Tag Archive for: relations

Countering the Ransomware Threat | Council on Foreign Relations


Deputy National Security Advisor Anne Neuberger discusses international cyber cooperation initiatives to improve resilience to ransomware, efforts to disrupt ransomware and pursue those responsible for its proliferation, and countering illicit finance that underpins the ransomware ecosystem. 

SANGER: Well, good afternoon. I’m David Sanger from the New York Times. Great to see so many old friends in the crowd here. And we are joined by many others who are watching on video. And I’m delighted to be here with Anne Neuberger, the deputy national security adviser for cyber and emerging technology. Anne has really sort of revolutionized the way the White House thinks and deals with all of these issues. So I am delighted that she’s here. 

So here’s how it’s going to unfold today. Anne and I are going to talk for about a half an hour on the new ransomware initiative she has, current ransomware issues, and a few other related cyber issues. And then at about 1:30, halfway through, we’re going to invite questions from the audience and from our extended audience as well. I want to remind everybody, boy, this makes me so happy to say, Anne, this is all on the record. (Laughter.) How often do we have a chance to talk on the record? This is great. And then we will proceed. That means that not only are Anne’s answers on the record, it means your questions are on the record. So think about that for a moment. (Laughs.) So. 

NEUBERGER: David’s joyfully enjoying this moment. 

SANGER: Yeah. (Laughs.) So, Anne, let’s just go back to the beginning of the administration when you were—after a quite remarkable career, which you can all read about in the materials in front of you, as a White House fellow, as the official of the NSA working on commercial issues, defensive issues, offensive issues—you end up coming to the White House. And even before President Biden is in office, while he is still in Delaware under COVID restrictions. Sort of hard to remember what this was all like now. The first big issue he is dealing with, apart from the fact that his predecessor was trying to overturn the election, was SolarWinds, right? We had the Russians having come in to the—to the…

Source…

Security Think Tank: Reframing CISO-boardroom relations


The year 2021 was touted as a time to step back and review decisions that organisations had made in haste at a time of crisis that materially impacted their risk profile. The events of 2020 saw a major upheaval in the business landscape around the globe, placing high expectations on information security teams to protect organisations’ information, while enabling a disorientated remote workforce to continue business operations securely.

To accommodate new business requirements, digital transformation plans were accelerated, new technologies were adopted with minimal due diligence, and temporary measures were put in place to limit disruption to the supply chain. It was inevitable that the speed of those changes would introduce opportunity for risk.

Ideally, organisations would have moved from responding and adjusting to the global pandemic, to a new era of resuming “normal” operations that would allow business to get back in control and look to the future. But disruption did not wane as governments worldwide continued to yo-yo between lockdowns, partial lockdowns and easing of restrictions, cementing hybrid working as a permanent fixture – perhaps the only certainty for chief information security officers (CISOs) and their teams.

This serves to highlight a lesson for risk and security practitioners – the speed of digital business, coupled with an uncertain world, means we can never truly be in complete control of risk. We must continue to rethink how we work with business to maintain information risk within acceptable, but dynamically changing, levels of tolerance.

Information security practitioners need to be nimble, conciliatory and creative to keep pace with the rate of digital transformation, business innovation and the constant flux in working arrangements. Planning for normality is futile – expecting the unknown will enable both parties to deliver a rapid response that is more informed and assured.

For many CISOs, the pandemic meant they suddenly had the ear of the board and secured long-awaited investment to implement high-priority initiatives that met business demands. As threats morph, regulatory requirements tighten and attackers become more stealthy in…

Source…

How to improve relations between developers and security teams and boost application security


Chris Wysopal shared a history lesson about the evolution of application security and advice on how to make all apps more secure.

chris wysopal congressional hearing 1998

Veracode CTO Chris Wysopal shared the highlights of his career in application security during an OWASP event, including his 1998 testimony to Congress as a member of the hacking collective The L0ft.

Image: Chris Wysopal

In December 1996, application security expert Chris Wysopal published his first vulnerability report. He found that data could be edited or deleted in Lotus Domino 1.5 if permissions were not set properly or URLs were edited. That security risk — broken access control —  is the number one risk on OWASP’s 2021 Top 10 list of application security risks.

“We know about this problem really well and knowledge about the problem isn’t solving the problem,” he said. 

Wysopal, who is Veracode’s CTO and co-founder shared a short history of his time as an application security researcher, from his time with The L0ft hacker collective to testifying in front of Congress to doing security consulting with Microsoft in the early 2000s. Wysopal spoke during a keynote at OWASP’s 20th anniversary event, a free, live, 24-hour event held on Friday.

Wysopal said that he started out as an outsider in the tech world, which gave him a unique perspective to call out problems that software engineers, company leaders and government officials did not see. Over the last 25 years appsec researchers have moved from critics standing on the outside looking in to professional colleagues working with software engineers to improve security. 

SEE: How DevOps teams are taking on a more pivotal role 

“As William Gibson said, ‘The future is unevenly distributed, and I think we can learn from the past and learn from those already living in the future,” he said. 

He shared advice on how to build closer working relationships among developers and security experts as well as how the appsec profession has evolved over the years. 

Building relationships to improve security 

Wysopal said he sees the latest…

Source…

Cyberwarfare, U.S./Russia Relations, and Ukraine


In a Daily Beast article published on April 13, 2021, Julia Davis writes that, “the head of the Kremlin-funded RT and Sputnik news agencies believes Russia will invade Ukraine, sparking a conflict with the U.S. that will force entire cities into blackouts.”
Also, according to a White House produced readout of a recent call between Presidents Biden and Putin, the leaders discussed a potential upcoming summit as well as Russia’s military buildup and the ongoing tensions centering around Ukraine.

Tensions between the United States and Russia are nothing new, but have recently intensified as a result of findings of Russian interference in US elections, the high profile SolarWinds cyberattack, and the Biden administrations implementation of a new round of sanctions. With no indications of relief on the horizon, what should we expect in the future? Will a cyber attack against the U.S be next? Should we be on high alert? Are we already? Or could we see a resolution of some sort between the two leaders?

On Lawyer 2 Lawyer, host Craig Williams is joined by Claire Finkelstein, professor of law and philosophy from University of Pennsylvania Carey Law School/Penn Law and General Charles J. Dunlap Jr., former deputy judge advocate general of the United States Air Force, and professor from Duke Law. They discuss national security, potential threat of cyber warfare, U.S./Russia relations before and after interference in our elections, UN involvement, international law, and what kind of cyber protections are needed.

Source…