Search This Blog

Fighting The Real War On Terror

I always want to get out of the Washington bubble and learn what real people think, so to speak. At times, I'll see sentiments like this:

"The events you see happening in this world are not as they appear. A small group of rich people controls the world, and what they want is a one-world government." 

Basically it's a conspiracy theory. If you add the words "Jewish bankers" after "rich" and subtract "people," the theory becomes an anti-Semitic stereotype.

As it happens, I came across the following sentiment the other day, which relates somewhat to the first one. 

"The only thing preventing world domination by the wealthy is religion."

And another concept:

"There will be a war in the End of Days, eventually followed by Judgment Day."

In my mind I put these ideas together. 

Absent Divine intervention, it is clear that we are headed toward some kind of explosive conflict in the world.

But G-d always creates a method by which we can avert the natural course of events.

Specifically, when we turn toward Him in faith, and pray for mercy, miracles happen.

What if the real war on terror had nothing to do with weapons?

What if people of all faiths and no faiths got together and decided to surrender everything to G-d?

This doesn't mean adopting each other's religions. It means ending religious war, ending war entirely, and turning to the One and Only.

It doesn't sound likely to happen. But we might want to consider, in a world that celebrates conflict, fighting, aggression, and attack - the strength it would take for all of us to put our weapons down. And pray.

All opinions my own.

An Oldie But A Goodie - "CBP 101," Circa 2007

Stumbled across this presentation I did many years ago...don't know who posted it online:

PPT – CBP 101 PowerPoint presentation | free to view

Let Us Remember - Then Let Us Forget

Auschwitz memorial services are about remembering. Those who forget the past are doomed to see it repeat itself.

But the ultimate point of remembering is forgetting. We want to move on with life and deal with one another in perfect faith, like innocent children who haven't yet learned the terrible ways of the world.

G-d teaches us through example. We ask for forgiveness and are forgiven. It is as if nothing happened.

Unfortunately some people distort G-d's ways out of evil intentions. They deny the past and pretend all is well in the present.

Think critically, and do not be fooled.

All opinions my own.

Text of New Cyber-Vandalism Response Toolkit

Disclaimer: This toolkit is only a collection of suggested best practices. No warranty is expressed or implied.

Cyber security for social media should be the #1 concern of anyone communicating online in this way. A federal working group has developed an outstanding guide, useful to any public or private organization. I want to help promote this message and so am cutting and pasting the text below; also posted it to SlideShare. You can customize it for your organization.

DigitalGov's Justin Herman brought the federal working group together; congrats to him and the team: Alla Goldman, Information Sharing Environment, Office of the Director of National Intelligence; Ashley Wichman, GSA; Dan Kenny, GSA Emerging Leader Program; me (I work at NIST); David Hamm, State of Minnesota; Debra Harris, Defense Finance and Accounting Services; Jacob Parcell, GSA; Jessica Milcetich,; Jordan Higgins, Defense Intelligence Agency; Jody Bennett, Department of State; Justin Herman, GSA; Kat Mullins, USAJobs; Natasha Lim, U.S. Securities and Exchange Commission; Scott Horvath, U.S. Geological Survey; Travis Brickey, Tennessee Valley Authority.

Read the article here:


Readiness, Recovery, Response: Social Media Cyber-Vandalism Toolkit
Version 1, released January 27, 2015 by DigitalGov

Cyber-vandalism presents a serious challenge to online-based communication tools. Users need available resources to counter intrusions of social media accounts. This document provides guidance and security practices to federal, state, and local government employees. Suggestions and resources prepare users to respond to cyber-hijacking. and will empower digital users to make informed choices and enact future policy. This resource is a “living document” designed for continued contribution and expansion — if you have input please email Justin Herman.

Readiness: Phase 1

Cyber-vandalism occurs when an outside party, regardless of identity or motive, takes control of an agency communication channel and misdirects it. Incidents may contain information misleading to the public or threatening to an agent of the United States. Agencies should plan and train prior to an incident, and prepare approved processes and material for the recovery and response to cyber-vandalism.

