Cybersecurity Quotes

We've searched our database for all the quotes and captions related to Cybersecurity. Here they are! All 100 of them:

There is a fine line between free speech and hate speech. Free speech encourages debate whereas hate speech incites violence.
Newton Lee (Counterterrorism and Cybersecurity: Total Information Awareness)
A robust cybersecurity framework is essential to protect a company's digital assets, sensitive data, and critical infrastructure.
Hendrith Vanlon Smith Jr. (Board Room Blitz: Mastering the Art of Corporate Governance)
Risk management and cybersecurity have transcended their traditional roles as mere compliance functions and have become fundamental pillars of good corporate governance.
Hendrith Vanlon Smith Jr. (Board Room Blitz: Mastering the Art of Corporate Governance)
By actively overseeing and providing guidance on risk management and cybersecurity, the board demonstrates its commitment to protecting the company's assets, reputation, and long-term success.
Hendrith Vanlon Smith Jr. (Board Room Blitz: Mastering the Art of Corporate Governance)
In today's volatile business landscape, characterized by rapid technological advancements, geopolitical uncertainties, and evolving regulatory frameworks, companies must adopt a proactive and holistic approach to risk management and cybersecurity.
Hendrith Vanlon Smith Jr. (Board Room Blitz: Mastering the Art of Corporate Governance)
The importance of epistemic security and cybersecurity is now comparable to that of national security.
Roger Spitz (The Definitive Guide to Thriving on Disruption: Volume I - Reframing and Navigating Disruption)
As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.
Newton Lee (Counterterrorism and Cybersecurity: Total Information Awareness)
If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked
Richard Clarke
Journalists should be watchdogs, not lapdogs.
Newton Lee (Counterterrorism and Cybersecurity: Total Information Awareness)
The two-way street of Total Information Awareness is the road that leads to a more transparent and complete picture of ourselves, our governments, and our world.
Newton Lee (Counterterrorism and Cybersecurity: Total Information Awareness)
While information is the oxygen of the modern age, disinformation is the carbon monoxide that can poison generations.
Newton Lee (Counterterrorism and Cybersecurity: Total Information Awareness)
In the underworld, reality itself has elastic properties and is capable of being stretched into different definitions of the truth.
Roderick Vincent (The Cause (The Minutemen Series, #1))
To competently perform rectifying security service, two critical incident response elements are necessary: information and organization.
Robert E. Davis
War is legitimized state-sponsored terrorism in a grand scale.
Newton Lee (Counterterrorism and Cybersecurity: Total Information Awareness)
The U.S. government needs to learn from successful private businesses that run an effective and efficient operation in serving their customers and outwitting their competitors.
Newton Lee (Counterterrorism and Cybersecurity: Total Information Awareness)
If we take a small step in extolling peacemakers as much as honoring war heroes, we will be making a giant leap towards peace.
Newton Lee (Counterterrorism and Cybersecurity: Total Information Awareness)
Li, a willowy manboy with a shock of black hair atop a mouthful of bad teeth was the brother-in-law he had introduced to industrial espionage several years back. Rong often regretted that.
Michael Ben Zehabe
Dora Flores was one of the few people Tom confided in. She reported to him as Cyber Division’s Inner-Office Field Support. She still had a slight Mexican flavor in her pronunciations, and he liked it.
Michael Ben Zehabe
An open internet is an open platform for debating opposing views. It allows unpopular voices to be heard.
Newton Lee (Counterterrorism and Cybersecurity: Total Information Awareness)
Every conceivable layer of the election process is completely riddled with vulnerabilities, so yes, hacking elections is easy!
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.
Stephane Nappo
Technology trust is a good thing, but control is a better one.
Stephane Nappo
The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience. Do remember: "Cybersecurity is much more than an IT topic.
Stephane Nappo
Cybersecurity is a new area where equality will exist to allow intelligence to succeed. Cybersecurity needs women to be successful and without them it will not as the best talent a must.
