Doug Bedell — January 20, 2020, 11:08 am

Getting Ready: FBI Gears Up for the 2020 Presidential Election


The Federal Bureau of Investigation (FBI) is getting ready for another presidential election season, with security concerns foremost in mind. Danny Bradbury on the Naked Security blog reports that “This year is shaping up to be the most challenging yet when it comes to election security. In 2020, cyberattacks against the US election will be more sophisticated than they were in the run-up to the 2016 vote.

“It’s probably a good idea, then, for the FBI to warn local and state election officials of hacking attempts, and last week, it announced just that.”

The “fragmented nature of the U.S. election system” makes that a tough challenge, but the FBI is on to it. It advises that “The FBI’s interactions regarding election security matters must respect both state and local authorities. Thus, the FBI’s new policy mandates the notification of a chief state election official and local election officials of cyber threats to local election infrastructure.”

Doug Bedell — January 17, 2020, 1:28 pm

Not Much Chance of a Draft Again – Ever


Wes O’Donnell on the In Homeland Security blog ponders the chances of a military draft being reinstated someday and considers them virtually non-existent.

“WW3Draft” became a top social media trending item after President Trump directed the killing of Qasem Solemani, the head of the Iranian Revolutionary Guard Corps-Quds Force. And the website of the Selective Service System crashed for a while.

The Selective Service System still maintains a list of eligible American men ages 18 to 25 who would be called upon if Congress re-instituted the draft, and the President approved it. “Dating back to the Civil War,” though, “the draft is an archaic and last resort option that will likely never be used again short of total global war. The world’s increasing propensity for smaller, more frequent regional conflicts all but ensures that military conscription, at least in the United States, is resigned to the dust bin of history.

“As for today’s 18- to 25-year olds worried about being drafted and sent to Iran or Iraq, you can probably rest easy. After all, if you get drafted, who would create all the memes? Twitter would turn into a pretty empty place.

“Your country needs you at home, behind the keyboard. It’s the patriotic thing to do,” O’Donnell concludes.

Doug Bedell — January 15, 2020, 11:16 am

What Makes a Whistleblower?


What’s involved in the role of a whistleblower? Frustration first, then resolve to see a nasty situation through – these, advises Erik Kleinsmith of American University and a onetime whistleblower himself – are key elements in going public with a revelation of tawdry doings.

Posting on In Homeland Security, Kleinsmith explains that, in deciding whether to become a whistleblower, “the reality of speaking up to reveal, stop, or fix a grievous wrong must be weighed against the risks of intense personal scrutiny and reprisals — the extreme of which could include physical threats. The good news is there are some ways to prepare yourself to make and carry out your decision.”

Kleinsmith goes on to discuss whistleblower rules, such as using the proper reporting channels, being prepared for challenges, not expecting anonymity and not leaking classified material. This latter “is illegal, no matter how righteous the cause.”

“By sticking to these simple rules, whistleblowers can better arm themselves against those who would attack the messenger. If you make the difficult decision to become a whistleblower, remember your objective is to keep the focus on the problem you’re exposing as opposed to making yourself part of the problem.”

Doug Bedell — January 13, 2020, 1:25 pm

Holy Hackers, Looks Like They’re Having Fun!


Here, on Securityweekly.com, is a nifty profile of computer hackers. Looks like a jolly bunch of folks, no?

Call that a definition of hacking instead. Hacking is… Paul Asadoorian of Security Weekly lists 14 elements in a definition of hackers.

We might as well quit commenting on this subject. There’s nothing more to be said about hacking. Like “Hacking is indiscriminate, has no boundaries and is not restricted by sex, race, religion, only by how much effort you are willing to put into solving a problem.”

Or creating one for someone else.

Doug Bedell — January 10, 2020, 12:52 pm

Iran Suspected of a Hacking Surge


Alertness remains a necessity in protecting websites from hackers, Silviu Stahie advises on the Hot for Security website. “If the latest reports are to be believed,” he warns, “Iran-backed hackers are probing U.S. critical infrastructure by using password-spraying attacks, looking for weakness and human laziness.”

He continues: “It’s no surprise, that, following the conflict between the United States and Iran so far this year, hacking activities are on the rise. It’s impossible to say with certainty that the threats originate from Iran but the modus operandi is similar to patterns of the last decade…

“A report from industrial security company Dragos shows that a group called MAGNALLIUM (also known under the APT33 name, Refined Kitten and Elfin) is targeting industrial control systems (ICS).

“In the fall of 2019, following increasing tensions in the Middle East, Dragos identified MAGNALLIUM expanding its targeting to include electric utilities in the U.S. MAGNALLIUM appears to still lack an ICS-specific capability, and the group remains focused on initial I.T. intrusions,” reads the report.

