Wednesday, December 24, 2014

Sony, North Korea and the Future of Cyberwarfare

By Jim McFarlin

The recent hack against Sony Pictures Entertainment (widely believed to have been perpetrated by North Korea), its threats of physical violence against Americans, and its successful attempt to restrict our right of free speech can only be termed an attack on America.

Tuesday, December 9, 2014

Increasing Cyber Threats Fuel Growing Global Disorder

By Jim McFarlin

The world as we once knew it, one of post-Cold War order with the U.S. as a primary world power, is disappearing before our eyes. In its place, we are left with a world now defined by mounting global disorder – and cyber threats only add to the chaos.

An expansionist Russia and increasingly aggressive China seek to establish new spheres of influence; meanwhile, the cauldron of war and unrest engulf the Middle East and North Africa. At the same time, the U.S. sits on the brink of a nuclear-armed Iran, which surely has its own ambitions for global power.

As Senator John McCain puts it, “We’re in the most dangerous position we’ve ever been in as a nation.”

Wednesday, November 12, 2014

Cyber Alert: The Russians Are Coming

By Jim McFarlin

When it comes to today’s digital world, it is the best of times – and it is the worst of times.

Although we enjoy an era of unparalleled worldwide commerce, sharing of cultures, and global communications thanks to the Internet, we also find the power of this marvelous creation turned on us in ways we would not have considered possible just a few years ago.

Goals such as improving quality of life, extending the benefits of health care for all and spreading economic benefits are still there but deemed perhaps unachievable, or at a minimum both diluted and distorted.

The good is here but the bad has come with it – and there is no going back. The genie is out of the bottle.

A rising torrent of cybercrime attacks on hundreds of millions of Americans has swept the nation. Roughly 280 million customers have been affected by cyberattacks on Home Depot, eBay, and JP Morgan.

The government has fallen victim, too. The Washington Post reported that hackers affiliated with the Russian government have breached computer networks at the White House; meanwhile, the Chinese government infiltrated the Department of Defense to steal plans for the F-35 advanced fighter jet.

There appears to be no end to such cyberattacks, nor means to stop them. Worse, there are ominous signs that these attacks are just the beginning.

A recently released study by the Pew Research Center study found that more than 60 percent of 1,642 computer and Internet experts polled believe a nationwide cyberattack against the United States is imminent.

The most vulnerable targets include essential critical infrastructures like power distribution. Many also expect attacks against the financial services sector at a larger scale than is now being experienced, possibly leading to economic disruptions worldwide.

Those surveyed did not have expectations of immediate attacks, but such views quickly became outdated in October, when the Wall Street Journal reported that Russian computer hackers have already begun laying the groundwork for such attacks against the U.S.

In researching recent cyberattacks, investigators for cybersecurity firm FireEye found “sophisticated cyber weapons able to evade detection and hop between computers.” The investigators also found code programmed on Russian-language machines that was sophisticated enough to indicate a government sponsor, specifically a government based in Moscow.

The cyber weapons discovered by FireEye, known as “trojan horses,” have been discovered in America’s critical infrastructures such as power and water facilities. Such weapons consist of malicious software that potentially threatens all aspects of our daily lives and is just waiting to be activated.

Such cyber weapons implanted in American industrial facilities can be located and disposed of, but the facts are there: more will come.

Cold War 2.0 has begun. And the Russians are not just coming with the genie in hand; they are already here.

("Grunge Flag Of Russia" by creativedoxfoto/

Tuesday, October 28, 2014

China’s Cyberespionage against the U.S. Is Just the Opening Gambit

By Jim McFarlin

The world is becoming increasingly hostile. The evidence is mounting: struggles with ISIS in the Middle East; Russia’s adventurism in Ukraine and the California coast; Iran’s nuclear bomb; and China’s aggression in the South China Sea, not to mention her new boomer subs.

Of these, China’s aggression is perhaps the most subtle -- and most concerning.

