10 Updates
Your Cybersecurity: Don't Count On The Government
Photo Credit: Forbes Business

Your Cybersecurity: Don't Count On The Government

May 12 2014, 11:22am CDT | by

Last week I attended the United States Cybercrime conference  outside of Washington, D.C. For the past eleven of twelve years, the Department of Defense organized this gathering, but this year it...

Filed under: news

 
 
 

10 weeks ago

Your Cybersecurity: Don't Count On The Government

May 12 2014, 11:22am CDT | by

Last week I attended the United States Cybercrime conference  outside of Washington, D.C. For the past eleven of twelve years, the Department of Defense organized this gathering, but this year it was privately funded due to budget constraints. This was a five-day event with six hundred cybersecurity experts, government agents, intelligence officers, and private sector IT professionals. There were more than 170 speakers, sixty exhibitors, and in-depth hands-on training courses in digital forensic investigations, decryption techniques, malware smartphone analysis, and covert exploration of digital services.

I met and interviewed two of the most recognized cybersecurity experts in the world: Jim Christy , the conference organizer and lead sleuth in the famous Cuckoo’s Nest investigation , and Phil Zimmerman, the person that brought us PGP encryption and nearly went to jail for doing so.

Jim Christy’s involvement in the first major hacking case in the U.S. is legend. During his career he was Chief of the Office of Special Investigations (OSI) Computer Crime Unit within the Air Force from 1989 to 1996. He is credited with founding the largest digital forensic computer security unit in the world. In 1986 Christy was the case agent in an international investigation that began in Berkeley, Calif. and had its roots in Hanover, Germany.  The investigation identified Markus Hess , a German citizen who was working for the KGB, as one of the “Hanover hackers” who had accessed a computer at the Lawrence Berkeley Laboratory in California. For those of you who have not read The Cuckoo’s Egg by Clifford Stoll, it is a classic about early investigation techniques and how the case was cracked.

Watch my interview with Christy on the present state of cybersecurity in the United States.

Phil Zimmerman developed Pretty Good Privacy (PGP) in 1991 as a data encryption/decryption and authentication program so that data could be shared between computers on a secure basis and identify the sender. After the worldwide release of PGP, Zimmerman became the target of a federal criminal investigation for violations of export laws. Believe it or not, 40 Bit or larger encryption keys (considered standard-strength crypto back then) were considered a violation of the Arms Export Control Act. PGP used 128 bit encryption. After several years, the investigation was closed and Zimmerman was never prosecuted. 

My interview with Zimmerman goes over how vastly changed security policy and encryption are over the past twenty years. As he notes, critical information must be encrypted in all sectors, or organizations can be held liable for not properly protecting data. We also talked about the need for voice privacy when using cellular networks and his introduction of encryption that everyone can use and how necessary it is, especially in the legal, medical, and financial fields.

Don’t rely on the government to protect you against cyber threats

After listening to and meeting with several of the best “cyber hunters” during the week, I came away with a number of observations of critical issues that corporations, government agencies and consumers should understand and pay attention to. I have summarized the most relevant of these.

