Latest Posts

The FDA Finally Suggests Meaningful Action to Secure Medical Devices

by James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology Healthcare depends on the crucial medical devices essential for the treatment and diagnosis of illness and disease. The Food and Drug Administration (FDA) regulates over 190,000 different devices, which are manufactured by more than 18,000 firms in more than 21,000 medical device facilities worldwide. Digital .. read more

Crushing Protectionist Silos to Expedite Tech Industry Niche Evolution: Using Social Media to Curate and Disseminate Information

by Drew Spaniel, Researcher, Institute for Critical Infrastructure Technology The digital threat landscape is comprised of organization-centric asymmetric warfare theaters populated by innumerable hyper-evolving sophisticated and unsophisticated adversaries with myriad motives, tools, techniques, and procedures. As trite as it sounds, it remains true now more than ever that “knowledge is power.” However, in the Digital .. read more

“The Most Important Vote for the Internet in History” #SaveTheInternet

by James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology Last December, FCC chairman Ajit Paj introduced rules that reversed the 2015 Open Internet Order. The 2015 order explicitly banned blocking, throttling, and paid prioritization by Internet providers. It guaranteed free thought and a free market on an open Internet. Paj, a former Verizon lawyer, .. read more

America is Losing the Cyberwar: What’s Next for Our Cyber-Defense without an NSC Cybersecurity Coordinator?

by James Scott, Senior Fellow, Institute for Critical Infrastructure Technology Rob Joyce, White House Cybersecurity Coordinator and Acting Deputy of U.S. Homeland Security, concludes his tenure today. Anonymous sources, via traditional corporate media, suggest that he may be the final “cybersecurity czar” of the current, and potentially of future, administration(s).  In the unlikely event that .. read more

What the Health Sector Needs to Know About Cryptocurrency Technologies, Blockchain, and Cryptojacking Attacks

by James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology While the Bitcoin and the cryptocurrency trend may turn out to be a massive bubble, the underlying technology and innovation could forever alter the digital landscape of the health sector [1]. Until 2016, cybersecurity and cyber-hygiene were stagnant in the health sector. The lackadaisical vulnerable .. read more

The Orangeworm Mystery Plaguing the Health Sector

by James Scott, Co-Founder and Sr. Fellow, ICIT The International healthcare community is currently beleaguered by an obscured adversary with illusive motives. Supply chain attacks on healthcare providers, pharmaceutical companies and medical sector information technology solution providers and equipment manufacturers via phishing emails first emerged in January 2015. The majority of the hundred attacks remain .. read more

Enemies at the Gate: The New Fake News

by James Scott, Co-Founder and Sr. Fellow, Institute for Critical Infrastructure Technology (ICIT), Center for Cyber Influence Operations Studies (CCIOS) The Institute for Critical Infrastructure Technology (ICIT) is a non-partisan, non-profit 501c3 intent on facilitating meaningful dialogue amongst key stakeholders in government and public and private organizations as well as educating the public on Information .. read more

The 2018 ICIT Annual Forum: The Cybersecurity Renaissance Is Here

Public and private critical infrastructure sectors are relentlessly pummeled by nation-state, mercenary, criminal and cyber jihadists who pilfer poorly architected networks and exploit vulnerabilities in software and devices built without adhering to principles of security-by-design. These bad actors steal data for economic gain or counterintelligence purposes and victimize citizens whose inadequately protected PII is exfiltrated and used .. read more

ICIT Analysis: “Facebook Poses a Massive Risk to National Security: But It’s Worse than You Think…”

Dragnet surveillance capitalists turned dragnet surveillance propagandists remain under-controlled to the point that they knowingly operate on a spectrum from criminally negligent to negligently criminal. While it is essential that negligent data brokers face the consequences for their nefarious activities, it is also vital that the underlying disease that founded the environment of their growth .. read more

What is Facebook’s Relationship with China and How Has U.S. Data Been Exposed?

