-
The best cybersecurity strategy may be counter-terror
Danny Lieberman suggests that a demand-side strategy with peer-review may work best for cyber-security. A conventional military paradigm does not work for cyber-security Government cyber security policy, molded by the military; traditionally frames cyber-security in the context of a defensive strategy based on intelligence gathering, threat analysis, modeling and monitoring with deployment of defensive network […]
-
A cyber-terror derivatives market?
I first heard the idea about hedging risk against actual future disasters (man-made or natural) around the time of Hurricane Katrina. The essay below by professor Avinash Persaud considers the creation of a terrorism futures market. The ideas are particularly timely in the context of the unrest in Libya and the uptick in oil prices. Right […]
-
Paying the price for peace
An exceptional post by Lilac Sigan “To bad it doesn’t pay to be a nice guy” suggests that Israel may be better off in the long term with its relations with Turkey by demanding a quid-pro-quo (The Turks are demanding reparations and an official apology from Israel for boarding the now infamous Gaza flotilla boat […]
-
Has the threat of cyberwar been grossly exaggerated?
Bruce Schneier writes that The Threat of Cyberwar Has Been Grossly Exaggerated Not unpredictably – the essay yielded a lively discussion, I agree with Bruce – especially because of all the hype around Stuxnet. On one hand – the locals in Israel more or less know, or guess who worked on the project and on the […]
-
Why Pentagon cyber strategy is divorced from reality.
From the recent September/October 2010 issue of Foreign Affairs – William Lyn U.S. Deputy Secretary of Defense writes about defending a new domain. The long, eloquently phrased article, demonstrates that the US has fundamental flaws in it’s strategic thinking about fighting terror: Predicting cyberattacks is also proving difficult, especially since both state and nonstate actors […]
-
Facebook disclosure cancels raid on terrorists
I want to challenge the effectiveness of top-down, monolithic security frameworks (ISO 27001/PCI DSS) – I submit that rapidly changing threats – social networking, cyberstalking, social engineering, cyber-stalking and custom spyware are threats that exploit people and system vulnerabilities but are not readily mitigated by a top down set of security countermeasures. The recent case […]
-
Dissonance is bad for business
In music, dissonance is sound quality which seems “unstable”, and has an aural “need” to “resolve” to a “stable” consonance. Leading up to the Al Quaeda attack on the US in 9/11, the FBI investigated, the CIA analyzed but no one bothered to discuss the impact of Saudis learning to fly but not land airplanes. […]
-
Reducing risk of major data loss events
Martin Hellman (of Diffie Hellman) fame maintains the Nuclear Risk web site and has written a very insightful piece on risk analysis of nuclear war entitled Soaring, cryptography and nuclear weapons Hellman proposes that we need a third state scenario (instead current state – > nuclear war) where the risk of nuclear holocaust has been […]