13 Dec 2021

A Call to Action from CISA’s Jen Easterly and Def Con’s Jeff Moss at Inaugural CISA Advisory Committee Mtg.

In the first meeting of the Cybersecurity and Infrastructure Security Agency’s (CISA) new Cybersecurity Advisory Committee, CISA Director Jen Easterly made clear to the committee members their working model would be action-based, not the usual passive mode assumed by an advisory body, telling the group:  “I welcome this group creating action. This is really just not about being a talking club. This is about leveraging your expertise, your perspective, to make the nation safer.” Advisory Committee Member, Def Con Founder Jeff Moss, also offered his perspective on how best to engage the hacker community.

Read More
15 Nov 2021

Cybersecurity and Cyber Incidents: Innovation and Design Lessons from Aviation Safety Models and a Call for a “Cyber NTSB”

In a recent 4-month long workshop, over 70 experts explored the concept of creating a “Cyber NTSB”. This workshop topic is consistent with themes like innovation and design processes for innovation, which cut across much of our recent OODA Loop research and analysis.  It all starts with a design metaphor. This recent workshop used the National Transportation Safety Board as a design analogy/metaphor for a National Cyber Safety Board/National Cyber Security Board (NCSB). Specifically, innovation in “lesson-learning systems” for cybersecurity and cyber incidents – taking design process inspiration from the aviation safety models of the NTSB – was the goal of this “Cyber NTSB” workshop.

Read More
14 Nov 2021

FBI server sending fake emails taken offline and fixed, no data impacted

The FBI has addressed an incident over the weekend in which fake emails were sent due to a misconfiguration in its Law Enforcement Enterprise Portal (LEEP). The misconfiguration allowed emails to be sent from an official domain, ic.fbi.gov. According to the FBI, LEEP is an IT infrastructure used by the

Read More
02 Nov 2021

Cyber-Incident at South Carolina School District

In South Carolina, the Colleton County School District is investigating a cyber incident that reportedly impacted hundreds of computers. On October 4, staff noticed that some of the county’s networks stopped operating. The IT staff were able to determine that a cybersecurity incident had occurred. Colleton County School District coordinator

Read More