jump to navigation

Active & Passive Deterrence and the Escalation of Force Cycle October 24, 2016

Posted by Chris Mark in cybersecurity, Uncategorized.
Tags: , , , , , , ,
1 comment so far

SMallPirRecently I was debating some security topics with a coworker and the idea of ‘active deterrence’ was again brought up in the context of cybersecurity for organizations.  I felt this was a good time to discuss deterrence (active and passive) and once again talk about the Escalation of Force Cycle.  So, what is deterrence? (warning…long post)..pic of the author off the cost of Somalia doing anti-piracy operations)

The History of Deterrence Theory:

The concept of deterrence is relatively easy to understand and likely extends to the earliest human activities in which one early human dissuaded another from stealing food by employing the threat of violence against the interloper.  Written examples of deterrence can be attributed as far back as the Peloponnesian War, when Thucydides wrote that there were many conflicts in which one army maneuvered in a manner that convinced the opponent that beginning or escalating a war would not be worth the risk.[1]  In the 4th Century BC, Sun Tzu wrote: “When opponents are unwilling to fight with you, it is because they think it is contrary to their interests, or because you have misled them in to thinking so.”[2]  While most people seem to instinctively understand the concept at the individual level, contemporary deterrence theory was brought to the forefront of political and military affairs during the Second World War with the deployment of nuclear weapons against Nagasaki and Hiroshima.[3]  

The application of deterrence during WWII was the beginning of understanding that an internal value calculus drives human behavior and that behavior could be formally modeled and predicted with some degree of accuracy.  (more…)

US Government Failing us on Terrorism June 15, 2016

Posted by Chris Mark in cybersecurity, Uncategorized.
Tags: , , , , , ,
add a comment

the dunceAs we learn more and more about the Orlando killer I am increasingly appalled at the incompetence and indifference shown by our own government.  First our own president referred to ISIS as “Junior Varsity”. Omar Mateen was investigated twice by the FBI with the investigations lasting at least 10 months.   After the investigation the FBI ‘closed’ the case.  The officials in DC had the opportunity to re-open or continue the investigation…they did not.

Even Attorney General Lynch said she would open an inquiry to see: “if there are lessons we can learn to prevent another tragedy.” Didn’t we hear similar comments after Boston and San Bernardino. In fact, Lynch stated after San Bernardino:

“We’re at the point where these issues have come together really like never before in law enforcement thought and in our nation’s history and it gives us a wonderful opportunity and a wonderful moment to really make significant change,” – What ‘wonderful opportunity did this provide?

Let us not forget that President Obama called the Boston Bombings: “Two brothers and a crackpot”  Let that sink in for a moment after knowing what we know about San Bernardino and Oralando.

Considering we have now seen the Boston Bombing and San Bernadino shootings from the same terrorists…each of which were investigated and cleared…I would say the government FAILED miserably to protect those in Orlando  and is failing to protect us.

Omar Mateen’s father is know to publicly support the Taliban and his parents are from Afghanistan.  Omar Mateen’s “wife” is actually Palestinian.  Interestingly, there is no evidence they were actually married.  Then, we find that Omar Mateen took 2 separate trips to Saudi Arabia for “unknown” reasons. (shouldn’t this have raised numerous red flags?)

Clearly there was something that compelled the FBI to investigate Mateen for over 10 months.  Closing the case should not mean ignoring the individual.  When coupled with the trips to Saudi Arabia and Mateen’s father’s support of the Taliban, you would think it would have re-energized the investigation.  Even if Mateen could legally purchase a firearm, how could his purchasing of a firearm AFTER being investigated for 10 months, taking 2 trips to Saudi Arabia in 1 year, ‘marrying’ a Palestinian woman, and having a father who is pro Taliban NOT compel the US Government to at least watch this guy?

Predictive Analysis is about taking desperate bits of information and predicting behavior.  Using historical information we can identify how people act given certain actions.  How in the f…’hell’ did all of these data points NOT point to a ‘re look’ at Mateen?  I often say “security is indelicate”.  Here is a game?

