Wednesday, April 20, 2016

If Only It Were Sci-fi: CEOs, CFOs, COOs and Cell Phone Vulnerabilities

Like many of you, I ease back into the workweek on Sunday evenings getting a jumpstart on things with 60 Minutes in the background giving me a heads-up on developing matters here and abroad.  This Sunday, Sharyn Alfonsi’s segment, Hacking Your Phone, jolted me back to business.  If you missed the program, here’s the takeaway:  your smart phone is defenseless against hacking and executives are particularly targeted.  Watching a U.S. Congressman’s mobile phone hacked in seconds, I reacted childishly – hoping it just wasn’t so.  But when I reached out to my speaker, Robert Bigman, former CISO of the U.S. Central Intelligence Agency – under whose watch the CIA was never hacked – I learned that, in fact, that our mobile phones and their networks are, indeed, entirely vulnerable and for simple reasons.  I asked him what my clients and readers need to know and what they can do to protect the privacy of their calls and their clients' information discussed in those conversations.  He shared:

It has been recognized for some time now that while cell (smart) phone is a new technology, the protocols that it uses to maintain wireless sessions, collect and communicate caller/device meta data and interface with the "wired" world, is decades old software and replete with vulnerabilities.  These "wired" world protocols (collectively known as Signals System 7), lack session authentication/integrity mechanisms and thus, are subject to call spoofing and redirection attacks. 

Cell phone users should also understand that while the "smart" devices contain incredible processing and communication capabilities, they are no more secure than your desktop/laptop computer running Windows or Linux operating systems.  Smart phones, like other computers, lack trusted "boot" protection, are written in coding languages that facilitate vulnerabilities, and allow applications to run that also expose the computer's operating system to memory exploitation. 

Your best bet for securing cell phone conversations (although far from guaranteed) is to use a separate/dedicated phone device with only an encrypted Voice Over IP (VOIP) application that, hopefully, satisfies the Federal standard for system cryptography (NIST FIPS Pub. 140-2).

Here's the link to the story:  http://www.cbsnews.com/news/60-minutes-hacking-your-phone and a link to Bob's full bio at www.SecuritySpeak.net.

 

Saturday, April 2, 2016

As Washington Hosts World Leaders at the Nuclear Security Summit ...



I asked Dr. Paul Bracken, author of the tour de force book, The Second Nuclear Age: Strategy, Danger and New Power Politics, for a comment. He replied:
 
 
The pace of military technology has reached a level not seen since the cold war in the 1950s.  Drones, cyber-war, targeted killings, anti-satellites weapons, hypersonic missiles are coming into the forces not just of the United States but of many countries.  Add to this atomic weapons, and soon, hydrogen bombs for India, Pakistan, Israel, and North Korea.  We are entering a new world of technology, yet the old political order of nation states remains essentially unchanged.  The 2016 Nuclear Security Summit shows the growing tension of a political order that is out of phase with technology advances.  Something has to give, and I don't think it's going to come from a slowdown in technology.
 
 
Scroll down for video of Dr. Bracken speaking to the North Korean missile program, STEM, emerging technologies and other key topics in security.

Security Synonyms: Planning, Preparedness & Perspective - Take One



 
The passing of Andrew Grove hit me personally.  Not that I ever met him, but I quoted his words of wisdom each time I gave a motivational address to professionals in legal, financial planning and accounting services:  “You need to plan the way a fire department plans.  It cannot anticipate fires, so it has to shape a flexible organization that is capable of responding to unpredictable events.”  Years back, in the aftermath of my family’s tragedy, via platform speaking, I prepared professionals to steward their clients through “the unthinkable” - and to do so with clarity, compassion and responsibility.  In other words, keeping their eye on the ball as others panic, grieve and recover.  In this spirit, on Friday 1 April,  2016, I was especially moved to interview Security Professional and ASIS International, Southern CT Chapter’s Co-Chair, Lex Giannini, on practical planning for the real issues at stake during a terrorist attack, natural disaster, or other crisis with human casualties.  Do stay tuned as I share Mr. Giannini’s insights in this space via excerpts over the next weeks.  This interview has resonance for us in our professional, community and family roles.