cyber_security   213

« earlier    

Marty Chavez Muses on Rocky Times and the Road Ahead
NOV. 14, 2017 | - The New York Times | By WILLIAM D. COHAN.

Mr. Chavez is about as far from the stereotypical Wall Street senior executive as you can imagine, and that is one reason his musings about the future direction of Wall Street are listened to carefully.

He grew up in Albuquerque, one of five children, who all went to Harvard. He got a doctorate in medical information sciences from Stanford University. (At that time, he was known by his full name Ramon Martin Chavez.)

In 1990, Mr. Chavez came out, the day after he defended his doctoral dissertation. – “Architectures and Approximation Algorithms for Probabilistic Expert Systems.” He is one of the few openly gay executives on Wall Street. ......In his current role as Goldman's CFO, Marty views his job as a simple one that is hard to get right: “I’m not paid or evaluated on the accuracy of my crystal-ball predictions,” he said. “I’m paid to enumerate every possible outcome and do something about every possible outcome well in advance, when it’s still possible to do something, because once it’s happened it’s too late.”....Unlike many of his peers on Wall Street, Mr. Chavez does not complain about the extent of the regulation that hit the financial industry as a result of Dodd-Frank. Generally speaking, he says, the regulations have helped banks “confront their problems and capitalize and bolster their liquidity,” making them “stronger as a result,” and the financial system safer and more profitable.....Instead of complaining about the extra expense and manpower required to comply with the mountain of new regulations, Mr. Chavez chooses instead to think about it differently. “If you approach the regulations as ‘Oh, we’ve got to comply,’ you’ll get one result,” he said. He prefers thinking about the regulations as, “This makes us and the system and our clients safer and sounder, and yes it’s a lot of work, but what can we learn from this work and how can we use this work in other ways to make a better result for our shareholders and our clients? Everywhere we look we’re finding these opportunities and they’re very much in keeping with the spirit of the times.”

Like any good senior Goldman executive, he does worry. (Lloyd Blankfein, the Goldman chief executive, once told me he spent 98 percent of his time worrying about things with a 2 percent probability.)

His biggest concern at the moment is the risk of “single points of failure” in the vast world of cybersecurity. He worries about any individual “repository of information” that does not have a backup and that can “be hacked.”

He does not even trust Goldman’s own computer system; he treats it as a potential enemy.

.....What also makes Goldman different from its peers is the firm’s love affair with engineers. At the moment, he said, engineers comprise around 30 percent of Goldman’s work force of about 35,000. It’s what drew him to Goldman in the first place — to work on Goldman’s in-house software, “SecDB,” short for “Securities Database,” an internal, proprietary computer system that tracks all the trades that Goldman makes and their prices, and regularly monitors the risk that the firm faces as a result.

He said the system generates some million and a half points of data that were used to calculate, for the first time, the firm’s “liquidity coverage ratio” — now 128 percent — and that were shared with regulators every day. He’s been busy trying to figure out how the newly generated data can be used to help him understand what the firm’s liquidity will be a year from now.

That way, he said, in his principal role as Goldman’s chief financial officer, he can perceive a problem in plenty of time to do something about it. “We’re able to get much better actionable insights that make the firm a less risky business because we’re able to go much further out into the future,” he said......
Goldman_Sachs  Martin_Chavez  Wall_Street  SPOF  think_differently  CFOs  actionable_information  engineering  databases  information_sources  SecDB  proprietary  Dodd-Frank  regulation  cyber_security  improbables 
29 days ago by jerryking
Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core
NOV. 12, 2017 | The New York Times | By SCOTT SHANE, NICOLE PERLROTH and DAVID E. SANGER.

“These leaks have been incredibly damaging to our intelligence and cyber capabilities,” said Leon E. Panetta, the former defense secretary and director of the Central Intelligence Agency. “The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected.”
data_breaches  hacking  vulnerabilities  counterintelligence  counterespionage  moles  malware  ransomware  Fedex  Mondelez  Edward_Snowden  security_&_intelligence  Russia  Leon_Panetta  NSA  cyber_security  cyber_warfare  cyberweapons  tools  David_Sanger 
4 weeks ago by jerryking
Pentagon Turns to High-Speed Traders to Fortify Markets Against Cyberattack
Oct. 15, 2017 7| WSJ | By Alexander Osipovich.

"What it would be like if a malicious actor wanted to cause havoc on U.S. financial markets?".....Dozens of high-speed traders and others from Wall Street are helping the Pentagon study how hackers could unleash chaos in the U.S. financial system. The Department of Defense’s research arm, DARPA, over the past year and a half has consulted executives at high-frequency trading firms and quantitative hedge funds, and people from exchanges and other financial companies, participants in the discussions said. Officials described the effort, the Financial Markets Vulnerabilities Project, as an early-stage pilot project aimed at identifying market vulnerabilities.

Among the potential scenarios: Hackers could cripple a widely used payroll system; they could inject false information into stock-data feeds, sending trading algorithms out of whack; or they could flood the stock market with fake sell orders and trigger a market crash......Among potential targets that could appeal to hackers given their broad reach are credit-card companies, payment processors and payroll companies such as ADP, which handles the paychecks for one in six U.S. workers, participants said.....The goal of Darpa’s project is to develop a simulation of U.S. markets, which could be used to test scenarios, Such software would need to model complex, interrelated markets—not just stocks but also markets such as futures—as well as the behavior of automated trading systems operating within them....Many quantitative trading firms already do something similar.......
In 2009, military experts took part in a two-day war game exploring a “global financial war” involving China and Russia, according to “Currency Wars: The Making of the Next Global Crisis,” a 2011 book by James Rickards. ....“Our charge at Darpa is to think far out,” he said. “It’s not ‘What is the attack today?’ but ‘What are the vectors of attack 20 years from now?’”
Pentagon  financial_markets  financial_system  vulnerabilities  high-frequency_trading  DARPA  traders  hedge_funds  Wall_Street  hackers  books  rogue_actors  scenario-planning  scenario  cyber_security  cyber_warfare  cyberattacks 
8 weeks ago by jerryking
SEC Chief Wants Investors to Better Understand Cyberrisk - WSJ
Sept. 5, 2017 | WSJ | By Dave Michaels.

The chairman of the Securities and Exchange Commission said Tuesday that regulators and Wall Street need to do more to educate investors about the serious risks that companies and the financial system face from cyberintrusions.

Jay Clayton, speaking at an event sponsored by New York University’s School of Law, said investors still don’t fully appreciate the threat posed by hackers. “I am not comfortable that the American investing public understands the substantial risk that we face systemically from cyber issues and I would like to see better disclosure around that,” Mr. Clayton said.
SEC  cyber_security  cyberthreats  cyberrisks  risks  hackers  cyberintrusions  regulators  Wall_Street  data_breaches  disclosure 
september 2017 by jerryking
Maersk CEO Soren Skou on how to survive a cyber attack (reader responses)
The article doesn't tell anything of value. It's a shortcoming regarding the standard of the FT. This CEO doesn't say anything despite that he took part in confcalls. Wow. 

As an outsider it would...
letters_to_the_editor  Maersk  cyber_security  cyberattacks  FT  interpretative  from notes
august 2017 by jerryking
Global shipping boss charts course through troubled waters
August 14, 2017 | Financial Times | by Richard Milne.

When AP Moller-Maersk came under cyber attack this year, chief executive Soren Skou was presented with a very basic problem: how to contact anyone. The June attack was so devastating that the Danish conglomerate shut down all its IT systems. The attack hit Maersk hard. Its container ships stood still at sea and its 76 port terminals around the world ground to a halt. ...Skou had no intuitive idea on how to move forward....Skou was “at a loss”, but he decided to do three things quickly.
(1) “I got deep in.” He participated in all crisis calls and meetings. “To begin with, I was just trying to find out what was happening. It was important to be visible, and take some decisions,” he says. Maersk is a conglomerate, so IT workers needed to know whether to get a system working for its oil business or container shipping line first.
(2) He focused on internal and external communication. Maersk sent out daily updates detailing which ports were open and closed; which booking systems were running and more. It also constructed a makeshift booking service from scratch.
(3)Skou says he made sure frontline staff in the 130 countries it operates in were able to “do what you think is right to serve the customer — don’t wait for the HQ, we’ll accept the cost”.

He says that he has learnt there is no way to prevent an attack. But in future, the company must “isolate an attack quicker and restore systems quicker”. He adds that Maersk will now approach its annual risk management exercises in a different spirit. “Until you have experienced something like this — people call them ‘black swan’ events — you don’t realize just what can happen, just how serious it can be.”

