What Coronavirus can Teach us about CyberSecurity February 28, 2020
Posted by Chris Mark in cybersecurity, Data Breach, Industry News, InfoSec & Privacy.Tags: adaptation, Chris Mark, coronavirus, data breach, disease x, johari, risk, RSA, security, threat, virus
add a comment
The 2020 RSA CyberSecurity Conference was held recently in San Francisco, California. There were some notable companies that elected to not attend this over safety concerns related to Coronavirus. On February 25th the mayor of San Francisco declared a state of emergency for their city over Coronavirus fears.
This state of emergency was declared is in spite of the fact that there are no confirmed cases of Coronavirus in the city. Mayor Breed, in discussing her prudent steps stated: “We see the virus spreading in new parts of the world every day, and we are taking the necessary steps to protect San Franciscans from harm…”
First identified in Wuhan, China in late 2019, Coronavirus (covid-19) has reportedly infected over 80,000 people worldwide and has resulted in over 2,700 deaths on several continents. Recently, the World Health Organization identified the newly identified Coronovirus as a potential “Disease X”. “Disease X” was added to World Health Organization’s “Prioritizing diseases for research and development in emergency contexts” list of illnesses. This list includes such diseases as the Crimean-Congo hemorrhagic fever (CCHF), Ebola and Marburg virus disease, Lassa Fever, MERS, SARS, Nipah and henipaviral diseases, Rift Valley fever and Zika. Importantly, “Disease X”:
(…represents the knowledge that a serious international epidemic could be caused by a pathogen currently unknown to cause human disease, and so the R&D Blueprint explicitly seeks to enable cross-cutting R&D preparedness that is also relevant for an unknown “Disease X” as far as possible) (emphasis added).
What can the current Coronavirus situation teach us about cybersecurity?
Reflecting upon the situation in San Francisco and the WHO’s statements, it is possible to utilize the Johari Window to analyze the situation. The Johari Window[1]developed by psychologists Joseph Lutz and Harrington Ingram in 1955 and reintroduced to the American Public in 2012 when then Secretary of State in referencing Iraqi Weapons of Mass Destruction stated:
“…there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don’t know we don’t know…it is the latter category that tend to be the difficult ones.” (paraphrased)
The Johari Window identifies four panes of knowledge. They include: The “known/knowns” where both the person and others know of a given situation. There is the “Known/Unknown” where the person knows and others do not know of a situation. Consider a personal secret that has not been shared with others. There is then an “Unknown/Known” where the situation is not known the person yet is known to others. In simple terms think of a surprise birthday party where everyone but the birthday boy/girl is aware. Finally, there are “unknown/unknowns” where neither the party knows. This is the truest example of an ‘unknown’ and represents, the most difficult situation to analyze because it truly represents a position of ignorance on both parties.
In 2016 the World Health Organization identified that there was a conceptual, although yet undefined threat that was both unknown to others and to themselves but they understood that, theoretically, existed and would present a major risk if and when it was eventually realized. This, they proactively identified as ‘Disease X’. This was the ‘unknown/unknown’ in the Johari Window until the time that it was identified as Coronavirus.
It is now a ‘known/known’ threat although countries are still struggling to identify how to deal with the risk it presents. Until it was actually realized, however, there was little any country could do except wait until it was realized. Once it was identified, then actual defensive and protective measures could be put into place to address the threat.
In much the same way, organizations dealing with cybersecurity today are presented with the ‘unknown/unknown’ of the conceptual “Disease X” threat in cybersecurity. This is any yet unidentified and yet predicted threat that may impact their organization in the not too distant future. Companies are faced with attempting to develop security and continuity plans for a threat that they do not yet know exists and what specifically that threat encompasses. On a nearly daily basis, however, a ‘Disease X’ arises in cybersecurity and companies are forced to react quickly and decisively to address such threats. Adding to the threat is the fact that these threats are not naturally occurring and are, in fact, created by humans – intent on creating harm.
