24 November 2012

IO Convergence: Cyber Warfare Unified Taxonomy...

Information Operations (IO) is an Operational Risk Management priority in both the public and private sector these days.  Is it lawful for a U.S. company and U.S. citizens to train and perform cyber warfare activities on behalf of a foreign country?

The Washington Post reports:
By Published: November 22
In the spring of 2010, a sheik in the government of Qatar began talks with the U.S. consulting company Booz Allen Hamilton about developing a plan to build a cyber-operations center. He feared Iran’s growing ability to attack its regional foes in cyberspace and wanted Qatar to have the means to respond. 
Several months later, officials from Booz Allen and partner firms met at the company’s sprawling Tysons Corner campus to review the proposed plan. They were scheduled to take it to Doha, the capital of the wealthy Persian Gulf state. 
That was when J. Michael McConnell, a senior vice president at Booz Allen and former director of national intelligence in the George W. Bush administration, learned that Qatar wanted U.S. personnel at the keyboards of its proposed cyber-center, potentially to carry out attacks on regional adversaries. 
“Are we talking about actually conducting these operations?” McConnell asked, according to several people at the meeting. When someone said that was the idea, McConnell uttered two words: “Hold it.”
A common taxonomy was developed years ago for the cyber terms of the computer and network incident domain. Now we need to make sure we all understand what we mean when we say Information Operations policy as it pertains to the digital world.

As an example, in the context of the digital attacker we have Sandia Labs Taxonomy:
  • Hacker
  • Spies
  • Terrorists
  • Corporate Raiders
  • Professional Criminals
  • Vandals
  • Voyeurs
Each is unique and has its own domain or category. We are sure that the same could be used for the context of attackers in the non-digital world, possibly with the exception of Hacker. However, the definition of corporate raider in the off line domains may not be synonymous with the on line domain of cyber incidents.

If we look at the categories that make up the entire "Incident" that Sandia Labs has utilized, we see the following:
  • Attackers
  • Tool
  • Vulnerability
  • Action
  • Target
  • Unauthorized Results
  • Objectives
Without combining the context under each category, we lose the impact of what we are trying to make contextual with regard to an "Incident". We need to make sure that the anti-terrorism taxonomies of the off line and on line domains can be utilized together to describe the attributes of an "Incident". We need to break down the sub-categories as well. For instance, in the Sandia Labs Taxonomy for the Objectives category we have:
  • Challenge, Status, Thrill
  • Political Gain
  • Financial Gain
  • Damage
When we move to the off line domain and are doing risk mitigation and preparedness exercises for anti-terrorism we utilize another set of words to describe and evaluate infrastructure threats and hazards. Five factors here are:
  • Existence addresses the question of who is hostile to the assets of concern?
  • Capability addresses the question of what weapons have been used in carrying out past attacks?
  • History addresses the question of what has the potential threat element (aggressor) done in the past and how many times?
  • Intention addresses the question of what does the potential threat element hope to achieve?
  • Targeting addresses the question of do we know if an aggressor is performing surveillance on our assets?
The Washington Post reports:
By Published: November 14 
President Obama has signed a secret directive that effectively enables the military to act more aggressively to thwart cyber­attacks on the nation’s web of government and private computer networks. 
Presidential Policy Directive 20 establishes a broad and strict set of standards to guide the operations of federal agencies in confronting threats in cyberspace, according to several U.S. officials who have seen the classified document and are not authorized to speak on the record. The president signed it in mid-October.  The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyberwar and cyberterrorism, where an attack can be launched in milliseconds by unknown assailants utilizing a circuitous route. For the first time, the directive explicitly makes a distinction between network defense and cyber-operations to guide officials charged with making often-rapid decisions when confronted with threats. 
The policy also lays out a process to vet any operations outside government and defense networks and ensure that U.S. citizens’ and foreign allies’ data and privacy are protected and international laws of war are followed. 
“What it does, really for the first time, is it explicitly talks about how we will use cyber-
operations,” a senior administration official said. “Network defense is what you’re doing inside your own networks. . . . Cyber-operations is stuff outside that space, and recognizing that you could be doing that for what might be called defensive purposes.”
We believe that as our cultures, countries, agencies and professionals work together on Information Operations (IO) and online counter-terrorism initiatives, we are going to have to develop a solid taxonomy. It will provide the foundation for our clear and accurate risk management methodologies and incident management systems, being developed by relevant organizations in mutual collaboration.

Once we have accomplished this fundamental understanding, then true Critical Infrastructure Protection (CIP) cooperation and coordination will occur.

11 November 2012

Team Rubicon: Bridge the Gap...

On Sunday morning, observing Veterans Day in the United States began with a few words from a leader from the American Red Cross at a local shelter near North Brunswick, NJ  USA.  We heard his words of recognition and what it felt like for him to return to our country after serving in Vietnam and being ridiculed and spit upon.  The veterans in the room were all gearing up for another day on the front lines of a new domestic battle with the aftermath of Hurricane Sandy.  Team Rubicon and it's growing presence of agile, selfless and highly skilled professionals have been working along side other national and international NGOs.  They are projecting a rapid and significant force on the ground, from New York to previously unrecognized communities such as Union Beach and Montoloking, NJ.

Operational Risk Management was practiced and observed as disaster first responders descended on the front lines of the Hurricane Sandy disaster area.  Highly equipped, veteran war fighters and first responders are deployed each day to tackle and mitigate substantial risks to homeowners, businesses and communities.  Working in concert with city, county, state and federal authorities to provide the most effective response results, where other NGOs stood by in amazement.