1. Identify a social media stakeholder team to prevent and respond to cyber-vandalism

A direct chain of responsible managers should be aware of their roles in the potential response to any social media cyber-vandalism, including the necessity of quick, decisive action. This team should be connected by email, phone, text and any other appropriate means of communication. The team should include, but is not limited to:

1. Social media team
2. Program manager
3. Public affairs representative
4. General Counsel
5. IT Security
6. Senior leader/manager

2. Review Individual App/Platform Resources

Online-based communication tools offer resources, each with unique strengths and limitations. Awareness of this support and their unique characteristics is beneficial before an incident:

1. Facebook: Facebook Security Tips; Facebook Security Settings; Learnextra security features including approvals, notifications, trusted contacts and mobile security
2. LinkedIn: LinkedIn Safety Center; Prevention Tips; Password Guidelines; Frequently Asked Questions | Reporting Inappropriate Content, Messages, or Safety Concerns
3. Instagram: Instagram Privacy & Safety Center
4. Twitter: Safe tweeting: the basics
5. Google: Keeping your account secure
6. Hootsuite: Social Media Security

3. Establish Stakeholder Rapid Outreach Plan

1. Prepare a list of internal and external contacts and processes for a cyber-vandalism incident:
§ Who is the POC for the app or platform when an incident occurs (see Phase 2: Recovery for list)?
§ Who is the POC for cyber-vandalism of accounts in the Government (see Phase 2: Recovery for list)?
§ Who is on your social media stakeholder team?
§ Who are your key communities and audiences on social media and other channels you must alert?

2. Incorporate relevant contact information:

§ Emails; Phone Numbers; Social Media Handles; Hashtags; Listservs and more.

4. Create Communication Templates

1. Pre-populate different types of messages.

§ Emails; Texts; Social media posts and more.

2. Communicate essential information to convey the nature of the compromise, for example:

§ An account is compromised; An administrator cannot access an account; A username and/or password for an account is compromised; Information on the account is unauthorized.

5. Review Secure Social Media Best Practices Checklist

1. Institutionalize secure web standards, such as HTTPS, as a foundation for secure social media:

§ Using an URI scheme, such as HTTPS, establishes a fast, private, and secure connection due to its strong encryption benefits

§ Read Why We Use HTTPS in Every Gov Website We Make

2. Establish accounts with official .gov or .mil domains of full-time equivalent employees (FTE) .

§ Allow for more than one FTE to administer an account.

§ Designate an alternative as auxiliary support. Limit this designation to an individual essential to the operation and management of an account.

§ Clearly define the criteria for the administrator and alternative.

§ Provide adequate resources to the FTE administrator, including a mobile device and third-party management tool whenever possible.

3. Create a social media policy with standard operating procedures (SOP) for cyber-security.

4. Obtain approval from appropriate agency parties, including IT Security and General Counsel

5. Train stakeholders and others on the procedures and policies of social media cyber-security.

§ Require training before use of an account.

6. Use only authorized URL Shorteners, e.g.

7. Add all official accounts to the Federal Social Media Registry, verifying authenticity of ownership.

§ This tool, used by both Facebook and Google to verify accounts, tracks official federal social media accounts.

§ List Department of Defense (DoD) social media accounts in theDoD Social Media Site Registry.

o Per DOD Web Policy and DoDI 8550.01 , use DoD Social Media Registry submission form.

8. Follow best practices for secure passwords.

§ Guide to Enterprise Password Management (Draft) by the National Institute of Standards and Technology

6. Evaluate Two-Step Verification

This type of authentication verifies a user attempting to access a device or system. It requires confirmation of two consecutive, yet dependent, entries. It may not be applicable to those without mobile devices or in secure environments prohibited entry of such items. It may also require the use of third-party management tools to effectively allow multiple content coordinators.

1. Facebook: Facebook’s Login Approvals; supplemental step-by-step guide.

2. Google and YouTube: Google 2-Step Verification.

3. LinkedIn: LinkedIn’s Two Step Verification.

4. Twitter: Twitter’s Two Step Verification Process.

7. Review Special Guidance Per Common User Responsibility

For Supervisors and Directors: Confirm policy is clear, accessible, and distributed among employees. Review, approve, and document all agency accounts regularly. Identify and eliminate rogue accounts. Instruct staff administering accounts to adhere to agency criteria and undergo training where appropriate.

For Social Media Managers: Make security a part of regular social media meetings. Conduct security checks on a regular basis. Regularly update passwords. Keep the list of social media accounts updated. Keep account manager contact information accessible and updated. Remove access for users who are no longer with the agency. Develop a secure method of storing account names, owners, and passwords.

For Social Media Coordinators: Use a protected, official government device. Use protected connections. Do not post from an open Wifi network. Use a work VPN, 3G or the work-connected Internet connection. Generally, use network locations with strong firewalls and on standalone equipment. Preview shortened links to see the address of where they lead. Review the URL of a website in the address bar. Make sure the websites you visit use HTTPS encryption. If you are unsure of a link, double click the lock icon on your browser’s status bar to display the digital certificate for a site.

