2014 December

talkingguns.net-talking-guns-talkingguns-jonathan-gilliam-sheep-no-more-lions.jpg

Jonathan GilliamDecember 11, 201412min1000

by Jonathan T Gilliam

2014 was a year full of exploitations of gaps in security and growing threats that face the United States.  Looking back at the crisis and incidents of 2014, it’s easy to make educated predictions about what security vulnerabilities are most likely on our enemies’ hit list in the year to come.  2014 saw a rapidly scaled back approach to fighting overseas war and a breakdown of proactive military planning.  This weakened the already shaky U.S. Foreign Policy and National Security and set the precedence for 2015.

Likewise, border security also took an amazing hit in 2014 simply because politics trumped safety, preventing any real effective improvement.  This lack of action enlarged the country’s most vulnerable avenues of approach that allows millions of unchecked people to cross into the U.S. every year.  As ISIS emerged as the major player in international terrorism with billions of dollars at their disposal, a thirst for nuclear weapons, and a dialogue of direct threats to the U.S., a lack of border security has created 360 degrees of attack possibilities.

2014 saw the arrival of the Ebola virus that produced wide spread fear all across the U.S. even though there was relatively no threat.  This was due in large part to the mishandled initial response of the first case of Ebola in the U.S., coupled with the terrible communications and management of the crisis by the CDC.  As the saying goes perception is reality, and in the case of Ebola in 2014, the perception was chaotic at best.

This was also a year of multiple large-scale cyber hackings that compromised millions of bank accounts, personal information such as celebrity nude photos and emails. These types of hacks culminated with a dramatic year-end attack on Sony Entertainment that literally froze their ability to function.

2014 saw major failures in airport security with numerous intrusions into large airports across the country.  Newark International Airport, for instance, was the location where an intoxicated intruder scaled a $100 million dollar security fence before reaching the passenger terminal.  San Jose International Airport had three major intrusions including a 13 year old boy who breached a fenced area before boarding a plane inside the wheel well and flying to Hawaii.

If all that wasn’t enough, two of the most secured locations on the planet turned out to be not so secure.  The Freedom Tower, located at the hallowed ground of the World Trade Center memorial in downtown New York City, had numerous intrusions past its security fence, including yet another teenager that made his way to the top of the tower before taking a selfie.  These breaches of the supposedly hardened security boundaries around the Freedom Tower pale in comparison to the 10 fence jumpers at the White House in Washington D.C.  Of those 10 fence jumpers, one individual actually made it all the way into the White House, which was completely unlocked.

These examples of exploitations of gaps in security and growing threats in 2014 have placed a spotlight on several enormous security vulnerabilities that will absolutely,100% cause and/or allow all of the major problems we will face in 2015.

So, as an expert in vulnerability mitigation, I give you the top 10 Security Vulnerabilities that will be exploited in 2015;

10. Thinking That You’re Safe Because You’re Wealthy And/Or Powerful – As Sony Entertainment has demonstrated, even the biggest companies are vulnerable to cyber attacks.  In fact, cyber crime is a great equalizer of economic classes.  Securing your computer system is like having a mansion with thousands of windows that may or may not be secured.  The house is continuously expanding, but every time you build a new section, there are thousands of additional windows that need to be secured.  Chances are most large companies and wealthy and famous individuals will eventually become a victim of a cyber attack.

9. Thinking No One Will Bother With You Because You’re Poor – See number 10.  If you are broke, but you have a smart phone, computer, or credit card, you’re still building a virtual house of windows that could be compromised.  What’s that?  You don’t have anything for them to take?  Not a problem, they will just convince the bank that you paid for something you didn’t and now it’s up to you to prove it wasn’t you.  Yes, you can be broker than broke, and criminals will exploit cyber vulnerabilities in order to help you get there.

8. Being Comfortable – Jonathan Gruber called the American people stupid when he spoke about sneaking Obamacare into law without anyone reading it.  He was in fact wrong in calling the American people stupid.  However, if he said the American people were so comfortable they could be easily exploited, he would have been a little closer to accurate.  Comfort kills!  It is the second greatest personal vulnerability each of us face.

7. Waiting For A Problem To Happen – Politicians, the airline industry, and executives are the worst violators of number 7.  Sitting down and self-analyzing yourself and your surroundings is the beginning of a superior mindset and proper defenses.  It is amazing how little this is done even by the federal government.

6. Throwing Money At The Problem – Ah yes, one of America’s favorite pastimes, wasting money on technology to solve problems.  The common practice of throwing about 50 to 100 cameras around a facility with one guy to watch them all has become standard practice in security and it’s a great example of expensive useless security tactics.  Throwing money into technology is a huge vulnerability that can easily be exploited by criminals and terrorists alike.  For example, each year the retail industry loses billions of dollars to loss prevention despite the latest cameras and security tags.  2015 won’t be any different.

5. Choosing The Wrong Experts And Executives – This is probably the most common mistake made by large companies and federal agencies.  A true security expert will be able to identify where the vulnerabilities are located and choose the right person to fix that particular compartment.  Vulnerabilities are compartmentalized like the sections of a department store.  An expert in menswear is not necessarily an expert in women’s shoes.  Likewise, any security expert or senior executive that tries to convince you that they know it all, is a giant vulnerability themselves.

4. Lack Of Understanding Of Compartmentalized Vulnerabilities And Threats – Whether you’re the director of security or an individual trying to stay safe, understanding what areas are vulnerable and how they can be exploited will help you choose the right people and technology to mitigate the threat.

3. Lack Of Forward Thinking – Military units always forward think their plans because their mission success means life or death.  This is not the same for political cabinets, federal executives, and business executives.  Even though forward thinking is virtually free, it is one of the top vulnerabilities facing the U.S. daily.  If you are prepared on paper, you will be more likely to have an effective plan in place before something happens.  Remember, action always beats reaction.

2. Lack Of Effective Leadership – There are two great epidemics plaguing the U.S. in today’s world, a lack of educated effective leaders, and a lack of awareness by the American citizenry.  Incompetent leaders pose the greatest vulnerability that groups like ISIS have exploited in order to move their fight closer to our own homeland.  Incompetent leadership does not know race or sex, and it seems to be directly related to a person’s executive rank and the speed at which they rose to the top. This is definitely not improving in 2015.

1. Lack Of Awareness – And number one goes to an overall lack of awareness on the part of almost every American Citizen and leader.  Awareness is key because no matter how much money you spend, how many meetings you have, how many guards you hire or cameras you install, nothing will ever be as effective at securing vulnerabilities as an aware human.  Human awareness is the ultimate security technology and it’s the cheapest.  Every American is a virtual security guard, and an expert in their surroundings, if they are aware.  So far, 2015 looks like most of our citizen security guards will still be asleep on the job…

As a Navy SEAL and FBI Special Agent, I developed a deep understanding of unconventional warfare and the effectiveness of utilizing vulnerability exploitation for offensive attacks and defensive planning.  Finding the gaps in security and awareness, leadership and understanding are how small units crush big forces.  Vulnerability exploitation is how the Greeks entered the city of Troy with a gift of a wooden horse, and it’s how attackers, hackers, criminals and daredevils get in and do what they want in today’s modern world.

We are a nation of free people, and with that freedom comes great opportunity to relax as much as possible.  However, the more relaxed we become, the further our guard falls.  Procrastination, relaxed security procedures, and unchecked policies are vulnerabilities that grow when things are looking brighter.  Never be comfortable with being completely comfortable.  That is where trouble lurks and it is where our national security will continue to suffer in 2015.