Day: January 11, 2017

Being Safe Online

Posted onAuthorcahwyguy

As you have probably figured out by now, I accumulate articles of interest as I wander the web, and periodically collect them into themed articles.Today is no exception, and our topic for today is cybersecurity — specifically, whether anyone is safe online (or is it just an illusion), and how to really make the situation better.

  • Foreign Actors. In recent weeks, a big question has been whether Russia hacked the US — particularly, the DNC and RNC. Donald Trump, in his news conference today, finally admitted that it was likely Russia did, but that other countries could as well. What is the basis for the belief that Russia was behind things? Brian Krebs, in an article written before the CIA report was released, has a very good analysis. Krebs notes, “It probably doesn’t matter how many indicators of compromise and digital fingerprints the Obama administration releases on this incident: Chances are decent that if you asked a panel of security experts a year from now whether the march of time and additional data points released or leaked in the interim have influenced their opinion, you’ll find them just as evenly divided as they are today.” This is because providing strong attribution is difficult, short of your hacker being stupid, just because of the nature of Internet communications. The article points out that there are specific breadcrumbs that lead to the conclusion, and notes why the public has become skeptical. Of everything. I suggest you read that analysis, and then think about it in light of the BBC disclosure that there are unconfirmed reports that Russia has something on Trump. Ask yourself: If the Russians hacked the DNC, why did they want Trump to win (this is not to say they manipulated the election to do so)? Could it be that they didn’t need to worry about him for other reasons?
  • Data Breaches. Brian also has a really good article on data breeches, and in particular, some immutable truths about such breaches. He explains them in more detail in the article, but here they are in a nutshell: “(•) If you connect it to the Internet, someone will try to hack it. (•) If what you put on the Internet has value, someone will invest time and effort to steal it. (•) Even if what is stolen does not have immediate value to the thief, he can easily find buyers for it. (•) The price he secures for it will almost certainly be a tiny slice of its true worth to the victim. (•) Organizations and individuals unwilling to spend a small fraction of what those assets are worth to secure them against cybercrooks can expect to eventually be relieved of said assets.” First, think about this with respect to the above. Both the DNC and RNC had servers on the Internet. Were they hacked? Most certainly. What was that information worth? Ask Hillary Clinton. Now, you deal with banks and businesses that put your information on the Internet. Now think about the truisms above.  Which organizations should you deal with? How much do they value your information?
  • Online Shopping. Dovetailing with all of this is an article from my web hosting service, Webhost, on what to be aware of when you shop online. They, too, go into a bit of detail, but their tips boil down to: (•) Shop online at home (or on a secure connection); (•) Make sure you have text, email, and/or phone security alerts set up with your financial institutions; (•) Always look for HTTPS when shopping; (•) If you’re shopping through a retailer’s mobile app, make sure it is an official version with a reputable company or developer behind it; (•) Use the ‘too good to be true’ rule and trust your gut. I’d add to this the adage to stay in a well-lit well populated part of the Internet. By that I mean: use companies that have a reputation to uphold — they are more likely to do things right.
  • Solving the Problem. The underlying problem for all of the above is that we are using a system that was never meant to be secure. That’s right: the basic and original protocols didn’t think about security because they believed everyone was trustworthy. The corollary to this is: if you want a secure system, you must engineer the security in from the start. Related to this, NIST has just announce a system security engineering website, based on their work with NIST SP 800-160. I’ve been doing a lot of close work with 800-160, and am working on gaining a deep understanding on it, and well as how all of the related processes (assessment, acquisition, and lifecycle) can work together. But 800-160 is a good start.

 

Share

Consistency

Posted onAuthorcahwyguy1 Comment

They say that foolish consistency is the hobgoblin of little minds. Sometimes, however, consistency is not foolish; in fact, it should be a priority of a conclave of little minds. Specifically, consistency should be the hallmark of Congress. The behavior and beliefs of a party should be consistent. The ethics and behavior that is demanded of the President and his executive officers should be the same independent of the party of the President — or of Congress. Further, the electorate should be demanding this consistency, because otherwise, they are wasting taxpayer money doing investigations of one official that they wouldn’t pay for another. To put it another way, we shouldn’t be paying for partisan witch hunts. So I’m dismayed with what I’m seeing from our new Congress. Here are some examples:

Going back to the days of Ronald Reagan, one consistent thing about the GOP is that they are concerned about deficits. Hell, they’ve shut down the government because they didn’t want to increase deficits or the debt ceiling. They have been constantly harping on the Democrats because they feel their actions would increase the deficit, and have passed laws requiring that any new spending be covered by revenue. So why is the GOP suddenly abandoning this mantra, wanting to keep the expensive parts of the Affordable Care Act while remove the parts that pay for them?

When President Obama submitted cabinet nominations, then minority leader McConnell insisted on a set of requirements for each candidate. These requirements included appropriate vetting, submission of appropriate paperwork, elimination of conflicts of interest, and so forth. Yet now McConnell is seemingly abandoning those principles — for what purpose. Why should our cabinet officials be any less ethical?

For past Presidents, there has been a custom for them to put there assets in such a trust that it wouldn’t influence their actions. If that didn’t happen, Congress would make a fuss. Yet they seem to be rolling over and letting President-Elect Trump retain the conflicts under some light promises. Would they have let Obama or Clinton get away with this?

Imagine there were unverified claims of Russia having compromising information on President Obama — oh, like there were unverified claims about Benghazi or emails. Or there were claims about Russia interfering with the election to influence it in favor of Obama or Bill Clinton. Wouldn’t Congress be hopping to investigate that? Yet there is no move afoot from Congress to do so? Why wouldn’t they investigate this?

With any of these claims, the question should be simple: If this was a Republican Congress with a Democratic President — such as Bill Clinton, Barack Obama, or Hillary Clinton, would Congress act this way? If the answer is “no”, then why is it acceptable to act this way for President-Elect Trump?

Congress’ responsibility is to be a check on the President and the Executive Branch of the government. They certainly did so during the administrations of Barack Obama or Bill Clinton. Why are they rolling over and giving in to President Trump (who many did not support until it looked like he would win)?

President Trump has promised to do many good things for segments of this country that have not benefited from the economic recovery or the actions of the Obama administration. I understand that. From listening to the conservative side, I’ve learned what we missed — that agendas were promulgated that helped some without helping others. That the notion of “Social Justice” has drastically different meanings throughout the country. I also understand that new leadership is coming in that plans to address those deficiencies.  But these things must be done legally and within the constraints of law, and our President must set the ethical example for the country with respect to leadership.

Share