Author: Carl Nerup

As I slogged my way along the North Coast Trail on Vancouver Island, BC, a thought (or many) occurred to me.  Hence this blog post.   The trip was a solo-trip, 8-days with no resupply, active wildlife (bears), a ‘primitive’ trail, a very remote part of the world, and a challenge to me both physically and mentally.  

The next big cyber-attack is coming, and it will not be trivial.  A state actor, critical infrastructure, broad consumer impact, not sure when or how it is coming, and you know it will be a challenge to overcome.

It turns out that backpacking is like managing your company’s cyber security.

Do you have the tools in place to prepare your strategy for ‘Defense in Depth’ to ensure that you have a safe and secure hike but also for your business by leveraging a common set of principles to drive towards risk mitigation?

Prepare for the Trip.   

• Understand the local landscape and determine if there are any specific rules or regulations that you need to be sure to follow for your trail or business vertical.
  • Read blogs, study the terrain to set your pace, and learn the rules for this trail (bear boxes).
  • Look for best practices, study other relevant use cases, and determine what certifications you need to gain to provide assurance to your business.

Pack for Contingency.

• Weather, accidents, and wildlife happen. The same could be true for your infrastructure depending on your region, HW vendors, or network availability.
  • Pack rain gear, first aid kit, gear repair supplies, short or tall gaiters, and some extra food.
  • Rain, cold, ‘brown outs’ may require back-up generators or fuel supplies.

File your Itinerary. 

• Study the terrain, determine your hiking pace, and establish camping sites. For companies learn industry practices, understand likely attacks, and read voraciously to understand your risk profile.
  • Publish your trip plan, share it with family, and then list it on your Permit.
  • Establish milestones, set contingency triggers, and educate your employees.

Paper Map.  

• Sure, it is old fashioned. But, having a hard copy map matters.  As does, having written contingency plans available to your employees.
  • Bring a basic map, a topographic map, a waterproof map, a detailed map of each section.
  • That written manual of contingency plans could be the difference if your systems are off-line.

GPS Trail Guide.

• Many applications are available for mobile devices that can guide your hike. Even airlines are using tablets for kneeboards and contingency manuals.
  • Even with no cellular coverage, your phone can still support a GPS application to help guide your hike safely or to get you back on course should you lose your way.
  • A digital set of manuals to guide your employees to maintain course and counter the inevitable threats that will present themselves.

‘Oh Poop’ Device.

• Backpacking or in Business, it happens. Be prepared.
  • This is why people now carry a Garmin In-Reach because it has a ‘Oh Poop’ button that is there for you in case the un-foreseen happens.
• Get a Red Team, get a Government Agency on file, or know who to call when the ‘Oh Poop’ moment of the hack comes for organization.

As I prepare for every hike, especially as I tend to go solo, the list above is exactly what I do to ensure that I lessen the risk as much as possible so that I can ensure a fun and safe trip for me and all of my loved ones back home wondering when I will get out.   And, in candor, most of the in-depth planning that I execute against today are from hard learned lessons on the trail over my many years of backpacking.

It is my view that this same accumulated knowledge of planning to mitigate the risk of a cyber attack to your enterprise is very similar.   Maybe the question to ask is whether you have six layers of ‘defense in depth’ to your cyber security preparation as I do for when I go backpacking?   Many lessons have also been painfully and publicly learned in the market today that you could directly apply to your own security posture.

However, if you want some help, then call me.   Call Cog Systems.  ‘Being Prepared’ is not a tired motto, it is an essential first step to lessening your risk and helping you to enjoy doing the best part of your business – delivering for your customers.

Thank you.

As the saying goes, “Curiosity killed the Cat, but Satisfaction Brought him Back…”

For those of you that know me, I have always been curious.   Some call it a thirst for knowledge though I think it would be more accurate to say I have a craving for new experiences.   Lately, that drive for more experiences has pushed me to not just explore new things or activities but to add a mental component to those experiences that allow me to test the fortitude of my mental strength and endurance.

By way of an example, winning a pickleball game is way more fun for me after I rally from being down by 5 points or more.   The win is mostly moot for me, but that I dug in and won by coming from behind is what gives me the Satisfaction to keep coming back.

The cyber security industry offers a myriad of ideas to help the curious, but in the end none of us in the industry can promise that you will not be compromised (aka dead as a cat).   But, how to get to that elusive place of Satisfaction?

Continue to be curious.  Push harder.  Add the mental component to further enhance your Satisfaction.  Add these extra foundations to your requirements for solving your next problem beyond just buying a product, but by crafting a product for you and your business.

By way of an example, we had a customer who came to us that did not want to settle by just adding some software to their existing mobile devices, but asked if we could design and build a new mobile device from the ground up in the USA.  The customer was curious.  The customer pushed. We figured it out.  It was hard.  This is what creates that strong sense of Satisfaction that keeps us coming back for our customers.   The fact that it was a very hard problem to solve brought even provided that extra mental test that I seem to crave more and more in my life.

So, do you have a hard problem?

Are you curious as to whether the cyber security community can solve that problem?

Then call me.   Call Cog Systems.    Especially as trying to solve that problem seems to be our sweet spot that gives us all the Satisfaction to keep coming back.

Thank you.   http://www.cog.systems

Sometimes, real life shows you the true potential of ‘The Perfect Hack’.

Last week, after a trip to San Diego, I woke up with cold like symptoms.  So, I took a Covid test on Wednesday and it was positive.  Fortunately, I am fully boosted so my illness was mild but regardless it was necessary for me to quarantine in my house for 5-7 days.   That Friday my friends at Comcast decided that reliable TV and Internet were now optional, and I lost all connectivity to my house.   And, as Sunday was Father’s Day, I was double disappointed because my Covid Quarantine had given me the perfect excuse to watch the US Open and literally everyone had to leave me alone (grin).

