The Great Disruption No One Planned For: COVID-19Emile Sayegh
In recent weeks, many of the nation’s companies have undergone significant transformations—changing how employees communicate, interact, and how companies operate. The stress on every aspect of IT infrastructure has never been greater with millions of employees working from home. This new reality brings major business and technical challenges to business continuity, productivity, and security postures. Ntirety’s executive team will host a webinar on April 9th to discuss lessons and strategies for operating through the COVID-19 crisis. Join CEO Emil Sayegh, Chief Information Security Officer Chris Riley, Chief Revenue Officer Kevin Smith, and CFO John Faulkner who will offer insights on IT and Security readiness and preparedness against this pandemic. Emil, who is also a Forbes contributor, will also recap some of his insights that he has shared on Forbes throughout this pandemic.
Join to:
Hear how leading organizations are adapting their IT infrastructure, and Security postures to the COVID-19 crisis
Gain best practices in crisis communication, IT infrastructure, and Security postures
Learn how you can ensure that your company can continue to be productive and secure through this crisis, and in future crisis
This webinar is open to the public and not restricted to Ntirety customers and partners.
How can we we ensure the continuous protection of the enterprises mission critical IT systems, information and business processes from emerging threats? How prepared are we?
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
The security industry is talking a lot about threat intelligence; external information that a company can leverage to understand where potential threats are knocking on the door and might have already perpetrated the network boundaries. Conversations with many CERTs have shown that we have to stop relying on knowledge about how attacks have been conducted in the past and start 'hunting' for signs of compromises and anomalies in our own environments.
In this presentation we explore how the decade old field of security visualization has emerged. We show how we have applied advanced analytics and visualization to create our own threat intelligence and investigated lateral movement in a Fortune 50 company.
Visualization. Data science. No machine learning. But pretty pictures.
Here is a blog post I wrote a bit ago about the general theme of internal threat intelligence:
http://www.darkreading.com/analytics/creating-your-own-threat-intel-through-hunting-and-visualization/a/d-id/1321225?
Here are my slides on "Board and Cyber Security" that I presented at the Just People Information Security breakfast this morning. Thanks Adam for arranging the session and those who attended.
Here are my slides on "Board and Cyber Security" that I presented at the Just People Information Security breakfast this morning. Thanks Adam for arranging the breakfast and those who attended.
APT or not - does it make a difference if you are compromised?Thomas Malmberg
This is my presentation from the Cyber Security Summit held in Prague 2015 at the Boscolo Prague Spa Hotel. For the missing slides and further information, contact me directly.
The Great Disruption No One Planned For: COVID-19Emile Sayegh
In recent weeks, many of the nation’s companies have undergone significant transformations—changing how employees communicate, interact, and how companies operate. The stress on every aspect of IT infrastructure has never been greater with millions of employees working from home. This new reality brings major business and technical challenges to business continuity, productivity, and security postures. Ntirety’s executive team will host a webinar on April 9th to discuss lessons and strategies for operating through the COVID-19 crisis. Join CEO Emil Sayegh, Chief Information Security Officer Chris Riley, Chief Revenue Officer Kevin Smith, and CFO John Faulkner who will offer insights on IT and Security readiness and preparedness against this pandemic. Emil, who is also a Forbes contributor, will also recap some of his insights that he has shared on Forbes throughout this pandemic.
Join to:
Hear how leading organizations are adapting their IT infrastructure, and Security postures to the COVID-19 crisis
Gain best practices in crisis communication, IT infrastructure, and Security postures
Learn how you can ensure that your company can continue to be productive and secure through this crisis, and in future crisis
This webinar is open to the public and not restricted to Ntirety customers and partners.
How can we we ensure the continuous protection of the enterprises mission critical IT systems, information and business processes from emerging threats? How prepared are we?
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
The security industry is talking a lot about threat intelligence; external information that a company can leverage to understand where potential threats are knocking on the door and might have already perpetrated the network boundaries. Conversations with many CERTs have shown that we have to stop relying on knowledge about how attacks have been conducted in the past and start 'hunting' for signs of compromises and anomalies in our own environments.
In this presentation we explore how the decade old field of security visualization has emerged. We show how we have applied advanced analytics and visualization to create our own threat intelligence and investigated lateral movement in a Fortune 50 company.
