RESOURCES & MEDIA
Risky Business Podcast
“Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.”
“The CyberWire Daily Podcast is our look at what’s happening in cyberspace. It provides a clear and concise summary of the news and offers commentary from industry experts as well as our Academic and Research Partners. We publish each weekday afternoon (in time for US East Coast drive-time.)”
“Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.” link to blog
Army Cyber Institute Threat Report
Army Cyber Institute – March 2017
- Army Holds ‘Solariums’ on Strategic Importance of Secure Software.
- Hard-to-Detect Fileless AttacksTarget Banks, Other Organizations.
- Google Project Zero: How We Cracked Samsung’s DoD and NSA Certified Knox.
- Artificial Intelligence Giving Weapons Greater Autonomy.
- Revealed: Web Servers Used by Disk-Nuking Shamoon Cyberweapon.
- Ukraine Charges Russiawith New Cyber Attacks on Infrastructure.
Critical Infrastructure Security Readiness
Why IT Security Isn’t Enough
Wurldtech, a GE Company – 2016
“Unlike traditional data breaches—where a mature economy exists to source and sell stolen information—cyber attacks on critical infrastructure are often motivated by malicious intent to disrupt operations, which can place people, property, or the environment in jeopardy. Many organizations, however, remain unfamiliar with this new and intensifying risk landscape and/or lack insight into how to apply cyber security practices—especially within operational technology (OT) environments—to prepare for, detect, and respond to attacks…” link to full report
Strengthening U.S. Cyber Security and Capabilities
Executive Order Draft
President Trump – January 2017
“By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows: Section 1. Policy. It is the policy of the United States to defend and enhance the security of the Nation’s cyber infrastructure and capabilities. Free and secure use of cyberspace is essential to advancing U.S. national interests. The Internet is a vital national resource. Cyberspace must be an environment that fosters efficiency, innovation, communication, and economic…” link to full order
Framework for Improving Critical Infrastructure Cybersecurity
National Institute of Standards and Technology – January 2017
“The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing individual organizational…” full recomendations.
From Awareness to Action
A Cybersecurity Agenda for the 45th President
CSIS Cyber Policy Task Force (Sen. Whitehouse, Rep. McCaul, Karen Evans, and Sameer Bhalotra) – January 2017
“This report lays out specific recommendations for the next administration’s cybersecurity policy. It identifies the policies, organizational improvements, and resources needed for this. It builds on the 2009 Commission on Cybersecurity for the 44th Presidency, a foundational document for creating a strategic approach to cybersecurity. In the eight years since that report was published, there has been much activity, but despite an exponential increase in attention to cybersecurity, we are still at risk and there is much for the next administration to do.” full report.
Cyber and Deterrence
The Military-Civil Nexus in High-End Conflict
Atlantic Council (Franklin D. Kramer, Robert J. Butler, and Catherine Lotrionte) – January 2017
“This paper analyzes cyber’s role in deterrence and defense—and specifically the military-civil nexus and the relationship between the Department of Defense (DoD), the civil agencies, and the key private operational cyber entities, in particular the Internet Service Providers (ISPs) and electric grid operators. The focus of the paper is on high-end conflict including actions by an advanced cyber adversary, whether state or nonstate, and not on the “day-to-day” intrusions and attacks as regularly occur and are generally dealt with…” full report.
Surviving on a Diet of Poisoned Fruit
Reducing the National Security Risks of America’s Cyber Dependencies
Center for a New American Security (Richard J. Danzig) – July 2014
“This paper is about technology, conflict and insecurity. In contrast to the topic, it is impressive and affirming that many people helped me in ways that were warmly personal, generous and completely altruistic. In this effort to chart a path through a dark forest, I regularly got lost, banged into things I knew I didn’t understand, and thought I understood things I didn’t. Repeatedly, the people listed below put aside other important work they were doing and helped me. Of course, they bear no responsibility for errors of fact or judgment in this paper. Those are mine alone. But they tried to save me from them by talking…” full report
Executive Order 13636
Improving Critical Infrastructure Cybersecurity
President Obama – February 2013
“By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows: Section 1. Policy. Repeated cyber intrusions into critical infrastructure demonstrate the need for improved cybersecurity. The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The national and economic security of the United States depends on the reliable functioning of the Nation’s critical infrastructure in the face…” full document
Commission on Enhancing National Cybersecurity
Report on Securing and Growing the Digital Economy – December 2016
“Recognizing the extraordinary benefit interconnected technologies bring to our digital economy—and equally mindful of the accompanying challenges posed by threats to the security of the cyber landscape—President Obama established this Commission on Enhancing National Cybersecurity. He directed the Commission to assess the state of our nation’s cybersecurity, and he charged this group with developing actionable recommendations for securing the digital economy. The President asked that this enhanced cybersecurity…” full report
BAE Systems Develops Technology to Speed Electric Power Restoration After Cyber Attacks
Business Wire – March 14, 2017
“The U.S. Defense Advanced Research Projects Agency (DARPA) has awarded BAE Systems an $8.6 million contract to develop technology designed to quickly restore power to the U.S. electric grid after a catastrophic failure caused by a cyber attack.” link to full article
BlackOps Releases Erinyes Cyber Security Program for Darknet Markets
John of Darknet Markets – February 8, 2017
“Erinyes is the trailblazing cyber tool that will be used in cyber defense on the darknet. It is becoming the preferred method to carry out advanced cyber intelligence daily. Moreover, it is a fantastic early warning system to decrease risk exposure in the initial stages of risk development…” link to full article
Cybersecurity market grows 35X from $3.5B in 2004 to $120B in 2017. Spending predicted to exceed $1T next 5 years.