But, alas, it was not to be.

Then it occurred to me – what a perfect hack.   No TV, no internet, and I can’t go anywhere.

So, I started thinking – and I had a lot of time to do so – if I was going to cause America a giant headache, I would attack the cable companies.  Think about it – no TV, no internet, no Alexa (how do you turn off lights BTW).  And the only fix was a truck roll from Comcast that they could not do for 5 days.

For a long-time I have been pondering the ease by which someone could hack your TV and make your life miserable – and it is not like the fix is easy.  What do you do? Buy another TV, get someone to do a truck roll to fix everyone’s TV, or perhaps the brand damage is so bad that they just mail everyone a new TV.  None of these are good choices (both heavy on time and money).

Considering recent events, I now realize that the better attack is that simple modem into your house from your Cable/ Internet Provider.  It is easy to hack.  In fact, I wonder why no one has done it yet.   If you really want to make things painful for Americans – take away their TV and Internet.  Brilliant.

The irony here is that the fix is simple.  There are tools today that can be used to protect your modem into your house from malicious software – not that they are implemented as the price might add another $0.25 to the BOM cost of your modem (got to keep that cost down).   My company does it today for folks that do worry about the potential for exactly this kind of hack.

However, we as consumers do not demand the protection and the cable companies don’t want to spend the money – and you know the government does not want to tell them what to do (if they could agree).   So, enjoy your connectivity but do not take it for granted because what is here today could (and likely will) be gone tomorrow.

Postscript:  No TV or Internet did allow me time to have some great conversations with my spouse, read some books that I have really wanted to get to, and take a nap or two.  And, without all the noise of the world, my stress level did go down quite a bit……but, I knew how long my outage would last.  With a hack – all bets are off for how long the fix would take.

This week I had the privilege of spending some time with one of my very long-term friends who is truly a very good person and tragically, in the late stages of cancer.   While his time may be coming sooner than the rest of us, it was very much a sobering event in my life.  Admittedly, while I am certain I am not the first person to experience this, for me it made for a tough day.

As we were talking, I asked him what he misses in his life right now and he took the moment to share.   He misses driving for himself, he misses the chance to play golf, and then he said he misses his grandchildren.  I paused and asked “But, you get to see your grand kids right now – yes?”  His answer was telling, as he went on to say, “I am going to miss the chance to see them grow up.”   Then he paused, looked at me and said: “I guess what I am really saying in a more nuanced way is that I am going to miss the time I thought I would have.”   We chatted a bit more,  then it was time for me to go and we parted with a few tears and a genuine sense of love shared between us.

The Insight.

As I was thinking about my visit, it seemed that he left me with an important question.   I can live in the past, focus on my future, but how much time do I really spend in the present sharing what I think right now with those I love?

There is a popular Chinese proverb that says: “The best time to plant a tree was 20 years ago. The second-best time is now.”  So, I took it to heart and called my family, close friends and told them what they mean to me and that I love them.   After all, what was I waiting for?   I thank my friend for this gift, for he took some of that precious time he had, shared some of his wisdom to make me and the world a better place.

So, I made the leap to how this might apply to my current efforts in working with my customers.

What are you waiting for?  The threats in our world are real and present.  The time to make your personal and corporate security happen is today.   We at Cog Systems have some ideas and would gladly share them with you to help make your connected devices more secure.  We even have some products you can buy today that will bring that added protection that you know you need.

Plant a Tree Today.

In short, plant your tree now by investing to make yourself and your company a more secure environment.

Personal Note.

Oh, and if you will allow, pick up the phone and call that person that means so much to you and tell them directly why they are so valuable and that you love them.   You will never regret it.

You lock your front door, right?   Do you also lock the back door?   What about your windows?   Well – duh – of course you do, common sense requires you at least do the basics to protect your home and family.

So, back to Katy.   Did you know the phrase “Katy, Bar the Door’ goes back to 1437 with the Scottish King James I?   Turns out the King was in Perth and a few of his more discontented subjects wanted to have a word.  Tragically, the room that King James was in had a door that was missing a locking bar.  The story goes that Catherine Barlass tried to save him by barring the door with her arm. Her arm was broken, and the mob murdered the King. Hence, the term the ‘lass that barred the door‘ was born and commemorated in Dante Gabriel Rossetti’s poem The King’s Tragedy in 1881.

In this case, we treat VPNs as the lock for the front door of our connected devices.  But, what about the back door, or your windows?  Remember there is always an angry mob coming for your device.

So, “Katy bar the front door, the back door, and the windows!”   This is an overly simple analogy for leveraging defense in depth – just in case someone tries to breach one of your many entry points.  You sure do not want your laptop to suffer the same fate as the Scottish King.

Use your VPN, but then add a Protocol Break, and a Firewall.  Now we have protected three potential threat vectors to your connected device.   Is this enough?  No, but what do you think your insurance agent might say if you failed to only lock your front door?  Heck, what would Katy say?

Aegis Secure is now making a world class Enhanced Retransmission device (ERD) to give you a way to lock the back door and windows as part of your Defense in Depth protection for your connected devices (a VPN is the front door).   In collaboration with Cog Systems, Aegis Secure is now offering a commercial ERD that gives you a Firewall & Protocol Break through a simple 2” square device you tether to your connected devices to bring these added security features to your end user device.

Aegis Secure helps you bar the doors and windows, in partnership with your VPN.

In honor of Katy, let Aegis Secure help you bar the doors and windows.  Ping www.aegis51.com to help you realize Defense in Depth for yourself and everyone in your company.