8. Conduct Training on Secure Use of Social Media

Live training: Cybersecurity Online Learning (COL) program supplements mandatory FISMA security role-based training by offering in-demand cybersecurity workshops. The Information Assurance Branch, United States Department of State, offers monthly social media security online courses for free for anyone with a “.mil” or “.gov” email address, regardless if the applicant is an FTE, military, or contractor.

§ Department of Defense Social Media Security/Privacy Education & Training



§ National Cyber Awareness System


§ Webinar: Operations Security (OPSEC) & Social Media: Balancing Security, Secrecy, & Transparency

§ Webinar: How to Recover from a Social Media Crisis

§ Webinar: How Government Can Prepare for and Respond to Social Media Hacks

§ Post: Beware the Cyber Security House of Horrors

§ Post: Twitter’s Two Step Verification Process

§ Post: Government Must Respond Rapidly to Social Media Hacking

Recovery: Phase 2

Alerts of suspicious activity on social media can come from anywhere, including social media itself. If the social media cyber-security stakeholder team or responsible manager determines an incident is in progress, remember that minutes and even seconds count. Within minutes you’ll need to alert internal stakeholders, alert outside stakeholders to help you regain control, and act to isolate the compromise.

1. Immediately: Alert your social media cyber-security stakeholder team, and CC them on following messages.

2. Attempt to change passwords to isolate the incident (steps 2 and 3 ideally simultaneously with two employees)

3. Contact the platform companies themselves and GSA to help regain control.

1. Contact Information to Recover Control After Cyber-Vandalism

1. Facebook: Online form for Facebook; Email; Email and

2. Twitter: Online form for Twitter; Email:; Email and

3. LinkedIn: Respond to and Report Various Issues; Email:; Email:; Email and

4. Instagram: Online form for Instagram; Email:; Email and

5. Vine: Online form for Vine; Email:; Email and

6. Hootsuite: Email:; Email; Email and

2. Audit your social media inventory

1. Audit your list of social media accounts, password holders, agency hosted websites.

2. Ensure no former employees, contractors or interns have access to current passwords.

3. Review any third-party app you use to monitor or post to social media, such as IFTTT.

4. Review your other digital services, including websites, for signs of cyber-vandalism and any vulnerabilities.

3. Confirm cyber-vandalism recovery process on different channels

Once securing your other accounts, release pre-approved initial messages alerting your communities that an incident is occurring and that steps are underway in order to recover cyber-vandalized accounts.

4. Initiate Restoration Activities After Regaining Account(s)

1. Archive cyber-vandalism messages.

2. Delete cyber-vandalism messages.

3. Stop all pre-scheduled messages.

4. Restore normal settings and features.

Response: Phase 3
Agencies must not only prepare for and recover social media accounts after a cyber-vandalism incident, they should also quickly and effectively respond to their stakeholders and audiences as soon as possible using social media in order to maintain trust in digital services. Initial responses to the cyber-security stakeholder team and the public should be within minutes of recovering control of your accounts.

1. Confirm Incident and Recovery

1. Cyber-security team confirmation: Send initial report of recovery to social media cyber-security stakeholder team.

2. Public confirmation: Distribute as soon as possible social media posts confirming the cyber-vandalism incident and your recovery of affected accounts. Announce a return to regularly scheduled activities.

3. Community confirmation: Deliver additional communication with pre-determined internal audiences and stakeholders to prevent the spread of rumors and misinformation.

2. Confirm and Verify Changes to Access

1. Review account holders.

2. Confirm verification of login status.

3. Confirm changes and updates of passwords.

3. Conduct a review of lessons learned

§ What type of response worked well?

§ Why did this work so well?

§ What did not work?

§ What unforeseen events occurred?

§ What changes will lead to a better response?

4. Apply data and analysis of outcomes to improving your program

§ Develop after-action report.

§ Ensure future relevance with accurate information.

§ Include lessons learned and best practices.

10 Reasons Not To Miss "The Interview"

Weekends are for movies and if you don't know what to watch the next time you power up Netflix on your Roku, I would highly recommend "The Interview."

Unfortunately the marketing of this movie was so bad that they almost totally ruined my interest in it. But I should have known that if Seth Rogen and James Franco were involved it was going to be a certain kind of funny, and it absolutely was.