  • Does being a Middle Eastern person make you a terrorist?  Probably not.  Does being a Middle Eastern Male make you a terrorist? probably not. 
  • Does being a Middle Eastern Male between the ages of 18 and 29 make you a terrorist?  Probably not.
  • Does being a Middle Eastern Male between the ages of 18 and 29 who is also Muslim make you a terrorist? Probably not.  Does being a Middle Eastern Male between the ages of 18 and 29, and Muslim who attends a Mosque known to preach an extremist view of Islam make you a terrorist...hopefully (notice the language change) not…
  • Does being a Middle Eastern Male between the ages of 18 and 29, and Muslim who attends a Mosque known to preach an extremist view of Islam, and who has visited Saudi Arabia in the past year for unknown reasons make you a terrorist?….ummm…maybe…not?
  • Does being a Middle Eastern Male between the ages of 18 and 29, and Muslim who attends a Mosque known to preach an extremist view of Islam, and who has visited Saudi Arabia in the past year for unknown reason, and has published numerous anti American posts on Facebook  make you a terrorist?…Yeah..we hope not? 
  • Does being a Middle Eastern Male between the ages of 18 and 29, and Muslim who attends a Mosque known to preach an extremist view of Islam, and who has visited Saudi Arabia in the past year for unknown reason, and has published numerous anti American posts on Facebook…and recently purchased numerous guns make you a terrorist?…What do you think?

This is PA 101.  Our Government is failing us on a basic level.

As more and more terrorists attack the United States, the current administration’s position is simply to divert blame. He intimates that by calling the terrorists “Islamic radicals” that we are encouraging them and, of course, places the blame on guns.

It is not a ‘gun problem’ it is apathy,  indifference, and disrespect for a very capable, and motivated enemy that is providing an environment that is ripe for these types of attacks.

DO YOUR JOB….

Chris Mark in “Using Security Metrics” Book June 9, 2016

Posted by Chris Mark in cybersecurity, Uncategorized.
Tags: , , , , , , ,
add a comment

Screen-Shot-2016-06-09-at-10.55.59-AM.pngA number of months ago I was interviewed regarding my opinion on the effectiveness of security metrics.  I was notified today that the eBook has been published.  Titled “Using Security Metrics” the book includes 33 authors and according to the publisher:

“We asked 33 security experts how they communicate security program effectiveness to business executives and the Board.

They share their recommendations and best practices in this ebook. If you’re a security professional, you’ll find their insights indispensable for helping you better communicate with business executives and Board members who often do not speak the security language. Download this ebook to learn about:

  • Security Metrics That Tell a Story to the Board
  • Security Metrics That Help Boards Assess Risk
  • Security Metrics for Threat Management
  • Security Metrics that Drive Action in the Financial Services Industry

My contribution can be found starting on page 39.  You can download the eBook here!.

Chris Mark Speaking at OpenEdge 2016 Partner Advisory Board May 27, 2016

Posted by Chris Mark in cyberespionage, cybersecurity, Uncategorized.
Tags: , , , , , ,
add a comment

OpenEdgeI am honored to have been asked to present as the keynote speaker at the OpenEdge 2016 Partner Advisory Board on June 6th, in Chicago, Il.  I will be speaking on the state of cybercrime today and provide a live demonstration of the Dark Web as well as a description of how cyber thieves steal and use payment card data.  It should be a fun event for everyone!  If you are an OpenEdge Partner please consider attending!

“The United States is Under Attack” – CyberWar Article May 23, 2016

Posted by Chris Mark in cyberespionage, cybersecurity, Uncategorized.
Tags: , , , , , ,
add a comment

CT2013The title was a comment made in 2011 by the US House of Representatives.

In cleaning out my house for an impending move I found a copy of The Counter Terorist Magazine for which I had written an article in 2013 titled “CyberWar”.While the article is 3 years old, it still provides some valuable information and valuable lessons on the current state of Cyber War.   The US Congress has has several sessions and working groups to discuss “The Chinese Problem” related to cyber espionage and Cyber War.  You can learn more by reading my article!

%d bloggers like this: