Let's talk cybersecurity #hysteria.

1/8
Four days ago, Chris Krebs confirmed cyber terrorists had remotely shut down the east coast's lifeblood.

His tweet is why I fueled my pickup that very day with $140 of diesel at $2.67/gal at Dodge's gas station on Rt 49 in Gulfport MS.
2/8
Cybersecurity #hysteria has done amazing things over the last three decades.

And I do mean "amazing"!

It led us the knee-jerk idea for a "precautionary disconnect," which is when we shut down our operations to prevent a computer attack from shutting down our operations.
3/8
Of course we now know it was #ColonialPipeline who shut down their own operations, not the cyber terrorists--

--because they don't trust their own cyber security team.

And why should they?

I've railed for two decades on the *true* purpose a CISO serves to a company:
4/8
To whit: CISOs must capitulate to policy & waiver demands they literally can't refuse.

Things no CISO in their right mind would allow.

Too many CISOs are like the bandleader who was forced at gunpoint to sign away his rights to a great singer:
5/8
A *big* problem with many (most?) CISOs is that ... once they put their signature to each bizarre policy ... or sign a bizarre policy waiver...

...their egos convince them "that was MY policy" or "that was MY waiver decision."

Their egos make them #own piles of shit!
6/8
So it's no wonder #ColonialPipeline didn't trust their own cybersecurity team.

They know what they forced the CISO to do!

I imagine right now their CISO is slunched in a stupor, staring at allllllll those signatures he (she?) (probably "he") put on paper. Wondering aloud:
7/8
"Why would I ever put my signature to this? Why did I sign off on that?"

It's because you had no damn choice, sir. ("ma'am"?) (probably "sir")

Somebody must earn your salary and sign those idiotic #cyber policies #ColonialPipeline demands. If not you, then someone else.
8/8
And so here I sit, watching with a sloppy grin as gas prices spike--

--NOT because of a #cyber attack

but rather because a U.S. critical infrastructure screamed "YOLO!" while slapping the emergency stop button you see at every gas station.

@threadreaderapp please unroll
Others among us will independently come to the same conclusion

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with 🗣 Rob Rosenberger

🗣 Rob Rosenberger Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @vmyths

31 Mar
1/22
Let's talk about how the 2,000pp "House 2.0 antivirus experiment" was in fact an intelligence report (aka "INTSUM") on the global #antivirus industry.

It began in 1999 after I'd revealed the existence of "EIS," later renamed "ADVEIS." It was an #antivirus rootkit...
2/22
ADVEIS stood for "Antivirus-Dependent Vulnerabilities in Email Infrastructure Security." I developed it in the late 1990s while working at A.G. Edwards & Sons building the U.S. brokerage industry's first SOC.

I gave a public lecture on ADVEIS, then dusted my hands of it.
3/22
But ADVEIS had rankled the #antivirus industry.

This led IBM bigwig David Chess to call my office.

I admit it: Chess is the one man I never beat in a philosophical match.

"So, Rob: you got root access from every AV company's products. What are you going to do *next*?"
Read 23 tweets
26 Nov 20
Let's talk cybersecurity.

1/7
News of COVID19 vaccines' side effects are so wild that rumors are spreading of how many #SickDays you'll burn to get both (repeat: "both") shots.

So let's compare it to the history of #computer antivirus vaccine use...
2/7
Historically, users gleefully installed #computer vaccines when they were released (typically a few days) after a deadly global virus outbreak "that cost millions of computers' lives and billions of dollars in damages."

But then users came to a rumored realization...
3/7
They said "you'll pay a severe penalty for #antivirus vaccines."

Users rumored it made their computers sluggish; that it constantly wasted their time to install vaccine updates every {month | week | day}; that it interfered with important company processes; blah blah blah
Read 7 tweets
8 Nov 20
1/10
Let's talk cybersecurity.

Specifically, let's use #hysteria to snatch the electoral college from Biden so Trump can serve another White House term:

newyorker.com/news/daily-com…
2/10
We can pick ANY blue states here; I'll pick Georgia & Pennsylvania for fun

Again, our goal is to use #hysteria to snatch some electoral college votes from Biden

law360.com/articles/12287…
3/10
El Prez can begin by collecting all the research that WE THE PEOPLE in cybersecurity use to cast our own pall of fear over electronic voting:
Read 10 tweets
31 Oct 20
1/17
What with the U.S. election approaching, it's time I told you about a BILLIONAIRE FINANCIER PRESIDENTIAL CANDIDATE who once pondered if he should buy an #antivirus company

I'm talking, of course, about ROSS PEROT

Strap in kiddies, we're going on a ride!
2/17
It's late February or early March of 2004. I'm in uniform, temporarily assigned to USAF's Senior NCO Academy as a reward for having pitched a tent on a captured Iraqi air base. Vmyths[.]com has all but collapsed by this point due to my Reserve military commitments.
3/17
My late wife Denise is at home in my computer lab where she's drafting a résumé. She got cut in the third round of a quadruple-layoff sweep when the U.S. gov't terminated a contract that her firm, um … did reeeeeally bad things on.

So anyway, she's sitting there…
Read 17 tweets
3 Oct 20
1/6
Let's talk about the ingredients that went into this meal of a treatise (see below).

The authors cite @KimZetter in the endnotes 👍

@bontchev? No mentions at all.

@craiu? No mentions at all.

@mikko? No mentions ... and he's got "vigorish" in DoD!

Me? Yeah, no. Image
2/6
There is a MAJOR BARRIER between "corporate #cybersecurity" that formed as an industry in the late 1980s

vs. "beltway bandits" who hijacked it for gov't funding in the late 1990s.

Fully a dozen years ago I warned DoD is "devolv[ing]" in cyberspace:

web.archive.org/web/2016032800… Image
3/6
And this brings me to a vital concern I have with the ingredients in ANY well-resarched DoD-centric cyberspace treatise w/ 139 footnotes:

PhD candidates FAIL to earn a doctorate every year because their "well-researched" thesis is way too damn lopsided!
Read 7 tweets
19 Sep 20
1/4
You know what's in store for #cybersecurity when "in person" conferences finally restart?

It ain't "networking"

Many of you will form #cliques based on your vehement political beliefs, NOT your cybersecurity beliefs

Our industry will be all the less for it. What a shame!
2/4
I've bitched since 2009 (see below) about #influencers¹ who CANNOT stop talking about their airline woes, and why we must vote for their politician, and etc.

How DARE you force #infosec newbies to follow "the whole you"!

_____
¹ Not #ThoughtLeaders
3/4
I'm NOT alone in this belief. Newbies occasionally speak up to tell #influencers "I followed you for your expertise, why did you stop?"

You want to tweet? That's your right.

You want to be an #infosec influencer? That's a privilege.

Time for you to #ShitOrGetOffThePot!
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(