jump to navigation

超限战 – “Warfare without Bounds”; China’s Hacking of the US June 11, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , ,
add a comment

Unconditional_warfare

“Pleased to meet you…hope you guessed my name…But what’s puzzling you is the nature of my game.”
– The Rolling Stones; Sympathy for the Devil

With the recent US Government’s acknowledgement of China’s hacking of numerous government websites and networks, many are likely wondering why China would have an interest in stealing employee data?  To answer this question, we need to look back at the 1991 Gulf War. You can read my 2013 Article (WorldCyberwar) in the Counter Terrorist Magazine on this subject.

In 1991, a coalition led by the United States invaded Iraq in defense of Kuwait.  At the time Iraq had the 5th largest standing army in the world.  The US led coalition defeated the Iraqi army in resounding fashion in only 96 hours.  For those in the United States the victory was impressive but the average American civilian did not have an appreciation for how this victory was accomplished.

The Gulf War was the first real use of what is known as C4I.  In short, C4I is an acronym for Command, Control, Communications, Computers, and Intelligence. The Gulf War was the first use of a new technology known as Global Positioning Systems (GPS).  The Battle of Medina Ridge was a decisive tank battle in Iraq fought on February 26, 1991 and the first to use GPS.  In this 40 minute battle, the US 1st Armored Division fought the 2nd Brigade of the Iraqi Republican Guard and won decisively. While the US lost 4 tanks and had 2 people killed, the Iraqis suffered a loss of 186 tanks, 127 Infantry Fighting Vehicles and 839 soldiers captured.  The Chinese watched the Gulf War closely and came away with an understanding that a conventional ‘linear’ war against the United States was unwinnable.

After the Gulf War the Chinese People’s Liberation Army tasked two PLA colonels (Qiao Liang and Wang Xiangsui) with redefining the concept of warfare.  From this effort came a new model of Warfare that is published in the book “Unrestricted Warfare” or “Warfare without Bounds”.  Unrestricted Warfare is just what it sound like.  The idea that ‘pseudo-wars’ can be fought against an enemy.  Information warfare, PR efforts and other tactics are used to undermine and enemy without engaging in kinetic, linear battle.  Below is a quote from the book:

“If we acknowledge that the new principles of war are no longer “using armed force to compel the enemy to submit to one’s will,” but rather are “using all means including armed force and non-armed force, military and non-military, lethal and non-lethal means to compel the enemy to accept one’s interests.”

“As we see it, a single man-made stock-market crash, a single computer virus invasion, or a single rumor or scandal that results in a fluctuation in the enemy country’s exchange rates or exposes the leaders of an enemy country on the Internet, all can be included in the ranks of new-concept weapons.”

It further stated: “… a single rumor or scandal that results in fluctuation in the enemy country’s exchange rates…can be included in the ranks of new concept weapons.”

On April 15, 2011, the US Congressional Subcommittee on Oversight and Investigations conducted a hearing on Chinese cyber-espionage. The hearing revealed the US government’s awareness of Chinese cyberattacks. In describing the situation in his opening remarks, subcommittee chairperman Dana Rohrbacher* astutely stated:

“[The]United States is under attack.”

“The Communist Chinese Government has defined us as the enemy. It is buying, building and stealing whatever it takes to contain and destroy us. Again, the Chinese Government has defined us as the enemy.”

Given the Chinese perspective on Unlimited Warfare, it becomes much more clear that what we are seeing with the compromises are examples of ‘pseudo wars’ being fought by the Chinese.  It will be interesting to see how or if the US responds.

*thank you to the reader who corrected my referencing Mr. Rohrbacher as a female.  My apologies to Chairman Rohrbacher!

Getting into Information Assurance Careers June 2, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , ,
add a comment

March coverI have had a number of folks email me asking about becoming an InfoSec worker so I am writing this post to (hopefully) help those who are interested.  In 2001, I landed in InfoSec by pure luck and I have never looked back.  It is an amazing field and a great career path.  First..for some marketing.  According to the InfoSec Institute, the average CISSP Salary in 2014 is over $100,000 per year.  In 2013 there were 209,000 job postings for CyberSecurity Jobs and it is estimated that in 2015, there are 40,000 more jobs than people to take them.  In short, it is a very high demand field.

