• How to Measure Cybersecurity

    Many experts agree that there are no universally recognized, generally accepted metrics by which to measure and describe cybersecurity improvements, and that, as a result, decision-makers are left to make choices about cybersecurity implementation based on qualitative measures rather than quantitative ones. Robert Taylo argues that the “search for quantitative metrics and dismissal of qualitative metrics ignores the dynamic nature of the challenge of ensuring cybersecurity, as well as the critical role of processes and procedures. Cybersecurity is a matter not just of the equipment and tools in place but also of how the equipment and tools are used by people, and how the organization ensures that the equipment and tools and methods of use are kept up to date. Qualitative measures that are discernible and reproducible are and will continue to be essential in helping to guide sound investment and operational decisions.”

  • NotPetya Ushered in a New Era of Malware

    NotPetya ushered in a new era of implant-enabled warfare where public opinion is as much the target as traditional IT systems. This wasn’t “hack and leak” or “inauthentic amplification” on social media. This is information operations by using malware to create a narrative, and shows what the future of conflict looks like: one where malware not only disrupts our business operations but also targets our minds and influences media coverage. NotPetya created significant downtime and a whopping $10 billion in damages, but its most subversive impact was how it deceived the public.

  • Concerns Growing that China's Influence Operations Getting Bolder

    The U.S. intelligence community has warned that the battle for information dominance has been joined. Until now, much of the focus on been on Russia for its use of social media to meddle in a number of Western elections, including the 2016 U.S. presidential elections and, more recently, the 2018 congressional elections. But top U.S. intelligence officials have repeatedly warned Russia is not alone, and that other U.S adversaries would be using lessons from Moscow’s successes for their own purposes.

  • Russia’s and China’s Political Warfare Campaigns: How the West Can Prevail

    The United States and its allies are facing an unprecedented challenge: Russia and China, two authoritarian states possessing substantial human, economic, technological, and other resources; armed with conventional and nuclear forces which, in many respects, rival those held by the Western allies; and working actively to undermine the core interests of the West. Their operations are designed to subvert the cohesion of the Western allies and their partners; erode their economic, political, and social resilience; and undermine the West’s strategic positions in key regions. The Russian and Chinese regimes have made substantial progress towards these goals during the last two decades without conducting conventional military operations. Rather, Moscow and Beijing have employed sophisticated political warfare strategies and a wide range of mostly non-military instruments.

  • Ransomware Attacks Are Testing Resolve of Cities Across America

    Ransomware is hardly new, but it is in fashion. Two years ago such attacks were still relatively rare. But now they are far more targeted, and as companies and towns have shown an increased willingness to pay ransoms, criminals have turned to new and more powerful forms of encryption and more ingenious ways of injecting the code into computer networks. Only this summer did the United States begin to see multiple simultaneous attacks, often directed at government websites that are ill-defended.

  • Corporate Defenses Against Information Warfare

    When asked about Russian election interference during his congressional testimony last month, Robert Mueller said: “They’re doing it as we sit here.” To defend the nation against information warfare, the U.S. government has adopted a policy—by default, not by design—of relying on the private sector to police itself, with limited behind-the-scenes government assistance. Facebook’s website says: “Our detection technology helps us block millions of attempts to create fake accounts every day and detect millions more often within minutes after creation.” These numbers sound impressive, but they do not tell the whole story. To assess the effectiveness of company defenses, we must distinguish among three types of fake accounts: bots, fictitious user accounts, and impostor accounts. Russian agents have created and operated all three types of accounts.

     

  • A Cyberattack Could Wreak Destruction Comparable to a Nuclear Weapon

    People around the world may be worried about nuclear tensions rising, but I think they’re missing the fact that a major cyberattack could be just as damaging – and hackers are already laying the groundwork. The threat of a new nuclear arms race is serious – but the threat of a cyberattack could be as serious, and is less visible to the public. So far, most of the well-known hacking incidents, even those with foreign government backing, have done little more than steal data. Unfortunately, there are signs that hackers have placed malicious software inside U.S. power and water systems, where it’s lying in wait, ready to be triggered.

  • How Data Privacy Laws Can Fight Fake News

    Governments from Russia to Iran have exploited social media’s connectivity, openness, and polarization to influence elections, sow discord, and drown out dissent. While responses have also begun to proliferate, more still are needed to reduce the inherent vulnerability of democracies to such tactics. Recent data privacy laws may offer one such answer in limiting how social media uses personal information to micro-target content: Fake news becomes a lot less scary if it can’t choose its readers.

  • New Vulnerability Found in Internet-Connected Building Automation Devices

    Critical internet-connected smart building devices used in countless commercial and industrial properties, have been found to be vulnerable to a new malicious attack. The vulnerability exploits the properties in the building automation protocol (Bacnet) which enables technicians and engineers performing monitoring, setup changes and remote control of a wide range of key smart systems that impact temperature control, and other monitoring systems.

  • U.S. Elections Are Still Not Safe from Attack

    Russia’s attack on American elections in 2016, described in Special Counsel Robert Mueller’s recent report as “sweeping and systematic,” came as a shock to many. It shouldn’t have. Experts had been warning of the danger of foreign meddling in U.S. elections for years. Already by 2016, the wholesale adoption of computerized voting had weakened safeguards against interference and left the United States vulnerable to an attack. So, too, the shift to digital media and communications had opened new gaps in security and the law that could be used for manipulation and blackmail.

  • Hacking One of the World's Most Secure Industrial Programmable Logic Controllers (PLC)

    Researchers have managed to take control of a Siemens PLC, which is considered to be one of the safest controllers in the world. As part of the attack, the researchers analyzed and identified the code elements of the Siemens proprietary cryptographic protocol, and on the basis of their analysis, created a fake engineering station, an alternative to Siemens’ official station. The fake engineering station was able to command the controller according to the will of the attackers.

  • A Hacker’s Treasure: IoT Data Not Trashed

    While consumers are aware that data needs to be wiped from smart phones and computers before discarding, the proliferation of internet connected (IoT) devices poses new challenges and risks, as they too retain valuable data.

  • Foreign Campaign Intervention May Go Way Beyond Russia to China, Iran, North Korea, and Saudi Arabia

    The risk of foreign intervention goes far beyond Russia. Indeed, this type of action has happened many times in U.S. history. What’s new in 2020 is that, over the past few years, Russians have shown other nations how easy it is to sow disinformation and disrupt democratic elections. Many countries, including the United States, seek to make the voting process easy so balloting is designed much more for user-friendliness than electoral security. At the same time, technology companies have created social media platforms that are easily exploited through disinformation, false news, and fake videos. What’s more, the use of this technology to disrupt campaigns is cheap and difficult to trace.

  • Unlocking Market Forces to Solve Cyber Risk

    Markets have been slow to adjust to the multi-dimensional perils of cyber risk. Even headline-grabbing cyber incidents such as breaches of Equifax, Target, Anthem, Sony and Home Depot—along with NotPetya’s devastation of Merck, FedEx, and Maersk—have thus far had only fleeting impacts on assessments of major corporations’ prospects by investors, credit rating agencies and insurers. This disparity reflects the broader problem of a “cyber risk gap” between corporations’ exposure to cyber risks and the adequacy of their efforts to address it. Investors, insurers, credit rating agencies and others presently face this gap, and have been only slowly waking up to its magnitude.

  • Practicing Cybersecurity Gets Easier

    It’s expensive to train the people who defend us from cyberattacks. When big companies hold a large-scale exercise, they often take several months to prepare for it. Lots of people and computers, routers and other hardware form a complex infrastructure to create an attack that is as realistic as possible. That’s a good approach, but at the same time it is time consuming and expensive. This is where the Norwegian Cyber Range comes in, enabling medium and smaller players to train, too.