by James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology (ICIT), Center for Cyber Influence Operations Studies (CCIOS) In addition to the questions that Facebook must answer concerning its relationship with Cambridge Analytica and the breach of privacy and security on its platform, legislators must also inquire about its relationship with China and how the .. read more

ICIT Introduces: The Center for Space Warfare Studies (CSWS)

People jest that space is the final frontier, unchartered territory, or other romanticizations. However, in terms of security and warfare, “space” refers to the area immediately surrounding terrestrial bodies. More specifically, space warfare concerns the satellites, defense systems, and critical assets orbiting the Earth in the exosphere and thermosphere and the signals communicated to and .. read more

Why We Are No Longer on Facebook

by James Scott, Sr. Fellow ICIT, CCIOS, CSWS The detailed activity and personal data of over 50 million Facebook users were accessed and exploited without the consent of users by Cambridge Analytica in yet another text-book incident facilitated by an under-regulated, irresponsible, dragnet surveillance corporation, Facebook, whose sole-function has become the exploitation and monetization of .. read more

National Security Depends on the Utilization of the MGT Act

by James Scott, Sr. Fellow, ICIT Nearly three-quarters of the $80 billion annually spent on federal IT systems is allocated towards the upkeep and maintenance of outdated and vulnerable legacy systems. The majority of these systems predate the Internet, many were “Frankensteined “together ad hoc from technologies that are now older than those tasked with .. read more

ICIT Analysis: The CLOUD Act – Immediate Passage of the CLOUD Act Ensures Unambiguous Protection of Privacy and National Security

The CLOUD Act is meaningful bipartisan legislation that will empower U.S. law enforcement and authorities in countries that enter into agreements with the government to quickly access essential evidence stored in servers owned by companies that are based in the United States, provided that there is probable cause and warrant to access that information. With .. read more

ICIT Brief: Dispelling the Fear of IT Modernization

IT modernization is confounded by shoestring budgets, system incompatibilities, and the inability to take critical systems offline for long enough to transition to more modern and secure technology. Despite all appearances, however, modernization is not actually governed by dollars and hardware. Cybersecurity modernization is a state of mind. It is a battle that CIOs and .. read more

National Security Officials Letter in Support of the Secure Elections Act

On February 20, 2018, twenty-one national security officials, including General Michael Hayden (Ret), The Honorable Rick Ledgett (Former Deputy Director, NSA), Mike Rogers (Former Chair, House Intelligence Committee), and James Scott (Sr. Fellow, ICIT),  sent a letter to Senators Mitch McConnell and Chuck Schumer to express their support for the Secure Elections Act (S. 2261), .. read more

William Evanina is the Counterintelligence Leader our Nation Needs

The digital threat landscape is wrought with nation-state advanced persistent threat groups, cyber-mercenaries, dragnet surveillance propagandists, insider threats, and numerous other dangerous adversaries intent on exfiltrating vital intelligence, disseminating poisonous disinformation, compromising vital systems, and disrupting critical operations. America’s critical infrastructure and national security assets are under constant assault. Qualified Information Security leaders are scarce .. read more

How To Protect Critical Infrastructure From Insider Threats

  By William R. Evanina [William R. Evanina is the Director of the National Counterintelligence and Security Center and the recipient of the 2017 ICIT Pinnacle Award.]   Silicon Valley is synonymous with innovation and technology. As anyone working in this space knows—particularly for start-ups with proprietary information—you have to be able to trust your .. read more

Hacking Cyborgs: By 2025, Non-Augmented Humans Will Be Obsolete. But There’s Bad News…

The human condition is plagued by a labyrinth of shortcomings, frailties, and limitations that hinder man from reaching his fullest potential. Therefore, it only makes sense that we find ourselves at the next phase in human evolution where restricted man merges with the infinite possibilities of hyper-evolving technologies. This techno-human transmutation will prove to be .. read more

ICIT Analysis – Carbanak Threatens Critical Infrastructure: Cybercriminal APTs Merit Significant Investigation and Discussion

