Publicly firing an employee as well as mocking employees you’ve fired is some of the worst leadership I’ve ever seen. Firing people is part of the job sometimes, it should almost always make you feel sick. When it doesn’t you need to do some self evaluation on you in your role.
I’ve had a few folks reach out to me because of some of my employees’ comments in the media and on their social media apparently expecting me to censor them or take some action. Some general end of day stressed thoughts: (1/x)
If you are in the US/UK/ANZ at a small co-op/muni & need ICS cybersecurity support (Dragos Platform technology, managed service, and incident response) please feel free to message me directly. Dragos is going to make our capabilities free for the smaller members of our community
To my cybersecurity colleagues - especially in infrastructure security - get some rest. No one knows what’s going to happen but nothing you’re doing over the weekend will help for next week if something were to happen. No one benefits from you being tired in a crisis.
Please tell me more about how black people are rioters and the threat. I don’t seem to remember them storming the fucking capitol disrupting the electoral process.
For every IT security person complaining that an Engineer/Operator doesn’t care about security there’s an Engineer with an IT ticket open for 3+ months.
I know plenty are saying this but the Ukrainian counter intel and information operations execution is off the charts. It will absolutely be studied in intel and military schools across the world for decades to come.
Every now and then some level of gate keeping comes up in the cybersecurity community about how you have to be a programmer, or super technical, or whatever else is the flavor of the day to be successful. I was a Social Sciences - African Studies major in college. You’ll be fine.
I’m not an alarmist but I would sincerely advise folks working in infrastructure to understand their connections in and out of the ICS and be proactive in security over the next few weeks at a minimum. I have no specific intel on this only concern given recent developments
My teammates at Dragos get SMS scams all the time pretending to be me (also who adds signature blocks to texts?!?) apparently they’ve gotten tired of it enough to start trolling the scammers. Here’s the latest shared with me
They're probably too humble to say much. But today is
@hacks4pancakes
's Air Force retirement ceremony. A wonderful career and contribution (one of many). Congrats Lesley!
Anyone not working on behalf of a government having serious conversations about “hacking back” or launching cyber attacks against Russia please understand - respectfully - you’re an idiot and only going to make matters worse.
Hey
@CISAKrebs
we all love you man. Thanks for standing up for what you believed in at a time that it was most important to do so. Fired by tweet should be added to your resume, you’ve got a giant community of support from now on.
A lot of journalists have been laid off. If your threat intelligence team is hiring you should encourage journalists to apply. Excellent technical writers that work under pressure with short deadlines; technical writers are a staple of good threat intel teams.
Since the pandemic started I’ve lost over 90lbs and got LASIK. So if we see each other in person soon let’s skip past the “you look different” please; I was fat - I’m less fat now - and I’m hoping I live long enough now to put a real dent in the infrastructure security problem.
Today the US Government announced a new ICS malware that has been designed to disrupt industrial operations. CISA/FBI/NSA put out a great advisory; also I appreciate the callout/thanks to
@DragosInc
in the advisory - we call the malware PIPEDREAM
Third, my firm’s employees do not report to me, they allow me to lead them. At any time they can leave. They “vote” on me every day they remain. Therefore my job is to serve them. If they are respecting the law and accomplishing our mission who the hell am I to critique the rest
I sincerely hope the Infosec community and media don’t lose their minds over thinking DarkSide is actually shutting down when it’s almost certainly a rebranding attempt to avoid the heat.
Proud today to announce that
@DragosInc
has completed a Series D investment raising $200M at a $1.7B valuation. This is the largest raise/highest valuation ever for an OT/ICS cybersecurity company marking an appreciation of the criticality of OT security.
Unpopular thought: the jobs gap is largely inflated/a lie. Your entry level jobs aren’t entry level and your principal level jobs are paying people at entry level rates.
Lastly, you do not need to ask, I do not agree with every view point of every employee in my firm. The day I do I’ve failed them all. But what I’m trying to do in this situation is talk less and listen more. Please amplify the right voices don’t worry about mine.
A lot of people want to talk about the “cybersecurity personnel shortage” and refuse to acknowledge that breaking into the industry (entry level jobs) is astronomically hard and HR job requirements vs pay for many companies are insanely outdated. Fix that and fix your problem.
