Security Debrief, Security Debrief is a blog dedicated to homeland security, terrorism and counter-terrorism, intelligence and law enforcement that provides context to the debates, policies and politics that are playing out in Washington, D.C. ...
... Security Debrief is produced by Adfero Group and The George Washington University Homeland Security Policy Institute.
ECC IT Solutions
ThinkTech Blog, the blog of FedSolutions
Cloud Market Views, the blog of Virtustream
Straight Tech, the TMI blog, from Technology Management, Inc.
Turtle Wings blog, a blog about recycling electronic waste.
Managing Technology, the blog of Visular
The Interactive Files: Squash Errors, not Bugs!, From Wellfire Interactive
Whitehorse Technology Solutions
Accelera Solutions
Salient Federal Solutions
AETEA Information Technology
Showing posts with label national security. Show all posts
Showing posts with label national security. Show all posts
Tuesday, March 26, 2013
Wednesday, December 09, 2009
Adobe GUI FAIL
Simply blacking out information in a Portable Document Format file won't keep data from prying eyes.
This is just another case of the user failing to distinguish between a graphical blackout and deleting information. There have been many such incidents and Adobe invariably blames user error. But the Adobe design is completely counter intuitive. Adobe needs to correct this before someone gets killed.
TSA officials posted what they thought was a redacted version of the TSA's airport security operating manual on a Web site used by private contractors looking for government work. The problem: the officials didn't actually delete sensitive parts of the document—they just blacked them out using a graphics tool.
That method left the underlying words intact, and they were exposed when readers cut and pasted pages from the document, "Screening Management Standard Operating Procedures," into a new file. The vulnerability isn't technically a bug in Adobe's product, but its existence shows how those handling secure information should be fully trained in the software they're using.
The end result of the foul-up was that highly sensitive information about TSA screening methods, interviewing procedures, X-ray machines and other terrorist prevention tools became easily available to millions of people on the Web.
This is just another case of the user failing to distinguish between a graphical blackout and deleting information. There have been many such incidents and Adobe invariably blames user error. But the Adobe design is completely counter intuitive. Adobe needs to correct this before someone gets killed.
Wednesday, April 01, 2009
The case for alternative intelligence sources and outside contractors
My client Michael Bagley of the OSINT Group is profiled in this month's Homeland Security Today, check out page 52:
Note -
Wanted: Computer hackers ... to help government
One of Bagley’s constant themes is the utility of having an outsider challenging existing assumptions, particularly when it comes to hacking and network intrusions.
“Black operations require people to think this way” he argued. “Otherwise, there are no black teams. If we were all thinking the white way, the right way, we’d have no ability to counter these kinds of events or operations. It takes both kinds of people to work this way.”
Note -
Wanted: Computer hackers ... to help government
General Dynamics Information Technology put out an ad last month on behalf of the Homeland Security Department seeking someone who could "think like the bad guy." Applicants, it said, must understand hackers' tools and tactics and be able to analyze Internet traffic and identify vulnerabilities in the federal systems.
Tuesday, March 31, 2009
OSINT miscellany
MundoGeo reports that the International Symposium on Open Source Intelligence and Web Mining will be held in Spain. Conference site and call for papers.
Per Andersson discusses the value of open source intelligence.
The US shot down a Iranian UAV near Iraq’s tense Camp Ashraf. Hmmmmmmmm, worrisome.
Good OSINT requires access to blogs. Blocking Blogs reduces the threat by 1 or 2 %. And reduces their troops OSINT knowledge by 30 to 50%.
The difference between intelligence and journalism.
Jihadist thread in Pakistan. Also, it seems Hammas has forgotten nothing and learned nothing.
Agence France-Presse reports that Military officials from China and Taiwan will meet face-to-face for the first time in 60 years.
Adam Elkus thinks that Obama has the right strategy for Afghanistan; but is unsure about implementation.
Edit - Mcclatchy has a must read report on the situation in Iraq.
Per Andersson discusses the value of open source intelligence.
The US shot down a Iranian UAV near Iraq’s tense Camp Ashraf. Hmmmmmmmm, worrisome.
Good OSINT requires access to blogs. Blocking Blogs reduces the threat by 1 or 2 %. And reduces their troops OSINT knowledge by 30 to 50%.
The difference between intelligence and journalism.
Jihadist thread in Pakistan. Also, it seems Hammas has forgotten nothing and learned nothing.
Agence France-Presse reports that Military officials from China and Taiwan will meet face-to-face for the first time in 60 years.
Adam Elkus thinks that Obama has the right strategy for Afghanistan; but is unsure about implementation.
Edit - Mcclatchy has a must read report on the situation in Iraq.
Thursday, January 29, 2009
Joint Capabilities Technology Demonstration Project
New software would unite Defense networks
Even in the Defense Dept., $200 million is a lot of money. And it sounds more secure than thumb drives, which are so easy to duplicate/steal/lose.
New software being tested by U.S. Central Command would enable military computers for the first time ever to be connected at the same time to both classified and unclassified networks -- including the public Internet.
Officials say the technology, if it proves secure, could save more than $200 million for CENTCOM and eliminate the need to use work-arounds like thumb drives to move data between networks containing different levels of classified information.
Even in the Defense Dept., $200 million is a lot of money. And it sounds more secure than thumb drives, which are so easy to duplicate/steal/lose.
Germany, Russia, and natural gas
Valdis Krebs has an illuminating post about the network of natural gas pipelines in Europe and how it confers power upon Russia.
Germany is a leader in the development of renewable energy and Krebs' map makes it very clear as to why that is so.
Germany is a leader in the development of renewable energy and Krebs' map makes it very clear as to why that is so.
Monday, January 26, 2009
Great moments in content management
Whoops! Army Files Found on Used MP3 Player
The data was from 2005, still someone didn't observe procedure.
It's like Burn After Reading, the latest Coen brothers' flick, come to life. Well, kinda sorta.
"A New Zealand man has found confidential United States military files on an MP3 player," the Age reports. He bought at an Oklahoma thrift shop, for less than ten bucks.
The data was from 2005, still someone didn't observe procedure.
Cyber sercurity and regime change
From last summer's International Relations & Security Network:
It we are to do better we need to do more than change Presidents, we have to ask for accountability. Our national security cannot be reduced to the newest watering whole for those who served us so poorly in the past.
In February 2007, Erik Prince, founder of the infamous private military company, Blackwater Worldwide, started what seems to be the next most lucrative market for such companies: intelligence gathering and analysis.
The new venture exists as a nexus of three companies that were quietly assembled by Prince the year before: the Black Group, LLC, the Terrorism Research Center, Inc (TRC), and Technical Defense, Inc. These companies form Total Intelligence Solutions, LLC, a company run out of an office in Arlington, Virginia, offering "evolved intelligence gathering and analysis" for "Fortune 1000 companies."
It we are to do better we need to do more than change Presidents, we have to ask for accountability. Our national security cannot be reduced to the newest watering whole for those who served us so poorly in the past.
Thursday, January 22, 2009
Gary Berntsen and Erik Prince at the AFIO
Gary Berntsen and Erik Prince will be speaking at the February meeting of the Association of Former Intelligence Officers
That should make a very interesting meeting.
Gary Berntsen, decorated former CIA career officer, spent 23 years with the Agency. He was the CIA field commander for the Jawbreaker team at Tora Bora, the subject of his 2005 book: Jawbreaker. At this event he will discuss Human Intelligence, Counterterrorism, and National Leadership, his recently published manual for incoming President Obama and White House staff. It includes highly specific recommendations and policy prescriptions for human intelligence and counterterrorism operations.
Erik Prince, Chairman/CEO of Blackwater Worldwide and the Prince Group. Using experience and tight controls outlined in numerous contracts with the U.S. Department of State, Blackwater’s security professionals successfully protected American diplomats in an environment where suicide bombers use cars as weapons, roadside debris conceals improvised explosive devices, and insurgents disguise themselves in law enforcement uniforms. Prince's Blackwater has trained more than 100,000 local police officers, SWAT team members, homeland security professionals, military personnel and others to prepare them to protect U.S. citizens at home and abroad. The firm was immediately called upon by scores of private merchant shipping and import firms to deal with rapidly increasing threats to vital shipping, oil tanker transports, and pleasure cruise lines from piracy in the Gulf of Aden and elsewhere. Controversial, daring, self-assured, well-trained, fearless....Prince and Blackwater evoke a wide range of opinions from the public and intelligence professionals. Prince is working on a forthcoming book about Blackwater Worldwide to appear from Regnery Publishing.
That should make a very interesting meeting.
JJ Green's take on Obama's inaugural speech
TERRORISM: The Next Four Years
I think that is about right.
