 |
 |
|
|
Intelligence Technology Blog by Bob Gourley
08/01/2011 - PIRATES OF THE ISPS: TACTICS FOR TURNING ONLINE CROOKS INTO INTERNATIONAL PARIAHS The cyber security e-mail lists, Twitter streams, Facebook messages and chat circuits were abuzz today over a new report released from the Brookings Institution. This piece, titled "Pirates of the ISPs: Tactics for Turning Online Crooks into International Pariahs," was authored by Noah Shachtman. Noah is a Fellow at the Brookings Institution 21st Century Initiative. Many of us in the tech community also know him well from his many contributions as an editor of Wired magazine and his constant quality work on Wired's national security blog, Danger Room. Read This Blog 05/31/2011 - BIG DATA IS CRITICAL TO THE DOD SCIENCE AND TECHNOLOGY INVESTMENT AGENDA The Secretary of Defense signed a memorandum on 19 April 2011 which articulates the Science and Technology (S&T) priorities for the Department of Defense (DoD). This memo flows from extensive planning including reviews of all defense missions and architectures to support those missions. The result: seven S&T priorities have been identified for strategic investment. These [...] Read This Blog 05/26/2011 - THE U.S. INTERNATIONAL STRATEGY FOR CYBERSPACE Cyberspace is interconnected technology. It is everywhere. It is an ecosystem with many stakeholders and literally billions of actors. The rise of Cyberspace as a capability has already changed us in many ways, and for years it has been having an impact on the nation's strategy. Now, after some great staffing and planning by some of the sharpest minds in our nation and after coordination with allies, industry, academia and scores of thought leaders, a new International Strategy for Cyberspace has been articulated. Read This Blog 04/15/2011 - FBI DATABASE SEARCH AND DISCOVERY CAPABILITY CALLED DIVS IS BEST IN CLASS I was recently treated to a demonstration of a mission-focused IT solution that made me proud of what technologists at FBI can do. What I saw was a best in class integration of search, discovery and analysis tools known as DIVS (Data Integration and Visualization System). DIVS includes a framework that allows multiple tools, COTS and GOTS, to interoperate in ways incredibly supportive of the most significant missions in the national security space. Read This Blog 04/15/2011 - HARWARE REALLY MATTERS FOR COMPUTER FUNCTIONALITY AND SECURITY It may be stating the obvious to say that the hardware you use has a direct impact on the functionality of your IT. That is so fundamental of a statement it really goes without saying. But for some reason decision-makers gloss over the importance of hardware to security design. Why? The hardware you pick has a direct impact on the security of your enterprise. Read This Blog 03/28/2011 - GOOGLE ENGINGEERING AND INSIGHTS INTO HUMAN NATURE Humans organize to get big things done. And for years leaders and thinkers have tried to optimize organizations. You have no doubt studied this yourself. Do you remember reading books like The Peter Principle: Why Things Always Go Wrong or perhaps the true genius of Scott Adams in works like This Is the Part Where You Pretend to Add Value. Those are great timeless works because they are working off enduring human scripts. You can find other insights into human dynamics in organizations, of course, in leadership books from greats from Carnegie to Covey. Read This Blog 03/14/2011 - IN-Q-TEL TECHNOLOGIES/CAPABILITIES HIGHLIGHTED Forbes ran a nice piece on In-Q-Tel. The article is worth reading in its entirety. Here is a link: Startups Backed By The CIA. The In-Q-Tel mission is to identify, adapt and deliver innovative technology solutions to support the missions of the Central Intelligence Agency and the broader US Intelligence Community, including the Department of Homeland Security. Read This Blog 01/03/2011 - Cyberwar? What Cyberwar? Ladies and Gentlemen, put down the keyboards, stop reading the screen for a moment, and take a deep breath. I'll wait. Ok. Now that you've done that, you can relax with the knowledge that we are not currently nor have we ever been in a "cyberwar" with any foreign power or group. Yes, including China. So far there have not been any verified examples of cyberwar of any kind. At this point, you probably either think me crazy or correct, but really when we get down to it, this is because our views differ on what the exact meaning of the word "war" is. Now we're done with the Op-Ed for the moment. Read This Blog 12/10/2010 - DEBRIEF FROM THE WHITE HOUSE FORUM ON IT MANAGEMENT REFORM If you are an enterprise technologist in or out of the Federal Government, please take time to watch the entire presentation below. It captures the entirety of the presentations and majority of the conversations at the White House Forum on Information Technology Management Reform. I recommend you watch the entire presentation for several reasons. If you are a student of IT and its governance, you will see what a good strategy looks like. If you are a student of federal policy, you will gain insights into what may be some of the most important shifts underway in the federal space today. If you are an integrator or technology vendor who served federal users you will learn a bit more about how your customer will be shifting in the future and how you can better position to help. And if you are an enterprise technologist you will learn of some very important things under way that will make your life easier and more productive. Read This Blog 12/08/2010 - DISRUPTIVE IT LIST UPDATE: WATCHING SEVERAL DRAMATICALLY POSITIVE TECHNOLOGIES