What approach to change management is likely to be the most effective in today’s
business environment?
What leadership behaviors tend to be associated with effective change management?
Leader’s role and behavior in the change process
Higgs and Rowland (2000, 2001) specifically linked leadership behaviors
to activities involved in implementing change. They identified five broad areas of leadership competency associated with successful change implementation. These were:
(1) Creating the case for change: effectively engaging others in recognizing the business
need for change.
(2) Creating structural change: ensuring that the change is based on depth of understanding of the issues and supported with a consistent set of tools and processes.
(3) Engaging others in the whole change process and building commitment.
(4) Implementing and sustaining changes: developing effective plans and ensuring good
monitoring and review practices are developed.
(5) Facilitating and developing capability: ensuring that people are challenged to find
their own answers and that they are supported in doing this.
Emerging themes relating to leadership (Denzin and Lincoln, 2000).
Nine categories were identified:
(1) What leaders say and do. The communication and actions of leaders related directly
to the change.
(2) Making others accountable.
(3) Thinking about change.
(4) Using an individual focus.
(5) Establishing ‘starting points’ for change.
(6) Designing and managing the change journey.
(7) Communicating guiding principles.
(8) Creating individual and organizational capabilities.
(9) Communicating and creating connections.
Factor 1: shaping behavior
(1) What leaders say and do.
(2) Making others accountable.
(3) Thinking about change.
(4) Using an individual focus.
Factor 2: framing change
(1) Establishing ‘starting points’ for change.
(2) Designing and managing the change journey.
(3) Communicating guiding principles.
Factor 3: creating capacity
(1) Creating individual and organizational capabilities.
(2) Communicating and creating connections.
(1) Externally-driven, high-magnitude change can be implemented in a relatively short
time scale.
(2) Long-term change is internally driven in organizations with a long history of
change activities.
(3) High-magnitude change that impacts many parts of an organization needs to be
implemented in a relatively short time scale
(4) High-magnitude change can be implemented over a relatively long time scale
BAD ACTORS
business environment?
What leadership behaviors tend to be associated with effective change management?
Leader’s role and behavior in the change process
Higgs and Rowland (2000, 2001) specifically linked leadership behaviors
to activities involved in implementing change. They identified five broad areas of leadership competency associated with successful change implementation. These were:
(1) Creating the case for change: effectively engaging others in recognizing the business
need for change.
(2) Creating structural change: ensuring that the change is based on depth of understanding of the issues and supported with a consistent set of tools and processes.
(3) Engaging others in the whole change process and building commitment.
(4) Implementing and sustaining changes: developing effective plans and ensuring good
monitoring and review practices are developed.
(5) Facilitating and developing capability: ensuring that people are challenged to find
their own answers and that they are supported in doing this.
Emerging themes relating to leadership (Denzin and Lincoln, 2000).
Nine categories were identified:
(1) What leaders say and do. The communication and actions of leaders related directly
to the change.
(2) Making others accountable.
(3) Thinking about change.
(4) Using an individual focus.
(5) Establishing ‘starting points’ for change.
(6) Designing and managing the change journey.
(7) Communicating guiding principles.
(8) Creating individual and organizational capabilities.
(9) Communicating and creating connections.
Factor 1: shaping behavior
(1) What leaders say and do.
(2) Making others accountable.
(3) Thinking about change.
(4) Using an individual focus.
Factor 2: framing change
(1) Establishing ‘starting points’ for change.
(2) Designing and managing the change journey.
(3) Communicating guiding principles.
Factor 3: creating capacity
(1) Creating individual and organizational capabilities.
(2) Communicating and creating connections.
(1) Externally-driven, high-magnitude change can be implemented in a relatively short
time scale.
(2) Long-term change is internally driven in organizations with a long history of
change activities.
(3) High-magnitude change that impacts many parts of an organization needs to be
implemented in a relatively short time scale
(4) High-magnitude change can be implemented over a relatively long time scale
BAD ACTORS
Targets
Individuals Nation States/Critical Infrastructure State agencies/Military Non-Profits and NGOs White hat hackers and security experts Corporations Research facilities and universities |
Attackers
Individual Black Hat hackers Nation States/state-employed hackers State agencies, usually security agencies Autonomous/Non-State hacker groups Hacktivists Cyberspies Cybercriminals with enrichment motives |
CYBERSECURITY 2020
Securing More Due Diligence
"TSI-Plus" MISSION STATEMENT:
Our mission is to provide CYBERSEC consulting services to
businesses, institutions, and individuals, including threat information sharing to minimize digital information, physical, and mechanical infrastructure risk.
Operations which – for whatever purpose – seek to inflict damage:
Cybercrime; Cyberterrorism; Cyberwarfare; Cyberattack;
Cybervandalism/Cyberactivism; Cyberespionage
The word ‘cybersecurity’ is widely used as a term for protection against malware and hacker attacks. It is often used situationally, when an individual’s connected devices can be under attack, a corporation can be hacked or government-run, essential infrastructure can be at risk of attack.
$2.1 Trillion
Projected global cost of Cybercrime by 2019.
"Cybersecurity is a shared responsibility. The Federal government has the responsibility to protect and defend the country and we do this by taking a whole-of-government approach to countering cyber threats. This means leveraging homeland security, intelligence, law enforcement, and military authorities and capabilities, which respectively provide for domestic preparedness, criminal deterrence and investigation, and our national defense. Yet much of our nation’s critical infrastructure and a diverse array of other potential targets are not owned by the Federal government. The Federal government cannot, nor would Americans want it to, provide cybersecurity for every private network." (The White House, 2015)
Neo-Positivist Approach
We need to see the environment as it really is. We need to think about the future of information resilience. Every single company, from small business to Fortune 400, is faced with the potential of cyber attack, from hardware, to software, to data base, to networks, to mobile devices, to the 'internet of things'.
Cybersecurity is a multi-faceted phenomenon which nonetheless can be analyzed practically and theoretically across all levels. Our best-practice approach uses a neo-positivist paradigm, logical positivism, quantification, critical realist, analyticist, behaviorist, and reflectivist metatheoretical frameworks.
Post-positivist approaches integrate and implement insights from framing theory and from agenda-setting theory. Postpositivists pursue objectivity by recognizing the possible effects of biases, an important aspect of intelligence countermeasures. While positivists emphasize quantitative methods, postpositivists consider both quantitative and qualitative methods to be valid approaches.
A postpositivist theory also includes "empirical indicators," observable phenomena, and hypotheses that are testable using the scientific method. Situation can be assessed on the basis of whether it is "accurate," "consistent," "has broad scope," "parsimonious," and "fruitful."
Business Continuity
Maintenance of ‘business continuity’ for an individual, corporate, or local actor is often equal in importance to national or even international security in the realm of cyber-threats. The blunt fact in today's world is that a single con or grifter online can bring your enterprise to a screeching halt, or even worse.
Information loss and theft is now the most expensive consequence of a cyber crime (Ponemon Institute, 2017). Cyber attacks are a reality for all organizations. Direct impact, cyber-attacks can reduce public confidence in the security of internet transactions and e-commerce, damaging corporate reputations. Both (offline) air-gapped equipment and networked societies are vulnerable to cyber-threats without firmware updates. The unknown organizes itself at the edge of the emerging threat landscape.
For example, in Patient Safety and Data Protection: imagine the risk of sentinal events such as sudden data loss for remote patient monitoring and managing medical devices on IT networks. A sentinel event is a Patient Safety Event requiring immediate investigation and response, that reaches a patient and results in any of the following:
Implantable cardiac pacemakers contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits. These vulnerabilities, if exploited, could allow an unauthorized user to access and modify programming in a patient's device using commercially available equipment.
Cyber Security in Remote Patient Monitoring : Risks and Solutions
The following are characteristics of companies that continually scale up their data management and recovery efforts while integrating protection strategies to avert the large cost impact of cybercrime:
(1) Security Posture & Culture
(2) Information Management
(3) Data Protection, and Detection and Recovery.
Ponemon (2016) 2016 Cost of Cyber Crime Study & the Risk of Business Innovation. Ponemon Institute .
We need to consider those unknowns and look at long-term solutions. To avoid getting hacked by 12 year-old kids, cyber-criminals, mobs, and rogue countries, we need to upgrade policy decision countermeasures. Government hacking software has been released online and is now available to anyone who can download and deploy it to their own nefarious ends.