Compounding the problem of the ‘unknown/unknown’ is the idea of threat adaptation in known threats. While not modified by naturally security processes, security strategies, like those of disease control must also deal with threat adaptation. Using the Coronavirus as an example, according to a South China Morning Post article posted on February 4th, 2020 Chinese scientists had already:
“…detected “striking” mutations in a new coronavirus that may have occurred during transmission between family members.” It further states that: “While the effects of the mutations on the virus are not known, they do have the potential to alter the way the virus behaves.”
It has been well established that Influenza virus ‘shift’ and ‘drift’ antigenically. Without delving into the specifics of how these occur, according to the Center for Disease Control and Prevention, states that:
“When antigenic drift occurs, the body’s immune system may not recognize and prevent sickness caused by the newer influenza viruses. As a result, a person becomes susceptible to flu infection again, as antigenic drift has changed the virus enough that a person’s existing antibodies won’t recognize and neutralize the newer influenza viruses.”
While not a direct corollary to a natural viral drift or shift, human actors respond in a similar way when attempting to commit criminal acts. They ‘adapt’ to the changing security environment and are defined as ‘adaptive threats’. According to the Department of Homeland Security’s Security Lexicon, Adaptive Threats are defined as:
“…threats intentionally caused by humans.” It further states that Adaptive Threats are: “…caused by people that can change their behavior or characteristics in reaction to prevention, protection, response, and recovery measures taken.”
In short, as defenses improve, threat actors change their tactics, and techniques to adapt to the changing controls and prevent the established controls from identifying and protecting against the newly adapted threat. As the threat actor improves their capabilities the defensive actors necessarily have to change their own protections. This cycle continues ad infinitum until there is a disruption. This recurring cycle is known as the Defense Cycle.
Consider medieval castles. Originally, they were built of wood. Those assaulting castles would simply use fire to burn the castles to the ground. Castle makers then built Castles of stone. Assaulters then created siege engines to knock down the walls or began digging under the walls to ‘undermine’ them. Castle walls were made larger and stronger and were nearly impenetrable until cannons were introduced. Even in situations where the attackers could not ‘storm the castle’ they would simply lay siege and starve the inhabitants until they capitulated. This is a classic example of threat adaptation and the defense cycle.
In a more relevant and timely example consider a standard network with security controls applied commensurate with the identified risks. An attacker may try an attack against the network layer. If this is ineffective and the incentive is great enough the attacker will likely modify their behavior and attack methodology to attempt to circumvent some other control. This process continues until a resource has been compromised.
Applying the concepts addressed in this article, a newly identified or developed exploit is the proverbial “Disease X”. As it has not yet been identified, the organization has no definitive defense against it. Once it is identified and known, then the company can begin identifying new controls to address the newly identified risk. The attacker will then, once again, modify their behavior. As stated, this cycle can continue ad infinitum.
In 2020, organizations are dealing with myriad threats. First there are the ‘unknown/unknowns” that represent the “Disease X”of the cyber attack world. These may include new attack vectors, or zero day exploits. Secondly, organizations are faced with defending against motivated, determined adversaries who are not only is focused on attacking networks and resources but are continually adapting their strategies as defenses improve. While not a direct correlation, by looking at nature and how diseases impact our society, organizations can better understand their own security strategy and risk management practices.
A Perspective on Guns & Killing from “A Marine and his Rifle” (Updated 2020) February 25, 2020
Posted by Chris Mark in Uncategorized.Tags: call of duty, Chris Mark, Combat, dallas, gun control, Marine Sniper, Newtown Connecticut, On Killing, police, sandy hook, Scout Sniper, video games, War
13 comments
“I left the sky in the middle of the night
I hit the deck and I’m ready to fight.
Colt .45 and Kabar by my side
These are the tools that make men die.”
