Saturday, September 19, 2015

Like stars in the sky!

I spend a ton of time talking... talking to my team, talking to others, speaking at meetings
and conferences. And the interesting thing is, on every occasion, when we start to talk about intrusions, there are soooo many different perspectives on the problem. As an example, I had a conversation the other day with a guy who asked me (lead me) into a conversation on the commonalities of the Anthem and OPM breaches. And while we know who Anthem and OPM are, and what they do, and maybe a bit about the malware used, I don't have first hand experience with either case, only secondary and maybe some RUMINT... so I listened to this smart guy who, because of who he his and where he works, probably DOES have first hand information... and here's his thesis:

Anthem is the health insurer for some of our more sensitive intelligence personnel (I'll leave it vague), and OPM manages their records. 


Anthem also insures ME (and our little company), and I too was in the OPM database.

And so I explained, as I do often, that sometimes my guys come to me with these fantastical connections --some right, and some well, maybe not so right... but you can't be right all of the time right?? And when I do hear something that strikes me as a bit of a stretch (hold on, I'm giving away my politically correct response --the one I use instead of an eye roll and colorful fun at their expense!) ---it goes like this:

Analysts and Researchers look at so many breaches happening today; and the commonalities can sometimes be significant, but looking at all of those breaches is like looking at the stars in the sky --you can draw lines between any number of stars to create almost any image that you can make up in your head. 

Does it mean they're wrong? No! It just means that you need more information. Flesh it out for me. I have an old friend that used to call it 'analytic rigor'... meaning, check your facts. Have several sources. Establish theories and then attempt to disprove them before you attempt to support them.  Have three ideas and don't fall in love with just one. Analytic rigor is a message I heard over and over from my old friend "B", and I've passed it on (sometimes with a hammer) to employees ever since.

Interestingly enough, I've heard one message from three different people this week. Our positioning in the market is that of an independent voice. We don't sell hardware or software. We just do our best to produce ground truth, high quality intelligence.  I guess, "B", we're following your advice and it's paying off. This is exactly the place in the market that we'd hoped to occupy!

And so, the million dollar question --Are Anthem and OPM related? I have no idea. But I like drawing pictures between the stars! *I think* they're targeting middle aged, balding, overweight computer guys!