Chicago Tribune reported, “US says Chinese military behind Equifax breach that stole Americans’ personal data” Data Breach Response Experts Lee Neubecker and Kari Rollins say “Data Breach is inevitable!” They give us advice on how to prepare.
Sedona Conference Incident Response Guide
It is not a question of if you will fall victim to a Data Breach incident, it is when. Organizations large and small need to be ready for when cybercrime strikes. Data Breach Response Experts Lee Neubecker and Kari Rollins know how to prepare for a data breach without breaking the bank. Kari is a partner in the Intellectual Property Practice Group for Sheppard Mullin in New York, and also a member of the Sedona Conference, Working 11 group. Kari describes the Sedona Working 11 as a group of Cyber Breach Experts who design tools and how-to resources that are available to the general public through the Sedona Conference website. The Sedona Conference is a nonprofit research and educational institute that brings together jurists, lawyers, experts, and academics. Kari and Lee share their combined knowledge and talk about the options available to small to midsize companies that may not have the resources in-house necessary to respond to a data breach incident.
Watch Part 1 of our 3 Part Series on Data Breach Readiness follow:
Kari Rollins and Lee Neubecker discuss Data Breach: Sedona Conference
The Video Transcript of Data Breach Response Experts Kari Rollins and Lee Neubecker Follows
Lee Neubecker (LN): Hi, I’m here today with Kari Rollins. She’s the co-managing partner of the New York office of Sheppard Mullins. Thanks for being on the show.
Kari Rollins (KR): Thank you for having me.
LN: And I had Kari, she’s a specialist in the whole area of privacy related litigation involving data breaches and personal information and what not. She’s also a member of the Sedona Conference. Could you tell everyone a little bit about what the Sedona Conference does?
KR: Sure, so the Working Group 11 is the Working Group that is dedicated to helping companies and other practitioners understand some of the hot topics and legal issues in data privacy and cybersecurity today that are rapidly evolving as the laws in that area change. And the Sedona Conference itself is dedicated to pulling together practitioners from private sector, public sector, judges, regulatory authorities who all come to talk about their experiences in these different specialized areas so that it you know, you have a knowledge base with a wide variety of perspectives.
LN: Great and so I asked you to come on to talk a little bit about the data breach incident response guide that the conference came up with. Can you tell us what this is about?
KR: Sure, so as a member of the Working Group 11, several of us at the request of Sedona Conference came together to put together what our views were on how to handle a data breach, or an incident response from the very beginning of the breach life cycle, i.e. planning for and anticipating a breach, through the breach investigation itself and even thinking about issues that may be implicated in a post-breach regulatory inquiry and how companies can best defend themselves and prepare for what is now today, the inevitable, a data incident.
LN: So this is a free resource available to anyone?
KR: It is a resource available to anyone. It’s really a practitioner’s guide. We think this is probably best used by small to midsize companies who may not have the resources or staff in-house, legal staff in-house dedicated to responding to incidents. And it’s, though it can be used by any practitioner, any counsel, any type of company, we do expect that this is probably something that would be useful to small to midsize companies as really a guideline and material to help them issue spot and understand what are the issues in incident response? What should I be concerned about? What are the pitfalls? What am I going to need to be on the lookout for?
LN: Great, and if people want more information about this or want to download the guide, where can they obtain it from?
LN: Great, so in our next segment, we’re going to be talking a little bit about what should be done before a data breach happens.
KR: Right.
LN: And then in our third segment, we’ll talk a little bit about okay, the data breach happened or an incident happened, what do you need to do to respond? So watch those segments and tune in again. Thanks Kari for being on.
Artificial Intelligence (AI) can be used to vastly improve the eDiscovery document review process. Zylab is one of several eDiscovery vendors offering solutions utilizing AI. Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference 2020 in New York. Lee and Jeffrey discuss how AI can be used to conduct more effective eDiscovery.
Artificial Intelligence (AI) technology is everywhere. It’s hard to imagine how it’s being used in the legal industry where legal libraries filled with law books and courts filled with black-robed judges reign. In this formal traditional world, AI is now providing smart solutions for today’s electronically stored information or ESI and is streamlining the way the Legal Industry works.
In this video, Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference in New York. Lee and Jeffrey analyze how Artificial Intelligence (AI) develops smarter solutions in the eDiscovery process. Jeffrey shares with Lee that ZyLAB’s mission is to provide automated full-text retrieval using AI, for both on-premise or cloud-based solutions.
Watch Part 1 of a Three-Part Series on Artificial Intelligence (AI) and eDiscovery.
The video transcript of AI Smarter Solutions: eDiscovery follows.
Lee Neubecker: Hi, I have Jeff Wolff, back on the show from ZyLAB. Jeff, thanks for coming back on.
Jeff Wolff: Thank you.
LN: He’s their Director of eDiscovery, and I wanted to ask him some questions as it related to what differentiates ZyLAB from other products out on the market. Some of my clients may want to use this type of artificial intelligence program to help get through their review and see what the results are of using AI verse the traditional e-discovery review process, so.
JW: Sure.
LN: Jeff, could you tell us what sets ZyLAB apart from other competitors in the marketplace.
JW: Sure, sure, so first, I think ZyLAB is uniquely positioned in the fact we understand the corporate space quite well, as well as the law firm space, but we got our start incorporate, or start in information governance. So we are very vested in search and data science, and that’s really where we’ve put a lot of our focus. We have both on-premise solutions, as well as cloud-based, SaaS solutions like every other next-gen provider. But we really push our interface, our user interface and our user experience, as one of the most unique selling points. And that is, that it is not difficult to start using. Anyone, any legal professional can pick up our product in an hour, from start to finish, and understand really how you utilize it. Drag and drop interfaces for getting data into the system, and immediate color-coding and tagging, easy search, and the ability to really visualize your data and understand what’s in the dataset.
LN: Okay. So, what would you say for a company that has to deal with multiple jurisdictions, they’re in Europe, they’re in the US. JW: Sure. LN: There are some unique challenges posed by all the various regulations out there, like GDPR.
JW: Right.
LN: Maybe the have operations in China. How could you help a company that has to deal with various regulatory authorities spanning the globe?
JW: Sure, and that’s another advantage that ZyLAB has, actually, we’re actually a global company, so we’re dual-headquartered in Washington, D.C., here in the US, as well as Amsterdam in the Netherlands, in the EU. And as a result, we have cloud operations in both jurisdictions. So our global customers can actually keep US data in the US, and they can keep the European Union in the EU, and not worry about that issue. But we also have the expertise, consulting expertise, in both environments, both geographic locations. For example, I’m doing a lot of work now with corporations, not so much focused on directly just on e-discovery, because e-discovery is a bit reactive, you know? Or corporations go through peaks and valleys with e-discovery, the litigation, something they have it, sometimes they don’t. What they constantly have though, are internal investigations, regulatory responses, in the highly regulated corporations. And more and more now, data privacy concerns. So, my European colleagues have been dealing with GDPR for a while, we’re now starting to feel it here in the US, with CCPA, the California Consumer Privacy Act. And there are a number of states on the horizon that are going to California’s examples, so corporations need to be able to find, and classify all the data that they have in their organization that has customer information because if those customers request it and they can’t provide it, they’re financially in a lot of trouble.
LN: Do you think that the regulations coming down on companies are going to fundamentally change how companies chose to communicate with their vendors, suppliers, and own employees?
JW: Absolutely. If you look at all the recent data breach situations, it’s typically not the organization that has the problem, and I won’t mention any of the large companies that have recently had data breaches, but it’s typically not the original company that had the issue, it’s one of their suppliers, or one of their vendors that had accesses to the database, and wasn’t protecting it properly, and that’s how the trouble began.
LN: Yeah.
JW: Same thing with data privacy.
LN: The supply chain certainly is a huge point of vulnerability for all types of organizations. The governments, the military,
JW: Yep.
LN: and even corporations.
JW: Yes.
LN: So what do you see happening over the next few years with the adoption of AI platforms?
JW: I think the e-discovery market is going to fundamentally change. There’s still always going to be a need for discovery within corporations and law firms, but what you do you with the data is going to become much more important, so it’s going to be about how you can extract value from the data, not just metadata, which we’ve always been able to do for years now, but now more about looking for entity information. People, places, organizations that are mentioned in documents and emails, and collaborative environments, and being able to visualize those, and quickly drill down to what was going on in your organization. You know, if you got people that are going to the dentist three times a week, they’re not doing to the dentist, they’re doing something else, They’re just writing about going to the dentist.
LN: Yeah.
JW: Software like ours that can identify those references in documents are going to be crucial to the success of organizations.
LN: That’s great. So it seems that there’s continued e-discovery service provider consolidation out there.
JW: Mmhmm.
LN: The companies that are using tools that are more of a channel partner tool to resell.
JW: Yes.
LN: But as those companies consolidate, do you think that there’s going to be a movement away from those providers where, the company, the firms, directly do their own e-discovery?
JW: Oh, yes. Yeah, very much so. We’ve been seeing that over the last few years. A lot of companies, even small companies that tend to have, in the past, just used outside vendors for e-discovery, are now deciding that they prefer to control, not just the cost, but also their data. They don’t want their data outside of the organization for reasons we’ve already talked about. So they’re purchasing in-house tools that they can use themselves, and then they can invite outside counsel in to make use of, that way they control their costs, they control the efficiency, and they control the data.
LN: Well, this has been great. Thanks a bunch for being on the show.
Forensic Experts Lee Neubecker and Cat Casey from DISCO discuss Artificial Intelligence (AI) as it relates to improving Legal technology.
Artificial Intelligence (AI) thinks, learns and problem solves more efficiently than humans. AI is all around us and in almost everything we touch, it is an algorithm that is designed to make our lives easier and is sometimes referred to as machine learning.
In the case of litigation, it can save time and money by streamlining the process of document review, eDiscovery, and preparation for forensic cases. Computer Forensic Expert, Lee Neubecker and Catherine “Cat” Casey who is the Chief Innovation Officer for DISCO discuss how AI works to improve legal technology.
DISCO is a leader in legal technology is a developer of a cloud-native eDiscovery software for law firms designed to automate and simplify error-prone tasks. They provide a myriad of different types of analytics that will supercharge searching data dramatically reducing time and money.
Part 1 of our Three-Part Series on Artificial Intelligence (AI)
Lee Neubecker (LN): Hi, I’m here today with Cat Casey from CS DISCO. Thanks for being on the show.
Cat Casey (CC): My pleasure.
LN: We’re going to talk a little about artificial intelligence as it relates to eDiscovery and document review. Cat, can you tell us just a little bit about what your firm does to help speed up the review process and lower costs for clients.
CC: Absolutely, we’re a cloud-native AI-powered eDiscovery company. And what that means is we’ve got vast amounts of elastic computational power that we can use to run a myriad of different types of analytics on data to supercharge your searching and dramatically reduce the amount of time it takes you to get to that key actionable evidence. So, we’ve kind of flipped everything on its head. Instead of being a question of how quickly can I read through all of this data, it’s how laparoscopically can I surgically find all of that key information. The results that we’re seeing are pretty resounding. Up to 60% reduction in time to get to that key evidence. Freeing up attorneys to get back to what they went to school for, the practice of law. It’s pretty compelling. We’ve had some pretty interesting additions, including even today, we just announced, I think, the first true AI in eDiscovery with AI model sharing. Basically, with each iteration, with each type of case that you conduct with DISCO, our algorithms are getting smarter. We’re extracting insights and building in more robust taxonomy and analytic structure to parse data, which is going to yield better and better results for our clients. It’s truly exciting.
LN: So we’ve come a long way from the early days when the attorneys wanted everything printed and Bates-labeled before they looked at it. To now, moving ahead using TAR, technology-assisted review, like artificial intelligence, which fits into that, correct?
CC: 100%, we have a continual active learning model, so it’s more reinforcement learning than a standard supervised learning model. Basically, from the coding of document one, our algorithm’s getting smarter and making recommendations on highly likely to be similar documents. We battle test the algorithm on an ongoing basis. Whether it is an affirmative or a negative for a suggested document, the algorithm learns more, and because of that, we prioritize the most relevant information quickly and people are able to then accelerate their review speeds by up to, I think we’ve had over 180 docs per hour. So, it’s pretty compelling and this is just the beginning.
LN: So your platform’s all in the cloud, correct? So companies or law firms, they need no infrastructure other than a browser?
CC: 100%, the nice thing, in my prior life, I ran a global discovery program, and I spent hundreds of thousands of dollars a year just to keep pace, just to have storage, just to have basic replication and back up, and all of that. Now, even a small firm, all the way up to an Am Law One firm or a massive Fortune One company, they can have the same robust technology without having to set up a data center, without having to invest a ton of money. It lets everyone level up and has a better experience throughout the discovery process.
LN: One of the challenges a lot of my clients always have is they have a need to understand what the costs are going to be and to be able to communicate to their clients those expectations so they’re not throwing their clients on the eDiscovery rollercoaster of non-controllable bills. How does DISCO help to address those concerns?
CC: Transparency is a major pain point. One of the banes of my existence used to be trying to normalize this pricing model versus this, versus this service provider, versus this technology. We just throw that all out. We charge one flat amount per gig. It includes analytics. It includes processing. It includes everything, and we work with you to get the volume of data that is being applied to that one flat cost per gig down. It eliminates that hide the ball gotcha moment and it gives a lot of transparency. And of course, if someone wants a different model, we’re happy to accommodate that. But in general, straight, simple, honest. It’s really rewarding for our clients.
LN: So, what cases, what types of litigation case matters do you see as having some of the best benefits of being migrated into your platform?
CC: Yeah, I think any case can. If you’re a tiny company, it helps you be David versus Goliath. Even on a small data volume case, you can start getting insights and reduce the amount of time you’re having to spend doing something maybe you can’t chargeback for. For a big massive case, because we are an AWS and we were built on kind of convolutional neural networking, we’re moving, and we have such a robust computational lift, even we’ve had 150 million documents with hundreds of users and we still have sub one second page to page. We are still lightning fast. And so, whether it’s a big case, a simple case, a complex case, there is a value proposition for almost anyone.
LN: In terms of the types of law firms that are using your platform, do you see many smaller, medium-size firms using your–
CC: Tons, actually tons. That was where we got our teeth. Boutique, we started as a boutique law firm. We actually were a bunch of attorneys that were frustrated that all the tools were terrible, and so they built their own. And so, the foundation of DISCO, we had a family of tons of boutique law firms that we were supporting, we still do to this day. The tool we built though, had a longer vision. It was built to be much bigger and more scalable, and as a result, that’s why you’re seeing us with major, the WilmerHales of the world, very large firms and very large corporations because the tool itself can scale up so much.
LN: Great, what are some of the challenges of working, that law firms find that already have entrenched solutions? There are other review products out there and if they really want to make the benefit of your platform, don’t they have to kind of fully use it for the case?