InfoSec?  CyberSecurity? Information Assurance?  WHAT?

It is even confusing to me sometimes.  At a high level I use the term Information Assurance as it encompasses all of the elements of protecting data.  This includes data security (protecting data), CyberSecurity (protecting the systems, and infrastructure), Privacy (appropriate use of information) and Compliance (ensuring your company complies with relevant regulations) and Risk Management (evaluating the security risk of your organization).  While this short post does not allow for a more comprehensive overview, these are the generic ‘pillars’ that we consider.

What types of Jobs are Out There? (more…)

EMV- CHIP & Choice..not Chip & PIN…Start Moving! March 23, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
add a comment

platinum11chip_fr_h_1987After deviating from my ‘security’ theme, I am back to talk about InfoSec.  Last week I had the opportunity to attend Visa Accredited EMV Consultant Training at Visa’s Headquarters in Foster City, CA.  As always, Visa put on a top tier program with numerous experts in Payment Card ‘chip’ technology.  Since the topic was EMV most of the experts were from Across the Pond.  Thanks to Mark, Chris and the others for great training!

For those who are new, EMV or “Europay, MasterCard, Visa” is a technology where a microprocessor ‘chip’ is embedded in a payment card (credit card, debit card, etc.).  It is often erroneously referred too as “Chip & PIN” but EMV really only applies to the Chip technology.  If a region or issuer wants to prefer PIN, they are able.  Visa has a “Chip and Choice” model where they allow Chip with signature, no signature, or PIN depending upon the issuer, the risk and type of transaction (ie. Debit for Cash or ATM require a PIN).  There was too much information over 2 days to talk about in this post but there was one point I learned and wanted to pass on..

In October 2015, Visa is offering a ‘liability shift’ for merchants who adopt EMV.  My belief (it was wrong) until I attended the training was that the EMV liability shift only affected those merchants who 1) accepted a ‘chip’ card and on ‘chip’ transactions.  These are known as ‘chip on chip’.  It is critical that Merchants understand that the liability shift occurs for merchants who accept transacitons over a dual interface terminal (Chip and NFC) who accept transactions of ANY form.  As an example, if you accept 99% mag stripe transactions but you have dual interface terminals…the fraudulent transacion due to counterfeit have liability shifted to the issuer!  It does NOT have to be a Chip on Chip transaction.

The Second important point to remember is that Visa is offering a Technology Incentive Program (TIP) that states if a Level 1 Merchant accepts 75% of transactions over a Dual Interface terminal, they do not have to validate compliance with an onsite assessment.  There are some caveats to this so make sure you read the rules!

To get ready for implementation, ensure you download the Visa Merchant Readiness Acceptance Guide here.

Director of VA Robert McDonald Lies About Military Service (Shame on Him!) February 24, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , ,
add a comment

McDonaldAdding to my latest post about Sniper Posers…we have a new addition to the Stolen Valor club.  New Veterans Affairs Secretary (and former Proctor & Gamble CEO) Robert McDonald today admitted to lying about being a Special Forces Soldier (Green Beret).  This is the same person who confronted Iraq War Veteran  (both Iraq wars) and Republican Congressman Mike Coffman (R. Colorado) and pointedly asked “What have you done?”  McDonald then talked about how he had “…run a major company..”

It is bad enough when a civilian who has never served lies about their service.  It is more egregious when a military member who served honorably lies about their service. It is absolutely not acceptable when the Secretary of the VA lies about his service.  Let’s be clear, the VA is one of the most incompetent, corrupt organizations in the entire US Government.  Shame on him!  He belongs on the Stolen Valor Wall of Shame!

Chris Mark on NPR “Here and Now” talking about R&S Foundation January 22, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , ,
add a comment

SniperNPRI was asked to interview for NPR’s “Here and Now” related to the movie American Sniper and the role of snipers in combat. This was the result of writing an article for the National Review on the same subject.  If you are interested in listening to the interview, you can listen to it here.  Most importantly, I was able to get some well needed press for the R&S Foundation (Recon and Sniper).  This is a charity formed to help those brothers in our community (and other service members and veterans) who may be struggling.  We just found out that we lost another one of brothers yesterday. Please visit www.SniperFoundation.org

 

 

Follow

Get every new post delivered to your Inbox.

Join 300 other followers

%d bloggers like this: