Deputy Prime Minister of Russia is worried about backdoors in Western tech

In the course of writing this month's S&TI Flash Traffic report for our subscribers, I came across this interesting article which demonstrates that the U.S. isn't the only country worried about supply chain security.

I had one of our Russian-speaking contractors translate it for inclusion into our report. Here's the English version:

February 23rd – Finmarket – The first breakthrough in technologies that will be produced by the fund of advanced research will appear by the end of this year, declared deputy prime-minister Dmitry Rogozin. “I think that by the end of even this year we will have one or two new ideas, which will facilitate a breakthrough decisions for our science of warfare,” said Dmitry Rogozin at the celebratory event hosted on February 23rd in the Technology Museum. In his opinion, before the fund starts their work a few months for organizational procedures will be needed.  "We will then acquire unique innovations, among others student auditoriums and institute flexible testing stations, all of which will exist in 5-7 year, no more,” said Rogozin. Altogether, he mentioned, the fund will be powered by academic science centers, and the results of its work will be used by lead institutes of domestic industry.
In addition, appearing before members of the patriotic organization which gathered from the regions, Rogozin asserted that Russia is obligated to carefully use foreign micro-electronics and software, and better overall to develop their own technology.  “Actually, cyber security in the West is understood as bookmarks in chips and software, supplied to different countries, bookmarks, which activate at a defined moment,” – said Rogozin. “If Russia can’t product a quality electronic-component base and  supply their own satellites, buying microelectronics abroad, it’s impossible to be exactly sure how these satellites will react at hour “X” – mentioned deputy prime minister. “Who are they, and who will they transfer to? And will they work for us, or will they be worked into another group?” – questioned Rogozin. 

The Fund of Advanced Research is Russia's newly created version of the U.S. Defense Advanced Research Projects Agency (DARPA). This article demonstrates the Russian government's concern over supply chain security when it comes to their reliance upon foreign-made microchips and software. Ironically, while U.S. companies make these products, we often don't make them in the U.S. but in China; hence we have the same problem that Russia does.

Add to Cart View detail

Money laundering, Shape shifting, Satellite Spying, and You

When was the last time that you were in a Washington DC conference room with a Hollywood actress, the CISO of In-Q-Tel, two product managers from DARPA, an expert in money laundering, a world-class hacker, a spokesman for George Clooney and John Prendergast's Satellite Sentinel Project, an expert on open source warfare and a former CIA station chief (and that's not all of our speakers)? I'm guessing never because the Suits and Spooks Anti-Conference doesn't follow trends. It breaks them. This one day event will include breakfast, lunch, and a cocktail reception hosted by the Business Executives for National Security (BENS) on the 24th floor of the Waterview Conference Center overlooking the Potomac river and the Capital.

The early bird registration ($395) is coming to a close at the end of business Friday, January 6th. We have extra low rates for U.S. government employees ($295) and for university faculty and students ($195). Everyone who attends will also receive a signed copy of the second edition of my book "Inside Cyber Warfare" (O'Reilly Media 2011). We want to re-shape the way that we think about security and we have room for up to 100 innovative thinkers and decision makers across a multitude of disciplines - NOT just information security. Please be a part of Suits and Spooks in Washington DC next month. The discussions and networking will be truly memorable. Register here today.

Related:
The Use of Covert Cyber Counter Strikes As Active Defense
Spontaneous Analysis of Unstructured Speech for Idea Development using Palantir
George Clooney's Satellite Sentinel Project

Add to Cart View detail

The Use of Covert Cyber Counter Strikes as Active Defense (and other topics) at Suits and Spooks DC

Waterview Conference Center,  Rosslyn VA

Can the U.S. legally engage in covert cyber counter strikes as a form of active defense against hostile actions by non-state actors in Russia, China or elsewhere? That's one of the forward-looking talks being given at Suits and Spooks DC by Professor Catherine Lotrionte of Georgetown University.

Are tamper-proof chips really tamper proof? Can firmware be extracted from the locked chips such as those used on the captured RQ-170? Travis Goodspeed will show how it can be done on the cheap.

Can a privately funded spy satellite system be used to secure evidence targeting criminal behavior by governments or their officials? Thanks to the work of the Enough Project organization, we know the answer to that question is yes. Jonathan Huston will explain how they did it.

And that's just 3 of our talks. In addition to Catherine, Travis, and Jonathan, Suits and Spooks attendees will interact with:

• Don O'Donnell - Rand Corporation
• Rand Waltzman amd Randy Garrett - DARPA
• Dan Geer - In-Q-Tel
• Anup Ghosh - Invincea

Then from outside of the InfoSec space, reflecting our multi-disciplinary approach, we'll hear talks from:

• Christopher Burgess - Atigeo
• Ben Milne - Dwolla
• Janina Gavankar - Posterous Spaces for Actors
• John Robb - author, Brave New War
• Jodee Rich - CEO, PeopleBrowsr

Every attendee will have an opportunity to ask questions and interact with the speakers in an elegant setting overlooking the Potomac river and the Capital. The entire day will be focused on brain-storming new security solutions that we hope will give birth to a revolution in security affairs. Real-time analysis on a Palantir workspace will be flashed onto a screen behind the speakers and a final report will be issued afterwards to members of Congress and interested agencies.

