An ideas site for network intelligence

Ransomware: Lurking on Defended Networks

Spiceworks post on RansomewareA post on A Spiceworks community post demonstrated that a network with at least pretty-good defenses could nonetheless infected with ransomware. It’s a sobering reminder that is best read by users responsible for patching their own machines, or by admins responsible for keeping workstations current across their network.


Unclassified State Department Servers Breached

US State Department logoFollowing an earlier AP story, the NY Times reported that the US State Department had been added to a list of government agencies attacked in recent weeks. Attribution has been difficult, with NOAA and Post Office hacks apparently originating in China, with a White House breach thought to be the work of Russians. Other outlets report that State Department mail servers worldwide will be shutdown until security patches (of some sort) are implemented. It case it wasn’t made clear, the Fox station  in Boston reminded readers that it was State’s worldwide unclassified system that was affected.

An old principle is at work: economies of scale from centralization can lead to increased risk.

Chinese Govt Engineers Thought Behind USPS Breach

USPS Post Office Box

According to the Washington Post, Chinese government engineers are suspected of breaching U.S. Postal Service computer networks. While credit card and financial data was not compromised, sources said, the Post wrote that “The compromised data included names, dates of birth, Social Security numbers, addresses, dates of employment and other information . . .The data of every employee were exposed.”

Previous attacks thought to be of Chinese origin had been conducted against the Office of Personnel Management and, just last August, against a US government contractor responsible for conducting background security checks.

Big Data Environmental Impact Study? Case of Commuter Rail Onboard Cameras

Newspaper editorial image

MTA Onboard Camera Proposal: Editorial by Mike Barry

Whether you agree or disagree with the idea of cameras on commuter rail, it’s a fair question to speculate whether the agency overseeing the potential plan has done a thorough job of considering its implications. While this editorial by Mike Barry questions the plan’s efficacy and expense, broader questions of security, privacy and systems management should also be addressed.

The Long Island Rail Road is part of the largest commuter rail system in North America. Its public oversight is performed by the Metropolitan Transit Authority, whose officials are familiar with environmental impact studies mandated for station rennovation projects and construction efforts like the current $8B East Side Access project.

The impact of rolling out onboard cameras, depending of course on the scope and numerous other details, could be significant. Because of Big Data Variety, the cameras could be used to track individuals and employees. Using additional data from ticket machines and station surveillance cameras, the precise itineraries of some passengers could be inferred. How would individual privacy be protected? How would the huge archive of video footage be preserved, archived, protected? Who would be given access to the video streams? What training would be given to users of the data? What legacy systems would be impacted? What are the implications for passenger, employee, infrastructure forensics?

There are numerous questions like these to be considered — so many that a study analogous to an Environmental Impact Study might be needed. For lack of a less clumsy term, call it a Big Data Impact Study.

As the Internet of Things (#IoT) takes hold across previously anonymous aspects of living, such impact studies could prove to be one the important ways to protect privacy and to implement sometimes disregarded aspects of security and risk management.

Slow Pace of Forensics Dogs JPMorgan Chase Cyberattack Postmortem

Dealbook logo New York Times logo

Dealbook by New York Times

Despite discovering the attack in “late July,” the NYT Dealbook story reports that investigators are still unsure about many aspects of what was described as “a huge cyberattack” on JPMorgan Chase. Recently disclosed information revealed that the scale of the attack — apparently launched from overseas — indicated that around nine other financial institutions were also attacked, most likely by the same group.

The lag between the discovery and report (on 3 October) reveals the difficulties faced in uncovering the source and impact of such attacks. While few additional details have been reported, except that JPM Chase defenders were able to blunt the “burrowing” attack before any confidential information was disclosed, these facts alone suggest that even well-funded, presumably top flight defense can be compromised by dedicated attackers. More importantly, even after such attacks have been to some extent foiled, it remains difficult to assess the scope or source of the attacks. The NYT Dealbook report says current opinion has it that attacks were initiated by groups loosely connected to the Russian government, but this evidence is likely not definitive.

Open Grid Forum: Network Markup Language Base Schema v1

Open Grid ForumOGF Community:  A new document has been published in the OGF series. All OGF documents (including any that are open for public comment) may be found here:

* GFD-R-P.206 “Network Markup Language Base Schema version 1” J. vd. Ham, F. Dijkstra, R. Łapacz, J. Zurawski, via Infrastructure Network Markup Language Working Group.

Abstract: This document describes a set of normative schemas which allow the description of computer network topologies.

— Greg Newby, OGF Editor

Situated Cognition

Analysis: There are benefits to being able to visualize a network as more than a directed graph, even though a graph representation is computationally powerful.

Foreshadowing augmented reality notions, Clancey defined “situated cognition” as

. . . viewed not just in terms of high-level “expertise,” but in the ability to find one’s way around the world, to learn new ways of seeing things, and to coordinate activity. This approach is called situated cognition.

Citation:  W. J. Clancey, Situated Cognition: On Human Knowledge and Computer Representations (Learning in Doing: Social, Cognitive and Computational Perspectives).

Cambridge University Press, Aug. 1997. [Online]. Available:

Enterprise Rule Groups: Policies

Analysis: Policies are essentially rule groups. Rules are typically implemented using non-reusable reasoning engines that are rarely given that designation. This paper suggests advantages of certain rule aggregations.

We explain how network administration can be simplified by defining two levels of policies, a business level and a technology level. We discuss how business-level policies are validated and transformed into technology-level policies, and present some algorithms that can be used to check for policy conflicts and unreachable policies

Citation: “Simplifying network administration using policy-based management”

Network, IEEE, Vol. 16, No. 2. (2002), pp. 20-26, doi:10.1109/65.993219  Key: 993219.

Ontology Development for Network Management

Analysis: A baseline ontology is needed to remove language ambiguity and identify basic relationships between system components. In knowledge management, this can be accomplished with an ontology and/or a controlled vocabulary.

From the abstract:

Ontology is applied first to model the semantics of vendor specific terms, and secondly, to aid in automating the mapping between the terms, in order to create a unified application information base such that management of various brands of network equipment can be performed through a single gateway.

Citation “Ontology mapping for network management systems”

by: A. K. Y. WongAn C. ChenN. ParameshP. Rav

Network Operations and Management Symposium, 2004. NOMS 2004. IEEE/IFIP In Network Operations and Management Symposium, 2004. NOMS 2004. IEEE/IFIP, Vol. 1 (2004), pp. 885-886 Vol.1, doi:10.1109/noms.2004.1317781  Key: citeulike:3891724

Guest Bloggers Invited

Guest bloggers in the subjects of information fusion, CEP, SDN, and cognition for network management are invited to contact the editor.