Red Sky Weekly: Hackers Schmackers.. blah blah blah - DRONES ARE THE TIP OF THE ICEBERG

A few weeks ago the NASDAQ went down for three hours. The cause? Unknown. Stupid user trick?

Maybe. Might have been a misconfigured router, or it might have been a hacker. What struck me was listening to the news when they talked about what might have caused it, they called people talking about the option of it being a hacker something to the effect of doom-and-gloomers.

And then it hit me.

General Alexander, the dual-hatted commander of the National Security Agency, and the US Cyber Command has been shaking hands and kissing babies on Capitol Hill for years. He a busy guy, hawking his wares, scaring the hell out of congressmen --and all with good reason. I had a boss once that use to say “assume noble intent’, and of course, I do… but the messaging...

Security vendors and CISOs have been grabbing budget through campaigns of ‘fear uncertainty and doubt’ (FUD for short) for years, and not a month went by for several years when CSO Magazine or one of the daily online rags offered advice on the CISO communicating effectively the need for security (and budget) to upper management. We all did it. Me too.. the messaging was terrible but at the time, we scrapped for every dime.

“If it bleeds it leads” is the mantra of our news. And cyber, while it doesn’t (hasn’t yet as far as I know) cause bleeding (at least in a non-warfare setting), it’s pretty sexy, but then, on a daily basis, even when reading my non-security related daily RSS, the news is filled with stories of unrelentless hackers stealing our stuff. It’s true, but the message is, many times steeped in artistic license aimed at keeping eyeballs on pages. Our messaging is terrible.

For some reason Jack Nicholson is in my head screaming “YOU CAN’T HANDLE THE TRUTH!”

Here’s my point. Readers, viewers and listeners are saturated. “Don’t tell us how bad it is Stutzman.” I’m thinking readers fall into one of a couple of categories.. Some are deep into the problem and deal with it on a daily basis. I think of them as the one percenters. The next group many already know something about the problem. Others? Perhaps they know and just don’t care. Or perhaps they know and have no idea what it means to them. Or more likely, they know and they care, but don’t have any idea what to do about it.

Let’s try this.. bear with me. It’s gonna get good...

• A US-made Predator sells for about $4.5 million
• IISS data shows that the US has at least 678 drones in service, of 18 different types.

Could Burger King survive if McDonalds duplicated the Whopper and sold it for 65 cents when Burger King sells it for $3.00? What if Burger King couldn’t file a cease and desist, but was forced to rely on the government's m4d diplomacy skills to stop the sale of the McWhopper? Yikes.

Maybe our messaging is wrong. I’ll be the first to admit that I’ve used the FUD approach to get budget a few times myself, but on a daily basis? Every piece that hits my inbox? Nope. I won’t do that.

So here’s a slightly different way to message...

• 678 drones sold by US companies at 4.5 million dollars each
• Corporations posted over 3 billion dollars in revenues on 678 drones.
• I’m betting this number equates to 100,000 jobs or more including the supply chain (electronics, avionics, hydraulics, integration, engineering, assembly, etc.).. not including long term maintenance and upgrades.
• The economic advantage gained by China through Comment Crew and others is enormous. According to the NY Times piece, Chinese manufacturers now sell the knock-off Predators for 1 million dollars each.

http://youtu.be/KXY2jpVdY0E

• Military advantage created through the use of drones is slipping. They can (will) be mass produced and sold around the world. And oh, by the way, our aviation supply chain is under attack like you wouldn’t believe. I’ve compiled a list of 66 companies (not Red Sky members) that are, in my opinion, hard targets. 27 of them are supply chain companies and 15 are in the aerospace business!

• Chinese manufacturers are selling knockoffs at 22% of the cost of our own. Do I really have to go back to McDonalds and Burger King?

• Shareholder value and earnings by financial institutions that bankrolled these efforts are missing out on their long term potential because CEOs in charge of our manufacturing base couldn’t figure out how to stop the bleeding of drone technology. Yikes again. As shareholders, can we ask for their bonuses back?

