Defence IQ's Blog

We are the IQ of global defence.

Information Security Threats – Round Up From The 5th Hemispheric Security and Intelligence Forum

By Alex Stephenson, Defence IQ’s man in Brazil

What breaks a company is lack of money, not lack of management or leadership. The same applies to criminal gangs. Imprisoning individuals is almost completely ineffective compared to denying a criminal organisation the proceeds of their activity. Concerning narcotics, one method is to interdict air, sea and land cargoes of substances – an alternative is to prevent the flow of the financial incentive in the other direction. No one sells a product if they cannot receive payment. A complete approach to narcotics includes both these elements.

But, there is a crime more profitable than narcotics. The sale of unknown vulnerabilities in computer software to criminal organisations who can exploit these weaknesses either to cause damage or steal intellectual property. So significant is this threat that it was contextualised as the threat of the modern era, paralleled by the nuclear threat of the cold war. A cyber threat to remain potent needs to remain unknown and then deliver chaos. An explicit parallel to the Hiroshima bomb; a capability unknown until it was deployed was drawn.

Linking both cyber security threats and counter narcotic threats I understood there to be three key takeaways:

  • These are evolving risks, much like a game of chess they require continual attention, calculation and execution.
  • Simplistically there are two approaches that can be used in tandem; tackling the problem and tackling the incentive – money makes the world go round
  • Finally, the importance of sharing information, helping partners and collaborating.

This last point is perhaps the most important. Too often perhaps there is a concern about sharing information about a problem. Perhaps this is because there is a national sensitivity around admitting there is a problem. However, if it is happening on your patch it is probably happening on your neighbour’s and by working together the intelligence picture becomes more complete and hopefully solutions begin to appear.

It is a great privilege for me to be able to attend this conference by kind invitation of USSOUTHCOM and the Brazilian Ministry of Defence. Later during this weeklong conference I will be delivering two presentations, one to the Caribbean Regional Intelligence Conference and one to the Central American Regional Intelligence Conference. The subject of this presentation will be the Caribbean Basin Coastal Surveillance and Maritime Security Summit 2013.


2 responses to “Information Security Threats – Round Up From The 5th Hemispheric Security and Intelligence Forum

  1. Sandra December 12, 2012 at 12:02 am

    With software there is a third option. Tackle the way that software is designed and written to include security as an integral component. One of the biggest problems at the moment is that the mindset of software companies is to add features and get the software out of the door as quickly as possible. Then fix vulnerabilities as they are reported in patch releases.

    The Department of Homeland Security is collaborating with the private sector, academia and other federal departments and agencies to research ways to reduce software vulnerabilities, minimize exploitation and improve the development and deployment of software products. This is being spearheaded by the Department of Homeland Security’s (DHS) Software Assurance Program. The key objective of this program is to move the security paradigm from patch management to software assurance.

    You have linked narcotic and cyber threats together. Is there a way of looking at the problem so that instead of the constant interceding efforts (patching) drug trafficking was made so unprofitable that it was not worth the risk.

  2. msultanaparvin January 3, 2013 at 10:33 am

    The US Department of Homeland Security has done been operating in collaboration with many private sector. This has solved the issue of the DHS personnel problem with the assistance of customized software. But the fact is that the private contractors could not make up the IQ level that the DHS own and trained men could meet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: