jump to navigation

“CyberSecurity Cold War” – Spending ourselves into Oblivion May 8, 2012

Posted by Chris Mark in competitive intelligence, cybersecurity, Industry News.
Tags: , , , , , , , , ,
1 comment so far

A recent report published by Bloomberg outlines the challenges of securing critical infrastructure against cyber attacks in the 21st century.  According to a survey of 172 companies in six industries, current security measures are only stopping 69% of cyber attacks against banks, utility companies and other ‘critical assets’.   To stop 95% of attacks, companies would need to spend 7 times more than they are today.  This would increase spending from $5.3 billion$30.8 million average) to $46.6 ($270.9 million average).  This, it is estimated, would still only prevent 95% of attacks.  While not a consistent increase, it could be calculated that for every 1% increase in protection, another $1.588 billion would need to be spent by the group.  This amounts to roughly $9.23 million per company…for each 1% increase in protection.  If this is indeed accurate, it is clear that the current perspectives and strategy of cybersecurity is fatally flawed.

During the 1980’s the US and Soviet Union were fully engaged in a Cold War.   With the election of President Ronald Reagan, the US’s strategy changed.  A major component of Reagan’s strategy was to exploit the inherent inefficiencies in the Soviet Union’s command economy. By increasing spending, and forcing the Soviets to match spending on an arms race, the theory held that the SU could be bankrupted.  This has become known as the “Reagan Victory School” and while not completely responsible for the collapse of the Soviet Union, can be credited as hastening their demise. As outlined in a Stanford piece: “A central instrument for putting pressure on the Soviet Union was Reagan’s massive defense build-up, which raised defense spending from $134 billion in 1980 to $253 billion in 1989. This raised American defense spending to 7 percent of GDP, dramatically increasing the federal deficit. Yet in its efforts to keep up with the American defense build-up, the Soviet Union was compelled in the first half of the 1980s to raise the share of its defense spending from 22 percent to 27 percent of GDP, while it froze the production of civilian goods at 1980 levels.” (more…)

“Poisoned Apple?” – OSX Lion Encryption Passwords Insecure May 7, 2012

Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy, PCI DSS.
Tags: , , , , , , , , ,
add a comment

For years many Apple purists (I used to be one) have been touting the inherent security of the Apple operating system.  According to Techcrunch in February, 2012 it was discovered that OSX Lion (the newest OS from Apple) had a major security weakness and released widely within the last few days.  It was disclosed that the FileVault encryption passwords are now visible in plain text outside of a computer’s encrypted area.  This effectively renders the encryption useless as the keys (the passwords) are not secure.  While it was originally believed that the vulnerability as specific to the encrypted File Vault solution, it appears now that the vulnerability is larger…potentially much larger.  Sophos Naked Security blog states: “Anyone with access to the disk can read the file containing the password and use it to log into the encrypted area of the disk, rendering the encryption pointless and permitting access to potentially sensitive documents. This could occur through theft, physical access, or a piece of malware that knows where to look.”    Key management and password security continue to be the weakest link in most encryption implementations.

Airstrike Kills Al Qaeda Leader wanted in USS Cole Bombing May 6, 2012

Posted by Chris Mark in Industry News, Risk & Risk Management, terrorism.
Tags: , , , , , ,
add a comment

Foxnews reported that an airstrike on Sunday killed an Al Qaeda leader on the FBI’s most wanted list for the 2000 bombing of the USS Cole.  According to Foxnews: ” Fahd al-Quso was hit by a missile as he stepped out of his vehicle, along with another Al Qaeda operative in the southern Shabwa province, Yemeni military officials said. They were speaking on condition of anonymity in accordance with military regulations.” 

“Al-Quso, 37, was on the FBI’s most wanted list, with a $5 million reward for information leading to his capture. He was indicted in the U.S. for his role in the 2000 bombing in the USS Cole in Aden, Yemen, in which 17 American sailors were killed and 39 injured. (more…)

ALERT: CyberAttack Underway Against US Gas Piplines May 6, 2012

Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy, Risk & Risk Management, terrorism.
Tags: , , , , , , ,
1 comment so far

According to stories on MSNBC, CNN, and other major outlets, “A major cyber attack is currently under way aimed squarely at computer networks belonging to US natural gas pipeline companies, according to alerts issued to the industry by the US Department of Homeland Security.”   On March 29th, 2012 the US Department of Homeland Security issued 3 confidential Amber Alerts warning that the US was facing a: “gas pipeline sector cyber intrusion campaign” against multiple pipeline companies.  The attacks, which began 4 months ago, are ongoing today.  The Industrial Control Systems Cyber Emergency Response Team (ICS CERT), which is responsible for helping secure the nation’s industrial control systems said: (more…)

United Nations Part Deux; “Return Lands to Native Americans” May 5, 2012

Posted by Chris Mark in Industry News, Laws and Leglslation, United Nations.
Tags: , , , ,
add a comment

Always the selective idealists, the United Nations has now issued a formal statement that the United States should return lands to the Native Americans. According to the report: “The United States must do more to heal the wounds of indigenous peoples caused by more than a century of oppression, including restoring control over lands Native Americans consider to be sacred, a U.N. human rights investigator said on Friday.”  Anyone with a basic grasp of American history knows that the US has not always treated the Native Americans well.  The issue at hand, however is the UN and not the Native Americans.  According to the report, the “UN Special rapporteur on the rights of indigenous peoples, just completed a 12-day visit to the United States where he met with representatives of indigenous peoples in the District of Columbia, Arizona, Alaska, Oregon, Washington State, South Dakota, and Oklahoma. He also met with U.S. government officials.”  Based upon this description one would believe that Mr. Anaya is a foreign expert.  A review of his biography however, indicates that not only is Mr. Anaya an American  his is also the Regents professor at the University of Arizona where he teaches law.  A graduate of Harvard Law School, Mr. Anaya made his career in Native American issues.  According to his bio, Mr. Anaya: “…represented indigenous groups from many parts of North and Central America in landmark cases before courts and international organizations.” You can read his full CV here.  It seems inappropriate for the UN to use a Native American lawyer who specializes in Native American and indigenous issues to investigate, report, and recommend a course of action.  There is certainly a level of bias in this position. (more…)