• Drones are the tip of the iceberg. Download our 2012 Annual Report for last year’s list. Espionage (corporate and APT) actors are hitting all kinds of targets from Military and Defense to Economic, Lawyers, Finance, Automotive targets, Energy Production, and Manufacturing.

Our messaging is wrong. All wrong.

BT BT

On Wednesday we participated in the Cyber Security Summit in NYC. I think it’s probably the third or fourth named Cyber Security Summit, but short of hosting at the Wye River or out in Aspen, this was an incredible event. I’m not a fan of driving in NYC, especially when Obama is in town, but this was good. I sat a panel on policy with some old friends, and now a couple of new ones, and the booth (our first shot at a booth) was busy all afternoon!

New members? We’re preparing to welcome our second Telecom into Red Sky. We’re really looking forward to working with these guys! This is a busy membership drive. The fall was crazy for us last year too, but this is great. Next week is booking fast, and we’re getting referrals from our current members. We got a note from an old co-worker today who said he’s been asked to set up a threat intelligence shop. He asked one of his major vendors who told him “if you really want threat intelligence, you need to join Red Sky” SWEEEEEEET!!!

Reporting? We authored three reports for members of the alliance --we’ve been writing targeted intelligence reports on a for-fee basis. We came to the realization about two weeks ago that we’d written over 100 reports for our membership. Why not use the processes we’ve developed to write company (or critical information) specific ‘targeted intelligence reports’ for those who need answers to specific questions.  Want to know about threats to specific projects (say, drones?!)? Ask us.

Thinking of joining us? The time is now. I sat with the head of a new threat intelligence shop last week. He’d just returned from an RSA Board meeting where the messaging resonated --EVERY CISO NEEDS THREAT INTELLIGENCE. We’re hearing that too.

Red Sky can help.   Drop us a note and set up a demo.

Have a great week.

Jeff

Red Sky Weekly: Bruce Willis and Harrison Ford don't lie!

When is fiction based on truth? Would you believe it if you saw it?

Blowing up buildings, killing off the entire air traffic control grid, and stealing gobs and gobs of money. Live Free or Die Hard is the story of a guy (Bruce Willis) who does it all. Harrison Ford uses the database built into his daughters iPod to move 10 million accounts from the bank where he's the CISO to an offshore account, while his family lived (unknowingly at first) under the threat being killed in Firewall,

To far fetched for your liking?  Alarmist or realist?... you decide...

• I published the (very true) story of  “woshihaoren” (我是好人) Red Sky Weekly: “woshihaoren” (我是好人 in April. It told the story of a cat and mouse game between a real CISO (I called him Jack) and a group of folks somewhere on the other side of the world. Jack's outgunned and probably will never get these guys out of his networks, but he shuts them down quickly. Heck, he's probably their training ground... (maybe we'll see a new movie? -Training Day III?)
• I delivered the news to another CISO that an application that his company purchased (for a BOAT LOAD of money) was bought from another company who'd been completely p0wned. The result? The application he purchased was likely owned too... and probably leaking data.
• In yet another, I informed a CISO last week that he'd had several emails heading for his company, all with malware attached. How would I know? Let's just say I do ok? We received a copy of the malware, and sure enough... it wasn't a birthday card from gramma! The information we gave him was less than 30 minutes old and the malware was undetected in the major virus engines.

When I talk with real life CISOs who've been through the 'oh sh*t' moment, every one says of those who don't know enough to share information that "they've never been through the giant sucking sound" (one CISO's quote.. not mine), or the idea that a virus might not be just a virus.. or the idea that we look at seven different areas connected by time to figure out how a chain of events occurred.

And if you think for one second that these movies aren't based on seeds of truth, I'd tell you this... the cat and mouse game is very real.  We've been doing this for two years as Red Sky Alliance and for several more before that... probably back to the roots -- the early days, old school, Solar Sunrise, Moonlight Maze, Titan Rain, APT, and now. As these things move into more mainstream, well... names stop when the new threats become the new normal... welcome to the new normal. 

Here's the bottom line... over the last few months we've compiled a list of companies who we believe are being actively targeted. We're not chasing ambulances and we're not the old glass repair guy running around in the parking lot with a hammer. We're a group looking out for each other. The community watch. The 'hoot 'n hollar' network. We want to know when one of our own will be hit. Heck, we told one of our members that they were being targeted. We gave them a dozen domains and IP addresses that were going to be used, and we grabbed the malware, analyzed it, and published the defensive findings before the attacks occurred. We named (by company name) six companies that we thought might be targeted. We published our findings to the membership, but warned the specific member (who handles security for the other six) privately. This stuff works. 

BT BT

• This weeks fusion report detailed a shift in tactics by one group, moving to a new downloader process for a specific remote access trojan. A remote access trojan, RAT, allows hackers to have full control and interactivity with the machine or machines where they have it installed. We've been seeing this in some of the discussion boards outside of Red Sky and took some time this week to send out some good analysis (and mitigations or courses) to our members.
• We published a report on a bad guy that we've been tracking for several months now. The guy is active but practices really good tradecraft --no social media, not much open source communications --and seemingly never has, yet he's either an urban legend or he's just really careful.. not sure yet, but we know he writes some hellish malware.
• We took on a bit of a GEOPOL project this week. More to follow as that unfolds, but this is reminiscent of my first project as an Intelligence Officer.. basics count and they need to be taught; so we're teaching a junior analyst. 

We're in our year-end membership push. We had 22 meetings in the last two weeks, putting four new members in front of the Advisory Board. We've also been asked (and have agreed to a test) to write targeted threat intelligence reporting for a couple of members. We'd been doing it for the last six months for one, and thought it might be a good second offering instead of some of the other more piecemeal work we've been doing in the lab. We like threat intelligence and we're really good at it. In fact, we've published over 100 analytic works in the last 18 months, and thought we might explore growth in the area of taking on a few clients to keep our minds nimble. So far, the reception has been terrific. 

I'll be at the Cyber Security Summit with Rick and Chris on Wednesday. Stop by and say hello. The booth with be sparse, but I'll have that target list in my pocket. You should ask me if you're on it! I've got an invitation for you if needed. It'll get you a discount on admission. I've placed it below the blog if you'd like to use it. We'll be in booth 211, and I'm sitting a panel in the early afternoon. The early attendee list looks good, so I'm looking forward to meeting some new people!

See you there!
Jeff

“How do all the others stand a chance?”

• “Sharing intelligence in a forum like Red Sky is a force multiplier!”
• “How do all the others (who don’t participate) stand a chance?”
• “What do companies do when they can’t (or don’t want to) go to the government for help?”
• (Quoted from a former member of the Defense Industrial Base who recently made an inquiry about Red Sky Alliance membership --and is joining us now!)

We’ve been putting on the end of year membership drive for the last week. I had 16 appointments scheduled between last week and next --dinners, reconnections, lunches, and visits with potential new members. Three new membership packages have been issued this week. They’ll all be going through legal review on the company side, and likely entering the portal in the next couple of weeks. Next week? I have three every day. I went WAY over my goal of 20 for the two weeks. I work with overachievers who like to please.. and they do it well.. for the Red Sky team, and our members!

On that, I wanted to share with you a bit about happenings this week.

• We held threat day in the global NOC of one of the telecoms. What a great day! Thank you again to our hosts!
• We issued a couple of new reports --both pretty cool actually. One detailed new activities associated with one of the groups that’s pretty prolific against just about every industry right now. The other, one of our newer priority intelligence reports is based on a set of priority and standing questions that we ask, and when we find a piece of the puzzle(s), we write them up in a short format product.

