The Spanish government is to ramp up security at busy tourist sites across the country following this week s attacks that left at least 13 people dead and more than 130 injured, it has said. The country s interior minister, Juan Ignacio Zoido, told a press conference on Saturday morning that areas judged to be potential terror targets especially where large numbers of people gather would be given special protection .
We are going to redirect our efforts and will adapt these to every place or area that needs special protection, Mr Zoido told reporters. People of 35 different nationalities are thought to have been injured in the van attack on La Rambla, one of Barcelona s most famous tourist hotspots and authorities worry that terrorists could have eyes on the country s crucial tourism industry.
On Friday and Saturday, there was an increased police presence in Barcelona, with visible patrols across the centre of the city . A specialist police firearms team was visible near La Rambla, with marked vans parked at strategic locations. The overall security response has so far been somewhat hands-off, however, with traffic again allowed to flow freely on the non-pedestrianised section of the boulevard, which has twin traffic lanes either side of a large tiled walkway featuring cafes, artists, and market stalls. The Spanish government has also clarified that it will not be raising its terror alert level to five, the highest level, and will be leaving it at four . Level five indicates that an attack is thought to be imminent and would mean the the presence of soldiers on the streets and at places such as train stations or shopping centres.
The Spanish interior minister gave a press conference on Saturday morning
The minister said that the threat level would stay at four in part because authorities believe the alleged terror cell behind the attacks on Barcelona s La Rambla and in the resort town of Cambrils on Thursday and Friday has been dismantled. This is despite Catalonian police conducting an ongoing manhunt for 22-year old Moroccan national Younes Abouyaaqoub, the suspected driver of the van in Thursday s La Rambla massacre and the new centre of the police investigation. The decision not to raise the threat level was taken after a meeting of the the Bureau of Extraordinary Terrorist Threats, Mr Zoido said, which was attended by security officials.
The Spanish authorities may be considering the impact of a higher threat level to the country s tourist industry the second biggest in the world during high season .
Hoteliers in Barcelona approached by The Independent on Friday reported cancellations following the attack on La Rambla.
More posts by this contributor:
As the times change, the security community needs to adapt.
We live in an imperfect world, as Alex Stamos2, Chief Information Security Officer of Facebook pointed out in his recent BlackHat 2017 keynote address . Instead of trying to punish each other, hackers and innovators need to work closely to ensure a higher order.
Other security thought leaders have echoed similar sentiments.
Refreshingly, security thought leaders are driving cultural change from the top . Besides technological innovation, we are beginning to see changes in sales, diversity and culture . We are growing up, albeit slowly.
Product Innovation, Garbage and Lies
Ping Li, 5Partner at Accel Ventures reminded me that we are still in early innings of a long game . The security sector is evolving rapidly and we are still developing a common nomenclature, a lingua franca for our business . Visibility into systems, managing patches, vulnerabilities and security workflows are still being accomplished with rudimentary tools, Lu said.
Newcomers like Corelight6 (backed by Accel), Awake Networks7 (backed by Greylock Ventures) and EastWind Networks8 (backed by Signal Peak Ventures) are innovating on visibility of traffic and threats . In data security, ThinAir9 and Onapsis10 (securing ERP systems) have carved out an interesting niche in the market while Pwnie Express11 is positioning itself to win the IoT / ICS security market.
Empow Networks12, a Gartner Cool Vendor of 2017 wants to create a novel abstraction layer to manage all security tools effectively and Demisto13 (in which I am an investor) is bringing much needed automation to incident response. Nyotron14 just raised $21 million to redefine endpoint security . As drones grow from a mild nuisance to a significant headache, several security startups like Airspace15 and Dedrone16 have jumped in to protect the three dimensional perimeter.
Calling BS on the marketing hype, several presenters at BlackHat offer an unvarnished view of the state of technology .
In her talk, Garbage in Garbage out17 Hillary Sanders, a data scientist with Sophos18 pointed out that if ML models use sub-optimal training data, the reliability of the models will be questionable, possibly leading to catastrophic failures.
She trained models based on three separate data sources and found that if a model is tested on a different data set, the outcomes varied significantly (See 3 X 3 matrix) . Put it differently, if I was trained to recognize a cat in one school, and if I moved to a different school, my ability to identify a cat will drop dramatically.
Caveat Emptor: Do not believe the ML hype unless you have seen the results on your own data sets . Each vendor will train their models on different data sets, which may not be relevant to your environment . And then as new malware data is discovered, stuff gets stale . Chances are that the model may need to be trained or else could start to behave erratically . We live in an imperfect word indeed.
Feed me some garbage: ML Training and Test Data Variances (Image Courtesy: Hillary Sanders, Sophos Labs)
In another presentation aptly titled, Lies and Damn Lies19 Lidia Guiliano and Mike Spaulding presented an analysis of various endpoint marketing claims and debunked these systematically . They spent five months digging into various endpoint offerings and concluded that threat intelligence simply does not work . While endpoint solutions are better than signature based detection, they are no silver bullets.
When it came to drone security, Bishop Fox20, a security consulting firm took a Mythbusters approach to 21research 86 drone security products . Francis Brown, partner at Bishop Fox presented Game of Drones in which he concluded that the solutions are rife with marketing, but most of them are not yet available.
The study concluded that while the 1st generation drone defense solutions/products are being deployed, there are no best practices .
Everything from drone netting, shooting, confetti cannons, lasers and jammers was being used (including falcons) . The vendors have gone wild indeed . If lasers, missiles and falcons are being deployed, what s next?
