Total Pageviews

Tuesday, June 27, 2017

The words to tell the current Petya ransomware cyberattack

What are the words used  by the media to tell the current Petya ransomware cyberattack that is hitting several countries in the world?

Describing the attack:
- "Chaos"
- "massive"
- "global"
- "Unprecedented"
- "major"
- "powerful"
- "huge"
- "une attaque industrialisée"
- "scary"

The advises provided by some cybersecurity"experts":
- "to turn off and disconnect all machines using Windows"

The usual comments on attribution of the attack:
- "the perpetrator - and even the type of attack - aren't entirely clear yet"

Perspectives for the near future:

The long list of victims/targets:
- Countries: Russia, Ukraine, France, UK, Poland, The United Sates...
- Organizations, firms: WPP, Maersk, Rosneft, Saint Gobain...

Friday, June 23, 2017

Russian Interference in the 2016 U.S. Elections. Expert Testimony by J. Alex Halderman

"Russian Interference in the 2016 U.S. Elections", Expert Testimony by J. Alex Halderman, Professor of Computer Science, University of Michigan, June 21, 2017, U.S. Senate Select Committee on Intelligence. 

Here are the mains conclusions of the testimony: 

"U.S. Voting Machines Are Vulnerable... Today, the vast majority of 3 votes are cast using one of two computerized methods. Most states and most voters use the first type, called optical scan ballots... The other widely used approach has voters interact directly with a computer, rather than marking a choice on paper. It’s called DRE, or direct-recording electronic, voting.Both optical scanners and DRE voting machines are computers. Under the hood, they’re not so different from your laptop or smartphone, although they tend to use much older technology—sometimes decades out of date..
Some say the decentralized nature of the U.S. voting system and the fact that voting machines aren’t directly connected to the Internet make changing a state or national election outcome impossible. Unfortunately, that is not true...
This month, we’ve seen reports detailing Russian efforts to target voter registration systems in up to 39 states...
We must start preparing now to better defend our election infrastructure... we know how to accomplish this. Paper ballots, audits, and other straightforward steps can make elections much harder to attack."

My comment: Is Russia the only threat to voting systems and election infrastructures? Probably not. The "insider threat" is another option. Other foreign countries, politically motivated hackers, organized crime... might try to hack national or any other election process. 



Thursday, June 15, 2017

Key Trends across a Maturing Cyberspace affecting U.S. and China Future Influences in a Rising deeply Cybered, Conflictual, and Post-Western World

Key Trends across a Maturing Cyberspace affecting U.S. and China Future Influences ina Rising deeply Cybered, Conflictual, and Post-Western World, Dr. Chris C. Demchak, Testimony before Hearing on China’s Information Controls, Global Media Influence, and Cyber Warfare Strategy, Panel 3: Beijing’s Views on Norms in Cyberspace and China’s Cyber Warfare Strategy, Washington, DC, 4 May 2017. 

Cybersecurity in the EU Common Security and Defence Policy (CSDP)

Cybersecurity inthe EU CommonSecurity andDefence Policy(CSDP), Challenges and risks for the EU, EPRS | European Parliamentary Research Service, Scientific Foresight Unit (STOA), PE 603.175, 94 pages, May 2017. 
Abstract This report is the result of a study conducted by the European Union Agency for Network and Information Security (ENISA) for the European Parliament’s Science and Technology Options Assessment (STOA) Panel with the aim of identifying risks, challenges and opportunities for cyber-defence in the context of the EU Common Security and Defence Policy (CSDP). Acceptance of cyber as an independent domain calls for the investigation of its integration with the EU’s current and future policies and capabilities. ENISA analysed the related literature and work on cybersecurity, including its own publications, to form the basis for this study. In addition, a number of stakeholders, experts and practitioners, from academia, EU institutions and international organisations, were consulted in order to ensure the study is well-founded and comprehensive.... 

Wednesday, June 7, 2017

Threat Intelligence for Dummies - by Norse

Threat Intelligence for Dummies - by Norse. 52 pages, 2015. Available online.

ANSSI Rapport d'activité 2016 - dossier de presse

ANSSI Rapport d'activité 2016 - dossier de presse, 6 juin 2017, 20 pages. Télécharger le document. 

"War by other Means", Max Bergmann and Carolyn Kenney

"War by other Means", Max Bergmann and Carolyn Kenney, Report from the Center for American Progress, June 2017, 45 pages. Download the report