"Alexa, show me an example of someone who clearly doesn't understand how cyber operations work."
Let's go, point by point:
1. A compound, effects-inducing computer network attack (CNA) operation to take down our electrical grid is not "a few mouse clicks" or a "few seconds" of work. And the US clearly has the ability to retaliate, suggesting potential deterrents.
2. The failure of the Florida water treatment hack to manifest impacts on the population wasn't based on luck. The actor clearly did not know how to mitigate other safeguards that would've backed up the employee who detected the changes.
3. If you ask me, the fact that recent supply chain compromise activity allegedly leveraged US-based infrastructure is the kind of detail that only talking heads who are ignorant of how both intel collection and malicious activity detection work would freak out about.
3-1. Yes, US-based infrastructure does limit USG collection on that infrastructure. But our intel collection enterprise is focused on foreign actors - the ideal goal is for HUMINT/SIGINT is to find such ops in their planning stages, but whatever.
4. Ah finally we reached the "bUt wHaT iF iT hAd BeEn DeStRuCtiv3?" straw man, where those who don't understand how operations work decide to frame demonstrable CNE as potential CNA to get attention and spread FUD.
4-1. IMHO if you know what to look for, there are reasonably higher-fidelity indicators to enable you to differentiate between CNE/CNA intent in activity. USG has said "we believe this was, and continues to be, an intelligence gathering effort."
5. "we need to be hardening our defenses now and offering a credible deterrent"

I agree on the defense point, actually. But as to the deterrent point -- CNA is the maybe the only place where we can hope to, and may already have, deterred peer-targeting.
6. The call to action towards the end of this piece is actually pretty reasonable. But the argument it makes to get there is based on FUD and a misrepresentation of how adversaries conduct cyber operations. I'm all for better defense, but let's get there grounded in reality.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Horkos @ the Centre for Unilateral Analysis

Horkos @ the Centre for Unilateral Analysis Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WylieNewmark

22 Feb
name a more iconic duo, i’ll wait
ritter checks his watch almost immediately during ryan’s briefing. powerful DDO energy.
his first line, dismissively delivered to a bewildered and grieving POTUS: “Nothing exotic, sir. Straight piracy and murder. It’s not the first time.”

the stones on this guy.
Read 44 tweets
10 Feb
Happening right now -- already deeply pleased to hear Sue Gordon advocate greater intelligence sharing w/r/t the intent of hostile cyber actors and the necessity of "ruthlessly bringing [malicious activity] into the light."
Grateful to hear @C_C_Krebs emphasize "the increasingly blurring line between state and non-state actors" stoked by foreign states' use of contractors and other third-parties within their cyber operations enterprises. PIONEER KITTEN is the leading example IMHO.
Excellent perspective from @DAlperovitch on the possible reorientation of SVR strategic approach to cyber operations following the events of 2014-2015 (screengrab is from his written testimony, which is available in the original link at the top of this thread)
Read 8 tweets
7 Jan
This kind of thing is not going to fly. A demonstrable intelligence failure - especially when social media tracking published by outlets like Bellingcat and BuzzFeed News make clear that if you wanted to collect on this via those platforms, you could just open wide and scoop....
Read 8 tweets
22 Dec 20
While the first installment of this series focused on how China identified and redressed core issues in its counterintelligence posture, the second primarily shows the consequences of that reversal: namely, a reduction in insight available from intelligence for USG. (1/5)
Proper counterintelligence isn't just about the threats posed to your own intel or military services. It's not just OPSEC or force protection. If you can carry it off coherently and strategically, CI oriented around an "offensive defense" can handicap foreign policymakers. (2/5)
This article provides an excellent summary for the layperson of the scale and scope of China's bulk PII targeting and supplementary collection against targets associated with the travel sector (as @JohnHultquist noted earlier this week). A very useful little graphic here. (3/5) ImageImage
Read 6 tweets
22 Aug 20
Given that Debbins appears to be a "true believer" in the cause of Russian nationalism, his public commentaries on security matters offer a unique pool of data against which to evaluate his thinking and actions.
So far, I've found 6 pieces of such content related to Debbins - between 2015 and 2020. The first is a 2015 opinion piece advocating for the US stop trying to "Westernize" Ukraine and instead attempt "to foster an ethnic Russian civil society" there. (1/x)
Second, from 2017, is Debbins' appearance on a security podcast. He offers insight into his ethnic Russian family and presents a (retrospectively) sympathetic account of Russia's strategic perspective. -10 points for parroting "Gerasimov Doctrine" BS (2/x)
Read 13 tweets
30 Jul 20
"espionage norms are such a weird nuanced place, that, it amazes me that people think cyber espionage can have a regular old norms framework" - @jckichen

let's talk about this *absolute unit* of wisdom for just a minute. we'll only scratch the surface, but that's ok (1/7)
During the Cold War, the major espionage norm that held between states was "We don't kill each other's intelligence officers". Now, this wasn't uniformly held but it was generally consistent across the big players for most of the conflict. But...that was kinda it. (2/7)
I am sitting next to five bookshelves worth of examples showing how everyone pretty much spied on, sabotaged, and manipulated everyone else when they felt it was in their national interest during the Cold War...but they tried hard to avoid killing each other's officers. (3/7)
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!