Danish conglomerate AP Moller-Maersk is planning to expand into transport and logistics ...

....Mr Skou’s plan for Maersk is about shrinking the company to grow — a “counterintuitive” approach, he concedes. Maersk’s revenues have stagnated since the global financial crisis and the solution has been to jettison what has often been its main provider of profits, the oil business.

In its place, Mr Skou has already placed his bet on consolidation in the shipping industry.....His real push is in bringing together the container shipping, port terminals, and freight forwarding businesses so as to make it “as simple to send a container from one end of the world to the other as it is to send a parcel with FedEx or UPS”. That requires quite a cultural shift in a group where independence was previously prized.....Another priority is to digitalise the group. “It is pretty messy,” Mr Skou says cheerfully. Unlike most businesses selling to consumers who offer few possibilities to change much, almost everything is up for negotiation between Maersk and its business customers — from delivery time, destination, cost, speed, and so on. “It’s easy to talk about digitalising things; it’s quite difficult to do in a B2B environment. It’s hard to digitalise that complexity,”
crisis  crisis_management  malware  cyber_security  cyberattacks  conglomerates  black_swan  improbables  CEOs  Denmark  Danish  IT  information_systems  think_threes  post-deal_integration  internal_communications  counterintuitive  digitalization  shipping  ports  containers  Maersk 
august 2017 by jerryking
Businesses must quickly count the cost of cyber crime
8 July /9 July 2017 | Financial Times | Brooke Masters.

Transparency without the full facts can be dangerous....Cyber attacks are frightening and hard for investors to evaluate. Quantify, to the extent possible, the impact as quickly as you can.
malware  Mondelez  cyber_security  WPP  transparency  cyberattacks  brands 
august 2017 by jerryking
Prepare to be hacked
| Financial Times | Madhumita Murgia.

"the longer-lasting impact on the human psyche has remained large unexplored".....psychological harm of cyber war can affect wellbeing nonetheless...."Today, with attacks like WannaCry and Petya, we are entering the era of intelligence,"...'moving from locks to surveillance to early detection"
cyber_security  hackers  cyberthreats  malware 
august 2017 by jerryking
U.S. Cyberweapons, Used Against Iran and North Korea, Are a Disappointment Against ISIS - The New York Times
By DAVID E. SANGER and ERIC SCHMITT JUNE 12, 2017.

In 2016, U.S. cyberwarriors began training their arsenal of cyberweapons on a more elusive target, internet use by the Islamic State. Thus far, the results have been a consistent disappointment......The effectiveness of the nation’s arsenal of cyberweapons hit its limits against an enemy that exploits the internet largely to recruit, spread propaganda and use encrypted communications, all of which can be quickly reconstituted after American “mission teams” freeze their computers or manipulate their data..... the U.S. is rethinking how cyberwarfare techniques, first designed for fixed targets like nuclear facilities, must be refashioned to fight terrorist groups that are becoming more adept at turning the web into a weapon......one of the rare successes against the Islamic State belongs at least in part to Israel, which was America’s partner in the attacks against Iran’s nuclear facilities. Top Israeli cyberoperators penetrated a small cell of extremist bombmakers in Syria months ago, the officials said. That was how the United States learned that the terrorist group was working to make explosives that fooled airport X-ray machines and other screening by looking exactly like batteries for laptop computers......ISIS' agenda and tactics make it a particularly tough foe for cyberwarfare. The jihadists use computers and social media not to develop or launch weapons systems but to recruit, raise money and coordinate future attacks.

Such activity is not tied to a single place, as Iran’s centrifuges were, and the militants can take advantage of remarkably advanced, low-cost encryption technologies. The Islamic State, officials said, has made tremendous use of Telegram, an encrypted messaging system developed largely in Germany......disruptions often require fighters to move to less secure communications, making them more vulnerable. Yet because the Islamic State fighters are so mobile, and their equipment relatively commonplace, reconstituting communications and putting material up on new servers are not difficult.
ISIS  NSA  security_&_intelligence  disappointment  Israel  encryption  disruption  London  London_Bridge  tools  cyber_security  cyberweapons  vulnerabilities  terrorism  Pentagon  U.S._Cyber_Command  campaigns  David_Sanger 
june 2017 by jerryking
Russian malware link hid in a comment on Britney Spears' Instagram
Sometimes weird comments are secret messages: "Russian malware link hid in a comment on Britney Spears' Instagram - "
cyber_security  social_media  from twitter
june 2017 by chrisdymond