  • Cybercrime continues to affect government agencies, private sector, and individuals. It is increasing at a fast rate;
  • Attacks may come from individuals, organized crime, or nation states;
  • Cyber defenders must not only try to prevent compromise, but they must immediately react to an attack, determine the source, nature and scope of the breach;
  • Cyber security requires a proactive approach, not simply defensive. There needs to be gathering and sharing of cyber threat intelligence, use of big data analytics, and operational processes in-place to take action. Entities need to continuously monitor and control access to networks. More agile security and risk management processes are required. Each organization needs to develop people, processes and technology to provide intelligence on threats as well as expertise in network access and how to track, measure, and manage incidents;
  • Network resources must be protected against cyber-attacks by four means: visibility and situational awareness, network access control, continuous monitoring, and automation. There must be CCRI/STIG awareness. These are acronyms for Security Technical Implementation Guides (STIG ), and Command Cyber Readiness Inspection (CCRI).
  • Most organizations do not make the proper investment in protecting their infrastructure until it is too late. The return On Investment to protect critical information and secure presence on the Internet is well worth the cost. Unfortunately, nobody wants to spend any money until there is a breach; then they have an open checkbook. The potential threat to an entity in terms of public relations, reputation, lawsuits, and violation of state and federal privacy laws can be substantial;
  • The government does not have the resources to protect you against hackers and the havoc they can cause. There are far more hackers than government agents and law enforcement experts, so you have to protect yourself;
  • Everything can be attacked, most often successfully. You need to hire the best specialists and then have outside security audits to have a high level of certainty of your vulnerability. During the conference I saw on-line attacks that were quite amazing. One such demonstration showed the vulnerabilities of many libraries throughout the world, including the Library of Congress and medical data bases;
  • Attacks are usually discovered about six months after they have occurred; sometimes longer. By then, extensive damage can occur, subjecting organizations to huge liability;
  • The police and private sector need much closer cooperation and data sharing to combat and survive the cyber-criminal threat;
  • Our country needs to build a cyber-security work force program, beginning with students in high school and college;
  • Insecurity of mobile devices from spyware and malware can affect your networks and infrastructure. There are more and more attacks on smartphones which can compromise data that belongs to your organization and can allow direct access into your network;
  • There are serious emerging threats to cloud-based systems that need to be understood and effectively dealt with;
  • Maintaining security is a never-ending chess match in defending corporations. The tactics of attackers is crossing many sectors, and they are sharing intelligence to focus their attacks. There is an evolution of new adversaries with targeted attacks with advanced technologies that are more sophisticated and difficult to keep pace with. The sophistication of organized crime groups is causing trouble for investigators because they are networking and collaborating with each other. Current technology and practices will not keep criminals out. One expert I met with put it succinctly: “our software designs and user interfaces are still at the level of the Model T.”;
  • IT departments should implement two-man access rules for insider threats. This has been shown to be critical in the aftermath of NSA and Snowden. You should limit the ability of system administrators to gain unfettered access to an entire system. The NSA should be a wake-up call for all entities to examine their policies. Internal attacks can exploit access to credentials, to gain remote access, and to disrupt systems. All organizations need to develop insider-threat digital and forensics and e-discovery tools;

Finally, one expert hacker who works for government and major corporations conducted live demonstrations that showed the vulnerability of different entities. He summed up his view of the status of cybersecurity:

  • While most organizations allege that they are secure, it was demonstrated consistently at the conference that they are most likely not. There were several demonstrations that proved conclusively that security needs to be revisited throughout most enterprises;
  • Emerging technologies represent new potential avenues for criminals to exploit;
  • Security of data is inconsistent across industries. For example, most government or banking industry sites are relatively secure and an attacker will never directly pursue them. The weaknesses occur in service providers to those industries not being held to the same standards that the larger companies are required to maintain which causes an easy entry point;
  • The Infosec community as a whole should revisit how they receive and vet information. Sometimes the best and brightest answers to Information security problems are discounted simply because the person presenting the possible solution is not widely known or does not have a string of certifications behind their name;
  • There needs to be a push to involve the young minds across the United States. The U.S. is steadily declining in its ability to claim dominance in Information Technology, AND technology as a whole. STEM may be a National Priority, but it certainly is not a priority to young people entering the field because there is not any place for them to go.

I spoke with retired Marine Lt. Colonel Jim Emerson of iThreat Cyber Group . They are one of the leading companies that deal with cyber threats for their clients to analyze them and mitigate their effect. He told me that companies most at risk are those seen as symbols of American global presence. If they are, then they should increase their cyber security. Companies should be asking, “Am I someone who just might end up in the wrong place at the wrong time on the web? And is the risk I was willing to accept this morning the same risk I’m willing to accept at the start of hostilities.”

