CTOvision.com

Context for the CTO, CIO, CISO and Data Scientist

Home » Archives for Shannon Perry

Shannon Perry

About Shannon Perry

Shannon Perry is an award winning writer and analyst with a background in statistics & science, technology and international affairs. He publishes at CTOvision.com for OODA LLC.

Fresh Insights into the NSA’s Cyber Capabilities

It is widely known that the National Security Agency houses an impressive cyber force with the capacity to bypass the digital defenses of private individuals, enterprises, and even foreign governments – a force powerful enough to draw criticism from the American public and American allies. A recent report from Russian researchers has provided more specific information vis-à-vis the technical capabilities of NSA.

Kaspersky Lab, a software security maker based in Moscow, published a report titled Equation Group: Questions and Answers on February 16th. The report identifies a cyber force – dubbed The Equation Group – that “is probably one of the most sophisticated cyber attack groups in the world.” The group has been engaged in cyber espionage for more than a decade, and it has several signature malware platforms in its arsenal.

Analysis of infections associated with The Equation Group revealed that most victims are located within Iran, Pakistan, Russia, Afghanistan, China, India, or Mali. Victims typically are governmental, financial, and security organizations. The Kaspersky report also indicates that Stuxnet is likely attributable to The Equation Group.

Although Equation Group: Questions and Answers stops short of identifying NSA, it does not take an expert to recognize the agency as a likely suspect. According to Reuters, a former NSA employee confirmed the hypothesis that the NSA is behind the Equation Group, and the employee confirmed that the spying programs in the report are extremely valuable to the agency.

Some of the technical analysis offered by the report could help enterprises identify the presence of malware deployed by The Equation Group, which could undermine the NSA’s cyber espionage efforts abroad. It remains to be seen whether this report could also lead to more negative attention from the media for the agency.

 

Cyber Attacks Likely to Increase (Part 2)

The blurring lines between physical and cyber systems, accusations of data monitoring from Snowden revelations, and the the deluge of cyber attacks in 2014 have resulted in new levels of American interest in cybersecurity and digitalization. A few examples of this attention are the speculations around the implementation of Stuxnet, the government’s creation of Cyber Command, and the media’s coverage of the many thefts of information from the cloud and digital databases.

Polling respondents with experience in Internet security, a recent report conducted by Pew Research Center confirms, “Cyber Attacks Likely to Increase.” The center reported that 61% of the report’s respondents believed that a cyber attack causing widespread harm would occur by 2025, with 39% disagreeing. The respondents almost universally agreed that American reliance on the Internet has exposed individuals, industry, and government to new threats. Pew identified four themes from its canvassing.

CTOVision covered the first two themes – Internet-connected systems are inviting targets and security is not the first consideration in digital application design – here.

The third theme identified by Pew states, “Major cyber attacks have already happened… Similar or worse attacks are a given.” Of the respondents who voiced this opinion, many employed the example of Stuxnet for support. (Stuxnet was a worm that infected software necessary to the functioning of Iran’s nuclear program, in a cybersecurity attack that caused a great setback to enrichment efforts.) The argument maintains that if an agency can produce a worm capable of rendering large portions of a nuclear facility useless, then an agency can certainly launch future successful cyber attacks that target critical infrastructure in developed countries.

Pew’s last theme states, “Cyber attacks are a looming challenge for businesses and individuals. Certain sectors, such as finance and power systems, are the most vulnerable.” Industries that utilize legacy (outdated and lingering) systems will face the greatest challenges from cybersecurity threats, because older systems will not have the years (or decades) of improvements that new systems have. The importance of these vulnerabilities cannot be understated, as much of life in the United States relies on the functioning of financial and power systems.

In addition to its four themes, Pew identified several further considerations of cybersecurity: intellectual property concerns, the necessity of collaboration, the potential harm that could be caused by accidents, cyber treaties in the future, and lower levels of privacy.

The significance of this Pew report stems from the fact that these cybersecurity challenges have implications for nearly every American. If you are reading this article, you rely (to some extent) on the Internet; if you commuted to work this morning, you probably relied on numerous systems to arrive at work quickly and safely. Examples abound – digitalization has penetrated almost every corner of our lives.

