May 28, 2021
Bryson Bort is the Founder of SCYTHE, a start-up building a next
generation attack emulation platform, and GRIMM, a boutique
cybersecurity consultancy. He is widely known in the cybersecurity
community for helping advance concepts of defense across multiple
critical domains. He is the co-founder of the ICS Village, a
non-profit advancing awareness of industrial control system
security. Bryson is also a Senior Fellow for Cybersecurity and
National Security at R Street and the National Security Institute
and an Advisor to the Army Cyber Institute.
In this OODAcast we examine approaches Bryson has seen make
positive differences in evaluating and mitigating risks to
enterprises, specifically in the domain of adversary emulation.
The discussion covers:
- A practitioner’s view of the state of cybersecurity
- The demise of the perimeter as a security control
- What leaders need to know to mitigate risk
- Attack, Detect and Response tools and how their automation can
help continuously mitigate risks - Mitre ATT&CK and how to use it to help frustrate
adversaries - Assisting Blue Teams, Purple Teams and Red Teams with
tooling - The use of cyber threat intelligence to inform automated
adversary emulation
Ransomware: An update on the nature of the threat
The technology of ransomware has evolved in sophistication and
the business models of the criminal groups behind it have as well.
The result: The threat from ransomware has reached pandemic
proportions.
This post provides an executive level overview of the nature of
this threat. It is designed to be read as an introduction to our
accompanying post on how to mitigate the threat of ransomware to
your organization. See:
Ransomware, an update on the nature of the threat
China’s Plan for Countering Weaponized Interdependence
In an article entitled “The international environment and
countermeasures of network governance during the “14th Five-Year
Plan” period” by Xu Xiujun (徐秀军) in the February 27, 2021 edition
of China Information Security, we see the continuation of China’s
concerns over Weaponized Interdependence and China’s desire to
shape a global technology and economic environment that is less
influenced by Western power. Xiujun identifies concerns in several
interconnected areas including cybersecurity, economic
centralization, and advancement in technologies like AI, Quantum,
and 5G. See:
China’s Plan for Countering Weaponized Interdependence
If SolarWinds Is a Wake-Up Call, Who’s Really Listening?
As the U.S. government parses through the Solar Winds software
supply chain breach, many questions still remain as to the motive,
the entities targeted, and length of time suspected nation state
attackers remained intrenched unseen by the victims. The
attack stands at the apex of similar breaches in not only the
breadth of organizations compromised (~18,000), but how the attack
was executed.
See:
If SolarWinds Is a Wake-Up Call, Who’s Really Listening?
Russian Espionage Campaign: SolarWinds
The SolarWinds hacks have been described in every media outlet
and new source, making this incident perhaps the most widely
reported cyber incident to date. This report provides context on
this incident, including the “so-what” of the incident and
actionable insights into what likely comes next.
Russian Espionage Campaign: SolarWinds
The Cyber Threat to NASA Artemis Program:
NASA is enabling another giant leap for humanity.
With the
Artemis program, humans will return to the Moon in a way that
will enable establishment of gateways to further exploration of not
just the Moon but eventually the entire solar system. The initial
expenses of the program will return significant advances for
scientific understanding and tangible economic returns. As Artemis
continues, the project will eventually deliver improvements for
humanity that as of yet have only been dreamed of. But there are
huge threats. For more see:
The Cyber Threat To Artemis
Security In Space and Security of Space:
The last decade has seen an incredible increase in the
commercial use of space. Businesses and individual consumers now
leverage space solutions that are so integrated into our systems
that they seem invisible. Some of these services include:
Communications, including very high-speed low latency
communications to distant and mobile users. Learn more at:
OODA Research Report: What Business Needs To Know About Security In
Space Also see:
Is Space Critical Infrastructure, and the special report on
Cyber Threats to Project Artemis, and
Mitigating Threats To Commercial Space Satellites