In a new alert, the Department of Homeland Security is warning that Domestic Violent Extremists and Foreign Terrorist Organizations have bee using TikTok to recruit, promote violence, and disseminate tactical guidance for use in various terrorist and criminal activities. The alert highlights several instances of TikTok being used in this manner and how these entities are avoiding detection and termination of their accounts.
On 15 April the Biden Administration formally attributed the Solar Winds attacks to Russia’s Foreign Intelligence Service, the SVR. Soon thereafter they issued several directives implementing sanctions against Russia and some Russian related business leaders. The fall out from these actions is still underway and we will continue to track and assess how these matters could impact business and government strategies and decision-making. This post provides context important in assessing why any cyber retaliation needs to be both quick and meaningful.
Security, Risk Management and Intelligence professionals all know of Jim Clapper, this week’s OODAcast guest. He had a long and distinguished career in the US Air Force, which included leadership spanning the Vietnam era all the way to the end of the Cold War. By the time he retired he was a three star General, leading the Director of the Defense Intelligence Agency. After retirement he would later return to government service as head of the National Imagery and Mapping Agency just three days after 9/11. In 2007 he was named the Pentagon’s top intelligence official (USDI), serving as an appointee in both the Bush and Obama administrations before President Obama appointed him DNI. He is author of the book “Facts and Fears: Hard truths from a life in intelligence.”
For those of us practitioners in the cybersecurity space who have tracked policy concepts, one that has been around forever is the idea that good guys from government may one day need to take action in privately owned computers. Since the late 1990’s, concepts have been considered like the idea of a self propagating piece of good code (a worm) that would gain access to infected computers and patch them or take other action to fight bad guys in privately owned computers. Now for what seems to be the first time in history the US had done this (previously court orders had been issued to do things like send kill commands to a botnet, but this is bigger, it is fixing computers!). Views on what this may mean are provided here.
We strongly encourage every company, large or small, to set aside dedicated time to focus on ways to improve your ability to understand the nature of the significantly changed risk environment we are all operating in today, and then assess how your organizational thinking should change.
As an aid to assessing your corporate sensemaking abilities, this post summarizes OODA’s research and analysis into optimizing corporate intelligence for the modern age.
Beijing’s March 2021 China and Arab States Data Security Agreement is supposed to strengthen cooperation in communications and information technology. While details have yet been published, the document focuses on ensuring the integrity of data and production chains that drive the digital economy. This is not the first time that China and the Arab nations have collaborated, having engaged one another in emerging technologies like 5G and artificial intelligence. However, it is noteworthy as this partnership makes the Middle East the first region to have engaged in a data security initiative with China, according to China’s Foreign Minister.
In this week’s OODAcast we interview Ray Wang, CEO of Constellation Research. Ray is a great leader, evidenced by the people he has attracted to his firm. I know many of his team and can say for a fact that they are people who can do just about anything they want (which means they are in a position to pick their boss). Ray is also an entrepreneur, and in this OODAcast provides context anyone thinking of starting out on their own should consider. One of many anecdotes he provided was an insightful recap of a conversation he had with his then boss at Forrester Research, George Forrester Colony, which made it clear to Ray that he faced a choice. He could work at a place that wanted to motivate him to be as average as possible or he could go out on his own and create his future himself. It takes a type of bravery to do what Ray did next, a type of bravery very likely at the core of any entrepreneur.
Something is different in the geopolitical situation today. The reasons are probably a combination of factors that include the pandemic, the rise of the global grid of cyberspace, plus the payoff of years of planning and strategic moves by our adversaries. But whatever the reasons, the world today is more complicated and more dangerous than the world of just a year ago, and in many cases the risks being faced by open societies have never been seen before. The changes are so significant, OODA recommends all business leaders take stock of the geopolitical situation and assess how the nature of these changes should impact your business strategy.
“The world is a more dangerous and complicated place than it was just a year ago. Your corporate strategy and defensive posture needs to reflect that”
Quantum key distribution (QKD) is an exciting application of quantum technologies that has exploded in the past decade. QKD is used to share encryption keys across an established optical link or network. QKD can be used to generate a secure, shared secret key between two users. This key is then used in an algorithm to encrypt message traffic. The big advantage QKD offers is that any attempt to read the information stored in the photons would destroy the message and be immediately detected. Quantum cryptography is fundamentally viable today in the laboratory and used in some high-end security applications, like banking and stock trading, that can rely on dedicated short distance physical fibers.
Lisa J. Porter has successfully lead some of the world’s largest and most critical technology efforts. Her career started with a focus on academic rigor in pursuit of some of the toughest degrees, a B.S. in Nuclear Engineering from MIT and a PhD in Applied Physics from Stanford. She would later lecture at MIT and then became a researcher for DARPA related projects, eventually becoming a DARPA program manager. Dr. Porter would later lead NASA’s Aeronautics Portfolio, would become the first Director of the Intelligence Community’s IARPA, became President at Teledyne Scientific and an EVP at In-Q-Tel, and then was named to be the Deputy Under Secretary of Defense for Research and Engineering, an office which is essentially the CTO for the entire Department of Defense.