This special report is the first of a two-part series designed to both inform OODA members on the nature of challenges to our nation’s most critical infrastructure and provide recommendations for action that can mitigate these challenges. Our thesis is that America’s most critical infrastructure is our cognitive infrastructure. This is also the most attacked and least defended. In short, our most important critical infrastructure is also our most neglected infrastructure.
OODA’s Cyber Threat Analysis Report provides the “so what” behind the news and events we track on a daily basis. When it comes to putting cyber news in context, there really is no substitute for experience. The context in this report is provided by one of the most highly regarded cybersecurity practitioners and pioneer of cyber threat intelligence (and OODA Network expert) Mike Tanji. In this edition, Mike brings context into the ransomware attacks against cities, the changing situation regarding best practices in perimeter defense, stunt hacking and many other hot topics you will want to track.
Our latest OODA Network interview with Jason Zann from RiskIQ. Jason’s career path is a bit non-traditional and certainly didn’t follow a prescribed path. Read about how his ping-pong-ball approach has made allowed him to become a visionary in the cybersecurity industry and why RiskIQ thinks more transparency will take some of the bite out of the cyber threat.
The DoDIIS Conference: Insights into how IT supports some of the most critical missions in the nation
With this post we provide some insights for OODA members from the 2-5 August 2019 DoDIIS conference. We have aimed this overview for three broad types of decision-makers: 1) The startup tech executive seeking to better serve government missions, 2) Business leaders seeking insights into global risks and mitigation efforts relevant to your organization, and 3) The government leader seeking independent views that could impact your approach to enterprise technology.
The 5G Supply Chain Blind Spot: A more concerted effort to assess risk from the services supplied by our adversaries is required
Winning the worldwide “race to 5G” is a top priority for the United States. As the global competition unfolds, we have continued to hear about the technological and economic benefits associated with leadership in the wireless domain. Earlier this year, CTIA, a trade association representing the wireless communications industry, released a report that said, “America’s telecommunications operators plan to invest $275 billion to deploy 5G networks, creating 3 million new jobs and adding $500 billion to our economy.” Even though the benefits are undeniable, the U.S. has not relented on the critical security risks that must also be accounted for prior to large-scale nationwide investments in 5G infrastructure.
An FBI bulletin provides an overview and detailed recommendations on how cyberattackers are targeting audio/visual systems to compromise corporate networks along with recommendations on how to prevent such attacks.
The newly formed Cybersecurity and Infrastructure Security Agency (CISA)has released a strategic intent document outlining the agencies role in protecting U.S. critical infrastructure and cyberspace. It is important for OODA Network Members to track the emergent roles and responsibilities of this agency as it will be a critical component of cyber and infrastructure security moving forward.
Conventional wisdom is telling us that “assumption of breach” is the new normal. Some well-respected names in computer security would have you believe that the appropriate response to such conditions is to increase the cost to the attackers. If you’re too expensive to breach – so the logic goes – the bad guys will go looking for someone else. Maybe someday, when everyone makes hacking too expensive, it will stop.
For all the benefits IT in general and the Internet specifically have given us, it has also introduced significant risks to our well-being and way of life. Yet cybersecurity is still not a priority for a majority of people and organizations. No amount of warnings about the risks associated with poor cybersecurity have helped drive significant change. Neither have real-world incidents that get worse and worse every year.
This post is based on an interview with Andy Lustig at Cooley. It is part of our series of interviews of OODA Network members. Our objective with these interviews is to provide actionable information of interest to the community, including insights that can help with your own career progression.