Carbanak, currently one of the most effective advanced persistent threats (APTs) active, poses a serious threat to critical infrastructure organizations such as banks, government, and data brokers such as Equifax. The Carbanak APT demonstrates how criminal collectives can adapt, divide, and evolve as their tools, techniques, and procedures advance. In this analysis, entitled “Carbanak Threatens .. read more

ICIT Introduces: Center for Cyber-Influence Operations Studies (CCIOS)

“This is an advisory that studies the weaponized digital applications used by foreign nation-states for influence operations” – James Scott, Sr. Fellow ICIT & CCIOS The weaponization of digital vectors for a more expedient and potent manner of message delivery has become a pandemic as nation-states use technological means to streamline distribution of fake news, .. read more

Equifax: The Hazards of Dragnet Surveillance Capitalism Part 2: Just Another Data Breach? Or C-Suite Criminal Negligence?

The reckless handling of data collected in capitalistic dragnet surveillance has developed into a national security and privacy epidemic.  The Equifax breach should epitomize the consequences of negligent data brokerage and serve as a wake-up call to similar organizations who profit from dragnet surveillance and the employment of psychographic and demographic Big Data algorithms. In .. read more

ICIT Analysis – Equifax: America’s In-Credible Insecurity – Part One

A catastrophic breach of Equifax’s systems was inevitable because of systemic organizational disregard for cybersecurity and cyber-hygiene best practices, as well as Equifax’s reliance on unqualified executives for information security. While Equifax has proven itself to be a compromised, irresponsible data custodian, Experian, TransUnion, and other data brokers may be just as vulnerable, irresponsible, and .. read more

Dragonfly is Nothing New:  An Objective Assessment of this Energy Sector APT

by James Scott, Sr. Fellow, ICIT Show-of-force intelligence gathering and cyber-kinetic sabotage malware attacks against United States Energy infrastructure are neither novel nor warrant mass-hysteria attempts by fear mongers seeking to exploit the incident for personal gain.  They are deliberate campaigns meant to demonstrate capabilities while offering no real threat to the distributed U.S. energy .. read more

ICIT Analysis: The Graham-Klobuchar Amendment Can Secure Election Infrastructure

Election integrity is a non-partisan issue that merits significant bipartisan support. Multiple players are capable of exploiting the vulnerabilities present in the often insecure, black-box proprietary code and unsecurable, antiquated legacy technology upon which U.S. election tabulation infrastructure relies. The Graham-Klobuchar Amendment aims at achieving Secure State Election Infrastructure through a Federal-State collaborative commission of .. read more

HHS’ HCCIC Takes a Quantum Leap Forward to Secure the Health Sector

HHS is aggressively working with industry to introduce organizational cybersecurity resiliency to the Health Care Industry and move organizations away from self-regulating, checkbox-driven security standards which provide little more than security theatre.  The Healthcare Cybersecurity and Communications Integration Center (HCCIC), HHS’s new cybersecurity intelligence-sharing clearing-house, is a major step toward this goal and acts as .. read more

ICIT Publication: I Got 99 Problems But a Breach Ain’t One

Critical Infrastructure Information Security systems are failing under persistent adversarial efforts because too many organizations still depend on antiquated legacy systems, un-cyber-hygienic personnel, and devices that lack security-by-design. This is not merely a cyberwar, we are now in a state of cyber-kinetic-meta war. There was no clear beginning and there will be no end. The .. read more

ICIT Brief: Metadata – The Most Potent Weapon in This Cyberwar: The New Cyber-Kinetic-Meta War

Metadata, or “data about data,” is collected and recorded to describe data, identify trends, administer algorithmic solutions, and model potential scenarios. When one understands how to make sense of seemingly random metadata or how to pair the data with other exfiltrated data pools, there are limitless possibilities for social engineering and cyber exploitation in attacks .. read more

ICIT Analysis: The Surveillance State & Censorship Legislation Conundrum: Dragnet Surveillance & Censorship Legislation Will Do Nothing to Eliminate Cyber Jihad & Lone Wolf Recruiting

