By Ilan Gattegno
In an exclusive interview, Eugene Kaspersky, CEO of one of the largest digital security firms in the world, lifts the veil on a shadowy world of internet espionage and sabotage: and it's not a pretty sight • Get ready for Cyber Armageddon.
By Ilan Gattegno
by Lydia Nicholas
Planning for the future predicted by our current data leaves us vulnerable to unexpected derailments. Embracing uncertainty and preparing for the implausible gives us the chance to choose a better world
Prediction can feel like shining a torch forward into the terrifying, dark unknown. The narrower and more focused the beam, the brighter the light, and the more detail can be perceived – but only along that one thin pathway. The light may help you prepare for tricky patches ahead, but it cannot reveal or protect you from everything. Unforeseen obstacles or events may force you to take an alternative route and encounter dangers in the surrounding dark. With an unfocused wider torch beam, you'll see less detail about any particular area, but will be able to see the dangers and advantages of a wider range of paths. Perhaps you would even have the chance to make an informed choice about which way to move forward?
The model is a useful way to explain the different ways we can approach the future. The data and modelling tools we have available can paint a detailed picture of one outcome, but it can't know everything. Also, control over your dreams and fears is extremely lucrative – makers of gadgets, providers of financial services, investors in the infrastructure of energy and health and many others have a vested interest in narrowing down and directing our visions of the future so that we can only imagine ourselves in a world which needs and benefits them. Relevant facts can be hidden or denied or simply unknown so our view of the future can be controlled or distorted. Resisting these pressures and opening our eyes to other, strange-seeming possibilities takes effort, but is hugely important. The most important use of prediction may be not to get an increasingly detailed vision of one potential path forward, but to open our eyes wider, accepting a wider field of less certain possibilities and think about where we would prefer to go. Then we can set a course to get there.
It is a natural to want to close down the future. We want a straight, simple, brightly lit way forward so that we can prepare for it. Some of humanity's earliest technologies were attempts to divine the future from the movements of the stars, the flights of birds, the lines on our palms. Extispicy, the science of telling the future by looking at the liver, lungs and intestines of slaughtered animals only really told us the fate of the beast in question (and was probably a strong predictor of the practitioner's future dinner options). It seems nonsensical now, but for ancient communities who lived or died by their animals' health, perhaps there was value in checking cattle guts for features which had preceded catastrophe in the past. We have found that other attempts by our ancestors to store up knowledge about the future, such as the saying "red sky at night, sailor's delight" actually have a degree of truth in them. This was despite the fact that their original creators could not have known why these predictions were accurate.
These methods have been supplanted by increasingly accurate weather forecasts which, crucially, allow us to explain how we know what we know about the future. But they can still be wrong. Whilst the five-day forecast for Hurricane Sandy was strikingly accurate, a longer-term study completed in early 2012 predicted that such a storm was unlikely to ever happen: we were told we could expect a much smaller storm once in every 500 years. Closing down from possible futures in which Sandy could happen to focus more narrowly on probable futures in which it wouldn't happen meant that the disaster went unforeseen. Even though the science of weather forecasting is extremely sophisticated, when taking the longer view there is still a need to look beyond the model.
As I have argued previously, imagining a technology in fiction helps lead it into reality. Science fiction helps us articulate our fears and desires for possible worlds, and there is a lot of profit to be gained by manipulating this. Corporate design fiction is used to shine a light on the futures that companies want to see come true. A glass company quite naturally wants us to imagine that in the future we will need a lot more glass.
If visions are to be useful and inclusive they have to take into account the everyday needs and priorities of real people, not model consumers. Investors in 3D TV failed to realise that people move around and chat whilst watching TV, so were unlikely to sit bolt upright and perfectly still with heavy glasses on. It seems that smartphones as they are presented to us now are the perfect tool for the future, but pirated designs in China add features such as dual sim cards to take better advantage of different networks' deals, and removable batteries which can be fixed and upgraded meaning that phones do not need to be replaced so frequently.
These convenient, money-saving features do not appear in the futures desired by the networks or handset-makers, so they never appear in shiny concept videos or adverts. Instead vast amounts of money and power are employed to convince us that we need ever more features and services, to light up this one hugely profitable path. Our expectations of our phones' capabilities must be raised faster than the prices of older features falls in order to maintain profit and demand. Sure the occasional person may seek out alternatives- perhaps modifiable, tough, sustainable models with a longer battery life and the option of privacy, but most people do not have the energy or resources to go it alone.
