NIST’s Ron Ross on the state of cyber: ’We literally are hemorrhaging critical information’ After Chinese hackers infiltrated a Navy subcontractor’s computer network and stole a trove of highly sensitive data on submarine warfare, it spurred the government to revise the standards that contractors must follow to ensure government data
Can you trust NSA tools? This and more as OODA Network Expert Michael Tanji provides insightful analysis of the most recent and significant cyber news.
Fresh off of RSA – OODA Network Expert Michael Tanji provides insightful analysis of the most recent and significant cyber news.
OODA Network Expert Michael Tanji provides insightful analysis of the most recent and significant cyber news.
The findings and conclusions of malware “analysis” are not in fact analysis; they are, however, a collection of data points linked together by assumptions whose validity and credibility have not been evaluated. This lack of analytic methodology could prove exceedingly problematic for those charged with making decisions about cyber security.
The leak that the U.S. was apparently behind the Stuxnet worm that impacted the Nataz nuclear enrichment facility in Iran came – as it always does – with a rash of analysis and opinion related to the hazards associated with “sophisticated” malware and “cyber weapons.” But it is a reliance
“The hacker group Anonymous on Monday crashed the websites of two trade associations that support a House cybersecurity bill. “ (Source: Hackers strike over cybersecurity bill – The Hill’s Hillicon Valley.)
In the finger-pointing-fest after 9/11, the US Intelligence Community was blamed for failing to “connect the dots.” As incomplete a description of the intelligence analysis process as that may be, it brought to the fore a point that many of us in the business had been complaining about for years:
Money quote from the Author’s Note: The unavoidable conclusion is that the U.S. government cannot continue to allow a collecting agency to make unilateral originator control determinations regarding the intelligence it collects. … I hope to explain why they are not in position to make the best “need to know”
I used to wax and wane about the need to purge national security functionaries, but I’ve stopped waning, as my latest commentary at ThreatsWatch indicates.