jump to navigation

Understanding Deterrence & Crime Prevention June 25, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , ,
3 comments

punishmentThis following an excerpt from the 2012 research brief titled “Failed State of Security; A Rational Analysis of Deterrence Theory and Cybercrime.”  I was recently provided a blog post by an ‘expert’ in which the author was again blaming the victim of a data breach while chiding companies for believing that they should not expect law enforcement to be there when you need them.  The author misses a major purpose of the criminal justice system; Deterrence of criminal behavior.  I late 2013 a US Senator stood in front of a Target store and blamed Target for their data breach.  Interestingly, this senator did not state that the US should redouble efforts to deter cybercrime through more effective laws or more aggressive law enforcement actions.   Until the laws and criminal justice system can begin to deter such behavior, cybercrime will continue to plague data industries.  So what is deterrence?

An Overview of Deterrence Theory

Deterrence theory has applications in a variety of fields including military, and maritime security settings, foreign affairs, and in criminology, to name a few. While seemingly unrelated, when looked at closely, the similarities are apparent.  Each these fields involve human decisions and humans that have the ability to behave and act in a manner contrary to the wishes of the other party. It is the ‘human element’ that is being modified by deterrent strategies.

History of Deterrence Theory

The concept of deterrence is relatively easy to understand and likely extends to the earliest human activities in which one early human dissuaded another from stealing food by employing the threat of violence against the interloper.  Written examples of deterrence can be attributed as far back as the Peloponnesian War, when Thucydides wrote that there were many conflicts in which one army maneuvered in a manner that convinced the opponent that beginning or escalating a war would not be worth the risk.[1]  In the 4th Century BC, Sun Tzu wrote: “When opponents are unwilling to fight with you, it is because they think it is contrary to their interests, or because you have misled them in to thinking so.”[2]  While most people seem to instinctively understand the concept at the individual level, contemporary deterrence theory was brought to the forefront of political and military affairs during the Second World War with the deployment of nuclear weapons against Nagasaki and Hiroshima.[3]   (more…)

New Security Reference Blog…The Security HOG June 13, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

PiratePicGRISecurity HOG  is a complement to the GlobalRiskInfo site but is solely focused upon providing insight and education on the concepts of security, risk and compliance.  Having worked in numerous security domains for over 20 years has provided me with valuable insight into the concepts and underpinnings of the science and art of security.   Whether we are talking about physical security, operational security, information security or cybersecurity, the basic concepts remain the same.  This blog will focus on the more esoteric, yet important, concepts of proximate reality, deterrence & compellence, parallax and convergence, threats & vulnerabilities, risk, and more.

Some might wonder what, if any significance, HOG has to the discussion of security? Within the USMC a person who is not a Scout/Sniper is known as a Professionally Instructed Gunman or PIG while a trained Scout/Sniper is known as a Hunter of Gunman or HOG.  As a former Marine Corps Sniper I am a HOG and this is the reason the site is called Security HOG. Not too creative, I am afraid but it seemed to have a ring to it…

Snipers, Gun Control and Causality…oh my! June 11, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , , ,
4 comments

causeWith yet another shooting in the news, the debate is again raging about gun control. I personally believe these are healthy debates but I am often frustrated by the seemingly illogical positions taken on both sides of the debate.  Last year I wrote a post titled “A Perspective on Killing from a Marine and His Rifle” in which I provide personal as well as third party information on what is required to create a ‘killer’.   Adding to this I am including information that should help people better understand causality and point to the ‘actual’ cause of an event in which a firearm is used.  This is taken from the research brief titled: “Failed State of Security II; Victim Blaming in CyberCrime

Understanding Causality

The simple term “cause” can be deceptively complex to understand and apply.  The application becomes much more difficult when applied to social issues and events where ambiguity, subjectivity, and moral and ethical aspects must be considered.  While the concept of cause and causality has been studied and debated by philosophers for millennia a commonly accepted definition is still not found.   It was Virgil who, in Georgics 2 in 490 said: “Felix qui potuit rerum cognoscere causas” or “blessed accomplishment theirs, who can track the causes of things”.[i]   The difficulty of defining the concept of “cause” is familiar to those with an interest in philosophy or science.  Without becoming a primer on the intricacies of the debate, suffice it to say that cause, like security, is necessarily contextual in nature.   Within the context of Victimology, it is important to understand the distinction between identifying what a person emotionally or philosophically believes is a ‘cause’ of an event that impacts a victim and the philosophical and legal concepts of ‘cause’ as they applies to a crime.

