Episode 68: Scythe CEO Bryson Bort on Enhancing Security with Realistic Adversary Emulation
OODAcast - A podcast by Matt Devost & Bob Gourley
Bryson Bort is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy. He is widely known in the cybersecurity community for helping advance concepts of defense across multiple critical domains. He is the co-founder of the ICS Village, a non-profit advancing awareness of industrial control system security. Bryson is also a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute. In this OODAcast we examine approaches Bryson has seen make positive differences in evaluating and mitigating risks to enterprises, specifically in the domain of adversary emulation. The discussion covers: A practitioner's view of the state of cybersecurity The demise of the perimeter as a security control What leaders need to know to mitigate risk Attack, Detect and Response tools and how their automation can help continuously mitigate risks Mitre ATT&CK and how to use it to help frustrate adversaries Assisting Blue Teams, Purple Teams and Red Teams with tooling The use of cyber threat intelligence to inform automated adversary emulation More on cybersecurity: Ransomware: An update on the nature of the threat The technology of ransomware has evolved in sophistication and the business models of the criminal groups behind it have as well. The result: The threat from ransomware has reached pandemic proportions. This post provides an executive level overview of the nature of this threat. It is designed to be read as an introduction to our accompanying post on how to mitigate the threat of ransomware to your organization. See: Ransomware, an update on the nature of the threat China’s Plan for Countering Weaponized Interdependence In an article entitled “The international environment and countermeasures of network governance during the “14th Five-Year Plan” period” by Xu Xiujun (徐秀军) in the February 27, 2021 edition of China Information Security, we see the continuation of China’s concerns over Weaponized Interdependence and China’s desire to shape a global technology and economic environment that is less influenced by Western power. Xiujun identifies concerns in several interconnected areas including cybersecurity, economic centralization, and advancement in technologies like AI, Quantum, and 5G. See: China’s Plan for Countering Weaponized Interdependence If SolarWinds Is a Wake-Up Call, Who’s Really Listening? As the U.S. government parses through the Solar Winds software supply chain breach, many questions still remain as to the motive, the entities targeted, and length of time suspected nation state attackers remained intrenched unseen by the victims. The attack stands at the apex of similar breaches in not only the breadth of organizations compromised (~18,000), but how the attack was executed. See: If SolarWinds Is a Wake-Up Call, Who’s Really Listening? Russian Espionage Campaign: SolarWinds The SolarWinds hacks have been described in every media outlet and new source, making this incident perhaps the most widely reported cyber incident to date. This report provides context on this incident, including the “so-what” of the incident and actionable insights into what likely comes next. Russian Espionage Campaign: SolarWinds The Cyber Threat to NASA Artemis Program: NASA is enabling another giant leap for humanity. With the Artemis program, humans will return to the Moon in a way that will enable establishment of gateways to further exploration of not just the Moon but eventually the entire solar system. The initial expenses of the program will return significant advances for scientific understanding and tangible economic returns. As Artemis continues, the project will eventually deliver improvements for humanity that as of yet have only been dreamed of. But there are huge threats. For more see: The Cyber Threat To Artemis Security In Space and Security of Space: The last decade has seen an incredible increase in the commercial use of space. Businesses and individual consumers now leverage space solutions that are so integrated into our systems that they seem invisible. Some of these services include: Communications, including very high-speed low latency communications to distant and mobile users. Learn more at: OODA Research Report: What Business Needs To Know About Security In Space Also see: Is Space Critical Infrastructure, and the special report on Cyber Threats to Project Artemis, and Mitigating Threats To Commercial Space Satellites