Megan Stifel: What Cyber Policy Needs Next Through the Looking Glass of the Ransomware Task Force YouTube video by Center for Cybersecurity Policy and Law

#ICYMI: @megans.bsky.social from @istorg.bsky.social delivered her keynote at #CyberNextDC, focused on what the future of cyber policy should look like through the lens of the Ransomware Task Force (RTF).

Hear her full remarks below:
www.youtube.com/watch?v=AXaH...

AI powered autonomous ransomware campaigns are coming, say experts CISOs told the best defense is ‘boring cyber hygiene practices.’

Researchers at NYU released a paper claiming to have created a prototype of ransomware orchestrated by AI. How can security experts protect against this next wave of digital attacks? With “‘boring’ cyber hygiene practices,” IST's @tgrossman.bsky.social told @csoonline.bsky.social.
🛡️ Read more:

Exercise VEIL STORM I: After Action Report In partnership with Europol, the Institute for Security and Technology and the Ransomware Task Force’s International Engagement Working Group designed and delivered Exercise VEIL STORM I, a tabletop e...

🚨NEW from IST: With Europol, IST & the #RansomwareTaskForce’s International Engagement Working Group executed Exercise VEIL STORM I, a tabletop exploring how operational collaboration can mitigate cyber incidents. Today’s after-action report summarizes proceedings & key takeaways.
🛡️ Read the report:

Without Washington? IST’s Michael Klein joins Panel at CLTC’s Cyber Civil Defense Summit to highlight mechanisms for bolstering state and local cyber resilience In June, IST Senior Director Michael Klein spoke on a panel at UC Berkeley’s Center for Long Term Cybersecurity #CyberCivilDefense Summit addressing shared responsibility of regional cyber resilience....

In June, IST's @michaelfklein.bsky.social spoke on a @cltcberkeley.bsky.social #CyberCivilDefense Summit panel addressing regional cyber resilience. @tgrossman.bsky.social reflects on the conversation, which highlighted pathways for improving state & local cybersecurity.
🖋️ From the #NatSpecs blog:

State-backed ransomware at the intersection of espionage, sabotage, and cybercrime The governments of Russia, China, Iran, and North Korea use ransomware for diverse ends.

Read an excerpt from Aleksandar Milenkoski, Jiro Minier, @julianferdinand.bsky.social, @maxwsmeets.bsky.social, and @tgrossman.bsky.social’s new report on state use of #ransomware, looking at Iran, North Korea, Russia, and China, on Binding Hook: bindinghook.com/articles-hoo...

Pharos Report No. 3: Ransomware’s New Masters: How States Are Hijacking Cybercrime - Virtual Routes The third report in the Pharos Series, Ransomware’s New Masters: How States Are Hijacking Cybercrime is authored by Aleksandar Milenkoski, Jiro Minier, Julian-Ferdinand Vögele, Max Smeets, and Taylor ...

The 3rd report in the #PharosSeries, co-authored by IST’s @tgrossman.bsky.social, conducts a comparative analysis of #ransomware used by groups linked to Russia, China, North Korea, and Iran: "states are not building ransomware operations entirely from scratch.”
🛡️ Read the report: bit.ly/4389ajD

Incredible research on developments in nation state ransomware from @maxwsmeets.bsky.social, @milenkowski.bsky.social, @tgrossman.bsky.social, my good friend and colleague @julianferdinand.bsky.social and Jiro Minier.

Banger of a report from @milenkowski.bsky.social, Jiro Minier, @julianferdinand.bsky.social, @maxwsmeets.bsky.social, and @tgrossman.bsky.social

virtual-routes.org/pharos-repor...

Published a new Pharos report today - and learned a lot in the process from @milenkowski.bsky.social Jiro, @julianferdinand.bsky.social @tgrossman.bsky.social. The report takes a closer look at how states are using ransomware.

virtual-routes.org/wp-content/u...

Cory Booker Slams Trump’s Policies in Marathon Senate Floor Speech The New Jersey senator criticized the president’s plans for Social Security, education and health care, saying the “nation is in crisis.” He was still speaking in the predawn hours.

Senator Cory Booker spoke in an all-night session on the Senate floor early Tuesday, in an effort to seize the national spotlight and criticize the Trump administration's policies for Social Security, education and health care. He was still speaking in the predawn hours.

Please call your own Senators and request they join Cory Booker in this filibuster. He says he'll go into the morning and as far into the afternoon as he can, so anyone we can force into showing some moral courage can jump in when he's exhausted.