CC: I would say you probably don’t want to split the baby with a case. If you’re processing with another tool, you’re not going to get the same benefit as working with DISCO. But you don’t have to move your entire litigation portfolio to DISCO day one. We’re seeing a lot of people that are sunsetting Legacy Product and Legacy Platforms moving towards DISCO, but it’s not, “I’m going to move every single case today.” It’s going forward, we’re going to start bringing in new cases. There tends to be such an improved experience and improved UI for the attorneys that they start to not want to use the other technology as much.
LN: I know as a computer forensic expert, oftentimes we’re going out initially collecting and forensically preserving the data. But your product sounds like it would be right for a firm that does forensics that needs to collect different data from computers, possibly harvest just an email. Filter the dates and times of the email to a PST and then they can take those PSTs and upload it into your platform, correct?
CC: 100% and we also, we’ve productized some advanced ECA, where we charge a much, much lower rate. So, you get three months no cost hosting. It’s half the usual rate, and you can do ECA for up to three months. And the goal of that is to let’s whittle down to the most surgical, teeny, tiny, laparoscopic piece of data set that you can have. An example was we had a 20 million document case and we were able to run the ECA, get it down to about 5.6 million documents. Run more coaling, run our analytics, get it down to about 200,000 documents. And usually, that would be when you have to review every single one, but we were able to, with our workflow, with CAL, get it down to 140,000 documents. And so, if you think 50 bucks an hour, an attorney can only do 50 docs an hour, the cost savings is monumental.
LN: So as someone uses your platform and they start to tag and prioritize certain documents, your software learns based on that taking. It helps find related concepts to those conversations and what not?
CC: 100%, 100%.
LN: So really, the more that are reviewed as responsive, similar concepts and whatnot so that important links aren’t missed.
CC: 100% and because we do automatic batching, is every new batch of documents a person gets because we’ve applied this artificial intelligence and continual active learning model, it is a more relevant subset of data and people are able to go through it more faster. And sometimes, they will get to a point where they can say, “I’ve hit all my relevant information. “The rest is not relevant. “I’m going to sample it and statistically determine “I don’t have to review those last 100,000 documents “that maybe aren’t relevant,” and it’s pretty cool.
LN: In our next segment, we’re going to be talking What the trends are in the industry impacting law and eDiscovery. And then finally, we’ll talk about some of the pitfalls of what companies, organizations, and law firms face if they don’t embrace artificial intelligence to help make their review process more efficient. Well, thanks for being on the show.
CC: My pleasure.
More Related Articles About Artificial Intelligence (AI) )
Think twice before you post anything. This is just a tidbit of advice discussed with Forensic Expert Lee Neubecker and Human Resource Executive Dr. Nicole Konkel.
People are an organization’s most important resource. These same people spend a large part of their day posting to social media. Pew Research reports 69% of adults use Facebook on a daily basis making Facebook the most used social media platform. So, it’s no surprise that employers keep tabs on current employees and research potential candidates by viewing social media accounts. Human Resource Executive, Dr. Nicole Konkel, and Lee Neubecker, President & CEO of Enigma Forensics talk about the appropriate use of social media sites and the workplace. Watch this video to learn more about how employers interpret your social media activity.
Appropriate Social Media Activity in the Workplace
The video transcript follows
Lee Neubecker (LN): Hi I’m here today with Dr. Nicole Konkel. Dr. Nicole, thanks for being on the show.
Nicole Konkel (NK): Thanks for havin’ me Lee.
LN: Dr. Nicole is a specialist in organizational design and she helps organizations manage one of their most important resources, their people.
NK: Yes.
LN: So, Dr. Nicole, I asked you to come on today to talk a little bit about what should happen in the workplace with regards to appropriate use of social media while at work.
NK: Yes, get rid of it all. I’m kidding. Kidding of course. Well, you know, I happen to have had an opportunity to be in leadership positions in a lot of different roles. And, in those roles, I’ve noticed some best practices that, ya know, employees and people who are looking to get a job should and should not do. And, one of the best pieces of advice that I can give people is if you have to pause for one second to think if this should be on social media, don’t put it on social media. Everybody is looking at social media, potential employers, your current employer, managers when you’re calling out sick . To see if you actually are sick or if you’re pulling a “Ferris Ferris Bueller’s Day Off for those of us old enough to know what that means . And, at the Cubs came or whatever the case may be. And so, I would just tell people to always be thinking about what you want your professional history on social media to be like. Not today, but five years from now, 10 years from now, how ever long you plan on working.
LN: I think we had a conversation many years back where it went something like, oh well “but Lee I had my Facebook locked down.
NK: Yeah.
LN: And I said to ya at the time, you just got to assume that anything ya post might get out there.
NK: Right
LN: In fact, events that happened.
NK: Right
LN: Hopefully that advice was helpful.
NK: Yeah, so it was funny because I really argued you down about that. But, today, maybe it’s probably seven to 10 years later I’m in 100% agreement. I never post anything about my work. I never post anything about the day I’ve had at work. I never post anything that could be negatively construed.. By my company, by a competitor. And so, I make a conscious effort to make sure that my posts are pretty much meaningless.
LN: Yep.
NK: And don’t have anything to do with my career.
LN: But there’s also things that people should do. doesn’t see them.
NK: For sure.
LN: And you have to be careful because Facebook changes. Especially if you choose to post something publicly, I have to remember to go back and change the setting back..
NK: Sure.
LN: To be private.
NK: Yes, and the other thing Lee is, whatever platform you’re using, go back monthly and see what they might have changed. You just never know. I have put things as private and then a month or two months or three months later I go and look and it’s public.
LN: How does it make you feel.
NK: It’s like oh my gosh I did not want this public Facebook that’s why I had it private first. And that’s not to pick on any one social media.. Outlet But, they change things all the time. It’s social media, they’re trying to make things.. User friendly for all of us. And, ya know, be able to share as much information or as little as possible. But, check that. And make sure that what you want out there for the public is out there for the public and what you don’t is not.
LN: Another thing too that you might want to do as well is you can lock yourself down so that people can’t find you. I recommend that people have their children use sudo names if they’re going to be on Facebook.
NK: Right so their real names aren’t out there. Because, the stuff gets archived. There’s websites like PeekYou that find ways of seeing your stuff..
NK: Yeah
LN: And can get your archives that you think are locked down.
NK: Yeah. And one other thing I think is very beneficial to people that are searching for employment is that you make your profiles completely private when you’re searching for a job.
LN: And, don’t use a Email name that sounds sexualized.
NK: Yes.
LN: I mean, honestly.
NK: Sexy kitten 1995 is probably not going to get you that job. But just be mindful that, and I have done this before as an employer I’ve gone to social media to see what people’s presence has been to determine if there was anything there that would keep me for key positions and roles that I hire for keep me from wanting to hire that person.
LN: So, the dates and times of your posts matter to. If you’ve got regular posts on social media that don’t somehow tie into your work there’s a problem. Now sometimes you got to post stuff on LinkedIn..
NK: Right.
LN: To help market..
NK: Yes.
LN: Your firm and their mission. And that’s one thing but just, ya know, ask those questions and think about does this show that I’m a diligent worker if I’m commenting and Tweeting..
NK: All day
LN: All day on entertainment websites..
NK: Right.
LN: And things that don’t relate to your position.
NK: Right. And one thing that I have said I’ve never heard anyone else say this so I’m going to go ahead and say that it’s my quote. Facebook is not LinkedIn and LinkedIn is not Facebook. If the profiles of the people that you have on both of those match you’re doing something wrong . Where LinkedIn is for your professional, ya know, world and Facebook isn’t. And, there are some people I’m Facebook friends with who have sent me LinkedIn in requests that I’m not connected to because that’s not the way I want to be connected to those people. And, you absolutely have the right to do that because it’s your social media
LN: Yeah, and unfortunately, the people you connect to you can be judged against who your friends are. And, that’s always a dilemma because we can’t control our family all the time. All we can do is drop them .
