Doug Bedell — February 15, 2019, 4:11 pm

Here’s a Self-Sailing Ship to Roam the Seas Without a Crew


We’ve been hearing about self-driving cars, but how about a self-sailing ship? Yep, there must be security benefits, certainly savings in crew costs, from the story of the Sea Hunter, a 132-foot-long self-driving ship that sailed between San Diego and Peal Harbor last month, as reported by the Defense Tech blog. The Sea Hunter, an autonomous trimaran, has been developed “for submarine hunting and counter-mine missions.” It was accompanied by an escort vessel whose crew members came aboard “for short durations to check electrical and propulsion systems.”

“The Office of Naval Research (ONR), which led the test transit to and from Hawaii, declined a request for an interview, citing operational security concerns.” There’s more to read about the Sea Hunter in the Defense Tech post, but we’re already alerted that there’s a ghostly new way to roam the seas at hand.

Doug Bedell — February 13, 2019, 11:52 am

Schneier: ‘Cyber Insurance Can Be a Vexing Market’


Bruce Schneier advises that cyber insurance is becoming a big, and problematic, factor as hacker intrusions on the Internet grow.

” First, the scope of cyber risks vastly exceeds available coverage, as cyber perils cut across most areas of commercial insurance in an unprecedented manner: direct losses to policyholders and third-party claims (clients, customers, etc.); financial, physical and IP damages; business interruption, and so on. Yet no cyber insurance policies cover this entire spectrum.

“Second, the scope of cyber-risk coverage under existing policies, whether traditional general liability or property policies or cyber-specific policies, is rarely comprehensive (to cover all possible cyber perils) and often unclear (i.e., it does not explicitly pertain to all manifestations of cyber perils, or it explicitly excludes some).”

So just sit there, provoking intrusions via your keyboard. It’s a new cyber world.

Doug Bedell — February 11, 2019, 5:40 pm

Security Information Officers Subject to Burnout


Protecting the security and validity of computer-based information is becoming an ever more stressful role, a post by Marc French on the Security magazine blog advises.

“Having been a CISO now for a few years,” French writes, “I can relate to the occasional challenges. Late nights/weekends, internal stress, board presentations, breaches, media… the list goes on. That said, when looking at the details further, it just wasn’t the head of the group that was departing, but the rank and file members as well. This was rather unexpected.”

Despite high demand, pay and regard, the stress of maintaining information security is growing. “Working nights,” French adds, “the stress, the constant response to crisis, all contributed to me leaving the position and pursuing a career in tech. Interestingly, many of the reasons I had left the police force seem to translate over to struggles infosec professionals are facing.”

And French had previously been a law enforcement officer.

Treasure the information you see on your screens, and be mindful of what it takes to keep it secure.

Doug Bedell — February 8, 2019, 3:43 pm

Meet Your Friendly Hackers – Why Alertness Matters


Here’s how computer security is being menaced by hackers, in a nutshell. Want to know, for example, the difference between phishing ane spear phishing. It’s here in this SecurityInfowatch post.

The opening paragraph removes much of the mystique that’s enveloped hackers. Here’s who they typically are:: “While popular culture might lead you to believe that today’s hackers are computer geniuses with intimate knowledge of network architectures who go about their days working in a dark, shadowy underworld clothed in hooded sweatshirts, the reality is much different. Aside from nation-state actors and organized crime rings that run hacking schemes like a regular 9 to 5 job, many malicious online actors are simple con artists with basic computer skills just waiting on some poor sucker to take their bait.”

Hackers. the post adds, can actually make you think “they are from a financial institutions, retailer or service providers with information that looks legitimate”

Consider this useful post a short-form introduction to computer hacking, something we all need to be informed about.

Doug Bedell — February 6, 2019, 3:51 pm

Communication’s Security Role


Communication is the heartbeat of human activity, including that of security practitioners. Three writers of an In Public Safety post explain how this plays out daily, especially since 9/11.

“In the aftermath of the attacks on September 11, 2001, local law enforcement agencies in the United States were thrust into counterterrorism and intelligence-gathering roles—responsibilities they had never carried before. Fulfilling these sudden expectations was extremely difficult since local agencies did not have access to the necessary tools—or budget—to fulfill such responsibilities.

“After 9/11, improving communication became one of the primary focuses within all levels of law enforcement. The 9/11 Commission, which investigated the events leading up to the terror attacks, found that agencies had not shared information that could have connected the dots to identify terror threats.”

So Joint terrorism task forces (JTTFs) and Fusion Centers were formed. Currently, there are 77 fusion centers located throughout the U.S. with one in every state and 22 additional facilities in major urban areas such as Boston, New York, and Los Angeles. Fusion centers were formed to serve as state and major urban area focal points for the receipt, analysis, gathering, and sharing of threat-related information among law enforcement, other government services, and private-sector partners.

This may sound like a lot of security busy work, but it isn’t. Good communication, as we said at the start, is the backbone of effective human effort. To know how to respond, any agency must know as clearly as possible what it’s responding to and who else is helping.

Doug Bedell — February 4, 2019, 12:14 pm

Dwindling Police Recruits Leave Communities Less Secure


Community security requires an adequate police presence, whether on foot or readily available by telephone and vehicle. Yet, In Public Safety advises, policing is actually “a profession in crisis”.

