“The Rise of Cyber Espionage” – The Counter Terrorist Magazine August 5, 2012
Posted by Chris Mark in cyberespionage, cybersecurity, terrorism.Tags: chinese hackers, Chris Mark, Counter Terrorist Magazine; RSA, cyberespionage, data security, deterrence theory, Homeland1, InfoSec, IP Theft, Rise of CyberEspionage, risk management, SSI, terrorism
2 comments
UPDATE: I want to thank The Counter Terrorist magazine staff for including attribution to the article. They quickly corrected a mistake and the inaccuracy. Kudos!
Chris Mark (that is me;) has an article in the June/July 2012 issue of The Counter Terrorist Magazine. The article is titled: “The Rise of Cyber Espionage” and provides an overview of the current cyber espionage issues being faced by US businesses today. The article covers the breach at RSA to the subsequent attacks at Lockheed Martin, General Dynamics and others as examples of the types of attacks being faced by state sponsored cyber espionage groups. While this magazine may be new for some readers of this particular blog, it in its 4th year and is filled with great information for military, law enforcement, first responders, and even businesses. This particular issue is 76 pages of information covering Iran’s Nuclear Objectives, Cyber Espionage, First Responder Intelligence, Intelligence for Terror, and a number of great product reviews and other information. The magazine is subscription based but if you are interested in a copy of this particular issue, leave a comment with your email and other contact information and I can forward a free ezine.
“NSA Says – Largest Transfer of Wealth…EVER”; CyberAttacks rose 44% in 2011 July 10, 2012
Posted by Chris Mark in cybersecurity, Industry News.Tags: cybersecurity, data breach, data security, deterrence theory, Keith Alexander, mark consulting group, NSA, PCI DSS, risk, security
add a comment
Parroting what many in the payments industry have known for years, the NSA released a statement about the dire state of cybersecurity. According to the head of the National Security Agency cyberattacks increased 44% in 2011 and now account for the largest “transfer of wealth in history”. According to FoxNews:
“NSA chief Keith Alexander was speaking Monday at an American Enterprise Institute event in Washington, D.C. He said that for every company that knows it has been hacked, another 100 do not know their systems have been breached. (emphasis added) The warning came on the same day that thousands of computer users were at risk of losing Internet access, due to malware that spread more than a year ago. Citing public and unclassified statistics, Alexander said Monday there are now 75 million unique pieces of malware on the loose.”
Those of use who have been in the industry for years have said that we are ‘losing the war’. I have personally been chastised for making such doom and gloom statements. The facts are the facts however. Hiding our head in the sand will not change the fact that “The criminals are absolutely ripping us to shreds,” and that “We’re losing the battle…That’s the reality of it.” (Chris Mark quoted in Salt Lake Tribune...pic at top). In yet another push at self promotion..you can read one reason we are losing the battle in the IDGA research brief: “A Failed State of Security”.
“One Adam Twelve, One Adam Twelve…”: Security Theater & Doggies Doo June 11, 2012
Posted by Chris Mark in security theater.Tags: cybercrime, deterrence theory, jerusalem, mark consulting group, security, security theater
add a comment
Chris’ Dog BO
Today on Yahoo News Canada is a story in which it is claimed that Jerusalem such a problem with dog poop that they are enacting a program in which they will match offending doggy doo against a master DNA database. According to a statement from the Jerusalem municipality: “The municipality pilot project calls for establishment of a database of dog DNA to allow us to reduce the soiling of pavements, parks and public spaces,” In short, the city plans on DNA profiling 70-80% of the 11,000 dogs that live in Jerusalem and then, if there is a “pile” of DNA on the sidewalk, someone will pick it up, send to a lab, test it, and then the owner of the offending pooch will be fined $193. This plan is so ridiculous that it does not merit much discussion but…for the sake of this blog let me use an example from a previous post. (more…)
“We Can’t Live in Castles” – FBI Official Concedes; CyberSecurity Policy is a Failure March 28, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, cybersecurity, deterrence theory, fbi, InfoSec, risk management, US CyberSecurity Policy
add a comment
In my Google alerts today was an article from Foxnews titled: “Retiring FBI Official Says Current US CyberSecurity Strategy ‘Unsustainable'” Shawn Henry, the FBI’s Assistant Director for CyberSecurity refers to the increasing cyber attacks on government and corporate targets and says: “We are not winning”. All I can say at this point is…WOW..again we are beating a dead horse! In 2010, I said the same thing at an InfraGard event in Salt Lake City, and RSA has said the same thing. We sound like broken records at this point. This post will likely be a bit more pointed and blunt than most but my frustration is mounting on the subject. For a shameless plug on my own research brief, please read: “A Failed State of Security” now published by IDGA.
CyberAttacks against corporates, committed by individuals are crimes. Crimes are human acts undertaking by living, breathing, thinking human beings. CyberSecurity, at its core, is about more than building castles to keep the princess protected. It is also about changing human behavior to deter the criminal behavior.
“deterrence is ultimately about decisively influencing decision making. Achieving such decisive influence requires altering or reinforcing decision makers’ perceptions of key factors they must weigh in deciding whether to act counter to (our interests) or to exercise restraint.”[1] (more…)
“Failed State of Security”- Published by IDGA March 21, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.Tags: Chris Mark, cybersecurity, deterrence theory, IDGA, InfoSec, mark consulting group, research brief, whitepaper
add a comment
The Institute for Defense and Government Advancement (IDGA) has published the whitepaper “Failed State of Security”; A Rational Analysis of Deterrence Theory & Its Effect on Cybercrime. Check it out!
Abstract “In reviewing the literature on criminology and information security it appears that, while they share many common themes, there is a disconnect between the criminological theory and its application in information security. Information security, as a field, is focused on the protection of information assets. Criminology is focused on the prevention of criminal behavior. As most information security practitioners will likely attest, there is little overlap between the two fields and there has been little research or focus on the use of crime theories on the prevention of cybercrimes. This paper attempts to bridge the gap between the fields and highlight the deficiencies in the current approach of compelling victims to prevent cybercrime as opposed to deterring the criminals from committing cybercrimes.”
Global Security, Privacy, & Risk Management 