Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

Why isn’t your recovery linked with your prevention?

image of Curtis Levinson - Security advisor to NATO

9-Sep-2014 - It’s a matter of readiness and you’re not.

“I’m pushing BCPDR combined into one department under one executive,” said Curtis Levinson, USA Cyber Security Advisor to NATO. “That means: assume there are lots of firewall attacks. You’re monitoring firewall breaches, and exploits being detected by your IPS and IDS. One thing that doesn’t happen is the recovery folks need to come online.”

Because if there is an unusual amount of attack activity beyond the norm, Continuity needs to be ready. That way if something happens on the perimeter defence, Continuity is ready to go and they’ve already had the conference calls. The teams are coordinated and extra help is brought in. It’s a matter of readiness.

“The problem – my problem – is I talk about this and nobody listens,” he said. “Of course they’re different departments, and they shouldn’t be. Continuity drills are based on events like power outages, floods, earthquakes, fire, and terrorist attacks. They’re always based on physical events. To my knowledge they’re never based on cyber events. They need to be.”

Any continuity planner has to prioritize, and typically does so using a pyramid…
•    Mission Essential Functions or MEF are at the top
•    Next important functions are in the middle
•    Nice to have are at the bottom

Not everything can be at the top.

“When I talk to people about what is essential I get all kinds of answers, none of which include email,” Levinson said.
Q: What’s the first problem when the power goes out?
A: We’re going to lose connectivity.
How many people are at work? How many are at home? As we become mobile and everybody has some kind of iThing or iPad or whatever, we need to recover continuity first. But very little happens.”

It’s a proven fact that FedEX, UPS, DHL and other couriers are able to deliver cargo overnight.

What if planes can’t fly? It happened once in 2001.

“We expect the skies will never close, which is wrong. Not only will the skies close again, but also it will take less of an incident to stop air traffic in North America.

“An Ebola outbreak for example. Like most things in the USA it became a political issue. Everyone thought the disease was going to be let loose. Even though nobody is in personal jeopardy, are people not going to believe the government? Conspiracy theory is maybe the most vulgar, disgusting hobby. There are all kinds of theories.”

It doesn’t take a real attack to accomplish terrorism, because the goal of terrorism is to frighten people.

Suppose you put firecrackers and talcum powder in shopping bags and cover them with tissue paper. You and several accomplices go into a few busy malls, light the fuses and calmly walk away.

If you say, “white powder scattered in a mall” most people are conditioned to think, “anthrax”.

Anthrax spores in the ground are a natural occurring by-product of cattle farming. Weaponized anthrax is concentrated, a live form of the disease, converted into a dispersible form.

Back to the shopping malls with the shopping bags. Firecrackers have scattered white powder everywhere.
•    What happens in the malls?
•    What happens in the towns?
•    What happens in other towns?
•    Are there runs on food, gasoline, water, and ATMs?
•    Does the rule of law start to break down a bit?
•    What happens to your organization?

“Government agents go into the mall wearing HAZMAT suits and take samples,” said Levinson. “Then they announce it was a hoax. But the genie is already out of the panic bottle.”

People will stop going to malls, meaning stores will do less business, employees will be laid off, and malls will be publicly referred to as soft targets.

“It’s demoralizing and scares people,” Levinson said. “You can run 100 different scenarios about the targets that might have gotten hit and weren’t. It’s going to happen, or you’re walking around with a big red V on your forehead that stands for “Victim”.”

While we’re on the subject…
Q: What are the two softest targets in America?
A: Orlando and Las Vegas