City officials, emergency management, law enforcement, community associations, religious organizations all working in coordination to provide their citizens and members what they needed, when they needed it and more.  The destruction and the aftermath of this disaster was significant and will be recognized as one of the most costly economic impacts to the nation.

Yet this is more about a mission by those who know they want to continue to "Bridge the Gap".   To serve beyond what they have already done in life.  To be hugged by perfect strangers for rescuing a loved one trapped in their home or assisting in the mitigation of operational risks to life and property in their neighborhood.  The mission is clear and each day a whole new example of a purpose driven life is explored and realized.

As our U.S. veterans and their families are returning to our cities and communities remember this.  1%.  They represent only 1 percent of our U.S. population and deserve our respect and continued devotion to their service.  They have been making a difference in uniform and will continue to do so if we leverage the leadership, knowledge, wisdom and courage they all possess:
Team Rubicon Saves Lives. 
Since its creation in January 2010, TR has impacted thousands of lives – in Haiti, Chile, Burma, Pakistan, Sudan, and here at home, in Vermont, Maryland, Missouri, and Alabama.  TR reaches victims outside the scope of where traditional aid organizations venture; victims on the fringe. 
Team Rubicon Engages Veterans. 
Hundreds of US military veterans, many returning home after fighting ten years of war, find a renewed sense of purpose for their skills and experiences through TR. 
Team Rubicon Sets Itself Apart In the Nonprofit World. 
Is it a disaster relief organization? A veteran-focused enterprise?  The truth is it’s both. TR pioneered a new paradigm in disaster response while redefining the meaning of veteran reintegration into society. 
Team Rubicon Pioneered the Concept of Veteran-Focused Disaster Response. 
On the streets of Port-au-Prince, in the immediate aftermath of the Haiti earthquake, TR’s military veterans realized a simple truth – natural disasters present many of the same problems that confront troops in Iraq and Afghanistan: unstable populations, limited resources, horrific sights, sounds and smells.  The skills cultivated on those same battlefields – emergency medicine, risk assessment and mitigation, teamwork and decisive leadership – are invaluable in disaster zones.
This Veterans Day remembrance will never be forgotten.  It has been an honor to serve along side so many dedicated professionals to continue to mitigate operational risks to our friends, family and loved ones.  Continue to "Bridge the Gap"!

04 November 2012

U.S. Resilience: Hurricane, Terrorism, Political Risks...

One week ago today, Hurricane Sandy was making her way up the Eastern seaboard of the United States with a wind field 800 to 900 miles wide.  There are estimates of $50B. in economic damages to the country and that tells you only part of the impact story.  The direct impact in lives lost, people displaced and the continuous risks to the Whole Community unfolds in real-time.  Business Resilience and consumers patience is being tested by the hour, ever since the reality of the crisis started to reach the Executive Suites of critical infrastructure sectors such as Financial, Energy, Telecom, Transportation, Maritime, Retail, and the other thirteen or so others.  All have been exercising their COG, COOP and DR plans as part of the their organizational Operational Risk Management programs.

sandy.locative.us will provide you with a snap shot from aerial imagery of the Hurricane Sandy aftermath and geographic locations that could have a spectrum of damage from light to heavy.  This is just one example of how crowdsourced apps are being used to assist, with the ongoing situational awareness and damage assessments but also the long term recovery of those most impacted areas.  At the same time, resources are in high demand for certain areas such as gasoline.  The power companies are making progress and as the supply chain mobilizes and the electricity comes back on, the commodities shortages will soon begin to dissipate.

The Sunday Washington Post and New York Times are telling stories of heroism, tragedy and the effect on the Presidential election on November, 6 2012.  The politically charged atmosphere is primed for more of a perfect storm as the fiscal cliff approaches, regardless who becomes the next President of the United States of America.  This minute, there are tens of thousands of people wondering where they are going to live and stay warm this week in the Mid-Atlantic and Northeast region.  Simultaneously, the September 11, 2012 terrorism investigation continues and in the next few weeks, the world will better understand the timeline and the vulnerabilities that still remain to U.S. assets in the Middle East.  The Associated Press reports:

WASHINGTON (AP) — The deadly military-style assault on the U.S. Consulate in Benghazi, Libya, has raised numerous foreign policy and national security questions and fueled a fierce, partisan election debate over the Obama administration's handling of the attack. 
The strike that killed U.S. Ambassador Chris Stevens and three other Americans is either proof of President Barack Obama's leadership failures or a tragic event that occurred despite the administration's best efforts to protect the compound and respond in the aftermath of the attack, according to highly charged arguments on both sides.
Administration officials have warned against drawing conclusions from individual documents that have leaked into the public sphere. They maintain that a full picture of what happened and any assessment of blame can only be determined after a complete review of all the evidence. But as documents continue to surface in the final days of the presidential campaign, the intensity of allegations of administration impropriety or incompetence has risen. 
A look at what is known, what is still unanswered and who is investigating the incident that has called into doubt Washington's ability to predict such events, secure American personnel in dangerous places and track down those responsible.

Courageous people who have special skills, talents and subject matter expertise are activated or being deployed at this minute, on billets to address a set of continuous operational risks across the globe.  These American first responders and long term recovery professionals all have one thing in common.  A desire to close their eyes each night, with the confidence that they did make a difference that day.  The peace of mind, that they did their small part to add to the tremendous challenges of securing the safety and long term security of their loved ones and those in need.  God, Family, Nation.