Rob Cheng's Blog
  • Search for:
5May-22
Secure the Homeland

In March 2022, the Biden administration announced that cyber attacks from Russia were imminent. Although this is untrue, it shines a light on how unprepared the federal government and the rest of the country are for a nation state attack.

A nation state attack is exponentially more serious than ransomware. Unlike ransomware, a nation attack does not attempt to extort a fee to restore operations. It simply destroys without regard to consequence.

More importantly, a nation attack accelerates the frequency and sophistication of the attacks. For over a decade, the United States, Russia, China, North Korea and Iran have been stockpiling vulnerabilities in the event of a cyber war. This is the reason why a cyber attack is NOT imminent, because Russia knows that America likely has a larger stockpile with more severe consequences.

When the Americans shut down 3 Iranian nuclear reactors and Russia shut down the Ukrainian electric grid, each of these attacks were accomplished through one vulnerability. The WannaCry virus infected 250K computers in one day through one vulnerability.

Any nation state, and most certainly Russia, has dozens if not hundreds of these vulnerabilities. Rather than one vulnerability, a nation state attack would deploy numerous vulnerabilities simultaneously entering unobstructed into every server and endpoint and any other device that contained critical information in the nation.

The first line of defense is patch management but this is wholly ineffective because patch management works with known vulnerabilities and these vulnerabilities are unknown by design.

The next line of defense is the antivirus which has not functioned against modern threats for almost a decade yet consumers and businesses and even the federal government blindly throw money at this obsolete vestige from a prior era of computing. So the attack continues.

The last line of defense is EDR / XDR / Zero Trust, which attempts to detect and respond to the full frontal onslaught nation state attack. Unlike ransomware, a nation attack would overwhelm the SOC (Security Operations Center) and it would quickly fall down.

This exposes the largest flaw in the nation’s defense. EDR / XDR / Zero Trust / SOC cannot scale to meet a spike in attacks. For a SOC to double in size, would take months, and a nation state can increase its attack level in seconds.

As stated earlier, this is not going to happen due to a respect for America’s vulnerability stockpile, however our defense frameworks should consider the possibility of a nation state attack. Unfortunately, none of the popular frameworks including NIST, MITRE and even Jack Voltaic comprehend the possibility of a nation state attack.

The first nation to contemplate in its national defensive cyber strategy the impact of a nation attack will win the cyber war. The first nation to effectively create cyber defenses that negate a flood of vulnerabilities attacks from a nation state will rise to the top of the world order, because it is no longer exposed to a cyber counter strike.

There is a solution and that is application whitelisting, AKA allow listing or software asset management. As NIST has been recommending for the last 7 years, application whitelisting should reside between the patch management and the antivirus layers. In this way, during a nation state cyber attack, the application whitelisting will strictly allow authorized applications to run. During this scenario, the volume on the network is substantial and network performance may deteriorate but it will not fall down. Some new good programs may not run properly until the attacks abate, but the goal is resilience, to withstand the attack.

This resilience gives patch management time to identify the vulnerability and remediate the vulnerability so the attacks abate. The nation state will likely deploy more of its stock of vulnerabilities which should also prove futile. At this point, the nation is deploying vulnerabilities faster than it can replenish, until the stockpile falls to zero. Then America wins.

Secure the Homeland.
12Feb-21
Get Out of Neutral

For one year, the world has been stuck in neutral. People are waiting for an invisible hand to move the gear shift back to DRIVE. The masses flock to Netflix and Facebook hoping that somehow the world will become unstuck. Life is short and I don’t want to waste a day and certainly not a year being stuck. We are the invisible hand and our actions define whether the gear shift will move the vehicle forward. I refuse to live my life in neutral.
4Jun-17
Are Humans on the Road to Extinction?

My first cousin is a world renowned sociologist. A few years ago in a chic NY City restaurant, over a nice bottle of wine, he shared a concerning conclusion, “In the decade of 2010, the human population for the first time in our history is declining.” In the first book of the Bible, God plainly commands, “Be fruitful and multiply.” Well, we’re not multiplying any more. At least not at the same rate. Sorry God.

I was born in 1959, which is considered to be the end of the Baby Boomer generation. Baby Boomers, some theorize, is the greatest generation. I believe the reason is because of our parents instincts to multiply. That is have lots of kids.

Our societal governmental structures, such as Social Security and Medicare, assume a new generation of young people to pay for these programs. With the American reproduction rate in decline, these programs are now in decline. Worse yet, baby boomers, are living longer than ever, which is good for replacement rates, but worse for these social programs.

How did we get here? China is certainly to blame by their draconian mandate of one child per family. This is not too bad because the mandate can be undone, and it has. They are now up to two children per family. There is something else in play. It is not abortion. It is birth control. In the late 60s, birth control went into mass production, and it is the only feasible explanation on why family sizes have fallen dramatically in less than two generations.

