Adfero Group HSPI

Join The George Washington University Homeland Security Policy Institute on Wednesday, February 22 for a special Policy and Research Forum Series event featuring Vice Admiral Mike McConnell, USN (Ret.), former Director of National Intelligence, and the Hon. Michael Chertoff, former U.S. Secretary of Homeland Security. They will be joined by senior staff of the U.S. Senate and U.S. House of Representatives for a roundtable discussion regarding pending legislation to address the growing cyber threat to U.S. national security.

Last week, U.S. Attorney Joe Hogsett announced a $1 million fine against OHL Solutions for intentionally failing to screen cargo in accordance with TSA rules. The TSA investigation began in December 2010, and this fine was not a shock to many observers – even before that investigation began, several of us noted that serious TSA enforcement actions seemed just around the corner. But this enforcement action does give rise to a problem – since TSA security plans are so complex and unwieldy, how is it possible to comply with the letter of the law?

Cyber-protest reflects cyber-warfare in its advantages over its physical counterparts; it is difficult for law enforcement to identify and prosecute the cyber-perpetrators. Cyber assaults in all forms are economical to conduct and the financial returns are overwhelming – causing potentially millions of dollars in actual and reputational damage with an attack like the one on Sony or STRATFOR (where payment information was compromised and published causing reputational damage) at a fraction of the cost. Companies MUST understand their protestor risk, particularly online.

Let’s start with a quiz. Who is the biggest spy in modern US history? If you said Aldridge Ames, or Robert Hanson, you’d be wrong. It was PFC Bradley Manning, of WikiLeaks fame, who despite being a very junior analyst in a tactical military HQ, gave away to his accomplice/handler Julian Asange more volume of stolen intel than anyone ever. Bottom line, cyber has changed the world of intel, and this is just one example.

I spoke to students at the Naval Postgraduate School Center for Homeland Defense and Security. The school helps military officers get their master’s degrees, but mine was not a military audience at all – many were homeland leaders from throughout the public and private sectors. To be sure, America has gained a lot since the 9/11 attacks, part of which is a brotherhood shared by all homeland professionals..

By Michael Balboni
In an op-ed for Newsday, I examined Secretary Napolitano’s announcement of a National Strategy for Supply Chain Security, noting that it only mentioned the importance of physical security. Surprisingly, cyber threats were left completely off the table, though it is crucial to recognize that both these threats are actually inexorably intertwined.

By Seth Stodder
This week, the Obama Administration released its long-awaited National Strategy for Global Supply Chain Security. The strategy articulates the Administration’s vision for working with the international partners and the global private sector to both promote the efficient and secure movement of goods throughout the global economy, and also foster the development of a supply chain system more resilient to major disruptions.

Security Debrief contributor Steve Bucci spoke to Federal News Radio’s Francis Rose about things to watch in the cyber realm in 2012. Check out Steve’s interview on In Depth with Francis Rose to learn more about progress in deciphering Stuxnet an Duqu, as well as cloud computing and other cyber issues.

For the past few years, the country has endured a cupcake craze of sorts. Recently, a traveler in Las Vegas had her red velvet cupcake, which was baked into a glass jar for delivery/presentation purposes, confiscated out of concern about the contents of its frosting. Whereas cupcakes in similar jars and boxes had passed through other airport screening without concern, this time the cupcake was a “no go.” The facts are what may appear harmless may not be, and what TSA was doing was its job.

It was a busy year in cyber, and there were a lot of interesting developments. From Stuxnet to social media revolution in the Middle East to smart grid security, 2011 was a challenging year. Looking ahead, we need to continue securing our networks and developing awareness and education programs.

The Israeli media has been awash in reports of an alleged Saudi hacker that goes by the online name of OxOmar and has posted the credit card information, national ID numbers and addresses of thousands of Israelis. According to recent reports, that person may turn out to be nineteen-year-old Omar Habib, who resides in Mexico. Some others, though less convincingly, have alleged that the origin of the attack lies in Iran. Ultimately, the origin and motivations of the cyber attack are less interesting than the nature of the vulnerability that it exposes.

Recently, it was reported that members of Mexican Crime Cartels illegally entered five different truck yards in northern Mexico by threatening security officers. These criminals did not steal cash or cargo. Instead, they compromised sensitive corporate information – routing information for U.S.-bound commercial truck shipments. Criminal organizations the world over, especially along the land border of Mexico and the United States, use commercial trucks to move contraband. Because of the huge amount of trade that crosses our borders and the limited number of personnel to inspect and process this trade, two methods were created to ease the cargo delays and help the CBP inspectors target suspect trucks.

By Doug Doan
For anyone who needed a reminder of just how botched and dysfunctional it is to build or improve a border crossing, take a look at the toxic debate over the Keystone Pipeline. Fierce politics, nasty in-fighting, delay, distortion and misdirection all become standard fare. The Presidential Permit process was supposed to bring order and discipline to building anything across the border linking the United States, Canada and Mexico. But what a mess it has become. Every new idea must navigate an increasingly complicated bureaucratic gauntlet.

I have opined on the growing threat to the security of mobile computing before. Most people use some sort of mobile device, but how many of them do you think have security measures loaded on them, or even have passwords? We need to get people cognizant of their mobile security requirements, so they stop “walking about naked” from a technological stand point.

America’s intelligence community finds itself pressed to deal with the “Wild West” frontier of an ever-expanding cyber space. From Twitter to blogs to e-mail, the changes are coming hard and fast for governments, businesses and individuals worldwide. The challenges for the American policy maker and the intelligence community are simple and yet hugely complex. So far, by our own admission, we appear not to be passing the grade.

One of the keynote speakers at last week’s Cyber Conference at the Walter Washington Center was Ed Amoroso, the CTO of AT&T. Ed is brilliant, well spoken, and as funny as any speaker I have heard lately. He also has a practical and accurate view of the challenges we are facing in the cyber realm – including LAN protection, botnets and mobile security. He raised lots of great issues and challenged the audience to work out the solutions.

Here’s hoping TSA has a sense of humor in the stressful holiday travel season.

Following the recent attention given to the water sector’s vulnerability to cyber intrusion, there’s been a lot of talk about what went wrong, whose fault it was and why changes need to be made in the sector. However, the challenge in addressing the water sector’s cyber security posture isn’t in outlining existing problems, but rather in generating realistic, affordable and timely solutions to mitigate them. My concern is that we may just keep talking about the problem without actually doing anything about it.

Since news broke last week about a suspected cyber attack on an Illinois water utility, media, government and industry have probed the ramifications for U.S. critical infrastructure protection (CIP). Though DHS and FBI later found no attack had occurred, the incident does highlight vulnerabilities in the way utilities are secured against cyber threats. To understand these complex issues, reporters turned to water security expert, Catalyst Partners principal and Security Debrief contributor Vance Taylor.

By Rob Strayer
It is an unfortunate modern reality that cyber attacks are commonly used to steal money from businesses and individuals. Cyber attacks that disrupt or destroy physical assets, on the other hand, have been rare up to this time. The news over the weekend that a terrorist organization was able to finance its activities by hacking AT&T business customers’ telecommunications accounts represents a new and disturbing development in the use of cyber attacks by terrorists.