ravirockks

@ravirockks@infosec.exchange

Critical Software + Critical Infrastructure Law | PhD Scholar at the University of Sydney | Blogging at A Techno-Legal Update | Cricket, #Bloods, Bharatiyata | #StillRomancingWithLife

This profile is from a federated server and may be incomplete. Browse more on the original instance.

ravirockks, to random

'[The government] doesn’t have the power to do such things after the attack is over' (https://www.capitalbrief.com/article/new-cyber-tzar-to-face-resistance-over-government-intervention-powers-6f1f7ec5-9dc8-4ca5-8ed3-a4f06708b480/preview/).

Not quite (see screenshots from my analysis of this very question: https://atechnolegalupdate.medium.com/some-takes-on-the-ministers-takes-on-risky-cni-business-1417ed81300c).

cc: @campuscodi

image/png

ravirockks, to random

Apart from active measures against their polities, what else did they think would happen?
https://www.politico.eu/article/russia-cyberattack-retaliation-asset-freezes-eu-war-ukraine/

ravirockks, to random

'Despite early Iranian claims, many “attacks” in the early days of the [Israel-Hamas] war were either “leaking” old material, using pre-existing access to networks or were false.

'In late November 2023, Iranian groups began expanding their cyber-enabled influence beyond Israel, targeting countries Iran perceives are supporting Israel. This aligned with the Iran-backed Houthis starting their attacks on international shipping'.
https://blogs.microsoft.com/on-the-issues/2024/02/06/iran-accelerates-cyber-ops-against-israel/

ravirockks, to random

The importance of shifting incentive structures for software vendors, especially those of critical software appliances.

https://www.horizon3.ai/analysis-of-2023s-known-exploited-vulnerabilities/

image/png

ravirockks, to random

ASEAN Digital Ministers agreed to:

'Build a secure, diverse and resilient submarine cable network for regional and global connectivity, ... to facilitate the expeditious deployment, repair, maintenance, removal, and protection of submarine cables, between ASEAN Member States. [Aha - took their time, but at last, they've agreed to do it. Hope they don't pick Chinese vendors/service providers.]

'Develop a high quality, open, safe, flexible, inter-operable digital public infrastructure and e-government services to connect people and businesses in ASEAN, to develop a digital ecosystem, undergirded by robust efforts to enhance cybersecurity'. [Good to underpin with good cybersecurity, but this is wonderful to hear. Golden soft power and cyber diplomacy opportunity for the Indians, given their global leadership in DPI and need to build their presence in SE Asia.]
https://asean.org/wp-content/uploads/2024/02/ENDORSED-Singapore-Declaration_30-Jan-2024-CLN.pdf

ravirockks, to random

Amicus brief by former USG cyber bigwigs in the SolarWinds case, calling for more info sharing by industry with government.

Look forward to reading.
https://www.paulweiss.com/media/3984293/23-cv-9518-sec-v-solarwinds-brief-of-amici-curiae-former-government-officials.pdf

ravirockks,

@chort But what about NSA CCC and the CYBERCOM Under Advisement program?

ravirockks, to random

'An inquisitive raccoon fiddled with electricity equipment in Toronto and cut power for thousands in the downtown core late on Thursday...'

Natural hazards faced by CNI.
https://www.reuters.com/world/americas/raccoon-knocks-out-power-toronto-trapping-people-elevators-2024-02-02/

ravirockks, to random

'Incognito, a darknet drug marketplace, purchased the news site Darknetlive in November 2022. They have since used it to suppress criticism and steer public perception in their favor. This shift in ownership is chilling Tor journalism, ensuring that an invaluable publication will one day be seized and censored by government: DeepDotWeb’s history repeating'.

Bit to unpack there.
https://darkdot.com/articles/darknetlive-sold/

ravirockks, to random

'Then in came McDonnell Douglas … Engineers have been driven down the hill and replaced by accountants, and the management style just hasn't worked.

'My instant reaction was: that plane shouldn't have been built, we should have stopped production, everything was being rushed from the design of the plane to the development to the production.

'Mr Jacobsen worked for the FAA between 1995 and 2021 (and before that worked for Boeing for a decade) and believes the regulator has failed in its role to scrutinise Boeing to prevent the multiple safety incidents in recent years'.

Reminded of the Ford Pinto.
https://www.abc.net.au/news/2024-01-30/boeing-737-max-production-defects-ignored-aviation-regulator/103400468

ravirockks, to random

Bits from the India-France Joint Statement:

'They also agreed to intensify their cooperation in the Southwest Indian Ocean, building on the joint surveillance missions carried out from the French island territory of La Reunion in 2020 and 2022. They also welcomed the extension of those interactions in India’s maritime neighbourhood. These interactions may contribute positively to the securitization of strategic sea lanes of communication. In addition, the two leaders welcomed the progress in bilateral dialogue and identification of specific opportunities for using India as a base for the manufacture and export of defense equipment for friendly countries in the region.

'They also committed to revitalizing the trilateral cooperation with Australia, deepen the one with UAE and explore new ones in the region.

'President Macron congratulated Prime Minister Modi for his leadership in this historic initiative. The two leaders agreed that this project would be of great strategic importance and would significantly enhance the potential and resilience of the flow of commerce and energy between India, Middle East and Europe. Prime Minister Modi welcomed the appointment of President Macron’s Special Envoy for the project. [IMEEC's not dead, folks.]

'They recalled the utmost importance of upholding freedom of navigation in the Red Sea and of respecting the international law of the sea. They had detailed conversation aimed at coordinating their efforts in that region in this regard.