Vault 7 downloads reveal individual tools for things like using Wi-Fi signals to track a device's location, or persistently surveil Macs by controlling the fundamental layer of code that coordinates hardware and software. WikiLeaks claims that Vault 7 reveals "the majority of [the CIA] hacking arsenal including malware, viruses, trojans, weaponized 'zero day' exploits, malware remote control systems and associated documentation."
https://www.wired.com/story/2017-biggest-hacks-so-far/
Threats include:
Cyberterrorism incites fear and inflicts damage;
Cybercrime targets acquisition of financial & personal info;
Cyberactivism/cybervandalism targets political info acquisition, damage deterrence; Cyberwarfare targets strategic info acquisition;
Cyber-Espionage targets financial, political, intelligence info acquisition.
Current trends indicate that most vulnerable organizations to cyber-attacks are small and medium enterprises (SMEs), due to lack of investment in cyber security. SMEs are more often cyber-attacked than large enterprises through three aspects: organizational, technological and psychological.
Organizational aspects range from high unawareness to complete awareness. Lack of resources, negligence, lack of empowerment, technological aspects, psychological aspects, and partial compliance are vulnerability themes. There are methodologies and techniques that an organization or individuals can credibly and effectively use to prioritize the events, hazards, and vulnerabilities in their systems.
Cybersecurity is a security matter which spans from the individual’s security against cyber threats to all of society. The meaning of the term is widening and deepening as a concept. Cybersecurity must be implemented from a critical security and intelligence perspective. Security exists only due to the existence of threats.
Challenges include:
1) Knowledge of one’s own cyber infrastructure
2) Knowledge of the threats emerging in cyberspace
3) Management of Access Controls
4) Monitoring and Detection
5) Informed Incident Response
6) Investigation
7) and Visibility through advanced reporting
Stakeholders vs. Threat Actors
Cyberattack can be sudden, brutal, and devastating. We help you understand exactly what cybersecurity means on a personal and professional level in this era of rampant and aggressive cybercrime. It is not the object that is ‘cyber’, but rather the instrument used in the attack.
You must be prepared not only in your IT system, but in your mechanical and physical infrastructure which can be remotely accessed and manipulated. A culture of security is a first line of defense.
Some attacks simultaneously acquire information as well as damage infrastructure. Hacking of infrastructure, such as government, the power industry and other public services (energy, aviation, water), hospitals, legal providers, law enforcement, etc. are particularly at potential disruptive risk. Don't let your firm be one of them.
Public reports show that many have already been attacked, including some nuclear facilities. Countermeasures include assessment, strategy, and system design. Furthermore, every business has a legal responsibility to protect itself and others from data security breach and hardware vulnerability. Some service providers have already been prosecuted. Protecting your enterprise is not an option, but a necessity, both functionally and legally.
Legal Risks
Don't let a simple con racket destroy your enterprise with a cyberattack. Today's infosec requires prioritizing due diligence and process improvement. If higher management is not informed or does not implement measures required by vulnerabilities, a gap occurs that increases negative outcomes.
A culture of security throughout the line chain is foremost. And more necessary than social culture, is a quantifiable approach to the physical basis of security and to the scope of the process.
In other words, intelligence briefing at many levels helps secure the system. But the system has to be handled as a physical and psychical not cultural phenomena. The scope and range of exposure may seem overwhelming to program managers at first. But your enterprise can be taught current security management protocols both for your firm and their private information systems.
You don't want to be sued, go to jail or have your whole system held ransom for neglecting a clear and present danger from state-sponsored or criminal interference. They not only exploit hardware and software vulnerabilities, but also exploit vulnerabilities in human psychology.
A data breach is within the known realm of probabilities and expectations for which companies must be prepared. This means a return to our legal history of the reasonably foreseeable danger standard.
It means that companies can be held to a reckless standard rather than an ordinary negligence standard. It means that punitive damages and new causes of action such as trespass, conversion, negligent bailment, misappropriation, breach and other actions are appropriate.
Ignoring or by-passing such vulnerabilities of insecure systems can rise to the level of malfeasance (intentional conduct that is wrongful or unlawful, especially by officials or public employees). Malfeasance is a higher level of wrongdoing than nonfeasance (failure to act where there was a duty to act) or misfeasance (conduct that is lawful but inappropriate). All of them can stop your business or production line cold.
Disturbing Trends
Cyber Espionage
The Dark Web is the perfect platform for cybercrime and shadow war: illegal trading, malware hosting, decoys, and targeted attacks, including advanced threat in our industrial networks. Bigger and bigger data flows mean ever more spectacular cybercrimes, including targeting banks, colleges, courts, and hospitals. Strategic infrastructure is particularly at risk. Exposed systems are a threat to local and national security.
https://www.youtube.com/watch?v=UpX70KxGiVo
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware.
It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.
Cyber spying typically involves the use of such access to secrets and classified information or control of individual computers or whole networks for a strategic advantage and for psychological, political and physical subversion activities and sabotage. More recently, cyber spying involves analysis of public activity on social networking sites like Facebook and Twitter.
Such operations, like non-cyber espionage, are typically illegal in the victim country while fully supported by the highest level of government in the aggressor country. The ethical situation likewise depends on one's viewpoint, particularly one's opinion of the governments involved. https://en.wikipedia.org/wiki/Cyber_spying
Strategic Infrastructure
Infrastructure is the basic physical systems of a business or nation; transportation, communication, sewage, water and electric systems are all examples of infrastructure. These systems, including Public-Private Infrastructure, tend to be high-cost investments; however, they are vital to a country's survival and security, economic development, and prosperity.
IT infrastructure breakdown can lead to massive mechanical failure, or worse. Unguarded, this sector makes municipalities and massive groups of citizens vulnerable. Physical components require the same comprehensive protection as IT systems.
Essential skills needed to implement security in a network in an enterprise environment include risk analysis, security policies, penetration testing techniques, Transfer Control Protocol (TCP), packet analysis, cryptography, operating system (OS) hardening, virus protection, and disaster recovery.
Asset Managers and CFOs need to understand that allocation of funds for full-spectrum security is essential. Cybersecurity must be prioritized to deliver infrastructure effectively and efficiently. Ignoring or underfunding it invites company and regional, if not national disasters with massive expense for recovery, if even possible.
Who needs sophisticated and comprehensive InfoSec the most?
What is the framework for Strategic Infrastructure Management?
We define 'infrastructure' as including the following sectors:
Two other kinds of infrastructure include soft infrastructure (the public institutions required for maintaining society, notably the legal and judicial system, the education and health systems, and the financial system) and industrial infrastructure (such as mineworks, or the interconnected roads within a large factory complex).
Others include airports, highways, rail transport, hospitals, bridges, transport hubs, network communications, media, the electricity grid, dams, power plants, seaports, oil refineries, and water systems. Infrastructure security seeks to limit vulnerability of these structures and systems to vandalism, sabotage, terrorism, and contamination.
Critical infrastructures naturally utilize information technology as this capability has become more and more available. As a result, they have become highly interconnected, and interdependent. Intrusions and disruptions in one infrastructure might provoke unexpected failures to others. How to handle interdependencies becomes an important problem. https://en.wikipedia.org/wiki/Infrastructure_security
Breaking Down 'Infrastructure'
Applicable to large- and small-scale organizational frameworks, infrastructure can include a variety of systems and structures as long as there are physical components required. For example, the electrical grid across a city, state or country is infrastructure based on the equipment involved and the intent to provide a service to the areas it supports.
Similarly, the physical cabling and components making up the data network of a company operating within a specific location are also infrastructure for the business in question, as they are necessary to support business operations. This includes mechanical processes controlled by networks.
IT Infrastructure
Many technical systems are often referred to as infrastructure, such as networking equipment and servers, due to the critical function they provide within certain business environments. Without the information technology (IT) infrastructure, many businesses struggle to share and move data in a way that promotes efficiency within the workplace. If IT infrastructure fails, many business and strategic functions cannot be performed.