-Infantry Cadence
With the recent political debates raging and ‘gun control’ once again front and center of the Democrat candidate’s platforms, I felt it was appropriate to update and republish for 2020. This post is not a position on gun control rather it is intended give some insight into a side of the issue few outside of specialized jobs probably recognize or acknowledge. That of the human weapon. (more…)
I am back ;) “The Markerian Heptad and Understanding Attacker Motivations” February 24, 2020
Posted by Chris Mark in cybersecurity.Tags: AT&T, attacks, Chris Mark, cyber, cybersecurity, data breach, hacking, InfoSec, motivations, security
add a comment
It has been a bit of time since I have posted. I am back with a blog post I wrote for AT&T CyberSecurity Blog. Titled, “Understanding CyberAttacker Motivations” It discusses what I call the “Markerian Heptad” (Yes..I named it after myself 🙂 and describes the 7 basic motivations that underpin why an attacker would target a particular person, company, organization, etc.
“Implementing a risk based security program and appropriate controls against adaptive cyber threat actors can be a complex task for many organizations. With an understanding of the basic motivations that drive cyber-attacks organizations can better identify where their own assets may be at risk and thereby more efficiently and effectively address identified risks. This article will discuss the Rational Actor Model (RAM) as well as the seven primary intrinsic and extrinsic motivations for cyber attackers.
Deterrence and security theory fundamentally rely upon the premise that people are rational actors. The RAM is based on the rational choice theory, which posits that humans are rational and will take actions that are in their own best interests. Each decision a person makes is based upon an internal value calculus that weighs the cost versus the benefits of an action. By altering the cost-to-benefit ratios of the decisions, decisions, and therefore behavior can be changed accordingly.
It should be noted at this point that ‘rationality’ relies upon a personal calculus of costs and benefits. When speaking about the rational actor model or deterrence, it is critical to understand that ‘rational’ behavior is that which advances the individual’s interests and, as such, behavior may vary among people, groups and situations.”..READ MORE HERE!
超限战 – “Warfare without Bounds”; China’s Hacking of the US February 24, 2020
Posted by Chris Mark in cyberespionage, cybersecurity, Politics, weapons and tactics.Tags: AT&T, china, Chris Mark, cybercrime, espionage, hacking, PLA, Unlimited, Unrestricted, Warfare
add a comment
“Pleased to meet you…hope you guessed my name…But what’s puzzling you is the nature of my game.”
– The Rolling Stones; Sympathy for the Devil
UPDATE: On Feb 10, 2020 The US Government charged 4 Chinese Military Officers with hacking in the 2017 Equifax breach. On January 28th, the FBI arrested a Harvard professor of lying about ties to a Chinese recruitment effort and receiving payment from the US Government. The attacks, subterfuge and efforts continue against the US. Why? Read the original post form 2016 and learn about Unlimited Warfare.
Original post from 2016: More recently, the With the recent US Government’s acknowledgement of China’s hacking of numerous government websites and networks, many are likely wondering why China would have an interest in stealing employee data? To answer this question, we need to look back at the 1991 Gulf War. You can read my 2013 Article (WorldCyberwar) in the Counter Terrorist Magazine on this subject.
In 1991, a coalition led by the United States invaded Iraq in defense of Kuwait. At the time Iraq had the 5th largest standing army in the world. The US led coalition defeated the Iraqi army in resounding fashion in only 96 hours. For those in the United States the victory was impressive but the average American civilian did not have an appreciation for how this victory was accomplished.
The Gulf War was the first real use of what is known as C4I. In short, C4I is an acronym for Command, Control, Communications, Computers, and Intelligence. The Gulf War was the first use of a new technology known as Global Positioning Systems (GPS). The Battle of Medina Ridge was a decisive tank battle in Iraq fought on February 26, 1991 and the first to use GPS. In this 40 minute battle, the US 1st Armored Division fought the 2nd Brigade of the Iraqi Republican Guard and won decisively. While the US lost 4 tanks and had 2 people killed, the Iraqis suffered a loss of 186 tanks, 127 Infantry Fighting Vehicles and 839 soldiers captured. The Chinese watched the Gulf War closely and came away with an understanding that a conventional ‘linear’ war against the United States was unwinnable.
