Podcasts about cyber statecraft initiative

  • 44PODCASTS
  • 69EPISODES
  • 45mAVG DURATION
  • ?INFREQUENT EPISODES
  • Jan 22, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about cyber statecraft initiative

Latest podcast episodes about cyber statecraft initiative

Defense & Aerospace Report
Defense & Aerospace Daily Podcast [Jan 22, 25] Justin Sherman on TikTok Ban & Latest Tech Headlines

Defense & Aerospace Report

Play Episode Listen Later Jan 22, 2025 37:29


Justin Sherman, the founder of Global Cyber Strategies advisory firm and nonresident fellow at the Atlantic Council's Cyber Statecraft Initiative, joins Defense & Aerospace Report Editor Vago Muradian to discuss why it's important to ban TikTok, the supply chain questions raised by the Chinese social media app; what makes similar apps problematic from a security standpoint and what needs to happen to address known vulnerabilities; whether the sale of the US side of TikTok solves the problem; some cyber priorities for the incoming administration; why curtailing cyber regulation will undermine collective security at a time when adversaries are stepping up their cyber game and penetrating critical US and allied communications and other networks; how to counter Russian and Chinese operations to disrupt critical undersea infrastructure; and ways to increase the production of cyber talent.

Caveat
Mythical beasts, real threats.

Caveat

Play Episode Listen Later Sep 26, 2024 56:38


This week, we are joined by Jen Roberts and Nitansha Bansal, both Assistant Directors of the Cyber Statecraft Initiative, from the Atlantic Council, as they are sharing their report "Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights." Ben discusses new election-related deep fake laws coming out of California. Dave looks at an FTC report on social media platforms. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: California Passes Election ‘Deepfake' Laws, Forcing Social Media Companies to Take Action FTC Staff Report Finds Large Social Media and Video Streaming Companies Have Engaged in Vast Surveillance of Users with Lax Privacy Controls and Inadequate Safeguards for Kids and Teens Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers California Governor Gavin Newsom's recent signing of three AI-related bills aimed at preventing the misuse of sexually explicit deepfakes. These new laws target AI developers and social media platforms, establishing regulations to prevent irresponsible use of the technology, while larger discussions around broader AI regulation continue as Newsom considers a major AI regulation bill pending his decision by September 30. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Defense & Aerospace Report
Defense & Aerospace Daily Podcast [Aug 07, 24] Justin Sherman on Latest Tech & Cyber Headlines

Defense & Aerospace Report

Play Episode Listen Later Aug 7, 2024 38:24


Justin Sherman, the founder of Global Cyber Strategies advisory firm and nonresident fellow at the Atlantic Council's Cyber Statecraft Initiative, discusses the new report he authored — “Russia's Digital Tech Isolationism: Domestic Innovation, Digital Fragmentation, and the Kremlin's Push to Replace Western Digital Technology” — how Moscow uses its digital technology for global advantage, impact of sanctions that have driven a rise in domestic capability and greater partnership and reliance on China, the global market for Russian and Chinese digital technologies among nations that want to operate outside US and Western sanctions, how to counter Russian dis and misinformation, and outlook for social media regulation in Washington with Defense & Aerospace Report Editor Vago Muradian.

The Lawfare Podcast
Lawfare Daily: What Can Be Done to Improve Cloud Security with Maia Hamin, Trey Herr, and Marc Rogers

The Lawfare Podcast

Play Episode Listen Later Jun 20, 2024 57:06


The Cyber Safety Review Board's (CSRB) report on the Summer 2023 Microsoft Exchange online intrusion sheds light on how a series of flaws in Microsoft's cloud infrastructure and security processes allowed a hacking group associated with the People's Republic of China (PRC) to strike the “equivalent of gold” in accessing the official email accounts of many of the most senior U.S. government officials managing the U.S. government's relationship with the PRC. Lawfare Senior Editor Stephanie Pell sat down Maia Hamin, Associate Director with the Atlantic Council's Cyber Statecraft Initiative; Trey Herr, Assistant Professor of cybersecurity and policy at American University's School of International Service and Director of the Cyber Statecraft Initiative at the Atlantic Council; and Marc Rogers, Co-Founder and Chief Technology Officer for the AI observability startup nbhd.ai, to discuss their recent Lawfare piece about the CSRB's report and the lagging state of cloud security policy. They talked about ways to improve cloud service provider transparency, other investigative and regulatory tools that could facilitate better cloud security, and their thoughts on Microsoft's response to the CSRB's report. To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

To The Point - Cybersecurity
Cyber Safety is Patient Safety with Joshua Corman, Part II

To The Point - Cybersecurity

Play Episode Listen Later Aug 29, 2023 42:55


We pick back up with Joshua Corman, founder of grass roots organization I Am the Cavalry, for part two of our discussion. Josh shares insights from his many years on the healthcare cyber front lines and provides both a captivating and sobering perspective on the state of healthcare security today. And while there have been many strides forward, we still have a long way to go. Audra and I learned so much during our discussion including themes such as cyber asbestos, the emerging care desert, dependency on undependable things, recalibrating the cost of connected medicine, if you can't protect it/can't connect it, the Omnibus Appropriations Act, and actionable insights on what we can do right now, as individuals and collectively, to make a difference.   Joshua Corman is the founder of I Am the Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA's COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council's Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e248

To The Point - Cybersecurity
Cyber Safety is Patient Safety with Joshua Corman Part 1

To The Point - Cybersecurity

Play Episode Listen Later Aug 22, 2023 34:31


We had so much to talk about with this week's guest that we made it a two-part episode! Joining us this week, and next week, is Joshua Corman, founder of grass roots organization I Am the Cavalry. Josh shares insights from his many years on the healthcare cyber front lines and provides both a captivating and sobering perspective on the state of healthcare security today. And while there have been many strides forward, we still have a long way to go. Audra and I learned so much during our discussion including themes such as cyber asbestos, the emerging care desert, dependency on undependable things, recalibrating the cost of connected medicine, if you can't protect it/can't connect it, the Omnibus Appropriations Act, and actionable insights on what we can do right now, as individuals and collectively, to make a difference. Joshua Corman is the founder of I Am the Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA's COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council's Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e247

No Name Podcast
No Name Podcast with Margaret Smith

No Name Podcast

Play Episode Listen Later Aug 7, 2023 85:06


Dr. Margaret Smith is a US Army Cyber Officer and Army Planner at Department of the Army, Military Operations, and an academic who holds Ph.D. in Public Policy and Administration. Dr. Smith's research and teaching interests are focused on social media and the effects of disinformation campaigns as a national security challenge and the geopolitics of military cyberspace operations. She is a Senior Fellow with the Atlantic Council's Cyber Statecraft Initiative and graduate faculty at the University of Maryland, College Park where she teaches courses on near-peer and strategic competition for the Terrorism Studies program that investigates the geopolitics of the modern world and the tensions and relationships that shape state behavior, conflict, competition, and cooperation. Finally, Dr. Smith direct's the Cyber Project for the Irregular Warfare Initiative, serving as the editor and curator of the organization's cyber-focused content. In her military career, Dr. Smith served as a researcher at the Army Cyber Institute and assistant professor in the Department of Social Sciences at the United States Military Academy, teaching courses on American politics, cyberspace operations, and her elective, “Politics and the Internet” that investigated how citizen-government relationships have changed with the internet.

The Lawfare Podcast
Bulelani Jili on Africa's Demand for and Adoption of Chinese Surveillance Technologies

The Lawfare Podcast

Play Episode Listen Later Jun 26, 2023 43:33


Countries across Africa are procuring and employing surveillance tools from China. This trend is a product of China's diplomatic strategy, its technological ambitions, and growing corporate power and reach, as well as African domestic demands. A white paper from the Digital Forensic Research Lab (DFRLab) at the Atlantic Council argues that research on this topic disproportionately focuses on the motivations and ambitions of the supplier, and seeks instead to focus on the local features that drive the adoption of Chinese surveillance tools.Lawfare's Fellow in Technology Policy and Law, Eugenia Lostri, sat down with Bulelani Jili, the author of the white paper. Bulelani is a fellow at the Atlantic Council's Cyber Statecraft Initiative, and a Meta Research Ph.D. Fellow at Harvard University. They discussed the supply and demand drivers for surveillance technology in Africa, the risks to civil liberties that come from the deployment of these technologies without proper checks and balances, and how all this fits in the context of U.S.-China competition.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

@BEERISAC: CPS/ICS Security Podcast Playlist
Danielle Jablanski: Navigating the Multitude of OT Technologies Considering Interoperability, Reliability, and Centralization

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 12, 2023 46:39


Podcast: The PrOTect OT Cybersecurity Podcast (LS 28 · TOP 10% what is this?)Episode: Danielle Jablanski: Navigating the Multitude of OT Technologies Considering Interoperability, Reliability, and CentralizationPub date: 2023-06-08About Danielle Jablanski: Danielle Jablanski is an accomplished OT cybersecurity strategist at Nozomi Networks, where she spearheads global research on cybersecurity and drives awareness of operational technology (OT) and industrial control systems (ICS) cybersecurity throughout the industry. She is a nonresident fellow at the Cyber Statecraft Initiative within the Atlantic Council's Scowcroft Center for Strategy and Security, further establishing her expertise in the field. Jablanski's commitment to advancing cyber-physical standards development, education, certifications, and labeling authority is evident through her active roles as a staff and advisory board member of the nonprofit organization Building Cyber Security. With a passion for emerging technologies, Danielle has independently consulted for the US government and technology startups, exploring novel applications in military, defense, and commercial sectors. Prior to her current endeavors, she contributed significantly to the creation and development of the Stanford Cyber Policy Center, showcasing her dedication to cybersecurity and policy. In this episode, Aaron and Danielle Jablanski discuss:Challenges and false assumptions in cybersecurityManaging cybersecurity for operational technology (OT) with an overwhelming market of OT solutions to choose fromThe importance of transparency, accuracy, and precision in overcoming challenges of OT cybersecurityPrioritizing cybersecurity investments in a complex operational environment with limited resourcesKey Takeaways:The cybersecurity industry holds misconceptions and obstacles in the OT domain, requiring a change in perspective, modernizing systems, and reassessing market classifications to adequately tackle emerging threats and discover practical solutions.With the overwhelming amount of OT technologies and tools available in the marketplace, understanding interoperability, reliability, and centralization will help you select the most appropriate ones for addressing issues in your environment.The convergence of IT and OT cybersecurity requires a shift in mindset, prioritizing safety and business risk over technology, and addressing key challenges of interoperability, reliability, and centralization, while leveraging trusted advisors and independent consultants for effective solutions, especially for smaller organizations.Focus on practical steps tailored to your financial capacity, risk assessment, and the unique demands of your organization, rather than mindlessly spending on costly products or solutions that may not fulfill your security needs. "Collectively, cyber-physical security requires new strategic and tactical thinking to better inform decision-makers in cyber policy, planning, and preparedness." — Danielle Jablanski Resources Mentioned: Upcoming webinar by Nozomi Networks on The Next Generation of AI for OT Cybersecurity this June 14th: https://www.nozominetworks.com/webinars/the-next-generation-of-ai-for-ot-cybersecurity-launch-event/Critical infrastructure cybersecurity prioritization: A cross-sector methodology for ranking operational technology cyber scenarios and critical entities: https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/critical-infrastructure-cybersecurity-prioritization/Connect with Danielle Jablanski: Website: https://www.nozominetworks.com/ LinkedIn: https://www.linkedin.com/in/daniellejjablanski/ Twitter: https://twitter.com/CyberSnark Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The PrOTect OT Cybersecurity Podcast
Danielle Jablanski: Navigating the Multitude of OT Technologies Considering Interoperability, Reliability, and Centralization

