I Got 99 Problems But a Breach Ain't One!
暫譯: 我有99個問題，但資料洩漏不是其中之一！

Critical Infrastructure Information Security systems are failing under persistent adversarial efforts because too many organizations still depend on antiquated legacy systems, un-cyber-hygienic personnel, and devices that lack security-by-design. The Frankensteined architectonic IoT microcosm of the prototypical critical infrastructure organization renders an infinite attack surface just begging to be exploited. Security is an afterthought, minimally implemented at the end of the development lifecycle, with the last dregs of the budget, in order to meet negligent check-box compulsory requirements. Meanwhile, adversaries are ever-evolving and always just one system away. We exist in an age of the "weaponization of everything". This is not merely a cyberwar, we are now in a state of cyber-kinetic-meta war. There was no clear beginning and there will be no end. The pervasiveness of the Internet-of-Things, the ubiquity of artificial intelligence and machine learning systems, and the emergence of the machine-human convergence, where users are perpetually interconnected with vulnerable systems, only compounds the hyper-evolving attack surface. 

Data is turned against users in an information war where nation states and special interest groups use sold and stolen metadata from meta-hording internet service providers and social media companies to psycho-socio-economically manipulate entire populations. Dragnet surveillance capitalists such as Facebook, Comcast, AT&T and Google, unfortunately, supply these manipulating adversaries with an endless supply of metadata for this information war against the American and European public. Metadata and electronic health records may prove far more powerful and more damning than the data stolen in prolific breaches like OPM. These data enabled the precision targeting of specific or niche user subsets, such as critical infrastructure owners and operators. Metadata is leveraged to psychographically compel targets to respond to malicious lures. Real news mixed with fake news, propaganda, watering-hole attacks, SQL injections, spear phishing emails, social engineering campaigns, and other vectors, are all real threats to national security. 

Executives adhering to minimalistic check-box frameworks or lobbying to minimize long-overdue cybersecurity reformation, are practicing little more than security-theater. Stringent cybersecurity and cyber-hygiene reform is essential to ensure national security and to safeguard democracy. I see the impossible work being done by of my friends at the federal agencies, the Pentagon, NATO, Five Eyes and the intelligence community. They recognize the threat surrounding each and every Information system. Warfare no longer takes place solely on the battlefield. Battles are fought along multiple vectors, through numerous campaigns, in the physical, digital, and cultural theaters. It is time for the Information Security community to discard the shadow of ineffectiveness and ineptitude cast by the horde of capitalistic faux experts. The public and private sector need Information security professionals capable of analyzing the hyper-evolving threat landscape, identifying emerging threats, mitigating risks, and remediating incidents in near-real time using bleeding-edge defense-grade systems such as artificial intelligence and machine learning solutions instead of outdated perimeter and check-box systems.