security

23.06.2019 Cyber assessment, cyber crime, cyber security, cyberprism, privacy, Risk assessment, security Comments Off on Hope is not a cybersecurity strategy

Hope is not a cybersecurity strategy

Take the time now to assess your enterprise cyber risk and discover where best to invest for the best defense!

Since 2013, there have been 169 cyber attacks against city/state government agencies; 22 so far this year. Of the 169, 45 targeted law enforcement

In a recent cybersecurity conference I attended, CISO panelists were asked for their #1 cybersecurity issue. Surprisingly, their answers was NOT better cyber security toolsmore cybersecurity staff (that was their second priority), or more cyber intelligence.

Their #1 answer?

More action by executives and boards of directors to do what needs to be done to help better protect their cyber assets.

Now, to be fair to those executives (public and private sector), “cyber” is just one of numerous front-burner issues they must deal with, and unfortunately taking the time to learn about and effectively address cyber risks doesn’t always make the cut – until their agency/company is attacked.

I refer to this the “911 effect“…Terrorism was a problem on September 10th; however, it took the horrific events of September 11th to get the attention and investment that others, like FBI SA John O’Neil* and others knew it desperately needed.

So, as an executive, how can you avoid the “Cyber 911 Effect” for your agency? I offer three steps:

  1. Elevate cyber risk as a priority at the executive/board level and do the work needed to better understand what your organization’s cyber risk really is;
  2. Conduct an enterprise-wide cyber security assessment to become informed for how your current cybersecurity behaviors and investments stack-up to your inherent risk; and
  3. Implement a program of continuous risk monitoring and mitigation to build stronger cybersecurity maturity against the threats you face.

What? You say you don’t have the time or funds to do these three things? Well the truth is that it’s going to cost you a LOT more time and money if you do get attacked and you don’t do them…a few examples:

  • Albany, NY – city services and police department impacted, cost not yet known
  • Atlanta, GA – city services impacted; estimates vary, $5,000,000 and $17,000,000
  • Baltimore, MD – weeks with many city services offline; $18,000,000 recovery estimated
  • FBI National Academy – websites breached, stolen PII of thousands of LEOs exposed
  • FEMA – personal information on 2.5 million disaster victims exposed by subcontractor
  • Indiana – health information of >31,000 patients exposed
  • Massachusetts – attack shuts down parts of Public Defender Agency
  • Oklahoma – millions of government files exposed, some pertinent to FBI investigations
  • Riverside, TX – 10 months of police/fire department files affected

While I’d love you to call me in (410-903-6289) to help you get it done, there are many good cyber risk assessment offerings out there. Whichever way you go, take the time and make the investment now (less than $10k) and just do it.

To learn more about my cyber risk assessment offering, please read this posting: https://www.linkedin.com/pulse/nowheretohide-now-offering-enterprise-cyber-security-risk-georgo/

Thank you…r/Chuck

* Note: John O’Neil died in the September 11, 2001 attacks on the WTC, 2001. Believe it or not, it was his first day on the job as the Chief Security Officer for the WTC compound. You can read more about him in the book Securing the City.

24.01.2019 privacy, Privacy by Design, security, Uncategorized Comments Off on 2019 IJIS presentation – Using PBD to reduce your attack surface

2019 IJIS presentation – Using PBD to reduce your attack surface

Thank you to everyone who attended my presentation on Privacy by Design at the 2019 Integrated Justice Information Systems (IJIS) Institute’s 2019 Symposium today.

You can download the slides from my presentation here:

20190122 2019 IJIS presentation – Using PBD to reduce your attack surface v1b (CG)

26.11.2017 cyber security, information security, privacy, Privacy by Design, security, security threats Comments Off on Applying Privacy by Design as a Strategy to Reduce Your Attack Surface

Applying Privacy by Design as a Strategy to Reduce Your Attack Surface

We spend a lot of time and money setting up defenses to prevent cyber threats from breaching our organizational perimeters, but we hardly spend any time on the mess we have inside. Applying Privacy by Design principles to the data and systems within your organizations can make it very much harder for cyber thieves to steal your important information when they do finally breach your networks.

Click on the link below to see the presentation I gave at this year’s Cyber Threat Summit in Dublin, Ireland on October 24, 2017:

20171009 ICTTF 2017 presentation – using PBD to reduce your attack surface v1a (CG)

r/Chuck

02.10.2015 computer security, cyber crime, cyber security, ICTTF, information security, security, security threats Comments Off on Message to the Board: Stop being an Ostrich when it comes to Cyber Security – Trust, but verify

Message to the Board: Stop being an Ostrich when it comes to Cyber Security – Trust, but verify

I just gave this presentation to nearly 200 attendees of the ICTTF Cyber Threat Summit 2015 in Dublin, Ireland.

