Inside Cyber Warfare

One year ago, the buzz across the government/technology nexus was focused on a pair of political guessing games. Neophytes mostly engaged in debating over whom the newly-elected President would name to be the nation’s first Chief Technology Officer. Grizzled Pentagon veterans and the more sober Silicon Valley types wondered instead who would get the nod as President Obama’s “Cyber Czar.”

Continue reading →

WIRED Cracks Cyber-Battle Code

Just a quick note between conflicting conference sessions in different locations around the DC Beltway, to note that WIRED’s premier national-security blogger Noah Schactman may have just cracked the code – or at least “a” code – on where the ongoing dispute over “control of cyber” is heading in national security circles, in his latest DangerRoom post (“Air Force Cyber Command Could Return, with Nukes“).

The dispute has been reported lightly, in places like the NextGov blog (“The Cyber Command Power Play?”), and usually boils down to a perceived battle between the U.S. Air Force and the nation’s Intelligence Community, over control of the increasingly central issue of cyber offense and cyber defense.

Continue reading →

Tempted to “Skimp” on IT Security?

FACT: According to a study presented at last week’s annual RSA Conference on cyber security, by Palo Alto Networks CTO Nir Zuk, “Users are routinely, and fairly easily, circumventing corporate security controls. And that is because traditional firewall technology was not meant to grapple with the diversity of Internet applications of recent years.”

ANALYSIS: Security has been an even hotter topic than usual for the past month, what with new national-level attention to cyber security and, for Microsoft, a culmination of sorts of various strands of effort into our new “End to End Trust” initiative.  My boss, Jim Simon, attended the RSA Conference in San Francisco, with his boss, Craig Mundie, Microsoft’s Chief Research and Strategy Officer.  Craig laid out Microsoft’s “End-to-End Trust” vision, designed to provide users more control over online and enterprise systems.  His keynote was widely covered (even by offbeat security blogs, like RiskBloggers.com) so I don’t need to rehash it.

Nir Zuk’s presentation was interesting – and not just because he’s one of the true pioneers of firewall technology.  He really understands secure enterprise environments, something I’m talking about increasingly with government organizations, who are learning the hard way the need to protect their data, apps, and computing platforms.  

Continue reading →

Air Wars: the Air Force Takes Heat for its PR

FACT: A heated online debate is erupting about a particular photo posted online, and the brouhaha around it focuses on whether or not classified details are contained therein, thus revealing them. 

ANALYSIS: Given that others are even now writing extensively about this photo and its controversy I thought I would add a couple of thoughts.  Don’t bother blaming me for linking to the photo, by the way; given the attention and reposting/rehosting it has already received, the glare of publicity can only serve to prod better security practices. 

I expect to see parody versions on Flickr soon, with “Area 51” touches.

And so to my related thoughts: recently, an active-duty USAF officer and regular reader emailed me about one of my posts concerning Rod Beckstrom and the new National Cyber Security Center, which he had not previously heard of.  He wrote that in discussing it with a colleague, the response was “I thought the Air Force Cyber Command already had the mission to coordinate all cyber security efforts.”

Continue reading →

A Roadmap for Innovation – from Center or the Edge?

Fact:   In marking its five-year anniversary earlier this month, the Department of Homeland Security released a fact sheet touting the department’s accomplishments in that time, including “establish[ing] the Computer Emergency Readiness Team (US-CERT) to provide a 24-hour watch, warning, and response operations center, which in 2007 issued over 200 actionable alerts on cyber security vulnerabilities or incidents. US-CERT developed the EINSTEIN intrusion detection program, which collects, analyzes, and shares computer security information across the federal civilian government. EINSTEIN is currently deployed at 15 federal agencies, including DHS, and plans are in place to expand the program to all federal departments and agencies.”

Analysis:  I’m not going to write, in this post at least, about US-CERT and EINSTEIN in particular. I will point out that some writers have been skeptical of “Big DHS” progress on cyber security up to now, and the anniversary was an occasion for much cynical commentary. 

Charles Cooper in his popular Coop’s Corner blog on CNet wrote that “when it comes to network security, DHS appears to be more of a wet noodle than even its sharpest critics assumed… Talk with security consultants and former government officials involved with DHS and you come away wondering what these folks do all day.”

Continue reading →

Expect Some “New Thinking” on Cyber Security…

FACT: Department of Homeland Security head Michael Chertoff last week: “I am pleased to announce my appointment of Rod Beckstrom as the first Director of the National Cyber Security Center. Rod will serve the department by coordinating cyber security efforts and improving situational awareness and information sharing across the federal government.”

ANALYSIS: There are people who think inside the box, those who think outside the box, and those who ask: What box?

Then there are “the anti-box people.”  They see the box, shove it on its side, stomp on it to squeeze it flat, and consign it to recycling where it belongs.

One of those kind of people is Rod Beckstrom, a well-known Silicon Valley successful entrepreneur and author. I knew him at Stanford, aeons ago, and like others recognized his leadership drive when he ran successfully for student body president, and he left with both a BA and MBA on the way to forming his first successful software startup.

I was surprised when I read last week that Rod is moving to Washington to take a high-level government job.

Continue reading →