For a seaside resort where nothing is officially happening, the town of Beidaihe in northern China has a lot of security. There is an armed police checkpoint on the outskirts. We’re stopped again for another passport check further on. Uniformed officers are stationed at regular intervals along the roads, their plainclothes colleagues, identifiable by plastic earpieces, standing nearby. By the beach, among tourists carrying rubber rings, we saw armed paramilitary police.
Image: Communist Party villas near public beaches
No one will confirm it, but they are here to protect China’s Communist Party leadership, thought to be holding its annual secretive summit at the resort. Mao Zedong started the tradition in the 1950s, with the party elite decamping to the coast to escape the stifling Beijing summer heat, to decide the country’s future in private. For all the appearance of modernisation in China, in 2017, this is still how power is exercised in the “People’s Republic” – behind high walls and carefully guarded gates. There is no mention of the meeting in state media. The only indication it has started is the sudden absence of senior officials from evening news bulletins, and the simultaneous appearance of heavy security on the streets of Beidaihe. On one side of a long fence is the crowded public beach – on the other, the manicured, private sands of the Communist Party villas.
Image: Black cars sweep through at speed
At intervals, black cars sweep through at speed, as ordinary traffic is halted to let them pass. But then we were ordered to stop filming . When I asked why, I was told: “Because we are police.” More plainclothes security agents followed us along the street, before stopping and questioning us about what we were doing there, and taking our names and passport details.
Image: Sky’s Katie Stallard was stopped by officers
This is a crucial year for General Secretary Xi Jinping, who appears to be consolidating his personal control ahead of an important party congress this autumn, which will determine the country’s leadership for the next five years. He may also signal whether he plans to step down in line with the recent convention of serving two terms, which would end in 2022, or intends to stay in power. At a military parade1 to mark the 90th anniversary of the founding of the People’s Liberation Army recently, President Xi appeared, unusually, as the only civilian on the podium, and reviewed the troops in combat fatigues.
Image: China’s President Xi Jinping
“Xi was wearing his commander-in-chief hat both literally and figuratively,” Andrew Polk, co-founder of Trivium China explained. “This is a very clear signal that Xi is in charge of the army, which is part and parcel of being a powerful leader.
“The message is: I’m in charge of domestic politics, I’m in charge of the military apparatus, the nation is strong, and I am the leader of that strong nation.” Back in Beidaihe, we found more clues to who was in town on a roundabout, where red characters spelled out: “The Party is in my heart, welcome the 19th Congress.” There were more warm words for the Party’s leadership on the beach.
Image: One of the packed public beaches in Beidaihe
“I think it’s quite normal that the government take some measures and they have the right to do this their own way . They do that for our country’s safety and people’s happiness,” one man assured us. Soaking up the sun nearby, another man told us: “China has thousands of years of history . It needs time to develop, but I think China is getting better and better.”
If Xi Jinping could have heard him on his side of the fence, he would have approved.
Europe’s cities have had to get used to the fact that, of late, the terror threat they face has increased both in size and complexity. The atrocities in Barcelona and Cambrils1 are the latest examples of this. The continent’s police and security agencies have long known that the demise of the so-called Islamic State would signal an increase in the tempo of attacks, and definitely not an end to the threat of Islamist extremists. Three attacks in the UK in as many months were the first indication of the nightmare scenario they feared; that the leaders of this rapidly disintegrating so-called caliphate would compel their footsoldiers to launch attacks across the West. After all, the model for this kind of scenario played out more than a decade ago, when the most feared terror group at that time, al Qaeda, felt the full wrath of coalition airstrikes and ground operations.
Al Qaeda’s leaders urged their followers to strike back – and they duly did, launching attacks in London in 2005 and here in Spain in the capital, Madrid, a year earlier. For the security services, the complicating factor this time around is not just that IS has fully trained killing machines who have trodden the battlefields of Syria and Iraq. The terror group has an even larger army of “sleeper” extremists in towns and cities across the European continent and beyond. Most of these radicalised individuals – 3,500 in the UK alone – have never even been to the Middle East . They learned their deadly craft online. And increasingly they have turned to a less sophisticated, but just as deadly, mode of attack. What do we mean by less sophisticated ?
