MARFORCYBER And The Marine Corps Cyber Auxiliary
via Nina Kollars & Emma Moore, writing at War On The Rocks, comes this outstanding, sobering analysis of both current and future cybersecurity professionalism & capabilities within the United States Marine Corps MARFORCYBER and the Marine Corps Cyber Auxiliary.
If you are at all interested in Offensive & Defensive Cyberwarfighting capabilities within the Department of the Navy, and more specifically within the Marine Corps, this, my friend, is Today's Absolutely Must Read. Information Security and Cybersecurity Professionals should email cyberaux@usmc.mil for more information or to volunteer with the United States Marines Cyber Auxiliary.
MIT's Attack Detection via Super Computing
In a not-too-astounding announcement, it seems MIT Academicians have found a new use for super-computational resources: The utilization of super comuting resources targeting so-called 'compressed bundles' with the ostensible outcome of attack detection. I'll wager there are foreword thinking data scientists bent over the same workwheel using so-called 'Cloud Computing' for the same task (at tenth of a percent of the cost per flop). Just sayin...
'"If you're trying to detect anomalous behavior, by definition that behavior is rare and unlikely," says Vijay Gadepally, a senior staff member at the Lincoln Laboratory Supercomputing Center (LLSC). "If you're sampling, it makes an already rare thing nearly impossible to find."' - via The Lincoln Laboratory at the Masachusetts Institute of Technology
The Next Battleground
via Rob Knake, writing at the Council on Foreign Relations' online outlet: Foreign Affairs and in the Snapshot section, comes this astute examination of the co-called cyberwarfare space's soft underbelly - power generation. Fear, Uncertainty and Doubt aside: Successful attacks on electrical power generation and equally crucial power distribution capabilites would relegate vast swaths of the population into feudal vassals of regional political power (not too mention the demoralization of those populations). Today's Must Read.
"The digital infrastructure that serves this country is literally under attack,” Director of National Intelligence Dan Coats warned starkly last week. Most commentators took his declaration that “the warning lights are blinking red” as a reference to state-sponsored Russian hackers interfering in the upcoming midterm elections, as they did in the 2016 presidential election. But to focus on election interference may be to fight the last war, fixating on past attacks while missing the most acute vulnerabilities now. There’s reason to think that the real cyberthreat from Russia today is an attack on critical infrastructure in the United States—including one on the power grid that would turn off the lights for millions of Americans." - via Rob Knake, writing at Foreign Affairs
Dr. Fred Cohen's 'How Cyber-Security Punishes Good Behavior' →
via Dr. Fred Cohen - an (ISC)² Fellow, comes this superlative piece detailing the twisted reward/punishment scheme implemented by many (if not most) cybersecurity programs in existence. Enjoy!
Twelve Percentile →
NIST Publishes Cyber-Incident Recovery Guide →
Whom Done It →
In what wraps up to be a superbly crafted screed penned by Glenn Greenwald, laboring at The Intercept; in which, the Good Mr. Greewald details the perceived falsehoods swirling about the alleged Russian Intelligence Services hacks of the Burlington Vermont electrical generation utility. Today's Must Read.
Cyber Insecurity: Emerging Policy Tools in Cybersecurity →
This mornings' dive into Beltway views of Information and Cybersecurity Security was brought to my excruciatingly long (as opposed to short) attention span by a fellow member of theInternet Society - Joly MacFie (Joly is a member of the ISOC NY Chapter).
Panel participants are Jane Chong of the Hoover Institution and the National Security and Law Associate there, Joshua Corman - the Director of Cyber Statecraft Initiative at the Atlantic Council, Robert Morgus - a Policy Analyst for Cybersecurity Initiative, New America thinktank and Sasha Romanosky - Policy Researcher at the RAND Corporation and Faculty Member at the Pardee School; with the Panel Moderator- Trey Herr, Fellow, Harvard Belfer Center and Non-Resident Cybersecurity Fellow, New America's Cybersecurity Initiative and the Editor, Cyber Insecurity: Navigating the Perils of the Next Information Age. All in all, a stellar panel, and an engaging video.
Enjoy.
A Hoarder's Tale, A Big Banking Bitcoin Story →
Sacrebleu. Those crafty Brits (in reality, London City based Banks) are now planning on hoarding Bitcoins to pay cyberransoms to so-called cybercriminals. Translation: They are currently doing so, so come on guys, make your scurrilous demands, they're ready for you. HatTip
"The virtual currency, which is highly prized by criminal networks because it cannot be traced, is being acquired by blue chip companies in order to pay ransoms..." via The Guardian's Jamie Doward
PhoneBoy's Existential Threat →
PhoneBoy's thought provoking post, noting the unpreparedness [from a defence perspective] of our society to cybersecurity threats. Quite obviously, today's Must Read.
