Executive Summary:
Use of everyday technology to collect personal data is increasing, and as these efforts become more intrusive, popular resentment is likely to grow.
If that irritation reaches a tipping point, existing privacy protection services will expand enormously—creating an Information Disruption Industry (IDI) dedicated to thwarting the collection, storage, and sale of personal data.
The expanded IDI’s efforts will do direct and indirect damage to a wide range of systems—even systems unrelated to personal data collection.
This likely scenario has the potential to seriously impact the information landscape in 2035, if not sooner.
End of Summary
I presented the paper in a webinar hosted by the Mad Scientist Initiative and Georgetown University on May 10, 2020. The complete webinar can be viewed at:
https://www.youtube.com/watch?v=j2-cjW1cmrQ&t=75s
Top cited managing information technology articlesIJMIT JOURNAL
The International Journal of Managing Information Technology (IJMIT) is a quarterly open access peer-reviewed journal that publishes articles that contribute new results in all areas of the strategic application of information technology (IT) in organizations. The journal focuses on innovative ideas and best practices in using IT to advance organizations – for-profit, non-profit, and governmental.
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSIJMIT JOURNAL
This paper discusses the strengths and weaknesses of proper engineering and life cycle management on
higher level cyber security operations. Rushing innovation and increasing profits undermines the
foundations need to operate and create secure stability in IT based companies. This research argues how it
must be considered and how effective engineering processes greatly add to security even post
implementation.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaJim Kaplan CIA CFE
A presentation for the 2014 TeamMate User Conference as a guide for auditors on bring your own device and mobile device management – an important and timely topic for auditors in all organizations.
Top cited managing information technology articlesIJMIT JOURNAL
The International Journal of Managing Information Technology (IJMIT) is a quarterly open access peer-reviewed journal that publishes articles that contribute new results in all areas of the strategic application of information technology (IT) in organizations. The journal focuses on innovative ideas and best practices in using IT to advance organizations – for-profit, non-profit, and governmental.
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSIJMIT JOURNAL
This paper discusses the strengths and weaknesses of proper engineering and life cycle management on
higher level cyber security operations. Rushing innovation and increasing profits undermines the
foundations need to operate and create secure stability in IT based companies. This research argues how it
must be considered and how effective engineering processes greatly add to security even post
implementation.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaJim Kaplan CIA CFE
A presentation for the 2014 TeamMate User Conference as a guide for auditors on bring your own device and mobile device management – an important and timely topic for auditors in all organizations.
An Overview of Information Systems Security Measures in Zimbabwean Small and ...researchinventy
This paper reports on the Information Systems (IS) securitymeasures implemented by small and medium size enterprises (SMEs) in Zimbabwe. A survey questionnaire was distributed to 32 randomly selected participants in order to investigate the security measures and practices in their respective organisations. The results indicated that over 50% of the respondents had installed firewalls, while more than 80% carried out regular software updates and none of the respondents had intrusion detection systems. The researchers recommended that SMEs work to enhance their knowledge on the different IS threats in order to enable the implementation of preventive measures.
This Paper is Submitted to Fulfill The English 2 Task Study Program Software Engineering 4th Semester Buddhi Dharma University. Tangerang. Lecturer: Dra. Harisa Mardiana, M.Pd.
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
Hundreds of companies, and the most demanding Federal agencies rely on DMI for Mobile Security services and solutions. And with more than 500,000 devices under management, we know how to do it right.
Now we’ve distilled 9 years of Mobile Security best practices into a white paper you can download. The paper lays out a smart, sensible approach to managing mobile risk without unnecessary cost and business disruption.
Please be our guest and check out the white paper. You’ll learn:
How to identify and protect against the threats that matter the most
What to do about “the hottest new technologies”
How to get the most protection for the least cost and disruption
The key differences and similarities between Mobile and traditional cybersecurity
- See more at: http://dminc.com/solutions/enterprise-mobility-services/mobilesecuritywp/#sthash.yTptNZRw.dpuf
Accelerite Sentient helps IT administrators to find and fix critical security, compliance and configuration issues in the endpoint network within seconds. It gets real-time information across enterprise endpoints thus, classifies and presents the endpoint information obtained in visual and graphical format .
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
The law of unintended consequences strikes again. In an effort to address security risks in enterprise IT systems and the critical data in them, numerous security standards and requirement frameworks have emerged over the years. But most of these efforts have had the opposite effect — diverting organizations’ limited resources away from actual cyber defense toward reports and compliance.
Recognizing this serious problem, the U.S. National Security Agency (NSA) in 2008 launched Critical Security Controls (CSCs), a prioritized list of controls likely to have the greatest impact in protecting organizations from evolving real-world threats. This SANS Institute survey of nearly 700 IT professionals across a range of industries examines how well the CSCs are known in government and industry and how they are being used.
For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html.
What should organizations be concerned about when using Machine Learning for Predictive Modeling techniques? Divergence Academy and Divergence.AI are leading efforts to bring Algorithmic Accountability awareness to masses.
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
Protecting enterprise systems against cyber threats is a strategic priority, yet only 42% of executives are confident they could recover without impacting their business from a cyber event. Find out the hidden risks of shadow IT, cloud and cyber insurance.
5 STEP PROCESS TO MOBILE RISK MANAGEMENT
1/ Understand how employees want to use Mobile Devices and Applications
2/ Identify potential threats
3/ Define the impact to the business based on probable threat scenarios
4/ Develop policies and procedures to protect the business to an acceptable level
5/ Implement manageable procedural and technical controls, and monitor their effectiveness
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
This presentation was given by Eric Vaughan to a meeting of the Security Special Interest Group (SIG) of the Software Developers (SD) Forum, in Palo Alto, CA, in July 2008.
An Overview of Information Systems Security Measures in Zimbabwean Small and ...researchinventy
This paper reports on the Information Systems (IS) securitymeasures implemented by small and medium size enterprises (SMEs) in Zimbabwe. A survey questionnaire was distributed to 32 randomly selected participants in order to investigate the security measures and practices in their respective organisations. The results indicated that over 50% of the respondents had installed firewalls, while more than 80% carried out regular software updates and none of the respondents had intrusion detection systems. The researchers recommended that SMEs work to enhance their knowledge on the different IS threats in order to enable the implementation of preventive measures.
This Paper is Submitted to Fulfill The English 2 Task Study Program Software Engineering 4th Semester Buddhi Dharma University. Tangerang. Lecturer: Dra. Harisa Mardiana, M.Pd.
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
Hundreds of companies, and the most demanding Federal agencies rely on DMI for Mobile Security services and solutions. And with more than 500,000 devices under management, we know how to do it right.
Now we’ve distilled 9 years of Mobile Security best practices into a white paper you can download. The paper lays out a smart, sensible approach to managing mobile risk without unnecessary cost and business disruption.
Please be our guest and check out the white paper. You’ll learn:
How to identify and protect against the threats that matter the most
What to do about “the hottest new technologies”
How to get the most protection for the least cost and disruption
The key differences and similarities between Mobile and traditional cybersecurity
- See more at: http://dminc.com/solutions/enterprise-mobility-services/mobilesecuritywp/#sthash.yTptNZRw.dpuf
Accelerite Sentient helps IT administrators to find and fix critical security, compliance and configuration issues in the endpoint network within seconds. It gets real-time information across enterprise endpoints thus, classifies and presents the endpoint information obtained in visual and graphical format .
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
The law of unintended consequences strikes again. In an effort to address security risks in enterprise IT systems and the critical data in them, numerous security standards and requirement frameworks have emerged over the years. But most of these efforts have had the opposite effect — diverting organizations’ limited resources away from actual cyber defense toward reports and compliance.
Recognizing this serious problem, the U.S. National Security Agency (NSA) in 2008 launched Critical Security Controls (CSCs), a prioritized list of controls likely to have the greatest impact in protecting organizations from evolving real-world threats. This SANS Institute survey of nearly 700 IT professionals across a range of industries examines how well the CSCs are known in government and industry and how they are being used.
For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html.