The warnings of the threats are extremely important as they are becoming more frequent. But much of the language in these articles is not helpful and often misleading
The SANS team is excited to announce that
@C_C_Krebs
will be this year’s SANS Cyber Threat Intelligence summit keynote. Thanks Chris! This year’s summit is free and virtual. Jan 21-22nd. Sign up today:
@SANSInstitute
@sansforensics
#DFIR
#CTI
Second, our customers are damn lucky my firm has divsere views. Lack of diversity is the enemy of success. Diversity isn’t a PC topic to us, it’s not only morally right, but it is selfishly necessary to counter strategic well funded adversaries in highly ambiguous scenarios.
Someone tried to hurt (potentially kill) people through a cyber attack. That’s a big deal. All the other details are important to discuss and debate but we can’t lose the bigger picture.
Don’t over hype it. Don’t under hype it. And let’s focus on how to make it harder to do.
Dear vendors, conferences, and hotels: the ability to sponsor a “hotel room drop” of dropping items, signage, pamphlets, etc. into people’s hotel rooms understandably makes many folks uncomfortable. Please stay out of people’s hotel rooms.
Were you an expert on nuclear power plants yesterday? Whatever the answer is applies today as well.
It’s very reasonable to not want people fighting near a nuclear power plant but any assessments on what could happen should be reserved for those that answered “yes” to the above
If you are a critical infrastructure company that experiences a cyber attack and you do not have an actual CISO your Congressional hearing is going to suck.
So now that the bartender is questioning why I’m in tears I suppose I should stop tweeting.
I miss you Mike.
I wish I could do more for you Ukraine.
Good night folks and hug a loved one
Proud to announce that today I was appointed by Department of Energy Secretary Brouillette to the DOE’s Electricity Advisory Committee to help advise
@ENERGY
over the next two years. The DOE’s mission is vital to national security and I’m pleased to be a very small part of it.
The fact that so many are focusing on the water plant using Windows 7, which had nothing to do with how the attack was done, is interesting. Folks have an obsession with vulnerabilities and while they can matter a lot it is a fundamentally different value prop in ICS.
Fourth, if your biggest complaint in this situation is not the absolutely horrible events in front of us but the opinions of my employees on social media may I kindly suggest your biases are misleading you and your frustration is misplaced. We’re stressed I get it but you’re off
I’m very impressed with the professionals at the NSA, CISA, FBI, DOE, and others who have been significantly leaning in to try to be available and responsive on US infrastructure cybersecurity concerns these days. Seriously some awesome non public work taking place. Kudos y’all
For the young leaders out there please recognize these are bad examples to follow. You will make hard calls people judge often with only slivers of the full story. It will suck. You still have to make them. But you can never go wrong with empathy.
Today
@DragosInc
announced its record setting Series C financing of $110M. This is the largest investment ever made into an ICS/OT cybersecurity company and sends a signal to the broader market about the necessity and demand for OT cybersecurity.
Thank you all who showed me love/support on the Bloomberg article that alleged I acted unethically. Here's my side of the story:
Regardless of your opinions please realize the amazing work of the electric utilities to protect this country.
I like RSA. I do not like being at bars afterwards listening to dudes trying to impress ladies with tech talk. It’s painful. Apparently “the block chain” is solving some stuff. No idea what but the game will never be the same. “You like Elephants?”
Cyber attacks must seem like an easy yet scary excuse for complex events to the laymen especially over the last few years. Security professionals should be using the interest from non infosec folks as an opportunity to educate instead of sowing fear and hype.
I got to Davos for the World Economic Forum and basically had a small panic attack. Why am I saying this? Because I think I’ve earned my right to be here and I still have imposter syndrome. If you do too it’s ok. It’ll be ok. You belong and you deserve what you’ve earned.
I’m a very fortunate person, I’m a privileged person - through hard work or not I’ve had opportunities others haven’t. And during this crisis I’ve caught myself unexpectedly staring at the wall for half an hour or more just captured by the stress. Please take care of yourselves.
Supply chain woes are real folks. I cannot imagine the complexity this is going to cause for folks over the next two years. An example of what happened to us today:
I know there’s a desire to calm people down and have some confidence, but I would advise anyone pretending they have an understanding of the scope of the SolarWinds compromise to dial it down a bit. It’s going to take time, could be more accesses, and our collection isn’t great.