Ian R. McAndrew, PhD
Your ideas are bound to forces of which you have no control due to the fact that you've voluntarily submitted your freedom of though to the perception steering censorship of Google, Facebook and other dragnet surveillance capitalists.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
Consider all tabulation systems infected by bad actors until a third party, not affiliated with the manufacturer or election officials, proves they are secure.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
Cities require connectivity rather than territory in order to drive their economic stability and growth.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
Quantum Encryption is essential to protect our digital assets and infrastructure from attackers.
Kevin Coleman
The enormous amount of financial resources and creative energy that nations have spent on wars and weapons could have been redirected to curing deadly diseases, feeding the hungry, eliminating poverty, promoting art and culture, investing in renewable clean energy, and solving a host of other important challenges facing humanity.
Newton Lee (Counterterrorism and Cybersecurity: Total Information Awareness)
Dean Rolfe squirmed, coughed, and looked everywhere except in Frank’s eyes. To do what was fraught with legal ramifications. These were the words he had carefully avoided, the hidden croutons in his carefully prepared word salad. “To give you the reach to keep tabs on certain people, no matter where they go. You know . . . a surveillance system.
Michael Ben Zehabe
Cybersecurity is a support industry, and a lot of professionals in the industry tend to forget that. These professionals think that cybersecurity is an industry unto itself, but it wouldn’t exist without other industries (like manufacturing, healthcare, and financial services).
Christian Espinosa (The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity)
Navigating a complex system of cloud computing with an enterprise cybersecurity strategy is not an easy feat. A complex technological system works when designed correctly. However, adding the human factor as an element to this system is an ever-escalating paradox and a potential cyberthreat.
Ludmila Morozova-Buss
Zoe returned by rail to Claremont Village. After the train pulled away, she stood alone, beneath a security camera affixed to a lamppost. She looked up, and its lifeless eye looked straight back. In some uncontrollable fancy she turned and curtseyed, imagining someone wonderful on the other side of the lens would be captivated by her new American dress.
Michael Ben Zehabe
Information is a significant component of most organizations’ competitive strategy either by the direct collection, management, and interpretation of business information or the retention of information for day-to-day business processing. Some of the more obvious results of IS failures include reputational damage, placing the organization at a competitive disadvantage, and contractual noncompliance. These impacts should not be underestimated.
Institute of Internal Auditors
The Internet is the first thing that humanity has built that humanity doesn’t understand, the largest experiment in anarchy that we have ever had.
P.W. Singer (Cybersecurity and Cyberwar: What Everyone Needs to Know®)
In 2010, McAfee thought it impressive that it was discovering a new specimen of malware every fifteen minutes. In 2013, it was discovering one every single second!
P.W. Singer (Cybersecurity and Cyberwar: What Everyone Needs to Know®)
Do I want to know why you're so informed about spyware?" she asked. Nikolaos gave her a charming, dazzling smile. "No, my dear. You do not.
Molly Ringle (Persephone's Orchard (The Chrysomelia Stories, #1))
I’d been an outcast my entire life. Growing up with technophobe parents in the dawn of a Cyborg Age did that to a person.
Anna L. Davis (Open Source)
Ransomware is more about manipulating vulnerabilities in human psychology than the adversary's technological sophistication
James Scott
The only way to maintain privacy on the internet is to not be on the internet.
Abhijit Naskar (Vatican Virus: The Forbidden Fiction)
Never post family pictures online, There's no such thing as privacy settings. It is a total jungle out there, In every corner predators are lurking.
Abhijit Naskar (Himalayan Sonneteer: 100 Sonnets of Unsubmission)
Unequivocally, this proves not only have cats taken over the internet but now the offshore tax haven market too!
Chris Kubecka (Down the Rabbit Hole: An Osint Journey Open Source Intelligence Gathering for Penetration Testing)
You think an Air Gap is a defense? Sofacy, Stuxnet, Uroburos, AirHopper, BitWhisperer and ProjectSauron…enough said!
