My good friends Brad and Ryan recorded episode 70 last week, and the topic was voting machine security. If you missed it, go check it out. Kudos to those guys, the show was great!
The Twilight Zone
Crazy. Life over the course of the last week was like an episode right out of Twilight Zone.
I was on vacation last week, taking a planned seven day cruise out of Long Beach, California. Cruises are a great vacation option for anyone who wants to disconnect from the world for a while. Connectivity on a boat is terrible, so why bother trying?
Never in my life has the world changed so much in a week.
When we flew out of Minneapolis on Friday (3/6) morning, the world seemed sort of normal. Sure, there was an increased awareness of the Coronavirus disease (COVID-19), but fear and panic appeared to be in check. Our collective awareness led to more people washing their hands, more people covering their mouths when they coughed or sneezed, and more use of various sanitizers. Occasionally, I’d run into someone wearing a surgical mask, but it wasn’t alarming or all that unusual.
The Cruise
We left the hotel for the cruise terminal on Saturday (3/7) around noon. As we got closer, we got our first glimpse of Carnival’s newest ship, the Panorama, and the excitement started to build. Seven days of sun and much needed rest. Something seemed off though. When we pulled up, we noticed there were hundreds of people just standing around with their bags. Nobody from the previous cruise was being allowed off the ship for some reason. Rumors were spreading and things were getting weird. After an hour or so, Carnival sent this message:
Thank you for your patience. Debarkation remains suspended pending medical test results for a guest who was on board last weeks cruise. Results are expected sometime after 6PM. Please do not proceed to the cruise terminal as the parking garage is full. We apologize for this delay and will provide an update in two hours.
Next, the news media started arriving in troves. Within minutes, news stories were already been published.
- Carnival cruise ship suspends debarkation in Long Beach as crews investigate ‘medical matter’ – https://www.fox10phoenix.com/news/carnival-cruise-ship-suspends-debarkation-in-long-beach-as-crews-investigate-medical-matter
- Carnival Cruise Ship Passenger To Be Tested For Coronavirus, Passengers Remain On Ship Docked In Long Beach – https://losangeles.cbslocal.com/video/4474967-carnival-cruise-ship-passenger-to-be-tested-for-coronavirus-passengers-remain-on-ship-docked-in-long-beach/
- Carnival Cruise Ship Passenger Tests Negative For Coronavirus; Disembarkation Set For Sunday – https://losangeles.cbslocal.com/2020/03/07/passengers-medical-matter-causes-carnival-cruise-ship-to-suspend-disembarkation-in-long-beach/
- Finally! Cruise passengers eagerly disembark the Carnival Panorama in Long Beach – https://www.mercurynews.com/2020/03/08/finally-cruise-passengers-eagerly-disembark-the-carnival-panorama-in-long-beach/
Carnival didn’t cancel our cruise, so we spent the night at the Long Beach Airport Hampton Inn, and went back to the cruise terminal on Sunday (3/8) morning. All the cruisers from the previous cruise had left, and we were permitted to board. Embarkation went off without a hitch, and before we knew it, we had arrived!
Our cruise was cut from seven days to six, and our originally planned visit to Mazatlan was cancelled. No matter, we were (and are) grateful for everything! Some people were mad, but what the hell?! One day in the sun is better than none! Even if they would have cancelled the cruise altogether, we would have been grateful.
This started the six days of limited (or no) connectivity for us. Almost like we were cut off from the world for a while.
Back on Land
On Saturday (3/14), we arrived back in Long Beach. The hot topic on the ship was all the chaos that the coronavirus (and media) had caused. We got connectivity again, and whoa! You’d think the world had lost its mind. Every news channel was dominated by the coronavirus. Seemed like bad news was everywhere and we’d stepped into an apocalyptic Twilight Zone episode.
What happened over the past six days?! Is the world ending? No, it’s not, despite what you might think from reading the news.
Store shelves are bare, there’s no toilet paper to be found, people are standing in long lines to buy everyday goods, people are physically assaulting each other over innocent items like sanitizing wipes, the NCAA cancelled the men’s and women’s national basketball tournaments, the NBA season is postponed (or cancelled), the NHL season is postponed (or cancelled), schools are closed, Disneyland and Disneyworld are closed, flights are cancelled between the United States and dozens of other countries, conferences and concerts are being cancelled, etc., etc.
Reality
Did thousands, or God-forbid, millions of people die while we were away on this six-day cruise? No, not really.
By the end of the day on Saturday (3/14), there were 3,043 confirmed infections in the United States and 60 deaths. Every single illness and every single death is significant, especially to loved ones, but are these numbers that should cause panic? There are some 329,000,000 people in the United States. Using rough math, the infection rate in the United States has grown to .000925% and the mortality rate for those who are infected (meaning those who were infected and died) is 1.9%. This means that one in every 108,000 people has become infected, and even if you were infected, you stand a 98.1% chance of surviving.
The math is good, but the inputs are extremely variable. These numbers are going to change, I know. If we don’t take action now, the numbers will be much worse than they should/could be, I know this too.