The Philosophical View of Causality

As discussed in the introduction to this paper, people often ascribe blame based upon their internal logical calculus or emotional belief as to what a ‘cause’ of an event is.  Within the context of firearm violence, this is particularly true.  Firearm control advocates state that “firearms cause” violence etc.  For this reason, it is important to understand the philosophical underpinnings of reasoning and how they apply to determining ‘cause’.  As important is the understanding of errors in logics. Within logic, errors in either reasoning or structure are known as fallacies.  With an understanding of the common fallacies that pertain to identification of cause, it is easier to understand and identify the true, or actual cause of an event. (more…)

”Active Responses” to CyberAttacks are Losing Propositions May 22, 2014

Posted by Chris Mark in cybersecurity, Data Breach.
Tags: , , , , , , , , , , , ,
1 comment so far

“Everyone has a plan until the’ve been hit” – Joe Lewis

PiratePicGRIHaving spent numerous years providing armed and unarmed physical security in combat zones, hospital emergency rooms, psychiatric wards, and anti-piracy operations off the coast of Somalia has given me a deep respect for force continuum and the dangers of unnecessarily provoking an escalation by a volatile and dangerous adversary.

As cyberattacks continue to plague American companies as well as the payment card industry, there is a growing voice within the cybersecurity industry to allow and empower companies to take offensive action against cyber attackers.  This is frequently referred to as ‘hacking back’ or ‘offensive hacking’.  Several prominent security experts as well as some companies who have fallen victim to cyber-attacks have begun advocating that ‘a good offense is the best defense’.   On May 28th, 2013 there was an online discussion in which an author of the upcoming book:  The Active Response Continuum: Ethical and Legal Issues of Aggressive Computer Network Defense[1] posted the following excerpt:

“There are many challenges facing those who are victimized by computer crimes, who are frustrated with what they perceive to be a lack of effective law enforcement action to protect them, and who want to unilaterally take some aggressive action to directly counter the threats to their information and information systems.”[2] (emphasis added) (more…)

“Failed State of Security” Part II; Cybercrime Victim Blaming May 18, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , , , , , ,
add a comment

PartIIfailedStaetI am proud to release another research brief that is Part II of my “Failed State of Security” series in which I discuss and analyze victim blaming in the context of data security.  In 2012 I published a research brief titled “A Failed State of Security: A Rational Analysis of Deterrence Theory and The Effect on CyberCrime.” in which I discussed the failing of law enforcement, and cybersecurity to deter cyber events and discussed the theory of deterrence and the need for deterrence within cybersecurity.  You can download the article on IDGA’s website or on my own website here.  This paper is part II of the “Failed State of Security” series.  Started after the Target data breach, this topic is one that has always been close to me.  In April 2009 I wrote an article titled “Lessons from the Heartland Breach” which was published as the cover story by TransactionWorld magazine.

Victim blaming is common in sexual assault, as well as other types of crimes.  A quick Internet search will demonstrate scores of instances in which the victim of a violent is blamed for being victimized.   When we include a large, corporate entity it becomes easier to point the accusatory finger at the organization.  Whether due to Schadenfreude or some other reason, people want to blame companies that are victimized by hackers.  Did the company “cause” the breach?  Were they somehow complicit in the attack?  What do we mean when we say “cause”?  What is a causal fallacy?  These, and many more topics, are discussed in Part II of the “Failed State of Security” series.  I invite you to download “Failed State of Security Part II”; Victim Blaming in Cybercrime.  As always, I welcome any comments or debate on the topic…