30 July 2016

POTUS 45: The Future of Information Warfare...

The spectrum of asymmetric warfare being waged across the globe has been accelerating for over a decade.  The physical realm, has now migrated to an environment of "zeros and ones" traveling at the speed of light.  Operational Risk Management (ORM) remains a significant factor for Senior Leadership in government and the private sector.

Information collection, deception, attribution and mutual response is consuming our airwaves and IP addresses, like a digital Tsunami.  Wikileaks vs. Edward Snowden, is a battle for digital privacy branding and a communications platform for the evidence of the truth.

The average world citizen is now reading content and consuming video by the petabyte, to satisfy their particular knowledge appetite.  The personal or nation state requirements of the continuous search for the truth, or perseverating on a single target to achieve a mission, is now the state of play.

As the United States pursues the election of its 45th President, the digital trust of our electoral systems and historical decision process are currently at stake.  Data provenance is at the center of legal and national security policy discussions.  "Trust Decisions" are ever more in our minds and simultaneously at the center of our democratic way of life.
Gawker publishing opposition research.  APT29 malware?  Guccifer2 account by a lone individual? Any similar attributes between the U.S. DNC malware servers and the German Bundestag malware servers?
The speed and sophistication of nation state plots or non-state actors, will continue to feed the novels for people such as John le Carre and yet to be written movie screenplays.  Yet what is now over the horizon for humanity and our future, lies in the innovation and current capability of Artificial Intelligence (AI):
Rob McHenry: Public-funded research has always pushed the state-of-the-art in advanced autonomy, which then drives commercial AI. I think many people would be surprised by the advanced capabilities that autonomous systems for defense are already demonstrating – capabilities that many might guess wouldn’t be achievable for many years.

For example, DARPA and the Navy are testing at sea today an autonomous ship that is designed to go “toe-to-toe” against a human adversary in the wild during complex unconstrained military operations. The ACTUV (Anti-submarine warfare Continuous Trail Unmanned Vessel) program has delivered an unmanned ship that can not only comply with the complex Rules of the Road in the open ocean, but simultaneously track and harass a manned submarine, keeping a step ahead of a highly trained human submarine captain. This is an example of AI that can understand humans, in both competitive and supportive roles.
As the U.S. Navy and others pursue the asymmetric battlefield across the oceans, we can only hope the human factor remains the man-in-the-middle.  Artificial Intelligence may very well be good at searching, collecting and manipulating data, yet it is still the human behind the intent.

In essence, humans remain the architects of the design, coding and the implementation of the programs, weapons and capabilities.  Where is the trail of evidence leading and where is the response?

Achieving digital trust and the future integrity of our global "TrustDecisions" will remain a tremendous challenge for our governments and the private sectors,  that establish our critical infrastructure.

You can be certain that the response will be calculated and the attribution will be thorough, even as new classified information is involved in the analysis.

23 July 2016

ECPA: Reality of Homegrown Violent Extremism...

In the United States, Operational Risk Management Executives in the private sector are consistently balancing the legal requirements for public safety and their customers right to privacy. The Internet Service Provider (ISP) General Counsel's duty to facilitate the rule of law within the private sector organization, has been on a collision course with protecting the homeland for over a decade since 9/11.

One of the critical tools for Homeland Security Intelligence (HSI) is the "Electronic Communications Privacy Act (ECPA) and for good reason. The law provides the tools for law enforcement and national security intelligence analysts while simultaneously protecting the privacy interests of all Americans. In a 2011 statement before the Committee on Judiciary, United States Senate, Associate Deputy Attorney General - James A. Baker outlines the basis for ECPA:
"ECPA has never been more important than it is now. Because many criminals, terrorists and spies use telephones or the Internet, electronic evidence obtained pursuant to ECPA is now critical in prosecuting cases involving terrorism, espionage, violent crime, drug trafficking, kidnappings, computer hacking, sexual exploitation of children, organized crime, gangs, and white collar offenses. In addition, because of the inherent overlap between criminal and national security investigations, ECPA’s standards affect critical national security investigations and cyber security programs."
The criminal elements and their organized syndicates are leveraging modern day technologies and capabilities of the private sector. The legal first responders for our 21st century homeland threats don't always wear a badge and drive a Crown Vic on patrol around our city streets. Many spend their hours on patrol in cyberspace or analyzing terabytes of data online with sophisticated software to determine the what, who, why and how of the current threat stream.

