Monday, June 20, 2016
Saturday, May 14, 2016
Human life will keep on evolving and so will be the cyber security world. We are today surrounded by the technologies those we used to dream or watch in the sci-fi movies. Similarly, the unforeseen threats of the past are today's top challenges. Innovation is happening on both the sides which is quite natural. Afterall, we are living in a world of duality so every good is meant to have its dark side as well.
Life transformation and technology innovation are the factors behind the very existence of cyber security threats, but at the same time, rising social imbalance across the societies, economy concentration and the political power-plays are the major driving forces to it.
Threats to systems, applications, mobile apps, ICS, IoTs are the things of the past, we have already studied many real-world case studies. Be it Windows, Android, Apple, or whatever, everything is meant to be hacked. Worms, Malware, APT, Ransom-ware are new terms for the old threats. Cyber espionage for political, economic, social, defense and industrial gains has become a common game of today, and will continue forever.
We have already entered into the machine era where our conscious resides longer in the devices than our physical body. A lot of work is still happening in the space of nano-technology to make these devices become our body accessories and eventually organs. Wearable glasses, watches already exist making it possible to wear, wave hand and say "Aabra-Ka-Dabra" to take down the critical systems. It will be even more magical as we evolve, may be in the blink of an eye. There are technologies like TDCS and TENS already into existence to be able to change our mood and we will soon be able to hack the human consciousness remotely.
Smart cities of the future are still being developed, we are yet to see a perfect smart city and a deadly cyber attack will also certainly be seen along with. Self-driving cars have started riding us and car hacking has already been demonstrated which can easily be utilized for abducting or contract killing to eventually become part of the future case-studies.
Self-flying planes (drones) are heavily in use and they will soon ride us as well. Again, drone hacking is not a new subject for us and there are 'n' number of possibilities for criminal minds. Robots have been developed and perfect robots are yet to arrive, followed by the humanoids who will live with us, work for us, many of us will even fall in love with them. Its not so difficult to imagine the possibilities by hacking the robots or humanoids.
Human brain has already been partially developed and is not yet out for hackers to try their hands at it. We are soon to be converted into immortal cyborgs, it may take another generation but it has to become reality some day and further increase the possibilities in the cyber security research. Artificial intelligence will evolve into super-intelligence in next few decades and it will be an uncontrolled war-game then, but by that time we possibly might not be there to play it.
Are we really prepared to protect, what we are busy developing? Perhaps not, because innovation can never be perfect from all the aspects. Every innovation has direct or indirect, short-term or long-term side effects. At the same time, human race has to keep evolving in order to achieve the goal of its existence and once that goal is achieved, it will be a perfect world with the silence and peace all over.
Saturday, June 15, 2013
Lately, there started news about operation PRISM everywhere and I find everyone discussing the buzz word in my day to day routine. I do not see any thing serious about this operation since the agenda used to be discussed in a closed group years ago and didn't come as a surprise when the information got leaked officially.
Nearly a decade ago, it was a time when both democratic and dictatorial form of governments used to be concerned about citizens, their opinion and understood their power of bringing any change to the system. But in today's time, I think governments across the world are more concerned about privacy of its citizens in the name of terrorism and national security.
"Top Secret" projects have exclusions from many constitutional interference and tend to go beyond the defined boundaries, which is very natural. So even if the intelligence is being gathered on foreigners under a close court supervision, we can't deny the access to the linked information which belonged to citizens and many of such links can be false positives or intentional. Or even if the intelligence is linked or unlinked, who cares, would someone dare to investigate linked-unlinked factor from Petabytes of data? Cyber operations are hard to investigate and easy to justify or disown, we know this rule.
Just after operation PRISM was picked up by the mainstream media, many of the government officials across the world started criticizing PRISM on or off the record, but they actually weren't criticizing US operation, but criticizing the companies including Google, Facebook, Microsoft, etc which participated in the operation and are not willing to coordinate with their country even in the case of criminal activities.
It has been a moot point from long time that Facebook, Google, Microsoft and many other such companies share the private data of users with US Feds. Foreigners can't do much about it due to addiction and dependency on such online portals, so even if they know about this, it won't matter since there are no local options.
So, if my private data is being accessed by my local government that could be threat to my privacy and I can still do something about it as per the law of the land, but if the data belonging to majority of the citizens is accessible to the other countries, it becomes national security issue, can be utilized to cause political and economic instability and even governments can't do much about it. However, both cases are considered to be a threat for rights to privacy but the impact differs.
It the current age of information, whosoever has information, has the power and currently US has most of it. In such situation, it appears we are heading towards an era where we will need localized versions of all online resources to safeguard the national interest. Most of such important portals are Email, VOIP, Social Media portals, Search Engines, Smart phones and apps. Chinese carry the right vision and they already have localized portals, restricting their country's information within their border to act as a cyber border.
Wednesday, April 10, 2013
Hacktivism has gained considerable popularity and dominance both in the internet and society. Lately, “anonymous” hacking group added more popularity to this word, “hacktivism”, by launching series of cyber attacks against various governments worldwide compromising and publicly disclosing the classified data. Government officials recognize hacktivism as a form of cyber terrorism but many call it a non-violent way of protest, no blood, no tear gas while protesting against weak government policies.
Tuesday, March 26, 2013
After the USA established its cyber command center (USCYBERCOM) to counter cyber-attacks and protect its cyber space, it became the next project for most of the governments across the world. Russia and South Korea lately announced to have their own cyber command center and many other countries are also pursuing the project. Both the cyber offensive and defensive operations are vital part of cyber command center. At many instances, teams engaged in offensive and defensive operations are required to work together and share the intelligence to carry out joint operations.
Friday, March 22, 2013
Most of the CIOs talk about ROI ("Return On Investment") before initiating any project for their organization. Risk vs Mitigation cost metrics helps them deriving the ROSI ("Return On Security Investment") in a simplest form and the calculation can be made more complex and accurate by adding more parameters to the metrics, often single dimensional. The ROI is often calculated for each information security project that is floated out from the private sector or government departments.
Information security projects are meant to safeguard CIA (Confidentiality, Integrity and Availability) of owned information assets and it is much straight forward to calculate and justify the ROI at early stages of such projects with great level of accuracy.
Thursday, March 14, 2013
It’s high time to learn that the last cyber espionage or attack came from China and I wonder why it’s always China? Are Chinese so smart, well organized, funded, equipped Or most of the intelligence agencies from across the world just believe into it for the sake of it? Being a security professional, I never trust media briefings or expert views, just like most of the others like me “don’t”. My point of view on cyber warfare might be pretty different than fellas, but my belief into it doesn’t disappoint me often. Be it terrorism or cyber terrorism I always commend the strategy originating from one of the countries, I know you know which country and I feel sorry when I sound so bitter but the truth ain’t sweet either. I met a few intel folks from across the world and the discussion on a cyber attack originating from Russia is mostly considered to be a proxied attack but China is always a scapegoat by default.