I recently had the pleasure to spend time in Krakow, Poland for the CONfidence event, where in addition to enjoying the conference I was fortunate to catch up with old friends. During several discussions with a colleague, we kept returning to NATO’s cyber posture vis a vis potential adversaries and the current US doctrine of “defend forward”. Central to both – either notionally (in the case of NATO) or actually (given USCYBERCOM’s new strategic thrust) Read more…
The vulnerability MS17-010, patched on 14 March 2017 but rising to prominence with the Shadow Brokers leak of an exploit called ETERNALBLUE in mid-April 2017, has fueled multiple information security headaches. First and among the most prominent was the global WannaCry ransomware event in May 2017 (two months after the patch was released and one month after the exploit), although the vulnerability continues to be used through various “copycat” cryptominer campaigns to the present. Most Read more…
A topic I’ve complained about previously (and one of the motivating reasons for the existence of this blog) is the impermanence of knowledge within the information security discipline. Specifically, information security as a field of study and area of practice remains pitifully immature relative to other disciplines as so much information, knowledge, and experience remains codified in hard-to-access or impermanent forms: conference presentations (even if recorded), “Tweets”, and similar output. Meanwhile, mature fields of study Read more…
Many public discussions on information security tend to identify or claim the existence of an “information security community”. On its face, this seems a rather innocuous term that merely designates a collective of individuals dedicated toward relatively similar goals or ends – yet when delving a bit deeper, the term brings with it a host of additional considerations that make the flippant referrals to such a construct seem either misguided or profoundly misunderstood. Before proceeding, Read more…
“When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean—neither more nor less.” – Through the Looking Glass, Lewis Carroll FireEye recently published a blog covering the tactics, techniques, and procedures (TTPs) for the “TRITON actor” when preparing to deploy the TRITON/TRISIS malware framework in 2017. Overall, the post does a commendable job in making public findings previously only privately shared (presumably by Read more…
Recently Juan Andreas Guerrero-Saade and Silas Cutler presented new research on the cluster of activity encompassing Stuxnet, Duqu, and Flame at the Kaspersky Lab-sponsored Security Analyst Summit. (Note for those reading this from US, Canadian, and related government networks: accessing the research link previously will display potentially leaked, non-public information which could be construed as a spillage event, so click with caution depending on where you are.) The technical analysis accompanying this work is quite Read more…
In Germany (as well as Austria), there is a type of company referred to as the “Mittelstand”. Generally speaking, these are small- to medium-sized companies, non-public and typically family-owned, providing technical expertise (if not excellence) in a specific niche, usually manufacturing or engineering oriented. Although small, such organizations have outsized influence on much larger organizations by providing critical technical capability in very specific areas such as tool and die work, specialty manufacturing, machine tool production, Read more…
I attended an interesting presentation at the EnergySec Pacific Rim summit discussing the role of machine learning and artificial intelligence (ML/AI) in network security and ICS operations. The talk was mostly an overview of potential applications and niches for ML/AI within these spaces, which in itself is refreshing as ML/AI is frequently touted as a dramatic, overall solution for numerous security problems as opposed to just another tool in the information security toolbox. More importantly, Read more…
A common statement heard in information security circles these days is “the perimeter is dead.” The concept behind the statement is simple and seemingly obvious. Historically, security professionals only dealt with two networks: the “home” network (which was managed, safe, and trusted) and the “outside” or “external” network (regarded as risky, if not outright dangerous, and uncontrolled). Separating these two was the “perimeter” – the classic example of a firewall governing what traffic is permitted Read more…
The concept of praise and blame – or moral responsibility more generally – is a central concept in ethics that features many responses. Of note in evaluating various approaches to the problem is the concept of human fallibility in the face of ethical decision-making. For Aristotle, humanity is intrinsically flawed due to the experience of emotion and feeling, resulting in a “weakness of the will” (akrasia) – thus an individual may very well know or Read more…