Security Leftovers

posted by Roy Schestowitz on Jun 09, 2023

• How Attorneys Are Harming Cybersecurity Incident Response

  So, we’re not able to learn from these breaches because the attorneys are limiting what information becomes public. This is where we think about shielding companies from liability in exchange for making breach data public. It’s the sort of thing we do for airplane disasters.

• Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys

  Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers. This paper explores these impacts via a multi-stage, mixed methods research design that involved 69 expert interviews, data on commercial relationships, and an online validation workshop. The first stage of our study established 11 stylized facts that describe how cyber insurance sends work to a small numbers of IR firms, drives down the fee paid, and appoints lawyers to direct technical investigators. The second stage showed that lawyers when directing incident response often: introduce legalistic contractual and communication steps that slow-down incident response; advise IR practitioners not to write down remediation steps or to produce formal reports; and restrict access to any documents produced.

• White House needs to urgently fix nation’s approach to protecting critical infrastructure, group says

  Attacks against critical infrastructure are reaching new heights, but strategy documents outlining federal efforts are a decade old.

• US cyber officials offer technical details associated with CL0P ransomware attacks

  CISA and the FBI offered details to help organizations protect themselves against the group that has claimed hundreds of victims.

• Rocket ships and radishes

  There’s been something in the back of my brain that’s been bothering me about talks at the big conferences lately but I just couldn’t figure out how to talk about it. Until I listed to this episode of The Hacker Mind Podcast on Self Healing Operating Systems (it’s a great podcast, like and subscribe). The episode was all about this incredibly bizarre way to store operating system state in a SQL database (yeah, you read that right). The guest made no excuses that this is a pretty wild idea and it’s not going to happen anytime soon. But we need weird research like this, it’s part of the forward march of progress.

  [...]

  In the academic days (like our operating system example from the opening), it would be well understood that this was rocket ship research. It almost certainly wouldn’t go anywhere anytime soon, but was a step as part of the larger story of progress. As the arrow of time drags us all into the future, so does the path of progress, as long as you don’t live in Florida.