Find their direct number here…

Assessing UK Ransomware Policy Join an expert panel to discuss the UK government’s approach to ransomware.

We're hosting a panel event at RUSI at 0900 on 3 April to discuss the UK government's ongoing consultation on ransomware legislation. I'll be joined by:

@alexmartin.bsky.social
@kathrynwestmore.bsky.social
Verona Hulse-Johnstone (NCC Group)
Edward Lewis, CyXcel

my.rusi.org/events/asses...

In a new paper with @joedevanny.bsky.social for @lawfare.bsky.social, we use the "Pacific Rim" campaign by @sophossecurity.bsky.social as an opportunity to further the understanding of norms of responsible behavior in cyberspace and counter-cyber operations (CCO)/active cyber defense (ACD).
🧵/5

Since April 2021, IST’s #RansomwareTaskForce has investigated how to disrupt the infrastructure that ransomware groups rely on to receive payments. Trevaughn Smith presents new strategies for targeting the resourcing phase of the #ransomware ecosystem.
🖋️ From the #NatSpecs blog: bit.ly/4ilbMRx

Congratulations to @therecordmedia.bsky.social for breaking a story so wild it broke the site. I mean that with all the love in the world. You folks rock.

🚨 NEW from IST: Following President Trump’s 2021 EO on deterring abuse of U.S. cloud services, the Commerce Dept. last January proposed a new rule requiring IaaS providers to ID foreign customers or begin info-sharing. While that rule remains pending, today, IST releases its report.
🔐 bit.ly/4hVsh6z

From policymakers to journalists to developers, the second annual Cyber Policy Awards™ nominees reflect the dedication, ingenuity, and acumen of the cyber policy community. At Thursday’s ceremony, cross-sector leaders announced recipients to a packed house.
🖋️ From the #NatSpecs blog: bit.ly/42KQ58q

I had such a great time contributing to this roundup - many thanks to @alexandrapaulus.bsky.social for the idea and invite and to my fellow contributors for their incredible recs! Looking forward to some wonderful winter reading 🤓❄️

The AI-Cybersecurity Essay Prize Competition - Binding hook Terms & Conditions Review Board FAQ 1. Who is eligible to participate? The competition is open to experts in cybersecurity and AI from any part of the world. All submissions must be in English.We only...

Together with @munsecconf.bsky.social, we present the AI-Cybersecurity Essay Prize Competition. Submit your essay by January 2 to help shape Europe's future and be one of the winners. #Cybersecurity #AI Read more: bindinghook.com/ai-cybersecu...

Britain’s national security demands more than a defence review As the international order cracks, the nation’s capabilities must adjust to a new world

Quite a sobering read by @philipstephens.bsky.social

Trump “may not quit NATO, but his eagerness to do a deal with Putin promises to badly undermine it. The alliance has been the keystone of British security. Without NATO, one senior official confides, Britain does not have a defence policy.”

@istorg.bsky.social Canada team!

Sweater weather

👋 finally back here - drop a line if you want to talk ransomware, incident response, cyber norms and IHL, deception in cyberspace, or your favorite fiction books of the year 📚

Reading between the lies: using leak sites to analyse ransomware trends Leak site data is a tempting source for researchers, but it must be used cautiously. Selection biases, inaccuracy, and manipulation by ransomware groups all pose risks

Reading between the lies - a short pieces on limits of using leak site data to analyze ransomware trends

bindinghook.com/articles-bin...

We are hiring a researcher and graphic designer at the Incubator:

europeancyber.org/vacancies/

Pell Mell or Pas Mal? Governing commercial cyber intrusion capabilities Binding Hook Managing Editor James Shires puts forward principles for how states should govern cyber-intrusion technologies

Pell Mell or Pas Mal? Governing commercial cyber intrusion capabilities

bindinghook.com/articles-bin...

🛡 We dive into the #OECD Digital Governance Index 2023 and the challenges & progress in #digital public sector transformation and feature @tgrossman.bsky.social's @bindinghook.bsky.social article on the operational inefficiencies of #NATO and #EU Cyber Rapid Response Teams. bsky.app/profile/tgro...

The brilliant @gavinwilde.bsky.social on information theory and LLMs for @bindinghook.bsky.social

bindinghook.com/articles-bin...

In a new piece for @bindinghook.bsky.social, I wrote about EU and NATO cyber rapid response teams and the structural and governance challenges they face bindinghook.com/articles-bin...