Time spent upping cybersecurity is not time wasted.

Pew: Cyber Attacks Likely to Increase

The blurring lines between physical and cyber systems, coverage of data monitoring from the Edward Snowden revelations, and the deluge of cyber attacks in 2014 have resulted in new levels of American interest in cybersecurity. A few examples of this attention are the speculations around the implementation of Stuxnet, the government’s creation of Cyber Command, and the media’s coverage of the many thefts of information from digital databases and the cloud.

Polling respondents with experience in Internet security, a recent report conducted by Pew Research Center confirms, “Cyber Attacks Likely to Increase.” The center reported that 61% of the report’s respondents believed that a cyber attack causing widespread harm would occur by 2025. The respondents almost universally agreed that America’s reliance on the Internet has exposed individuals, industry, and government to new threats. Pew identified four cybersecurity themes with its report.

The first theme states, “Internet-connected systems are inviting targets. The Internet is a critical infrastructure for national defense activities, energy resources, banking/finance, transportation, and essential daily-life pursuits for billions of people.” The attacker’s advantage in cyberspace makes for an attractive environment to launch an attack, and the high value of financial and personal information makes launching a cyber attack a very lucrative proposition. Unlike traditional/physical attacks, launching cyber attacks does not pose any immediate physical risks to aggressors. Moreover, rising computer literacy has resulted in more individuals knowing how to code, a trend that further lowers the barriers to entry in the cyber arena.

With a high quantity of high-value information stored in Internet-connected systems, those systems will receive a great amount of attention from criminals and foreign governments, who stand to gain much from retrieving information from American systems.

Pew’s second theme states, “Security is generally not the first concern in the design of Internet applications. It seems as if the world will only wake up to these vulnerabilities after catastrophe occurs.” This theme appeals to common sense. If users desire easy-to-use applications for specific purposes with limited time and material resources, then it makes sense that designers would focus more on the product that their customer will interact with and less on security details that may not add value to the application in the short term.

Look for a discussion of the third and fourth themes later this week.

While most think that a major cyber attack is forthcoming, proactive responses to rising cybersecurity risks can prevent future attacks, deter attackers, or decrease the damage wrought by attacks. As always, awareness of news and trends, communication with cybersecurity experts, and good digital hygiene are first steps to upping levels of cybersecurity.

2014 Analyst Forum: Cyber Security Panel Recap

On July 30th in northern Virginia, some of the greatest minds in analytics for business, outcomes, and mission impact gathered to share their lessons learned and experiences with data analytics. Academia, government, and industry came together to provide a comprehensive approach to investigating how we can better extract knowledge from information. See our overall event recap here

The Cyber Security panel consisted of Ned Moran, professor, cyber consultant, and highly regarded cyber security professional, and Adam Elkus, a Senior Analyst at Analyst One and a PhD candidate at George Mason University studying computational social science; it was monitored by Matt Devost,President and CEO at cybersecurity and persistent cyber risk managment firm FusionX.

Echoing the issues identified by the Educating the Analyst Panel, the disconnect between strategic and tactical concerns vis-à-vis cybersecurity quickly emerged as an important theme. Mr. Moran shared the perspective of the programmer, whose priorities are first and foremost to defend – “engineers do not necessarily care about analysis.”

Meanwhile, Elkus drew attention to the fact that policymakers and strategists are not positioned to make knowledgeable decisions without strong understandings of the tactical nature of cybersecurity.

Elkus and Moran also recognized the continuously changing nature of the cybersecurity landscape. “The threat landscape has expanded,” said Mr. Moran, “because now there are more actors pursuing capabilities to breach networks… the diversity of actors is shocking.” With many diverse attackers using many different tactics to compromise a variety of different systems, the need for adaptability surpasses the need for precedence while pursuing more secure systems.

Concluding remarks reiterated the importance of the basics for maintaining cybersecurity. While attackers will always have the advantage in cyberspace, good hygiene – including strong passwords, securing networks, and using good judgment – should always provide a first line of defense for organizations and corporations.

