Note to U.S. Officials - Stop Whining over IP theft

Here's some un-solicited advice to pretty much everyone inside the Beltway. Please stop whining about China's hacking activities while rationalizing our own. No one else in the world has committed the scope or scale of cyber espionage that the NSA apparently has done against so many foreign states. No one else in the world has sabotaged another nation's uranium fuel enrichment facility. PRISM (and TIA before it) betrayed the same rights to privacy that China and Russia have done to their populations using similar technology and for the exact same reasons (to protect themselves from terrorists and threats to their respective governments).

For you to say that all of the above is OK for us to do but at least we don't steal other companies' intellectual property is utterly ridiculous and makes a distinction without a difference. While the U.S. government may not be interested in stealing a Russian company's IP, that's probably because we don't have any state-owned businesses. After all, U.S. companies certainly steal from others and have for many years. If those same CEOs ran businesses owned by the U.S. government (like EDF in France), I guarantee you that the U.S. government would be as eager to engage in "technology transfer" as China is or like the French government is, etc.

Moralist pronouncements from nation states almost always come across as hypocritical, heavy-handed, and pompous because the business of running a country and protecting its people and its assets is not a moral mission; it's a pragmatic mission. The federal government does what's necessary to keep the U.S. in a superior position in the world - as it should. Instead of whining about China's or any other nation's acts of cyber espionage, just suck it up and focus on incentivizing private companies to create an information security framework that actually works. 

Add to Cart View detail

2012 Russian Federation Information Security Reference

This book is an updated version of the 2011 Russian Federation Information Security Reference. It consists of original research conducted by Taia Global’s intelligence analysts who’ve recently retired from the U.S. intelligence community. The information was acquired through open sources on the Russian Internet (Runet) over a period of 8 months. Analysis was conducted by Taia Global’s veteran intelligence analysts who’ve recently retired from the U.S. intelligence community. This book is the culmination of many hundreds of hours of work. It contains findings that will be of use to corporate executives and their boards, law enforcement, intelligence agencies, and the military. It is unique in the marketplace and has been priced accordingly.
This book contains indepth reports on the following key agencies and one private company:

• The Russia Federal Security Service (FSB) Center for Electronic Surveillance of Communications (TSRRSS) is responsible for the interception, decryption, and processing of electronic communications.  The Center—also known as the 16th Center (Directorate) FSB and Military Unit (Vch) 71330—is directly subordinate to the FSB Director.
• Federal State Unitary Enterprises(FGUP) supervised by the Federal Security Service (FSB).  The list included the Orion Research and Development Center located in Moscow. Orion provides a range of information technology services including research, development, testing, consulting and certification of software and hardware.
• FGUP STC Atlas is responsible for developing and certifying information technology (IT) security and cryptographic systems for the Russian government.
• FGUP Center-Inform is the leading Russian state owned systems integration company for information technology (IT) and information security.
• The Russian firm OOO Speech Technology Company (STC) provides surveillance and monitoring equipment.
• Kaspersky Labs is licensed to provide classified work for the FSB and Defense Ministry.

To Order: US$159.00

Add to Cart View detail

Announcing the 2011 Russian Federation InfoSec Reference Book

THE 2011 RUSSIAN FEDERATION INFORMATION SECURITY REFERENCE

This book is a collection of special reports prepared by my company on the information security framework, training, techniques, and procedures of the Russian Federation Federal Security Service (FSB), as well as key labs and elite universities. We also provide coverage on key provisions of the FSB law and how it may be interpreted. The information was acquired through open sources on the Russian Internet (Runet) over a period of 12 months. Analysis was conducted by Taia Global’s veteran intelligence analysts who’ve recently retired from the U.S. intelligence community. This book is the culmination of many hundreds of hours of work. It contains findings that will be of use to corporate executives and their boards, law enforcement, intelligence agencies, and the military. It is unique in the marketplace and has been priced accordingly.