Protecting yourself and your organization against ever-increasing and sophisticated cyber-criminals is everyone’s responsibility. We live in a connected world where everyone is vulnerable. It was clear from the Conference that the government is incapable of providing such security.

 
Update
10

6 weeks ago

RM47mil KWSG contributions still unclaimed

Jun 9 2014 7:54am CDT | Source: Business Times Malaysia

Cambodia's Famous Battambang Circus
KUALA LUMPUR: About RM47 million of contributions in the Teachers Provident Fund (KWSG) still remain unclaimed, the ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
9

6 weeks ago

Gold shop lost almost RM1mil

Jun 9 2014 3:50am CDT | Source: Business Times Malaysia

Newcastle United Training Session
KANGAR: A gold shop owner lost almost RM1 million after after the safe on in his shop was b ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
8

6 weeks ago

Motion to debate MAS losses in Dewan Rakyat rejected

Jun 9 2014 3:39am CDT | Source: Business Times Malaysia

Federal Aviation Administration Bans All US Flights To Israel
KUALA LUMPUR: AN emergency motion to debate the losses incurred by Malaysia Airlines last year, amounting to RM1.2 billion was rej ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
7

6 weeks ago

MH370 Tragedy: Hisham: RM27.6 mil spent on 1st phase of SAR

Jun 9 2014 2:11am CDT | Source: Business Times Malaysia

KUALA LUMPUR: Malaysia spent some RM27.6 million in its first phase of the search operations for missing Malaysia Airline flight MH370, said Acting Transport Minister, Datuk Seri Hishammuddin H ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
6

6 weeks ago

9.1m litres of diesel seized in a month

Jun 8 2014 1:11am CDT | Source: Business Times Malaysia

INDIA-CHINA-DIPLOMACY-TRADE
PUTRAJAYA: The Domestic Trade, Cooperatives, and Consumerism ministry has seized some 9.1 million litres of diesel and property worth RM58 million since mounting ‘Operasi Diesel Selatan’ in the sout ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
5

6 weeks ago

Girl, 9, awarded RM2.78m compensation for medical negligence

Jun 6 2014 4:56am CDT | Source: Business Times Malaysia

Government Weekly Cabinet Meeting
KUALA LUMPUR: A nine-year-old girl who suffered brain damage during her birth at a government hospital was awarded over RM2.78 million in compensati ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
4

6 weeks ago

Malaysia's total trade in April up 12pc

Jun 5 2014 11:52pm CDT | Source: Business Times Malaysia

KUALA LUMPUR: Malaysia's total trade in April 2014 rose by 12 per cent from a year ago to RM123.86 billion due to growing trading activities, International Trade and Industry Minister Datuk Seri Mustapa Mohamed s ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
3

7 weeks ago

Works Ministry to spend RM20m for upgrading works at 50 accident black spots

Jun 4 2014 11:35pm CDT | Source: Business Times Malaysia

Iskandar Johor Open - Previews
JOHOR BARU: The Works Ministry will implement upgrading works at 50 accident prone locations in the country that have been identified this year involving an allocation of ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
2

7 weeks ago

Najib launches loan scheme for Ramadan traders

Jun 4 2014 10:24pm CDT | Source: Business Times Malaysia

EurAsia Cup presented by DRB-HICOM - Day One
PUTRAJAYA: Prime Minister Datuk Seri Najib Razak today launches RM45 million Ramadan Bazaar Scheme 201 ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
1

7 weeks ago

Residents bring up objection against Kidex to Suhakam

Jun 4 2014 4:49am CDT | Source: Business Times Malaysia

PETALING JAYA: A group of 20 Petaling Jaya residents held a meeting with the Human Rights Commission of Malaysia (Suhakam) over their objection against the proposed RM2.2 billion Kinrara Damansa ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 

Don't miss ...

