Best CES 2014 Longreads

From Greg
CES 2014 is in the books. The buzz words this year were wearable and 3D printing. 5,000 tech journalist swarmed Las Vegas. Here are the best long read articles from the show.

Microsoft and the PC have seen better days
The PC isn't dead, but Microsoft will have to work hard to stay relevant in an increasingly mobile world in 2014.
by Brooke Crothers at CNET
Read the full story HERE

The Gear That Got Us Through CES
Any tech blogger will tell you CES can be fun, but it is a grind. They will tell you loudly, and insistently. You will not need to ask. But to get through that joyous slog, we had some helpful sidekick gadgets to get us through (mostly) unscathed. Here are the Gizmodo Strike Force favorites.
Read the full story HERE

Executive Insights & Innovation
Sensor-equipped objects and their networks -- what Cisco calls the Internet of Everything -- will reshape your life, Cisco CEO John Chambers says.
Read the full story HERE

Digital Trends Best of CES 2014 award winners
We came, we saw, we drank in the very best tech CES 2014 had to offer. After revealing our Best of CES 2014 nominees in 15 different categories on day one of the show, we slept (very little) on our decisions, roamed the show floor again, and now we’re back to reveal the hard-fought winners – including the coveted Best of Show award. It took some agonizing, nail biting and even a little arguing, but we managed to whittle our list of five nominees in every category down to just one. Except, of course, in the Home category, which has the distinction of claiming six winners this year to accommodate for its exceptionally broad scope. Without further ado, here are the products that defined CES 2014.
Read the full story HERE

Related articles

• Google may announce Android based in-car system at CES 2014
• CES 2014: Cisco's Internet of Everything Vision - InformationWeek
• CES 2014 Photos
• Digital Trends Best of CES 2014 award finalists

Add to Cart View detail

Who's Defending U.S. Military Networks if the NSA and FIS are Breaking Them?

According to Der Spiegel, the NSA has been developing tools to compromise software, hardware, and firmware made by multinational corporations in the U.S. and overseas. U.S. companies affected include Juniper Networks, Cisco, Dell, Western Digital, Seagate, Maxtor plus many others. Unless the company has offered to work with the NSA to create backdoors in their own products, you have a situation where the agency with the primary responsibility of defending U.S. Department of Defense networks from digital attack is also engaged in weakening the very technology used by the DOD on those networks such as Jupiter Network firewalls, Cisco routers, Seagate hard drives, etc.

Perhaps this wouldn't be a problem if foreign intelligence services (FIS) didn't also have the technical capability of finding those same vulnerabilities or others. For example, Xidian University in Xi'an, Shaanxi, China is one of China's top engineering universities. It's State Key Laboratory of Integrated Services Networks conducts research for military-specific and dual use systems including cryptography, offensive network attacks, and systems to be used in confrontational environments.

Here's another example taken from our data base on adversary R&D research. The Chinese Academy of Sciences' State Key Lab of Information Security reports directly to the Ministry of Public Security, among other government agencies. In addition to their primary research area of information security, they develop network attack systems.

Russia has similar educational institutions which focus on information security and electronic warfare for the Ministry of Defense, the FSB, and other relevant agencies. One example is the Voronezh Military Radio-electronics Insititute which is part of the Voronezh Aviation Engineering School. Part of their information warfare research includes breaking the security of automated systems.

Since Dell, Cisco, Juniper, etc. build hardware, firmware, and software that's broadly used around the world and especially on U.S. government networks, it's only logical to conclude that those companies' products are being examined for exploitable vulnerabilities by Russian and Chinese scientists who are at least equal if not superior to those employed by the NSA. Let's remember that unlike the NSA, scientists at Russian and Chinese foreign research laboratories don't have to compete with their respective versions of a Silicon Valley for high paying tech jobs. They can attract and keep their nation's brightest scientists focused on these high priority government military and civilian projects.

Bottom line - if the NSA has found or developed backdoors in critical U.S. technology, so have our adversaries, and by "adversaries", I don't mean Mandiant's version of the bored PLA hacker with sloppy OPSEC. We need as an industry to have more respect for our opponents. And there needs to be a serious discussion about whether the NSA can really defend U.S. military networks while also engaged in exploiting weaknesses in the very technology that those networks rely upon.

UPDATE (JAN 02 2014): Bruce Schneier has begun posting one NSA exploit per day at his blog. The first one called DEITYBOUNCE exploits the motherboard on Dell PowerEdge servers.

Add to Cart View detail

My First-hand Experience with China's Most Successful Technology Transfer Campaign (better than hacking)

There's no doubt that China is on an aggressive technology acquisition track and has been for 20+ years. Way too much emphasis has been placed on the vacuuming of data from U.S. companies through targeted attacks (otherwise known by the marketing buzzword "APT"). That's actually a terribly inefficient way to conduct the scale of tech transfer that China needs and a lot of the data that gets scooped up has low value, which is partly why I believe that hacker groups from many different countries (including China) are the main instigators behind those attacks rather than the PLA or a Foreign Intelligence Service. Small scale hacker groups are like burglars breaking into peoples' houses. They take as much as they can carry and then try to fence the goods for whatever they can get.

The Chinese government has crafted a much more elegant, legal, and precise way to obtain the exact type of technology that they need. They offer tax incentives and access to the biggest market in the world to U.S. companies who open their Research and Development centers in China. To date, over 1200 companies have taken China up on that offer including Boeing, Microsoft, Dell, Cisco, Intel, GE and many, many more. Part of the deal is that these U.S. companies must hire a percentage of Chinese engineers, who stay for a year or two; learn everything they can about the technology of interest, and then leave to work for a Chinese national champion firm or state-owned enterprise.

Here's a recap of my own first-hand experience with this process. As I've mentioned before, Taia Global has a product in development called Chimera. We are building the world's first and largest commercial database of adversary states' research and development priorities, focusing on technologies that are U.S. export-controlled. These represent the creme de la creme of targets for acts of industrial and cyber espionage. I've been searching for a data scientist with a background in document-matching. Being an ex-Microsoft employee, I started with the Microsoft Research website and learned that almost all of the researchers working on NLP and Search topics are at Microsoft Asia (in Beijing). I identified a couple of researchers in the precise field that I was looking for and sent email introductions to both. It turned out that both had left Microsoft Research and went to work for Huawei's internal R&D lab.

The U.S. government fueled by testimony from InfoSec industry experts can complain about Spear Phishing, APT, and Chinese hackers day-in and day-out but that won't begin to address the much more serious problem of how so many top U.S. firms willingly give their intellectual property away for the promise of cheap research costs and lucrative access to a massive Chinese market. What complaining about the Chinese government hacking U.S. corporations will do is keep the conversation in a politically advantageous zone and away from the political minefield that represents US companies exporting their R&D overseas. If you're looking to blame someone for the estimated $300 billion in IP loss that the U.S. suffered last year, start by taking a hard, honest look at what U.S. companies are willing to risk in order to do business in China.

Related

"China Operates the World's Most Successful Honey Pot"

Add to Cart View detail

Huawei's Cavernous Cyber Security Credibility Gap

Approximately one month before Huawei officials (along with ZTE officials) are supposed to testify before the House Permanent Select Committee on Intelligence (October 2012), the company's Global Cyber Security Officer and SVP John Suffolk released a white paper entitled "Cyber Security Perspectives: 21st Century Technology and Security - a Difficult Marriage".

I've been monitoring Huawei for several years and have given dozens of briefings on the security risks associated with the company, its management and its products. I've had several Huawei employees contact me privately about issues within the company and I've spoken to at least one of their senior executives last year about my concerns. I just finished reading Mr. Suffolk's white paper, which Andy Purdy, former Director of DHS National Cyber Security Division and now Huawei's Chief Security Officer, helped write. While it covered all of the usual bases regarding Huawei's commitment to security (I'm not going to recap these - read the paper if you must know), it addressed none of the issues that underscore the opinion of myself and others that Huawei is a security threat, such as:

• Madam Sun Yafang's past employment with China's Ministry of State Security and how she helped the young company secure loans form the Chinese government.
• Claims that Huawei benefited from Nortel's IP in 2004 including duplicating its instruction manuals.
• Claims that Huawei stole source code from Cisco and its settlement of those claims in 2004.
• Lack of full disclosure regarding Huawei's obligations to the Chinese government as a national champion firm and a provider of services and products to the State including the Peoples Liberation Army. 
• Lack of full disclosure regarding how many of its executives are members of the powerful Chinese Communist Party (CCP) and therefore bound to comply with directives from the CCP. After all, the CCP plays a dominant role in China's economy.

If Huawei's white paper is an example of how Huawei intends to address the concerns of the House Intelligence Committee, it's not nearly enough - even with Andy Purdy's help.

UPDATE (06SEP12): According to Reuters, Huawei is negotiating terms for its testimony before the House Intelligence committee. The fact that they have to "negotiate terms" says a lot to me about how valid the scope and validity of the concerns that I mentioned above are, not to mention the ones that Huawei doesn't want to have discovered.

Add to Cart View detail