. Silicon Valley has been the leader in the accelerator programs and it is good to see an East Coast venture put in place. Way to go Virginia!

Are You CyberReady? ®

This blog helps with real world insights on the cyber threat domain.

Posted in CyberSecurity, News, Uncategorized | Leave a comment

Cybersecurity Training Using 18th Century Learning Model

Posted on May 2, 2013 by admin

Talking cybersecurity training here. I cannot tell you how many times I’ve sat in front of training managers or training buyers who pronounce their training programs a success. These folks tell me, and I want to believe them, that their instructor-led classes or monthly PowerPoint presentations and annual compliance programs really make a difference. Then I ask the question. How are you measuring the success and can they actually do the work? A brief pause – the blank stare. Where are the metrics?

Cyber time is different. Cyber threats come at us so fast and change dynamically that we have to be vigilant in our learning. The old school model which is focused on mass throughput at the expense of specific performance-based outcomes is producing many paper tigers. These programs offer training that is static, linear and outdated. This approach of one-to-many (subject-matter-expert to student) in an effort to lecture by rote doesn’t cut it anymore. Even good hands-on activities though important are rendered mute if you cannot score the activity against the actual job role and it’s required competences.

The cybersecurity training marketplace offers us an 18th century learning model for a 21st century problem.  Learners need something more dynamic and relevant and they want it on demand. A paradigm shift is required.

What is needed is a capability assessment of the baseline skills necessary for a cybersecurity professional;  followed by rigorous learning that produces knowledge, skills and abilities, through repetitive, continuous, relevant and validated learning to keep them cyber ready.

Are You CyberReady? ®

This blog helps with real world insights on the cyber threat domain.

 

Posted in CyberSecurity, Uncategorized | Leave a comment

How Vulnerable is Your Infrastructure?

Posted on April 16, 2013 by admin

Mitigating acts of cyber terrorism is a critical aspect of modern day emergency response and critical infrastructure protection. There is a heightened concern over the possibility that the US and other major industrial nations are at risk due to vulnerabilities in a class of devices known in the engineering and manufacturing world as SCADA.  SCADA devices control the invisible, but necessary, infrastructure of commercial enterprises from air conditioning systems to electrical grids and factory automation equipment.
The problem lies largely with the fact that many of these devices were designed to be embedded in equipment that was largely standalone and controlled using out-of-band management with laptops or directly connected terminal to configure device specific capabilities.  The move to network all aspects of the corporate enterprise gradually began to include these devices, which are often custom controllers programmed to provide specific functions that support a business need. Critical Infrastructure including power plants, manufacturing facilities, hospitals and energy sectors provide a rich target for bad actors.

Recently, Trend Micro built two honey-pot based architectures as decoys. Kyle Wilhoit, a researcher with Trend Micro who led the experiment, found that most attacks on ICS/SCADA systems appeared to come from China (35 percent), followed by the U.S. (19 percent) and Laos (12 percent). The attackers made extensive efforts to alter the system configurations so as to change the water pressure and disrupt the system. Had the ICS/SCADA systems been real the attacks would have been successful and compromised the system.

Identify all connections to SCADA networks. Since the SCADA network is only as secure as its weakest connecting point, it is essential to implement firewalls, intrusion detection systems (IDSs), and other appropriate security measures at each point of entry. Disconnect unnecessary connections and consider that any connection to another network introduces security risks, particularly if the connection creates a pathway from or to the Internet.

Are You CyberReady? ®

This blog helps with real world insights on the cyber threat domain.

Posted in CyberAttacks, CyberSecurity, CyberThreats, Terrorism, Uncategorized | Leave a comment

Cybersecurity Training via Environment Virtualization

Posted on April 5, 2013 by admin

In a recent interview on the topic of cyber-crime prevention with SC Magazine, a CISO mentioned that most companies need to rethink how they are protecting their own networks. He said it is best to think of it at the social policy level and attempt to make the overall ecosystem safer.  Most companies simply implement more defensive technology when they really should be looking at other methods which will address cyber-crime prevention.