Thursday, October 2, 2014

Jihadists to America: Cyberattacks Are Coming

By James McFarlin

The 9/11 Commission’s authors placed primary blame for the success of the attacks on “a failure of imagination.” America’s intelligence agencies, with all of their resources, did not awaken to the gravity of such a threat to our nation until it was too late. The authors recently reprised this conclusion in an updated 9/11 Report assessment with a fresh warning:

“We must not repeat this mistake in the cyber realm.”

But if we do not wake up – and quickly – to the very real threat of 9/11-class cyberattacks against the United States, we may soon find ourselves reliving the nightmare of 9/11 all over again.

Tuesday, September 16, 2014

The Hidden Insurgency Imperiling America’s Cyber Security

By James McFarlin

As the world’s most advanced digital society, America possesses the world’s most vulnerable digital economy. Cyberattacks - many well known by now - keep invading our financial, retail and other sectors with no end in sight.

Trouble started to heat up when the credit card information of 40 million customers was lost during a cyberattack on retailer Target last December. Attacks quickly followed on Neiman Marcus and others, including the biggest data breach in Internet history against ecommerce giant eBay.

Most recently, retailer Home Depot reported a breach of its security systems in more than 2,200 U.S. and Canadian stores, as did banker JPMorgan Chase.

According to official data, the number of companies reporting cyber security breaches has more than doubled in the past two years to 1,174. No organization appears to be safe from cyberattack and theft.

America is in the midst of a digital crime wave that shows every indication of continuing at increased levels. That much is adequately reported by the news media – what’s not, though, are the harsh realities of these attacks:

  • Most organizations do not even realize they are being attacked, and many cyberattacks go undiscovered for months. The 2012 NASDAQ hack had been going on for two years. Reports indicate that more than 70 percent of companies being breached only become aware after being notified by an outside organization.
  • It is increasingly accepted that cyberattacks against corporate networks cannot be stopped, and the best that can be done is to limit the losses once the intrusion is identified.
  • Despite the fact that the information being stolen is theirs, customers are typically the last to know of a hack against a commercial organization. Crucial time is lost for those who might want to protect themselves by changing passwords, monitoring transactions or other means.

In a recent industry study of U.S. businesses, one-third of respondents indicated that they maintain no continuous monitoring of their networks against intrusions. What's more, 22 percent indicated they do no monitoring at all. The results? In the recent Home Depot customer credit card theft (estimated to be 60 million accounts), five months passed before the breach was noticed – and this is one of the five largest retailers in America.

No wonder class-action lawsuits are already being filed against Home Depot for negligence.

With the move to new payment systems such as Apple Pay and the Apple Watch, business opportunities are created but raise questions about data protections. Will security be there?

And who pays for the costs of these escalating attacks and the harsh realities they expose? Except for the occasional CEO departure (think Target) and revolving door losses of Chief Information Security Officers, it is the consumer who pays. To assume the costs for attack recovery, damages, lost information, legal expenses, new equipment and hosts of other costs comes out of the retailers’ or bankers’ hides is nothing but naive at its highest level.

The consistent theme in these attacks and trends? American industry has been quick to embrace the benefits of using the Internet as platform for running their businesses but have not deployed an appropriate sense of urgency in making its use secure. The forces of disbelief, denial and delayed action on cyber defenses pervade all too many organizations, and we are seeing the result.

We haven’t just met the insurgents. We are the insurgents.

("Firewall Antivirus Antispyware Post" by Stuart Miles/

Saturday, August 30, 2014

The Second Internet Era is Here and it's Not Pretty

By James McFarlin

The world has turned. Corporate boards everywhere are suddenly demanding top-priority attention be given to the now-soaring business risks from cyberattacks. Over the past few months – virtually overnight in today’s era of instant everything – the rules and risks of living in today’s digital-powered environment have changed forever.

I forewarned of this looming eventuality in my September 7th, 2013 post, “Will 2013 be the Year Cybersecurity Crashes the Party in the Boardroom?

Less than a year later, predictions have become reality.