Skip to content

Veterans Affairs FAILS Cybersecurity 16 Times in a row

November 21, 2014

The Department of Veterans Affairs, the VA, has failed a cybersecurity audit for 16 consecutive years.

Any failures, in years past, was considered a death sentence for one’s career.  Two was considered next to impossible.  16 in a row almost seems to be a deliberate attempt to be seen as the worst of the worst.

Fingers are sure to be pointed at VA Chief Information Officer Stephen Warren, who is responsible for cybersecurity practices and adherence at the VA.  He joined the VA in 2007 and has over 30 years of federal service.

But who is responsible to make sure the VA adheres to Federal guidelines?  DHS. For 13 of those 16 years DHS has been in charge of federal government compliance with federal regulations and guidelines.

Wait a second, the US Department of State just shut down its systems because of a plethora of hacks. DHS is responsible for their cybersecurity, too. And Auditors: State Department has history of poor cybersecurity.

The White House has been hacked, too.

NOAA, weather service.

Wait a second…  this appears systemic but there is one common point of failure:  DHS.

Why is DHS not being held accountable?

Putin Fearful of a “Colored Revolution”

November 21, 2014

Putin issued statements to Russian security chiefs that preventing “colored revolutions” must be a priority.

Colored Revolutions: Yugoslavia in 2000, Rose Revolution in Georgia in 2003, Orange Revolution in Ukraine in 2004, Tulip Revolution in Krygystan in 2005, Cedar Revolution in Lebanon in 2005 and the ousting of Yanukovich in Ukraine in 2014, all strike fear in Putin and his council.

Russia is increasingly concerned about colored revolutions. “Putin says Russia must prevent ‘color revolution’“.

“In the modern world extremism is being used as a geopolitical instrument and for remaking spheres of influence. We see what tragic consequences the wave of so-called colour revolutions led to,” Mr Putin said at a meeting of Russia’s Security Council.

Putin seems convinced the CIA is behind these revolutions and is increasing security as a result.  Tensions are not as high as the Cold War, but the CIA is under increasing pressure in Russia., a little known Russian propaganda tool, claims that the CIA is ramping up pressure on Russia by pushing lies about Russia in Ukraine. As a matter of fact, almost all of the Russian propaganda machine, including the newly formed Sputnik, are launching lies, mistruths and distortions on a grand scale.

It appears everything that Russia accuses the US and the UK of doing against it is something Russia is doing on a much grander scale.  What was old is new again.

Colored revolution anyone?

Russia drives Ukraine to NATO

November 21, 2014

Pro-Russian rebels on a tank drive on a road in Donetsk, eastern Ukraine.

Now that everybody knows that Russia specifically does not want Ukraine to join NATO, Ukraine is taking steps to join NATO as its #1 priority.  If I were Russia I would consider that a huge slap in the face.  Much deserved, I might add.

ITAR-TASS is reporting that Ukraine is solidifying a five-party coalition in Ukraine’s parliament,the Verkhovna Rada, and they have begun outlining their priorities for the near future.

Ukraine joining NATO is the first priority for Ukraine.  This is a direct confrontational attitude for Ukraine, as Putin stated preventing Ukraine from joining NATO was his priority for Ukraine.

Russia has called for “a 100% guarantee that no-one would think about Ukraine joining Nato”, President Vladimir Putin’s spokesman has told the BBC.

This rather arrogant statement by Putin is somewhat of a slap in the face to the West.  Putin has consistently told a fib, saying NATO ‘promised’ not to expand Westward following the fall of the Iron Curtain. This tale has been debunked numerous ways, Putin’s nose continues to grow with this lie.

Ukraine’s position was contained in a document signed by leaders of the five parties comprising the parliament.

The document was signed by leaders of the Petro Poroshenko Bloc, Samopomich (Self Reliance), People’s Front, Radical Party, and Batkivshchyna. The Opposition Bloc, which unites representatives of the Party of Regions, which was at power earlier, is not a member of the coalition.