The PrOTect OT Cybersecurity Podcast

Play Episode Listen Later Jun 8, 2023 46:39


About Danielle Jablanski: Danielle Jablanski is an accomplished OT cybersecurity strategist at Nozomi Networks, where she spearheads global research on cybersecurity and drives awareness of operational technology (OT) and industrial control systems (ICS) cybersecurity throughout the industry. She is a nonresident fellow at the Cyber Statecraft Initiative within the Atlantic Council's Scowcroft Center for Strategy and Security, further establishing her expertise in the field. Jablanski's commitment to advancing cyber-physical standards development, education, certifications, and labeling authority is evident through her active roles as a staff and advisory board member of the nonprofit organization Building Cyber Security. With a passion for emerging technologies, Danielle has independently consulted for the US government and technology startups, exploring novel applications in military, defense, and commercial sectors. Prior to her current endeavors, she contributed significantly to the creation and development of the Stanford Cyber Policy Center, showcasing her dedication to cybersecurity and policy. In this episode, Aaron and Danielle Jablanski discuss:Challenges and false assumptions in cybersecurityManaging cybersecurity for operational technology (OT) with an overwhelming market of OT solutions to choose fromThe importance of transparency, accuracy, and precision in overcoming challenges of OT cybersecurityPrioritizing cybersecurity investments in a complex operational environment with limited resourcesKey Takeaways:The cybersecurity industry holds misconceptions and obstacles in the OT domain, requiring a change in perspective, modernizing systems, and reassessing market classifications to adequately tackle emerging threats and discover practical solutions.With the overwhelming amount of OT technologies and tools available in the marketplace, understanding interoperability, reliability, and centralization will help you select the most appropriate ones for addressing issues in your environment.The convergence of IT and OT cybersecurity requires a shift in mindset, prioritizing safety and business risk over technology, and addressing key challenges of interoperability, reliability, and centralization, while leveraging trusted advisors and independent consultants for effective solutions, especially for smaller organizations.Focus on practical steps tailored to your financial capacity, risk assessment, and the unique demands of your organization, rather than mindlessly spending on costly products or solutions that may not fulfill your security needs. "Collectively, cyber-physical security requires new strategic and tactical thinking to better inform decision-makers in cyber policy, planning, and preparedness." — Danielle Jablanski Resources Mentioned: Upcoming webinar by Nozomi Networks on The Next Generation of AI for OT Cybersecurity this June 14th: https://www.nozominetworks.com/webinars/the-next-generation-of-ai-for-ot-cybersecurity-launch-event/Critical infrastructure cybersecurity prioritization: A cross-sector methodology for ranking operational technology cyber scenarios and critical entities: https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/critical-infrastructure-cybersecurity-prioritization/Connect with Danielle Jablanski: Website: https://www.nozominetworks.com/ LinkedIn: https://www.linkedin.com/in/daniellejjablanski/ Twitter: https://twitter.com/CyberSnark Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

Inside The War Room
Cyberspace and Instability

Inside The War Room

Play Episode Listen Later May 5, 2023 51:31


Links from the show:* Cyberspace and Instability* Connect with James* Never miss an episode* Rate the showAbout my guest:James Shires is Assistant Professor in Cybersecurity Governance at the Institute for Security and Global Affairs, Leiden University. He is also a nonresident fellow with the Cyber Statecraft Initiative at the Atlantic Council. Get full access to Dispatches from the War Room at dispatchesfromthewarroom.substack.com/subscribe

CERIAS Security Seminar Podcast
Wendy Nather, CERIAS Security Symposium Closing Keynote

CERIAS Security Seminar Podcast

Play Episode Listen Later Mar 29, 2023 58:05


"What Do We Owe One Another In Cybersecurity?" As the cybersecurity ecosystem evolves, we understand more about how interconnected we are: the ripple effects from breaches, the fact that supply chains aren't discrete lines but rather a web, and that mapping our vulnerabilities is harder than we thought. In this session, Wendy Nather will talk about the concept of civic duty on the Internet — not just sporadic charity efforts or "nice to have" information sharing, but the social norms and obligations we should face together if we want a sustainable world of technology. Shared risk requires shared defense. About the speaker: Wendy Nather leads the Advisory CISO team at Cisco. She was previously the Research Director at the Retail ISAC, and Research Director of the Information Security Practice at 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She was inducted into the Infosecurity Europe Hall of Fame in 2021. Wendy serves on the advisory board for Sightline Security. She is a Senior Fellow at the Atlantic Council's Cyber Statecraft Initiative, as well as a Senior Cybersecurity Fellow at the Robert Strauss Center for International Security and Law at the University of Texas at Austin.

Defense & Aerospace Report
Cyber Report [Mar 22, 23] Justin Sherman on What to Expect from TikTok Hearings

Defense & Aerospace Report

Play Episode Listen Later Mar 22, 2023 30:37


On this week's Cyber Report, sponsored by Fortress Information Security, Justin Sherman, the founder of the Global Cyber Strategies consultancy who is also a senior fellow at the Atlantic Council's Cyber Statecraft Initiative and a Wired Magazine contributor, discusses what to expect from the House Energy and Commerce Committee hearing tomorrow on TikTok, the revelation of TikTok owner ByteDance's ownership structure, whether to ban foreign social media platforms and if not how best to regulate them, the new Hill & Valley Forum coalition of lawmakers and Silicon Valley firms, Sino-Russian cyber cooperation as Beijing and Moscow warm ties, and what to expect from Chinese and Russian cyber activities as Beijing ratchets up tensions over Taiwan and Moscow seeks to bolster domestic production by stealing foreign intellectual property to compensate for Western sanctions in the wake of Russia's invasion of Ukraine with Defense & Aerospace Report Editor Vago Muradian.

Simply Cyber
Adversary Emulation All The Things!

Simply Cyber

Play Episode Listen Later Feb 24, 2023 68:49


Cyber attacks are an everyday occurrence and emulation is a great way to test the efficacy of your controls but are you doing it right? Do you know where the gaps are?Join us as Bryson Bort visits to share his informed thoughts on adversary emulation, and so much more from his vast #cybersecurity career on Simply Cyber Live.Its Going to Be Epic!Bryson Bort is a significant #cybersecurity community member and CEO of Scythe, a nex-gen cyber attack emulation platform.

The Lawfare Podcast
Gavin Wilde and Justin Sherman on Russia's Information War and Regime Security

The Lawfare Podcast

Play Episode Listen Later Jan 27, 2023 47:54


Russia's use of information warfare during the 2016 U.S. presidential election period focused attention on Russia's weaponization of information in its effort to influence a U.S. election outcome and sow discord across the American public. But to the extent that we only view Russian information warfare as an aggressive or expansionist expression of Moscow's foreign policy, we may misunderstand some key tenants of Russian information warfare doctrine. To gain a better understanding of the history and dynamics of Russian information warfare, Lawfare senior editor Stephanie Pell sat down with Gavin Wilde, senior fellow in the Technology and International Affairs Program at the Carnegie Endowment for International Peace, and Justin Sherman, nonresident fellow at the Atlantic Council's Cyber Statecraft Initiative. They discussed their new paper, "No Water's Edge: Russia's Information War and Regime Security,” and they talked about Russian information doctrine under Vladimir Putin, the differences between how the concept of information security is understood in Russia versus the West, and some key takeaways of their research for analysts and policymakers.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Defense & Aerospace Report
Cyber Report [Nov 30, 22] Andrea Schauman & Justin Sherman

Defense & Aerospace Report

Play Episode Listen Later Nov 30, 2022 29:46


On this week's Cyber Report, sponsored by Fortress Information Security,  Andrea Schaumann, Fortress' director of federal programs and partnerships, on cyber takeaways from the Interservice/Industry Training, Simulation and Education Conference and the need to better educate the non-cyber community about the need for software and hardware bills of origin and materials as well as lessons from commercial industry, and Justin Sherman, the founder of Global Cyber Strategies who is also with the Atlantic Council's Cyber Statecraft Initiative, discusses his recent issue brief — “GRU 26165: The Russian cyber unit that hacks targets on-site” — why the Russian military intelligence agency's secret cyber arm hits the road globally, how to counter their operations, lessons from the recent ransomware attack on Suffolk County, NY, and the FCC's latest ban on Chinese hardware with Defense & Aerospace Report Editor Vago Muradian.

Defense & Aerospace Report
Cyber Report [Oct 27, 22] Nick Nilan & Bulelani Jili

Defense & Aerospace Report

Play Episode Listen Later Oct 26, 2022 28:13


On this week's Cyber Report, sponsored by Fortress Information Security, Nick Nilan's, Fortress' new chief revenue officer, discusses the implications of the Biden administration's drive to shift from attestation to certifiable software bills of origin and materials to improve supply chain security, what it will take to improve security across government and industry, and how cyber threats continue to evolve; and Bulelani Jili, a Yenching scholar, cybersecurity fellow and PhD candidate at Harvard University who is also affiliated with the Atlantic Council's Cyber Statecraft Initiative, discusses his issue paper — “China's Surveillance Ecosystem and the Global Spread of its Tools” — China's increasingly capable domestic cyber and surveillance industry, why governments turn to Beijing and how China benefits from exporting surveillance tools, how to the international community can stymie Chinese as well as Israeli and Russian surveillance exports, and whether the Biden administration's export ban on chip making technology can stymie Beijing's cyber surveillance ecosystem with Defense & Aerospace Report Editor Vago Muradian.

