Rapid Response in a CyberSecurity Emergency: dealing with faulty technology while rapidly improving security
Disclaimer: This content is the result of my having survived several emergencies of varying effect sizes. Most of these ideas are rules of thumb, and not canned answers. As in any emergency your best outcome will be if you keep calm, consider many options, and flow from plan to backup plan as required. Always use your best judgment, clearest logic, and all your people skills.
The primary audience of this tutorial is people live in, travel to, or travel from an area with greater cybersecurity risk than other places.
Here, we take a holistic view on cybersecurity by considering the security of the user, their health, and their machine. This means that health care, emergency planning and physical security are crucial. Additionally, security is a continuum from more to less secure, and it should not be viewed as a false dichotomy.
We are all responsible for security. Please respect your communities as much as possible. Please understand that there are no guarantees with cybersecurity, as Turing long ago proved that the halting problem is undecidable, meaning there is no algorithm that can tell you whether an arbitrary computer program will ever stop running. This means that computer code cannot be verified, and that security exists on a continuum in which there are no absolute guarantees.
Emergency Basics: tailored for South Florida
Some of the hardest emergencies are on-going emergencies that seem to have no beginning or end. In these cases, people do their best to carry on with daily life while protecting their family and helping their neighbors.
In any cyber emergency, the safest forms of communication are the old-fashioned ones, roughly in the following priority order: word-of-mouth, postal mail, analog telephones, cell phones, email, radio, static web pages (i.e. this one), dynamic web pages (i.e. wikipedia). Please keep in mind that an emergency may not be officially announced or officially coordinated. As always, use your best judgment.
Keep in mind that the authorities may be too busy with their local situation to properly announce an emergency or to coordinate a response. In these cases, crowd sourcing both the alert and the coordination will likely provide the most rapid response. This crowd-sourcing method is typically chosen for dealing with cybersecurity.
For crowd-sourcing to work properly, everyone needs to make independent choices and find independent solutions while continuing to work with the community for the betterment of all. Describing and quantifying such an approach has deep connections to complexity theory, statistical physics, and dynamical systems. Suffice it to say that while we cannot yet mathematically analyze these systems, many researchers think that these approaches provide the most rapid response. Basically, keep doing what you are doing. The rest of us silly academics like to talk about what other people just do naturally.
In a cybersecurity emergency, one would need to watch out for:
In a cybersecurity emergency, having a compromised computer is like holding a loaded gun; it could go off at any moment. Compromised computers can be used to incite fear, carry out crime, and induce technology errors. All of these could add up to cost the economy billions of dollars.
As a responsible computer user, we should each be aware of the major vulnerabilities in our lives and know the various recovery options. A large portion of exploits involve social engineering, so it is important to discuss the vulnerabilities of life: health, physical security, and cybersecurity. For each vulnerability, we should be aware of multiple solutions, share brainstorming with friends, and independently choose the best solution for ourselves.
It is possible that there is a natural upper limit on the number of devices that a single person can both keep secure and use. As responsible computer users, we need to be responsible for the security of every computer we use: laptop, cellphone, car, wireless router, smart-appliances, calculator, watches, elevators, etc. We should also be aware of power consumption (i.e. a boosted wireless signal requires a great deal of power), as being responsible users of the environment also heavily relates to cybersecurity.
This tutorial will focus explicitly on personal computers, as these are often considered the most secure of the various devices that I have listed.
All attendees are expected to contribute to brainstorming vulnerabilities and solutions. All attendees are expected to share openly with the goal of learning the skills to improve their cybersecurity while also working with the community to improve the cybersecurity of the local infrastructure.
Please judge your own progress in the tutorial. If you manage to improve your health, to save your data, clean your computer, and keep your computer clean during routine use and updates, you will have satisfied the requirements of the tutorial. Accomplishing this may require learning which doctors can treat you without relying on computers, which networks you can get trusted updates from and the vulnerabilities of various backup options.
Anyone who discovers a city infrastructure problem should alert the authorities. Any one who discovers a vulnerability in the health care system should alert their doctor. Any one who discovers a network vulnerability should alert the local network administrator.
The major operating systems that we discuss will be Linux, BSD, and Mac OS X as these are all variants of the UNIX operating system. If someone starts a web-page discussing Microsoft Windows, I can post a link.
Note: The professor is currently dealing with health and security issues, and will endeavor to deliver the tutorial content in a timely manner, subject to the availability of computers secure enough to post the content. Students are expected to participate in a similar manner. This tutorial works best if no one person is 'the expert' and everyone contributes their best ideas and best solutions that work for them. This web-site should not be considered a single-point of failure (which is a major security vulnerability), and all student are expected to promote distributed coordination in person and "on the ground".
Topics of Discussion
Should the professor be unable to continue delivering content, the students should form their own community and continue in the spirit of the tutorial. A good way to form this community would be for the students to meet during the regular scheduled tutorial time, and discuss their progress. If the professor is able to meet during any of the scheduled lectures periods, they will announce this on this web site.