Pricing includes breakfast, lunch, and a wine reception afterwards:

• Students and academics: $195
• Gov't employees: $295
• Early bird registration: $395
• Standard registration: $495

The early bird registration ends January 6, 2012 and we are capping attendance at no more than 100 individuals, including speakers so reserve your seat today.

Add to Cart View detail

Spontaneous Analysis of Unstructured Speech for Idea Development using Palantir

Sample Palantir Analysis: http://taia.co/rqGYrr

My goal for each Suits and Spooks anti-conference is to tackle a hard challenge with a unique approach. In this case, we're going to use Palantir to navigate and intuite patterns in unstructured human speech instead of unstructured data to find hidden connections and spark creative solutions.

Palantir was created to perform information analysis. We used it 3 1/2 years ago for our open source intelligence experiment called Project Grey Goose. In February, 2012 we're going to reinvent its use by moving from finding "fragments of data which tell a larger story" to finding fragments of ideas presented by speakers and commented upon by attendees. I'm particularly excited about the input from attendees because unlike the standard conference where attendees have to que up before one or two microphones, at SnS every attendee will have a microphone at their seat and will be able to challenge speakers during their 30 minute presentations. Additionally, attendees will be able to send text messages to the Palantir engineer for ingestion into the application. Twitter will be a third source of input by ingesting everything tweeted to @suitsandspooks on the day of the event. We will not only be capturing the remarkable information provided by our speakers but the ideas and feedback that it inspires on the part of our attendees.

Finally, all of those inputs will be linked and analyzed in real time by projecting the Palantir workspace onto a screen behind the speaker podium which will multiply the effect of idea generation as new linkages and conceptual ideas are displayed, added to, spoken about, analyzed and re-displayed repeatedly throughout the day. After the event is over, we'll publish a report containing our findings along with screen shots of the Palantir workspace that will portray how the analysis was done.

10 Days Left For The Early Bird Discount
Register today to be a part of this unique process and interact with the following remarkable individuals who'll be speaking:

• Ben Milne (founder of Dwolla)
• Jonathon Huston (Satellite Sentinel Project)
• John Robb (Brave New War)
• Janina Gavankar (Posterous Spaces for Actors)
• Jodee Rich (founder of PeopleBrowsr)
• Anup Ghosh (founder of Invincea)
• Daniel Geer (In-Q-Tel)
• Rand Waltzman (Darpa)
• (and more to come)

Please support this event with your attendance and with word of mouth. The topic - Shaping a Revolution in Security Affairs - is vitally important as the recent capture of a Top Secret RQ-170 Stealth Sentinel drone so dramatically illustrates. Everyone from the Director of the NSA on down knows that the present system is broken (with the exception of the RSA's of the world). This is your opportunity to be a part of discovering a more effective model. 

Add to Cart View detail

Why DARPA Is Clueless About Securing Cyberspace

If DARPA's Director Regina Dugan hadn't already admitted that the agency is clueless about how to secure cyberspace, the choice of Richard Clarke as a speaker certainly made that clear. Of all the experts out there, Mr. Clarke has provided some of the worst advice that I've ever heard when it comes to specific cyber-based threats and remediations.

Director Dugan won't find a solution to her problem by speaking to more of the same people that the agency always speaks with. Einstein's oft-repeated definition of insanity is doing the same thing over and over again and expecting different results. The director should stop speaking to hackers, crackers, grey hats, black hats, white hats, and the cyber industrial complex in general. DARPA has done that for years without success. If the director wants a different result, she needs to approach the problem in a completely different way. In fact, I recommend that this problem be completely re-framed. Just like money problems are never about money, and obesity problems are never about food (they both stem from negative belief systems that we've learned as children and reinforced as adults), protecting data is not about cyber security. It's about understanding how we take care of our valuable possessions in the physical world and transferring that understanding to comparable models in the virtual world.

Instead of inviting hackers, Director Dugan should invite experts in personal security like Gavin De Becker or my friend Roderick Jones who understand how to protect high value individuals against multiple unknown attackers. She should invite farmers who have to defend their crops against an unpredictable weather system. Or corner a few MDs at the Centers for Disease Control to learn how virulent bacteria consistently beat the body's immune system. The bottom line here is that we must MUST find a way to break free of the grip that the information security industry has on all things cyber because it is a failure from top to bottom.

I doubt that anyone from DARPA will take this post to heart but I'm convinced that it's the right way to proceed. We're planning a second Suits and Spooks conference for Washington DC this Spring. Perhaps that will be the time to bring farmers, doctors, and personal security specialists together to find some common sense solutions and apply an entirely different mindset to the current cyber-security insanity.

Add to Cart View detail