Recent efforts by governments to weaken encryption, introduce exploitable vulnerabilities into applications, and to develop Nation-state dragnet surveillance programs will do little to stymie the rise in terrorist attacks.  These efforts will be a detriment to national security and only further exhaust law enforcement resources and obfuscate adversary communiqués within a massive cloud of noise. .. read more

Next Generation Defenses for a Hyper Evolving Threat Landscape: An Anthology of ICIT Fellow Essays Volume I

The onslaught of attacks on our Critical Infrastructure sectors by nation state, mercenary, criminal and cyber jihadist APTs is robbing organizations of millions worth of IP and victimizing citizens whose inadequately protect PII is being exfiltrated and used for economic gain or counterintelligence purposes. Organizations must be on the forefront of bleeding-edge cybersecurity technologies and .. read more

The Necessity of Encryption for Preserving Critical Infrastructure Integrity: Protecting Data At-Rest, In-Transit, and During-Processing with Format Preserving Encryption

The Necessity of Encryption for Preserving Critical Infrastructure Integrity: Protecting Data At-Rest, In-Transit, and During-Processing with Format Preserving Encryption by James Scott, Sr. Fellow, ICIT DOWNLOAD A PDF OF THIS POST HERE Breaches Result in Loss of Trust Cybersecurity is rooted in trust. Organizations expend resources purchasing and maintaining the systems and applications that they .. read more

There’s Proof That North Korea Launched the WannaCry Attack? Not So Fast! – A Warning Against Premature, Inconclusive, and Distracting Attribution

By James Scott, Sr. Fellow, ICIT Last week, ICIT urged responsible news outlets to focus on meaningful aspects of the May 12, 2017 WannaCry attack on over 230,000 systems in over 150 countries, such as the desperate need for security-by-design in software and technology, the perpetual failure of organizations across the globe to secure their .. read more

ICIT Analysis: America Exposed – Who’s Watching You Through your Computer’s Camera?

Virtually every computer, smartphone, and internet-enabled mobile device has a camera and microphone that can be used by malicious threat actors to surveil and spy on the user. Using malware such as NanoCore RAT and Nuclear RAT 2.0, Cyber Criminals, Script Kiddies, and Nation State APTs can compromise devices and remotely monitor the activities of .. read more

WannaCry Ransomware & The Perils of Shoddy Attribution: It’s the Russians! No Wait, It’s the North Koreans!

By James Scott, Sr. Fellow, ICIT Baseless Attribution Discussions Distract From Meaningful Dialogue It’s the Russians! No, wait, it’s the North Koreans! No, wait it’s…cyber mercenaries posing as PLA hackers moonlighting as cyber mercenaries for the North Korean nation-state? It’s interesting to watch faux experts take such authoritative positions in sinking sand arguments with virtually .. read more

Recommendations for Preventing Ransomware Exploitation

By James Scott, Senior Fellow, Institute for Critical Infrastructure Technology Ever since the WannaCryptor ransomware attack, also known as WannaCry or Wcrypt, began wreaking havoc around the globe, ICIT has received a flood of inquiries from policymakers, governments, and the private sector on how organizations can defend themselves.  ICIT is pleased to provide the following .. read more

ICIT Analysis: The Cyber Shield Act

Industry experts and federal agencies such as NSA, NASA and NIST have repeatedly pushed for the implementation and standardization of the bare essentials of Information Security, such as security-by-design, cyber-hygiene training, and layered defenses, to be recognized as crucial topics on the Hill.  The Cyber Shield Act is an excellent idea for improving informed consumer .. read more

ICIT Analysis:  Sowing the Seeds of U.S. Cyber Talent

K-12 students are the most prevalent and the most invaluable resource the U.S. can utilize in the development of a skilled and formidable cyber-workforce. As the United States grapples with a projected shortage of 1.5 million cybersecurity professionals by 2020, the “digital generation” provides a unique opportunity to address the cyber-talent shortage. In this analysis, .. read more

ICIT Analysis – S.J. Res. 34 – Introduction of Privatized Censorship

With S.J.Res.34, every citizen will have massive amounts of their data exposed when their ISP or a nebulous third-party intentionally or inadvertently fails to adequately secure the information. By drastically expanding that collection, storage, and exchange of data with a few short lines of legislation, Congress has jeopardized the security and privacy of every citizen, every .. read more

The Know Your Enemies 3.0 Advanced Persistent Threat Advisory is Finally Here!

