Saturday, June 29, 2013

Red Sky Weekly: Justifiable shooting

I love NH. This morning WMUR ran a new piece about a justifiable shooting in Manchester. Evidently a pair of midnight raiders were checking out a place. The owner and his wife were in bed. When the raiders kicked in the door to the couple’s apartment and charged in, the awakened owner opened fire with a handgun that he kept in his bedroom. One of the raiders fled. The other was fatally wounded. He died on the scene after the owners brought him to the kitchen and called the Manchester PD. Authorities are not pressing charges. “Justifiable shooting”.
I live in the “Live free or die” state. We take that pretty seriously. We pay really low taxes, have no sales tax, no state income tax, and when threatened, we can fire back.
The question is this.. and it’s been pretty hotly debated on the boards of late --when attacked in cyberspace, should we be allowed to shoot back?
Personally, I’m not convinced that any company on their own could win this fight... not even some of the largest (although their morning television commercials and the radio ads we hear on WTOP in the DC market would likely claim otherwise). When well funded governments and non-government organizations (NGOs) and coordinated unsponsored hives of actors decide to clean out and/or destroy a company, their available resources to do so can be overwhelming. Smaller countries hire outside. Others have capabilities of their own, and then there are the patriots that jump into the fray unasked, but (seemingly) often welcomed by the attacker. Anonymous, Lulzsec, crime gangs, leaks, and unhappy insiders have SOOO much more access to tools than they used to. Companies will be forced to operate within confines of pre-determined, likely government defined rules. Attackers will not. Attackers do not. So at what point does passive defense turn into active defense, and then to offense --and are you prepared to suffer the legal, political, and cyber consequences of that? As a contractor hired to do this for another, is your employer prepared? What will you do when your personal bank accounts are emptied and your name slandered in an asynchronous cyber death match with an unknown? What happens when you hit the wrong target? What if there are multiples? I think the questions should be carefully examined by your corporate attorney before even thinking about exercising your second amendment rights in cyberspace!
Live free or die!
BT BT
Fun week in Manchester. We added two new membership kits to our internal engine, proposing them with the members.
The portal has been pretty busy this week, even with AFCEA going on and summer vacation cruising into high gear. All but one of us are back from travel, and best of all, we got our first two customers in the new lab operation.
As a bit of a refresher, we’ve partnered with a couple of great tech firms and have turned the lab into a bit of a small company SOC. We called it our Cyber Security Operations Center, or Wapack cSOC service --think “Socratic methods” --cross reference everything, verify sourcing and go deep. We’ve set up a pretty cool gig. Red Sky has been going really well. We have a TON of data. MSSP members are allowed to use Red Sky data in devices that they manage. Wapack’s cSOC gathers data at the host and network level, brings it in, and checks it against the things we know about. When we find new indicators, they get rolled back to the Red Sky members.
We believe there’s an untapped information source in the small and medium sized business segment. Some of that information is being gathered, but I’m not convinced it’s making it to mainstream information sharing or analytic shops. Even in the ISACs, the smallest companies -banks, healthcare, supply chain, water, etc. are more consumers of the information and not necessarily robust suppliers. We’re going to try and change that!
So today we got a call from an attorney who asked if we could do an incident response onsite at a medical facility. We’ve been chomping at the bit to drop sensors in a HIPAA location, so this is perfect. We already know they’ve got something going on, and by next week we should be rolling new data back to the Red Sky members. A second call of the day was a hedge fund who needs immediate forensic support.
Our focus?
Red Sky Alliance => Analytics, information sharing, threat intelligence
Wapack Labs => Analytics and information sharing but more hands on, focused on helping small and medium companies.
Until next time,

Have a great week!

Jeff