Birth control is a choice, and we believe in choice. But we must take care or humans might be choosing extinction.
27Nov-16
Can the Government Control the Weather?

I believe that the temperature is getting hotter. It is not hard to figure out, and this year was quite hot and had many months the hottest on record. About a decade ago, the Koch brothers of Koch Industries, perhaps the largest polluters in the country, realized that climate change and subsequent government regulations were a threat to their business. They began pouring their profits into politicians that would deny that climate change was even occurring. When you hear a politician ranting against the existence of climate change, it is not what they really believe. It means that they are being compensated for publicly stating an opinion different than what they hold. Two great examples are Mitch McConnell and Mitt Romney.

This is unfortunate because it hurts the Republican party and the country. There is essentially world wide consensus that the climate is changing and that it is man made. It just makes everyone look stupid. It also precludes the more important debate, “Can the government control the weather?”

There’s a lot of people that think so, but I do not. The idea is that if the government can regulate and police people and businesses, that temperatures will go down. There is no evidence that this is even close to being true. Many countries have implemented some regulations and there has been no impact on global warming. Either the necessary regulations need to be so totalitarian that no one would implement them, or the entire premise should be invalidated that the government can regulate and police its way to changing the weather.

Don’t believe me? We have another great example staring right in front of us. Think about the war on drugs. It seems like a good idea. Drugs are harmful to the productivity of society. We can make the consumption and sale of these drugs illegal and the government will police it. Richard Nixon did this in the early 70’s, over 40 years ago. Today, we have more people in jail than all the nations on earth combined. Illegal drug use is common place, and the price of these drugs are amazingly affordable. Plus, the drug lords in Colombia and Mexico run rampant and outside of the law, wreaking havoc on these societies. We are stuck in this harmful infinite loop, where we don’t have the conviction to stop the war. So we just keep on going harming our very own citizens and the countries around us.

This is exactly what will happen with global warming if we begin to introduce regulation. It will fail and temperatures will continue to rise. So what do we do? We will have more regulation, still with no success. And then we will have another expensive and harmful federal policy that we will be unable to admit failure.

The war on drugs should be a lesson to all of us. There are limits to what the government can accomplish no matter how good the intentions.
28Feb-16
What The Media Omits

I remember in 2012, I tried to read everything online I could, so I could know every small and isolated details between the candidates, Barack Obama and Mitt Romney. I watched the debates. This year, I am taking the entirely opposite approach. I am shunning all media, and I avoid trying to read anything about the current crop of candidates. But it is unavoidable. No matter who you are, you are ensconced in the circus that we call the presidential elections.

As I considered this, I realized that none of the candidates (Donald Trump, Ted Cruz, Marco Rubio, Hillary Clinton, and Bernie Sanders) are talking about the issues that I care about the most. Here are the issues that I think are important.

1. Balanced Budget.

It does not take a rocket scientist to know this, but the federal government does not. When the federal government runs deficits so large and for such a long period of time. It hurts the country, it hurts our future, and it hurts our young people. Yet no candidate even mentions this. Of course, just like anything else, balancing a budget requires making choices. Some of them are difficult. It is clear that no one in charge is capable of making even the simplest of choices in an effort to balance the budget.

2. Money.

I think all of America has figured out is that we no longer have a democracy. It is an oligarchy that is run by money. It is nauseating to think that perhaps the greatest democracy in the history of the world has lost its way to the seduction of money. We all know it, yet the media makes no mention of this issues, nor do the candidates during this election cycle. We need to get money out of the running the government and the elections. We all know it. Special interests (banks, health insurance, pharmaceutical, the military industrial complex and on and on) contribute to candidates, and then expect favors for their donations. Yet no candidate nor the media talks about it.

3. Term Limits.

The president only can be in office for a maximum of 8 years. A governor of any state is 8 years. But a US Congressman or US Senator can be in their position for as long as they can win elections (see section on Money above). Public approval of Congress is nearing single digits. The Constitution was created for the government to be one of public service. It was not meant to be a long term vocation where one can become a millionaire. Yet no candidate nor the media talks about it.

I could go on. But I came to a realization. There is another party in America. The problem is that the media gives no press whatsoever to the Libertarian Party. If the media only mentioned them once a day, it would sink the moneyed interests running both the Republican and Democratic Party. The Libertarian Party is about freedom. The Libertarian Party is the only party that wants a balanced budget, to remove money from the election process and demands term limits for our career politicians.

The thing one has to ask is Why? Why won’t the media at least mention the other party? They are programming the entire nation to think that we have 5 candidates from two parties. I can only speculate, but this is NOT how our country should work. After thinking through all the evidence, I am going to vote Libertarian because honestly, I can’t stand any of the candidates from the Republican or Democratic Party.

Be Free.