"To the Muslim world, we seek a new way forward, based on mutual interest and mutual respect. To those leaders around the globe who seek to sow conflict, or blame their society's ills on the West, know that your people will judge you on what you can build, not what you destroy."
President Barack Obama said those words in his inaugural address on January 20th.
He delivered an olive branch and warning shot in the same breath.
Iran and Pakistan were two of the recipients.
Which one got which gift?
Well, being the clever politician that he is, Mr. Obama seemed to leave it up to them to decide which interpretation they embrace.
In the two months since he won the Presidential election, there've been an attack in Mumbai and a flare-up between Israel and Gaza. Pakistani militants figured prominently in the attack in India and Iran is the principle weapons supplier to Hamas.
From time to time, you may hear both positive and negative rhetoric toward the U.S. from both countries. However, Iran has done very little to establish good relations with the U.S., so I would imagine they get the warning shot. Given the cold shoulder they got from the Bush administration, it wasn't all Iran's fault.
Given Pakistan's cooperation in the war on terror, they certainly get an olive branch, but some of their political and military leaders have bristled at the U.S. lately over the missile attacks on al Qaida figures in the tribal territories.
Simply put, Mr Obama's message to the muslim world seemed to suggest that if they want to work with his administration to solve some of the world's problems, the door is open, but if any are looking for a fight, they'll have to answer to their citizens.
In short, he made a brilliant move, which he will no doubt remind the world that he's made during his administration --especially the world's bullies get out of line.
I think that is about right.
Wednesday, January 21, 2009
New to me security blog
Shane Harris; Intelligence and Homeland Security Correspondent, National Journal
Monday, November 03, 2008
Call for Papers: DC BSDCon 2009
TaoSecurity
I was pleased to hear from Jason Dixon, who told me that he is organizing DC BSDCon 2009 on 4 and 5 February 2009 at the Washington Marriott Wardman Park. This is right before ShmooCon 2009 and has been coordinated with that group.
DC BSDCon has a call for papers open until 1 December, with selections announced on 15 December. I will probably submit a presentation.
Friday, September 26, 2008
German police arrest two terror suspects
Deutsche Welle
The world didn't stop just because of the US financial crisis.
Last week nineteen people were killed in attack on the American Embassy in Yemen. Editors can't stop their national security coverage just because Wall Street is in melt down.
German police have arrested two suspected terrorists at Cologne-Bonn airport. The two men, a 23-year-old Somali citizen and a 24-year-old German born in Somalia, were removed from a KLM plane bound for Amsterdam just before take-off in the early hours of the morning.
The world didn't stop just because of the US financial crisis.
Last week nineteen people were killed in attack on the American Embassy in Yemen. Editors can't stop their national security coverage just because Wall Street is in melt down.
Tuesday, August 19, 2008
FOIA, torture, and records management
Judge Gives Government 10 Days to Avoid Contempt on CIA Tapes
So now the CIA must produce a list of evidence that it destroyed. How does an administrator produce such a list. Imagine the buck passing going on right now within the agency, for those who destroyed the evidence are keen to arrange that someone else be responsible for describing that which was destroyed, leaving that individual or individuals on the hook for any contempt citation.
All the worker bees within the agency and their contractors are going to play this by the book, let the big shots go to jail.
But the judge, the Southern District of New York's Alvin Hellerstein, said at a hearing that he would give the government 10 days to produce a declaration to convince him why he should refrain from a contempt finding and from ordering production of a list of the tapes, information on witnesses and any documents or memoranda relevant to the Freedom of Information Act request of the American Civil Liberties Union.
So now the CIA must produce a list of evidence that it destroyed. How does an administrator produce such a list. Imagine the buck passing going on right now within the agency, for those who destroyed the evidence are keen to arrange that someone else be responsible for describing that which was destroyed, leaving that individual or individuals on the hook for any contempt citation.
All the worker bees within the agency and their contractors are going to play this by the book, let the big shots go to jail.
Command? Or watering hole?
Inside the Cyber Command Turf Battle
Unified command? Or one isolated silo that only meets the needs of one service? And would one unified command promote the idea of information sharing so central to security?
Edit Comment on Schneier blog reacts to the news:
Reports by the Associated Press who obtained a memo on the subject said this week the Pentagon delayed and may even kill the Air Force's planned Cyberspace Command. Why exactly is up for speculation, but according to one insider who absolutely did not want to be identified - "It's a dollar Grab".
The insider went on to say that "with an estimated $30 billion being spent on cyber capabilities, who can blame them?"