What should organizations be concerned about when using Machine Learning for Predictive Modeling techniques? Divergence Academy and Divergence.AI are leading efforts to bring Algorithmic Accountability awareness to masses.
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
Protecting enterprise systems against cyber threats is a strategic priority, yet only 42% of executives are confident they could recover without impacting their business from a cyber event. Find out the hidden risks of shadow IT, cloud and cyber insurance.
5 STEP PROCESS TO MOBILE RISK MANAGEMENT
1/ Understand how employees want to use Mobile Devices and Applications
2/ Identify potential threats
3/ Define the impact to the business based on probable threat scenarios
4/ Develop policies and procedures to protect the business to an acceptable level
5/ Implement manageable procedural and technical controls, and monitor their effectiveness
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
This presentation was given by Eric Vaughan to a meeting of the Security Special Interest Group (SIG) of the Software Developers (SD) Forum, in Palo Alto, CA, in July 2008.
13421ijmit03Engineering Life Cycle Enables Penetration Testing and Cyber Oper...IJMIT JOURNAL
This paper discusses the strengths and weaknesses of proper engineering and life cycle management on
higher level cyber security operations. Rushing innovation and increasing profits undermines the
foundations need to operate and create secure stability in IT based companies. This research argues how it
must be considered and how effective engineering processes greatly add to security even post
implementation.
An Improved Method for Preventing Data Leakage in an OrganizationIJERA Editor
Data is one of the most important assets an organisation has since it denes each organisations unique- ness.It
includes data on members and prospects, their inter- ests and purchases, your events, speakers, your content,
social media, press, your staff, budget, strategic plan, and much more. As organizations open their doors to
employees, part- ners, customers and suppliers to provide deeper access to sensitive information, the risk
sassociated with business increase. Now, more than ever, within creasing threats of cyber terrorism, cor- porate
governance issues, fraud, and identity theft, the need for securing corporate information has become paramount.
Informa- tion theft is not just about external hackers and unauthorized external users stealing your data, it is also
about managing internal employees and even contractors who may be working within your organization for
short periods of time. Adding to the challenge of securing information is the increasing push for corporate
governance and adherence to legislative or regulatory requirements. Failure to comply and provide privacy,
audit and internal controls could result in penalties ranging from large nes to jail terms. Non-compliance can
result in not only potential implications for executives, but also possible threats to the viability of a corporation.
Insiders too represent a sign cant risk to data security. The task of detecting malicious insiders is very
challenging as the methods of deception become more and more sophisticated. There are various solutions
present to avoid data leakage. Data leakage detection, prevention (DLPM) and monitoring solutions became an
inherent component of the organizations security suite.DLP solutions monitors sensitive data when at rest, in
motion, or in use and enforce the organizational data protection policy.These solutions focus mainly on the data
and its sensitivity level, and on preventing it from reaching an unauthorized person. They ignore the fact that an
insider is gradually exposed to more and more sensitive data,to which she is authorized to access. Such data
may cause great damage to the organization when leaked or misused. Data can be leaked via emails, instant
messaging, le transfer etc. This research is focusing on email data leakage monitoring, detection and
prevention. It is proposed to be carried out in two phases: leakage detection through mining and prevention
through encryption of email content.
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INFORMATION SYSTEMS 1
Security and safety of the power grid and its related computer information systems
Name of the student:
Name of the institution:
There have been increased use and application of information and communication technologies in most of critical infrastructures and departments of the government. They have proved to be fundamentally significant in helping the various departments to carry out their daily activities with a lot of ease and proficiency. However, these systems have also opened quite a considerable unforeseen opportunity both positive and negative. The infrastructures have become highly efficient and flexible and this has been very beneficial to the people. On the other hand, there have been persistent problems with cybercrimes and hackers who have outsmarted the government and the set securities protocols every now and then. This has made the state lose billions of dollars in a theft of its secrets and high-level information. In this case, it is right to analyze all the general impacts that can be put in place to prevent cybercrimes as well as threats. It is hence important to validate all the necessary measures that need to be put in place in every organization. The paper will hence give recommendations that can help the named organization solve the issues mentioned.