Vehicles and knives . Essentially everyday items that were never meant to murder or maim. Security sources have told me that they face a two-pronged threat. Alongside those battle-hardened jihadis are the violent wannabe jihadis who lack the skills, but are just as determined to inflict their brand of misery – often on their own communities. Authorities here in Spain and elsewhere in Europe have noticed an alarming increase in the number of those who seem to choose the path of violence.
Most of these plots get disrupted before they have a chance to kill and injure innocent civilians, but sadly some slip through the net.
The unfortunate truth here, is that a net increase in plots will result in a net increase in successful attacks.
More posts by this contributor:
As the times change, the security community needs to adapt.
We live in an imperfect world, as Alex Stamos2, Chief Information Security Officer of Facebook pointed out in his recent BlackHat 2017 keynote address . Instead of trying to punish each other, hackers and innovators need to work closely to ensure a higher order.
Other security thought leaders have echoed similar sentiments.
Refreshingly, security thought leaders are driving cultural change from the top . Besides technological innovation, we are beginning to see changes in sales, diversity and culture . We are growing up, albeit slowly.
Product Innovation, Garbage and Lies
Ping Li, 5Partner at Accel Ventures reminded me that we are still in early innings of a long game . The security sector is evolving rapidly and we are still developing a common nomenclature, a lingua franca for our business . Visibility into systems, managing patches, vulnerabilities and security workflows are still being accomplished with rudimentary tools, Lu said.
Newcomers like Corelight6 (backed by Accel), Awake Networks7 (backed by Greylock Ventures) and EastWind Networks8 (backed by Signal Peak Ventures) are innovating on visibility of traffic and threats . In data security, ThinAir9 and Onapsis10 (securing ERP systems) have carved out an interesting niche in the market while Pwnie Express11 is positioning itself to win the IoT / ICS security market.
Empow Networks12, a Gartner Cool Vendor of 2017 wants to create a novel abstraction layer to manage all security tools effectively and Demisto13 (in which I am an investor) is bringing much needed automation to incident response. Nyotron14 just raised $21 million to redefine endpoint security . As drones grow from a mild nuisance to a significant headache, several security startups like Airspace15 and Dedrone16 have jumped in to protect the three dimensional perimeter.
Calling BS on the marketing hype, several presenters at BlackHat offer an unvarnished view of the state of technology .
In her talk, Garbage in Garbage out17 Hillary Sanders, a data scientist with Sophos18 pointed out that if ML models use sub-optimal training data, the reliability of the models will be questionable, possibly leading to catastrophic failures.
She trained models based on three separate data sources and found that if a model is tested on a different data set, the outcomes varied significantly (See 3 X 3 matrix) . Put it differently, if I was trained to recognize a cat in one school, and if I moved to a different school, my ability to identify a cat will drop dramatically.
Caveat Emptor: Do not believe the ML hype unless you have seen the results on your own data sets . Each vendor will train their models on different data sets, which may not be relevant to your environment . And then as new malware data is discovered, stuff gets stale . Chances are that the model may need to be trained or else could start to behave erratically . We live in an imperfect word indeed.
Feed me some garbage: ML Training and Test Data Variances (Image Courtesy: Hillary Sanders, Sophos Labs)
In another presentation aptly titled, Lies and Damn Lies19 Lidia Guiliano and Mike Spaulding presented an analysis of various endpoint marketing claims and debunked these systematically . They spent five months digging into various endpoint offerings and concluded that threat intelligence simply does not work . While endpoint solutions are better than signature based detection, they are no silver bullets.
When it came to drone security, Bishop Fox20, a security consulting firm took a Mythbusters approach to 21research 86 drone security products . Francis Brown, partner at Bishop Fox presented Game of Drones in which he concluded that the solutions are rife with marketing, but most of them are not yet available.
The study concluded that while the 1st generation drone defense solutions/products are being deployed, there are no best practices .