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
If you think you know-it-all about cybersecurity, this discipline was probably ill-explained to you.
Stephane Nappo
Artificial Intelligence trend is fuzzing up in Cybersecurity If weaponized for Cyber-attacks, it becomes as evil-infinity”.
Arulselvar Thomas - Briskinfosec
Many things in life can be safely ignored but ignoring Cybersecurity Safe Practices is an open invitation for disaster.
JC Hunter
In this business, I find more value in working with hackers who abstract new realities from cast aside code and concepts than academics who regurgitate other people’s work and try to pawn it off as their own.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
Hackers find more success with organizations where employees are under appreciated, over worked and under paid. Why would anyone in an organization like that care enough to think twice before clicking on a phishing email?
James Scott
Richard Clarke, former cybersecurity czar under the Bush administration and a member of the panel, later explained the rationale for highlighting the use of zero days in their report. “If the US government finds a zero-day vulnerability, its first obligation is to tell the American people so that they can patch it, not to run off [and use it] to break into the Beijing telephone system,” he said at a security conference. “The first obligation of government is to defend.”40
Kim Zetter (Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon)
The security theater we are witnessing in our election system boasting the illusion of security via ‘clunky as heck’ and air gap defense will do nothing against the real and sophisticated adversarial landscape that is zeroing in on our democracy
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
A Nation State or Cyber-Mercenary won’t hack e-voting machines one by one. This takes too long and will have minimal impact. Instead, they’ll take an easier approach like spear phishing the manufacturer with malware and poison the voting machine update pre-election and allow the manufacturer to update each individual machine with a self-deleting payload that will target the tabulation process.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
This next president is going to inherit the most sophisticated and persistent cyber espionage cultures the world has ever seen, He needs to surround himself with experts that can expedite the allocation of potent layers of next generation defenses around our targeted critical infrastructure silos.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
We’re talking about the fate of our economy and the questionable resiliency of our Nation’s critical infrastructure. Why are experts so polite, patient, and forgiving when talking about cybersecurity and National Security? The drama of each script kiddie botnet attack and Nation State pilfering of our IP has been turned into a soap opera through press releases, sound bites and enforced absurdity of mainstream media. It’s time for a cybersecurity zeitgeist in the West where cyber hygiene is a meme that is aggressively distributed by those who have mastered it and encouraged to be imitated by those who have experienced it.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
Anyone starting out to research for a doctorate degree should remember that hours of self centered work has the ability to be the spark for others to progress. All research is potentially useful to open doors or show others that door does not lead anywhere useful. Advancements happen by building on others research.
Ian R. McAndrew, PhD
One of the main cyber-risks is to think they don’t exist. The other is to try to treat all potential risks. Fix the basics, protect first what matters for your business and be ready to react properly to pertinent threats. Think data, but also business services integrity, awareness, customer experience, compliance, and reputation.
Stephane Nappo
Your people and their poor communication skills are the reason your data was stolen, not your lack of cutting-edge technology. Their need to be the smartest person in the room and their substandard people skills have rendered them unable to communicate clearly and work effectively with others to solve problems. That’s why we’re losing the cybersecurity war.
Christian Espinosa (The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity)
access readers that require supposedly unique fingerprints have been fooled by forged fingerprints pressed into Gummy Bear candy,
P.W. Singer (Cybersecurity and Cyberwar: What Everyone Needs to Know®)
Creating back doors to hack in to secure devices will not only undermine consumer confidence in technology but most importantly empower cyber criminals and totalitarian regimes.
Arzak Khan
The hacker didn't succeed through sophistication. Rather he poked at obvious places, trying to enter through unlock doors. Persistence, not wizardry, let him through.
Clifford Stoll (The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage)
Anything that says ‘smart’ in front of its name, is a potential magnet for trojans. The same goes for anything that is endorsed as ‘open source’.
Abhijit Naskar (Vatican Virus: The Forbidden Fiction)
Internet privacy is fiction.
Abhijit Naskar (Vatican Virus: The Forbidden Fiction)
In our online world there is no way for a regular civilian to keep their phone uninfected. And that includes everybody except skilled and resourceful programmers.
Abhijit Naskar (Vatican Virus: The Forbidden Fiction)
Creating and Empowering Global Tech Industry Leaders
Softwarica
In modern Russia, Putin vote for you
Chris Kubecka (Down the Rabbit Hole: An Osint Journey Open Source Intelligence Gathering for Penetration Testing)
The health sector continuously get’s pummeled by malicious actors and hackers because their cyber-kinetic security is being managed by “Participation Trophy” winning wimps!
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
The status-quo habits for 'grandfathered' vulnerabilities do not legitimize them.
Stephane Nappo
Security is a Blackhole
Sunanda Mani
Knowledge in our heads is useless. Its power is unleashed only when it is shared.
Mansur Hasib (Cybersecurity Leadership: Powering the Modern Organization)
Never still believe that your browser has the best security quality Even the earth’s best browser is lately affected with CVE 2019-5786
Arulselvar Thomas - Briskinfosec
You are an essential ingredient in our ongoing effort to reduce Security Risk.
Kirsten Manthorne
Real healthcare occurs outside of the doctor's office and hospitals, not when the patient shows up to make a complaint once their symptoms have developed.
Emmanuel Fombu (The Future of Healthcare: Humans and Machines Partnering for Better Outcomes)
Real cybersecurity means that your Security Operations team is consistently pen testing your network with the same stealth and sophistication as the Russian nation state, the same desperation as China’s 13th Five Year Plan, the same inexhaustible energy of the Cyber Caliphate and the same greed and ambition for monetary payoff as a seasoned cyber-criminal gang.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
Threat is a mirror of security gaps. Cyber-threat is mainly a reflection of our weaknesses. An accurate vision of digital and behavioral gaps is crucial for a consistent cyber-resilience.
Stephane Nappo
Homo Sapiens are Exploitable. Large Corporations Base the Mass with Least Recognition. It does NOT have to be the Employee Himself that would Deteriorate the Corporations Intranet but Surely since his Least Recognized, He is Most Definitely Vulnerable, Its a Starting Point to Open a Door for a Lovely Challenging Maze filled with Seed of Corruption that in Stages the Artists Shall Paint their Mark.
Emmanuel Abou-chabke
If you don’t feel ordained by the Universe to do this job, do something else. The intelligence community has to shut down the gaping wound that is the insider threat epidemic we are experiencing right now.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
If the DNC was a small business, it was like no small business I’ve ever seen. We change bosses and objectives with each election cycle and our goal is to spend every dime we raise to get people elected. Long-term planning for things like investment in cybersecurity is hard to do in this environment. And in this cycle it sometimes seemed like Brooklyn wanted to strip it of its functionality nearly as much as the Russians had.
Donna Brazile (Hacks: The Inside Story of the Break-ins and Breakdowns That Put Donald Trump in the White House)
As state-sanctioned measures evolve to erode fundamental rights, so too does the arsenal of defensive tools the security community relies on to protect them, and this provocation ignites the residue of our defiance.
Jacob Riggs
Digital freedom stops where that of users begins... Nowadays, digital evolution must no longer be offered to a customer in trade-off between privacy and security. Privacy is not for sale, it's a valuable asset to protect.
Stephane Nappo
I’m a big proponent of ownership, so I blamed myself, but as I matured, I realized people who don’t want to change won’t. I also realized there are a lot of people out there who do claim they want to change but still won’t.
Christian Espinosa (The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity)
This cyberwar will be a continuous marathon war that will only compound and hyper-evolve in stealth, sophistication and easy entry due to the accelerated evolution of “as a service” attack strategies for sale on the dark web.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully
Kevin D. Mitnick
You'll have the right to be angry about Vault 7 only after you boycott dragnet surveillance data providers like Google, Microsoft, Skype, Facebook and LinkedIn. The true threat is coming from the private sector surveillance profiteers.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
Two things about the NSA stunned me right off the bat: how technologically sophisticated it was compared with the CIA, and how much less vigilant it was about security in its every iteration, from the compartmentalization of information to data encryption.
