Recently I engaged in conversation with Dale Peterson dealing with the gas explosion events in Massachusetts. For background, following the event in question there were multiple unfounded claims of a “cyber” cause behind these events followed by significant pushback from various ICS security experts. Where Dale and I enter the Read more…
Black Hat/DEF CON week is upon us again. While many poke fun at RSAC (an issue I addressed earlier this year), the annual “Hacker Summer Camp” in Las Vegas is rapidly approaching (or eclipsing) the size of RSA while also becoming more “commercial” and “marketing-oriented” with each passing year. While Read more…
The United States Department of Justice (DOJ) released a powerful – and incredibly detailed – indictment of 12 named individuals working for the Russian GRU. While many will see this as similar to the indictment of several Chinese nationals for spying in 2014, the cases seem far different in my Read more…
I had the pleasure to engage some really smart people on the subject of threat attribution and naming conventions via Twitter recently. I think the linked thread is useful as an example not only of some of the issues the cyber security community still has around terminology and definitions, but Read more…
Nate Beach-Westmoreland wrote a Tweet recently that piqued my interest, as it aligned very closely to one of my major concerns in a former IR position: how does one ensure that sensitive data isn’t manipulated? Typically, cyber defense focuses on two key impacts: the loss or theft of sensitive (or Read more…
Rather significant news broke out on 13 June with the EU taking initial steps toward a potential ban on Kaspersky software on EU-controlled networks. The specific language used, as translated by The Register: Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure Read more…
I find it uncontroversial to claim that content creators – whether in writing, music, or other – at some level must be aware of the needs and capabilities of their audience. While certain types of expression, such as the truly artistic, provide greater leeway in moving against (while trying to Read more…
The idea of naming or labeling items has a fraught intellectual history. Broadly speaking, we, from an intellectual history standpoint, moved from an Aristotelian approach where names and identifications of objects and such fundamentally mean something based on concrete descriptions, to a perspective rooted in Kantian transcendental idealism where names Read more…
When I led incident response operations at Los Alamos National Laboratory, we subscribed to several ‘threat intelligence’ feeds: big commercial providers, secret-squirrel (theoretically) government only information, and other miscellaneous items. Almost without exception, if the feed did not provide reports that detailed how an attack or intrusion took place and Read more…
The School of Athens is one of the most famous images of Renaissance painting, blending Classical historicism with an increasing appreciation for the intellectual history passed down from Greece to the Western world. The figures at the center of this image represent divergent views in how we reason about and Read more…