Note: This post will refer and link to allegedly classified programs leaked by Edward Snowden, and potentially others, in the past several years. If accessing this article from certain networks, readers are strongly advised to preview links before following them due to the possibility that such an action may be Read more
One issue that came from my recent CYBERWARCON talk was an item of focus (or for others, limitation) when approaching the idea of what a “critical infrastructure attack” actually means. While I faced some (really good, topical) questions on my definition of “critical infrastructure”, a more public debate ensued over Read more
On 24 November 2019, WikiLeaks posted an email, purportedly from a whistleblower on the Organisation for the Prohibition of Chemical Weapons (OPCW) team assigned to investigate the chemical weapons attack on the Syrian city of Douma. I will let readers find the original WikiLeaks post, but the story was promptly Read more
Reuters reported on an interesting event from September 2019 today (16 October 2019): “The United States carried out a secret cyber operation against Iran in the wake of the Sept. 14 attacks on Saudi Arabia’s oil facilities, which Washington and Riyadh blame on Tehran, two U.S. officials have told Reuters. Read more
I am writing this only a few days removed from Black Hat 2019 and Def Con 27, where both events featured a number of presentations on critical infrastructure or industrial control system (ICS) threats – but with a continuing lack of scope (or imagination) for the threat landscape. While identifying Read more
Something interesting came up in an extended (and wandering) Twitter thread discussing the relevance of certain legacy information security frameworks (like the CIA triad) to modern concerns like disinformation campaigns. The aspects of this discussion that most interested me were the following two items: “Which part of the CIA triad Read more