Currently viewing the category: "Cyber Offense"

The video above is Dr. Regina Dugan speaking at the DARPA Cyber Colloquium in January 2012. This is video provides an excellent snapshot of what is ongoing throughout the Internet and what we call “Cyberspace”.  It also alludes to the “Death by a thousand cuts” I mentioned in my Information Dominance Corps video.

The news today is that Dr. Dugan is headed out of DARPA and into the arms of Google. This kind of departure is one of my main concerns for the U.S. Government, Department of Defense, and the U.S. Navy. This concern is rooted in the historical departure of excellent people from these institutions due to the institution’s inability to entice them to stay.  The military and Navy have battled this issue for centuries and I think the battle in the realms of Information Technology and Cyberspace will be a far more challenging one.

To this point the private sector has traveled through the economic recession and is in full recovery and growth mode in these realms while the government sector is just now facing it with massive budgetary issues.  Companies can’t obtain excellent people in these Cyber fields fast enough. Carnegie Mellon University and others can’t create them fast enough.  In steps a company like Google, Facebook and others and they gobble up every great candidate.  Facebook’s creator visited CMU for just this reason in the last part of 2011.

DARPA DirectorWhen a company like Facebook wants a great candidate they are no longer simply offering a salary (which already dwarfs those of the government sector) but are able to provide a substantial and comprehensive package.  If the candidate puts up a bit of a fight they simply increase the offer.  And if the candidates desires are to follow their company start-up dreams and continue with their own company; Facebook will simply buy the company.

Starting to see my point?  The Government and our Military are significantly challenged when trying to recruit, develop, and maintain this cyber force.  They are not only facing a foe in Cyberspace but the economic challenges in one of the most rapidly growing and developing industries in a globally connected world.  Compound these considerations with the Military budgets and personnel that are shrinking.  While more resources are shifting to the Cyberspace arena the priority changes, funding amounts and personnel may not be adequate enough to mitigate the risks that our Nation is facing.

What do you think?  How do you keep, maintain, and improve the people required for Cyberspace?

[via DARPA]

Tagged with:
 

So Interpol’s website is down in a possible retaliation as they just picked up 25 suspected Anonymous members.  Or the other reason could be that Interpol simply has a low cap in relation to the amount of attention this story is getting and the story itself is causing the Distributed Denial of Service. That is all part of the fun in Cyberspace; what is the true cause and attribution.

The arrests followed an ongoing investigation begun in mid-February which also led to the seizure of 250 items of IT equipment and mobile phones in searches of 40 premises in 15 cities, Interpol said.

Anonymous recently got attention by secretly recording a conference call between U.S. and British cyber investigators tasked with bringing the group to justice.  But the information within the call was fairly germane.  Part of the overall difficulty beyond compromising a system is actually getting through the minutia and getting the gems within.  If you can’t get the gemstones there is ultimately no end affect.

Anonymous executed this plan well with the Stratfor hack.  Only a few days ago they delivered their ex-filtrated gemstones to Wikileaks for publication.

Rarely do you get to watch a CEO like George Friedman detail the hacking incident and its implications. publicly acknowledge their major failures in the information war component in Cyber Battle against malicous Hackers like Anonymous.

Stratfor’s immediate actions included:

  • Ensured the prompt notification of credit card issuers about the compromised credit cards.
  • Offered all current and former paid subscribers identity protection services from CSID, a leading identity protection company.
  • Commissioned SecTheory, a respected Internet security firm, to work with us to rebuild our website, email system and internal infrastructure.
  • Hired Verizon Business Network Services to conduct a forensic investigation in cooperation with the FBI’s ongoing investigation.
  • Moving our entire e-commerce process to a highly secure, PCI compliant third-party system, which eliminates the need for us to store any credit card information.
  • Enhancing the way we encrypt and store passwords, and implementing new password requirements.

Stay tuned.  I’m sure there is more to follow…

Tagged with:
 

Image via Communications of the ACM

One of the important things in the Information Technology field is the ability to not only understand the technology itself but to be able to expertly navigate the human network.  With that said we’re taking a look at the Best of the Best in  Professional Cyber Security Organizations and Conferences:

USENIX, the Advanced Computing Systems Association:

  • Fosters technical excellence and innovation
  • Supports and disseminates research with a practical bias
  • Provides a neutral forum for discussion of technical issues
  • Encourages computing outreach into the community at large

USENIX Annual Technical Conference (USENIX ATC ’12) is their main conference.  USENIX ATC ’12 will take place June 12–15, 2012 in Boston.

 

IEEE, pronounced “Eye-triple-E”, stands for the Institute of Electrical and Electronics Engineers.

  • foster technological innovation and excellence for the benefit of humanity.
  • essential to the global technical community and to technical professionals everywhere, and be universally recognized for the contributions of technology and of technical professionals in improving global conditions.

IEEE Symposium on Security & Privacy is their main Cyber Security conference.  IEEE SEC & PRI will take place May 20-23, 2012 in San Francisco.

 

ISOC, Internet Society, founded by Vint Cerf:

  • world’s trusted independent source of leadership for Internet policy, technology standards, and future development.
  • More than simply advancing technology, they work to ensure the Internet continues to grow and evolve as a platform for innovation, economic development, and social progress for people around the world.

Network & distributed System Security Symposium (NDSS) occured on February 5-8, 2012 in San Diego.

 

ACM, Association for Computing Machinery:

  • widely recognized as the premier membership organization for computing professionals, delivering resources that advance computing as a science and a profession
  • enables professional development
  • promote policies and research that benefit society.

ACM Computer and Communications Security (ACM CSS) Conference will occur on October 16-18, 2012 in Raleigh.

[via David Brumley]

Set your Twitter account name in your settings to use the TwitterBar Section.