NK: I’ve had to do that a couple times.
LN: But, ya know, it’s unfortunate sometimes when extended family or people that you might not be checkin’ in with post things in their profile inappropriate pictures or whatnot.
NK: Right.
LN: That could potentially reflect adversarially on you. And the thing is, if you’re interviewing me for a job you’re doing the digging you’re not telling me what you’re looking at are ya.
NK: Of course not.
LN: But you’re looking to see is this going to be a problem for me if I hire this person.
NK: Right. And I’ll give a quick example of, ya know, something that was problematic for me when I was doing research. I did see that someone I was potentially hiring had a person on their friend list that was making racists and sexist comments.
LN: And, I think everyone out there has a friend like that. Which is exactly why you should be locking down and hiding your friends so people can’t..
NK: Right.
LN: Find out.
NK: Yeah so, if you go and search me right now you won’t see much and you certainly won’t see my friend list. But, the other side of that is, ya know, if I have people on my page that are making those types of remarks, guess what, they’re gone. I don’t care if it’s my mother, I don’t care who it is. Because, that is not any type of social media conversation that I want had on my page nor do I want to be a part of it.
LN: Well, thanks so much for being on this show Nicole. It’s been great having you.
NK: Thanks for having me Lee!
To learn about the policy for social media for the U.S. Office of Personnel Management click on the link below.
Check out this story from the Society of Human Resource Management (SHRM) This article provides an overview of the use of social media by employers and their employees.
The Energy Sector must protect the electric power grid system, oil, and natural gas infrastructures from the ever changing cybersecurity environment. Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. cover the many steps necessary in detection and protection against any and all threats.
As global unrest heats up, the Energy Sector has to maintain its cool. What is the energy sector? The oil, electric power grid, natural gas refineries, and pipelines are all part of the intricate web of the energy sector. To avoid a disaster they must wrestle with the ever-changing cyber security environment, protect themselves from internal and external threats in all of the energy sector infrastructures all while keeping up with energy demands. That’s a mammoth task! Both experts agree Energy Sector protection can be achieved if approached with precision. Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. cover the many steps necessary in detection and protection against any and all threats.
Part 3 in the four-part series on Energy Sector Cyber Insecurity.
Part 3 in our Global Energy Sector Insecurity
Lee Neubecker: I’m back again with Geary Sikich and we’re continuing our series discussing cyber global insecurity, as it relates to the energy sector. And in this segment, we’re going to talk more about things that can be done to help protect against these cyber threats.
Geary Sikich: So Lee, when we look at protection, I think there’s a three-level process and I think you can describe some of the things that have to go on in these three levels. Strategically, I put together a business plan for an organization and that organization sets goals and objectives, one would be to have cybersecurity. Now, how do I execute that, what are the things that, at the operational and tactical level, the things that really are going to prevent, what are those things, what are those things that are going to help me?
LN: Well, much like we were talking before about detecting compromises, having a solid inventory on what your digital assets are, what computer devices, what cell phones, if you know what your devices are and you have that information available, you’ll be able to spot when something goes wrong. So, part of protecting is doing the bean-counting work of inventorying your digital assets.
GS: So, it’s not just an audit process, it’s a much more of a detailed look at what those assets consist of?
LN: Yeah and once you know what your assets are, you can figure out, who are they assigned to? If someone leaves your organization, you should have accountability steps in place to retrieve those assets. You should also be inventorying the state of those assets, are they fully patched and up-to-date? If you’re not patching your devices, you’re at great risk of cyber compromise.
GS: So is identity, not only do I have to worry about being compromised from an external source but I also have the internal threat of a disgruntled employee, of someone leaving the company, not with any mal, you know, intent, no malicious intent, if you will but just not following up on what I should have done as they out-process.
LN: Exactly, password rotations, people have weak passwords, people become compromised, people reuse their passwords. As someone reused their password for one of your important infrastructure systems on a popular social media site and that site becomes compromised, guess what, those passwords get loaded up into software for hacking and they do what’s known as “credential-stuffing attack”, they loop through and they fire at every device they can using the username and password, the known username and password and that’s how a lot of people fall prey to attacks.
GS: So, in that context, should you store passwords via one of them, like Google Chrome or some of the other, Internet Explorer, those types of things, should you store passwords that way?
LN: I recommend against storing it in your browser. If you’re going to store them somewhere, I think a password management tool like LastPass, that has two-factor capabilities, two-factor authentication essentially means that you have to know your, it’s something you know, plus something you have or something you are and in the case of LastPass, you’re typically using either your cell phone with an app that has an authenticator, that’s something you have, plus your master password and that helps protect against someone intercepting your password and being able to log on.
GS: So, in essence, protection is not a simplified process, protection is something that we have to, sort of, dedicate ourselves to conscientiously and make sure that we continue to maintain an up-to-date awareness, in order to be able to fully protect ourselves.
LN: Exactly and that brings in your staff, you need to know that your staff are being educated about popular ways that companies become compromised like if a bunch of USB devices are dropped in the parking lot, they might say things like “payroll” or something on it, would your employees plug that into your computer, you know, are you testing for that? You know, there are things you can do, there are services out there where you can have your own organization spearfished by a white-hat hacker, that’s going to tell you who clicked and then you know who you need to educate.
GS: So, we’ve made two points thus far on protection. One is that it needs to be part of the business plan, it has to be audited. In terms of auditing, knowing what you have devices-wise. Second is that you have to have educated employees. Now, both of those aspects present somewhat of a business conundrum, if you will. Education doesn’t necessarily equate to dollars coming in but from a protection standpoint, I think the sales point would be that it prevents dollars going out and the better educated, the more aware so that we can look at the other aspects that we discussed, detecting and protecting being two.
LN: Unfortunately, if you run an organization today, you have a new job, which is to make sure that you’re cyber secure and it’s a serious threat that corporate boards are making their CEOs accountable for so you know and it’s multi-faceted, you got to train your employees, you got to nail what you have, you got to make sure what you have is up-to-date and patched and then you also need to make sure that you have some mechanism to monitor and record events so that you can tell if you become compromised so the protection really requires much more today than it used to, it’s, the number of ways that an organization can become compromised, can be via an employee’s cell phone that becomes compromised and then it launches an attack on your internal systems.
GS: So, in the, it’s kind of like the mindset, if you will, has to be changed, in terms of looking at management and their commitment to cybersecurity protection. In the days past, we looked at protection. “What can I do, put up a wall, what can I do, “I can physically protect my facilities and my operation.” Now, today, that becomes more of a challenge because we’re dependent more on things that are not necessarily in the realm of physical protection per se so we really have to be getting to rethink how we look at protection and then ensure that the process is continuous, not a one-time situation.
LN: Exactly and certainly, you know, a DR, known as disaster-recovery planning and contingency planning can go a long way, you know, a simple act of making an offline backup on a periodic basis and you know, maybe that’s only once a month for some organizations but at least, if you have something offline, if you get hit by a Cryptolocker attack, the risk comes down to “well, what does it cost “for us to rebuild the last month?” Or maybe it’s the last week or maybe it’s last night so thinking through, I think going through the disaster-recovery planning exercise is a really good way to help protect your organization.
GS: Okay, I agree with you on the planning aspect. The caution I would say with that is that all too often, organizations develop disaster-recovery, business continuity, other types of plans to deal with emergencies, the response. The challenge is that those plans need to be kept, as you did say, with the cyber up-to-date and consistently reviewed, we have to have it in the mental work.