Everything from drone netting, shooting, confetti cannons, lasers and jammers was being used (including falcons) . The vendors have gone wild indeed . If lasers, missiles and falcons are being deployed, what s next?
BlackHat + DefCon may be the only conference in the world where the forces of creation and destruction operate at the same venue . The builders (Suits) show off their wares at briefings and the hackers (T-shirts) show off their arsenal of how they break stuff both mingle freely, challenge each other and do a thumbs-down / eyeroll at the other side . It s like a weird semi-drunk tribal war dance . And unless the elders of the tribe, like Stamos and Yoran, do not call BS on this childish behavior, we will never grow up.
Innovation in Go-To-Market tactics:
Ben Johnson, CTO of Obsidian Security22 recently raised $9.5 million from Greylock (and since the announcement, has been inundated with Series B interest) . In security, all revenues go to hire even more salespeople he says . Is that a healthy practice ? As co-founder of Carbon Black, Ben called upon over 600 enterprise customers and in his current role, is actively exploring more innovative ways to get the product out .
Indeed, when fear drives sales, innovation is harder . As an industry, we need to look at a better way of selling security products . However there is dearth of intelligent tactics . Partnerships with System Integrators (SIs), Channel Partners, Value added Resellers (VARs) and Managed Security Service Providers (MSSPs) are variants to the theme . Margins and accountability get slimmed down as the number of partners grows. Virgil Security23 a data security company (for which I am an advisor) has built a developer-first platform offering tools to build encryption seamlessly . Virgil offers its security platform as a service and the GTM approach can become highly efficient in such scenarios.
Purple Rain, Culture and Diversity
In his BlackHat keynote, Alex Stamos touched upon the importance of diversity of thought, gender and culture . His call to action included behaving responsibly (and not childishly) within a societal framework.
A large number of people in emerging markets will be using $50 phone, not $800 iPhones how do we protect this new wave of digital citizens ? What is the role of a security professional in the context of law enforcement ? Can we learn to empathize with the product builders, the users, the government?
To the security nihilists, Stamos reminded them that not everyone is out to get you . At a more fundamental level, Caroline Wong, VP of Security Strategy at Cobalt24 presented the security professional s guide to hacking office politics .
Security teams need to know more about the business challenges, not just technology . We should be able to understand the flow of money, not just data she pointed out.
The debates have just started in an open honest fashion and IMHO, culture changes slowly . For now, we have added a new color there were Red Teams and Blue Teams . The offense and the defense . Like two sides of security at a perpetual war . At BlackHat 2017, the concept of Purple Teams was introduced by April Wright, who hopes the two warring factions should cooperate and work well together . And yes she also suggested that security should never be an afterthought to which we all say Amen!
Featured Image: Bryce Durbin/TechCrunch
- ^ Secure Octane (www.secureoctane.com)
- ^ Alex Stamos (www.facebook.com)
- ^ Amit Yoran (en.wikipedia.org)
- ^ Tenable Networks (www.tenable.com)
- ^ Ping Li, (www.accel.com)
- ^ Corelight (www.corelight.com)
- ^ Awake Networks (awakesecurity.com)
- ^ EastWind Networks (www.eastwindnetworks.com)
- ^ ThinAir (www.thinair.com)
- ^ Onapsis (www.onapsis.com)
- ^ Pwnie Express (www.pwnieexpress.com)
- ^ Empow Networks (www.empownetworks.com)
- ^ Demisto (www.demisto.com)
- ^ Nyotron (nyotron.com)
- ^ Airspace (airspace.co)
- ^ Dedrone (techcrunch.com)
- ^ Garbage in Garbage out (www.blackhat.com)
- ^ Sophos (www.sophos.com)
- ^ Lies and Damn Lies (www.blackhat.com)
- ^ Bishop Fox (www.bishopfox.com)
- ^ a Mythbusters approach to (www.bishopfox.com)
- ^ Obsidian Security (www.obsidiansecurity.com)
- ^ Virgil Security (virgilsecurity.com)
- ^ Cobalt (cobalt.io)