23 Nov 2022

Top 10 Security, Technology, and Business Books of 2022

Welcome to the 2022 edition of my top 10 books of the year list. This year, I’ve decided to split the fiction books into an additional category and given you two bonus books for your consideration written by close friends of mine.  With the launch of the Hack Factory this year, I’ve been very focused on business, building technologies, and investing style books. As a result, that is a major thematic for this year.  Noticeably absent are books on Blockchain/Cryptocurrencies as that industry is in the middle of a Creative Destruction phase, and I continue to view cybersecurity as being stuck in a Cyber Winter.

Read More
23 Nov 2022

The Second Global Ransomware Meeting Much of the Same Thing

The United States hosted a group of 37 nations and 13 global companies to discuss the problem of ransomware, as well as other cybercrime.  The meeting was a follow up to last year’s Counter-Ransomware Initiative (CRI), an informal gathering where nations reaffirmed their commitment to collaborating on the escalation of ransomware operations and voice common priorities on cooperation and cyber resiliency.  Because the CRI supports the United Nations’ framework for responsible state behavior in cyberspace, it was hoped that it would lead to a establishing a set of state norms of how governments should address ransomware activities and hold those actors accountable.  The group issued a joint statement reaffirming its commitment to combatting ransomware but fell short of this goal.  Collaboration, taking the fight to ransomware actors, their infrastructures, and their payment channels, and continued information sharing underscored the take-aways from the two-day meeting.

Read More
23 Nov 2022

Strategic Plan for 2023-2025 Announced at 4th Meeting of the CISA Cybersecurity Advisory Committee

The fourth meeting of the Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Advisory Committee (CSAC) was held in September 2022. Opening remarks were addressed to the committee by Ms. Megan Tsuyi, CISA CSAC Designated Federal Officer, The Honorable Jen Easterly, Director, CISA, Mr. Tom Fanning, CSAC Chair, and Mr. Ron Green, CSAC Vice Chair. – including the announcement and review of the 2023-2025 CISA Strategic Plan.

Read More
21 Nov 2022

Another Seminal Call to Action: Strengthening Innovation and Protecting the U.S. Technological Advantage

Recent announcements by Razor’s Edge Ventures, America’s Frontier Fund, and the Quad Investor Network signal that the venture capital community is focusing its efforts on national security investment and American competitiveness – which has been formatively dubbed the “defense-related technologies” or “defense capabilities” sector. Others are calling it “Hacking for Defense”. On one level, the VC community’s pivot of its attention towards national security and innovation is the “dollars and cents” of it all.  But what about the “sense” of it all – i.e. the creative ideas, strategic vision, and program management structure to succeed? 

In late September, The National Academies of Sciences, Engineering, and Medicine weighed in on the challenges ahead. Details of the report can be found here.

Read More
18 Nov 2022

Breaking the Building Blocks of Hate: A Case Study of Minecraft Servers

In yet another example of a successful public/private policy research collaboration and in a continuation of the topic discussed by Brian Jenkins at the OODA Network November Monthly Meeting – domestic political extremism – we turn to a report released in July of this year:  Breaking the Building Blocks of Hate: A Case Study of Minecraft Servers, which found that “one-in-four moderation actions across three private servers of the popular video game Minecraft are in response to online hate and harassment.”

Read More
18 Nov 2022

China Publishes Its Vision for Internet Harmony

Recently, China published a white paper entitled “Jointly Build a Community with a Shared Future in Cyberspace”presenting its vision of creating an international community with a shared future in cyberspace. The document highlighted the successes of China’s Internet development and government practices over the past several years, and focused on key issues such as Internet governance, as well as individual countries’ rights and interests to pursue Internet development, data security, and prospects for international cooperation. 

Read More
18 Nov 2022

CISA Releases Voluntary Cross-Sector Cybersecurity Performance Goals

In July 2021, President Biden signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. This memorandum required CISA, in coordination with the National Institute of Standards and Technology (NIST) and the interagency community, to develop baseline cybersecurity performance goals that are consistent across all critical infrastructure sectors. These voluntary cross-sector Cybersecurity Performance Goals (CPGs) are intended to help establish a common set of fundamental cybersecurity practices for critical infrastructure, and especially help small- and medium-sized organizations kickstart their cybersecurity efforts.

Read More
18 Nov 2022

The Rate of Learning in Threat Detection

Historically, threat detection (e.g., rule-based intrusion detection, anti-virus systems, and threat intelligence feeds) has been reactive and involves flagging digital requests containing known signatures. These signatures are formalized post hoc, emanating from a compromise that has already happened and was then shared with others. Organizations have relied heavily on these tools—to their disadvantage. The figures below reflect the traditional threat detection paradigm of learning vicariously from peers and highlight how it is at a disadvantage against new or adaptive adversaries. There are some things worth remembering; certainly, past security events are one of them because mistakes are great teachers. The more lessons you can learn from others, the better. However, memorizing past security events experienced by someone else is passive and not a reliable way of learning about threats your organization faces.

Read More
16 Nov 2022

Speculative Design: Welcome to Kaspersky’s Earth 2050

As the 27th Conference of the Parties to the United Nations Framework Convention on Climate Change (COP27) meets in Sharm el-Sheikh, Egypt, we dedicate this installment of the Speculative Design Series to the future of the planet. Take a step into the future of the planet @ Kapersky’s Earth 2050.

Read More
15 Nov 2022

Jen Hoar on Corporate Intelligence and Investigations

In this OODAcast we interview one of our close friends and OODA network members, Jen Hoar. Jen is a former journalist-turned-corporate investigator who has leveraged the potent act of asking, and listening, to turn strangers into sources and contacts into clients. Her expertise, which is clearly also her passion, is identifying and interviewing smart people about any given topic, to learn as much as possible to inform clients’ executive decision-making.

Read More