LN: And that’s where having someone like you and myself come into audit the business risk and actually inspect to see is the plan being followed, is the C-suite having a false sense of security because there’s this plan that was produced years ago, that no one’s really looked into, you know, it doesn’t take but you know, I think, you and I onsite for one day, we could help poke holes and give a report of, is an organization following their plan or does it look like everything’s far off but you’re not going to get that reporting from your own people internally.
GS: Yeah, I think it’s a challenge for people internally because there’s a vested interest, number one. Number two, they think that, in a lot of respects, they’ve done what needs to get done. The other aspect and I think this is important from what you pointed out, is that when you begin to look at today’s plans, you have to realize, they’re kind of reactive, in many respects, they’re not very proactive so they react to an event happening. That’s good because that helps companies become more resilient but it doesn’t keep them from protecting themselves as they need to.
LN: Exactly but there’s also a financial component to these plans, you know, it’s not uncommon that IT, they’ll go through this exercise and then afterwards, they’ll say “well, I need this subscription, this software, “I need this vendor” and none of that funding comes through but it’s much better and that sometimes gets lost in the minutiae from planning to execution and if that, in fact, is happening, you’ll want to know about it before you need the DR and it’s not there.
LN: So, I think that wraps up our section on protection. In our next segment, we’ll be talking a little bit more about responding to the crisis of a cyber breach, as it relates to the energy sector.
Watch the other segments on Cyber Insecurity in the Energy Sector
After the most recent Iranian attacks most people don’t think about the danger to our Energy Sector that lurks in the global underworld. Cyber Security Experts Lee Neubecker and Geary Sikich are on the job! They say we can tighten our security and detect cyber attacks before they happen.
Energy Sector Intrusion Detection is complicated and delicate and necessary to maintain our power grid. The Energy Sector provides energy for the world and must be secured and protected. Many detection tools and resources of expert precision are used to ensure the security of these precious resources. Think about it? What do you do on a daily basis that doesn’t involve energy or some type of energy? Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. put your mind at ease and dissect cyber security and intrusion detection systems that are utilized by the Energy Sector.
This is Part 2 in the four-part series on Energy Sector Cyber Insecurity.
Lee Neubecker (LN): Hi, I’m back on the show again with Geary Sikich, thanks for coming back on the show.
Geary Sikich (GS): Thanks for having me back Lee.
LN: So we’re continuing our series discussing about global cyber insecurity as it relates to energy sector. In the second part of the series we’re talking more about detection of compromise. Um Geary, what’re your thoughts in this area?
GS: I believe that there’s a lot to be looked at in terms of the detection aspect, and this is one of the areas where you from a forensic standpoint, provide sort of a critical juncture, what’re you seeing that the general person, and even the general employee of the utility, might not be seeing? And might not be aware of?
LN: Well we know from reports by Dragos Cyber Security firm, that there’s a number of groups, I think around 11 groups are specifically targeting the energy sector. This report just came out this month, so there is a heightened attack readiness requirement to defend against these attacks. And the key thing that organizations need to be doing is they need to know that they have their firewall actively logging, and they need to be looking at those logs.
GS: Those are all state sponsored groups, right?
LN: Well, we don’t know exactly who they are, there could be terrorist cells, the Dragos report doesn’t give attribution as to the entities behind them. They describe the types of attacks, and the character of the attack methods, but there is a number of them that you can check out, there’s a link that will take you to their report if you’re interested in reading it. But you know, often times organizations fall compromised, and they don’t know it, and these things go on for a long time. There was a credit reporting agency attacked recently, for instance.
GS: So from a detection standpoint, the challenge that industries are faced with, cause our focus is going to be on the energy industry, so we’ll get energy industry. In general, the challenge that they face then, is that it’s not just what we perceive could be state sponsored hacking of their systems, it could be individuals, it could be terrorist cells, it could be pretty much anyone with a desire to infiltrate a system whether it’s to do harm, or whether it’s just to see if they can do it
LN: Exactly. The barrier to entry to launching one of these attacks is much lower. It requires knowledge, but the knowledge could be in the head of a teenager, that got rejected at school and wants to take the power out in his town. So that’s a legitimate problem. Now related to detection, I mentioned the firewall logs, there’s a great product out there called, Canary. Have you heard of it?
GS: No, it’s new to me.
LN: Essentially, it’s a company they tell these little devices, you deploy in your network, and they can pretend to be a payroll mass, health care information system storage database, or you can make it be whatever you want. But it’s essentially trying to lure an attacker. So if someone’s in your network, there going to scan your network to look for resources and it will detect people trying to brute force that item. So these items are a great way to have another way of knowing are you compromised. If organizations that had recently been publicly compromised, that didn’t know it for many years had some of these devices in place, they would probably know pretty quickly, like within a day or so, of someone getting through their firewall.
GS: So the challenge then I guess, from a detection standpoint, and the way we’ve seen it, and in discussions with organizations that I’ve worked with. Is that it’s not a single point of penetration that we have to worry about, it’s become multiple points of penetration, and multiple points that are not necessarily hard wired into the operating system. So utilities in a lot of respects have gone out to do with their status systems, monitoring your water usage, or electric usage, all remotely, and you periodically might see a utility vehicle drive by, and they may have a cellular type phone system, that goes by and scans your homes to see what your energy usage is. So those all become a factor. We get into detection in terms of things, we’ve mentioned today shipping is a big issue, and we mentioned with the current situation with Iran, the concern over the Strait of Hormuz, but shipping in general, navigation systems, have been targeted, not only by state actors, but by other groups. So you have navigation systems which is not just water born shipping. Think of where navigation systems are today. Look into your pocket and see your cell phone.
LN: Well we had the recent issue with the Boeing Max airplane, it turned out the sensors were damaged. Well these sensors they’re called MEMS sensors, they’re a combination of electro-mechanical sensors, and if the chip is hit at the frequency that matches the natural frequency of the component board, it can actually cause the chip to malfunction and report erroneous readings temporarily. Or if the frequency matches and it’s of a great enough amplitude it can actually damage the chip. And there hasn’t been much discussions about whether these chips were cyber-attacked but it’s very possible, if you look up University of Michigan, they have research on MEMS chip sensors and interestingly enough, the patent for these sensors was a Boeing patent. So there’s not a lot of talk about that and I think more likely if the chips were damaged, it’s more likely they were damaged while they were on the ground interestingly enough, the two crashes that occurred were in countries that had a lot of terrorist activity.
GS: I think the other aspect with detection is that when you begin to bring out a point like that, people have a tendency to assume durability of systems when systems can be very sensitive to, if you will, shocks, minor shocks to the system. So it’s not necessarily the physical attack, you could take the example recently Puerto Rico has had an earthquake. What damages were incurred by the, on their systems as a result? That are undetected yet. The sensitivity of systems I think has become really critical in a lot of these aspects.
LN: But like with these chips we’re blending mechanical with computer embedded processors. So like these chips think of an opera singer, that sings the natural frequency of a wine glass. If he sings it loud enough, that glass will shatter. It’s the same concept with this chip. You can fire sound at it, if you’re close enough, or if you have a strong enough amplifier, you could fry it. Now that could happen, a drone could potentially launch a sonic attack, someone onboard, a passenger could do it, cleaning crew coming through could do it. So these are some questions that it’s kind of a new paradigm but we even had issues with military aircraft having this uptick in crashes, and these same types of systems are in the newer military helicopters and planes and whatnot. So I think it was good that the military grounded some of these devices that were having these problems, And you know the investigation, I’m sure, continues and the public may not fully be briefed on this, but it is a threat that needs to be detected before people die.