Edward Snowden
What do you mean “Should we worry about cyber adversaries getting into state voter registration databases?” They’re already in and selling exfiltrated voter registration data on the dark web! Next election cycle black hats will be selling ‘access as service’.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
Whenever they spoke, most of us would just keep quiet, nod our heads, and put on what author Mark Bowden calls “the glaze.” This is the “unmistakable look of profound confusion and disinterest that takes hold whenever conversation turns to workings of a computer.
P.W. Singer (Cybersecurity and Cyberwar: What Everyone Needs to Know®)
The collaboration between secretaries of state, election officials and the voting system manufacturers on the matter of enforcing this black box proprietary code secrecy with election systems, is nothing less than the commoditization and monetization of American Democracy
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
मैं नहीं चाहता कि मेरा मन खंगाला जाए चाहे उसमें इस्तेमाल लायक कुछ भी न हो MAIN NAHIN CHAHTA KI MERA MANN KHANGALA JAYE CHAHE USMEIN ISTEMAL LAYAK KUCHH BHI NA HO I DON'T WANT THAT MY MIND BE SCRUTINIZED EVEN IF THERE WAS NO THING OF VALUE INSIDE 24 Dec National Mathematics Day
Vineet Raj Kapoor
One day in September 2015, FBI agent Adrian Hawkins placed a call to the Democratic National Committee headquarters in Washington, D.C., and asked to speak to the person in charge of technology. He was routed to the DNC help desk, which transferred the call to Yared Tamene, a young IT specialist with The MIS Department, a consulting firm hired by the DNC. After identifying himself, Hawkins told Tamene that he had reason to believe that at least one computer on the DNC’s network was compromised. He asked if the DNC was aware of this and what it was doing. Tamene had nothing to do with cybersecurity and knew little about the subject. He was a mid-level network administrator; his basic IT duties for the DNC were to set up computer accounts for employees and be on call to deal with any problems. When he got the call, Tamene was wary. Was this a joke or, worse, a dirty trick? He asked Hawkins if he could prove he was an FBI agent, and, as Tamene later wrote in a memo, “he did not provide me with an adequate response.… At this point, I had no way of differentiating the call I received from a prank call.” Hawkins, though, was real. He was a well-regarded agent in the FBI’s cyber squad. And he was following a legitimate lead in a case that would come to affect a presidential election. Earlier in the year, U.S. cyber warriors intercepted a target list of about thirty U.S. government agencies, think tanks, and several political organizations designated for cyberattacks by a group of hackers known as APT 29. APT stood for Advanced Persistent Threat—technojargon for a sophisticated set of actors who penetrate networks, insert viruses, and extract data over prolonged periods of time.
Michael Isikoff (Russian Roulette: The Inside Story of Putin's War on America and the Election of Donald Trump)
A single spear-phishing email carrying a slightly altered malware can bypass multi-million dollar enterprise security solutions if an adversary deceives a cyber-hygienically apathetic employee into opening the attachment or clicking a malicious link and thereby compromising the entire network.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
The Internet of Things (IoT) devoid of comprehensive security management is tantamount to the Internet of Threats. Apply open collaborative innovation, systems thinking & zero-trust security models to design IoT ecosystems that generate and capture value in value chains of the Internet of Things.
Stephane Nappo
The first objection is that states are not capable of attributing the source of a network intrusion, short-circuiting any security dilemma. The second objection is that the danger posed by network intrusions does not pose an existential risk and so the cybersecurity dilemma is not a major concern. The third and final objection is that cyber capabilities are unevenly distributed; strong states are more likely to possess cyber capabilities than weak ones, but, the objection argues, this is true of all military weapons and so cyber capabilities are not significant. In responding to these objections, this chapter establishes the boundaries of the cybersecurity dilemma argument.
