Posts

Showing posts from February, 2015

Boards Not Briefed on Strategy?

Image
I'd like to make a quick note on strategy, after reading  After high-profile hacks, many companies still nonchalant about cybersecurity in the Christian Science Monitor today. The article says: In a survey commissioned by defense contractor Raytheon of 1,006 chief information officers, chief information security officers, and other technology executives, 78 percent said their boards had not been briefed even once on their organization’s cybersecurity strategy over the past 12 months... The findings are similar to those reported by PricewaterhouseCoopers in its Global State of Information Security Survey last year in which fewer that 42 percent of respondents said their board actively participates in overall security strategy . Does this worry you? Do you want to introduce strategic thinking into your board discussion? If the answer is yes, consider these resources. 1. Check out my earlier blog posts on strategy , especially the first two articles. 2. Wa...

Elevating the Discussion on Security Incidents

Image
I am not a fan of the way many media sources cite "statistics" on digital security incidents. I've noted before that any "statistic" using the terms "millions" or "billions" to describe "attacks" is probably worthless. This week, two articles on security incidents caught my attention. First, I'd like to discuss the story at left, published 17 February in The Japan Times, titled  Cyberattacks detected in Japan doubled to 25.7 billion in 2014 . It included the following: The number of computer attacks on government and other organizations detected in Japan doubled in 2014 from the previous year to a record 25.66 billion , a government agency said Tuesday. The National Institute of Information and Communications Technology used around 240,000 sensors to detect cyberattacks... Among countries to which perpetrators’ Internet Protocol addresses were traced, China accounted for the largest share at 40 percent, while South K...

Five Reasons Digital Security Is Like American Football

Image
Butler's Interception (left) Made Brady's Touchdowns (right) Count In Kara Swisher's interview on cyber security with President Obama , he makes the following comment: "As I mentioned in the CEO roundtable, a comment that was made by one of my national security team — this is more like basketball than football in the sense that there’s no clear line between offense and defense. Things are going back and forth all the time,” he said. I understand why someone on the President's national security team would use a basketball analogy; we all know the President is a big hoops fan. In this post I will take exception with the President's view, although I am glad he is involved in this topic. The following are five reasons why digital security is like American football, not basketball. 1. Different groups of athletes play offense, defense, and special teams in football. It is rare to see a single player appear on more than one squad. (It does happen, though....

Learning the Tufte Way to Present Information

Image
Source: The Economist, 31 Jan 2015 TaoSecurity Blog readers know I am a fan of Edward Tufte . When I see a diagram that I believe captures the tenets of his philosophy of presenting information, I try to share it with readers. Two weeks ago in its 31 January 2015 edition, The Economist newspaper published Saudi Arabia: Keeping It in the Family . The article discussed the ascension of King Salman to the Saudi crown. The author emphasized the advanced age of Saudi kings since the founding of the monarchy in 1932. To make the point graphically, the article included the graphic at left. It captured the start and end of the reigns of the monarchs, their ages at the beginning and end of their reigns, and the median age of the population. Readers are able to quickly compare the duration of each monarch's reign, the monarch's ages, and the trend toward older monarchs. Readers can see the traditional widening gap in ages of rulers compared to the population, as well as the r...

Focus on the Threat: Bank Heists

Image
Thief Retrieves Cash, from Bloomberg Businessweek The February 2nd issue of Bloomberg Businessweek featured a story titled Boom: Inside a British Bank-Bombing Spree . The article describes how "five men, dressed all in black" used "crowbars, power tools, coils of flexible tubing, and two large tanks of explosive gas" to blow apart ATMs in the UK, then retrieve cash inside. The story opens by describing a raid that netted "almost £250,000, or about $375,000" and was the group’s biggest score in a single night yet. Their MO, using cheap, common, and legal gas, was nearly impossible to trace, and they left precious little forensic evidence for the police. To stop the rampage, there was little Britain’s banks could do. What is the history of this sort of attack? The article states: Bank security experts think the first ATM gas attack may have been in Italy in 2001. Early statistics are shaky, but by 2005 there were almost 200 across the continent...

Where Russia and North Korea Meet

Image
Last week the Christian Science Monitor published a story titled  How North Korea built up a cadre of code warriors prepared for cyberwar . It contained the following section: North Korea is faced with tremendous limitations. All of its Internet connections go through servers in China, for example. But it soon may find other ways to connect to the outside world. North Korean leader Kim Jong-Un is expected to meet with Russian President Vladimir Putin later this year in a bid to, among other things, begin running networks through Russia, too. This caught my attention. Years ago I bought a giant map of Asia for my office at Mandiant. I was fascinated by the small part of the world where Russia and North Korea share a border, shown below. If you zoom into that area, you see the following. China, Russia, and North Korea share a common border near the Russian town of Khasan . From that location, Russia and North Korea share a border dividing the Tumen River, approximately...

A Word of Caution on Fraudulent Routing

Image
If you've read TaoSecurity Blog for a while, you remember me being a fan of companies like Renesys (now part of Dyn Research ) and BGPmon . These organizations monitor Internet-wide routing by scrutinizing BGP announcements, plus other techniques. (I first posted on the topic almost 12 years ago.) I am well aware that an organization, from its own Internet viewpoint , cannot be absolutely sure that the other end of a conversation truly represents the IP address that it seems to be. The counterparty may be suffering a BPG hijack. An attacker may have temporarily positioned itself in BGP routing tables such that the legitimate IP address owner is not the preferred route. There have been many examples of this, and on Thursday Dyn Research posted a great new blog titled The Vast World of Fraudulent Routing that describes six recent examples. A Tweet by Space Rogue about Dyn's post caught my attention. He said: You really want to tell me that an IP Address is enough fo...