GS: So the real issue with the situation that we’re in, with this kind of global insecurity if you will, is our ability to detect has been I’ll put it in these terms, if our ability to detect has been compromised by virtue of the disruptive technologies that exist that are making detections more and more of a challenge, because they’re becoming more and more subtle in how they entered in the system. So I can have a system that looks like it’s working perfectly, and yet at a point be compromised like the mechanical system that’s supposed to open a valve, and it’s been doing it for a long time, and then suddenly it either leaves it open, or completely shuts it.
LN: This is where it’s important that these entities have an accurate inventory of what their equipment is, and they also have an accurate inventory of the embedded systems and what that software code should look like. And they should have procedures in place to periodically verify that the embedded firmware chips that do these functions haven’t been altered. Otherwise they won’t even know, and something could happen at a very critical time. So that wraps up our section on detection. In our next segment will be talking about helping to protect against these types of attacks.
GS: Great.
Watch the other segments on Cyber Insecurity in the Energy Sector
Global Energy Sector Cyber Insecurity can lead to complete chaos that will be felt throughout the world. Neubecker and Geary Sikich who are experts in cyber security and incident response share their solutions.
Energy Sector: Global Cyber Insecurity can lead to global calamity. If a major attack happens there would be a cascading effect with catastrophic results. In lieu of the most recent Iranian conflicts, the Energy Sector, as well as Corporate America, has been warned by our government to be aware of imminent security threats. Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. take apart the many threats that will affect the Global Energy Sector. Starting with SCADA, which is a computer system for gathering and analyzing real-time data. Cyber Insecurity means if hacked the SCADA systems would have a rippling effect.
In this four-part series, Lee and Geary will discuss cyber threat detection, protection and global incident response in the Global Energy Sector.
The video transcript for Energy Sector: Global Cyber Insecurity follows.
Lee Neubecker (LN): Hi, I’m here again with Geary Sikich on my show. Geary is the president of Logical Management Systems, a business consulting and risk advisory firm. Geary, thanks for being on the show again.
Geary Sikich (GS): Thanks for having me back, Lee.
LN: So today we’re going to talk about the current state of global cyber insecurity. News events have been published detailing Iran’s potential cyber response. The energy sector has been put on notice to be looking out for attacks, as well as corporate America. So Geary, what is the current state of cyber risk as you see it?
GS: I think it’s kind of appropriate to begin to look at it as you introduce it, global insecurity. One has to begin to look at how secure are you? And in the context of how secure are you, how secure is our infrastructure. All the things we depend on for our day to day lives. And how we live, literally. So everything from your food on the table to the heat, to clean water, to your heat in your home, et cetera, all become potentially
LN: Transportation, travel, and fulfillment.
GS: Road systems, everything that’s out there.
LN: So we’re going to be talking about the highest areas of concern where a rogue terrorist organization might want to strike or a nation state that we’re at odds with. And unfortunately, we have quite a few. Later on in the second, third, and fourth segment we’ll be talking about detecting threats. In the third segment, we’ll be talking about protection against that, things that can be done proactively. And then finally, in the fourth and last segment we’ll be talking about responding to compromises, incident response, and how to recover and get back up online. So Geary, can you give everyone an understanding of what encompasses SCADA devices and what SCADA means?
GS: SCADA systems were developed for the use to control operations and utilities and other areas. It’s called the Supervisory Control and Data Acquisition.
LN: So what kind of devices make up SCADA devices?
GS: Everything from the control of pipelines, utility, electricity functions, all the way onto healthcare, pacemakers and other types of systems.
LN: CPAPs. So these are critical systems. These are systems that if someone wanted to cyber attack and really hurt us, they’re natural targets. And they’re classified as such because they have to be regulated and handled in a way to help keep them safe.
GS: Yeah. And the problem we face is not that these are systems that are so vulnerable, the problem we face is that because of the technology that we’ve embraced over the years since 1999, so that’s what, almost 20 years now. Or it is 20 years now. That those systems have become so embedded that we have gotten rid of the manual systems that they replaced. So things like switching for railroads. You would be hard pressed to find manual switches available to the industry. Because they got rid of ’em, and they were scrapped, and they’re gone. No once produces them, or should I say, they’re produced in limited quantities. And they’re hard to get. The things we depend on in a lot of respects for the smooth running of our infrastructure become very critical to us because there are no alternatives for those systems. And as a result, we become more and more vulnerable to a infiltration of the systems for disruption.
LN: And then we also have what’s known as FPGA’s, Field Programmable Gateway Arrays. They’re microprocessor controllers that can be programmed that can actually be altered by an attacker to change how these systems function, the logic that works. We can only think of, what would happen, Geary, if a nation state that we’re in a conflict with, what would happen if the water filtration system sensors were altered to put water out that appears safe but isn’t?
GS: I think you see a lot of that today simply because the threat levels are such that we have to make sure these systems are so well protected. And unfortunately, the ability to protect the systems is not necessarily as good as it should be, let me put it that way. It’s not that they’re bad, it’s not that they’re behind the times, it’s just that they’re trying to keep up with things that are changing so rapidly. Technology disruptions, and disruptive technologies today have made a lot of systems sort of antiquated before their time. And the problem is that, to keep up with replacement, to keep up with the viability systems becomes another burden to the system. Another critical issue in this global insecurity aspect is look at the talent pool that’s out there in the workforces, and you start to begin to realize that there are very few people that are talented in the areas where we need them. I think in our last segment that we did I mentioned that in the energy industry, nuclear engineers, petrochemical engineers, desperately needed areas because their workforce is transitioning and the skill levels are not there. So that becomes a real challenge.
LN: Just the past, in this month alone, cybersecurity firm Dragos issued a report showing that there is a number, I think around 11 groups that are actively targeting the energy sector and trying to take out various providers of energy. Oil, gas, you know, nuclear. There’s other threats there. You know, locally here in Chicago, you’re in Indiana, we’re in Illinois, what part of the energy sector to you think is at greatest risk?
GS: Well, I think the interesting point with that is that the bigger players, Commonwealth Edison, NIPSCO, Northern Indiana Public Service, are doing their part to ensure that their infrastructure is well maintained and protected. The problem we run into is that they’re not the only utility providers. If you look at across the United States, there are so many smaller utility providers, co ops, small utility companies, that don’t necessarily have the resources
LN: They don’t have the scale.
GS: Yeah, the skills. And the problem that they encounter and we encounter as a result is that they are critical links in the grid system. So everything from water, gas, electric, telecommunications, et cetera, all dependent on a lot of these small players. And getting one to go could potentially offer cascade effects to all the others. And as it cascades, things can get even more disruptive.
LN: So you could actually take down the big electrical utility by getting enough of the small, vulnerable electrical co ops and launching a cyber attack on the electrical co ops to then take out the big giant. Because when these happens, you have power imbalance. And Kirchhoff’s Law dictates the flow of electricity, and it will flow where it’s weak, and the current flows, well that can cause line tripping and power outages.
GS: Yeah. And I think the thing that people have to realize is that the apparently most vulnerable things are not necessarily the ones that are the most visible. And I say that in this respect, we look at power plants, we look at nuclear plants, and there’s a fear of someone attacking the plant. In reality, it’s the part of the system that are not related, or that are related, linked to the power plant, but not directly.
LN: It’s an interconnected system.
GS: It’s the transformers
LN: Everything from endpoint demand to supply. And in our prior video we talked about manipulation of endpoint demand that could cause a cyber attack.
