Cyber Essentials is a UK government scheme that outlines the basic steps that organisations can take to secure their systems. Implementing its five controls effectively will help you prevent about 80% of cyber attacks. In…
Insurance and Ransomware
As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s…
Risks of Evidentiary Software
Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). Bugs and vulnerabilities can lead to inaccurate evidence,…
The Future of Machine Learning and Cybersecurity
The Center for Security and Emerging Technology has a new report: “Machine Learning and Cybersecurity: Hype and Reality.” Here’s the bottom line: The report offers four conclusions: Machine learning can help defenders more accurately detect…
The Story of the 2011 RSA Hack
Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.Read more: schneier.com
Is 85% of US Critical Infrastructure in Private…
Most US critical infrastructure is run by private corporations. This has major security implications, because it’s putting a random power company in — say — Ohio — up against the Russian cybercommand, which isn’t a…
Cybersecurity Experts to Follow on Twitter
Security Boulevard recently listed the “Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021.” I came in at #7. I thought that was pretty good, especially since I never tweet. My Twitter feed just…
DNI’s Annual Threat Assessment
The office of the Director of National Intelligence released its “Annual Threat Assessment of the U.S. Intelligence Community.” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will…
More Biden Cybersecurity Nominations
News: President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD).…