Infrastructure Categories
Along with the aforementioned sectors, infrastructure includes waste disposal services, such as garbage pickup and local dumps. Certain administrative functions, often covered through various government agencies, are also considered part of the infrastructure. Educational and health care facilities may also be included, along with certain research and development functions and necessary training facilities.
https://www.investopedia.com/terms/i/infrastructure.asp
The following are why infrastructure needs to be heavily secured and protected:
Information warfare (IW) is a concept involving the battlespace use and management of information and communication technology in pursuit of a competitive advantage over an opponent. Information warfare may involve collection of tactical information, assurance(s) that one's own information is valid, spreading of propaganda or disinformation to demoralize or manipulate the enemy and the public, undermining the quality of opposing force information and denial of information-collection opportunities to opposing forces. Information warfare is closely linked to psychological warfare.
The United States military focus tends to favor technology, and hence tends to extend into the realms of electronic warfare, cyberwarfare, information assurance and computer network operations, attack and defense.
Most of the rest of the world use the much broader term of "Information Operations" which, although making use of technology, focuses on the more human-related aspects of information use, including (among others) social network analysis, decision analysis and the human aspects of command and control. https://en.wikipedia.org/wiki/Information_warfare
Insider Threat
The web and social networking is also a platform for personnel data breaches to gain profiles of sensitive technology job holders to leverage unwitting HUMINT recruitment. Physical compromise can lead to internal compromise.
Unwitting, 'knucke-head,' and knowingly malicious insider threat is not just a technical of cyber-threat issue. But it is an advanced persistent threat including unauthorized disclosure. Who are the high-risk individuals?
Kill Chain
For example, among those to watch are privileged users, sys-admins, or anyone with Narcissistic Personality Disorder.
Emotional Instability
Change in Habits
Exploitable Work Profile
Work Environment/ Disgruntlement
Vengefulness
Personal Vulnerability
Unauthorized Work Activity
Conflicting Loyalty
Personality/Psychological Issues
Overly Sensitive/ Insecure Thrill-Seeking.
Convergence of traditional human intelligence (HUMINT) tradecraft and APT style cyber threats occurs in the gray zone between Information Security and Industrial Security. It may go undetected as a result, making the "unwitting insider" an extremely difficult problem to identify. They aren't hackers. Most won't evolve into true threats. 'Red flags' are just indicators. FBI suggests monitoring these malicious insider traits:
Disgruntlement,
Responds poorly to criticism,
Cannot cope with stress at work,
Exhibits a sudden change in work performance,
Reacts inappropriately to stress at work,
Ego Acts domineering,
Harasses others,
Acts argumentative,
Superiority issues,
Acts selfish,
Manipulative,
Acts like rules do not apply,
Poor teamwork abilities, Irritability.
Makes threats, Engages or threatens to engage in retaliatory behavior, Relationship/Financial Problems,
Problems with divorce,
Problems with marriage,
Stress in home life,
Financial problems,
Difficulty coping with stress at home,
Sudden change in financial status,
Irresponsibility,
Acts selfish,
Emotional Vulnerability,
Change in beliefs,
Unusual level of pessimism,
Unusual level of sadness,
Irritability,
Makes threats,
Difficulty controlling emotions.
Get plugged into your HR reporting chain and look for these issues!
https://www.slideshare.net/SelectedPresentations/ht-t17
FBI's multidisciplinary approach uses the following:
Goals: Detect,Disturb, Disrupt
Identify: CI/Intel, Personnel, CyberSecurity
Focus: People, Enemy, Data
Industrial espionage is big business. Data from convictions under the Industrial Espionage Act (IEA) Title18 U.S.C., Section 1831. Average loss per case: $472M; FBI Case Statistics From IEA 1996 - Present.
Carnegie Mellon has published an insider threat study and detection program, funded by DHS.
Carnie Melon University CERT Insider Threat Center
http://www.cert.org/insider_threat/
Dark Web
Unlike a 'snatch and grab,' the undiscovered system breach can exist for a long time while attackers target system vulnerabilities to exploit. They can intrude in control systems but migrate to administrative networks or actuators. Behind the screen penetration devices from the Vault 8 security breach and more are now online free to all potential bad actors.
The dark side of technology just hit home hard. A hack on credit bureau Equifax exposed personal data of 143 million customers, including 209,000 credit card details. This sort of crime costs millions in recovery, redistribution, and operating costs.
Credit card breach alone has already hit big companies like Equifax, Mastercard, Visa, Uber, Sonic Drive-Ins, TRW/Sears, Trader Joe's, Saks, Dun & Bradstreet, Hilton, Target, Verizon, Yahoo, and Whole Foods -- even Internal Revenue Service.
https://en.wikipedia.org/wiki/List_of_data_breaches
Reporter Christopher Burgess contacted Global Payments and asked some basic questions, which "I hoped would be able to allow me to determine if their breach was the cause of my credit card being replaced" (Answers provided in bold).
1. What was the final number of accounts which were compromised by the unauthorized access to your system? ~1,500,000 per FAQ
2. How many banking institutions (Banks, Savings&Loan, Credit Unions, etc) were affected? No Answer
3. In which states were “breach notification laws” germane to the unauthorized access to your system? No Answer
4. Was this event limited to U.S. cardholders or was this international?
Predominately U.S. per FAQ
5. Was your system judged to be compliant with the PCI standards? No Answer
A. What was the date of the most recent compliance certification? No Answer
B. Who or what entity conducted the compliance certification inspection? No Answer
6. Are you offering “credit report” monitoring to all of those whose credit cards have been compromised? Contact your bank per FAQ
Global Payments forwarded to me a link to their crisis FAQ page they created:
Global Payments 2012 Info Security Update
"Absent any exactness in the answers, I tallied up who was expending efforts and concluded: the issuing bank had expended time and energy; as did the vendors with whom I do business and I too had an expenditure of time and energy. Expenditures all required to clean-up after an entity who lost my credit card data."
https://www.huffingtonpost.com/christopher-burgess/global-payments-data-breach_b_1429871.html
Your firm needs to ask the critical questions:
Cybercrime, Proxy Wars, and Ransomware extortion can be worse than a natural disaster. Service providers have new liabilities and responsibilities. Its impact on corporate reputation and financial performance compel organizations to assess risk exposure, implement risk transfer and mitigation strategies.
What are your standards for Best Practices and
Proactive Strategies to Mitigate Cyberthreats?
1. Stop being overly broad and irresponsible with the data that is gathered. Is it really necessary? Does it benefit your customer? Is it worth the risk? Are they aware you're gathering the info?
2. Have policies for data handling. Who has access? How is it stored and accessed? How long is it held? How is it disposed? Make sure that employees are trained and policies are enforced and updated?
3. Have security in place?
4. Have procedures for when security is breached. Notification and other steps to mitigate damages. Investigation and containment.
5. Companies should be prepared to insure against the breach and hold consumers harmless. A simple short term monitoring agreement is insufficient.
Criminal Interference
The world of cyber-security now includes an element of Intelligence used to counter sophisticated Bad Actors, malware, and ransom attacks. Virtually all US government and intelligence codes have been stolen and widely sold on the Dark Web to malicious actors who pose not only a risk, but an active threat to anyone online.
The Dark Net has evolved for legitimate and illegitimate purposes with the potential for great damage. It poses a potential disruptive risk to privacy, monetization, and migrating billions in e-commerce. If it continues to grow it can effect the way companies are valued by the market.
The Dark Net is a way for people to be anonymous online, a shadow ecosystem with mainstream risks from Bad Actors, military, and intelligence communications around the globe. There is no regulation, law and order, or justice there. It started as a channel for secure, anonymous communication, then evolved into a multibillion-dollar shadow economy, including the Bit-Coin and block-chain market.
The Dark Net remains on the fringes of society today. Messages, goods and services can change hands outside the reach of regulation and law enforcement. But its potential for malicious and illegal disruption of mainstream businesses is growing. Perhaps the really surprising thing about the Dark Net is the scale of it -- up to 400,000 users in the US, alone.
Source code and analysis for CIA software projects, covert infrastructure components, were exposed through espionage. It is a dubious claim that the published material does not contain 0-days or similar security vulnerabilities which could be repurposed by others. Data can be both infiltrated and extracted from target systems.
There are many vectors of intrusion. Covert communications programs allow sophisticated malware implants on a target computer to communicate with its operators in a secure manner that does not draw attention. Cover domains and back-end infrastructure act as a relay for HTTP(S) traffic over a VPN connection to "hidden" servers.
Cover domains deliver 'innocent' content to those who browse them by chance. Visitors never suspect that they are anything else but normal websites. The user browsing the website is not required to authenticate - it is optional. But malicious implants do authenticate themselves. So traffic from implants is sent to an implant operator management gateway while all other traffic goes to a cover server that delivers the unsuspicious content for all other users.
Crypto-ransomware is a particular concern of top organizations attempting to safeguard sensitive and vital customer data. Also, the internet of things is open to crypto ransomware attacks. Losing data on a hard drive is devastating — but loosing a life to a data breach or hack of a pacemaker takes ransomware concerns to a new level. CEOs could be essentially taken hostage along with industrial or financial systems through such attack vectors.
Shadow War Situation Alert
You may be aware of the shocking revelations provided by the Edward Snowden leaks that highlighted the NSA's global mass surveillance operations covered by the overall code name Trailblazer. In these operations the NSA attempted to and is still working towards broad spectrum capture and store operations that cover all voice and data communications traffic on a global basis.
A countermeasures 'Mole Hunt' is still in progress, including National Security Agency’s hacking group, Tailored Access Operations, or T.A.O. It is called the Equation Group by malicious hackers. Insider threat recruitment and capabilities must be addressed. N.S.A. employees have been subjected to polygraphs and suspended from their jobs in a hunt for turncoats allied with the Shadow Brokers.
The situation is characterized as "a disaster on multiple levels.” On Aug. 13 2016, a new Twitter account in the Shadow Brokers’ name announced with fanfare an online auction of stolen N.S.A. hacking tools. “We hack Equation Group,” the Shadow Brokers wrote. “We find many many Equation Group cyber weapons.”
New firms are arising defending computer networks from intrusions that use the N.S.A.’s leaked tools. More leakers may still be inside the agency, as over 200 reportedly failed their polygraph tests. A single leaker might be responsible for both the Shadow Brokers and the C.I.A.’s Vault7 and 8 breaches.
N.S.A.'s ability to protect potent cyberweapons, operational security knowledge, and national security were compromised. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own. “The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected.”
The problem persists at the highest security levels and points to a Shadow War With Russia, as well as Iranian, NK, and Chinese involvement. And no end is in sight. “How much longer are the releases going to come?” a former T.A.O. employee asked. “The agency doesn’t know how to stop it — or even what ‘it’ is.” But we have already seen the effects of state-sponsored and criminal bad actors. There have been numerous attacks already with more surely to follow.
The Guardian reports, 15 November 2017, that, "Russian hackers attacked British media, telecoms and energy companies over the last year, the head of the UK’s National Cyber Security Centre has confirmed for the first time." “Russia is seeking to undermine the international system. That much is clear. The PM made the point on Monday night – international order as we know it is in danger of being eroded.” “NCSC believes that due to the use of widespread targeting by the attacker, a number of industrial control system engineering and services organisations are likely to have been compromised.”
https://www.theguardian.com/technology/2017/nov/15/russian-hackers-targeted-uk-media-and-telecoms-firms-confirms-spy-chief
Tens of thousands of employees at Mondelez International, the Oreo cookie maker, had their data completely wiped. FedEx reported that an attack on a European subsidiary had halted deliveries and cost $300 million. Hospitals in Pennsylvania, Britain and Indonesia had to turn away patients. The attacks disrupted production at a car plant in France, an oil company in Brazil and a chocolate factory in Tasmania, among thousands of enterprises affected worldwide.
The T.A.O. hackers knew that when Kaspersky updated its popular antivirus software to find and block the N.S.A. malware, it could thwart spying operations around the world.
So T.A.O. personnel rushed to replace implants in many countries with new malware they did not believe the Russian company could detect. That remains to be seen.
More: https://www.nytimes.com/2017/11/12/us/nsa-shadow-brokers.html
YAHWEH
Some of these omniscient programs allow GOD LEVEL or administrator access to network systems and hardware.
[pls explain in 3 more sentences, or so]
Defend Your Enterprise
You now know that multiple threat agents are willing and able to exploit your vulnerabilities. It quickly becomes easy to see that defending your enterprise must meet this state-of-the-art threat with full-spectrum systems management.
The New York Times reported: "The N.S.A.’s headquarters at Fort Meade in Maryland. Cybertools the agency developed have been picked up by hackers from North Korea to Russia and shot back at the United States and its allies."
In late 2017 the US government issued a rare public warning about hacking campaigns targeting energy and industrial firms. This is the latest evidence that cyber attacks present an increasing threat to the power industry and other public infrastructure.
The Department of Homeland Security and Federal Bureau of Investigation warned in a widely-distributed report that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks. The report said the objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets.
Cyber-security, Infosec, and Countermeasures must be in place at all times to counter threat actors and legal vulnerabilities. Since data breech is within the known realm of probabilities and expectations, all companies must be prepared.
This means all companies can be held to a reckless standard rather than an ordinary negligence standard. Risks include data loss, infrastructure intrusion, damage, and loss, punitive damages and new causes of action from trespass to misappropriation.
COUNTERMEASURES
Countermeasures include improved protection against cyberattacks through shared threat intelligence. Threat intelligence is curated information about an existing or emerging cyberthreat that can be distributed for the purpose of improving defenses against a specific attack.
Going beyond IP addresses, hashes, and other core threat identifiers, threat intelligence provides critical context around a threat activity, including indicators of compromise (IoC), indicators of attack (IoA), the tactics employed, and, potentially, the motivation and identity of the adversary.
Threat Modeling
Through leadership within the threat intelligence sharing community and by developing technologies that more easily share and use threat intelligence, we help customers better identify and stop attacks.
SECURITY RISK INTELLIGENCE
Consider the Risk Factors, Vulnerabilities, threat actor campaigns, behaviors, patterns;
threat picture + vulnerabilities = relevance consequences, dependencies, risk impact.
How Did Such Vulnerability Happen?
[add links and 2-3 sentence synopsis in PowerPoint and/or handout]
Stuxnet
Malicious Nation-States
Transnational Crime Syndicates
Espionage
Wanna Cry Ransomware
Equifax and other credit Breach
Weeping Angel
Kasperski Breach
WiFi
Stix, taxii
Bad Actors, Dark Web, and Shadow Brokers
INFOSEC and Infrastructure Hardware/Software
How Can Stakeholder Assets, Liability, and Infrastructure
Be Protected from Threat Actors Now?
Today, most private networks have multiple endpoints to properly secure:
SecOps Partnering
Mission critical information
Situational awareness
Streamlined threat operations
Situational Awareness
Cyber threat Intelligence
Countermeasures
Access control of hardware/software identity management
Authorization/password management
Layered security
Detection
Analytics
Consequence analysis
Incidence response
Response management
Forensics
[TSI STRAW FIRM]
edit to suit
Who We Are & How We Can Help
Our firm provides managed I/T solutions to private industry and other market sectors. Responding to security breaches on various government and commercial computer systems and networks, our founders saw a market niche. We provide highly secure, tightly managed computing, data and voice communications infrastructures.
Personnel include:
Information Security Specialists
Systems Engineering Specialists
Network Engineering Specialists
Fusion Center/Operations Specialists
Security Officers/Protection Officers
All positions with our firm have the following minimum entry requirements:
Our origins are humble - our initial staff was comprised of former officers and enlisted personnel from the United States' and NATO military organizations. These initial staff members originated from the operational specialties of Signals & Communications, Engineering, Signals Intelligence (SIGINT), and Logistics.
Our overarching goal is to keep our customers' data and voice communications infrastructure highly available, performing reliably, quickly and with very high levels of security. We manage and operate our customers' infrastructure in some of the most challenging areas of the world.
We feature staff with a minimum security clearance of NATO secret. Depending on customer requirements, we can supply highly trained staff with security clearances such as NATO top secret, compartmentalized with polygraph. All staff are subject to semi-annual security reviews, random drug testing and basic reliability checks. More stringent staff security qualifications are available upon assessment of customer needs.