GS: And it’s the step up and step down systems. When you generate it, electricity’s stepped up, it goes over transmission lines, it goes to a point, it’s stepped down and then it goes in the user groups, the residential, your cities, your smaller industries. So you start seeing these as being potentially vulnerable in a respect. In terms of vulnerability is that we have to begin to look at the users and begin to differentiate which ones are what we call interruptible and which ones aren’t.
LN: So in our next segment, we’ll be talking about detection of these threats, and then finally after that, the third segment we’ll talk about protecting and what organizations should do such as electrical co ops, things they can do to get ahead of this. And then when things invariably do go wrong, finally we’ll talk about incident response. So tune in next time, and please, we appreciate your shares, likes. Sign up for my YouTube channel if you liked this and you’ll get alerted when we publish the next one. Thank you.
Learn more about Global Cyber Security from Enigma Forensics
Is it necessary to have Apple provide a back door so that law enforcement can access a person’s cell phone? Computer Forensic Experts Lee Neubecker and Debbie Reynolds say there are technical solutions to use instead.
A law-abiding citizen or a criminal’s cell phone can be the largest piece of evidence in a criminal investigation. Once confiscated, cell phones are powerful tracking devices that can be used to infringe on an individual’s cell phone privacy. In this video, Data Diva, Debbie Reynolds of Debbie Reynolds Consulting’s and renowned Computer Forensics Expert Lee Neubecker, CEO & President of Enigma Forensics share their cell phone cracking technical solutions. Is the government’s desire to have a backdoor into all smartphones really necessary? No matter what security measures are placed on smart phone devices, there are many technical solutions available from the computer forensics experts to utilize when attempting to unlock a mobile smart cell phone. Check out this video to learn what technical solutions available that don’t require going back to the manufacturer and asking them to create a backdoor.
Experts discuss unique technical solutions available to retrieve cell phone information
Cell Phone Privacy: Part 3 of 4
Lee Neubecker: Hi, thanks for watching the show again, we’re now talking again about cell phone forensics as it relates to privacy issues and our government’s request to get information on specific cell phone users. I have Debbie Reynolds the data diva back on the show. Joining me again, and to help me elucidate some of the unique issues that relate to the current situation.
Debbie Reynolds: Right, so there are privacy issues obviously with being able to track, or be able to crack someone’s cell phone. In a law enforcement situation, time’s of the essence. They want to be able to get the information on the cell phone the best way that they can. The issue is, and especially with the Louden news reports, they aren’t exactly accurate about how this happened. So in order to do this cracking of certain cell phones, there are things that forensic folks, like Lee can do to actually do this that don’t require you going back to the manufacturer, asking them to create a backdoor. My opinion, and I think this is something that was echoed by Apple in their objection to this. Is that, you know, the iPhone or the cell phone is their invention. And the way that they do privacy for phones is kind of their unique, you know, secret sauce or special sauce so. Being able to, Having to try to do that is sort of the antithesis of what they’re doing, of their invention. And I’m not seeing any court cases where ever. Where someone had to literally create, invent something to sort of negate their own invention.
LN: And even then government, like, our US government has resources to have a lab where they can use equipment to actually replicate all the chips and storage devices. And then make a virtual machine where they can brute-force crack the device without worrying about the three false passwords that slow it down. Because if you virtualize, if you duplicate the embedded memory off the D-Ram, the various chips and storage, you can then set up a mass server farm of virtual machines to just pound away, trying combinations. And with quantum computing, it wouldn’t take much time, but that isn’t even necessary today. There are easier tools to get into the phones, but the real issue becomes if, it would much be like if the government said we want everyone to have one particular key-type for their home.
DR: Right.
LN: So that we have a key that we can take and we can get into any door without having to break down the door.
DR: Yeah.
LN: And the problem with that is, what happens when someone gets fired from the FBI and they copy that key? You know, then we got to lock change every house in America? And every business.
DR: Yeah, who’s to say, I mean not every person who has a phone is a criminal. So if you think let’s say you know 1% of everyone who has cell phones is doing a criminal activity, so should 99% of everyone else have these vulnerabilities that, you know, hackers love to have. They would love to be able to crack into your phone and do different things.
LN: That could actually you know lead to HIPAA violations, you know there are physicians and people that have some medical data as they connect to their work machines. and if there’s this weak backdoor key, that creates a problem. Now, I want to talk a little bit about how I think they could do it and it hasn’t been done yet.
DR: Okay.
LN: But if Apple were to issue, I mean if you have a multi-key solution where anyone key alone doesn’t work. But the FBI could make a request to the justice department, to the judiciary, a judge of some sort. The judge could issue a key unique to the cell phone IMEI identifier, and then that information could be a key that then goes to Apple or to Microsoft or whatever provider, who then generates a key that can unlock the phone. So you can have a multi-key solution, but it’s specific to the phone and that would preclude a situation where any one person’s key gets leaked and all phones are compromised. And, you know, if for instance the FBI’s key that they use to generate request keys, if that got compromised they would rotate that and going forward new keys would be used and they’d invalidate all the others. But you’d have a technical means to still get into the phone without necessarily meaning that every phone is totally open to one key.
DR: I think so, but I think, that’s actually a smart solution. But I also think companies like Apple, and I’m, we’re just picking on Apple ’cause the phone was an Apple phone that we’re talking about. But, you know, companies are in business to make money, and not to be law enforcement. So there’s probably not a lot of money in law enforcement stuff for them, so they may not be compelled, or feel like this is something they really want to invest a lot of time or energy in. Especially because there are smart people that do this for a living and can actually do this work.
LN: I support the idea that if there’s a terrorist out there, that we should have a system that does allow to get into that phone, but there’s got to be a check and balance, it can’t just be one person acting alone or else it inherently makes everything insecure.
DR: I agree, I agree. Yeah, it’s a tough issue, I feel like people get really, sort of, wound up about it. especially ’cause they’re thinking about sort of, patriotism and freedom and stuff like that. But you know there’s a way to solve this problem without creating problems for the whole world basically.
LN: Thanks for watching this segment, in our next segment we’ll talk about the more recent story regarding the Pensacola Naval Air Station terrorist attack, as they’re calling it. And the FBI’s renewed request of Apple to get into the cell phone.
Computer Forensic Experts Lee Neubecker and Debbie Reynolds discuss the problem that involves government versus cell phone privacy.
Cell phone privacy played an important role in the San Bernardino attacks. On December 2, 2015, Syed Rizwan Farook and his wife, Tashfeen Malik, open fired on San Bernardino County workers at a holiday party killing 14 and injuring 22 others. The FBI wanted Apple to give them access to the perpetrator’s phone.
Apple states, “We built strong security into the iPhone because people carry so much personal information on our phones today, and there are new data breaches every week affecting individuals, companies, and governments.” Apple continued…”We feel strongly that if we were to do what the government has asked of us — to create a backdoor to our products — not only is it unlawful, but it puts the vast majority of good and law-abiding citizens, who rely on iPhone to protect their most personal and important data, at risk.”
Leading computer forensics expert Lee Neubecker, CEO & President of Enigma Forensics discusses the issues relating to cell phone privacy and the government’s desire to have a back door into your smartphone with the Data Diva, Debbie Reynolds of Debbie Reynolds Consulting. These experts have an interesting perspective.
Cell Phone Privacy: Part 2 of 4
The Video Transcript follows.
Lee Neubecker (LN): Hi, I’m back again with Debbie Reynolds. Thanks again for being on the show.
Debbie Reynolds: Thank you, Lee.
LN: So, we’re continuing with this multi-part series talking about cell phone forensics.
DR: Right.
LN: It’s specifically, this section we’re going to talk about the San Bernardino 2015 December attacker that unleashed terror, Syed Farook, and at the time when that happened, the FBI went to Apple and claimed that they needed assistance with unlocking the phone.