Defense & Aerospace Report
Cyber Report [Sep 28, 22] Justin Sherman on How to Better Secure the IoT Ecosystem

Defense & Aerospace Report

Play Episode Listen Later Sep 28, 2022 27:53


On this week's Cyber Report, sponsored by Fortress Information Security, Justin Sherman of the Atlantic Council's Cyber Statecraft Initiative who also is a Wired Magazine contributor, discusses the new report by the think tank that he co-authored — “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem” — to craft a systemic global approach to improve the cyber security as internet-connected and enabled devices proliferate with Defense & Aerospace Report Editor Vago Muradian. Other co-authors include Patrick Mitchell and Liv Rowley, with Nima Agah, Gabrielle Young, and Tianjiu Zuo.

The Lawfare Podcast
Justin Sherman on the Twitter Whistleblower Complaint

The Lawfare Podcast

Play Episode Listen Later Sep 8, 2022 32:35


On August 23, the Washington Post published a story about a whistleblower complaint filed by Peiter Zatko, the former security lead and member of Twitter's executive team responsible for information security, privacy, physical security, and information technology. In the whistleblower complaint, Zatko describes extreme problems and deficiencies with the security, privacy, and integrity of Twitter's platform. The complaint also alleges that since 2011, Twitter's senior executives have engaged in making false and misleading statements to users and the Federal Trade Commission about Twitter's privacy, security, and integrity.Lawfare senior editor Stephanie Pell sat down with Justin Sherman, a fellow at the Atlantic Council's Cyber Statecraft Initiative, to discuss some of the most interesting aspects of the complaint. They talked about some of the background leading up to the filing of the complaint, some of its most significant alleged privacy and security violations, and what to look for in the upcoming congressional hearing on the complaint.Support this show http://supporter.acast.com/lawfare. Our GDPR privacy policy was updated on August 8, 2022. Visit acast.com/privacy for more information.

IoT: The Internet of Threats
The Truth About Ransomware (And How To Stop It), with Megan Stifel of IST

IoT: The Internet of Threats

Play Episode Listen Later Aug 30, 2022 19:36


On this episode of the IoT: The Internet of Threats podcast, Megan Stifel, Chief Strategy Officer at the Institute for Security and Technology (IST) and co-chair of the Ransomware Task Force (RTF) Working Group, joins podcast host Eric Greenwald to discuss the current and future state of ransomware. The RTF recently released a new report, The Blueprint for Ransomware Defense, which the RTF calls a "clear, actionable framework for ransomware mitigation, response, and recovery." Megan and Eric walk through some of the report's key elements and discuss what small- and medium-sized businesses can do to fight ransomware and whether tactics like regulation and insurance actually help or hurt the fight against ransomware​​.   Interview with Megan Stifel:    Megan Stifel is the Chief Strategy Officer at the Institute for Security and Technology (IST), a San Francisco-based think tank that designs and advances solutions to the world's toughest emerging security threats. Megan also serves as a co-chair of the Ransomware Task Force (RTF) Working Group. Launched in April 2021, the RTF brings together key industry, government, and civil-society stakeholders to combat the ransomware threat with a cross-sector approach.    Megan is also the founder and CEO of Silicon Harbor Consultants, LLC, and a Visiting Fellow at the National Security Institute at the Antonin Scalia Law School at George Mason University. Prior to these roles, Megan served as a non-resident senior fellow at the Cyber Statecraft Initiative, Global Policy Officer at the Global Cyber Alliance, and Director for International Cyber Policy at the National Security Council. Megan holds a J.D., Law from Indiana University's Maurer School of Law.    In this interview, Eric and Megan discuss: How small- and medium-sized enterprises can defend against ransomware, even with limited cybersecurity expertise  The current state of ransomware: where it is and where it's going  Whether regulation works in driving companies to improve cybersecurity, or if it just creates compliance theater If ransomware insurance makes things better or actually causes the frequency and severity of ransomware to grow    Find Megan on LinkedIn: Megan Stifel: https://www.linkedin.com/in/megan-s-1204bb4/   Learn more about the Institute for Security and Technology (IST): https://www.linkedin.com/company/institute-security-technology/   Learn more about the Ransomware Task Force (RTF): https://securityandtechnology.org/ransomwaretaskforce/   Access RTF's Blueprint for Ransomware Defense: https://securityandtechnology.org/ransomwaretaskforce/blueprint-for-ransomware-defense/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust product security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/.

@BEERISAC: CPS/ICS Security Podcast Playlist
Ep. 137: Understanding Operational Technology (w/ Danielle Jablanski, Nozomi Networks)

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Aug 5, 2022 17:40


Podcast: Cyber Security Matters, hosted by Dominic Vogel and Christian RedshawEpisode: Ep. 137: Understanding Operational Technology (w/ Danielle Jablanski, Nozomi Networks)Pub date: 2022-07-26On today's Cyber Security Matters episode, Dominic Vogel is joined by Danielle Jablanski, Operational Technology Strategist at Nozomi Networks. Danielle Jablanski is an OT cyber security strategist at Nozomi Networks, responsible for researching global cybersecurity topics and promoting operational technology (OT) and industrial control systems (ICS) cybersecurity awareness throughout the industry. She is also a nonresident fellow at the Cyber Statecraft Initiative of the Atlantic Council's Scowcroft Center for Strategy and Security.  Nozomi Networks accelerate digital transformation by protecting the world's critical infrastructure, industrial and government organizations from cyber threats. Their solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on them to minimize risk and complexity,  while maximizing operational resilience. During our conversation, we will discuss: -What Operational Technology and Industrial Control Systems are -The importance of investing in Operational Technology Security  -How vulnerable Operational Technologies are -What protecting your Operational Technology looks like Want to connect with Danielle? Here are a couple of ways that you can do exactly that: -LinkedIn: @DanielleJablanski  -Website: www.nozominetworks.comThe podcast and artwork embedded on this page are from Cyber.SC, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Cyber Security Matters, hosted by Dominic Vogel and Christian Redshaw
Ep. 137: Understanding Operational Technology (w/ Danielle Jablanski, Nozomi Networks)

Cyber Security Matters, hosted by Dominic Vogel and Christian Redshaw

Play Episode Listen Later Jul 26, 2022 17:40


On today's Cyber Security Matters episode, Dominic Vogel is joined by Danielle Jablanski, Operational Technology Strategist at Nozomi Networks. Danielle Jablanski is an OT cyber security strategist at Nozomi Networks, responsible for researching global cybersecurity topics and promoting operational technology (OT) and industrial control systems (ICS) cybersecurity awareness throughout the industry. She is also a nonresident fellow at the Cyber Statecraft Initiative of the Atlantic Council's Scowcroft Center for Strategy and Security.  Nozomi Networks accelerate digital transformation by protecting the world's critical infrastructure, industrial and government organizations from cyber threats. Their solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on them to minimize risk and complexity,  while maximizing operational resilience. During our conversation, we will discuss: -What Operational Technology and Industrial Control Systems are -The importance of investing in Operational Technology Security  -How vulnerable Operational Technologies are -What protecting your Operational Technology looks like Want to connect with Danielle? Here are a couple of ways that you can do exactly that: -LinkedIn: @DanielleJablanski  -Website: www.nozominetworks.com

Defense & Aerospace Report
Cyber Report [Jun 23, 22] Public-Private Partnerships & EU-US Cooperation and Disinformation

Defense & Aerospace Report

Play Episode Listen Later Jun 23, 2022 31:46


On this week's Cyber Report, sponsored by Fortress Information Security, Andrea Schaumann, the director of federal programs and partnerships at Fortress, discusses public-private cyber security partnership language in the proposed National Defense Authorization Act, what successful government-industry cooperation looks like, challenges, and improving defenses in the face of sustained cyber operations by Russia and other nations; and Emma Schroeder, the assistant director of the Atlantic Council's Cyber Statecraft Initiative, on improving EU-US cyber cooperation, Microsoft's new report that 30 percent of Moscow's recent cyber operations targeting America and Europe have been successful, and efforts by Brussels and Washington to curb online dis- and misinformation with Defense & Aerospace Report Editor Vago Muradian.

@BEERISAC: CPS/ICS Security Podcast Playlist
40: ICS Village and Why You Should Attend DefCon with Bryson Bort and Tom VanNorman

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 3, 2022 24:11


Podcast: Control System Cyber Security Association International: (CS)²AIEpisode: 40: ICS Village and Why You Should Attend DefCon with Bryson Bort and Tom VanNormanPub date: 2022-05-31Today, we got a special episode to highlight a really neat initiative that's been in the works for awhile. My guests are Bryson Bort and Tom VanNorman.Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow with the Atlantic Council's Cyber Statecraft Initiative, the National Security Institute, and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider.Tom leads the CyPhy Product group at GRIMM, where his primary focus is securing Industrial Control Systems and the networking of such systems. Tom brings an unparalleled level of operational knowledge and experience, as he has been working in the Operational Technology (OT) field for almost three decades. He also has considerable knowledge in constructing Cyber Physical testing environments for OT systems.Tom co-founded the ICS Village, a non-profit organization focused on Control System security and awareness. He is also retired from the Air National Guard, where he worked in Cyber Warfare Operations.ICS Village is holding Def Con 29, a 100% virtual event that takes place Aug 6th-8th. There are sessions and workshops covering all aspects of ICS. Show Highlights:How ICS Village was startedThe original 2 events - RSA and DefConGRIMM and their involvement in ICS VillageWhy no one was thinking about Industrial control systems before ICS VillageThe artwork that started it allAll of the events that ICS Village has throughout the yearHow the pandemic changed DefCon and the other ICS Village eventsThe birth of Hack the Plant PodcastCapture the Flag and what we can learn from itHighlights of DefCon Table Talks and other sessionsLinks:CS2AI.orgICS VillageDefCon Event happening Aug 6-8The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Control System Cyber Security Association International: (CS)²AI
40: ICS Village and Why You Should Attend DEF CON with Bryson Bort and Tom VanNorman