Russia has nobody to blame but itself. It drove Ukraine to this conclusion.

Putin’s three choices on Ukraine

November 21, 2014

Zbigniew Brzezinski, US National Security Advisor, 1977 – 1981

Zbigniew Brzezinski, US national security adviser from 1977 to 1981, in a recent Washington Post story, says Russia has three choices.

1. He could pursue an accommodation with Ukraine by terminating the assault on its sovereignty and economic well-being. This would require wisdom and persistence from Russia as well as Ukraine and the West. Such an accommodation should involve the termination of Russian efforts to destabilize Ukraine from within, ending any threat of a larger invasion, and some sort of East-West understanding that entails Russia’s tacit acceptance of Ukraine’s prolonged journey toward eventual European Union membership. At the same time, it should be made clear that Ukraine does not seek, and the West does not contemplate, Ukrainian membership in NATO. It is reasonable for Russia to feel uncomfortable about that prospect.

Additionally, it would likewise be made clear that Russia no longer expects Ukraine to become part of the “Eurasian Union,” which is a transparent cover for the recreation of something approximating the former Soviet Union or tsarist empire. This should not preclude, however, a Russian-Ukrainian trade deal, since both countries can benefit from increasingly cooperative trade as well as financial relations.

2. Putin could continue to sponsor a thinly veiled military intervention designed to disrupt life in portions of Ukraine. Should Russia continue on this course, obviously the West would have to undertake a prolonged and truly punishing application of sanctions designed to convey to Russia the painful consequences of its violation of Ukraine’s sovereignty. This unfortunate outcome would likely yield two basket cases in Eastern Europe: Ukraine, because of destructive Russian actions, and Russia itself.

3. Putin could invade Ukraine, exploiting Russia’s much larger military potential. Such an action, however, would not only prompt retaliation by the West but also could provoke Ukrainian resistance. If such resistance were sustained and intense, there would be growing pressure on themembers of NATO to support the Ukrainians in a variety of forms, making the conflict much costlier to the aggressor.

For the Kremlin, the consequence of this third option would be not only a permanently hostile Ukrainian population of more than 40 million but also an economically and politically isolated Russia facing the growing possibility of internal unrest.

Choice one, cease and desist.  Two, continue the status quo. Three, invade Ukraine. The last two options are losing propositions for Russia but appear to be what Russia prefers. The first option is a clear loser for Putin, personally, and may cost him his presidency, but it enables Russia to reduce crippling sanctions and perhaps assume a semblance of normalcy.

I believe there is a fourth choice. Russia withdraws from Ukraine and establishes an unhealthy unconventional war inside Ukraine, capitalizing on current successes inside Ukraine.  The difference between this and option #2 is the presence of Russian conventional military machines, tanks, APCs and artillery.  I actually think this is a really bad choice for Russia, since they have zero experience.

Who knows what idiocy lurks in the minds of Russian planners?

“We can launch a nuclear strike” – Kremlin propagandists

November 20, 2014

This is a direct copy and paste from, translated from Russian to English with my Chrome browser.

Leontiev dopilsya nuclear strike in response to sanctions

Vice-President of the Russian state company “Rosneft” Mikhail Leontiev believes that it is possible to abolish financial penalties in relation to Russia, by intimidating the West with nuclear weapons.

Past is Prologue to China’s Cyber Strategy

November 20, 2014

This piece was written by a friend, Bill Hagestad. Bill is a China expert and has written a book on Chinese Cyber operations. I respect his expertise on China, I respect his facts on cybersecurity but I disagree with many of his cyber perspectives. I consider his opinions valid but perhaps misinformed.

I’ve written extensively about the situation regarding China. I’m fairly hardcore about China and their cyber intrusions. China can be compared with the Russia of late, they think nobody is going to punish them if they rape, pillage and burn their way through our networks. For the Chinese reading this, that is a metaphor.

