CYBERWARCON was a one-day conference held in Arlington, VA on November 28. Talks were about threat analysis, covering advanced persistent threat (APT) attacks and information operations (IO).
For me, the conference demonstrated its value by supplanting sensationalism with concrete operational insights.
Here’s some of my takeaways from the talks. Please forgive my fuzzy pictures!
Thomas Reid
- The wider socio-political context may be necessary to understand forensics.
- Exposing part of an IO can sustain it.
Camille Francois
- Identify IOs by examining the centrality of the targeted communities in a social media network.
- Target accounts at the early audience-building stage.
- Graphika and the Alliance for Securing Democracy has a very cool searchable archive of IRA tweets at www.io-archive.org.
Alex Orleans
- Improve expert:media and media:public communication about the nature of the grid and grid attacks.
- Russians currently have a wartime mentality where inaction equals failure.
Allan Liska, Winnona DeSombre, Greg Lesnewich
- The Houthi government is using ~973 coinhive hosts to fund their regime.
- China cares about stability in Yemen since there is a vital shipping strait off the coast.
Jason Healey, Neil Jenkins
- We need a transparent framework with which we can collect and assess evidence to analyze the effectiveness of cyber operations.
Olga Belogolova, Madelyn Wilson
- Different IO campaigns often have different goals and strategies. For example, Iran wishes to support their geo-political interests while Russia aims to sow discord.
- Humans are often on the other side on IO account.
Lauren Cooper
- The Chinese government is funding US academic institutions to influence research directions, recruit talent, and develop new technology.
What roles do universities play in national security? What are the limits of academic collaboration?
Lauren Cooper
Juan Andres
- APTs should be analyzed dynamically to adapt to new information.
Kyle Ehmke
- IO’s operational security < cybersecurity’s operational security.