Presentations I have given over many years about cloud safety will reference the fact a ground fault circuit interrupt (GFCI) made toasters safe.
My point has been simply that virtual machines, containers, etc. have an abstraction layer that can benefit from a systemic approach to connectivity and platform safety, rather than pushing every instance to be armored.
The background to the toaster safety story is actually from a computer science (and EE) professor in the 1950s at Berkeley. He was researching physiological effects of electric shocks when applied to humans and animals to (pinpoint exactly what causes a heart to stop).
He narrowed the cause of death enough to patent an interrupt device for electric lines, which basically is a firewall at a connection point that blocks flow of current:
GFCIs are defined in Article 100 of the NEC as “A device intended for the protection of personnel that functions to de-energize a circuit or portion thereof within an established period of time when a current to ground exceeds the values established for a Class A device.” Class A GFCIs, which are the type required in and around swimming pools, trip when the current to ground is 6 mA or higher and do not trip when the current to ground is less than 4 mA.
Fast forward to cartoonists today and some obviously have completely missed the fact that selling consumers a firewall for connected toasters is a 50-year old topic with long-standing regulations.
AIMED AT PROTECTING UPSTATE NEW YORK SCHOOLS FROM MALICIOUS RANSOMWARE.
The SB315 list of authorized tasks for a DHS hunt and response team is as follows:
“(A) assistance to asset owners and operators in restoring services following a cyber incident;
“(B) identification and analysis of cybersecurity risk and unauthorized cyber activity;
“(C) mitigation strategies to prevent, deter, and protect against cybersecurity risks;
“(D) recommendations to asset owners and operators for improving overall network and control systems security to lower cybersecurity risks, and other recommendations, as appropriate; and
“(E) such other capabilities as the Secretary determines appropriate.
Call me pedantic but using the word hunt in the title (as in kill, typically in reference to the 2011 Lockheed Martin militaristic model for response) seems a bit over the top.
…special operations forces have honed their ability to conduct manhunts, adopting a new targeting system known as “find, fix, finish, exploit, analyze, and disseminate.” They have adopted a flatter organizational structure and collaborated more closely with intelligence agencies, allowing special operations to move at “the speed of war”…
The hunt model was lauded as a form of authorization, streamlining towards smaller secretive teams trusted with quick and lethal capabilities “over the fence” as Harvard lawyers infamously had envisioned decades ago.
And thus the information security industry naturally became susceptible to this military mindset, adopting hunt language not least of all because USAF veterans were landing jobs in civilian security firms and bringing a killer vocabulary along.
As ominous as the militant “kill” steps sound to unleash upon an upstate New York school, in computer software terms they remain basically incident response activities. Probably they could have fit easily under a public-private Computer Emergency Readiness Team (CERT) expansion without invoking “hunt” authorization.
It does seem possible “E” leaves the door open for much broader remit including active defense and hack back for hunt teams to go after attackers, though, at “the speed of” cyberwar.
Another Echo company (Army 160th) already has kind of established that reputation.
So maybe I’m underestimating what is going to be done by DHS here, and hunt will become an operative word for kill chains even inside schools where kids are meant to be learning and experimenting.
What DHS “echo company” could look like, as they hunt in US schools for ransomware.
While the Dutch claim their density is what causes their cycling safety, there’s no such effect in the US. San Francisco is far less dense than NYC yet far more progressive in terms of cycling safety.
San Francisco tops the ranking of large metros in the index, followed by Boston and New York. What’s interesting is that the New York metro leads on three of the four variables of the index. It has far and away the largest share of households who report no access to a vehicle, 22 percent. (That’s more than three times the share in both San Francisco and Boston.) New York is also the clear leader in the share of commuters who use transit to get to work, with more than 30 percent, almost double San Francisco’s share. And it has the edge on the share of commuters who walk to work, roughly 6 percent.
But New York has a far smaller share of commuters who bike to work. It even fails to crack the top 10 on this metric, coming 101st out of 382 metros, or 22nd out of 53 large metros.
Full disclosure: I have commuted by bicycle in cities around the world all year through wind, rain, snow, sleet…up hills and down.
The reasons against cycling to work in NYC definitely are not topographical or weather related. San Francisco obviously is hilly and many other cities have comparable temperatures and precipitation than NYC.
56% of Copenhageners ride a bicycle for transport daily. 75% cycle all winter.
“Rush Hour Copenhagen” by Mikael Colville-Andersen
The core reason, I believe, is the politics of NYC and how they perceive personal power accumulation measured by dollar bills in their bank accounts to be inversely related to the health of the environment they commute in/through.
The city has a pollution-loving history with a huge “we’re busy trying to get rich/famous, leave us alone” lobby that claims doing the right thing for “others” is economically unfeasible in their list of priorities.
The term “economic feasibility” has been subject to debate in the past. When the city banned styrofoam, it said that recycling the stuff was not economically or environmentally feasible. Restaurants and other industry sued in disagreement — and it took several more years and some back-and-forth in the courtroom before the ban was finalized.
The typical NYC powerful resident would go to the gym and spin to look “better than others” in work or personal life, but has little interest in getting on a bike for the same workout when told it results in making the city a better place to live for others.
The city’s Five Borough Bike Tour shows how good-intentioned people of the city are so disenfranchised they have exactly the wrong attitude, marketing safe cycling as some kind of weird special event:
The idea of seeing all five boroughs in one day and seeing the streets shut down is such a unique opportunity
First, the streets aren’t shut down. They are being used more effectively. Stop calling proper use of streets to maximize throughput a shutdown.
