Thursday, May 25, 2017

Cybersecurity and Organized Crime Ramblings

I sometimes consider how viewing a system organically makes a difference.  "Organically" may be open to interpretation, so I'll clarify that a little.  It means thinking of systems as things that grow and develop (and also can die, evolve, and more).  I'm not a biologist, of course, so this may not be accurate...it's more like an explanation for a heuristic of mine. 

So, for example, almost two decades ago when one of my political science classes talked about the tendencies of organizations to continue to justify their existence (hence why it's so hard to get rid of various organizations), it resonated with my own inclinations because it's a very organic concept.  Organizations grow for various reasons, but they don't want to die so they will try to evolve and/or change their purpose in order to continue to stay in existence.  It has some implications for anyone wanting to reduce the size of the government, in that you'll obviously face resistance of some sort...but (again with an organic reference) sometimes a little healthy pruning is good for the organization as a whole.  Doing so in and of itself is not good or bad, it depends on how well you know the system and how well you prune without cutting out the critical bits.

I brought that up because it helps explain something I've been considering, w/regards to cybersecurity.  It also applies to organized crime.

See - plants and animals are intricate systems where balance is key.  Cancers, for example, grow when something happens to the mechanisms that normally keep cell growth under control. (again, not a cancer specialist here.  I'm probably oversimplifying this tremendously.) 

And aging - well, aging is when cells die faster than they can be replaced. (So businesses, nation-states, and all human-centric organizations can grow as they continue to develop or sustain their 'cells'...and start to die when they lose such things faster than they can be replaced.  Of course, it's hard to define what a 'cell' in an organization is...but we still get a sense of when something is growing bigger/dying off.)

So cybercrime and crime in general...well, we'll probably always have some.  Stopping it entirely is a pipe dream.  But what we can and should stop is letting criminal behavior grow to the point that it interferes with/disrupts everything else.  Hence so many comparisons to cancer.

Cybercrime today is dangerously close to metasizing.  So many successful attacks are occuring that it encourages interested parties to continue to do so...to a greater and greater degree.  It's like, defense isn't just difficult in and of itself...it's difficult because there are just so many attackers out there at the moment.

It's getting to the point where you sort of expect to get hacked, or your identity stolen, or something malicious to occur. 

The same thing can happen with organized crime.  It's like, sure...most of us enjoy  movies like The Godfather or Goodfellas.  But that's fiction, and it's entirely different when they organize to steal millions of dollars of nuts. Now you see a very real interference with the economy, with the ability of hard working farmers to make a living, and/or with insurance companies that have to pay for the loss.

That's enough to start with.  I'm actually heading to visit some relatives for my birthday, so I've got to finish up packing and hit the road.

Sunday, May 14, 2017

Update, Cybersecurity, Etc.

Finished with finals week.  If I understand the professor's various grading scales correctly, I should get three As and an A-.  Not bad, though I kind of hoped to do better on that A-.  (Okay, as my brother says, I'm a bit of a grade snob.  Sort of a "it's okay if others get less, but I should and can do better".  Comes from always being in the 99th percentile on all those standardized tests.  I can do better and should do better, unless there's mitigating circumstances like - for my first undergrad - wanting to explore who I was and have a life outside of homework.)

Anyways.  Grades are good.  I'm beginning to grasp just how big a field computer science is.  I mean, you could specialize in so many different things.  Making search and sort functions more efficient, improving natural language programming (such as used by Amazon's Alexa Voice Services), and more.  I haven't even gone down the rabbit holes on topics like machine language programming, or quantum computing.

It's a big field, and unsurprisingly I'm drawn to cybersecurity the most.  I plan to take a class this summer on incident reporting, and hope to get into one on malware as well.  I'd held off on that because I'd hoped to take a business calculus class instead, but turns out this whole transfer student thing meant I had to jump through some hoops to show I already knew algebra.  Ended up taking a placement exam, and am waiting for the math department to say if I'm good to go.  So it's too late to take that course this summer, and (assuming I did well enough on the assessment) I'll try to take it next fall.

For one of my classes, I did a paper on cybersecurity.  There's still a lot of things I don't know, of course, though I'm reading up on some things that will hopefully help.  Still, I was struck by a comment from one my references...comparing cybersecurity to more traditional military offense/defense doctrine.

I delved into that a bit more to find what I was looking for, and I'll say it's a big and complicated subject most of which weren't relevant to my point.  The important thing to me, at the time, was that certain technologies seem to favor defense or offense more.  For example, castles and walls used to be almost impenetrable.  That is, if you had enough food, water and defenders a castle could weather a siege...and sieges could last years.  Castles were built when the technology of the time favored defense.

Now, of course, we have bombs and explosives so powerful that it's pointless to build a castle or wall.  Or almost pointless, when fighting an enemy with modern conventional resources.  In that sense, the technology favors offense more than defense.  You can read up on what that means, and how it affects strategy, elsewhere.

As I was writing my paper, I was considering the castle analogy and decided that traditional offense/defense doesn't quite fit.  Or rather, the strength of most of our computer networks comes from their ability to connect to each other, and that has implications for defense that make things different.

See, a physical castle could defend itself by closing the gates and raising the drawbridge...but a computer (or computer network) gains much of it's power through it's ability to connect.  Defending a cyber castle is more like defending a castle while keeping the gates wide open.  You can't close the gates and raise the drawbridge without hurting your ability to do what you need.  You might add a few guards at the gates to try to check people's papers and make sure they're legitimate, but you want to keep those gates open.

It's actually a bit worse than that, even.  A physical castle generally knew when it was besieged, since the enemy surrounded them (and wore uniforms, and all that).  This is more like a castle trying to defend itself while keeping the gates wide open, and the besiegers aren't conveniently wearing a uniform.  Some are trying to tunnel through the walls and find secret passengers, while others are stealing people's papers in order to get through the existing gates (and they're not all doing it for the same reasons, so it's not like you've got to defend against just one threat.)  You've got sappers, spies, and saboteurs all working against you, as well as a possible besieging army (i.e DDOS attack) that forces you to close up the gates even when you don't want to.

Kind of changes how I think about defense, since you've really got two or three problems.  One - securing the walls (i.e. finding any exploits that work through your existing defenses).  Two - securing the necessary gates through proper authentication and identifying when someone is not behaving like they're supposed to be.  And Three - making sure you can keep the gates open even if faced with a determined DDOS attack.

I have some other thoughts, but I'm a but too much of a nube to know what's possible, so I'll leave it at this.