All of our staff members hold baccalaureate degrees in at least one of the following disciplines: software engineering, computer science, electrical engineering, mechanical engineering, geomatic engineering, information security, architecture, interior design, law enforcement, and business administration. Many of our staff members hold multiple baccalaureate degrees and/or post-graduate degrees in these areas:
Systems
Security
Surveillance Services
Data Center Design Services
Outside/Inside Cable Plant
Geomatic/GIS Services
Facilities
Physical Asset Security & Protection Services
Personnel Security & Protection Services
___________________________________________
Securing More Due Diligence
"TSI-Plus" MISSION STATEMENT:
Our mission is to provide CYBERSEC consulting services to
businesses, institutions, and individuals, including threat information sharing to minimize digital information, physical, and mechanical infrastructure risk.
Operations which – for whatever purpose – seek to inflict damage:
Cybercrime; Cyberterrorism; Cyberwarfare; Cyberattack;
Cybervandalism/Cyberactivism; Cyberespionage
The word ‘cybersecurity’ is widely used as a term for protection against malware and hacker attacks. It is often used situationally, when an individual’s connected devices can be under attack, a corporation can be hacked or government-run, essential infrastructure can be at risk of attack.
- Cybersecurity is a security matter, concerned with freedom from threats.
- Threats to cybersecurity all share the common threat of a breach/attack.
- Cybersecurity, is different than information security and computer security.
- A working definition of cybersecurity addresses threats to security.
- In the case of cybersecurity, there are several types of threats, sharing in common that they entail some sort of digital breach/attack.
$2.1 Trillion
Projected global cost of Cybercrime by 2019.
"Cybersecurity is a shared responsibility. The Federal government has the responsibility to protect and defend the country and we do this by taking a whole-of-government approach to countering cyber threats. This means leveraging homeland security, intelligence, law enforcement, and military authorities and capabilities, which respectively provide for domestic preparedness, criminal deterrence and investigation, and our national defense. Yet much of our nation’s critical infrastructure and a diverse array of other potential targets are not owned by the Federal government. The Federal government cannot, nor would Americans want it to, provide cybersecurity for every private network." (The White House, 2015)
Neo-Positivist Approach
We need to see the environment as it really is. We need to think about the future of information resilience. Every single company, from small business to Fortune 400, is faced with the potential of cyber attack, from hardware, to software, to data base, to networks, to mobile devices, to the 'internet of things'.
Cybersecurity is a multi-faceted phenomenon which nonetheless can be analyzed practically and theoretically across all levels. Our best-practice approach uses a neo-positivist paradigm, logical positivism, quantification, critical realist, analyticist, behaviorist, and reflectivist metatheoretical frameworks.
Post-positivist approaches integrate and implement insights from framing theory and from agenda-setting theory. Postpositivists pursue objectivity by recognizing the possible effects of biases, an important aspect of intelligence countermeasures. While positivists emphasize quantitative methods, postpositivists consider both quantitative and qualitative methods to be valid approaches.
A postpositivist theory also includes "empirical indicators," observable phenomena, and hypotheses that are testable using the scientific method. Situation can be assessed on the basis of whether it is "accurate," "consistent," "has broad scope," "parsimonious," and "fruitful."
Business Continuity
Maintenance of ‘business continuity’ for an individual, corporate, or local actor is often equal in importance to national or even international security in the realm of cyber-threats. The blunt fact in today's world is that a single con or grifter online can bring your enterprise to a screeching halt, or even worse.
Information loss and theft is now the most expensive consequence of a cyber crime (Ponemon Institute, 2017). Cyber attacks are a reality for all organizations. Direct impact, cyber-attacks can reduce public confidence in the security of internet transactions and e-commerce, damaging corporate reputations. Both (offline) air-gapped equipment and networked societies are vulnerable to cyber-threats without firmware updates. The unknown organizes itself at the edge of the emerging threat landscape.
For example, in Patient Safety and Data Protection: imagine the risk of sentinal events such as sudden data loss for remote patient monitoring and managing medical devices on IT networks. A sentinel event is a Patient Safety Event requiring immediate investigation and response, that reaches a patient and results in any of the following:
- Death
- Permanent harm
- Severe temporary harm and intervention required to sustain life
Implantable cardiac pacemakers contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits. These vulnerabilities, if exploited, could allow an unauthorized user to access and modify programming in a patient's device using commercially available equipment.
Cyber Security in Remote Patient Monitoring : Risks and Solutions
The following are characteristics of companies that continually scale up their data management and recovery efforts while integrating protection strategies to avert the large cost impact of cybercrime:
(1) Security Posture & Culture
(2) Information Management
(3) Data Protection, and Detection and Recovery.
Ponemon (2016) 2016 Cost of Cyber Crime Study & the Risk of Business Innovation. Ponemon Institute .
We need to consider those unknowns and look at long-term solutions. To avoid getting hacked by 12 year-old kids, cyber-criminals, mobs, and rogue countries, we need to upgrade policy decision countermeasures. Government hacking software has been released online and is now available to anyone who can download and deploy it to their own nefarious ends.
Vault 7 downloads reveal individual tools for things like using Wi-Fi signals to track a device's location, or persistently surveil Macs by controlling the fundamental layer of code that coordinates hardware and software. WikiLeaks claims that Vault 7 reveals "the majority of [the CIA] hacking arsenal including malware, viruses, trojans, weaponized 'zero day' exploits, malware remote control systems and associated documentation."
https://www.wired.com/story/2017-biggest-hacks-so-far/
Threats include:
Cyberterrorism incites fear and inflicts damage;
Cybercrime targets acquisition of financial & personal info;
Cyberactivism/cybervandalism targets political info acquisition, damage deterrence; Cyberwarfare targets strategic info acquisition;
Cyber-Espionage targets financial, political, intelligence info acquisition.
Current trends indicate that most vulnerable organizations to cyber-attacks are small and medium enterprises (SMEs), due to lack of investment in cyber security. SMEs are more often cyber-attacked than large enterprises through three aspects: organizational, technological and psychological.
Organizational aspects range from high unawareness to complete awareness. Lack of resources, negligence, lack of empowerment, technological aspects, psychological aspects, and partial compliance are vulnerability themes. There are methodologies and techniques that an organization or individuals can credibly and effectively use to prioritize the events, hazards, and vulnerabilities in their systems.
Cybersecurity is a security matter which spans from the individual’s security against cyber threats to all of society. The meaning of the term is widening and deepening as a concept. Cybersecurity must be implemented from a critical security and intelligence perspective. Security exists only due to the existence of threats.
Challenges include:
1) Knowledge of one’s own cyber infrastructure
2) Knowledge of the threats emerging in cyberspace
3) Management of Access Controls
4) Monitoring and Detection
5) Informed Incident Response
6) Investigation
7) and Visibility through advanced reporting
Stakeholders vs. Threat Actors
Cyberattack can be sudden, brutal, and devastating. We help you understand exactly what cybersecurity means on a personal and professional level in this era of rampant and aggressive cybercrime. It is not the object that is ‘cyber’, but rather the instrument used in the attack.
You must be prepared not only in your IT system, but in your mechanical and physical infrastructure which can be remotely accessed and manipulated. A culture of security is a first line of defense.
Some attacks simultaneously acquire information as well as damage infrastructure. Hacking of infrastructure, such as government, the power industry and other public services (energy, aviation, water), hospitals, legal providers, law enforcement, etc. are particularly at potential disruptive risk. Don't let your firm be one of them.
Public reports show that many have already been attacked, including some nuclear facilities. Countermeasures include assessment, strategy, and system design. Furthermore, every business has a legal responsibility to protect itself and others from data security breach and hardware vulnerability. Some service providers have already been prosecuted. Protecting your enterprise is not an option, but a necessity, both functionally and legally.
Legal Risks
Don't let a simple con racket destroy your enterprise with a cyberattack. Today's infosec requires prioritizing due diligence and process improvement. If higher management is not informed or does not implement measures required by vulnerabilities, a gap occurs that increases negative outcomes.
A culture of security throughout the line chain is foremost. And more necessary than social culture, is a quantifiable approach to the physical basis of security and to the scope of the process.
In other words, intelligence briefing at many levels helps secure the system. But the system has to be handled as a physical and psychical not cultural phenomena. The scope and range of exposure may seem overwhelming to program managers at first. But your enterprise can be taught current security management protocols both for your firm and their private information systems.
You don't want to be sued, go to jail or have your whole system held ransom for neglecting a clear and present danger from state-sponsored or criminal interference. They not only exploit hardware and software vulnerabilities, but also exploit vulnerabilities in human psychology.
