The United States Department of Justice (DOJ) released a powerful – and incredibly detailed – indictment of 12 named individuals working for the Russian GRU. While many will see this as similar to the indictment of several Chinese nationals for spying in 2014, the cases seem far different in my Read more
I had the pleasure to engage some really smart people on the subject of threat attribution and naming conventions via Twitter recently. I think the linked thread is useful as an example not only of some of the issues the cyber security community still has around terminology and definitions, but Read more
Nate Beach-Westmoreland wrote a Tweet recently that piqued my interest, as it aligned very closely to one of my major concerns in a former IR position: how does one ensure that sensitive data isn’t manipulated? Typically, cyber defense focuses on two key impacts: the loss or theft of sensitive (or Read more
The term “sources and methods” brings passionate, sometimes pained reactions within the information security community. On the one hand, there are those engaged in traditional intelligence operations for whom “sources and methods” are vital resources, to be maintained and preserved at almost any cost to ensure continuous collection. Contrary to Read more
I find it uncontroversial to claim that content creators – whether in writing, music, or other – at some level must be aware of the needs and capabilities of their audience. While certain types of expression, such as the truly artistic, provide greater leeway in moving against (while trying to Read more
The idea of naming or labeling items has a fraught intellectual history. Broadly speaking, we, from an intellectual history standpoint, moved from an Aristotelian approach where names and identifications of objects and such fundamentally mean something based on concrete descriptions, to a perspective rooted in Kantian transcendental idealism where names Read more
A previous post on indicators and network defense generated quite a bit of attention, as well as some requests for follow-up items. One item in particular was very interesting to me: comparing an actionable, effective threat intelligence report not relying on indicators with a “bad” example. I think this idea Read more
Note: This originally appeared as part of ISACA GWDC’s IoT Security Conference in April, 2018. Original link to content here. Executive Summary Nominally IT-focused threats such as the recent series of wormable, disruptive malware variants from WannaCry through OlympicDestroyer will increasingly impact Internet-of-Things environments. The combination of rapid, automated propagation Read more
When I led incident response operations at Los Alamos National Laboratory, we subscribed to several ‘threat intelligence’ feeds: big commercial providers, secret-squirrel (theoretically) government only information, and other miscellaneous items. Almost without exception, if the feed did not provide reports that detailed how an attack or intrusion took place and Read more
Patrick Howell O’Neill and Chris Bing recently dropped a very interesting report on yet another possible action against Kaspersky by the US government. In this specific case, possible sanctions are oriented around larger actions against Russia, home of Kaspersky, but stands as yet another public blow to the security company Read more