This was pretty cool. Thanks to OnlineMBA and their post.
Via: Online MBA
Cyber Shockwave – A Bust
February 23, 2010 by · 1 Comment
CNN recently broadcast a cyber-attack simulation meant to demonstrate the potential cascading effects of a widespread attack on our nation’s infrastructure. The exercise included former federal officials who played the role of key positions in the executive branch to show how the government would respond to the escalating incident. They even had a flashy headline:
“Cyber Shockwave”
As much as I hoped that this would be a worthwhile simulation with good discussion, this really came across as propaganda wrapped in FUD. It seemed like a sales pitch for more government control, especially with the catchphrase “We Warned You” included in the program. We all should be concerned when government officials talk about “nationalizing Telco and Power”, “quarantine cell phones”, and “giving the option of unilateral disconnect”.
There is no doubt the threatscape is changing with the way we use technology. Mobile devices certainly will see their share of malware. Both public and private sector have lapses in their information security practices. As we’ve seen with the latest attacks from China, there is a rise in targeted attacks. That said, I have my doubts about a mobile botnet that wipes out cell phone communications, creates widespread power outages, and takes down Wall Street.
Cyber security is not a unilateral issue with government alone stepping in to save the day. The private sector is particularly good at finding solutions to problems and they too have a dog in this fight. Let’s bring the right players to the table to find a solution other than marshal law.
Bottom line: Simulations are useful if they are appropriately scoped and are meaningful. We could learn a lot from a good simulation that includes government and private sector participation. In this case, CNN used the script from “Live Free or Die Hard” and wasted a lot of time and money.
When Will They Ever Learn…
June 3, 2009 by · 1 Comment
When an employee leaves a company either voluntarily or involuntary, the business must have the processes and procedures in place to immediately revoke access to information resources. This isn’t a new concept in the information security realm but it is something that is often applied lackadaisically in organizations. With the cost of breaches rising, leaving doors open for potentially disgruntled ex-employees can be a costly mistake for your business. Just as you provide access to new employees, you must be ready to remove access when an employee separates.
The article snip below is a recent addition to the “should have known better” club:
The ex-employee, Dong Chul Shin, was fired from the company March 3 for performance reasons, and escorted off the premises, according to court records. But the company failed to immediately shut off his VPN access. That afternoon, someone using Shin’s account began logging onto the corporate network, e-mailing out proprietary data to a personal Yahoo account linked to Shin, and modifying and deleting files, according to a search warrant affidavit by the Dallas FBI agent Robert Smith.
Poulsen, Keven. “Ex-Employee Fingered in Texas Power Company Hack.” WIRED 29 May 2009.
http://www.wired.com/threatlevel/2009/05/efh/
Connect with me