Ben Buchanan (The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations)
Many technical people also struggle with curiosity. In public, they often lack curiosity. Yet, in private, it is my experience that technical people are very curious. Some would rather stay silent than be exposed for their lack of knowledge. These people care mainly about being the smartest person in the room, which inhibits their communication skills.
Christian Espinosa (The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity)
... they were just one part of a vast dark web of unseen players ... And yes, they could be fought, maybe some individuals might even be arrested, but you might as well try to prosecute cancer. They would always exist. Slippery, shadowy, forcing their way through the cracks in our online security and the doors we left open for them in our digital lives.
Ruth Ware (Zero Days)
You are a product to dragnet surveillance capitalists like Google, Facebook, Comcast and Verizon. Your ideas are rarely your own, rather you are little more than a pawn to their perception steering initiatives to get you to read, believe and buy what they put in front of you. The first step to breaking out of this faux reality matrix is to stop using Google, Bing, Yahoo, Comcast and Facebook.
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
For me, I will take freedom over security and I will take security over convenience, and I will do so because I know that a world without failure is a world without freedom. A world without the possibility of sin is a world without the possibility of righteousness. A world without the possibility of crime is a world where you cannot prove you are not a criminal. A technology that can give you everything you want is a technology that can take away everything that you have. At some point, in the near future, one of us security geeks will have to say that there comes a point at which safety is not safe.
Dan Geer
The situation gets still more concerning. As Chapter Six argues, two important factors that are frequently assumed to be constants in the traditional security dilemma models are in fact variables in cybersecurity. In most other security dilemma discussions, each actor sees the moves of its potential adversaries and must determine the intentions behind those moves. In cybersecurity, the distribution of information is vastly more asymmetric, which increases risk and uncertainty for decision-makers. With proper tradecraft, many actions, including the development of powerful capabilities and the launching of significant intrusions, often remain out of view to others. Thus, unlike in many historical and theoretical textbook cases, in cyber operations not only must states potentially fear what they see, but they must potentially fear what they do not see as well. Defensive-minded intrusions that resolve this uncertainty thus seem still more appealing. Similarly, in the traditional security dilemma model there is almost always some status quo of shared expectations. This implicit or formal consensus of behavior provides significant guidance about which activities the involved parties consider normal and non-threatening. The potential for escalation in this model occurs only when this shared vision of normalcy breaks. In cybersecurity, however, there is only a nascent status quo. Without a common conception of appropriate national behavior, the probability of dangerous misinterpretation increases. Building on these five steps to the argument, the final two chapters of the book are somewhat different in kind. Chapter Seven pauses to consider three objections to the cybersecurity dilemma logic and how they might constrain the argument.
Ben Buchanan (The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations)
Israel has an extremely vibrant hi-tech sector, and a cutting-edge cyber-security industry. At the same time it is also locked into a deadly conflict with the Palestinians, and at least some of its leaders, generals and citizens might well be happy to create a total surveillance regime in the West Bank as soon as they have the necessary technology. Already today whenever Palestinians make a phone call, post something on Facebook or travel from one city to another they are likely to be monitored by Israeli microphones, cameras, drones or spy software. The gathered data is then analysed with the aid of Big Data algorithms. This helps the Israeli security forces to pinpoint and neutralise potential threats without having to place too many boots on the ground. The Palestinians may administer some towns and villages in the West Bank, but the Israelis control the sky, the airwaves and cyberspace. It therefore takes surprisingly few Israeli soldiers to effectively control about 2.5 million Palestinians in the West Bank.
