Showing posts from October, 2011

MANDIANT Webinar Friday

Join me and Lucas Zaichkowsky on Friday at 2 pm eastern as we talk about what happened at our annual MANDIANT conference, MIRCon! Registration is free and I expect you'll enjoy the discussion! We plan to review what we saw and heard, and how those lessons will help your security program. Tweet

Review of America the Vulnerable Posted

Image just posted my five star review of America the Vulnerable by Joel Brenner. I reproduce the review in its entirety below. I've added bold in some places to emphasize certain areas. America the Vulnerable (ATV) is one of the best "big picture" books I've read in a long while. The author is a former NSA senior counsel and inspector general, and was the National Counterintelligence Executive (NCIX). In these roles he could "watch the fireworks" (not his phrase, but one popular in the intel community) while the nation suffered massive data exfiltration to overseas adversaries. ATV explains the problem in terms suitable for those familiar with security issues and those learning about these challenges. By writing ATV, Joel Brenner accurately and succinctly frames the problems facing the US and the West in cyberspace. In this review I'd like to highlight some of Mr Brenner's insights and commentary. On pp 65-7 he discusses "China's Long

Republican Presidential Candidates on China

(Photo: Business Insider ) This is not a political blog, so I'm not here to endorse candidates. However, I do want to point out another example of high-level policymakers discussing ongoing activities by China against the US and other developed economies. First, the Washington Post published an editorial by Mitt Romney which included the following: China seeks advantage through systematic exploitation of other economies. It misappropriates intellectual property by coercing “technology transfers” as a condition of market access; enables theft of intellectual property, including patents, designs and know-how; hacks into foreign commercial and government computers ... The result is that China sells high-quality products to the United States at low prices. But too often the source of that high quality is American innovations stolen by Chinese companies. I missed this in August, but former ambassador to China Jon Huntsman said the following during a debate: Huntsman Jr. pointed to Ch

Bejtlich in "The expanding cyber industrial complex"

Christopher Booker interviewed me and several other policy-oriented security people for his video Financial Times story The expanding cyber industrial complex . This was a different experience for me for two reasons. First, Christopher conducted the interviews via Skype. Second, you can see what appear to be the home offices of several of the contributors, including me. One technical note on the video: I had some trouble getting it to play. To get it working I selected another video then went back to this one. Thank you again to Christopher Booker for the opportunity to offer my opinions. (Bonus points to anyone who can identify the box on the shelf over my right shoulder, on the lower left side of the photo.) Tweet

Computer Incident Response Team Organizational Survey, 2011

Today at MIRCon I mentioned that one of my colleagues, Jeff Yeutter, had updated the somewhat famous CERT/CC study of CIRT characteristics as part of his degree program. Jeff posted the survey online as Computer Incident Response Team Organizational Survey, 2011 with this description: In 2003, the CERT CSIRT Development Team ( released a study on the state of international computer security incident response teams with the goal of providing "better insight into various CSIRT organizational structures and best practices" for new and existing members of the CSIRT community (Killcrece, Kossakowski, Ruefle, & Zajicek, 2003). The attached survey, a modified form of the original, will be used to update the 2003 study with a greater focus on the methods of organization used by American and international CIRTs, the tools that they employ, and how these vary across organizations of different sizes and industries. This research is being conducted, and is independentl

Interview with One of My Three Wise Men

Tony Sager from the NSA is one of my Three Wise Men. (Dan Geer and Ross Anderson are the other two.) Eric Parizo from interviewed Tony this week and posted the video online. Tony notes that the escalation in threat activity during the last few years is real. He is in a position to know, given he has worked at NSA since the 1970s. Tony says the threat activity is getting people's attention now, especially at more senior levels of the government and industry. Now targeted organizations are thinking beyond the question "does this affect my company" to "does this affect my industry?" Tony explains that a generational effect may account for the change in awareness. More senior leaders grew up with technology, so they know how to think about it. There is also more public reporting on serious security incidents today. My favorite quote was: "If you're not a little concerned, you haven't been paying attention." Since Tony is

Russia v China -- Sound Familiar?