Visualization. Data science. No machine learning. But pretty pictures.
Here is a blog post I wrote a bit ago about the general theme of internal threat intelligence:
http://www.darkreading.com/analytics/creating-your-own-threat-intel-through-hunting-and-visualization/a/d-id/1321225?
Here are my slides on "Board and Cyber Security" that I presented at the Just People Information Security breakfast this morning. Thanks Adam for arranging the session and those who attended.
Here are my slides on "Board and Cyber Security" that I presented at the Just People Information Security breakfast this morning. Thanks Adam for arranging the breakfast and those who attended.
APT or not - does it make a difference if you are compromised?Thomas Malmberg
This is my presentation from the Cyber Security Summit held in Prague 2015 at the Boscolo Prague Spa Hotel. For the missing slides and further information, contact me directly.
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...Cyber Security Alliance
Threats, risks, actors, trends, attack techniques, defense issues and possible future scenarios for Critical Infrastructures in the age of cyber insecurity.
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
The title comes from a list of conclusions I gave at a presentation called Does IT Security Matter? just before Christmas in 2007. The wonderful thing about the writing process is that every now and again you hit upon a pithy phrase like that which communicates so much. But it's like mining for gold - you have to move a lot of earth to find the nuggets.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
What is the difference between a hacking attack and a cyberwar attack? What do current militaries consider an attack vs. exploitation or just «normal operations»? Kevin will present an overview on the cyber warfare topic and the current understanding of Advanced Persistent Threats in the context of cyber defense.
Referent: Kevin Kirst
Aon’s cyber capabilities can support organisations in embracing
a risk based approach. This facilitates the deployment of a
more effective cyber insurance strategy to help optimise the
total cost of risk associated with cyber exposures
Crush Common Cybersecurity Threats with Privilege Access ManagementBeyondTrust
In this presentation from his webinar, IoT Security Expert Rob Black, CISSP, Founder and Managing Principal of Fractional CISO, discusses the common thread of many of today's cyberattacks. Key themes covered include:
- Post-mortem analysis of recent cybersecurity attacks and how you could mitigate against similar threats
- Evaluation of password breakdowns in protecting your organization
- Review of a high level threat model of privileged accounts
- How Privilege Access Management can significantly reduce your attack surface and improve your cybersecurity posture
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24
learn how an asynchronous approach can help build an enterprise CMDB and automate continuous detection for any new and critical vulnerabilities in your asset repository so you’ll never miss a critical risk again
On April 4, 2016, the Atlantic Council’s Eurasian Energy Futures Initiative launched a report, Securing Ukraine’s Energy Sector, authored by Dinu Patriciu Eurasia Center’s Resident Senior Fellow, Anders Åslund.
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...Cyber Security Alliance
Threats, risks, actors, trends, attack techniques, defense issues and possible future scenarios for Critical Infrastructures in the age of cyber insecurity.
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
The title comes from a list of conclusions I gave at a presentation called Does IT Security Matter? just before Christmas in 2007. The wonderful thing about the writing process is that every now and again you hit upon a pithy phrase like that which communicates so much. But it's like mining for gold - you have to move a lot of earth to find the nuggets.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
What is the difference between a hacking attack and a cyberwar attack? What do current militaries consider an attack vs. exploitation or just «normal operations»? Kevin will present an overview on the cyber warfare topic and the current understanding of Advanced Persistent Threats in the context of cyber defense.
Referent: Kevin Kirst
Aon’s cyber capabilities can support organisations in embracing
a risk based approach. This facilitates the deployment of a
more effective cyber insurance strategy to help optimise the
total cost of risk associated with cyber exposures
Crush Common Cybersecurity Threats with Privilege Access ManagementBeyondTrust
In this presentation from his webinar, IoT Security Expert Rob Black, CISSP, Founder and Managing Principal of Fractional CISO, discusses the common thread of many of today's cyberattacks. Key themes covered include:
- Post-mortem analysis of recent cybersecurity attacks and how you could mitigate against similar threats
- Evaluation of password breakdowns in protecting your organization
- Review of a high level threat model of privileged accounts
- How Privilege Access Management can significantly reduce your attack surface and improve your cybersecurity posture
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24
learn how an asynchronous approach can help build an enterprise CMDB and automate continuous detection for any new and critical vulnerabilities in your asset repository so you’ll never miss a critical risk again
Similar to Cyber Risk Wednesday: October 23, 2013 (20)
On April 4, 2016, the Atlantic Council’s Eurasian Energy Futures Initiative launched a report, Securing Ukraine’s Energy Sector, authored by Dinu Patriciu Eurasia Center’s Resident Senior Fellow, Anders Åslund.
