Security – Page 14 – Maverisk / Étoiles du Nord

DroneSF

Among the more thinking part of you, there probably has been some ideas on the ‘Joint (not so much) Strike (not by a long mile yet) Fighter (not or by proxy of lobbyists for its program)’.
Then, why wouldn’t forward-looking nations develop much more of an Future Strike Joystick; an air fleet of drones ..? How incredibly much more efficient isn’t such a fleet, with ridiculous amounts of safeguards for safe platform/pilot return (in that order of importance) ditched for efficiency, robustness by the numbers and failsafe-testing ..?
The efficiency, for not having to care about pilot’s safe return hence many over-redundant systems need not be needed. The robustness, mainly in numbers, but also in safety / security systems being bolted on easily as weight savings to be traded in, are aplenty already. And failsafe-testing leading to much more robust systems anyway — but with the robustness gains there mainly going on in the G/A comms. The AFBs could house so many more of these smaller-size things, with ample comms and/or rapidly-deployable forward bases; with possibly much shorter runways hence enabling many more bases without even increased (better spread, too) noise levels for the dorks.

Two things, then, from a Dutch perspective.
One, why not resurrect Fokker to build many more full-fledged squadrons of these than ever had in the RNLAF? They have all the experience with composite materials still, and have plentiful highest-trained development, build and maintenance staff available as well or at short notice. Let’s dub it the G-1B for reference to unsurpassed excellence.
Two, in the mean time the current F16 ‘fleet’, hardly operable anymore by atrocious ‘savings’ i.e. dumbest of budget cuts, can be extended to Block 60 or V versions and all these drones be developed and bought, at a sliver of the costs of the JSF program as spent already let alone when the actual handful will have to be purchased (with ridiculous maintenance costs attached).
Three, against your Yes But: The JSF is still so far from delivery that the G-1B could be here before it ..!

Am I romantic in looking ahead instead of stumbling forward with yesterday’s doctrines in a future that already now have been surpassed ..? Yet again,

[Ah, Delft… Where another, this even today, undervalued product comes from]

Emerging degrees of privacy

Given that ‘privacy’ is a property that emerges from good Security, more particularly from Confidentiality (and Integrity), there’s two avenues to succeed in this field:

If quick and maybe even too dirty: Data minimalisation (as e.g., here, in Dutch)
Else (OR?): Fine-grained protection, also against the default Read all down the stack (user / end point / comms channels / applications / middleware / servers / storage — with the latter maybe crawling up and down the stack again when virtualizing in the cloud)
Because binary’s not my thing and keeping it real (i.e. (!) not being consistent) is: Would any of you have pointers to some science on possible degrees or levels of privacy ..?
The idea keeps floating around in my skull. Including degrees of invasion! Where sometimes, the required degree (as set by the subject) would be less than the degree for some government agency so everything goes … for this some data point only. Yes, Value creeps in as a boring subject but isn’t everything. Should be a field of study …?

Thanks anyway for all your pointers on the last item… (none); hence:

[It’s watching over your shoulder….! Het Loo]

Repeat: Trawling for noise

So… Legal developments go at glacial ‘speed’, thus mumbling critical oversight to sleep. Happened, once again, in NL. Mass collection (sic) of and trawling through all sorts of data ‘out there’ is free game for gov’t agencies.
NO the oversight committee will not do anything. Anyone saying so, plainly and simply lies under oath to overthrow the constitution (isn’t that high treason?)

But what will happen of course, is that those that in the past weren’t able to connect the dots (proven fact), will now be swamped in enormously bigger piles of noise data. At the very very best (??) they’ll find bucketloads of false positives — ruining perfectly normal, perfectly legally operating citizens’ lives, of course without any serious recourse or restitution of lost life’s pleasure and happiness…
And the false negatives will also explode, induced by the very ‘countermeasures’.
So, also those that propose and implement and work with such ‘solutions’ quod non, will be culpable to.

Oh well Or well was right. Plus:

[I don’t want or like, but do expect, a similar thing again; for different reasons but with no really different methods — Prinsenhof Delft ya’know]

Crash’in the wings

… Thinking back of the Taleb’ian remarks, and truths, on Extremistan, and how some more or less closely watched parameters may lose their variance but not their uncontrol since such petering out of shock’lets are just the precursors of an asteroid impact scale collapse, I wondered what is about to happen in infosecland. Since for weeks, nay months already, there has hardly been any news… Apart from the usual suspects (#ditchcyber ..!), there hasn’t been anything serious, has there, by means of yet another class break or more comprehensive controllability breakdown?

Which is why everyone should sit more uneasily, in stead of the opposite sleeping better than ever.

But then, this was the message from your Wolf-crying boy …?

To which:

[Since last Friday, you know this isn’t a reindeer but an elk that is no moose, at least not everywhere]

Security so(m)bering

There’s this discussion going down on the merits of privacy versus security. Whether the one is part of the other, or the other way around, or both. Whereas the smarts are with considering privacy enhanced by good confidentiality settings ’cause they see that privacy is an issue of higher (abstraction) order than mere confi; achieved by it but only as infosec are the bricks and mortar when all you wanted is not bricks or so but a wall.
Through which you may reflect on compliance in infosec. Because hardly ever, is that taken to include compliance with the principles and business objectives and conditions that include being sparse with hinder to the business. Really, those that truly set only guiding rails not enforcement rails, are the unicorns of the trade. No, not those unicorns, those are just frauds anyway.
You may try to do better; really. It starts with risk … when properly applied, you would not get the remarks about ‘why, it has never happened to us before / what are the odds?’ but might even get better support for some slightly hindering process changes and better (but less end user detectable) ‘infra’ i.e., everything under the users’ level of visibility.
So, I’m not sombering or if, about the eager beaver pervasive prevalence. Because sobering up, wising up, may win the day and may be due…

We shouldn’t somber too much… Isn’t this a perfect opportunity to finally demonstrate how we do (… can …) link up information security to real business issues at the highest GRC levels. Since we shouldn’t be passive, and leave ‘privacy’ to be taken over by lawyers jumping into the current Privacy Officer void. Since we can translate all the operational and tactical work that we do on privacy, all the way up to strategic levels and still be very concrete. And not have to wait till ill-understandable “guidelines” (shackles) keep us from achieving something.
No more wannabe whining about ‘deserving’ a seat at the Board table or at least be heard; not asking to be allowed but matter-of-factly showing ‘Done.’ … if, not when, you did informtion security right all the way…

Just like that:

[“Na na nanana can’t hear you!”; Porto]

Plusquote: R&R

Never let a good opportunity for R&R go to waste

Which goes on the back of ‘never let a good crisis go to waste’ which s true, but negative as it relies on crises to turn up as the best (not the only …) opportunities to get change done. But now, tries to turn it to the positive, (truly hedonistic with an epicurean twist) enjoyable by way of the proper mix of carpe diem due to memento mori. As one doesn’t know when one will die; a great many being caught short of having lived as they postponed all purpose of life by ‘saving’ that for later, always for later. Hence the balance will need to be tried, not wasting, not spending it all but also not shirking from opportunities to enjoy.
Hence a side remark that the plusquote is quite absolute whereas its application needs some ‘risk management’ balancing (including personal quality perception/prediction) but hey, that takes the fun out of the shorthand.

Oh; some may not have gotten the memo that R&R (R ‘n R) isn’t about rock and roll or so, but about Rest and Recreation. Or Rest and Restoration, whatever floats your boat.

Talking about boats … (??):

[Ship not boat! Not too much for pleasure, originally …; Baltimore again]

The ides of March

… aren’t today only, but are indicative of … well, a lot of what goes on in infosecland these days.
Who to trust, when your buddies and experts and both in ones, may carry knives or worse. Like, turning their your defenses against you behind your back. Like the Brutus’es and Ed S.’s did because their consciousness revived (true in both cases ..!), like the great many are doing without tipping you off already. Until it’s too late. And, in similar vein, how’zat for your backdoors built in ..?
But then, as long as you can sit there like a rabbit in the headlights … sleep now in the fire [insert appropriate link to RATM clip] because the Time Till Collapse may leave you less room for Après Nous la Déluge than ever before.