Control System Cyber Security Association International: (CS)²AI

Play Episode Listen Later May 31, 2022 25:16


Today, we've got a special episode to highlight a really neat initiative that's been in the works for awhile. My guests are Bryson Bort and Tom VanNorman. Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow with the Atlantic Council's Cyber Statecraft Initiative, the National Security Institute, and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider. Tom leads the CyPhy Product group at GRIMM, where his primary focus is securing Industrial Control Systems and the networking of such systems. Tom brings an unparalleled level of operational knowledge and experience, as he has been working in the Operational Technology (OT) field for almost three decades. He also has considerable knowledge in constructing Cyber Physical testing environments for OT systems. Tom co-founded the ICS Village, a non-profit organization focused on Control System security and awareness. He is also retired from the Air National Guard, where he worked in Cyber Warfare Operations. ICS Village is holding Def Con 29, a 100% virtual event that takes place Aug 6th-8th. There are sessions and workshops covering all aspects of ICS.  Show Highlights: How ICS Village was started The original 2 events - RSA and DefCon GRIMM and their involvement in ICS Village Why no one was thinking about Industrial control systems before ICS Village The artwork that started it all All of the events that ICS Village has throughout the year How the pandemic changed DefCon and the other ICS Village events The birth of Hack the Plant Podcast Capture the Flag and what we can learn from it Highlights of Def Con Table Talks and other sessions Links: https://cs2ai.org/ (CS2AI.org) https://www.icsvillage.com/ (ICS Village) https://www.icsvillage.com/schedule-def-con-29 (DefCon Event happening Aug 6-8) Mentioned in this episode: Our Sponsors: We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG Cyber Join CS2AI Join the largest organization for cybersecurity professionals. Membership has its benefits! We keep you up to date on the latest cybersecurity news and education. https://cs2ai.captivate.fm/cs2ai (Preroll Membership)

Defense & Aerospace Report
Cyber Report [Apr 20, 22] Justin Sherman & Fortress Information Security's Peter Kassabov

Defense & Aerospace Report

Play Episode Listen Later Apr 20, 2022 30:30


On this week's Cyber Report, sponsored by Fortress Information Security, Justin Sherman, a Wired Magazine contributor and visiting fellow at the Atlantic Council's Cyber Statecraft Initiative, discusses the latest attack on Ukraine's infrastructure by the “Sandworm” cyber unit of Russia's military intelligence agency, the GRU — officially known as Unit 74455 — how defenders are improving their game, the value and perils of disclosing classified information, takeaways from the FBI's successful operations to clean Russian malware from global networks, factors shaping Moscow's approach to global cyber operations, and the German-US designation of Kaspersky as a national cyber threat; and Fortress Co-Founder and Executive Chairman Peter Kassabov discusses growth plans for his company in the wake of Goldman Sachs' recent $125 million investment in the threat intelligence firm with Defense & Aerospace Report Editor Vago Muradian.

WE'RE IN!
Hacking for Ukraine, Supply Chain Risk and Cyber Moonshots

WE'RE IN!

Play Episode Listen Later Apr 1, 2022 48:59


There's a flood of cybersecurity news as a result of the Ukraine War as well as Washington's recent efforts to compel organizations to report cyberattacks to federal officials. In this episode, Trey Herr and Emma Schroeder of the Atlantic Council's Cyber Statecraft Initiative break it all down. They explore the consequences of an escalating digital battlefield in Europe, whether a hack could bring NATO into the war and strategies for creating more consensus within the tangled and complicated realm of cyber policy.  Why you should listen:* Understand what's at stake as cyber warriors do battle on both sides of the the Ukraine War. * Lean about some potential consequences of a destructive hack in Europe and whether that could even draw NATO into the war.* Hear what Washington is doing to obtain better insights and actionable intelligence that could improve cybersecurity defenses.   Key quotes:* "Cybersecurity generally is not a good state of affairs. So I think we are going to see some regulatory changes that make it much harder for certain classes of companies to operate because they've grown up around this inefficient system."* "The physical military invasion [into Ukraine] has not necessitated sophisticated cyber support from the Russians. What's been more important in the information space is misinformation [and] disinformation."*  "You've got a lot of [outside hackers] tripping over systems to try to find some kind of way in to do something. And the challenge is that's not really strategic. You don't have any of these groups plugged into the target selection and intelligence collection processes that Western agencies have."Links:* https://www.atlanticcouncil.org/* https://www.atlanticcouncil.org/programs/scowcroft-center-for-strategy-and-security/cyber-statecraft-initiative/* https://www.atlanticcouncil.org/thecybermoonshot/* https://www.synack.com/

Hacker Valley Blue
Beyond Intelligence with Katie Nickels

Hacker Valley Blue

Play Episode Listen Later Mar 25, 2022 56:10


How do you use threat intelligence to inform your decision making? In this episode, Davin and guest Katie Nickles take a deep dive into cyber threat intelligence. Katie explores the role threat intelligence plays in determining an organization's security posture, how threat intel helps blue teams stay ahead of and anticipate emerging threats, and what the day-to-day of a Director of Intelligence looks like. Katie shares her passion for teaching and nurturing the next generation of cybersecurity professionals and getting more girls/women interested in tech. Lastly, Kaite shares why she feels asset inventory is an inexpensive solution and great starting point for companies looking to kick off a security program. Guest Bio: Katie Nickels is the Director of Intelligence for Red Canary as well as a SANS Instructor for FOR578: Cyber Threat Intelligence and a non-resident Senior Fellow for the Atlantic Council's Cyber Statecraft Initiative. She has worked in cyber threat intelligence and network defense for over a decade for the U.S. DoD, MITRE, Raytheon, and ManTech. Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Katie on Twitter and LinkedIn Connect with Davin on LinkedIn and Twitter Watch the live recording of this show on YouTube Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Blue

The Sunday Show
Internet Freedom After the Invasion of Ukraine

The Sunday Show

Play Episode Listen Later Mar 20, 2022 41:27


Since the Russian invasion of Ukraine on February 24, governments and tech companies have taken swift action to limit the flow of propaganda out of Russia, and Russia has in turn taken draconian measures to limit the flow of information into Russia, including banning some Western social media platforms, crushing what remained of independent journalism in the country and cracking down on free expression generally. How do these events fit in the broader scheme of things? The trajectory for global internet freedom and digital rights, just like the trajectory for democracy generally, has been going in the wrong direction for years. What do governments, organizations and the community of individuals concerned with these issues need to do to try to change that trajectory, and to support those working turn the tide? To answer these questions and more, I invited three experts to join me for this week's podcast Rebecca MacKinnon, Vice President for Global Advocacy at the Wikimedia Foundation Allie Funk, Senior Research Analyst for Technology and Democracy at Freedom House Justin Sherman, a Fellow at the Cyber Statecraft Initiative at The Atlantic Council

A Little More Conversation with Ben O’Hara-Byrne
The state of the cyber war between Russia and the West

A Little More Conversation with Ben O’Hara-Byrne

Play Episode Listen Later Mar 8, 2022 17:43


Guest: Justin Sherman, fellow at the Atlantic Council's Cyber Statecraft Initiative  

Defense & Aerospace Report
Cyber Report [Feb 09, 22]: Justin Sherman on Russian Cyber Tactics & Log4J Remediation Progress

Defense & Aerospace Report

Play Episode Listen Later Feb 9, 2022 24:50


On this week's Cyber Report, sponsored by Northrop Grumman, Justin Sherman of the Atlantic Council's Cyber Statecraft Initiative and Wired magazine, discusses the the cyber aspects of Russia's ongoing buildup of air, land and naval forces around Ukraine, how the conflict could escalate in cyberspace, US role in helping Kiev improve its defenses, defending America from offensive Russian cyber moves, Moscow's ability to disrupt global internet traffic by severing key undersea cables, and an update on efforts to counter the Log4j vulnerability with Defense & Aerospace Report Editor Vago Muradian.

The Looking Glass
Choose Your Weapon: A Survey of Cybersecurity

The Looking Glass

Play Episode Listen Later Jan 10, 2022 28:15


Join hosts Jen Roberts and Derek Chuah as The Looking Glass enters its fourth season! This episode features a roundtable of cybersecurity professionals who discuss a variety of topics, ranging from how malware is implemented in cyberattacks to a review of the Biden Administration's  cybersecurity policies. Join us as we discuss choosing our weapon with Will Loomis, an Assistant Director at the Atlantic Council's Cyber Statecraft Initiative,  Ross Luo, a Software Engineer at Nvidia and a Cyber Officer in the Air Force Reserves, Justin Marinelli, an Analyst at the Department of Defense, and Alexandra Seymour, the Chief of Staff at CalypsoAI. This episode was produced by Jen Roberts and Derek Chuah. 

Government Matters
Undersea cable cybersecurity, TSP risk management, Vaccine mandate updates – December 2, 2021

Government Matters

Play Episode Listen Later Dec 3, 2021 22:39


Cyber risks for submarine cables Justin Sherman, nonresident fellow for the Cyber Statecraft Initiative at the Atlantic Council, discusses the need to ensure the security of a wide network of undersea communication cables powering most global internet traffic The latest on Enterprise Risk Management at TSP Kim Weaver, director of external affairs at the Federal Retirement Thrift Investment Board, talks about the board's process for evaluating and addressing risk and the latest risk scores for different categories Vaccine mandate non-compliance disciplinary action to start next year Lisa Rein, federal government reporter for the Washington Post, provides an update on the employee vaccine mandate and timeline for disciplinary action from agencies

Defense & Aerospace Report
Northrop Grumman Cyber Report: [Sep 08, 21] Lessons from Aircraft Hijacking to Counter Ransomeware

Defense & Aerospace Report

Play Episode Listen Later Sep 8, 2021 22:16


On this week's Cyber Report, sponsored by Northrop Grumman, Emma Schroeder, an assistant director at the Atlantic Council's Cyber Statecraft Initiative, and Simon Handler, a senior fellow with the initiative, discuss the new paper they co-authored — with initiative director Dr. Trey Herr and intern Frances Schroeder — “Countering Ransomware: Lessons from Aircraft Hijacking,” with Defense & Aerospace Report Editor Vago Muradian.