It is the core purpose of the Atlantic Council to foster bipartisan support for policies that promote the security of the United States and the transatlantic community. The signatories of this piece have either served in Afghanistan, been involved in the formation of US policy in government, or otherwise devoted considerable time to Afghan affairs. They have come together to register a broad, bipartisan consensus in support of certain principles that they believe should guide policy formation and decision-making on Afghanistan during the remainder of the Obama administration and the first year of a new administration, of whichever party. It is critical that the current administration prepare the path for the next. A new president will come into office facing a wave of instability in the Islamic world and the threat from violent extremism, which stretches from Asia through the Middle East to Africa. This will continue to pose a considerable challenge and danger to American interests abroad, and to the homeland. The signatories support the continued US engagement required to protect American interests and increase the possibilities for Afghan success.
Crude Oil for Natural Gas: Prospects for Iran-Saudi Reconciliationatlanticcouncil
Despite the sectarian barbs traded between Saudi Arabia and Iran, Iran's unique ability to meet the kingdom's fast growing demand for electricity may help spur a reconciliation, according to the Atlantic Council's Jean-François Seznec. In his report Crude Oil for Natural Gas: Prospects for Iran-Saudi Reconciliation, Seznec argues that the two dominant energy producers do not necessarily need to see their energy production as competition.
Saudi Arabia's currently fuels its stunning 8 percent annual rise in demand for electricity with precious crude oil due to little low cost domestic natural dry gas reserves. Iran's vast gas reserves could be used to meet the kingdom's growing needs, but after decades of punishing sanctions its dilapidated gas fields need an estimated $250 billion in repairs. If Saudi Arabia used its investment power or buying power to help revitalize Iran's gas industry, it would both secure the energy it needs to meet its citizens' demands and free up its crude oil for export. While the sectarian rhetoric hurled back and forth may seem unstoppable and the timeline for reconciliation may be long, Seznec contends that both sides are rational at heart and highlights that that the benefit of economic cooperation on energy issues could open up better relations on a range of issues.
The Norwegian Nobel Committee awarded the Tunisian National Dialogue Quartet, a civil society group comprising the Tunisian General Labor Union; the Tunisian Union of Industry, Trade, and Handicrafts; the Tunisian Human Rights League; and the Tunisian Order of Lawyers the 2015 Nobel Peace Prize on Friday, October 9, 2015 "for its decisive contribution to the building of a pluralistic democracy in Tunisia." In a new Atlantic Council Issue Brief, "Tunisia: The Last Arab Spring Country," Atlantic Council Rafik Hariri Center for the Middle East Senior Fellows Mohsin Khan and Karim Mezran survey the successes of Tunisia's consensus-based transition and the challenges that lie ahead.
"The decision to award this year's Nobel Peace Prize to Tunisia's National Dialogue Quartet is an extremely important recognition of the efforts made by Tunisian civil society and Tunisia's political elite to reach a consensus on keeping the country firmly on the path to democratization and transition to a pluralist system," says Mezran. With the overthrow of the authoritarian regime of President Zine El Abedine Ben Ali in 2011, Tunisia embarked on a process of democratization widely regarded as an example for transitions in the region. The National Dialogue Conference facilitated by the Quartet helped Tunisia avert the risk of plunging into civil war and paved the way for a consensus agreement on Tunisia's new constitution, adopted in January 2014.
In the brief, the authors warn that despite political successes, Tunisia is hampered by the absence of economic reforms. Facing the loss of tourism and investment following two terror attacks, Tunisia's economy risks collapse, endangering all of the painstaking political progress gained thus far. Unless the Tunisian government moves rapidly to turn the economy around, Tunisia risks unraveling its fragile transition.
