Cyber.RAR is a podcast series from six Harvard Kennedy School students: Michaela Lee, Bethan Saunders, Winnona DeSombre, Danielle Levin, Sophie Faaborg-Andersen, and Grace Park.
While each bring a different lens to the show, they all share a common conviction: the field of cybersecurity is rapidly evolving, yet the national security field is falling behind. In this podcast, they uncover why the U.S. government struggles to build basic cyber infrastructure, explore how to regulate offensive cyber capabilities, debate the meaning and merits of “hacktivism”, and laugh with each other along the way. Tune in to Cyber.RAR for discussions, debates, and expert interviews on the biggest questions, challenges, and opportunities in cybersecurity.
📻 Siste episoder av Cyber.RAR
Her er de nyeste episodene tilgjengelige via RSS-feeden:
Is Big Tech Imploding? Cybersecurity and Content Moderation (00:46:01)
Big Tech, honey, are you doing okay? Whether we like it or not, large technology platforms and the for-profit institutions that make them are here to stay in our society and economy. Governments are starting to craft often-overlapping regulations to try and fix the problems that come up, but instead of looking at issues one by one, let's look at these organizations as a whole - fundamentally “grow fast and break things” companies who somehow ended up in shouldering a lot of our national security, growing the international economy, and protecting values that underpin our Western society. How well does big tech help or hinder our security, privacy, and social fabric, and how will that change as the economy slows down? Show notes:Twitter:Content moderation & security: Mudge whistleblower complainthttps://techcrunch.com/2022/09/13/twitter-whistleblower-mudge-congress/Deplatforming vs. Echo chambershttps://www.vanderbilt.edu/jetlaw/2021/01/31/the-de-platforming-debate-balancing-concerns-over-online-extremism-with-free-speech/https://www.youtube.com/watch?v=6V_sEqfIL9Qhttps://www.axios.com/2021/12/06/conservative-social-media-crypto-publishing-internetStaffing at Twitterhttps://www.reuters.com/technology/after-elon-musks-ultimatum-twitter-employees-start-exiting-2022-11-18/Radioshack tries to sell off user datahttps://www.washingtonpost.com/news/the-switch/wp/2015/03/26/bankrupt-radioshack-wants-to-sell-off-user-data-but-the-bigger-risk-is-if-a-facebook-or-google-goes-bust/Uber:Uber CISO court case: https://www.csoonline.com/article/3676078/what-the-uber-verdict-means-to-cisos-youre-probably-not-going-to-jail.html Facebook / Meta:Advisory board / election issueshttps://www.cnn.com/2021/10/05/world/meanwhile-in-america-oct-6-intlBody issues re: instagram https://www.npr.org/2021/10/05/1043194385/whistleblowers-testimony-facebook-instagramOverlapping foreign government action + industrial policyState overlapping privacy lawshttps://www.ncsl.org/research/telecommunications-and-information-technology/state-laws-related-to-internet-privacy.aspx China data privacy laws / increased balkanization of internethttps://www.ey.com/en_kw/forensic-integrity-services/how-chinas-data-privacy-and-security-rules-could-impact-your-business Google’s Operation Aurora: https://www.youtube.com/watch?v=przDcQe6n5oCybersecurity in a technology recession (cyber security as compliance)Google being told to cut costs by VChttps://www.businessinsider.com/google-layoffs-cost-cutting-analyst-2022-11 Benefits of security / private attribution, compliance for government contractshttps://www.securityweek.com/google-wins-lawsuit-against-glupteba-botnet-operatorsFTXhttps://www.forbes.com/sites/ninabambysheva/2022/11/21/ftx-hacker-moved-nearly-200-million-of-ether-to-different-wallets/https://www.cnn.com/2022/11/18/investing/ftx-bahamas-seizure
Cybersecurity in a National Digital Transformation Effort: An Interview with Minister Cina Lawson of Togo (00:35:49)
Minister Cina Lawson, Togo's Minister of Digital Economy and Transformation, joins Cyber.RaR for a special episode. In her role leading Togo's digital transformation, Minister Lawson oversaw rapid digital service penetration within Togo, the first deployment of 5G in West Africa, and an innovative mobile cash distribution solution for Covid-19 relief. Minister Lawson discusses the tradeoffs between growing a local cyber talent workforce and hiring experts, how Togo has sustained good security hygiene despite rapid increases in digital service provision and access, and how her team's innovative approach is derived from human-centric principles.
Sharks & Tubes: Submarine Cables and Cybersecurity (00:44:11)
Worried about a nuclear war with Russia? Maybe you SHOULD be worried about beluga whales. Let’s dive in (pun intended) on why. This week on Cyber.RAR, we discuss global infrastructure in the form of undersea cables transmitting data through light traveling along silicon tubes - and how fragile these systems really are. We discuss how to monitor and defend these cable networks given how massive and interconnected they are and how geography and technology factor into strategic decision-making about espionage and cyber-enabled attacks. We conclude the episode with a tribute to Secretary of Defense Ash Carter and his tremendous impact on the Kennedy School and the nation.Relevant Sources: https://www.submarinecablemap.com/ https://www.nytimes.com/interactive/2019/03/10/technology/internet-cables-oceans.htmlhttps://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable-tapping/277855/https://www.atlanticcouncil.org/in-depth-research-reports/report/cyber-defense-across-the-ocean-floor-the-geopolitics-of-submarine-cable-security/
Your Data is Oozing: How the US Government Accesses Citizens' Data Using Consumer AdTech (00:35:48)
Bloomberg - FTC Sues Mobile Data Broker Over Abortion Location Data Sale https://www.bloomberg.com/news/articles/2022-08-29/ftc-sues-mobile-data-broker-over-abortion-location-data-sales?sref=P6Q0mxvj&leadSource=uverify%20wallVice - Data Broker Is Selling Location Data of People Who Visit Abortion Clinics https://www.vice.com/en/article/m7vzjb/location-data-abortion-clinics-safegraph-planned-parenthoodForbes - Black Lives Matter Protestors Tracked by Secretive Phone Location Technology https://www.forbes.com/sites/zakdoffman/2020/06/26/secretive-phone-tracking-company-publishes-location-data-on-black-lives-matter-protesters/?sh=77520f5f4a1eAP - Tech Tool Offers Police ‘Mass Surveillance on a Budget’ https://apnews.com/article/technology-police-government-surveillance-d395409ef5a8c6c3f6cdab5b1d0e27efAP - Across the US, Police Offers Abuse Confidential Databases https://apnews.com/article/699236946e3140659fff8a2362e16f43Wired - WhatsApp Has Shared Your Data with Facebook for Years Actually https://www.wired.com/story/whatsapp-facebook-data-share-notification/Gizmodo - Rights Groups Say the Pentagon is Buying its Way Around the Fourth Amendment https://gizmodo.com/rights-groups-say-pentagon-buys-freedom-from-fourth-ame-1849604210Gizmodo - The American Data Privacy Act Would Be a Bipartisan Triumph - If It Could Pass https://gizmodo.com/can-american-data-privacy-protection-act-pass-1849413911Gizmodo - Congresswoman Urges FTC to Investigate Newly Revealed Police Software Surveilling Americans’ Movements https://gizmodo.com/congresswoman-ftc-to-investigate-fog-data-science-softw-1849547432Brookings - The FTC Can Rise to the Privacy Challenge, but Not Without Help from Congress https://www.brookings.edu/blog/techtank/2019/08/08/the-ftc-can-rise-to-the-privacy-challenge-but-not-without-help-from-congress/Berkman Klein Center and Minnesota Law Review - Understanding Chilling Effects https://cyber.harvard.edu/story/2021-06/understanding-chilling-effectsPEN America - Chilling Effects: NSA Surveillance Drives US Writers to Self-Censor https://pen.org/research-resources/chilling-effects/
Are Turtles War Machines? AI-Enabled Cybersecurity Has an Answer (00:44:27)
AI-enabled security can process data faster and more accurately than humans, but can it tell the difference between turtles and rifles? We answer this question and more as we cover AI-enabled cybersecurity for network defense, insider threat, and user privacy, including considering whether AI ethics are simply business ethics. We also discuss asymmetric uses for nation-states on both offensive and defensive postures and AI-enabled malware and social engineering. Dani concludes with a deep dive into "Fog Reveal" a law enforcement cellphone tracking tool that'll make you squirm.The Verge - Google's AI Thinks Turtles are Rifles: https://www.theverge.com/2017/11/2/16597276/google-ai-image-attacks-adversarial-turtle-rifle-3d-printedForbes - Ukrainian Drones Strike Russian Artillery: https://www.forbes.com/sites/davidaxe/2022/09/02/ukraines-drones-are-back-and-blowing-up-russian-artillery/?sh=71b8f8946b8fDefenseNews - Torch.AI wins DoD Contract for Insider Threat Detection: https://www.defensenews.com/cyber/2022/08/15/torchai-wins-pentagon-insider-threat-cybersecurity-contract/Lawfare - AI and National Security: https://www.lawfareblog.com/recent-developments-ai-and-national-security-what-you-need-knowOxford Internet Institute ‘Trusting Artificial Intelligence in Cybersecurity is a Double-Edged Sword’National Security Commission on Artificial Intelligence Final Report: https://www.nscai.gov/wp-content/uploads/2021/03/Full-Report-Digital-1.pdfAP Report on Fog Reveal: https://apnews.com/article/technology-police-government-surveillance-d395409ef5a8c6c3f6cdab5b1d0e27ef
Crypto & Lowrise Jeans: Cybersecurity on the Blockchain (00:48:11)
What do Cryptocurrency and the 90's have in common? Easily exploitable bugs and also Paris Hilton, apparently.We cover the state of regulation and cybersecurity within the blockchain and cryptocurrency space - covering environmental, democratization, and equity concerns, as well as user vs. system security, code audits and minimum standards. Corinna Fehst (MPP'18 and crypto strategy expert) makes a surprise guest appearance. Bethan talks about whether you should post your laptop screen on BeReal [spoiler alert, please don't]. Show Notes:Corinna Fehst: https://www.belfercenter.org/person/corinna-fehstSecurity:Scams:Reports show scammers cashing in on crypto craze | Federal Trade CommissionEmbattled crypto lender Celsius is a 'fraud' and 'Ponzi scheme,' lawsuit allegesExploiting vulnerabilities in smart contracts/wallets/code:Nomad crypto bridge loses $200 million in ‘chaotic’ hack - The VergeSolana Wallet Hack: Here’s What We Know So Far - DecryptNumber of Blockchain Hacks on the RiseMoney laundering / enabler of illegal activity:U.S. seizes $2.3 mln in bitcoin paid to Colonial Pipeline hackers | ReutersFBI Seizes $500,000 Ransomware Payments and Crypto from North Korean HackersDeFi Is the Wild West of Banking and Investing. Here's What Crypto Investors Should KnowCrypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity - ChainalysisMid-year Crypto Crime Update: Illicit Activity Falls With Rest of Market, With Some Notable Exceptions - Chainalysishttps://www.cnbc.com/2022/05/18/china-is-second-biggest-bitcoin-mining-hub-as-miners-go-underground.html
State of the Practice - The Chips & Science Act (00:41:28)
Good WashPo article: A new era of industrial policy kicks off with signing of the Chips ActGeneral relationship between semiconductors/cyber: Cybersecurity and Semiconductors: How are they related? Helpful article for context: How the 'chips-plus' bill grew by nearly 1,000 pages - Roll CallRead “Discussion of the CHIPS Act Section: The US CHIPS Act.From Grace - AAPI Amendment that was removedSkim DoD Statement for the national security angle (re microelectronics): CHIPS Act Advances DOD's Emphasis on MicroelectronicsChips Act Summary by the Department of CommerceIndustry Matching of Chips ActBloomberg's "The Big Hack - How China Used a Tiny Chip to Infiltrate US Companies""Bloomberg Stands Firm as Story Denials Mount"AAPI Profiling amendment that was removed from the CHIPS Act
Expert Interview: Protecting Vulnerable Populations in Cyberspace (00:46:33)
Michaela dives deeper into the nexus of cyber and vulnerable populations through an interview with Eva Galperin, the Director of Cybersecurity at the Electronic Frontier Foundation (EFF). Listen in on our conversation about stalkerware, privacy, and activism! Listen to the end of the episode to hear what the Cyber.RAR team is up to (plus the prospect of Season 2!?). If you'd like to reach out to us, send an email to cyberRAR.podcast@gmail.com!Girls Lean Back Everywhere: The Law of Obscenity and the Assault on Genius: https://en.wikipedia.org/wiki/Girls_Lean_Back_EverywhereMaryland SB 134: https://www.eff.org/deeplinks/2022/04/victory-maryland-police-must-now-be-trained-recognize-stalkerwareResources for vulnerable populations: --EFF: https://www.eff.org/pages/tools --Access Now: https://www.accessnow.org/help/ --Department of Homeland Security: https://www.ready.gov/cybersecurity --Consumer Reports: https://securityplanner.consumerreports.org/
Protecting Vulnerable Populations in Cyberspace (00:35:02)
How do we better protect our most vulnerable populations from cyber incidents? Michaela leads the conversation and posits that instead of thinking about it as a domain of war, we should use a climate analogy to think about the increasing vulnerability of our digital ecosystem. This could help us understand the disaggregated impacts on different communities and change the way we think about building resilience. If you'd like to reach out to us, send an email to cyber.rar.podcast@gmail.com!Dusseldorf University Hospital Ransomware Attack: https://www.wired.co.uk/article/ransomware-hospital-death-germanyCISA alert on the increased threat of ransomware: https://www.cisa.gov/uscert/ncas/alerts/aa22-040aDarknet Diaries Episode: https://darknetdiaries.com/transcript/106/Cuckoo’s Egg: https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg_(book)Resources for vulnerable populations:--EFF: https://www.eff.org/pages/tools--Access Now: https://www.accessnow.org/help/--Department of Homeland Security: https://www.ready.gov/cybersecurity--Consumer Reports: https://securityplanner.consumerreports.org/
Expert Interview: Defense Innovation? Walk Before You Run (00:30:25)
Eric Rosenbach, Co-Director of the Belfer Center and Former Chief of Staff of the Pentagon, joins Cyber.RAR to talk about the major roadblocks facing innovation within the Department of Defense. Eric, Bethan, and Sophie dive into the challenges facing talent management in national security, overcoming the DoD's aversion to innovative risk-taking, and why the DoD still doesn't have central cloud computing.Eric Rosenbach Bio: https://www.hks.harvard.edu/faculty/eric-rosenbachhttps://www.dds.mil/abouthttps://www.defense.gov/News/News-Stories/Article/Article/2327021/diu-making-transformative-impact-five-years-in/
Defense Innovation? Walk Before You Run (00:32:01)
Bethan and Sophie explore why it's so hard to get innovative digital technologies into the Defese Department. The discussion starts with JEDI (and no, not from Star Wars) and covers the challenges facing the defense innovation ecosystem and how a new aqusitions playbook is needed for software and cyber capabilities. Grace shares their experience working with technology as an Army Signal Officer and Winnona asks some tough questions about the DoD procurement and contracting process. Get ready for a few Star Wars puns! https://aida.mitre.org/dod-innovation-ecosystem/https://www.diu.mil/about https://innovation.defense.gov/ https://techcrunch.com/2021/11/19/pentagon-announces-new-cloud-initiative-to-replace-ill-fated-jedi-contract/ https://www.nationaldefensemagazine.org/articles/2022/1/26/silicon-valley-takes-on-the-valley-of-death https://www.fedscoop.com/list/7-cloud-programs-leading-the-way-in-government/https://dl.dod.cyber.mil/wp-content/uploads/dces/pdf/GeneralCESFAQs.pdf https://aida.mitre.org/ota/
Expert Interviews: Hacktivism (00:26:42)
Grace continues the conversation on so-called hacktivism and the future landscape of cyber activism with Bruce Schneier, author of the book 'Data and Goliath,' and fellow and lecturer at Harvard Kennedy School.Bruce Schneier website and bio: https://www.schneier.com/
The Chaos of Political Hacking (00:33:46)
Grace asks the question: Political Hacktivism (Hacking + Activism), chaotic good or chaotic evil? What even counts as activism versus terrorism in cyberspace? Is it simply ideological or is it normative? And looking forward, what does the second rise of hacktivism mean for the global order?
Expert Interviews: Cyber Mercenaries (00:50:47)
Winnona continues her exploration of cyber mercenaries by interviewing three experts: Sophia D'Antoine & Dave Aitel, two professionals in the offensive security industry, and Sean McFate - an expert on private military contractors.Cyber policy papers: https://docs.google.com/spreadsheets/d/1pnISykZe1nn1wwWBJRiaxYaqDoj4ADeBtsoUL41Hw2Y/edit?usp=drive_web&ouid=116612216017356103570The Modern Mercenary: https://www.amazon.com/Modern-Mercenary-Private-Armies-World/dp/0199360103
A Tangled Web: Cyber Mercenaries (00:31:18)
Winnona asks: how does one regulate an industry that operates so far in the shadows? This is a major problem in the hack for hire industry, and something we’re going to try and tackle on our podcast episode today on Cyber.RAR. We will be looking at what it looks like to be selling hacking capabilities to governments, what the nuances within the space are, and what concerning trade-offs we’re making that governments may not understand but industry does.Show Notes: NSO: https://www.zdnet.com/article/commerce-dept-sanctions-nso-group-positive-technologies-and-more-for-selling-spyware-and-hacking-tools/https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/ https://www.theverge.com/2021/12/21/22848485/pegasus-spyware-jamal-khashoggi-murder-nso-hanan-elatr-new-analysis https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/https://www.theguardian.com/us-news/2021/nov/08/nso-israeli-spyware-company-whatsapp-lawsuit-ruling https://www.wired.com/story/nso-group-forcedentry-pegasus-spyware-analysis/https://citizenlab.ca/2018/11/mexican-journalists-investigating-cartels-targeted-nso-spyware-following-assassination-colleague/ Offensive Cyber Capabilities https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/a-primer-on-the-proliferation-of-offensive-cyber-capabilities/ Coseinc: https://risky.biz/RB310/
Rose/Bud/Thorn: Cyberwar in Ukraine (00:28:19)
Dani asks: how does cyber fit into modern warfare strategies? How have cyber strategies evolved in the last two decades, what can we learn from the uses of cyber capabilities in Russia's invasion of Ukraine, and how should the U.S. evolve its cyberwarfare strategy going forward? We will be exploring myths of cyberwarfare strategy - like the escalation of cyber offense into kinetic warfare - and examining where and why cyberwarfare has been effective or ineffective.History of Russian Cyber Strategy: https://www.boozallen.com/c/insight/publication/the-logic-behind-russian-military-cyber-operations.html
Expert Interviews: Cyberwar (00:44:40)
Dani explores the cyber escalation fallacy and the evolution of cyberwarfare strategies with Erica Lonergan, Assistant Professor in the Army Cyber Institute, Research Scholar at the Saltzman Institute of War and Peace Studies and former Senior Director on the U.S. Cyberspace Solarium Commission.Cyber Escalation Fallacy: https://www.foreignaffairs.com/articles/russian-federation/2022-04-15/cyber-escalation-fallacyHistory of Russian Cyber Strategy: https://www.boozallen.com/c/insight/publication/the-logic-behind-russian-military-cyber-operations.html
Welcome to Cyber.RAR! (00:06:21)
Meet Michaela, Grace, Winnona, Bethan, Sophie, and Danielle and hear why they came together to record a limited podcast series on cyber policy issues. They dive into some nuances and laugh with each other throughout the process. Hope you enjoy!Harvard Reading and Research Credits https://www.hks.harvard.edu/educational-programs/courses/course-registration
