In our latest report, we overlay actual #ransomware threat actor behavior on our original, theoretical map of the ransomware payment ecosystem. This “mini-pilot” takes four threat actor case studies and traces their path, identifying the tools, services, and entities that they leveraged as they prepare for and carry out attacks.

The mini-pilot produced a fifth, composite map that aggregates the findings from all four case studies to render overall conclusions about the map’s counter-ransomware applications.

“This mini-pilot indicates that there may be a range of opportunities to add friction for all entities depicted in the ransomware payment ecosystem map, and that disrupting this ecosystem requires not just a multistakeholder approach but a strategic one. By centering threat actor behavior, it may be possible not only to disrupt the ecosystem, but to predict where these actors will move as the ecosystem tightens its grip on illicit activity,” writes report author Zoë Brammer.

Read Mapping Threat Actor Behavior in the Ransomware Payment Ecosystem: A Mini-Pilot:

https://securityandtechnology.org/virtual-library/reports/mapping-threat-actor-behavior-in-the-ransomware-payment-ecosystem-a-mini-pilot/

As members of the IST team make their way to San Francisco this week for RSA Conference, IST’s Sophia Mauro reflects on the conference theme “Stronger Together,” an idea that is central to IST’s work.

“IST’s #RansomwareTaskForce demonstrates the Stronger Together model in action,” she writes. “Not only is the theme relevant to our work, but it also applies to the many initiatives and collectives in which we take part.” She calls out #CyberCivilDefense initiative, Nonprofit Cyber and Cyber Threat Alliance, among others.

We look forward to seeing you at #RSAC2023! Join us for the following panels:

Monday, 4/24 at 1:10 PM PT: IST’s Zoë Brammer will moderate the panel, Mapping the #Ransomware Payment Ecosystem & Opportunities for Friction with panelists Justin Herring, Jacqueline Burns Koven (Chainalysis Inc.), and Matt McCabe (Kivu Consulting). The panel will present findings from our ransomware payment ecosystem map, identify opportunities for disruption & discuss how the cybersecurity community can help.

Thursday, 4/27 at 10:50 am PT: In light of the latest #UnitedNations negotiations on a #cybercrime treaty, what is at stake? How might the treaty intersect with existing international instruments for cooperation? IST’s Megan Stifel will moderate the session, The Promise and Peril of a UN Cybercrime Treaty. Together with panelists John Hering (Microsoft), Jane Lee (U.S. Department of Justice), and Charley Snyder (Google), the panel will explore implications for criminalization, human rights, and the private sector.

https://securityandtechnology.org/blog/ist-at-rsa-stronger-together/

NEW from Cyber Threat Alliance and IST: Cyber Incident Reporting Framework: Global Edition

We are releasing an updated, global version of the Cyber Incident Reporting Framework that answers questions about what conditions should be in place to make a reporting mandate effective and harmonizes suggested definitions with existing global regulations.

Last fall, we released the #Cyber Incident Reporting Framework to provide input regarding cyber incident reporting frameworks in the U.S. We identified a set of principles that the incident reporting regulation should incorporate and developed a set of model reporting formats the Cybersecurity and Infrastructure Security Agency could use as the foundation for the reporting forms.

We heard from our partners that a reporting framework would be helpful for governments and the multi stakeholder community across the globe, so we adapted the framework to make it applicable to and useful for a global audience.

The #CIRFGlobal develops a model reporting format that #cybersecurity authorities and other government authorities worldwide could use as the foundation for their national reporting frameworks and regulatory language. It also provides input to national cybersecurity authorities and national legislative bodies that are considering implementing a mandate for reporting cybersecurity incidents to government entities and/or encouraging the voluntary reporting of less substantial incidents.

Thank you to Chainalysis Inc., CipherTrace, CREST, CYBERA, Cybercrime Support Network, and CyberPeace Institute for their support in developing this framework!

https://securityandtechnology.org/virtual-library/reports/cyber-incident-reporting-framework-global-edition/

The Biden administration today released its 2023 National Cybersecurity Strategy, which marks the culmination of a monumental effort to draft a comprehensive approach to #cybersecurity with the input of experts from the private sector, civil society, and regulatory agencies.