We Connect the Dots between Nation State, Cyber Mercenary, Cyber Caliphate and Cyber Criminal Advanced Persistent Threats by James Scott, Sr. Fellow, ICIT Allegations of cyber-incidents, IP theft, and cyber-attack have significant tangible results and seismic geopolitical implications. Most compromised organizations do not detect breaches until eight months after the initial incident; consequently, typical attribution .. read more

On March 28th, 2017, posted in: Latest Posts by Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

ICIT Analysis: How to Crush the Health Sector’s Ransomware Pandemic

The health sector is the most vulnerable, most targeted, and resoundingly least equipped to defend against hackers who are pummeling healthcare organizations with ransomware attacks.   This ransomware epidemic will only become more severe and costly as the infection volume in 2017 will trump infections in 2016. In this post, entitled “How to Crush the .. read more

Cybersecurity in Non-Profit and Non-Governmental Organizations

Non-Profit and Non-Government Organizations (NGOs) rely greatly on the use of information technology for both their operations and innovative strategic program initiatives.  In a sense, they are no different than any small, medium or large-scale enterprise with regard to computing.  Keeping information confidential and free from integrity and privacy challenges as well as ensuring their .. read more

ICIT Analysis: Signature Based Malware Detection is Dead

Signature and behavioral based anti-malware are no match for next generation adversaries who utilize mutating hashes, sophisticated obfuscation mechanisms, self-propagating malware, and intelligent malware components. In this analysis, entitled “Signature Based Malware Detection is Dead,” the Institute for Critical Infrastructure Technology provides a thought-provoking analysis of the necessity for critical infrastructure sectors to adopt advanced .. read more

Join ICIT Fellows at RSA for Demos, Education and Networking!

ICIT will have a strong presence at the 2017 RSA Conference & Expo, with Sr. Fellows meeting with next-generation technology providers to identify bleeding edge technologies and Fellows offering education and demos at booths as well as hosting the best parties of the conference. Do not miss these opportunities to meet with ICIT Fellows.  And .. read more

On February 8th, 2017, posted in: Latest Posts by

ICIT Brief: In 2017, The Insider Threat Epidemic Begins

Just as American and European critical infrastructure executives were beginning to wrap their minds around the devastation of the Office of Personnel Management breach, ransomware erupted onto the scene, followed by concentrated DDoS attacks such as the Mirai botnet attack on Dyn, which enabled a quantum leap for cyber criminals.  Now, all techno-forensic indicators suggest .. read more

Congressman Jim Langevin Receives the ICIT Transcend Award

Washington D.C. January 25, 2017 – The Institute for Critical Infrastructure Technology (ICIT), America’s Cybersecurity Think Tank™, presented Congressman Jim Langevin, from Rhode Island’s 2nd congressional district, with its Transcend Award at the Congressman’s office in the Rayburn House Office Building. The Transcend Award is an honor given each year to a distinguished member of .. read more

ICIT Publication: Dragnet Surveillance Nation: How Data Brokers Sold Out America

With recent accusations of fake news and the weaponization of information as a mechanism of steering public perceptions dominating headlines around the world, have you ever considered the reality that private dragnet surveillance via social media properties, ISPs, search engines, health sector organizations etc., heavily contribute to the problems of adversarial intervention and streamlined distribution .. read more

The Cybersecurity Show Must Go On: Surpassing Security Theatre and Minimal Compliance Regulations

The United States Cybersecurity culture is heavily rooted in practices of Security Theater, where an organization that suffers a data breach can invest in countermeasures that provide a feeling or sense of security without actually improving the cybersecurity threat posture of the organization. In this publication, entitled “The Cybersecurity Show Must Go On:  Surpassing Security .. read more