“The use of a password-spraying attack means they may not have a way in, at least not at the moment. On the other hand, it would also be a way to create a lot of noise to cover their tracks.”

Doug Bedell — January 8, 2020, 11:36 am

What a Whistleblower Needs to Know


Erik Kleinsmith of American Military University discusses what a whistleblower does, along with his own experience of being one, on the In Public Safety blog. It’s not something you do casually.

“The single most powerful armament the whistleblower has” he odvises, “is his credibility. After all, it is your word against the status quo, your word against an organization that has condoned the problem, and your word against those involved with the problem that have a vested interest in making the issue go away.

“A typical strategy for those implicated by whistleblowers is to deny everything, admit nothing, discredit the accuser, and throw out counter-accusations to deflect from the original problem. As a whistleblower, know that your credibility must survive every assault that will come in both the short- and long-term.”

So understand the rules and regulations for being a whistleblower. Erik obligingly provides them.

Doug Bedell — January 6, 2020, 4:42 pm

How the U.S. Dept. of Homeland Security Sees the Iranian Threat


On Saturday, Jan. 4, Acting U.S. Secretary of Homeland Security Chad F. Wolf issued a National Terrorism Advisory System Bulletin “pertaining to the changing threat landscape following the successful U.S.-led airstrike in Iraq that eliminated Qaseem Soleimani, the head of the Iranian Revolutionary Guard Corps-Quds Force, a U.S.-designated Foreign Terrorist Organization.”

“At this time we have no information indicating a specific, credible threat to the Homeland. Iran and its partners, such as Hizballah, have demonstrated the intent and capability to conduct operations in the United States…

“An attack in the homeland may come with little or no warning” was the heart of the advisory.

It concluded by noting that “The Department of Homeland Security is working closely with our federal, state, local, and private sector partners to detect and defend against threats to the Homeland, and will enhance security measures as necessary.”

Doug Bedell — January 3, 2020, 1:16 pm

Focused on the Web, Don’t Overlook Physical Access Control


With a growing focus on cyber, or computer, security in 2020, don’t overlook the risks of physical security as well, Vidya Muthukrishnan advises on The Last Watchdog blog. (We’d include the control of vehicle access to sensitive locations too_)

“Traditional examples of physical security,” Ms. Muthukrishnan notes, “include junction boxes, feeder pillars, and CCTV security cameras. But the challenges of implementing physical security are much more problematic than they were previously. Laptops, USB drives, and smartphones can all store sensitive data that can be stolen or lost. Organizations have the daunting task of trying to safeguard data and equipment that may contain sensitive information about users.” Not to mention vehicles that could be used to intrude.

So, Ms. Muthukrishnan continues, “Physical security is undoubtedly as important as cybersecurity. Analysis should be performed to identify the vulnerable parts of the network. The study should include an envelope of crime reports, natural calamities, weather conditions, and the movement of intruders. These analyses are then forwarded to the administrative control, are prioritized, and then preventive measures can be taken.”

Including, we’d add, vehicle access control barriers where advisable.

Doug Bedell — January 2, 2020, 11:21 am

Southern Border Security Wall Proceeding Slowly


In Homeland Security provides an update on the southern border wall – it isn’t going all that well.

“To date, the White House has been able to obtain several billion dollars in DoD money, redirected from counterdrug and maintenance programs. However, the ability of the Department of Homeland Security (DHS) to use these funds was further hampered by investigations connected to building contractors…

“According to the Los Angeles Times, the Trump administration has built about 90 miles of border barrier, but mostly replacing existing fencing, according to a U.S. Army Corps of Engineers December 2019 report. In October, the administration started building 13 miles of wall in Texas’ Rio Grande Valley, where it has issued contracts this year to build another 83 miles of wall. The government also began building 166 more miles of wall this year in border areas near Tecate, Mexico; El Centro, CA; El Paso, TX; and Tucson and Yuma, AZ.”

Call border wall building a multi-billion dollar plod.

Doug Bedell — December 30, 2019, 4:52 pm

A Dire Web Security Outlook for 2020


SecurityInformationWatch.com provides predictions of what security on the Internet will be like in 2020 – worse than ever.

“We will see an increase in attacks on IoT devices, including smart home devices, home automation systems and more. We might see new forms of IoT financial cybercrime, building on first-generation IoT attacks on ATMs and their networks. Cybercriminals will exploit payment services and open banking initiatives such as Google’s plan to offer checking accounts, Apple Pay, Google Pay and possibly Facebook’s Libra.”

Then, of course, there’s the 2020 presidential election to protect. Oh dear…