After the Gulf War the Chinese People’s Liberation Army tasked two PLA colonels (Qiao Liang and Wang Xiangsui) with redefining the concept of warfare. From this effort came a new model of Warfare that is published in the book “Unrestricted Warfare” or “Warfare without Bounds”. Unrestricted Warfare is just what it sound like. The idea that ‘pseudo-wars’ can be fought against an enemy. Information warfare, PR efforts and other tactics are used to undermine and enemy without engaging in kinetic, linear battle. Below is a quote from the book:
“If we acknowledge that the new principles of war are no longer “using armed force to compel the enemy to submit to one’s will,” but rather are “using all means including armed force and non-armed force, military and non-military, lethal and non-lethal means to compel the enemy to accept one’s interests.”
“As we see it, a single man-made stock-market crash, a single computer virus invasion, or a single rumor or scandal that results in a fluctuation in the enemy country’s exchange rates or exposes the leaders of an enemy country on the Internet, all can be included in the ranks of new-concept weapons.”
It further stated: “… a single rumor or scandal that results in fluctuation in the enemy country’s exchange rates…can be included in the ranks of new concept weapons.”
On April 15, 2011, the US Congressional Subcommittee on Oversight and Investigations conducted a hearing on Chinese cyber-espionage. The hearing revealed the US government’s awareness of Chinese cyberattacks. In describing the situation in his opening remarks, subcommittee chairperman Dana Rohrbacher* astutely stated:
“[The]United States is under attack.”
“The Communist Chinese Government has defined us as the enemy. It is buying, building and stealing whatever it takes to contain and destroy us. Again, the Chinese Government has defined us as the enemy.”
Given the Chinese perspective on Unlimited Warfare, it becomes much more clear that what we are seeing with the compromises are examples of ‘pseudo wars’ being fought by the Chinese. It will be interesting to see how or if the US responds.
*thank you to the reader who corrected my referencing Mr. Rohrbacher as a female. My apologies to Chairman Rohrbacher!
A Marine Sniper’s Review of Africa Hunt Lodge October 6, 2017
Posted by Chris Mark in Uncategorized.Tags: Africa hunt lodge, Chris Mark, Gemsbok, Hunting, KUDU, PH, professional hunter, Safari, south africa, Wikus Stemmet
5 comments
I had always wanted to hunt in Africa. I had hunted deer and hog as a young man and was a Marine Scout/Sniper for quite a few years. I had always had a dream of hunting in Africa and hunting plains game. After my first photo safari in Timbivati, I was fixated on going back to Africa to hunt!
Personally, I don’t have an interest in hunting Lion, Leopard, or other animals but plains games were my passion. Just not my thing…but…I wanted to hunt plains game. I was fortunate to have found myself with an opportunity to go in August of 2017.
This blog post is a story of my experience. If you are against hunting in Africa, I would ask that you read the following article, and this one, and this one, and this one, and finally…this one before making a judgement. At the end of the day, game management and controlled hunting is very beneficial to both game species as well as the economy in South Africa. If you don’t like it..you don’t have to go.
Before I embarked on my hunt, I did research…A LOT of research. I wanted to ensure that the hunts were fair and I wanted to understand more about how hunting impacted conservation. Questions like: “What happens to the meat?”; “How are the animals hunted?”; “Are hunting trophies “guaranteed” (not a good thing, BTW)…?” were some of the questions I sought to answer. Once I was fully satisfied that the journey would be fair, and that the meat would not be wasted, I then looked for an outfitter.
In Africa a hunter must hunt with the Professional Hunter (PH). A Professional Hunter is a licensed professional hunter that has attended a full year (or more) of school and has passed a number of difficult exams. The PH is responsible for (in no particular order) 1) hunter safety, 2) finding game 3) ensuring the game is legal, of proper size etc. 4) approving the animal and the shot and 5) saving your rear end if you screw up. That part is important 😉 Read here for more information about the PH program.