Foreign Policy for an Urban World: Global Governance and the Rise of Citiesatlanticcouncil
In the latest FutureScape issue brief from the Brent Scowcroft Center on International Security's Strategic Foresight Initiative, author Peter Engelke discusses the long-term economic, environmental, and policy implications of urbanization. Entitled "Foreign Policy for an Urban World: Global Governance and the Rise of Cities," the brief examines how urbanization is hastening the global diffusion of power and how cities themselves are increasingly important nodes of power in global politics.
Cyber 9/12 Student Challenge General Informationatlanticcouncil
In Washington, DC, student teams confront a serious
cybersecurity breach of national and international importance.
Teams will compose policy recommendations
and justify their decision-making process, considering
the role and implications for relevant civilian,
military, law enforcement, and private sector entities
and updating the recommendations as the scenario
evolves.
In Geneva, Switzerland, in
partnership with the Geneva
Centre for Security
Policy (GCSP), students
respond to a major cyberattack
on European networks. Competitors will provide
recommendations balancing individual national
approaches and a collective crisis management response,
considering capabilities, policies, and governance
structures of NATO, EU, and individual nations.
The competition fosters a culture of cooperation and
a better understanding of these organizations and
their member states in responding to cyberattacks.
Toward a Sustainable Peace in the South China Seaatlanticcouncil
The South China Sea (SCS) has been, and remains, an area rife with tension. Disputes among SCS states stem from unresolved issues relating to sovereignty, exclusive economic zones, natural resources, and acceptable uses of the military. In the past two decades, fishing boats have been detained or damaged, fishermen and sailors arrested or killed, and artificial islands constructed for military purposes. These years of strife have led to the current SCS state of play: it is a vitally important region where competition is high and trust is low.
This issue brief argues that SCS countries need to work toward a "mutual confidence" and "mutual dependence" end state. In particular, the paper focuses on sharing meteorological data to support humanitarian assistance and disaster relief operations, including search and rescue operations, foreign disaster relief goods delivery, and medical care. A mutual confidence/mutual dependence relationship between two SCS states would help mitigate regional conflicts or disputes, which in turn can help lead to a more peaceful region.
On May 20-21, 2015, European leaders will gather for the Eastern Partnership summit in Riga, Latvia, to discuss the future of Europe’s East. Given the extreme challenges faced by the countries of the Eastern Partnership (EaP) since the last summit, in Vilnius, Lithuania in 2013, and the cooling of EU relations with several of the Eastern Partners, the upcoming meeting will surely pose tough questions for the future of the entire eastern framework.
At the same time, the Riga summit also presents an historic opportunity to put back on track a process that held significant promise at its inception but which has been slow to respond to crises and a low priority on the agenda for EU member states. In A Transatlantic Approach to Europe’s East: Relaunching the Eastern Partnership, Burwell examines the need for a closer and more integrated relationship between the European Union and the key countries of the EaP. Burwell argues that the Riga summit offers a key chance for Europe to both confront the challenges to its East, and to launch a new Transatlantic Partnership for Wider Europe in close cooperation with the United States. Failure to relaunch the EaP framework, by identifying the factors that make these countries vulnerable and designing strategies to overcome these specific weaknesses, will have dire consequences for the prosperity and security of the entire region.
President Barack Obama's summit meeting with Gulf leaders at Camp David on May 14 will end in failure if the administration does not propose a substantial upgrade in US-Gulf security relations that is as bold and strategically significant as the nuclear agreement–and likely formal deal–with Iran.
While the summit will not suddenly eliminate mistrust and resolve all differences, it presents an historic opportunity to put back on track a decades-old US-Gulf partnership that has served both sides and the region well, yet lately has experienced deep turbulence. Failure to strengthen these ties will have consequences, the most dramatic of which could be the acceleration of the regional order's collapse.
In a March 2015 Atlantic Council report entitled Artful Balance: Future US Defense Strategy and Force Posture in the Gulf, we made the case for a mutual defense treaty between the United States and willing Arab Gulf partners. In this issue in focus, we offer a more comprehensive and detailed assessment of the risks, concerns, benefits, and opportunities that would be inherent in such a treaty. We recommend a gradualist approach for significantly upgrading US-Gulf security relations that effectively reduces the risks and maximizes the benefits of more formal US security commitments to willing Arab Gulf states.
