Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 164

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 167

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 170

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 173

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 176

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 178

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 180

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 202

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 206

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 224

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 225

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 227

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/admin/class.options.metapanel.php on line 56

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/admin/class.options.metapanel.php on line 49
25 | October | 2011 | Certified Ethical Hackers Security Analyst Malware Hacking Information
From the daily archives: Tuesday, October 25, 2011

Amazon.com just posted my five star review of America the Vulnerable by Joel Brenner. I reproduce the review in its entirety below.

I’ve added bold in some places to emphasize certain areas.


America the Vulnerable (ATV) is one of the best “big picture” books I’ve read in a long while. The author is a former NSA senior counsel and inspector general, and was the National Counterintelligence Executive (NCIX). In these roles he could “watch the fireworks” (not his phrase, but one popular in the intel community) while the nation suffered massive data exfiltration to overseas adversaries. ATV explains the problem in terms suitable for those familiar with security issues and those learning about these challenges. By writing ATV, Joel Brenner accurately and succinctly frames the problems facing the US and the West in cyberspace.

In this review I’d like to highlight some of Mr Brenner’s insights and commentary.

On pp 65-7 he discusses “China’s Long View… China had the world’s largest economy for eighteen of the past twenty centuries. The two exceptions were those of America’s youth and rise to power…. Like India, China does not regard Western domination as normal, and it does not suffer from an inferiority complex. China’s chief national strategic objectives are to lift its population out of poverty and reestablish its place in the international order.”

On pp 68-71 he explains the problem with the binary thinking of Westerners regarding war. China does not see war as a binary issue, where one is either at peace OR at war. “This kind of ambiguity is difficult for Americans to digest. We are direct and aboveboard, and we like to think others are like us — or would be if given half a chance… [W]e suffer from a Western misconception in our law, religion, and policy that ‘peace’ and ‘war’ are opposites that cannot occur at the same time… Many Americans cling to this view, even though war has not been declared on the planet since 1945, while there have been hundreds of organized, violent, and militarized struggles in the interim.”

On pp 71-3 he reiterates my point that the consequences of digital assault from China are indeed new, as well as the assault itself. “Our companies are under constant, withering attack. After the Google heist, companies [all emphasis is original] started asking the government for help in defending themselves against nations. This was unprecedented. We are now in uncharted territory… the boundary between economic security and national security has completely disappeared… While the scope of and intensity of economic espionage have assumed startling proportions, the ‘traditional’ espionage assault on our national defense establishment dwarfs anything we have ever before experienced.”

On pp 75-77 Mr Brenner describes instances of espionage and consequences. “[Chi Mak] is the first spy (that we know of) through whom we lost critical military secrets and who was not a government employee. He will not be the last. If further proof were required, the case thus illustrates how thoroughly the functional boundary between the private sector and the government has dissolved… In essence, the PRC is leveraging the Pentagon’s RD budget in support of its own war-making capability.”

Mr Brenner focuses on Chinese espionage in ATV; the following from p 78 is a good summary: “In contrast to the Russians, who are highly professional, the PRC often enlists amateurs from among a huge pool of sympathizers.”

In the middle of the book Mr Brenner concentrates on the China threat by correctly identifying that the Chinese do not want a shooting war with the US. Rather (quoting Chinese military thinkers on p 118) “the objective in warfare would not be killing or occupying territory, but rather paralyzing the enemy’s military and financial computer networks and its telecommunications. How? By taking out the enemy’s power system. Control, not bloodshed, would be the goal… [Continuing on pp 126-7,] The Prussian Carl von Clausewitz, and Mao after him, had called war ‘politics by other means.’ [Strategists] Qiao and Wang seemed to be saying the reverse: Politics — and economics and communications and everything else — was war by other means. And while Clausewitz had preached the doctrine of the decisive battle, Qiao and Wang said there would be no more decisive battles.”

Ch 9, “Thinking About Intelligence,” is one of my favorite chapters because Mr Brenner examines the role of information and intelligence agencies in the modern world. On p 196 he makes a fascinating point: “To understand the future of the private sector’s role in intelligence, we don’t need a crystal ball. We can just as well look backward as forward, because we are experiencing a return to a historical norm.” He then argues that the private sector is developing intel capabilities rivaling the government, which was the case prior to the creation of national agencies in the 20th century. On p 209 he recommends the following: “[T]he best way to run an intelligence agency is to focus tightly on the parts of the business that are really secret and separate them from the rest. You spend more money on open-source collection and analysis, and let them happen in controlled but unclassified space. You beef up counterintelligence. And you pay much more attention to the electronic handling and dissemination of information.”

In the final chapter he offers some recommendations for improvement. I liked this statement on p 216: “If you wait for the incoming danger to reach you, you won’t be able to defend against it. CYBERCOM solves this problem by letting the general in charge of defending national security networks use offensive tools outside his networks in order to know what’s coming. To be blunt, espionage is an essential aspect of defense. To know what’s coming, we must be living inside our adversaries’ networks before they launch attacks against us.” Note that is the traditional role of espionage, a model which the Chinese shatter by living inside our companies’ networks, solely to steal our intellectual property.

I only found one small typo on p 194: The Yom Kippur War happened in 1973, not 2003.

Overall, I really enjoyed ATV. While I don’t think the suggestions for improvement in the last chapter are sufficient to mitigate the threat, several of them are a good start. I highly recommend reading ATV at your earliest opportunity!

Article source: http://taosecurity.blogspot.com/2011/10/review-of-america-vulnerable-posted.html

Tagged with:
 

Hack In The Box

Suite 26.3, Level 26, Menara IMC,
No. 8, Jalan Sultan Ismail,
50250 Kuala Lumpur,
Malaysia

Tel: +603-20394724
Fax: +603-20318359

Article source: http://news.hitb.org/content/data-breach-more-stressful-divorce-say-it-managers

Tagged with:
 
Set your Twitter account name in your settings to use the TwitterBar Section.