Second, people are restricting their movements because cars make it so painful to go any distance let alone the magic 30 minute commute in a city that’s pushing a sad 40 minute average. Five boroughs is not actually much distance to cover in a day.
Third, this should not be seen as a unique experience. It needs to be a monthly event if not weekly. A single day for cycling to be made safe is pathetic in a city that claims it wants always to be “on” and alive.
I’ve written before about the benefits of cycling in cities and the bottom line is the economics are clear and simple. What’s unclear is who in NYC has the political power and sense to do the right thing?
The real story presented by Citylab data is bicyclists must find a LaGuardia-like talent to overcome NYC power culture now rooted in the self-gain mindset of cars that brings willful disregard for others’ safety and health.
…what is really tedious is that we are not allowed to drive, but you expect money from motorists…
That’s crazy talk (absolutism and a fallacy), given how redirection from one street in an entire city doesn’t mean cars are being banned from all streets.
Think about what the motorist association is claiming: a single person who pays any amount of money demands that they are entitled to blockade hundreds or even thousands of others on the street just because they like to sit in public inside a private inconvenience box.
Thinking inside the box. Cyclists demonstrate the stupidity of cars
Drivers were being told they would have to avoid a street (small inconvenience) where a dedicated bus lane was being created for greater good… and that car association said no way would they allow smarter traffic planning if it takes away one inch of asphalt for them to generate harms, because they’re wealthy.
This is not an isolated case according to repeated psychological studies of motorists:
Psychologists Dacher Keltner and Paul Piff monitored intersections with four-way stop signs and found that people in expensive cars were four times more likely to cut in front of other drivers, compared to folks in more modest vehicles. …expensive cars drove right on by 46.2 percent of the time, even when they’d made eye contact with the pedestrians waiting to cross. Other studies by the same team showed that wealthier subjects were more likely to cheat…
If I were the city, I’d point out that motorists are heavily subsidized already and thus stealing from others by not paying nearly enough for the damage to infrastructure they cause:
American Infrastructure is crumbling. The ASCE has given American infrastructure a “D+”. It could cost almost $5 trillion to fully fix and upgrade American infrastructure. Congestion charging systems could potentially raise billions of dollars per year.
Here, let me frame (pun not intended) this another way: if a car is on the street then that street in NYC should be declared shut down.
I mean if we use that first point of the Five Borough Bike Tour properly, when cars use the streets the streets are effectively shut down and highly polluted (from brake dust to exhaust it’s a huge mess with slow cleanup).
People forget how influential and successful LaGuardia was dealing with the predatory and selfish mindset in NYC, and that his rural experiences and humanitarian values arguably are what made his vision of the city so great.
On average, more than 4,000 Special Operations forces — Navy SEALs, Army Green Berets, and Marine Corps Raiders among them — are deployed to the region each week, more than anywhere else in the world.
The logic of burying the data on protracted military engagements is not a very well held secret.
“Already we’re not getting answers to basic questions, like who the U.S. has killed and why it hasn’t better protected civilians, and the more the U.S. role is turned over to Special Operations Forces, the CIA, or contractors, the less information the government is going to provide,” Eviatar told The Intercept. “One has to wonder if that isn’t the reason they’re apparently shifting these roles to secret agents whose actions and their consequences the government isn’t required to disclose.”
The breakneck pace at which the United States deploys its special operations forces to conflict zones is taking a toll, their top commander told Congress on Thursday.
Army Gen. Raymond Thomas, commander of U.S. Special Operations Command, called the rate at which special operations forces are being deployed “unsustainable” and said the growing reliance of the U.S. military on its elite troops could produce a dangerous strain.
“We are not a panacea,” he told the Senate Armed Services Committee. “We are not the ultimate solution to every problem, and you will not hear that coming from us.”
While the special operations numbers have swelled to larger than the entire standing army of Germany, and US military leadership says it opposes overuse of special operations, we’re seeing a return to the Reagan-era mistake of expensive unaccountable albatross with little chance of “winning” anything tangible…which sets the US military up for collision in civil relations.
This poses a special risk to healthy civil-military relations because it allows policymakers to avoid justifying or explaining operations publicly. Reliance on special operations also decreases the likelihood of mission success because special operations forces are not designed to win complex campaigns on their own. As Gen. Mark Milley notes, “The one thing [Special Forces] are not designed to do is win a war.”
The MHK airport $16m upgrade was arguably for military brass to use despite nearby military airport that is significantly larger and civilians can’t use because…secret. Photo by me.
It’s only been 44 years since Frank Church created his famous committee on secret wars and alerted the country how they were connected to America spying on Americans.
“This cyber environment involves people,” Neal said. “It involves their habits. The way that they operate; the way that they name their accounts. When they come in during the day, when they leave, what types of apps they have on their phone. Do they click everything that comes into their inbox? Or are they very tight and restrictive in what they use? All those pieces are what we look at, not just the code.” […] ISIS was using just 10 core accounts and servers to manage the distribution of its content across the world.
Very few Americans probably realize how Green Berets were compromising communications networks, including tapping into Internet service providers, to predict movements of suspected political (terror group) leaders and assassinate them.
All members of the United Nations General Assembly have repeatedly affirmed this framework, articulated in three successive UN Groups of Governmental Experts reports in 2010, 2013, and 2015.
Alliances that account for clandestine operations is the smart way to go forward, whereas unaccountable executive-led secret wars would repeat some of the worst past mistakes.
a blog about the poetry of information security, since 1995
