I did a bunch of interviews today and something really stuck with me - being told that a lot of politicians are trying to decide if climate change or infrastructure cybersecurity is more pressing.

Climate change deeply impacts geopolitics and military policy. Therefore it is a cybersecurity issue. The DoD has always understood this. You can’t look at the “APTs” and terrorist orgs we deal with and not consider how climate impacts will continue to motivate them.

Here's a refresher on how to think about stories in the news from a "secure by design" standpoint. Many stories about compromises of consumer devices and apps are unfortunately overstated or outright hoaxes (what I call "hacklore"). Some sample questions that we should ask:

-Which operating systems, apps, etc. are affected? What versions?

-What did the software/hardware manufacturer say in response to the alleged vulnerability? Are they going to address it in a future version?

-How can users determine if the attackers successfully compromised them?

Questions like this can help us urge technology companies to improve the security of their products. Or, in some cases, it can reveal the alleged allegations as incredibly rare, or even as hoaxes.

Reporters should pay special attention to the full list of questions here:

https://www.cisa.gov/news-events/news/applying-secure-design-thinking-events-news