Just to wake you up, by the way; if you read the above as some kind of chagrain I may have achieved my aim of making you think beyond mere Mehhhh.
So, I’ll leave you with:

[Shifting politics, shifting alliances…]

Privvezee Shield

The fig leaf of the trade ..?
Probably will blow in the wind at the first whisper over 2Bft. E.g., through ‘misinterpretation’ of the rules and inherent incapacity to understand the Principles, by some vague fifth-line anonymous placeholder instructed to not understand, buried deep down in some TLA you may or may not have heard of.

And then, the wind cried Mary; landsliding into only the thinnest of lip service with a torrent (no double entendre intended) of factual breaches.

You’ll see… Plus:

[A sub, appropriately, even if only in Baltimore…]

Plusquote: You’re not perfect

Even at the Computer History Museum most of the devices on display stopped functioning many years ago.
This time, not one of my own but quoted from Ray. Pointing out that it’s not that bad if you fail at having the perfect IT management (systems/operations) in the universe — even if you’d had forever you wouldn’t succeed so take it easy on the minor non-compliancies.

So, this in a series inspired by this here Expert, some more of my own (heh) personal ramblings which I would dare to call motivational soundbites but you would consider to be as typically as this sentence to be my interpretation of brief, not necessarily positively motivational but that’s (yes I do use abbreviations to shorten the sentence even further) because that remains your interpretation but that’s not necessarily the right one being the one I intended.

Capice? And:

[Once – not forever – the newest, carved in / out of stone; Reims]

Plusquotetime

Diversity is joy and riches.

Another one in the series inspired by this here Expert, this here post continues the somewhat hopefully new series — with my own personal ramblings which I would dare to call motivational soundbites but you would consider to be as typically as this sentence to be my interpretation of brief, not necessarily positively motivational but that’s (yes I do use abbreviations to shorten the sentence even further) because that remains your interpretation but that’s not necessarily the right one being the one I intended.

The above might even require some exepelenaisijuhn. Where some approach diversity, of any kind, with fear, I consider diversity to be an asset at the mundane level, e.g., through creation of (evolution-enabling) robustness by partial pre-readiness against the chaotic changes in the (any def. of) environment. That some of the group however defined, will survive and no mass extinction is the effect of the previous perfected adaption (by definition), in itself should create calmth. All-individuals’ survival was never on the program (on the contrary, everything so certainly human life(s) will come to an end — trace the stories describing the utter horror and boredom of living forever…), and now, continuity can be guaranteed when diversity is cherished. One can even see the value to society of having some with less perfected adaptation to modern life that should be cared for as our hope for the future when we (?) ‘normals’ will be the misfits and the tough get going.
Also, uniformity is boring. Utterly boring. Think sheeple following $AAPL. Diversity, especially in society and the superset, art, has riches and value in itself. In flip image, those that oppose diversity-through-immigration often do so for an unconscious subliminal fear of being found out to be overly shallow… [Yes one can learn of other cultures from afar, certainly latter days, but meeting F2F in the others’ environment is still much preferred for its full-all-senses experience. To keep the world a better place, one of course then needs not flatten all culture to some happenstantial low(er/est) common denominator. That one doesn’t take over another one’s culture doesn’t mean one disses or dismisses it let alone one would (feel the need to) rate it lower — on the contrary, one could enjoy the diversity. And/or learn where others are in fact esthetically and ethically superioir, within losing one’s own peculiarities — again the fear of being found out to in fact be the lower life and having to give up one’s (implicitly, now exposed) inferior and/or underserved position.

I rest my case. And:

[‘My house in the ‘burbs must by law be exactly like yours’ — said no one ever. BarÇa again.]