Read This
And perhaps note what similarities exist between and betwixt this young 2nd LT at the United States Military Academy recently branched to the Cyber Command and your career... Absolutely outstanding. Via The Cyber Defense Review.
Title: 'An Emotional Response to Being One of the First Cadets to Branch Cyber.'
Author: 2LT Daniel Brown
Date: Jun 11, 2015
I have been asked multiple times what my emotions were the night I learned that I would be branching cyber. The night was like any other branch night at West Point with all of the First Class cadets anxiously awaiting their fate as army officers. The only difference with this branch night as opposed to the previous decades of them was the inclusion of the new branch, Cyber, to the list of possibilities. I knew going into this night that there were roughly forty to fifty cadets that were competing for Army Cyber slots. All of us had put in work through a selection process known as the Cyber Leader Development Program in which our talents, experiences and skills were assessed by a mentor. I thought my chances were decent because I had put hours into my application packet and had done everything I had been asked to do. I knew I would branch either Army Signal or Army Cyber. My grandpa had been an officer in the Army Signal Corps so I had a historical connection to Army Signal, but my hope and dream was to branch Army Cyber.
As the night progressed we were finally given our envelopes with our branch inside and the first thing every firstie did was feel the envelope to figure out what branch they had gotten. I can say with complete honesty that I had no idea what mine was. We then waved the envelopes above our heads, as per tradition, and awaited the order to open our branches. When the order came I ripped open the envelope and confirmed my hopes and dreams. I had branched Army Cyber. The moment was surreal and was shared with several of my classmates. Cadet Ames Evans, a fellow cyber cadet, told me that he was ecstatic as well and that it was one of the greatest days of his life. Cadet Braxton Musgrove informed me he was happy, but was not incredibly surprised. This lack of surprise was an emotion that was shared by several cyber cadets who were confident in their abilities. This demonstrates one aspect of branching cyber that differentiates it from the other branches. Not only do cadets have to be sufficient in all three pillars, but even more importantly, prospective cyber soldiers have to possess a certain set of skills that separates them from their peers. To branch cyber means that you are a member of a profession. The hours and time it takes to become proficient in the skills necessary to be an effective cyber officer set cyber soldiers apart. It could be compared to learning several foreign languages, proficiently; learning to think analytically as well as logically work through incredibly complicated problems that utilize everything from cryptographic algorithms to complicated arithmetic equations. I knew that night that I was joining the ranks of such soldiers, and that was what made it one of the greatest nights of my life.
NCCoE Releases NIST Cybersecurity Practice Guide Targeting Health Records →
The National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NIST NCCoE) has released a new draft practice document entilted NIST Cybersecurity Practice Guide, Special Publication 1800-1: "Securing Electronic Health Records on Mobile Devices".
Targeting health care records (stored electronically), these artifacts are well-crafted first-rate (but draft, after all) information security documents. Available in both sections and in full (a compressed file also containing a manifest, and a number of template files is noted later in this post).
The Comment Period is open until September 25, 2015 (inclusive). The NCCoE has committed to allowing comments to be submitted anonymously, will be make public those commentaroes after review. Submit comments online or via email to HIT_NCCoE@nist.gov.
Sections Available
(1) SP 1800-1a: Executive Summary (2) SP 1800-1b: Approach, Architecture, and Security Characteristics (3) SP 1800-1c: How-To Guide (4) SP 1800-1d: Standards and Controls Mapping (5) SP 1800-1e: Risk Assessment and Outcomes
Full Zip Document Archive
Estonia, Creates Volunteer Cyberwarrior Brigade
Considering the country's highly systems-literate populis, this is one of the more interesting cases of a so-called Cybernational Guard, this time, stationed at the K5 Barracks (NATO Cyber Defense Center, Tallinn, Estonia), in quite likely one of the most astoundingly beautiful countries on our planet - Estonia!
Institutional Investors Lose Faith In Security Competence At Board Level →
Yes, and here's why it very well may be true:
"KPMG also found that 79 percent of investors would be discouraged from investing in a business that has been hacked. The findings revealed that investors believe less than half of the boards of the companies that they currently invest in have adequate skills to manage cyber risk. Furthermore, they believe that 43 percent of board members have unacceptable skills and knowledge to manage innovation and risk in the digital world. This sentiment was mirrored in a recent KPMG survey of FTSE 350 businesses, which found that 39 percent of boards and management agreed they were severely lacking in their understanding of the area." via Antony Savvas writing at Techworld.