Doug Bedell — September 21, 2020, 11:42 am

United Nations Observing Its 75th Anniversary

We don’t hear much about it any longer, but the United Nations is observing its 75th anniversary this year, “born out of World War II’s devastation to save succeeding generations from the scourge of conflict,” Associated Press reports.

“And as frustrating as its lack of progress often is, especially when it comes to preventing and ending crises, there is also strong support for its power to bring not only nations but people of all ages from all walks of life, ethnicities and religions together to discuss critical issues like climate change.”

Antonio Guterres, a member of the Portuguese Socialist Party, is serving as the U.N.’s ninth Secretary-General. “Criticized for spewing out billions of words and achieving scant results on its primary mission of ensuring global peace,” In Homeland Security notes, “the U.N. nonetheless remains the one place that its 193 member nations can meet to talk”.

“The U.N. marked its actual 75th anniversary — the signing of the U.N. Charter in San Francisco on June 26, 1945 by delegates from about 50 countries — on that date this year at an event scaled down because of the coronavirus pandemic.”

Doug Bedell — September 19, 2020, 10:07 am

Dire Military Morale at Fort Hood, Texas

A Stars and Stripes writer reports on on conditions at Fort Hood, Texas, after eight Democratic members of Congress said they have many lingering concerns “after touring the base this week and speaking with the soldiers and families who live there.”

That’s despite the sign at an entrance to the base that reads “Welcome to III Corps & Fort Hood ‘The Great Place'”.

“The lawmakers spoke about their visit Friday outside the main entrance to Fort Hood, and often mentioned by name some of the 28 soldiers who died at the base this year. The manner of those deaths, including eight soldiers killed in accidents, six suicides, five homicides and two illness-related deaths, drove the lawmakers to further investigate the central Texas base themselves.

“I’m deeply concerned about the soldiers here and their families. Morale is low and the battle rhythm is high,” Rep. Jackie Speier, D-Calif., chairwoman of the military personnel subpanel of the House Armed Services Committee, said after the visit. “We are going to make this base a safe place for men and women to serve. I can commit to you that we are going to make sure the conditions under which our families are housed here are going to improve and that service members who are in barracks here are going to have decent accommodations.”

Out of sight shouldn’t mean out of mind for anyone in the U.S. military.

Doug Bedell — September 16, 2020, 12:11 pm

Elements of Organizational Security: No Small Challenge

A culture of building organizational security has lots of dimensions and takes continuing effort,j David Bisson on The State of Security website advises.

Referencing the KnowBe4 site: these are the component makings of a security culture:

Attitudes: How employees feel towards the organization’s security protocols and issues.
Behaviors: Employees’ activities and actions that affect an organization’s security.
Cognition: The knowledge that employees have of security issues and activities.
Communication: The types of channels that the workforce can use to discuss and share support for security-related issues.
Compliance: The awareness that employees have of their organization’s security policies and how they follow them.
Norms: The extent to which employees are knowledgeable of and adhere to the organization’s unwritten codes of security conduct.
Responsibilities: How employees view their role in either supporting or undermining their organization’s security.”

KnowBe4 found that Banking and Financial Services are the best performers with a score of 76, while Education organizations “were still in the process of accepting their exposure to digital threats”, scoring 68.

The scoring process KnowBe4 used takes some scrutiny, but the results weren’t that far apart. Security is a continuing organizational challenge for all.

Doug Bedell — September 14, 2020, 4:05 pm

Some Possible Help With Computer Security

Becoming familiar with what can compromise a computer security watch is becoming a daunting task. But here from The State of Security site is some possible help – an enumeration of the top 25 most common weaknesses, dubbed a Common Weakness Enumeration (CWE).

“The CWE Top 25 is a community-developed list of the most dangerous common software and hardware weaknesses that are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working.”

The post includes a number of stipulations and qualifications, but overall, looks pretty helpful.

“The CWE Top 25 provides security professionals, developers, and users a more meticulous view of common and impactful weaknesses. The main goal of CWE is, ‘to stop vulnerabilities at the source by educating software and hardware, architects, designers, programmers, and acquires on how to eliminate the most common mistakes before software and hardware are delivered.’ Keeping up-to-date with weaknesses that are seeing a higher frequency and becoming more impactful to hardware and software will help prevent security vulnerabilities and mitigate risk for enterprises and organizations.”

Doug Bedell — September 12, 2020, 9:56 am

Consider ‘Two-Factor Security’ for Computer Messaging

Two-factor authentication – having a layer of security beyond a username and password – can enhance the safety of computer messaging, including the Zoom video-conferencing tool, Graham Cluley on his Hot For Security blog advises.

Passwords alone can be deciphered and stolen by determined hackers, especially when they’re used thoughtlessly.

“• People often choose weak or commonly-used passwords,
“• People often choose passwords that can be guessed or easily cracked.
“• Many people make the mistake of reusing the same password in different places.”

So Zoom has added 2FA for access to its computer conferencing service, and it’s a technique that’s well-worth considering for other styles of digital communication, Cluley explains. “With the feature enabled users won’t be able to sign in to the Zoom web portal, desktop client, mobile app, or Zoom Room without their code.”

Doug Bedell — September 10, 2020, 12:20 pm

Pausing to Remember 9/11

Wes O’Donnell writes on “It’s been said that September 11th, 2001 was our generation’s Pearl Harbor, our defining moment. But that bold and shameful attack against America in 2001 was different from Pearl Harbor in one key aspect: Most casualties on that day were civilians.

“It was like a dagger in the heart of the world’s most preeminent military power. If we can’t even protect our citizens, how can we be expected to honor our alliances? It was clear then, that the 20th century was over. Whether the United States would maintain its status as the world’s sole superpower going into a new century would be decided on what our next actions would be.

“What followed was one of the largest reorganizations in U.S. military history. The U.S. had to pivot away from training to fight nation-states and learn how to fight terrorists who didn’t play by the rules – asymmetrical warfare.”

Doug Bedell — September 7, 2020, 2:09 pm

Election Security Challenges Facing Local Governments

With a presidential election season underway, Byron V. Acohido on The Last Watchdog site discusses challenges facing local governments from election hackers.

“The wide exposure to election tampering stems from having too many voter registration databases coming on line that were never security hardened, and by now have been plundered several times over by malicious, automated botnets,” Acohido writes. “The personal data collected by the criminal botnets is the source of baseline intelligence that ideologues and propagandists continue to use to target and refine their disinformation campaigns, which they typically disperse by social media.

“What’s more, not nearly enough thought was put into preserving the physical security of actual voting system hardware. There are some big, unanswered questions about supply chain security surrounding voting machines. And local government processes and policies tend to lack a security orientation; consider that it’s not uncommon to send a runner to retrieve poll results from a digital voting device that gets stored on a portable drive. These all translate into viable attack vectors wide open to motivated, well-funded threat actors.”

Therefore, not only do local election officials have to determine that votes are being legitimately cast, but also that they’re being counted and stored accurately and safely. A tall order in the interest of maintaining our democracy.

Doug Bedell — September 4, 2020, 1:50 pm

Electromagnetic Pulse (EMP) Attacks Explained in a Homeland Security Report

The U.S. Department of Homeland Security (DHS) is charged with preparing for attacks against the American homeland, including potential electromagnetic pulse (EMP) attacks.

On its website, DHS has provided a brief status report on EMP preparedness, which is well worth reading. “EMP weapons have the potential to disrupt unprotected critical infrastructure within the US,” DHS advises, “and could impact millions over large parts of the country.”

Doug Bedell — September 2, 2020, 11:49 am

Knowing the Territory: Security Planning for Troubled Times

Suppose you find your business facing a threat from rowdy demonstrators. SecurityInfowatch offers a plan for such threatening times: Have a security company at the ready.

“A good security company,” Michael Morrison writes, “should always know what is going on in the area they are working in and understanding the realities on the ground is even more vital when dealing with civic unrest.”

Expect that the security firm will know what may be brewing and how best to handle it. A tall order, perhaps, but one for these uneasy times.

Doug Bedell — August 31, 2020, 10:45 am

Diversity in Police Force Hiring a Builder of Trust

With greater attention being given to how well law enforcement fits the communities it serves, In Public Safety offers a post on diversity in police force hiring.

“One of the most important initiatives to ensure that law enforcement is fully capable of serving the community is by insisting on diversity within the department,” Dr. Jarrod Sadulski of American Military University writes. “Diversity is important because it strengthens the department by bringing together officers of different backgrounds, viewpoints, and experiences…”

“Police officers are highly visible to the public. Therefore, when a community sees a fully diverse police force, its trust is likely to increase because it’s evident that the local police are taking steps to recruit candidates who understand the many needs of the community.”

Good advice in tempest-tossed times.