To address this issue, proper precautions needs to be put in place. The government has to demonstrate preparedness in combating this crime both in terms of systems put in place and also the legal jurisprudence (Higgins, 2016). The US power grid system is an interconnected system that is made up of power generation, transmissions software, and its distribution with a capacity to bring down the whole economy if not well protected. The nation's department of defense (DoD) is one of the most critical and sensitive institutions that can paralyze the state if tampered with by unscrupulous individuals. The situation is even worse if there is an advanced persistent threat (APT) against computers and software that operates the western interconnection power grid. This needs an urgent measure to remove the threat immediately and avoid its reoccurrence. We recommend the following security and safety of the power grid and its related computer information systems are taken by the concerned departments:
a. Creation of a special branch that is specifically dedicated to cyber security
It is high time for the government to come up with a special branch of the military personnel that will be dedicated to fighting cybercrimes (Higgins, 2016). Its main function will be to detect cybercrime activities, to develop mechanisms to prevent cybercrimes, apprehend, arrest and align cyber criminals in a court of law.
b. Creation of special court to determine cybercrime cases
Security and safety of the power grid and its related computer information systems and those crimes associated w.
This is a presentation I gave for the UQ Business School (in conjunction with Stan Gallo of KPMG) at the Urbane Restaurant to a group of Queensland CEO/C-Suite people. These dinners are part of UQ's engagement with the business community - a relationship we value. This engagement ensures we don't get all locked up in our ivory tower.
Security is not an area newly arisen in the wake of the 9/11 tragedy. There have always been reasons to be concerned:
conflicting priorities, business environmental factors, information sensitivity, lack of controls on the Internet, ethical lapses,
criminal activity, carelessness, and higher levels of connectivity and vulnerability. It’s a tradeoff between limiting danger
versus affecting productivity: 100 percent security equals 0 percent productivity, but 0 percent security doesn’t equal 100
percent productivity.
If you're serious about becoming a successful, well-rounded IT professional, you need to
constantly broaden your skills and knowledge--and in some areas that might surprise you. This list details
key competencies that will help advance your career.
Focused Cooperation: A Counterintuitive Approach to Managing Global ProblemsVincent O'Neil
Because large organizations are often impeded by their size, composition, and structure, in this presentation I recommend that actors interested in solving problems big and small should form action-oriented groups focused on developing and implementing real solutions to specific problems.
Spheres of Influence: Managing Hidden RisksVincent O'Neil
Our increasingly interconnected world can expose your business to unanticipated dangers. This presentation offers a 3-step approach for identifying and mitigating hidden risks, including second- and third-order effects.
Presented at the 2019 Boskone science fiction convention in Boston, this workshop offers tips and examples for punching up the dialogue sequences in your writing.
Writing Action Scenes: You'll be Lucky to SurviveVincent O'Neil
This presentation provides detailed tips and techniques on crafting action sequences that put the reader right in the midst of the tumult. Complete with example excerpts.
This was delivered at the Sleuthfest mystery convention in Boca Raton on March 1, 2018.
A live audio version of this workshop, along with the live audio for three more of the presentations I have posted on this site, are available for purchase from VW Tapes: Conference & Seminar Recording. If the link below doesn't work, please go to the VW Tapes webpage and type my name in the Search box.
http://vwtapes.com/search.aspx?find=Vincent%20O'Neil&fbclid=IwAR0SkwWW5izLbBFvZHKhqOI953GMXhhsFBsg749We3dvq4-43BcFj_S-aMU
The Brute Force and Ignorance Approach: Writing when you have no plan, no plo...Vincent O'Neil
Award-winning novelist Vincent H. O'Neil's comprehensive workshop on generating and shaping an idea, from brainstorming to plot development. Presented at the Sleuthfest mystery convention in Boca Raton, Florida in 2017.
A live audio version of this workshop, along with the live audio for three more of the presentations I have posted on this site, are available for purchase from VW Tapes: Conference & Seminar Recording. If the link below doesn't work, please go to the VW Tapes webpage and type my name in the Search box.
http://vwtapes.com/search.aspx?find=Vincent%20O'Neil&fbclid=IwAR0SkwWW5izLbBFvZHKhqOI953GMXhhsFBsg749We3dvq4-43BcFj_S-aMU
Award-winning novelist Vincent H. O'Neil's workshop on continuing to generate new ideas (and better ones) throughout a writing project. Presented at the Sleuthfest mystery convention in Boca Raton, Florida in 2017.