Yuval Noah Harari (21 Lessons for the 21st Century)
But states have difficulty evaluating cybersecurity threats. If a state does detect an intrusion in one of its vital networks and if that intrusion looks to be from another state, what should the state suffering the intrusion conclude? On the one hand, it might be a defensive-minded intrusion, only checking out the intruded-upon state’s capabilities and providing reassuring intelligence to the intruding state. This might seem unsettling but not necessarily threatening, presuming the state suffering the intrusion was not developing capabilities for attack or seeking conflict. On the other hand, the intrusion might be more nefarious. It could be a sign of some coming harm, such as a cyber attack or an expanding espionage operation. The state suffering the intrusion will have to decide which of these two possibilities is correct, interpreting limited and almost certainly insufficient amounts of data to divine the intentions of another state. Thus Chapter Four’s argument is vitally important: intrusions into a state’s strategically important networks pose serious risks and are therefore inherently threatening. Intrusions launched by one state into the networks of another can cause a great deal of harm at inopportune times, even if the intrusion at the moment of discovery appears to be reasonably benign. The intrusion can also perform reconnaissance that enables a powerful and well-targeted cyber attack. Even operations launched with fully defensive intent can serve as beachheads for future attack operations, so long as a command and control mechanism is set up. Depending on its target, the intrusion can collect information that provides great insight into the communications and strategies of policy-makers. Network intrusions can also pose serious counterintelligence risks, revealing what secrets a state has learned about other states and provoking a damaging sense of paranoia. Given these very real threats, states are likely to view any serious intrusion with some degree of fear. They therefore have significant incentive to respond strongly, further animating the cybersecurity dilemma.
Ben Buchanan (The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations)
told my people that I wanted only the best, whatever it took, wherever they came from, whatever it cost. We assembled thirty people, the brightest cybersecurity minds we have. A few are on loan, pursuant to strict confidentiality agreements, from the private sector—software companies, telecommunications giants, cybersecurity firms, military contractors. Two are former hackers themselves, one of them currently serving a thirteen-year sentence in a federal penitentiary. Most are from various agencies of the federal government—Homeland Security, CIA, FBI, NSA. Half our team is devoted to threat mitigation—how to limit the damage to our systems and infrastructure after the virus hits. But right now, I’m concerned with the other half, the threat-response team that Devin and Casey are running. They’re devoted to stopping the virus, something they’ve been unable to do for the last two weeks. “Good morning, Mr. President,” says Devin Wittmer. He comes from NSA. After graduating from Berkeley, he started designing cyberdefense software for clients like Apple before the NSA recruited him away. He has developed federal cybersecurity assessment tools to help industries and governments understand their preparedness against cyberattacks. When the major health-care systems in France were hit with a ransomware virus three years ago, we lent them Devin, who was able to locate and disable it. Nobody in America, I’ve been assured, is better at finding holes in cyberdefense systems or at plugging them. “Mr. President,” says Casey Alvarez. Casey is the daughter of Mexican immigrants who settled in Arizona to start a family and built up a fleet of grocery stores in the Southwest along the way. Casey showed no interest in the business, taking quickly to computers and wanting to join law enforcement. When she was a grad student at Penn, she got turned down for a position at the Department of Justice. So Casey got on her computer and managed to do what state and federal authorities had been unable to do for years—she hacked into an underground child-pornography website and disclosed the identities of all the website’s patrons, basically gift-wrapping a federal prosecution for Justice and shutting down an operation that was believed to be the largest purveyor of kiddie porn in the country. DOJ hired her on the spot, and she stayed there until she went to work for the CIA. She’s been most recently deployed in the Middle East with US Central Command, where she intercepts, decodes, and disrupts cybercommunications among terrorist groups. I’ve been assured that these two are, by far, the best we have. And they are about to meet the person who, so far, has been better. There is a hint of reverence in their expressions as I introduce them to Augie. The Sons of Jihad is the all-star team of cyberterrorists, mythical figures in that world. But I sense some competitive fire, too, which will be a good thing.
Bill Clinton (The President Is Missing)
The lack of awareness extends even to the highest levels of the U.S. government: President Barack Obama’s 2013 executive order on cybersecurity made no specific mention of the undersea cable industry.
Nicole Starosielski (The Undersea Network (Sign, Storage, Transmission))