 

<a href="/latest_stories/all/all/30" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

blog comments powered by Disqus

Latest stories

Pakistan denies breaching Kashmir truce
Islamabad, July 24 (IANS) Pakistan Thursday denied New Delhi's allegations that its military was violating the ceasefire in Jammu and Kashmir in a bid to push militants into the Indian state.
 
 
Husband makes wife's 'sexual rejection' list
London, July 24 (IANS) Next time when you refuse sex to your husband, hide all papers first. A man has prepared a 'sexual rejection' spreadsheet - in three columns - jotting down excuses his wife made over a course of six weeks.
 
 
Algerian plane with 119 on board missing
Algiers, July 24 (IANS) An aircraft belonging to Algeria's national airline, Air Algerie, with 119 people on board, disappeared early Thursday, 50 minutes after takeoff from Ouagadougou Airport in Burkina Faso, media reported.
 
 
Key to healthy ageing hidden in balanced diet
Washington, July 24 (IANS) As scientists across the world are searching for some clues on how to achieve healthy ageing, a trio of ageing experts has called for moving forward with strategies that have been shown to delay ageing in animals.
 
 
 

Latest from the Network

Apple’s iWallet might finally launch with the iPhone 6
Apple’s conversations with payment companies have “heated up in recent months,” The Information has learned from people briefed on the matter, with the company interested in launching a mobile wallet solution of its...
Read more on Apple Balla
 
Eight killed in Afghanistan market blast
Kabul, July 24 (IANS/EFE) At least eight civilians died and 28 were injured Thursday when a bomb planted on a motorcycle exploded in a market in northern Afghanistan, an official said. The bomb, activated by remote...
Read more on Politics Balla
 
4 awesome paid iPhone apps you can now download for free
Is your iPhone or iPad looking a bit barren these days? Do you need some cool apps to help breathe new life into your iOS device? Don’t despair, friends, because we have just what the doctor ordered. Paid iPhone and...
Read more on Apple Balla
 
Kelsey Grammer is a dad again
Kelsey Grammer has become a father again. The 'Frasier' actor's wife Kayte gave birth to their second child, a son, on Tuesday (22.07.14) and the little boy will be known as Gabriel, though it seems that is actually his...
Read more on Celebrity Balla
 
Arizona Execution: Botched, or Predictable?
My Facebook stream was alight last evening in the wake of Arizona’s two-hour execution of Joseph Rudolph Wood at the Arizona Prison Complex in Florence. Wood was sentenced to execution by lethal injection in 1991 for...
Read more on Auto Balla
 
GM Profit Plunges On Recall Costs; $400 Million Set Aside For Victims
General Motors'  net profit in the second quarter was all but wiped out by the cost of recall-related repairs as the automaker sought to put the financial impact of a devastating safety issue behind it. GM earned $200...
Read more on Auto Balla
 
'Angry Birds Transformers' Trailer Shows Toys In Action
Having had information about the toy robots and cars for Angry Birds Transformers I have been looking forward to seeing what the game looks like in practice. Today we got a step closer as Rovio released a game-play...
Read more on Auto Balla
 
Myanmar house to discuss proportional representation system
Yangon, July 24 (IANS) Myanmar's House of Representatives or lower house of parliament has decided to discuss application of proportional representation (PR) system to elect parliament representatives in the next...
Read more on Politics Balla
 
Apple's Q3: iPhone Does Well Across Price Points; Mac Defies Shrinking PC Market
Apple announced its fiscal Q3 2014 results on July 22, reporting a reasonably strong set of numbers that beat market expectation on earnings, although revenues were slightly lower than anticipated. The results were...
Read more on Apple Balla
 
Haqqani Network being targeted in operation: Pakistan
Islamabad, July 24 (IANS) Pakistan Thursday said the country's security forces are targeting all armed groups including the Haqqani Network in the ongoing major offensive in North Waziristan tribal region. The...
Read more on Politics Balla