The CTOvision.com list of Disruptive IT has just been updated. This list reviews the companies regarded as having very high potential to change the way IT is done in large enterprises. Read This Blog 11/16/2010 - Geospatial TTPs Contribute To Cyber Security The Geospatial tradecraft has benefited from the development of tactics, techniques and procedures (TTP) that have played a major role in combating terrorism in the 21st century. These TTPs have improved the situational awareness of the operational environment, vital to understanding and mitigating threats to U.S. National Security. The cyber environment provides a new haven for those intending to act against U.S. National Security interests but that threat can also be reduced through the use of geospatial TTPs. A geospatial perspective of the cyber environment can create an increased situational awareness of computer network attacks and exploitations against Command & Control, Computers & Communications that drive Intelligence, Surveillance and Reconnaissance (C4ISR) in support of U.S. National Security interests. Geospatial TTPs will once again prove their value in helping to define and reduce the threat to critical infrastructure and operating systems that support C4ISR. Read This Blog 11/01/2010 - WHAT YOU NEEED TO KNOW ABOUT ABOUT THE EVILS OF FIRESHEEP (A GATEWAY DRUG TO MORE EVIL HACKING) Firesheep is a great new plugin that works in the Firefox browser. It is easy for you to install, easy to run, and gives you, and just about anyone else, the power to do pure evil using just your browser and a laptop. With this post I'll explain some of this evil and offer some thoughts on what it means for CTOs. Read This Blog 10/19/2010 - STUXNET: AN IMPORTANT CHANGE IN THE NATIONAL SECURITY LANDSCAPE There are some important strategic changes occurring in the national security landscape. A new kind of cyber attack has been noted, one that involves use of malicious code to attack infrastructure. There are some important points in this attack that should be understood by national security decision-makers. With the launch of the code the security community calls Stuxnet, an attack was made against a programmable logic controller (PLC) that runs a physical system. This is a new degree of bad in cyber attacks. This code is potentially (probably?) nation -state sponsored. We might never know which country, but a review of the geo-political situation today can lead to some informed speculation. Read This Blog 10/05/2010 - MOUNTING A VIGOROUS DEFENSE IN DEPTH I know some guys who are really good at external validation of enterprise security posture. There are some folks so good that nothing will totally stop them. The history of computer science makes me think world-class-best folks like that will always be with us and there will never be a system that is perfectly defendable. But still, there are steps you can take to dramatically enhance the security of your enterprise. I've reviewed some of these before, like ensuring endpoints are protected from malware, using defense in depth to enhance your security posture, mitigating IPv6 security threats, and studying the threat. With this post I'd like to mention another capability that belongs in your defense in depth tool suite: the Microsoft Security news, products, updates and tools site at http://microsoft.com/security The security site at Microsoft is a way for enterprise and home users to tap into three key security centers: The Microsoft Security Engineering Center, The Microsoft Security Response Center, and The Microsoft Malware Protection Center. It is good to know all three of those, but the best way to interface with them, in my opinion, is through the security site... Read This Blog 09/20/2010 - THE HONORABLE JOHN G. GRIMES: AFCEA SARNOFF AWARD WINNER On September 15th, 2010, The Honorable John G. Grimes was presented with the AFCEA David Sarnoff Award. This award was established by AFCEA as the organization's highest honor, to recognize individuals who have made lasting and significant contributions to global peace. Recipients have demonstrated a sustained and personal commitment to furthering communications, electronics, and information technologies toward achieving a more secure tomorrow. Read This Blog 09/01/2010 - SOCIAL ENGINEERING -- HACKING BY ASKING A good hacker knows that a good hack involves three things: 1. Vulnerability 2. Exploitation 3. Maintenance of access Talking to that secretary gave us a lot of information -- the antivirus vendor and version of Internet Explorer being the most important among other things. This tells us what the system is vulnerable to -- in this case IE6 vulnerabilities. Knowing the antivirus lets us know what vulnerabilities will be detected or stopped unless they are re-written or modified. With very little work we can probably find a way to circumvent any signatures based antivirus for a payload and a working exploit on a system with a profile similar to that described by the secretary. Now we have both a vulnerability and a method with which we will exploit it. Finally, the secretary informed us that patches to systems are done on Tuesdays -- so we can have up to a week after successful exploitation to develop a system to maintain access either through reverse shells or an autonomous setup, which should be easy to do once we are in and get the lay of the network. It's very easy to find and package exploits with the wide availability of large databases of viruses and exploits... Read This Blog 07/07/2010 - PROS AND CONS: CYBER COMMAND Even before the U.S. Cyber Command stood up there was wide-ranging