Net Assessment
Learning from SolarWinds

Net Assessment

Play Episode Listen Later Jun 24, 2021 57:11


Chris, Melanie, and Zack dig into Marcus Willett's “Lessons of the SolarWinds Hack” in the latest issue of Survival. They explore the distinction between cyber espionage and cyber defense (Was it an attack? Or a hack? Does it matter?), consider the implications of the offense-defense balance (Is 100 percent defense feasible?), and review possible global norms that can be put in place to limit the harm caused by malicious cyber actors. Melanie and Chris both have grievances toward members of Congress who are reluctant to revisit old Authorizations for Use of Military Force , and Zack gripes about Pakistani Prime Minister Imran Khan's absurd op-ed in the Washington Post. And this week's attafolks were all in the family: Zack welcomed a new niece named Marlowe; Melanie cheered her amazing older brother, David, a renowned physician and educator at the Mayo Clinic; and Chris gives a shout out to his daughter Katelyn —- and all members of the Class of 2021.     Marcus Willette, “Lessons of the SolarWinds Hack,” IISS, March 31, 2021   Trey Herr, et al “Broken Trust: Lessons from Sunburst,” Cyber Statecraft Initiative, Atlantic Council Stephen Miles, Twitter, June 21, 2021 Dmitri Alperovitchand Ian Ward, "How Should the U.S. Respond to the SolarWinds and Microsoft Exchange Hacks?," Lawfare, March 12, 2021 "Critical Infrastructure Sectors," S. Department of Homeland Security Imran Khan, "Pakistan is Ready to be a Partner for Peace in Afghanistan, but We Will Not Host US Bases," Washington Post, June 21, 2021

CISO Stressed
CISO Stressed Episode 5: Nick Andersen CISO for Public Sector at Lumen Technologies and Nonresident Senior Fellow with the Cyber Statecraft Initiative at the Atlantic Council.

CISO Stressed

Play Episode Listen Later Jun 8, 2021 23:48


On this episode of CISO STRESSED, Elizabeth Wharton SCYTHE Chief of Staff is joined by Nick Andersen, CISO for Public Sector at Lumen Technologies and Nonresident Senior Fellow with the Cyber Statecraft Initiative at the Atlantic Council. Wharton and Andersen discuss the unpacking of Biden's latest Executive Order with the Atlantic Council, and the importance of collaboration and sharing within the CISO role. Show Notes: Andersen shares his experience unpacking the most recent thirty-page executive order from the Biden Administration. Andersen unpacked the executive order with the Atlantic Council people encapsulating the S Bomb initiatives that NTIA has been working on for a couple of years, to EDR Requirements, instant response playbooks, and cloud requirements there is a lot to unpack. (4:28 – 7:17) Andersen shares that any time he has reached out to anyone as a CISO with questions or interest in something he read, he has never been turned away for help and he enjoys the collaborative nature of the community. (5:31 – 6:58) Talking about the community of collaboration on the private sector side continuing as well as it did on the government side) (12:52 – 14:17) Lumen sees a tremendous amount of traffic: ingesting about 190 billion net flow sessions and 771 million DNS queries per day. This creates a great opportunity for Lumen to pair up with other organizations and discuss what we are seeing, what is normal/abnormal, what we see in an adjacent sector, and within our customer segments. There are many opportunities for collaboration and taking advantage of the insights from a company like Lumen that sees so much traffic. Collaboration helps each party deepen their understanding of what is happening within a threat environment. From the CISO perspective A huge difficulty is it to remind people of all the competing and compliance issues. There is a tremendous amount of intertwined nature between federal and state entities and opportunity there as well. States stand up and say they are going to model some of our compliance and procedures and policies based off the way the federal government has taken their approach. It is difficult to ask these tiny little county and city governments to meet these requirements when, in some cases, they are made up of just two people responsible for all that. It's important for them to be able to leverage the knowledge base at the federal level, and then piggyback. Subscribe to SCYTHE's YouTube Channel and watch the latest CISO Stressed episode as well as Threat Thursday and other video releases. Questions or conversation ideas? Drop us an e-mail at info@scythe.io with “CISO Stressed” in the subject line.

Ping - A Firewalls.com Podcast
Cyber Crime as Terrorism, Plus Ransomware Updates

Ping - A Firewalls.com Podcast

Play Episode Listen Later May 26, 2021 50:23


We're fortunate to have two excellent interviews to share on this episode of Ping. First, we discuss the op-ed Cyber Security as Counter-Terrorism: Seeking a Better Debate (https://warontherocks.com/2021/05/cyber-security-as-counter-terrorism-seeking-a-better-debate/) with co-authors Emma Schroeder and Trey Herr with the Atlantic Council's Cyber Statecraft Initiative. They suggest the way many view cyber crime as being single, major catastrophic events is wrong, when in reality cyber crime is similar to real-world terrorism, with an ongoing landscape of danger. Hear some tips they offer to better address vulnerabilities and reframe the conversation.Then, in lieu of our regular headlines segment, we welcome writer and former IT pro Lance Whitney to discuss the status of the DarkSide ransomware group following the Colonial Pipeline attack, plus a ransomware warning to healthcare organizations shared by the FBI. And finally, we touch on a consumer caution - the practice of vishing - or voice phishing - and how Amazon orders are being used for evil.See his stories at TechRepublic: https://www.techrepublic.com/meet-the-team/us/lance-whitney/And find the latest from us on our blog https://firewalls.com/blog. Please drop us a rating and review wherever you listen, and feel free to email us at podcast@firewalls.com with any questions/suggestions/concerns.Thanks very much for listening!

State Secrets
Broken Trust: Lessons From the Sunburst Cyber Espionage Campaign

State Secrets

Play Episode Listen Later May 24, 2021 25:52


We talk with the authors of a new report by the Atlantic Council's Cyber Statecraft Initiative that looks at one of the largest and most significant cyber espionage campaigns in US' history.  

Cyber Work
Lessons cybersecurity can learn from physical security | Cyber Work Podcast

Cyber Work

Play Episode Listen Later May 3, 2021 40:02


This episode we welcome Jeff Schmidt of Covail to discuss security and risk management, working at the FBI to create the InfraGard program, and what cybersecurity can learn from physical security controls and fire safety and protection. 0:00 - Intro2:30 - Origin story4:31 - Stepping stones throughout career8:00 - Average work day 12:14 - Learning from physical security17:18 - Deficiencies in detection 22:17 - Which security practices need to change?24:15 - How massive would this change be?27:37 - Skills needed for real-time detection32:00 - Strategies to get into cybersecurity34:30 - Final words on the industry37:16 - What is Covail? 38:40 - OutroLearn cybersecurity for free with our new hands-on Cyber Work Applied series. Whether you want to learn how cross-site scripting attacks work, set up a man-in-the-middle attack or walk through major breaches like Equifax, Infosec instructors will teach you these skills and show you how they apply to real-world scenarios.  Best of all — it's free!– Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastJeff Schmidt, VP and Chief Cyber Security Innovator at Covail is an accomplished cybersecurity expert with a background in security and risk management. He founded JAS Global Advisors LLC, a security consulting firm in Chicago, and Authis, a provider of innovative risk-managed identity services for the financial sector. Jeff is a board member for Delta Risk LLC. In 1998, he worked with the FBI to create the InfraGard program, receiving commendations from the Attorney General and the Director of the FBI. He is an adjunct professor of systems security engineering at the Stevens Institute of Technology and a Zurich Cyber Risk Fellow, Cyber Statecraft Initiative, at The Atlantic Council. Jeff received a Bachelor of Science in computer information systems and an MBA from the Fisher College of Business at The Ohio State University.Jeff came to us with an intriguing topic. He proposes what he calls a Detect, Defend, and Respond Posture in Cybersecurity, and postulates that cybersecurity can learn lessons from “the mature sciences of physical security and fire protection.” No matter how you're securing your system now, there's often room for improvement, and always room for taking in new ideas, so let's take a closer look!About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Defense & Aerospace Report
Northrop Grumman Cyber Report: Hacking and Network Censorship

Defense & Aerospace Report

Play Episode Listen Later Mar 11, 2021 27:07


On this week’s Cyber Report, sponsored by Northrop Grumman, in segment one Justin Sherman of the Atlantic Council’s Cyber Statecraft Initiative and Cmdr. Chris Hoffman, USN (Ret), the former deputy director at the Naval Academy's Center for Cyber Security Studies, now with the cyber firm Red Jack, discuss recent cyber attacks and Russian attempts to stifle and manipulate western social media platforms. In segment two Ron Gula of GulaTech Enterprises and the GulaTech Foundation. Predicting cyber attacks before they happen is impossible. Until it’s not. Visit www.northropgrumman.com/cyber to learn more.

Acquisition Talk
Mission Resilience with Trey Herr and Simon Handler

Acquisition Talk

Play Episode Listen Later Mar 7, 2021 34:53


Trey Herr and Simon Handler from the Atlantic Council's Cyber Statecraft Initiative joined me on the Acquisition Talk podcast to discuss how the Department of Defense can improve the mission resilience of its systems. The three pillars of resilience are robustness, responsiveness, and adaptability. In that description, resilience is more than about responding to adversity, but capitalizing on opportunity. Oversight agencies should take note that that adherence to plan is nowhere in that definition. During the episode, we discuss: - How mission resilience metrics differ from CMMC - The costs of excessive classification to security - How Netflix uses the chaos monkey to find failure modes - Comparing CIA's Corona satellite development to that of F-35 ALIS - How the BattleLab idea can increase recombinatorial innovation During the episode, we dive into a recent paper Trey and Simon wrote in conjunction with folks from MIT Lincoln Labs and Boston Cybernetics called "How do you fix a flying computer? Seeking resilience in software-intensive mission systems." https://www.atlanticcouncil.org/in-depth-research-reports/report/how-do-you-fix-a-flying-computer-seeking-resilience-in-software-intensive-mission-systems/ They recommend a new Center of Excellence for Mission Resilience in the DoD. The purpose would not be to duplicate cybersecurity initiatives, but rather to create metrics which can be put on contract to better verify that firms are using modern development processes like DevSecOps. In order to have adequate status, such a Center of Excellence require a Senate-confirmed position, a dedicated budget account, and quick access to the DepSecDef. But ultimately, it shouldn't be a Top Secret project creating DoD-unique rules and processes. Instead, the Center should adopt the thought leadership from the commercial and academic sectors as to what makes organizations resilient. This podcast was produced by Eric Lofgren. Soundtrack by urmymuse: "reflections of u". You can follow us on Twitter @AcqTalk and find more information at https://AcquisitionTalk.com.

Defense & Aerospace Report
Northrop Grumman Cyber Report: Internet Diplomacy & Supply Chain Vulnerabilities

Defense & Aerospace Report

Play Episode Listen Later Feb 17, 2021 28:53


On this week’s Cyber Report, sponsored by Northrop Grumman, in segment one Justin Sherman with the Atlantic Council’s Cyber Statecraft Initiative and Wired Magazine contributor, discusses the recent article he co-authored with Trey Herr, "Finding a Foreign Policy for the Internet." In segment two John Cofrancesco of Fortress Information Security  discusses cyber supply chain defense, vulnerabilities associated with an either or offense vs. defense approach to cyber security and where CMMC needs to mature under the Biden Administration.

