Thoughts, Musings, and Other Items from the Worlds of Infosec, ICS, and Beyond

The Curious Case of Edward Snowden

At present, I will assume anyone reading this possesses at least a basic familiarity with who Edward Snowden is and the general conception of his actions. The former CIA employee (removed from overseas duty for suspicious behavior in 2009) and former Dell and Booz Allen Hamilton contractor for the NSA in Hawaii is infamous for leaking over 200,000 classified documents (and purloining potentially as many as 1.7 million) before first fleeing to Hong Kong then Read more

By Joe, ago

Perception, Visibility, and Analysis

A common theme in metaphysics (and to some extent epistemology as well) since antiquity is understanding the relationships (or differences) between “things” and how we perceive or observe them. Examples extend from Plato’s Allegory of the Cave and forms through Kant’s Transcendental Idealism to modern scientific variations such as Heisenberg’s uncertainty principle. While each possesses distinct differences and are certainly (in many ways) incompatible with each other, the central, fundamental theme remains the same: that Read more

By Joe, ago

Kicked While Down: Critical Infrastructure Amplification and Messaging Attacks

I am writing this only a few days removed from Black Hat 2019 and Def Con 27, where both events featured a number of presentations on critical infrastructure or industrial control system (ICS) threats – but with a continuing lack of scope (or imagination) for the threat landscape. While identifying new vulnerabilities or work-arounds in technology are certainly interesting, they are practically somewhat minor when considered the events required to take advantage of them (e.g., Read more

By Joe, ago

Cyber and Information Operations

Something interesting came up in an extended (and wandering) Twitter thread discussing the relevance of certain legacy information security frameworks (like the CIA triad) to modern concerns like disinformation campaigns. The aspects of this discussion that most interested me were the following two items: “Which part of the CIA triad covers disinformation? Having a semantic argument using a model so outdated that it doesn’t even allow for information warfare is so 2000 and late.” “Integrity Read more

By Joe, ago

Active Defense and Adversary Blowback

I previously recorded some thoughts on the new US government strategy in cyber defense known as “defend forward”. Recently, I had the pleasure and opportunity to take part in a Naval War College exercise implicitly testing this strategy’s implementation and execution in the context of civilian critical infrastructure cyber operations. My past statements expressed concern on this strategy given the risks it imposes in terms of escalation and loss of control over events – and Read more

By Joe, ago

Deterrence, Attribution, and Legalism

The past several weeks have been an exciting time in the realm of cyber security – and especially the more narrow, less understood field of (potential) “cyber war”. Starting approximately two weeks ago (writing on 25 June 2019), there began a bombardment of news, with reports that: The XENOTIME activity group started probing US electric utilities in mid-2018 (disclosure: this is research which I am deeply involved in through my employer, Dragos) The US allegedly Read more

By Joe, ago

Defend Forward

I recently had the pleasure to spend time in Krakow, Poland for the CONfidence event, where in addition to enjoying the conference I was fortunate to catch up with old friends. During several discussions with a colleague, we kept returning to NATO’s cyber posture vis a vis potential adversaries and the current US doctrine of “defend forward”. Central to both – either notionally (in the case of NATO) or actually (given USCYBERCOM’s new strategic thrust) Read more

By Joe, ago

The Specter of MS17-010

The vulnerability MS17-010, patched on 14 March 2017 but rising to prominence with the Shadow Brokers leak of an exploit called ETERNALBLUE in mid-April 2017, has fueled multiple information security headaches. First and among the most prominent was the global WannaCry ransomware event in May 2017 (two months after the patch was released and one month after the exploit), although the vulnerability continues to be used through various “copycat” cryptominer campaigns to the present. Most Read more

By Joe, ago

Historical Memory and Information Security

A topic I’ve complained about previously (and one of the motivating reasons for the existence of this blog) is the impermanence of knowledge within the information security discipline. Specifically, information security as a field of study and area of practice remains pitifully immature relative to other disciplines as so much information, knowledge, and experience remains codified in hard-to-access or impermanent forms: conference presentations (even if recorded), “Tweets”, and similar output. Meanwhile, mature fields of study Read more

By Joe, ago

Extracting Community from the Communitarian

Many public discussions on information security tend to identify or claim the existence of an “information security community”. On its face, this seems a rather innocuous term that merely designates a collective of individuals dedicated toward relatively similar goals or ends – yet when delving a bit deeper, the term brings with it a host of additional considerations that make the flippant referrals to such a construct seem either misguided or profoundly misunderstood. Before proceeding, Read more

By Joe, ago