A live audio version of this workshop, along with the live audio for three more of the presentations I have posted on this site, are available for purchase from VW Tapes: Conference & Seminar Recording. If the link below doesn't work, please go to the VW Tapes webpage and type my name in the Search box.
http://vwtapes.com/search.aspx?find=Vincent%20O'Neil&fbclid=IwAR0SkwWW5izLbBFvZHKhqOI953GMXhhsFBsg749We3dvq4-43BcFj_S-aMU
Writing in Different Genres: Why, Why Not, and How ToVincent O'Neil
Presentation outlining some of the reasons why writers might try creating works in more than one genre, complete with definitions, guidance, and examples.
This is a presentation I gave at the 50th annual "Boskone" literary science fiction convention in Boston, Massachusetts in February, 2013. It covers the different ways that Excel can be used to aid in brainstorming, developing an idea, building a plot, and considering alternatives when writing a story
Risk consultant Vincent H. O’Neil argues that financial crises are often fueled by uncertainty—and that the creation of a hard-number maximum exposure value can help end that uncertainty and clear the way to a solution.
This presentation describes a new method for controlling risk and preparing for the next financial crisis which puts a hard-number Maximum Loss Value (effectively a cap) on every financial arrangement.
HOW TO USE ACTING AND DIRECTING TECHNIQUES
TO IMPROVE YOUR WRITING
(from a presentation at the Emerald Coast Writers Conference in Fort Walton Beach, Florida)
This article was published in the April, 2009 edition of Risk Management Magazine. It describes how any organization, but financial institutions in particular, can build a top-down and bottom-up risk management system.
Dissecting the first pages of famous mystery novels, with comments about what makes them good openings (from a presentation at the Mystery Writers of America "Sleuthfest" conference in Deerfield Beach, Florida)
This is a step-by-step method for organizing your thoughts and then writing a convincing essay--so easy, anyone can use it.
I'm a published author of mystery, science fiction, and horror. Please visit my page at www.vincenthoneil.com
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
2. Outline
• Executive Summary
• Introduction
• The Expanding Information Disruption Industry
• Ramifications for the Operational Environment
• What to Do—First Steps
• Summary
3. Executive Summary
Use of everyday technology to collect personal data is
increasing, and as these efforts become more intrusive,
popular resentment is likely to grow.
If that irritation reaches a tipping point, existing privacy
protection services will expand enormously—creating an
Information Disruption Industry (IDI) dedicated to thwarting
the collection, storage, and sale of personal data.
The expanded IDI’s efforts will do direct and indirect damage
to a wide range of systems—even systems unrelated to
personal data collection.
This likely scenario has the potential to seriously impact the
information landscape in 2035, if not sooner.
4. Collection of Personal Data
People are already concerned about this collection:
• Mentioning a product in an electronic communication often
causes the appearance of online ads about that product
• Cases such as the Cambridge Analytica scandal show large-
scale collection of personal data goes on without public
consent
• News stories and/or personal notifications about corporate
data breaches feed the belief that no collected information
is safe
5. Popular Resentment
Resentment: Bitter indignation at being treated unfairly
The targets of the data collection dislike the invasion of their
privacy already. That feeling is multiplied by the realization:
• They’re paying for the devices (phones and cars) commonly
used to track their behavior, habits, and movements
• The tracking and collection is often concealed from them
• Their personal devices could potentially be accessed as part
of legal proceedings
6. The Tipping Point
Public opinion could be shifted to outright resistance by news
stories showing data collection can cause actual harm:
• Domestic violence victims hiding from their tormentors who
were uncovered by technological tracking
• Conviction of innocent people through the use of
circumstantial evidence gained through personal data
collection
• Social media analysis by employers and/or universities that
rejected qualified candidates
7. Expansion of the Disruption Industry
Entities offering services designed to thwart the collection
and sharing of personal data already exist.