“Fake News” Is “Old News” for Nation State and Mercenary APTs

By James Scott, Senior Fellow ICIT Regardless of your partisan persuasion, your opinion of mainstream media or your opinion of the ‘alt-right,’ one thing is for certain, ‘fake news’ is ‘old news’ when it comes to the weaponization of information by nation states and cyber mercenaries. Cyber adversaries tailor spear phishing and malvertising lures to .. read more

It’s the Russians! … or Is it? Cold War Rhetoric in the Digital Age

by James Scott, Sr. Fellow, ICIT Introduction Malicious actors can easily position their breach to be attributed to Russia.  It’s common knowledge among even script kiddies that all one needs to do is compromise a system geolocated in Russia (ideally in a government office) and use it as a beachhead for attack so that indicators .. read more

ICIT Analysis: Identity and Access Management Solutions: Automating Cybersecurity While Embedding Pervasive and Ubiquitous Cyber-Hygiene-by-Design

Identity and Access Management (IAM) solutions are a critical component of organizational cyber-hygiene and cybersecurity initiatives because IAM solutions automate cyber-hygiene best practices, reduce user fatigue, provide access controls, establish user accountability, institute system auditability, and enable users to mitigate cyberattacks. In this analysis, entitled “Identity and Access Management Solutions: Automating Cybersecurity While Embedding Pervasive .. read more

ICIT Publication – Rise of the Machines: The Dyn Attack Was Just a Practice Run

As the adversarial threat landscape continues to hyper-evolve, America’s treasure troves of public and private data, IP, and critical infrastructure continues to be pilfered, annihilated, and disrupted.  The Mirai IoT botnet has inspired a renaissance in adversarial interest in DDoS botnet innovation based on the lack of fundamental security-by-design in the Internet and in IoT .. read more

Overcoming Event Fatigue: ICIT Programs Offer a Platform for True Thought Leader Collaboration

by James Scott (Sr. Fellow, ICIT) & Parham Eftekhari (Sr. Fellow, ICIT) The rapid outbreak of cyber threats over the past few years has resulted in an abundance of events that promote faux experts and ineffective silver bullet solutions, often hosted by organizations who are more focused on luring in massive crowds of attendees and .. read more

The Painfully Vulnerable Election System and Rampant Security Theater

by James Scott, Sr. Fellow, ICIT and Drew Spaniel, Fellow, ICIT ‘Clunky as Heck’ and Security via Obscurity Create Only an Illusion of Secure Elections “Election Officials, consider your voting machines, networks and tabulators infected until you’ve forensically proven otherwise.”  James Scott, Senior Fellow, ICIT The first step to correcting the plague of cyber-kinetic vulnerabilities .. read more

DYN Attacks Exploit Old and Well Known Vulnerabilities

by James Scott, Sr. Fellow, ICIT and Drew Spaniel, Researcher, ICIT Throughout the morning, DYN has released statements indicating that the issue has been resolved only to have the servers crash within the following hour. Without inside information, two hypotheticals exist to explain the heat map and the disruption. First, it is possible that DYN .. read more

The Categorical Threat Landscape to Consider When Reading NASS’ Open Letter to Congress

Authored By: James Scott, Sr. Fellow, ICIT & Drew Spaniel, Researcher, ICIT On September 26, 2016, the National Association of Secretaries of State (NASS) released an Open Letter to Congress that urged for the informed communication of facts about the security of election systems with the American public. This communique builds upon the NASS letter .. read more

ICIT Analysis: Hacking Elections is Easy! Part 2: Psst! Wanna Buy a National Voter Database? Hacking E-Voting Systems Was Just the Beginning

The United States election process has been at risk since the widespread adoption of electronic voting (e-voting) systems in 2002-2006. Despite the fact that researchers have spent the past decade demonstrating that Direct Recording Electronic (DRE) and optical scanning systems from every manufacturer are vulnerable along numerous attack vectors, our Nation is still plagued with .. read more

ICIT Brief – Your Life, Repackaged and Resold: The Deep Web Exploitation of Health Sector Breach Victims