BlackHat + DefCon may be the only conference in the world where the forces of creation and destruction operate at the same venue . The builders (Suits) show off their wares at briefings and the hackers (T-shirts) show off their arsenal of how they break stuff both mingle freely, challenge each other and do a thumbs-down / eyeroll at the other side . It s like a weird semi-drunk tribal war dance . And unless the elders of the tribe, like Stamos and Yoran, do not call BS on this childish behavior, we will never grow up.
Innovation in Go-To-Market tactics:
Ben Johnson, CTO of Obsidian Security22 recently raised $9.5 million from Greylock (and since the announcement, has been inundated with Series B interest) . In security, all revenues go to hire even more salespeople he says . Is that a healthy practice ? As co-founder of Carbon Black, Ben called upon over 600 enterprise customers and in his current role, is actively exploring more innovative ways to get the product out .
Indeed, when fear drives sales, innovation is harder . As an industry, we need to look at a better way of selling security products . However there is dearth of intelligent tactics . Partnerships with System Integrators (SIs), Channel Partners, Value added Resellers (VARs) and Managed Security Service Providers (MSSPs) are variants to the theme . Margins and accountability get slimmed down as the number of partners grows. Virgil Security23 a data security company (for which I am an advisor) has built a developer-first platform offering tools to build encryption seamlessly . Virgil offers its security platform as a service and the GTM approach can become highly efficient in such scenarios.
Purple Rain, Culture and Diversity
In his BlackHat keynote, Alex Stamos touched upon the importance of diversity of thought, gender and culture . His call to action included behaving responsibly (and not childishly) within a societal framework.
A large number of people in emerging markets will be using $50 phone, not $800 iPhones how do we protect this new wave of digital citizens ? What is the role of a security professional in the context of law enforcement ? Can we learn to empathize with the product builders, the users, the government?
To the security nihilists, Stamos reminded them that not everyone is out to get you . At a more fundamental level, Caroline Wong, VP of Security Strategy at Cobalt24 presented the security professional s guide to hacking office politics .
Security teams need to know more about the business challenges, not just technology . We should be able to understand the flow of money, not just data she pointed out.
The debates have just started in an open honest fashion and IMHO, culture changes slowly . For now, we have added a new color there were Red Teams and Blue Teams . The offense and the defense . Like two sides of security at a perpetual war . At BlackHat 2017, the concept of Purple Teams was introduced by April Wright, who hopes the two warring factions should cooperate and work well together . And yes she also suggested that security should never be an afterthought to which we all say Amen!
Featured Image: Bryce Durbin/TechCrunch
- ^ Secure Octane (www.secureoctane.com)
- ^ Alex Stamos (www.facebook.com)
- ^ Amit Yoran (en.wikipedia.org)
- ^ Tenable Networks (www.tenable.com)
- ^ Ping Li, (www.accel.com)
- ^ Corelight (www.corelight.com)
- ^ Awake Networks (awakesecurity.com)
- ^ EastWind Networks (www.eastwindnetworks.com)
- ^ ThinAir (www.thinair.com)
- ^ Onapsis (www.onapsis.com)
- ^ Pwnie Express (www.pwnieexpress.com)
- ^ Empow Networks (www.empownetworks.com)
- ^ Demisto (www.demisto.com)
- ^ Nyotron (nyotron.com)
- ^ Airspace (airspace.co)
- ^ Dedrone (techcrunch.com)
- ^ Garbage in Garbage out (www.blackhat.com)
- ^ Sophos (www.sophos.com)
- ^ Lies and Damn Lies (www.blackhat.com)
- ^ Bishop Fox (www.bishopfox.com)
- ^ a Mythbusters approach to (www.bishopfox.com)
- ^ Obsidian Security (www.obsidiansecurity.com)
- ^ Virgil Security (virgilsecurity.com)
- ^ Cobalt (cobalt.io)
Armed police officers are set to be on patrol at V Festival1 this weekend for increased security, as organisers says there will be extra checks. Earlier this year, V Festival organisers Festival Republic said that they were looking into ways to increase security2 in the wake of the Manchester terror attack3 looking into extra ways to protect their fans . Now, V Festival say that they have been working with local authorities at the highest level , and that there will be extra bag checks for fans arriving by car and by foot.
Your safety is our priority and we ve put in place all necessary measures to maximise public safety, working closely with local authorities at the highest level, say V organisers . We ask that you also play a part in keeping Virgin V Festival safe and secure, so please take note of our messages4 . Pack accordingly and stay strong together.
They added: All festival goers will be subject to extra searches of their vehicles, bags and their person.
Please be patient if there are longer queues than normal . We request that you co-operate with any security requests and searches . Please pack light and take note of our bag restrictions.
Speaking in the wake of 22 music fans being killed in the Manchester terror attack, V organisers said5: The festival perimeter, arena, backstage and off-site areas are all robustly controlled and managed by security experts . Festivals are what we do . The hundreds of staff working on these events know them inside out and have been working on them for many years.
Your safety is our utmost concern .
Please review our Personal Safety section on the festival websites and if you have any major concerns please don t hesitate to get in touch. This comes after extra provisions and checks were put in place at Glastonbury 20176. V Festival 2017 welcomes the likes of Jay Z, Pink, Ellie Goulding, Jason Derulo, The Wombats, James Arthur, Stormzy, Craig David, Dizzee Rascal and many more. Check out the weather forecast here7.
- ^ V Festival (www.nme.com)
- ^ V Festival organisers Festival Republic said that they were looking into ways to increase security (www.nme.com)
- ^ Manchester terror attack (www.nme.com)
- ^ please take note of our messages (www.vfestival.com)
- ^ Speaking in the wake of 22 music fans being killed in the Manchester terror attack, V organisers said (www.nme.com)
- ^ extra provisions and checks were put in place at Glastonbury 2017 (www.nme.com)
- ^ Check out the weather forecast here (www.nme.com)