Here are 10 reasons you absolutely have to see this movie:

  1. James Franco's portrayal of the host, which is so funny and over-the-top it makes the movie.
  2. The screenplay, which is hilarious - these lines are so rich I can't quote them enough: "America tried that before and it didn't work." "That doesn't mean we shouldn't do it again."
  3. The intelligent worldview of the movie, which is that wars are just as much fought through communications as guns, that both are equally powerful
  4. The plot, which allows us to talk about real issues by combining reality and satire
  5. The focus on North Korean dictator specifically, which was highly imaginative and which allows us to look at him from a psychological point of view
  6. The psychological bent of the movie, which doesn't use action to cover a lack of thought 
  7. The empowering messages about women,  subtle and not-so-subtle: "It's 2014. Women are smart now."
  8. The overall message of the movie, which is that taking care of each other is the most important thing we can do on this planet.
  9. The cameos by Eminem, Rob Lowe and Bill Maher, which were very funny.
  10. Seth Rogen's portrayal of the Jew as Franco's moral conscience who's also lost his way because his job pays a lot of money, and Franco makes him feel loved and wanted.
As a side note there is a scene in the movie that involves a line that some would consider anti-Semitic (to the effect of "Don't shake his hand...he's a Jew.") I understood that line to be important to the movie, to have artistic integrity and to be perfect for the comedy.

Imagine what kind of world we would live in if we could not incorporate anti-religious messages - even if crude or insensitive - into art the same way we incorporate sexuality and violence. We would be starting down a path where the only end is bleak totalitarianism.

In any case this is a fantastic, funny, movie that is rare in combining true art with a truly important set of themes and messages about the world. I hope you take the time to see it, on Netflix or anywhere else.


All opinions my own.

Keeping Silent Will Not Save You

More than once I've used my blog posts to be a flaming kiss-ass. I'm not proud to admit it, and it's not that I do it intentionally, but it happens. Inevitably my misuse of my G-d given talent backfires, because someone always calls me out on it.

"You should stick to blogs on branding," a commenter recently said, "because when you write about Obama [note: I work for the federal government and have a vested interest in not getting my ass handed to me on a silver platter] you always put your foot in your mouth."

Specifically objecting to a previous post imploring the President to fight radical Islamic terrorism. Where I said:

"Only you, only you can do this."

The comment: "No, only G-d can do this. With your words you blaspheme G-d. Change it, so you won't be punished."

Fine, but I'm still gonna write about the stuff I'm writing about, I thought.

Even though I'm afraid.

I am afraid, like many Jews are afraid.

The nail that sticks out gets hammered.

But when the U.N. convenes a summit on the problem of global anti-Semitism, you know you're past the threshold when we could afford the luxury of silence.

This past week's Torah reading, Shemot, talks to this exact issue. The Jews' slavery in Egypt began with anti-Semitism and progressed to forced labor; there was quite a bit of run-up.

There was opportunity to speak up to Pharoah, to intervene and influence history.

According to the ancient rabbis, Pharoah's advisers were rewarded or punished because of how they reacted to his declared intentions.

Rabbi Ephraim Buchwald explains:

"The Midrash states, that in the 130th year of Israel’s sojourn in Egypt, Pharaoh dreamed that, while sitting on the throne, he saw an old man before him holding a scale in his hands. On one side of the scale were all the elders, nobles and great men of Egypt, and on the other was a single sheep that outweighed all the great Egyptians. 
"Disturbed by the dream, Pharaoh awoke early in the morning and summoned all his advisors and wise men to help him interpret the dream. 
"Among those summoned were Balaam, the son of Beor, the great gentile prophet. Another was Jethro, the future father-in-law of Moses, and the third was Job, a man of great faith, who refused to curse G-d despite his profound losses and suffering. 
"The Midrash depicts Balaam as spewing venomous hate toward the Jewish people....
"Jethro spoke up, advising Pharaoh not to start with the Hebrews....he warned Pharaoh that any leader who had, in the past, confronted the Hebrews, had met a bitter end. 
It was up to Job to decide between the main royal advisors, but he chose instead to sit on the fence, saying simply that since all the inhabitants of the land were under Pharaoh’s sovereignty, it was up to the King to do as seems fit in his eyes....
Job is perhaps the saddest and most complex of the advisors. 
Rabbi Joseph B. Soloveitchik in his essay “Kol Dodi Dofek” (The Voice of My Beloved Knocks) takes Job to task for being silent before Pharaoh and not speaking up on behalf of the wretched Hebrew slaves. 
To paraphrase Rabbi Soloveitchik: You, Job, refused to intervene publicly with Pharaoh because you were fearful lest you be accused of dual loyalty. 
And so it was for the “Jobs” throughout the generations... 
How sad it is to see how often history repeats itself. Jews today have their determined enemies and beloved friends. But, most of all, we have those who are too fearful to speak up on behalf of justice, truth, and morality. 
We are indeed “a nation apart,” who, as the Psalmist asserts (146:3), must not rely on the goodness of princes or mortals.

Speak up, speak up, speak up, speak up, speak up.


All opinions my own.