Tag Archives: Surveillance

What to Secure…

encryptionRecent News articles detailing the NSA surveillance monitoring has shown to extend to other countries and that of their high-level officials. A more recent article states the following:

“The U.S. monitored the phone conversations of 35 world leaders, according to a National Security Agency document provided by its former contractor, Edward Snowden, according to The Guardian newspaper.”

Although most people cannot communicate using secure phone calls, it does raise the importance that the data be what is secured, not just the mode of transport. A phone call or even Internet usage should not be considered secure. There are numerous hops and intermediary systems that connect the signal being used. Each of those points of connection are a potential point of surveillance. Add the additional discoveries regarding ATT, Verizon, and other carriers, the expectation of privacy should no longer be expected.

This means that only the data, if encrypted or secured, provides the potential expectation of privacy. Insuring securing data at rest and during transport is critical to insure privacy. It may take more time and resources, but in an age of “continuous monitoring” of everything, it is the best way to provide the assurance most people and businesses desire.

Tagged , , , , , , , , ,

Surveillance versus Breach

GCN published an article on June 3, 2013 regarding the possible data breach of Customs and Border Protection (CBP) systems operated by third-parties for clearances. The information used to obtain clearances is not only personal identifiable information (PII), but also re-tells the past ten or more years of history of an individual. So the potential compromise of this information is a serious issue.

Now add the recent scandals regarding surveillance by the NSA and other government agencies adds to the concern. This is more than a privacy issue, but one of the capability to maintain data secure. DHS is meant to provide the “cybersecurity” component of the government in conjunction with the DoD, but if DHS and the DoD have issues with maintaining the security of their respective systems, what will the potential breach be with the new surveillance information. While granted, the information of the phone calls from the various telecoms is currently not maintaining the call content itself, the associated metadata could expose even greater risk to individuals than is being expressed. Most phones maintain GPS and cell tower information with a call. Add the additional cell phone number and owner information, it is now possible to track the patterns of the individual in addition to the various calls.

While the potential privacy issues around surveillance has its place, the ability for the government to protect the data is also equally important.

Tagged , , , , , , , , ,

Taking the Hacker and Heading Home…

Many may have heard of the ongoing dispute between England and the United States about the pending extradition of British hacker Gary McKinnon. Well the wait is over, the British Home Secretary Theresa May in an announcement yesterday before Parliament stated that she would block the extradition of Gary McKinnon. She based her decision on the several medical examinations and his Asperger’s Syndrome diagnosis. He has been charged by the United Stated for hacking into highly classified Pentagon computer systems, for what McKinnon alleges in search of proof of extraterrestrial evidence.  USAToday.com has a good article on the coverage.

According to the article:

Officials in Washington expressed disappointment at the outcome, and State Department spokeswoman Victoria Nuland said the decision meant McKinnon would not “face long overdue justice in the United States.”

British prosecutors will now decide if he should face charges in the U.K.

There has also been discussion that England will also renegotiate the extradition treaty to make it harder for British citizens to be extradited to the United States.

Tagged , , , , , , , , , ,

More on Cyber Security Executive Order…

Dark Reading published an article on October 9 about the pending Executive Order on cyber security and what it will mean to an enterprise. As mentioned in a previous post, the executive order is the Obama administration’s response to the fact that Congress did not pass cybersecurity legislation, specifically the Cybersecurity Act of 2012.

Now while the Executive Order would be focused on national critical infrastructure, the article brings up some good points about what impacts and insights this could have on a business. The article noted that the Executive Order would not deal with one of the key points of the act, the sharing of information between government agencies. According to the article:

The issuance of an executive order would not address one of the key elements of the Cybersecurity Act of 2012 – information sharing between the private sector and government. According to former NSA Deputy Training Director Cedric Leighton, information-sharing has to span both sharing between the government and private sector as well as between entities in the private sector itself.

A key point about what businesses are looking for is stated in the article…more specifically three key items:

Rather than checklists, organizations are looking for three distinct things: the current state of a threat, what others are doing about security, and what are the guiding principles that should be considered when developing a security program and strategy, Granado argues. Protecting intellectual property means complicating the process of acquiring inappropriate access, detecting threats and neutralizing threats before they expand, he says.

As noted in the article, a purely defensive “knee-jerk” mentality is not enough and a pro-active stance is needed to effectively secure the information assets of the business and in turn improve the overall risk posture. The idea that the minimum is enough is not enough, that will leave business always behind a curve.

Tagged , , , , , , , , , , , , ,

Surveillance In the Day to Day…

An article in the Wall Street Journal Blog discusses 20 ways that an individual is under surveillance during the normal day-to-day hustle and bussle. When looking at the article, most people will not realize the extent to which they are monitored and the economics around it.

Whether it is the GPS device in the car, the street cameras, or facebook, the ability to monitor and track an individual is becoming more common. In addition, it is a major money maker for those doing the tracking…

Tagged ,
%d bloggers like this: