Archive

Author Archive

The Changing Nature of Incident Response: Part 3

The ultimate test of the value of an incident response team is how that team handles crises. Crises are generally not everyday occurrences. In fact, most issues with which an incident response team must deal are not of a bona fide emergency nature. That is why from the very onset of computer incident response teams I have objected to any incident response team name that includes “emergency” or “crisis” in it, because these terms represent little more than massive embellishment of the true nature of most of their activities.

Read more…

Categories: Uncategorized Tags:

The Changing Nature of Incident Response: Part 2

Perhaps the biggest single step in the life cycle of an incident response team is going operational. The major problem with getting the Department of Energy’s incident response team operational was that there was nothing–no policies, no standards, and virtually no procedures concerning incident response at that time. The CERT/CC team claimed that it was operational at that time, but if that were true, there would have been some kind of indication that operations were taking place, and there was no indication whatsoever. One of the best ways that my management ever helped at that time was to inform me of other emergency response teams and to try to get me in touch with people who managed such efforts. One such team was the Nuclear Energy Search Team (NEST) at Lawrence Livermore National Laboratory. Discussions with the manager and some of the more senior staff members of this team helped me better understand the kind of procedures that would have to be performed, the kinds of communication that would have to occur, and how action priorities would have to be determined. Still, the nuclear arena is not all that closely aligned with the information security arena, and after I was finished meeting with NEST members I developed a kind of sinking feeling that there was much more to do than I had ever imagined. And at the time the team I managed consisted only of myself.

Read more…

Categories: Uncategorized Tags:

The Changing Nature of Incident Response: Part 1

I’ve been affiliated with incident response in one way or another since 1988. I am not saying this boastfully, as I’ve made many mistakes both in responding to incidents technically and in managing incident response efforts. At the same time, however, when I first entered the incident response arena, there were no policies, standards, and procedures, and not really any requirements, either, to guide incident response efforts. Everyone who played in this arena originally had to use a combination of intuition and learning from mistakes just to get by.

Read more…

Categories: Uncategorized Tags:

To Share or Not to Share, That Is the Question

The Obama Administration (and in particular the U.S. State Department) continues to take the heat for the massive leakage of U.S. government documents courtesy of WikiLeaks (and allegedly originally because of the actions of PFC Bradley Manning). The volume of vitriol directed at President Obama and Security of State Hillary Clinton is astounding; members of the information security community have contributed more than their fair share of it. How could the U.S. government, they say, have been so negligent regarding access control that even a lowly private in the U.S. Army could allegedly gain access to these documents?

Read more…

Categories: Uncategorized Tags:

A DLP Success Story

Those of us who are information security professionals know all too well that success stories in our arena are too few and far between. When we hear of one, we thus need to savor the moment. This kind of moment recently occurred within Nationwide Insurance, which not too long ago had implemented a data loss prevention (DLP) tool enterprise-wide. The DLP tool issued an alert that a Nationwide employee had sent a spreadsheet from his personal email account to his Nationwide email account. A follow-up investigation revealed that the spreadsheet contained information such as credit card numbers, Pay Pal and eBay account names, and bogus identity information, prompting an investigation by Nationwide officials who contacted law enforcement soon afterwards. The FBI Cybercrime Task Force and the U.S. Postal Inspection Service launched an investigation and ultimately determined that Bi was copying computer games to CDs and then selling the CDs for a greatly reduced price. Between 2005 and late 2009, Bi sold more than 35,000 copies valued at $700,000 on eBay and using the eBay and Pay Pal account names he had stolen as well as his own account.

Read more…

Categories: Uncategorized Tags:

2011: A Better Year for Information Security?

The year 2010 is behind us; a new year is beginning. Last year will not go down in history as a particularly good year from an information security perspective. Attacks funded and initiated by countries (particularly the Peoples Republic of China) continued to occur frequently. So many denial of service (DoS) attacks came from China that domain name registrars began to distance themselves from entities in this country. The Stuxnet worm, which surfaced last year, proved for the first time that a virus or worm could actually cause physical damage to SCADA systems and, unfortunately, was almost certainly only the harbinger of a new, more formidable generation of malware. Data security breaches continued to occur at an astounding rate, as exemplified by recent statistics from the Privacy Rights Clearinghouse–nearly 600,000,000 pieces of personally identifiable information have fallen into unauthorized hands since this organization began counting in 2005. No one could have guessed the amount of information leaked to the wikileaks.org Web site, allegedly because of the actions of Private Bradley Manning of the US Army. And nobody would have imagined the ferocity of the DoS attacks that wikileaks supporters launched against Visa, MasterCard, and other credit card companies after these companies quit allowing their credit cards to be used for contributions to wikileaks. U.S. Government security efforts continued to flounder haplessly, and no major federal cybersecurity-related legislation was passed in the U.S. last year. Efforts to get a global treaty on cybercrime in place failed. Crime rings operating in Eastern Europe, Brazil, and elsewhere continued to rake in large amounts of money through a plethora of computer crime methods.

Read more…

Categories: Uncategorized Tags:

In Memory of Justin Peltier and Fred Villella

In many ways 2010 was a good year, yet in many ways it was a bad one. Part of the bad side was the loss of two standouts in the information security arena, Justin Peltier and Fred Villella.

Categories: Uncategorized Tags:

Agile Security

How should we practice information security risk management? Numerous methods, models and approaches abound, one of the foremost of which is the information security governance approach. This approach in essence says that to have a successful information security risk management effort, an information security manager must plan, strategize, organize, and establish and maintain relationships not only with executive-level management, but also with other closely-related functions such as audit and physical security as well as with key stakeholders.

Read more…

Categories: Uncategorized Tags:

Smart Objects: The Next Pandora’s Box?

The world of technology is changing so fast that keeping up with it is a nearly impossible task. The same applies to the information security arena, where new technology and new ways to attack technology are being developed at an astounding rate. It is easy to overlook emerging technology developments, many of which promise to introduce numerous new vulnerabilities that ultimately lead to new risks. One such development is smart object technology.

Read more…

Categories: Uncategorized Tags:

The 2011 National Defense Authorization Act: Another Setback for Cybersecurity

The U.S. House of Representatives recently passed H.R. 6523, the latest version of the 2011 National Defense Authorization Act, which will next go to the Senate. This act, which is passed every fiscal year, defines the Department of Defense’s budget and spending level. The previous version of this bill contained several cybersecurity-related provisions such as establishing a White House Office of Cyberspace with a cyberspace director who would require Senate confirmation, requiring government agencies to perform continuous monitoring within their IT environments, and requiring software acquisition processes that would help assure that purchased software is secure. These provisions (as well as one that would remove the “no ask, no tell” policy concerning gays in the military) were deleted from the final version of the bill that the House passed because opponents of the bill argued that these riders were irrelevant to the national defense.

Read more…

Categories: Uncategorized Tags: