TaoSecurity Blog

Earlier today I happened to see a short piece from the Bloomberg Businessweek "The Year Ahead: 2016" issue, titled The Best Places to Build Data Centers . The text said the following: Cloud leaders including Amazon.com, Microsoft, Google, IBM, and upstart DigitalOcean are spending tens of billions of dollars to construct massive data centers around the world. Microsoft alone puts its total bill at $15 billion. There are two main reasons for the expansion: First, the companies have to set up more servers near the biggest centers of Internet traffic growth. Second, they increasingly have to wrestle with national data-privacy laws and customer preferences, either by storing data in a user’s home country, or, in some cases, avoiding doing just that. The article featured several maps, including the one at left. It notes data centers in "Virginia" because "the Beltway has massive data needs." That may be true, but it does not do justice to the history of t...

I just read a very interesting article by Sydney Freedberg titled  DoD CIO Says Spectrum May Become Warfighting Domain . That basically summarizes what you need to know, but here's a bit more from the article: Pentagon officials are drafting new policy that would officially recognize the electromagnetic spectrum as a “domain” of warfare, joining land, sea, air, space, and cyberspace, Breaking Defense has learned.  The designation would mark the biggest shift in Defense Department doctrine since cyberspace became a domain in 2006. With jamming, spoofing, radio, and radar all covered under the new concept, it could potentially bring new funding and clear focus to an area long afflicted by shortfalls and stovepipes. The new electromagnetic spectrum domain would be separate from cyberspace, although there’s considerable overlap between the two...  But the consensus among officials and experts seems to be that the electromagnetic spectrum world — long divided between...

The name "John Boyd" and the term "OODA Loop" are probably familiar to many of the readers of this blog. I've mentioned one or the other in 2006 , 2007 , 2009 ( twice ), and 2014 . Boyd was a fighter pilot in the Korean war and revolutionized thinking on topics like fighter design and military strategy. His OODA loop -- an acronym for Observe, Orient, Decide, Act -- is the contribution that escaped from the military sphere into other fields of thought. In a world that has finally realized prevention eventually fails , the need for a different strategy is being appreciated. I've noticed an increasing number of vendors invoke Boyd and his OODA loop as an answer. Unfortunately, they fixate on the idea of "speed." They believe that victory over an adversary results from operating one's OODA loop faster than an opponent. In short, if we do something faster than the adversary, we win and they lose. While there is some value to this approach, it ...

Last year I wrote  Seven Tips for Small Business Security , but recently I decided to write this new post with a different focus. I realized some small businesses are in some ways indistinguishable from individuals, such that advice for personal online security would be more appropriate for some small businesses. In other words, some businesses are scaled such that one or a few people are the entire business. In that spirit, I offer the following suggestions for individuals and these small businesses. 1. Protect your email. Email is the number one resource most of us possess, for three reasons. First, imagine that you forget your password to just about any Web site. How do you recover it? It's likely you request a password reset, and you get an email. Now, if you no longer control your email, an attacker can reset your passwords and take control of your Web accounts. How does an attacker know what accounts you own? That is answered by the second key to email: content. A quick ...

Sunday evening 60 Minutes aired a segment titled Inside the Air War . The correspondent was David Martin, whose biography includes the fact that he served as a naval officer during the Vietnam War. The piece concluded with the following exchange and commentary: On the day we watched the B-1 strike, that same bomber was sent to check out a report of a single ISIS sniper firing from the top of a building. Weapons officer: The weapon will time out directly in between the two buildings. This captain was one of the weapons officers in the cockpit. David Martin: B-1 bomber. Weapons officer: Yes sir. David Martin: All that technology. Weapons officer: Yes sir. David Martin: All that fire power. One sniper down on the ground. I thought the captain's next words were right on target: Weapons officer: Sir, I think if it was you or me on the ground getting shot at by that sniper we would take any asset available to make sure we were no longer getting, you know, engaged by...

On Friday the Obama administration secured its second win toward establishing a new norm in cyberspace. The  Joint Fact Sheet  published by the White House includes the following language: "no country should conduct or knowingly support cyber-enabled theft of intellectual property, trade secrets, or other confidential business information with the intent of providing competitive advantages to its companies or commercial sectors ;" (emphasis added) This excerpt, as well as other elements of the agreement, mirror words which I covered in my Brookings piece To Hack, Or Not to Hack ? I recommend reading that article to get my full take on the importance of this language, including the bold elements. It's likely many readers don't think of South Korea as an economic threat to the US. While South Korean operations are conducted at a fraction of the scale of their Chinese neighbors, ROK spies still remain busy. In January Shane Harris wrote a great story titled  Our ...

In June 2011 I wrote a blog post with the ever polite title  China's View Is More Important Than Yours . I was frustrated with the Western-centric, inward-focused view of many commentators, which put themselves at the center of debates over digital conflict, neglecting the possibility that other parties could perceive the situation differently. I remain concerned that while Western thinkers debate war using Western, especially Clausewitzian, models, Eastern adversaries, including hybrid Eastern-Western cultures, perceive war in their own terms. I wrote in June 2011: The Chinese military sees Western culture, particularly American culture, as an assault on China , saying "the West uses a system of values (democracy, freedom, human rights, etc.) in a long-term attack on socialist countries ... Marxist theory opposes peaceful evolution, which... is the basic Western tactic for subverting socialist countries" (pp 102-3). They believe the US is conducting psychologic...