TABLE OF CONTENTS:

1. RUSSIAN INFORMATION SECURITY STANDARDS AND SPECIALTIES 
2. VORONEZH HACKING SCHOOL
3. RUSSIAN INTERIOR MINISTRY CYBER CRIMES DIRECTORATE (DEPT K)
4. RUSSIA STATE HUMANITIES UNIVERSITY (FACULTY OF INFORMATION SECURITY)
5. MOSCOW STATE INSTITUTE OF ELECTRONICS AND MATHEMATICS (MIEM) (DEPT OF APPLIED MATHEMATICS) 
6. MOSCOW ENGINEERING PHYSICS INSTITUTE (FACULTY OF INFORMATION SECURITY)
7. MOSCOW STATE INSTITUTE OF RADIO ENGINEERING, ELECTRONICS, AND AUTOMATION (MIREA) (FACULTY OF INFORMATION TECHNOLOGY - FACULTY OF CYBERNETICS)
8. MOSCOW STATE TECHNICAL UNIVERSITY (BAUMAN) (SCHOOL OF INFORMATICS AND CONTROL SYSTEMS)
9. THE ACADEMY OF THE FEDERAL SECURITY SERVICE RUSSIA (FSB) (INSTITUTE OF CRYPTOLOGY, TELECOMMUNICATIONS AND INFORMATICS - IKSI)
10. FEDERAL SECURITY SERVICE (FSB) ADMINISTRATIVE CENTERS FOR INFORMATION SECURITY
11. FEDERAL SECURITY SERVICE INFORMATION SECURITY CENTER (FSB RF / VCH 64829 )
12. FEDERAL SECURITY SERVICE CENTER FOR ELECTRONIC SURVEILLANCE OF COMMUNICATIONS (16TH CENTER FSB / VCH 71330)
13. FEDERAL LAW: ON THE FEDERAL SECURITY SERVICE (FSB)

This reference book is 76 pages long with written analysis accompanied by maps, table data, and screen shots of supporting documentation. When ordering, remember to include your email address in the space provided for a message to the seller. A personalized copy of the book in .pdf format will be sent to the address provided within a few minutes of receipt of your order. Feel free to contact me with any questions or for quantity pricing.

To Order:

US$149.00

(Be sure to provide your email address for delivery of your .pdf book)

Add to Cart View detail

The Coming Backlash Against Information Security Vendors

Last week I spoke at a private dinner attended by about a dozen Fortune 100 CIOs. I had been invited to share my perspective on why corporations continue to be compromised in spite of millions of dollars being spent on enterprise IT security solutions, and offer my recommendations on some alternative protective strategies. I was delighted at how eager the attending executives were to discuss their frustrations and share their experiences in trying to protect vast networks spanning, in some cases, over 100 countries. One of the takeaways for me was the almost visceral anger that some executives felt for "Big InfoSec". Big InfoSec is starting to emulate "Big Pharma"; those giant drug companies who have no interest in curing an illness because the money is in treating symptoms, not in finding a cure. The parallels to large anti-virus companies were obvious to everyone.

But it goes far beyond growing disillusionment with Anti-Virus, IDS, IPS, behavioral analysis and other off-the-shelf solutions. There's a growing lack of trust inside the C-suite in the ability of automated solutions to protect key corporate assets. An even more extreme situation exists in India where there's NO trust in private industry by the government. One Indian national security advisor explained it to me this way: "How do we trust a company whose motive is profit to act in the best interest of our country?" And he has a point. There are very few U.S. multi-national companies who calculate national security interest when weighing their investments in foreign states that are potential adversaries to the U.S. unless such an action would also result in higher profits for the company's shareholders. Likewise, how does a CIO know that the sales engineer for XYZ security company is presenting the best solution for the CIO's company or simply a solution that's best for XYZ's bottom line?

The coming backlash against Information Security vendors is just beginning to brew. It's taking place in private conversations among senior executives at events where Chatham House rules are invoked or after NDAs are in place. I don't believe that it'll emerge from under the surface into a full-blown tsunami until 2012 but by then it'll be too late to do anything but scramble for cover and hope that there's something left of your over-valued InfoSec company to salvage afterwards.

UPDATE (07 Mar 2011): Robert Vamosi wrote an excellent article which underscores the point that I tried to make: "Why Cybersecurity Should Focus On Failure". 

Add to Cart View detail