Defense & Aerospace Report
Northrop Grumman Cyber Report: Digital Media as an Organizing and Accountability Tool

Defense & Aerospace Report

Play Episode Listen Later Jan 17, 2021 15:22


On this week’s Cyber Report, sponsored by Northrop Grumman, Justin Sherman with the Atlantic Council’s Cyber Statecraft Initiative and Wired Magazine contributor, discusses. the use of digital media platforms to organize recent insurrection activities at the U.S. Capitol as well as how the same sites were used in open source investigating to hold perpetrators accountable.

CyberCast
Season 3 Episode 7 - Supply Chain Security With Atlantic Council's Trey Herr

CyberCast

Play Episode Listen Later Nov 18, 2020 35:31


Cybersecurity expert Trey Herr, director of the Cyber Statecraft Initiative at the Atlantic Council, explains why IT and cloud supply chain security is a national security issue — and what federal agencies can do about it.

Defense & Aerospace Report
Northrop Grumman Cyber Report: Election Cyber Security

Defense & Aerospace Report

Play Episode Listen Later Nov 15, 2020 18:00


On this week’s Cyber Report, sponsored by Northrop Grumman, Justin Sherman with the Atlantic Council’s Cyber Statecraft Initiative and contributor Wired, and David Levine, the Elections Integrity Fellow of the Alliance for Securing Democracy at the German Marshall Fund of the United States discuss the cyber security and integrity of the recent presidential election. Predicting cyber attacks before they happen is impossible. Until it’s not. Visit https://www.northropgrumman.com/cyber to learn more.

Defense & Aerospace Report
Northrop Grumman Cyber Report: Round-Up of Top Stories…Election Security, Ransomware & More

Defense & Aerospace Report

Play Episode Listen Later Nov 1, 2020 14:00


On this week’s Cyber Report, sponsored by Northrop Grumman, Justin Sherman (@jshermcyber) a fellow at the Atlantic Council’s Cyber Statecraft Initiative contributor at WIRED and many other outlets discusses election security, dis/mis information attack vectors, recent hospital ransom ware attacks and other timely issues being tracked by the cyber community. Predicting cyber attacks before they happen is impossible. Until it’s not. Visit https://www.northropgrumman.com/cyber to learn more.

Lessons from the School of Cyber Hard Knocks
Atlantic Council, Cyber Statecraft Initiative: The Nexus of Technology and Geopolitics

Lessons from the School of Cyber Hard Knocks

Play Episode Listen Later Sep 15, 2020 43:36


Today's Guests: Atlantic Council's Trey Herr, William Loomis, Safa Shahwan Edwards, and Simon Handler, leaders of the Cyber Statecraft Initiative.   The Atlantic Council's Cyber Statecraft Initiative in the Scowcroft Center for Strategy and Security sits at the nexus of technology and geopolitics. In this episode, Trey Herr, Safa Shahwan Edwards, William Loomis, and Simon Handler explore the four pillars of The Cyber Statecraft Initiative and we learn its recent research on the software supply chain and programming plans going forward.

TBS eFM This Morning
0810 In Focus 2: Tik Tok security threats and US-China conflict

TBS eFM This Morning

Play Episode Listen Later Aug 10, 2020 20:54


Featured Interview:Tik Tok security threats and US-China conflict -틱톡 안전성과 미중 갈등 -Guests: Professor Matthew Warren, director of the RMIT University Centre for Cyber Security Research and Innovation Justin Sherman, Fellow at the Atlantic Council's Cyber Statecraft Initiative

Insights & Intelligence
019 Software is Infecting the World

Insights & Intelligence

Play Episode Listen Later Dec 9, 2018 37:54


Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research, analyst, & strategy roles. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon’s Heinz College and on the Congressional Task Force for Healthcare Industry Cybersecurity.    

Teleforum
Social Media Oversight: The Debate Over Regulation and Antitrust Enforcement on Tech Titans

Teleforum

Play Episode Listen Later Sep 19, 2018 55:11


Russian interference in the 2016 election, Facebook and Cambridge Analytica, and claims of political bias in banning users and restricting content have all led to calls for regulation and antitrust enforcement against the preeminent social media platforms. Tech titan executives are making regular trips to Capitol Hill to explain the actions of their companies. Are Facebook, Twitter, and Google in need of greater government oversight? If so, what type of regulation is warranted? Our panel of experts will answer these questions and offer their views on what we can expect next in the tug of war between the politicians and the internet giants.Featuring:Neil Chilson, Senior Research Fellow for Technology and Innovation, Charles Koch InstituteProf. Thomas W. Hazlett, H.H. Macaulay Endowed Professor of Economics, Clemson College of BusinessProf. Jamil N. Jaffer, Adjunct Professor, NSI Founder, and Director, National Security Law & Policy Program, Antonin Scalia Law School, George Mason UniversityPaul Rosenzweig, Principal, Red Branch Law & Consulting PLLCMegan Stifel, Nonresident Senior Fellow, Cyber Statecraft Initiative, Atlantic CouncilModerator: Matthew R. A. Heiman, Visiting Fellow, National Security Institute, Antonin Scalia Law School, George Mason UniversityTeleforum calls are open to all dues paying members of the Federalist Society. To become a member, sign up here. As a member, you should receive email announcements of upcoming Teleforum calls which contain the conference call phone number. If you are not receiving those email announcements, please contact us at 202-822-8138.

Teleforum
Social Media Oversight: The Debate Over Regulation and Antitrust Enforcement on Tech Titans

Teleforum

Play Episode Listen Later Sep 19, 2018 55:11


Russian interference in the 2016 election, Facebook and Cambridge Analytica, and claims of political bias in banning users and restricting content have all led to calls for regulation and antitrust enforcement against the preeminent social media platforms. Tech titan executives are making regular trips to Capitol Hill to explain the actions of their companies. Are Facebook, Twitter, and Google in need of greater government oversight? If so, what type of regulation is warranted? Our panel of experts will answer these questions and offer their views on what we can expect next in the tug of war between the politicians and the internet giants.Featuring:Neil Chilson, Senior Research Fellow for Technology and Innovation, Charles Koch InstituteProf. Thomas W. Hazlett, H.H. Macaulay Endowed Professor of Economics, Clemson College of BusinessProf. Jamil N. Jaffer, Adjunct Professor, NSI Founder, and Director, National Security Law & Policy Program, Antonin Scalia Law School, George Mason UniversityPaul Rosenzweig, Principal, Red Branch Law & Consulting PLLCMegan Stifel, Nonresident Senior Fellow, Cyber Statecraft Initiative, Atlantic CouncilModerator: Matthew R. A. Heiman, Visiting Fellow, National Security Institute, Antonin Scalia Law School, George Mason UniversityTeleforum calls are open to all dues paying members of the Federalist Society. To become a member, sign up here. As a member, you should receive email announcements of upcoming Teleforum calls which contain the conference call phone number. If you are not receiving those email announcements, please contact us at 202-822-8138.

RTP's Free Lunch Podcast
Deep Dive 32 – What to do about Facebook: On Data Privacy and the Future of Tech Regulation

RTP's Free Lunch Podcast

Play Episode Listen Later Jun 7, 2018 69:01


Facebook is not getting many "likes" these days following revelations that Cambridge Analytica accessed personal information about Facebook users without obtaining clear consent. The reaction from politicians, regulators, and the marketplace has been swift and significant. In this live podcast, experts from the Regulatory Transparency Project’s Cyber and Privacy working group will discuss what happened, the economic, legal, and political consequences, and what this could mean for companies that have built business models around the use of user data.Featuring:- Thomas Hazlett, H.H. Macaulay Endowed Professor of Economics, Clemson University- Jamil Jaffer, Adjunct Professor, NSI Founder, and Director, National Security Law & Policy Program, Antonin Scalia Law School- Megan Stifel, Nonresident Senior Fellow, Cyber Statecraft Initiative, Atlantic Council- [Moderator] Matthew Heiman, Visiting Fellow, National Security Institute, Antonin Scalia Law SchoolVisit our website – RegProject.org – to learn more, view all of our content, and connect with us on social media.

director tech economics deep dive privacy cyber corporations regulation adjunct professor data privacy cambridge analytica visiting fellow nonresident senior fellow national security institute cyber statecraft initiative regulatory transparency project administrative law & regulatio telecommunications & electroni securities & antitrust regulatory transparency projec security & privacy regproject
RTP's Free Lunch Podcast
Deep Dive 32 – What to do about Facebook: On Data Privacy and the Future of Tech Regulation

RTP's Free Lunch Podcast

Play Episode Listen Later Jun 7, 2018 69:01


Facebook is not getting many "likes" these days following revelations that Cambridge Analytica accessed personal information about Facebook users without obtaining clear consent. The reaction from politicians, regulators, and the marketplace has been swift and significant. In this live podcast, experts from the Regulatory Transparency Project’s Cyber and Privacy working group will discuss what happened, the economic, legal, and political consequences, and what this could mean for companies that have built business models around the use of user data.Featuring:- Thomas Hazlett, H.H. Macaulay Endowed Professor of Economics, Clemson University- Jamil Jaffer, Adjunct Professor, NSI Founder, and Director, National Security Law & Policy Program, Antonin Scalia Law School- Megan Stifel, Nonresident Senior Fellow, Cyber Statecraft Initiative, Atlantic Council- [Moderator] Matthew Heiman, Visiting Fellow, National Security Institute, Antonin Scalia Law SchoolVisit our website – RegProject.org – to learn more, view all of our content, and connect with us on social media.

director tech economics deep dive privacy cyber corporations regulation adjunct professor data privacy cambridge analytica visiting fellow nonresident senior fellow national security institute cyber statecraft initiative regulatory transparency project administrative law & regulatio telecommunications & electroni securities & antitrust regulatory transparency projec security & privacy regproject
CERIAS Security Seminar Podcast
Josh Corman, Symposium Closing Keynote - Bits & Bytes, Flesh & Blood, and Adapting for the Next 20 Years

CERIAS Security Seminar Podcast

Play Episode Listen Later Apr 4, 2018 62:20


Symposium Closing Keynote - Bits & Bytes, Flesh & Blood, and Adapting for the Next 20 Years About the speaker: Joshua Corman is a Founder of I am The Cavalry (dot org), and formerly served as Chief Strategist for CISA regarding COVID, healthcare, and public safety. He previously served as CSO for PTC, Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, and other senior roles. He co-founded RuggedSoftware and I am The Cavalry to encourage new security approaches in response to the world's increasing dependence on digital infrastructure. His unique approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. He also serves as an Adjunct Faculty for Carnegie Mellon's Heinz College, and was a member of the Congressional Task Force for Healthcare Industry Cybersecurity.

