Four things I’m reading this week:
And We Have a Cyber Czar: Earlier this week, the White House confirmed that Rob Joyce, former head of NSA’s Tailored Access Operations Unit, will be the new cybersecurity coordinator. This is a critical role that sets the tone for how the government will address cybersecurity policy and respond to threats going forward. Joyce built his career inside the intelligence community, so much of his work has been far from the public eye. But in 2016, he gave a public talk at the Usenix Enigma Security Conference on how organizations can defend themselves from nation-state threats. His message back then was simple: sophisticated intruders win because they know the network better than the defenders whose job it is to defend it. If you’re going to defend your network, you have to understand what you’re protecting, and take control of your environment to make it work for you instead of against you. Needless to say, listening to Joyce’s 2016 talk is a great opportunity to learn how the administration’s new cybersecurity coordinator thinks, and to learn a thing or two about defending your network.
I'm reading and watching:
The New Administration’s Cybersecurity Priorities: In our second headline from inside the administration this week, Tom Bossert, the Homeland Security Advisor, gave a keynote and Q&A at CSIS’s Cyber Disrupt conference. In the keynote, he discussed increased cybersecurity spending, the major challenges facing federal cybersecurity, and moves to concentrate federal cybersecurity controls and responsibility in OMB, with ongoing assistance from DHS and DOD.
It’s a useful opportunity to see how one of the primary architects of the new administration’s thinking on security sees the challenges we face today.
I'm reading: "Cyber Disrupt 2017: Keynote: Next Steps for Cybersecurity After a Decade of Lessons Learned.”
Three Challenges for the Web, According to its Inventor: Twenty-eight years ago on March 12th, Sir Tim Berners Lee first proposed the World Wide Web. To mark its 28th birthday, this week he shared his take on the three biggest challenges facing the Internet today. At the top of his list? Our lack of control over our personal data, the ease with which misinformation spreads on the web, and the opacity and rising power of political ads. This is a great list for cybersecurity experts to think about, because while these challenges aren’t exactly “cybersecurity” challenges, we have all seen malicious actors use cyber-enabled means to exploit these. The more uncertainty and exploitability exists in the networks we use to communicate every day, the greater the drive will be for criminals and nation-states to exploit those systems.
In short, these challenges may not be cybersecurity challenges, but (in addition to being essential concerns in their own right) they demonstrate exactly why cybersecurity is so important.
I'm reading: "Three challenges for the web, according to its inventor."
North Korea Targets Banks: Symantec has identified a North Korean-linked hacking group known as “Lazarus” as behind a string of efforts to target financial/banking organizations around the world. Given North Korea’s focus on organized crime and cyber-enabled activities as a means to project power, this shouldn’t be that surprising. Nevertheless, the scope of the campaign makes this a striking example of nation-state resources being aimed at private institutions for some combination of intelligence collection and financial gain.
I'm reading: "North Korean hacking group behind recent attacks on banks: Symantec."