The solutions for socioeconomic development are no longer only in the public sector. Latin America has changed dramatically over the last decade, and the private sector can play an increasingly important role in the region’s progress. That’s where social impact investing comes in—a way that investors can make money while doing social good.
The White House has appointed a social innovation czar and the Inter-American Development Bank is doing work every day in this expanding arena. Is social impact investing one of the keys that will finally unlock the region’s intractable inequality?
In this new Latin America Center analysis, released today, Adrienne Arsht Center Senior Non-Resident Fellow Gabriel Zinny dissects how businesses, governments, and multilateral institutions can better provide goods and services to the underserved while making money.
Read this and key recommendations for accelerating the sector here:
• Formalize it. A clear, market-based legal system enforced by a solid judiciary branch is fundamental to attracting impact investments.
• Seed it. Governments should subsidize a measure of the often-lacking venture-stage capital for projects, especially when the entrepreneurs come from less-affluent communities.
• Decentralize it. Local governments should be viewed as public sector partners as they often have more flexibility to spur private social enterprise.
• Read more here…
If ever a turning point seemed inevitable in Pakistan’s militia policy, it was in the aftermath of the Peshawar school massacre in December 2014. Tehrik-e-Taliban Pakistan (TTP) killed 152 people, 133 of them children, in the bloodiest terrorist attack in Pakistan’s history. The carnage sparked an unprecedented national dialogue about the costs and contradictions of the Pakistani political and military establishment’s reliance on violent proxies, such as the Afghan Taliban (from which the TTP originates), for security.
Why does Pakistan continue to differentiate between “good” and “bad” militias in the face of the Peshawar massacre? What are the costs of playing the good-bad militia game? What can be done to end Pakistan’s dependency on armed nonstate groups? In “Reimagining Pakistan’s Militia Policy,” Visiting Assistant Professor of Government at Skidmore College and US-Pakistan Exchange Program Fellow at the Atlantic Council’s South Asia Center, argues that Pakistan’s unwillingness to crack down on all terrorist groups is more a product of cold calculation than ideological shortsightedness. Understanding Pakistan’s close relationship with militias requires recognizing the strategic logic through which many states outsource violence.
The Atlantic Council, in partnership with NATO Allied Command Transformation (ACT), held the 4th annual Young Professionals Day (YP Day) in Washington, DC, on March 24. The event featured a full-day, outcome-oriented, strategic design thinking exercise with sixty young professionals representing twenty-four of NATO's twenty-eight member nations. Delegates collaborated to produce a list of creative solutions to pressing challenges NATO faces, ranging from how to address hybrid warfare and threats on NATO's southern flank, to how NATO can encourage innovation and deliver on the promises from the 2014 Wales Summit.
The NATO Young Professionals Day Report includes detailed descriptions of the top fifteen recommendations produced by delegates. Delegates' recommendations included creative and out-of-the box concepts, such as the creation of an "Innovation CEO" position within NATO with substantial powers to experiment with new policies. The group also suggested developing a dramatized HBO style series about the history of NATO to increase public awareness and improve the alliance's public approval; fostering partnerships with venture capital and the defense industry to develop new technologies and create common standards; and the deployment of an elite, rapid response force in the Middle East and North Africa (MENA) region that includes personnel from NATO partner countries in the south, to leverage local expertise. Details on these recommendations and more can be found in the full report available online here:
Defeating the Jihadists in Syria: Competition before Confrontationatlanticcouncil
Since August 2014, the US-led air campaign against the Islamic State of Iraq and al-Sham (ISIS) has successfully inflicted casualties on ISIS and weakened its oil revenues. However, the same efforts have also accelerated the rise of the Nusra Front, an al-Qaeda affiliate, and the near-collapse of nationalist rebel forces.
In "Defeating the Jihadists in Syria: Competition before Confrontation," Faysal Itani of the Atlantic Council's Rafik Hariri Center for the Middle East details the unintended consequences of the coalition air campaign and proposes a revised US strategy. He argues that the United States can effectively assist nationalist insurgents to defeat ISIS and the Nusra Front by enabling them to compete with and contain these groups before ultimately confronting them.
