Technology and tactics within the realm of cyber conflict are fairly well understood. Networks have been with us for a long time, and we have a fairly good grasp on the exploitation of vulnerabilities. Yet there is an unhealthy focus…
Category: Technology
The term “technology” does not follow the same linguistic pattern as “biology” and “geology” because its etymology is different. While “biology” and “geology” are derived from Greek roots, with “bio” meaning life and “geo” meaning Earth, “technology” has Latin roots.
“Technology” comes from the combination of two Greek words: “techne,” meaning skill or art, and “logia,” meaning study or science. So, the term “technology” literally means the study or science of skills or arts. It reflects a broader concept that goes beyond the study of a specific substance (like life or the Earth) to encompass a wide range of human-made tools, systems, and techniques.
Threats and heuristics in enterprise risk management (infosec)
When trying to assess enterprise risk and the threats vectors that create risk there are standard models or derivations of frameworks that are found in the literature such as NIST and Octave-Allegro . The current practice is to take the various…
Why a cyber Billy Mitchell/Hyman Rickover won’t fix this…
Rickover and Mitchell were visionary ambassadors and petty tyrants of their respective domains of war fighting. Each working in their own peculiar way eviscerated leadership on the way to promoting new ways of waging war. The history is pretty detailed…
Who wrote Stuxnet?
Who cares?
Blood is thicker than TCP/IP
Jeffrey Carr predicts 2012 isn’t going to be a pretty way forward for information security professionals, industry or governments. He has a couple of points I’d like to dissect a little bit. I’m not much for alarm bells. We’ve had…
Positions on risk and information security
Consider the risk management of information and the principles of risk themselves. Do we have a culture that is working so far to right of the normalized curve of expectations that we’re expending huge amounts of resources for very little…
Concept Map: Enterprise Risk Management
EDIT 2/27/2012 — A lot of people are showing up looking at this lately. I have an update on it that I can post if you are interested. Using the comment function is onerous but let me know if you…
An argument for a comprehensive definition of cyberspace
Contention: There is a contention that cyber is the electromagnetic spectrum and that point is countered by a position that cyber is larger than or composed of more than the electromagnetic spectrum. The proponents of the electromagnetic spectrum say that cyber…
Who would show up at your funeral?
The Internet has done strange things to us. We think we are more important than we are and we have ways to measure that. We think we have relationships with people we have never met and are not likely to…
Less is more: Orphan computers and mission assurance
Unlike a lot of technologists I don’t have a bevy of personal computers I use. I only have one primary computing device, one phone, and that’s it. Yes I have a couple of computers for work that are used at…
Some effects of technology on music and protest
Abstract This paper discusses the issues of technology, music, and the intersection with social movements such as protest. Relying heavily on discussion of the guitar and music hall as examples where technology has created radical change the discussion centers on…
Changing Tactics: Swarm and air power
David Ronfeldt and John Arquilla in the early 2000s discussed as part of Network-centric Warfare the concept of swarming. Large scale forces working autonomously with heightened capacity but perhaps lower cost and capability are able to work effectively against opponents.…
A laboratory-based course on wireless security
Abstract The objective of this paper is to provide information on how to create a course that informs students how to secure a wireless local area network (WLAN) through the execution of laboratory exercises. The expectation is that students will…
Creating appropriate paranoia within information assurance and security courses
Abstract The requisite behavior of paranoia in dealing with information assurance and security topics building towards a professional or subject matter expert is highly valued. Specifically the behaviors of inquiry and awareness leading to informed suspicion and paranoia in evaluating…
Considerations of defense in depth
Abstract Can we accept that the security of information is not the same as the security of systems? If you were to draw a Venn diagram of the two they would intersect but neither would encompass the other. Or, would…