franknews

The Next Battleground: Cyber Security in the Private Sector

by Robert Stasio

April 11, 2018

Imagine this scenario: an expansive tactical operation center with large screen displays about enemy position and disposition. Young men and women buzz about making decisions and using analytical techniques to discover threats. Suddenly, an analyst discovers critical intelligence about the adversary, this causes the center’s director to make a decision and move a reconnaissance asset. The enemy’s attack is blocked and the offensive capability is neutered. Could this be a description of a well-coordinated intelligence-led military operation? Perhaps, but this is actually a description of a modern cyber security center, something becoming more and more common in the private sector.

In the past several years cyber threats have become so dangerous that private sector companies have actually taken a “war-fighting” approach to combating the threat. There has been a realization that the best way to manage threat is to maintain a constant operational environment, much like the military fights and wins conflicts.

This new security paradigm has led to private companies adopting the people, process, and technology from the military intelligence community in order to achieve success.

In order to understand why companies are making a shift from static security to more dynamic and military-like operations, we must first examine the changing cyber threat. Typically when experts discuss the breakdown of cyber threats, the 80/20 principle is brought up – meaning 80% of cyber actors are generally less sophisticated and the top 20% are so advanced that given enough time and resources they will break onto any network. Most companies have previously placed a vast amount of effort and resources on static security or “building a bigger firewall” - expanding the virtual moats and perimeter defenses that surround networks. Hackers in the top 20% will always follow the path of least resistance. A company can spend millions of dollars on perimeter security and be penetrated by a $300 laptop and one socially engineered phone call. Also, the vast amount of security architecture does little to detect an insider threat. In no other field is the asymmetric threat so profound.

Historically, the top 20% of actors were mainly the concern of the defense and intelligence community. Now, the emergence of commoditized malware kits has spread advanced techniques to a larger audience. For example, in 2006 the emergence of the “Web Attacker” exploit kit brought a packaged suite of tools that any user could operate.

In this new paradigm we understand three truths: you can’t prevent all attacks, your network will be compromised, and 100% security doesn’t exit. Most security practitioners understand that good hygiene and perimeter security will mitigate the bottom 80% of attackers.

What about the top 20% of attackers? How can we hope to mitigate their impact? This is the domain of the modern military-like approach. Most military environments focus on two functional pillars: operations and intelligence. Over the past decade or so there has been a surge in the creation of the Security Operation Center (SOC), a place where companies can have a real-time view of their cyber posture. This concept is very similar to the military’s Tactical Operation Center (TOC), where adversary and friendly movement are tracked in great detail. In a similar manner, cyber threats are tracked on dashboards, managed through sophisticated alerts, and precise actions can be taken to stop a threat as soon as it is noticed. Not surprisingly, many companies tend to recruit former military personnel to lead and operate an SOC due to their unique experience in such an environment.

The intelligence function of cyber operations has become one of the hottest trends in the industry today. In the military, intelligence functions are inherently predictive and seek to understand what the adversary will do before they do it. Some organizations materialize intelligence concepts by building threat intelligence programs, or perhaps threat hunting programs. A common thread across these practices is the concept of data analysis to make decisions; hence the field is sometimes known as Cyber Threat Analysis. The cyber threat analysis discipline blends aspects of intelligence analysis, information security and forensic science. Cyber analysts rely heavily on network traffic and system logs, but they must also consider external and human-generated sources of information. By using cyber threat analysis, one can detect infiltrations faster, regardless of their source. Pairing advanced platforms with a human is the most effective way to detect an infiltration.

Cyber analysts excel in finding unique patterns among massive datasets. Consider the four phases of a hacker’s attack: reconnaissance, scanning, exploitation and persistence. If an organization consolidates systems logs and network traffic, analysts can sift through the data at each phase. Analysts can link associated events among multiple sources and replay how an attack occurred. Tracing patterns over time, analysts can determine the signature of a scan and assign it to specific actors. This will help them predict when an attack will occur. Traffic from backdoor beaconing can be found quickly and blocked at the gateway. The source of data will be irrelevant; analysts can just as easily identify traffic from an insider threat as they can from Internet-based attacks.