A data breach is within the known realm of probabilities and expectations for which companies must be prepared. This means a return to our legal history of the reasonably foreseeable danger standard.
It means that companies can be held to a reckless standard rather than an ordinary negligence standard. It means that punitive damages and new causes of action such as trespass, conversion, negligent bailment, misappropriation, breach and other actions are appropriate.
Ignoring or by-passing such vulnerabilities of insecure systems can rise to the level of malfeasance (intentional conduct that is wrongful or unlawful, especially by officials or public employees). Malfeasance is a higher level of wrongdoing than nonfeasance (failure to act where there was a duty to act) or misfeasance (conduct that is lawful but inappropriate). All of them can stop your business or production line cold.
Disturbing Trends
Cyber Espionage
The Dark Web is the perfect platform for cybercrime and shadow war: illegal trading, malware hosting, decoys, and targeted attacks, including advanced threat in our industrial networks. Bigger and bigger data flows mean ever more spectacular cybercrimes, including targeting banks, colleges, courts, and hospitals. Strategic infrastructure is particularly at risk. Exposed systems are a threat to local and national security.
https://www.youtube.com/watch?v=UpX70KxGiVo
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware.
It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.
Cyber spying typically involves the use of such access to secrets and classified information or control of individual computers or whole networks for a strategic advantage and for psychological, political and physical subversion activities and sabotage. More recently, cyber spying involves analysis of public activity on social networking sites like Facebook and Twitter.
Such operations, like non-cyber espionage, are typically illegal in the victim country while fully supported by the highest level of government in the aggressor country. The ethical situation likewise depends on one's viewpoint, particularly one's opinion of the governments involved. https://en.wikipedia.org/wiki/Cyber_spying
Strategic Infrastructure
Infrastructure is the basic physical systems of a business or nation; transportation, communication, sewage, water and electric systems are all examples of infrastructure. These systems, including Public-Private Infrastructure, tend to be high-cost investments; however, they are vital to a country's survival and security, economic development, and prosperity.
IT infrastructure breakdown can lead to massive mechanical failure, or worse. Unguarded, this sector makes municipalities and massive groups of citizens vulnerable. Physical components require the same comprehensive protection as IT systems.
Essential skills needed to implement security in a network in an enterprise environment include risk analysis, security policies, penetration testing techniques, Transfer Control Protocol (TCP), packet analysis, cryptography, operating system (OS) hardening, virus protection, and disaster recovery.
Asset Managers and CFOs need to understand that allocation of funds for full-spectrum security is essential. Cybersecurity must be prioritized to deliver infrastructure effectively and efficiently. Ignoring or underfunding it invites company and regional, if not national disasters with massive expense for recovery, if even possible.
Who needs sophisticated and comprehensive InfoSec the most?
What is the framework for Strategic Infrastructure Management?
We define 'infrastructure' as including the following sectors:
- Economic infrastructure: assets that enable society and the economy to function, such as transport (airports, ports, roads and railroads), energy (gas and electricity), water and waste, and telecommunications facilities
- Social infrastructure: assets to support the provision of public services, such as government buildings, police and military facilities, social housing, health facilities, and educational and community establishments
Two other kinds of infrastructure include soft infrastructure (the public institutions required for maintaining society, notably the legal and judicial system, the education and health systems, and the financial system) and industrial infrastructure (such as mineworks, or the interconnected roads within a large factory complex).
Others include airports, highways, rail transport, hospitals, bridges, transport hubs, network communications, media, the electricity grid, dams, power plants, seaports, oil refineries, and water systems. Infrastructure security seeks to limit vulnerability of these structures and systems to vandalism, sabotage, terrorism, and contamination.
Critical infrastructures naturally utilize information technology as this capability has become more and more available. As a result, they have become highly interconnected, and interdependent. Intrusions and disruptions in one infrastructure might provoke unexpected failures to others. How to handle interdependencies becomes an important problem. https://en.wikipedia.org/wiki/Infrastructure_security
Breaking Down 'Infrastructure'
Applicable to large- and small-scale organizational frameworks, infrastructure can include a variety of systems and structures as long as there are physical components required. For example, the electrical grid across a city, state or country is infrastructure based on the equipment involved and the intent to provide a service to the areas it supports.
Similarly, the physical cabling and components making up the data network of a company operating within a specific location are also infrastructure for the business in question, as they are necessary to support business operations. This includes mechanical processes controlled by networks.
IT Infrastructure
Many technical systems are often referred to as infrastructure, such as networking equipment and servers, due to the critical function they provide within certain business environments. Without the information technology (IT) infrastructure, many businesses struggle to share and move data in a way that promotes efficiency within the workplace. If IT infrastructure fails, many business and strategic functions cannot be performed.
Infrastructure Categories
Along with the aforementioned sectors, infrastructure includes waste disposal services, such as garbage pickup and local dumps. Certain administrative functions, often covered through various government agencies, are also considered part of the infrastructure. Educational and health care facilities may also be included, along with certain research and development functions and necessary training facilities.
https://www.investopedia.com/terms/i/infrastructure.asp
The following are why infrastructure needs to be heavily secured and protected:
- Terrorism - person or groups deliberately targeting critical infrastructure for political gain. In the November 2008 Mumbai attacks, the Mumbai central station and hospital were deliberately targeted.
- Sabotage - person or groups such as ex-employee, political groups against governments, environmental groups in defense of environment. Refer to Bangkok's International Airport Seized by Protestors.
- Information warfare - private person hacking for private gain or countries initiating attacks to glean information and also damage a country's infrastructure. For example, in cyberattacks on Estonia and cyberattacks during the 2008 South Ossetia war.
- Natural disaster - hurricane or natural events which damage critical infrastructure such as oil pipelines, water and power grids, such as the 2017 Puerto Rico hurricane.
Information warfare (IW) is a concept involving the battlespace use and management of information and communication technology in pursuit of a competitive advantage over an opponent. Information warfare may involve collection of tactical information, assurance(s) that one's own information is valid, spreading of propaganda or disinformation to demoralize or manipulate the enemy and the public, undermining the quality of opposing force information and denial of information-collection opportunities to opposing forces. Information warfare is closely linked to psychological warfare.
The United States military focus tends to favor technology, and hence tends to extend into the realms of electronic warfare, cyberwarfare, information assurance and computer network operations, attack and defense.
Most of the rest of the world use the much broader term of "Information Operations" which, although making use of technology, focuses on the more human-related aspects of information use, including (among others) social network analysis, decision analysis and the human aspects of command and control. https://en.wikipedia.org/wiki/Information_warfare
Insider Threat
The web and social networking is also a platform for personnel data breaches to gain profiles of sensitive technology job holders to leverage unwitting HUMINT recruitment. Physical compromise can lead to internal compromise.
Unwitting, 'knucke-head,' and knowingly malicious insider threat is not just a technical of cyber-threat issue. But it is an advanced persistent threat including unauthorized disclosure. Who are the high-risk individuals?
Kill Chain
For example, among those to watch are privileged users, sys-admins, or anyone with Narcissistic Personality Disorder.
Emotional Instability
Change in Habits
Exploitable Work Profile
Work Environment/ Disgruntlement
Vengefulness
Personal Vulnerability
Unauthorized Work Activity
Conflicting Loyalty
Personality/Psychological Issues
Overly Sensitive/ Insecure Thrill-Seeking.
Convergence of traditional human intelligence (HUMINT) tradecraft and APT style cyber threats occurs in the gray zone between Information Security and Industrial Security. It may go undetected as a result, making the "unwitting insider" an extremely difficult problem to identify. They aren't hackers. Most won't evolve into true threats. 'Red flags' are just indicators. FBI suggests monitoring these malicious insider traits:
Disgruntlement,
Responds poorly to criticism,
Cannot cope with stress at work,
Exhibits a sudden change in work performance,
Reacts inappropriately to stress at work,
Ego Acts domineering,
Harasses others,
Acts argumentative,
Superiority issues,
Acts selfish,
Manipulative,
Acts like rules do not apply,
Poor teamwork abilities, Irritability.
Makes threats, Engages or threatens to engage in retaliatory behavior, Relationship/Financial Problems,
Problems with divorce,
Problems with marriage,
Stress in home life,
Financial problems,
Difficulty coping with stress at home,
Sudden change in financial status,
Irresponsibility,
Acts selfish,
Emotional Vulnerability,
Change in beliefs,
Unusual level of pessimism,
Unusual level of sadness,
Irritability,
Makes threats,
Difficulty controlling emotions.
Get plugged into your HR reporting chain and look for these issues!
https://www.slideshare.net/SelectedPresentations/ht-t17
FBI's multidisciplinary approach uses the following:
Goals: Detect,Disturb, Disrupt
Identify: CI/Intel, Personnel, CyberSecurity
Focus: People, Enemy, Data
Industrial espionage is big business. Data from convictions under the Industrial Espionage Act (IEA) Title18 U.S.C., Section 1831. Average loss per case: $472M; FBI Case Statistics From IEA 1996 - Present.
Carnegie Mellon has published an insider threat study and detection program, funded by DHS.
Carnie Melon University CERT Insider Threat Center
http://www.cert.org/insider_threat/
- Who would be targeting your organization? ► Who would they target inside your organization? ► Who are the high risk individuals in your organization? Know Your Enemy
- Know Your Data ► What are the crown jewels of your organization? ► What data / people would the enemy want to target? ► Action: ► Identify sensitive data ► Rate top 5 most important systems in terms of sensitive data ► Gather data about the systems ► User data ► Logs ► Document information.
Dark Web
Unlike a 'snatch and grab,' the undiscovered system breach can exist for a long time while attackers target system vulnerabilities to exploit. They can intrude in control systems but migrate to administrative networks or actuators. Behind the screen penetration devices from the Vault 8 security breach and more are now online free to all potential bad actors.
The dark side of technology just hit home hard. A hack on credit bureau Equifax exposed personal data of 143 million customers, including 209,000 credit card details. This sort of crime costs millions in recovery, redistribution, and operating costs.
Credit card breach alone has already hit big companies like Equifax, Mastercard, Visa, Uber, Sonic Drive-Ins, TRW/Sears, Trader Joe's, Saks, Dun & Bradstreet, Hilton, Target, Verizon, Yahoo, and Whole Foods -- even Internal Revenue Service.
https://en.wikipedia.org/wiki/List_of_data_breaches
Reporter Christopher Burgess contacted Global Payments and asked some basic questions, which "I hoped would be able to allow me to determine if their breach was the cause of my credit card being replaced" (Answers provided in bold).
1. What was the final number of accounts which were compromised by the unauthorized access to your system? ~1,500,000 per FAQ
2. How many banking institutions (Banks, Savings&Loan, Credit Unions, etc) were affected? No Answer
3. In which states were “breach notification laws” germane to the unauthorized access to your system? No Answer
4. Was this event limited to U.S. cardholders or was this international?
Predominately U.S. per FAQ
5. Was your system judged to be compliant with the PCI standards? No Answer
A. What was the date of the most recent compliance certification? No Answer
B. Who or what entity conducted the compliance certification inspection? No Answer
6. Are you offering “credit report” monitoring to all of those whose credit cards have been compromised? Contact your bank per FAQ
Global Payments forwarded to me a link to their crisis FAQ page they created:
Global Payments 2012 Info Security Update
"Absent any exactness in the answers, I tallied up who was expending efforts and concluded: the issuing bank had expended time and energy; as did the vendors with whom I do business and I too had an expenditure of time and energy. Expenditures all required to clean-up after an entity who lost my credit card data."
https://www.huffingtonpost.com/christopher-burgess/global-payments-data-breach_b_1429871.html
Your firm needs to ask the critical questions:
Cybercrime, Proxy Wars, and Ransomware extortion can be worse than a natural disaster. Service providers have new liabilities and responsibilities. Its impact on corporate reputation and financial performance compel organizations to assess risk exposure, implement risk transfer and mitigation strategies.
What are your standards for Best Practices and
Proactive Strategies to Mitigate Cyberthreats?
1. Stop being overly broad and irresponsible with the data that is gathered. Is it really necessary? Does it benefit your customer? Is it worth the risk? Are they aware you're gathering the info?
2. Have policies for data handling. Who has access? How is it stored and accessed? How long is it held? How is it disposed? Make sure that employees are trained and policies are enforced and updated?
3. Have security in place?
4. Have procedures for when security is breached. Notification and other steps to mitigate damages. Investigation and containment.
5. Companies should be prepared to insure against the breach and hold consumers harmless. A simple short term monitoring agreement is insufficient.
Criminal Interference
The world of cyber-security now includes an element of Intelligence used to counter sophisticated Bad Actors, malware, and ransom attacks. Virtually all US government and intelligence codes have been stolen and widely sold on the Dark Web to malicious actors who pose not only a risk, but an active threat to anyone online.
The Dark Net has evolved for legitimate and illegitimate purposes with the potential for great damage. It poses a potential disruptive risk to privacy, monetization, and migrating billions in e-commerce. If it continues to grow it can effect the way companies are valued by the market.
The Dark Net is a way for people to be anonymous online, a shadow ecosystem with mainstream risks from Bad Actors, military, and intelligence communications around the globe. There is no regulation, law and order, or justice there. It started as a channel for secure, anonymous communication, then evolved into a multibillion-dollar shadow economy, including the Bit-Coin and block-chain market.
The Dark Net remains on the fringes of society today. Messages, goods and services can change hands outside the reach of regulation and law enforcement. But its potential for malicious and illegal disruption of mainstream businesses is growing. Perhaps the really surprising thing about the Dark Net is the scale of it -- up to 400,000 users in the US, alone.
Source code and analysis for CIA software projects, covert infrastructure components, were exposed through espionage. It is a dubious claim that the published material does not contain 0-days or similar security vulnerabilities which could be repurposed by others. Data can be both infiltrated and extracted from target systems.
There are many vectors of intrusion. Covert communications programs allow sophisticated malware implants on a target computer to communicate with its operators in a secure manner that does not draw attention. Cover domains and back-end infrastructure act as a relay for HTTP(S) traffic over a VPN connection to "hidden" servers.
Cover domains deliver 'innocent' content to those who browse them by chance. Visitors never suspect that they are anything else but normal websites. The user browsing the website is not required to authenticate - it is optional. But malicious implants do authenticate themselves. So traffic from implants is sent to an implant operator management gateway while all other traffic goes to a cover server that delivers the unsuspicious content for all other users.
Crypto-ransomware is a particular concern of top organizations attempting to safeguard sensitive and vital customer data. Also, the internet of things is open to crypto ransomware attacks. Losing data on a hard drive is devastating — but loosing a life to a data breach or hack of a pacemaker takes ransomware concerns to a new level. CEOs could be essentially taken hostage along with industrial or financial systems through such attack vectors.
Shadow War Situation Alert
You may be aware of the shocking revelations provided by the Edward Snowden leaks that highlighted the NSA's global mass surveillance operations covered by the overall code name Trailblazer. In these operations the NSA attempted to and is still working towards broad spectrum capture and store operations that cover all voice and data communications traffic on a global basis.
A countermeasures 'Mole Hunt' is still in progress, including National Security Agency’s hacking group, Tailored Access Operations, or T.A.O. It is called the Equation Group by malicious hackers. Insider threat recruitment and capabilities must be addressed. N.S.A. employees have been subjected to polygraphs and suspended from their jobs in a hunt for turncoats allied with the Shadow Brokers.
The situation is characterized as "a disaster on multiple levels.” On Aug. 13 2016, a new Twitter account in the Shadow Brokers’ name announced with fanfare an online auction of stolen N.S.A. hacking tools. “We hack Equation Group,” the Shadow Brokers wrote. “We find many many Equation Group cyber weapons.”
New firms are arising defending computer networks from intrusions that use the N.S.A.’s leaked tools. More leakers may still be inside the agency, as over 200 reportedly failed their polygraph tests. A single leaker might be responsible for both the Shadow Brokers and the C.I.A.’s Vault7 and 8 breaches.
N.S.A.'s ability to protect potent cyberweapons, operational security knowledge, and national security were compromised. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own. “The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected.”
The problem persists at the highest security levels and points to a Shadow War With Russia, as well as Iranian, NK, and Chinese involvement. And no end is in sight. “How much longer are the releases going to come?” a former T.A.O. employee asked. “The agency doesn’t know how to stop it — or even what ‘it’ is.” But we have already seen the effects of state-sponsored and criminal bad actors. There have been numerous attacks already with more surely to follow.