Cybersecurity Ventures and Steve Morgan of LinkedIn – February 2017
“Cybersecurity Ventures predicts global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021. In 2004, the global cybersecurity market was worth $3.5 billion — and in 2017 we expect it to be worth more than $120 billion. The cybersecurity market grew by roughly 35X over 13 years. We anticipate 12-15 percent year-over-year cybersecurity market growth through…” link to full article
At RSA, Doubts Abound Over US Action on Cybersecurity
Michael Kan of CSO Online – February 2017
“States may have to take the lead as the federal government lags on cybersecurity, a governor said. How should the U.S. respond to cyber attacks? That’s been a major question at this year’s RSA security conference, following Russia’s suspected attempt to influence last year’s election…” link to full article
The Russian Expat Leading the Fight to Protect America
Vicky Ward of Esquire – October 2016
“At six o’clock on the morning of May 6, Dmitri Alperovitch woke up in a Los Angeles hotel to an alarming email. Alperovitch is the thirty-six-year-old cofounder of the cybersecurity firm CrowdStrike, and late the previous night, his company had been asked by the Democratic National Committee to investigate a possible breach of its network. A CrowdStrike security expert had sent the DNC a proprietary software package, called Falcon, that monitors the networks of its clients in real time. Falcon “lit up,”…” link to full article
Is the US the Big Dog in the Fight for Global Cyber Security?
Matthew Schofield of McClatchy – January 2017
“After decades of unquestioned global security dominance, the United States is now grappling with an uncomfortably level playing field in one of the world’s most dangerous arenas – cyber warfare. The news last week, which is expected to continue through this week and be part of the discussion at the confirmation hearing for retired Gen. James Mattis as secretary of defense, has focused an enormous amount of attention on Russia’s attempts to influence the…” link to the full article
White House Withholds Cyber-Security Order for Further Revision
Wayne Rash of eWeek – February 2017
“President Donald Trump withheld an executive order on cyber-security that was ready for his signature leaving the Washington IT security community wondering what changes he intends to make. The new version of the EO does several important things. First, it makes clear that each agency head and each department secretary has the ultimate accountability for cyber-security. This appears to be done to prevent those heads from passing the buck to their subordinates instead of retaining it in their own hands.” link to full article
NACD Publishes Five Cybersecurity Principles Every Board Director Needs to Know
Christophe Veltsos of IBM Security Intelligence – February 2017
- Understand and Approach Cybersecurity as an Enterprisewide Risk Management Issue, Not Just an IT Issue
- Understand the Legal Implications of Cyber Risks as They Relate to the Company’s Specific Circumstances
- Have Adequate Access to Cybersecurity Expertise and Give Cyber Risk Management Regular and Adequate Time on Board Meeting Agendas
Directors Are From Mars, CISOs Are From Venus
IBM Security Intelligence – January 2017
Big changes in Trump’s cybersecurity executive order
Jose Pagliery of CNN – January 2017
“An executive order awaiting President Trump’s signature is aimed at improving nation’s hacker defenses — including a plan to have the U.S. military review what kids are learning about cybersecurity in school. The president was expected to sign the mandate Tuesday. But instead Trump met with NSA director Admiral Mike Rogers, senior adviser Jared Kushner, chief strategist Steve Bannon and other national security officials to discuss it…” link to full article
Texas A&M Energy and Manufacturing Cyber Security Conference
Joe Weiss on Unfettered – January 2017
“January 11-13, 2017, Texas A&M held the first Cybersecurity of Critical Infrastructure Summit for Energy and Manufacturing – https://cybersecurity.tamu.edu/cybersummit2017. I was a panelist in the Technology session. My observations were as follows: The attendees represented a broad swath of government, industry, and venture capitalists. However, most speakers were from, or discussing, primarily IT network security issues. Consequently, the focus was on Information Assurance as opposed to Mission Assurance which…” link to full article
Cybersecurity Summit Addresses Challenges in the Energy and Manufacturing Sectors
Bradley Foundation – January 2017
“The inaugural Cybersecurity of Critical Infrastructure Summit took place January 11-13, 2017 at Texas A&M University. A diverse set of cybersecurity experts and thought leaders helped strategic leaders across a range of organizations gain a deeper appreciation for both the evolving cyber threats to our crucial infrastructure, as well as the promising technological and policy innovations that could mitigate those threats. The desired outcome of this event, and in follow up engagements, is to prepare participants…” link to full article
Here you can define the content that will be placed within the current tab.
There have been many book list on cybersecurity compiled over the year, so instead of compiling our own we will recommend two of the best. These contain material across the board within cybersecurity and you are sure to find something both interesting and informative.
With the tagline “books every cybersecurity professional should read”, this list is democratically constructed by cybersecurity practitioners under the guidance of Rick Howard from Palo Alto Networks. This list covers both fiction and nonfiction in the following seven areas:
- Cyber History and Culture
- Cyber Crime
- Cyber Warfare
- Cyber Tech
- Cyber Law & Policy
- Governance, Risk, & Compliance
Constructed by those on the cutting edge of offensive cybersecurity, this book list contains the common knowledge of the computer underground. These books include some fantastic technical references (good to recommend to your engineers), policy and espionage, culture, and some unconventional topics.
Here are their categories:
- Computer Reference
- Cyber Punk
- A peek behind the curtains…
- Unconventional Information
- Underground Culture