speculation about what the command would do, the authorities it would be granted, and the powers it would wield. No amount of insight from those with knowledge of the command will be enough to assuage the concerns of those who feel such an organization - and more specifically its intimate links with an intelligence agency - is a threat to liberty online and in general. Two of the early players in the cyber security and intelligence world - Bob Gourley and Mike Tanji - square off over the value - or lack thereof - of the Cyber Command and its impact on national security. Read This Blog 06/14/2010 - PERSPECTIVES ON CYBER SECURITY BILL On June 10, 2010, the US Senate Homeland Security and Governmental Affairs Committee (HSGAC) unveiled a major cybersecurity bill designed to modernize, strengthen, and coordinate US Cyber defenses. Read This Blog 06/07/2010 - HOW FAST IS 3G AND WHAT IS 3.5G AND WHEN WILL 4G REALLY BE HERE? Most enterprise CTOs are very interested in the "cloud" and ways to tap into cloud-based resources. An interesting aspect of this discussion has been how to access the cloud while on the move. Today's cellular networks support that access today, and future enhancements are making that support even better and much much faster. Read This Blog 04/12/2010 - MITIGATING IPV6 SECURITY THREATS After years of work in mitigating threats to the current version of networking protocols (Internet Protocol version 4- IPv4), network defenders can implement defense in depth by leveraging an array of capabilities like Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Security Information and Event Management (SIEM) tools and Unified Threat Management (UTM) tools. Capabilities have evolved in IPv4 security that enable all those functions to be hosted on singled Deep Packet Inspection (DPI) platforms. In the IPv4 world, the threats are still real and still require this defense in depth approach, but savvy network defenders have DPI and other tools at the ready to help mitigate these threats. Read This Blog 02/25/2010 - TWELVE PRINCIPLES OF DOD CYBER CONFLICT While rummaging through old files on my hard drive I encountered a piece I wrote in June 2002 which captured in writing something I had been briefing for several years. I had been briefing "Principles" which I had observed/learned while the J2 of DoD's JTF-CND and then later J2 of JTF-CNO. My theory was that just as Admiral Bill Studeman has helped intelligence professionals understand their craft better by articulating principles, I could help build understanding of the new field of cyber conflict by generating dialog on principles. Read This Blog 02/02/2010 - A CTO ANALYSIS OF SECRETARY CLINTON'S SPEECH ON INTERNET FREEDOM On 21 January 2010 Secretary of State Clinton delivered a speech on the topic of Internet Freedom. This is a very good presentation of policy worth a complete read by all, but I looked through it for statements indicating what we technologists should focus on. I tried to find the phrases indicating what the Secretary was saying the US should or will do, since that should drive many other government actions and should help technologists think through what we may be asked to do/support. Read This Blog 01/20/2010 - GOOGLE SURPRISE: A CHANGE IN INTENT REGARDING CHINA Google did something brave. Something I never thought they would do. They stood up to communist China. And they did what they did with a speed and certainty that should make us all proud. Read This Blog 01/12/2010 - SIX ENTERPRISE MEGA TRENDS TO WATCH IN 2010 Most enterprise technologists should see a continued payoff of the hard work in planning, architecture, documentation, development and configuration work that has been occurring over the last several years. Enterprise technologists were building Service Oriented Architectures (SOA) long before SOA was over-hyped. And most enterprise technologists I know were investigating constructs of scalable, elastic Cloud Computing capabilities long before that became the dominate theme in trade journals, conferences and tech blogging. With all the hard work and progress seen in enterprises to date we could be in store for some very positive improvements in 2010. Read This Blog 01/04/2010 - SYSTEM IMPROVEMENTS AFTER THE CHRISTMAS TERROR ATTACK? Information Technology in the federal enterprise does not work like it does in Hollywood. Although there are plenty of success stories to go around, federal IT is more limited and constrained than we would all want, for lots of reasons. Some of the reasons are just do to complexities and limited budgets. Some of the reasons are for security. Some of the reasons are because of the way the government funds its agencies and manages programs. And some of reasons are because we humans have designed things using the wrong models and implemented them to serve workflows that are flawed to begin with. Read This Blog 12/15/2009 - INTERNET ROUTING IN SPACE: SOME HINTS OF WHAT THIS MEANS On 23 November 2009, an Atlas V rocket from the United Launch Alliance successfully launched the Intelsat 14 satellite (IS-14). Liftoff of the Atlas V occurred at 1:55 a.m. ET. The satellite separated successfully two hours later. Great launch! Read This Blog Authors are entirely responsible for opinions expressed in material appearing in AFCEA publications and online products, and these opinions are not to be construed as official or reflecting the views of the Armed Forces Communications and Electronics Association. This is a moderated blog, and all comments are subject to review prior to posting. Approved comments will appear within 24 hours. |
|