Often the closing down of our future happens without us noticing – we find ourselves believing that the obvious way is the only way. Other possibilities which are rarely mentioned or which fall outside our precious model seem so weird that we cannot accept them. This can happen to individuals or industries or entire societies. But embracing the strange, the uncomfortable and the unlikely is the best way to be prepared and to conceive of other solutions to problems which seem intractable. Opening our eyes to possible but less powerfully lit-up paths will be vital if we are to make real choices about our future.
Nesta has published a short paper on technology futures and foresight with three maxims for how to think about the future. The final maxim relates to this post - it is about opening up debates about the future to alternative perspectives. Read the full paper: Don't stop thinking about tomorrow: a modest defence of futurology
By Antone Gonsalves
Security researchers recently found gaping vulnerabilities in a wide variety of critical business and industrial equipment. It turns out that weak or absent passwords made it easy to break into more than 100,000 terminal servers used to provide their Internet connections. Fixing the problem is simple. Change the credentials dramatically reduces the risk. But for many companies, actually solving the problem is nearly impossible.
Vulnerable, But Hidden The threats discovered by security firm Rapid7 exemplify the difficulties organizations face in plugging even known holes in critical gear. In this case, the affected systems include industrial control equipment, traffic-signal monitors, fuel pumps, retail point-of-sale terminals and building automation equipment such as alarms and heating and ventilation (HVAC) systems.
Rapid7 found more than 114,000 unprotected terminal servers, mostly from Digi International or Lantronix, that a hacker could use to take control of the underlying systems. Finding the serial ports on the server requires the use of a scanning tool, such as Nmap. Once an active port is found, a command-line program similar to what those used in 1980s vintage home computers is all that's needed to access a control panel or menu or capture data.
Fortunately, while tech-savvy saboteurs or terrorists would have no difficulty gaining access to the equipment, they most likely would not know who owns it or where it is located. Without that information, the find would not be very useful. "There's no telling who they are going to hurt, if they don't know where the device is," explained HD Moore, chief research officer for Rapid7.
How Security Gets Missed Nevertheless, any hole that can provide access to critical equipment is worth plugging, but it's not likely to happen in many of these cases. Often, companies do not even know the terminal server exists, much less that it needs security updates.
How is that possible? Well, picture a vendor working with the facilities crew installing an HVAC system that uses a terminal server so the equipment can be monitored from a remote location. No one knows the server exists, and no one cares, as long as everything works. "A lot of times IT is not even aware of these systems," said Matthew Neely, director of research at risk management company SecureState.
Vendor marketing can also exacerbate the problem. Equipment is often sold as being "secured," when in fact it is only "capable of being secured." That means the buyer still has to add the technology or turn on and configure the security features.
This can get missed if the installers assume the equipment is "plug and play," said Joe Weiss, a security consultant for Applied Control Solutions. "It's like getting a toy for Christmas and you pull it out of the box expecting it to run, because the box doesn't tell you it needs two AA batteries," Weiss added.
Terminal servers, also called serial port servers, often get missed by electric utility companies because they are not covered under federal cybersecurity requirements. So the devices never make it on the utility's compliance checklist. "They don't even have to check these out to find out if they are or not secure," Weiss said.
This bizarre situation demonstrates that ensuring the security of critical equipment is never a matter of technology alone. True security requires people to pay attention, not just sweep everything under the rug.
by Steve Lasky
Created: April 16, 2013
By the very nature of the venue, protecting events such as the Boston Marathon are nearly impossible. The bombings at Monday’s race that killed three and injured more than 140 spectators, highlights the frustration encountered by both the private sector and law enforcement when attempting to secure such a public, open event.
The challenge is monumental: Secure an area that encompasses more than 26-miles of public roadway with no protected perimeter or focused areas of ingress or egress; along with spectators who line both sides of the street along the course and are encouraged to bring their own coolers and backpacks as they cheer on the thousands of runners.