Hidden Forces
Combating Cyberterrorism and Cybercrime in the 21st Century | Josh Corman

Hidden Forces

Play Episode Listen Later Apr 17, 2017 106:09


In Episode 8 of Hidden Forces, host Demetri Kofinas speaks with cybersecurity expert and cyber safety advocate, Josh Corman. Josh is the founder of I am The Cavalry, an advocacy group actively engaged in addressing some of the most pressing issues of public safety and threats to human life on the Internet today. He is also the Director of the Cyber Statecraft Initiative at the Atlantic Council. Josh Corman is part of the 2016 Cybersecurity Task Force commissioned by the United States Congress to address the growing risk to our hospitals, medical infrastructure, and connected devices, from cyber-attacks. Gone are the quaint, innocent days of the early Internet, with its pesky Trojan’s, Macro Viruses, RATs, slammer worms, and blaster worms. Today’s cybersecurity landscape features a wide assortment of easily accessible and robust attack tools that exploit software bugs like Shellshock and Heartbleed. This is a cybersecurity landscape littered with DDoS and PDoS attacks like the Mirai Botnet and the recently released Brickerbot. The use of ransomware tools like CryptoLocker and SamSam have become billion-dollar criminal industries. Cybercrime is estimated to cost the global economy hundreds of billions to trillions of dollars a year. Yet, we accept the losses as the simple cost of doing business. But what about when the cost of these crimes escalates from dollars and cents to flesh and blood? What are the risks to our industrial control systems? What about our aviation and emergency response infrastructure? What are the vulnerabilities in our connected devices, cars, and hospitals? The threats posed by cyber criminals, terrorists, and hackers are no longer fringe concerns. They strike at the heart of our increasingly interconnected, exposed, and vulnerable society. In this episode, we explore what to do about them.  Producer & Host: Demetri Kofinas Editor & Engineer: Stylianos Nicolaou Join the conversation on Facebook, Instagram, and Twitter at @hiddenforcespod

The Cyberlaw Podcast
Interview with Joshua Corman and Justine Bone

The Cyberlaw Podcast

Play Episode Listen Later Apr 3, 2017 63:18


In our 157th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Stephen Heifetz, and Philip Khinda discuss: Two White House Officials Helped Give Nunes Intelligence Reports; Buzzfeed motion; how Cisco responded to the Wikileaks Vault7 leak; Donald Trump has a new iPhone — so it looks like he isn’t boycotting Apple anymore; James Comey’s Twitter Account. Our guest interview is with Joshua Corman, Director of the Cyber Statecraft Initiative for the Atlantic Council, also serving on the HHS CyberSecurity Task Force required by CISA, and founder of "I am The Cavalry" a volunteer group focused on public safety/human life in connected technologies and Justine Bone, CEO and Director of MedSec, a company that analyzes the quality and security of technology solutions in the medical device and healthcare industries. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Atlantic Council Events
Launch of the Tallinn Manual 2.0

Atlantic Council Events

Play Episode Listen Later Feb 23, 2017 117:24


The Atlantic Council’s Cyber Statecraft Initiative, the NATO Cooperative Cyber Defence Centre of Excellence, and the Embassy of the Kingdom of the Netherlands presented the second edition of the Tallinn Manual on the International Law Applicable to Cyber Operations on Wednesday, February 8 at the Atlantic Council.

O'Reilly Security Podcast - O'Reilly Media Podcast
Josh Corman on the challenges of securing safety-critical health care systems

O'Reilly Security Podcast - O'Reilly Media Podcast

Play Episode Listen Later Sep 28, 2016 49:04


The O’Reilly Security Podcast: Where bits and bytes meet flesh, misaligned incentives, and hacking the security industry itself.In this episode, I talk with Josh Corman, co-founder of I Am the Cavalry and director of the Cyber Statecraft Initiative for the non-profit organization Atlantic Council. We discuss his recent work advising the White House and Congress on the many issues lurking in safety-critical systems in the health care industry, the misaligned incentives across health care, regulatory bodies and the software industry, and the recent incident between MedSec and St. Jude regarding their medical devices.Here are some highlights: Where bits and bytes meet flesh I asked Josh to comment on his advisory role with the White House for the Presidential Commission on Enhancing Cybersecurity: Previous testimony from JPMorgan Chase said that they had over 2,000 full-time security people and they spend over $600 million a year securing things and they still get breached pretty routinely. About 100 of the Fortune 100 companies had had a material loss of intellectual property or trade secrets in the last couple years. If you take a step back strategically, one could argue that on a long enough time line our failure rate is 100%. If we can't secure big banks with $600 million and 2,000 people, how do you secure a hospital with zero security staff and almost no security budget? In many cases, we know what to secure, or even how to secure it, but we lack the incentives to do so—some of the commissioners are surprised by this, but it's encouraging. They're looking at really controversial ideas like software liability. One of the reasons we have such terrible software is there's really no penalty for building and shipping terrible software. It's controversial because if you introduce something like software liability in a casual or cavalier way, you could destroy the entire software industry. Down the rabbit hole of legacy health care systems When asked about his work on the HHS Cybersecurity Task Force for Congress, Josh laid bare the stark realities of health care security in a world of interconnected devices and legacy technology and systems: There's this thing called “meaningful use” in hospital environments. Reimbursement for medical investment was tied to meaningful use. [The health care industry] was encouraged to move rapidly from paper records to electronic records, and so they essentially took a whole bunch of medical devices that were never threat modeled, designed, architected, and implemented to be connected to anything and then forced them to be connected to everything. What that means is that even if a hospital has that 2,000 person security staff that is used to securing a bank or JPMorgan Chase, they can't achieve the same level of network security possible in a banking environment because of the unintended consequences of meaningful use. We're chasing rabbits down the rabbit hole and it goes a lot further than I think anybody has realized. There are some seemingly intractable problems in this long tail of Windows XP and legacy, outdated, unsupported operating systems being the overwhelming majority of the equipment in these hospitals, and they have scant security talent and budget and resources to even operate the old stuff. It's pretty ugly. Misaligned incentives In my testimony to the White House, I said that for some of these things, we know what the fix is. We actually know how to completely eliminate SQL injection. We know how, but we don't do it. I think in many cases we have technical solutions; we lack the incentives and the political will. And when you think about someone who has the means, motive, and opportunity to hurt the public through this irrational dependence on connected technology and safety critical spaces like hospitals, I don't think we have to make perfect things. I think what we have to do is drain the low hanging fruit and the hygiene issues, because if you can raise the bar high enough, we get rid of the high intent, low capability adversaries. You're never going to stop Russia or China from being good enough, but at least they're rational and we have norms and treaties and mutually assured destruction and economic sanctions and whatnot. I'm more concerned about the people that lay outside the control or the reach of deterrence. What we want to do is get to that 80/20 rule or the balance point where the really reasonable stuff, like no known vulnerabilities and make your goods patchable, at least equip us to shield ourselves against the whims and will of these more extreme adversaries. We don't have to boil the ocean, just raise the tide line enough. MedSec/St. Jude refocusing on the impact on patients Building on our conversation about health care security, I asked Josh about the recent debacle with MedSec, Muddy Waters, and St. Jude: Regardless of the veracity of the findings (because the veracity of the findings is in dispute), or whether you think it's moral to make money off of these things, or whether you think it's legal or should be legal to short safety-critical industries, if we can separate those three aspects we’ll see that there's been discussion about who's to blame here but stunningly little discussion about the effect on patients and on safety. I think it's hard to argue that the safest thing for the customers is to tell every adversary on the planet [about the vulnerability] before the patients or the doctors who care for those patients or the regulator who regulates the care for those patients has had a chance to get ground triage, form a plan, communicate the plan, and manage expectations so that a thoughtful, unemotional response can be done when the information comes to light. My belief is that the safest outcome will factor all relevant stakeholders, and I have seen almost no press that even factors for the impact on patients. Hacking the health care security industry We had a 20-year stalemate with the industries that we bring these disclosure issues to. Let's try not to be a pointing finger at past failures but a helping hand at future success. I have no interest in finding and fixing one device, one bug in one device for one manufacturer. We need to hack the industry and hack the incentives. We need to fix the whole problem. We're seeing the tide turn from a very real risk that white hats would be completely criminalized, to a massive embrace that it's not just a pointing finger at past failure and a researcher of the threat but rather that the researcher is a vitally necessary teammate. In fact the FDA, in their post-market guidance, is strongly advocating for high trust, high collaboration with white hats. In the context of all this sea change, from seeing us as enemies to vitally necessary teammates that help make their customers safer, our stories and advice scare the legal teams and the shareholders and might make researchers once again look like a threat. Related resources: Background on the MedSec/Muddy Waters/St Jude situation The Presidential Commission on Enhancing Cyber Security (NIST) The Health Care Industry Cybersecurity Task Force

O'Reilly Security Podcast - O'Reilly Media Podcast
Josh Corman on the challenges of securing safety-critical health care systems