The US government has a fiduciary and legal duty to protect the privacy and civil liberties of all US citizens. Parallel to this task is the rapidly changing use of communications and other mobile technologies to facilitate and support the activities and operations of individuals and networks of people, who exploit the design, configuration or implementation of our countries homeland defense architecture.

Whether this architecture includes the utilization of 72 Fusion Centers or the methods for collecting "Suspicious Activity Reports" (SARS) from those first responders, the fact remains that the pursuit of national security threats is a lofty task. This is happening today, on the ground and in the digital domain. Therefore, the speed that these individuals can legally obtain the data they require to make informed decisions is at stake and so we must eliminate any new impediments put before them. From Mr. Bakers statement on "Government Perspectives on Protecting Privacy in the Digital Age" he explains further:
Addressing information associated with email is increasingly important to criminal investigations as diverse as identity theft, child pornography, and organized crime and drug organizations, as well as national security investigations. Moreover, email, instant messaging, and social networking are now more common than telephone calls, and it makes sense to examine whether there is a reasoned basis for distinguishing between the processes used to obtain addressing information associated with wire and electronic communications. In addition, it is important to recognize that addressing information is an essential building block used early in criminal and national security investigations to help establish probable cause for further investigative techniques. Congress could consider whether this is an appropriate area for clarifying legislation.
Any changes to the ECPA laws should be considered carefully with not only the government but the private sector. The combination shall work together to find the correct balance between national security requirements and the privacy of the customers of mobile communications, e-mail, and social networking entities. The time that it takes our first responders to rule-in or rule-out a person of interest in an ongoing investigation can mean the difference between a failed or successful attack on the homeland. The private sector shall determine the prudent cost to the government for providing the legally obtained information of non-telephone records such as a name, address and other metadata. By the way, has anyone noticed that the criminals, terrorists, spies and other malicious actors have decided to use Telegram, or WhatsApp instead of their mobile telephone?

Homeland Security Intelligence (HSI) first responders will be the first to tell you that the crime syndicates and non-state actors have gone underground and have stopped using the tools that leave the data more easily accessible by law enforcement. Now, they are creating and operating their own private and secure infrastructures within the confines of private sector companies. These clandestine groups have organized hierarchy and specialized skills and therefore, the US government must continue to step up the pace, legally.

What does this all mean? It means that there will be a lower chance of under cover law enforcement officers becoming members of the these organized crime syndicates that in many cases are the genesis for homegrown violent extremism (HVE).

Homegrown extremists can be individuals who become violently radicalized, perhaps after exposure to jihadi videos, sermons and training manuals available on the Internet, security officials say. Such plotters are harder for counterterrorism officials to spot because they have few links with known terrorist operatives and often don’t travel overseas for training.

Another implication is that there is a higher chance that private sector researchers will understand the new trade craft of HVE actors, long before law enforcement and national security intelligence analysts. This is because the standard approach to the "Seven Signs of Terrorism" have been focused on the physical infrastructure. Organizations in the private sector have been researching, tracking and profiling since the late 1990's on the methods and modus operandi of the digital extremists who have plagued our banks and other financial institutions with cyber crime.

