Promising Research and Analysis Topics and Projects Emerge from the April 2022 OODA Network Member Meeting
To help members optimize opportunities and reduce risk, OODA hosts a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs. This month’s call was marked by more than the usual number of follow-up commitments on what were clearly promising ideas and projects with great potential for OODA Loop research and analysis (and are also a bit more time-sensitive than usual due to the crisis conditions in Ukraine).
Back in December, we provided coverage and analysis of the first meeting of the Cybersecurity & Infrastructure Security Administration (CISA) Advisory Committee. We noted then that CISA Director Jen Easterly and Def Con Founder Jeff Moss (a CISA Advisory Committee Member) at the meeting were less concerned with collaboration with the business community and, instead, prioritized messaging and outreach to the hacker and research community.
The Russian Invasion of Ukraine has now changed everything in this calculus of how best to “ignite” and perform outreach to the community. Here’s how.
A Call to Action from CISA’s Jen Easterly and Def Con’s Jeff Moss at Inaugural CISA Advisory Committee Mtg.
In the first meeting of the Cybersecurity and Infrastructure Security Agency’s (CISA) new Cybersecurity Advisory Committee, CISA Director Jen Easterly made clear to the committee members their working model would be action-based, not the usual passive mode assumed by an advisory body, telling the group: “I welcome this group creating action. This is really just not about being a talking club. This is about leveraging your expertise, your perspective, to make the nation safer.” Advisory Committee Member, Def Con Founder Jeff Moss, also offered his perspective on how best to engage the hacker community.
The New Normal? Unique New Responses to Massive, Global Cyber Theft, Data Breach and Espionage Activities (Part 3 of 3)
In the final post of this series, we explore Microsoft’s seizure of domains used by Chinese cyber-espionage group Nickel (APT15) to attack organizations in the United States and 28 other countries around the world. These attacks were largely being used for intelligence gathering from government agencies, think tanks, and human rights organizations. In the last few years, Microsoft has filed 24 lawsuits against cybercrime and cyber-espionage groups. Is it time for U.S. Corporate Technology Companies to go into full bitskrieg mode against countless global adversaries?
The National Cyber Security Centre (NCSC), a part of Government Communications Headquarters (GCHQ), was created in 2016 as part of the UK’s 5-year National Cyber Security Strategy. Self-described as “the UK’s technical authority for cyber security,” the NCSC has put out an annual review every year since its inception. In this year’s report, “Annual Review 2021: Making the UK the safest place to live and work online”, the NCSC, as part of a national security agency, is unable to disclose all its work publicly, but seeks in the annual review “to describe the year with insights and facts from colleagues inside and out of the organization.”