O'Reilly Security Podcast - O'Reilly Media Podcast

Play Episode Listen Later Sep 28, 2016 49:04


The O’Reilly Security Podcast: Where bits and bytes meet flesh, misaligned incentives, and hacking the security industry itself.In this episode, I talk with Josh Corman, co-founder of I Am the Cavalry and director of the Cyber Statecraft Initiative for the non-profit organization Atlantic Council. We discuss his recent work advising the White House and Congress on the many issues lurking in safety-critical systems in the health care industry, the misaligned incentives across health care, regulatory bodies and the software industry, and the recent incident between MedSec and St. Jude regarding their medical devices.Here are some highlights: Where bits and bytes meet flesh I asked Josh to comment on his advisory role with the White House for the Presidential Commission on Enhancing Cybersecurity: Previous testimony from JPMorgan Chase said that they had over 2,000 full-time security people and they spend over $600 million a year securing things and they still get breached pretty routinely. About 100 of the Fortune 100 companies had had a material loss of intellectual property or trade secrets in the last couple years. If you take a step back strategically, one could argue that on a long enough time line our failure rate is 100%. If we can't secure big banks with $600 million and 2,000 people, how do you secure a hospital with zero security staff and almost no security budget? In many cases, we know what to secure, or even how to secure it, but we lack the incentives to do so—some of the commissioners are surprised by this, but it's encouraging. They're looking at really controversial ideas like software liability. One of the reasons we have such terrible software is there's really no penalty for building and shipping terrible software. It's controversial because if you introduce something like software liability in a casual or cavalier way, you could destroy the entire software industry. Down the rabbit hole of legacy health care systems When asked about his work on the HHS Cybersecurity Task Force for Congress, Josh laid bare the stark realities of health care security in a world of interconnected devices and legacy technology and systems: There's this thing called “meaningful use” in hospital environments. Reimbursement for medical investment was tied to meaningful use. [The health care industry] was encouraged to move rapidly from paper records to electronic records, and so they essentially took a whole bunch of medical devices that were never threat modeled, designed, architected, and implemented to be connected to anything and then forced them to be connected to everything. What that means is that even if a hospital has that 2,000 person security staff that is used to securing a bank or JPMorgan Chase, they can't achieve the same level of network security possible in a banking environment because of the unintended consequences of meaningful use. We're chasing rabbits down the rabbit hole and it goes a lot further than I think anybody has realized. There are some seemingly intractable problems in this long tail of Windows XP and legacy, outdated, unsupported operating systems being the overwhelming majority of the equipment in these hospitals, and they have scant security talent and budget and resources to even operate the old stuff. It's pretty ugly. Misaligned incentives In my testimony to the White House, I said that for some of these things, we know what the fix is. We actually know how to completely eliminate SQL injection. We know how, but we don't do it. I think in many cases we have technical solutions; we lack the incentives and the political will. And when you think about someone who has the means, motive, and opportunity to hurt the public through this irrational dependence on connected technology and safety critical spaces like hospitals, I don't think we have to make perfect things. I think what we have to do is drain the low hanging fruit and the hygiene issues, because if you can raise the bar high enough, we get rid of the high intent, low capability adversaries. You're never going to stop Russia or China from being good enough, but at least they're rational and we have norms and treaties and mutually assured destruction and economic sanctions and whatnot. I'm more concerned about the people that lay outside the control or the reach of deterrence. What we want to do is get to that 80/20 rule or the balance point where the really reasonable stuff, like no known vulnerabilities and make your goods patchable, at least equip us to shield ourselves against the whims and will of these more extreme adversaries. We don't have to boil the ocean, just raise the tide line enough. MedSec/St. Jude refocusing on the impact on patients Building on our conversation about health care security, I asked Josh about the recent debacle with MedSec, Muddy Waters, and St. Jude: Regardless of the veracity of the findings (because the veracity of the findings is in dispute), or whether you think it's moral to make money off of these things, or whether you think it's legal or should be legal to short safety-critical industries, if we can separate those three aspects we’ll see that there's been discussion about who's to blame here but stunningly little discussion about the effect on patients and on safety. I think it's hard to argue that the safest thing for the customers is to tell every adversary on the planet [about the vulnerability] before the patients or the doctors who care for those patients or the regulator who regulates the care for those patients has had a chance to get ground triage, form a plan, communicate the plan, and manage expectations so that a thoughtful, unemotional response can be done when the information comes to light. My belief is that the safest outcome will factor all relevant stakeholders, and I have seen almost no press that even factors for the impact on patients. Hacking the health care security industry We had a 20-year stalemate with the industries that we bring these disclosure issues to. Let's try not to be a pointing finger at past failures but a helping hand at future success. I have no interest in finding and fixing one device, one bug in one device for one manufacturer. We need to hack the industry and hack the incentives. We need to fix the whole problem. We're seeing the tide turn from a very real risk that white hats would be completely criminalized, to a massive embrace that it's not just a pointing finger at past failure and a researcher of the threat but rather that the researcher is a vitally necessary teammate. In fact the FDA, in their post-market guidance, is strongly advocating for high trust, high collaboration with white hats. In the context of all this sea change, from seeing us as enemies to vitally necessary teammates that help make their customers safer, our stories and advice scare the legal teams and the shareholders and might make researchers once again look like a threat. Related resources: Background on the MedSec/Muddy Waters/St Jude situation The Presidential Commission on Enhancing Cyber Security (NIST) The Health Care Industry Cybersecurity Task Force

LawyerLiz
09/21/16 Topics: "Snowden; Driverless Car Risks & Rules of the Road"

LawyerLiz

Play Episode Listen Later Sep 23, 2016 57:38


Security research and policy expert Tom Cross debates government metadata collection programs in the wake of Edward Snowden;Josh Corman, Director of Cyber Statecraft Initiative with the Atlantic Council, and Tony Roehl, technology and risk management attorney with Morris, Manning, & Martin, join Liz to discuss the new regulatory policies and risks as Uber launches its driverless car program in Pittsburg and the DOT releases new Federal Automated Vehicles Policy."

Paul's Security Weekly (Video-Only)
Security Weekly #479 - Josh Corman, Cyber Statecraft Initiative

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Sep 2, 2016 70:35


Joshua Corman is Director of the Cyber Statecraft Initiative for the Atlantic Council. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to increasing dependence on technology. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode479#Interview:_Joshua_Corman.2C_Cyber_Statecraft_Initiative-_6:00PM-6:30PM Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Paul's Security Weekly TV
Security Weekly #479 - Josh Corman, Cyber Statecraft Initiative

Paul's Security Weekly TV

Play Episode Listen Later Sep 2, 2016 70:35


Joshua Corman is Director of the Cyber Statecraft Initiative for the Atlantic Council. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to increasing dependence on technology. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode479#Interview:_Joshua_Corman.2C_Cyber_Statecraft_Initiative-_6:00PM-6:30PM Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Paul's Security Weekly (Podcast-Only)
Paul's Security Weekly #479 - "Encryption Decreases Security"

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Sep 2, 2016 127:34


Joshua Corman of Cyber Statecraft Initiative joins us, our listener feedback segment covers "Magic Wiffle Dust", and in our security news, Dropbox has been breached (again). Stay tuned!

Paul's Security Weekly
Security Weekly #479 - "Encryption Decreases Security"

Paul's Security Weekly

Play Episode Listen Later Sep 2, 2016 127:34


Joshua Corman of Cyber Statecraft Initiative joins us, our listener feedback segment covers "Magic Wiffle Dust", and in our security news, Dropbox has been breached (again). Stay tuned!

Tech Policy Podcast
#114: The Internet of Cars

Tech Policy Podcast

Play Episode Listen Later Aug 15, 2016 24:43


Cars these days often come with mobile data connections and entertainment systems. But as we move toward autonomous vehicles and car-to-car communications, the “Internet of Cars” will be much more sophisticated and technical. While self-driving cars pose many benefits, they also raise concerns over cybersecurity and privacy. What are the risks, and how can manufacturers and regulators strike a balance that protects consumers without stifling innovation? Beau Woods, Deputy Director of the Cyber Statecraft Initiative at the Atlantic Council, joins the show to discuss.

Conversations from the Leading Edge
Dynamics of Cyber Conflict with Jason Healey

Conversations from the Leading Edge

Play Episode Listen Later Jul 13, 2016 45:01


Dr. Jason Healey is an expert on current events and policies that effect the cyber realm and the role of cooperation and conflict in cyber space. Dr. Healey is a Professor and Senior Research Scholar at SIPA and a Senior Fellow at the Atlantic Council, where he was the founding director of the Cyber Statecraft Initiative. Here he discusses and gives insight on the dynamics of cyber conflict with AC4's Meredith Smith and Alex James.

The Internet of Things Podcast - Stacey On IoT
Episode 52: These 9 ideas can secure the smart home

The Internet of Things Podcast - Stacey On IoT

Play Episode Listen Later Mar 31, 2016 46:29


Security is a big deal for the Internet of things, which is why we’re so pumped about having Beau Woods, the deputy director of the Atlantic Council’s Cyber Statecraft Initiative, on the show to discuss nine new recommendations for securing smart home devices. These devices will all be linked to your home network, but you … Continue reading Episode 52: These 9 ideas can secure the smart home

Atlantic Council Events
Cyber Risk Wednesday: OPM Hack

Atlantic Council Events

Play Episode Listen Later Aug 28, 2015 85:18


Can the United States really shame another country for espionage excess? The Atlantic Council’s Cyber Statecraft Initiative in the Brent Scowcroft Center on International Security featured a discussion on how the United States should react to Chinese cyberattacks on sensitive government systems, such as the Office of Personnel Management (OPM). Siobhan Gorman, a Director in the Washington office of the advisory … Continue reading Cyber Risk Wednesday: OPM Hack →

DEF CON 22 [Materials] Speeches from the Hacker Convention.
Jason Healey - Saving the Internet (for the Future)

DEF CON 22 [Materials] Speeches from the Hacker Convention.

Play Episode Listen Later Dec 13, 2014


Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Healey/DEFCON-22-Jay-Healey-Saving-the-Internet-UPDATED.pdf Saving the Internet (for the Future) Jason Healey DIRECTOR, CYBER STATECRAFT INITIATIVE, ATLANTIC COUNCIL Saving the Internet (for the Future): Last year, the Dark Tangent wrote in the DC XXI program that the "balance has swung radically in favor of the offense, and defense seems futile." It has always been easier to attack than to defend on the Internet, even back to 1979 when it was written that "few if any security controls can stop a dedicated" red team. We all accept this as true but the community rarely ever looks at the longer term implications of what happens to the internet if one side has a persistent advantage year after year, decade after decade. Is there a tipping point where the internet becomes no longer a Wild West but Somalia, a complete unstable chaos where the attackers don't just have an advantage but a long-term supremacy? This talk will look at trends and the role of hackers and security researchers. Jason Healey is the Director of the Cyber Statecraft Initiative of the Atlantic Council, focusing on international cooperation, competition and conflict in cyberspace, and the editor of the first history of conflict in cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012. He has worked cyber issues since the 1990s as a policy director at the White House, executive director at Goldman Sachs in Hong Kong and New York, vice chairman of the FS-ISAC (the information sharing and security organization for the finance sector) and a US Air Force intelligence officer. He is a board member of Cyber Conflict Studies Association, lecturer in cyber policy at Georgetown University and author of dozens of published essays and papers. Just in 2013 presented or spoke in Brussels, Rome, Istanbul, Reykjavik, London, Tallinn, Stockholm, Munich, Seoul, Bali, New York, New Orleans, Las Vegas, San Francisco, and Washington, DC.