My friend (SF Trained Medic and SARC DocSARC Doc) and I settled on the Africa Hunt Lodge. Why? We were able to head to Kerrville, Texas and talk with the folks at Texas Hunt Lodge (a sister company) and meet the team. Aaron and team spent 2 hours with us answering every question we could ask and showing us their taxidermy shop, hunting lodge and explaining all aspects. Cool guys…very patient with our badgering questions! 😉
The team was very professional, very polite, and they answered all of our questions. Once we settled on Africa Hunt Lodge as our outfitter, we had to make arrangements for travel and hunting. We singed up for a 7 day hunt (with 2 extra days) and a total of six animals each. We made our flight arrangements about 9 months in advance and were ready for south Africa!. One thing I want to remind everyone is that you are spending a lot of money hunting…get flights early and PRACTICE at the range…on sticks!…you don’t want to miss!
Landing in O.R. Tambo International Airport, we made our way to the Police Station in the Airport to retrieve our Rifles. You are allowed to bring 2 rifles into South Africa although many people simply rent the rifles at the lodge. It took about 1 full hour to get our rifles through customs and we were met by our PH, Wikus. We packed up and drove for 3-4 hours to the Limpopo district of South Africa. We finally arrived at the Africa Hunt Lodge at 11pm or so after a 30 hour trip to South Africa…This is the real Bushveld! It is thick bush with thorns on every tree, bush, plant, flower (joke) etc. The tree I learned to watch out for is the Black Thorn Tree. Yeah, you learn quick why it is named the Black Thorn Tree! After arriving Wikus was accommodating and said we could ‘sleep in’ until 7am 😉 We loved it! This is how hunting should be! By 9am the next morning we were looking for game!
The next morning we met in the lodge to eat a great breakfast of eggs, sausage, toast, orange juice and grits. Then we packed up lunches and met our tracker “Joe”, jumped into the back of the Toyota Hilux (if you have ever been in the Middle East, Africa, or Europe you have seen a Hilux)…and off we went to our first ‘concession’. In South Africa, all hunting takes place on hunting “Concessions”. These are basically very, VERY large game farms. These can range from 2,000 to over 25,000 Acres (from approximately 2 square miles to approximately 40 square miles). We typically hunted from 4000 – 7000 concessions (6.25 – 11 sqm).
The type of hunting is typically “Spot and Stalk”. In short, you drive in the back of a truck trying to find an animal or heard and, if lucky, you can then jump down and ‘stalk’ the animal and, hopefully, get a shot at the animal. For those who think this is ‘canned hunting’. Let me assuage your concerns. On our first day, we saw some animals but had no opportunity to shoot. No big deal…This is why it is called “hunting” and not “shooting”. Sometimes you are the bug…sometimes you are the windshield.
We tracked Zebra for 10 hours one day alone trying to find an opportunity to actually take a shot. African plains game are very skittish as they are used to running from things like lions, hyena, leopard etc. They see you?..BOOM! They are gone…running full speed! I learned quickly that you have approximately 3 seconds to set and get a shot off or the animals are gone! This is not hunting Whitetail deer from a blind!
Another thing I learned quickly about African plains animals is that they are TOUGH! If you take a bad shot, you are tracking that animal for hours until you find him! This is the role of the tracker and PH. Finding that single little drop of blood on a blade of grass so you can ensure the animal does not suffer is a role of the PH and tracker. I still have no idea how they can track like that! I am a former Marine Sniper and have spent some time in the weeds…these guys are amazing at tracking! I was humbled by their skills in the bush.
