18 May 2022

How Do Cyber Operations Fit into DoD’s National Defense Strategy?

On all accounts, it appears that the U.S. government is making a real effort to maintain its advantage in cyberspace.  Hunt forward operations have been an innovative practice that has the potential to reduce the adversary footprint in cyberspace by merging international cooperation with the ability to proactively locate and counter adversaries in the regions in which they operate.  Based on these actions, it is evident that hunt operations are consistent with the strategic blueprint DoD has laid out for itself indicating that any progress will be built upon and applied across a wide range of state and nonstate adversarial groups. If these successes continue, the United States may have found a strategy that is more than just words that communicate a message. They will demonstrate that the government is practicing what it is preaching.

Read More
13 May 2022

The Current State of the U.S. Semiconductor Industry Shows Signs of Strategic Strength

In March, we extended our tracking of minerals for semiconductor production to the annual Unites States Geological Survey (USGS) 2022 List of Critical Minerals, which includes minerals like Palladium, C4F6, Helium, and Scandium – all of which are used in semiconductor production and or the manufacturing of sensors and memory. In April, we provided a general update on the global chip supply chain disruption. We now widen the lens further to garner broad industry insights from the annual Semiconductor Industry Association’s (SIA) 2021 State of the U.S. Semiconductor Industry and  SIA 2022 Factbook.

Read More
12 May 2022

With Viasat Satellite Hack Officially Attributed to Russia by US and EU Allies, What Next for Satellite Security?

On March 17th, CISA and the FBI issued a Joint Cybersecurity Advisory for the SATCOM ecosystem, following the cyberattack on the Viasat Satellite system.  That same week, OODA Loop contributor Emilio Iasiello provided an analysis of satellite security in the context of overall cybersecurity: “The cyber threat to satellites has been a longstanding concern and one that has, unfortunately, been mixed in with the myriad other cybersecurity issues facing the global community.” At the time of our initial coverage and Emilio’s analysis, the attack was not officially attributed. As of May 10th, Secretary of State Anthony Blinken made the U.S. government’s official attribution known to the general public.

Read More
12 May 2022

CISA Granted Subpoena Power as Cyber Incident Reporting Bill Signed into Law

There are so many important headlines we do not want to get lost ‘below the fold’ for our membership, and this update is one of those headlines. On March 2nd, the Senate unanimously passed the Strengthening American Cybersecurity Act. A vital piece of the consolidated legislation was a cyber incident reporting bill. On March 11th, lawmakers approved the bill as part of a sweeping $1.5 trillion government funding deal. The House passed the legislation earlier in the week. On March 15th, all these efforts came to fruition as President Biden signed the cyber incident reporting bill into law.

Read More
10 May 2022

Gradually, then suddenly, the business environment has changed

In a famous line from Hemingway’s The Sun Also Rises, a character in the story is asked how he went bankrupt. His reply: “Two ways… gradually, then suddenly.”

This line is a catchy way to articulate the way compounding interest works in finance. It is also a good description for the S-Curve that is so frequently seen in adoption of technological innovations, where growth of a technology is usually slow and boring at first, then suddenly shoots up in exponential growth. Gradually then suddenly is also an apt description of many geopolitical trends. We have all been tracking a weakening economy of China, then suddenly their GDP is in decline. We gradually saw Russia posturing for invasion of Ukraine, then suddenly the invasion few anticipated occurs.

The result of all of this is a very turbulent business environment and a need for executives to seek out situational awareness to inform operational decisions. This post provides context from the OODA C-Suite report that will help drive awareness and decision making.

Read More
10 May 2022

Costa Rica in a State of Emergency: Is Conti Gang Cyber Attack a “Sphere of Influence” Shot Across the Bow?

Since yesterday, on the day when a new president took the helm in Costa Rica, a state of emergency was declared in the country based on the impact cyber-attack by the Russia-affiliated Conti Ransomware Gang.  Following is what the journalist trade calls a “tic-toc” of the incident – with a formative analysis of mitigation efforts and impacts of the attack and ongoing impact of the state of emergency.  

Read More
10 May 2022

The U.S. State Department Offers a $10 Million Bounty for Information about Conti Ransomware Gang Members

The Department of State is offering a reward of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Conti ransomware variant transnational organized crime group. In addition, the Department is also offering a reward of up to $5,000,000 for information leading to the arrest and/or conviction of any individual in any country conspiring to participate in or attempting to participate in a Conti variant ransomware incident.

Read More
09 May 2022

The NSO Group’s Pegasus Spyware: A Global Update

Since our expanded coverage in July of last year of Project Pegasus – a cadre of global news organization’s exhaustive investigation of the Pegasus “zero click” surveillance software – there have been many developments related to the spyware – including legal, national security and geopolitical activities pointed directly at the NSO Group (the Israel-based developer of the Pegasus Software).

Read More
07 May 2022

Open Source “Protestware”: Sabotaging Open-Source Code as a Form of Hacktivism

OODA Loop readers will know more than most the two biggest uses of the term “Open Source.” We frequently write about both. In the context of intelligence, Open Source means information that does not come from classified channels. In terms of software, Open Source means software developed and managed in an open way, generally using open source licenses that allow code to be modified and used freely.  This has always introduced some ambiguity for technologists who operate at the nexus of technology and national security. Now it is getting even more complicated. In this post, for example, we provide some open source intelligence on open source software threats. 

Read More
05 May 2022

Is Your Insider Threat Risk Management Program Ripe for Innovation? Part 2

In Part I of this series, we took a look at the Transportation Security Administration (TSA) Insider Threat Roadmap 2020 and advanced analytics.  Following are two more initiatives that are thinking differently about insider threat program implementation through innovative architectures, collective intelligence, advanced analytics, and the use of publicly available information (PAI).  Community-based and partner collaborations up and down the supply chain are also a hallmark of these efforts, as there is a growing acknowledgment that internal-facing and traditionally siloed insider threat efforts are part of the problem. In Part II, we examine the approaches taken and the resources available at the Carnegie Mellon University Software Engineering Institute (SEI) and the MITRE Center for Threat-Informed Defense (CTID).  

Read More