Cyber (in)security: some thoughts, musings and parables (a work-in-progress)
Source material
( a work-in-progress; sources will be added as the series progresses; my editing team will be creating a “Chicago style” bibliography in due course )
FOUNDATIONAL TEXTS
I started my research with the following texts, many of which have been in my library for years but in many cases required a re-read for this series:
PEOPLE AND INSTITUTIONS
People and institutions (many long-standing contacts) include:
– The National Museum of Computing (Milton Keynes, UK)
– The Computer History Museum (Mountain View, California)
– The National Cryptologic Museum (Ft Meade, Maryland)
– Librarian Rene Stark, Bletchley Park
– The research staff at the British Imperial War Museum (London)
– Librarian Ken Stoller at the Smithsonian Air & Space Museum (Washington, DC)
– The Charles Babbage Institute at the University of Minnesota
– John Frank, Vice President for UN Affairs at Microsoft
– David Grout, Technical Director for FireEye, a preeminent global cyber security authority
– Colonel Nicolas Duvinage, Head of the French National Cybercrime Center (who put European cyber war challenges in perspective)
– Oliver Grall, Area Sales Manager of MSAB (a company that builds a complete mobile forensics capability for law enforcement organizations)
– Colonel Brick Susky of the United States Cyber Comman (who outlined the change in mindset Western intelligence communities must make to challenge Russian influence)
– Lauren Zabierek, Executive Director of The Cyber Project at Harvard Kennedy School’s Belfer Center
– Paul Kolbe, Director, The Intelligence Project at Harvard University’s Belfer Center
– Michael Daniels, the former cyber security czar for the Obama administration, and now President of the Cyber Threat Alliance
– Alexander Klimburg, author of “The Darkening Web”, a cyber expert and program director at The Hague Centre for Strategic Studies
There is a large Linkedin cybersecurity, intelligence and technology community I follow, all of whom I diligently read, and many of whom I have met via my conference schedule. The following are a fraction of those contacts but they helped me roll out this piece. I will add others as the series rolls out :
– Chuck Brooks, Georgetown University, Adjunct Faculty, Graduate Cybersecurity Program. More here.
– Bob Carver, Principal, Cybersecurity Threat Intelligence and Analytics, Verizon. More here.
– Steve King, founding Board member at CyberEd.io, Director, Cybersecurity Advisory Services at CyberTheory. He is very much a “Big Picture” guy and able to look at all the connecting threads from 10,000 feet up. More here.
– Cliff Kittle, an industry Cybersecurity Strategist who serves in a variety of roles. More here.
– Andy Jenkinson, Group Chief Executive Officer, Cybersec Innovation Partners. More here.
– Dan Lohrmann, Chief Strategist & Chief Security Officer at Security Mentor, Inc. More here.
– Kevin Mitnick, Mitnick Security Consulting, CEO and Chief ‘White Hat’ Hacker. More here.
– Garett Moreau, founder of Augury IT, recognized information technology, network security expert. More here.
– Gordon Rowe, Security Lead, The Walt Disney Company. More here.
– David Walker, Network Security Engineer, Walker Labs. He has assisted me to take a granular approach to understand SolarWinds. More here.
– Joe Weiss, Managing Partner, Applied Control Solutions, an expert in the area of control system cyber security and optimized control system performance. More here.
– Allen Woods, now retired and once a chartered member of the British Computer Society who at one stage of his life was one of those people who had a whole alphabet after their name. He’s helped me threat through the information management issues/computer coding issue. More here.
By now, hacking has become so routine that it’s hardly remarkable. But to keep up:
– the FireEye Research/Alerts
– the Recorded Future Cyber Daily which lists the hacking groups and targets that its algorithms have uncovered in the previous twenty-four hours
– the Multi-State Information Sharing and Analysis Center real-time threat-reporting division disclosing newly discovered vulnerabilities (there is never a day when there aren’t numerous attacks and multiple software systems that need to be patched)