Promoting disinformation out of proportions can cause harm. But how so, after all, it informs about the issue? Well, without this information, perhaps the disinformation content would not reach wider audiences at all. The propagandists would have failed.... How to boost Russian propaganda? The SDA, Disinformation Factory, employed over 100 Read More
A Russian zero-day exploit purchase site is interested in tools for hacking of Electric Vehicle Charging Stations. This raises a number of questions. Why would anybody want to hack such targets? Also, why would Russian entities (in particular) be interested in such targets? The best answer to these is “good Read More
This is the year of cyberwarfare. Activities during the Russian war in Ukraine show it very clearly. But this post is about reports, cyber threat intelligence, and communication of the kind. Crucial at high-tension times, they should be crisp. We should consider/expect high level of quality/competencies when composing Read More
Is the US building Stuxnet 2/3? Cyber tools that can act behind isolated (even air-gapped) networks to cause physical destruction, sometimes called “cyber weapons”, a generalised term, not exactly justified considering how such tools work (but in simplified cases, it is sometimes used). This was the functionality of Stuxnet Read More
A very dangerous cyber tool has been identified and analysed. It’s targeting industrial control systems - the hardware/software that is often running at industrial sites (like manufacturing, but also power grids, nuclear plants, and go figure). Based on these analyses, I make a big picture assessment. Created by Read More
I already devoted some space to cyber insurance. Since then, the situation evolved. Oh no, cyber insurance Cyber insurers have a big problem: it is unclear how to “assess” the risk. Some events might be especially tricky. This means a lot of risk to the insurers. They are, for example, Read More
Whether we want it or not, cyber operations by militaries are today’s reality. They are here to stay. But admittedly this fraction of statecraft is quite new. So it’s notable that the International Committee of the Red Cross just published its report (here) on military cyber operations. Previously Read More
After the success of the GDPR, Europe is doubling down on setting the standards in Artificial Intelligence. It should be clear to everyone, especially after a version of the “REGULATION ON A EUROPEAN APPROACH FOR ARTIFICIAL INTELLIGENCE” project leaked. While it contains interesting AI governance ideas, I will withhold further Read More
We often hear about cyberattacks, cyber operations, and malware infections that target computer systems or smartphones. Attacks against civilian infrastructure facilities such as hospitals, water sanitation systems, and the energy sector similarly get a lot of airtime. But there is another type of high stakes system that gets much less Read More
Russia just released an interesting strategic document concerning “information security” (in their nomenclature this includes cybersecurity and more) with a view to “determine the main threats to international information security”, it supposedly complements the doctrine of information security, and more. I'll go through a few points below. Unlike Read More
The UK just released its comprehensive report Integrated Review concerning future diplomatic and military capabilities. While the document discusses foreign policy, adversaries, and kinetic forces such as missiles, tanks, or nuclear weapons, it contains interesting tidbits about cybersecurity and cyberwarfare (and is perhaps analogical to the other one from France) Read More
There is no question that cybersecurity is among the key world challenges. As reports of cyber attacks increase, policy decisions follow. The creation of military cyber operations, including planning and conducting offensive or defensive activities in cyberspace to achieve strategic and military objectives, slowly become the standard. While the details Read More
European Union showcased its new aims for cybersecurity (“strategy”), along with the new proposal for directives regulating cybersecurity, critical infrastructure, and end-to-end encryption. The strategy goes first. Strategic EU focus on cybersecurity? The strategy contains several interesting points, for example: European DNS European DNS resolver system. This point is critical Read More
In the past, I analyzed some more interesting EU regulations relating to privacy or cybersecurity, as well as some national cybersecurity strategies. This post is about a the proposal for a regulation just unveiled by the European Council. The primary focus of the regulation is the cyber resilience of the Read More
Cyberattacks in times of conflict will look different than in peacetime. There are many reasons for that but naturally such points might not be at the center of interest now. Because we are fortunately in peacetime, and because imagining such a qualitative change is not simple. Still, there’s the Read More
Why do countries resort to cyber operations or cyberattacks (depending on the terminology)? It’s a long discussion that involves matters of performance, speed, aptness, ability, and risk. Some better-informed folks used to speak about it and we also covered it during the ICRC assessment of cyber operations. But only Read More
Quantum computers benefit from special effects like the quantum superposition and quantum interference to perform computation outside the reach to to classical computers, and attaining a speed advantage over classical computers for selected problems. What matters is quantum computers may allow an exponential computing speedup for certain problems. This speedup Read More
I wanted to steer clear from the topic of SARS-CoV-19. But it is now clear that thee global coronavirus epidemic/spread introduces an extraordinary situation, warranting special considerations for individual and organization, as well as collective cybersecurity. We are all in this is due to a confluence of many related Read More