Itani writes that the US-led campaign thus far and the train-and-equip initiative set to begin next month undermine and weaken nationalist rebel forces. He criticizes these efforts for failing to provide sufficient support to the rebel forces, while directing them to target ISIS instead of the regime. Meanwhile, the Nusra Front and other jihadist organizations have greater resources and have been effective in targeting the Assad regime. As such, nationalist rebel forces and local populations have increasingly aligned with the Nusra Front and even tolerate ISIS in order to protect themselves against regime violence, criminality, and chaos.
Itani's proposed US strategy offers a practical and workable response to the rise of jihadists groups in Syria; this revised strategy seeks to support rebel forces to compete with the Nusra Front for popular support and to take control of the insurgency, contain ISIS, and build capacity for an eventual offensive against the jihadists. This approach will build on positive results in southern Syria by significantly increasing direct financial and material support and training for vetted nationalist groups that have already shown significant success. Simultaneously, in the north the campaign can provide sufficient material support to nationalist forces while expanding coalition air strikes to target ISIS's frontlines, allowing the nationalist insurgency to defend and govern territory. Only once nationalist insurgent forces have successfully competed with the Nusra Front and contained ISIS can they confront and ultimately defeat the jihadist groups in Syria.
Dynamic Stability: US Strategy for a World in Transitionatlanticcouncil
We have entered a new era in world history, a post-post-Cold War era that holds both great promise and great peril for the United States, its allies, and everyone else. We now can call this a "Westphalian-Plus" world, in which nation-states will have to engage on two distinct levels: dealing with other nation-states as before, and dealing with a vast array of important nonstate actors. This era calls for a new approach to national strategy called "dynamic stability."
The authors of this paper—Atlantic Council Vice President and Scowcroft Center Director Barry Pavel and Senior Fellow Peter Engelke, with the help of Assistant Director Alex Ward—kick off the Atlantic Council Strategy Paper series by telling the United States to seek stability while leveraging dynamic trends at the same time. The central task facing America is "to harness change in order to save the system," meaning the preservation of the rules-based international order that has benefited billions around the world, including Americans themselves, since 1945. Within its pages, the paper outlines the components of strategy in a swiftly-changing world.
Setting the Stage for Peace in Syria: The Case for a Syrian National Stabiliz...atlanticcouncil
In Setting the Stage for Peace in Syria: The Case for a Syrian National Stabilization Force, Frederic C. Hof of the Atlantic Council’s Rafik Hariri Center for the Middle East, Bassma Kodmani of the Arab Reform Initiative, and Jeffrey White of the Washington Institute, present a new way forward—a sort of train-and-equip on steroids—the Syrian National Stabilization Force (SNSF).
Mexico's historic energy reforms continue to hold exciting promise for the country, achieving the requisite constitutional and implementing legislation over the last fifteen months. The global oil price climate, however, has prompted a few mid-course corrections to the rollout of the reforms. For Mexico to continue to attract excitement for its energy sector, the government will need to maintain a degree of flexibility while holding true to the principles of the reforms.
Places like Singapore, Boston, Bangalore, Pittsburgh, Silicon Valley, and others are known as leaders in innovation, but when it comes to building the knowledge economy, the Gulf has become one of the most ambitious regions in the world.
A decade ago, the consensus from outside the region was that Middle Eastern countries, including those in the Gulf, were a long way from developing knowledge economies— defined as economies that combine advanced research and development, entrepreneurialism, and creative thinking into innovative, wealth-generating enterprises. Fast-forward to 2015, and many Arab Gulf countries have become well known for their attempts at building knowledge economies, for instance through innovation clusters such as Abu Dhabi's Masdar City, Dubai's TechnoPark, Qatar's Science and Technology Park, and Saudi Arabia's King Abdullah University of Science and Technology. Through these and other efforts, Gulf countries have invested billions of dollars in dozens of initiatives to co-locate the sources of innovation—research labs, venture capital, entrepreneurs, high-technology companies, and educational institutions, in hopes of building globally renowned knowledge economies.