I’m not making any sort of case against taking proper precautions. Things like social distancing, cancelling group gatherings, and all of the (common sense, or should be common sense) sanitary measures like hand washing, mouth covering, etc., are prudent things to do. What’s wrong is the panic! People need to think and stop the panic.
We deal with panic on a much smaller and less significant scale every time we help a client through a troubling event or incident. In these cases, we always confront panic with facts. Panic is always bad. Panic makes things worse. Panic is NOT good for you. Panic makes you more susceptible to harm and opens you up to making poor decisions.
- For those who are using this pandemic and panic to profit off other people – You suck and your actions are despicable.
- For those who are using this pandemic and panic for political gain at the expense of others – You suck. Learn some decorum, stop dividing and start uniting. There’s a time for politics and responding to a pandemic is not one of those times.
- For those who are not taking this seriously by taking proper and prudent precautions – You also suck and you’re putting others at unnecessary risk.
We are all in this together, and we all need to work together.
Seriously, don’t panic!
What does all this have to do with the UNSECURITY Podcast?
Lots! There are significant information security implications related to the coronavirus pandemic and the panic that has come from it. All of this is going to be our base for conversation in this episode.
On to the actual notes now…
SHOW NOTES – Episode 71
Date: Monday, March 2nd, 2020
Show Topics:
- OpeningCatching up.
- CoronavirusWhat’s happened?
- What are we doing?
- Information security implications
- Business continuity, disaster recovery, and pandemic planning.
- How does working from home affect information security?
- What are the most important precautions?
- If you haven’t planned well, it’s not too late.
- How you can use S2Me and S2Team to make better choices.
- News (non-coronavirus)
Opening
[Evan] Hello listeners, this is another episode of the UNSECURITY Podcast. My name is Evan Francen, this is episode 71, and the date is March 16th, 2020. Joining me in studio is my buddy Brad Nigh. Good morning Brad!
[Brad] If it’s a good morning for Brad, we’ll know by how he responds.
[Evan] It’s good to be back. What the heck happened while I was out?
Catching Up
[Evan] Did you happen to read my Twilight Zone reference about what it was like to be gone for a week, then to come back to what seemed like utter chaos?
[Brad] Of course he did. Brad’s good at preparation and stuff.
[Evan] Let’s talk about the elephant in the room, the coronavirus pandemic. Last week, the World Health Organization (WHO) declared that coronavirus is a pandemic. Nothing has been the same since. Let’s discuss some facts, our opinions, and give some advice to our listeners, based upon our own information security experience.
Coronavirus Discussion
IMPORTANT: Get your priorities straight; God, family, friends, work, etc., but don’t let your guard down. Attacks always increase in frequency during major events. Attackers know that many people are preoccupied mentally and physically, and they won’t/don’t hesitate to take advantage of the situation.
Be as vigilant with information security as you always have. In fact, be more vigilant than ever!
We’ll address all this (and probably more):
- What’s happened?
- What are we doing?
- Information security implications
- Business continuity, disaster recovery, and pandemic planning.
- How does working from home affect information security?
- What are the most important precautions?
- If you haven’t planned well, it’s not too late.
- How you can use S2Me and S2Team to make better choices.
[Evan] Thanks for sharing and thank you for the great discussion! To wrap this up, I’d like to highlight two online discussions that I had the other day about coronavirus on Twitter. The first started with a question posed by a Twitter user:
Twitter User: So how are you talking to your children about the pandemic?
A good question for sure. My answer:
Me; I’m telling them to wash their hands, cover their mouths when they cough or sneeze, and to be kind to others. Like I always have. I also tell them the world is a wonderful but dangerous place. They’ll be OK.
The other discussion also happened on Twitter. This Twitter user was calling for us (U.S. citizens) to vote everyone out of office because of the coronavirus (and probably their response). In this exchange, I responded with a question:
Did we have the same reaction with H1N1 that infected more than 59 million Americans and killed more than 12,000? It was only 10(ish) years ago.
Rather than engage in a discussion, this Twitter user blocked me. 🙁 I didn’t think my question was offensive. It certainly wasn’t meant to be. Maybe this Twitter user was more motivated by politics than any sort of constructive conversation. Sadly, politics get in the way of working together for solutions. Please don’t be like this Twitter user!
News
[Evan] Alright, let’s talk about a non-coronavirus story (or two). Remember, attacks aren’t going to stop because you’ve self-quarantined. Quite the opposite is true, sadly. Here’s two news stories to consider this week:
- Massive cyber attack hit the town hall of Marseille ahead local election – https://securityaffairs.co/wordpress/99658/malware/marseille-city-massive-attack.html
- Ex-CIA Official Allegedly Leaked CIA’s Secret Hacking Tools To WikiLeaks – https://gbhackers.com/joshua-schulte-cia/
Closing
[Evan] There you have it. Episode 71. It’s good to be home. Let’s hope and pray for a good week with some sanity. Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet like that. I’m @evanfrancen, and Brad’s @BradNigh. Check out @studiosecurity and @FRSecure frequently. They’re always posting good things!
Both Brad and I are praying for health for you and your family. Please don’t panic, and make good decisions.
That’s it. Talk to you all again next week!