Many Techies Don’t Understand Privacy …

… and many lawyers/politicians don’t understand computer technology. That may well be an exaggeration. But a recent Kara Swisher interview of Walt Mossberg with the title “Is Mark Zuckerberg a Man Without Principles?” confirmed at least some of this assertion. The transcript of the interview is available via Opinion | ... Read More

Cybersecurity Risk’s “New Math”

Mary K. Pratt posted an article, “The new math of cybersecurity value,” on CSOonline on September 21, 2021, available at The new math of cybersecurity value | CSO Online   It is a good article that brings up longstanding issues with security metrics, but it is by no means “new.” I ... Read More

Human vs. Artificial Intelligence in Autonomous Systems

A common goal, as we see in many articles on AI (artificial intelligence) and ML (machine learning), is to make AI/ML systems more like humans. Some claim that humans are much better at driving road vehicles than self-driving software, even though the accident statistics appear to contradict this view. Perhaps ... Read More

The Demise of Self-Driving Cars as Such

This is a follow-on column to my May 10, 2021 BlogInfoSec post “Will Full Autonomy Ever Be Realized?” It is prompted in part by the recent decision by the NHTSA (National Highway Transportation Safety Administration) to investigate a number of crashes that occurred when Tesla’s Autopilot system was active, specifically ... Read More

Cybersecurity Lessons from the Pandemic: CDC Model and FS/ISAC

It is very ironic to see that, on August 18, 2021, the CDC (Centers for Disease Control and Prevention) announced the formation of a Center for Forecasting and Outbreak Analysis, see CDC Stands Up New Disease Forecasting Center | CDC Online Newsroom | CDC   I say that because when we ... Read More

Cybersecurity and AI/ML Biases

Cyberattackers and cyberdefenders appear to be utilizing AI (artificial intelligence) and ML (machine learning) to a rapidly increasing degree, if you are to believe the press, vendors’ claims and blogs. So, it makes sense for cybersecurity professionals and researchers to get a better understanding of the biases that affect the ... Read More

Cybersecurity Lessons from the Pandemic: Why Not

You might notice there’s no question mark at the end of the title. That is intentional. In a May 18, 2021 Opinion article in The New York Times by Dr. Sema K. Sgaier, with the title: “Meet Four Kinds of People Holding Us Back from Full Vaccination,” which is available ... Read More

Ransomware and the C-I-A Triad

In earlier, more innocent (?) times, cyberattacks seemed to be fairly straightforward. You have the data exfiltration attacks, where copies of sensitive personal information and intellectual property are stolen, often without the victims’ knowledge since the original data are left intact. Sensitive nonpublic personal data are then either sold on ... Read More

Not So Fastly

The system failure at Fastly on June 8, 2021 portends what may well be the greatest threat to the Internet and all that it supports. In an Associated Press article by Marcio Jose Sanchez on June 9, 2021, with the title “Tuesday’s Internet Outage Was Caused By One Customer Changing ... Read More

Krebs on Ransomware

The Krebses—Chris and Brian—are not related, but they have both come out with positions on ransomware. Chris was the former head of DHS’s CISA (Cybersecurity & Infrastructure Security Agency), and Brian is a journalist and much-admired author (by me and many others) of the outstanding blog KrebsonSecurity. I described Chris ... Read More