From the Summer 2018 Issue

Value Chain Maps for Open Source Ecosystems

Author(s):

Chris Corriere, Senior DevOps Advocate, SJ Technologies

Open Source Concept-BigStock

We can’t make it from scratch anymore In his TED Talk, “How I built a toaster – from scratch”1, designer Thomas Thwaites demonstrates how our global society stands on the shoulders of giants. Thomas attempted to reverse-engineer a toaster so he could build one from scratch. However, the simplest toaster he could find had over … Read more

From the Summer 2018 Issue

TEOTWAWKI: The Impending Cryptopocalypse

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

AF-TEOTWAWKI-header

In 1889, the New York publisher John Wiley & Sons published an obscure scientific piece by Daniel S. Troy titled The Cosmic Law of Thermal Repulsion: An Essay Suggested by the Projection of a Comet’s Tail. On page 60 of this text, Troy suggests that if the forces of “thermal repulsion” or “gravitational attraction” were … Read more

From the Summer 2018 Issue

Moving Target Defense with Polymorphic Applications

Author(s):

Danny Gershman, Senior Director, Infrastructure Operations , SecurityScorecard, Inc.

Danny Gershman Moving Target Defense

While the internet has existed for several decades, it’s only in recent years that security has become a popular concern. Cybersecurity tools and products now are a multi-billion dollar industry. Security engineers and executives continue to mitigate risk by trying to accurately quantify where their organizations might be vulnerable. Measuring security risk is hard. Typically, … Read more

From the Spring 2018 Issue

Shifting Left: Secure Systems Engineering

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

macmillan-feature-image

The Shift Left principle1 is well known in software and systems development, particularly in relation to testing. It’s the idea of performing test activities earlier in the system development life cycle – developing test cases and procedures and performing incremental testing as code is being written. Ideally, test activities start even earlier than this, designing … Read more

From the Spring 2018 Issue

Crowdsourced Security – An Alternative to Pentesting?

Author(s):

Alex Haynes, Information Security Manager, Cheshire Data Systems Ltd.

cheshire-feature-image

Crowdsourced security programs have grown in popularity to the point where some enterprises have dispensed with traditional pentesting, using the crowdsourced model exclusively for auditing the security of their applications and infrastructure. What is Crowdsourced Security? Crowdsourced security methodologies invite a group of people (a crowd) to test an asset for vulnerabilities. The number of … Read more

From the Spring 2018 Issue

Architectural Security, the Ardennes, and Alfred the Great

Author(s):

Dr. David Archer, PhD, Principal Research Scientist, Galois, Inc.

archer-feature-image

Much of cyber defense today relies on the same approach used in kinetic defense over the last few thousand years. We use hard perimeters (firewalls) to repel attacks, sentries (IDSs) to trigger incident response, and carefully guarded entry points (VPNs, websites) to meet functional requirements (wait…security is still a non-functional requirement?). It is both a … Read more

From the Spring 2018 Issue

A (Very) Brief History of Pre-Computer Cryptography, Part 2

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

firestone feature image part 2

This is the second part of a two-part article exploring the history of pre-computer cryptography. Part 1 focused on the period from the birth of cryptography some 4,000 years ago to the development of early transposition and substitution ciphers. Part 2 looks at the emergence of cryptanalysis under the Abbasid Caliphate and goes through the … Read more

From the Winter 2018 Issue

Managing Cyber Risk for American Aviation

Author(s):

Dr. Scott Smurthwaite, PhD, Information System Security Engineer , Federal Aviation Administration

Subba Rao Pasala, System Administrator , Federal Aviation Administration

Thomas Beatty, Program Manager , Federal Aviation Administration

FAA header image

Chinese Hackers By 2010, it was clear that a persistent threat had infiltrated American public and private sector networks and was stealing sensitive data.  In January of that year, Google stopped offering its search engine in China, citing theft of proprietary code and onerous Chinese censorship.  Google also stated that it, along with more than … Read more

From the Winter 2018 Issue

Trustworthy IoT: Just Another Block in the Chain

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

Trustworthy IOT header image

Ah, the Internet.  It’s impossible to imagine life without it.  The ability to connect and interact has fundamentally changed and continues to change society.  We can exchange information and assets around the world nearly instantaneously.  We can see and examine physical objects and environments from afar.  We can exert control and monitor actions from opposite … Read more

From the Winter 2018 Issue

Blockchain: The Good, The Bad and The Ugly

Author(s):

Kris Martel, EVP of Operations, Chief Information Security Officer, Emagine IT

blockchain header

Ask an average person if they know what blockchain is and you’ll likely get a deer-in-the-headlights look. Ask the same person if they know about Bitcoin and their eyes light up. Cryptocurrencies, like Bitcoin, are the most widely recognized technologies leveraging blockchain today. Cryptocurrency markets dominate the media and many want to invest in them … Read more