Data Analytics 2014: Jeff Jonas and the Advantages of More Data

On July 30th in northern Virginia, some of the greatest minds in analytics for business, outcomes, and mission impact gathered to share their lessons learned and experiences with data analytics. Academia, government, and industry came together to provide a comprehensive approach to investigating how we can better extract knowledge from information. The event was the 2014 Analyst Forum, a joint activity between the United Stated Geospatial Intelligence Foundation (USGIF) and our AnalystOne.com site (for an overview of the entire event see our recap here).

Jeff Jonas, an IBM fellow and Chief Scientist of Context Computing at IBM, kicked off the event with a keynote speech stressing the importance of aggregating as much data as possible for computing and decision making. Although historically limitations to computing capabilities have lead many enterprise leaders to be selective vis-à-vis incorporating data, Jonas maintained that more data can actually lead to easier decision-making, especially with modern technology.

Comparing the challenges facing analytics to jigsaw puzzles, Jonas observed that an inflection point exists with both, after which more data actually simplifies computing and decision-making. While the initial stages of completing a puzzle are slow-going, the final pieces are easily placed because the puzzle’s colors and images can be seen; in a similar way, identifying false bank accounts or potential terrorists becomes easier with more email accounts, more phone records, more background information, more geospatial data, etc.

In terms of big data and illegal activity, Jonas identified two means by which law enforcement can catch criminals: officials must have access to observations unbeknownst to adversaries, or officials must have the ability to perform computations on collected data that “bad guys cannot fathom” – in other words, to have incredibly sophisticated data analytics capabilities.

Jonas also speculated on the impacts of the Internet of Things – which presents both opportunities and challenges to data analysis – and discussed the importance of investigating contradictory evidence for making important decisions based on probabilities and incomplete information.

Jonas provided a strong case for aggregating as much data as possible and for the future of data analytics being a field of opportunity.

Here is some of what the Twitter-using members of the audience thought of Jeff’s discussion:

 

 

 

 

 

UPS Data Breach

Data breaches have captured the attention of the American media several times this year. The compromise of Target’s systems and the resulting media coverage cost the corporation hundreds of millions of dollars in the first half of 2014, and the repercussions are far from over. In a recent report, the company actually lowered its earnings forecasts for the second half of the year.

Sensitive information at eBay was recently compromised as well, and the retailer received the now-typical negative press that follows such a breach. A large portion of the company’s second quarter report focused on its consequences for the company, and thorough plans for mitigating the breach’s impact were discussed.

In a press release this week, UPS stated that the company had suffered a breach and made public its response. Following a government warning of a malware intrusion, UPS contacted a security firm to assess its systems and determine whether they had been compromised. The investigation found malware at 51 locations in 24 states, which constitutes just a small percentage of UPS stores nationwide (there are currently 4,470 franchised locations in the United States).

“As soon as we became aware of the potential malware intrusion,” said President Tim Davis in the release, “we deployed extensive resources to quickly address and eliminate the issue. Our customers can be assured that we have identified and fully contained the incident.”

UPS appears to have learned a few lessons from the recent slew of corporate responses to data breaches. Its press release provides a full timeline of the breach, including notification, investigation, and conclusions. The press release also provides a link that lists the impacted locations, as well as the timeframe for possible exposure to the malware.

The thoroughness of the report suggests that UPS may have learned a few lessons from recent corporate responses to data breaches, which have been criticized as incomplete and rushed.

The cyber landscape has always favored the attacker, and information security will always have room for improvement – data breaches are not going anywhere. However, we can hope that future data breaches will be handled with transparency and clarity, so that affected individuals can be informed, protected, and/or compensated.

For other related topics:

Pew Report: Robotics, A.I., and Jobs

Scientists, programmers, and engineers work ceaselessly to develop improvements in robotics and artificial intelligence, which constitute some of the most impressive technological feats ever accomplished. Impressive personal assistants like Apple’s Siri and Microsoft’s Cortana can interpret voice commands, provide useful information, and even tell jokes, while incredible supercomputers like IBM’s Watson can make hypotheses and literally learn.

