Friday, October 28, 2011

The "Be evil" company says U.S. government requests for data rising

I wonder if Google, the "Be evil" company, sees itself as the defender of our privacy? It's okay if they use the data for any nefarious purpose they want, but no way will they let the government. The irony is killing me.

Monday, October 24, 2011

Google Bashing


LA councilman claims Google 'unable to meet' security needs of city email.


So Google--the Teflon-coated company--takes it on the chin again, not that it really matters. Remember the good old days when Microsoft was public enemy #1. Microsoft now seems absolutely altruistic when compared to Google, the "do everything evil we can get away with, then apologize, dissemble, or blame someone else" company.

Wednesday, October 19, 2011

Can Anonymous cripple critical U.S. infrastructure?

A few weeks ago, Anonymous threatened to take Wall St. offline. Supposedly they, or someone, succeeded for a short time. Now, an article in Informationweek raises the question whether the group can take down critical infrastructure. Whether or not they can create a Stuxnet-like attack, most agree, I think, that critical infrastucture is a relatively easy target for a cyber attack. But I recall a conversation several years ago with a notable hacker who, while acknowledging the possibly of a cyber attack, asked, "Why not just plant a bomb?" Good point, especially for a domestic attacker on a domestic target. As we saw from the Stuxnet attack on Iran, they were able to recover from the system attack. I wonder, though, if recovery would have been so quick from a physical attack.

We just happen to have several books dealing with issues of critical infrastructure protection. They are:

Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS

Critical Infrastructure: Understanding Its Component Parts, Vulnerabilities, Operating Risks, and Interdependencies

Risk Assessment for Water Infrastructure Safety and Security

Critical Infrastructure: Homeland Security and Emergency Preparedness, Second Edition

Friday, October 14, 2011

Microsoft says computer viruses are our fault

As reported by CNN, Microsoft’s Security Intelligence Report found that 45% of computer viruses are caused because of a users’ actions, with phishing being the most common attack.

I can't find fault with this assessment. The question is how to increase user awareness to the point that they don't click on suspicous email, no matter how well disguised. We know a lot of these schemes are very cleverly done. Is it even possible to get most of the people to be aware most of the time?

Thursday, October 13, 2011

GAO: Progress Made and Challenges Remaining in Interagency Sharing of Terrorism-Related Information

The GAO may claim it, but I'm still incredulous. To think that the various DHS agencies willing share everything is a stretch, but that DHS and DOJ share anything defies belief.

Wednesday, October 12, 2011

B.Y.O.T.

B.Y.O.T. No, it's not a typo. It's a trend. It stands for Bring Your Own Technology, or we're going to use what we want, and IT needs to support it.

I wish I was as clever as the headline writers for the NY tabloids. They, like great caricaturists, routinely do a great job of finding the subjects' weak points.

Why do I bring this up? I thought the "B.Y.O.T." headline in a recent CIO magazine article was pretty funny, too. This seems to be getting hotter every day, reminiscent of the early days of PCs and departmental computing. I expect that here, too, the voice of the people will be heard.

Tuesday, October 11, 2011

White House “WikiLeaks Order”

As reported by "Wired," The White House has issued an executive order to improve the security of classified networks to prevent further leaks by insiders. Unfortunately, it also establishes committees to study how.

Monday, October 10, 2011

Computer Virus Hits U.S. Drone Fleet

Here's a good one. It seems these systems at one air base are not connected to the Internet. The suspect virus, which is proving hard to eradicate, was introduced by UBS drive or something similar. Accident? Sloppiness? Cyberwar?

Friday, October 7, 2011

Cloud Security: Closing the Barn Door after the Horses Have Fled

The GAO says that says that the Feds haven’t done enough about a cloud strategy, including security. Isn’t it too late to worry about that? Enterprises, government, and even individuals, driven by cost considerations and dubious cost/benefit analyses, continue to flock to the cloud regardless of security concerns.

After all, if it’s an Internet-facing application, does it really matter whose application it is or where the data resides? Enterprises haven’t done a great job of protecting data when it’s stored in-house. How can the cloud be any worse?

As Jim Tiller pointed out, there’s a change coming in information security, from protect and detect to respond. Protect isn’t working too well, and detect is too slow, especially in the face of APTs. Attacks are increasingly more sophisticated, whether from governments or organized crime, and data increasingly less secure, regardless of where is resides. The days of reactive security are nigh.

Wednesday, October 5, 2011

Tuesday, October 4, 2011

Monday, October 3, 2011

Sad Day

Gene Schultz has passed away. It seems he died Sunday of a head injury he suffered in a fall at the Minneapolis airport last week.