I’m a technical person. I like making money. I’ve not once owned cryptocurrency is any form. If you want to - that’s your money go for it. But if you’re trying to drag others into it - especially non-technical people - you are very likely hurting more than helping.
First, I’m prior military, please do not play the “support our troops” card on me. Our military has a wide set of diverse views not supporting one position or party. Many support military usage here and many sont and are following lawful orders but ready to refuse unlawful ones
The folks surprised that certain applications like SolarWinds and Kaseya tell users to exclude their folders from antivirus scans are going to be floored about what happens in ICS.
One day a cyber attack will happen to infrastructure on US soil and cause a disruptive event. My concern is the fear from the event and following regulation will hurt us more than the attack itself. Fear is important to snuff out so that we can have measured responses.
Hey
@Twitter
while y’all deal with the
@dotMudge
allegations resorting to a smear campaign against him is a really stupid idea. His character, skills, leadership, etc. are some of the most beloved and well documented in the community. Your response is telling. Focus on the facts.
I’m incredibly honored to have accepted the U.S. Senate Committee on Energy and Natural Resources’ formal invitation to testify in a hearing to examine cybersecurity in our nation’s critical energy infrastructure on March 1st at 10am Eastern.
I know no good will come from me saying this. But I feel compelled to say that former senior govt officials especially the head of our most significant intelligence agency profiting from that experience to work with foreign intel backed companies bothers me on a deep level.
Nice to see more former general officers supplementing their six-figure pensions lending their very particular US national security experience (and connections) to non-US endeavors!
My first recommendation for the next Administration is to figure out a way to keep
@CISAKrebs
. Pretty common for such folks to leave at the end of the admin; but he did his job and didn’t play politics about it. He focused on restoring confidence in the vote.
I’ve been asked to attend the World Economic Forum’s Davos conference this year and speak on OT cybersecurity. It’s an honor of course but what I’m most thrilled about is OT cybersecurity “making it” to that level: world leaders are interested and that’s fantastic movement.
U.S. Escalates Online Attacks on Russia’s Power Grid > it is my stance that targeting civilian industrial infrastructure is wrong. The potential for escalation is one thing, the risk to civilian life is unacceptable. There are plenty valid military targets
This was an unexpected kind gesture by the
@Nasdaq
congratulating
@DragosInc
on our Series D round ($200M raised to become the first ICS/OT security "unicorn"). Anyway thanks ya'll!
The debates around working from home from employers is fairly odd. You want to recruit and retain productive and happy teammates. The responsibility is on the employer to provide that environment. Employees should have choices of in person, remote, or hybrid whenever possible.
Coming into the Air Force cyber community I was routinely told non-STEM degrees didn’t have a place. The NSA didn’t care and took me on. I think I turned out ok. Don’t be limited in your own adventure by folks who think there’s a defined path.
There are some very irresponsible people with very large audiences claiming the electric grid outages in South America are a cyber attack with zero expertise or insight into the subject or case. Please ignore these people as always.
If Kaspersky software is “confirmed as malicious” (EU Parliament) I would hope there would be some public evidence presented. I’m not endorsing or detracting but only suggesting that if something is such a critical threat that it is in the public’s best interest to know why.
When I’m in front of a board, or an infrastructure company, or getting to speak to national level leaders - no one is asking or cares about the latest infosec drama, personalities, etc. they just want to know who can help them. My sincere advice is to focus on that. Be a helper.
For anyone who was wondering what I typed on my keyboard (no one was I’m sure) for the 60 Minutes close ups it was “My wife Raven is amazing and enables everything” in various iterations over and over. So now it’s captured on 60 Minutes forever :p
And because I don’t think it gets said enough these days - I do think the people in DHS and NSA working on this need a huge kudos. It’s not exactly an easy time to be in govt and our risk is growing. So I’ll point out where we can get better but also thank you.
Thread: the same Bloomberg journalists that covered the Super Micro story have covered technical stories that I’ve been involved in calling out before. I have nothing to add on the Super Micro story but here’s my experience with the journalists (1/x)
Reminder: the electric system, fuel, water, etc are going to continue on just fine. No need to panic about the utilities we depend on (I’ve heard some stupid fear-mongering start).