'... reiterated their commitment to further deepening the integration between the two countries’ respective defence industrial sectors and to work together to identify opportunities for co-design, co-development, co-production with the objective of not only fulfilling the defence needs of the Indian armed forces, but also of providing a viable and reliable source of defence supplies to other friendly countries... Towards this end, the two leaders welcomed the adoption of an ambitious Defence Industrial Roadmap. [!!!]

'... they welcomed the progress in the establishment of the MRO for LEAP engines in India by Safran and the plans to add MRO for Rafale engines, a comprehensive helicopter partnership with a Joint Venture for IMRH engine between HAL and Safran, and the Scorpene submarines constructed in India, including indigenisation. [!!!]

'They welcomed the MoU between NSIL and Arianespace to build a long-term partnership on satellite launch missions.

'To further synergize global efforts on building DPI capacities, France expressed its support to join One Future Alliance (OFA)... [!!!]

'The two leaders reiterated their firm support to the ongoing negotiations for an India-EU Free Trade Agreement.

'Both leaders welcomed the decision of Airbus in partnership with Tata Advanced System to begin the assembly of civilian helicopters in India... noted the decision of Airbus to give growing orders for aircraft parts in India for its assembly plants in Europe. Both leaders agreed to facilitate more Indian investments to France and French investments to India.

'In this context, the two leaders committed to holding Annual Summits, including during multilateral Summits, to drive closer cooperation'.
https://www.mea.gov.in/bilateral-documents.htm?dtl/37534/India__France_Joint_Statement_on_the_State_Visit_of_HE_Mr_Emmanuel_Macron_President_of_French_Republic_to_India_25__26_January_2024

ravirockks, to random

Fundamental points by Prof Ciaran Martin about the British Library incident and its aftermath.

= Why resilience matters.

https://ciaranmartin.substack.com/p/on-the-matter-of-the-british-library

hacks4pancakes, to random

I am wearing The Coat and you need to know

ravirockks,

@hacks4pancakes Fantastic!

If I may make a suggestion for your next fancy look, give wearing a sari a go!

ravirockks, to random

Om Shanti.

One of the most consequential folks to have walked this earth.
https://arstechnica.com/gadgets/2024/01/inventor-of-ntp-protocol-that-keeps-time-on-billions-of-devices-dies-at-age-85/

ravirockks, to random

Must be bad if CISA's having to compel FCEB agencies to patch.
https://www.cisa.gov/news-events/alerts/2024/01/19/cisa-issues-emergency-directive-ivanti-vulnerabilities

SwiftOnSecurity, to random

There’s something I notice in myself and try to fight I call the Dearth Spiral. Where you increasingly circle around scolding and statements and negative stuff as primary content. Instead of cool things and sharing knowledge and general enthusiasm.
A dearth of joy.

ravirockks,

@SwiftOnSecurity 'Pessimism is so easily confused for sophistication'

A few modern 20th century philosophers would like a word with you!

ravirockks, to random

'Normally, 2FA would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected'.

A reminder that Mandiant sells cyber security services for very expensive fees.

ravirockks, to random
ravirockks,

@crankylinuxuser Noice!

But note that: when you control the mail, YOU CONTROL INFORMATION.

ravirockks, to random

I'm disappointed the NSA's podcast is not called 'No Such Podcast'.

Nonetheless, it's hosted by the wonderful Bailey Bickley so I'll add it to my listening list.
https://youtu.be/5tq1I1uMe1U

ravirockks, to random

Cars are signals intelligence goldmines. Appalling.

https://archive.md/7lhOw

image/png
image/png

ravirockks, to random

Wisdom from John Pescatore in the latest edition of SANS NewsBites:

'Every step in the right direction is, if nothing else, one more step away from the wrong'.

ravirockks, to random

'But the organisation said it was unable to say what type of information had been stolen or whether it included personal private data. [Huh?]

'St Vincent's Health said the cyber hack had not affected its ability to deliver services...'

Aussie CNI hit again.
https://www.abc.net.au/news/2023-12-22/st-vincents-cyber-attack-data-stolen/103259114

ravirockks,

@lilstevie Thanks for sharing. Yeah, it's not very clear what happened bar the fact that thank goodness no OT was hit.

ravirockks, to random

'In the month of May 2023, ... 22 companies, that operate parts of the Danish energy infrastructure, were compromised in a coordinated attack... gained access to some of the companies’ industrial control systems and several companies had to go into island mode operation'.

EXCUSE ME?
https://media.licdn.com/dms/document/media/D4D1FAQG-Qsry8BH9dg/feedshare-document-pdf-analyzed/0/1699785104486?e=1700697600&v=beta&t=icNMQ-rDYgeSojoaax-1KpC7YrCF7MVtkrDClSFiKIY

ravirockks,

Forescout's take on the above: https://www.forescout.com/resources/clearing-the-fog-of-war/

image/png
image/jpeg

ravirockks,

@campuscodi Indeed.

If the Russians didn't target Danish CNI, you tell me who did.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • ngwrru68w68
  • everett
  • InstantRegret
  • magazineikmin
  • thenastyranch
  • rosin
  • GTA5RPClips
  • Durango
  • Youngstown
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • provamag3
  • tacticalgear
  • osvaldo12
  • tester
  • cubers
  • cisconetworking
  • mdbf
  • ethstaker
  • modclub
  • Leos
  • anitta
  • normalnudes
  • megavids
  • lostlight
  • All magazines
    •