For the past 10 years, I’ve been in the trenches helping national governments and leading critical infrastructure companies develop and apply cyber threat intelligence in order to improve their situational awareness and security operations. It doesn’t take an insider to recognize that cyber criminals, trolls, terrorists and authoritarian states are exhausting cyber defenders and transforming the Internet experience from utopian dream to dystopian reality.
Dramatic increases in cyber defense spending aren’t paying off. Reactive measures like threat sharing initiatives and sophisticated adversary attribution and attack models, while necessary, are insufficient. The next software release or over-hyped technology – AI, machine learning, blockchain – won’t rescue us anytime soon. The problems are too varied and complex; the current technology solutions too narrow and disjoint; the asymmetric advantage of attackers too great.
Cybercrank is founded on the belief that if cybersecurity professionals want to break out of the rut of reacting to and ‘chasing bad guys’, there needs to be more awareness and knowledge of Internet Mechanics and Internet Governance, and how this knowledge can be used to inform policies that can lead to a more secure Internet. So if this interests you, let’s explore further.
Internet Mechanics™: The Internet and Web operate on foundational technologies and supporting protocols. Three of the most important are routing, DNS, and Ad Tech networks and trackers. Without these, the Web doesn’t work. None of these were designed with security in mind. Attacks and failures of these systems can be catastrophic. This fundamental weakness has been known for decades. Remedies that ameliorate the risks are known, yet progress is slow. We should ask why these weaknesses remain, and what policies or laws are needed to overcome inertia and compel the adoption of more secure cyber practices. Featured posts in Internet Mechanics
Internet Governance: You can’t understand Internet mechanics without a basic understanding of Internet governance. Our concept of governance encompasses non-governmental policy groups such as ICANN, IANA, and routing and domain registries, as well as national laws. The rise of the Splinternet, where authoritarian countries tightly control content and access is a critical issue that affects governments, enterprises, and users. Featured posts in Internet Governance and Countries
On the Shoulders of Others: The cybercrank logo represents the idea that we all ‘stand on the shoulders of others’, where ‘others’ includes cyber security researchers, tool providers or journalists. Insights are often ‘sparked’ by the work of others. Every cyber threat researcher has a preferred set of open source and proprietary tools that they rely on to do their jobs. Featured posts in Tools
About: Cybercrank is based on the principles of Collaborative Security and Open Innovation, and focused on the needs of national governments and their industry partners. This belief is informed by highly relevant industry experience of cybercrank founder and principal, Gerry Eaton – 10 years serving government and information sharing partners as Director of Technical Services for LookingGlass Cyber Solutions, 8 years supporting collaborative R&D contracts in cyber security and knowledge management to government customers for Milcord LLC, and 20+ years supporting advanced technical solutions in natural language technologies, data mining and information technology to OEM, commercial and government markets in the US, Europe and Asia. That’s 40 years in the trenches.
Finally, special thanks to my employer, LookingGlass Cyber Solutions. I owe many of my insights to the great tools, colleagues and customers that I have the privilege to work with.
Thanks for visiting. Hope you follow-us. Now, get off my lawn! 🙂