“Satisficing” in 2020!- Choose the Best Available Option. February 25, 2020
Posted by Chris Mark in Politics, Uncategorized.Tags: 2nd amendment, bias, Decision Making, Herbert Simon, Heuristic, politics, Satisficing
1 comment so far
Herbert Simon
As we are well into this 2020 political cycle I thought it prudent to reference an important political (and decision making) concept. In his seminal 1947 work Administrative Behavior the esteemed Political Scientist, Economist and Nobel Prize Laureate Herbert Simon referenced a concept he called Satisficing. The concept was formally put forth in 1965. So what exactly is Satisficing? First it is a portmanteau which combines “satisfy” and “success”. According to Wikipedia Satisficing is: “Satisficing is a decision-making strategy or cognitive heuristic that entails searching through the available alternatives until an acceptability threshold is met.” The term satisficing, is a combination of satisfy and suffice.”
We all Satisfice every day. Consider the last car you bought. (more…)
I am back ;) “The Markerian Heptad and Understanding Attacker Motivations” February 24, 2020
Posted by Chris Mark in cybersecurity.Tags: AT&T, attacks, Chris Mark, cyber, cybersecurity, data breach, hacking, InfoSec, motivations, security
add a comment
It has been a bit of time since I have posted. I am back with a blog post I wrote for AT&T CyberSecurity Blog. Titled, “Understanding CyberAttacker Motivations” It discusses what I call the “Markerian Heptad” (Yes..I named it after myself 🙂 and describes the 7 basic motivations that underpin why an attacker would target a particular person, company, organization, etc.
“Implementing a risk based security program and appropriate controls against adaptive cyber threat actors can be a complex task for many organizations. With an understanding of the basic motivations that drive cyber-attacks organizations can better identify where their own assets may be at risk and thereby more efficiently and effectively address identified risks. This article will discuss the Rational Actor Model (RAM) as well as the seven primary intrinsic and extrinsic motivations for cyber attackers.
Deterrence and security theory fundamentally rely upon the premise that people are rational actors. The RAM is based on the rational choice theory, which posits that humans are rational and will take actions that are in their own best interests. Each decision a person makes is based upon an internal value calculus that weighs the cost versus the benefits of an action. By altering the cost-to-benefit ratios of the decisions, decisions, and therefore behavior can be changed accordingly.
It should be noted at this point that ‘rationality’ relies upon a personal calculus of costs and benefits. When speaking about the rational actor model or deterrence, it is critical to understand that ‘rational’ behavior is that which advances the individual’s interests and, as such, behavior may vary among people, groups and situations.”..READ MORE HERE!
超限战 – “Warfare without Bounds”; China’s Hacking of the US February 24, 2020
Posted by Chris Mark in cyberespionage, cybersecurity, Politics, weapons and tactics.Tags: AT&T, china, Chris Mark, cybercrime, espionage, hacking, PLA, Unlimited, Unrestricted, Warfare
add a comment
“Pleased to meet you…hope you guessed my name…But what’s puzzling you is the nature of my game.”
– The Rolling Stones; Sympathy for the Devil
UPDATE: On Feb 10, 2020 The US Government charged 4 Chinese Military Officers with hacking in the 2017 Equifax breach. On January 28th, the FBI arrested a Harvard professor of lying about ties to a Chinese recruitment effort and receiving payment from the US Government. The attacks, subterfuge and efforts continue against the US. Why? Read the original post form 2016 and learn about Unlimited Warfare.
Original post from 2016: More recently, the With the recent US Government’s acknowledgement of China’s hacking of numerous government websites and networks, many are likely wondering why China would have an interest in stealing employee data? To answer this question, we need to look back at the 1991 Gulf War. You can read my 2013 Article (WorldCyberwar) in the Counter Terrorist Magazine on this subject.
In 1991, a coalition led by the United States invaded Iraq in defense of Kuwait. At the time Iraq had the 5th largest standing army in the world. The US led coalition defeated the Iraqi army in resounding fashion in only 96 hours. For those in the United States the victory was impressive but the average American civilian did not have an appreciation for how this victory was accomplished.
