jump to navigation

“New cybersecurity reality: Attackers are winning” – You don’t say? February 29, 2012

Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.
Tags: , , , , , ,
add a comment

The title of this blog was taken from a CNN article published today which quotes RSA chief executive Arthur Coviello.  The article, and Mr. Coviello, finally concede that the bad guys (cyberthieves, hackers, hactivists) are “winning”.  Forgive my cynicism but this has been well known for some time and loudly proclaimed by numerous people.  “In the area of cybercrime, it’s the criminals who are winning.”; “The criminals are absolutely ripping us to shreds, We’re not even slowing them down.” ;“We’re losing the battle, That’s the reality of it.” This was not a comment by RSA from 2012 rather a comment by me (Chris Mark) in October 2010 at an InfraGard meeting at which I was speaking.  You can read the Salt Lake Tribune Article here.

The point is not for me to attempt to say “I told you so” rather to point out that what RSA is, in 2012,  finally conceding has been well known, and acknowledged for some time by numerous others within the area of cybersecurity.  It is not until RSA experienced their own breach of their vaunted SecureID system that they recognize that they are as fallible as the rest.  As stated by Mr. Coviello: “Our networks will be penetrated. We should no longer be surprised by this.”   RSA further states: “The reality today is that we are in a race with our adversaries, and right now, more often than not, they are winning.”

The issue at hand is one that is familiar to those who have worked in the payment card or other industries for any amount of time.  It is a sense of arrogance and infallibility until it is your own network that is penetrated.  At that point we often see companies conceding what it appears RSA is conceding here.  (not their quote) “If we can be breached then there is no hope for anyone.”  The point is security should not be reactive.  Companies need to recognize the threat before it hits their own networks and should take steps to address the vulnerabilities and mitigate the risk.  I am personally a fan of SecureID and two-factor authentication and have recommended RSA more times than I can count.  That being said, there appears to have been a degree of complacency on their part and now their mea culpa is to concede that “we are losing the battle”.

“Caveat Emptor”- Facebook reading private text messages?! February 27, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , , ,
add a comment

UPDATE: According to Facebook, this story was incorrect.  To ensure the accuracy of my own reporting, here is their statement taken from MSNBC: “The Sunday Times has done some creative conspiracy theorizing but the suggestion that we’re secretly reading people’s texts is ridiculous. Instead, the permission is clearly disclosed on the app page in the Android marketplace and is in anticipation of new features that enable users to integrate Facebook features with their texts. However, other than some very limited testing, we haven’t launched anything so we’re not using the permission. If we do, it will be obvious to users what’s happening. We’ll keep you posted on our progress.” (more…)

Traveling Naked (digitally) to avoid Cyberespionage February 25, 2012

Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.
Tags: , , , , , ,
1 comment so far

There is a very good article written by Nichole Perlroth of the New York Times that discusses the dangers of cyberespionage.  I have written this subject in this blog, as well.  It is always interesting when you talk with people about cyberespionage and get the “brush off” or some comment about “james bond” and fantasy.  Unfortunately, cyberespionage is very real, and very dangerous for companies.  Intellectual property and trade secrets are in high demand for certain governments and competitors.  As stated by top counterintelligence official, Joel F. Brenner: “If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,(more…)

London Conference on Somalia – “Talk, Talk, Talk” February 24, 2012

Posted by Chris Mark in Industry News, Uncategorized.
Tags: , , , ,
add a comment

On February 23, 2012 the London Conference on Somalia was held.  The conference brought together representatives from 40 different nations including US Secretary of State Hilary Clinton.  The impetus for the conference was not solely piracy rather the idea that Somalia, as a failed state, may become the Worlds’ largest safe haven for Islamic extremists. As stated: “For two decades politicians in the West have too often dismissed the problems in Somalia as simply too difficult and too remote to deal with,” British Prime Minister David Cameron told the summit. “Engagement has been sporadic and half-hearted. That fatalism has failed Somalia. And it has failed the international community too.”  While the nations came together to talk about the future of Somalia, it seemed to have a familiar ring harkening back to 1991-1994.  “In many ways, I think I was more confident before the summit,” said researcher, and Somali specialist Anyimadu at Chatham House. “All this emphasis on security and talk of airstrikes — there’s a real risk we will simply repeat the mistakes of the past.”

Published Articles: – “Geopolitical Context of Piracy” February 24, 2012

Posted by Chris Mark in Industry News, Piracy & Maritime Security, Uncategorized.
Tags: , , , , , ,
1 comment so far

UPDATE:  The company that published the articles contacted Heather and has agreed to pull the articles off their website.  This is good news and shows that the copany is interested in ensuring their readers get original work from the original author.   In an interesting twist, the company representative stated that, when asked, the party who submitted the articles stated “unequivocally” that it was their work.  Considering that the company pulled the articles, Heather has a PhD and background in defense, and political economy, and has published over 100 articles, scores of whitepapers, research briefs and other material as well as possessing the original whitepaper from which it was taken, I think the readers are savvy enough to know the actual author of the work.  It certainly seems unlikely that a person who has never published a single article or other document would embark on something as complex as: “the Geopolitical Context of Piracy” for their first foray into writing.

Two years ago my wife, Dr. Heather Mark wrote a whitepaper on the Geopolitical Context of Piracy that has since been broken into its component sections and published verbatim as 4 different articles without any form of attribution to her.  She was contacted by the organization that published the articles today to ask about her work and attribution.  To assuage any concerns that it is indeed her sole work and not anybody else’s work here is a copy of the whitepaper. “Understanding Modern Piracy; Geopolitical and Regulatory Considerations”….the first section is titled: “Geopolitical Considerations”, the next section is titled: “Current Anti-Piracy Efforts”.  Heather is a brilliant person and a tremendous righter writer (thanks to Heather’ brother Bill for pointing this out;).  There are times that I certainly would like to “borrow” her work and claim it as my own.  I would certainly appear smarter and more informed than I actually am.  As professional writers (yup, we actually get paid to write;) it is disturbing when someone uses your work without attribution.

Kudos to the company for maintaining the integrity of its service and evaluating the content and writers.