Once people see data collection and technological tracking as
a real threat, they’ll pay to protect themselves. That funding
will generate the expanded IDI.
The IDI’s techniques will range from covert alteration of data
to the crashing of entire systems.
PRECISION
• Overt
• Damaging
• Low-margin
• Stealthy
• Sophisticated
• High-end
8. Precise Disruption
• Target specific information as directed by the client
(movements, purchases, personal communications)
• Leave other information intact (high credit score, records of
education & employment)
• Key goal is to do this without detection
• Attracts staff from the collection industry—better pay and
more socially acceptable
• Will still do damage to systems:
• Disruption of normal system functions
• Unintended consequences
• Numerous, uncoordinated actors
9. Imprecise Disruption
• Monkey wrench-in-the-gears approach
• Low-end, low-margin business
• Not concerned with stealth
• May crash entire systems
• Cover for hackers—identifying a Trojan Horse is difficult
when it arrives in the middle of a stampede
• May give a significant boost to privacy protection overall:
• Cast doubt on the reliability of collection efforts
• Reduce the value of purchased data
10. Legal Acceptance
• Numerous court cases (lawsuits and criminal actions) are
likely to arise from this conflict
• Supreme Court rulings that connect the IDI—or its clients—
with the defense of individual rights will make the IDI even
more socially acceptable and give it legal protection
• Even if the collectors pledge to stop gathering personal
information, the public is unlikely to believe it
• The more precise operators could also offer a service where
they monitor clients’ personal information and repair it
when it’s damaged by the IDI
11. Continuous and Widespread Disruption
The IDI will attack the collection, storage, and dissemination
of personal data at every level and at every step in those
processes.
This will create a kaleidoscopic information landscape
populated with data that requires frequent verification and
systems that malfunction randomly.
All of this will generate second-order effects that will be as
harmful as they are unpredictable.
12. Second-Order Effects
The increasingly interconnected nature of the technological
world will magnify the impact of any disruptions and generate
problems in unexpected areas.
Hooking everything from household appliances to hospital
information systems to the internet creates a myriad of
opportunities for intentional—and unintentional—disruption.
13. Second-Order Effects - Example
Tracking technology that utilizes the GPS system will be a
particularly important target for the IDI. Disrupters seeking to
prevent the collection of information regarding a client’s
movements could attack the system itself or leverage systems
that connect to it.
The argument that barriers are in place to prevent this is not
sufficient, because the tech is constantly changing. Seemingly
minor adjustments to code, hardware, and protocols can
create unexpected vulnerabilities.
14. Ramifications for the Operational Environment
The expanded IDI has the potential to seriously impact the
operational environment in 2035— if not sooner.
Most US military technology is created by civilian businesses,
and modified versions can be sold in non-military markets.
That intersection alone has the potential to render many
military systems vulnerable.
Former military personnel will also join the ranks of disrupter
organizations, bringing valuable knowledge about the setup,
operation, and weaknesses of those systems.
Additionally, the confused nature of the information
landscape will assist actual enemy actors in their attempts to
attack government and military systems.
15. Non-Military Targets
These attacks won’t necessarily need to be directed at military
targets:
Disruptions of civilian communication systems will have a
negative impact on deployed troops who have gotten used to
being able to contact their loved ones.
Other disruptions such as compromised credit scores and
frozen bank accounts cannot help but distract deployed
soldiers from their missions and focus their attention back
home.
16. GPS Disruption
Revisiting the previous example regarding the GPS system, any
disruption of satellite location functionality could have
enormous consequences for the operational environment.
Lost units, misdirected supplies, and errant ordnance are just
a few of the potential ramifications.
No matter how advanced the technology becomes, it’s only
going to be as accurate as the information it uses and as
secure as the other systems it accesses.
17. Support Systems
Use of civilian technology for maintenance and logistical
functions leaves these vital areas open to the effects of any
disruptions that occur in those systems worldwide.
Patches and updates for these products are usually
mandatory and, while they may be designed to address a
problem or shortcoming in the existing system, they could
also carry code or information from disrupter organizations.