Thanks to a source who wishes to remain anonymous, I read Chinese spy mania sweeps the world , an article not from a Western publication. Rather, it's from Voice of Russia . Does any of this sound familiar? [T]his is the most powerful secret service based on the principle of attracting all ethnic Chinese, wherever they may live. An adherent of the “total espionage” strategy, Beijing even encourages emigration in the hope that its citizens will remain loyal to and useful for their historical homeland after moving to another country... "The history of China’s espionage activities on Russian armaments is not only limited to one precedent or one type of weapons. One of the top Chinese priorities is to produce complete replicas of Russia’s best machines and weapons , from the Sukhoi Su-33 fighter jet to missiles, aircraft carriers and so on. This is a truly purpose-oriented strategy of a large country - snatch anything you can and reproduce it domestically ," ["IT exp

It's All About the Engines

(Photo credit: AINOnline ) I just read Big New Chinese Order for Russian Fighter Engines at China Defense Blog , which quoted AINOnline : China has placed additional orders for Russian AL-31-series fighter engines. State arms trade agency Rosoboronexport clinched two big contracts earlier this year... To serve them, Salut has established partnerships with Limin Corp. and Tyan Li company in Chengdu on deliveries and manufacturing of spare parts for both the AL-31F and the AL-31FN. Russia has also agreed to provide all necessary maintenance and repair documentation to the Chinese partners. To see China treats or will treat Western aircraft and aircraft engine makers, look no further than Russia. The comments in the CDB post pointed me to this engine comparison for the J-20, which I sometimes mention in my classes. Essentially the Chinese appear to be testing two engines on the J-20, because they are not sure if they will use a Russian-made engine (or copy) or an "indigenous" e

House Cybersecurity Task Force Report Released

The House Cybersecurity Task Force released its report (.pdf) today. NextGov offers a good summary in their story House GOP Cyber Task Force Touts Industry Leadership by Jessica Herrera-Flanigan. The report includes the following recommendation: Companies, including Internet Service Providers (ISPs) and security and software vendors, are already conducting active operations to mitigate cybersecurity attacks. However, these are largely done independently according to their individual business interests and priorities. Congress should facilitate an organization outside of government to act as a clearing house of information and intelligence sharing between the government and critical infrastructure to improve security and disseminate real-time information designed to help target and defeat malicious cyber activity. I would like something bolder, like the National Digital Security Board I proposed in 2006. Still, such a "clearing house" could evolve into an organization wit

C-SPAN Posts Video of Tuesday Hearing

You can now access video of Tuesday's House Select Committee on Intelligence Hearing on Cybersecurity at C-SPAN . Some people are already asking "what's new" about this. For me, what's new is that the chairman of the HPSCI is pointing his finger straight at the threat, and letting the world know in an open hearing that the adversary's actions are unacceptable and will not be tolerated. This is exactly the sort of attention and action that the threat deserves and I applaud the Chairman and HPSCI for pursuing this course. Remember that the HPSCI is more likely to hold closed hearings than open hearings due to the nature of its classified intelligence oversight work. By conducting an open hearing, Chairman Rogers wanted to send a clear message to victims, the public, and the adversary. Tweet

Inside a Congressional Hearing on Digital Threats

Today I was fortunate to attend a hearing of the US House Permanent Select Committee on Intelligence (HPSCI). That's me on the far left of the photo, seated behind our MANDIANT CEO Kevin Mandia. I'd like to share a few thoughts on the experience. First, I was impressed by the attitudes of all those involved with HPSCI, from the staffers to the Representatives themselves. They were all courteous and wanted to hear the opinions of Kevin and the other two witnesses (Art Coviello from RSA and Michael Hayden from the Chertoff Group), whether before, during, or after the hearing. Second, I thought Reps Mike Rogers (R-MI, HPSCI Chairman) and C.A. Dutch Ruppersberger (D-MD, HPSCI Ranking Member) offered compelling opening statements. Rep Rogers squarely pointed the finger at our overseas adversaries. As reported by PCWorld in U.S. Lawmakers Point to China as Cause of Cyberattacks , Rep Rogers said: "I don't believe that there is a precedent in history for such a massive