Consider the operation center scenario described above, perhaps with a holistic intelligence analysis and information sharing approach an analyst would have been able to identify the initial pattern and prevent a second similar attack. One can see how intelligence must be tightly linked with operations to be effective. Overall security operations are divided temporally into tactical, operational, and strategic phases. In each phase of operation, analysts may produce data and intelligence, which inform decisions. There are a wide variety of use cases in cyber threat analysis enhances SOC operations.

Like many industries, cyber security moves in waves. There will be a surge of hype in a new technique and technology that organizations will implement over some years. Markets where first-adopters emerge are often the same, for example the financial sector tends to be a leader in implementing new technology. In the case of cyber security, the military and intelligence community has emerged as a leader. The main reason for this is that these secret communities have needed to protect their most sensitive information from advanced hackers for many years. This has forged a critical training pipeline of personnel to operate cyber centers against the onslaught of advanced malware.

The long process to train personnel in operations and intelligence have led to a surge of recruiting of former government employees into the private sector.

The human analyst is the crucial component to the cyber analysis process, but they also require some tooling. Just as there has been a movement of people from government to private sector in the cyber profession, there has also been an influx of the same intelligence platforms. In order to maximize an analyst’s capability and multiply their work capacity, a mature security organization must use a data analysis tool to enrich, produce, visualize, and analyze information. Private companies have started to incorporate link analysis and data analytics tools once only seen in intelligence agencies. It turns out that when the people started transitioning roles they needed the same tooling to do their work.

In order to attack the full cyber threat spectrum an organization must embrace both information security and the natural evolution of cyber analysis. Information security creates a foundation of security with a framework and builds upon that with some specialization and technology. Eventually, the security process evolves into cyber analysis with long-term research and ecosystem visibility concerning malicious actors. Many private organizations are creating this approach by studying the techniques of military and intelligence organizations.

Reflections on Money

by Kianga Daverington

September 1, 2020

This essay, written by Kianga Daverington of Daverington PLLC , was originally published in January 2020. The piece as been condensed for clarity.

Money is not a physical object like a coin, a bar of gold or a dollar bill. Money is at its core, a technology. It is a human invention designed to solve a specific set of human problems. Consider money, perhaps, in a new way. Think of money as a system for capturing time.

Time is the one thing we each have that is absolutely finite. We are born, we die, and the dash in between is all the time we have.

Think of production. We can usually produce more of some good by adding people to a task (also known as “WORK”). But we are still constrained by time. Whatever we produce is still limited by the amount of humans that can be organized to go into that production. Each of us possesses a limited amount of time available to us individually, so we need to convince or coerce others to add their time to ours if we want to achieve more than we can alone.

Out of this imperative, nations are born.

The most important quality of any particular form of money is how well it preserves the value of time over time. Can you buy the same amount of stuff or more in the future than you can buy today? If yes, congratulations - your money is accumulating time for you and future generations while you relax on the beach. If it takes more and more of a unit of money to buy the same amount of time in the future, well then I’m sorry, but that unit of money is getting weaker and weaker. It’s losing value or said another way – it’s losing purchasing power. The longer you hold it, the less it buys.

In a way, by purchasing goods and services, you are purchasing time. Every product and every service requires time to make and time to deliver - your time and/or someone else’s. The price therefore reflects the collective value of all the time put in. Money is a way we exchange time and move it around from where it is valued less to where it is valued more.

This is where prosperity comes from. It comes out of how well a society, collectively and each person, spends its time. How much time is spent creating and making? How much time is spent consuming? If we make more than we consume, we have something left over called wealth. If we consume more than we make, we are left with debt. You can’t consume what you don’t have, unless someone extends credit. Where does this “credit” come from? Basically –it’s made up.

Too much credit or debt eventually collapses and everyone is mixed up in the collapse.

If we understand that a unit of money represents a unit of time, and we understand time is limited, then a unit in a system of money with unlimited supply cannot have any value. This is the problem we are facing today with the world’s money supply. The supply of money in the world is increasing exponentially as central banks create money by giving loans to national governments, which is where our money comes from.

Our entire world financial system is a powder keg of debt.

National currencies today are known as fiat money, a currency without intrinsic value that has been given its power to be used as money by a government that says it is money by regulation. Wikipedia says, “Fiat money does not have use value, and has value only because a government maintains its value, or because parties engaging in exchange agree on its value.” Well said, Wiki.

A government’s job of maintaining the value of its national money boils down to a confidence game. On what basis do the people who use that government’s money believe it has value?

What happens to the money and those who hold it when the foundation of that belief begins to crumble?

The Four Courses of the Apocalypse

by Joyce E. Chaplin

May 3, 2020

Joyce E. Chaplin (PhD and MA Johns Hopkins, BA Northwestern) is the James Duncan Phillips Professor of Early American History at Harvard University. You can find her on Twitter here.

In our state of emergency, most Americans want to taste deliverance when they eat. Their wish is important. Humans mask their bare need to eat with culture: customs about when food can be taken, manners for how to consume it, equipment to prepare and serve it correctly, and shibboleths to restrict what can be eaten in the first place. Stockpiling, ordering take-out, gardening, pickling, cooking, baking—by expressing food preferences in a pandemic, US citizens demonstrate what they hope for and fear. What follows is a four-course menu based on popular quarantine options, all of them revealing that Americans hanker after normality. But what is normal? Life before COVID-19 had serious problems. #AloneTogether is a hopeful tag for social distancing. When we’re all, by definition, stress eating in various states of aloneness, are we also sustaining a United States that must, now and in the future, somehow hang together?

4 G 30 10A

We’ll start our meal with sourdough. On Twitter, ongoing convo about bubbly mothers is not about extroverted female parents. Mothers (or starters) are thick, fermented cultures of lactobacilli that, instead of baker’s yeast, leaven sourdough. Carefully cultivated, in jar or crock or Tupperware, starters look like loose, frothy dough. You measure some out for a bake, then tenderly feed the remainder some flour and water. True sourdough is vegan and is one of the world’s oldest foods, with each lactobacillus strain native to a specific place on Earth.

Sourdough is undeniably American. It was the sturdy fare of many a young man (or woman) who followed the call to go west, to wherever the urban supply line of brewer’s yeast gave out, whenever baking powder wasn’t yet commercially available. In Laura Ingalls Wilder’s Little House books, sourdough biscuits are the daily bread. Gold miners ate those biscuits, too, also sourdough flapjacks, fixed from treasured starters. Boudin Bakery claims (credibly) to be the longest continuously operating business in San Francisco. It was founded in 1849, when a Frenchman opened a commercial bakery, using a Forty-Niner’s sourdough mother, which the company says it’s tended ever since. (Bite into Boudin and you’re chewing on something roughly 170 years old.) Onward the bubbly mothers went, to the Klondike, site of the next gold rush. The “Sourdoughs,” as Alaska miners were called, are commemorated in Charlie Chaplin’s Gold Rush (1925). This is the movie in which the Little Tramp and his cabin mate, snowbound together (sound familiar?), get so hungry that Chaplin’s character boils and dines on his boot, and then his roomie seeks to dine on him.

Alas, it’s this vignette, with one starved Sourdough hallucinating that the other is a tasty chicken and chasing him with an axe, that I cannot forget amid the pleasant twittering about rustic boules. What do people think they’re doing when they bake bread at home, one loaf at a time, or even two by two, as if handily adapting ancient divine advice for surviving an impending disaster? Historically, people didn’t do that. Baking whole loaves of bread consumes lots of fuel. The ancient Near East, ancestral land of small-grains like wheat and bread baked from them, lost most of its trees in ancient times—Lebanon and Egypt once had forests of cedar and pine. As timber dwindled, firing an oven got expensive. Quick-cooking flatbreads were what people made at home. In the tree-depleted old world, commercial bakers had to figure the cost of fuel into baking multiple loaves of bread in a large oven. For a fee, a baker might make room for household loaves, or even other cooking, for people who couldn’t afford much fuel. One way or another, it could take a village to bake a loaf of bread. In North America, however, settlers found plentiful wood—great for baking—until they cleared the woodlands nearest the settlements. At that point, they needed a Monsieur Boudin to bake them something other than quick pancakes.

I don’t think most of social media’s sourdough bakers know that their re-enactment of American pioneer autonomy defies a bigger history in which daily bread evoked connection to others, if not dependence on them.