We received another query for tailored reporting. We’ve been getting a few of these lately. Apparently there’s a real need for unclassified Threat Intelligence and the word is spreading that Red Sky has good gouge. So over the course of the year we’ve done some work for a couple of organizations where we take an analyst or two (who work remotely) and become the virtual extension of the company’s Threat Intelligence shop. We’ve got over a hundred technical and intelligence reports in internal publication, and believe we’ve got a pretty good process, and the knowhow that goes with it!. We like this model --not consulting per se, but we actively hunt for information that might help our reader. They don’t get Red Sky data unless they’re a member, but they still like the work. We do the work under Wapack Labs, and have taken a number of these ‘moped’ work requests.. why moped? One of my guys likes to say that everyone likes to ride them, but nobody wants to be seen with one! We’re kinda the same way… everyone likes the work, but nobody wants to be seen with us (and we like it quiet too!).

Before I forget, I'm looking forward to seeing many of you at the Cyber Security Summit 2013 in NY on the 25th. We've never done a booth before (we're in 211). Getting it done is interesting. I'll be sitting a panel in the afternoon. Stop by and say hello.

OK, this is a short blog (say thank you!). I’m going fly fishing in the western part of the state with an old friend VERY early tomorrow. He’s a CTO with one of my former employers (you won’t guess, there’ve been just toooo many!), but it’s going to be a great day. I’ve got my 9 weight rigged, my PFD check checked out, and fresh chemlights in the pocket. So...

Until next time,

Have a great week!
Jeff

Red Sky Weekly: This is big!

This is the first blog after our two year anniversary of incorporating Red Sky Alliance, and I can’t even believe how far we’ve come! In two years… and at the same time, we’re putting on the “heading into the end of the year membership push”. So sorry, this isn’t a rough cut blog, nor a controversial issue. It’s very simply, this is what we’ve done in the last two year. I’d offer this too. We started from nothing… an empty portal So, here’s where we’re at:

Intelligence and Analysis:

• We’ve published roughly 100 pieces of detailed, sourced, finished technical analytics (we call them fusion reports --roughly 20 pages of analyst porn and usually a couple of hundred technical indicators presented in Lockheed’s original kill chain format).

• We’ve published dozens of non-technical intelligence reports showing targeting, intent, and yes, attribution in many cases!

Our membership is active!

• We’ve got roughly 45 active organizations represented in the two portals, ranging from state/local/federal IT and Information security personnel in our Beadwindow Private | Public portal to 30 or so global enterprise companies in our private Red Sky portal with hundreds of thousands of employees all over the world. In fact, rough estimates suggest this small number of members own, manage, control, or secure over 20 million computers in approximately 140 countries around the world!
• The portal has grown both in numbers, and in quality of information and activity. Our members contribute on a daily basis more than any other group I’ve been involved with! Checking a moment ago, as of today we have 182 users in our private portal, (including several dev, test and administrative). Of those 182:
• 81 (slightly less than half) are active participants (we monitor for lurking, but also have many CISOs who just want to read to know what their teams are seeing and doing!)
• 48 threat analysts or incident responders from these great companies contribute regularly
• and 23 are regular users who are on here all the time --meaning they log in first thing in the morning and stay on all day (it can be addicting!)

We’ve expanded our services!

• In April we opened Wapack Labs in Manchester, NH. One might call this our ‘collaboratory’ because of the many great skunkwork ideas that flow in and out of it on a daily basis. Others might call it our ‘wholesale analytic shop’ because we’ve been funded to do analysis on the backend of one of the larger national Computer Emergency Response Teams and a couple of smaller projects for both members and non-members. Others might call it a simple incident response and forensic shop, but that’s a pretty mundane way to describe it given some successes.  Here including two of my favs:

• WhoisRecon: One of our guys, in his quest for additional data to analyze created a system designed to link and graphically analyze the meta-data associated with bad guys we see registering domains (we call this WhoisRecon and it’s cool as hell!)
• TIAD: Development of an automated threat intelligence system that links our analytics in the portal to real world data. Today, we have the ability to run nearly 300,000 externally captured pieces of information against all of the data from the two alliance portals and quickly diagnose and qualify them as to what we believe the level of badness is in the intent of the attacker. How cool is that?! In the government we built one of these bad boys and called it GoldRush. Except in the government, the same system cost roughly $10 mil to build. In our collaboratory that is Wapack.. under $200K!
• R&D: Besides the finished works, we’ve done a bunch of work with Watchguard boxes to see if we can make them do fun things. We’ve had some fun with Splunk and TIAD and a product called Veera. (You’ll be hearing more about this at the Threat Day on Monday.. Oh, wait. I didn’t mention that? We’re having our next Threat Day on Monday at one of the major telecoms, with a tour of the Global NOC. I’m really looking forward to this!)