For those of you that attended; thank you!

Through this presentation I hope I was able to communicate three points:

  1. How company/agency executives put their agencies at risk by blindly trusting that they are doing all that can be done to secure their networks, applications and data;
  2. That leadership’s approach to motivating employee’s to practice better cyber hygiene needs to mimic principles of behavioral economics theory that advertisers use; and
  3. By changing the way they ask questions to their senior staff (mainly their CIO/CISO), they can a) have better proof that necessary cyber protections are in-place, and b) they will have a better understanding of the unaddressed cyber risk their company/agency faces.

Enjoy…r/Chuck

08.11.2014 computer security, cyber crime, cyber security, security, security threats Comments Off on IACP 2014 – October 25th – 28th, Orlando, FL – Day 2 – LE Cyber Threats and Attacks

IACP 2014 – October 25th – 28th, Orlando, FL – Day 2 – LE Cyber Threats and Attacks

mjw headshotDay Two at IACP and straight in early on Sunday morning to attend the Cyber Threats and Attacks Facing Law Enforcement Agencies session. Having attended the last two Cyber Threat Summits in Dublin, Ireland, I am well aware of the challenges we are all facing everyday in trying to protect our technology.

Mark Gage opened with a very worrisome statement, saying that we spend so much money trying to protect everything else in our lives, but not enough care is given to protecting our information and identity networks. We are at risk every single day, just by viewing Facebook or opening up an untrusted email attachment our phones/laptops can become infected, and spread malware.

We should all know better, in-fact we do know better, we know the risks associated with all these things, but yet we are all capable of making silly mistakes and suffering the consequences.

Mark says the most important thing is to educate your staff, consult with those you share systems with, do not use the same password for everything, and make your password changes a minimum of 90 days. It’s also critical that we keep all software up to date, particularly anti-virus software, and implement back up procedures. For companies, he suggests paying money to employ IT staff or contractors.

George Arruda spoke next of the worst day for him in Sept 2013, whilst driving on holiday in Florida, he received a phone call, which gave him the news he dreaded – a virus had locked down ALL of Swansea Police Department’s files thanks to a vicious virus called Cryptolocker!

The only way to get the files back was to pay a ransom of bitcoins, to some criminals out there in cyberspace. He didn’t know who there were, or where they originated from, but he gave the order to pay and get the files back.

A cyber security expert was called in and he advised against this, but they eventually began the transactions of transferring bitcoins and they started to get data back. The main problem here was that they did not have back up, so they were indeed in a vulnerable position.

Having amassed a very large amount of data, this incident shook the Swansea PD. On the back of this, George gave advice to everyone – Back Up Everything and teach your staff NOT to open anything suspicious, and only have ONE administrator access with a password.

Steve Sambar warned of the dangers of terrorist cyber attacks, and the worry of, if they attack, what do we do? Who will be responsible for handling it? How long will it take to cover? We face so many threats every day, human error, insider threats, external threats. Many big corporations have suffered already. For example, Target had 40 million accounts hacked in Dec. 2013, and Ebay’s database with 233m users was hacked in Feb. 2014.

Jim Emerson had the last word, delivering a fast paced description of the emerging threats and challenges. Everything is happening faster, he said, and we have to understand the reality of what cyber security is.

He showed two short videos from IACP about cyber security, these are available on the IACP website. Jim wants us to:

  • Check carefully where is the suspicious email coming from.
  • Be aware of who you connected to.

Jim also stressed the importance of this being a day to day footrace, and it never ends. He is right, and we do not want to be sorry when it is too late.

Until next time…take care of yourselves!

r/Mary

14.09.2013 counterintelligence, cyber crime, cyber security, Economic espionage, espionage, information security, INSA, insider threat, Risk assessment, security, security threats Comments Off on Message to Government and Private Sector: YOU are the reason for insider threats

Message to Government and Private Sector: YOU are the reason for insider threats

spy v spyEveryone is missing the boat on the insider threat issue – INSA too…to paraphrase James Carville, “It’s leadership stupid.”

Government and private sector organizations are the primary reason for insider threats – senior leaders and the boardroom grow them internally.

With very minor exception, NO ONE COMES TO WORK FOR YOU ON DAY ONE WITH THE INTENT TO HURT YOU, steal your secrets, or sell your intellectual property.

It’s how you treat them, over time, that turns them into insider threats.