The Guardian reports, 15 November 2017, that, "Russian hackers attacked British media, telecoms and energy companies over the last year, the head of the UK’s National Cyber Security Centre has confirmed for the first time." “Russia is seeking to undermine the international system. That much is clear. The PM made the point on Monday night – international order as we know it is in danger of being eroded.” “NCSC believes that due to the use of widespread targeting by the attacker, a number of industrial control system engineering and services organisations are likely to have been compromised.”
https://www.theguardian.com/technology/2017/nov/15/russian-hackers-targeted-uk-media-and-telecoms-firms-confirms-spy-chief
Tens of thousands of employees at Mondelez International, the Oreo cookie maker, had their data completely wiped. FedEx reported that an attack on a European subsidiary had halted deliveries and cost $300 million. Hospitals in Pennsylvania, Britain and Indonesia had to turn away patients. The attacks disrupted production at a car plant in France, an oil company in Brazil and a chocolate factory in Tasmania, among thousands of enterprises affected worldwide.
The T.A.O. hackers knew that when Kaspersky updated its popular antivirus software to find and block the N.S.A. malware, it could thwart spying operations around the world.
So T.A.O. personnel rushed to replace implants in many countries with new malware they did not believe the Russian company could detect. That remains to be seen.
More: https://www.nytimes.com/2017/11/12/us/nsa-shadow-brokers.html
YAHWEH
Some of these omniscient programs allow GOD LEVEL or administrator access to network systems and hardware.
[pls explain in 3 more sentences, or so]
Defend Your Enterprise
You now know that multiple threat agents are willing and able to exploit your vulnerabilities. It quickly becomes easy to see that defending your enterprise must meet this state-of-the-art threat with full-spectrum systems management.
The New York Times reported: "The N.S.A.’s headquarters at Fort Meade in Maryland. Cybertools the agency developed have been picked up by hackers from North Korea to Russia and shot back at the United States and its allies."
In late 2017 the US government issued a rare public warning about hacking campaigns targeting energy and industrial firms. This is the latest evidence that cyber attacks present an increasing threat to the power industry and other public infrastructure.
The Department of Homeland Security and Federal Bureau of Investigation warned in a widely-distributed report that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks. The report said the objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets.
Cyber-security, Infosec, and Countermeasures must be in place at all times to counter threat actors and legal vulnerabilities. Since data breech is within the known realm of probabilities and expectations, all companies must be prepared.
This means all companies can be held to a reckless standard rather than an ordinary negligence standard. Risks include data loss, infrastructure intrusion, damage, and loss, punitive damages and new causes of action from trespass to misappropriation.
COUNTERMEASURES
Countermeasures include improved protection against cyberattacks through shared threat intelligence. Threat intelligence is curated information about an existing or emerging cyberthreat that can be distributed for the purpose of improving defenses against a specific attack.
Going beyond IP addresses, hashes, and other core threat identifiers, threat intelligence provides critical context around a threat activity, including indicators of compromise (IoC), indicators of attack (IoA), the tactics employed, and, potentially, the motivation and identity of the adversary.
Threat Modeling
- What do you want to protect?
- Who do you want to protect it from?
- How likely is it that you will need to protect it?
- How bad are the consequences if you fail?
- How much trouble are you willing to go through in order to try to prevent those?
Through leadership within the threat intelligence sharing community and by developing technologies that more easily share and use threat intelligence, we help customers better identify and stop attacks.
SECURITY RISK INTELLIGENCE
Consider the Risk Factors, Vulnerabilities, threat actor campaigns, behaviors, patterns;
threat picture + vulnerabilities = relevance consequences, dependencies, risk impact.
- Do you have adequate security in place for all known forms of attack?
- Is your proprietary customer data and intellectual property secure?
- What are your policies for data acquisition, handling, storage, and disposal?
- How are employees screened and trained for data and hardware management?
- How are policies updated and enforced?
- What are your security breach protocols for notification and mitigation of damages?
- What are your procedures for prompt investigation, containment, and mitigation?
- Can you insure against a breach and hold consumers harmless?
- Do you have more than a short term monitoring agreement that meets legal standards?
- How do you maintain supply chains?
How Did Such Vulnerability Happen?
[add links and 2-3 sentence synopsis in PowerPoint and/or handout]
Stuxnet
Malicious Nation-States
Transnational Crime Syndicates
Espionage
Wanna Cry Ransomware
Equifax and other credit Breach
Weeping Angel
Kasperski Breach
WiFi
Stix, taxii
Bad Actors, Dark Web, and Shadow Brokers
INFOSEC and Infrastructure Hardware/Software
- What is the role of Intelligence in the New Security Paradigm?
- How does intelligence interface with and maintain hardware/software security?
- How is up-to-date management maintained?
How Can Stakeholder Assets, Liability, and Infrastructure
Be Protected from Threat Actors Now?
Today, most private networks have multiple endpoints to properly secure:
SecOps Partnering
Mission critical information
Situational awareness
Streamlined threat operations
Situational Awareness
Cyber threat Intelligence
Countermeasures
Access control of hardware/software identity management
Authorization/password management
Layered security
Detection
Analytics
Consequence analysis
Incidence response
Response management
Forensics
[TSI STRAW FIRM]
edit to suit
Who We Are & How We Can Help
Our firm provides managed I/T solutions to private industry and other market sectors. Responding to security breaches on various government and commercial computer systems and networks, our founders saw a market niche. We provide highly secure, tightly managed computing, data and voice communications infrastructures.
Personnel include:
Information Security Specialists
Systems Engineering Specialists
Network Engineering Specialists
Fusion Center/Operations Specialists
Security Officers/Protection Officers
All positions with our firm have the following minimum entry requirements:
- Successful pass of criminal background check
- Successful pass of basic reliability check
- Successful pass of substance abuse check
- Random substance abuse check
- Random criminal background check
- Random basic reliability check
Our origins are humble - our initial staff was comprised of former officers and enlisted personnel from the United States' and NATO military organizations. These initial staff members originated from the operational specialties of Signals & Communications, Engineering, Signals Intelligence (SIGINT), and Logistics.
Our overarching goal is to keep our customers' data and voice communications infrastructure highly available, performing reliably, quickly and with very high levels of security. We manage and operate our customers' infrastructure in some of the most challenging areas of the world.
We feature staff with a minimum security clearance of NATO secret. Depending on customer requirements, we can supply highly trained staff with security clearances such as NATO top secret, compartmentalized with polygraph. All staff are subject to semi-annual security reviews, random drug testing and basic reliability checks. More stringent staff security qualifications are available upon assessment of customer needs.
All of our staff members hold baccalaureate degrees in at least one of the following disciplines: software engineering, computer science, electrical engineering, mechanical engineering, geomatic engineering, information security, architecture, interior design, law enforcement, and business administration. Many of our staff members hold multiple baccalaureate degrees and/or post-graduate degrees in these areas:
- Design Services, Assessment Services, Implementation Services,
- and Management Services
Systems
- Design Services, Assessment Services, Implementation Services,
- and Management Services
Security
- Design Services, Assessment Services, Implementation Services,
- Management Services, and Penetration Testing Services
Surveillance Services
- Remote Audio/Video surveillance
Data Center Design Services
- Raised Floor
- HVAC
- Power Distribution
- Uninterruptable Power Supply -- Battery and Generator Set
- Datacomm Ingress/Egress
- Access Controls - Key Card, Key Pad, and Biometric
Outside/Inside Cable Plant
- Design Services, Assessment Services, Implementation Services, and Management Services
Geomatic/GIS Services
- Production, Maintenance and Support of Geographical Information System-based Facilities Maps
- Production, Maintenance and Support of Landbases
- Photogrammetry
- Satellite photography
- Geo-location of corporate / institutional assets
- Movable asset tracking
Facilities
- Design Services, Assessment Services, Implementation Services, and Management Services
Physical Asset Security & Protection Services
- Fire, Smoke, and Flood Alarms
- Intrusion Alarms
- Environmental Quality
Personnel Security & Protection Services
- Forensic Investigative Services
- Armed Protection Officers
- Executive / VIP Protection Services
- Situation Analysis Services
- Corporate Intelligence Services
- Threat Assessment Services
- Risk Assessment Services
- Encrypted Data and Voice Communications Services
___________________________________________