The time is now for these two distinct disciplines and professionals to converge. The public as eyes and ears combined with the legal tools to extract the timely information from technology providers is part one. Part two is the integration of intelligence analytic training with the curriculum of the police and fire academies for new recruits. Providing these first responders with the methods, tools and capabilities to be more effective collectors on the street level, will provide the fusion centers with a more robust set of relevant information streams. Here is an example from a graduate certificate class in criminal intelligence analysis from AMU:

The graduate certificate in Intelligence Analysis provides you with a fundamental understanding of the issues, problems, and threats faced by the intelligence community. This online graduate program helps you develop a comprehensive knowledge of how intelligence agencies in the U.S. assess and counter international threats in order to guard U.S. global interests and protect U.S. national security from adversaries. Knowledge from this certificate program is applicable to many career fields within the military, security companies, government contractors, or federal agencies.

We have a choice to provide our first responders with the correct training and OPS Risk education for today's Homeland Security Intelligence (HSI) mission. Our national policy makers have a choice to assist them in getting the information they need to do their jobs quickly, efficiently and while protecting civil liberties. The choices that we make fifteen years after 9/11, will define the landscape for homegrown extremism and the legal framework for ensuring the safety and security of all Americans for years to come.

16 July 2016

Utility of Attack: Target Selection and Execution...

The threat spectrum for Operational Risk Management (ORM) professionals is wide and they are constantly evaluating opportunities to learn.  Recent data breaches, terrorist attacks and the strategies utilized by adversaries online and on the ground, has surfaced another key lesson learned:
u·til·i·ty n. (pl. -ties) 1 the state of being useful, profitable, or beneficial (in game theory or economics) a measure of that which is sought to be maximized in any situation involving a choice.  The New Oxford American Dictionary
Here are two data breach examples:
  1. On May 30, 2016, Omni Hotels discovered they were the victim of malware attacks on their network affecting specific point of sale systems on-site at some Omni properties. The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date. They have no indication that reservation or Select Guest membership systems were affected.  50,000 records are impacted.
  2. Prior to May 2016, identity thieves stole tax and salary data from big-three credit bureau Equifax Inc., according to a letter that grocery giant Kroger sent to all current and some former employees. The nation’s largest grocery chain by revenue appears to be one of several Equifax customers that were similarly victimized this year. Atlanta-based Equifax’s W-2 Express site makes electronic W-2 forms accessible for download for many companies, including Kroger — which employs more than 431,000 people.  According to a letter Kroger sent to employees dated May 5 2016, thieves were able to access W-2 data merely by entering at Equifax’s portal the employee’s default PIN code, which was nothing more than the last four digits of the employee’s Social Security number and their four-digit birth year.
Here are two terrorist attack examples:

In two major domestic terrorism events in the United States this past year, "Utility" was a major factor and should not be discounted, in analyzing motivations and "modus operandi" of homegrown violent extremists.  In San Bernardino, CA the adversaries were planning a major attack and had already stockpiled explosives and ammunition.  In Dallas (Mesquite), TX the adversary was planning a major attack and had already stockpiled a cache of explosives as well.

In both of these cases, the adversaries had accumulated and trained to use explosives in an attack.  Then they came upon a choice.  A utility.
  1. In San Bernardino, an incident with government co-workers motivated the employee attacker to deviate from the intended plans and to capitalize on the "Utility" of a workplace holiday gathering at the county facilities.
  2. In Dallas, a peaceful protest march that would attract a significant government presence of police officers, motivated the attacker to deviate from future plans and to capitalize on the "Utility" of a public gathering.
Dr. Erroll Southers is correct:
While the impetus for attack is rooted in beliefs, a terrorist’s selection of how and where to attack is based on a consideration of utility. This is the estimate of an attack’s consequences with respect to the intended target’s value as a domestic or international interest and the political impact the attack will have on the intended audience. Utility is a primary consideration for extremists during preparation for an attack, weighing desired results against the investment in activities to plan, rehearse and execute an operation. Always mindful of the aftermath, utility weighs heavily in the decision-making process of target selection, possible attack paths, methodologies and execution.  Southers, Erroll (2014-09-25). Homegrown Violent Extremism (pp. 9-10).
In both cases, the adversaries accelerated their plans.  They abandoned their use of explosives and a future planned event, to act on their emotions and motivations of the moment.  Domestic Terrorism in the United States will continue at a rapid pace without a more serious focus, on Homegrown Violent Extremism.

