Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Eric Geller Profile picture
Eric Geller
@ericgeller
Freelance cybersecurity reporter covering all things digital security. I also co-host @hothtakes. | Send me tips: https://t.co/j2VflOTeFS
Liz Profile picture Sue Strong @strong_sue@mastodon.sdf.org 🇺🇦 Profile picture BlackeyedSusan28 Is Fully Vaccinated Profile picture Daniel O'Donnell Profile picture Aviva Gabriel Profile picture 6 subscribed
Apr 15 7 tweets 2 min read
Resharing my story about Microsoft.

One thing I wish I could have expanded upon in my story is how the Biden admin's secure-by-design strategy has left the USG unprepared to wield any sort of influence over Microsoft, even as the company doesn't meet SBD expectations. (cont'd) As one cyber expert told me, "There are good regulators and good enforcement mechanisms around [federal] IT procurement on security ... and the fact that CISA and the SBD team have chosen not to connect that work to those other entities has left it in a very limited position."
Apr 15 24 tweets 7 min read
The U.S. government has a Microsoft problem.

Market dominance, inertia, and savvy PR have almost completely insulated the hack-plagued company from meaningful oversight, even as Biden officials preach corporate accountability.

My new @WIRED story: wired.com/story/the-us-g…
Image I asked cyber experts, lawmakers, fmr govt officials, & employees of Microsoft's competitors why the company has struggled w/ security and why those woes haven't threatened its business.

Their comments and criticisms mirrored the recent findings of the Cyber Safety Review Board. Image
Feb 29 18 tweets 3 min read
The House Homeland maritime security subcommittee is holding a hearing on U.S. port cybersecurity:

The hearing, w/ witnesses from DHS, USCG, & Transportation Command, comes a week after a big Biden admin push on port cybersecurity: homeland.house.gov/hearing/subcom…
Subcommittee chair Carlos Gimenez says U.S. ports' use of Chinese-made equipment "introduces significant supply chain vulnerabilities into our maritime transportation system."
Oct 30, 2023 6 tweets 2 min read
Biden has signed his AI executive order. As we await its release, here's what the fact sheet says about "the most sweeping actions ever taken to protect Americans from the potential risks of AI systems"... 🧵whitehouse.gov/briefing-room/… Developers of any LLMs with the potential to pose serious risks will have to red-team them for safety and security issues—based on standards developed by NIST—and share the results with the government. Biden is using the Defense Production Act for this. Image
Sep 22, 2023 63 tweets 10 min read
This week’s #Ahsoka episode was one of the finest episodes of Disney Star Wars TV so far. Sabine emerges as the real main character, Thrawn and Ezra’s long-awaited introductions absolutely deliver, and it’s no coincidence that Ahsoka’s best ep yet barely features Rosario Dawson. Let's start with Sabine, because she continues to be far and away the best character. Natasha Liu Bordizzo must be exhausted from carrying this show on her shoulders.
Aug 9, 2023 8 tweets 2 min read
.@lilyhnewman is moderating a Black Hat keynote with @CISAJen and @VZhora. Image @lilyhnewman @CISAJen @VZhora Zhora says Ukraine has observed “a shift" in Russian cyberattacks "from disruptive and chaotic attacks to more focused activity [like] cyber espionage and data collection."
Jul 25, 2023 21 tweets 7 min read
Exclusive: While some water utilities have made important progress on cybersecurity, many others struggle to implement complex or time-consuming defenses, according to EPA data I obtained through FOIA.

Meanwhile, the EPA has stopped collecting this data.

themessenger.com/tech/exclusive… The document I obtained is an EPA dashboard summarizing inspections conducted from spring 2020 to spring 2023 — initial assessments of 249 utilities, plus 6- and 12-month follow-ups with about half of them.

You can browse the full dashboard here: https://t.co/nO4fddefLmonedrive.live.com/view.aspx?resi…
Image
May 30, 2023 6 tweets 4 min read
Old but interesting document that I recently got via FOIA: The September 2016 Intelligence Community Assessment of cyber threats to U.S. election systems, ordered by then-President Barack Obama amid Russian hacking fears.

documentcloud.org/documents/2382… Image This ICA, an unclassified version of a classified analysis that ODNI wouldn't give me, is one of the first U.S. government assessments of the country's election security posture. Its conclusions match what subsequent reports have said about likely and unlikely attacks and risks. Image
May 10, 2023 6 tweets 2 min read
At #HackTheCapitol, EPA cyber branch chief Nushat Thomas says the EPA understands complaints from states and utilities that they lack the resources to comply with a new water cyber assessment rule.

She lists a bunch of resources and services that EPA offers. Thomas: "We have training in place for those states who actually want to conduct the...assessment themselves." EPA developed a water-specific cyber checklist based on CISA's cross-sector cyber performance goals, "and we're training the states on how to utilize that checklist..."
Mar 28, 2023 52 tweets 8 min read
The House Appropriations homeland security subcommittee is holding a hearing on CISA's FY2024 budget request, with @CISAJen testifying: appropriations.house.gov/legislation/he… "We've received sustained, generous, bipartisan investment from Congress and invaluable new authorities," Easterly says.

