Saturday, September 28, 2013

Red Sky Weekly: Hackers Schmackers.. blah blah blah - DRONES ARE THE TIP OF THE ICEBERG

A few weeks ago the NASDAQ went down for three hours. The cause? Unknown. Stupid user trick?
Maybe. Might have been a misconfigured router, or it might have been a hacker. What struck me was listening to the news when they talked about what might have caused it, they called people talking about the option of it being a hacker something to the effect of doom-and-gloomers.


And then it hit me.


General Alexander, the dual-hatted commander of the National Security Agency, and the US Cyber Command has been shaking hands and kissing babies on Capitol Hill for years. He a busy guy, hawking his wares, scaring the hell out of congressmen --and all with good reason. I had a boss once that use to say “assume noble intent’, and of course, I do… but the messaging...


Security vendors and CISOs have been grabbing budget through campaigns of ‘fear uncertainty and doubt’ (FUD for short) for years, and not a month went by for several years when CSO Magazine or one of the daily online rags offered advice on the CISO communicating effectively the need for security (and budget) to upper management. We all did it. Me too.. the messaging was terrible but at the time, we scrapped for every dime.


“If it bleeds it leads” is the mantra of our news. And cyber, while it doesn’t (hasn’t yet as far as I know) cause bleeding (at least in a non-warfare setting), it’s pretty sexy, but then, on a daily basis, even when reading my non-security related daily RSS, the news is filled with stories of unrelentless hackers stealing our stuff. It’s true, but the message is, many times steeped in artistic license aimed at keeping eyeballs on pages. Our messaging is terrible.


For some reason Jack Nicholson is in my head screaming “YOU CAN’T HANDLE THE TRUTH!”


Here’s my point. Readers, viewers and listeners are saturated. “Don’t tell us how bad it is Stutzman.” I’m thinking readers fall into one of a couple of categories.. Some are deep into the problem and deal with it on a daily basis. I think of them as the one percenters. The next group many already know something about the problem. Others? Perhaps they know and just don’t care. Or perhaps they know and have no idea what it means to them. Or more likely, they know and they care, but don’t have any idea what to do about it.


Let’s try this.. bear with me. It’s gonna get good...




  • A US-made Predator sells for about $4.5 million
  • IISS data shows that the US has at least 678 drones in service, of 18 different types.

Could Burger King survive if McDonalds duplicated the Whopper and sold it for 65 cents when Burger King sells it for $3.00? What if Burger King couldn’t file a cease and desist, but was forced to rely on the government's m4d diplomacy skills to stop the sale of the McWhopper? Yikes.

Maybe our messaging is wrong. I’ll be the first to admit that I’ve used the FUD approach to get budget a few times myself, but on a daily basis? Every piece that hits my inbox? Nope. I won’t do that.

So here’s a slightly different way to message...

  • 678 drones sold by US companies at 4.5 million dollars each
  • Corporations posted over 3 billion dollars in revenues on 678 drones.
  • I’m betting this number equates to 100,000 jobs or more including the supply chain (electronics, avionics, hydraulics, integration, engineering, assembly, etc.).. not including long term maintenance and upgrades.
  • The economic advantage gained by China through Comment Crew and others is enormous. According to the NY Times piece, Chinese manufacturers now sell the knock-off Predators for 1 million dollars each.

http://youtu.be/KXY2jpVdY0E


  • Military advantage created through the use of drones is slipping. They can (will) be mass produced and sold around the world. And oh, by the way, our aviation supply chain is under attack like you wouldn’t believe. I’ve compiled a list of 66 companies (not Red Sky members) that are, in my opinion, hard targets. 27 of them are supply chain companies and 15 are in the aerospace business!

  • Chinese manufacturers are selling knockoffs at 22% of the cost of our own. Do I really have to go back to McDonalds and Burger King?

  • Shareholder value and earnings by financial institutions that bankrolled these efforts are missing out on their long term potential because CEOs in charge of our manufacturing base couldn’t figure out how to stop the bleeding of drone technology. Yikes again. As shareholders, can we ask for their bonuses back?

  • Drones are the tip of the iceberg. Download our 2012 Annual Report for last year’s list. Espionage (corporate and APT) actors are hitting all kinds of targets from Military and Defense to Economic, Lawyers, Finance, Automotive targets, Energy Production, and Manufacturing.

Our messaging is wrong. All wrong.

BT BT

On Wednesday we participated in the Cyber Security Summit in NYC. I think it’s probably the third or fourth named Cyber Security Summit, but short of hosting at the Wye River or out in Aspen, this was an incredible event. I’m not a fan of driving in NYC, especially when Obama is in town, but this was good. I sat a panel on policy with some old friends, and now a couple of new ones, and the booth (our first shot at a booth) was busy all afternoon!

New members? We’re preparing to welcome our second Telecom into Red Sky. We’re really looking forward to working with these guys! This is a busy membership drive. The fall was crazy for us last year too, but this is great. Next week is booking fast, and we’re getting referrals from our current members. We got a note from an old co-worker today who said he’s been asked to set up a threat intelligence shop. He asked one of his major vendors who told him “if you really want threat intelligence, you need to join Red Sky” SWEEEEEEET!!!

Reporting? We authored three reports for members of the alliance --we’ve been writing targeted intelligence reports on a for-fee basis. We came to the realization about two weeks ago that we’d written over 100 reports for our membership. Why not use the processes we’ve developed to write company (or critical information) specific ‘targeted intelligence reports’ for those who need answers to specific questions.  Want to know about threats to specific projects (say, drones?!)? Ask us.

Thinking of joining us? The time is now. I sat with the head of a new threat intelligence shop last week. He’d just returned from an RSA Board meeting where the messaging resonated --EVERY CISO NEEDS THREAT INTELLIGENCE. We’re hearing that too.

Red Sky can help.   Drop us a note and set up a demo.

Have a great week.
Jeff