Frankly, American sourdough smells like settler-colonialism, a fragrance of biscuits and flapjacks rising above the log cabins and mining camps that steadily eroded Indigenous land rights while cutting down trees on those lands.

It’s a myth that pioneering individuals or families settled the West—the federal government did that, through policies that favored the spread of white population. The ability to own and maintain a freestanding household (with an oven) is still a legacy of US racial and class privileges.

Maybe, at this point, you’d like a drink with your meal? Lots of other people are having one, or three. The marketing research firm Nielsen found that, compared to a year ago, March 2020 showed a 75 perecent increase in spirits sold, a 66 percent increase in wine sales, 42 percent for beer, and a spike of 243 percent in online alcohol sales generally. (March 2020 cannabis sales also soared in states where it’s legal to buy.)

That’s self-medicating to the point of disaster. An editorial in the Boston Globe pleaded for a ban on alcohol sales during the emergency shutdown, pointing out booze’s role in rising rates of domestic abuse. Under quarantine, vulnerable individuals are miserably close to abusers and distanced from helpers. The nuclear family was supposed to have been cleansed of the worst residues of ancient patriarchal rights. We’re now engaged in a painful test of how much of that work was done. Post-quarantine rates of divorce, (re)marriage, and births will reveal collective confidence, or not, in the American nuclear family, temporarily returned, as it has been, to a state of snowbound homesteading.

Take cheer, for the moment, in our second course, crab rangoon. Aggregate Uber Eats data about early-April deliveries identified this as the nation’s third most popular dish, trailing french fries and pad thai. What is it? Bits of crab (or imitation crab) and seasonings are blended into cream cheese. Dollops of the tangy mass are wrapped in wonton pastry, then deep fried. The crisp bundles are typically served with a sweet dipping sauce. If you think this sounds like bar food, you’re right. Crab Rangoon seems to have been invented at Trader Vic’s, the post-World-War II tiki bar that also claims to have invented the mai tai. Crab rangoon has no connection to Yangon in Myanmar. The fried parcels belong to the chop-suey canon of Chinese-American foods, the knowingly false concoctions that mingle something authentically Asian (like wonton pastry) with some kind of Americana (“Philadelphia” cream cheese), often featuring an expensive treat, like crab.

Is this cultural appropriation? Maybe. Though it was Chinese immigrants themselves who shrewdly sold chop suey to white customers to ensure their grandchildren would never have to work in restaurants. Are crab rangoons culinary abominations? Well, what isn’t? It’s not as if ballpark beer and hotdogs greatly resemble the lager and wurst homesick German immigrants tried to recreate in the United States. Let’s give chop suey and crab rangoon the benefit of the doubt, regarding them as gateway dishes for the timid Euro-American palate. Without those dubious chimeras, would pad thai have become the second most ordered thing on Uber Eats in 2020?

The Uber data proves another of crab rangoon’s essential qualities: it’s not home-cooking; food service workers make it. When it arrives with its jewel-tone dipping sauce, it’s proof that you didn’t have to cook. Even if you buy frozen crab rangoon, somebody else got it ready for you to heat up. For this second course in our pandemic dinner, it still takes a village. One commentator on the Uber Eats data wondered (with studied innocence) what chicken tikka masala and “crag [sic] Rangoon” could possibly be? Sadly, some Americans don’t enjoy any Asian cuisine. (Perhaps they also call COVID-19 the “kung flu.”) The “crag” for crab was probably just a typo, b and g are neighbors on the keyboard, after all. But that mistake conceals the dish’s inherent sociability. No one orders crab rangoon from a distant crag where they can’t get a phone signal. Just remember: if you order anything, add a tip. Everyone in food service is tired, underpaid, and risking infection.

I hope you’re not full, because here comes the main course and it’s Spam. This is neither home-made nor ordered from a restaurant. Each can of Spam yields a dense, pink, rounded-edge oblong that can be sliced or diced, then baked, fried, or microwaved. It predates the microwave, invented in 1937 by the Hormel Company to sell pork shoulder during the Great Depresssion. “Spam” vaguely promised shoppers some nice spiced ham. Spam hit the big-time during World War II, when the US government bought it in bulk to feed servicemen. It remains popular on Pacific islands, including Hawai’i, that have had large US military bases.

Spam is newly coveted because it’s shelf stable, a prepper protein the Greatest Generation bequeathed to us. It joins several related revivals. Backyard gardening and home canning are also on the rise, just as victory gardens and adaptation to food rationing supported war efforts in the early twentieth century. It must be said, however, that today’s prepping also descends from the bleaker survivalism of the Cold War. In the 1950s and 1960s, Spam-stocked bomb shelters were not so much parts of a collective program to defeat the enemy as they were ways to outsurvive one’s neighbors. Nicely browned, Spam has a crisp keep-calm-and-carry on quality. But also a Dr. Strangelove sizzle.

Spam sales are part of pandemic enthusiasm for animal products, even those produced from factory farms—even though we should know better. Spam is a branded product. People have heard of it even if they’ve never eaten it. It’s the antithesis of farm-to-table, also of vegetarianism or veganism. It’s not just processed food, but highly processed—and cruelly so. Spam is extracted from hogs, a highly sentient and social species. They are bred in metal cages with concrete floors and slaughtered on an industrial scale. Producing protein this way is inhumane and environmentally unsustainable. And yet meat is a high priority for many Americans. On April 28^th, President Trump signed an executive order to declare meat processing plants “critical infrastructure.” He is indifferent to the hogs, and to the meat-industry workers who now cannot practice social distancing. Who cares about them? Recent analysis of the most-Googled recipes in each US state showed that iterations of hamburger or ground beef were the top choice in twelve states, chicken in five, pork in three more—twenty of our fifty states seek animal flesh. But whatever industrial meat’s current merits as comfort-food, we cannot plan to subsist on it in the decades to come.

Time for dessert? Maybe you’re trying to avoid “the COVID 15,” the fifteen extra pounds stress-eating is packing around some self quarantiners. How about a healthy orange? Fruit isn’t a bad choice. Even grapes or apples, which are little more than bags of fructose and water, with trace vitamins, are better than actual candy.

But, first, give thanks to the people who pick your fruit and to the natural world that makes all food possible. Agricultural piece workers have unenviable jobs that poorly match the attractive pyramids of bounty in the produce section. This isn’t one of those (vanishingly rare) problems that the pandemic has made better. Most US farm workers are undocumented migrants, to whom many labor regulations never apply. They are now, in the pandemic, categorized as “essential workers,” out of concern to maintain the food supply. But this means the workers can’t stay home, either to recuperate if they’re sick or avoid people they know are infected—and those two factors feed on each other, even out in the fresh air of a field of antioxidant-rich strawberries. If we want to continue to enjoy berries or oranges, we’ll need to reconsider the compromised labor conditions for agricultural workers in an increasingly exclusionist United States.

Also, whether we want to think about it right now or not, climate change is threatening most crops, including those, like citrus, that are Goldilocks-picky about their temperature and rainfall.

Now, back to those antioxidants. Many fruits (and vegetables) have super-nutritional qualities. These are critical for maintaining health. Your body will disintegrate from scurvy if you cease to ingest Vitamin C; the known range of vitamins, minerals, antioxidants, and micro-nutrients have similar prophylactic functions. Together, they boost the immune system’s defense against infections, including COVID-19.

But fruit alone doesn’t ward off contagious diseases. We also need immunizations, which shield individuals from horrors like smallpox while giving populations the herd immunity that prevents outbreaks of measles, whooping cough, and the like. Anti-vaxxers, the people who think inoculating children creates autism, preach instead the efficacy of diet. In parallel, right-wing survivalists are peddling pandemic decoctions of colloidal silver. Silver has antibacterial properties; these have no effect on viruses like COVID-19, however. Nor will an orange a day truly keep the doctor away. If anti-vaxxing survives the pandemic, can anything kill it? More to the point, if civic intelligence about science could also be described in terms of herd immunity, at what point might we be collectively doomed by the ignorance of a minority?

I offer a fortune cookie at meal’s end. And the fortune reads:

Eat wisely—#AloneTogether is forever.

frank news is dedicated to storytelling across all mediums. A space for debate, discussion, and connection between experts and a curious readership. Topics are presented monthly with content delivered daily.

Founders

Newsletter

Issues

Categories