In a little more than two months, Atlanta will be hosting one of the three biggest marathons in country, the Peachtree Road Race. Tracey Russell, Executive Director for the Atlanta Track Club, which organizes the AJC Peachtree Road Race, released the following statement regarding Monday's bombings at the Boston Marathon: “We are deeply saddened to hear the news of today's events in Boston. Safety at every Atlanta Track Club event is our top priority. As it relates to security with any large-scale event in Atlanta, we work very closely with the City's Police and Fire Departments and Emergency Medical Service units, as well as the Federal Emergency Management Agency and additional government agencies. Our hearts go out to the entire Boston community and the victims affected by this tragedy."
Atlanta is no stranger to big events or the tragedies that sometimes accompany them. The city just hosted the NCAA’s Final Four college basketball championships earlier this month without incident; however, the memories of the Olympic Centennial Park bombings during the 1996 Olympic Games have colored preparation for large events ever since.
According to David Wardell, vice president, operations and public safety for the Central Atlanta Progress and Atlanta Downtown Improvement District, preparation for the Final Four began more than five months ago and continued right up until tip off. The City of Atlanta coordinated training exercises and collaborated with federal, state and local law enforcement for joint security and emergency preparedness drills and training. “We have been involved with DHS to train and prepare those involved from the FBI, Georgia World Congress Center security staff and Atlanta Police Department,” he says. “This had been an entire private sector/public safety effort, with coordination from police, fire, and other first responders. Everything that was done was very comprehensive. Preparation went far beyond just guns and badges.
“Because of our experience with the Olympic bombings, we are extremely cautious when it comes to open-venue events,” Wardell continues. “The public expects a high level of security and they accept it. The Final Four was second only to the Olympics in our level of security preparation.”
Pointing out the national magnitude of the event and the sheer volume of spectators the event brought to the downtown area, Wardell instituted educational symposiums for his staff in security and emergency preparedness that outlined basic response scenarios. “Bottom line, in large open events like this, is you need to understand who your partners are and what resources you have at your disposal,” Wardell says. “It is key to create a unified communications structure and command organization, and there has to be a real spirit of cooperation to make it work.”
Wardell believes the officials at the Boston Marathon did their due diligence and provided the most secure environment possible for fans and runners. “Unless you close off the entire venue, they did all they could do,” he says. “Securing a 26-mile course would be so manpower-intensive that it is just not feasible. You would have to bring in the military for such tactics. Now that is done for a Presidential move, but for an event like this, it would be overkill and much too cost-prohibitive.”
David Holley, a senior managing director for the Boston office of Kroll echoes the sentiment that events such as the Boston Marathon present huge security challenges. “Another difficulty in protecting an event like a marathon is the fact that there are no assigned seats and the spectator crowd is generally mobile,” he wrote in an article published The New York Daily News. “Moving from place to place to secure a better view, watch friends go by, or work their way down to the finish, the crowd is generally always in motion. Knapsacks and handbags are picked up and put down countless times, and frequently forgotten at the last location, making it difficult to determine whether an object has been abandoned or unintentionally left behind."
Indeed, the mess of “left behinds” after an event like a marathon is a daunting task to sift through and dispose of, he added. These things make it difficult to monitor and secure open-venue events, but it is also what makes them wonderful events to attend, he said.
Wardell agrees that having the ability to screen fans at specific ingress points is the most important difference between his Final Four and the marathon. “For the Final Four, even though we had open venues, they all had defined perimeters with access control — even if that access control was just staring at you and doing bag checks,” he says. “Fans and vendors (at the Final Four) were required to go through a gauntlet or checkpoint that allowed for screening. At the marathon, you had people standing 50-feet deep, sitting at cafes along the route. How do you prepare for that?
RUSSIA'S GOAL FOR HUMANITY : THE TRANSFORMATION AND THE CONVERGENCE OF SOCIAL MEDIA NETWORKS AND HUMAN BEINGS INTO AVATARS/ROBOTS OF A NEW ERA- NEOHUMANITY
Space War... Cold War...Now the dawn of a new era...Neuro War
Project Avatar, Android robotics, Anthropomorphic telepresence, Neuroscience, Mind theory, Neuroengineering, Brain-Computer Interfaces, Neuroprosthetics, Neurotransplantation, Long-range forecasting, Future evolution strategy, Evolutionary transhumanism, Ethics, Bionic prostheses, Cybernetic life-extension, Mid-century Singularity, Neo-humanity, Meta-intelligence, Cybernetic immortality, Consciousness, Spiritual development, Science and Spirituality.