She describes how CISA is using its funding to improve its visibility into threats, implement cyber incident reporting rules, and more.
Mar 25, 2023 6 tweets 2 min read
So this week's episode of #TheMandalorian was fine. Not great. The Grogu Order 66 flashback was the best part. Thrilled to see Ahmed Best take the spotlight like that. He deserves the world. (Also nice to see Naboo security forces doing their part ... perhaps Jar Jar sent them?) As for the stuff at the Mando covert, it was fairly boring. Especially the rescue sequence. I felt like I was supposed to care about that kid and I just ... didn't. Felt like a waste of time. Could have established Bo-Katan's team spirit more economically.
Dec 1, 2022 10 tweets 2 min read
Oh right, this show.

(I'm looking forward to it! But it has definitely — how do I put this — lost some of its luster in recent weeks.) Just to expand on this a bit…

One thing that's bothered me about the backlash to the Andor lovefest is the argument "It's wrong to say that Andor made other shows look bad, b/c not every show needs to be like Andor."

People saying that don't seem to get what Andor did right.
Nov 29, 2022 4 tweets 2 min read
Today's @MorningCybersec has more from my and @magmill95's interview with U.S. cyber ambassador Nate Fick: subscriber.politicopro.com/newsletter/202…

He talks about how the U.S. can weaken Huawei's grip on the 5G market by offering subsidies and promoting interoperable standards like Open RAN. On Open RAN, Fick says "you want to break apart the black box" of proprietary tech, and given that incumbent vendors have "the goose that's laying the golden eggs," the USG should help open standards overcome their opposition through regulatory and other obstacles in its control.
Nov 25, 2022 81 tweets 14 min read
After #Andor’s breathtaking season 1 finale, I’m calling it: This show is the best Star Wars content ever made.

Cassian finds his path with inspiration from Maarva & Nemik, Mon takes a huge step in Luthen's direction, and Ferrix reaches its breaking point.

All hail Tony Gilroy. One of the best sequences in the ep and all of SW is Nemik’s manifesto monologue — on the inevitability of rebellion and the fragility of tyranny — playing over a montage of Bix, Luthen, and Cassian, all three of whom are rebelling in their own ways.

It's astonishingly powerful.
Nov 11, 2022 42 tweets 8 min read
If you didn’t get chills or cry watching this week’s episode of #Andor, I don’t know what’s wrong with you.

Cassian rises to meet the moment, Mon Mothma confronts a horrible choice, and Stellan Skarsgård and Andy Serkis earn their Emmy nominations.

Unparalleled storytelling. The opening scene shows Cassian's come a long way from the meek fish out of water who first arrived on Narkina 5.

He sees the prisoners' power, the guards' fear, and the resulting opportunity. We’re seeing him turning insights about the Empire into motivation & logic for action.
Nov 10, 2022 5 tweets 3 min read
by god that's @mikeduncan's music This #Andor interview with Tony Gilroy is honestly so good. The man has a clear (and refreshing!) vision and is fearless about executing it.

"Drama is watching people you care about in difficult circumstances make decisions that you’re interested in."

rollingstone.com/tv-movies/tv-m…
Nov 10, 2022 13 tweets 3 min read
What a likely GOP House takeover means for cyber:

* Less progress on major issues
* Uphill battle for WH regulation push
* New skepticism of CISA budget boosts

Watch homeland panel leadership races in both chambers.

My and @magmill95's new story: subscriber.politicopro.com/article/articl… The House and Senate homeland security panels have powered Congress's historic emphasis on cybersecurity over the past two years.

With GOP panel leaders retiring and their replacements likely to prioritize border security and other partisan topics, that's about to end.
Nov 9, 2022 7 tweets 5 min read
Good morning.

If you went to sleep at 2:30 a.m. like I did and are just waking up, here are a few things to know:

1️⃣ The House and the Senate remain uncalled.

2️⃣ So do governorships and secretary-of-state races in AZ and NV.

#Election2022 3️⃣ In AZ Sen: NYT estimates that many votes remain in one Democratic area & several Republican areas. nytimes.com/interactive/20…

4️⃣ In NV Sen: NYT estimates that lots of votes remain in two D areas, while some votes remain in several R areas. nytimes.com/interactive/20…

#Election2022 ImageImage
Nov 9, 2022 4 tweets 2 min read
Well that's quite a call! No one else calling this one yet. #Election2022 Fox now calling Pennsylvania for Fetterman too.
Oct 19, 2022 7 tweets 2 min read
Speaking at #mWISE, @ncdinglis says Biden's National Cyber Strategy will "probably come out in the next month or two or three, given the processes that exist in Washington." Inglis says the strategy will address regulation and market forces, the international dimension of cybersecurity, assigning roles and responsibilities to the right people, and "how do we actually get critical infrastructure into the right place."
Oct 17, 2022 6 tweets 2 min read
Speaking at @AuthenticateCon, @CISAJen challenges "my friends in the technology space to adopt a policy of radical transparency around MFA adoption."

She wants them to disclose the % of their customers, sysadmins, and employees enrolled in MFA, broken down by authenticator type. “We need seatbelts and airbags that are built in, not aftermarket add-ons," Easterly says, calling MFA "the seatbelt of the information superhighway."

Vendors should care, she says, because "safe-by-default and safe-by-design is good for strategic and reputational growth."