In Brainstorming the Gulf: Innovation and the Knowledge Economy in the GCC, the report's author, Peter Engelke, Senior Fellow for the Strategic Foresight Initiative in the Atlantic Council's Brent Scowcroft Center on International Security, highlights the successes that Gulf states have enjoyed to date and addresses the major hurdles to sustaining and expanding these successes. While all signs point to the staying power of Arab Gulf leadership's long-term commitment to the knowledge economy, the harder part will be sustaining the knowledge economy's soft infrastructure—the dimension of entrepreneurial culture involving creativity, expression, inclusion, disruption, and borrowing from global cultural flows. If talented people are at the core of the innovation process, government policy in the Gulf ought to focus as much on the creation of dynamic and livable places in order to attract and retain the best talent from all over the world. As Arab Gulf states have already discovered, this pathway is disruptive, bringing with it significant social consequences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
1. Global Aggregation
of Cyber Risks:
“Finding Cyber Sub-Prime”
Cyber Risk Wednesdays
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
2. Global Aggregation of Cyber Risks
• Push by Martin Senn to be
thought leader in cyber risk
management,
– Understand, not protect, from
cyber risks
– Not necessarily tied to immediate
insurance products
• Funded by Zurich Insurance for
~1-year effort
– Under think tank, not commercial,
agreement
• Result in report on global pools
of cyber risk, understandable to
boards, other executives
• Major launch event in 2Q2014
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
2
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
3. Traditional Cyber Threats
“Cyber” just means interconnected IT, but that increasingly means everything
Common Terms:
• Intrusion, hack
• Cybercrime
• Carders
• Russia, East Europe
• Stolen identity, credit
cards, records
• Extortion
Internet
Criminals
Steal individual
records with
personal info to sell
Corporation X
23 October 2013
Hactivists
Spies
Militaries
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
3
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
4. Traditional Cyber Threats
Common Terms:
• Intrusion, hack
• DDoS (distributed
denial of service)
• Anonymous
• Patriotic hackers
Internet
Criminals
Hactivists
Disrupt network or
steal sensitive or
embarrassing info
Corporation X
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
Spies
Militaries
4
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
5. Traditional Cyber Threats
Common Terms:
• Intrusion, hack
• IP Theft
• China
• Advanced Persistent Threat
Internet
Criminals
Steal R&D, business
plans or negotiating
strategies
Corporation X
23 October 2013
Hactivists
Spies
Militaries
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
5
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
6. Traditional Cyber Threats
Common Terms:
• Stuxnet
• Shamoon
• Iran, US, China
• Cyber war, cyber conflict
Internet
X
Criminals
Disrupt network or
systems or even
upstream Internet
– very rare
Corporation X
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
Hactivists
Spies
Militaries
6
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
7. Non-Traditional Cyber Threats
The Cloud
23 October 2013
7
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
8. But This is All At the Level of
Individual Organization
What About the Systemic
Risks?
Mainstream cyber risk management is markedly
similar to that for financial prior to 2008!
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
8
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
9. Cyber Sub-Prime
• Cyber is in the same place finance was prior
to 2008
• Examination of cyber risk pools
• Analysis of key factors
• Recommendations
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
9
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
10. Cyber Sub-Prime
Cyber is in the same place finance was prior to 2008
• Risk only examined one organization at a time
• Risks passed outside organization into unknown pools
• Little if any governance of the system as a whole and
complex interdependencies ignored
• Led to catastrophic global failure, even for those
organization which handled internal risks correctly!
• We are heading for similar fate with global aggregation of
cyber risk
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
10
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
11. Overlapping Pools of Systemic Cyber Risk
1 A 0 1 1C
0 T 1 0 0
Y
0
0 0 0
1 L 1 1 1B
0A 0 0 0E
1N 1 1 1
R
0
0 0 0
• Electrical, finance
• Conflicts, malware pandemics1
1 T 0 1
• Bandwidth and Internet infrastructure
• States: China, Russia,0US 1 0 0 S
I
like IXPs, submarine cables, security
• Non-states: Activists, 0 C 0 0 0 T
1
1 1
tokens
Anonymous, organized crime 1
A
0
0 0
• Embedded devices: ICS, SCADA
• Intrusion, disruption, theft of 0
1 C 0 1 1T
• Some key companies: MSFT
IP, espionage
0O 1 0 0E
• Networking standards like BGP and DNS
1
0 1 1
• Internet governance
C
0U 0 0 0
1 N 1 1 1R
0 C 0 0 0A
1
1 1 1
F
0 I 0 0 0
1 L 0 1 1T
0 1 1 0 01
1 0 0 1 10
0 1 1 0 01
China
• Desktop, server, data 1 0 0 0
0 1
Counterfeit
centers, networks, 1 0 1 1 1 0
security
components,
• Software: in-house, legacy, 0 1
0 0 1 0
software
custom, commercial,1open 1 1
1
0 1
0 1 1 0 00
Global logistics chain
source,
1 0 0 1 11
• Internet of everything and digital economy
0 1 1 0 00
largely w/o human intervention
1 1 0 1 11
• Embedded medical, human enhancement,
0 1 1 0 00
11
driverless cars, etc
0 1 0 0 01
Upstream
Infrastructure
Outsourced and
Contract
• China, India
• Manufacturing
• Professional: HR, legal,
accounting, consultancy
• Defense industrial base
Supply Chain
Counterparties
and Partner
•
•
•
• Trusted
interconnections
• Dependence
External Shocks
Internal Enterprise
Disruptive Tech
12. Highest Hazard
Notional Quad Chart
Disruptive Tech
Every year, technology and business
processes push us further up and to
the right!