  • You put them in the wrong jobs;
  • You fail to trust them;
  • You make it hard for them to do their jobs;
  • You put asshole/untrained managers over them;
  • You treat them like furniture;
  • You , threaten their existence in your companies and agencies;
  • You kill their spirit; and
  • Then, you wonder why they decide to hurt you.

Want to reduce/eliminate the insider threat? Treat you staff the way you did on day one:

  • Welcome them as a human being;
  • Be aware of how they are cared for in your organization;
  • Show them you care about them and their families;
  • Give them a future;
  • Put r-e-a-l leaders over them;
  • Give them a voice; and
  • Pay them well.

In other words, treat them as you would want to be treated.

Now, why is that so hard?

And, why do NONE of the plans I have seen for combatting the insider threat even mention poor leadership as a factor?

INSAonline.org | 9.12.13 Assessing Insider Threat Programs of U.S. Private Sector http://www.insaonline.org/i/f/pr/9.12.13_InsiderThreat_WP.aspx

 

06.06.2013 CCTV, crime, Information sharing, law enforcement, public safety, security, Technology Comments Off on LEIM 37th Annual IACP: Tuesday May 21st 2013

LEIM 37th Annual IACP: Tuesday May 21st 2013

mjd 2a smThis was my second year attending LEIM and certainly the most enjoyable as the setting for this year was the beautiful Fairmont Scottsdale Princess Hotel. Coming from a country (Ireland) that has been deprived of good summers for the last few years, I was overwhelmed by the glorious sunshine.

As I walked around the beautiful grounds of the Fairmont Princess, enjoying the heat, I took in the perfectly manicured lawns, the towering cactus displays and the perfect little bunnies. This was just heaven and so far away from the cold, rainy Dublin I had left some days previous.

I’m glad to say as I write this from my kitchen in Dublin; the sun is streaming in the window, and is bringing back memories of Scottsdale!

I discarded my swimsuit and dressed more appropriately for the Opening Ceremony of LEIM 2013. Scott Edson, the past year’s Chair, opened LEIM with a warm welcome for everyone and a brief outline of the next few days events and sessions. He was joined by Alan G. Rodbell, Chief of Police, Scottsdale and Bart Johnson, Executive Director, IACP; they too gave a brief introduction and welcomed all.

After the opening I went along to my first plenary session of LEIM, The Evolving Role of Technology in Policing. This sessions also included results from the previous days Information Technology (IT) summit. Tom Casady spoke about technology changes over the years and how it changed law enforcement.

  • The telephone was a big innovation from the 1930’s, and is still a critical tool today.
  • Cars and motorcycles changed everything for the average policeman patrolling the street on foot.. Harley Davidson credits Detroit, Michigan as being the first purchaser of police motorcycles as early as 1908. The use of cars and motor cycles by police was widespread by the 1930’s. 
  • Two-way radio with the invention of the Motorola Police Cruiser Radio Receiver in 1936 again changed policing for the better. This was a rugged one-way car radio designed to receive police broadcasts. These have of course evolved into the Police Scanners we know today.
  • In 1968 the first 911 call centre began where people could contact police on a simple but easy number to remember, in an emergency. This highly successful contact is still used to this day.
  • The typewriter was used from the early 20th century and of course has evolved from the 1960’s, to the computers and laptops that are used today.
  • Finally, in 1974, the stun gun was invented. It became an invaluable tool  to subdue fleeing or potentially dangerous persons, and gives officers a less lethal alternative to firearms in many situations. As many lives as it has saved, it is still a subject of controversy, as it’s use has been implicated in some instances of serious injury or death. But having seen its use over the years, and in particular, the British police recently using this device to subdue the two terrorists responsible for the killing of Drummer Lee Rigby in Woolwich on May 22nd, I do agree with police being armed with them.

Of course technology has evolved from all this, to the brilliance of what we have today. From Cell phones, Laptops, Augmented Reality, Wearable Technology, i.e.: Cameras, Voice Recognition, Facial Recognition, Predictive Analytics, DNA Biometrics, Embedded GPS and to Social Media using Twitter and Facebook as a means of getting information from the public at the time and place of a crime or disaster.

There are a few articles and more information on this subject below:

Stay tuned for a couple more blog postings about the 2013 LEIM Conference.

Thanks…r/Mary

24.12.2012 counterintelligence, cyber security, Economic espionage, law enforcement, public safety, security, Tips Comments Off on Signs, signs, everywhere are signs: We have to take better care of each other

Signs, signs, everywhere are signs: We have to take better care of each other

signsPop quiz…what do the following have in common:

  • Bradley Manning, US Army soldier who released 750,000 documents to wikileaks
  • Jacob Tyler Roberts, another young man who shot up an Oregon mall
  • Adam Lanza, young man who killed 26 at a Newtown, CT school
  • Marijana Bego, NYC art gallery owner who jumped to her death yesterday

The answer? One or more people knew something was wrong BEFOREHAND.

