Bob Radvanovsky: Fwd: [ISN] White House Details Zero-Day Bug Policy: FYI.
By Mathew J. Schwartz
NSA denies prior knowledge of the Heartbleed vulnerability, but the White
House reserves the right to withhold zero-day exploit information is some [...]
Mike Ahmadi CISSP: Heartbleed disclosure timeline: who knew what and when: For anyone who wants to attend from this list, here is a link to our Webinar with DHS today:
Please register here soon: The registration link is: https://www1.gotomeeting.com/register/973166368
Log into the Webinar using the webinar link that you will be sent in an email after you register. [...]
Grant Gilchrist: Mounties make first criminal charges associated with Heartbleed bug?: Don't know if this is the first set of charges, but it's a pretty serious crime - stealing 900 social insurance numbers (equivalent of U.S. social security numbers) from the Canada Revenue Agency (equivalent of IRS) site. I believe it is even more serious because unlike in some other countries, organizations in Canada are forbidden from using SINs for anything other than tax, payroll and government benefits, for privacy reasons.
Take a look at the chart to the right. It is a little hard to interpret but it starts about 2 years prior to the onset of an average of all the recessions over the last 20 years. The top blue line represents the "normal" evolution of forecasts regarding GDP growth, that is, in a non-recessionary environment. On average this is about 3% per year across all of the countries studied.
The forecasts from economists - the red bars - start out pretty close to this norm but begin to drop below the norm at the 8-10 month point. While, on average, the forecasts continue to decline over the year preceding a recession, they still miss the mark (albeit slightly) even at the end of the year. In other words, they get less wrong by the end of the year but they are still all - as in all - wrong. The authors indicate that this paper replicates the results found by a 1990's paper that looked at the same effect over an earlier time period. The effect is even worse when looking at recessions that develop after banking crises.
Note: The bottom blue line which shows the actual average GDP growth is positive because, as the authors point out: "on average, growth is not negative during recessions in advanced economies because the dating of recession episodes is based on the quarterly data and annual growth tends to remains positive during many recessions." 'Nuff said.
The authors also add that there are three schools of thought about why these forecasts are so uniformly incorrect: Economists don't have enough information, don't have the incentive or aren't good enough Bayesians (i.e. hold on to their priors too long) to make accurate forecasts. The jury is still out with regard to the actual reason but the effect seems like the kind of thing an intel analyst would want to account for when using macroeconomic forecasts in other than business analyses. (Tip of the Hat to Allen T. for the link!)
Tom Ridge, Former PA Governor and first Secretary of Homeland Security, speaks at the opening of the School of Intelligence Studies and Information Sciences
Today, Mercyhurst University announced that the Department of Intelligence Studies would be merged with the Department of Math and Computer Science and the Department of Communications to form the seventh school within the University: The Tom Ridge School of Intelligence Studies and Information Sciences.
Named after former Pennsylvania governor and first Secretary of Homeland Security, Tom Ridge, the new school takes its place among more traditional schools such as the School of Social Sciences and the School of Business...
(Sounds like a damn press release. If your readers wanted that, they should go here. You should give them a feel for what this really means...) This is a big deal. A really big deal.
In the first place, there is no other University in the country (perhaps in the world) that has a school dedicated to a vision of Intelligence Studies as an applied discipline, that teaches students how to get intelligence done and not just how to talk about it.
Secondly, it is going to allow us to grow our programs exponentially. First up is a new and complementary masters degree that will focus on data analytics - so-called "big data". My own hope is that we will soon begin to offer a doctorate - but not a PhD - in Applied Intelligence. I don't know what the new Dean of the School, Dr. Jim Breckenridge, wants it to look like, but I want it to be a professional doctorate, like an MD or a JD, that will focus not only on intelligence analysis but also on the special challenges of leading and managing the intelligence enterprise.
Third, it validates the vision of Bob Heibel, the founder of the Mercyhurst program. Twenty-two years ago, long before 911, before even the first World Trade Center bombing in 1993, Bob had the radical idea that academia could do a pretty good job educating the next generation of intelligence analysts. Almost 1000 students have graduated from our residential, online degree, or certificate programs since then. These alumni are today employed throughout the national security, business and law enforcement intelligence communities.
Governor Ridge said today that the nation owes a debt of gratitude to Bob for what he has contributed to the safety and security of the US and, through our international students, of the world. It is a testament to what one person can do when he really believes in something.