Lowest Hazard
Supply Chain
External Shocks
Upstream
Infrastructure
Mitigated government action, resilience, standards, regulations
Outsourced and
Contract
Counterparties
and Partner
Internal Enterprise
Mitigated by risk management, resilience contracts, SLAs, MOUs
Most Control
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
Least Control
12
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
13. Analysis: The Upside
• Few if any single shocks could affect cyberspace in
any way that could transfer into a strategic shock
to the global economy
• Defenders are excellent at responding
• System has been extremely resilient day-to-day and
year-to-year
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
13
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
14. Analysis: The Downside
• Three separate vulnerabilities: interconnectedness and
complexity, lack of transparency, and lack of either local
control or system-wide governance
– Everything increasingly interdependent in unknowable
ways
– Tech and business models continue to push major risks
away from management understanding and control
– No system-wide governance
– In the face of catastrophic failures, not clear who
would be in charge or what levers they could use
– Few backup paths for crisis communication or manual
workarounds
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
14
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
15. Therefore
• Main concern is a failure of key multiple key
elements could lead to cascading failures
– Where is the next Lehman? The next subprime?
Expected future: Organizations will suffer ever
more frequent shocks like natural disasters … too
severe to ever be able to sufficiently protect
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
15
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
16. How?
• Either one shock that cascades completely
out of control or multiple shocks which
cascade and reinforce one another
• Examples: California earthquake, large cloud provider goes bust
(Enron-style fraud, Lehman-style misunderstanding of risk, etc), major
routing protocol failure or attack, slow deterioration of resilience and
defenses over time, major GPS outage takes out global precision
navigation and time signals
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
16
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
17. Three Recommendations for
Companies
1. Organizations can take basic and advanced
mitigations, depending on their maturity and
resources
2. However, since so much risk is external,
complex, and interdependent then resilience is
the main hope for companies
3. Board-level risk management including
insurance and other risk transfer options
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
17
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
18. Two Recommendations for
Governments and System-Wide Organizations
1. Far more focus on systemic rather than
organizational risk
2. Eventual goal for defense to be better
than offense
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
18
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
19. Notional Chart of Upstream Risks
Mitigated by
• SLAs
• Contracts
• MOAs/MOUs
• Resilience
23 October 2013
Upstream
Infrastructure
Disruptive Tech
Tight linkages
More so over time
Least Control
Causal
Upstream of all else
Telco/Internet
Energy
Finance
Supply Chain
Outsourced
and Contract
Counterparties
and Partner
Info only
Internal
Enterprise
Cascades farther downstream
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
19
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
Over time, more business critical functions move upstream….
Mitigated by
• Standards
• Regulations
• Governance
• Resilience
External Shocks
A
T
L
A
N
T
I
C
Limited Control
Mitigated by
• Government actions
• Resilience
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
Most Control
Near
Everywhere
Distant
Three Zones of Risk (?)
20. Cyber Risk Wednesdays
Events and social receptions are scheduled every
THIRD Wednesday of every month.
•
•
•
•
•
November 20
December 18
January 15
February 19
March 19
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
20
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
21. Global Aggregation
of Cyber Risks:
“Finding Cyber Sub-Prime”
Cyber Risk Wednesdays
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01