You are currently browsing the tag archive for the ‘president’ tag.

UPDATE: I am much happier with how the EO Framework is going to play out based on subsequent messaging by NIST and DHS.  What I said below is still accurate conceptually, just the EO is more ++ in these terms than the — I thought.)

(CAVEAT: I wrote this in about 10 minutes. Please Understand if it’s not complete or poorly worded)

So,  the Executive Order (full text HERE ) looks like it is more focused on an Asset Based risk perspective than a Functions and Business centric one – particularly in the definition and use of the upcoming NIST framework and the determination of criticality. I might be wrong, and a lot hinges on what the NIST framework ends up looking like, but the language as it sits now has me….watchful.  Some thoughts on why an asset-centric approach is problematic:

1. Attackers use different paths to achieve different real world objectives (things blown up, data stolen, etc)

2. Asset criticality therefore changes according to the path the attacker takes, which objectives are chosen, and which defenses are in place. In other words, asset criticality is dynamic.

3. Assets can be protected to a very high level without any assurance whatsoever that undesired consequences are not caused by attacks.

4. Functions and business objective centric protection approaches (such as DHS’s CARMA) linked to capability domain frameworks (such as the ES-C2M2) tied into technical assessments (such as DHS CSET) assure that protection programs and measures are working together to reduce actual dynamic tactical and strategic risks and reduce the risk of ineffective controls inappropriately targeted and configured.

5. Asset centric approaches create static defenses which attackers can work around while functions and business consequence focused approaches actively address the reality of how attacks occur, where controls should be placed, and to what level they must be configured.

6. Functions based approaches also create a more lexically coherent framework that assures all stakeholders are having the same conversation.  Asset Based approaches, though speak to fixed points where each stakeholder may have a different perspective on the goals of any controls.

7. Functions and business consequence driven frameworks can also be more effectively used to determine the success or failure of cybersecurity efforts and provide more realistic and useable metrics and goals.



Here’s basically how our day went down (hopefully Ill edit this later more, it’s a mess…i was REALLY exhausted when I wrote it):

Left the apartment an hour late, but managed to find a cab which took us fairly close to the mall (17th and E or so), so we didnt have to walk and got there on time.  It wasnt as cold as I thought it was going to be, so I left a  layer of clothes at home, which I later regretted.  We got in the 17th and Consistution line, which was the closest but ultimately not the best. The were more people than I’d hoped there would be, but less than I expected. We’ll need to come much earlier inauguration day.  Unfortunately, two things were wrong with the entry we chose, although we couldnt have known this ahead of time.  First, the are on the constitution side of the reflecting pool got -nowhere- near as close to the lincoln memorial as independence ave side did (although realistically, because of things in the way, those guys probably still didnt have a -great- view). So, even if we had been first in, we were still a football field away.  The second issue was that further lines got in just enough earlier that a ton of people went past before we could get in.

So, the early morning plan of attack ended up being a miss. We were packed in about 30-50 people deep trying to get that extra foot closer, but behind us it didnt seem to start to fill up for ages.

Paivi and I decided we’d rather not wait from 9am-2pm for a crappy view, so we wandered out to have coffee on 17th at that Caribou.

On the way out, though, we DID get to see Snipers setting up:

This proved fortuitous, because we ended up seeing Mr Obama twice within 25 yards of us (one of those times he waved at us).  It was on the way back from coffee/lunch near the old executive building. He drove past in that awesome caddy he has and we could see him inside looking at us, smiling, and waving.

Barack Obamas Caravan before the We Are One concert

Barack Obama's Caravan before the We Are One concert

The second time was when he left an hour or so later for the concert. I thought I saw his figure outlined in one of the windows, but he was definittely in one of the cars. I have a video of  Obama driving by here:

While we were waiting for him to come out a second time, a youngish asian lady had a megaphone and kept chanting that she knew how to make world peace happen if only obama would show us his birth certificate. Every time someone would bitch at her to STFU, she’s megaphone that she was being harassed to the police. As if. Im sure at that point in the day, they wouldve been more than happy to do a little harassing themselves.

We wandered back to the concert after that and ran into Doug and Nofcna (Nguyet) near the “Homo-Sex is a National Security Issue” fuckers.  We tried to get back in to the main area, but at this point the checkpoints seemed to be closing.  We opted to go check out the concert from the Jumbo-tron nearest to Independence Ave by the WWII memorial.  At first, the sound was really bad. Doug and Nguyet eventually took off, discouraged that they could neither see nor hear. Fairly soon, though, the sound started to come through louder and we really enjoyed the show, even from so far back.

Some notes about the show:

a) Im pretty sure I could actually hear Biden’s actual voice echoing back to us. That guy was loud!
b) Im not a country music fan, but Garth Brooks is wildly successful for a reason
c) The “young adults” – all 10 of them – climbing on the tree nearby were about to tip it over. Their parents did a really crappy job raising them.
d) My wife is in love with Bono
e) Watching snipers scramble up onto towers is scary and unnerving, as are police in face-covering black masks with sunglesses
f) The rudest people are 50 year old successful white men
g) Tom Hanks presentation wouldve gone MUCH better if he’s been playing Forrest Gump up there
h) The Boss seemed to be trying to hard
i) Crowds singing along to songs rock
j) Barrack seems to have given the same speech in Baltimore?
k) Tiger Woods is not a good public speaker
l) Shakira, Usher, and Stevie Wonder worked well together
m) No one knew much about Josh Groban, but everyone seemed to have something to say about him
n) The scripts felt like a really slick advertisement.
o) Obama better know what he’s getting into and better be able to pull it off, because it is a long, fast, sad road down from this kind of a pedestal.

Afterwards, the roads out were clogged for pedestrians by pedestrians. It moved as a snails pace.

Paivi and I skipped that road (the one behind the washington monument) and fought our way across the mall directly. This ended up being much faster…much much faster.  We followed the mob up towards dupont circle and it wasnt really until past K street that the entire road wasnt packed with pedestrians. It felt like we were marching for something, but we were really just going home.

Yes We Can!

Yes We Can!

Made it Dupont area, had dinner, metro’d home.

Really a nice day, ultimately, if exhausting.

As an aside – today we were at the Georgetown Barnes and Noble and ran into the same girl who was standing next to us the day of the concert. Crazy small town!

Follow me on Twitter

My Art / Misc. Photo Stream