Speech and book reviews, expert interviews and news you can use on cyber-security, U.S. national security and global security matters from Lisa Bernard, President of Lisa Bernard's SecuritySpeak, LLC - a private consulting firm and speakers bureau.
My followers began asking for clarity from an expert on the relationship between China and North Korea's nuclear program. I asked Gordon Chang, author of Nuclear Showdown: North Korea Takes on the World, and internationally respected pundit on security matters in Asia, about this.
With his comprehensive approach and gracious style, Gordon Chang is renowned for his incisive analyses and commentary. He lived and worked in Shanghai as Counsel to the American law firm Paul Weiss, and earlier in Hong Kong as Partner in the international law firm Baker & McKenzie. He has briefed the United States CIA, Pentagon and State Department on security developments and he shared this assessment with me this week:
"North Korea has three launchers--theTaepodong-2, the KN-08, and KN-14--that can hit the lower 48 states. The better view is that the North cannot mate a nuclear warhead to them, but that is only a matter of about three years. The North Koreans have already put a nuke on top of their intermediate-range Nodong.
Beijing could rein in North Korea, but Chinese leaders do not want to do so because they view America as their main strategic rival. They find Kim Jong Un's antics useful in keeping us and our allies off balance.
We could force Beijing into being helpful--by, for example, imposing secondary sanctions on Chinese banks and enterprises--but so far there have been only tentative moves to do so. The U.S. sanctions on Dandong Hongxiang industrial, imposed last month, show attitudes in the American capital are changing. They are changing because an unstable Kim Jong Un in control of the world's most destructive weapons is presenting American policymakers with little choice."
N.B. Gordon Chang will be presenting The New Nuclear Politics: China, Iran and North Korea, at the Election Night 2016 Security Summit, 80 Minutes Around the World: Security Briefings for the Next American President, in Westport, CT, on November 8th.
I asked Dr. Austin Long, authority on international security matters and particularly urban operations in counterinsurgency, to put this in perspective for us. He replied: "The
long awaited offensive to retake Mosul is a welcome sign of progress in the war
on the Islamic State but should not be heralded as the beginning of the end.
The loss of Mosul will hurt the group but not fatally. We should always
remember that retaking Fallujah in 2004 was seen as a major sign of progress
but two years later Al Qaeda in Iraq, the Islamic State's predecessor, was
stronger than ever."
Hear Dr. Long on Monday, November 7, 2016, at 7:00 p.m. at Sacred Heart University in Fairfield, CT. He delivers, The Islamic State in Iraq and Syria: Crucible for the Next American President. For details: LisaBernard@SecuritySpeak.net or www.Facebook.com/PodiumTime.
I arrived in
Arlington, Virginia, at News Channel 8 Studios to meet Robert "Bob" Bigman before he
went on the air as Francis Rose’s guest on Government
Matters.From the get-go, I sensed
the “quiet celebrity” he enjoys among those in-the-know in Washington, D.C.He is the man who served for thirty years at
the Central Intelligence Agency – most of the latter years as Chief
Information Security Officer (CISO).Simply
put, he kept the CIA’s data secure.Now, at a time when most Americans – private citizens
and public officials – feel the threat or pain of being hacked, Bob's
insights seem particularly pertinent and his achievements especially notable.I was delighted that this down-to-earth professional – who
for so long was under the radar – was graciously coming into the
spotlight to share his sense of this with us. What he conveyed was as inspiring as it was stirring.His cheerful manner and serene demeanor bespoke
a guarded “could-be-done” attitude about recovering the upper hand in the cyber security challenges we face – “guarded”
being the operative word.My takeaway
was that we Americans can combat these
threats provided 1) our resolve comes with calm, candor and clarity about
the nature of the technologies and the humans who engage them and 2) that we
have devoted leadership at the organizational and national levels.
LISA BERNARD: On one thing all cyber-security experts agree: human behavior and psychology loom large as key factors. We are a nation of e-consumers, wed to convenience and beginning to integrate into the job force a generation raised on the efficiency of their smart phones. Bob, what will it take - new technology or a crisis - to shift the pendulum from user-myopia to individual vigilance?
LISA BERNARD: We are electing ourselves a new Commander-in-Chief next month and although it is now common knowledge that the software we use is outdated - even in our nuclear missile systems - we hear little about this from the candidates. Just how outdated is government software and why are antiquated systems still in use?
LISA BERNARD: Many of my followers are CISOs themselves or CEOs who rely on them. With the proliferation of mobile devices and the trend toward super-computing what advice can you give them?
LISA BERNARD: If our next POTUS appointed you "Tsar of Cyber Security," with all the resources you would need to set our nation on a modern and safe course, what would be your first priority?
LISA BERNARD: Since leaving government service, as a consultant,you have been moving the dial, persuading firms to move toward more managed and isolated networks. In the private sector, where the internet is like oxygen, how are you doing this?
ROBERT BIGMAN: The really bad news is that even if you wanted to stay disconnected, increasingly, technology and the evolution of your world will connect you. The marketplace has already determined that you're going to stay connected to the internet. So what can you do? Start with your biggest risk - which is how you and your devices - computers, mobile devices, smart phones - how they actually connect to the internet. Know that to ameliorate this risk, you just can't simply any longer rely on commercial capabilities like firewalls, modems and router protection and control lists. There's a collection of simple things you can do. First, I recommend that you NOT use commercial applications like Windows or Adobe. Instead use alternative operating systems like Ubuntu and Opera as a browser.
LISA BERNARD: What products are now available to make this "shift" possible and attractive in a culture that is hyper-connected?
ROBERT BIGMAN:There are
probably very few products that I would recommend where you can say that if you
buy this product that you can secure your data completely and your don’t have
to worry any more.In fact, there are no
products like that despite what vendors will tell you.What I
find is the biggest problem is that organizations simply don’t understand the
risks to their systems, their networks, and their data and they too often – as
a result of attending the RSA conference, the Black Hat conference, the DefCon
conference – they too often fall into the trap of using technology to solve
very complex problems that require people issues, process issues, policy issues
and yes, some technology issues.But trying
to address them with just technology is the number one mistake. And I know the vendors don’t want you to hear
that message, but the fact is that unless you have a cyber-security program and that you have as the component
parts of governance, IT management, public policies and processes, no matter
how much technology you buy, you’ll still get beat.And every event, every incident I’ve been
involved where we’ve investigated – unauthorized access, penetration, hacking,
unauthorized use of data – all involve the process and policy issues violations
as ever as they involve misuse or improper technology.
###
Bob Bigman is available for briefings, talks and workshops via Lisa Bernard's SecuritySpeak, LLC. See his bio at www.SecuritySpeak.net. To discuss the particulars of hosting him, phone (203) 293-4741 or email LisaBernard@SecuritySpeak.net.