Last, but certainly not least.. our intern program!

Last year we offered two internship programs. One intern made it through the program. When he graduated, we pushed him into the membership for his first job. Why not? They’ve been seeing his work all year. They peer reviewed him in the top 10%. Why wouldn’t one of our members hire him. And you know what? He’s in a great job working as an intel analyst at one of the biggest credit card processors in the world! He’d been offered three jobs from members, and we’ve been told (by the members) that they’ll take as many as we can push out. So this year we have four of them in the pipeline. One just accepted a (paid) position in a local university. One has another year of school, but she’s bilingual (Japanese and English) and a dual major (CS and Journalism --what a great combination! Man, can she write!). Another is a statistician, and the last is just wrapped his program in homeland security.

“Heading for the end of the year membership push”

So here it is.. it takes months to get membership checks from big companies… even when you offer good terms. I’ve got 14 appointments in the next two weeks to talk about potential memberships. It’s getting busy. Send me a note and schedule your demo today before the end of the year rolls around!

Until next time,

Have a great week!
Jeff

Red Sky Weekly - 0-day and intel

Red Sky Alliance turns two!

Yesterday marked the second anniversary of our incorporation! We're two! We've come a long way. They say the test of a startup comes in making it through the first year, but I'll tell you, even the second is terrifying! That said, it's been a GREAT two years!

I've just returned from Iceland, where I had the opportunity to participate and speak at the Nordic Security Conference. What a blast! The weather was cool and wet most days, but nonetheless, I was able to get a run in along the beach (Did you know they have a heated beach?? They pump geothermal heat into the beach!) and experience a bit of the local flair. Thank you to our Icelandic hosts! I'm looking forward to seeing some of you come into Red Sky!

BT BT (break break)

I'm starting this week's blog with some good intel. We're heading into post-summer, and as with every year, it seems September brings folks back to life from summer vacations. This year is now different...

• Fusion Report 20: In late July, Red Sky received information regarding Microsoft 0 day, being exploited in the wild. This Fusion Report provided detailed the delivery and C2 infrastructure as well as the observed payloads and protection against it. Red Sky classified this activity as UPS for future tracking and correlation. 

• Intelligence Report: Red Sky received information regarding a piece of malware used in targeting (as currently known) only one member of the Red Sky Alliance membership. This appeared to be a highly targeted set of attacks (yes, a set.. more than one) against one company with very specific intent. Our internal analysis team was able to locate who we believe authored the malware used. Our report is going out this weekend after some final edits.

BT BT

Preparing for our next threat day: September 9th will bring our next threat day. This one will be held in one of the big telecoms. We'll be demonstrating new tech to be added to the Red Sky portal, we've got four great presenters and we'll be wrapping the day with a tour of this telecom's global NOC. I'm very much looking forward to it!



The next few weeks are big for Red Sky Alliance. As we head into the post-summer months, it seems like we get really busy on both the analytic fronts and new membership requests. I'll be in the lab in Manchester all of this week, but heading to the DC area next week, taking appointments for Red Sky introductions. I've got several booked up, so if you've been considering talking with us about membership in any of the portals, or a need for services from the lab, Please contact us earlier rather than later. 

• Red Sky Alliance's private portal - Business to business only. No government participation. Companies share information about current activities and futures. Our backend analysis team boils down those conversations and feeds them back in Fusion reports --20 pages of solid analyst porn and usually several pages of easy to use kill chain formatted indicators.