I am now convinced that EVERY incident, whether it is a tragic shooting, a terrorist act, espionage, or a sole suicide, there were signs ahead of time that something was not quite right with the individual(s) involved.

So what can we do? We have to take better care of each other. When we see signs that someone isn’t quite the way they used to be, call them on it. Ask questions. Take action BEFORE something bad happens.

Scared that you’ll embarrass them? scared you’ll embarrass yourself? If so, just think how you will feel if you don’t take action and something even worse happens…how will you feel then?

  • In Bradley’s case, the Army knew there were reasons NOT to put him in a position of trust, and they did anyway!
  • In Jacob’s case, his own roommate said he acted weird and talked about moving and selling his possessions!
  • In Adam’s case, the school district security officer knew he had disabilities!
  • And, in Marijana’s case, many people around her knew she was erratic and not happy.

I would hate to be in any of those person’s shoes…

so, for 2013, let’s try and take better care of each other, and vow to intervene early, maybe we can save a life.

Merry Christmas and Happy New Year

r/Chuck

 

11.10.2012 computer security, counterintelligence, cyber crime, cyber security, Economic espionage, espionage, information security, insider threat, leadership, security, security threats Comments Off on Why can’t Johnny be good? The making of an insider threat

Why can’t Johnny be good? The making of an insider threat

“When Johnny reports to work for you on Day 1, they DO NOT intend to do you or your organization’s information systems any harm; something happens to them, either in their personal or work life that changes this – the CEO’s or Agency Head must be held responsible for making sure they know what’s going on with all of the Johnnys (and Janes) in their organization to prevent the good people they hired from becoming insider threats.”

While most of the world is focusing on “technology” as a solution to preventing insider threat attacks to organization/agency information and systems, hardly anyone is focused on leadership’s responsibility to create and sustain a work environment that minimizes the chance for an employee to turn into an insider threat.

On October 21, 2012, I had the chance to speak on this issue at the 2012 International Cyber Threat Task Force (ICTTF) Cyber Threat Summit in Dublin, Ireland a few weeks ago; here is a video recording of my presentation, I hope you find it informative and useful.

r/Chuck

15.09.2011 Analysis, law enforcement, security, Uncategorized, video analysis, video analytics Comments Off on Video Analysis/Analytics: Can we use it to detect criminal behaviors and activities?

Video Analysis/Analytics: Can we use it to detect criminal behaviors and activities?

I just found this report published by the National Criminal Justice Reference Service (NCJRS). Developed by Nils Krahnstoever, General Electric (GE) Global Research, it describes the development of a wide range of intelligent video capabilities relevant to law enforcement and corrections, and describes features of video surveillance that can help to enable early detection and possibly prevention of crimal incidents.

The study also points out, in a number of places, limitations of the technology, based on response activities and envronmental factors. it’s worth a read, here is the table of contents; you can read the document here Automated Detection and Prevention of Disorderly and Criminal Activities:

 Table of Contents

  • 1 Abstract
  • 2 Executive Summar
    • 2.1 Data Collection
    • 2.2 Crime Detection and Prevention
    • 2.3 System Evaluation and Feedback
    • 2.4 Law Enforcement Relevance and Impact
    • 2.5 Dissemination of Research Results
    • 2.6 Next Steps
  • 3 Introduction
  • 4 Data Sets and Data Collections 17
    • 4.1 GE Global Research Collection
    • 4.2 Airport and “Behave” Data
    • 4.3 Mock Prison Riot Data
      • 4.3.1 Venue
      • 4.3.2 Installation
      • 4.3.3 Camera Views
      • 4.3.4 Calibration
  • 5 Motion and Crowd Pattern Analysis 25
    • 5.1 Multi-camera Multi-target Tracking
    • 5.2 Detection and Tracking of Motion Groups
    • 5.3 Counting and Crowd Detection
    • 5.4 Simple Group-Level Events
    • 5.5 Group Interaction Model
    • 5.6 Group Formation and Dispersion
    • 5.7 Agitation and Fighting
    • 5.8 Advanced Aggression Detection
      • 5.8.1 Feature Tracking
      • 5.8.2 Motion Analysis
      • 5.8.3 Motion Classification and Clustering
      • 5.8.4 Results
  • 6 Identity Management
    • 6.1 PTZ Camera Control
      • 6.1.1 Introduction
      • 6.1.2 Related Work
      • 6.1.3 Experiments
      • 6.1.4 Discussions
    • 6.2 Identity Maintenance
  • 7 Social Network Estimation
    • 7.1 Introduction
    • 7.2 Experiments
    • 7.3 Conclusions
  • 8 Data Collection and System Testing at Mock Prison Riot 2009
    • 8.1 Collection and Testing Approach
    • 8.2 IRB Approval
    • 8.3 Collected Video Data
    • 8.4 Mock Prison Riot Detection and Tracking
    • 8.5 PTZ Control
    • 8.6 Behavior and Event Recognition
      • 8.6.1 Meeting / Approaching / Contraband Exchange
      • 8.6.2 Aggression Detection
      • 8.6.3 Fast Movement
      • 8.6.4 Distinct Group Detection
      • 8.6.5 Flanking Detection
      • 8.7 Performance Evaluation
      • 8.7.1 Sequence “Utah Leader Attack” (Nr. 00)
      • 8.7.2 Sequence “Utah Leader Attack 2” (Nr. 01)
      • 8.7.3 Sequence “Gang Killing other Gang” (Nr. 02)
      • 8.7.4 Sequence “Gang Killing other Gang 2” (Nr. 03)
      • 8.7.5 Sequence “Gang Killing other Gang 3 – Unrehearsed” (Nr. 04)
      • 8.7.6 Sequence “Aborted Attack” (Nr. 05)
      • 8.7.7 Sequence “Aborted Attack 2” (Nr. 06)
      • 8.7.8 Sequence “Gang Argument – Prisoners get attacked” (Nr. 07)
      • 8.7.9 Sequence “Gang Initiation” (Nr. 08)
      • 8.7.10 Sequence “Contraband Exchange” (Nr. 09)
      • 8.7.11 Sequence “Multiple Contraband Exchange” (Nr. 10)
      • 8.7.12 Sequence “Contraband with Fight” (Nr. 11)
      • 8.7.13 Sequence “Blended Transaction” (Nr. 12)
      • 8.7.14 Sequence “Shanking followed by Leaving” (Nr. 13)
      • 8.7.15 Sequence “Gang Hanging Out Followed By Several Fights” (Nr. 14)
      • 8.7.16 Sequence “Fight Followed by Guards Leading Offender Off” (Nr. 15)
      • 8.7.17 Sequence “Fight Followed by Guards Leading Offender Off” (Nr. 16)
      • 8.7.18 Sequence “Contraband – Officer Notices” (Nr. 17)
      • 8.7.19 Sequence “Argument Between Gangs – Officer Assault” (Nr. 18)
      • 8.7.20 Sequence “Contraband exchange followed by guard searching inmates” (Nr. 19)
      • 8.7.21 Sequence “Prisoner being attacked and guard intervening” (Nr. 20)
      • 8.7.22 Sequence “Fight breaking out between gang members and officers breaking it up” (Nr. 21)
      • 8.7.23 Sequence “Fight between gangs. Guards breaking fight up” (Nr. 22)
      • 8.7.24 Sequence “Fight between gangs. Guards breaking fight up” (Nr. 23)
      • 8.7.25 Sequence “Gangs fighting. Guards breaking fight up.” (Nr. 24)
  • A Public Dissemination
  • B Reviews and Meetings
    • B.1 Technical Working Group Meeting
    • B.2 Kick-Off Meeting at NIJ
    • B.3 Sensor and Surveillance Center of Excellence Visit
    • B.4 2008 Technologies for Critical Incident Preparedness Expo (TCIP)
    • B.5 Mock Prison Riot 2009
    • B.6 IEEE Conference on Computer Vision 2009
  • C Mock Prison Riot Data
    • C.1 Data Recorded while Processing
    • C.2 Sequences Processed in Detail
    • C.3 Data Recorded without Processing
  • D Techinical Details of the PTZ Camera Control
    • D.1 Problem Formulation
    • D.2 Objective Function
      • D.2.1 Quality Measures
      • D.2.2 Quality Objective
      • D.2.3 Temporal Quality Decay
    • D.3 Optimization
      • D.3.1 Asynchronous Optimization
      • D.3.2 Combinatorial Search
  • E Techinical Details of Social Network Analysis 110
    • E.1 Building Social Network
      • E.1.1 Face-to-Track Association via Graph-Cut
    • E.2 Discovering Community Structure via Modularity-Cut
      • E.2.1 Dividing into Two Social Groups
      • E.2.2 Dividing into Multiple Social Groups
    • E.2.3 Eigen-Leaders