A Call to Action from CISA’s Jen Easterly and Def Con’s Jeff Moss at Inaugural CISA Advisory Committee Mtg.
In the first meeting of the Cybersecurity and Infrastructure Security Agency’s (CISA) new Cybersecurity Advisory Committee, CISA Director Jen Easterly made clear to the committee members their working model would be action-based, not the usual passive mode assumed by an advisory body, telling the group: “I welcome this group creating action. This is really just not about being a talking club. This is about leveraging your expertise, your perspective, to make the nation safer.” Advisory Committee Member, Def Con Founder Jeff Moss, also offered his perspective on how best to engage the hacker community.
When you hear about the commercialization of space, it is not only the efforts of Blue Origin, Virgin Galactic, or Elon Musk’s SpaceX to provide civilian space flights. If DARPA has anything to do with it, there will also be the “development and future realization of biomanufacturing capabilities in space.” The timeline for a private sector role in the commercialization of these biotechnology capabilities is unclear, but DARPA has begun to explore the possibilities the DARPA way.
The New Normal? Unique New Responses to Massive, Global Cyber Theft, Data Breach and Espionage Activities (Part 3 of 3)
In the final post of this series, we explore Microsoft’s seizure of domains used by Chinese cyber-espionage group Nickel (APT15) to attack organizations in the United States and 28 other countries around the world. These attacks were largely being used for intelligence gathering from government agencies, think tanks, and human rights organizations. In the last few years, Microsoft has filed 24 lawsuits against cybercrime and cyber-espionage groups. Is it time for U.S. Corporate Technology Companies to go into full bitskrieg mode against countless global adversaries?
Dr. Kathleen H. Hicks, Deputy Secretary of Defense, released a memorandum yesterday establishing the new Chief Digital and AI Officer (CDAO): “…effective February 1, 2022, there will be within the Office of the Secretary of Defense a new position of Chief Digital and AI Officer (CDAO), reporting directly to me and through me to the Secretary of Defense.”
AI and disinformation are the timely subjects of a new series of policy briefs from the CSET. Part I of the series, AI and the Future of Disinformation Campaigns, Part 1: The RICHDATA Framework, was just released. Disinformation is not new, of course, but the scale and severity seem to have reached a zenith, broadsiding contemporary politics, public health policy, and many other domains. You name it, disinformation is in the mix scrambling truth and reality.
The Transportation Security Administration (TSA) issued two Directives focusing on the cybersecurity of both passenger and freight railroads. These directives are designed to help TSA and CISA feed technical intelligence such as indicators of compromise and vulnerability information back to the rail system customers to bolster their cybersecurity capabilities. At a time when increased cyber-attacks are being conducted against civilian critical infrastructure by both nation-states and cybercriminal actors, railway cybersecurity has gone neglected for far too long, particularly as more noteworthy attacks have occurred against other critical infrastructures.
The New Normal? Unique New Responses to Massive, Global Cyber Theft, Data Breach and Espionage Activities (Part 2 of 3)
In this post, we break down the recent BitMart Cryptocurrency Heist. Our working analogy? The automobile and the Thompson Submachine Gun were the crucial, democratically available technological innovations that the mob leveraged during the “Golden Age of Bank Robberies” in the U.S. Newfound auto horsepower and the number of bullets fired per minute (from the floorboard design innovation on most new car models of the era) equaled the invention of the bank robbery, the getaway car, and the high-speed chase – all new law enforcement problems at the time, not much unlike the current inventions used for cryptocurrency heists today.
Supply Chain and Cybersecurity Resilience: Palantir-backed Analytics Platform Partnership and DoD CMMC 2.0 Announced
Two recent developments speak to both a market-driven and governmental response to the vital operational role technology, innovation, standardization, and collaboration will play in a transition to 1) a resilient supply chain that mitigates risk in the global IT supply chain; and 2) cybersecurity processes to protect the defense industrial base. We provide a brief analysis of both developments: The Athinia Platform and the DoD Cybersecurity Maturity Model Certification (CMMC) 2.0 Program.
The New Normal? Unique New Responses to Massive, Global Cyber Theft, Data Breach and Espionage Activities (Part 1 of 3)
New headlines point to a new ‘right-sizing” in the scale, severity, and/or sophistication of responses (legal, fiduciary, corporate, and citizen-led) to some of the more spectacular cyber incidents of the last few months. Following is a brief breakdown of three big recent headlines.
Nate Fick on Company Culture, the Cybersecurity Community, Endgame/Elastic and Emerging Cyber Threats (Part 2 of 2)
In March 2021, Matt Devost had an OODAcast conversation with Nate Fick, whose career has been eclectic with a throughline of demonstrating superior leadership abilities in a diverse array of successful opportunities. Nate is currently a General Manager at Elastic, having joined the firm with their acquisition of Endgame where he served as CEO. After graduating from Dartmouth, Nate joined the military and served as a USMC officer. His service in the military is chronicled in his New York Times best-selling book, One Bullet Away.
In Part II of this conversation, Matt and Nate discuss building a company culture, leadership in the cybersecurity community, the business model and value creation/capture play that is the Endgame/Elastic merger and emerging threats in cyber.