• Red Sky Alliance's Beadwindow portal: Beadwindow is a Private | Public environment. We have smaller companies, and state/local/federal IT workers in Beadwindow. Beadwindow members do not get access to the private portal, but do have access to Red Sky's expert analytic team.

• Wapack Labs: Wapack is the hands-on end of the business. If you need forensic support, malware work, or development work, consider Wapack. In addition, we've been talking (and working) in healthcare companies offering HIPAA gap analysis and assessments (we have fully qualified auditors on staff), following up with placement of sensors for protection. We bring data back to the lab (over the wire) where we check sensor findings against current Red Sky indicator data. This does a couple of things --companies who may not otherwise participate in Red Sky get the benefit, and Red Sky members get the benefit of any new TTP's or indicators identified!

I'm keeping this one short, but please, if you're considering scheduling a demo, contact us today. We'd be happy to set it up.

Until next time,
Have a great week!
Jeff

Are We Ready for Systemic Infections?

I'm NSA'd out. My daily morning reads includes RSS feeds from TechDirt, Foreign Policy, SlashDot, ARS Technica, and a couple of others, who have all been covering NSA all day every day. Bottom line is this.. right or wrong, whatever your opinion, cyber infections are systemic --at every level of computing. I've been asked a few times what I think about the NSA issues, but I have only two thoughts.. first, I worked for this smart guy that used to say "assume noble intent"... and I do. Noble intent.. good idea, bad execution? Perhaps. That's yet to be sorted out by others. The second thing I'll say is that cyber exploitation is completely and totally systemic... we've lost our lost privacy in cyberspace... the bell's been run and can't be un-rung. We live now in an untrusted environment that includes cyberspace. Better get used to it. It isn't going to get any better...  

BT BT

When I go through TSA, I almost always ask them (as they are returning my ID and boarding pass) "What's my name? Where do I live" (it's WAY fun to see the expressions of pure horror on their faces when they have no idea who's ID they just checked!)... I was reminded of this when one of our guys posted a blog on our Wapack Labs site that he authored while sitting in Logan waiting for his flight to some remote location where he'll be spending the weekend shooting a LOT of guns. Matt is a personal safety guy and a gun enthusiast; a far cry from when I met him years ago when we worked together at Cisco. Matt talks a lot about personal safety, giving out information, and the idea that we are giving our personal information to perfect strangers in an airport, losing your identity online, and simply doing business on wireless networks that nobody knows are safe to actually do business on. He also talks about the fact that TSA doesn't bat an eye when you carry two Level III+ body armor plates through the checkpoint. In reading his blog, of course my mind was racing.. it always does, but think about this…

We spend a TON of money on physical security at the airport to protect from physical threats to airplanes resulting from humans carrying nail clippers onboard. We're forced to give our personal information to perfect strangers. Our bags get inspected and x-rayed, we walk through metal detectors (and worse) to ensure we have no metal objects or bombs in or on our body. When we get through security, guys with dogs are often times walking around... plenty of guns (except mine!) are holstered hot, and once we do get on the airplane, there's probably an air marshall onboard.

But with all of this physical security in place, are we really more protected?

We spend a ton of money on physical threats that might occur that day, but only a fraction of that money on cyber events that will occur that day.

With all the money spent on physical security, how well do we protect those very same planes from attacks --from inception of the idea through final delivery and flight?

Are we thinking about the systemic risk thats we face as security professionals? Are we ready if (when) it happens?

So I wanted to run a test. I ran a simple Google query for "Aviation Supply Chain". Google yields (as you might expect) quite the haul, but one company in particular stood out... a supply chain company who (according to their website) was founded in 2000, is owned by a consortium of the large airlines in the world, and sells through EDI and online. The site talks about its ability to do EDI with the companies, and apparently is an exchange of parts, services, and supplies for an enormous number of suppliers and most of the OEMs.

Here's what surprises me (it probably shouldn't come as a surprise), but the CEO is an MIT grad, the CIO is a PhD, and the VP for product management is a software guy. Something's missing. Where’s the CISO?