Despite being the most at-risk and perpetually breached critical infrastructure sector in the Nation, virtually all health sector organizations refuse to evolve their layered security to combat a hyper evolving threat landscape. As a result, when a healthcare system is breached and patient records are stolen, the entire brutal impact of the incident that resulted from .. read more

ICIT Analysis: Hacking Elections is Easy! Part One: Tactics, Techniques, and Procedures

True democracy relies on the reliability of the democratic process. The “Help America Vote Act”, passed in 2002, ushered in an era of uncertainty by proliferating the use of electronic voting systems vulnerable to cyber, technical and physical attack. More often than not, electronic voting systems are nothing but bare-bone, decade old computer systems that .. read more

ICIT Brief – The Energy Sector Hacker Report: Profiling the Hacker Groups that Threaten our Nation’s Energy Sector

Among our Nation’s critical infrastructures, the Energy Sector is a primary target for exploitation by nation state and mercenary APTs, hacktivists, cyber jihadists and other hacker teams. Although the nation’s socioeconomic survival depends on the energy sector to deliver energy to the homes and businesses that support life, business operations, and critical systems, it was .. read more

ICIT Brief – China’s Espionage Dynasty: Economic Death by a Thousand Cuts

The criminal culture of theft that has been injected into virtually every line of China’s 13th Five-Year Plan is unprecedented. From state sponsored smash and grab hacking and techno-pilfering, to corporate espionage and targeted theft of IP, never before in recorded history has IP transfer occurred at such a rapid velocity. In this report, entitled .. read more

ICIT Report: Utilizing the NSA’s CSfC Process- Protecting National Security Systems with Commercial Layered Solutions

The acceleration of State Sponsored and Mercenary APT cyber-attacks, each of which possess new and more innovative layering of stealth and sophistication, has triggered a much needed response by the National Security Agency’s (NSA) Information Assurance Directorate (IAD). A more expedient path to technology approval has been introduced for qualified organizations. As a result, the .. read more

ICIT Report: CISO Solution Fatigue – Overcoming the Challenges of Cybersecurity Solution Overload

Due to the plague of APTs, malware, ransomware and other malicious initiatives by invisible adversaries, few C-level executive positions are as critical as the CISO. A well informed CISO can improve the engagement of the C-Suite and improve the cyber posture of the organization. However, due to a variety of factors, CISOs combat information overload and vendor .. read more

ICIT Analysis: The Wound Collectors – Profiling the Self Radicalized Lone-Wolf Terrorist

Acts of domestic terrorism in the West are escalating at an alarming rate. Lone wolf attacks and attackers have sparked public, political and law enforcement curiosity due to the, seemingly, random and independent action of a self-radicalized extremist with modest or no ties directly to the group in which they proclaim the action to be .. read more

American ISIS: Analysis of the Orlando Jihadist & Lone-wolf Attacks

ISIS lone wolves are being activated in towns and cities globally for the most potent cyber-physical combination of guerrilla attack ever to be introduced in modern warfare. This new enemy, fueled by extremist ideology, defies traditional profiling attributes such as race, sex, age, education, and nationality and can more easily evade detection by law enforcement. This .. read more

ICIT Brief – The Anatomy of Cyber-Jihad: Cyberspace is the New Great Equalizer

Until now it has been fairly easy to categorize malicious cyber-actors as State Sponsored APT, Hacktivist, Mercenary and Script Kiddie. However, a new threat actor has emerged who uses technological means to bring terror and chaos to our nation and its allies: the Cyber-Jihadist. Cyber-Jihad has quickly arrived on the scene and will only continue .. read more

NIST SP 800-160: For the Rest of Us – An ICIT Summary

NIST Special Publication 800-160: Systems Security Engineering: Consideration for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, offers useful strategies that can raise the bar for cyber defense and can be implemented quickly to drastically minimize traditionally vulnerable attack surfaces laid siege by state sponsored APTs, hacktivists, sophisticated mercenaries and cyber jihad hackers. This condensed .. read more