The Gulf War was the first real use of what is known as C4I. In short, C4I is an acronym for Command, Control, Communications, Computers, and Intelligence. The Gulf War was the first use of a new technology known as Global Positioning Systems (GPS). The Battle of Medina Ridge was a decisive tank battle in Iraq fought on February 26, 1991 and the first to use GPS. In this 40 minute battle, the US 1st Armored Division fought the 2nd Brigade of the Iraqi Republican Guard and won decisively. While the US lost 4 tanks and had 2 people killed, the Iraqis suffered a loss of 186 tanks, 127 Infantry Fighting Vehicles and 839 soldiers captured. The Chinese watched the Gulf War closely and came away with an understanding that a conventional ‘linear’ war against the United States was unwinnable.
After the Gulf War the Chinese People’s Liberation Army tasked two PLA colonels (Qiao Liang and Wang Xiangsui) with redefining the concept of warfare. From this effort came a new model of Warfare that is published in the book “Unrestricted Warfare” or “Warfare without Bounds”. Unrestricted Warfare is just what it sound like. The idea that ‘pseudo-wars’ can be fought against an enemy. Information warfare, PR efforts and other tactics are used to undermine and enemy without engaging in kinetic, linear battle. Below is a quote from the book:
“If we acknowledge that the new principles of war are no longer “using armed force to compel the enemy to submit to one’s will,” but rather are “using all means including armed force and non-armed force, military and non-military, lethal and non-lethal means to compel the enemy to accept one’s interests.”
“As we see it, a single man-made stock-market crash, a single computer virus invasion, or a single rumor or scandal that results in a fluctuation in the enemy country’s exchange rates or exposes the leaders of an enemy country on the Internet, all can be included in the ranks of new-concept weapons.”
It further stated: “… a single rumor or scandal that results in fluctuation in the enemy country’s exchange rates…can be included in the ranks of new concept weapons.”
On April 15, 2011, the US Congressional Subcommittee on Oversight and Investigations conducted a hearing on Chinese cyber-espionage. The hearing revealed the US government’s awareness of Chinese cyberattacks. In describing the situation in his opening remarks, subcommittee chairperman Dana Rohrbacher* astutely stated:
“[The]United States is under attack.”
“The Communist Chinese Government has defined us as the enemy. It is buying, building and stealing whatever it takes to contain and destroy us. Again, the Chinese Government has defined us as the enemy.”
Given the Chinese perspective on Unlimited Warfare, it becomes much more clear that what we are seeing with the compromises are examples of ‘pseudo wars’ being fought by the Chinese. It will be interesting to see how or if the US responds.
*thank you to the reader who corrected my referencing Mr. Rohrbacher as a female. My apologies to Chairman Rohrbacher!
HR 4036, the “Hack Back Bill”; Understanding Active & Passive Deterrence and the Escalation of Force Continuum. May 24, 2018
Posted by Chris Mark in Uncategorized.add a comment
A post on deterrence theory that is applicable to today’s environment and discussion on guns and school security
I wrote this original post several years ago but it seems to be more relevant now. As CNN reports HR4036…”…formerly called the Active Cyber Defense Certainty (ACDC) Act and informally called the hack-back bill – was introduced as an amendment to the Computer Fraud and Abuse Act (CFAA) last week. Its backers are US Representatives Tom Graves, a Georgia Republican, and Kyrsten Sinema, an Arizona Democrat.”
This is a bill that is sound in theory and terrible in practice. According to the Bill, (named ACDC) it would enable a company to take “..active defensive measures..” to access an attacker’s computer. This is only applicable in the US…Think about this for a minute. What is the evidence that I was the attacker of company A? Maybe (quite possibly…almost certainly) a hackers is using my system as a proxy. So some company can now attack my personal computer? What happened to “due…
View original post 3,556 more words
Global Security, Privacy, & Risk Management 