James Carlini

Subscribe to James Carlini: eMailAlertsEmail Alerts
Get James Carlini via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: CyberSecurity Journal, Blockchain

Book Excerpt



In the Age of global cyberattacks, corporate enterprises and government agencies which have some type of cloud-based network solutions should be looking at a more resilient, strategic design focus.  It must guarantee a very secure intelligent infrastructure unsusceptible to cyberattacks or natural disasters.

In a recently published whitepaper written for the National Military Intelligence Foundation's American Intelligence Journal, I outlined the concept of Attaining Global Net Superiority and why we need to implement that concept. Here is an overview:


Hardening an organization's data center as well as its networks (and clouds) is a critical step to insuring its business continuity.  In today's corporate business environment, many organizations cannot survive if their core applications are out-of-service for a couple of days.

Forget "disaster recovery" as it is both a dated term and dated concept. Disaster recovery is an outmoded term like data processing. Its design concepts are obsolete.

Business continuity, where enterprise operations continue through the duration of the disaster, is a more robust design approach to system and network resiliency.

If the corporate (or government) network infrastructure is not fully protected or resilient from cyberattacks and other threats, the functionality of its cloud will be compromised whether it is a public or private cloud.

Why is this so important?  If you are looking at any cloud-based computing or enterprise products, they better be bulletproof especially if they are carrying time-sensitive mission critical applications for your enterprise or information deemed private and confidential (like customer credit card information or health records).

IT execs, who are not asking hard questions as to the "resiliency and robustness" of some of the inter-workings these cloud products, will be the first ones suffering when their organizations is exposed as having a data leak, a network failure, or a loss of all customer records and credit card information due to a cyberattack. Of course, this also applies to government systems and networks as well.

More resilient systems, which are not susceptible to disasters and outages, are what should be planned and designed, especially for any organization's mission critical applications. We are not at that point today with current implementations.



In the whitepaper, NANOKRIEG: ATTAINING GLOBAL NET SUPERIORITY, I discuss some of the following concepts. We need to be prepared for a totally different type of asymmetrical warfare that depends on a totally different type of weaponry and response time:

Cloud computing, the Internet of Things (IoT), the Internet of Everything (IoE), 5G Networks, FirstNet (the First Responders' Network), and other cutting-edge concepts will not materialize successfully in the future, if their supporting intelligent infrastructure is not solid and resilient against attacks.  Gaping holes, ineffective threat intelligence tools, lack of adherence to security policies, and hidden vulnerabilities in defensive, architectural frameworks against cyberattacks and EMP bombs, will guarantee failure.

Compared to Blitzkrieg (the Nazi Lightning War strategy) of the Second World War, the inventions of new software-based weapons (i.e. stuxnet, Flame, Nimda) have made many traditional weapons systems, defense platforms, and war strategies obsolete.

The ability to have total synchronicity of multiple attacks to 1000s of locations and precision timing down to the microsecond are just two key logistics parameters providing a totally different definition of what a focused attack can accomplish in a targeted, asymmetrical war.

A question to ask all military branches, government agencies, and civilian corporate data centers and server farms: "Are your electronic assets fully protected?" They are not, according to the latest security studies.

When it comes to identifying and categorizing cyberattacks, the latest study done by Verizon showed that 90% of cyberattacks can be sorted into nine categories.

"Our analysis shows that upwards of 90% of all real world incidents fall into just 9 basic patterns when you slice through all the fear, uncertainty and doubt that's so common in the cybersecurity narrative." observes Bryan Sartin, Executive Director, Global Security Services at Verizon on a 2017 podcast discussing the outcome and summary of their annual (2017) Data Breach Investigations Report.

In one respect, that sounds like a great starting point to build rigorous cyber defenses.  You could cover 90% of all the different approaches following their research and conclusions, but what about the other 10% that is left?

10% is a huge gap.  Huge enough to drive past all the other established cyber defenses and create a virtual avoidance of the digital Maginot Line created by those who think it is impenetrable.

When you are looking at cybersecurity, a 10% gap in security is totally unacceptable. One percent would probably be considered too large a gap, but if you can cover 90% of that final 10%, you would be well above anything that is currently in place.

No system is 100% secure. "Always-on resiliency" is not attainable. The goal should be to add that last 9% (the 90% of the final 10%) of cyber defenses that would block attacks. THAT is attaining Global Net Superiority.   (See Diagram)


I have said this in previous columns. Too many IT executives buy off on glossy brochures and catchy buzz-phrases about the "Internet of Things" and "Cybersecurity" spun out by the "P.T. Barnum-like", vendor evangelists in their corporate-logo golf shirts.

Do not get hung up on long discussions of "Best Practices" when it comes to cyber and asymmetrical warfare. Let the pseudo-experts tackle that. Cybersecurity is always adapting as cyberattacks are always transforming and morphing into different approaches.

It is more a matter of focusing on a quality methodology of Total Continual Improvement (TCI) or establishing "Leading Practices" that constantly adapt because everything is moving and transforming at a fast pace.

What was considered a "Best Practice" last year, could be totally obsolete this year. Those who point backward on what they accomplished or established in security policies are usually pointing at something already considered obsolete by those looking and aiming forward.

"Leading Practices" is a better operational policy to adhere to.  "Leading Practices" means you are constantly reviewing and updating your "Best Practices" rather than sitting back and pointing to what you put in place three years ago expecting accolades from your peers. (Three years is more than a lifetime in cybersecurity issues)

To receive a full copy of the whitepaper, please contact the author at - james.carlini@sbcglobal.net

His visionary book, LOCATION LOCATION CONNECTIVITY is available on AMAZON.


Follow daily Carlini-isms at www.TWITTER.com/JAMESCARLINI

Copyright 2018 - James Carlini


More Stories By James Carlini

James Carlini, MBA, a certified Infrastructure Consultant, keynote speaker and former award-winning Adjunct Professor at Northwestern University, has advised on mission-critical networks. Clients include the Chicago Mercantile Exchange, GLOBEX, and City of Chicago’s 911 Center. An expert witness in civil and federal courts on network infrastructure, he has worked with AT&T, Sprint and others.

Follow daily Carlini-isms at www.twitter.com/JAMESCARLINI

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.