Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. This post examines both and leads to recommended action plans for any organization in government or business who seeks to mitigate risk while focusing on opportunity.
This week’s OODAcast is with Kim Zetter, an incredibly well respected journalist who has been covering cybersecurity related issues for two decades. Matt Devost talks with Kim about a wide variety of cyber-related issues including a deep dive into Stuxnet and the implications for today’s security environment. Kim also shares details as to how she got into the field and how she developed relationships with the hacker community via her longstanding attendance at Def Con.
Beijing has been engaged in a battle for public opinion for several years, aggressively promoting a positive vision of China to counter criticisms for its involvement in human rights violations, intellectual property theft, currency manipulation, its engagement with Taiwan and the South China Sea disputes, and its suspected involvement in the COVID-19 outbreak. In 2017, senior Party leaders acknowledged that “the main battlefield for public opinion” occurs on the extensive borderless Internet where people receive their news, express their thoughts, and promote and argue their political and ideological viewpoints. Beijing understands how the Internet is essential in disseminating China-friendly narratives, while at the same time deflecting criticisms and reassigning blame. In essence, it is how Beijing seeks to preserve its image while tarnishing those of others.
Game theory, the study of competition and conflict, tells us there are two types of games: Finite Games and Infinite Games. Understanding that cybersecurity, like espionage, is an infinite game, should inform our all our actions in cyberspace. This post provides suggested considerations for businesses, individuals and governments seeking advantage in this infinite game.
Enterprise technologists use the term “Zero Trust” to describe an evolving set of cybersecurity approaches that move defenses from static attempts to block adversaries to more comprehensive measures that improve enterprise performance while improving security. When the approaches of Zero Trust are applied to an enterprise infrastructure and workflows, the cost of security can be better managed and the delivery of functionality to end users increased. Security resources are matched to risk. Functionality, security and productivity all go up.
In this OODAcast we provide insights into Zero Trust architectures from an experienced practitioner, Junaid Islam. Junaid is a senior partner at OODA. He has over 30 years of experience in secure communications and the design and operations of highly functional enterprise architectures. He founded Bivio Networks, maker of the first gigabyte speed general purpose networking device in history, and Vidder, a pioneer in the concept of Software Defined Networking. Vidder was acquired by Verizon to provide Zero Trust capability for their 5G network. Junaid has supported many US national security missions from Operation Desert Shield to investigating state-sponsored cyberattacks. He has also led the development of many network protocols including Multi-Level Precedence and Preemption (MLPP), MPLS priority queuing, Mobile IPv6 for Network Centric Warfare and Software Defined Perimeter for Zero Trust. Recently Junaid developed the first interference-aware routing algorithm for NASA’s upcoming Lunar mission.
In mid-May 2021, Russia’s Federal Security Service (FSB)’s National Coordination Center for Computer Incidentspublished a joint report with Rostelecom-Solar, the cybersecurity arm of Russian telecom company Rostelecom, about a 2020 cyber espionage campaign that targeted Russian government agencies. The publicly-available portion of the report disclosed stealthy cyber operations that targeted key individuals associated with “the federal executive branch (FOI) of the Russian Federation.” Although details of the operation have been kept close hold, the report did cite that the main intent of the campaign was to completely compromise IT infrastructure for the purposes of stealing sensitive information to include “documentation from closed segments and email correspondence.”
This is the second part of our special series on Ransomware. The first provided an update on the nature of the threat, including an anatomy of a modern attack. This post, produced with inputs from real world cybersecurity practitioners Matt Devost, Bob Flores, Junaid Islam and Bob Gourley, provides information for Corporate Board of Directors and the CEO. In our experience, the guidance provided here can mitigate the existential risks of a ransomware infection to a low level.
The scourge of ransomware is the inevitable result of decades of schizophrenia about our relationship with information technology and security. Treating this problem in the same fashion as we have those that came before it will only prolong our suffering. Clarity, creativity, and will are required if we are to have any hope of a future where ransomware is an annoyance and not a plague.
Bryson Bort is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy. He is widely known in the cybersecurity community for helping advance concepts of defense across multiple critical domains. He is the co-founder of the ICS Village, a non-profit advancing awareness of industrial control system security. Bryson is also a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute.