“New cybersecurity reality: Attackers are winning” – You don’t say? February 29, 2012
Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.Tags: arthur coviello, Chris Mark, cybersecurity, mark consulting group, RSA, SecureID, security
add a comment
The title of this blog was taken from a CNN article published today which quotes RSA chief executive Arthur Coviello. The article, and Mr. Coviello, finally concede that the bad guys (cyberthieves, hackers, hactivists) are “winning”. Forgive my cynicism but this has been well known for some time and loudly proclaimed by numerous people. “In the area of cybercrime, it’s the criminals who are winning.”; “The criminals are absolutely ripping us to shreds, We’re not even slowing them down.” ;“We’re losing the battle, That’s the reality of it.” This was not a comment by RSA from 2012 rather a comment by me (Chris Mark) in October 2010 at an InfraGard meeting at which I was speaking. You can read the Salt Lake Tribune Article here.
The point is not for me to attempt to say “I told you so” rather to point out that what RSA is, in 2012, finally conceding has been well known, and acknowledged for some time by numerous others within the area of cybersecurity. It is not until RSA experienced their own breach of their vaunted SecureID system that they recognize that they are as fallible as the rest. As stated by Mr. Coviello: “Our networks will be penetrated. We should no longer be surprised by this.” RSA further states: “The reality today is that we are in a race with our adversaries, and right now, more often than not, they are winning.”
The issue at hand is one that is familiar to those who have worked in the payment card or other industries for any amount of time. It is a sense of arrogance and infallibility until it is your own network that is penetrated. At that point we often see companies conceding what it appears RSA is conceding here. (not their quote) “If we can be breached then there is no hope for anyone.” The point is security should not be reactive. Companies need to recognize the threat before it hits their own networks and should take steps to address the vulnerabilities and mitigate the risk. I am personally a fan of SecureID and two-factor authentication and have recommended RSA more times than I can count. That being said, there appears to have been a degree of complacency on their part and now their mea culpa is to concede that “we are losing the battle”.
“Another BRIC in the Wall”; 2012- The Year of Internet Regulation? February 27, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, cybersecurity, International Telecommunications Union, Internet Regulation, mark consulting group, privacy
add a comment
The Internet started life in the 1960s as a project funded by DARPA known as ARPANET. ARPANET was decommissioned in 1990 and in 1995 NSFNET was decommissioned opening the network for commercial use. The Internet was officially born. The impact of the Internet on science, culture, and politics cannot be overstated. The Internet is a wordwide network of interconnected computers. It operates without a centralized governing body although ICANN and the DNS root changes are primarily governed by the US. The fact that the Internet allows for the free flow of information and that it is not ‘regulated’ in a conventional sense is what makes the Internet such powerful tool for science, revolution, politics, medicine, education and about every other aspect you can image, as well as such a threat to some.
On December 8th, 2011 FCC Commissioner Robert McDowell stated: The communications public policy effort that may affect all of us the most in 2012, however, will take place far from our shores. As we sit here today, scores of countries, including China, Russia and India (*the RIC in BRIC), are pushing hard for international regulation of Internet governance. While we have been focused on other important matters here in the U.S., the effort to radically reverse the long-standing international consensus to keep governments from regulating core functions of the Internet’s ecosystem has been gaining momentum. The reach, scope and seriousness of this effort are nothing short of massive. But don’t take my word for it. As Russian Prime Minister Vladimir Putin said last June, “the goal of this effort is to establish “international control over the Internet using the monitoring and supervisory capabilities of the International Telecommunications Union.” (more…)
“Caveat Emptor”- Facebook reading private text messages?! February 27, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: android, Chris Mark, cybersecurity, facebook, mark consulting group, markconsultinggroup.com, privacy, security
add a comment
UPDATE: According to Facebook, this story was incorrect. To ensure the accuracy of my own reporting, here is their statement taken from MSNBC: “The Sunday Times has done some creative conspiracy theorizing but the suggestion that we’re secretly reading people’s texts is ridiculous. Instead, the permission is clearly disclosed on the app page in the Android marketplace and is in anticipation of new features that enable users to integrate Facebook features with their texts. However, other than some very limited testing, we haven’t launched anything so we’re not using the permission. If we do, it will be obvious to users what’s happening. We’ll keep you posted on our progress.” (more…)
Traveling Naked (digitally) to avoid Cyberespionage February 25, 2012
Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.Tags: Chris Mark, cyberespionage, cybersecurity, data security, mark consulting group, new york times, security
1 comment so far
There is a very good article written by Nichole Perlroth of the New York Times that discusses the dangers of cyberespionage. I have written this subject in this blog, as well. It is always interesting when you talk with people about cyberespionage and get the “brush off” or some comment about “james bond” and fantasy. Unfortunately, cyberespionage is very real, and very dangerous for companies. Intellectual property and trade secrets are in high demand for certain governments and competitors. As stated by top counterintelligence official, Joel F. Brenner: “If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,” (more…)
London Conference on Somalia – “Talk, Talk, Talk” February 24, 2012
Posted by Chris Mark in Industry News, Uncategorized.Tags: Chris Mark, London Conference on Somalia, mark consulting group, Piracy & Maritime Security, security
add a comment
On February 23, 2012 the London Conference on Somalia was held. The conference brought together representatives from 40 different nations including US Secretary of State Hilary Clinton. The impetus for the conference was not solely piracy rather the idea that Somalia, as a failed state, may become the Worlds’ largest safe haven for Islamic extremists. As stated: “For two decades politicians in the West have too often dismissed the problems in Somalia as simply too difficult and too remote to deal with,” British Prime Minister David Cameron told the summit. “Engagement has been sporadic and half-hearted. That fatalism has failed Somalia. And it has failed the international community too.” While the nations came together to talk about the future of Somalia, it seemed to have a familiar ring harkening back to 1991-1994. “In many ways, I think I was more confident before the summit,” said researcher, and Somali specialist Anyimadu at Chatham House. “All this emphasis on security and talk of airstrikes — there’s a real risk we will simply repeat the mistakes of the past.”
Global Security, Privacy, & Risk Management 