One area that is gaining interest is Software Defined Networking (SDN). This technology is used to virtualize networks. My company is taking it a step further through a solution which solves the problem of reproducible, on-demand networks, including machines for cyber training and exercises using a technique referred to as Environment Virtualization.  We help our customers virtualize their network topography so their cyber practitioners can investigate and defend against live attacks that cannot be deployed on production networks. This technique allows them to deliver cloud-based, team-oriented, cyber security training activities of interest at the job role which delivers hands-on skills development. The net benefit to the organization is to reduce the infrastructure costs, manpower commitment, and configuration time typically associated with building or accessing operationally relevant cybersecurity exercise environments.

In today’s world of strained budgets organizations are looking for innovative and cost-efficient ways to train and validate their cybersecurity professionals. Our solution CyberFire™ does just that. We will be showcasing this patented technology at the Mid-Atlantic Collegiate Cyber Defense Competition next week. More at www.maccdc.org

Are You CyberReady? ®

This blog helps with real world insights on the cyber threat domain.

Posted in CyberAttacks, CyberSecurity, CyberThreats, News, Uncategorized | Tagged , , , | Leave a comment

Digital Currency and Terrorism

Posted on March 22, 2013 by admin

Many are not aware that a quiet revolution is occurring with currency – digital currencies. The traditional state backed and politically driven currency markets are now facing a challenge by a non-politically driven form of e currency. For example Bitcoin has emerged as a new format challenging most existing currency systems because they have little or no regulatory oversight. The funds are not backed by anything and operated as a peer-to-peer decentralized digital currency. No intermediate financial institution involvement. Now you have Linden coins, Amazon coins, MintChip and more to come. So what implication will this have for terrorist financing?

In a post 911 world the nexus of all terrorist activities is financing. They need the funds to make the projects flow. With the increase of financial regulation, correspondent banking laws and the intense need by nations to fill their coffers with tax revenue; greater emphasis is focused on the tracing, tracking and ultimately the seizure and asset forfeiture needed to thwart terrorist activities.

Interesting facts:

  • According to Greenberg, Roth and Wille as of 2010 Al Qaeda financing needed approximately $30 million to sustain annual foundational operations.
  • Digital currencies enable transnational organized crime organizations to transact out of sight of current counter-terrorist financing networks. Hard to trace transactions.
  • The FBI has noted that illicit acts against the Bitcoin system through mining offers a considerable threat for individuals to generate, transfer, launder, and steal illicit funds with some anonymity.

Governments have started the process of placing more time and resource to alternative digital currencies. The need to develop new ways to trace transactions that fall outside traditional financial structures should be a high priority. One area that needs immediate attention is a review of existing counter-terrorist legislation that covers digital currency. Cut-off the funds to terrorists cells and we instantly starve the threat down significantly.

Are You CyberReady? ®

This blog helps with real world insights on the cyber threat domain.

Posted in CyberAttacks, CyberSecurity, CyberThreats, Espionage, Terrorism, Uncategorized | Leave a comment

Money – Key Nexus to The Success of All Transnational Crime

Posted on March 15, 2013 by admin

As cyber terrorism, transnational crime and associated threats continue to escalate, the fate of U.S. national cyber posture will hinge on our ability to prepare individuals and organizations to investigate, analyze, assure and secure our increasingly vulnerable technology. Part of the process to ensure our intellectual property, critical infrastructure and network systems are secure depends on our ability to identify the various components of transnational crime networks and organizations by locating and tracing their financial activities, money and assets. Money is the one key nexus to the success of all transnational crime, terrorism and armed conflict. As such the laundering, or making dirty money legitimate, is the one necessary component that all transnational crime organizations must have to successfully and covertly finance their operations.

In the post 911 world, many transnational organizations have lost their ability to utilize the traditional banking system. This, however, has not stopped them from finding unique and innovative means of financing themselves. The Internet provides an inexpensive, real or perceived anonymous, geographically unbounded, communication environment that is largely unregulated. The illegal financing and laundering of funds and assets for transnational crime and terrorists organizations as well as nation states leads to corruption and the destabilization of economies.

As a result U.S. intelligence agencies are hatching a plan to track down terrorist networks and crime syndicates by analyzing raw financial data at greater depths helping them look for patterns that could reveal attack plots or criminal schemes. The plan, legal under U.S. law, will most likely trigger intense criticism from privacy advocates.

Are You CyberReady? ®

This blog helps with real world insights on the cyber threat domain.