When I was in China, researching Chinese cyber policies, cyber units and practices, I often remarked to their seniors: “The US spies on China, China spies on the US.  I have no problems with that, countries spy on one another.  But China is sloppy, you make a lot of noise, you get caught.  The US is going through your systems just as extensively, we just don’t get caught.” The implied lesson was ‘don’t get caught’.

The problem is the Chinese seem to have multiple layers of espionage, be it corporate or governmental or a mix of both. 1 – script kiddies, probably teens and tweens pounding on the keyboards, making a lot of noise and trying to find out what works. They have minimal training and probably outdated suites of tools, if anything at all. 2 – tweens and late twenties, young adults with good tool sets, a good bit of experience, fundamental, even good coding skills and a willingness to learn. These folks probably get the vast majority of ‘stuff’ from our systems and are occasionally rewarded, otherwise they’d move on to a place, offshore, where they could earn a fortune. 3 – the best. Their coding is excellent, they recognize an exploit and can write code on the spot, making surreptitious backdoors, and replacing log files. They are quiet and stealthy, doing the bare minimum each time – setting up the next step. Finding them requires concentrated effort amidst all the noise of the other folks, so they will probably not get caught, not within the current security environment.

China was caught flat-footed by the GhostNet report of 2009.  China was slammed by the Google fiasco of 2010. Operation Aurora. The Mandiant report about China PLA unit 61398.  The NYTimes hack. Apple iCoud. Wall Street Journal and other US Media. US Postal Service.  The targets go on and on, China is raping and pillaging US networks.  Should the US continue bending over and taking it? Apologies for the graphic textual picture, but how else are you going to get it?

Viewed collectively, the US has little that China has not seen, they own our networks.  Viewed as an intelligence analyst, China may well be preparing for a war.

Why wage a planes and bullet war when you can beat us solely through cyber means?

Cybersecurity – Are We Serious?

November 20, 2014

I have real heartburn about US cyber policies and security.

I do not think the US takes cybersecurity seriously.

The US has made what I consider “demonstrations” of concern about cyber but we lack the guts to take the next step – actually making US networks secure.

A few possible steps:

  • IPv6 provides the potential for attribution, but it is not foolproof. Make it foolproof.
  • Hold software coders accountable for vulnerabilities.  Shocking, I know.
  • Pay back intrusions with little “limpet mines” and beacons attached to the stolen data.
  • Public listing of intrusions with attribution.
  • Actual measures to show real attribution.
  • Hacking back and wiping their systems, make them pay for supporting those activities.

This is no longer a game.  The US has created a cyber domain. The US has created a cyber command. The US has created cyber soldiers, sailors, airmen and marines.

I had somewhat of a wakeup call a few years ago when dealing with DARPA, who are supposed to be the future thinkers of the US military.  They want short-term projects, six months to one year achievable goals.  They have finally caved to the “show me results” gang.  My paper dealt with a long-term, five to ten-year project, using technology not yet achievable, but would be a vast improvement over our static, lines of defense cybersecurity.  My paper didn’t even make it to DARPA, my team chose a more archaic approach with only incremental improvement.

The US has ignored, paying only lip service, to corporate american cyber security. Almost daily, we read about new large data intrusions, our accounts stolen from yet another corporate giant or a cyber security corporation compromised. Yet when you look up cyber vulnerabilities, all you see is fear, uncertainty and doubt targeted at the big money of the corporate world, willing and able to pay the big bucks for advice and protection.

The US has totally ignored you, me, Jane and Joe citizen. In the meantime our computers are growing slower and slower, with malware, viruses, worms, trojans and a myriad of other attacks and exploits on our PCs.  If you browse through the DHS website, their job is to ‘provide advice’ to ‘we the people’.

Are we serious about cybersecurity?


Get every new post delivered to your Inbox.

Join 1,257 other followers