The Background Sync API (alternatively, periodic) enables web apps to defer tasks until the user has a stable connection. It may be useful for apps processing data offline. It introduces curious capabilities in web platforms, so it's important to understand the security and privacy footprint. Here I explore Read More
Technological advances and rising risks posed by cyberattacks, AI, and autonomous systems are outpacing the rules. This shift blurs the lines between civilians and combatants, threatening core principles of warfare and civilian protection. Changes in our world occurring faster than ever before. The concern of International Committee of the Red Read More
Philosophy of Cybersecurity by Lukasz Olejnik. Book about cybersecurity, risks, including cyberwar. Read More
This post about cybersecurity, cyberwarfare and international law is exploring the cross sections between technology, law, and policy. Previously I analysed some strategic documents of various States (e.g. 1, 2, 3, 4, 5, 6). So to speak: I know this landscape quite well. In 2023 the landscape is mature Read More
A Russian zero-day exploit purchase site is interested in tools for hacking of Electric Vehicle Charging Stations. This raises a number of questions. Why would anybody want to hack such targets? Also, why would Russian entities (in particular) be interested in such targets? The best answer to these is “good Read More
This is the year of cyberwarfare. Activities during the Russian war in Ukraine show it very clearly. But this post is about reports, cyber threat intelligence, and communication of the kind. Crucial at high-tension times, they should be crisp. We should consider/expect high level of quality/competencies when composing Read More
A very dangerous cyber tool has been identified and analysed. It’s targeting industrial control systems - the hardware/software that is often running at industrial sites (like manufacturing, but also power grids, nuclear plants, and go figure). Based on these analyses, I make a big picture assessment. Created by Read More
Can phishing precautions and training cause harm? It turns out this may be true in many cases. Phishing is the act of gaining a victim's confidence to convince them to engage in self-harming activities, for example leading to self-hacking their systems, parting with money, or data. Or of Read More
I already devoted some space to cyber insurance. Since then, the situation evolved. Oh no, cyber insurance Cyber insurers have a big problem: it is unclear how to “assess” the risk. Some events might be especially tricky. This means a lot of risk to the insurers. They are, for example, Read More
Germany recently published ("Application of International Law in Cyberspace") their stance concerning the applicability of international law and rules to cybersecurity, cyberattacks, and cyberwarfare. The document is interesting and I briefly describe the important takeaways. Previously I had a look at a similar stance, for example, by the Read More
Artificial Intelligence and AI Governance are hot topics in this decade. European Union has a pretty ambitious attempt to regulate AI (project here). In this post, I have a look at the proposal through the technical lens, including paying attention to cybersecurity and privacy. The goal of the regulation is Read More
We often hear about cyberattacks, cyber operations, and malware infections that target computer systems or smartphones. Attacks against civilian infrastructure facilities such as hospitals, water sanitation systems, and the energy sector similarly get a lot of airtime. But there is another type of high stakes system that gets much less Read More
Russia just released an interesting strategic document concerning “information security” (in their nomenclature this includes cybersecurity and more) with a view to “determine the main threats to international information security”, it supposedly complements the doctrine of information security, and more. I'll go through a few points below. Unlike Read More
The UK just released its comprehensive report Integrated Review concerning future diplomatic and military capabilities. While the document discusses foreign policy, adversaries, and kinetic forces such as missiles, tanks, or nuclear weapons, it contains interesting tidbits about cybersecurity and cyberwarfare (and is perhaps analogical to the other one from France) Read More
There is no question that cybersecurity is among the key world challenges. As reports of cyber attacks increase, policy decisions follow. The creation of military cyber operations, including planning and conducting offensive or defensive activities in cyberspace to achieve strategic and military objectives, slowly become the standard. While the details Read More
European Union showcased its new aims for cybersecurity (“strategy”), along with the new proposal for directives regulating cybersecurity, critical infrastructure, and end-to-end encryption. The strategy goes first. Strategic EU focus on cybersecurity? The strategy contains several interesting points, for example: European DNS European DNS resolver system. This point is critical Read More
The Council of the European Union is a group of representatives of 27 EU governments. The institution continues to investigate the challenges caused by encryption technology. Someone in there recently coined a new policy term “security through encryption and security despite encryption” (in this document). What does it mean? The Read More
In the past, I analyzed some more interesting EU regulations relating to privacy or cybersecurity, as well as some national cybersecurity strategies. This post is about a the proposal for a regulation just unveiled by the European Council. The primary focus of the regulation is the cyber resilience of the Read More
Cyberattacks in times of conflict will look different than in peacetime. There are many reasons for that but naturally such points might not be at the center of interest now. Because we are fortunately in peacetime, and because imagining such a qualitative change is not simple. Still, there’s the Read More
Why do countries resort to cyber operations or cyberattacks (depending on the terminology)? It’s a long discussion that involves matters of performance, speed, aptness, ability, and risk. Some better-informed folks used to speak about it and we also covered it during the ICRC assessment of cyber operations. But only Read More
Countries continue to refine their approach to cybersecurity. Australia is not an exception, with the recent release of its new cybersecurity strategy. Previously I looked at several countries or organisations (i.e. USA, Ireland, Netherlands, France, ICRC, France, Luxembourg) along different dimensions of cybersecurity. Why is Australia worth a look? Read More
I wanted to steer clear from the topic of SARS-CoV-19. But it is now clear that thee global coronavirus epidemic/spread introduces an extraordinary situation, warranting special considerations for individual and organization, as well as collective cybersecurity. We are all in this is due to a confluence of many related Read More
Recently the US has conducted a process modeled over Eisenhower-era Red-Teaming designed to figure out how to tackle the Cold War era risks posed by Soviet Union. Just applied to cybersecurity. Sounds exciting if not fuzzy? The report is now released and it is an extremely interesting strategic assessment. It Read More
Over the past few years, waves of shocking privacy misuses, data breaches, and abuses have crashed on the world's biggest companies and billions of their users. At the same time, many countries have bolstered their data protection rules. Europe set the tone in 2016 with the General Data Read More
Ireland just released its cybersecurity strategy. It is a very interesting document because, considering the size of the country, Ireland is a crucial backbone of the EU digital economy. Ireland knows this and it mentioned in the strategy very prominently: around 30% of “data” are based in Ireland. Big global Read More