Information Security & Occasional Forays Into Adjacent Realms
via Joe Uchill - writing at Axios, comes this well crafted short read detailing the use of questionable adjectives when announcing cyberattacks, that are - in fact - rarely applicable to the incoident under discussion. Today's Sophisticated Must Read.
'Sophisticated often gets used as a synonym for "our organization shouldn't be blamed for missing this."' - via Joe Uchill - writing at Axios, comes this superb read on the use of adjectives when explaining cybersecurity failures
The Center for Internet Security has released (some say unleashed) it's Annual Year In Review targeting the year 2018. Enjoy Summer 2019 while you still can, because, after all, winter is looming!
"The 2018 Year in Review covers CIS' advances in cybersecurity via the EI-ISAC®, MS-ISAC®, CIS Benchmarks™, CIS SecureSuite®, CIS Hardened Images™, CIS Controls™, and CIS CyberMarket®." - via Center for Internet Security
The Doxing of the Iranian cybercriminals is evidently ongoing. The story so far, via Andy Greenberg, writing for Wired Magazine. Enjoy! h/t
"We are exposing here the cyber tools (APT34 / OILRIG) that the ruthless Iranian Ministry of Intelligence has been using against Iran’s neighboring countries, including names of the cruel managers, and information about the activities and the goals of these cyber-attacks," read the original message posted to Telegram by the hackers in late March. "We hope that other Iranian citizens will act for exposing this regime’s real ugly face!" - via Andy Greenberg, writing for Wired Magazine
Sounds like a triple-reverse-Stockholm-syndrome-interrogatory, plus a rare reference by Michael Hayden: Note his '“These folks are not cyberdumb.” comment. All via Kathy Gilsinan, an Associate Editor at The Atlantic asking 'Why Haven't Terrorists Hit the US with a Devastating Cyber Attack?' Must have been a slow-cyber-news-day...
'“I’m as puzzled as you are,” said Michael Hayden, who served as CIA director from 2004 to 2008. “These folks are not cyberdumb.” “They use the web and show a great deal of sophistication in how they use it, for many purposes,” he added. “But they have not yet used it to create either digital or physical destruction. Others have.” - via Kathy Gilsinan, an Associate Editor at The Atlantic and writing at DefenseOne.
Terrific post at War On The Rocks, with an intriguing theory: The Best Strategy for Cyber-Conflict May Not Be A Cyber-Strategy, via Benjamin Runkle, . There's that pesky 'Cyber' thing again... At any rate, the discussion in this case, revolves around the leveraging of electronic, computational information warfare (perhaps also known as cyberwar) by the previous administration (President Obama). Elected (of course) - as today's Must Read, and watch out for 'them cybers'!
'We will respond in a time and place and manner of our choosing, and when we do so, we will consider a full range of tools, economic, diplomatic, criminal law enforcement, military, and some of those responses may be public, some of them may not be. One analyst derided the vice president’s pronouncements on the topic as “Biden threatening to threaten Russia.”' - via Benjamin Runkle at War On The Rocks
Excellent reporting via Robert N. Charette, writing at the IEEE's **Spectrum Magazine, detailing another instance of politicians gone wild. Certainly, todays' Must Read**!
via the Institute of Electrical and Electronics Engineers Spectrum Magazine, and reporter Stephen Cass, comes a tale of the future, but firmly rooted in the present: The United States Army's new manga, published to educate both enlisted and officers alike in the dangers elicited by cyberwarfare. Entitled Dark Hammer - and written by Brian David Johnson Director of the Threatcasting Laboratory at Arizona State University - in partsnership with the Army Cyber Institute at West Point. The tome is ten pages of go-get-em-cyber-cyber-cyber.... Today's MustRead!
Michael Rogers ADM USN, Director of the National Security Agency and Commander of the United States Cyber Command sums up 'cyber' quite nicely, indeed:
"Cyber is an operational domain in which we do a variety of missions and functions, many of which are very traditional,” Adm. Rogers said. “We do reconnaissance, we do fires, we do maneuvers. The same things I was used to as a surface [warfare] officer … I’m constantly going back to that.”
"Don’t make this thing so specialized, so unique, so different that it just gets pushed to the side. That will sub-optimize our ability to execute cyber operations, and quite frankly it will minimize or at least negatively impact, in my view, the operational outcomes, which is the whole reason we’re doing this in the first place.”
The Christian Science Monitor's contributor David Brumley, PhD. pens a unique thought piece on why offensive cybersecurity is now requisite, and certainly needs a playbook...
David Brumley is the director of CyLab Security and Privacy Institute and the Bosch Distinguished Professor in Security and Privacy Technologies at Carnegie Mellon University. He's also chief executive officer of ForAllSecure. - via CSMonitor.com
Sacrebleu. Those crafty Brits (in reality, London City based Banks) are now planning on hoarding Bitcoins to pay cyberransoms to so-called cybercriminals. Translation: They are currently doing so, so come on guys, make your scurrilous demands, they're ready for you. HatTip
"The virtual currency, which is highly prized by criminal networks because it cannot be traced, is being acquired by blue chip companies in order to pay ransoms..." via The Guardian's Jamie Doward