“Recruiting and retaining qualified police officers,” writes Nicole Cain, a faculty member in criminal justice at American Military University, “is one of the greatest challenges facing law enforcement leaders. Low pay, antiquated hiring practices, negative public perception, high attrition rates, exposure to chronic stress and trauma, and increasing responsibilities all contribute to the downturn in the number of police applicants. Many agencies report that the quality of applicants has also lowered significantly…”

And Baby Boomer police officers are retiring. As a result, many communities are faced with a thinning blue line of police protection.

Cain offers his thoughts on recruiting and training qualified police officers. Yet, because it’s off most people’s radar, a protection problem grows. Community awareness of what it takes to be safe and secure is a paramount need. How do we relate as communities any more? The evening TV news doesn’t suffice for that.

Doug Bedell — February 1, 2019, 2:13 pm

Digital ‘Hitmen’ the Bane of Internet Security


Bryan Krebs fills us in on how Internet attacks on unknowing computer users – digital security cave-ins, if you will – can be accomplished. They’re called “attack-for-hire” services. The more we know about such on-line predators, the better chance we have of avoiding them. Krebs starts by discussing Webstresser, which appears to have been based in Europe.

“In April 2018,” Krebs reports, “investigators in the U.S., U.K. and the Netherlands took down attack-for-hire service WebStresser.org and arrested its alleged administrators. Prior to the takedown, the service had more than 151,000 registered users and was responsible for launching some four million attacks over three years. Now, those same authorities are targeting people who paid the service to conduct attacks.”

This is like hiring hitmen to threaten people one doesn’t like. The overall policing action against such digital pirates is known as Operation Poweroff, and is being pursued in the United States as well. Their activities may sound arcane, but they’re harmful, and we can be grateful for Internet observers like Krebs for keeping track of them.

Doug Bedell — January 31, 2019, 4:05 pm

Security Considerations Important for Busy Entrances


Entrances come, or should anyway, in security packages. SecurityInfowatch discusses varieties of buildings and the security challenges they pose.

“For facilities, buildings or areas that require the highest level of security, intrusion prevention is of greatest priority. Examples of this include data centers, vital records storage buildings, or any facility that requires compliance with government regulations.To prevent unauthorized access and potentially millions of dollars in fines, damages, and liability, you’ll want a security entrance that prevents tailgating and unauthorized entry attempts and sounds an alarm if any such attempt is detected.”

Fair enough.

Busy entrances require speed and safety considerations, along with security factors. “For organizations with employees, training can be a challenge if the turnover rate for personnel is high, or if there are a high number of visitors. In these cases, security entrances will need to provide the highest levels of speed and safety even for those people who have never used them before. This way, you’ll avoid one person having a problem and causing a crowd to pile up behind them.”

Isn’t it fascinating, but reassuring one you “get it”, to realize how much analysis and planning are involved once security enters the picture?

Doug Bedell — January 28, 2019, 11:45 am

Illegal Aliens Arrive Mostly by Air or Sea


There are pros and cons to declaring a national security emergency, as President Trump is threatening to do, over the situation along the nation’s southwest border.

A post on In Homeland Security notes that “most illegal entrants arrive by air or by sea.”

“Border patrol apprehension numbers,” the post continues, “also do not support the claim that there is an ongoing emergency at the Southwest border. In 2000, agents apprehended 1.6 million illegal border crossers. In fiscal year 2017, only 304,000 illegal border crossers were apprehended, and 13 percent of those claimed credible fear of returning to their home country. However, also in fiscal year 2017, more than 607,000 people who entered the U.S. legally by air or sea, not land, overstayed their visas and remained in the country illegally at the end of the year, according to DHS. In fiscal year 2018, agents apprehended approximately 400,000 undocumented migrants at the U.S.-Mexico border — the fifth lowest total since 1973. The number of adult migrants traveling without families was the second lowest total since 1970…”

“However, Trump would win political points by declaring a national emergency. It would appease his base by demonstrating his authority and ability to work around Congress to fulfill his biggest campaign promise.”

Doug Bedell — January 23, 2019, 3:44 pm

Keeping Up With an Ultimate Security Challenge – a Missile Attack


On an ultimate security issue, defense of the U.S. homeland against an incoming missile attack, President Trump seems up to any such challenge. Homeland 411 reports on six changes in the nation’s missile defense strategy that the president announced in an address at the Pentagon on Jan. 17.

“All over, foreign adversaries, competitors, and rogue regimes are steadily enhancing their missile arsenals,” Trump said. “They’re increasing their lethal strike capabilities, and they’re focused on developing long-range missiles that could reach targets within the United States.”

“With ground-based systems, Trump said the plan calls for 20 ground-based interceptors at Fort Greely, Alaska, along with new missile detection capability.

“The U.S. will now adjust its posture to also defend against any missile strikes, including cruise and hypersonic missiles,” Trump added. “And we are, by the way, very advanced also on hypersonic technology and missiles.”

With all that’s going on in his affairs, it’s good that President Trump is keeping abreast of ultimate dangers to the nation as well. Truly, that’s an understatement.