DR: Right, so I remember this very well. This was maddening to me, because a lot of the news reports, I don’t think any of them correctly stated how cell phones actually work, and they sort of bungled the information about the cell phone. So, a lot of the articles were trying to say that the only way they could unlock the cell phone is with Apple’s help,
LN: That wasn’t true. We knew that wasn’t true.
DR: No, you know that wasn’t true.
LN: You know, I thought when they were doing that, that they might have said that to put out misinformation so that other people who were communicating with the terrorists might have thought that they were safe. I was wondering if they might have done that on purpose so that people would keep their phones so that they could track and follow other people.
DR: I don’t know, my feeling was that you know, the FBI or whoever was making this request was trying to create a precedent to be able to have people like Apple give them, create vulnerabilities in phones so they don’t have to do this one-on-one unlock feature, but why would Apple or any other company who’s in the business to make money create a vulnerability that possibly could be the antithesis of their invention. I wouldn’t use a cell phone if I thought it was unsafe, right, or insecure.
LN: Well, I just assume they’re all insecure.
DR: Well, as secure as it can be
LN: As secure as it can be, but you know, Microsoft, Apple, they issue patches and updates for security flaws every month, so there are still bugs out there that can be exploited, but when that happened right away, I was wondering why they didn’t call Cellebrite, and ultimately, Cellebrite, Israeli firm, they’re likely the ones who actually got the contract to unlock that phone.
DR: Yeah, right, exactly.
LN: But the whole notion of having a common key that law enforcement can quickly unlock any device without any judicial intervention, it’s a little concerning.
DR: It’s very much concerning. It’s like you’re trying to boil the ocean to solve one problem.
LN: Well, then if you have one key, someone in the FBI leaves, and they take that key with them, then they go and they link it on the Dark Web, and this is the type of thing that’s happened with contractors to various cyber agencies and the government, and these keys get out there, or weapons get out there, and everyone’s getting exploited, and it takes the government a long time to report it to Microsoft, to Apple, and everyone’s getting hacked in the meantime.
DR: Well, and there are a lot of other ways to get stuff off of a phone, so I think of a phone as a gateway to other things. You know, if even you do banking on your phone, if you lose your phone, that doesn’t mean that the information’s lost. You can go to the bank, companies can serve affidavits on different entities that have other information. If a person was communicating with someone else, you may be able to crack their phone, so there are a lot of different ways to solve this problem that don’t require creating a back door for a complete product.
LN: Yeah, and you know to your point about the issue when then-director Comey, James Comey, had testified seeing that they needed help, apparently the FBI’s own remote phone specialization group hadn’t been tasked with trying to get into the phones, so they hadn’t fully explored their own capabilities before they went to ask for Apple, because like you said, they wanted to establish precedent, and they wanted to change how it worked, and I think we’ve consistently seen and heard that the FBI wants full access anytime so that they can protect people, and there are some issues with that because if it’s simply full access, it’s going to make everyone less secure.
DR: Absolutely, absolutely, so I think all of us, there was quite a bit of eye-rolling when these reports were coming out about them not being able to do the cell phone, and it was like a lower version, too, so it wasn’t like the super– With every cell phone they get more secure, the OS–
LN: You know, it’s like give me the cell phone, DR: Exactly! LN: I’ll get into it. DR: Exactly!
DR: You know, even when they were interviewing people in the press, they weren’t really interviewing the forensic people who do this for a living, so I’m like who are they talking to?
LN: All the computer forensic people I know, we talked about this. The best plausible explanation I could think of, again, that they were trying to create a false narrative so that they could break up other people who were collaborating, but in fact, the Inspector General’s report from the FBI revealed that they just hadn’t fully done everything, and it sounds like it was two-part, it was part they wanted the power and the access, but second the operational component. What happens, you know, there’s a more recent case that we’ll talk about in a later series, and the question becomes then, again, have they used that most, their own internal resources fully before they’re going to Apple?
DR: Or even have they leveraged people like Lee, who do this for a living. It was funny, because when they were, when this case was going on, I had another case at the same time, had the same cell phone, and literally I sent it out and got it cracked like within a day. I couldn’t understand what the issue was, exactly.
LN: Hey, what can I say, I’m good.
DR: Exactly!
LN: Well, tune in for our next segment, where we’ll be talking more about some privacy issues related to having a back door, and some better solutions that if, you know, if Congress and Senate if they want to pass legislation, there are some ways that we can still allow the FBI to get in without having a common back door key that doesn’t undermine security.
DR: Exactly.
LN: Thanks for watching. DR: Thank you.
To review the first video in this series please read below.
One can’t overstate how much of our personal lives we reveal to our smartphones and that includes criminals too. Watch this three-part series to learn more.
Introduction of our four-part series on Mobile Phone Privacy and Security.
Cell phone privacy is a real concern for both individual users and law enforcement. Literally, everything you do on your smartphone or any other device is vulnerable and completely defenseless against criminals and sometimes the government. Think about what you have on your phone and how it’s used on a daily basis. All of your personal contacts, photos, videos, text messages, emails, online bank or other accounts, GPS locations data, basically, your history of who, what, where, when and how about yourself all exist on your smartphone. We can’t overstate how much of our personal lives are revealed and how much our cell phones are vulnerable if disclosed to unauthorized parties.
Guess what? Criminals have cell phones too, and their information can lead to not only solving a crime but saving lives. Law enforcement agencies continue to call for access to encrypted communications and devices, while tech companies warn that doing this would weaken the protection and allow potential criminals to take advantage of that same access. Leading computer forensics expert Lee Neubecker, CEO & President of Enigma Forensics discusses the issues relating to cell phone privacy and the government’s desire to have a back door into your smartphone with the Data Diva, Debbie Reynolds of Debbie Reynolds Consulting.
Cell Phone Privacy: Part 1 of 4
The video discussion transcript follows.
Lee Neubecker: Hi, it’s Lee Neubecker again, and I have “the Data Diva”, Debbie Reynolds back on my show again.
Debbie Reynolds: Hi!
LN: Thanks for being on.
DR: Thank you, Lee, for having me. I’m happy to be here.
LN: So we’re going to try something new. Instead of doing a big long eight to ten-minute video clip, we’re going to do a multi-part series, and this one’s going to be on the topic of…
DR: Cell phone forensics and recent incidents in the news having to do with the government asking private companies to unlock or create back doors to cell phones.
LN: Yeah, so cell phone privacy is an issue that many people are concerned about There’s a legitimate national interest in being able to investigate when terrorists use cell phones to conduct attacks. But there are also some concerns that every business should be concerned about if there’s a single back door key because we know the government can’t keep their keys in place. At least that’s what happened to the FBI, the NSA, then other agencies that were breached following the OPM breach.
DR: That’s right.
LN: So in the first segment of our four-video series, were going to be talking about what was reported by the Inspector General’s report from the FBI involving the San Bernardino terrorists when they wanted to get into the cell phone.
DR: Right. And next, we are going to talk about the privacy issues related to the FBI or possibly companies creating back doors, the court issues, the key solutions, and also the imperatives of organizations or companies not wanting to create these types of vulnerabilities in their inventions.
LN: Then you’ll get to hear us banter a little bit about what we think should happen
DR: That’s right.
LN: And then finally, in our last segment, the Pensacola Navy Yard station shooting that happened just this week. The FBI again approached Apple wanting help to get into the phone because they haven’t been able to get into the phone, and they’re wanting to know who else was involved, who they were texting with and whatnot so that they can help prevent other such attacks. So, that will be the wrap-up, and we welcome your comments on the website, your likes, and feel free to check out our video and share it.
