“Academics will sit back and say, ‘Well, if you just did that and that and that, you would have avoided it.’ But if there’s no way to impose risk or consequences for [threat actors] doing it, your day is coming,” Mandia said.
By Brad D. WilliamsIntegrating commercial off-the-shelf computing on military platforms and how to make it work
The systems may be off-the-shelf, but the packaging for integration on vehicles and ships provides cradle-to-grave resiliency.
The law’s vulnerability disclosure provisions will give the Chinese government a head start on remediating — and potentially exploiting — zero-day vulnerabilities, possibly to include those discovered in tech used by the Defense Department, Intelligence Community, and across the US public and private sectors more broadly.
By Brad D. Williams
“We shouldn’t be relying on voluntary reporting to protect our critical infrastructure,” Sen. Warner said.
By Brad D. Williams
“The PRC’s pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world,” a senior administration official said on Sunday night.
By Brad D. Williams
The Exchange campaign attribution will also provide hints about the role of the first national cyber director in such incidents. NSA veteran Chris Inglis was confirmed for the position just weeks ago.
By Brad D. Williams
“This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt,” observed John Hultquist, VP of Analysis at Mandiant Threat Intelligence.
By Brad D. Williams
“China is a second-tier cyber power but, given its growing industrial base in digital technology, it is the state best placed to join the US in the first tier,” an IISS report says.
By Brad D. Williams
MILSATCOM for the most critical no-fail missions
With multiple nuclear-capable threats and space itself being a contested domain, assured and protected MILSATCOM are more critical than ever before.
“We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly,” CISA’s deputy executive assistant director told Breaking Defense.
By Brad D. Williams “My hope is that we can create this structure… to get an early warning system,” the Senate Intel Committee chair said. “Voluntary sharing is no longer effective.”
By Brad D. Williams
“The innovations… and the lessons learned from these responses will be used to improve future unified, whole of government responses to significant cyber incidents,” the White House says.
By Brad D. Williams
“Imagine you work at a chemical research part of a base. Its location is secret. But you have a smart car. Through other espionage activities, I found out you work there. I hack your phone or your car’s online account,” Keatron Evans said. “I track your location as you go to work every day. Now I know the specific GPS location of your work facility. It goes downhill quickly from there.”
By Arie Egozi and Brad D. Williams SolarWinds threat actor reportedly accessed DHS emails and DoE schedules. Cyberespionage campaigns are “the types of things we should expect [Russia] to do,” one cybersecurity expert observed. “I’m not arguing we shouldn’t have a response. We should respond. …My only argument is that we should not overact.”
By Brad D. Williams Only after months of investigation by nearly 100 highly skilled digital forensics experts did FireEye discover the malicious “implant” in the most unlikely place. We break it all down in plain language.
By Brad D. Williams
Security professionals are increasingly observing multiple threat actors, from nation-states to cryptominers, exploiting the vulnerabilities. As for China-based HAFNIUM, “This is part of the much larger Chinese effort to constantly be ferreting out new vulnerabilities and then exploiting them — with no end in sight,” said Heritage’s Dean Cheng. “The Chinese will pay close attention to the Biden administration response.”
By Brad D. Williams
