Time for a shift in defense spending

The United States is in turmoil because of an incompetent administration and an impotent congress. It does not help that the Supreme has become more outwardly political, choosing to be the arbiter of elections (Bush v Gore) and negotiator of legislations (classifying the Affordable Care Act as taxation). But let us remember that this is of our own making. 

And both the Russians and the Chinese are quickly taking notice of our weaknesses. While we fight amongst ourselves whether we have a de facto Muslim ban in medium-high risk countries, allowing free flow of people in high-high risk countries, our infrastructure is slowly being dissected for inspection. Simply put, our energy systems are at threat from cyber attacks. 

By now, my audience already knows this. However, I want to point out a sliver of light in the darkness; our financial sector is well fortified. It is not perfect, as the last few years have shown. But because our banks are quite profitable, regulations and concerns of adequate spending on cyber defense systems is being addressed. 

What we need is cyber police and cyber defense. The latter is something President Obama wanted to tackle but the long campaign trail he had to participate in derailed him from much of his agenda. It is, however, much more likely to be higher on President Trump’s agenda, if for no other reason, there is sign that he wants to be aggressive about defense. The concern right now is that this administration intends to be aggressive without permanent advice of the top Defense officer and the top Intelligence officer. That means this administration prefers intimidation abd bullying over actual defense, which requires the constant involvement of Defense and Intelligence. 

The former, however, is being overlooked. We don’t have very thoughtfully implemented cyberpolicing. We rely on an outdated litigation system to resolve disputes and prosecute cyber crimes. President Obama would have been a great leader to tackle this issue since he has a background in constitutional law. Sadly, we leave it to the Trump administration, which, if it’s approach to the security of our nation is of any indication, will favor large brand name corporations over justice. 

If the new administration has not been sufficiently offended by this concerned compliance professional, then I suggest an overhaul of the defense organization. As we move toward robotic forces, human resources could be better served in the use and management of the robotic forces. The robotic forces will communicate with human resources through cyber technology. We will need a secure cyber communications system and even a cyber offensive to demobilize opponents. 

Right now is not an opportunity to get ahead. We are far behind. We spend more on our defense than the next 10 top defenses combined and yet they are moving ahead of us in this regard because we have had two administration’s that were too concerned with now and not concerned enough about the future. 

Advertisements

A year after Bangladesh

A year ago, Bangladesh Central Bank was attacked. Its SWIFT networking credentials were stolen by malware specifically designed to do so. SWIFT is the messaging sytem is used between banks to transfer money and other assets. The attackers were able to get away with $81 million dollars.

The details are much more troubling. The malware had information about the spcific brand of printer the bank used. Thi meant the malware not only was targeting the SWIFT’S logging system but the BCB itself. And it was doing so with likely help from insiders.

Even more troubling is the context. This happened to in Vietnam and Ecuador as well. It is believed to be part of broader campaign to attack the biggest institutions.

The saving grace was that the Federal Reserve Bank of New York did not process all of the 35 payments because it could only confirm five. But this still meant $101 million was transferred. Had all of them process through, $951 million would have been taken out. Then, $81 million were sent to Philippine casinoes and $20 million to Pan Asia Bank in Sri Lanka, the latter having found the funds to be suspicious and did not release it. Less than a tenth of the originally stolen funds were actually stolen. The thing is, the denominator is so large that this theft still goes in history as being one of the largest bank robberies in history.

The consulting firms are all trying to provide actionable advice, but it is pretty clear has to get done: improve controls around insider information and communications, centralize financial crimes units, centralize data, improve cybersecurity, and develop transaction approval standards. Much easier said than done, though. Imagine trying to control the insider information flows while centralizing the data improve oversight across the data. The key to all of this is the one thing consulting firns are not really saying probably because it isn’t an area where they can compete: people. Training and education of the workforce for skills, awareness, experience, and encouraging action is where trust and competence is built. With it, everything else can be built.