This is a company who built a supply chain business helping airplanes get off the ground and fly to maximum profit. They offer brokered repair services, parts, even some manufacturing, yet there's no CISO to be seen, nor anyone with security experience. As surprising to me is knowing that the supply chain industry is probably the weak link in the development of any major product --including airplanes, and looking at their conference agenda for 2012, and their upcoming 2014 (2013 isn't posted for some reason), there's a ton of information about production, supply chain management, efficiency, etc., but not even one mention of protecting data in this critical infrastructure supply chain to the aviation industry.

So here I sit, preparing my slides for the upcoming Nordic Security Conference in Iceland next week. My topic? "Seven Common Processes that companies use to protect themselves from advanced threats - How great companies survive (thrive) in today’s threat landscape” and then I shift gears back over to do some cursory research for my blog I find this supply chain exchange company (did I mention they were built and owned by the major carriers) doesn't have a CISO mentioned in their leadership page, doesn't mention security at all in their web page, and their annual conference includes a volleyball tournament, but no mention of how companies will keep components and airborne networks safe from hackers onboard with pineapples, or protect the internet-attached CVS repositories where the chips are built before they're loaded into cockpit gear, mess with schematics for the autopilot, or even more simply, protect from reroute and confusion in the ordering process by gaining EDI access at an unsuspecting mom and pop shop who happens to manufacture critical components (yes, small companies make important stuff for big companies all the time!).

This aviation question is a great example, but one of many; it seems to be a question asked in other industries as well. It seems there are others...

• There was a great talk given at DEFCON about hacking the CAN in cars.. the CAN is the local controller area network that networks all of the sensors and computers in your car.
• We spoke with a security intelligence organization last week who told me see beaconing from smart devices in operating rooms --coincidently, I had the same conversation with a tech-savvy cardiologist just a few weeks earlier!
• Dozens of companies are in the news weekly --many manufacturing high end technologies. Can we assume that the machines that hold the code that's getting burned into chips destined for printers, copiers, medical devices, heck our refrigerators, won't phone home when turned on?
• CBS News reported on an overseas networking company building espionage capabilities into our networking gear.. the same gear our infrastructure is built on.

Supply chain and interconnectedness is important... REALLY important. In fact, it's critical. So how do we get the word out to all of these companies? Many of them small (like to our aviation supply chain company) must focus on sales and productivity. Security? It costs money. But these guys are the backbone of our economy!!  I'll ask the question again...

SO, WHERE'S THE CISO???

With so much riding on data availability, integrity and confidentiality; with the government writing DFARs mods on nearly a daily basis requiring companies to prove information security (and report cyber events to them when they occur); when a guy stands in front of a crowd and talks about hacking cars through their onboard networks, and you can’t swing a dead cat without hitting someone who’s threatening our privacy, the CISO becomes a major competitive differentiator.  

The CISO should be out front. "We have one, and he's (she's) brilliant!" "Yes, we care about our customers, and we've hired the very best."

BT BT

I know this is a long blog. I'll keep this short. We had great week.

• Our first Federal Agency joined Beadwindow (our private | public portal) this week. I’ve known these guys for a while. In fact, I used to use them to fact-check my DC3 team when we were just starting out! Welcome!
• We had two meetings with prospective members and brought one more private company (the CISO of a security company) into Beadwindow.
• Even with the team working nights supporting TIAD (our Threat Intelligence and Analysis Database) training overseas, we managed to continue developing cool tech, the portal is busier than ever, and now, heading into post-summer, the phones are starting to ring again! I was starting to feel a bit like Rip Van Winkle.. time to wake up, old man!
• Fusion Report this week but we're building out our linguist team --we got our first Romanian speaker onboard, a new Russian linguist and just posted three new priority intelligence reports (PIRs). PIRs are short pieces that we find interesting, and that offer fast turnaround analysis for instant situational awareness when something looks important.
  
  
• Defcon Talk on Car Hjacking - I LOVED this talk btw!
• Androit Malware
• Ministry of State Security's new Lhasa office

Our members will be reading these as we speak. You could be too. Call us.

Have a great week!

Jeff