As I tally it, the Army, Air Force, CIA, NSA, DIA, DHS, StratCom and two unidentified black-ops units have already begun developing cyber warfare capabilities. Anyone with an ounce of sense would not want to get in the middle of that group! The Pentagon has to be thinking it would be better to have one unified cyber command rather than all these dispirit efforts.
Cyber warfare is a highly desirable command area -- it is new, it's exciting, it's a real threat and arguably the hottest topic in military circles. Multiple security experts, including myself, have warned that significant and very special resources and expertise are required to execute the core elements of the Bush administration's cyber security plan.
Unified command? Or one isolated silo that only meets the needs of one service? And would one unified command promote the idea of information sharing so central to security?
Edit Comment on Schneier blog reacts to the news:
Russia vs. Georgia-Poland-Estonia are nothing when compared with AF vs. DHS? :-)
Thursday, July 24, 2008
GAO questions progress in informaiton sharing
Information Sharing Effectiveness Questioned by GAO
Information sharing isn't just about exposing terrorist plots, it is also about catching money laudering, gun running, drug dealing, fencing operations and other sorts of crime.
Now nearly seven years since 9/11, not only are state and local law enforcement agencies across the nation questioning the efficacy of anti-terror information sharing pushed by the federal government and intelligence reform measures, but the Government Accountability Office (GAO) reports the government isn’t able to effectively measure whether it has made progress in information sharing, or how effective it’s been in thwarting terrorism.
“Work remains, including defining and communicating the Information Sharing Environment’s (ISE) scope, such as determining all terrorism-related information that should be part of the ISE, and communicating that information to stakeholders involved in the development of the ISE,” GAO reported to Congress this week.
Information sharing isn't just about exposing terrorist plots, it is also about catching money laudering, gun running, drug dealing, fencing operations and other sorts of crime.
Intelligence collection, walk down memory lane
David Hubler
It used to be that intelligence gathered from public sources would be put into a report and the report marked classified. Nowadays the classification system is a little more pragmatic. The practice of gathering information from public sources and analyzing it for strategic significance is known as Open Source Intelligence, or its acronym, OSINT. We are going to be hearing much more about this.
In those Cold War days, listening to and translating news items into English from Radio Moscow and satellite states’ broadcasts from Prague, Warsaw, Budapest, Bucharest, East Berlin, Sofia, Beijing, Pyongyang, Havana and, yes, even Tirana, proved invaluable to the agency, the White House and the rest of the intelligence community.
President Kennedy learned that the Soviet naval vessels were being turned around and would not attempt to cross the Cuban blockade from a news “flash” on Radio Moscow in 1962.
It used to be that intelligence gathered from public sources would be put into a report and the report marked classified. Nowadays the classification system is a little more pragmatic. The practice of gathering information from public sources and analyzing it for strategic significance is known as Open Source Intelligence, or its acronym, OSINT. We are going to be hearing much more about this.
Sunday, July 20, 2008
Friday, July 18, 2008
Military cyber and electronic security
TaoSecurity
Since we're talking military cyber operations, a blog reader asked for my opinion of the new story U.S. Army challenges USAF on network warfare. I saw this first hand at a cyber conference recently. The Air Force colonel who will be vice commander of Cyber Command, Tony Buntyn, spoke, followed by an Army colonel, John Blaine, from NetCom. Col Blaine said the Army had been doing cyber operations for years, seemingly in contrast to the "new" Air Force Cyber Command. Of course, my previous history post noted that the Air Force Information Warfare Center was established in 1993, and the AFCERT was created the year earlier. Air Force cyber history is very extensive, especially if you expand to electronic warfare in Vietnam.
Homeland Security accountability
Bruce Schneier recommends The Quixotic Quest for Invulnerability: Assessing the Costs, Benefits, and Probabilities of Protecting the Homeland, which concludes amongst other things, that we abandon any effort to imagine a terrorist target list.
Maybe, but it seems likely that targets that have been hit in the past will be targeted in the future. It is difficult to imagine that our adversaries would ignore possible targets such as the White House, Capitol, and Pentagon. But then maybe he is correct. Once you start thinking of likely targets in the Greater Washington area you will never stop.
Maybe, but it seems likely that targets that have been hit in the past will be targeted in the future. It is difficult to imagine that our adversaries would ignore possible targets such as the White House, Capitol, and Pentagon. But then maybe he is correct. Once you start thinking of likely targets in the Greater Washington area you will never stop.
Subscribe to:
Posts (Atom)