Also, SIGINTing which can inform financial countermeasures, by the looks of the final bit there?
A concrete achievement there.
One of the highest stakes ICS/OT security games to be played is in the electricity generation/distribution context.
Good stuff.
Note that the FATF Recommendations were amended to cover virtual assets and VASPs during the US Presidency of @FATFNews in 2018 (a few days before I submitted by Hons thesis on the AML regulation of virtual assets, funnily enough).
Add the Ransomware Annex to the G7 Finance Ministers and Central Bank Governors’ Statement on Digital Payments (October 2020), FVEY Ministerial Statement on ransomware (April 2021) and the UN GGE final report (July 2021).
Question: what has the diplomacy with Russia actually achieved?
Ransomware activity targeting the USA and her allies hasn't exactly calmed down, has it?
Especially such activity which is originating from Russia, as admitted by @CISAgov's Director.
So said direct diplomacy with Russia did not even achieve enough to justify inviting _Russia_ to the counter-ransomware summit? reuters.com/article/us-usa…
Hmm, USA sharing intel with the Indians to help the latter's COIN and CT efforts in Kashmir and ops along the LAC? I dig.
'Enhanced cooperation with like-minded partners' = Wait, they're not going for a clique like others suggest?
Interoperability is already helped by India buying and deploying US-made platforms like the C-17, Apache, C-130J and P-8I aircraft, and the M-777 ultra-light howitzer (eg at the LAC).
The @USDISA is planning on looking at alternatives to the common access card, which US service personnel use to identify themselves to gate and chow hall staff, and when using computers.
DISA Director, @usairforce Lt. Gen. Robert Skinner, considers identity management an 'one area where the department can look to industry for a way ahead.'
'We want to leverage that technology to be able to provide greater options, so it's... truly multi-factor [auth]'.
'... the department must leverage what's happening in industry, and undergo a change in culture, to get to a "data-centric" environment versus a "network-centric" environment', that is, 'protect data' > 'protect infrastructure storing data'.
Of course, usual caveats: 1) I am neither an admitted lawyer nor an expert on UK law; 2) I have zero tickets in extradition matters, rather I am an Australian law nerd doing my PhD in critical software and infrastructure regulation; and
3) If you want to correct my points, please do for that helps me learn!