My friend and I had some good success. We also found ourselves tracking for many hours after we both wounded animals and had to ensure we did the ethical and compassionate thing to do. A decent shot on a Blesbok ended up with a four hour tracking exercise with my friend finally taking the last shot from shooting sticks at nearly 200 yards. For me, a very large, very tough old Gemsbok Cow took 4 hours of tracking through the bush and thorns before she was finally taken. This is real hunting! Joe the tracker was yelling at me: “Chris! You must run faster! We must keep up with her!”…my next trip…I am going to work out more! 😉
Hunting at a hunting lodge typically consists of getting up early (5:30-6 am). You then meet in the lodge to eat a hearty breakfast. You grab a prepacked lunch that is filled with sandwiches, drinks, snacks etc..plenty of food then you head out in the truck. You find the concession on which you are hunting that day and you start “spot and stalk” hunting. You normally (unless you are tracking or stalking an animal) stop for a bit to each lunch about noon-is then are hunting again until dark. Once it is dark, you drive back to the lodge and sit around the fire talking about the day. Dinner is served (Kudu steak, Springbok chops are not uncommon!) and then back before the fire until you are ready to collapse in bed! This is not a ‘photo safari’ experience. It is a true hunting lodge. No TVs in the room, no swimming pool. You are there to hunt.
Hunting with a real PH is an amazing experience. As a former Marine Sniper I consider myself a decent shot and OK in the bush compared to most. Compared to an experienced PH in South Africa? Yeah…I had nothing on Wikus’ skills! That guy knew every tree, bush, animal, fish, bug, snake, etc. He knew their movements and their behavior. I peppered him with questions and he knew it all. Stalking animals? Unbelievable how he moved in the bush. He could spot a single horn in the bush from 100 yards because of the ‘shine’ on the horn. He wore shorts every day and came out of the bush bleeding every day due to the thorns. My hunting buddy tried shorts one day…ONE DAY 😉 I was truly humbled by Wikus’ expertise and field craft. These guys know their business. Military experience counts for little in that world. These guys are real pros….
As far as rifles, I brought a Tikka T3x in .30 – 06 and a Mossberg Patriot in .375 Ruger (which broke so was not used). My friend brought a Sako in .270 Winchester and a Ruger M77 in .416 Ruger. The .30 – 06 and .270 was perfect for almost all of the animals. The only animal that we really needed the .416 was the Blue Wildebeest as those guys are very tough! My friend also used the .416 on a Warthog but the .270 would have been fine. A good .30 or .338 is probably good for most plains games. I would recommend a 2 x 10 scope although in the Bushveld many seem to use too much magnification and it creates challenges finding the game quickly. Remember…3 seconds and they are GONE!
Many believe that hunting in South Africa is cost prohibitive. While it is not inexpensive, it is not prohibitively so. It about the same price to fly to South Africa and hunt for 7 days and take 4 animals (including Kudu) as it is to head to Texas and shoot a single Gemsbok. All in a hunter can get a 7 day hunt which includes 4 animals (Kudu, Impala, Warthog, and Zebra) and a flight for approximately $6,500. While this does not include gratuities and shipping/mounting of trophies it does include all lodging and three great meals a day and all your drinks. For a lifetime experience or bucket list it is not prohibitively expensive.
My review? If you are looking for a hunting outfitter in South Africa I cannot recommend Africa Hunt Lodge highly enough. Ewald Ras(the owner) and Wikus (the PH) are true pros. Ewald is a gracious host and manages a great camp. I personally like tough people, and I like tough countries..this picture exemplifies my own experience hunting in South Africa!..great, tough people! (for all the ladies looking at this pic…this is Wors Rall and not me ;))
If you are going are going to spend your money hunting, you want to ensure you get a great experience and great value. I cannot speak to other outfitters but I can speak to Africa Hunt Lodge. My own experience was top shelf! When hunting you want to be put on the game!…Wikus was incredible! He was super competitive and while he was not the hunter actually shooting…he was focused and got frustrated when he could not get us on game when he wanted….that is the type of PH you want! You want someone who loves the game of hunting (hunting is finding, tracking and getting ready for the shot…not actually shooting)…He loves the hunt!. Ewald and his team were awesome. Great food every night and great company. If you want to hunt “easy” they are OK with that…you want to really “HUNT”? they love that!…either way…they were great hosts and it was a bucket list experience. I give Africa Hunt Lodge 5+ stars for their service and their program!!!
Global Security, Privacy, & Risk Management 