Representatives of Governmental, National and Military Teams dealing with “Computer Security Incident Response” as well as National Security Authorities and National Cyber Security Centres from Austria, Czech Republic, Hungary, Poland and Slovakia, who gathered in Vienna for the third meeting of the Central European Cyber Security Platform (CECSP), consider the concrete progress in the one-year cooperation in cyber security field.
CECSP was founded in May 2013 on the initiative of Austria and the Czech Republic. The aim of the Platform is to enable the information, best practices, lesson learned and know-how sharing about cyber threats and potential or (un)successfully carried out cyber-attacks. Furthermore, the Platform shall contribute to the capacity and capability building through common trainings, education, exercises and the research and development coordination. Finally, the participating states strive for harmonized positions in the international environment.
Due to the potential sensitive nature of the information in sharing activities the creation of secure communication channels to avoid information leakage and to react in minimum of time will be discussed. Common cross boarder cyber exercises shall be established as well as practical working groups on demand.
So far the CECSP-meetings were largely devoted to trust-building, mutual acquaintance and exchange of information on the respective country-situation. The priorities of the meeting today here in Vienna are on the one side the adoption of a working program for the CECSP for the next three years and an agreement about the principles in the cooperation within the CECSP. The results of the Vienna CECSP meeting shall be tested at the first joint cyber exercise in June 2014.
In the future the objective of the CECSP is setting up a level of transnational cyber awareness and risk management. This shall be achieved by permanently working on mutual trust and activating the processes of cooperation.
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!
I am in the process of updating and compiling my list of job resources for entry-level intelligence analysts and I could use your help! If you know of any good websites or resources, please either send them to me (kwheaton at mercyhurst dot edu) or post them in the comments below. What kind of links am I looking for?
Job links for entry-level intelligence analysts. If you know of a company or organization that has intelligence analyst jobs on the books that can be filled by an entry-level analyst, send a link.
Job links for intelligence analyst-like positions. Lots of positions within the private sector (such as anti-money laundering positions with most banks) are good fits for entry-level intelligence analysts but they are rarely easy to find through straightforward job searches.
Job links for international positions (for nationals and expatriates). There doesn't appear to be a good list of job resources for individuals with intelligence analyst skills who want to work outside their native country. Likewise, expatriates often having a hard time finding intelligence-like jobs in foreign countries.
Job links for Non-Governmental Organizations. NGO's rarely if ever title analyst positions as "intelligence" positions, yet the intelligence analyst skill set is often the best fit.
Beyond job boards or specialist search sites, what else can you provide? Job preparation resources. Getting a job in any intelligence position in challenging. Any hints or tips that are particularly relevant to the intel job search would be appreciated. What kind of stuff am I talking about?
Social Media Usage/Presence (LinkedIn in particular)
Hints and tips for breaking in
Once I get everything compiled, I will post the list here!
Crowdfunding is a busy place these days. While the largest and most popular site, Kickstarter, continues to fund a variety of creative projects (last year Kickstarter funded more creative projects than the National Endowment for the Arts...), specialty crowdfunding platforms are now available for everything from education to issues in the developing world to scientific research to, of course, porn. For me, understanding crowdfunding is becoming an increasingly important part of what I call "entrepreneurial intelligence" - or, stuff that is outside entrepreneurs' control but is still critical to their success or failure. Crowdfunding is rapidly filling a space left untouched by bootstrapping, angel investors and venture capitalists and understanding the strengths and weaknesses of various crowdfunding platforms would seem to me to be a critical intelligence requirement for entrepreneurs. One of the most interesting of the new crowdfunding platforms is Upstart. Upstart allows you to invest directly in a person. In other words, you give them some money now to pay off a loan or to learn to code or to expand a business, and they promise to pay you a small percentage of their income over the next 5-10 years. Repayments are capped (typically at 3 to 5 times the amount invested) so people can pay off their backers early if they make a lot of money.
Like a venture capitalist or angel investor, you could lose all of your money if the person you backed doesn't make enough. Upstart uses statistical models to predict how much the "upstart" will earn over the next ten years based on degree, school attended, test scores, number of job offers, work experience, etc. The amount the upstart can ask from backers is based on this model but as Upstart notes: "Any estimate of returns is highly speculative, subject to a high degree of variability, and not based on historical experience. The pricing engine is novel and untested and relies on broad-based statistical data that may not be representative of any individual’s actual future income." This is, however, a pretty good deal for investors if everything works out as planned. A $300 return on a $100 investment over 5 years represents a nearly 25% annual rate of return. Sure beats the 2 bucks your average money market fund will likely yield over the same period...