Whether it be online with the trust of your data systems or offline with the safety and security of your citizens, employees and facilities, beware of the changing opportunities for your adversaries, to launch their attack...
Utility, leveraged by your adversaries, is a consideration that must be continuously evaluated and analyzed in your particular threat environment. 

09 July 2016

Domestic Terrorism: Tears for Those in Blue...

The sniper ambush on those sworn officers to protect us in Dallas, Texas USA on July 7, 2016, is yet another portrait of tragedy and sorrow in our Homeland.  Whether you are an American safe today in your home after another graveyard shift or at high risk on the front lines in the shadows of a foreign country, it does not matter.  This particular domestic event targeting our protectors, and so soon after Orlando, FL, should be a another wake up call to area code (202).

Operational Risk Management (ORM) professionals across the U.S. are unified once again, in our vigilance and our mission.  Domestic Terrorism in our world, will continue to be manifested as long as people can read, listen and be influenced by other people.  Here or abroad.  The methods used for this indoctrination, whether delivered in small groups sitting in a circle over a cup of coffee or tea, or increasingly over the Internet does not matter.  The process is the same.

The "Cues and Clues to Teach" have been detailed before in this blog.  Domestic Terrorism in the United States has been moving along a spectrum of incidents at a pace that seems to be accelerating.  Lone individuals or groups who plan, train and act in order to bring their own psychological justice to reality, is one of our greatest challenges:
The statutory definition of domestic terrorism in the United States has changed many times over the years; also, it can be argued that acts of domestic terrorism have been occurring since long before any legal definition was set forth.

Under current United States law, set forth in the USA PATRIOT Act, acts of domestic terrorism are those which: "(A) involve acts dangerous to human life that are a violation of the criminal laws of the United States or of any State; (B) appear to be intended— (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and (C) occur primarily within the territorial jurisdiction of the United States."[2] 
The pace and the origins of domestic terrorism in the United States are vast and metastasizing.

In order to begin or enhance your journey into understanding the root causes of this growing threat in America you should start with Eric Hoffers book: The True Believer: Thoughts on the Nature of Mass Movements.  And once you are finished with it, turn to Erroll Southers Homegrown Violent Extremism.

Developing your awareness is the beginning of any journey to solving problems and developing more effective and comprehensive preventative solutions.  Building knowledge about how people can transform from a individual working in a war zone or sequestered from society, to the front pages of the Washington Post, is a worthy goal for any Operational Risk professional.  As a human resources professional at Company or Agency USA or the retail employee in the ammunition section of Dicks Sporting Goods, you also have a role to play.

Vigilant "Employees and Citizens" must be continuously trained to be aware of the warning signals that typically occur before a threat and violent act becomes operational.  Based on the O'Toole study, these are some of the 23 "Red Flags" that employers should be monitoring and keeping their Corporate Threat Assessment Teams on high alert for:
  • Low tolerance for frustration
  • Poor coping skills
  • Failed relationships
  • Signs of depression
  • Exaggerated sense of entitlement
  • Attitude of superiority
  • Inappropriate humor
  • Seeks to manipulate others
  • Lack of trust/paranoia
  • Access to weapons
  • Abuse of drugs and alcohol
What did you know?  When did you know it?  What have you done about it?  They will judge you on the threat assessments utilization of insider threat intelligence combined with the evidence of your overt training of employees in the workplace.  What grade would you give your organization today for these fundamentals?
Godspeed to all of those on their journey now, to better comprehend this event and to all the grieving family members across our Homeland...

03 July 2016

4th of July: Flying the Stars & Stripes of Freedom...