Posted in CyberAttacks, CyberThreats, Espionage, Military, News, Terrorism, Uncategorized | Leave a comment

Mobile Device Security

Posted on March 12, 2013 by admin

Mobile device security has now become increasingly important given the access migration of operational information and personal information from the PC to these advanced handheld devices. The next generation of device will use anti-virus, firewall and other traditional security measures in addition to requiring a much higher degree of security engrained throughout the design given the data driven applications.

Interoperability will be key especially as these devices move toward convergence of communicating devices and services. A positive example came in 2012 when a West Coast police department used a software-based system that provides its officers with military-grade secure communications though their mobile devices. The system enabled federal, state and local law enforcement organizations to communicate and coordinate operations.

The enterprise has a myriad of options like mobile apps, mobile email and mobile content to consider. A key is to support all the use cases and requirements while ensuring  the appropriate level of management and security required for different use cases in the enterprise: personally owned devices, corporate owned devices, actively managed and unmanaged devices. Have a plan and execute it.

Are You CyberReady? ®

This blog helps with real world insights on the cyber threat domain.

Posted in CyberAttacks, CyberSecurity, Espionage, Military, Uncategorized | Leave a comment

Proactive Cyber-Defense

Posted on February 22, 2013 by admin

As a nation, we are in a transition period from a reactive cyber-posture to the use of proactive/preemptive cyber-defense.  A recent media warning and projection that we will soon experience a cyber-attack that results in the loss of life prompted more visibility by government to address a plan. Multiple reports that the United States is currently considering or planning cyber-strikes in light of the recent cyber-attacks on our nation’s critical infrastructure is receiving a great deal of attention. A key component of such planning is the cyber-intelligence requirements needed to support this transition.

So what constitutes a proactive/preemptive cyber defense?  Is it all actions and measures taken in advance of an identified cyber-threat targeting systems, devices, networks or infrastructure that is backed by a high degree of confidence in credible threat intelligence?   And can we go one step further and say, it constitutes actions taken in anticipation of such threats that mitigate the risks or disrupt the attack itself?  Keep in mind that proactive or preemptive actions are not limited to cyber attacks.  They could include kinetic responses as well.

There is little doubt that modern warfare now includes the use of cyber weapons.  Some go as far to say that there is very little chance that any future conflicts will not have some cyber component to it.  If that is indeed the case proactive/preemptive defensive actions will undoubtedly include kinetic and digital weaponry and play an increasingly important role in the security of all nations.  Given that construct, the next few months should be very interesting given the increased tensions in the cyber domain.

Are You CyberReady? ®

This blog helps with real world insights on the cyber threat domain.

Posted in CyberAttacks, CyberSecurity, CyberThreats, Military, Terrorism, Uncategorized | Leave a comment

The Partner Ecosystem – a Rich Target

Posted on February 7, 2013 by admin

Srinivas Kumar stated, “Cyber-attacks do not happen, they are caused.” Cyber companies really don’t need to advertise because you can read about cyber-attacks every day in the newspaper or on the web. Cyber is everywhere and the pace of the scary stories is increasing. One area that has become fertile ground is the partner ecosystem. Large companies usually have more money dedicated to technology and security protections while many of their supply chain partners tend to be a line of smaller to mid-size companies. These SMBs usually have less resource to invest and defend themselves from steely bad actors.

An emerging trend by cyber-criminals is to skip the big guys and focus on the partner ecosystem in order to ultimately slink their way back into the larger corporate networks.

Target information:

  • Symantec noted that 50% of targeted attacks in 2011 were on companies of 2500 employees or less and 18% on companies of 250 employees or less.
  • Targeting CEOs and senior staff account for the majority of attacks however; a notable shift has started toward targeting HR, Sales, Executive Assistants and shared mailboxes.
  • And don’t forget the insider threat, both unintentional and intentional.

Third party providers contribute to the cyber partner ecosystem and add to its attack surface. Understand the risk your supply chain adds to your exposure and build the cyber posture needed to reduce your risk profile.

Are You CyberReady? ®

This blog helps with real world insights on the cyber threat domain.

 

 

Posted in CyberAttacks, CyberSecurity, CyberThreats, Espionage, News, Uncategorized | Leave a comment