The level of threat from cyber attacks has been the subject of controversy for years. However, just recently, multiple officials who are in the know have publically stated that the threat posed by cyber attacks is very real and went on to state that such an attack could potentially be not that far away.

In my most recent blogs, I made the distinction that cyber attacks are much more serious than cyber threats. If someone puts a piece of code on your system that exfiltrates data or information, disrupts, destroys or otherwise harms your computer, device, network, applications or data–that would be considered an attack. Keep reading →

As discussed in last week’s blog I continue to come across what I believe are two very dangerous attitudes about cyber aggression.

The first issue one, discussed last week, is about the importance of distinguishing between a cyber intrusion and a cyber attack. This week, I want to address the comment I hear too often that “we know for a fact” who are behind the cyber attacks.

I called a CISO (chief information security officer) of a critical infrastructure and a subject matter expert that worked with three-letter agencies on cyber event investigations. I barely finished relating the statement when he replied “That’s bulls**t and went on to talk about cyber break-in investigations that went on for “years” without identifying who was behind the attack. Keep reading →

Writing, blogging and speaking at conferences exposes you to a very broad base of viewpoints and also opens you up for non-constructive criticism.

Recently, I received some feedback on a position I have consistently taken on the subject of cyber attack and cyber attribution. This week I will address one of the two issues. Keep reading →