The United States of America celebrates 240 years tomorrow.  The Stars and Stripes of our flag will be flying high.  How far we have come and yet we still envision that we have so far to go.

Celebrating the 4th of July in the United States means different things to different people.  It all depends on your tenure here and how you have contributed to defending the freedoms we all share. And for those who have made the trip to our borders or overseas to defend our country, we give special thanks.

Nine years ago we saluted Spencer S. on Memorial Day, as he prepared to make his way to being deployed to Iraq.  An Airborne Medic and now home safe in Chicago, we are thinking about him and all those other families who have sent their sons and daughters, husbands and wives, brothers and sisters, or fathers and mothers into harms way to defend our freedom.  We are humbled by your courage and thank you for your selfless contributions to keep us more safe and secure back home.

The Patriots of the U.S. are vast and found everywhere, serving the country in uniform by military or law enforcement, in suits and ties or dresses among the halls of government agencies found in small towns and famous suburbs like Langley.  These millions of shadow patriots and citizen soldiers are working to defend the truth of the Declaration of Independence and our Constitution each day.

At the same time, they are all Operational Risk Managers, mitigating the daily risks to life, property and our vital economic assets.  Mike Stanley of the American Legion captures the essence of the early days of our country:
The United States of America began as thirteen different English colonies established along the eastern seaboard during the 17th and early 18th centuries. Gradually many of the colonists began to think of themselves more as Americans and less as Englishmen, a feeling that was spurred on by the decision of the British Parliament in the 1760s to tax the colonies for the expenses associated with keeping them in the British Empire. Since the colonists had no elected representatives in the British Parliament, they felt that these new taxes were “taxation without representation” and therefore, illegal.
From this point, the situation escalated quickly as Patriot groups formed to discuss the possibilities, and by the early 1770s, the Patriots had their own Provincial Congresses in each of the thirteen colonies, effectively replacing the representatives of the British government. In 1775, the Second Continental Congress was established, the Continental Army was organized, and fighting broke out when the British responded by sending combat troops to the colonies.
Finally, on July 4, 1776, the Declaration of Independence was signed, establishing the United States of America. The fierce determination of the Patriots to prevail, plus the important military and political support of the French, the Spanish and; the Dutch, insured an American victory, and in 1783, the signing of the Treaty of Paris ended the American War of Independence and guaranteed the sovereignty of the United States of America.
Conflicts in the 21st century will be fought for many of the same reasons, and with a revolution of robots.  In P.W. Singer's book, "Wired for War" he prepares us for the next 100 years:
What happens when science fiction becomes battlefield reality?
An amazing revolution is taking place on the battlefield, starting to change not just how wars are fought, but also the politics, economics, laws, and ethics that surround war itself. This upheaval is already afoot -- remote-controlled drones take out terrorists in Afghanistan, while the number of unmanned systems on the ground in Iraq has gone from zero to 12,000 over the last five years. But it is only the start. Military officers quietly acknowledge that new prototypes will soon make human fighter pilots obsolete, while the Pentagon researches tiny robots the size of flies to carry out reconnaissance work now handled by elite Special Forces troops.
Wired for War takes the reader on a journey to meet all the various players in this strange new world of war: odd-ball roboticists working in latter-day “skunk works” in the midst of suburbia; military pilots flying combat mission from their office cubicles outside Las Vegas; the Iraqi insurgents who are their targets; journalists trying to figure out just how to cover robots at war; and human rights activists wrestling with what is right and wrong in a world where our wars are increasingly being handed over to machines.
Maybe someday, Spencer will be able to stay hundreds or thousands of miles out of harms way to defend our countries freedoms, because they won't need medics on the battlefield anymore.
...and that as Free and Independent States, they have full Power to levy War, conclude Peace, contract Alliances, establish Commerce, and to do all other Acts and Things which Independent States may of right do. And for the support of this Declaration, with a firm reliance on the protection of divine Providence, we mutually pledge to each other our Lives, our Fortunes and our sacred Honor.