CyberFire™ Technical Paper
Era of Virtualizing Everything
CyberFire™ is the only on demand platform for realistic cyber experiences. CyberFire™ uses environment virtualization to combine three technologies in order to achieve virtualized network operational realism: 1) software defined networking, 2) machine provisioning (servers/hosts); and 3) behavioral virtualization. The net effect is a virtualized environment that can be spun up on demand to mimic real-world networks and hypothetical networks based on training objectives and scenario needs.
Stealing Our Future
Intellectual property is the currency of today’s economy – a knowledge economy. A just released report by PandaLabs stated that nearly a third of all computers they had scanned globally in 2012 were infected with some type of malicious software. It is unclear how many of those infections were designed to steal IP. As such the continuous discovery of IP theft via cyber espionage has risen to the executive level inside the private sector and awakened the executive branch of our government. Some have put the global cost of IP theft at $1 trillion.
Blurring Cyber Borders with Private Sector
The lines between the government, military and private sector that are associated with cyber conflict are extremely blurry.
An official in the federal government recently noted, "government and private sector representatives working together to tackle cybersecurity is no longer a nice-to-have, but a necessity." There is a sense of urgency for government, our military, intelligence organizations and private businesses to collaborate and address the challenges of offensive and defensive cybersecurity policy.
Gamification | Agent Surefire and the Mavi Engine.
Over 70% of cybersecurity breaches occur due to the 'insider threat' or human factor. Organizations are no longer able to simply ignore that their employees represent the key to reducing the human error factor and improving general organizational cyber hygiene. Gamification, applying the mechanics of gaming to nongame activities to change people’s behavior is an important and powerful new strategy for influencing and motivating groups of people. Read more about how Agent Surefire 'Insider Threat' and the Mavi Engine are introducing - game-changing behavior.
Modern Vehicle Systems | Cyber Targets?
The cyber attack surface of modern vehicles is huge. A relatively new development makes vehicles a more attractive cyber target. In case you missed it in the news, during the last week of September, California passed a law making driverless cars legal on their highways. They are the third state to do so, following Nevada and Florida. So how big is the market for driverless cars?
Market research and analysis firms have turned their attention to what they believe is going to be the start of a very lucrative market in 2012. The market is Cyber Warfare in the Defense Industry and much speculation has been bantered about over the size of this rapidly expanding market. One market research firm forecasts a six percent growth in overall spending in cyber securing for the next year.
Mobile data has become the focus of information thieves and a concern of cyber security professionals protecting the information assets of corporations, research organizations and government entities. Their concerns are well founded considering the dramatic growth we have seen and continue to see in mobile data. Mobile data traffic doubled in a year measured between Q3 2010 and Q3 2011. Driving the concerns is the fact that the theft of smartphones and tablets accounts for roughly 40 percent of all theft-related crimes in major metropolitan areas!
Minimizing Attack Surfaces
In cyberspace the attack surface is the part of the system that is accessible to unauthenticated users (4). That includes mechanisms from application interfaces to generic operating system services (8). The boundaries of the attack surface can encompass any input, operation, or service request that can be performed from the system interface (4). Specifically, an attack surface is vulnerable if there are no “specific separations, or dedicated functional controls for a given attack vector" (3).
Software Professionals have to be Trustworthy
It goes without saying that we should be able to trust people who do life-critical work. That’s the reason why my MD had to pass the medical boards and my lawyer had to pass the bar exam and the folks who fly me around the country all have commercial pilot’s licenses. Formal certification of capability is important in all of their cases because those people do things that require a high degree of public trust. And accordingly, their fundamental capability has to be unquestioned. Unfortunately however, the only proof of capability that software professionals can offer is the unsubstantiated opinion of their peers. That begs an obvious question, which is "can we trust them?" Or, to put this in more personal terms, when I am at 35,000 feet I would really like to trust that the people who created my aircraft’s avionics system were up to the task.
Threat Warnings Issued
In a recent hearing up on the Hill, Jason Livingood, Comcast’s Vice President of Internet systems engineering testified that Comcast will never be able to completely secure its broadband network from cyber security threats such as botnets that can "turn ordinary users into unwitting participants in global criminal enterprises.” If you think about it, Comcast, which is the nation’s largest Internet Service Provider (ISP) with 18 million high speed Internet customers, would make a very powerful botnet.
Why We Are Losing the Fight Against Cyber Crime?
In the 1990s, the archetypal cyber crime was a trespass and the typical cyber criminal was a counterculture type. That situation has changed. Now, crime in cyberspace is all about making money and at somewhere around $1 trillion globally (MacAfee, 2009) cyber crime is probably the most successful criminal enterprise ever. Because it is so lucrative, organized crime has invested heavily in developing people who can commit cyber crimes, recruiting the best hackers to carry out various criminal exploits. At the same time, people in law enforcement continue to be trained to investigate the crimes of the last Century. Computerworld sums up the current situation (October 20, 2005)…”At the moment, there's a dirty little secret that only a few people in the information security world seem to be privileged to know about, or at least take seriously. Computers around the world are systematically being victimized by rampant hacking. This hacking is not only widespread, but is being executed so flawlessly that the attackers compromise a system, steal everything of value and completely erase their tracks within 20 minutes. When you read this, it almost sounds like the plot of a cheesy science fiction novel, where evil uberhackers are seeking world domination, while good uberhackers apply all of their super brain power to save the world. Sadly, this isn't science fiction, and we don't typically have uberhackers on our side”.
Why the Current NIST-NICE Workforce Model needs to be fixed fast!
by Dan, 12.02.2011
A simple, common-sense principle ought to apply in every information security situation. The rule is, if you don’t protect yourself against all obvious areas of attack, then you aren’t secure. And it is the reason why the U.S. Government’s current model for cybersecurity framework is so dangerously flawed. The model is called the NIST-NICE Cybersecurity Workforce Framework (http://csrc.nist.gov/nice/framework/). This framework is a seven domain, 31 role model that attempts to describe all of the functions that are required to secure information. To be fair, the model seems to get most of those roles, functions and activities right. Where it fails however, is in its lack of acknowledgement of the role that supply chain risk and the presence of a secure acquisition process plays in ensuring the overall security of information.