How to Instill Cyber Security Across the Organization
May 4,
2017
“A chain is only as strong as its weakest link” “What a cliché!”, you say. Well, it became a cliché for a reason. People keep saying that because it does describe many situations. It’s a useful way of thinking about the world. In cyber security, we have a crucial security chain with links forged from […]
Cyber Security Tradeoffs
Jun 15,
2016
Cyber Security in a Nutshell Cyber security simplifies to three pillars: Distinguish between good guys and bad guys. [Authentication] Let the good guys access the data in appropriate ways. [Availability] Don’t let the bad guys access the data at all, and don’t let the good guys do something inappropriate. [Confidentiality and Integrity] Our efforts to […]
Are Consumer Crypto Systems Too Hard To Use?
Mar 16,
2016
In a previous post, I summarized some academic papers in which prominent cryptographers and other security experts took a very skeptical look at current cryptography, both research and practical systems. It’s not just e-mail plugins and other desktop computer applications that can disappoint us. One of the papers showed that the APCO Project 25 two-way […]
communications security,
COMSEC,
cryptography,
Diffie-Hellman,
Diffie-Hellman Ephemeral,
Man-in-the-Middle attack,
MitM,
risk analysis,
RTP,
user interface design,
VoIP,
ZRTP
Security From The Clouds To Orbit
Sep 16,
2014
Last month I wrote about some current cybersecurity concerns about satellite ground stations. That may seem rather exotic to many readers, but all of us rely on reasonably accurate weather predictions. Satellite cybersecurity problems would hurt all of us, but we can draw useful lessons from this episode. The U.S. Commerce Department’s Inspector General is […]