Sophos’ Kristin Del Rosso on the US National Vulnerability Database (NVD) and the Chinese NVD (CNNVD)
Kristin Del Rosso is a product manager at Sophos focusing on Incident Response, Threat Intelligence, and the SecOps ecosystem. Research and concerns about the US National Vulnerability Database (NVD) and Chinese strategies relative to the database are evergreen. We caught up with Del Rosso for an interview this week to discuss her presentation at LABScon.io 2022 on the topic back in September. A transcript of that conversation will be available soon. For full context on the issues we discussed, In this post you will find the video of her LABScon presentation and an analysis of the talk from a threats research blog post from Paul Robers at ReverseLabs.
As mentioned in our weekly OODA Member Network Dispatch, OODA and Katzcy are hosting an invite-only quantum networking event for the evening of 26 January in Reston VA (Thanks to both Quintessence Labs and the Fairfax County Economic Development Authority for sponsoring this event). OODA network members have received an invite. If you are not an OODA network member but would like to attend, please consider joining the network and also let us know a bit about your background in or interests in quantum computing and quantum security.
CCP support for Russia, its behaviour in the Taiwan Straits and the South China Sea, its repudiation of universal values in the infamous “document no 9” and demonstration of that disregard in Hong Kong and Xinjiang should convince our policy makers that if the CCP does not represent a hostile power now, it is likely to in future. Therefore, with cellular IoT modules, it is a question of identifying the vulnerabilities and taking measures to close them off.
According to a report on the Cost of Internet Shutdowns, there were 114 major outages across 23 countries in 2022 impacting around 700 million people (although another source puts that figure as high as 4.2 billion), representing a 41% increase from the previous year. Key findings revealed that these shutdowns consisted of approximately 51,000 hours of Internet disruptions, which included Internet blackouts and Internet throttling which intentionally limits bandwidth to control web traffic. The most effected social media platforms were Twitter, Instagram, Facebook, WhatsApp, and YouTube, which happened to be among the most globally popular outlets in 2022, as well, and where many people create, transmit, receive, and consume traditional and nontraditional news sources.
“Boyd: The Fighter Pilot Who Changed the Art of War,” is a captivating and informative biography of Colonel John Boyd, a brilliant and innovative military strategist who made a significant impact on modern warfare. A brilliant jet fighter pilot, forward-thinking academic, and a creative military strategist, he was a talented but wildly eccentric individual. Boyd was a leading figure in the post-Vietnam War military reform movement, the author of the first manual on jet aerial combat, the primary designer of the F-15 and the F-16 jet fighters, and the architect of the wildly successful American military strategy in the Persian Gulf War, among other accomplishments. Robert Coram does a fantastic job of bringing Boyd’s complex and multifaceted personality to life, highlighting his brilliant mind, his fierce determination, and his unwavering commitment to his principles. The book delves into Boyd’s unconventional approach to military strategy, which emphasized speed, agility, and adaptability over brute force, and how he used his ideas to revolutionize the way the United States military fights wars.
The relationships between Chinese technology companies that are the suppliers of IoT devices and the companies that are the suppliers of the cellular modules that enable them is key. Often conversation on risk associated with Chinese companies exporting technology globally focuses on the visible companies, overlooking the many others that sit within their supply chains.
Free and open nations have woken up to the threat posed by Chinese involvement in their 5G telecommunications and to the importance of maintaining the lead in semiconductors. There is less awareness of the risks incurred by using Chinese cellular IoT technology. In the longer term the risk posed by the pervasive presence of Chinese cellular IoT modules in our systems and processes poses a greater threat than does relying upon Chinese companies for 5G.
This is the 3rd installment of our OODA Almanac series which are intended to be a quirky forecasting of themes that the OODA Network think will be emergent each year.
The theme for last year was exponential disruption, which was carried through into our annual OODAcon event. This year’s theme is “jagged transitions” which is meant to invoke the challenges inherent in the adoption of disruptive technologies while still entrenched in low-entropy old systems and in the face of systemic global community threats and the risks of personal displacement.
In the Bitzlato Case, the Crackdown on Crypto Exchanges and Russian Cybercrime Activities are One in the Same
The Biden administration debuted a new power yesterday for fighting Russian cybercrime and rolled out the first major public move of a new government team devoted to battling the illicit use of cryptocurrency. Both steps came as part of an international effort to punish Bitzlato, a cryptocurrency exchange that U.S. authorities say helped criminals profit from ransomware attacks and drug trafficking.
This article leads to actionable recommendations for continuing the focus on speed of adoption of new technologies, including how to improve risk management issues from a USG perspective, and identifying strategies that can be implemented now, by those with the authority and will to do so.