On 2 April 2021, CNN published a story describing certain actions undertaken by the likely Russian actors reportedly responsible for recent supply chain compromise activity that affected multiple parts of the U.S. government. Specifically, those actors allegedly targeted the user and email accounts of Department of Homeland Security (DHS) threat…

Whenever the cybersecurity community — technical analysts, policy wonks, government officials, journalists on the beat, etc. — talk about how we perceive or interpret a threat publicly, we are providing material that could be exploited by the responsible adversary in a feedback loop. This feedback loop may inform how that…

I love to repeat myself: In light of the most recent “op-ed by someone who ostensibly should know better”, I had a few thoughts (beyond my op-ed specific ones) on the persistent incoherence related to cyber operations…

The other day, I saw a poll on Twitter about if it was reasonable to employ lethal force on ransomware operators. I had a number of thoughts, which I shared at length: It came to my attention today that…

Note: This blog has been updated as of 19 November 2020 to incorporate additional material, which is preceded by an asterisk. On 22 October, 2020, the U.S. government issued an alert (AA20–296A) for a widespread campaign of malicious activity by a Russian state-sponsored cyber operations entity tracked under a variety…

In 2014, as part of my terrorism coursework for graduate school, one of my assignments was to write a manifesto of a fictional terrorist group explaining why (or why not) that group should use violence, and the accompanying implications of such a choice. …

Note: This blog has been updated since I wrote it at approximately 3:00 AM. I am increasingly loathe to write blogs, mostly due to the combination of time required and a lack of stories that generate sufficient interest on my part to get me to overcome the time commitment hurdle…

We all enjoyed a front row seat Monday to a special event in the history of public attribution: the NSA and GCHQ (via NCSC UK) revealed that the Russian adversary Turla not only compromised the tooling and infrastructure of Iranian adversary OilRig but then leveraged said tooling and infrastructure to…

In the 2nd Century BCE, the Roman poet Juvenal asked “Quis custodiet ipsos custodes?” This question of who watches the watchmen has become a common one in an age where governments are increasingly the beneficiaries of an imbalance of power between the governing and governed. But that grander question does…