In our latest #NatSpecs blog, IST cyber experts Megan Stifel, Zoë Brammer, Elizabeth Vish, and Silas Cutler unpack the strategy’s top priorities and how they could potentially impact our work at the intersection of technology and security. Above all, they highlight the importance of implementation and follow-through: “success will require resources, collaboration, and consultation with partners across the private sector, international arena, and cybersecurity community.”

https://securityandtechnology.org/blog/ist-reviews-the-2023-national-cybersecurity-strategy-analysis-and-next-steps/

NEW from IST: Today, we release the culmination of a year’s worth of research and workshops examining the strategic stability risks posed by integrating AI technologies into nuclear command, control, and communications systems across the world.

“AI-NC3 Integration in an Adversarial Context” presents a novel set of scaled confidence building measures, based on a range of levels of effort and international cooperation, that states could embrace.

With support from the U.S. Department of State’s Bureau of Arms Control, Verification, and Compliance, our research aimed to specify the vulnerabilities posed by the integration of AI technologies into NC3. We brought together technical AI researchers, policymakers, academics, and industry.

Report authors Alexa Wehsener, Andrew Reddie, Leah Walker, and Philip Reiner examined the use of a suite of policy tools in the nuclear context, ranging from unilateral AI principles and codes of conduct to multilateral consensus about the appropriate applications of AI systems.

“Sustained strategic stability will require nuclear weapons states to share their understandings of the risks of emerging technologies across both civilian and military domains,” they write. “Nuclear weapons states need to think creatively about confidence building measures (CBMs) to help states mitigate risks, develop and strengthen norms, and improve decision making.”

Read the report now:
https://securityandtechnology.org/virtual-library/reports/ai-nc3-integration-in-an-adversarial-context-strategic-stability-risks-and-confidence-building-measures/

One year ago today, Russian ground and air forces invaded Ukraine with the goal of annexing the country. In the year since, Russia and Ukraine have engaged in a conflict that has implications for cyber applications in military contexts, nuclear deterrence, crisis communications, and disinformation.

We took stock of the major tech trends the war in Ukraine has revealed, accelerated, and even redirected. Read more in our blog:

https://securityandtechnology.org/blog/technology-warfare-and-russias-invasion-of-ukraine-ists-anniversary-assessment/

#ukrainewar #disinformation #nuclear #cyberwar #cyber #ukraine #russia

📢 In one hour!

Don't miss our event with Dr. Michael Horowitz, Director of the Emerging Capabilities Policy Office at the Pentagon, and IST's Dr. Alice Friend. The two will discuss the latest guidance on Autonomy in Weapon Systems, unpacking what it means for how DoD is grappling with technological advances from #SiliconValley and across the world.

The conversation will also turn to the U.S. government's newly released international framework on Responsible Military Use of #ArtificialIntelligence and Autonomy. How does this declaration respond to DoD’s own guidance and what does it mean for international adoption of #responsibleAI practices?

In addition to the moderated conversation, audience members will also have a chance to submit questions.

Register now: https://us02web.zoom.us/webinar/register/3116763175304/WN_-rM3CKRjS0-6gyiUZtc9Uw

IST is excited to partner with the Duke University Pratt School of Engineering, Sanford School of Public Policy, Department of Computer Science, Law School, and the Universidad Latina de Costa Rica for the Cybersecurity Leadership Program in Costa Rica.

The program will bring together private sector leaders and government officials between March 14 and 16 for an intensive course. Topics covered include cyber-related risks to organizations, supply chain best practices, cyber attack response, and threat and vulnerability assessment.

IST’s Zoë Brammer and Elizabeth Posegate Vish will speak at the program, offering their cyber expertise to program participants.

To learn more: https://techpolicy.sanford.duke.edu/clpcostarica/