Pew Research recently conducted a survey to assess experts’ predictions about the economic implications of robotics and artificial intelligence. Experts split pretty evenly over whether or not technological improvements will create more jobs than they will displace, with 48% predicting that technology will displace a significant amount of workers and 52% expecting that technology will create more jobs than it will eliminate.

Common negative predictions about improvements in artificial intelligence and robotics – more automation will eliminate certain jobs; this automation could exacerbate income inequality, and our current educational system does not adequately prepare us for tomorrow’s employment realities. Stowe Boyd, a researcher with GigaOM Research, summarizes, “The central question of 2025 will be: What are people for in a world that does not need their labor, and where only a minority are needed to guide the ‘bot-based’ economy?”

The more optimistic experts communicated different understandings regarding technological improvements – emphasizing human agency, opportunities for new jobs, and the declining need for people to conduct tedious or repetitive tasks. Michael Kende, the Chief Economist of the Internet Society, argues, “Someone will have to code and build the new tools, which will also likely lead to a new wave of innovation and jobs.”

The report is evocative of recent comments made by Google Co-Founder Larry Page, who has discussed the possibility of fewer Americans working 40 hours per week in the future. Page believes that as technology makes meeting basic human needs easier and easier, more humans can enjoy more leisure time more often. A large percentage of the experts from this Pew study would likely agree.

Both the optimists and the skeptics present strong evidence, and the future of jobs, artificial intelligence, and robotics will likely fulfill predictions from both camps.

No one is arguing that the impacts of technology will not be immense.

Tesla Co-Founder Makes Surprising A. I. Comment

Elon Musk, co-founder of Tesla Motors and SpaceX, is considered something of a visionary by many technologists. Few have failed to notice the recent rise of Tesla Motors – an auto company that has jumped into the public eye with its green technologies and commercial success. SpaceX, another of Musk’s projects, is another technological wonder, a forward-thinking company that designs, manufactures, and launches advanced rockets and spacecraft.

So it came as a surprise to many when the entrepreneur Tweeted an ominous comment about the future of artificial intelligence…

The referenced book – Superintelligence: Paths, Dangers, Strategies – discusses the possibility of artificial intelligence becoming self-aware and turning against humankind. Its author, Dr. Nick Bostrom, has a PhD from the London School of Economics and currently serves as the Director of the Future of Humanity Institute, a multidisciplinary organization at Oxford University that brings together mathematicians, scientists, and philosophers to address global trends and challenges facing our future.

Although apocryphal warnings are typically not well-received, Mr. Musk does have an impressive track record vis-à-vis technology trends and the future, and a professor of the caliber of Dr. Bostrom undoubtedly deserves a fair read. However skeptical you may be, the possible future described by Dr. Bostrom certainly is food for thought.

More Content

Cyber War

Optimizing Corporate Intelligence with OODA Loop

This post is part of our Intelligent Enterprise series, which providing insights aimed at corporate strategists seeking competitive advantage through better and more accurate decision-making. The first post provided foundational insights into A Practitioner’s View of Corporate Intelligence. This one dives into actionable recommendation on ways to optimize a corporate intelligence effort. It is based on a career serving large scale analytical efforts in the US Intelligence Community and in applying principles of intelligence in corporate America.

SciFi

Science Fiction Gadgets You Can Get Today

Technology is advancing pretty fast, at times influenced by the exciting world of Science Fiction. This video captures 10 of the tech developments first seen in SciFi that are available now. A key point of this, if you want to know what is in our future, watch more SciFi!  

Super Bowl Ads Indicate Big Businesses Think You Are Afraid of AI

Tom Loftus provided an insightful review of some of Super Bowl ads in the 4 Feb 2019 Wall Street Journal. Like AI parody in SNL, these ads really poked fun at computers: Seriously, did anyone catch the commercials? If the Super Bowl is the zeitgeist, then it is safe to say that America is not […]

HBO’s Westworld: The Man In Black is a special kind of Twitter user

HBO’s Westworld is a modern take on the Michael Crichton SciFi tale of a robotic amusement park. The HBO version has a new twist. The creators/writers were all exposed to years of Twitter, which has influenced every episode and the entire arch of two seasons of the show. Now that season two is wrapping up, […]