jump to navigation

“The Weakest Link”- Insider Foils Underwear Bomb Plot May 8, 2012

Posted by Chris Mark in Risk & Risk Management, terrorism, Uncategorized.
Tags: , , , , , ,
add a comment

I have written extensively about the weakest link in any security program being the actual people responsible.  While we understand this point from a “good guys” perspective, it is just as true for our adversaries.   MSNBC reported today that the underwear bomber who was supposed to blow up a jet liner this month had been working for US and our Allies since day one and was a paid informant.  As stated on MSNBC: “An insider who worked with the United States and an allied security service to thwart an al-Qaida bomb plot hatched in Yemen was the man picked to carry out the suicide attack on a U.S.-bound airliner, U.S. and Yemeni officials tell NBC News. An unidentified Yemeni  government official, speaking on condition of anonymity, said the supposed suicide bomber was working for Western intelligence “from day one.”

The interesting point of this story is that it does not matter whether we are talking about nuclear facilities, cybersecurity, or counter terrorism, the human element always plays a role and is always the most unpredictable.  While the group that sent the man on his suicide mission clearly believed he was a ‘true believer’ willing to give his life for their cause, it appears that he had another agenda.  This is the challenge with security.  Trust but verify is a mantra that rings true in all aspects of security.  Thank goodness the group that tried to blow up the airliner acted on faith and not solid security principles.

“CyberSecurity Cold War” – Spending ourselves into Oblivion May 8, 2012

Posted by Chris Mark in competitive intelligence, cybersecurity, Industry News.
Tags: , , , , , , , , ,
1 comment so far

A recent report published by Bloomberg outlines the challenges of securing critical infrastructure against cyber attacks in the 21st century.  According to a survey of 172 companies in six industries, current security measures are only stopping 69% of cyber attacks against banks, utility companies and other ‘critical assets’.   To stop 95% of attacks, companies would need to spend 7 times more than they are today.  This would increase spending from $5.3 billion$30.8 million average) to $46.6 ($270.9 million average).  This, it is estimated, would still only prevent 95% of attacks.  While not a consistent increase, it could be calculated that for every 1% increase in protection, another $1.588 billion would need to be spent by the group.  This amounts to roughly $9.23 million per company…for each 1% increase in protection.  If this is indeed accurate, it is clear that the current perspectives and strategy of cybersecurity is fatally flawed.

During the 1980’s the US and Soviet Union were fully engaged in a Cold War.   With the election of President Ronald Reagan, the US’s strategy changed.  A major component of Reagan’s strategy was to exploit the inherent inefficiencies in the Soviet Union’s command economy. By increasing spending, and forcing the Soviets to match spending on an arms race, the theory held that the SU could be bankrupted.  This has become known as the “Reagan Victory School” and while not completely responsible for the collapse of the Soviet Union, can be credited as hastening their demise. As outlined in a Stanford piece: “A central instrument for putting pressure on the Soviet Union was Reagan’s massive defense build-up, which raised defense spending from $134 billion in 1980 to $253 billion in 1989. This raised American defense spending to 7 percent of GDP, dramatically increasing the federal deficit. Yet in its efforts to keep up with the American defense build-up, the Soviet Union was compelled in the first half of the 1980s to raise the share of its defense spending from 22 percent to 27 percent of GDP, while it froze the production of civilian goods at 1980 levels.” (more…)

Update on GlobalRiskInfo.com – Facebook, SPJ May 7, 2012

Posted by Chris Mark in News.
Tags: , , , , ,
add a comment

I realized that I was getting quite a few readers from Facebook so I took the plunge an have set up a Facebook page for GlobalRiskInfo.com.  If you are so inclined, please take a spin over to my page on Facebook.

In addition, since I talk enough about ethical journalism, I thought it prudent to put my money where my big mouth is.  I am proud to say that I joined, and was accepted into the Society of Professional Journalists.    Now we are cooking with fire!  Watch out cuz here comes my Pulitzer prize!! 😉

“Poisoned Apple?” – OSX Lion Encryption Passwords Insecure May 7, 2012

Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy, PCI DSS.
Tags: , , , , , , , , ,
add a comment

For years many Apple purists (I used to be one) have been touting the inherent security of the Apple operating system.  According to Techcrunch in February, 2012 it was discovered that OSX Lion (the newest OS from Apple) had a major security weakness and released widely within the last few days.  It was disclosed that the FileVault encryption passwords are now visible in plain text outside of a computer’s encrypted area.  This effectively renders the encryption useless as the keys (the passwords) are not secure.  While it was originally believed that the vulnerability as specific to the encrypted File Vault solution, it appears now that the vulnerability is larger…potentially much larger.  Sophos Naked Security blog states: “Anyone with access to the disk can read the file containing the password and use it to log into the encrypted area of the disk, rendering the encryption pointless and permitting access to potentially sensitive documents. This could occur through theft, physical access, or a piece of malware that knows where to look.”    Key management and password security continue to be the weakest link in most encryption implementations.

“Another One Bites the Dust”…Sarkozy out as France’ President…Socialist Hollande in May 6, 2012

Posted by Chris Mark in Politics.
Tags: , , , , , ,
add a comment

In what is proving to be a very interesting Sunday in the news, France has elected Socialist Francoise Hollande as president and voted out Nicolas Sarkozy.  Likely surprising to many American’s, Hollande will be the nation’s first left-wing president since Francois Mitterrand left office in 1995.  That being said, one of Hollande’ promises is to tax the “rich” at 75% of income.  Sarkozy’s defeat marks the latest — and most significant — of at least half a dozen European leaders swept from office during the eurozone economic crisis, including the Greek and Italian prime minister.

This is an interesting time in Global Politics.  While the Arab Spring seemed to signal a change in the Middle East, Europe has been moving, as well.  (more…)