« earlier    

related tags

accel  actionable_information  alumni  andreessen_horowitz  anti-corruption  apple  arms_race  asia_pacific  asian  australia  autocrats  bank_of_canada  banks  bay_street  bf  big_law  bitcoin  black_markets  black_swan  blacklists  blackmail  blackrock  blg  blindfla  blockchain  boards_&_directors_&_governance  books  bounties  brands  brokerage_houses  business-continuity  campaign_2016  campaigns  capabilities  ceos  cfos  china  chinese  cia  cios  cloud_computing  coding  communicating_&_connecting  competitiveness_of_nations  conglomerates  connected_devices  containers  counterespionage  counterintelligence  counterintuitive  criminality  crisis  crisis_management  cryptography  cyber_warfare  cyberattacks  cybercrime  cyberintrusions  cyberrisks  cyberthreats  cyberweapons  danish  dark_web  darpa  data  data_breaches  databases  david_sanger  deception  defensive_tactics  delegitimization  denmark  destabilization  deterrence  digital_currencies  digital_shadows  digitalization  disappointment  disclosure  disinformation  disruption  dnc  dodd-frank  domain  donald_trump  drones  e-commerce  economic_warfare  edward_snowden  encryption  engineering  espionage  europe  exploits  fbi  fedex  financial_advisors  financial_institutions  financial_markets  financial_system  fingerprints  fireeye  five_eyes  frequency_and_severity  from  fsb  ft  game_changers  geopolitics  goldman_sachs  gru  hackergate  hackers  hacking  hacks  hedge_funds  high-frequency_trading  hillary_clinton  humint  identity_theft  idf  idt  illumio  improbables  inaugurations  indonesia  industrial_espionage  industrial_internet  influence_campaigns  infographics  information_sources  information_systems  information_warfare  insurance  internal_communications  international_system  internet  interpretative  iphone  iran  isight  isis  israel  israeli  it  ivey  james_clapper  james_comey  kaspersky_lab  kellyanne_conway  konrad_yakabuski  ktp  land_claim_settlements  law_firms  left_of_the_boom  leon_panetta  lessons_learned  letters_to_the_editor  london  london_bridge  m&a  maersk  malware  manhattan_project  martin_chavez  massive_data_sets  masters  mcafee  measurements  media  mergers_&_acquisitions  michael_hayden  microsoft  missteps  mobile_applications  mobile_phones  moles  mondelez  motivations  my  mydata  national_security  nato  network_risk  neuroscience  new_zealand  noise  north_korea  nsa  nyt_how_to  obama  offensive_tactics  oil_industry  one-size-fits-all  outcomes  outsourcing  overreach  paradigm_shifts  paranoia  passwords  patrick_martin  pentagon  personal_data  personal_finance  philip_delves_broughton  phishing  ports  post-deal_integration  power_grid  pre-emption  predictions  preet_bharara  preparation  privacy  product_recalls  productivity  professional_service_firms  proprietary  public_relations  public_sector  punitive  putin  quantum_computing  ransomware  regulation  regulators  remote_monitoring  resilience  retailers  retaliation  retribution  risk-management  risks  rogue_actors  russia  saas  samsung  sanctions  scenario-planning  scenario  sean_spicer  sec  secdb  securities_industry  security  security_&_intelligence  sensors  sent  sharing_economy  shin_bet  shipping  sigint  small_business  sme  social_media  software  software_bugs  sony  sony_pictures  spof  spycraft  spymasters  start_ups  stuxnet  subscriptions  surveillance  symantec  tanzania  terrorism  think_differently  think_threes  thinking_holistically  threat_intelligence  threats  tips  tools  traders  transparency  trump  twitter  u.s.  u.s._cyber_command  uk  unit_8200  united_kingdom  vault7  vc  venture_capital  victimhood  virtual_currencies  vladimir_putin  vulnerabilities  wall_street  white_house  wikileaks  wiretap  wpp  wwii  xbox 

Copy this bookmark:



description:


tags: