The US Dept of Homeland Security recently announced the date for Cyber Storm III. This third in the series event will be the first chance to test the Obama Adminstration's cyber security strategy.
As pointed out in the linked article it is a chance to test the policy issues of coordination between Federal and State/local government and between the public and private sectors.
An old dictum states that the the scene of a disaster is not the place to exchange business cards for the first time.
This will be an interesting project to follow, especially if the open it to international players.
Monday, August 31, 2009
Aerial Surviellence backs up surface assets
Predator drones have provenn their worth in the ongoing wars in the Middle East. They are now being used to supplement the US Customs and Border Patrol efforts along the northern and southern borders of the US. In an article on Federal News Radio, Dorothy Ramienski cites CBP sources with: Since 2004 Customs and Border Protection unmanned aircraft have flown more than 4,500 hours, adding to the close to 5,000 arrests and they are extremely useful for classifying a contact: The Predator is also used for quick follow up if and when a stationary sensor on the ground goes off and has eliminated some false alarms.
"The Predator is usually the first to aircraft to arrive. From its kind of covert vantage point, it's able to detect what happened -- what cause the sensor to go off. It could be . . . wildlife, for example. In that kind of a case, we're able to package the right response forces.
The long loiter time for RPV's allows for extensive coverage of an area and its relative speed allows for quick target discrimination. Look for great use of this technology in the years to come elsewhere in the region.
"The Predator is usually the first to aircraft to arrive. From its kind of covert vantage point, it's able to detect what happened -- what cause the sensor to go off. It could be . . . wildlife, for example. In that kind of a case, we're able to package the right response forces.
The long loiter time for RPV's allows for extensive coverage of an area and its relative speed allows for quick target discrimination. Look for great use of this technology in the years to come elsewhere in the region.
Thursday, August 27, 2009
Conficker and Cyber War
Two recent articles from the NY Times on Conflicker and the limitations of cyberwarfare point out the risks and paucity of tools to combat cyber threats.
Conflicker is complex and soundly designed worm program that has infected more than 6 million computers worldwide. Over 200 countries have compromised computers. Buenos Aires is thought to be one of the initial infection points. Even though fixes have been available since January 09, the worm continues to spread and even takes measures to protect itself!
The big problem is that no one (besides the maker/controller) really knows what it was designed to do. Someone controls more than 6 million computers that can be unleashed at will.
This brings us to the second article which discusses the limitations and controls on military (and by extension law enforcement) forces to take action. The same abilities that the hackers/malware types possess, the good guys have but they have to operate under rules of engagement and the norms of law and war. Is an attack via computer on a country's critical infrastructure and act of war? Dropping a bomb or launching a missile certainly is. A nation's power grid is a legitimate target for aircraft and missiles in a shooting war, wouldn't it be in a cyber war? What can be done in self-defense? The UN Charter permits self-defense under Article 52. Are we ready for wars fought with electrons?
Lots to ponder.
Conflicker is complex and soundly designed worm program that has infected more than 6 million computers worldwide. Over 200 countries have compromised computers. Buenos Aires is thought to be one of the initial infection points. Even though fixes have been available since January 09, the worm continues to spread and even takes measures to protect itself!
The big problem is that no one (besides the maker/controller) really knows what it was designed to do. Someone controls more than 6 million computers that can be unleashed at will.
This brings us to the second article which discusses the limitations and controls on military (and by extension law enforcement) forces to take action. The same abilities that the hackers/malware types possess, the good guys have but they have to operate under rules of engagement and the norms of law and war. Is an attack via computer on a country's critical infrastructure and act of war? Dropping a bomb or launching a missile certainly is. A nation's power grid is a legitimate target for aircraft and missiles in a shooting war, wouldn't it be in a cyber war? What can be done in self-defense? The UN Charter permits self-defense under Article 52. Are we ready for wars fought with electrons?
Lots to ponder.
Tuesday, August 25, 2009
Smarter Malware
In an article on Dark Reading Kelly Jackson Higgins talks about the new threat in malware. These subtle, targeted pieces of code are designed to obtain specific information from the victim organization. When combined with "spear phishing" attacks, the door to a company's or government's secrets are thrown wide open.
And it isn't only big guys who need to be worried. Small companies are now being targeted. Criminals go where the money is.
And it isn't only big guys who need to be worried. Small companies are now being targeted. Criminals go where the money is.
Thursday, August 20, 2009
Cyber security: an essential part of national security?
As I sit here blogging away, I am pondering the relationship between cyber security and the larger framework of national security. Each day trillions of dollars circle the globe in electronic transactions. Criminals probe networks looking for items to steal. Others use malware to gain access to government secrets or to gain control of critical infrastructure. The economy and critical infrastructure are key to the functioning of government and the security of its people.
Traditionally in Latin America, security is seen a a domestic (inside the borders) issue, addressed foremost by law enforcement agencies. Defense is the realm of the military and looks at threats from outside the border. Where does the threat come from in the virtual world? Where ever there is a computer plugged into the Internet.
The United States as early as before 9-11went on record with the international dimension of the threat. The problem has only gotten worse and the risk greater. Why rob a bank in person when you can sit behind a computer and do it from a safe distance?
The United States recently established USCYBERCOMM to take the lead from the Department of Defense perspective on this threat to national security. It compliments several law enforcement agency efforts like the http://online.wsj.com/article/SB124632958157771629.html, FBI, and Dept of Justice.
It is time for governments and militaries in the Americas to get serious as well.
Traditionally in Latin America, security is seen a a domestic (inside the borders) issue, addressed foremost by law enforcement agencies. Defense is the realm of the military and looks at threats from outside the border. Where does the threat come from in the virtual world? Where ever there is a computer plugged into the Internet.
The United States as early as before 9-11went on record with the international dimension of the threat. The problem has only gotten worse and the risk greater. Why rob a bank in person when you can sit behind a computer and do it from a safe distance?
The United States recently established USCYBERCOMM to take the lead from the Department of Defense perspective on this threat to national security. It compliments several law enforcement agency efforts like the http://online.wsj.com/article/SB124632958157771629.html, FBI, and Dept of Justice.
It is time for governments and militaries in the Americas to get serious as well.
Monday, August 17, 2009
Mexico Replaces Customs Force
Over the weekend, Mexico replaced its entire force of customs officers. They also doubled the number of officers. See the article here:
Although couched as a means to increase compliance for revenue purposes, the move clearly has security implications in Mexico's ongoing fight with its drug cartels. Better trainined and equiped customs agents are better able to detect illicit shipments of all types.
The new agents are more highly educated than their predecessors (70% with college degrees vice 10% of the previous force.) Hopefully their pay will match the newly desired level of professionalism.
Although couched as a means to increase compliance for revenue purposes, the move clearly has security implications in Mexico's ongoing fight with its drug cartels. Better trainined and equiped customs agents are better able to detect illicit shipments of all types.
The new agents are more highly educated than their predecessors (70% with college degrees vice 10% of the previous force.) Hopefully their pay will match the newly desired level of professionalism.
Virtual Borders
Here is an interesting piece from the BBC on electronic borders. It discusses the EADS deal with Saudi Arabia to install an electronic system for monitoring of its land and sea borders. Systems such as SBInet use advanced electronic systems such as cameras, radars, motion sensors, etc. to detect individuals, groups or vehicles crossing a border between recognized check points. In theory, these detections can then be passed to law enforcement to conduct the interecpt and apprehension. It is analogous to air intercept with an AWACS and fighters.
The challenges come with integration of mutiple sensor systems. Determining if the motion detector picked up a person or an animal is a non-trivial problem. Likewise finding people in a sandstorm.
Then you have to communicate with your interceptors.
Lots of promise, but lots of risk.
The challenges come with integration of mutiple sensor systems. Determining if the motion detector picked up a person or an animal is a non-trivial problem. Likewise finding people in a sandstorm.
Then you have to communicate with your interceptors.
Lots of promise, but lots of risk.
Friday, August 14, 2009
Where to start?
After considering the landscape and out of curiosity, I have decided to blog. The thoughts on this blog are my own and will reflect my eclectic experiences and interests. Trained as an engineer, I decided that I should study international affairs and then business administration as a grad student. Really it all made sense at the time. My recent professional efforts have placed me in an academic position interacting with defense and security professionals from across the Americas. It is from this vantage point I will comment.
My current academic interests focus on homeland defense and security issues. I believe that there is an under-appreciation of the risks of the threats to the cyber and critical infrastructure in the region.
In a virtual world, your border is wherever someone can plug into the net.
My current academic interests focus on homeland defense and security issues. I believe that there is an under-appreciation of the risks of the threats to the cyber and critical infrastructure in the region.
In a virtual world, your border is wherever someone can plug into the net.
Subscribe to:
Posts (Atom)
Posts