18. What to Do—First Steps
Operating in this future environment calls for a broad
approach designed to prepare for and manage the wide-
ranging impact of the expanded IDI.
A supervisory authority should be tasked to direct this effort,
and every level of the national defense apparatus has a role.
19. Verify the Data
Establish a mechanism to continuously verify information
and generate alerts: The national defense apparatus uses
many technological systems, frequently with overlapping
capabilities. That overlap could be leveraged to verify
information used across these systems and provide warning
when data is inaccurate or a function has been disrupted.
The systems don’t need to interface to create these
verification capabilities—on the contrary, connection would
make them vulnerable to the same threats.
As an example, this mechanism could provide ongoing checks
that geographical location A is actually situated at
geographical location A—and raise a red flag when one
system says it is not.
20. Ask, “What If?”
Conduct wargaming at all levels: The operational
environment includes a multitude of systems that could be
impacted by the IDI.
The supervisory authority mentioned earlier should require
the owners/operators of each system to identify every system
that connects to it and every entity that uses it.
Each of those systems and entities will undergo similar
analysis, creating a continuously updated nodal diagram
showing how these separate factors influence each other.
That will be the start point for wargaming the possible results
of disruptions anywhere across those nodes.
21. Create Redundancy
Identify substitutes and replacements: No amount of
wargaming or testing will prevent disruptions. Commands and
units must be ready to lose systems and keep functioning until
those systems are available again.
Lessons learned in the wargaming will help identify key
capabilities that must be maintained. It will also identify
systems that might be leveraged to do the different tasks of
the missing system in an emergency.
When no such temporary replacement can be found, or when
a system is simply too important, the creation of a redundant
system may be necessary.
22. Repair the Damage
Fix broken systems quickly: Identifying the “last functioning
point” before a disruption can help recover a malfunctioning
system. Frequent archiving of data and programming can offer
a chance of “resetting” the system to an earlier point that
brings it back into operation.
Lessons learned from cyber attacks and security breaches that
occur in peacetimes should be analyzed for techniques that
can be applied during wartime.
Existing disaster recovery and data recovery programs, both
public and private, could be good sources of additional tips
and techniques for this.
23. Identify Quick Fixes
Analyze field-expedient solutions: The supervisory authority
should create a “best practices” center that solicits, verifies,
tests, and disseminates information on variations, substitutions,
and workarounds developed in the field.
These best practices should be promulgated widely, so that
people working with System A will be aware of a workaround in
System B that can also be applied to System A in an emergency.
24. Provide Incentives
Encourage innovation and participation: Get everyone
involved in conducting “What if?” analysis and identifying
field expedients by creating a rewards program.
Money, public acknowledgment, medals, and promotions can
help motivate people to ask these questions and come up
with solutions ahead of time.
25. Train With Manual Options
Train with manual options: Leverage the results of the “what
if?” analysis and field expedients to identify every possible
means of manual intervention or substitution when a
system—or part of a system—is disrupted.
Make training on these manual options mandatory, and
include them in all operational manuals.
No matter how much effort goes into preparing for the loss of
a system, the force must be ready to do without a system for a
protracted period of time when necessary. When a substitute
system isn’t available and a manual option is, the force needs
to be trained and ready to use that manual option.
26. Summary
• Popular resentment of personal data collection is likely to
cause a dramatic expansion of the Information Disruption
Industry (IDI)
• The IDI’s efforts will do direct and indirect damage to a wide
range of technological systems—even systems unrelated to
personal data collection.
• This likely scenario has the potential to seriously impact the
information landscape in 2035, if not sooner.
• Operating in this future environment calls for a broad
approach designed to prepare for and combat the wide-
ranging impact of the IDI.
27. About the Author
Vincent H. O’Neil is a risk manager, writer, and public speaker.
He holds degrees from West Point and The Fletcher School.
He’s also the author of the Frank Cole mystery novels from St.
Martin’s Press and the Sim War military science fiction series
(written as Henry V. O’Neil) from HarperCollins.
www.vincenthoneil.com
www.linkedin.com/in/vincenthoneil