The systems are reliable and resilient. More importantly the people working them are badasses.
"Goodbye Mike Assante, Thank You For Literally Everything" my new blog saying goodbye to my friend
@assante_michael
- most will never know how much safer the world is because of this man
Ukraine’s electric system is now part of the European transmission system (ENTSO-E). It joined, after a lot of amazing work, a couple days ago. Disruptions to the Ukraine electric system by Russia could have impact beyond Ukraine’s borders now, in my opinion, making it safer.
I am proud to announce that I have been selected to be the Vice Chair of
@ENERGY
’s new Grid Resilience for National Security (GRNS) subcommittee. Together with my colleagues we’ll advise the DOE on grid security. To demystify this I wrote a blog here:
Sometimes it feels like the infosec community is the guy that walks up when your car engine is smoking and the hood is up, leans in, and whispers “Your blinker is also out”
Tons of awesome folks in the community though. Hang in there folks.
Early but strong contender for worst breach notification of 2019.
- Instant attribution to North Korea
- Reference to 9/11 terrorist attacks
- Needless use of “sophisticated”
- Claiming detection wasn’t possible
- Reference other victims to note defense is hard
I find it incredibly difficult to be an adult sometimes. An InfoSec bro was being hostile/vile to one of my Dragos teammates. She doesn’t need my help, but it takes everything I have not to go scorched earth on them. Instead I’ll say this: be excellent to each other y’all.
Years ago I worked with a Sergeant in the Marines while we were at the NSA together. I admired him as a thoughtful leader and natural analyst. We lost contact after I left the government. Today I got to hire him at my company. Life is cool.
My core take on the pipeline incident: it sucks, I feel bad for them, it’s impactful. It sounds like they have it under control and I’m going back to smoking some ribs on my BBQ. Y’all enjoy your weekend this will be here to talk about Monday.
Record inflation. Market crash. War in Ukraine. Growing tension with China. School shootings. Growing cyber risk. Climate crisis. Supply chain issues.
By all means let’s focus our efforts on limiting women’s rights instead.
Absolutely idiotic.
I can’t imagine “Happy Mother’s Day!” greetings being less hollow this year. With the amount of men that want to make choices about a woman’s body the greeting feels like it’d be more “Happy Forced Mother’s Day you second class human” to a large portion of people.
Pro Tip: If you’re in an infrastructure company and want to support your overworked engineers/operators/field techs/line workers/etc. - generally beer and/or doughnuts are well appreciated.
No one should have to watch a Supreme Court nomination process closely in fear that the results will remove their human rights. It should not be a political statement to say women’s rights and LGBQT+ rights are human rights. I know many have said this, but it’s so sickening.
Cyber attacks on industrial infrastructure (such as utilities, mfg, and pipelines) are a powerful tool in and preceding conflict. But denying the full effects of misinformation after the attack is a powerful defense. A thread:
In security, as any field, there is always drama and debates. But this community has given me everything I have. No USAF cyber, no meeting my wife. No getting out to teach at SANS, no son. No team at Dragos, no big dreams of the future. Happy holidays all and thanks for it all.
I don’t understand why people sincerely and seriously call themselves “Cybersecurity Visionary” or “Cybersecurity Thought Leader”. Not trying to hate but actually confused on why. Also I’ve not seen anyone use that title I actually know of.
Really impressed by the joint
@NSAGov
and
@FBI
report looking at Russian malware. Kudos to the folks inside that worked on it and the approach to sharing with the community
I’m always impressed by the brave women who come forward and challenge the creeps and harassers in the infosec community. I don’t have anything meaningful to add other than saying I respect y’all and am sorry you have to keep stepping up.
Cyber is inherently escalatory and it doesn’t matter how good it makes you feel it’s irrelevant in the current situation. People are getting shot and bombed. The invasion is underway. This isn’t the time for your cowboy bullshit
Someone tweeted my address in response to my Snowden tweets. All info you can find but comes off as threatening especially while traveling and having to text my wife/kid. I didnt see it at first. Multiple FSD folks/others did & reported it & texted me. Thanks y’all for being cool